Fwd: fs/sysfs/file.c:fill_read_buffer -- signed/unsigned bug?

From: James Mastros
Date: Sun Jul 25 2004 - 10:25:25 EST

Next message: Marc Ballarin: "Re: [PATCH] Delete cryptoloop"
Previous message: Rudo Thomas: "Re: High CPU usage for disk I/O while DMA is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, kernel hackers,
fill_read_buffer (in fs/sysfs/file.c) seems to have a signed/unsigned
bug with the return value of show. count is a ssize_t here, so I'm not
clear on why, but somehow, returning a negative value causes the
BUG_ON(count > PAGE_SIZE); to trigger. This means that returning an
error from the show function makes the kernel oops!

I'm amazed that this apparently hasn't been triggered until now. I'm
working on further sysfsification of ACPI, and I have enough problems
without the core oopsing for me on valid code. ;) (And it's even
documented that you can return errors from show functions, and there
seems to be other code in the function explicitly for dealing with error
returns, so I assume I'm not simply off the deep end.)

Unfornatly, my knowledge of C is rather lacking -- I'm not sure how to
fix this, but I'm fairly certian my diagnosis is correct.

Thanks
-=- James Mastros
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc Ballarin: "Re: [PATCH] Delete cryptoloop"
Previous message: Rudo Thomas: "Re: High CPU usage for disk I/O while DMA is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]