@@ -708,8 +708,7 @@ static ssize_t cfam_read(struct file *filep, char __user *buf, size_t count,
for (total_len = 0; total_len < count; total_len += read_len) {
__be32 data;
- read_len = min_t(size_t, count - total_len, 4);
- read_len -= off & 0x3;
+ read_len = aligned_access_size(off, count - total_len);
rc = fsi_slave_read(slave, off, &data, read_len);
if (rc)
@@ -745,8 +744,7 @@ static ssize_t cfam_write(struct file *filep, const char __user *buf,
for (total_len = 0; total_len < count; total_len += write_len) {
__be32 data;
- write_len = min_t(size_t, count - total_len, 4);
- write_len -= off & 0x3;
+ write_len = aligned_access_size(off, count - total_len);
rc = copy_from_user(&data, buf + total_len, write_len);
if (rc) {
The current offset/count calculations may result in an underflow, if the resulting offset & 0x3 is larger than the count. We have a function, aligned_access_size(), which does exactly this calculation, so use that instead. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> Fixes: d1dcd6782576 ("fsi: Add cfam char devices") Reported-by: Luo Likang <luolikang@nsfocus.com> --- drivers/fsi/fsi-core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)