> > OK, here is another one. In the top level read_events() function in
> > fs/aio.c, a struct io_event is instantiated on the stack
> (variable ent).
> > It calls aio_read_evt() function which will fill the entire io_event
> > structure into variable ent. What's the point of zeroing when copy
> > covers the same memory area? Possible a debug code left around?
>
> Read the comment before that memset. The structure might contain some
> padding (bytes not belonging to any of its entries), these bytes are
> random and if you do not zero them, you copy random data into
> userspace.
That is true, but here's the definition of the io_event strcuture:
struct io_event {
__u64 data;
__u64 obj;
__s64 res;
__s64 res2;
};
In the words of the comment, C may be "fun", but I've
having trouble envisioning an architecture where a structure
that consists of four equal sized objects has some padding!
Don't we usually call code that defends against impossible
problems "bloat"?
-Tony
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jul 15 2003 - 22:00:31 EST