diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2007-12-20 14:54:42 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-01-30 02:06:01 -0500 |
| commit | a661b77fc12a172edea4b709e37f8cd58a6bd500 (patch) | |
| tree | ded0b18213329ec39682ad63530e849fafed22c0 | |
| parent | 369af0f1166f7a637751110395496cee156b4297 (diff) | |
NFS: Fix use of copy_to_user() in idmap_pipe_upcall
The idmap_pipe_upcall() function expects the copy_to_user() function to
return a negative error value if the call fails, but copy_to_user()
returns an unsigned long number of bytes that couldn't be copied.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| -rw-r--r-- | fs/nfs/idmap.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c index c56fc7d5a46e..d93e071b900c 100644 --- a/fs/nfs/idmap.c +++ b/fs/nfs/idmap.c | |||
| @@ -358,17 +358,15 @@ idmap_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg, | |||
| 358 | char __user *dst, size_t buflen) | 358 | char __user *dst, size_t buflen) |
| 359 | { | 359 | { |
| 360 | char *data = (char *)msg->data + msg->copied; | 360 | char *data = (char *)msg->data + msg->copied; |
| 361 | ssize_t mlen = msg->len - msg->copied; | 361 | size_t mlen = min(msg->len, buflen); |
| 362 | ssize_t left; | 362 | unsigned long left; |
| 363 | |||
| 364 | if (mlen > buflen) | ||
| 365 | mlen = buflen; | ||
| 366 | 363 | ||
| 367 | left = copy_to_user(dst, data, mlen); | 364 | left = copy_to_user(dst, data, mlen); |
| 368 | if (left < 0) { | 365 | if (left == mlen) { |
| 369 | msg->errno = left; | 366 | msg->errno = -EFAULT; |
| 370 | return left; | 367 | return -EFAULT; |
| 371 | } | 368 | } |
| 369 | |||
| 372 | mlen -= left; | 370 | mlen -= left; |
| 373 | msg->copied += mlen; | 371 | msg->copied += mlen; |
| 374 | msg->errno = 0; | 372 | msg->errno = 0; |