From: Al Viro <viro@zeniv.linux.org.uk>
Date: Mon, 10 Jul 2017 11:40:49 +0000 (-0400)
Subject: fix brown paperbag bug in inlined copy_..._iter()
X-Git-Tag: v4.14-rc1~510^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c43aeb198048f64abda8655fdcdebe71cf1877ba;p=platform%2Fkernel%2Flinux-rpi3.git

fix brown paperbag bug in inlined copy_..._iter()

"copied nothing" == "return 0", not "return full size".

Fixes: aa28de275a24 "iov_iter/hardening: move object size checks to inlined part"
Spotted-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/include/linux/uio.h b/include/linux/uio.h
index 342d2dc..8a642cd 100644
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -103,7 +103,7 @@ static __always_inline __must_check
 size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
 {
 	if (unlikely(!check_copy_size(addr, bytes, true)))
-		return bytes;
+		return 0;
 	else
 		return _copy_to_iter(addr, bytes, i);
 }
@@ -112,7 +112,7 @@ static __always_inline __must_check
 size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
 {
 	if (unlikely(!check_copy_size(addr, bytes, false)))
-		return bytes;
+		return 0;
 	else
 		return _copy_from_iter(addr, bytes, i);
 }
@@ -130,7 +130,7 @@ static __always_inline __must_check
 size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
 {
 	if (unlikely(!check_copy_size(addr, bytes, false)))
-		return bytes;
+		return 0;
 	else
 		return _copy_from_iter_nocache(addr, bytes, i);
 }
@@ -160,7 +160,7 @@ static __always_inline __must_check
 size_t copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
 {
 	if (unlikely(!check_copy_size(addr, bytes, false)))
-		return bytes;
+		return 0;
 	else
 		return _copy_from_iter_flushcache(addr, bytes, i);
 }