Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / d45f96ccfc39bbbf839496ada72eddfac80cfe6f^! / . / drivers
commitd45f96ccfc39bbbf839496ada72eddfac80cfe6f[log] [tgz]
authorHemant Kumar <hemantk@codeaurora.org>Mon Sep 24 12:32:32 2012 -0700
committerNeha Pandey <nehap@codeaurora.org>Fri Oct 19 14:53:07 2012 -0700
treeebe61043b7897b709e449f3e6b552bd00a21d66c
parentc7b9b83f9aa39a0040f6fd6923f5d608e58918a8 [diff]
usb: ks_bridge: Fix bug in partial read on data buffer

If driver copies only partial data buffer to user space
it does not update the buffer pointer. In this case
buffer pointer is still pointing to the already read
buffer and will be copied again in next read request
from user space. This corrupts the contents of the
efs file or ram dump files. Hence update data buffer
pointer with length of memory read completed by user
space.

(cherry picked from commit b48f4737ac62a5c26b59eea59322186179c06ab0)

Change-Id: Ibc2a248394b1fd3ece7cef6a94e99e27dc4f9575
CRs-Fixed: 403250
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Neha Pandey <nehap@codeaurora.org>

diff --git a/drivers/usb/misc/ks_bridge.c b/drivers/usb/misc/ks_bridge.c
index 7e1bf1e..32d4937 100644
--- a/drivers/usb/misc/ks_bridge.c
+++ b/drivers/usb/misc/ks_bridge.c

@@ -167,11 +167,10 @@
 		size_t len;
 
 		pkt = list_first_entry(&ksb->to_ks_list, struct data_pkt, list);
-		len = min_t(size_t, space, pkt->len);
-		pkt->n_read += len;
+		len = min_t(size_t, space, pkt->len - pkt->n_read);
 		spin_unlock_irqrestore(&ksb->lock, flags);
 
-		ret = copy_to_user(buf + copied, pkt->buf, len);
+		ret = copy_to_user(buf + copied, pkt->buf + pkt->n_read, len);
 		if (ret) {
 			pr_err("copy_to_user failed err:%d\n", ret);
 			ksb_free_data_pkt(pkt);
@@ -179,6 +178,7 @@
 			return ret;
 		}
 
+		pkt->n_read += len;
 		space -= len;
 		copied += len;