On Wed, Sep 10, 2025 at 05:17:38PM +0800, zhangjiao2 wrote:
> From: zhang jiao <[email protected]>
>
> The return value of copy_from_iter and copy_to_iter can't be negative,
> check whether the copied lengths are equal.
>
> Signed-off-by: zhang jiao <[email protected]>
Well I don't see a fix for copy_to_iter here.
ret = copy_to_iter(src, translated, &iter);
if (ret < 0)
return ret;
> ---
> drivers/vhost/vringh.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 9f27c3f6091b..0c8a17cbb22e 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh
> *vrh, void *dst,
> struct iov_iter iter;
> u64 translated;
> int ret;
> + size_t size;
>
> ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
> len - total_translated, &translated,
> @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh
> *vrh, void *dst,
> translated);
> }
>
> - ret = copy_from_iter(dst, translated, &iter);
> - if (ret < 0)
> - return ret;
> + size = copy_from_iter(dst, translated, &iter);
> + if (size != translated)
> + return -EFAULT;
>
> src += translated;
> dst += translated;
> --
> 2.33.0
>
>
