Commit 46f49b7a223ac7493e7cf619fb583d11edefc2c2

Authored by Dmitry Torokhov
1 parent eb71d1bb27

Input: serio_raw - signal EFAULT even if read/write partially succeeds

When copy_to/from_user fails in the middle of transfer we should not
report to the user that read/write partially succeeded but rather
report -EFAULT right away, so that application will know that it got
its buffers all wrong.

If application messed up its buffers we can't trust the data fetched
from userspace and successfully written to the device or if data read
from the device and transferred to userspace ended up where application
expected it to end.

If serio_write() fails we still going to report partial writes if failure
happens in the middle of the transfer.

This is basically a revert of 7a0a27d2ce38aee19a31fee8c12095f586eed393
and 4fa0771138d0b56fe59ab8ab3b1ce9e594484362.

Signed-off-by: Dmitry Torokhov <dtor@mail.ru>

Showing 1 changed file with 18 additions and 15 deletions Side-by-side Diff

drivers/input/serio/serio_raw.c
... ... @@ -165,9 +165,9 @@
165 165 struct serio_raw *serio_raw = client->serio_raw;
166 166 char uninitialized_var(c);
167 167 ssize_t read = 0;
168   - int error = 0;
  168 + int error;
169 169  
170   - do {
  170 + for (;;) {
171 171 if (serio_raw->dead)
172 172 return -ENODEV;
173 173  
174 174  
175 175  
176 176  
... ... @@ -179,24 +179,24 @@
179 179 break;
180 180  
181 181 while (read < count && serio_raw_fetch_byte(serio_raw, &c)) {
182   - if (put_user(c, buffer++)) {
183   - error = -EFAULT;
184   - goto out;
185   - }
  182 + if (put_user(c, buffer++))
  183 + return -EFAULT;
186 184 read++;
187 185 }
188 186  
189 187 if (read)
190 188 break;
191 189  
192   - if (!(file->f_flags & O_NONBLOCK))
  190 + if (!(file->f_flags & O_NONBLOCK)) {
193 191 error = wait_event_interruptible(serio_raw->wait,
194 192 serio_raw->head != serio_raw->tail ||
195 193 serio_raw->dead);
196   - } while (!error);
  194 + if (error)
  195 + return error;
  196 + }
  197 + }
197 198  
198   -out:
199   - return read ?: error;
  199 + return read;
200 200 }
201 201  
202 202 static ssize_t serio_raw_write(struct file *file, const char __user *buffer,
... ... @@ -204,8 +204,7 @@
204 204 {
205 205 struct serio_raw_client *client = file->private_data;
206 206 struct serio_raw *serio_raw = client->serio_raw;
207   - ssize_t written = 0;
208   - int retval;
  207 + int retval = 0;
209 208 unsigned char c;
210 209  
211 210 retval = mutex_lock_interruptible(&serio_raw_mutex);
212 211  
213 212  
214 213  
... ... @@ -225,16 +224,20 @@
225 224 retval = -EFAULT;
226 225 goto out;
227 226 }
  227 +
228 228 if (serio_write(serio_raw->serio, c)) {
229   - retval = -EIO;
  229 + /* Either signal error or partial write */
  230 + if (retval == 0)
  231 + retval = -EIO;
230 232 goto out;
231 233 }
232   - written++;
  234 +
  235 + retval++;
233 236 }
234 237  
235 238 out:
236 239 mutex_unlock(&serio_raw_mutex);
237   - return written ?: retval;
  240 + return retval;
238 241 }
239 242  
240 243 static unsigned int serio_raw_poll(struct file *file, poll_table *wait)