Re: [PATCH v3 14/15] iommufd: vfio container FD ioctl compatibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 01, 2022 at 12:45:01PM -0700, Nicolin Chen wrote:
> On Tue, Oct 25, 2022 at 03:12:23PM -0300, Jason Gunthorpe wrote:
> 
> > +static int iommufd_vfio_iommu_get_info(struct iommufd_ctx *ictx,
> > +				       void __user *arg)
> 
> > +	if (copy_to_user(arg, &info, minsz))
> > +		rc = -EFAULT;
> > +	rc = 0;
> 
> Coverity reports a value overwriting here:
> rc gets -EFAULT first then gets overwritten to 0.

Indeed, it should be

        info.cap_offset = sizeof(info);
        info.argsz = total_cap_size;
        info.flags |= VFIO_IOMMU_INFO_CAPS;
-       if (copy_to_user(arg, &info, minsz))
+       if (copy_to_user(arg, &info, minsz)) {
                rc = -EFAULT;
+               goto out_put;
+       }
        rc = 0;

Jason
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux