Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a661b77f authored by Chuck Lever's avatar Chuck Lever Committed by Trond Myklebust
Browse files

NFS: Fix use of copy_to_user() in idmap_pipe_upcall 



The idmap_pipe_upcall() function expects the copy_to_user() function to
return a negative error value if the call fails, but copy_to_user()
returns an unsigned long number of bytes that couldn't be copied.

Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 369af0f1

fs/nfs/idmap.c

+6 −8
Original line number Diff line number Diff line
@@ -358,17 +358,15 @@ idmap_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg, 
		  char __user *dst, size_t buflen)

{

	char *data = (char *)msg->data + msg->copied;

	ssize_t mlen = msg->len - msg->copied;

	ssize_t left;



	if (mlen > buflen)

		mlen = buflen;

	size_t mlen = min(msg->len, buflen);

	unsigned long left;



	left = copy_to_user(dst, data, mlen);

	if (left < 0) {

		msg->errno = left;

		return left;

	if (left == mlen) {

		msg->errno = -EFAULT;

		return -EFAULT;

	}



	mlen -= left;

	msg->copied += mlen;

	msg->errno = 0;