[PATCH] compat_sys_fcntl64: fix for locking near end of file

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] compat_sys_fcntl64: fix for locking near end of file
@ 2004-09-16 19:58 John Engel
  0 siblings, 0 replies; only message in thread
From: John Engel @ 2004-09-16 19:58 UTC (permalink / raw)
  To: akpm; +Cc: willy, sfr, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 625 bytes --]

Andrew,
     Here's a patch to fix a bug in compat_sys_fcntl64 in fs/compat.c.
The bug occurs with a 32 bit app that calls fcntl and checking for a 
lock near the end of a file.

    struct flock sflp;
    sflp.l_start = 2147483345;
    sflp.l_len = 302;
    /* 2147483345 + 302 == 2147483647 (this should not overflow 31 bits) */
    /* 2^31 ==             2147483648 */
    fcntl_stat = fcntl(fd, F_GETLK, &sflp);


The patch also contains a fix to handle l_len < 0 which is now defined 
in POSIX 1003.1-2001 from the fcntl man page.

Signed-off-by: John Engel <jhe@us.ibm.com>

-- 
John Engel
IBM Linux Technology Center


[-- Attachment #2: compat_sys_fcntl64.patch --]
[-- Type: text/x-patch, Size: 1272 bytes --]

diff -ruN linux-2.6.8.1-clean/fs/compat.c linux-2.6.8.1/fs/compat.c
--- linux-2.6.8.1-clean/fs/compat.c	2004-08-14 05:55:31.000000000 -0500
+++ linux-2.6.8.1/fs/compat.c	2004-09-16 13:52:37.000000000 -0500
@@ -522,8 +522,15 @@
 		ret = sys_fcntl(fd, cmd, (unsigned long)&f);
 		set_fs(old_fs);
 		if ((cmd == F_GETLK) && (ret == 0)) {
+			/* POSIX-2001 now defines negative l_len */
+			if (f.l_len < 0) {
+				f.l_start += f.l_len;
+				f.l_len = -f.l_len;
+			}
+			if (f.l_start < 0)
+				return -EINVAL;
 			if ((f.l_start >= COMPAT_OFF_T_MAX) ||
-			    ((f.l_start + f.l_len) >= COMPAT_OFF_T_MAX))
+			    ((f.l_start + f.l_len) > COMPAT_OFF_T_MAX))
 				ret = -EOVERFLOW;
 			if (ret == 0)
 				ret = put_compat_flock(&f, compat_ptr(arg));
@@ -543,8 +550,15 @@
 				(unsigned long)&f);
 		set_fs(old_fs);
 		if ((cmd == F_GETLK64) && (ret == 0)) {
+			/* POSIX-2001 now defines negative l_len */
+			if (f.l_len < 0) {
+				f.l_start += f.l_len;
+				f.l_len = -f.l_len;
+			}
+			if (f.l_start < 0)
+				return -EINVAL;
 			if ((f.l_start >= COMPAT_LOFF_T_MAX) ||
-			    ((f.l_start + f.l_len) >= COMPAT_LOFF_T_MAX))
+			    ((f.l_start + f.l_len) > COMPAT_LOFF_T_MAX))
 				ret = -EOVERFLOW;
 			if (ret == 0)
 				ret = put_compat_flock64(&f, compat_ptr(arg));

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-09-16 19:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-16 19:58 [PATCH] compat_sys_fcntl64: fix for locking near end of file John Engel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.