tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

vhost/scsi: Use copy_to_iter() to send control queue response

Uses copy_to_iter() instead of __copy_to_user() in order to ensure we
support arbitrary layouts and an input buffer split across iov entries.

Fixes: 0d02dbd68c47b ("vhost/scsi: Respond to control queue operations")
Signed-off-by: Bijan Mottahedeh <bijan.mottahedeh@oracle.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

authored by

Bijan Mottahedeh and committed by
Michael S. Tsirkin 8e5dadfe 74ad7419

+12 -8
+12 -8
drivers/vhost/scsi.c
··· 1127 struct vhost_virtqueue *vq, 1128 struct vhost_scsi_ctx *vc) 1129 { 1130 - struct virtio_scsi_ctrl_tmf_resp __user *resp; 1131 struct virtio_scsi_ctrl_tmf_resp rsp; 1132 int ret; 1133 1134 pr_debug("%s\n", __func__); 1135 memset(&rsp, 0, sizeof(rsp)); 1136 rsp.response = VIRTIO_SCSI_S_FUNCTION_REJECTED; 1137 - resp = vq->iov[vc->out].iov_base; 1138 - ret = __copy_to_user(resp, &rsp, sizeof(rsp)); 1139 - if (!ret) 1140 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0); 1141 else 1142 pr_err("Faulted on virtio_scsi_ctrl_tmf_resp\n"); ··· 1149 struct vhost_virtqueue *vq, 1150 struct vhost_scsi_ctx *vc) 1151 { 1152 - struct virtio_scsi_ctrl_an_resp __user *resp; 1153 struct virtio_scsi_ctrl_an_resp rsp; 1154 int ret; 1155 1156 pr_debug("%s\n", __func__); 1157 memset(&rsp, 0, sizeof(rsp)); /* event_actual = 0 */ 1158 rsp.response = VIRTIO_SCSI_S_OK; 1159 - resp = vq->iov[vc->out].iov_base; 1160 - ret = __copy_to_user(resp, &rsp, sizeof(rsp)); 1161 - if (!ret) 1162 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0); 1163 else 1164 pr_err("Faulted on virtio_scsi_ctrl_an_resp\n");
··· 1127 struct vhost_virtqueue *vq, 1128 struct vhost_scsi_ctx *vc) 1129 { 1130 struct virtio_scsi_ctrl_tmf_resp rsp; 1131 + struct iov_iter iov_iter; 1132 int ret; 1133 1134 pr_debug("%s\n", __func__); 1135 memset(&rsp, 0, sizeof(rsp)); 1136 rsp.response = VIRTIO_SCSI_S_FUNCTION_REJECTED; 1137 + 1138 + iov_iter_init(&iov_iter, READ, &vq->iov[vc->out], vc->in, sizeof(rsp)); 1139 + 1140 + ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter); 1141 + if (likely(ret == sizeof(rsp))) 1142 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0); 1143 else 1144 pr_err("Faulted on virtio_scsi_ctrl_tmf_resp\n"); ··· 1147 struct vhost_virtqueue *vq, 1148 struct vhost_scsi_ctx *vc) 1149 { 1150 struct virtio_scsi_ctrl_an_resp rsp; 1151 + struct iov_iter iov_iter; 1152 int ret; 1153 1154 pr_debug("%s\n", __func__); 1155 memset(&rsp, 0, sizeof(rsp)); /* event_actual = 0 */ 1156 rsp.response = VIRTIO_SCSI_S_OK; 1157 + 1158 + iov_iter_init(&iov_iter, READ, &vq->iov[vc->out], vc->in, sizeof(rsp)); 1159 + 1160 + ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter); 1161 + if (likely(ret == sizeof(rsp))) 1162 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0); 1163 else 1164 pr_err("Faulted on virtio_scsi_ctrl_an_resp\n");