x86-64: Fix the failure case in copy_user_handle_tail()

commit 66db3feb486c01349f767b98ebb10b0c3d2d021b upstream. The increment of "to" in copy_user_handle_tail() will have incremented before a failure has been noted. This causes us to skip a byte in the failure case. Only do the increment when assured there is no failure. Signed-off-by: CQ Tang <cq.tang@intel.com> Link: http://lkml.kernel.org/r/20130318150221.8439.993.stgit@phlsvslse11.ph.intel.com Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: CQ Tang <cq.tang@intel.com> 2013-03-18 11:02:21 -0400
committer: Ben Hutchings <ben@decadent.org.uk> 2013-03-27 02:41:17 +0000
commit: 30a1cd8c73891e42952a50a1d7de44469f343513 (patch)
tree: 2bdde1c29767513585e601252dbeebfca4c9d931
parent: b8f443eb423ac319c8048a8bc2101f47e273237f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index b7c2849ffb66..554b7b528f02 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -169,10 +169,10 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
 	char c;
 	unsigned zero_len;
 
-	for (; len; --len) {
+	for (; len; --len, to++) {
 		if (__get_user_nocheck(c, from++, sizeof(char)))
 			break;
-		if (__put_user_nocheck(c, to++, sizeof(char)))
+		if (__put_user_nocheck(c, to, sizeof(char)))
 			break;
 	}
author	CQ Tang <cq.tang@intel.com>	2013-03-18 11:02:21 -0400
committer	Ben Hutchings <ben@decadent.org.uk>	2013-03-27 02:41:17 +0000
commit	30a1cd8c73891e42952a50a1d7de44469f343513 (patch)
tree	2bdde1c29767513585e601252dbeebfca4c9d931
parent	b8f443eb423ac319c8048a8bc2101f47e273237f (diff)