From c43aeb198048f64abda8655fdcdebe71cf1877ba Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 10 Jul 2017 07:40:49 -0400 Subject: [PATCH] fix brown paperbag bug in inlined copy_..._iter() "copied nothing" == "return 0", not "return full size". Fixes: aa28de275a24 "iov_iter/hardening: move object size checks to inlined part" Spotted-by: Arnd Bergmann Signed-off-by: Al Viro --- include/linux/uio.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/uio.h b/include/linux/uio.h index 342d2dc225b9..8a642cda641c 100644 --- a/include/linux/uio.h +++ b/include/linux/uio.h @@ -103,7 +103,7 @@ static __always_inline __must_check size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i) { if (unlikely(!check_copy_size(addr, bytes, true))) - return bytes; + return 0; else return _copy_to_iter(addr, bytes, i); } @@ -112,7 +112,7 @@ static __always_inline __must_check size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i) { if (unlikely(!check_copy_size(addr, bytes, false))) - return bytes; + return 0; else return _copy_from_iter(addr, bytes, i); } @@ -130,7 +130,7 @@ static __always_inline __must_check size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i) { if (unlikely(!check_copy_size(addr, bytes, false))) - return bytes; + return 0; else return _copy_from_iter_nocache(addr, bytes, i); } @@ -160,7 +160,7 @@ static __always_inline __must_check size_t copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i) { if (unlikely(!check_copy_size(addr, bytes, false))) - return bytes; + return 0; else return _copy_from_iter_flushcache(addr, bytes, i); } -- 2.20.1