On Tue, 2013-01-08 at 12:50 -0800, [email protected] wrote: > The patch below does not apply to the 3.7-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <[email protected]>. > > thanks, > > greg k-h > > ------------------ original commit in Linus's tree ------------------ > > From db04328c167ff8e7c57f4a3532214aeada3a82fd Mon Sep 17 00:00:00 2001 > From: Mark Brown <[email protected]> > Date: Tue, 11 Dec 2012 01:14:11 +0900 > Subject: [PATCH] regmap: debugfs: Avoid overflows for very small reads > > If count is less than the size of a register then we may hit integer > wraparound when trying to move backwards to check if we're still in > the buffer. Instead move the position forwards to check if it's still > in the buffer, we are unlikely to be able to allocate a buffer > sufficiently big to overflow here. > > Signed-off-by: Mark Brown <[email protected]> > Cc: [email protected] > > diff --git a/drivers/base/regmap/regmap-debugfs.c > b/drivers/base/regmap/regmap-debugfs.c > index 00fbd58..3df274e 100644 > --- a/drivers/base/regmap/regmap-debugfs.c > +++ b/drivers/base/regmap/regmap-debugfs.c > @@ -93,7 +93,7 @@ static ssize_t regmap_read_debugfs(struct regmap *map, > unsigned int from, > /* If we're in the region the user is trying to read */ > if (p >= *ppos) { > /* ...but not beyond it */ > - if (buf_pos >= count - 1 - map->debugfs_tot_len) > + if (buf_pos + 1 + map->debugfs_tot_len >= count) > break; > > /* Format the register */ >
For 3.2 I did: s/map->debugfs_tot_len/tot_len/
This should work for 3.4 and 3.7 as well.
Ben.
--
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
A fail-safe circuit will destroy others.
signature.asc
Description: This is a digitally signed message part
