From d219889b769a56901c9a916187ee0af95e6ff8a6 Mon Sep 17 00:00:00 2001 From: Jeremy Kerr Date: Tue, 3 Mar 2009 19:38:07 +0000 Subject: [PATCH] powerpc/spufs: Check file offset before calculating write size in fixed-sized files Based on an original patch from Roel Kluin . The write size calculated during regs and fpcr writes may currently go negative. Because size is unsigned, this will wrap, and our check for EFBIG will fail. Instead, do the check for EFBIG before subtracting from size. Signed-off-by: Jeremy Kerr Signed-off-by: Benjamin Herrenschmidt --- arch/powerpc/platforms/cell/spufs/file.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c index 9e4f2739341d..be0120d9b50a 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c @@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer, struct spu_lscsa *lscsa = ctx->csa.lscsa; int ret; - size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size); - if (size <= 0) + if (*pos >= sizeof(lscsa->gprs)) return -EFBIG; + + size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size); *pos += size; ret = spu_acquire_saved(ctx); @@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer, struct spu_lscsa *lscsa = ctx->csa.lscsa; int ret; - size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size); - if (size <= 0) + if (*pos >= sizeof(lscsa->fpcr)) return -EFBIG; + size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size); + ret = spu_acquire_saved(ctx); if (ret) return ret;