From: Tomas Winkler <tomas.winkler@intel.com>
Date: Mon, 2 Sep 2013 00:11:04 +0000 (+0300)
Subject: mei: revamp read and write length checks
X-Git-Tag: firefly_0821_release~176^2~5060^2~105
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=dd5de1f165ade430357960459491a067c7e3d21c;p=firefly-linux-kernel-4.4.55.git

mei: revamp read and write length checks

1. Return zero on zero length read and writes
2. For a too large write return -EFBIG as defined in man write(2)
EFBIG  An attempt was made to write a file that
        exceeds the implementation-defined maximum
        file size or the process's file size limit,
        or to  write  at  a  position  past  the  maximum
        allowed offset.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
index 5ff810b1e8b3..7404584e65e1 100644
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -203,12 +203,18 @@ static ssize_t mei_read(struct file *file, char __user *ubuf,
 
 	dev = cl->dev;
 
+
 	mutex_lock(&dev->device_lock);
 	if (dev->dev_state != MEI_DEV_ENABLED) {
 		rets = -ENODEV;
 		goto out;
 	}
 
+	if (length == 0) {
+		rets = 0;
+		goto out;
+	}
+
 	if (cl == &dev->iamthif_cl) {
 		rets = mei_amthif_read(dev, file, ubuf, length, offset);
 		goto out;
@@ -350,8 +356,14 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf,
 		rets = -ENODEV;
 		goto out;
 	}
-	if (length > dev->me_clients[id].props.max_msg_length || length <= 0) {
-		rets = -EMSGSIZE;
+
+	if (length == 0) {
+		rets = 0;
+		goto out;
+	}
+
+	if (length > dev->me_clients[id].props.max_msg_length) {
+		rets = -EFBIG;
 		goto out;
 	}