fs: change sys_truncate length parameter type

For this system call user space passes a signed long length parameter, while the kernel side takes an unsigned long parameter and converts it later to signed long again. This has led to bugs in compat wrappers see e.g. dd90bbd5 "powerpc: Add compat_sys_truncate". The s390 compat wrapper for this functions is broken as well since it also performs zero extension instead of sign extension for the length parameter. In addition if hpa comes up with an automated way of generating compat wrappers it would generate a wrong one here. So change the length parameter from unsigned long to long. Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs: change sys_truncate length parameter type
For this system call user space passes a signed long length parameter, while the kernel side takes an unsigned long parameter and converts it later to signed long again. This has led to bugs in compat wrappers see e.g. dd90bbd5 "powerpc: Add compat_sys_truncate". The s390 compat wrapper for this functions is broken as well since it also performs zero extension instead of sign extension for the length parameter. In addition if hpa comes up with an automated way of generating compat wrappers it would generate a wrong one here. So change the length parameter from unsigned long to long. Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Heiko Carstens · Linus Torvalds
1 parent a6e995ad74
Showing 2 changed files with 3 additions and 5 deletions Side-by-side Diff
fs/open.c
include/linux/syscalls.h
@@ -290,10 +290,9 @@
 	return error;
 }
  
-SYSCALL_DEFINE2(truncate, const char __user *, path, unsigned long, length)
+SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
 {
-	/* on 32-bit boxen it will cut the range 2^31--2^32-1 off */
-	return do_sys_truncate(path, (long)length);
+	return do_sys_truncate(path, length);
 }
  
 static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
@@ -460,8 +460,7 @@
 				void __user *data);
 asmlinkage long sys_umount(char __user *name, int flags);
 asmlinkage long sys_oldumount(char __user *name);
-asmlinkage long sys_truncate(const char __user *path,
-				unsigned long length);
+asmlinkage long sys_truncate(const char __user *path, long length);
 asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
 asmlinkage long sys_stat(char __user *filename,
 			struct __old_kernel_stat __user *statbuf);
...	...	@@ -290,10 +290,9 @@
290	290	return error;
291	291	}
292	292
293		-SYSCALL_DEFINE2(truncate, const char __user *, path, unsigned long, length)
	293	+SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
294	294	{
295		- /* on 32-bit boxen it will cut the range 2^31--2^32-1 off */
296		- return do_sys_truncate(path, (long)length);
	295	+ return do_sys_truncate(path, length);
297	296	}
298	297
299	298	static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
...	...	@@ -460,8 +460,7 @@
460	460	void __user *data);
461	461	asmlinkage long sys_umount(char __user *name, int flags);
462	462	asmlinkage long sys_oldumount(char __user *name);
463		-asmlinkage long sys_truncate(const char __user *path,
464		- unsigned long length);
	463	+asmlinkage long sys_truncate(const char __user *path, long length);
465	464	asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
466	465	asmlinkage long sys_stat(char __user *filename,
467	466	struct __old_kernel_stat __user *statbuf);