Re: V2 [PATCH] nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Aurelien Jarno <aurelien@aurel32.net>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Carlos O'Donell <carlos@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu via Libc-alpha" <libc-alpha@sourceware.org>
Subject: Re: V2 [PATCH] nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
Date: Sat, 18 Jul 2020 00:27:35 +0200	[thread overview]
Message-ID: <20200717222735.GD8268@aurel32.net> (raw)
In-Reply-To: <CAMe9rOrR2f5xSj-FzN6Tk1-5BqKPTS1ZsqJEUcZFjJVHRoZjyw@mail.gmail.com>

On 2020-07-17 12:42, H.J. Lu via Libc-alpha wrote:
> On Fri, Jul 17, 2020 at 8:02 AM Carlos O'Donell <carlos@redhat.com> wrote:
> >
> > On 7/16/20 8:46 AM, H.J. Lu via Libc-alpha wrote:
> > > On Thu, Jul 16, 2020 at 5:03 AM Florian Weimer <fweimer@redhat.com> wrote:
> > >>
> > >> * H. J. Lu via Libc-alpha:
> > >>
> > >>> nptl has
> > >>>
> > >>> /* Opcodes and data types for communication with the signal handler to
> > >>>    change user/group IDs.  */
> > >>> struct xid_command
> > >>> {
> > >>>   int syscall_no;
> > >>>   long int id[3];
> > >>>   volatile int cntr;
> > >>>   volatile int error;
> > >>> };
> > >>>
> > >>>  /* This must be last, otherwise the current thread might not have
> > >>>      permissions to send SIGSETXID syscall to the other threads.  */
> > >>>   result = INTERNAL_SYSCALL_NCS (cmdp->syscall_no, 3,
> > >>>                                  cmdp->id[0], cmdp->id[1], cmdp->id[2]);
> > >>>
> > >>> But the second argument of setgroups syscal is a pointer:
> > >>>
> > >>>        int setgroups(size_t size, const gid_t *list);
> > >>>
> > >>> But on x32, pointers passed to syscall must have pointer type so that they
> > >>> will be zero-extended.
> > >>>
> > >>> Add <setxid-internal.h> to define INTERNAL_SETXID_SYSCALL_NCS and use it,
> > >>> instead of INTERNAL_SYSCALL_NCS, for SETXID syscalls.  X32 override it
> > >>> with pointer type for setgroups.  A testcase is added and setgroups
> > >>> returned with EFAULT when running as root without the fix.
> > >>
> > >> Isn't it sufficient to change the type of id to unsigned long int[3]?
> > >> The UID arguments are unsigned on the kernel side, so no sign extension
> > >> is required.
> > >>
> > >
> > > It works.  Here is the updated patch.  OK for master?
> > >
> > > Thanks.
> > >
> >
> > This test should run in a container, and it should attempt two setgroups
> > calls, one with groups and one empty with a bad address.
> 
> Fixed.
> 
> > > From 2af9e56c2306dc9d80a4476fa5b154a26a935557 Mon Sep 17 00:00:00 2001
> > > From: "H.J. Lu" <hjl.tools@gmail.com>
> > > Date: Thu, 16 Jul 2020 03:37:10 -0700
> > > Subject: [PATCH] nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
> > >
> > > nptl has
> > >
> > > /* Opcodes and data types for communication with the signal handler to
> > >    change user/group IDs.  */
> > > struct xid_command
> > > {
> > >   int syscall_no;
> > >   long int id[3];
> > >   volatile int cntr;
> > >   volatile int error;
> > > };
> > >
> > >  /* This must be last, otherwise the current thread might not have
> > >      permissions to send SIGSETXID syscall to the other threads.  */
> > >   result = INTERNAL_SYSCALL_NCS (cmdp->syscall_no, 3,
> > >                                  cmdp->id[0], cmdp->id[1], cmdp->id[2]);
> > >
> > > But the second argument of setgroups syscal is a pointer:
> > >
> > >        int setgroups(size_t size, const gid_t *list);
> > >
> > > But on x32, pointers passed to syscall must have pointer type so that they
> > > will be zero-extended.  Since the XID arguments are unsigned on the kernel
> > > side, so no sign extension is required.  Change xid_command to
> > >
> > > struct xid_command
> > > {
> > >   int syscall_no;
> > >   unsigned long int id[3];
> > >   volatile int cntr;
> > >   volatile int error;
> > > };
> > >
> > > so that all arguments zero-extended.  A testcase is added for x32 and
> > > setgroups returned with EFAULT when running as root without the fix.
> > > ---
> > >  nptl/descr.h                                  |  8 ++-
> > >  sysdeps/unix/sysv/linux/x86_64/x32/Makefile   |  4 ++
> > >  .../sysv/linux/x86_64/x32/tst-setgroups.c     | 67 +++++++++++++++++++
> > >  3 files changed, 78 insertions(+), 1 deletion(-)
> > >  create mode 100644 sysdeps/unix/sysv/linux/x86_64/x32/tst-setgroups.c

Is there a reason to limit that test to x32? We do not have any other
getgroups or setgroups test in the GLIBC tree, so that simple test might
already be able to catch issues. In addition such a test would benefit
the other ILP32 architectures supported by GLIBC.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

next prev parent reply	other threads:[~2020-07-17 22:27 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16 11:26 [PATCH] nptl: Properly inline setgroups syscall " H.J. Lu
2020-07-16 12:03 ` Florian Weimer
2020-07-16 12:46   ` [PATCH] nptl: Zero-extend arguments to SETXID syscalls " H.J. Lu
2020-07-16 15:57     ` Florian Weimer
2020-07-16 16:00       ` H.J. Lu
2020-07-16 19:38       ` Aurelien Jarno
2020-07-16 19:45     ` Aurelien Jarno
2020-07-16 21:42       ` H.J. Lu
2020-07-17  2:14         ` Carlos O'Donell
2020-07-17  2:46           ` H.J. Lu
2020-07-17 15:01     ` Carlos O'Donell
2020-07-17 15:13       ` Florian Weimer
2020-07-17 15:52         ` Carlos O'Donell
2020-07-17 19:31           ` H.J. Lu
2020-07-17 21:22             ` Carlos O'Donell
2020-07-23 20:03               ` H.J. Lu
2020-07-23 21:11                 ` Carlos O'Donell
2020-07-23 21:17                   ` Adhemerval Zanella
2020-07-23 21:20                     ` Carlos O'Donell
2020-07-27  3:37                   ` Carlos O'Donell
2020-07-27  6:00                     ` Florian Weimer
2020-07-27 11:55                       ` H.J. Lu
2020-07-27 12:20                         ` Florian Weimer
2020-07-27 14:29                           ` V3 " H.J. Lu
2020-07-27 15:49                             ` Florian Weimer
2020-07-27 19:17                               ` H.J. Lu
2020-07-20 11:38           ` Florian Weimer
2020-07-17 19:42       ` V2 " H.J. Lu
2020-07-17 22:27         ` Aurelien Jarno [this message]
2020-07-17 22:31           ` H.J. Lu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200717222735.GD8268@aurel32.net \
    --to=aurelien@aurel32.net \
    --cc=carlos@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=hjl.tools@gmail.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).