diff options
| author | zhang jiao <zhangjiao2@cmss.chinamobile.com> | 2025-09-10 17:17:38 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-10-15 12:00:20 +0200 |
| commit | baa37b1c7e29546f79c39bef0d18c4edc9f39bb1 (patch) | |
| tree | 1b5bd8b61ee11d93eb0210216a95dd97f973d825 /drivers/vhost | |
| parent | bc5037cafdf50599adda1e6f486418384a004f86 (diff) | |
| download | linux-baa37b1c7e29546f79c39bef0d18c4edc9f39bb1.tar.gz linux-baa37b1c7e29546f79c39bef0d18c4edc9f39bb1.tar.bz2 linux-baa37b1c7e29546f79c39bef0d18c4edc9f39bb1.zip | |
vhost: vringh: Modify the return value check
[ Upstream commit 82a8d0fda55b35361ee7f35b54fa2b66d7847d2b ]
The return value of copy_from_iter and copy_to_iter can't be negative,
check whether the copied lengths are equal.
Fixes: 309bba39c945 ("vringh: iterate on iotlb_translate to handle large translations")
Cc: "Stefano Garzarella" <sgarzare@redhat.com>
Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
Message-Id: <20250910091739.2999-1-zhangjiao2@cmss.chinamobile.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/vhost')
| -rw-r--r-- | drivers/vhost/vringh.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 0db4f3babe96..781731eb95cf 100644 --- a/drivers/vhost/vringh.c +++ b/drivers/vhost/vringh.c @@ -1191,6 +1191,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst, struct iov_iter iter; u64 translated; int ret; + size_t size; ret = iotlb_translate(vrh, (u64)(uintptr_t)src, len - total_translated, &translated, @@ -1208,9 +1209,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst, translated); } - ret = copy_from_iter(dst, translated, &iter); - if (ret < 0) - return ret; + size = copy_from_iter(dst, translated, &iter); + if (size != translated) + return -EFAULT; src += translated; dst += translated; |