@@ -449,8 +517,11 @@ static int mmc_blk_ioctl_copy_to_user(struct mmc_ioc_cmd __user *ic_ptr, { struct mmc_ioc_cmd *ic = &idata->ic;
- if (copy_to_user(&(ic_ptr->response), ic->response,
sizeof(ic->response)))
- __u32 __user *response_uptr = in_compat64() ?
&((struct compat_mmc_ioc_cmd __user *)ic_ptr)->response[0] :
&ic_ptr->response[0];
Hi Akram,
Great job with the series! Looks wonderful! 👏 I have a short question: Why do you have &ic_ptr->response[0] here? That should be equivalent to ic_ptr->response, unless I'm missing something. ic_ptr->response looks correct here, but this is different from what it was before &(ic_ptr->response), so I'm sligthly confused. Is this a bug in the upstream kernel...?
Best, Tudor
- if (copy_to_user(response_uptr, ic->response, sizeof(ic->response))) return -EFAULT;
if (!idata->ic.write_flag) {