From patchwork Wed Mar  4 05:38:07 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeremy Kerr <jk@ozlabs.org>
X-Patchwork-Id: 24030
X-Patchwork-Delegate: jk@ozlabs.org
Return-Path: <cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from ozlabs.org (localhost [127.0.0.1])
	by ozlabs.org (Postfix) with ESMTP id 55A5DDE309
	for <patchwork-incoming@ozlabs.org>;
	Wed,  4 Mar 2009 16:39:10 +1100 (EST)
X-Original-To: cbe-oss-dev@ozlabs.org
Delivered-To: cbe-oss-dev@ozlabs.org
Received: from bilbo.ozlabs.org (bilbo.ozlabs.org [203.10.76.25])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "bilbo.ozlabs.org",
	Issuer "CAcert Class 3 Root" (verified OK))
	by ozlabs.org (Postfix) with ESMTPS id F27EADDF86;
	Wed,  4 Mar 2009 16:38:31 +1100 (EST)
Received: by bilbo.ozlabs.org (Postfix, from userid 1023)
	id DF1A8B7078; Wed,  4 Mar 2009 16:38:31 +1100 (EST)
MIME-Version: 1.0
Message-Id: <1236145087.222046.948861432711.1.gpush@pingu>
In-Reply-To: <<49AD7A06.2090401@gmail.com>>
To: Roel Kluin <roel.kluin@gmail.com>
From: Jeremy Kerr <jk@ozlabs.org>
Date: Wed, 04 Mar 2009 16:38:07 +1100
Cc: linuxppc-dev@ozlabs.org, Andrew Morton <akpm@linux-foundation.org>,
	cbe-oss-dev@ozlabs.org
Subject: [Cbe-oss-dev] [PATCH] powerpc/spufs: Check file offset before
	calculating write	size in fixed-sized files
X-BeenThere: cbe-oss-dev@ozlabs.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: Discussion about Open Source Software for the Cell Broadband Engine
	<cbe-oss-dev.ozlabs.org>
List-Unsubscribe: <https://ozlabs.org/mailman/options/cbe-oss-dev>,
	<mailto:cbe-oss-dev-request@ozlabs.org?subject=unsubscribe>
List-Archive: <http://ozlabs.org/pipermail/cbe-oss-dev>
List-Post: <mailto:cbe-oss-dev@ozlabs.org>
List-Help: <mailto:cbe-oss-dev-request@ozlabs.org?subject=help>
List-Subscribe: <https://ozlabs.org/mailman/listinfo/cbe-oss-dev>,
	<mailto:cbe-oss-dev-request@ozlabs.org?subject=subscribe>
Sender: cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org
Errors-To: cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org

Based on an original patch from Roel Kluin <roel.kluin@gmail.com>.

The write size calculated during regs and fpcr writes may currently
go negative. Because size is unsigned, this will wrap, and our
check for EFBIG will fail.

Instead, do the check for EFBIG before subtracting from size.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
Roel - How about this? clear up the logic a little rather than casting

---
 arch/powerpc/platforms/cell/spufs/file.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 0da7f2b..83ef889 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer,
 	struct spu_lscsa *lscsa = ctx->csa.lscsa;
 	int ret;
 
-	size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size);
-	if (size <= 0)
+	if (*pos >= sizeof(lscsa->gprs))
 		return -EFBIG;
+
+	size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
 	*pos += size;
 
 	ret = spu_acquire_saved(ctx);
@@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer,
 	struct spu_lscsa *lscsa = ctx->csa.lscsa;
 	int ret;
 
-	size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
-	if (size <= 0)
+	if (*pos >= sizeof(lscsa->fpcr))
 		return -EFBIG;
 
+	size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
+
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;