From nobody Tue Dec 26 02:04:29 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SzdPT6qS5z55Kt7;
	Tue, 26 Dec 2023 02:04:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SzdPT69nrz4KWM;
	Tue, 26 Dec 2023 02:04:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1703556269;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OkQgLrB/0Dlkd7dlb42GM4InMrpbimLi7OW/C3ds9hE=;
	b=PGNhXbhRWZpt4038ro9gJmWF9rs3pWt7reoK+7hxWnp27NPds0TPrKhjtvnKCw3DKNwAGI
	cXEs0RTbDEnZgX/YztrUfnPX9ilwIE8OZ+YF6p4ZaomcaB/GW5RzS7urdqmdsw+uA4wqUA
	9rreTZkDUE/NMQ7fdsX7ZgoDEV5TNd0fPoYlE+aTO/WLOLg3sw9O5VLexFQjqdTLPR6ObD
	z5RUmk83xbriXVpOHIKJNT2GYUeP8pbRk0ZItUGLqSwhPzCmwzy688utxEL+uH6nKKVycs
	PLnzEYaQNNMjWoAJ9dorHo/c9xPuxZfRvPsfFcXoCxShC2vTv9XM1H7E4JIusw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703556269; a=rsa-sha256; cv=none;
	b=aG8pfn3Vn50PN/iUj+GkcpUt5b2XlOIn3FmKp1+35L0tlKwN40e6uwhu0TPjdmN8Kj00XR
	Ly9u4/G0555zf6mK6NpzRlSmG5aoYC1zCy+uN1uLekVgYYPGhwXFMNF9aY09CkTk2HOYJF
	03yC5Cr6vQ+q44rOoH4qoLZ+H8T7Vcg9gLZUGn4aluJLvKc3H+ywrVVmSZNtER7IgTAh0p
	T+eHmv6LMC2MIQxdSe+TJWzG3s8EwCSf/gBEVhzRauOTfrf0p0LNRDyHgoyyG+px3iIdcG
	LJfa78NNwUgqhshbCoqjl4Z+99ZrSWmxf61nQ3itNErTuge6oyj/dDtK8Dap7A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1703556269;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OkQgLrB/0Dlkd7dlb42GM4InMrpbimLi7OW/C3ds9hE=;
	b=eGHAXR7Tu8bTu0AnZcs/PKuBA5uaKsLh2wPBwPEA91xV8xsy3xJmcb3u2aUgIvDuz0pOxk
	u2YedVzmqjw/F2yBDe0RhKBnAt2ZJUT40M/1OkO1HekVeFeiNIVXEhYm4dvpa2yzCxxFX/
	Mu2p7I4r1TtJPZkHWNUqMhqpSGQFFzMdyk4ubWOnvBH3lxUJ8ShC8gl7vvwFu1Y3cwWheS
	uY+n6eX+EJ61qfKOKXaGNq6aPktQ7rrwnHaF5CbfYcYAa5MUfyEY0eTuP/D2OIRUO0W5cS
	PkOKPgMix2tCVSWpLSMeexn79eFSeuQmcRUpFTvFzQ68UMYcPyM9roKd5kQsVQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SzdPT59k2zbv8;
	Tue, 26 Dec 2023 02:04:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BQ24TVK003453;
	Tue, 26 Dec 2023 02:04:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BQ24TnI003450;
	Tue, 26 Dec 2023 02:04:29 GMT
	(envelope-from git)
Date: Tue, 26 Dec 2023 02:04:29 GMT
Message-Id: <202312260204.3BQ24TnI003450@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 68cc77a3b73f - main - mpr: Handle errors from copyout()
  in ioctl handlers
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 68cc77a3b73ffda1e8ac891b9852faca833e11b7
Auto-Submitted: auto-generated

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=68cc77a3b73ffda1e8ac891b9852faca833e11b7

commit 68cc77a3b73ffda1e8ac891b9852faca833e11b7
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-26 01:42:49 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-26 02:04:01 +0000

    mpr: Handle errors from copyout() in ioctl handlers
    
    In preparation for adding a __result_use_check annotation to copyin()
    and related functions, start checking for errors from copyout() in
    the mpr(4) user command handler.  This should make it easier to catch
    bugs.
    
    Reviewed by:    imp, asomers
    MFC after:      1 month
    Differential Revision:  https://reviews.freebsd.org/D43177
---
 sys/dev/mpr/mpr_user.c | 39 ++++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/sys/dev/mpr/mpr_user.c b/sys/dev/mpr/mpr_user.c
index f2847ae36d66..5245129ce8c1 100644
--- a/sys/dev/mpr/mpr_user.c
+++ b/sys/dev/mpr/mpr_user.c
@@ -714,9 +714,9 @@ mpr_user_command(struct mpr_softc *sc, struct mpr_usr_command *cmd)
 	}	
 
 	mpr_unlock(sc);
-	copyout(rpl, cmd->rpl, sz);
-	if (buf != NULL)
-		copyout(buf, cmd->buf, cmd->len);
+	err = copyout(rpl, cmd->rpl, sz);
+	if (buf != NULL && err == 0)
+		err = copyout(buf, cmd->buf, cmd->len);
 	mpr_dprint(sc, MPR_USER, "%s: reply size %d\n", __func__, sz);
 
 RetFreeUnlocked:
@@ -848,7 +848,7 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 		/*
 		 * Copy the reply data and sense data to user space.
 		 */
-		if ((cm != NULL) && (cm->cm_reply != NULL)) {
+		if (err == 0 && cm != NULL && cm->cm_reply != NULL) {
 			rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply;
 			sz = rpl->MsgLength * 4;
 
@@ -858,7 +858,7 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 				    __func__, data->ReplySize, sz);
 			}
 			mpr_unlock(sc);
-			copyout(cm->cm_reply, PTRIN(data->PtrReply),
+			err = copyout(cm->cm_reply, PTRIN(data->PtrReply),
 			    MIN(sz, data->ReplySize));
 			mpr_lock(sc);
 		}
@@ -1073,7 +1073,7 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 	/*
 	 * Copy the reply data and sense data to user space.
 	 */
-	if (cm->cm_reply != NULL) {
+	if (err == 0 && cm->cm_reply != NULL) {
 		rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply;
 		sz = rpl->MsgLength * 4;
 
@@ -1083,12 +1083,16 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 			    data->ReplySize, sz);
 		}
 		mpr_unlock(sc);
-		copyout(cm->cm_reply, PTRIN(data->PtrReply),
+		err = copyout(cm->cm_reply, PTRIN(data->PtrReply),
 		    MIN(sz, data->ReplySize));
+		if (err != 0)
+			mpr_dprint(sc, MPR_FAULT, "%s: failed to copy "
+			    "IOCTL data to user space\n", __func__);
 		mpr_lock(sc);
 
-		if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
-		    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
+		if (err == 0 &&
+		    (function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
+		    function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
 			if (((MPI2_SCSI_IO_REPLY *)rpl)->SCSIState &
 			    MPI2_SCSI_STATE_AUTOSENSE_VALID) {
 				sense_len =
@@ -1096,8 +1100,13 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 				    SenseCount)), sizeof(struct
 				    scsi_sense_data));
 				mpr_unlock(sc);
-				copyout(cm->cm_sense, (PTRIN(data->PtrReply +
-				    sizeof(MPI2_SCSI_IO_REPLY))), sense_len);
+				err = copyout(cm->cm_sense,
+				    PTRIN(data->PtrReply +
+				    sizeof(MPI2_SCSI_IO_REPLY)), sense_len);
+				if (err != 0)
+					mpr_dprint(sc, MPR_FAULT,
+					    "%s: failed to copy IOCTL data to "
+					    "user space\n", __func__);
 				mpr_lock(sc);
 			}
 		}
@@ -1116,7 +1125,7 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 		 * the same IOCTL structure and sense buffers can be used for
 		 * NVMe.
 		 */
-		if (function == MPI2_FUNCTION_NVME_ENCAPSULATED) {
+		if (err == 0 && function == MPI2_FUNCTION_NVME_ENCAPSULATED) {
 			if (cm->nvme_error_response == NULL) {
 				mpr_dprint(sc, MPR_INFO, "NVMe Error Response "
 				    "buffer is NULL. Response data will not be "
@@ -1130,9 +1139,13 @@ mpr_user_pass_thru(struct mpr_softc *sc, mpr_pass_thru_t *data)
 			sz = MIN(le32toh(nvme_error_reply->ErrorResponseCount),
 			    NVME_ERROR_RESPONSE_SIZE);
 			mpr_unlock(sc);
-			copyout(cm->cm_sense,
+			err = copyout(cm->cm_sense,
 			    (PTRIN(data->PtrReply +
 			    sizeof(MPI2_SCSI_IO_REPLY))), sz);
+			if (err != 0)
+				mpr_dprint(sc, MPR_FAULT,
+				    "%s: failed to copy IOCTL data to "
+				    "user space\n", __func__);
 			mpr_lock(sc);
 		}
 	}