debug lk

hc

2024-02-20 e636c8d336489bf3eed5878299e6cc045bbad077

 kernel/drivers/misc/vmw_vmci/vmci_host.c
..
..
@@ -1,21 +1,12 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * VMware VMCI Driver
3
4
  *
4
5
  * Copyright (C) 2012 VMware, Inc. All rights reserved.
5
- *
6
- * This program is free software; you can redistribute it and/or modify it
7
- * under the terms of the GNU General Public License as published by the
8
- * Free Software Foundation version 2 and no later version.
9
- *
10
- * This program is distributed in the hope that it will be useful, but
11
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13
- * for more details.
14
6
  */
15
7
 
16
8
 #include <linux/vmw_vmci_defs.h>
17
9
 #include <linux/vmw_vmci_api.h>
18
-#include <linux/moduleparam.h>
19
10
 #include <linux/miscdevice.h>
20
11
 #include <linux/interrupt.h>
21
12
 #include <linux/highmem.h>
..
..
@@ -117,6 +108,11 @@
117
108
 	     atomic_read(&vmci_host_active_users) > 0);
118
109
 }
119
110
 
111
+int vmci_host_users(void)
112
+{
113
+	return atomic_read(&vmci_host_active_users);
114
+}
115
+
120
116
 /*
121
117
  * Called on open of /dev/vmci.
122
118
  */
..
..
@@ -169,10 +165,16 @@
169
165
 static __poll_t vmci_host_poll(struct file *filp, poll_table *wait)
170
166
 {
171
167
 	struct vmci_host_dev *vmci_host_dev = filp->private_data;
172
-	struct vmci_ctx *context = vmci_host_dev->context;
168
+	struct vmci_ctx *context;
173
169
 	__poll_t mask = 0;
174
170
 
175
171
 	if (vmci_host_dev->ct_type == VMCIOBJ_CONTEXT) {
172
+		/*
173
+		 * Read context only if ct_type == VMCIOBJ_CONTEXT to make
174
+		 * sure that context is initialized
175
+		 */
176
+		context = vmci_host_dev->context;
177
+
176
178
 		/* Check for VMCI calls to this VM context. */
177
179
 		if (wait)
178
180
 			poll_wait(filp, &context->host_context.wait_queue,
..
..
@@ -237,13 +239,11 @@
237
239
 	 * about the size.
238
240
 	 */
239
241
 	BUILD_BUG_ON(sizeof(bool) != sizeof(u8));
240
-	if (!access_ok(VERIFY_WRITE, (void __user *)uva, sizeof(u8)))
241
-		return VMCI_ERROR_GENERIC;
242
242
 
243
243
 	/*
244
244
 	 * Lock physical page backing a given user VA.
245
245
 	 */
246
-	retval = get_user_pages_fast(uva, 1, 1, &context->notify_page);
246
+	retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page);
247
247
 	if (retval != 1) {
248
248
 		context->notify_page = NULL;
249
249
 		return VMCI_ERROR_GENERIC;
..
..
@@ -347,6 +347,8 @@
347
347
 	vmci_host_dev->ct_type = VMCIOBJ_CONTEXT;
348
348
 	atomic_inc(&vmci_host_active_users);
349
349
 
350
+	vmci_call_vsock_callback(true);
351
+
350
352
 	retval = 0;
351
353
 
352
354
 out:
..
..
@@ -448,14 +450,11 @@
448
450
 	struct vmci_handle handle;
449
451
 	int vmci_status;
450
452
 	int __user *retptr;
451
-	u32 cid;
452
453
 
453
454
 	if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) {
454
455
 		vmci_ioctl_err("only valid for contexts\n");
455
456
 		return -EINVAL;
456
457
 	}
457
-
458
-	cid = vmci_ctx_get_id(vmci_host_dev->context);
459
458
 
460
459
 	if (vmci_host_dev->user_version < VMCI_VERSION_NOVMVM) {
461
460
 		struct vmci_qp_alloc_info_vmvm alloc_info;
..
..
@@ -754,19 +753,10 @@
754
753
 	if (copy_from_user(&set_info, uptr, sizeof(set_info)))
755
754
 		return -EFAULT;
756
755
 
757
-	cpt_buf = kmalloc(set_info.buf_size, GFP_KERNEL);
758
-	if (!cpt_buf) {
759
-		vmci_ioctl_err(
760
-			"cannot allocate memory to set cpt state (type=%d)\n",
761
-			set_info.cpt_type);
762
-		return -ENOMEM;
763
-	}
764
-
765
-	if (copy_from_user(cpt_buf, (void __user *)(uintptr_t)set_info.cpt_buf,
766
-			   set_info.buf_size)) {
767
-		retval = -EFAULT;
768
-		goto out;
769
-	}
756
+	cpt_buf = memdup_user((void __user *)(uintptr_t)set_info.cpt_buf,
757
+				set_info.buf_size);
758
+	if (IS_ERR(cpt_buf))
759
+		return PTR_ERR(cpt_buf);
770
760
 
771
761
 	cid = vmci_ctx_get_id(vmci_host_dev->context);
772
762
 	set_info.result = vmci_ctx_set_chkpt_state(cid, set_info.cpt_type,
..
..
@@ -774,7 +764,6 @@
774
764
 
775
765
 	retval = copy_to_user(uptr, &set_info, sizeof(set_info)) ? -EFAULT : 0;
776
766
 
777
-out:
778
767
 	kfree(cpt_buf);
779
768
 	return retval;
780
769
 }
..
..
@@ -983,7 +972,7 @@
983
972
 	.release	= vmci_host_close,
984
973
 	.poll		= vmci_host_poll,
985
974
 	.unlocked_ioctl	= vmci_host_unlocked_ioctl,
986
-	.compat_ioctl	= vmci_host_unlocked_ioctl,
975
+	.compat_ioctl	= compat_ptr_ioctl,
987
976
 };
988
977
 
989
978
 static struct miscdevice vmci_host_miscdev = {