> + static ssize_t kfuzztest_write_cb_##test_name(struct file *filp, const char __user *buf, size_t len, \
> + loff_t *off) \
> + { \
> + test_arg_type *arg; \
> + void *buffer; \
> + int ret; \
> + \
> + buffer = kmalloc(len, GFP_KERNEL); \
> + if (!buffer) \
> + return -ENOMEM; \
> + ret = simple_write_to_buffer(buffer, len, off, buf, len); \
> + if (ret < 0) \
> + goto out; \
> + ret = kfuzztest_parse_and_relocate(buffer, len, (void **)&arg); \
> + if (ret < 0) \
> + goto out; \
> + kfuzztest_logic_##test_name(arg); \
> + ret = len; \
> +out: \
> + kfree(buffer); \
> + return ret; \
> + } \
> + static void kfuzztest_logic_##test_name(test_arg_type *arg)
simple_write_to_buffer() may write less than len bytes if it hits a
protected page.
You should check that `ret == len` and return -EFAULT if they differ.
