system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 18:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

gntdev: Handle errors from suword32() in gntdev_alloc_gref()

Browse source 
Try to copy out output values before handling errors, and check that we
did so successfully.  In particular, it doesn't seem sensible to ignore
errors here, otherwise userspace won't have any way to refer to the
allocations.

This is in preparation for annotating copyin() and related functions
with __result_use_check.

Reviewed by:	royger
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D43145
This commit is contained in:
Mark Johnston 2023-12-25 20:42:58 -05:00
parent 68cc77a3b7
commit 6cdff09c0d
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
sys/dev/xen/gntdev/gntdev.c
View file

@ -383,6 +383,13 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
}
}
/* Copy the output values. */
arg->index = file_offset;
for (i = 0; error == 0 && i < arg->count; i++) {
if (suword32(&arg->gref_ids[i], grefs[i].gref_id) != 0)
error = EFAULT;
}
if (error != 0) {
/*
* If target domain maps the gref (by guessing the gref-id),
@ -401,11 +408,6 @@ gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg)
return (error);
}
/* Copy the output values. */
arg->index = file_offset;
for (i = 0; i < arg->count; i++)
suword32(&arg->gref_ids[i], grefs[i].gref_id);
/* Modify the per user private data. */
mtx_lock(&priv_user->user_data_lock);
for (i = 0; i < arg->count; i++)