Re: [PATCH] usb: gadget: f_fs: report error if excess data received

From: Krzysztof Opasiak
Date: Mon May 16 2016 - 12:35:24 EST



Hi Michal,

On 05/16/2016 06:05 PM, Michal Nazarewicz wrote:
> So Iâve been looking at AIO handling in f_fs and either Iâm stupid or
> the code is broken. Hereâs part of ffs_user_copy_worker:
>
> int ret = io_data->req->status ? io_data->req->status :
> io_data->req->actual;
> if (io_data->read && ret > 0) {
> use_mm(io_data->mm);
> ret = copy_to_iter(io_data->buf, ret, &io_data->data);
> if (iov_iter_count(&io_data->data))
> ret = -EFAULT;
> unuse_mm(io_data->mm);
> }
>
> First of all, shouldnât the copy_to_iter invocation be:
>
> if (copy_to_iter(io_data->buf, ret, &io_data->data))
> ret = -EFAULT;
>
> Second of all, if the request reads fewer bytes than user requested,
> iov_iter_count(â) will be non-zero (namely it will be the difference
> between userâs buffer size and data read). This should not result in
> EFAULT though.
>
> So, am I going crazy? Or does this need to be fixed as well?
>

I think it has been already fixed:

http://permalink.gmane.org/gmane.linux.usb.general/139316

Cheers,
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics