powerpc/spufs: Check file offset before calculating write size in fixed-sized files

Based on an original patch from Roel Kluin <roel.kluin@gmail.com>.

The write size calculated during regs and fpcr writes may currently
go negative. Because size is unsigned, this will wrap, and our
check for EFBIG will fail.

Instead, do the check for EFBIG before subtracting from size.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 9e4f2739341d4f6432c7e15bf2ae38fd688a4616..be0120d9b50a9c257ecd0839244e8367158dbb46 100644 (file)
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -568,9 +568,10 @@ spufs_regs_write(struct file *file, const char __user *buffer,
        struct spu_lscsa *lscsa = ctx->csa.lscsa;
        int ret;
 
-       size = min_t(ssize_t, sizeof lscsa->gprs - *pos, size);
-       if (size <= 0)
+       if (*pos >= sizeof(lscsa->gprs))
                return -EFBIG;
+
+       size = min_t(ssize_t, sizeof(lscsa->gprs) - *pos, size);
        *pos += size;
 
        ret = spu_acquire_saved(ctx);
@@ -623,10 +624,11 @@ spufs_fpcr_write(struct file *file, const char __user * buffer,
        struct spu_lscsa *lscsa = ctx->csa.lscsa;
        int ret;
 
-       size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
-       if (size <= 0)
+       if (*pos >= sizeof(lscsa->fpcr))
                return -EFBIG;
 
+       size = min_t(ssize_t, sizeof(lscsa->fpcr) - *pos, size);
+
        ret = spu_acquire_saved(ctx);
        if (ret)
                return ret;