From: Al Viro <viro@ZenIV.linux.org.uk>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Theodore Ts'o <tytso@mit.edu>, Dave Chinner <david@fromorbit.com>,
Jens Axboe <axboe@fb.com>,
linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org
Subject: Re: 32-bit bug in iovec iterator changes
Date: Sun, 22 Jun 2014 01:26:18 +0100 [thread overview]
Message-ID: <20140622002618.GR18016@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1403395400.2592.4.camel@jarvis.lan>
On Sat, Jun 21, 2014 at 05:03:20PM -0700, James Bottomley wrote:
> > Anyway, does the following alone fix the problem you are seeing?
> >
> > diff --git a/include/linux/uio.h b/include/linux/uio.h
> > index ddfdb53..dbb02d4 100644
> > --- a/include/linux/uio.h
> > +++ b/include/linux/uio.h
> > @@ -94,7 +94,7 @@ static inline size_t iov_iter_count(struct iov_iter *i)
> > return i->count;
> > }
> >
> > -static inline void iov_iter_truncate(struct iov_iter *i, size_t count)
> > +static inline void iov_iter_truncate(struct iov_iter *i, u64 count)
> > {
> > if (i->count > count)
> > i->count = count;
>
> Al, how can that work? i->count is size_t, which is 32 bit, so we're
> going to get truncation errors.
No, we are not. Look:
* comparison promotes both operands to u64 here, so its result is
accurate, no matter how large count is. They are compared as natural
numbers.
* assignment converts count to size_t, which *would* truncate for
values that are greater than the maximal value representable by size_t.
But in that case it's by definition greater than i->count, so we do not
reach that assignment at all.
next prev parent reply other threads:[~2014-06-22 0:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-19 15:35 BUG: scheduling while atomic in blk_mq codepath? Theodore Ts'o
2014-06-19 15:59 ` Jens Axboe
2014-06-19 15:59 ` Jens Axboe
2014-06-19 16:08 ` Theodore Ts'o
2014-06-19 16:21 ` Theodore Ts'o
2014-06-19 22:38 ` Dave Chinner
2014-06-21 3:51 ` 32-bit bug in iovec iterator changes Theodore Ts'o
2014-06-21 5:53 ` Al Viro
2014-06-21 23:09 ` Theodore Ts'o
2014-06-21 23:49 ` Al Viro
2014-06-22 0:03 ` James Bottomley
2014-06-22 0:26 ` Al Viro [this message]
2014-06-22 0:32 ` James Bottomley
2014-06-22 0:53 ` Al Viro
2014-06-22 1:00 ` Al Viro
2014-06-22 11:50 ` Theodore Ts'o
2014-06-23 7:44 ` [regression] fix 32-bit breakage in block device read(2) (was Re: 32-bit bug in iovec iterator changes) Al Viro
2014-06-23 15:43 ` Theodore Ts'o
2014-06-24 12:33 ` One Thousand Gnomes
2014-06-25 16:56 ` Linus Torvalds
2014-06-26 15:27 ` Bruno Wolff III
2014-06-22 1:00 ` 32-bit bug in iovec iterator changes James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140622002618.GR18016@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=James.Bottomley@HansenPartnership.com \
--cc=axboe@fb.com \
--cc=david@fromorbit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.