Commit 08f05c49 authored by Al Viro's avatar Al Viro Committed by Linus Torvalds

Return the right error value when dup[23]() newfd argument is too large

Jack Lin reports that the error return from dup3() for the RLIMIT_NOFILE
case changed incorrectly after 3.6.

The culprit is commit f33ff992 ("take rlimit check to callers of
expand_files()") which when it moved the "return -EMFILE" out to the
caller, didn't notice that the dup3() had special code to turn the
EMFILE return into EBADF.

The replace_fd() helper that got added later then inherited the bug too.
Reported-by: default avatarJack Lin <linliangjie@huawei.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
[ Noted more bugs, wrote proper changelog, fixed up typos - Linus ]
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 2df4f261
...@@ -900,7 +900,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) ...@@ -900,7 +900,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
return __close_fd(files, fd); return __close_fd(files, fd);
if (fd >= rlimit(RLIMIT_NOFILE)) if (fd >= rlimit(RLIMIT_NOFILE))
return -EMFILE; return -EBADF;
spin_lock(&files->file_lock); spin_lock(&files->file_lock);
err = expand_files(files, fd); err = expand_files(files, fd);
...@@ -926,7 +926,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) ...@@ -926,7 +926,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
return -EINVAL; return -EINVAL;
if (newfd >= rlimit(RLIMIT_NOFILE)) if (newfd >= rlimit(RLIMIT_NOFILE))
return -EMFILE; return -EBADF;
spin_lock(&files->file_lock); spin_lock(&files->file_lock);
err = expand_files(files, newfd); err = expand_files(files, newfd);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment