On Mon, 18 Jan 2010 10:17:48 +0900 OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> wrote: > KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> writes: > > >> > +static int > >> > +__negative_fpos_check(struct file *file, loff_t pos, size_t count) > >> > +{ > >> > + /* > >> > + * pos or pos+count is negative here, check overflow. > >> > + * too big "count" will be caught in rw_verify_area(). > >> > + */ > >> > + if ((pos < 0) && (pos + count < pos)) > >> > + return -EOVERFLOW; > >> > + if (file->f_mode & FMODE_NEG_OFFSET) > >> > + return 0; > >> > + return -EINVAL; > >> > +} > >> > + > >> > /* > >> > * rw_verify_area doesn't like huge counts. We limit > >> > * them to something that fits in "int" so that others > >> > @@ -222,8 +236,11 @@ int rw_verify_area(int read_write, struc > >> > if (unlikely((ssize_t) count < 0)) > >> > return retval; > >> > pos = *ppos; > >> > - if (unlikely((pos < 0) || (loff_t) (pos + count) < 0)) > >> > - return retval; > >> > + if (unlikely((pos < 0) || (loff_t) (pos + count) < 0)) { > >> > + retval = __negative_fpos_check(file, pos, count); > >> > + if (retval) > >> > + return retval; > >> > + } > >> > > >> > if (unlikely(inode->i_flock && mandatory_lock(inode))) { > >> > retval = locks_mandatory_area( > >> > >> Um... How do lseek() work? It sounds like to violate error code range. > > > > This is for read-write. As far as I know, > > - generic_file_llseek, > > - default_llseek > > - no_llseek > > > > doesn't call this function. > > It seems to allow to set negative value to ->f_pos, right? yes. Some file (/dev/kmem) requires that. > So, lseek() returns (uses) it? lseek can return negative value, as far as I know. Thanks, -Kame -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html