On Tue, 27 Nov 2018 10:10:23 +0300
Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
Thanks, Dan -- you are correct, all other kernel users of
copy_to_user return -EFAULT to their callers if non-zero is returned by
copy_to_user.
I'll fix this; The fix needs to be submitted to
netdev@xxxxxxxxxxxxxxx, since the bug is under drivers/net/ethernet.
(Tariq Toukan will submit the fix when it is ready).
-Jack
> Hello Daniel Jurgens,
>
> The patch e45678973dcb: "{net, IB}/mlx4: Initialize CQ buffers in the
> driver when possible" from Nov 21, 2018, leads to the following
> static checker warning:
>
> drivers/net/ethernet/mellanox/mlx4/cq.c:322
> mlx4_init_user_cqes() warn: maybe return -EFAULT instead of the bytes
> remaining?
>
> drivers/net/ethernet/mellanox/mlx4/cq.c
> 290 static int mlx4_init_user_cqes(void *buf, int entries, int
> cqe_size) 291 {
> 292 int entries_per_copy = PAGE_SIZE / cqe_size;
> 293 void *init_ents;
> 294 int err = 0;
> 295 int i;
> 296
> 297 init_ents = kmalloc(PAGE_SIZE, GFP_KERNEL);
> 298 if (!init_ents)
> 299 return -ENOMEM;
> 300
> 301 /* Populate a list of CQ entries to reduce the number
> of 302 * copy_to_user calls. 0xcc is the initialization
> value 303 * required by the FW.
> 304 */
> 305 memset(init_ents, 0xcc, PAGE_SIZE);
> 306
> 307 if (entries_per_copy < entries) {
> 308 for (i = 0; i < entries / entries_per_copy;
> i++) { 309 err = copy_to_user(buf,
> init_ents, PAGE_SIZE); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 310 if (err)
> 311 goto out;
> 312
> 313 buf += PAGE_SIZE;
> 314 }
> 315 } else {
> 316 err = copy_to_user(buf, init_ents, entries *
> cqe_size); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> copy_to_user() returns the number of bytes which we weren't able to
> copy.
>
> I looked at the error handling in the caller, and it's really weird to
> me what's going on there... If these copies fail we set op_mod to
> zero?
>
> 317 }
> 318
> 319 out:
> 320 kfree(init_ents);
> 321
> 322 return err;
> 323 }
>
> regards,
> dan carpenter
