The group is supposed to be copied to the user, but it wasn't assigned until after the copy_to_user(). Move the "s.num = group;" earlier. Fixes: ffc3634b6696 ("vduse: add vq group support") Signed-off-by: Dan Carpenter --- This goes through the kvm tree I think. drivers/vhost/vdpa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c index 6305382eacbb..25ab4d06e559 100644 --- a/drivers/vhost/vdpa.c +++ b/drivers/vhost/vdpa.c @@ -667,9 +667,9 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd, group = ops->get_vq_group(vdpa, idx); if (group >= vdpa->ngroups || group > U32_MAX || group < 0) return -EIO; - else if (copy_to_user(argp, &s, sizeof(s))) - return -EFAULT; s.num = group; + if (copy_to_user(argp, &s, sizeof(s))) + return -EFAULT; return 0; } case VHOST_VDPA_GET_VRING_DESC_GROUP: -- 2.51.0