Commit ddc10938 authored by Bjorn Helgaas's avatar Bjorn Helgaas
Browse files

PCI: switchtec: Return -EFAULT for copy_to_user() errors 

switchtec_dev_read() didn't handle copy_to_user() errors correctly: it
assigned "rc = -EFAULT", but actually returned either "size", -ENXIO, or
-EBADMSG instead.

Update the failure cases to unlock mrpc_mutex and return -EFAULT directly.

Link: https://lore.kernel.org/r/20221216162126.207863-3-helgaas@kernel.org


Fixes: 080b47de ("MicroSemi Switchtec management interface driver")
Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
Reviewed-by: default avatarLogan Gunthorpe <logang@deltatee.com>
parent 4e353ff4

drivers/pci/switch/switchtec.c

+4 −5
Original line number Diff line number Diff line
@@ -606,21 +606,20 @@ static ssize_t switchtec_dev_read(struct file *filp, char __user *data, 
	rc = copy_to_user(data, &stuser->return_code,

			  sizeof(stuser->return_code));

	if (rc) {

		rc = -EFAULT;

		goto out;

		mutex_unlock(&stdev->mrpc_mutex);

		return -EFAULT;

	}



	data += sizeof(stuser->return_code);

	rc = copy_to_user(data, &stuser->data,

			  size - sizeof(stuser->return_code));

	if (rc) {

		rc = -EFAULT;

		goto out;

		mutex_unlock(&stdev->mrpc_mutex);

		return -EFAULT;

	}



	stuser_set_state(stuser, MRPC_IDLE);



out:

	mutex_unlock(&stdev->mrpc_mutex);



	if (stuser->status == SWITCHTEC_MRPC_STATUS_DONE ||