From: Kirill Korotaev <dev@sw.ru>

This patch fixes incorrect address range check in do_getname(). 
Theoretically this can lead to do_getname() failure on kernel address space
string on the TASK_SIZE boundary addresses when 4GB split is ON.

(akpm: I don't see why this check exists at all, actually.  afaict the only
effect of removing it is that we'll then generate -EFAULT on a
non-null-terminated pathname which ends exactly at TASK_SIZE).

Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/fs/namei.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff -puN fs/namei.c~4-4gb-incorrect-bound-check-in-do_getname fs/namei.c
--- 25/fs/namei.c~4-4gb-incorrect-bound-check-in-do_getname	2004-11-11 16:52:28.754433616 -0800
+++ 25-akpm/fs/namei.c	2004-11-11 16:55:24.495716880 -0800
@@ -116,13 +116,14 @@ static inline int do_getname(const char 
 	int retval;
 	unsigned long len = PATH_MAX;
 
-	if ((unsigned long) filename >= TASK_SIZE) {
-		if (!segment_eq(get_fs(), KERNEL_DS))
+	if (!segment_eq(get_fs(), KERNEL_DS)) {
+		if ((unsigned long) filename >= TASK_SIZE)
 			return -EFAULT;
-	} else if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
-		len = TASK_SIZE - (unsigned long) filename;
+		if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
+			len = TASK_SIZE - (unsigned long) filename;
+	}
 
-	retval = strncpy_from_user((char *)page, filename, len);
+	retval = strncpy_from_user(page, filename, len);
 	if (retval > 0) {
 		if (retval < len)
 			return 0;
_