[PATCH] configfs: Return -EFBIG from configfs_write_bin_file.

The check for writing more than cb_max_size bytes does not 'goto out' so it is a no-op which allows users to vmalloc an arbitrary amount. Fixes: 03607ace807b ("configfs: implement binary attributes") Signed-off-by: Phil Turnbull --- fs/configfs/file.c | 1 + 1 file changed,

[PATCH] ceph: Correctly return NXIO errors from ceph_llseek.

ceph_llseek does not correctly return NXIO errors because the 'out' path always returns 'offset'. Fixes: 06222e491e66 ("fs: handle SEEK_HOLE/SEEK_DATA properly in all fs's that define their own llseek") Signed-off-by: Phil Turnbull --- fs/ceph/file.c |

[PATCH] staging: iio: ad5933: Return correct value for AD5933_OUT_RANGE.

The 'break' statement after calling ad5933_cmd only breaks out of the 'for' loop, which then unconditionally sets the return value to -EINVAL. Move the initialisation of 'ret' so we return the correct value. Signed-off-by: Phil Turnbull --- drivers/staging/iio/i

[PATCH nf] netfilter: nfnetlink: correctly validate length of batch messages

From: Phil Turnbull If nlh->nlmsg_len is zero then an infinite loop is triggered because 'skb_pull(skb, msglen);' pulls zero bytes. The calculation in nlmsg_len() underflows if 'nlh->nlmsg_len < NLMSG_HDRLEN' which bypasses the length validation and will later trig