Re: sys_sendfile oops in 2.6.13?

From: Andy Isaacson
Date: Tue Oct 11 2005 - 23:01:42 EST

On Tue, Oct 11, 2005 at 10:56:43AM +0200, Grzegorz Nosek wrote:
> I found an (IMHO) silly bug in do_sendfile in 2.6.13.x kernels (at
> least in and .4, didn't backtrack to find where it
> originated). Without the patch all I apparently get from sys_sendfile
> is an oops due to a call in sys_sendfile with ppos being NULL. With the
> patch it works OK. Noticed in vsftpd.
> @@ -719,7 +719,7 @@
> current->syscr++;
> current->syscw++;
> - if (*ppos > max)
> + if (ppos && *ppos > max)

That change can't fix a bug in 2.6.13, because ppos is forced to be
non-null further up the file:

622 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
647 if (!ppos)
648 ppos = &in_file->f_pos;
684 pos = *ppos;
701 current->syscr++;
702 current->syscw++;
704 if (*ppos > max)
705 retval = -EOVERFLOW;

(line numbers from 2.6.13.)

So there must be something else at work. Perhaps your patches?

On Tue, Oct 11, 2005 at 04:53:47PM +0200, Jiri Slaby wrote:
> I don't know the code surrounding this, but shouldn't be this
> (!ppos || *ppos > max)?

That would be wrong, too; if it were valid to call in with ppos==0, you
wouldn't want to return EOVERFLOW; and if ppos==0 were not valid and you
wanted to return an error, EOVERFLOW would be the wrong error to return.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at