mei: revamp read and write length checks

1. Return zero on zero length read and writes 2. For a too large write return -EFBIG as defined in man write(2) EFBIG An attempt was made to write a file that exceeds the implementation-defined maximum file size or the process's file size limit, or to write at a position past the maximum allowed offset. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-02 03:11:04 +03:00 · 2013-09-02 03:11:04 +03:00 · dd5de1f165
parent e19555ce89
commit dd5de1f165
1 changed files with 14 additions and 2 deletions
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@ -203,12 +203,18 @@ static ssize_t mei_read(struct file *file, char __user *ubuf,

 	dev = cl->dev;

+
 	mutex_lock(&dev->device_lock);
 	if (dev->dev_state != MEI_DEV_ENABLED) {
 		rets = -ENODEV;
 		goto out;
 	}

+	if (length == 0) {
+		rets = 0;
+		goto out;
+	}
+
 	if (cl == &dev->iamthif_cl) {
 		rets = mei_amthif_read(dev, file, ubuf, length, offset);
 		goto out;
@ -350,8 +356,14 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf,
 		rets = -ENODEV;
 		goto out;
 	}
-	if (length > dev->me_clients[id].props.max_msg_length || length <= 0) {
-		rets = -EMSGSIZE;
+
+	if (length == 0) {
+		rets = 0;
+		goto out;
+	}
+
+	if (length > dev->me_clients[id].props.max_msg_length) {
+		rets = -EFBIG;
 		goto out;
 	}