Hi Linus,
Michael Tross found that ncpfs does not correctly handle read above EOF
under some conditions (it tries to read random number of bytes above end
of file again and again because of it computes bytes to read as negative
value). Attached fix fixes:
(1) 'count' is no longer set to illegal negative value such as '-384000' in
ncp_file_read. It is main problem.
(2) ncp_file_read and ncp_file_write used file->f_pos instead of passed
parameter ppos. Now pread and pwrite should work on ncpfs too.
(3) I changed type of some variables in ncp_file_{read,write} from
'int' to 'size_t'. Now 'read(fd, x, -1)' under some circumstances
behaves much better than before.
Could you apply attached fix, please? It fits into both 2.2.10-pre2 and
2.3.4.
Thanks,
Petr Vandrovec
vandrove@vc.cvut.cz
P.S.: Patch included in this file is plain text. Attached is same file,
but gzipped.
diff -urdN linux/fs/ncpfs/file.c linux/fs/ncpfs/file.c
--- linux/fs/ncpfs/file.c Thu May 20 19:36:53 1999
+++ linux/fs/ncpfs/file.c Wed Jun 2 19:29:32 1999
@@ -21,7 +21,7 @@
#include <linux/ncp_fs.h>
#include "ncplib_kernel.h"
-static inline int min(int a, int b)
+static inline unsigned int min(unsigned int a, unsigned int b)
{
return a < b ? a : b;
}
@@ -99,9 +99,10 @@
struct inode *inode = dentry->d_inode;
size_t already_read = 0;
off_t pos;
- int bufsize, error;
+ size_t bufsize;
+ int error;
void* freepage;
- int freelen;
+ size_t freelen;
DPRINTK(KERN_DEBUG "ncp_file_read: enter %s/%s\n",
dentry->d_parent->d_name.name, dentry->d_name.name);
@@ -121,10 +122,12 @@
goto out;
}
- pos = file->f_pos;
+ pos = *ppos;
+/* leave it out on server ...
if (pos + count > inode->i_size) {
count = inode->i_size - pos;
}
+*/
error = 0;
if (!count) /* size_t is never < 0 */
goto out;
@@ -146,7 +149,7 @@
/* First read in as much as possible for each bufsize. */
while (already_read < count) {
int read_this_time;
- int to_read = min(bufsize - (pos % bufsize),
+ size_t to_read = min(bufsize - (pos % bufsize),
count - already_read);
error = ncp_read_bounce(NCP_SERVER(inode),
@@ -162,13 +165,13 @@
buf += read_this_time;
already_read += read_this_time;
- if (read_this_time < to_read) {
+ if (read_this_time != to_read) {
break;
}
}
kfree(freepage);
- file->f_pos = pos;
+ *ppos = pos;
if (!IS_RDONLY(inode)) {
inode->i_atime = CURRENT_TIME;
@@ -187,7 +190,8 @@
struct inode *inode = dentry->d_inode;
size_t already_written = 0;
off_t pos;
- int bufsize, errno;
+ size_t bufsize;
+ int errno;
void* bouncebuffer;
DPRINTK(KERN_DEBUG "ncp_file_write: enter %s/%s\n",
@@ -213,7 +217,7 @@
printk(KERN_ERR "ncp_file_write: open failed, error=%d\n", errno);
return errno;
}
- pos = file->f_pos;
+ pos = *ppos;
if (file->f_flags & O_APPEND) {
pos = inode->i_size;
@@ -227,7 +231,7 @@
return -EIO; /* -ENOMEM */
while (already_written < count) {
int written_this_time;
- int to_write = min(bufsize - (pos % bufsize),
+ size_t to_write = min(bufsize - (pos % bufsize),
count - already_written);
if (copy_from_user(bouncebuffer, buf, to_write)) {
@@ -244,14 +248,14 @@
buf += written_this_time;
already_written += written_this_time;
- if (written_this_time < to_write) {
+ if (written_this_time != to_write) {
break;
}
}
kfree(bouncebuffer);
inode->i_mtime = inode->i_atime = CURRENT_TIME;
- file->f_pos = pos;
+ *ppos = pos;
if (pos > inode->i_size) {
inode->i_size = pos;
--liOOAslEiF7prFVr
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="ncpfs.gz"
Content-Transfer-Encoding: base64
H4sICBlzVTcAA25jcGZzAKVVbW/bNhD+LP2Ka4YMtiX5RXaTOI7dbI06ZF2cQE03DBggyBYV
E5Elg5LSpUP+++5ISrVgt3OxL6R4b7x77vgo4nEMTimiOSQ8Lf/uxXkvXW5wjXnCusv9UtNx
nP0a435Vwk34DG4fBuPz4cn56yF+jMemZVlfcfmDRfBrmQK45OKil6tcLi/BcQf2KVhyvbw0
4QeeLpMyYnChYmGgIM67q9mW6giFCV8Ej0ykLOmujkwwnbwIC74EnqIfw62ANU9btIe2PC7a
ptU0KtOcP6SYXGXdEKBb44z+8I8JhmBFKVII4QIW8Ab3c1hMTHiR1YzH9hgsXAd9WY6RF6Jc
Fhggw8Q7aptCxNJCPDuzKJCSCRnyzyzAWxPBwug5oBUN+6TK4hg1myyfmI4hUyljMreBCZGJ
iWlV3lpBErLTajCeMh51IBaMbcIHVoWhc8LSLf9aAuh0dedfz+/ft957/jy48n7++ItEPqCu
yvzOActgAo7z3nH+V3pko5PxpbRNKPCbvtJwzbq02FuV18L2REI3wBlA1KyB69oDV6FnPGRF
BllZUBEv1GYDYUBcKAdnFgcSFEsLOxt17HUgYeETTkFBvpClkDPxhJl2u10MxGNokYcFy6xE
HGaqPc6MB4RDW7bZULppUweO6gNlY3V6uEuMq05R5FfSsW1gFhpVnkPK6PoL6IN02qpLlj46
oUcwGI31KyDnd1zkBcg54DhuOazL5Yp2TCDni4RBjBezEIW67V0V/NMKwYFWY5IuVKm6NGo+
iYNixfOg4Gs5ElJcZNXo0YPQgbFqCdhxdVPbRtCroTnYBW82DNCgO41Rb6uRq9GkOZMZLtB4
yVrzt3fBB8//3fNbsh8YTQJ3grMyROROXtOuZgYvBGu6UyBqGpDsM5EoYA+bCkRP10j4WXtN
Xk23bajSBR4e5bUvaniNR3pereoVttV9W5OMdet5lpNcHaEarOsPgX91O//tT41B3U09oKHM
ZApvP/q+N78P7q9vPD1gZ6dywMZ9++z/8dInwYuCpQdRU5p9k5pIXVGTajPaxEwcwD6UBdul
H/U/Gaofymn1loyNwBsfVSTP93fjZBusKA5REmlOnR5HFFGl2ZZd1LxfJ/5yEBlVzats4iR8
yOFHuA1+urvz5le6h8qnQTWqc64rO+cOB3U5OhHHu76dEFE43vz2xrvZ+/irdu2+f63ZTwES
l+/kgAN9NAnssIDOpyICwmyZbZ6DWGTroET+bm3PiE0R7fpa+RQkXKORPRghXqMz2huEsKfi
LU6okPqKYcUMOzpFDiqLL+ywa6YIorb7FkNsFypnr56LtX7h//HkwfguYiHR/n9g89+n3f4F
Il/+RVMKAAA=
--liOOAslEiF7prFVr--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/