On Wed, Aug 04, 2021 at 12:42:22AM +0530, Praveen Kumar wrote:
> On 09-07-2021 17:13, Wei Liu wrote:
[...]
> > +static long mshv_device_ioctl(struct file *filp, unsigned int ioctl,
> > + unsigned long arg)
> > +{
> > + struct mshv_device *dev = filp->private_data;
> > +
> > + switch (ioctl) {
> > + case MSHV_SET_DEVICE_ATTR:
> > + return mshv_device_ioctl_attr(dev, dev->ops->set_attr, arg);
> > + case MSHV_GET_DEVICE_ATTR:
> > + return mshv_device_ioctl_attr(dev, dev->ops->get_attr, arg);
> > + case MSHV_HAS_DEVICE_ATTR:
> > + return mshv_device_ioctl_attr(dev, dev->ops->has_attr, arg);
> > + default:
> > + if (dev->ops->ioctl)
> > + return dev->ops->ioctl(dev, ioctl, arg);
> > +
> > + return -ENOTTY;
> > + }
>
> Have seen some static analyzer tool cribbing here of not returning any error.
> If you feel OK, please move the 'return -ENOTTY' down after switch block. Thanks.
>
Fair point. I will make the change.
> > +}
> > +
[...]
> > +static long
> > +mshv_partition_ioctl_create_device(struct mshv_partition *partition,
> > + void __user *user_args)
> > +{
> > + long r;
> > + struct mshv_create_device tmp, *cd;
> > + struct mshv_device *dev;
> > + const struct mshv_device_ops *ops;
> > + int type;
> > +
> > + if (copy_from_user(&tmp, user_args, sizeof(tmp))) {
> > + r = -EFAULT;
> > + goto out;
> > + }
> > +
> > + cd = &tmp;
> > +
> > + if (cd->type >= ARRAY_SIZE(mshv_device_ops_table)) {
> > + r = -ENODEV;
> > + goto out;
> > + }
> > +
> > + type = array_index_nospec(cd->type, ARRAY_SIZE(mshv_device_ops_table));
> > + ops = mshv_device_ops_table[type];
> > + if (ops == NULL) {
> > + r = -ENODEV;
> > + goto out;
> > + }
> > +
> > + if (cd->flags & MSHV_CREATE_DEVICE_TEST) {
> > + r = 0;
> > + goto out;
> > + }
> > +
> > + dev = kzalloc(sizeof(*dev), GFP_KERNEL_ACCOUNT);
> > + if (!dev) {
> > + r = -ENOMEM;
> > + goto out;
> > + }
> > +
> > + dev->ops = ops;
> > + dev->partition = partition;
> > +
> > + r = ops->create(dev, type);
> > + if (r < 0) {
> > + kfree(dev);
> > + goto out;
> > + }
> > +
> > + list_add(&dev->partition_node, &partition->devices);
> > +
> > + if (ops->init)
> > + ops->init(dev);
> > +
> > + mshv_partition_get(partition);
> > + r = anon_inode_getfd(ops->name, &mshv_device_fops, dev, O_RDWR | O_CLOEXEC);
> > + if (r < 0) {
> > + mshv_partition_put_no_destroy(partition);
> > + list_del(&dev->partition_node);
> > + ops->destroy(dev);
>
> I hope ops->destroy will free dev as well ?
Yes. It is clearly written in the preceding comment of that hook. I hope
that's prominent enough.
>
> > + goto out;
> > + }
> > +
> > + cd->fd = r;
> > + r = 0;
> > +
> > + if (copy_to_user(user_args, &tmp, sizeof(tmp))) {
> > + r = -EFAULT;
>
> I don't think we will be cleaning up anything ? Or do we need to?
No need. Whatever residuals left will be cleaned up once the VM is
destroyed.
Wei.
> > + goto out;
> > + }
> > +out:
> > + return r;
> > +}
> > +
>
> Regards,
>
> ~Praveen.
