On Thu, Feb 25, 2016 at 01:34:43PM +0200, Michael S. Tsirkin wrote: > Calling return copy_to_user(...) in an ioctl will not > do the right thing if there's a pagefault: > copy_to_user returns the number of bytes not copied > in this case. > > Fix up vfio to do > if (copy_to_user(...)) > return -EFAULT; > > everywhere. > > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Heh. I don't exactly deserve this credit. I have updated Smatch to check for this (will push next week probably). I wouldn't have caught the issues in vfio_platform_common.c because that's ARM only. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
