git: 494fe2e050a6 - stable/14 - gntdev: Handle errors from suword32() in gntdev_alloc_gref()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 02 Jan 2024 00:37:30 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=494fe2e050a69455f33f76a365bd884f3a32842b
commit 494fe2e050a69455f33f76a365bd884f3a32842b
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-12-26 01:42:58 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-01-02 00:29:56 +0000
gntdev: Handle errors from suword32() in gntdev_alloc_gref()
Try to copy out output values before handling errors, and check that we
did so successfully. In particular, it doesn't seem sensible to ignore
errors here, otherwise userspace won't have any way to refer to the
allocations.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
Reviewed by: royger
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43145
(cherry picked from commit 6cdff09c0d70f780a738dbd3d87deb3b13ec8446)
---
sys/dev/xen/gntdev/gntdev.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/sys/dev/xen/gntdev/gntdev.c b/sys/dev/xen/gntdev/gntdev.c
index 549917530f18..809afac75d0c 100644
--- a/sys/dev/xen/gntdev/gntdev.c
+++ b/sys/dev/xen/gntdev/gntdev.c
@@ -384,6 +384,13 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
}
}
+ /* Copy the output values. */
+ arg->index = file_offset;
+ for (i = 0; error == 0 && i < arg->count; i++) {
+ if (suword32(&arg->gref_ids[i], grefs[i].gref_id) != 0)
+ error = EFAULT;
+ }
+
if (error != 0) {
/*
* If target domain maps the gref (by guessing the gref-id),
@@ -402,11 +409,6 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
return (error);
}
- /* Copy the output values. */
- arg->index = file_offset;
- for (i = 0; i < arg->count; i++)
- suword32(&arg->gref_ids[i], grefs[i].gref_id);
-
/* Modify the per user private data. */
mtx_lock(&priv_user->user_data_lock);
for (i = 0; i < arg->count; i++)