Hi again,
Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx> writes:
> @@ -811,7 +815,12 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
> */
> ret = interrupted ? -EINTR : ep->status;
> if (io_data->read && ret > 0) {
> - ret = copy_to_iter(data, ret, &io_data->data);
> + if (ret > io_data->expected_len)
> + pr_debug("FFS: size mismatch: %zd for %zd",
> + ret, io_data->expected_len);
> +
> + ret = copy_to_iter(data, io_data->expected_len,
> + &io_data->data);
we need a min() here. Better version below:
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 73515d54e1cc..6c49b152f46e 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -156,6 +156,8 @@ struct ffs_io_data {
struct usb_request *req;
struct ffs_data *ffs;
+
+ ssize_t expected_len;
};
struct ffs_desc_helper {
@@ -730,8 +732,10 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
* Controller may require buffer size to be aligned to
* maxpacketsize of an out endpoint.
*/
- if (io_data->read)
+ if (io_data->read) {
+ io_data->expected_len = data_len;
data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
+ }
spin_unlock_irq(&epfile->ffs->eps_lock);
data = kmalloc(data_len, GFP_KERNEL);
@@ -811,7 +815,15 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
*/
ret = interrupted ? -EINTR : ep->status;
if (io_data->read && ret > 0) {
- ret = copy_to_iter(data, ret, &io_data->data);
+ ssize_t bytes;
+
+ if (ret > io_data->expected_len)
+ pr_debug("FFS: size mismatch: %zd for %zd",
+ ret, io_data->expected_len);
+
+ bytes = min(ret, io_data->expected_len);
+
+ ret = copy_to_iter(data, bytes, &io_data->data);
if (!ret)
ret = -EFAULT;
}
--
balbi
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
