Stefano Garzarella
2022-Dec-05 09:47 UTC
[PATCH v2] net: vmw_vsock: vmci: Check memcpy_from_msg()
On Sat, Dec 03, 2022 at 11:33:12AM +0300, Artem Chernyshev wrote:>vmci_transport_dgram_enqueue() does not check the return value >of memcpy_from_msg(). Return with an error if the memcpy fails. > >Found by Linux Verification Center (linuxtesting.org) with SVACE. > >Fixes: 0f7db23a07af ("vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr") >Signed-off-by: Artem Chernyshev <artem.chernyshev at red-soft.ru> >--- >V1->V2 Fix memory leaking and updates for description > > net/vmw_vsock/vmci_transport.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c >index 842c94286d31..c94c3deaa09d 100644 >--- a/net/vmw_vsock/vmci_transport.c >+++ b/net/vmw_vsock/vmci_transport.c >@@ -1711,7 +1711,10 @@ static int vmci_transport_dgram_enqueue( > if (!dg) > return -ENOMEM; > >- memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len); >+ if (memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len)) { >+ kfree(dg); >+ return -EFAULT;Since memcpy_from_msg() is a wrapper of copy_from_iter_full() that simply returns -EFAULT in case of an error, perhaps it would be better here to return the value of memcpy_from_msg() instead of wiring the error. However in the end the behavior is the same, so even if you don't want to change it I'll leave my R-b: Reviewed-by: Stefano Garzarella <sgarzare at redhat.com> Thanks, Stefano