net/mlx4_core: Fix error handling when initializing CQ bufs in the driver
authorJack Morgenstein <jackm@dev.mellanox.co.il>
Tue, 22 Jan 2019 13:19:45 +0000 (15:19 +0200)
committerDavid S. Miller <davem@davemloft.net>
Fri, 25 Jan 2019 05:48:26 +0000 (21:48 -0800)
Procedure mlx4_init_user_cqes() handles returns by copy_to_user
incorrectly. copy_to_user() returns the number of bytes not copied.
Thus, a non-zero return should be treated as a -EFAULT error
(as is done elsewhere in the kernel). However, mlx4_init_user_cqes()
error handling simply returns the number of bytes not copied
(instead of -EFAULT).

Note, though, that this is a harmless bug: procedure mlx4_alloc_cq()
(which is the only caller of mlx4_init_user_cqes()) treats any
non-zero return as an error, but that returned error value is processed
internally, and not passed further up the call stack.

In addition, fixes the following sparse warning:
warning: incorrect type in argument 1 (different address spaces)
   expected void [noderef] <asn:1>*to
   got void *buf

Fixes: e45678973dcb ("{net, IB}/mlx4: Initialize CQ buffers in the driver when possible")
Reported by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/mellanox/mlx4/cq.c

index db909b6069b5076208dbae35bd9358676c050ed5..65f8a4b6ed0c45e59e206ea8a907275ae2177b9e 100644 (file)
@@ -306,14 +306,16 @@ static int mlx4_init_user_cqes(void *buf, int entries, int cqe_size)
 
        if (entries_per_copy < entries) {
                for (i = 0; i < entries / entries_per_copy; i++) {
-                       err = copy_to_user(buf, init_ents, PAGE_SIZE);
+                       err = copy_to_user((void __user *)buf, init_ents, PAGE_SIZE) ?
+                               -EFAULT : 0;
                        if (err)
                                goto out;
 
                        buf += PAGE_SIZE;
                }
        } else {
-               err = copy_to_user(buf, init_ents, entries * cqe_size);
+               err = copy_to_user((void __user *)buf, init_ents, entries * cqe_size) ?
+                       -EFAULT : 0;
        }
 
 out: