Commit dd5de1f1 authored by Tomas Winkler's avatar Tomas Winkler Committed by Greg Kroah-Hartman

mei: revamp read and write length checks

1. Return zero on zero length read and writes
2. For a too large write return -EFBIG as defined in man write(2)
EFBIG  An attempt was made to write a file that
        exceeds the implementation-defined maximum
        file size or the process's file size limit,
        or to  write  at  a  position  past  the  maximum
        allowed offset.
Signed-off-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e19555ce
...@@ -203,12 +203,18 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, ...@@ -203,12 +203,18 @@ static ssize_t mei_read(struct file *file, char __user *ubuf,
dev = cl->dev; dev = cl->dev;
mutex_lock(&dev->device_lock); mutex_lock(&dev->device_lock);
if (dev->dev_state != MEI_DEV_ENABLED) { if (dev->dev_state != MEI_DEV_ENABLED) {
rets = -ENODEV; rets = -ENODEV;
goto out; goto out;
} }
if (length == 0) {
rets = 0;
goto out;
}
if (cl == &dev->iamthif_cl) { if (cl == &dev->iamthif_cl) {
rets = mei_amthif_read(dev, file, ubuf, length, offset); rets = mei_amthif_read(dev, file, ubuf, length, offset);
goto out; goto out;
...@@ -350,8 +356,14 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, ...@@ -350,8 +356,14 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf,
rets = -ENODEV; rets = -ENODEV;
goto out; goto out;
} }
if (length > dev->me_clients[id].props.max_msg_length || length <= 0) {
rets = -EMSGSIZE; if (length == 0) {
rets = 0;
goto out;
}
if (length > dev->me_clients[id].props.max_msg_length) {
rets = -EFBIG;
goto out; goto out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment