powerpc/spufs: Check file offset before calculating write size in fixed-sized files
Based on an original patch from Roel Kluin <roel.kluin@gmail.com>. The write size calculated during regs and fpcr writes may currently go negative. Because size is unsigned, this will wrap, and our check for EFBIG will fail. Instead, do the check for EFBIG before subtracting from size. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This commit is contained in:
Родитель
e7eec2fc27
Коммит
d219889b76
|
@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer,
|
||||||
struct spu_lscsa *lscsa = ctx->csa.lscsa;
|
struct spu_lscsa *lscsa = ctx->csa.lscsa;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size);
|
if (*pos >= sizeof(lscsa->gprs))
|
||||||
if (size <= 0)
|
|
||||||
return -EFBIG;
|
return -EFBIG;
|
||||||
|
|
||||||
|
size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
|
||||||
*pos += size;
|
*pos += size;
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
|
@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer,
|
||||||
struct spu_lscsa *lscsa = ctx->csa.lscsa;
|
struct spu_lscsa *lscsa = ctx->csa.lscsa;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
|
if (*pos >= sizeof(lscsa->fpcr))
|
||||||
if (size <= 0)
|
|
||||||
return -EFBIG;
|
return -EFBIG;
|
||||||
|
|
||||||
|
size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче