GIT: unionfs2-2.6.27.y: USB: usbfs: only copy the actual data received
Erez Zadok
ezk at fsl.cs.sunysb.edu
Thu Aug 12 23:15:10 EDT 2010
commit 00400c98e8359ec5ecec199d66fbf25b944b8834
Author: Greg KH <greg at kroah.com>
Date: Mon Feb 15 09:37:46 2010 -0800
USB: usbfs: only copy the actual data received
commit d4a4683ca054ed9917dfc9e3ff0f7ecf74ad90d6 upstream.
We need to only copy the data received by the device to userspace, not
the whole kernel buffer, which can contain "stale" data.
Thanks to Marcus Meissner for pointing this out and testing the fix.
Reported-by: Marcus Meissner <meissner at suse.de>
Tested-by: Marcus Meissner <meissner at suse.de>
Cc: Alan Stern <stern at rowland.harvard.edu>
Cc: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 33b2935..4151f9f 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1224,9 +1224,9 @@ static int processcompl(struct async *as, void __user * __user *arg)
void __user *addr = as->userurb;
unsigned int i;
- if (as->userbuffer)
+ if (as->userbuffer && urb->actual_length)
if (copy_to_user(as->userbuffer, urb->transfer_buffer,
- urb->transfer_buffer_length))
+ urb->actual_length))
goto err_out;
if (put_user(as->status, &userurb->status))
goto err_out;
@@ -1347,9 +1347,9 @@ static int processcompl_compat(struct async *as, void __user * __user *arg)
void __user *addr = as->userurb;
unsigned int i;
- if (as->userbuffer)
+ if (as->userbuffer && urb->actual_length)
if (copy_to_user(as->userbuffer, urb->transfer_buffer,
- urb->transfer_buffer_length))
+ urb->actual_length))
return -EFAULT;
if (put_user(as->status, &userurb->status))
return -EFAULT;
More information about the unionfs-cvs
mailing list