From: Mitchell Blank Jr <mitch@sfgoth.com>
To: Andrew Morton <akpm@osdl.org>
Cc: kaos@sgi.com, linux-kernel@vger.kernel.org
Subject: Re: 2.6.17-rc1 core_sys_select incompatible pointer types
Date: Mon, 3 Apr 2006 02:55:30 -0700 [thread overview]
Message-ID: <20060403095530.GE3157@gaz.sfgoth.com> (raw)
In-Reply-To: <20060403020916.57c9eaec.akpm@osdl.org>
Andrew Morton wrote:
> Nope. I queued up the below. If anything additional is needed, please
> resend.
Could you at least apply this bit on top? I actually combed select.c
yesterday and have a bunch of changes, but I can send those to you as a
patch series later. This one I'd like to land now since it fixes a bug
introduced within the last week (even though the bug isn't currently
triggerable)
The code is (very slightly) rearranged; should be a little more readable
and quicker for the fastpath.
Subject: [SELECT] don't overflow if (SELECT_STACK_ALLOC % sizeof(long) != 0)
If SELECT_STACK_ALLOC is not a multiple of sizeof(long) then stack_fds[]
would be shorter than SELECT_STACK_ALLOC bytes and could overflow later
in the function. Fixed by simply rearranging the test later to work on
sizeof(stack_fds) Currently SELECT_STACK_ALLOC is 256 so this doesn't happen,
but it's nasty to have things like this hidden in the code. What if later
someone decides to change SELECT_STACK_ALLOC to 300?
Signed-off-by: Mitchell Blank Jr <mitch@sfgoth.com>
--- linux-2.6/fs/select.c-AKPM 2006-04-03 02:25:34.000000000 -0700
+++ linux-2.6/fs/select.c 2006-04-03 02:32:53.000000000 -0700
@@ -311,7 +311,8 @@
{
fd_set_bits fds;
void *bits;
- int ret, size, max_fdset;
+ int ret, max_fdset;
+ unsigned int size;
struct fdtable *fdt;
/* Allocate small arguments on the stack to save memory and be faster */
long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
@@ -333,14 +334,15 @@
* since we used fdset we need to allocate memory in units of
* long-words.
*/
- ret = -ENOMEM;
size = FDS_BYTES(n);
- if (6*size < SELECT_STACK_ALLOC)
- bits = stack_fds;
- else
+ bits = stack_fds;
+ if (size > sizeof(stack_fds) / 6) {
+ /* Not enough space in on-stack array; must use kmalloc */
+ ret = -ENOMEM;
bits = kmalloc(6 * size, GFP_KERNEL);
- if (!bits)
- goto out_nofds;
+ if (!bits)
+ goto out_nofds;
+ }
fds.in = bits;
fds.out = bits + size;
fds.ex = bits + 2*size;
prev parent reply other threads:[~2006-04-03 9:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-03 8:28 2.6.17-rc1 core_sys_select incompatible pointer types Keith Owens
2006-04-03 8:44 ` Mitchell Blank Jr
2006-04-03 9:09 ` Andrew Morton
2006-04-03 9:18 ` Keith Owens
2006-04-03 9:27 ` Andrew Morton
2006-04-03 9:55 ` Mitchell Blank Jr [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060403095530.GE3157@gaz.sfgoth.com \
--to=mitch@sfgoth.com \
--cc=akpm@osdl.org \
--cc=kaos@sgi.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.