Commit 7904ac84244b59f536c2a5d1066a10f46df07b08
Committed by
Linus Torvalds
Linus Torvalds
1 parent
dc716e96f5
Exists in
master
and in
20 other branches
seq_file: fix mishandling of consecutive pread() invocations.
The following program illustrates the problem:
char buf[8192];
int fd = open("/proc/self/maps", O_RDONLY);
n = pread(fd, buf, sizeof(buf), 0);
printf("%d\n", n);
/* lseek(fd, 0, SEEK_CUR); */ /* Uncomment to work around */
n = pread(fd, buf, sizeof(buf), 0);
printf("%d\n", n);
The second printf() prints zero, but uncommenting the lseek() corrects its
behaviour.
To fix, make seq_read() mirror seq_lseek() when processing changes in
*ppos. Restore m->version first, then if required traverse and update
read_pos on success.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=11856
Signed-off-by: Earl Chew <echew@ixiacom.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 15 additions and 13 deletions Side-by-side Diff
fs/seq_file.c
| ... | ... | @@ -140,9 +140,21 @@ |
| 140 | 140 | |
| 141 | 141 | mutex_lock(&m->lock); |
| 142 | 142 | |
| 143 | + /* | |
| 144 | + * seq_file->op->..m_start/m_stop/m_next may do special actions | |
| 145 | + * or optimisations based on the file->f_version, so we want to | |
| 146 | + * pass the file->f_version to those methods. | |
| 147 | + * | |
| 148 | + * seq_file->version is just copy of f_version, and seq_file | |
| 149 | + * methods can treat it simply as file version. | |
| 150 | + * It is copied in first and copied out after all operations. | |
| 151 | + * It is convenient to have it as part of structure to avoid the | |
| 152 | + * need of passing another argument to all the seq_file methods. | |
| 153 | + */ | |
| 154 | + m->version = file->f_version; | |
| 155 | + | |
| 143 | 156 | /* Don't assume *ppos is where we left it */ |
| 144 | 157 | if (unlikely(*ppos != m->read_pos)) { |
| 145 | - m->read_pos = *ppos; | |
| 146 | 158 | while ((err = traverse(m, *ppos)) == -EAGAIN) |
| 147 | 159 | ; |
| 148 | 160 | if (err) { |
| 149 | 161 | |
| ... | ... | @@ -152,21 +164,11 @@ |
| 152 | 164 | m->index = 0; |
| 153 | 165 | m->count = 0; |
| 154 | 166 | goto Done; |
| 167 | + } else { | |
| 168 | + m->read_pos = *ppos; | |
| 155 | 169 | } |
| 156 | 170 | } |
| 157 | 171 | |
| 158 | - /* | |
| 159 | - * seq_file->op->..m_start/m_stop/m_next may do special actions | |
| 160 | - * or optimisations based on the file->f_version, so we want to | |
| 161 | - * pass the file->f_version to those methods. | |
| 162 | - * | |
| 163 | - * seq_file->version is just copy of f_version, and seq_file | |
| 164 | - * methods can treat it simply as file version. | |
| 165 | - * It is copied in first and copied out after all operations. | |
| 166 | - * It is convenient to have it as part of structure to avoid the | |
| 167 | - * need of passing another argument to all the seq_file methods. | |
| 168 | - */ | |
| 169 | - m->version = file->f_version; | |
| 170 | 172 | /* grab buffer if we didn't have one */ |
| 171 | 173 | if (!m->buf) { |
| 172 | 174 | m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); |