Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

usb: ks_bridge: Fix bug in partial read on data buffer

Browse source 
If driver copies only partial data buffer to user space
it does not update the buffer pointer. In this case
buffer pointer is still pointing to the already read
buffer and will be copied again in next read request
from user space. This corrupts the contents of the
efs file or ram dump files. Hence update data buffer
pointer with length of memory read completed by user
space.

(cherry picked from commit b48f4737ac62a5c26b59eea59322186179c06ab0)

Change-Id: Ibc2a248394b1fd3ece7cef6a94e99e27dc4f9575
CRs-Fixed: 403250
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Neha Pandey <nehap@codeaurora.org>
This commit is contained in:
Hemant Kumar 2012-09-24 12:32:32 -07:00 committed by Stephen Boyd
parent 1f98b2440e
commit adc17898aa
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/usb/misc/ks_bridge.c
View file

@ -167,11 +167,10 @@ read_start:
size_t len;
pkt = list_first_entry(&ksb->to_ks_list, struct data_pkt, list);
len = min_t(size_t, space, pkt->len);
pkt->n_read += len;
len = min_t(size_t, space, pkt->len - pkt->n_read);
spin_unlock_irqrestore(&ksb->lock, flags);
ret = copy_to_user(buf + copied, pkt->buf, len);
ret = copy_to_user(buf + copied, pkt->buf + pkt->n_read, len);
if (ret) {
pr_err("copy_to_user failed err:%d\n", ret);
ksb_free_data_pkt(pkt);
@ -179,6 +178,7 @@ read_start:
return ret;
}
pkt->n_read += len;
space -= len;
copied += len;