tpm: Use correct data types for sizes in tpm_write() and tpm_read()

Use the correct data types for the size parameters in tpm_write() and
tpm_read(). Note that rw_verify_area() makes sure that this bug cannot
be exploited to produce a buffer overrun.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Marcel Selhorst <tpm@selhorst.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index f354d720b777..ae766d868454 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@@ -1028,7 +1028,7 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
                   size_t size, loff_t *off)
 {
         struct tpm_chip *chip = file->private_data;
-        int in_size = size, out_size;
+        size_t in_size = size, out_size;
 
         /* cannot perform a write until the read has cleared
            either via tpm_read or a user_read_timer timeout */
@@ -1063,7 +1063,7 @@ ssize_t tpm_read(struct file *file, char __user *buf,
                  size_t size, loff_t *off)
 {
         struct tpm_chip *chip = file->private_data;
-        int ret_size;
+        ssize_t ret_size;
 
         del_singleshot_timer_sync(&chip->user_read_timer);
         flush_scheduled_work();