From: Mike Waychison <mikew@google.com>
Date: Wed, 24 Aug 2011 23:47:38 +0000 (+1000)
Subject: Currently in oprofilefs, files that use ulong_fops mis-handle writes of
X-Git-Tag: next-20110912~1^2~22
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=63d749e6cff4c15885be9b00ee895ef5f1bea818;p=karo-tx-linux.git

Currently in oprofilefs, files that use ulong_fops mis-handle writes of
zero length.  A count of 0 causes oprofilefs_ulong_from_user to return 0
(success), which then leads to oprofile_set_ulong being called to stuff
"value" into file->private_data without it being initialized.

Fix this by moving the check for a zero-length write up into
ulong_write_file.

Signed-off-by: Mike Waychison <mikew@google.com>
Cc: Robert Richter <robert.richter@amd.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
index e9ff6f7770be..ee14e6e5b586 100644
--- a/drivers/oprofile/oprofilefs.c
+++ b/drivers/oprofile/oprofilefs.c
@@ -65,9 +65,6 @@ int oprofilefs_ulong_from_user(unsigned long *val, char const __user *buf, size_
 	char tmpbuf[TMPBUFSIZE];
 	unsigned long flags;
 
-	if (!count)
-		return 0;
-
 	if (count > TMPBUFSIZE - 1)
 		return -EINVAL;
 
@@ -97,6 +94,8 @@ static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_
 
 	if (*offset)
 		return -EINVAL;
+	if (count == 0)
+		return 0;
 
 	retval = oprofilefs_ulong_from_user(&value, buf, count);
 	if (retval)