From: Christian Brauner <brauner@kernel.org>
To: wenyang.linux@foxmail.com
Cc: Jens Axboe <axboe@kernel.dk>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jan Kara <jack@suse.cz>, David Woodhouse <dwmw@amazon.co.uk>,
Matthew Wilcox <willy@infradead.org>,
Eric Biggers <ebiggers@google.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] eventfd: strictly check the count parameter of eventfd_write to avoid inputting illegal strings
Date: Wed, 7 Feb 2024 10:58:42 +0100 [thread overview]
Message-ID: <20240207-hinkriegen-trugen-8f219d8840a8@brauner> (raw)
In-Reply-To: <tencent_10AAA44731FFFA493F9F5501521F07DD4D0A@qq.com>
On Wed, Feb 07, 2024 at 12:35:18AM +0800, wenyang.linux@foxmail.com wrote:
> From: Wen Yang <wenyang.linux@foxmail.com>
>
> Since eventfd's document has clearly stated: A write(2) call adds
> the 8-byte integer value supplied in its buffer to the counter.
>
> However, in the current implementation, the following code snippet
> did not cause an error:
>
> char str[16] = "hello world";
> uint64_t value;
> ssize_t size;
> int fd;
>
> fd = eventfd(0, 0);
> size = write(fd, &str, strlen(str));
> printf("eventfd: test writing a string, size=%ld\n", size);
> size = read(fd, &value, sizeof(value));
> printf("eventfd: test reading as uint64, size=%ld, valus=0x%lX\n",
> size, value);
>
> close(fd);
>
> And its output is:
> eventfd: test writing a string, size=8
> eventfd: test reading as uint64, size=8, valus=0x6F77206F6C6C6568
>
> By checking whether count is equal to sizeof(ucnt), such errors
> could be detected. It also follows the requirements of the manual.
>
> Signed-off-by: Wen Yang <wenyang.linux@foxmail.com>
> Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> Cc: Jens Axboe <axboe@kernel.dk>
> Cc: Christian Brauner <brauner@kernel.org>
> Cc: Jan Kara <jack@suse.cz>
> Cc: David Woodhouse <dwmw@amazon.co.uk>
> Cc: Matthew Wilcox <willy@infradead.org>
> Cc: Eric Biggers <ebiggers@google.com>
> Cc: <linux-fsdevel@vger.kernel.org>
> Cc: <linux-kernel@vger.kernel.org>
> ---
Seems sensible but has the potential to break users that rely on this
but then again glibc already enforces a 64bit value via eventfd_write()
and eventfd_read().
next prev parent reply other threads:[~2024-02-07 9:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-06 16:35 [PATCH] eventfd: strictly check the count parameter of eventfd_write to avoid inputting illegal strings wenyang.linux
2024-02-07 9:56 ` Christian Brauner
2024-02-07 9:58 ` Christian Brauner [this message]
2024-02-08 4:33 ` Eric Biggers
2024-02-08 5:34 ` Wen Yang
2024-02-09 10:18 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240207-hinkriegen-trugen-8f219d8840a8@brauner \
--to=brauner@kernel.org \
--cc=axboe@kernel.dk \
--cc=dwmw@amazon.co.uk \
--cc=ebiggers@google.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wenyang.linux@foxmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.