On Mon, Jan 18, 2016 at 10:11:17AM -0500, Mimi Zohar wrote: > diff --git a/fs/exec.c b/fs/exec.c > index b06623a..6d623c2 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -831,6 +832,58 @@ int kernel_read(struct file *file, loff_t offset, > > EXPORT_SYMBOL(kernel_read); > > +int kernel_read_file(struct file *file, void **buf, loff_t *size, > + loff_t max_size) > +{ > + loff_t i_size, pos; > + ssize_t bytes = 0; > + int ret; > + > + if (!S_ISREG(file_inode(file)->i_mode)) > + return -EINVAL; > + > + i_size = i_size_read(file_inode(file)); > + if (max_size > 0 && i_size > max_size) > + return -EFBIG; loff_t is a __kernel_loff_t, which in turn is a long long, and that's signed. We don't catch a negative value here, for max_size, we could return -EINVAL if its < 0. > + if (i_size == 0) > + return -EINVAL; Likewise for i_size. The setter of the size will depend on how the code calling this routine setup the struct file passed. So how about adding a i_size <= 0 check here as well here? At least fw_read_file_contents() has historically done this, so if this generic read is going to skip that I'd like to see why. We're unifying so I rather be more pedantic. Provided this is addressed feel free to peg: Reviewed-by: Luis R. Rodriguez <mcgrof at suse.com> Luis