Re: sys_sendfile oops in 2.6.13?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 11, 2005 at 10:56:43AM +0200, Grzegorz Nosek wrote:
> I found an (IMHO) silly bug in do_sendfile in 2.6.13.x kernels (at
> least in 2.6.13.3 and .4, didn't backtrack to find where it
> originated). Without the patch all I apparently get from sys_sendfile
> is an oops due to a call in sys_sendfile with ppos being NULL. With the
> patch it works OK. Noticed in vsftpd.
>
> @@ -719,7 +719,7 @@
>        current->syscr++;
>        current->syscw++;
> 
> -       if (*ppos > max)
> +       if (ppos && *ppos > max)

That change can't fix a bug in 2.6.13, because ppos is forced to be
non-null further up the file:

    622 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
...
    647         if (!ppos)
    648                 ppos = &in_file->f_pos;
...
    684         pos = *ppos;
...
    701         current->syscr++;
    702         current->syscw++;
    703 
    704         if (*ppos > max)
    705                 retval = -EOVERFLOW;

(line numbers from 2.6.13.)

So there must be something else at work.  Perhaps your patches?

On Tue, Oct 11, 2005 at 04:53:47PM +0200, Jiri Slaby wrote:
> I don't know the code surrounding this, but shouldn't be this
> (!ppos || *ppos > max)?

That would be wrong, too; if it were valid to call in with ppos==0, you
wouldn't want to return EOVERFLOW; and if ppos==0 were not valid and you
wanted to return an error, EOVERFLOW would be the wrong error to return.

-andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux