usb: raw-gadget: fix return value of ep read ioctls

They must return the number of bytes transferred during the data stage.

Fixes: 068fbff4f860 ("usb: raw-gadget: Fix copy_to/from_user() checks")
Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index ca7d95b..7b24199 100644 (file)
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -669,12 +669,14 @@ static int raw_ioctl_ep0_read(struct raw_dev *dev, unsigned long value)
        if (IS_ERR(data))
                return PTR_ERR(data);
        ret = raw_process_ep0_io(dev, &io, data, false);
-       if (ret)
+       if (ret < 0)
                goto free;
 
        length = min(io.length, (unsigned int)ret);
        if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
                ret = -EFAULT;
+       else
+               ret = length;
 free:
        kfree(data);
        return ret;
@@ -964,12 +966,14 @@ static int raw_ioctl_ep_read(struct raw_dev *dev, unsigned long value)
        if (IS_ERR(data))
                return PTR_ERR(data);
        ret = raw_process_ep_io(dev, &io, data, false);
-       if (ret)
+       if (ret < 0)
                goto free;
 
        length = min(io.length, (unsigned int)ret);
        if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
                ret = -EFAULT;
+       else
+               ret = length;
 free:
        kfree(data);
        return ret;