[BUG][PATCH] 2.4: PPC64: 32 bit sys_recvmsg corruption

Stephen Rothwell sfr at canb.auug.org.au
Tue Feb 22 13:29:35 EST 2005


Hi Dave, Marcleo,

On Mon, 21 Feb 2005 17:54:25 -0800 "David S. Miller" <davem at davemloft.net> wrote:
>
> On Tue, 22 Feb 2005 12:16:27 +1100
> Stephen Rothwell <sfr at canb.auug.org.au> wrote:
> 
> > Please consider for inclusion into 2.4.30.
> 
> Marcelo already put in an earlier version of your patch with
> the typo in the conditional which broke compilation on every
> platform.
> 
> Please send him a relative patch to fix things up.

Sorry about that.  Here is a relative patch that fixes the mossing || and
removes the printk as requested by Andi.

-- 
Cheers,
Stephen Rothwell                    sfr at canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff -ruN linux-2.4/arch/ia64/ia32/sys_ia32.c linux-2.4-sfr.1/arch/ia64/ia32/sys_ia32.c
--- linux-2.4/arch/ia64/ia32/sys_ia32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/ia64/ia32/sys_ia32.c	2005-02-22 13:15:22.000000000 +1100
@@ -1684,19 +1684,9 @@
 			goto fail2;
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
diff -ruN linux-2.4/arch/mips64/kernel/linux32.c linux-2.4-sfr.1/arch/mips64/kernel/linux32.c
--- linux-2.4/arch/mips64/kernel/linux32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/mips64/kernel/linux32.c	2005-02-22 13:15:38.000000000 +1100
@@ -2822,19 +2822,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
diff -ruN linux-2.4/arch/parisc/kernel/sys_parisc32.c linux-2.4-sfr.1/arch/parisc/kernel/sys_parisc32.c
--- linux-2.4/arch/parisc/kernel/sys_parisc32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/parisc/kernel/sys_parisc32.c	2005-02-22 13:15:54.000000000 +1100
@@ -2138,19 +2138,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
diff -ruN linux-2.4/arch/ppc64/kernel/sys_ppc32.c linux-2.4-sfr.1/arch/ppc64/kernel/sys_ppc32.c
--- linux-2.4/arch/ppc64/kernel/sys_ppc32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/ppc64/kernel/sys_ppc32.c	2005-02-22 13:16:12.000000000 +1100
@@ -3696,19 +3696,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
diff -ruN linux-2.4/arch/s390x/kernel/linux32.c linux-2.4-sfr.1/arch/s390x/kernel/linux32.c
--- linux-2.4/arch/s390x/kernel/linux32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/s390x/kernel/linux32.c	2005-02-22 13:16:39.000000000 +1100
@@ -2629,19 +2629,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
diff -ruN linux-2.4/arch/sparc64/kernel/sys_sparc32.c linux-2.4-sfr.1/arch/sparc64/kernel/sys_sparc32.c
--- linux-2.4/arch/sparc64/kernel/sys_sparc32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/sparc64/kernel/sys_sparc32.c	2005-02-22 13:16:55.000000000 +1100
@@ -2679,19 +2679,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		if (kcmsg32->cmsg_level == SOL_SOCKET &&
 			kcmsg32->cmsg_type == SO_TIMESTAMP) {
 			struct timeval tv;
diff -ruN linux-2.4/arch/x86_64/ia32/socket32.c linux-2.4-sfr.1/arch/x86_64/ia32/socket32.c
--- linux-2.4/arch/x86_64/ia32/socket32.c	2005-02-22 12:12:35.000000000 +1100
+++ linux-2.4-sfr.1/arch/x86_64/ia32/socket32.c	2005-02-22 13:17:10.000000000 +1100
@@ -334,19 +334,9 @@
 		__get_user(kcmsg32->cmsg_type, &ucmsg->cmsg_type);
 
 		clen64 = kcmsg32->cmsg_len;
-		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg)))
-				(clen64 > (orig_cmsg_len + wp - workbuf))) {
-			static int count;
-
-			if (count++ < 20)
-				printk(KERN_WARNING "recvmsg_fixup: "
-					"bad data length %d, level %d, "
-					"type %d, process %d (%s)\n",
-					clen64, kcmsg32->cmsg_level,
-					kcmsg32->cmsg_type,
-					current->pid, current->comm);
+		if ((clen64 < CMSG_ALIGN(sizeof(*ucmsg))) ||
+				(clen64 > (orig_cmsg_len + wp - workbuf)))
 			break;
-		}
 		copy_from_user(CMSG32_DATA(kcmsg32), CMSG_DATA(ucmsg),
 			       clen64 - CMSG_ALIGN(sizeof(*ucmsg)));
 		clen32 = ((clen64 - CMSG_ALIGN(sizeof(*ucmsg))) +
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://ozlabs.org/pipermail/linuxppc64-dev/attachments/20050222/041d4a97/attachment.pgp 


More information about the Linuxppc64-dev mailing list