diff options
| author | Andrey Smirnov <andrew.smirnov@gmail.com> | 2019-01-28 22:55:41 -0800 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-02-04 15:30:11 +0100 |
| commit | 71cd98395789829b79dc6e748046549fb9e90135 (patch) | |
| tree | 783c3a0cc8e7f23b63a3ec7daa7e498b878019bb /fs/fs.c | |
| parent | 0b80e3dae75c32e5f30bf4d9052d4f390cc0bb6e (diff) | |
| download | barebox-71cd98395789829b79dc6e748046549fb9e90135.tar.gz barebox-71cd98395789829b79dc6e748046549fb9e90135.tar.xz | |
fs: Do not use IS_ERR_VALUE() to validate offset in lseek()
On 32-bit systems, checking for IS_ERR_VALUE(pos) is not
correct. Expanding that code we get (loff_t cast is added for clarity):
(loff_t)pos >= (unsigned long)-MAX_ERRNO
given that loff_t is a 64-bit signed value, any perfectly valid seek
offset that is greater than 0xffffc000 will result in false positive.
Moreso, as a part of fix introduced in e10efc5080 ("fs: fix memory
access via /dev/mem for MIPS64") it doesn't really solve the problem
completely on on 64-bit platforms, becuase it still leaves out a
number of perfectly valid offsets (e.g. "md 0xffffffffffffff00"
doesn't work)
Undo the original change and convert the check to simply test if
offset is negative.
Changes neccessary to alllow access to end of 64-bit address space
will be implemented in the follow-up patch.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'fs/fs.c')
| -rw-r--r-- | fs/fs.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -420,7 +420,7 @@ loff_t lseek(int fildes, loff_t offset, int whence) case SEEK_SET: if (f->size != FILE_SIZE_STREAM && offset > f->size) goto out; - if (IS_ERR_VALUE(offset)) + if (offset < 0) goto out; pos = offset; break; |