aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Kerr <jk@ozlabs.org>2009-03-03 19:38:07 +0000
committerBenjamin Herrenschmidt <benh@kernel.crashing.org>2009-03-11 17:11:32 +1100
commitd219889b769a56901c9a916187ee0af95e6ff8a6 (patch)
treef43aa77340d1746c46ecef43dbfcf73dacb85038
parente7eec2fc27d7dbefd5852c36b3fe6229e6302c99 (diff)
powerpc/spufs: Check file offset before calculating write size in fixed-sized files
Based on an original patch from Roel Kluin <roel.kluin@gmail.com>. The write size calculated during regs and fpcr writes may currently go negative. Because size is unsigned, this will wrap, and our check for EFBIG will fail. Instead, do the check for EFBIG before subtracting from size. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-rw-r--r--arch/powerpc/platforms/cell/spufs/file.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 9e4f2739341..be0120d9b50 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer,
struct spu_lscsa *lscsa = ctx->csa.lscsa;
int ret;
- size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size);
- if (size <= 0)
+ if (*pos >= sizeof(lscsa->gprs))
return -EFBIG;
+
+ size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
*pos += size;
ret = spu_acquire_saved(ctx);
@@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer,
struct spu_lscsa *lscsa = ctx->csa.lscsa;
int ret;
- size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
- if (size <= 0)
+ if (*pos >= sizeof(lscsa->fpcr))
return -EFBIG;
+ size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
+
ret = spu_acquire_saved(ctx);
if (ret)
return ret;