n_tty: Fix calculation of size in canon_copy_from_read_buf
authorMark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Mon, 18 May 2015 00:01:48 +0000 (12:01 +1200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 24 May 2015 19:43:50 +0000 (12:43 -0700)
There was a hardcoded value of 4096 which should have been N_TTY_BUF_SIZE.
This caused reads from tty to fail with EFAULT when they shouldn't have
done if N_TTY_BUF_SIZE was declared to be something other than 4096.

Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/tty/n_tty.c

index cc57a3a6b02b348df95c827fd2c770e59ffca155..759604e57b2449ba256772f1ae161088b706fabb 100644 (file)
@@ -2070,8 +2070,8 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
 
        size = N_TTY_BUF_SIZE - tail;
        n = eol - tail;
-       if (n > 4096)
-               n += 4096;
+       if (n > N_TTY_BUF_SIZE)
+               n += N_TTY_BUF_SIZE;
        n += found;
        c = n;