Re: PATCH: Off-by-one bug in user page calculation: msg#00249

Re: PATCH: Off-by-one bug in user page calculations for Direct I/O: msg#00249

Subject:	Re: PATCH: Off-by-one bug in user page calculations for Direct I/O

On Sun, Nov 16 2003, Alan Stern wrote:
> The page count calculations in drivers/scsi/st.c (and copied in sg.c) are
> wrong.  The code says:
> 
>       nr_pages = ((uaddr & ~PAGE_MASK) + count - 1 + ~PAGE_MASK) >> 
>               PAGE_SHIFT;
> 
> That will compute an incorrect value if the user's buffer happens to end 
> on the first byte of a new page.  Example:  Suppose uaddr starts right on 
> a page boundary and count is PAGE_SIZE + 1.  Then
> 
>       (uaddr & ~PAGE_MASK)    ->  0
>       count - 1               ->  PAGE_SIZE
>       ~PAGE_MASK              ->  PAGE_SIZE - 1
> 
>       nr_pages                -> (2 * PAGE_SIZE - 1) >> PAGE_SHIFT = 1
> 
> when in fact nr_pages should be 2.  Either the "- 1" shouldn't be there or 
> the second "~PAGE_MASK" should be replaced by "PAGE_SIZE".

Good catch, that's a classic error. page calculations 101? :)

-- 
Jens Axboe

-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous by Date:	Re: [usb-storage] Re: Time to conclude the Sony USB mass storage thread, Matthew Dharm
Next by Date:	Re: [ANNOUNCE] QLogic qla2xxx driver update available (v8.00.00b6)., Christoph Hellwig
Previous by Thread:	PATCH: Off-by-one bug in user page calculations for Direct I/O, Alan Stern
Next by Thread:	Re: PATCH: Off-by-one bug in user page calculations for Direct I/O, Alan Stern
Indexes:	[Date] [Thread] [Top] [All Lists]