On Sat, Jul 7, 2018 at 5:29 AM NeilBrown <neilb@xxxxxxxx> wrote:
> Previous patch ("VFS: simplify seq_file iteration code and interface")
> removed code to set ->from to zero when ->count is zero, as ->from is
> dead at that time. However it didn't ensure ->from was set properly
> whenever ->count becomes non-zero.
> This can only happen when ->show() is called. Of the three places it
> is called one already has ->from set to zero. The other two are
> fixed by setting from to zero after fully flushing the buffer (at which
> point ->count will also be zero).
>
> Reported-by: Jann Horn <jannh@xxxxxxxxxx>
> Signed-off-by: NeilBrown <neilb@xxxxxxxx>
Tested-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
> fs/seq_file.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/seq_file.c b/fs/seq_file.c
> index fd82585ab50f..1dea7a8a5255 100644
> --- a/fs/seq_file.c
> +++ b/fs/seq_file.c
> @@ -220,6 +220,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
> goto Done;
> }
> /* we need at least one record in buffer */
> + m->from = 0;
> p = m->op->start(m, &m->index);
> while (1) {
> err = PTR_ERR(p);
This looks correct to me. I have also tested that with this patch
applied, my crasher doesn't work anymore.
