From: Tomas Winkler Date: Mon, 2 Sep 2013 00:11:04 +0000 (+0300) Subject: mei: revamp read and write length checks X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=dd5de1f165ade430357960459491a067c7e3d21c;p=linux-beck.git mei: revamp read and write length checks 1. Return zero on zero length read and writes 2. For a too large write return -EFBIG as defined in man write(2) EFBIG An attempt was made to write a file that exceeds the implementation-defined maximum file size or the process's file size limit, or to write at a position past the maximum allowed offset. Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index 5ff810b1e8b3..7404584e65e1 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c @@ -203,12 +203,18 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, dev = cl->dev; + mutex_lock(&dev->device_lock); if (dev->dev_state != MEI_DEV_ENABLED) { rets = -ENODEV; goto out; } + if (length == 0) { + rets = 0; + goto out; + } + if (cl == &dev->iamthif_cl) { rets = mei_amthif_read(dev, file, ubuf, length, offset); goto out; @@ -350,8 +356,14 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, rets = -ENODEV; goto out; } - if (length > dev->me_clients[id].props.max_msg_length || length <= 0) { - rets = -EMSGSIZE; + + if (length == 0) { + rets = 0; + goto out; + } + + if (length > dev->me_clients[id].props.max_msg_length) { + rets = -EFBIG; goto out; }