From abd7b657a00f640b31ef585a89f21051e941893e Mon Sep 17 00:00:00 2001
From: Jan Beulich <JBeulich@novell.com>
Date: Sat, 25 Mar 2006 03:07:31 -0800
Subject: [PATCH] --- yaml --- r: 23557 b: refs/heads/master c:
 c654d60e8f0ea13e35b15cff54c0e473b8b162be h: refs/heads/master i:   23555:
 f8533a140d3df4b8e0105c105187b42b62428569 v: v3

---
 [refs]                   |  2 +-
 trunk/drivers/char/mem.c | 28 +++++++++++++---------------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/[refs] b/[refs]
index 214566dcc573..a9781361f881 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 58bf6a2db2a4a1b41712674d9165510180259dec
+refs/heads/master: c654d60e8f0ea13e35b15cff54c0e473b8b162be
diff --git a/trunk/drivers/char/mem.c b/trunk/drivers/char/mem.c
index 29c41f4418c0..26d0116b48d4 100644
--- a/trunk/drivers/char/mem.c
+++ b/trunk/drivers/char/mem.c
@@ -216,11 +216,9 @@ static ssize_t write_mem(struct file * file, const char __user * buf,
 
 		copied = copy_from_user(ptr, buf, sz);
 		if (copied) {
-			ssize_t ret;
-
-			ret = written + (sz - copied);
-			if (ret)
-				return ret;
+			written += sz - copied;
+			if (written)
+				break;
 			return -EFAULT;
 		}
 		buf += sz;
@@ -456,11 +454,9 @@ do_write_kmem(void *p, unsigned long realp, const char __user * buf,
 
 		copied = copy_from_user(ptr, buf, sz);
 		if (copied) {
-			ssize_t ret;
-
-			ret = written + (sz - copied);
-			if (ret)
-				return ret;
+			written += sz - copied;
+			if (written)
+				break;
 			return -EFAULT;
 		}
 		buf += sz;
@@ -514,11 +510,10 @@ static ssize_t write_kmem(struct file * file, const char __user * buf,
 			if (len) {
 				written = copy_from_user(kbuf, buf, len);
 				if (written) {
-					ssize_t ret;
-
+					if (wrote + virtr)
+						break;
 					free_page((unsigned long)kbuf);
-					ret = wrote + virtr + (len - written);
-					return ret ? ret : -EFAULT;
+					return -EFAULT;
 				}
 			}
 			len = vwrite(kbuf, (char *)p, len);
@@ -563,8 +558,11 @@ static ssize_t write_port(struct file * file, const char __user * buf,
 		return -EFAULT;
 	while (count-- > 0 && i < 65536) {
 		char c;
-		if (__get_user(c, tmp)) 
+		if (__get_user(c, tmp)) {
+			if (tmp > buf)
+				break;
 			return -EFAULT; 
+		}
 		outb(c,i);
 		i++;
 		tmp++;