s390/crash: fix incorrect number of bytes to copy to user space

[ Upstream commit f6749da17a34eb08c9665f072ce7c812ff68aad2 ]

The number of bytes in a chunk is correctly calculated, but instead
the total number of bytes is passed to copy_to_user_real() function.

Reported-by: Matthew Wilcox <willy@infradead.org>
Fixes: df9694c7975f ("s390/dump: streamline oldmem copy functions")
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/arch/s390/kernel/crash_dump.c b/arch/s390/kernel/crash_dump.c
index 199f136..f17ad2d 100644 (file)
--- a/arch/s390/kernel/crash_dump.c
+++ b/arch/s390/kernel/crash_dump.c
@@ -198,7 +198,7 @@ static int copy_oldmem_user(void __user *dst, unsigned long src, size_t count)
                        } else {
                                len = count;
                        }
-                       rc = copy_to_user_real(dst, src, count);
+                       rc = copy_to_user_real(dst, src, len);
                        if (rc)
                                return rc;
                }