projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f263fbb)
fix brown paperbag bug in inlined copy_..._iter()
authorAl Viro <viro@zeniv.linux.org.uk>
Mon, 10 Jul 2017 11:40:49 +0000 (07:40 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 10 Jul 2017 11:40:49 +0000 (07:40 -0400)
"copied nothing" == "return 0", not "return full size".

Fixes: aa28de275a24 "iov_iter/hardening: move object size checks to inlined part"
Spotted-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
include/linux/uio.h patch | blob | blame | history

diff --git a/include/linux/uio.h b/include/linux/uio.h
index 342d2dc225b95b51e36d0f9a8a37c990e69f4d74..8a642cda641c85c82f823979709ab3157dc28d4b 100644 (file)
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -103,7 +103,7 @@ static __always_inline __must_check
 size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
 {
        if (unlikely(!check_copy_size(addr, bytes, true)))
-               return bytes;
+               return 0;
        else
                return _copy_to_iter(addr, bytes, i);
 }
@@ -112,7 +112,7 @@ static __always_inline __must_check
 size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
 {
        if (unlikely(!check_copy_size(addr, bytes, false)))
-               return bytes;
+               return 0;
        else
                return _copy_from_iter(addr, bytes, i);
 }
@@ -130,7 +130,7 @@ static __always_inline __must_check
 size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
 {
        if (unlikely(!check_copy_size(addr, bytes, false)))
-               return bytes;
+               return 0;
        else
                return _copy_from_iter_nocache(addr, bytes, i);
 }
@@ -160,7 +160,7 @@ static __always_inline __must_check
 size_t copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
 {
        if (unlikely(!check_copy_size(addr, bytes, false)))
-               return bytes;
+               return 0;
        else
                return _copy_from_iter_flushcache(addr, bytes, i);
 }