1. Patchew
  2. linux
  3. View series

[PATCH] vhost: vringh: Modify the return value check

zhangjiao2 posted 1 patch 3 weeks, 1 day ago 
drivers/vhost/vringh.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
[PATCH] vhost: vringh: Modify the return value check
Posted by zhangjiao2 3 weeks, 1 day ago 
From: zhang jiao <zhangjiao2@cmss.chinamobile.com>

The return value of copy_from_iter and copy_to_iter can't be negative,
check whether the copied lengths are equal.

Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
---
 drivers/vhost/vringh.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 9f27c3f6091b..0c8a17cbb22e 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
 		struct iov_iter iter;
 		u64 translated;
 		int ret;
+		size_t size;
 
 		ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
 				      len - total_translated, &translated,
@@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
 				      translated);
 		}
 
-		ret = copy_from_iter(dst, translated, &iter);
-		if (ret < 0)
-			return ret;
+		size = copy_from_iter(dst, translated, &iter);
+		if (size != translated)
+			return -EFAULT;
 
 		src += translated;
 		dst += translated;
-- 
2.33.0
Re: [PATCH] vhost: vringh: Modify the return value check
Posted by Michael S. Tsirkin 5 days ago 
On Wed, Sep 10, 2025 at 05:17:38PM +0800, zhangjiao2 wrote:
> From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
> 
> The return value of copy_from_iter and copy_to_iter can't be negative,
> check whether the copied lengths are equal.
> 
> Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>

Given copy_to_iter was fixed on net, how about applying
this one on net, too?


> ---
>  drivers/vhost/vringh.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 9f27c3f6091b..0c8a17cbb22e 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>  		struct iov_iter iter;
>  		u64 translated;
>  		int ret;
> +		size_t size;
>  
>  		ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
>  				      len - total_translated, &translated,
> @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>  				      translated);
>  		}
>  
> -		ret = copy_from_iter(dst, translated, &iter);
> -		if (ret < 0)
> -			return ret;
> +		size = copy_from_iter(dst, translated, &iter);
> +		if (size != translated)
> +			return -EFAULT;
>  
>  		src += translated;
>  		dst += translated;
> -- 
> 2.33.0
> 
>
Re: [PATCH] vhost: vringh: Modify the return value check
Posted by Michael S. Tsirkin 1 week, 3 days ago 
On Wed, Sep 10, 2025 at 05:17:38PM +0800, zhangjiao2 wrote:
> From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
> 
> The return value of copy_from_iter and copy_to_iter can't be negative,
> check whether the copied lengths are equal.
> 
> Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>

Well I don't see a fix for copy_to_iter here.


                ret = copy_to_iter(src, translated, &iter);
                if (ret < 0)
                        return ret;





> ---
>  drivers/vhost/vringh.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 9f27c3f6091b..0c8a17cbb22e 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>  		struct iov_iter iter;
>  		u64 translated;
>  		int ret;
> +		size_t size;
>  
>  		ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
>  				      len - total_translated, &translated,
> @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>  				      translated);
>  		}
>  
> -		ret = copy_from_iter(dst, translated, &iter);
> -		if (ret < 0)
> -			return ret;
> +		size = copy_from_iter(dst, translated, &iter);
> +		if (size != translated)
> +			return -EFAULT;
>  
>  		src += translated;
>  		dst += translated;
> -- 
> 2.33.0
> 
>
Re: [PATCH] vhost: vringh: Modify the return value check
Posted by Michael S. Tsirkin 1 week, 3 days ago 
On Sun, Sep 21, 2025 at 04:59:36PM -0400, Michael S. Tsirkin wrote:
> On Wed, Sep 10, 2025 at 05:17:38PM +0800, zhangjiao2 wrote:
> > From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
> > 
> > The return value of copy_from_iter and copy_to_iter can't be negative,
> > check whether the copied lengths are equal.
> > 
> > Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
> 
> Well I don't see a fix for copy_to_iter here.
> 
> 
>                 ret = copy_to_iter(src, translated, &iter);
>                 if (ret < 0)
>                         return ret;
> 

to clarify, pls send an additional patch to copy that one.

> 
> 
> 
> > ---
> >  drivers/vhost/vringh.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> > index 9f27c3f6091b..0c8a17cbb22e 100644
> > --- a/drivers/vhost/vringh.c
> > +++ b/drivers/vhost/vringh.c
> > @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
> >  		struct iov_iter iter;
> >  		u64 translated;
> >  		int ret;
> > +		size_t size;
> >  
> >  		ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
> >  				      len - total_translated, &translated,
> > @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
> >  				      translated);
> >  		}
> >  
> > -		ret = copy_from_iter(dst, translated, &iter);
> > -		if (ret < 0)
> > -			return ret;
> > +		size = copy_from_iter(dst, translated, &iter);
> > +		if (size != translated)
> > +			return -EFAULT;
> >  
> >  		src += translated;
> >  		dst += translated;
> > -- 
> > 2.33.0
> > 
> >
Re: [PATCH] vhost: vringh: Modify the return value check
Posted by Lei Yang 2 weeks, 3 days ago 
Tested this patch with virtio-net regression tests, everything works fine.

Tested-by: Lei Yang <leiyang@redhat.com>

On Wed, Sep 10, 2025 at 5:18 PM zhangjiao2
<zhangjiao2@cmss.chinamobile.com> wrote:
>
> From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
>
> The return value of copy_from_iter and copy_to_iter can't be negative,
> check whether the copied lengths are equal.
>
> Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
> ---
>  drivers/vhost/vringh.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 9f27c3f6091b..0c8a17cbb22e 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>                 struct iov_iter iter;
>                 u64 translated;
>                 int ret;
> +               size_t size;
>
>                 ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
>                                       len - total_translated, &translated,
> @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
>                                       translated);
>                 }
>
> -               ret = copy_from_iter(dst, translated, &iter);
> -               if (ret < 0)
> -                       return ret;
> +               size = copy_from_iter(dst, translated, &iter);
> +               if (size != translated)
> +                       return -EFAULT;
>
>                 src += translated;
>                 dst += translated;
> --
> 2.33.0
>
>
>
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.