[PATCH v2] cxl: Fix error path on bad ioctl

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH v2] cxl: Fix error path on bad ioctl

Frederic Barrat-2
Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK
ioctl. We shouldn't unlock the context status mutex as it was not
locked (yet).

Signed-off-by: Frederic Barrat <[hidden email]>
Cc: [hidden email]
Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts")
---
Changelog:
v2: change sizeof() parameter (Vaibhav)
    tweak commit message and add 'Fixes:' (mpe)
   
 drivers/misc/cxl/file.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c
index 17b433f1ce23..0761271d68c5 100644
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -159,11 +159,8 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
 
  /* Do this outside the status_mutex to avoid a circular dependency with
  * the locking in cxl_mmap_fault() */
- if (copy_from_user(&work, uwork,
-   sizeof(struct cxl_ioctl_start_work))) {
- rc = -EFAULT;
- goto out;
- }
+ if (copy_from_user(&work, uwork, sizeof(work)))
+ return -EFAULT;
 
  mutex_lock(&ctx->status_mutex);
  if (ctx->status != OPENED) {
--
2.11.0

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] cxl: Fix error path on bad ioctl

Vaibhav Jain
Hi Fred,

Thanks for addressing the review comments.

Frederic Barrat <[hidden email]> writes:

> Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK
> ioctl. We shouldn't unlock the context status mutex as it was not
> locked (yet).
>
> Signed-off-by: Frederic Barrat <[hidden email]>
> Cc: [hidden email]
> Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts")
> ---
> Changelog:
> v2: change sizeof() parameter (Vaibhav)
>     tweak commit message and add 'Fixes:' (mpe)

Reviewed-by: Vaibhav Jain <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] cxl: Fix error path on bad ioctl

Andrew Donnellan
In reply to this post by Frederic Barrat-2
Reviewed-by: Andrew Donnellan <[hidden email]>

On 06/06/17 19:43, Frederic Barrat wrote:

> Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK
> ioctl. We shouldn't unlock the context status mutex as it was not
> locked (yet).
>
> Signed-off-by: Frederic Barrat <[hidden email]>
> Cc: [hidden email]
> Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts")
> ---
> Changelog:
> v2: change sizeof() parameter (Vaibhav)
>     tweak commit message and add 'Fixes:' (mpe)
>
>  drivers/misc/cxl/file.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c
> index 17b433f1ce23..0761271d68c5 100644
> --- a/drivers/misc/cxl/file.c
> +++ b/drivers/misc/cxl/file.c
> @@ -159,11 +159,8 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
>
>   /* Do this outside the status_mutex to avoid a circular dependency with
>   * the locking in cxl_mmap_fault() */
> - if (copy_from_user(&work, uwork,
> -   sizeof(struct cxl_ioctl_start_work))) {
> - rc = -EFAULT;
> - goto out;
> - }
> + if (copy_from_user(&work, uwork, sizeof(work)))
> + return -EFAULT;
>
>   mutex_lock(&ctx->status_mutex);
>   if (ctx->status != OPENED) {
>

--
Andrew Donnellan              OzLabs, ADL Canberra
[hidden email]  IBM Australia Limited

Reply | Threaded
Open this post in threaded view
|

Re: [v2] cxl: Fix error path on bad ioctl

Michael Ellerman-3
In reply to this post by Frederic Barrat-2
On Tue, 2017-06-06 at 09:43:41 UTC, Frederic Barrat wrote:
> Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK
> ioctl. We shouldn't unlock the context status mutex as it was not
> locked (yet).
>
> Signed-off-by: Frederic Barrat <[hidden email]>
> Cc: [hidden email]
> Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts")

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/cec422c11caeeccae709e9942058b6

cheers
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] cxl: Fix error path on bad ioctl

Christophe Lombard
In reply to this post by Frederic Barrat-2
Reviewed-by: christophe lombard [hidden email]


Le 06/06/2017 à 11:43, Frederic Barrat a écrit :
Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK
ioctl. We shouldn't unlock the context status mutex as it was not
locked (yet).

Signed-off-by: Frederic Barrat [hidden email]
Cc: [hidden email]
Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts")
---
Changelog:
v2: change sizeof() parameter (Vaibhav)
    tweak commit message and add 'Fixes:' (mpe)
    
 drivers/misc/cxl/file.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c
index 17b433f1ce23..0761271d68c5 100644
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -159,11 +159,8 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,

 	/* Do this outside the status_mutex to avoid a circular dependency with
 	 * the locking in cxl_mmap_fault() */
-	if (copy_from_user(&work, uwork,
-			   sizeof(struct cxl_ioctl_start_work))) {
-		rc = -EFAULT;
-		goto out;
-	}
+	if (copy_from_user(&work, uwork, sizeof(work)))
+		return -EFAULT;

 	mutex_lock(&ctx->status_mutex);
 	if (ctx->status != OPENED) {