[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140622002618.GR18016@ZenIV.linux.org.uk>
Date: Sun, 22 Jun 2014 01:26:18 +0100
From: Al Viro <viro@...IV.linux.org.uk>
To: James Bottomley <James.Bottomley@...senPartnership.com>
Cc: Theodore Ts'o <tytso@....edu>, Dave Chinner <david@...morbit.com>,
Jens Axboe <axboe@...com>, linux-kernel@...r.kernel.org,
linux-scsi@...r.kernel.org
Subject: Re: 32-bit bug in iovec iterator changes
On Sat, Jun 21, 2014 at 05:03:20PM -0700, James Bottomley wrote:
> > Anyway, does the following alone fix the problem you are seeing?
> >
> > diff --git a/include/linux/uio.h b/include/linux/uio.h
> > index ddfdb53..dbb02d4 100644
> > --- a/include/linux/uio.h
> > +++ b/include/linux/uio.h
> > @@ -94,7 +94,7 @@ static inline size_t iov_iter_count(struct iov_iter *i)
> > return i->count;
> > }
> >
> > -static inline void iov_iter_truncate(struct iov_iter *i, size_t count)
> > +static inline void iov_iter_truncate(struct iov_iter *i, u64 count)
> > {
> > if (i->count > count)
> > i->count = count;
>
> Al, how can that work? i->count is size_t, which is 32 bit, so we're
> going to get truncation errors.
No, we are not. Look:
* comparison promotes both operands to u64 here, so its result is
accurate, no matter how large count is. They are compared as natural
numbers.
* assignment converts count to size_t, which *would* truncate for
values that are greater than the maximal value representable by size_t.
But in that case it's by definition greater than i->count, so we do not
reach that assignment at all.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists