Currently in oprofilefs, files that use ulong_fops mis-handle writes of

zero length.  A count of 0 causes oprofilefs_ulong_from_user to return 0
(success), which then leads to oprofile_set_ulong being called to stuff
"value" into file->private_data without it being initialized.

Fix this by moving the check for a zero-length write up into
ulong_write_file.

Signed-off-by: Mike Waychison <mikew@google.com>
Cc: Robert Richter <robert.richter@amd.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
index e9ff6f7770be23a046cd5ce22b8fd504794b3907..ee14e6e5b58604a79e5250a7c86c762aca56d333 100644 (file)
--- a/drivers/oprofile/oprofilefs.c
+++ b/drivers/oprofile/oprofilefs.c
@@ -65,9 +65,6 @@ int oprofilefs_ulong_from_user(unsigned long *val, char const __user *buf, size_
        char tmpbuf[TMPBUFSIZE];
        unsigned long flags;
 
-       if (!count)
-               return 0;
-
        if (count > TMPBUFSIZE - 1)
                return -EINVAL;
 
@@ -97,6 +94,8 @@ static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_
 
        if (*offset)
                return -EINVAL;
+       if (count == 0)
+               return 0;
 
        retval = oprofilefs_ulong_from_user(&value, buf, count);
        if (retval)