On Thu, Feb 27 2014, Chuansheng Liu <chuansheng.liu@xxxxxxxxx> wrote:
> When the request length is aligned to maxpacketsize, sometimes
> the return length ret > the user space requested len.
>
> At that time, we will use min_t(size_t, ret, len) to limit the
> size in case of user data buffer overflow.
>
> But we need return the min_t(size_t, ret, len) to tell the user
> space rightly also.
>
> Signed-off-by: Chuansheng Liu <chuansheng.liu@xxxxxxxxx>
Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
> ---
> drivers/usb/gadget/f_fs.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
> index 2b43343..31ee7af 100644
> --- a/drivers/usb/gadget/f_fs.c
> +++ b/drivers/usb/gadget/f_fs.c
> @@ -687,10 +687,12 @@ static ssize_t ffs_epfile_io(struct file *file,
> * space for.
> */
> ret = ep->status;
> - if (read && ret > 0 &&
> - unlikely(copy_to_user(buf, data,
> - min_t(size_t, ret, len))))
> - ret = -EFAULT;
> + if (read && ret > 0) {
> + ret = min_t(size_t, ret, len);
> +
> + if (unlikely(copy_to_user(buf, data, ret)))
> + ret = -EFAULT;
> + }
> }
> }
>
> --
> 1.9.rc0
>
--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michał “mina86” Nazarewicz (o o)
ooo +--<mpn@xxxxxxxxxx>--<xmpp:mina86@xxxxxxxxxx>--ooO--(_)--Ooo--
Attachment:
signature.asc
Description: PGP signature
