Hello.
On 03/04/2014 10:34 AM, Chuansheng Liu wrote:
When the request length is aligned to maxpacketsize, sometimes
the return length ret > the user space requested len.
At that time, we will use min_t(size_t, ret, len) to limit the
size in case of user data buffer overflow.
But we need return the min_t(size_t, ret, len) to tell the user
space rightly also.
Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
Reviewed-by: David Cohen <david.a.cohen@xxxxxxxxxxxxxxx>
Signed-off-by: Chuansheng Liu <chuansheng.liu@xxxxxxxxx>
---
drivers/usb/gadget/f_fs.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
index 42f7a0e..780f877 100644
--- a/drivers/usb/gadget/f_fs.c
+++ b/drivers/usb/gadget/f_fs.c
@@ -845,12 +845,14 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
* we may end up with more data then user space has
* space for.
*/
- ret = ep->status;
- if (io_data->read && ret > 0 &&
- unlikely(copy_to_user(io_data->buf, data,
- min_t(size_t, ret,
- io_data->len))))
- ret = -EFAULT;
+ ret = ep->status;
Why the indentation jumped suddenly to the right?
+ if (io_data->read && ret > 0) {
+ ret = min_t(size_t, ret, io_data->len);
+
+ if (unlikely(copy_to_user(io_data->buf,
+ data, ret)))
+ ret = -EFAULT;
+ }
}
kfree(data);
WBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
