5 년 전 · be08b4e451
--- a/msm/dsi/dsi_ctrl.c
+++ b/msm/dsi/dsi_ctrl.c
@@ -116,6 +116,9 @@ static ssize_t debugfs_state_info_read(struct file *file,
 
				 			dsi_ctrl->clk_freq.pix_clk_rate,
			
 
				 			dsi_ctrl->clk_freq.esc_clk_rate);
			
 
				 
			
 
				+	if (len > count)
			
 
				+		len = count;
			
 
				+
			
 
				 	len = min_t(size_t, len, SZ_4K);
			
 
				 	if (copy_to_user(buff, buf, len)) {
			
 
				 		kfree(buf);
			
@@ -171,6 +174,8 @@ static ssize_t debugfs_reg_dump_read(struct file *file,
 
				 		return rc;
			
 
				 	}
			
 
				 
			
 
				+	if (len > count)
			
 
				+		len = count;
			
 
				 
			
 
				 	len = min_t(size_t, len, SZ_4K);
			
 
				 	if (copy_to_user(buff, buf, len)) {
			
--- a/msm/sde/sde_connector.c
+++ b/msm/sde/sde_connector.c
@@ -1731,7 +1731,10 @@ static ssize_t _sde_debugfs_conn_cmd_tx_sts_read(struct file *file,
 
				 		return 0;
			
 
				 	}
			
 
				 
			
 
				-	blen = min_t(size_t, MAX_CMD_PAYLOAD_SIZE, count);
			
 
				+	if (blen > count)
			
 
				+		blen = count;
			
 
				+
			
 
				+	blen = min_t(size_t, blen, MAX_CMD_PAYLOAD_SIZE);
			
 
				 	if (copy_to_user(buf, buffer, blen)) {
			
 
				 		SDE_ERROR("copy to user buffer failed\n");
			
 
				 		return -EFAULT;
			
--- a/msm/sde_rsc.c
+++ b/msm/sde_rsc.c
@@ -1105,7 +1105,10 @@ end:
 
				 	if (blen <= 0)
			
 
				 		return 0;
			
 
				 
			
 
				-	blen = min_t(size_t, MAX_BUFFER_SIZE, count);
			
 
				+	if (blen > count)
			
 
				+		blen = count;
			
 
				+
			
 
				+	blen = min_t(size_t, blen, MAX_BUFFER_SIZE);
			
 
				 	if (copy_to_user(buf, buffer, blen))
			
 
				 		return -EFAULT;
			
 
				 
			
@@ -1199,7 +1202,10 @@ end:
 
				 	if (blen <= 0)
			
 
				 		return 0;
			
 
				 
			
 
				-	blen = min_t(size_t, MAX_BUFFER_SIZE, count);
			
 
				+	if (blen > count)
			
 
				+		blen = count;
			
 
				+
			
 
				+	blen = min_t(size_t, blen, MAX_BUFFER_SIZE);
			
 
				 	if (copy_to_user(buf, buffer, blen))
			
 
				 		return -EFAULT;