[PATCH] read_kmem() fixes

drivers/char/mem.c:289
		if (p < PAGE_SIZE && read > 0) {
			[...]
			read -= tmp;
			count -= tmp;

    This part is losting the number of bytes which read.

drivers/char/mem.c:302
			sz = min_t(unsigned long, sz, count);

    This should use "read" instead of "count".

drivers/char/mem.c:315
			read -= sz;
			count -= sz;

    Also lost the number of bytes which read.


In short, kmem returns incorrect number always if user is accessing
the lowmem area. And also it doesn't handle the highmem boundary
rightly.

This patch uses "low_count" instead of "read", as the number of copy
in lowmem area. And "read" is used as the number of bytes which read.

Signed-off-by: OGAWA Hirofumi <[email protected]>
---

 drivers/char/mem.c |   25 +++++++++++++------------
 1 files changed, 13 insertions(+), 12 deletions(-)

diff -puN drivers/char/mem.c~read_kmem-broken-fix drivers/char/mem.c
--- linux-2.6.12-rc1/drivers/char/mem.c~read_kmem-broken-fix	2005-03-26 11:51:31.000000000 +0900
+++ linux-2.6.12-rc1-hirofumi/drivers/char/mem.c	2005-03-26 11:53:16.000000000 +0900
@@ -267,30 +267,30 @@ static ssize_t read_kmem(struct file *fi
 			 size_t count, loff_t *ppos)
 {
 	unsigned long p = *ppos;
-	ssize_t read, virtr, sz;
+	ssize_t low_count, read, sz;
 	char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
 
 	read = 0;
-	virtr = 0;
 	if (p < (unsigned long) high_memory) {
-		read = count;
+		low_count = count;
 		if (count > (unsigned long) high_memory - p)
-			read = (unsigned long) high_memory - p;
+			low_count = (unsigned long) high_memory - p;
 
 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
 		/* we don't have page 0 mapped on sparc and m68k.. */
-		if (p < PAGE_SIZE && read > 0) {
+		if (p < PAGE_SIZE && low_count > 0) {
 			size_t tmp = PAGE_SIZE - p;
-			if (tmp > read) tmp = read;
+			if (tmp > low_count) tmp = low_count;
 			if (clear_user(buf, tmp))
 				return -EFAULT;
 			buf += tmp;
 			p += tmp;
-			read -= tmp;
+			read += tmp;
+			low_count -= tmp;
 			count -= tmp;
 		}
 #endif
-		while (read > 0) {
+		while (low_count > 0) {
 			/*
 			 * Handle first page in case it's not aligned
 			 */
@@ -299,7 +299,7 @@ static ssize_t read_kmem(struct file *fi
 			else
 				sz = PAGE_SIZE;
 
-			sz = min_t(unsigned long, sz, count);
+			sz = min_t(unsigned long, sz, low_count);
 
 			/*
 			 * On ia64 if a page has been mapped somewhere as
@@ -312,7 +312,8 @@ static ssize_t read_kmem(struct file *fi
 				return -EFAULT;
 			buf += sz;
 			p += sz;
-			read -= sz;
+			read += sz;
+			low_count -= sz;
 			count -= sz;
 		}
 	}
@@ -335,13 +336,13 @@ static ssize_t read_kmem(struct file *fi
 			}
 			count -= len;
 			buf += len;
-			virtr += len;
+			read += len;
 			p += len;
 		}
 		free_page((unsigned long)kbuf);
 	}
  	*ppos = p;
- 	return virtr + read;
+ 	return read;
 }
 
 
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: [PATCH][1/6] cifs: inode.c cleanup - function definitions (whitespace changes only)
• Next by Date: klists and struct device semaphores
• Previous by thread: vanilla 2.6.11 Kernel Hangs after hlt checking
• Next by thread: klists and struct device semaphores
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]