vhost: vringh: Modify the return value check

The return value of copy_from_iter and copy_to_iter can't be negative,
check whether the copied lengths are equal.

Fixes: 309bba39c945 ("vringh: iterate on iotlb_translate to handle large translations")
Cc: "Stefano Garzarella" <sgarzare@redhat.com>
Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
Message-Id: <20250910091739.2999-1-zhangjiao2@cmss.chinamobile.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 9f27c3f6091b80b527a50f8557fc525e4f5190a4..0c8a17cbb22ea7068e7cb6bbdf0bbf750c770d56 100644 (file)
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -1115,6 +1115,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
                struct iov_iter iter;
                u64 translated;
                int ret;
+               size_t size;
 
                ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
                                      len - total_translated, &translated,
@@ -1132,9 +1133,9 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
                                      translated);
                }
 
-               ret = copy_from_iter(dst, translated, &iter);
-               if (ret < 0)
-                       return ret;
+               size = copy_from_iter(dst, translated, &iter);
+               if (size != translated)
+                       return -EFAULT;
 
                src += translated;
                dst += translated;