On Wed, Apr 23, 2014 at 12:25:34AM -0500, Eric Biggers wrote:
> On Wed, Apr 23, 2014 at 12:06:39AM -0500, Eric Biggers wrote:
> > The proposed patch doesn't work because in compat_rw_copy_check_uvector(),
> > 'iov' is incremented in the loop before it is freed or returned. This
> > probably should
On Wed, Apr 23, 2014 at 12:06:39AM -0500, Eric Biggers wrote:
> The proposed patch doesn't work because in compat_rw_copy_check_uvector(),
> 'iov' is incremented in the loop before it is freed or returned. This
> probably should be changed to indexing with 'seg', like in the non-compat
> version..
On Wed, Apr 23, 2014 at 12:06:39AM -0500, Eric Biggers wrote:
> The proposed patch doesn't work because in compat_rw_copy_check_uvector(),
> 'iov'
> is incremented in the loop before it is freed or returned. This probably
> should
> be changed to indexing with 'seg', like in the non-compat versi
The proposed patch doesn't work because in compat_rw_copy_check_uvector(), 'iov'
is incremented in the loop before it is freed or returned. This probably should
be changed to indexing with 'seg', like in the non-compat version...
--
To unsubscribe from this list: send the line "unsubscribe linux-k
On Tue, Apr 22, 2014 at 10:42:52AM +0200, Miklos Szeredi wrote:
> > > Your patch looks a lot more complete than the quick hack I did a few
> > > days ago when coverity first started nagging about this, but in testing
> > > I've found that something really ugly starts showing up when you pat
On Mon, Apr 21, 2014 at 5:50 PM, Dave Jones wrote:
> On Wed, Apr 16, 2014 at 02:04:22PM -0400, Dave Jones wrote:
> > On Tue, Apr 15, 2014 at 04:57:49PM +0200, Miklos Szeredi wrote:
> >
> > > Some callers (aio_run_iocb, vmsplice_to_user) forget to free the iov on
> > > error. This seems to b
On Wed, Apr 16, 2014 at 02:04:22PM -0400, Dave Jones wrote:
> On Tue, Apr 15, 2014 at 04:57:49PM +0200, Miklos Szeredi wrote:
>
> > Some callers (aio_run_iocb, vmsplice_to_user) forget to free the iov on
> > error. This seems to be a recurring problem, with most callers being
> buggy
>
On Tue, Apr 15, 2014 at 04:57:49PM +0200, Miklos Szeredi wrote:
> Some callers (aio_run_iocb, vmsplice_to_user) forget to free the iov on
> error. This seems to be a recurring problem, with most callers being buggy
> initially.
Your patch looks a lot more complete than the quick hack I did a
From: Miklos Szeredi
Some callers (aio_run_iocb, vmsplice_to_user) forget to free the iov on
error. This seems to be a recurring problem, with most callers being buggy
initially.
So instead of fixing the callers, fix the semantics: free the allocated iov
on error, so callers don't have to.
We
9 matches
Mail list logo
