The copy_from_user() function returns the number of bytes remaining to
be copied but we should return -EFAULT here.
Fixes: 007888f365c9 ("ipmi: ssif_bmc: Add SSIF BMC driver")
Signed-off-by: Dan Carpenter <[email protected]>
---
drivers/char/ipmi/ssif_bmc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
index b15c05622e72..ce8cd8364a3f 100644
--- a/drivers/char/ipmi/ssif_bmc.c
+++ b/drivers/char/ipmi/ssif_bmc.c
@@ -85,9 +85,8 @@ static ssize_t ssif_bmc_write(struct file *file, const char __user *buf, size_t
if (count > sizeof(struct ssif_msg))
return -EINVAL;
- ret = copy_from_user(&msg, buf, count);
- if (ret)
- return ret;
+ if (copy_from_user(&msg, buf, count))
+ return -EFAULT;
if (!msg.len || count < ssif_msg_len(&msg))
return -EINVAL;
--
2.20.1
On Fri, Jul 23, 2021 at 11:44:59AM +0300, Dan Carpenter wrote:
> The copy_from_user() function returns the number of bytes remaining to
> be copied but we should return -EFAULT here.
Yep, this is in my queue.
Thanks,
-corey
>
> Fixes: 007888f365c9 ("ipmi: ssif_bmc: Add SSIF BMC driver")
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> drivers/char/ipmi/ssif_bmc.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
> index b15c05622e72..ce8cd8364a3f 100644
> --- a/drivers/char/ipmi/ssif_bmc.c
> +++ b/drivers/char/ipmi/ssif_bmc.c
> @@ -85,9 +85,8 @@ static ssize_t ssif_bmc_write(struct file *file, const char __user *buf, size_t
> if (count > sizeof(struct ssif_msg))
> return -EINVAL;
>
> - ret = copy_from_user(&msg, buf, count);
> - if (ret)
> - return ret;
> + if (copy_from_user(&msg, buf, count))
> + return -EFAULT;
>
> if (!msg.len || count < ssif_msg_len(&msg))
> return -EINVAL;
> --
> 2.20.1
>