On Wed, 21 Aug 2013 11:35:04 +0800 Chen Gang <gang.chen@xxxxxxxxxxx> wrote:
> On 08/21/2013 07:29 AM, Andrew Morton wrote:
> > On Tue, 20 Aug 2013 11:23:24 +0800 Chen Gang <gang.chen@xxxxxxxxxxx> wrote:
> >
> >> '*lenp' may be less than "sizeof(kbuf)", need check it before the next
> >> copy_to_user().
> >>
> >> pdflush_proc_obsolete() is called by sysctl which 'procname' is
> >> "nr_pdflush_threads", if the user passes buffer length less than
> >> "sizeof(kbuf)", it will cause issue.
> >>
> >> ...
> >>
> >> --- a/mm/backing-dev.c
> >> +++ b/mm/backing-dev.c
> >> @@ -649,7 +649,7 @@ int pdflush_proc_obsolete(struct ctl_table *table, int write,
> >> {
> >> char kbuf[] = "0\n";
> >>
> >> - if (*ppos) {
> >> + if (*ppos || *lenp < sizeof(kbuf)) {
> >> *lenp = 0;
> >> return 0;
> >> }
> >
> > Well sort-of. If userspace opens /proc/sys/vm/nr_pdflush_threads and
> > then does a series of one-byte reads, the kernel should return "0" on the
> > first read, "\n" on the second and then EOF.
> >
>
> Excuse me for my English, I guess your meaning is
>
> "this patch is OK, but can be improvement"
>
> Is it correct ?
Not really. I was pointing out that the patched code doesn't correctly
implement read(1) behavior. But that is true of many other procfs
files, so I suggest we not attempt to address the problem for this
procfs file.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>