This patch fails writes larger than the sub-buffer size and prints a
warning and stack trace when it happens. I chose this over BUG_ON()
or silently failing since while it could probably be considered a bug
for an application to let this happen, it's not fatal and the user
would probably want to know (and change buffer sizes).
Andrew, please apply.
Thanks,
Tom
Signed-off-by: Tom Zanussi <[email protected]>
diff -urpN -X dontdiff linux-2.6.12-rc1-mm2/fs/relayfs/relay.c linux-2.6.12-rc1-mm2-cur/fs/relayfs/relay.c
--- linux-2.6.12-rc1-mm2/fs/relayfs/relay.c 2005-03-20 22:26:47.000000000 -0600
+++ linux-2.6.12-rc1-mm2-cur/fs/relayfs/relay.c 2005-03-20 23:32:50.000000000 -0600
@@ -378,7 +378,10 @@ unsigned relay_switch_subbuf(struct rcha
int new, old, produced = atomic_read(&buf->subbufs_produced);
unsigned padding;
- if (atomic_read(&buf->unfull)) {
+ if (unlikely(length > buf->chan->subbuf_size))
+ goto toobig;
+
+ if (unlikely(atomic_read(&buf->unfull))) {
atomic_set(&buf->unfull, 0);
new = produced % buf->chan->n_subbufs;
old = (produced - 1) % buf->chan->n_subbufs;
@@ -410,7 +413,15 @@ unsigned relay_switch_subbuf(struct rcha
new = (produced + 1) % buf->chan->n_subbufs;
do_switch(buf, new, old);
+ if (unlikely(length + buf->offset > buf->chan->subbuf_size))
+ goto toobig;
+
return length;
+
+toobig:
+ printk(KERN_WARNING "relayfs: event too large (%u)\n", length);
+ WARN_ON(1);
+ return 0;
}
/**
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
