usb: gadget: return the right length in ffs_epfile_io()

When the request length is aligned to maxpacketsize, sometimes
the return length ret > the user space requested len.

At that time, we will use min_t(size_t, ret, len) to limit the
size in case of user data buffer overflow.

But we need return the min_t(size_t, ret, len) to tell the user
space rightly also.

[ balbi@ti.com: also fix comment's indentation ]

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Reviewed-by: David Cohen <david.a.cohen@linux.intel.com>
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>

diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
index 42f7a0e..b2e922d 100644 (file)
--- a/drivers/usb/gadget/f_fs.c
+++ b/drivers/usb/gadget/f_fs.c
@@ -838,19 +838,21 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
                                ret = -EINTR;
                                usb_ep_dequeue(ep->ep, req);
                        } else {
-                       /*
-                        * XXX We may end up silently droping data here.
-                        * Since data_len (i.e. req->length) may be bigger
-                        * than len (after being rounded up to maxpacketsize),
-                        * we may end up with more data then user space has
-                        * space for.
-                        */
-                       ret = ep->status;
-                       if (io_data->read && ret > 0 &&
-                           unlikely(copy_to_user(io_data->buf, data,
-                                                 min_t(size_t, ret,
-                                                 io_data->len))))
-                               ret = -EFAULT;
+                               /*
+                                * XXX We may end up silently droping data
+                                * here.  Since data_len (i.e. req->length) may
+                                * be bigger than len (after being rounded up
+                                * to maxpacketsize), we may end up with more
+                                * data then user space has space for.
+                                */
+                               ret = ep->status;
+                               if (io_data->read && ret > 0) {
+                                       ret = min_t(size_t, ret, io_data->len);
+
+                                       if (unlikely(copy_to_user(io_data->buf,
+                                               data, ret)))
+                                               ret = -EFAULT;
+                               }
                        }
                        kfree(data);
                }