| Message ID | 20210303105912.GZ2222@kadam (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [RESEND] rsxx: Return -EFAULT if copy_to_user() fails | expand |
On 3/3/21 3:59 AM, Dan Carpenter wrote: > The copy_to_user() function returns the number of bytes remaining but > we want to return -EFAULT to the user if it can't complete the copy. > The "st" variable only holds zero on success or negative error codes on > failure so the type should be int. > > Fixes: 36f988e978f8 ("rsxx: Adding in debugfs entries.") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > I sent this last June as part of a 2 patch series. No one responded > to the patches. The first patch was a NULL derefence fix but I now > think that the correct fix for that is to remove the "enable_blkdev" > module option... Anyway, this patch is uncontroversial so I'm going to > resend it. Thanks Dan, applied.
diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index 6207449fa716f..558fa263acbc0 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -165,15 +165,17 @@ static ssize_t rsxx_cram_read(struct file *fp, char __user *ubuf, { struct rsxx_cardinfo *card = file_inode(fp)->i_private; char *buf; - ssize_t st; + int st; buf = kzalloc(cnt, GFP_KERNEL); if (!buf) return -ENOMEM; st = rsxx_creg_read(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); - if (!st) - st = copy_to_user(ubuf, buf, cnt); + if (!st) { + if (copy_to_user(ubuf, buf, cnt)) + st = -EFAULT; + } kfree(buf); if (st) return st;
The copy_to_user() function returns the number of bytes remaining but we want to return -EFAULT to the user if it can't complete the copy. The "st" variable only holds zero on success or negative error codes on failure so the type should be int. Fixes: 36f988e978f8 ("rsxx: Adding in debugfs entries.") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- I sent this last June as part of a 2 patch series. No one responded to the patches. The first patch was a NULL derefence fix but I now think that the correct fix for that is to remove the "enable_blkdev" module option... Anyway, this patch is uncontroversial so I'm going to resend it. drivers/block/rsxx/core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)