On Fri, 23 Oct 2020 14:34:50 +0300
Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
>
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Applied this and the following patch to vfio for-linus branch with
Diana's acks for v5.10. Thanks,
Alex
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.size = vdev->regions[info.index].size;
> info.flags = vdev->regions[info.index].flags;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_GET_IRQ_INFO:
> {
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.flags = VFIO_IRQ_INFO_EVENTFD;
> info.count = 1;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_SET_IRQS:
> {
