bpf: Fix error return value in bpf_copy_from_user_dynptr

On error, copy_from_user returns number of bytes not copied to
destination, but current implementation of copy_user_data_sleepable does
not handle that correctly and returns it as error value, which may
confuse user, expecting meaningful negative error value.

Fixes: a498ee7576de ("bpf: Implement dynptr copy kfuncs")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20250523181705.261585-1-mykyta.yatsenko5@gmail.com

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 289ff0c..132c8be 100644 (file)
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3555,8 +3555,12 @@ static __always_inline int copy_user_data_sleepable(void *dst, const void *unsaf
 {
        int ret;
 
-       if (!tsk) /* Read from the current task */
-               return copy_from_user(dst, (const void __user *)unsafe_src, size);
+       if (!tsk) { /* Read from the current task */
+               ret = copy_from_user(dst, (const void __user *)unsafe_src, size);
+               if (ret)
+                       return -EFAULT;
+               return 0;
+       }
 
        ret = access_process_vm(tsk, (unsigned long)unsafe_src, dst, size, 0);
        if (ret != size)