On Wed, Aug 12, 2015 at 11:05:58PM +0530, Chandra S Gorentla wrote: > - if (copy_from_user(buffer, buf, count)) { > + ret = simple_write_to_buffer(buffer, sizeof(buffer), ppos, buf, count); This part doesn't make sense. Use copy_from_user(). Also it's not NUL terminated so it leads to a read past the end of the array later. In the original code, we just looked at the first char and didn't use kstrtoint() so we didn't care about NUL termination. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html