Commit 30a1cd8c authored by CQ Tang's avatar CQ Tang Committed by Ben Hutchings

x86-64: Fix the failure case in copy_user_handle_tail()

commit 66db3feb upstream.

The increment of "to" in copy_user_handle_tail() will have incremented
before a failure has been noted.  This causes us to skip a byte in the
failure case.

Only do the increment when assured there is no failure.
Signed-off-by: default avatarCQ Tang <cq.tang@intel.com>
Link: http://lkml.kernel.org/r/20130318150221.8439.993.stgit@phlsvslse11.ph.intel.comSigned-off-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent b8f443eb
...@@ -169,10 +169,10 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) ...@@ -169,10 +169,10 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
char c; char c;
unsigned zero_len; unsigned zero_len;
for (; len; --len) { for (; len; --len, to++) {
if (__get_user_nocheck(c, from++, sizeof(char))) if (__get_user_nocheck(c, from++, sizeof(char)))
break; break;
if (__put_user_nocheck(c, to++, sizeof(char))) if (__put_user_nocheck(c, to, sizeof(char)))
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment