Hi Linus and David,
I am Houwu Chen, currently I am software engineer in
networking and
wireless area.
I think I may find a problem in the Linux kernel
source code as follows:
Version: Linux-2.4.1
File: linux/net/socket.c
The related source segments are below:
/* Argument list sizes for sys_socketcall */
#define AL(x) ((x) * sizeof(unsigned long))
static unsigned char
nargs[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
AL(6),AL(2),AL(5),AL(5),AL(3),AL(3)};
#undef AL
/*
* System call vectors.
*
* Argument checking cleaned up. Saved 20% in
size.
* This function doesn't need to set the kernel lock
because
* it is set by the callees.
*/
asmlinkage long sys_socketcall(int call, unsigned long
*args)
{
unsigned long a[6];
unsigned long a0,a1;
int err;
if(call<1||call>SYS_RECVMSG)
return -EINVAL;
/* copy_from_user should be SMP safe. */
if (copy_from_user(a, args, nargs[call]))
return -EFAULT;
a0=a[0];
a1=a[1];
switch(call)
{
case SYS_SOCKET:
err = sys_socket(a0,a1,a[2]);
break;
.............................
case SYS_SENDTO:
err = sys_sendto(a0,(void
*)a1, a[2], a[3],
(struct
sockaddr *)a[4], a[5]);
break;
case SYS_RECV:
err = sys_recv(a0, (void *)a1,
a[2], a[3]);
break;
...............................
return err;
}
The problems are:
1) in case SYS_SENDTO: the parameter size is defined
as
nargs[10] = AL(4) for function sys_sendto(..), but it
has 6
parameters.
2) in case SYS_RECV: the parameter size is defined as
nargs[11] = AL(6) for function sys_recv(..), but it
has 4
parameters.
The question is if they are bugs, why TCP/UDP sockets
have been
working fine.
In the problem 2, the system gives the function
sys_recv(..) two
more spaces, that is fine, the system only lost two
memory spaces.
In the problem 1, the last two parameters
(struct sockaddr *)a[4], a[5] will not be passed to
function
sys_sendto(..)
I am guessing that because the bind(..) function is
working fine,
in the user program, the client side and server side
are all run
bind(..) function to bind each other, then in
sendto(sockId,..)
function, the last two parameters may not be used.
I also check the linux-2.0.0 and linux-2.1.0, they
have the same
problems as linux-2.4.1.
If they are not the problems, please let me know, and
I am sorry
to bother you.
Regards
Houwu Chen
hwuchen@xxxxxxxxx
(978)658-0298 (home)
__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/
TO: Linus Torvalds torvalds@xxxxxxxxxxxxx
TO: netdev@xxxxxxxxxxx
TO: David S. Miller davem@xxxxxxxxxx
Hi Linus and David,
I am Houwu Chen, currently I am software engineer in networking and
wireless area.
I think I may find a problem in the Linux kernel source code as follows:
Version: Linux-2.4.1
File: linux/net/socket.c
The related source segments are below:
/* Argument list sizes for sys_socketcall */
#define AL(x) ((x) * sizeof(unsigned long))
static unsigned char nargs[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
AL(6),AL(2),AL(5),AL(5),AL(3),AL(3)};
#undef AL
/*
* System call vectors.
*
* Argument checking cleaned up. Saved 20% in size.
* This function doesn't need to set the kernel lock because
* it is set by the callees.
*/
asmlinkage long sys_socketcall(int call, unsigned long *args)
{
unsigned long a[6];
unsigned long a0,a1;
int err;
if(call<1||call>SYS_RECVMSG)
return -EINVAL;
/* copy_from_user should be SMP safe. */
if (copy_from_user(a, args, nargs[call]))
return -EFAULT;
a0=a[0];
a1=a[1];
switch(call)
{
case SYS_SOCKET:
err = sys_socket(a0,a1,a[2]);
break;
.............................
case SYS_SENDTO:
err = sys_sendto(a0,(void *)a1, a[2], a[3],
(struct sockaddr *)a[4], a[5]);
break;
case SYS_RECV:
err = sys_recv(a0, (void *)a1, a[2], a[3]);
break;
...............................
return err;
}
The problems are:
1) in case SYS_SENDTO: the parameter size is defined as
nargs[10] = AL(4) for function sys_sendto(..), but it has 6
parameters.
2) in case SYS_RECV: the parameter size is defined as
nargs[11] = AL(6) for function sys_recv(..), but it has 4
parameters.
The question is if they are bugs, why TCP/UDP sockets have been
working fine.
In the problem 2, the system gives the function sys_recv(..) two
more spaces, that is fine, the system only lost two memory spaces.
In the problem 1, the last two parameters
(struct sockaddr *)a[4], a[5] will not be passed to function
sys_sendto(..)
I am guessing that because the bind(..) function is working fine,
in the user program, the client side and server side are all run
bind(..) function to bind each other, then in sendto(sockId,..)
function, the last two parameters may not be used.
I also check the linux-2.0.0 and linux-2.1.0, they have the same
problems as linux-2.4.1.
If they are not the problems, please let me know, and I am sorry
to bother you.
Regards
Houwu Chen
hwuchen@xxxxxxxxx
(978)658-0298 (home)
|