From: Christoph Hellwig <hch@lst.de>
To: Guillem Jover <guillem@hadrons.org>
Cc: linux-aio@kvack.org, Christoph Hellwig <hch@lst.de>,
Jeff Moyer <jmoyer@redhat.com>, Benjamin LaHaise <bcrl@kvack.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] aio: Fix io_pgetevents() struct __compat_aio_sigset layout
Date: Thu, 22 Aug 2019 01:55:34 +0200 [thread overview]
Message-ID: <20190821235534.GA9511@lst.de> (raw)
In-Reply-To: <20190821033820.14155-1-guillem@hadrons.org>
On Wed, Aug 21, 2019 at 05:38:20AM +0200, Guillem Jover wrote:
> This type is used to pass the sigset_t from userland to the kernel,
> but it was using the kernel native pointer type for the member
> representing the compat userland pointer to the userland sigset_t.
>
> This messes up the layout, and makes the kernel eat up both the
> userland pointer and the size members into the kernel pointer, and
> then reads garbage into the kernel sigsetsize. Which makes the sigset_t
> size consistency check fail, and consequently the syscall always
> returns -EINVAL.
>
> This breaks both libaio and strace on 32-bit userland running on 64-bit
> kernels. And there are apparently no users in the wild of the current
> broken layout (at least according to codesearch.debian.org and a brief
> check over github.com search). So it looks safe to fix this directly
> in the kernel, instead of either letting userland deal with this
> permanently with the additional overhead or trying to make the syscall
> infer what layout userland used, even though this is also being worked
> around in libaio to temporarily cope with kernels that have not yet
> been fixed.
>
> We use a proper compat_uptr_t instead of a compat_sigset_t pointer.
>
> Fixes: 7a074e96 ("aio: implement io_pgetevents")
> Signed-off-by: Guillem Jover <guillem@hadrons.org>
Looks good,
Reviewed-by: Christoph Hellwig <hch@lst.de>
next prev parent reply other threads:[~2019-08-21 23:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 3:38 [PATCH] aio: Fix io_pgetevents() struct __compat_aio_sigset layout Guillem Jover
2019-08-21 23:55 ` Christoph Hellwig [this message]
2019-08-22 17:53 ` Jeff Moyer
2019-10-17 13:48 ` Jan Kara
2019-10-21 20:15 ` Al Viro
2019-10-21 22:51 ` [PATCH v2] " Guillem Jover
2019-10-22 12:45 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190821235534.GA9511@lst.de \
--to=hch@lst.de \
--cc=bcrl@kvack.org \
--cc=guillem@hadrons.org \
--cc=jmoyer@redhat.com \
--cc=linux-aio@kvack.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.