Displaying 20 results from an estimated 1564 matches for "efault".
Did you mean:
default
2011 Apr 13
1
[PATCH hivex] maint: split long lines
...o = ENOTSUP;
goto error;
@@ -586,7 +588,8 @@ hivex_node_name (hive_h *h, hive_node_h node)
size_t seg_len = block_len (h, node, NULL);
if (sizeof (struct ntreg_nk_record) + len - 1 > seg_len) {
if (h->msglvl >= 2)
- fprintf (stderr, "hivex_node_name: returning EFAULT because node name is too long (%zu, %zu)\n",
+ fprintf (stderr, "hivex_node_name: returning EFAULT because node name"
+ " is too long (%zu, %zu)\n",
len, seg_len);
errno = EFAULT;
return NULL;
@@ -733,7 +736,8 @@ get_children (hive_h *h,...
2012 Sep 08
3
[patch 1/3] xen/privcmd: check for integer overflow in ioctl
...er at oracle.com>
---
Only needed in linux-next.
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index 215a3c0..fdff8f9 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -325,6 +325,8 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version)
return -EFAULT;
/* Returns per-frame error in m.arr. */
m.err = NULL;
+ if (m.num > SIZE_MAX / sizeof(*m.arr))
+ return -EINVAL;
if (!access_ok(VERIFY_WRITE, m.arr, m.num * sizeof(*m.arr)))
return -EFAULT;
break;
@@ -332,6 +334,8 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, in...
2012 Sep 08
3
[patch 1/3] xen/privcmd: check for integer overflow in ioctl
...er at oracle.com>
---
Only needed in linux-next.
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index 215a3c0..fdff8f9 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -325,6 +325,8 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version)
return -EFAULT;
/* Returns per-frame error in m.arr. */
m.err = NULL;
+ if (m.num > SIZE_MAX / sizeof(*m.arr))
+ return -EINVAL;
if (!access_ok(VERIFY_WRITE, m.arr, m.num * sizeof(*m.arr)))
return -EFAULT;
break;
@@ -332,6 +334,8 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, in...
2011 Mar 19
1
[patch 1/2] xen-gntdev: return -EFAULT on copy_to_user failure
copy_to_user() returns the amount of data remaining to be copied. We
want to return a negative error code here. The upper layers just
call WARN_ON() if we return non-zero so this doesn't change the
behavior. But returning -EFAULT is still cleaner.
Signed-off-by: Dan Carpenter <error27 at gmail.com>
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -273,7 +273,7 @@ static int __unmap_grant_pages(struct grant_map *map, int of...
2011 Mar 19
1
[patch 1/2] xen-gntdev: return -EFAULT on copy_to_user failure
copy_to_user() returns the amount of data remaining to be copied. We
want to return a negative error code here. The upper layers just
call WARN_ON() if we return non-zero so this doesn't change the
behavior. But returning -EFAULT is still cleaner.
Signed-off-by: Dan Carpenter <error27 at gmail.com>
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -273,7 +273,7 @@ static int __unmap_grant_pages(struct grant_map *map, int of...
2011 Mar 19
1
[patch 1/2] xen-gntdev: return -EFAULT on copy_to_user failure
copy_to_user() returns the amount of data remaining to be copied. We
want to return a negative error code here. The upper layers just
call WARN_ON() if we return non-zero so this doesn't change the
behavior. But returning -EFAULT is still cleaner.
Signed-off-by: Dan Carpenter <error27 at gmail.com>
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -273,7 +273,7 @@ static int __unmap_grant_pages(struct grant_map *map, int of...
2008 Mar 20
0
[RFC/PATCH 07/15] kvm-s390: interrupt subsystem, cpu timer, waitpsw
...addr = disp2;
+ if (base2)
+ useraddr += vcpu->arch.guest_gprs[base2];
+
+ reg = reg1;
+
+ VCPU_EVENT(vcpu, 5, "lctg r1:%x, r3:%x,b2:%x,d2:%x", reg1, reg3, base2,
+ disp2);
+
+ do {
+ rc = get_guest_u64(vcpu, useraddr,
+ &vcpu->arch.sie_block->gcr[reg]);
+ if (rc == -EFAULT) {
+ kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
+ break;
+ }
+ useraddr += 8;
+ if (reg == reg3)
+ break;
+ reg = reg + 1;
+ if (reg > 15)
+ reg = 0;
+ } while (1);
+ return 0;
+}
+
+static int handle_lctl(struct kvm_vcpu *vcpu)
+{
+ int reg1 = (vcpu->arch.sie_block->i...
2005 Dec 09
0
[PATCH] If copy_to_user fails, return EFAULT
...y''s patches to add make check and make fullcheck
allow you to run portions of the hypervisor under valgrind. While doing
this, I noticed that there are a lot of places in dom0_ops.c that we''re
either not checking the return value of copy_to_user or returning EINVAL
instead of EFAULT.
The attach patch makes sure wherever we call copy_to_user we check for
error and return EFAULT.
Regards,
Anthony Liguor
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
2018 Oct 12
2
[PATCH net-next V2 6/8] vhost: packed ring support
...+ }
> break;
> case VHOST_GET_VRING_BASE:
> s.index = idx;
> s.num = vq->last_avail_idx;
> + if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED))
> + s.num |= vq->last_avail_wrap_counter << 31;
> + if (copy_to_user(argp, &s, sizeof(s)))
> + r = -EFAULT;
> + break;
> + case VHOST_SET_VRING_USED_BASE:
> + /* Moving base with an active backend?
> + * You don't want to do that.
> + */
> + if (vq->private_data) {
> + r = -EBUSY;
> + break;
> + }
> + if (copy_from_user(&s, argp, sizeof(s))) {
> +...
2018 Oct 12
2
[PATCH net-next V2 6/8] vhost: packed ring support
...+ }
> break;
> case VHOST_GET_VRING_BASE:
> s.index = idx;
> s.num = vq->last_avail_idx;
> + if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED))
> + s.num |= vq->last_avail_wrap_counter << 31;
> + if (copy_to_user(argp, &s, sizeof(s)))
> + r = -EFAULT;
> + break;
> + case VHOST_SET_VRING_USED_BASE:
> + /* Moving base with an active backend?
> + * You don't want to do that.
> + */
> + if (vq->private_data) {
> + r = -EBUSY;
> + break;
> + }
> + if (copy_from_user(&s, argp, sizeof(s))) {
> +...
2013 Jul 25
19
[PATCH hivex 00/19] Fix read/write handling of li-records.
This is, hopefully, a full fix for handling of li-records.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=717583
https://bugzilla.redhat.com/show_bug.cgi?id=987463
Rich.
2007 Apr 18
0
[Bridge] [PATCH] (4/11) bridge - ioctl cleanup and consolidation
...-static int br_dev_do_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
-{
- unsigned long args[4];
- unsigned long *data;
-
- if (cmd != SIOCDEVPRIVATE)
- return -EOPNOTSUPP;
-
- data = (unsigned long *)rq->ifr_data;
- if (copy_from_user(args, data, 4*sizeof(unsigned long)))
- return -EFAULT;
-
- return br_ioctl_device(dev->priv, args[0], args[1], args[2], args[3]);
-}
-
static struct net_device_stats *br_dev_get_stats(struct net_device *dev)
{
struct net_bridge *br;
@@ -115,7 +100,7 @@
ether_setup(dev);
- dev->do_ioctl = br_dev_do_ioctl;
+ dev->do_ioctl = br_dev_ioc...
2019 Sep 12
1
[PATCH 2/4] mm/hmm: allow snapshot of the special zero page
...m.c
> +++ b/mm/hmm.c
> @@ -532,7 +532,7 @@ static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr,
> return -EBUSY;
> } else if (IS_ENABLED(CONFIG_ARCH_HAS_PTE_SPECIAL) && pte_special(pte)) {
> *pfn = range->values[HMM_PFN_SPECIAL];
> - return -EFAULT;
> + return is_zero_pfn(pte_pfn(pte)) ? 0 : -EFAULT;
Any chance to just use a normal if here:
if (!is_zero_pfn(pte_pfn(pte)))
return -EFAULT;
return 0;
2016 Aug 02
1
[PATCH -next] vhost: fix missing unlock on error in vhost_net_set_features()
...t/net.c
@@ -1104,13 +1104,12 @@ static int vhost_net_set_features(struct vhost_net *n, u64 features)
}
mutex_lock(&n->dev.mutex);
if ((features & (1 << VHOST_F_LOG_ALL)) &&
- !vhost_log_access_ok(&n->dev)) {
- mutex_unlock(&n->dev.mutex);
- return -EFAULT;
- }
+ !vhost_log_access_ok(&n->dev))
+ goto out_unlock;
+
if ((features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))) {
if (vhost_init_device_iotlb(&n->dev, true))
- return -EFAULT;
+ goto out_unlock;
}
for (i = 0; i < VHOST_NET_VQ_MAX; ++i) {
@@ -1122,6 +112...
2016 Aug 02
1
[PATCH -next] vhost: fix missing unlock on error in vhost_net_set_features()
...t/net.c
@@ -1104,13 +1104,12 @@ static int vhost_net_set_features(struct vhost_net *n, u64 features)
}
mutex_lock(&n->dev.mutex);
if ((features & (1 << VHOST_F_LOG_ALL)) &&
- !vhost_log_access_ok(&n->dev)) {
- mutex_unlock(&n->dev.mutex);
- return -EFAULT;
- }
+ !vhost_log_access_ok(&n->dev))
+ goto out_unlock;
+
if ((features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))) {
if (vhost_init_device_iotlb(&n->dev, true))
- return -EFAULT;
+ goto out_unlock;
}
for (i = 0; i < VHOST_NET_VQ_MAX; ++i) {
@@ -1122,6 +112...
2018 Dec 13
1
[PATCH net-next 1/3] vhost: generalize adding used elem
...ct vhost_virtqueue *vq,
>
> start = vq->last_used_idx & (vq->num - 1);
> used = vq->used->ring + start;
> - if (count == 1) {
> - if (vhost_put_user(vq, heads[0].id, &used->id)) {
> - vq_err(vq, "Failed to write used id");
> - return -EFAULT;
> - }
> - if (vhost_put_user(vq, heads[0].len, &used->len)) {
> - vq_err(vq, "Failed to write used len");
> - return -EFAULT;
> - }
> - } else if (vhost_copy_to_user(vq, used, heads, count * sizeof *used)) {
> + if (vhost_copy_to_user(vq, used, heads, c...
2018 Oct 15
2
[PATCH net-next V2 6/8] vhost: packed ring support
...SE:
>>> s.index = idx;
>>> s.num = vq->last_avail_idx;
>>> + if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED))
>>> + s.num |= vq->last_avail_wrap_counter << 31;
>>> + if (copy_to_user(argp, &s, sizeof(s)))
>>> + r = -EFAULT;
>>> + break;
>>> + case VHOST_SET_VRING_USED_BASE:
>>> + /* Moving base with an active backend?
>>> + * You don't want to do that.
>>> + */
>>> + if (vq->private_data) {
>>> + r = -EBUSY;
>>> + break;
>>...
2018 Oct 15
2
[PATCH net-next V2 6/8] vhost: packed ring support
...SE:
>>> s.index = idx;
>>> s.num = vq->last_avail_idx;
>>> + if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED))
>>> + s.num |= vq->last_avail_wrap_counter << 31;
>>> + if (copy_to_user(argp, &s, sizeof(s)))
>>> + r = -EFAULT;
>>> + break;
>>> + case VHOST_SET_VRING_USED_BASE:
>>> + /* Moving base with an active backend?
>>> + * You don't want to do that.
>>> + */
>>> + if (vq->private_data) {
>>> + r = -EBUSY;
>>> + break;
>>...
1999 Sep 15
0
FreeBSD Security Advisory: FreeBSD-SA-99:04.core
...ting core files. This will stop
this attack, and all similar such attacks.
Here's the patch for freebsd-current:
*** kern/imgact_elf.c 1999/07/09 19:10:14 1.61
--- kern/imgact_elf.c 1999/08/26 17:32:48 1.62
***************
*** 722,729 ****
if (name == NULL)
return (EFAULT); /* XXX -- not the best error */
! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR);
free(name, M_TEMP);
if (error)
return (error);
--- 722,729 ----
if (name == NULL)
return (EFAULT); /...
2018 May 18
3
KASAN: use-after-free Read in vhost_chr_write_iter
...tions can run concurrently (please see call sequence below),
> and possibly, there is a race on dev->iotlb.
> If the switch occurs right after vhost_dev_cleanup() frees
> dev->iotlb, vhost_process_iotlb_msg() still sees the non-null value and it
> keep executing without returning -EFAULT. Consequently, use-after-free
> occures
>
>
> Thread interleaving:
> CPU0 (vhost_process_iotlb_msg) CPU1 (vhost_dev_cleanup)
> (In the case of both VHOST_IOTLB_UPDATE and
> VHOST_IOTLB_INVALIDATE)
> ===== =====
> vhost_umem_clean(dev->iotlb);
> if (!...