summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@infradead.org>2009-09-26 20:51:50 +0200
committerIngo Molnar <mingo@elte.hu>2009-10-02 19:51:56 +0200
commit11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1 (patch)
tree6f33aa93436dbf959e6c9e10f8b113801eca59cb
parent0d18b2e34bd1ad8f5bd3f3a17b5e7df132e511a9 (diff)
downloadlinux-11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1.tar.gz
linux-11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1.tar.bz2
linux-11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1.zip
x86: Simplify bound checks in the MTRR code
The current bound checks for copy_from_user in the MTRR driver are not as obvious as they could be, and gcc agrees with that. This patch simplifies the boundary checks to the point that gcc can now prove to itself that the copy_from_user() is never going past its bounds. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> LKML-Reference: <20090926205150.30797709@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r--arch/x86/kernel/cpu/mtrr/if.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
index f04e72527604..3c1b12d461d1 100644
--- a/arch/x86/kernel/cpu/mtrr/if.c
+++ b/arch/x86/kernel/cpu/mtrr/if.c
@@ -96,17 +96,24 @@ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
unsigned long long base, size;
char *ptr;
char line[LINE_SIZE];
+ int length;
size_t linelen;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- if (!len)
- return -EINVAL;
memset(line, 0, LINE_SIZE);
- if (len > LINE_SIZE)
- len = LINE_SIZE;
- if (copy_from_user(line, buf, len - 1))
+
+ length = len;
+ length--;
+
+ if (length > LINE_SIZE - 1)
+ length = LINE_SIZE - 1;
+
+ if (length < 0)
+ return -EINVAL;
+
+ if (copy_from_user(line, buf, length))
return -EFAULT;
linelen = strlen(line);