diff --git a/drivers/pci/host/pci-msm.c b/drivers/pci/host/pci-msm.c index 7c8b5e3e57a1..5ed46452ebad 100644 --- a/drivers/pci/host/pci-msm.c +++ b/drivers/pci/host/pci-msm.c @@ -2526,13 +2526,14 @@ static ssize_t msm_pcie_cmd_debug(struct file *file, char str[MAX_MSG_LEN]; unsigned int testcase = 0; int i; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) testcase = (testcase * 10) + (str[i] - '0'); if (!rc_sel) @@ -2561,13 +2562,14 @@ static ssize_t msm_pcie_set_rc_sel(struct file *file, char str[MAX_MSG_LEN]; int i; u32 new_rc_sel = 0; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) new_rc_sel = (new_rc_sel * 10) + (str[i] - '0'); if ((!new_rc_sel) || (new_rc_sel > rc_sel_max)) { @@ -2604,13 +2606,14 @@ static ssize_t msm_pcie_set_base_sel(struct file *file, int i; u32 new_base_sel = 0; char *base_sel_name; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) new_base_sel = (new_base_sel * 10) + (str[i] - '0'); if (!new_base_sel || new_base_sel > 5) { @@ -2705,14 +2708,15 @@ static ssize_t msm_pcie_set_wr_offset(struct file *file, unsigned long ret; char str[MAX_MSG_LEN]; int i; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; wr_offset = 0; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) wr_offset = (wr_offset * 10) + (str[i] - '0'); pr_alert("PCIe: wr_offset is now 0x%x\n", wr_offset); @@ -2731,14 +2735,15 @@ static ssize_t msm_pcie_set_wr_mask(struct file *file, unsigned long ret; char str[MAX_MSG_LEN]; int i; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; wr_mask = 0; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) wr_mask = (wr_mask * 10) + (str[i] - '0'); pr_alert("PCIe: wr_mask is now 0x%x\n", wr_mask); @@ -2756,14 +2761,15 @@ static ssize_t msm_pcie_set_wr_value(struct file *file, unsigned long ret; char str[MAX_MSG_LEN]; int i; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; wr_value = 0; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) wr_value = (wr_value * 10) + (str[i] - '0'); pr_alert("PCIe: wr_value is now 0x%x\n", wr_value); @@ -2882,14 +2888,15 @@ static ssize_t msm_pcie_set_corr_counter_limit(struct file *file, unsigned long ret; char str[MAX_MSG_LEN]; int i; + u32 size = sizeof(str) < count ? sizeof(str) : count; - memset(str, 0, sizeof(str)); - ret = copy_from_user(str, buf, sizeof(str)); + memset(str, 0, size); + ret = copy_from_user(str, buf, size); if (ret) return -EFAULT; corr_counter_limit = 0; - for (i = 0; i < sizeof(str) && (str[i] >= '0') && (str[i] <= '9'); ++i) + for (i = 0; i < size && (str[i] >= '0') && (str[i] <= '9'); ++i) corr_counter_limit = (corr_counter_limit * 10) + (str[i] - '0'); pr_info("PCIe: corr_counter_limit is now %lu\n", corr_counter_limit);