[PATCH][resend] copy_to_user return value check in fs/cifs/file.c

[Jesper Juhl]

Hi Steve,

Back around the time of 2.6.10 I submitted a patch to fix the compile 
warning about copy_to_user in fs/cifs/file.c. The patch generated some 
comments and suggestions from several people and I subsequently cut a new 
patch that took care of the issues raised. Allan Cox then Ack'ed that new 
patch and then discussion died out. Aparently the patch never made it into 
2.6.11, so I've re-diffed it against that and hereby submit it to you for 
inclusion once more.


Signed-off-by: Jesper Juhl <juhl-lkml@xxxxxx>

--- linux-2.6.11-orig/fs/cifs/file.c	2005-03-02 08:38:34.000000000 +0100
+++ linux-2.6.11/fs/cifs/file.c	2005-03-04 16:38:36.000000000 +0100
@@ -1148,6 +1148,7 @@ cifs_user_read(struct file * file, char 
 
 	for (total_read = 0,current_offset=read_data; read_size > total_read;
 				total_read += bytes_read,current_offset+=bytes_read) {
+		unsigned residue;
 		current_read_size = min_t(const int,read_size - total_read,cifs_sb->rsize);
 		rc = -EAGAIN;
 		smb_read_data = NULL;
@@ -1165,12 +1166,17 @@ cifs_user_read(struct file * file, char 
 				 &bytes_read, &smb_read_data);
 
 			pSMBr = (struct smb_com_read_rsp *)smb_read_data;
-			copy_to_user(current_offset,smb_read_data + 4/* RFC1001 hdr*/
+			residue = copy_to_user(current_offset, smb_read_data + 4 /* RFC1001 hdr */
 				+ le16_to_cpu(pSMBr->DataOffset), bytes_read);
 			if(smb_read_data) {
 				cifs_buf_release(smb_read_data);
 				smb_read_data = NULL;
 			}
+			if (residue) {
+				total_read += bytes_read - residue;
+				rc = -EFAULT;
+				break;
+			}
 		}
 		if (rc || (bytes_read == 0)) {
 			if (total_read) {


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/