Re: [PATCH v2] usb: gadget: return the right length in ffs_epfile_io()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.

On 03/04/2014 10:34 AM, Chuansheng Liu wrote:

When the request length is aligned to maxpacketsize, sometimes
the return length ret > the user space requested len.

At that time, we will use min_t(size_t, ret, len) to limit the
size in case of user data buffer overflow.

But we need return the min_t(size_t, ret, len) to tell the user
space rightly also.

Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
Reviewed-by: David Cohen <david.a.cohen@xxxxxxxxxxxxxxx>
Signed-off-by: Chuansheng Liu <chuansheng.liu@xxxxxxxxx>
---
  drivers/usb/gadget/f_fs.c | 14 ++++++++------
  1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
index 42f7a0e..780f877 100644
--- a/drivers/usb/gadget/f_fs.c
+++ b/drivers/usb/gadget/f_fs.c
@@ -845,12 +845,14 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
  			 * we may end up with more data then user space has
  			 * space for.
  			 */
-			ret = ep->status;
-			if (io_data->read && ret > 0 &&
-			    unlikely(copy_to_user(io_data->buf, data,
-						  min_t(size_t, ret,
-						  io_data->len))))
-				ret = -EFAULT;
+				ret = ep->status;

   Why the indentation jumped suddenly to the right?

+				if (io_data->read && ret > 0) {
+					ret = min_t(size_t, ret, io_data->len);
+
+					if (unlikely(copy_to_user(io_data->buf,
+						data, ret)))
+						ret = -EFAULT;
+				}
  			}
  			kfree(data);

WBR, Sergei

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux