On Sat, Sep 27, 2025 at 2:25 PM Dan Carpenter <[email protected]> wrote: > > The group is supposed to be copied to the user, but it wasn't assigned > until after the copy_to_user(). Move the "s.num = group;" earlier. > > Fixes: ffc3634b6696 ("vduse: add vq group support") > Signed-off-by: Dan Carpenter <[email protected]> > --- > This goes through the kvm tree I think. > > drivers/vhost/vdpa.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c > index 6305382eacbb..25ab4d06e559 100644 > --- a/drivers/vhost/vdpa.c > +++ b/drivers/vhost/vdpa.c > @@ -667,9 +667,9 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, > unsigned int cmd, > group = ops->get_vq_group(vdpa, idx); > if (group >= vdpa->ngroups || group > U32_MAX || group < 0) > return -EIO; > - else if (copy_to_user(argp, &s, sizeof(s))) > - return -EFAULT; > s.num = group; > + if (copy_to_user(argp, &s, sizeof(s))) > + return -EFAULT; > return 0; > } > case VHOST_VDPA_GET_VRING_DESC_GROUP:
Thank you very much for the report Dan! that should be fixed in v5.
