diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2007-12-20 14:54:42 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-01-30 02:06:01 -0500 |
commit | a661b77fc12a172edea4b709e37f8cd58a6bd500 (patch) | |
tree | ded0b18213329ec39682ad63530e849fafed22c0 | |
parent | 369af0f1166f7a637751110395496cee156b4297 (diff) | |
download | lwn-a661b77fc12a172edea4b709e37f8cd58a6bd500.tar.gz lwn-a661b77fc12a172edea4b709e37f8cd58a6bd500.zip |
NFS: Fix use of copy_to_user() in idmap_pipe_upcall
The idmap_pipe_upcall() function expects the copy_to_user() function to
return a negative error value if the call fails, but copy_to_user()
returns an unsigned long number of bytes that couldn't be copied.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r-- | fs/nfs/idmap.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c index c56fc7d5a46e..d93e071b900c 100644 --- a/fs/nfs/idmap.c +++ b/fs/nfs/idmap.c @@ -358,17 +358,15 @@ idmap_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg, char __user *dst, size_t buflen) { char *data = (char *)msg->data + msg->copied; - ssize_t mlen = msg->len - msg->copied; - ssize_t left; - - if (mlen > buflen) - mlen = buflen; + size_t mlen = min(msg->len, buflen); + unsigned long left; left = copy_to_user(dst, data, mlen); - if (left < 0) { - msg->errno = left; - return left; + if (left == mlen) { + msg->errno = -EFAULT; + return -EFAULT; } + mlen -= left; msg->copied += mlen; msg->errno = 0; |