<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 15, 2022 at 5:15 PM Rob Clark <<a href="mailto:robdclark@gmail.com">robdclark@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From: Rob Clark <<a href="mailto:robdclark@chromium.org" target="_blank">robdclark@chromium.org</a>><br>
<br>
The UABI was already defined for pointer to 64b value, and all the<br>
userspace users of this ioctl that I could find are already using a<br>
uint64_t (but zeroing it out to work around kernel only copying 32b).<br>
Unfortunately this ioctl doesn't have a length field, so out of paranoia<br>
I restricted the change to copy 64b to the single 64b param that can be<br>
queried.<br>
<br>
Fixes: 78aa20fa4381 ("drm/virtio: implement context init: advertise feature to userspace")<br>
Signed-off-by: Rob Clark <<a href="mailto:robdclark@chromium.org" target="_blank">robdclark@chromium.org</a>><br></blockquote><div><br></div><div><span class="gmail-il">Reviewed</span>-<span class="gmail-il">by</span>: <span class="gmail-il">Gurchetan</span> <span class="gmail-il">Singh</span> <<a href="mailto:gurchetansingh@chromium.org" target="_blank">gurchetansingh@chromium.org</a>></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
---<br>
 drivers/gpu/drm/virtio/virtgpu_ioctl.c | 16 ++++++++++++----<br>
 1 file changed, 12 insertions(+), 4 deletions(-)<br>
<br>
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c<br>
index 0f2f3f54dbf9..0158d27d5645 100644<br>
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c<br>
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c<br>
@@ -269,7 +269,8 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,<br>
 {<br>
        struct virtio_gpu_device *vgdev = dev->dev_private;<br>
        struct drm_virtgpu_getparam *param = data;<br>
-       int value;<br>
+       int value, ret, sz = sizeof(int);<br>
+       uint64_t value64;<br>
<br>
        switch (param->param) {<br>
        case VIRTGPU_PARAM_3D_FEATURES:<br>
@@ -291,13 +292,20 @@ static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,<br>
                value = vgdev->has_context_init ? 1 : 0;<br>
                break;<br>
        case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs:<br>
-               value = vgdev->capset_id_mask;<br>
+               value64 = vgdev->capset_id_mask;<br>
+               sz = sizeof(value64);<br>
                break;<br>
        default:<br>
                return -EINVAL;<br>
        }<br>
-       if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int)))<br>
-               return -EFAULT;<br>
+<br>
+       if (sz == sizeof(int)) {<br>
+               if (copy_to_user(u64_to_user_ptr(param->value), &value, sz))<br>
+                       return -EFAULT;<br>
+       } else {<br>
+               if (copy_to_user(u64_to_user_ptr(param->value), &value64, sz))<br>
+                       return -EFAULT;<br>
+       }<br>
<br>
        return 0;<br>
 }<br>
-- <br>
2.34.1<br>
<br>
</blockquote></div></div>