tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'vfio-v4.10-rc4' of git://github.com/awilliam/linux-vfio

Pull VFIO fixes from Alex Williamson:

- Cleanups and bug fixes for the mtty sample driver (Dan Carpenter)

- Export and make use of has_capability() to fix incorrect use of
ns_capable() for testing task capabilities (Jike Song)

* tag 'vfio-v4.10-rc4' of git://github.com/awilliam/linux-vfio:
vfio/type1: Remove pid_namespace.h include
vfio iommu type1: fix the testing of capability for remote task
capability: export has_capability
vfio-mdev: remove some dead code
vfio-mdev: buffer overflow in ioctl()
vfio-mdev: return -EFAULT if copy_to_user() fails

Linus Torvalds af54efa4 406732c9

+18 -10
+1 -3
drivers/vfio/vfio_iommu_type1.c
··· 36 36 #include <linux/uaccess.h> 37 37 #include <linux/vfio.h> 38 38 #include <linux/workqueue.h> 39 - #include <linux/pid_namespace.h> 40 39 #include <linux/mdev.h> 41 40 #include <linux/notifier.h> 42 41 ··· 494 495 unsigned long *pfn_base, bool do_accounting) 495 496 { 496 497 unsigned long limit; 497 - bool lock_cap = ns_capable(task_active_pid_ns(dma->task)->user_ns, 498 - CAP_IPC_LOCK); 498 + bool lock_cap = has_capability(dma->task, CAP_IPC_LOCK); 499 499 struct mm_struct *mm; 500 500 int ret; 501 501 bool rsvd;
+1
kernel/capability.c
··· 318 318 { 319 319 return has_ns_capability(t, &init_user_ns, cap); 320 320 } 321 + EXPORT_SYMBOL(has_capability); 321 322 322 323 /** 323 324 * has_ns_capability_noaudit - Does a task have a capability (unaudited)
+16 -7
samples/vfio-mdev/mtty.c
··· 1073 1073 { 1074 1074 unsigned int size = 0; 1075 1075 struct mdev_state *mdev_state; 1076 - int bar_index; 1076 + u32 bar_index; 1077 1077 1078 1078 if (!mdev) 1079 1079 return -EINVAL; ··· 1082 1082 if (!mdev_state) 1083 1083 return -EINVAL; 1084 1084 1085 - mutex_lock(&mdev_state->ops_lock); 1086 1085 bar_index = region_info->index; 1086 + if (bar_index >= VFIO_PCI_NUM_REGIONS) 1087 + return -EINVAL; 1088 + 1089 + mutex_lock(&mdev_state->ops_lock); 1087 1090 1088 1091 switch (bar_index) { 1089 1092 case VFIO_PCI_CONFIG_REGION_INDEX: ··· 1183 1180 1184 1181 memcpy(&mdev_state->dev_info, &info, sizeof(info)); 1185 1182 1186 - return copy_to_user((void __user *)arg, &info, minsz); 1183 + if (copy_to_user((void __user *)arg, &info, minsz)) 1184 + return -EFAULT; 1185 + 1186 + return 0; 1187 1187 } 1188 1188 case VFIO_DEVICE_GET_REGION_INFO: 1189 1189 { ··· 1207 1201 if (ret) 1208 1202 return ret; 1209 1203 1210 - return copy_to_user((void __user *)arg, &info, minsz); 1204 + if (copy_to_user((void __user *)arg, &info, minsz)) 1205 + return -EFAULT; 1206 + 1207 + return 0; 1211 1208 } 1212 1209 1213 1210 case VFIO_DEVICE_GET_IRQ_INFO: ··· 1230 1221 if (ret) 1231 1222 return ret; 1232 1223 1233 - if (info.count == -1) 1234 - return -EINVAL; 1224 + if (copy_to_user((void __user *)arg, &info, minsz)) 1225 + return -EFAULT; 1235 1226 1236 - return copy_to_user((void __user *)arg, &info, minsz); 1227 + return 0; 1237 1228 } 1238 1229 case VFIO_DEVICE_SET_IRQS: 1239 1230 {