Commit d219889b authored by Jeremy Kerr's avatar Jeremy Kerr Committed by Benjamin Herrenschmidt

powerpc/spufs: Check file offset before calculating write size in fixed-sized files

Based on an original patch from Roel Kluin <roel.kluin@gmail.com>.

The write size calculated during regs and fpcr writes may currently
go negative. Because size is unsigned, this will wrap, and our
check for EFBIG will fail.

Instead, do the check for EFBIG before subtracting from size.
Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
parent e7eec2fc
...@@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer, ...@@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer,
struct spu_lscsa *lscsa = ctx->csa.lscsa; struct spu_lscsa *lscsa = ctx->csa.lscsa;
int ret; int ret;
size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size); if (*pos >= sizeof(lscsa->gprs))
if (size <= 0)
return -EFBIG; return -EFBIG;
size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
*pos += size; *pos += size;
ret = spu_acquire_saved(ctx); ret = spu_acquire_saved(ctx);
...@@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer, ...@@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer,
struct spu_lscsa *lscsa = ctx->csa.lscsa; struct spu_lscsa *lscsa = ctx->csa.lscsa;
int ret; int ret;
size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size); if (*pos >= sizeof(lscsa->fpcr))
if (size <= 0)
return -EFBIG; return -EFBIG;
size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
ret = spu_acquire_saved(ctx); ret = spu_acquire_saved(ctx);
if (ret) if (ret)
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment