There were recent complaints that Netscape, acroread and other
Tru64 (a.k.a. DU) binaries do not run with the current 2.2.16 kernel.
This turned out to be one of problems which sneeked into 2.2.16
in a rush to fix security holes. Some very looong values showed
up in a 64-bit code resulting in error returns from write().
Other problems were also present.
For those who do not watch linux-kernel list Ivan Kokshaysky
posted there a fix. His message is included below. This patch
is already included in 2.2.17pre4 together with other stuff
which may affect, for example, those with sound cards. It does
work, at least "for me" (TM). :-) If for some reasons you do not want
to use 2.2.17pre... kernels then you should apply to 2.2.16 at
least this patch and also 2.2.16 erratum which you will find
on http://www.linux.org.uk/
As I mentioned earlier those with more than 2 GB memory on board
will need for 2.2 kernels "bigmem" patch which can be retrieved
from ftp://ftp.*.kernel.org/pub/linux/kernel/people/andrea/patches/v2.2/
These patches depend on mm-fix... patches - also from Andrea.
In case of 2.2.17pre4 something like that is already applied so
you can add mm-fix-4_bigmem-2.2.17pre3-11.bz2 on the top of it.
Or you may grab another set which works for you.
Happy hacking,
Michal
From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Date: Fri, 16 Jun 2000 01:49:43 +0400
Subject: [patch] Re: ac18: change in fs/read_write.c
On Wed, Jun 14, 2000 at 02:50:46PM +0100, Alan Cox wrote:
> > This code
> > + if((long) tot_len <0)
> > + return -EINVAL;
> > +
> > breaks Tru64 binaries on alpha (netscape, acroread).
> > Could it be backed out?
>
> Ok I'd like to know why its breaking stuff, and who is queueing negative
> length I/O's.
>
Oops. While thinking about alpha I've missed 2 bugs in that code.
1. It won't help for iov_len arrays such as
{ 0xffffffff, 2 }, { 0x40000000, 0x40000000, 0x80000000 } etc.
2. It returns after kmalloc() without kfree(), thus allowing any user
crash the system in a few seconds (bad news for 2.2.16).
The patch fixes that and also returns EINVAL accordingly BSD docs.
As a side effect OSF binaries are working again on alpha.
Tested on x86 and alpha.
Applies also to 2.2.16 (with offset 11 lines)
Ivan.
--- 2.4.0.t1ac19/fs/read_write.c Thu Jun 15 22:20:04 2000
+++ linux/fs/read_write.c Thu Jun 15 22:22:02 2000
@@ -199,12 +199,19 @@
if (copy_from_user(iov, vector, count*sizeof(*vector)))
goto out;
+ /* BSD readv/writev returns EINVAL if one of the iov_len
+ values < 0 or tot_len overflowed a 32-bit integer. -ink */
tot_len = 0;
- for (i = 0 ; i < count ; i++)
- tot_len += iov[i].iov_len;
-
- if((long) tot_len <0)
- return -EINVAL;
+ ret = -EINVAL;
+ for (i = 0 ; i < count ; i++) {
+ size_t tmp = tot_len;
+ int len = iov[i].iov_len;
+ if (len < 0)
+ goto out;
+ (u32)tot_len += len;
+ if (tot_len < tmp || tot_len < (u32)len)
+ goto out;
+ }
inode = file->f_dentry->d_inode;
/* VERIFY_WRITE actually means a read, as we write to user space */
-- To unsubscribe: send e-mail to axp-list-request@redhat.com with 'unsubscribe' as the subject. Do not send it to axp-list@redhat.com
This archive was generated by hypermail version 2a22 on Sat Jul 1 05:31:30 2000 PDT
Send any problems or questions about this archive to webmaster@alphalinux.org.