Patchwork powerpc/spufs: Check file offset before calculating write size in fixed-sized files

login
register
mail settings
Submitter Jeremy Kerr
Date March 4, 2009, 5:38 a.m.
Message ID <1236145087.222046.948861432711.1.gpush@pingu>
Download mbox | patch
Permalink /patch/24029/
State Accepted, archived
Commit d219889b769a56901c9a916187ee0af95e6ff8a6
Delegated to: Benjamin Herrenschmidt
Headers show

Comments

Jeremy Kerr - March 4, 2009, 5:38 a.m.
Based on an original patch from Roel Kluin <roel.kluin@gmail.com>.

The write size calculated during regs and fpcr writes may currently
go negative. Because size is unsigned, this will wrap, and our
check for EFBIG will fail.

Instead, do the check for EFBIG before subtracting from size.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>

---
Roel - How about this? clear up the logic a little rather than casting

---
 arch/powerpc/platforms/cell/spufs/file.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Patch

diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 0da7f2b..83ef889 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -568,9 +568,10 @@  spufs_regs_write(struct file *file, const char __user *buffer,
 	struct spu_lscsa *lscsa = ctx->csa.lscsa;
 	int ret;
 
-	size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size);
-	if (size <= 0)
+	if (*pos >= sizeof(lscsa->gprs))
 		return -EFBIG;
+
+	size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
 	*pos += size;
 
 	ret = spu_acquire_saved(ctx);
@@ -623,10 +624,11 @@  spufs_fpcr_write(struct file *file, const char __user * buffer,
 	struct spu_lscsa *lscsa = ctx->csa.lscsa;
 	int ret;
 
-	size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
-	if (size <= 0)
+	if (*pos >= sizeof(lscsa->fpcr))
 		return -EFBIG;
 
+	size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
+
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;