2 files changed, 17 insertions, 1 deletions

diff --git a/runtime/relayfs/ChangeLog b/runtime/relayfs/ChangeLog
index 925fda20..64c57fce 100644
--- a/runtime/relayfs/ChangeLog
+++ b/runtime/relayfs/ChangeLog
@@ -1,3 +1,8 @@
+2005-05-17  Martin Hunt  <hunt@redhat.com>
+
+	* relay.c (relay_switch_subbuf): Applied patch
+	[PATCH 2.6.12-rc1-mm2] relayfs: properly handle oversized events
+
 2005-04-11  Martin Hunt  <hunt@redhat.com>
 
 	* inode.c: Latest kernels have modified backing_dev_info. Detect
diff --git a/runtime/relayfs/relay.c b/runtime/relayfs/relay.c
index 35a5f31d..5998db80 100644
--- a/runtime/relayfs/relay.c
+++ b/runtime/relayfs/relay.c
@@ -378,7 +378,10 @@ unsigned relay_switch_subbuf(struct rchan_buf *buf, unsigned length)
 	int new, old, produced = atomic_read(&buf->subbufs_produced);
 	unsigned padding;
 
-	if (atomic_read(&buf->unfull)) {
+	if (unlikely(length > buf->chan->subbuf_size))
+	  goto toobig;
+	
+	if (unlikely(atomic_read(&buf->unfull))) {
 		atomic_set(&buf->unfull, 0);
 		new = produced % buf->chan->n_subbufs;
 		old = (produced - 1) % buf->chan->n_subbufs;
@@ -410,7 +413,15 @@ unsigned relay_switch_subbuf(struct rchan_buf *buf, unsigned length)
 	new = (produced + 1) % buf->chan->n_subbufs;
 	do_switch(buf, new, old);
 
+	if (unlikely(length + buf->offset > buf->chan->subbuf_size))
+	  goto toobig;
+
 	return length;
+	
+ toobig:
+	printk(KERN_WARNING "relayfs: event too large (%u)\n", length);
+	WARN_ON(1);
+	return 0;
 }
 
 /**