From adc17898aaa1d8338ea9bab51e82913e3098b361 Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Mon, 24 Sep 2012 12:32:32 -0700 Subject: [PATCH] usb: ks_bridge: Fix bug in partial read on data buffer If driver copies only partial data buffer to user space it does not update the buffer pointer. In this case buffer pointer is still pointing to the already read buffer and will be copied again in next read request from user space. This corrupts the contents of the efs file or ram dump files. Hence update data buffer pointer with length of memory read completed by user space. (cherry picked from commit b48f4737ac62a5c26b59eea59322186179c06ab0) Change-Id: Ibc2a248394b1fd3ece7cef6a94e99e27dc4f9575 CRs-Fixed: 403250 Signed-off-by: Hemant Kumar Signed-off-by: Neha Pandey --- drivers/usb/misc/ks_bridge.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/misc/ks_bridge.c b/drivers/usb/misc/ks_bridge.c index 7e1bf1e03d1..32d4937f847 100644 --- a/drivers/usb/misc/ks_bridge.c +++ b/drivers/usb/misc/ks_bridge.c @@ -167,11 +167,10 @@ read_start: size_t len; pkt = list_first_entry(&ksb->to_ks_list, struct data_pkt, list); - len = min_t(size_t, space, pkt->len); - pkt->n_read += len; + len = min_t(size_t, space, pkt->len - pkt->n_read); spin_unlock_irqrestore(&ksb->lock, flags); - ret = copy_to_user(buf + copied, pkt->buf, len); + ret = copy_to_user(buf + copied, pkt->buf + pkt->n_read, len); if (ret) { pr_err("copy_to_user failed err:%d\n", ret); ksb_free_data_pkt(pkt); @@ -179,6 +178,7 @@ read_start: return ret; } + pkt->n_read += len; space -= len; copied += len;