If an event occurs while the hid debugfs is forwarding events, list->tail is updated during copy_to_user(). Remove the gotos and use a regular while-loop to empty the queue. Second benefit, it checks that we are not writing more than count bytes to the user-space output buffer. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> --- drivers/hid/hid-debug.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index 094cbcf..1dc8104 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -1000,6 +1000,7 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct hid_debug_list *list = file->private_data; + char *buf_head; int ret = 0, len; DECLARE_WAITQUEUE(wait, current); @@ -1039,28 +1040,22 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, goto out; /* pass the ringbuffer contents to userspace */ -copy_rest: - if (list->tail == list->head) - goto out; - if (list->tail > list->head) { - len = list->tail - list->head; + while (list->tail != list->head && ret < count) { + buf_head = &list->hid_debug_buf[list->head]; - if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { - ret = -EFAULT; - goto out; - } - ret += len; - list->head += len; - } else { - len = HID_DEBUG_BUFSIZE - list->head; + if (list->tail > list->head) + len = list->tail - list->head; + else + len = HID_DEBUG_BUFSIZE - list->head; + + len = min(count - ret, len); - if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { + if (copy_to_user(buffer + ret, buf_head, len)) { ret = -EFAULT; goto out; } - list->head = 0; ret += len; - goto copy_rest; + list->head = (list->head + len) % HID_DEBUG_BUFSIZE; } } -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html