| Message ID | 20170630080106.yxyckztimezvpzrt@mwanda (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
> On Jun 30, 2017, at 3:01 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote: > > The copy_from/to_user() functions return the number of bytes remaining > to be copied but we had intended to return -EFAULT here. > > Fixes: bc88ac47d5cb ("scsi: cxlflash: Support AFU debug") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Good catch Dan! Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Dan, > The copy_from/to_user() functions return the number of bytes remaining > to be copied but we had intended to return -EFAULT here. > > Fixes: bc88ac47d5cb ("scsi: cxlflash: Support AFU debug") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Applied to 4.13/scsi-fixes, thanks!
diff --git a/drivers/scsi/cxlflash/main.c b/drivers/scsi/cxlflash/main.c index 7a787b6e21c4..56b6e294ab78 100644 --- a/drivers/scsi/cxlflash/main.c +++ b/drivers/scsi/cxlflash/main.c @@ -3415,9 +3415,10 @@ static int cxlflash_afu_debug(struct cxlflash_cfg *cfg, if (is_write) { req_flags |= SISL_REQ_FLAGS_HOST_WRITE; - rc = copy_from_user(kbuf, ubuf, ulen); - if (unlikely(rc)) + if (copy_from_user(kbuf, ubuf, ulen)) { + rc = -EFAULT; goto out; + } } } @@ -3445,8 +3446,10 @@ static int cxlflash_afu_debug(struct cxlflash_cfg *cfg, goto out; } - if (ulen && !is_write) - rc = copy_to_user(ubuf, kbuf, ulen); + if (ulen && !is_write) { + if (copy_to_user(ubuf, kbuf, ulen)) + rc = -EFAULT; + } out: kfree(buf); dev_dbg(dev, "%s: returning rc=%d\n", __func__, rc);
The copy_from/to_user() functions return the number of bytes remaining to be copied but we had intended to return -EFAULT here. Fixes: bc88ac47d5cb ("scsi: cxlflash: Support AFU debug") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>