From ab04de8ec235ab03573e7ef33b21c357ba248b5f Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Mon, 7 Sep 2020 10:27:00 +0200
Subject: /dev/zero: fixups for ->read

Reported the cleared bytes in case of a partial clear_user instead
of -EFAULT, and remove a pointless conditional, as cleared must be
non-zero by the time we hit the signal_pending check.

Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20200907082700.2057137-1-hch@lst.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/mem.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'drivers/char/mem.c')

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 1dc99ab15845..94c2b556cf97 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -733,14 +733,20 @@ static ssize_t read_zero(struct file *file, char __user *buf,
 
 	while (count) {
 		size_t chunk = min_t(size_t, count, PAGE_SIZE);
+		size_t left;
 
-		if (clear_user(buf + cleared, chunk))
-			return cleared ? cleared : -EFAULT;
+		left = clear_user(buf + cleared, chunk);
+		if (unlikely(left)) {
+			cleared += (chunk - left);
+			if (!cleared)
+				return -EFAULT;
+			break;
+		}
 		cleared += chunk;
 		count -= chunk;
 
 		if (signal_pending(current))
-			return cleared ? cleared : -ERESTARTSYS;
+			break;
 		cond_resched();
 	}
 
-- 
cgit