Re: Implementation defined behaviour in read_write.c

From: Alan Cox
Date: Tue Sep 21 2004 - 07:01:34 EST

Next message: porterzy: "problem with porting 2.6.8 kernel to ppc 405CR"
Previous message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: Fix __raw_* IO accessors"
In reply to: Rainer Weikusat: "Re: Implementation defined behaviour in read_write.c"
Next in thread: Rainer Weikusat: "Re: Implementation defined behaviour in read_write.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Llu, 2004-09-20 at 16:54, Rainer Weikusat wrote:
> The following code is in the function do_readv_writev in the file
> fs/read_write.c (2.6.8.1):

The 2.4.x kernel has part of this fixed. In particular it does the
overflow check differently because gcc 3.x in some forms did appear to
be making use of the undefined nature of the test and that was a
potential security hole. ("its undefined lets say its always false..")

The initial cast and test should be fine. The overflow problem was fixed
in the 2.4 tree and is handled by keeping tot_len unsigned so that the
overflow is a defined operation and then checking versus 0x7FFFFFFF or
0x7FFFFFFFFFFFFFFFUL according to BITS_PER_LONG. I guess the 2.4 code
should be merged into 2.6, perhaps using limits.h instead ?

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: porterzy: "problem with porting 2.6.8 kernel to ppc 405CR"
Previous message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: Fix __raw_* IO accessors"
In reply to: Rainer Weikusat: "Re: Implementation defined behaviour in read_write.c"
Next in thread: Rainer Weikusat: "Re: Implementation defined behaviour in read_write.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]