From: Julian Wiedmann <jwi@xxxxxxxxxxxxx> Date: Wed, 28 Nov 2018 16:20:50 +0100 > The response for a SNMP request can consist of multiple parts, which > the cmd callback stages into a kernel buffer until all parts have been > received. If the callback detects that the staging buffer provides > insufficient space, it bails out with error. > This processing is buggy for the first part of the response - while it > initially checks for a length of 'data_len', it later copies an > additional amount of 'offsetof(struct qeth_snmp_cmd, data)' bytes. > > Fix the calculation of 'data_len' for the first part of the response. > This also nicely cleans up the memcpy code. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Julian Wiedmann <jwi@xxxxxxxxxxxxx> > Reviewed-by: Ursula Braun <ubraun@xxxxxxxxxxxxx> Applied and queued up for -stable.