• Wu Fengguang's avatar
    > @@ -547,20 +541,20 @@ static ssize_t write_kmem(struct file * · 69a6aba7
    Wu Fengguang authored
    >  		if (!kbuf)
    >  			return wrote ? wrote : -ENOMEM;
    >  		while (count > 0) {
    > -			int len = size_inside_page(p, count);
    > +			unsigned long sz = size_inside_page(p, count);
    >
    > -			written = copy_from_user(kbuf, buf, len);
    > -			if (written) {
    > +			sz = copy_from_user(kbuf, buf, sz);
    
    Sorry, it introduced a bug: the "sz" will be zero in normal,
    
    > +			if (sz) {
    >  				if (wrote + virtr)
    >  					break;
    >  				free_page((unsigned long)kbuf);
    >  				return -EFAULT;
    >  			}
    > -			len = vwrite(kbuf, (char *)p, len);
    > +			sz = vwrite(kbuf, (char *)p, sz);
    
    and get passed to vwrite here.
    
    This patch fixes it, the new var "n" will be used in another bug
    fixing patch following this one.
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    69a6aba7
mem.c 19.2 KB