ipc: clamp with min()

Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Peter Hurley <peter@hurleysoftware.com> 2013-04-30 22:14:25 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-05-01 11:12:57 -0400
commit: 3d8fa456d5ed22ce8db085a89a037b87568b2b64 (patch)
tree: 3e8351d43bea10a10a553f10d1029dcb240a1c39 /ipc
parent: 08d76760832993050ad8c25e63b56773ef2ca303 (diff)
1 files changed, 8 insertions, 22 deletions
diff --git a/ipc/msgutil.c b/ipc/msgutil.c
index 5df8e4bf1db0..98b1c2b476cc 100644
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -41,8 +41,8 @@ struct msg_msgseg {
        /* the next part of the message follows immediately */
 };
-#define DATALEN_MSG     (PAGE_SIZE-sizeof(struct msg_msg))
+#define DATALEN_MSG     (int)(PAGE_SIZE-sizeof(struct msg_msg))
-#define DATALEN_SEG     (PAGE_SIZE-sizeof(struct msg_msgseg))
+#define DATALEN_SEG     (int)(PAGE_SIZE-sizeof(struct msg_msgseg))
 struct msg_msg *load_msg(const void __user *src, int len)
 {
@@ -51,10 +51,7 @@ struct msg_msg *load_msg(const void __user *src, int len)
        int err;
        int alen;
-        alen = len;
+        alen = min(len, DATALEN_MSG);
-        if (alen > DATALEN_MSG)
-                alen = DATALEN_MSG;
        msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL);
        if (msg == NULL)
                return ERR_PTR(-ENOMEM);
@@ -72,9 +69,7 @@ struct msg_msg *load_msg(const void __user *src, int len)
        pseg = &msg->next;
        while (len > 0) {
                struct msg_msgseg *seg;
-                alen = len;
+                alen = min(len, DATALEN_SEG);
-                if (alen > DATALEN_SEG)
-                        alen = DATALEN_SEG;
                seg = kmalloc(sizeof(*seg) + alen,
                                                 GFP_KERNEL);
                if (seg == NULL) {
@@ -113,19 +108,14 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst)
        if (src->m_ts > dst->m_ts)
                return ERR_PTR(-EINVAL);
-        alen = len;
+        alen = min(len, DATALEN_MSG);
-        if (alen > DATALEN_MSG)
-                alen = DATALEN_MSG;
        memcpy(dst + 1, src + 1, alen);
        len -= alen;
        dst_pseg = dst->next;
        src_pseg = src->next;
        while (len > 0) {
-                alen = len;
+                alen = min(len, DATALEN_SEG);
-                if (alen > DATALEN_SEG)
-                        alen = DATALEN_SEG;
                memcpy(dst_pseg + 1, src_pseg + 1, alen);
                dst_pseg = dst_pseg->next;
                len -= alen;
@@ -148,9 +138,7 @@ int store_msg(void __user *dest, struct msg_msg *msg, int len)
        int alen;
        struct msg_msgseg *seg;
-        alen = len;
+        alen = min(len, DATALEN_MSG);
-        if (alen > DATALEN_MSG)
-                alen = DATALEN_MSG;
        if (copy_to_user(dest, msg + 1, alen))
                return -1;
@@ -158,9 +146,7 @@ int store_msg(void __user *dest, struct msg_msg *msg, int len)
        dest = ((char __user *)dest) + alen;
        seg = msg->next;
        while (len > 0) {
-                alen = len;
+                alen = min(len, DATALEN_SEG);
-                if (alen > DATALEN_SEG)
-                        alen = DATALEN_SEG;
                if (copy_to_user(dest, seg + 1, alen))
                        return -1;
                len -= alen;
author	Peter Hurley <peter@hurleysoftware.com>	2013-04-30 22:14:25 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-05-01 11:12:57 -0400
commit	3d8fa456d5ed22ce8db085a89a037b87568b2b64 (patch)
tree	3e8351d43bea10a10a553f10d1029dcb240a1c39 /ipc
parent	08d76760832993050ad8c25e63b56773ef2ca303 (diff)