git: c69e922c6217 - stable/13 - gntdev: Handle errors from suword32() in gntdev_alloc_gref()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 02 Jan 2024 01:13:11 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=c69e922c6217717a2ab55215f10f8d6ffd34c2f0
commit c69e922c6217717a2ab55215f10f8d6ffd34c2f0
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-26 01:42:58 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-01-02 01:12:45 +0000
gntdev: Handle errors from suword32() in gntdev_alloc_gref()
Try to copy out output values before handling errors, and check that we
did so successfully. In particular, it doesn't seem sensible to ignore
errors here, otherwise userspace won't have any way to refer to the
allocations.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
Reviewed by: royger
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43145
(cherry picked from commit 6cdff09c0d70f780a738dbd3d87deb3b13ec8446)
---
sys/dev/xen/gntdev/gntdev.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/sys/dev/xen/gntdev/gntdev.c b/sys/dev/xen/gntdev/gntdev.c
index f40a5b2578ec..81c965c54ae5 100644
--- a/sys/dev/xen/gntdev/gntdev.c
+++ b/sys/dev/xen/gntdev/gntdev.c
@@ -384,6 +384,13 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
}
}
+ /* Copy the output values. */
+ arg->index = file_offset;
+ for (i = 0; error == 0 && i < arg->count; i++) {
+ if (suword32(&arg->gref_ids[i], grefs[i].gref_id) != 0)
+ error = EFAULT;
+ }
+
if (error != 0) {
/*
* If target domain maps the gref (by guessing the gref-id),
@@ -402,11 +409,6 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
return (error);
}
- /* Copy the output values. */
- arg->index = file_offset;
- for (i = 0; i < arg->count; i++)
- suword32(&arg->gref_ids[i], grefs[i].gref_id);
-
/* Modify the per user private data. */
mtx_lock(&priv_user->user_data_lock);
for (i = 0; i < arg->count; i++)