Re: [PATCH] usb: gadget: f_fs: report error if excess data received

From: Michal Nazarewicz
Date: Mon May 16 2016 - 12:05:50 EST


So Iâve been looking at AIO handling in f_fs and either Iâm stupid or
the code is broken. Hereâs part of ffs_user_copy_worker:

int ret = io_data->req->status ? io_data->req->status :
io_data->req->actual;
if (io_data->read && ret > 0) {
use_mm(io_data->mm);
ret = copy_to_iter(io_data->buf, ret, &io_data->data);
if (iov_iter_count(&io_data->data))
ret = -EFAULT;
unuse_mm(io_data->mm);
}

First of all, shouldnât the copy_to_iter invocation be:

if (copy_to_iter(io_data->buf, ret, &io_data->data))
ret = -EFAULT;

Second of all, if the request reads fewer bytes than user requested,
iov_iter_count(â) will be non-zero (namely it will be the difference
between userâs buffer size and data read). This should not result in
EFAULT though.

So, am I going crazy? Or does this need to be fixed as well?

--
Best regards
ããã âðððð86â ãããããã
ÂIf at first you donât succeed, give up skydivingÂ