From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yael Samet <yael.samet@intel.com>
Date: Mon, 7 Jan 2019 09:12:34 +0200
Subject: [PATCH] mei: dal: fix size of data copied to user in dal_dev_read()

The number of bytes should be determiened by the size read
from the fifo and not by the size of the user buffer.

Change-Id: I5903127905298bc48fec3b9295f5bb10e37ff497
Tracked-On: PKT-1711
Signed-off-by: Yael Samet <yael.samet@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
 drivers/misc/mei/dal/dal_cdev.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/misc/mei/dal/dal_cdev.c b/drivers/misc/mei/dal/dal_cdev.c
index 7b1aa55f7e79..2172a09289ce 100644
--- a/drivers/misc/mei/dal/dal_cdev.c
+++ b/drivers/misc/mei/dal/dal_cdev.c
@@ -124,14 +124,18 @@ static ssize_t dal_dev_read(struct file *fp, char __user *buf,
 		return -EFAULT;
 	}
 
-	ret = kfifo_to_user(&dc->read_queue, buf, count, &copied);
+	/**
+	 * count is the user buffer size, len is the msg size,
+	 * if we reach here then len <= count,
+	 * we can copy the whole msg to the user because his
+	 * buffer is big enough
+	 */
+	ret = kfifo_to_user(&dc->read_queue, buf, len, &copied);
 	if (ret) {
 		dev_dbg(&ddev->dev, "copy_to_user() failed\n");
 		return -EFAULT;
 	}
 
-	/*FIXME: need to drop rest of the data */
-
 	return copied;
 }
 
-- 
https://clearlinux.org