Skip to content

L
linux-davinci
Commit 58e7c92e authored by Wu Fengguang's avatar Wu Fengguang Committed by james toy
Browse files
Options

> @@ -547,20 +541,20 @@ static ssize_t write_kmem(struct file * 

>  		if (!kbuf)
>  			return wrote ? wrote : -ENOMEM;
>  		while (count > 0) {
> -			int len = size_inside_page(p, count);
> +			unsigned long sz = size_inside_page(p, count);
>
> -			written = copy_from_user(kbuf, buf, len);
> -			if (written) {
> +			sz = copy_from_user(kbuf, buf, sz);

Sorry, it introduced a bug: the "sz" will be zero in normal,

> +			if (sz) {
>  				if (wrote + virtr)
>  					break;
>  				free_page((unsigned long)kbuf);
>  				return -EFAULT;
>  			}
> -			len = vwrite(kbuf, (char *)p, len);
> +			sz = vwrite(kbuf, (char *)p, sz);

and get passed to vwrite here.

This patch fixes it, the new var "n" will be used in another bug
fixing patch following this one.
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent a43ef7cb
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
drivers/char/mem.c
View file @ 58e7c92e
......@@ -541,9 +541,10 @@ static ssize_t write_kmem(struct file * file, const char __user * buf,
return wrote ? wrote : -ENOMEM;
while (count > 0) {
unsigned long sz = size_inside_page(p, count);
unsigned long n;
sz = copy_from_user(kbuf, buf, sz);
if (sz) {
n = copy_from_user(kbuf, buf, sz);
if (n) {
if (wrote + virtr)
break;
free_page((unsigned long)kbuf);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment