Re: [PATCH] 2.5.27 read_write

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Mon Jul 22 2002 - 12:04:49 EST


On Mon, 2002-07-22 at 15:08, Marcin Dalecki wrote:
> - This is making the read_write.c C.
>
> - It is fixing completely confused wild casting to 32 bits.
>
> - Actually adding a comment explaining the obscure code, which is
> relying on integer arithmetics overflow.

This is the 2.4 patch. This passes the SuS LSB validation tests and gets
32/64bit behaviour as well as sign rules for iov_len elements right. At
least I hope it does.

--- linux-2.5.27/fs/read_write.c Sat Jul 20 20:11:25 2002
+++ linux-2.5.27-ac1/fs/read_write.c Mon Jul 22 15:43:46 2002
@@ -301,17 +301,23 @@
         if (copy_from_user(iov, vector, count*sizeof(*vector)))
                 goto out;
 
- /* BSD readv/writev returns EINVAL if one of the iov_len
- values < 0 or tot_len overflowed a 32-bit integer. -ink */
+ /*
+ * Single unix specification:
+ * We should -EINVAL if an element length is not >= 0 and fitting an ssize_t
+ * The total length is fitting an ssize_t
+ *
+ * Be careful here because iov_len is a size_t not an ssize_t
+ */
+
         tot_len = 0;
         ret = -EINVAL;
         for (i = 0 ; i < count ; i++) {
- size_t tmp = tot_len;
- int len = iov[i].iov_len;
- if (len < 0)
+ ssize_t tmp = tot_len;
+ ssize_t len = (ssize_t)iov[i].iov_len;
+ if (len < 0) /* size_t not fitting an ssize_t .. */
                         goto out;
- (u32)tot_len += len;
- if (tot_len < tmp || tot_len < (u32)len)
+ tot_len += len;
+ if (tot_len < tmp) /* maths overflow on the ssize_t */
                         goto out;
         }
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Jul 23 2002 - 22:00:39 EST