From: Carsten Langgaard <carstenl@mips.com>
To: Ralf Baechle <ralf@oss.sgi.com>,
"linux-mips@oss.sgi.com" <linux-mips@oss.sgi.com>
Subject: Bug in __copy_user
Date: Mon, 24 Jun 2002 16:17:23 +0200 [thread overview]
Message-ID: <3D1729F3.7241A74A@mips.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1155 bytes --]
I have started to look a little bit at the LTP tests.
And one of the testcases that fails (actually it doesn't fail as it
supposed to do) is the syscall getsockopt.
I think the failure is due to the copy_to_user(0, from, 4) call returns
0, which I wouldn't expect when the destination pointer is NULL.
I think the problem is in the __copy_user function in
arch/mips/lib/memcpy.
It tries to handle the exception, which we get because the destination
pointer is NULL, by returning the number of uncopied bytes in $a2 to the
caller.
But in this case the length is only 4 bytes, and the copying is done by
a single 'sw'. The problem is the length ($a2) is decreased by 4 before
the 'sw' is executed.
The 'sw' fails and __copy_user terminates, but returns with $a2 = 0
(instead 4).
I thing the following patch will solve the problem.
/Carsten
--
_ _ ____ ___ Carsten Langgaard Mailto:carstenl@mips.com
|\ /|||___)(___ MIPS Denmark Direct: +45 4486 5527
| \/ ||| ____) Lautrupvang 4B Switch: +45 4486 5555
TECHNOLOGIES 2750 Ballerup Fax...: +45 4486 5556
Denmark http://www.mips.com
[-- Attachment #2: memcpy.patch --]
[-- Type: text/plain, Size: 538 bytes --]
Index: arch/mips/lib/memcpy.S
===================================================================
RCS file: /home/repository/sw/linux-2.4.18/arch/mips/lib/memcpy.S,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 memcpy.S
--- arch/mips/lib/memcpy.S 4 Mar 2002 11:12:21 -0000 1.1.1.1
+++ arch/mips/lib/memcpy.S 24 Jun 2002 13:46:07 -0000
@@ -248,8 +248,8 @@
1:
EXC( LOAD t0, 0(src), l_exc)
ADD src, src, NBYTES
- SUB len, len, NBYTES
EXC( STORE t0, 0(dst), s_exc)
+ SUB len, len, NBYTES
bne rem, len, 1b
ADD dst, dst, NBYTES
next reply other threads:[~2002-06-24 14:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-24 14:17 Carsten Langgaard [this message]
2002-06-24 15:14 ` Bug in __copy_user Gleb O. Raiko
2002-06-24 15:39 ` Ralf Baechle
2002-06-24 16:05 ` Gleb O. Raiko
2002-06-24 16:07 ` Kevin D. Kissell
2002-06-24 16:07 ` Kevin D. Kissell
2002-06-24 16:22 ` Ralf Baechle
2002-06-24 16:38 ` Kevin D. Kissell
2002-06-24 16:38 ` Kevin D. Kissell
2002-06-24 19:49 ` M. R. Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D1729F3.7241A74A@mips.com \
--to=carstenl@mips.com \
--cc=linux-mips@oss.sgi.com \
--cc=ralf@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.