[Xen-devel] [PATCH] If copy_to_user fails, return EFAULT

[Anthony Liguori <aliguori@xxxxxxxxxx>]

Tony Breeds and Rusty's patches to add make check and make fullcheck 
allow you to run portions of the hypervisor under valgrind.  While doing 
this, I noticed that there are a lot of places in dom0_ops.c that we're 
either not checking the return value of copy_to_user or returning EINVAL 
instead of EFAULT.
The attach patch makes sure wherever we call copy_to_user we check for 
error and return EFAULT.
Regards,

Anthony Liguor

# HG changeset patch
# User Anthony Liguori <anthony@xxxxxxxxxxxxx>
# Node ID f2d4615f6a9d683bb547739a86543306c421aaa3
# Parent  e55633c669d11b48cf16d0ddaebbb836d7b3f5f6
Return EFAULT if copy_to_user fails.

Signed-off-by: Anthony Liguori <aliguori@xxxxxxxxxx>

diff -r e55633c669d1 -r f2d4615f6a9d xen/common/dom0_ops.c
--- a/xen/common/dom0_ops.c     Fri Dec  9 16:33:01 2005 -0500
+++ b/xen/common/dom0_ops.c     Fri Dec  9 17:12:44 2005 -0500
@@ -216,7 +216,8 @@
         ret = 0;
 
         op->u.createdomain.domain = d->domain_id;
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
 
@@ -341,14 +342,16 @@
     case DOM0_SCHEDCTL:
     {
         ret = sched_ctl(&op->u.schedctl);
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
 
     case DOM0_ADJUSTDOM:
     {
         ret = sched_adjdom(&op->u.adjustdom);
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
 
@@ -376,7 +379,7 @@
         getdomaininfo(d, &op->u.getdomaininfo);
 
         if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )     
-            ret = -EINVAL;
+            ret = -EFAULT;
 
         put_domain(d);
     }
@@ -411,7 +414,7 @@
 
             if ( copy_to_user(buffer, &info, sizeof(dom0_getdomaininfo_t)) )
             {
-                ret = -EINVAL;
+                ret = -EFAULT;
                 break;
             }
             
@@ -427,7 +430,7 @@
         op->u.getdomaininfolist.num_domains = num_domains;
 
         if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
-            ret = -EINVAL;
+            ret = -EFAULT;
     }
     break;
 
@@ -520,7 +523,8 @@
     case DOM0_TBUFCONTROL:
     {
         ret = tb_control(&op->u.tbufcontrol);
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
     
@@ -530,15 +534,18 @@
             &op->u.readconsole.buffer, 
             &op->u.readconsole.count,
             op->u.readconsole.clear); 
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
 
     case DOM0_SCHED_ID:
     {
         op->u.sched_id.sched_id = sched_id();
-        copy_to_user(u_dom0_op, op, sizeof(*op));
-        ret = 0;        
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
+        else
+            ret = 0;
     }
     break;
 
@@ -576,7 +583,8 @@
     {
         extern int perfc_control(dom0_perfccontrol_t *);
         ret = perfc_control(&op->u.perfccontrol);
-        copy_to_user(u_dom0_op, op, sizeof(*op));
+        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
+            ret = -EFAULT;
     }
     break;
 #endif

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel