We're stuffing a variable of type size_t (unsigned) into a ssize_t
(signed) which, even though both types should be the same number of
bits, it's just asking for sign issues to be introduced.
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Reported-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
struct inode *inode = file->f_mapping->host;
unsigned long datasize = count - sizeof(attributes);
unsigned long newdatasize;
struct inode *inode = file->f_mapping->host;
unsigned long datasize = count - sizeof(attributes);
unsigned long newdatasize;
if (count < sizeof(attributes))
return -EINVAL;
if (count < sizeof(attributes))
return -EINVAL;
efivars = var->efivars;
if (copy_from_user(&attributes, userbuf, sizeof(attributes))) {
efivars = var->efivars;
if (copy_from_user(&attributes, userbuf, sizeof(attributes))) {
goto out;
}
if (attributes & ~(EFI_VARIABLE_MASK)) {
goto out;
}
if (attributes & ~(EFI_VARIABLE_MASK)) {
goto out;
}
if (copy_from_user(data, userbuf + sizeof(attributes), datasize)) {
goto out;
}
if (copy_from_user(data, userbuf + sizeof(attributes), datasize)) {
goto out;
}
if (validate_var(&var->var, data, datasize) == false) {
goto out;
}
if (validate_var(&var->var, data, datasize) == false) {
return efi_status_to_err(status);
}
return efi_status_to_err(status);
}
/*
* Writing to the variable may have caused a change in size (which
* could either be an append or an overwrite), or the variable to be
/*
* Writing to the variable may have caused a change in size (which
* could either be an append or an overwrite), or the variable to be
}
static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
}
static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,