| Message ID | 1470199327-5833-1-git-send-email-rodrigo.vivi@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Aug 02, 2016 at 09:42:06PM -0700, Rodrigo Vivi wrote: > Copy to user return the number of bytes it couldn't write > and zero on success. So any number different than 0 should > be considered a fault, not only when it doesn't write > the full size. > > Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com> > --- > drivers/gpu/drm/i915/i915_debugfs.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c > index 7c42ec4..7052c47 100644 > --- a/drivers/gpu/drm/i915/i915_debugfs.c > +++ b/drivers/gpu/drm/i915/i915_debugfs.c > @@ -3632,7 +3632,6 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, > while (n_entries > 0) { > struct intel_pipe_crc_entry *entry = > &pipe_crc->entries[pipe_crc->tail]; > - int ret; > > if (CIRC_CNT(pipe_crc->head, pipe_crc->tail, > INTEL_PIPE_CRC_ENTRIES_NR) < 1) > @@ -3649,8 +3648,7 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, > > spin_unlock_irq(&pipe_crc->lock); > > - ret = copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN); > - if (ret == PIPE_CRC_LINE_LEN) > + if (!copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN)) A bad '!' snuck in. > return -EFAULT; > > user_buf += PIPE_CRC_LINE_LEN; > -- > 2.5.5 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
On Tue, Aug 02, 2016 at 09:42:06PM -0700, Rodrigo Vivi wrote: > Copy to user return the number of bytes it couldn't write > and zero on success. So any number different than 0 should > be considered a fault, not only when it doesn't write > the full size. > > Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com> I audited all the other places we use copy_*_user. We have a bit a mess between negative errno and unwritten bytes for our own copy functions, but seems consistent (except this one here). Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> > --- > drivers/gpu/drm/i915/i915_debugfs.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c > index 7c42ec4..7052c47 100644 > --- a/drivers/gpu/drm/i915/i915_debugfs.c > +++ b/drivers/gpu/drm/i915/i915_debugfs.c > @@ -3632,7 +3632,6 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, > while (n_entries > 0) { > struct intel_pipe_crc_entry *entry = > &pipe_crc->entries[pipe_crc->tail]; > - int ret; > > if (CIRC_CNT(pipe_crc->head, pipe_crc->tail, > INTEL_PIPE_CRC_ENTRIES_NR) < 1) > @@ -3649,8 +3648,7 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, > > spin_unlock_irq(&pipe_crc->lock); > > - ret = copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN); > - if (ret == PIPE_CRC_LINE_LEN) > + if (!copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN)) > return -EFAULT; > > user_buf += PIPE_CRC_LINE_LEN; > -- > 2.5.5 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c index 7c42ec4..7052c47 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -3632,7 +3632,6 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, while (n_entries > 0) { struct intel_pipe_crc_entry *entry = &pipe_crc->entries[pipe_crc->tail]; - int ret; if (CIRC_CNT(pipe_crc->head, pipe_crc->tail, INTEL_PIPE_CRC_ENTRIES_NR) < 1) @@ -3649,8 +3648,7 @@ i915_pipe_crc_read(struct file *filep, char __user *user_buf, size_t count, spin_unlock_irq(&pipe_crc->lock); - ret = copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN); - if (ret == PIPE_CRC_LINE_LEN) + if (!copy_to_user(user_buf, buf, PIPE_CRC_LINE_LEN)) return -EFAULT; user_buf += PIPE_CRC_LINE_LEN;
Copy to user return the number of bytes it couldn't write and zero on success. So any number different than 0 should be considered a fault, not only when it doesn't write the full size. Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com> --- drivers/gpu/drm/i915/i915_debugfs.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)