On Wed, Jun 24, 2020 at 06:56:44PM +0100, Matthew Wilcox wrote:
> /* don't even try if the size is too large */
> + error = -ENOMEM;
> if (count > KMALLOC_MAX_SIZE)
> - return -ENOMEM;
> + goto out;
> + kbuf = kzalloc(count, GFP_KERNEL);
> + if (!kbuf)
> + goto out;
>
> if (write) {
> + error = -EFAULT;
> + if (!copy_from_iter_full(kbuf, count, iter))
> goto out;
> }The nul-termination for the write cases seems to be lost here.
