2 Nov
2022
2 Nov
'22
1:15 p.m.
On Tue, Nov 01, 2022 at 12:45:01PM -0700, Nicolin Chen wrote:
On Tue, Oct 25, 2022 at 03:12:23PM -0300, Jason Gunthorpe wrote:
+static int iommufd_vfio_iommu_get_info(struct iommufd_ctx *ictx,
void __user *arg)
- if (copy_to_user(arg, &info, minsz))
rc = -EFAULT;- rc = 0;
Coverity reports a value overwriting here: rc gets -EFAULT first then gets overwritten to 0.
Indeed, it should be
info.cap_offset = sizeof(info); info.argsz = total_cap_size; info.flags |= VFIO_IOMMU_INFO_CAPS; - if (copy_to_user(arg, &info, minsz)) + if (copy_to_user(arg, &info, minsz)) { rc = -EFAULT; + goto out_put; + } rc = 0;
Jason