NFSD: Correct the size calculation in fault_inject_write If len == 0 we end up with size = (0 - 1), which could cause bad things to happen in copy_from_user(). Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

commit: 18d9a2ca2ea1aa963a077fb49e7efcc3b0237a9b [log] [tgz]
author: Bryan Schumaker <bjschuma@netapp.com> Fri Dec 07 16:17:29 2012 -0500
committer: J. Bruce Fields <bfields@redhat.com> Mon Dec 10 18:24:22 2012 -0500
tree: 34fa5f3dc37c5e0ffde3ce73b816f8a0bf11ec38
parent: 0a5c33e23c4d781ecc815002c54f1f91012c703d [diff]
diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 7a7b079..e761ee9 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c

@@ -122,7 +122,7 @@
 				  size_t len, loff_t *ppos)
 {
 	char write_buf[INET6_ADDRSTRLEN];
-	size_t size = min(sizeof(write_buf), len) - 1;
+	size_t size = min(sizeof(write_buf) - 1, len);
 	struct net *net = current->nsproxy->net_ns;
 	struct sockaddr_storage sa;
 	u64 val;
commit	18d9a2ca2ea1aa963a077fb49e7efcc3b0237a9b	[log] [tgz]
author	Bryan Schumaker <bjschuma@netapp.com>	Fri Dec 07 16:17:29 2012 -0500
committer	J. Bruce Fields <bfields@redhat.com>	Mon Dec 10 18:24:22 2012 -0500
tree	34fa5f3dc37c5e0ffde3ce73b816f8a0bf11ec38
parent	0a5c33e23c4d781ecc815002c54f1f91012c703d [diff]