From: Cyril Hrubis <chrubis-AlSwsSmVLrQ@public.gmane.org>
To: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] ioctl_list.2: BLKRASET/BLKRAGET take unsigned long
Date: Wed, 15 Feb 2017 12:22:05 +0100 [thread overview]
Message-ID: <20170215112205.GA27269@rei.lan> (raw)
In-Reply-To: <20170215112015.GA27080-2UyX9mZUyMU@public.gmane.org>
[CCing linux api as well]
> The BLKRASET/BLKRAGET ioctls() take unsigned long, if I pass int * to
> the BLKRAGET ioctl on x86_64 (or on any other arch where sizeof(int) !=
> sizeof(long)) the BLKRAGET ioctl will rewrite four bytes on the stack.
>
> If you look at block/ioctl.c in kernel sources you can clearly see that
> BLKRAGET ioctl calls put_long().
>
> Compile following reproducer and run it as ./a.out /dev/sda, you can see
> that the second member of the array will be zeroed. If you change the
> array to have only one member you will see stack smashing trace.
>
> I also wonder if it's OK to pass int value to ioctl() at all, the arg
> value seems to be unsigned long in the syscall definition in fs/ioctl.c
> and there does not seem to be any glibc magic around the syscall.
>
> -------------------------8<----------------------------
> #include <sys/mount.h>
> #include <sys/ioctl.h>
> #include <fcntl.h>
> #include <stdio.h>
>
> static int fd;
>
> int main(int argc, char *argv[])
> {
> int ra[] = {100, 100};
>
> fd = open(argv[1], O_RDONLY);
> if (fd < 0) {
> perror("open");
> return 1;
> }
>
> ioctl(fd, BLKRAGET, ra);
>
> fprintf(stderr, "%i %i\n", ra[0], ra[1]);
>
> return 0;
> }
>
> -------------------------8<----------------------------
>
> Signed-off-by: Cyril Hrubis <chrubis-AlSwsSmVLrQ@public.gmane.org>
> ---
> man2/ioctl_list.2 | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/man2/ioctl_list.2 b/man2/ioctl_list.2
> index 0165c77..c8efd66 100644
> --- a/man2/ioctl_list.2
> +++ b/man2/ioctl_list.2
> @@ -311,8 +311,8 @@ l l l l.
> 0x0000125F BLKRRPART void
> 0x00001260 BLKGETSIZE unsigned long *
> 0x00001261 BLKFLSBUF void
> -0x00001262 BLKRASET int
> -0x00001263 BLKRAGET int *
> +0x00001262 BLKRASET unsigned long
> +0x00001263 BLKRAGET unsigned long *
> 0x00000001 FIBMAP int * // I-O
> 0x00000002 FIGETBSZ int *
> 0x80086601 FS_IOC_GETFLAGS int *
> --
> 2.10.2
>
>
> --
> Cyril Hrubis
> chrubis-AlSwsSmVLrQ@public.gmane.org
--
Cyril Hrubis
chrubis-AlSwsSmVLrQ@public.gmane.org
next prev parent reply other threads:[~2017-02-15 11:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 11:20 [PATCH] ioctl_list.2: BLKRASET/BLKRAGET take unsigned long Cyril Hrubis
[not found] ` <20170215112015.GA27080-2UyX9mZUyMU@public.gmane.org>
2017-02-15 11:22 ` Cyril Hrubis [this message]
[not found] ` <20170215112205.GA27269-2UyX9mZUyMU@public.gmane.org>
2017-02-15 12:04 ` Arnd Bergmann
[not found] ` <CAK8P3a0KzhqFZqvPH4q7_Nb6+TMmhCWXDi_-wQG=mi-1U=Ccxw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-15 12:59 ` Cyril Hrubis
[not found] ` <20170215125946.GA27511-2UyX9mZUyMU@public.gmane.org>
2017-02-15 14:29 ` Cyril Hrubis
2017-04-10 15:21 ` Michael Kerrisk (man-pages)
2017-03-14 13:21 ` Cyril Hrubis
[not found] ` <20170314132120.GA8347-2UyX9mZUyMU@public.gmane.org>
2017-04-03 14:02 ` Cyril Hrubis
2017-04-10 15:21 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170215112205.GA27269@rei.lan \
--to=chrubis-alswssmvlrq@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.