Anybody who knows about this one?
Jes
------- start of forwarded message -------
From: Kars de Jong <jongk@cs.utwente.nl>
To: Jes Sorensen <Jes.Sorensen@cern.ch>
Subject: Serious bug in recent Linux kernels
Date: Fri, 8 Jan 1999 02:33:12 +0100
Hi,
There is a serious bug in recent kernels with the timeout of the poll()
system call. The calculation to turn the timeout value from milliseconds
into whatever schedule_timeout() expects is wrong. The following happened
when I read my mail with mutt. I use a development glibc (2.1.106) which
uses poll() when it is available in the kernel. As soon as I opened read a
mail message my screen got spammed with hundreds of lines saying:
schedule_timeout: wrong timeout value f3333335 from 00024c0e
I looked up where address 00024c0e was, it turned out to be do_poll() in
fs/select.c
I decided to strace mutt, to see what it did, and it did a series of poll()
syscalls like this:
poll([{fd=0, events=POLLIN}], 1, 2147483647) = 0
That value is INT_MAX, and should be valid.
The calculation in fs/select.c sys_select() does this:
timeout = (timeout*HZ+999)/1000+1;
which obviously overflows with a timeout like this. The resulting value
in my case is 0xf3333335...
I don't have an obvious solution ready, someone with a better grasp of
integer math should take a look.
I think this bug affects all architectures, not only Linux/m68k.
Since I'm not on linux-kernel, could you forward this to the apropriate
person/mailing list?
Kars.
-- ------------------------------------------------------------------------------ Kars de Jong Signaalkamp rules the waves! Turrican@Discworld --------======]**-----| jongk@cs.utwente.nl |-----**[======--------- ------- end of forwarded message -------- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/