Commit 274cef5e authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Paul Mackerras

[POWERPC] spufs: fix another off-by-one bug in spufs_mbox_read

Currently, spufs_mbox_read transfers more bytes than requested on a
read.  If you ask for four bytes, you get eight.  This fixes it to
transfer the largest multiple of four bytes that is less than or equal
to the number you asked for.

Note: one nasty property of this file in spufs is that you can only
read multiples of four bytes in the first place, since there is no way
to atomically put back a few bytes into the hardware register.  Thus,
reading less than four bytes returns -EINVAL.  Asking for more than
four returns the largest possible multiple of four.
Signed-off-by: default avatarArnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
parent f6b301b8
...@@ -385,7 +385,7 @@ static ssize_t spufs_mbox_read(struct file *file, char __user *buf, ...@@ -385,7 +385,7 @@ static ssize_t spufs_mbox_read(struct file *file, char __user *buf,
udata = (void __user *)buf; udata = (void __user *)buf;
spu_acquire(ctx); spu_acquire(ctx);
for (count = 0; count <= len; count += 4, udata++) { for (count = 0; (count + 4) <= len; count += 4, udata++) {
int ret; int ret;
ret = ctx->ops->mbox_read(ctx, &mbox_data); ret = ctx->ops->mbox_read(ctx, &mbox_data);
if (ret == 0) if (ret == 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment