Re: Linux 2.6.9-ac9
From: Chuck Ebbert
Date: Thu Nov 18 2004 - 01:52:10 EST
Alan Cox wrote:
> Time to check them all and the size of the diff already
I just merged these on top of the ones in 2.6.9-ac9:
================================================================================
# binfmt_elf_partial_read_2.patch
# fs/binfmt_elf.c -2 +5
#
# [PATCH] binfmt_elf: handle p_filesz == 0 on PT_INTERP section
# Jakub Jelinek points out that current fix has an underflow problem
# if elf_ppnt->p_filesz == 0. Fix that up, and also stop overwriting
# interpreter buffer, simply check that it's NULL-terminated.
#
# From: Jakub Jelinek <jakub@xxxxxxxxxx>
# Signed-off-by: Chris Wright <chrisw@xxxxxxxx>
# Signed-off-by: Linus Torvalds <torvalds@xxxxxxxx>
# Status: in 2.6.10
#
--- 2.6.9/fs/binfmt_elf.c
+++ 2.6.9.1/fs/binfmt_elf.c
@@ -576,7 +576,8 @@
*/
retval = -ENOMEM;
- if (elf_ppnt->p_filesz > PATH_MAX)
+ if (elf_ppnt->p_filesz > PATH_MAX ||
+ elf_ppnt->p_filesz == 0)
goto out_free_file;
elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
GFP_KERNEL);
@@ -592,7 +593,9 @@
goto out_free_interp;
}
/* make sure path is NULL terminated */
- elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
+ retval = -EINVAL;
+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ goto out_free_interp;
/* If the program interpreter is one of these two,
* then assume an iBCS2 image. Otherwise assume
================================================================================
# md_linear_sector_t_2.patch
# drivers/md/linear.c -10 +11
#
# From: Neil Brown <neilb@xxxxxxxxxxxxxxx>
#
# We replace 'size' by 'start'. 'start' means exactly the same as
# 'curr_offset - size', and the equivalence of the new code can be tested
# based on this. The difference is that 'start' will never be negative and
# so can fit in a 'sector_t' while 'size' could be negative.
#
# Also make curr_offset sector_t, as it should have been.
#
# Signed-off-by: Neil Brown <neilb@xxxxxxxxxxxxxxx>
# Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
# Status: in 2.6.10-mm
#
--- 2.6.9/drivers/md/linear.c
+++ 2.6.9.1/drivers/md/linear.c
@@ -120,8 +120,8 @@ static int linear_run (mddev_t *mddev)
struct linear_hash *table;
mdk_rdev_t *rdev;
int i, nb_zone, cnt;
- sector_t size;
- unsigned int curr_offset;
+ sector_t start;
+ sector_t curr_offset;
struct list_head *tmp;
conf = kmalloc (sizeof (*conf) + mddev->raid_disks*sizeof(dev_info_t),
@@ -196,23 +196,24 @@ static int linear_run (mddev_t *mddev)
* Here we generate the linear hash table
*/
table = conf->hash_table;
- size = 0;
+ start = 0;
curr_offset = 0;
for (i = 0; i < cnt; i++) {
dev_info_t *disk = conf->disks + i;
+ if (start > curr_offset)
+ table[-1].dev1 = disk;
+
disk->offset = curr_offset;
curr_offset += disk->size;
- if (size < 0) {
- table[-1].dev1 = disk;
- }
- size += disk->size;
-
- while (size>0) {
+ /* 'curr_offset' is the end of this disk
+ * 'start' is the start of table
+ */
+ while (start < curr_offset) {
table->dev0 = disk;
table->dev1 = NULL;
- size -= conf->smallest->size;
+ start += conf->smallest->size;
table++;
}
}
================================================================================
--Chuck Ebbert 18-Nov-04 01:41:54
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/