Debian Bug report logs -
#306517
epoll_ctl(2) description differs from implementation
Reported by: Mike Furr <mfurr@debian.org>
Date: Wed, 27 Apr 2005 06:18:02 UTC
Severity: normal
Tags: fixed-upstream
Found in version 2.02-1
Fixed in version 2.09-1
Done: Justin Pryzby <justinpryzby@users.sourceforge.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#306517; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to Mike Furr <mfurr@debian.org>:
New Bug report received and forwarded. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: manpages-dev
Version: 2.02-1
Severity: normal
The epoll_ctl(2) man page states that when using the op parameter
EPOLL_CTL_DEL, "The event is ignored and can be NULL". However, if
epoll_ctl is passed a value of NULL in its event paramter in this
case, it returns EFAULT (which is also not listed as a possibility
in the ERRORS section).
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages manpages-dev depends on:
ii manpages 2.02-1 Manual pages about using a GNU/Lin
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#306517; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "Michael Kerrisk" <mtk-manpages@gmx.net>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #10 received at 306517@bugs.debian.org (full text, mbox, reply):
Regarding this bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306517
I believe that the manual page probably correctly documents the
intended behaviour, but the implementation is wrong. In
fs/eventpoll.c::sys_epoll_ctl(), I believe the following:
error = -EFAULT;
if (EP_OP_HASH_EVENT(op) &&
copy_from_user(&epds, event, sizeof(struct epoll_event)))
goto eexit_1;
Should be guarded by something like
if (op != EPOLL_CTL_DEL)
But hopefully Davide (the implementer) can shed some light.
Cheers,
Michael
--
Michael Kerrisk
maintainer of Linux man pages Sections 2, 3, 4, 5, and 7
Want to help with man page maintenance? Grab the latest
tarball at ftp://ftp.win.tue.nl/pub/linux-local/manpages/
and grep the source files for 'FIXME'.
Please submit non-trivial man page suggestions as
"diff -u" patches.
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#306517; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to Davide Libenzi <davidel@xmailserver.org>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #15 received at 306517@bugs.debian.org (full text, mbox, reply):
On Thu, 16 Jun 2005, Michael Kerrisk wrote:
> Regarding this bug report:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306517
>
> I believe that the manual page probably correctly documents the
> intended behaviour, but the implementation is wrong. In
> fs/eventpoll.c::sys_epoll_ctl(), I believe the following:
>
> error = -EFAULT;
> if (EP_OP_HASH_EVENT(op) &&
> copy_from_user(&epds, event, sizeof(struct epoll_event)))
> goto eexit_1;
>
>
> Should be guarded by something like
>
> if (op != EPOLL_CTL_DEL)
>
> But hopefully Davide (the implementer) can shed some light.
The code looks right to me. This is the EP_OP_HASH_EVENT() macro:
#define EP_OP_HASH_EVENT(op) ((op) != EPOLL_CTL_DEL)
If you call:
epoll_ctl(EPOLL_CTL_DEL, NULL);
you have that EP_OP_HASH_EVENT() is false, and hence the copy_from_user() in:
error = -EFAULT;
if (EP_OP_HASH_EVENT(op) &&
copy_from_user(&epds, event, sizeof(struct epoll_event)))
goto eexit_1;
is never executed. Has the bug report been run on recent kernels? That fix
is pretty old though, I think about a year old.
- Davide
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#306517; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "Michael Kerrisk" <mtk-manpages@gmx.net>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #20 received at 306517@bugs.debian.org (full text, mbox, reply):
> > Regarding this bug report:
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306517
> >
> > I believe that the manual page probably correctly documents the
> > intended behaviour, but the implementation is wrong. In
> > fs/eventpoll.c::sys_epoll_ctl(), I believe the following:
> >
> > error = -EFAULT;
> > if (EP_OP_HASH_EVENT(op) &&
> > copy_from_user(&epds, event, sizeof(struct epoll_event)))
> > goto eexit_1;
> >
> >
> > Should be guarded by something like
> >
> > if (op != EPOLL_CTL_DEL)
> >
> > But hopefully Davide (the implementer) can shed some light.
>
> The code looks right to me. This is the EP_OP_HASH_EVENT() macro:
>
> #define EP_OP_HASH_EVENT(op) ((op) != EPOLL_CTL_DEL)
>
> If you call:
>
> epoll_ctl(EPOLL_CTL_DEL, NULL);
>
> you have that EP_OP_HASH_EVENT() is false, and hence the copy_from_user()
> in:
>
> error = -EFAULT;
> if (EP_OP_HASH_EVENT(op) &&
> copy_from_user(&epds, event, sizeof(struct epoll_event)))
> goto eexit_1;
>
> is never executed. Has the bug report been run on recent kernels? That
> fix is pretty old though, I think about a year old.
Hi Davide,
Sorry -- I should have looked more closely. I've tested on
2.6.12-rc6 and indeed the problem isn't there. Looking at
the kernel patches, I see the fix came in 2.6.9 (Oct 04).
Joey, Mike,
I will add a note under BUGS to the man page to point
out this bug in older kernels. That will appear in
man-pages-2.04.
Cheers,
Michael
--
Michael Kerrisk
maintainer of Linux man pages Sections 2, 3, 4, 5, and 7
Want to help with man page maintenance? Grab the latest
tarball at ftp://ftp.win.tue.nl/pub/linux-local/manpages/
and grep the source files for 'FIXME'.
Please submit non-trivial man page suggestions as
"diff -u" patches.
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#306517; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to Mike Furr <mfurr@debian.org>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #25 received at 306517@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Kerrisk wrote:
> Joey, Mike,
>
> I will add a note under BUGS to the man page to point
> out this bug in older kernels. That will appear in
> man-pages-2.04.
Great, thanks. Sorry for not checking more recent kernel versions. I
tend not to update my kernel as frequently these days.
Cheers,
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCs0eQ7ZPKKRJLJvMRAhc7AJ4imN0y7iX3EYcZIj/HPLNLdvHIQACfaSq8
LQ02gGf98BCI1VCOEDiSJf0=
=PNpT
-----END PGP SIGNATURE-----
Tags added: fixed-upstream
Request was from Justin Pryzby <justinpryzby@users.sourceforge.net>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Mike Furr <mfurr@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #32 received at 306517-done@bugs.debian.org (full text, mbox, reply):
Version: 2.09-1
These bugs are all reported fixed by the upstream manpages maintainer,
Michael Kerrisk. For my own convenience, I'm marking them all as
"fixed by version 2.09-1", even though some of them are fixed by
earlier uploads. The bug number, correct fixed-in version, and title
are listed below:
#317037 2.06 Difficult to understand in sscanf RETURN VALUE
#315411 2.09 New upstream release: 2.09
#209323 2.09 please include pty(4) manpage
#330877 2.09 read can return EINVAL when using O_DIRECT and buffer not aligned
#321131 2.08 exit.3 missing "is"
#299795 2.07 Some library functions' manpage use wrong hyphen
#295666 2.03 regex.7.gz: The word boundary regexps are unsupported
#326520 2.08 'man msgget' typo: one line not displayed
#306517 2.04 epoll_ctl(2) description differs from implementation
#291121 2.04 flock(2) second time by same process
#323851 2.08 getpwnam.3 manpage should clarify the scope of pw_dir
#323062 2.08 clone(2) CLONE_PARENT_SETTID description incorrect
#101433 2.04 "man setitimer" give bad informations
#113812 2.04 libc6-dev: iconv prototype
#317037 2.06 Difficult to understand in sscanf RETURN VALUE
#219695 2.04 sysconf(3): describes _SC_2_DEV, which doesn't exist
#294890 2.03 Typo in wait(2): "watpid"
--
Clear skies,
Justin
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 17:59:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Mar 9 09:57:08 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.