On Sun, Sep 21, 2025 at 04:59:36PM -0400, Michael S. Tsirkin wrote: > On Wed, Sep 10, 2025 at 05:17:38PM +0800, zhangjiao2 wrote: > > From: zhang jiao <zhangji...@cmss.chinamobile.com> > > > > The return value of copy_from_iter and copy_to_iter can't be negative, > > check whether the copied lengths are equal. > > > > Signed-off-by: zhang jiao <zhangji...@cmss.chinamobile.com> > > Well I don't see a fix for copy_to_iter here. > > > ret = copy_to_iter(src, translated, &iter); > if (ret < 0) > return ret; >
to clarify, pls send an additional patch to copy that one. > > > > > --- > > drivers/vhost/vringh.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > > index 9f27c3f6091b..0c8a17cbb22e 100644 > > --- a/drivers/vhost/vringh.c > > +++ b/drivers/vhost/vringh.c > > @@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh > > *vrh, void *dst, > > struct iov_iter iter; > > u64 translated; > > int ret; > > + size_t size; > > > > ret = iotlb_translate(vrh, (u64)(uintptr_t)src, > > len - total_translated, &translated, > > @@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh > > *vrh, void *dst, > > translated); > > } > > > > - ret = copy_from_iter(dst, translated, &iter); > > - if (ret < 0) > > - return ret; > > + size = copy_from_iter(dst, translated, &iter); > > + if (size != translated) > > + return -EFAULT; > > > > src += translated; > > dst += translated; > > -- > > 2.33.0 > > > >
