do_sendfile ppos check ...
From: Herbert Poetzl
Date: Thu Nov 03 2005 - 12:56:38 EST
Hi Andrew!
friend of mine stumbled over the following issue:
do_sendfile() does an overflow check near the end, like this:
if (*ppos > max)
retval = -EOVERFLOW;
now both sys_sendfile and sys_sendfile64 do call do_sendfile()
similar to this:
if (offset) {
...
ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
return ret;
}
return do_sendfile(out_fd, in_fd, NULL, count, 0);
which passes ppos as NULL, which in turn leads to an oops ...
here is a patch (suggestion) to handle this properly, which
also adjusts the max for sys_sendfile()
(let me know what you think!)
--- linux-2.6.14/fs/read_write.c 2005-10-28 20:49:45 +0200
+++ linux-2.6.14-sendfile/fs/read_write.c 2005-11-03 18:48:37 +0100
@@ -731,7 +731,8 @@ asmlinkage ssize_t sys_sendfile(int out_
return ret;
}
- return do_sendfile(out_fd, in_fd, NULL, count, 0);
+ pos = 0;
+ return do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
}
asmlinkage ssize_t sys_sendfile64(int out_fd, int in_fd, loff_t __user *offset, size_t count)
@@ -748,5 +749,6 @@ asmlinkage ssize_t sys_sendfile64(int ou
return ret;
}
- return do_sendfile(out_fd, in_fd, NULL, count, 0);
+ pos = 0;
+ return do_sendfile(out_fd, in_fd, &pos, count, 0);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/