Commit 82a8d0fd authored by zhang jiao's avatar zhang jiao Committed by Michael S. Tsirkin
Browse files

vhost: vringh: Modify the return value check 



The return value of copy_from_iter and copy_to_iter can't be negative,
check whether the copied lengths are equal.

Fixes: 309bba39 ("vringh: iterate on iotlb_translate to handle large translations")
Cc: "Stefano Garzarella" <sgarzare@redhat.com>
Signed-off-by: default avatarzhang jiao <zhangjiao2@cmss.chinamobile.com>
Message-Id: <20250910091739.2999-1-zhangjiao2@cmss.chinamobile.com>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent e5f0a698

drivers/vhost/vringh.c

+4 −3
Original line number Diff line number Diff line
@@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst, 
		struct iov_iter iter;

		u64 translated;

		int ret;

		size_t size;



		ret = iotlb_translate(vrh, (u64)(uintptr_t)src,

				      len - total_translated, &translated,
@@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst, 
				      translated);

		}



		ret = copy_from_iter(dst, translated, &iter);

		if (ret < 0)

			return ret;

		size = copy_from_iter(dst, translated, &iter);

		if (size != translated)

			return -EFAULT;



		src += translated;

		dst += translated;