PCI: switchtec: Return -EFAULT for copy_to_user() errors

switchtec_dev_read() didn't handle copy_to_user() errors correctly: it
assigned "rc = -EFAULT", but actually returned either "size", -ENXIO, or
-EBADMSG instead.

Update the failure cases to unlock mrpc_mutex and return -EFAULT directly.

Link: https://lore.kernel.org/r/20221216162126.207863-3-helgaas@kernel.org
Fixes: 080b47def5e5 ("MicroSemi Switchtec management interface driver")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>

diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c
index d7ae840..3d6f17f 100644 (file)
--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -606,21 +606,20 @@ static ssize_t switchtec_dev_read(struct file *filp, char __user *data,
        rc = copy_to_user(data, &stuser->return_code,
                          sizeof(stuser->return_code));
        if (rc) {
-               rc = -EFAULT;
-               goto out;
+               mutex_unlock(&stdev->mrpc_mutex);
+               return -EFAULT;
        }
 
        data += sizeof(stuser->return_code);
        rc = copy_to_user(data, &stuser->data,
                          size - sizeof(stuser->return_code));
        if (rc) {
-               rc = -EFAULT;
-               goto out;
+               mutex_unlock(&stdev->mrpc_mutex);
+               return -EFAULT;
        }
 
        stuser_set_state(stuser, MRPC_IDLE);
 
-out:
        mutex_unlock(&stdev->mrpc_mutex);
 
        if (stuser->status == SWITCHTEC_MRPC_STATUS_DONE ||