public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* ctx64 is not initiated in sys32_io_setup
@ 2004-10-11  9:02 Zhang, Yanmin
  0 siblings, 0 replies; 2+ messages in thread
From: Zhang, Yanmin @ 2004-10-11  9:02 UTC (permalink / raw)
  To: discuss, linux-kernel; +Cc: Siddha, Suresh B

[-- Attachment #1: Type: text/plain, Size: 1802 bytes --]

Kernel 2.6.9-rc3-mm3 has a bug in function sys32_io_setup in file
arch/x86_64/ia32/sys_ia32.c. Local variable ctx64 is not initiated
before sys32_io_setup calls sys_io_setup. If ctx64 is not zero, and
sys_io_setup will return -EINVAL. Generic function compat_sys_io_setup
has not the bug. 

Here is the patch against 2.6.9-rc3-mm3. Just use compat_sys_io_setup to
replace sys32_io_setup.

Signed-of-by: Zhang Yanmin <yanmin.zhang@intel.com>

diff -Nraup a/arch/x86_64/ia32/ia32entry.S
b/arch/x86_64/ia32/ia32entry.S
--- a/arch/x86_64/ia32/ia32entry.S	2004-10-08 12:09:03.000000000
+0800
+++ b/arch/x86_64/ia32/ia32entry.S	2004-10-10 18:59:38.295452840
+0800
@@ -547,7 +547,7 @@ ia32_sys_call_table:
 	.quad compat_sys_sched_getaffinity
 	.quad sys32_set_thread_area
 	.quad sys32_get_thread_area
-	.quad sys32_io_setup		/* 245 */
+	.quad compat_sys_io_setup	/* 245 */
 	.quad sys_io_destroy
 	.quad sys32_io_getevents
 	.quad sys32_io_submit
diff -Nraup a/arch/x86_64/ia32/sys_ia32.c b/arch/x86_64/ia32/sys_ia32.c
--- a/arch/x86_64/ia32/sys_ia32.c	2004-10-08 12:09:03.000000000
+0800
+++ b/arch/x86_64/ia32/sys_ia32.c	2004-10-10 18:59:38.296452688
+0800
@@ -1185,21 +1185,6 @@ long sys32_kill(int pid, int sig)
 {
 	return sys_kill(pid, sig);
 }
- 
-
-long sys32_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
-{ 
-	long ret; 
-	aio_context_t ctx64;
-	mm_segment_t oldfs = get_fs(); 	
-	set_fs(KERNEL_DS); 
-	ret = sys_io_setup(nr_reqs, &ctx64); 
-	set_fs(oldfs); 
-	/* truncating is ok because it's a user address */
-	if (!ret) 
-		ret = put_user((u32)ctx64, ctx32p);
-	return ret;
-} 
 
 asmlinkage long sys32_io_submit(aio_context_t ctx_id, int nr,
 		   compat_uptr_t __user *iocbpp)


 <<sys32_io_setup_initiate.2.6.9.rc3.mm3.patch.diff>> 

[-- Attachment #2: sys32_io_setup_initiate.2.6.9.rc3.mm3.patch.diff --]
[-- Type: application/octet-stream, Size: 1247 bytes --]

diff -Nraup a/arch/x86_64/ia32/ia32entry.S b/arch/x86_64/ia32/ia32entry.S
--- a/arch/x86_64/ia32/ia32entry.S	2004-10-08 12:09:03.000000000 +0800
+++ b/arch/x86_64/ia32/ia32entry.S	2004-10-10 18:59:38.295452840 +0800
@@ -547,7 +547,7 @@ ia32_sys_call_table:
 	.quad compat_sys_sched_getaffinity
 	.quad sys32_set_thread_area
 	.quad sys32_get_thread_area
-	.quad sys32_io_setup		/* 245 */
+	.quad compat_sys_io_setup	/* 245 */
 	.quad sys_io_destroy
 	.quad sys32_io_getevents
 	.quad sys32_io_submit
diff -Nraup a/arch/x86_64/ia32/sys_ia32.c b/arch/x86_64/ia32/sys_ia32.c
--- a/arch/x86_64/ia32/sys_ia32.c	2004-10-08 12:09:03.000000000 +0800
+++ b/arch/x86_64/ia32/sys_ia32.c	2004-10-10 18:59:38.296452688 +0800
@@ -1185,21 +1185,6 @@ long sys32_kill(int pid, int sig)
 {
 	return sys_kill(pid, sig);
 }
- 
-
-long sys32_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
-{ 
-	long ret; 
-	aio_context_t ctx64;
-	mm_segment_t oldfs = get_fs(); 	
-	set_fs(KERNEL_DS); 
-	ret = sys_io_setup(nr_reqs, &ctx64); 
-	set_fs(oldfs); 
-	/* truncating is ok because it's a user address */
-	if (!ret) 
-		ret = put_user((u32)ctx64, ctx32p);
-	return ret;
-} 
 
 asmlinkage long sys32_io_submit(aio_context_t ctx_id, int nr,
 		   compat_uptr_t __user *iocbpp)

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-10-11 11:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <2O4lX-4Kf-9@gated-at.bofh.it>
2004-10-11 11:59 ` ctx64 is not initiated in sys32_io_setup Andi Kleen
2004-10-11  9:02 Zhang, Yanmin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox