45e1058b77
The call to:
ret = simple_write_to_buffer(buf, size, offp, ubuf, size);
will return success if it is able to write even one byte to "buf".
The value of "*offp" controls which byte. This could result in
reading uninitialized data when we do the sscanf() on the next line.
This code is not really desigined to handle partial writes where
*offp is non-zero and the "buf" is preserved and re-used between writes.
Just ban partial writes and replace the simple_write_to_buffer() with
copy_from_user().
Fixes:
|
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
ntb_msi_test.c | ||
ntb_perf.c | ||
ntb_pingpong.c | ||
ntb_tool.c |