Date: Wed, 9 Sep 2009 20:59:01 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r197049 - in head/sys: compat/freebsd32 compat/linux kern sys Message-ID: <200909092059.n89Kx1Oh097291@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Wed Sep 9 20:59:01 2009 New Revision: 197049 URL: http://svn.freebsd.org/changeset/base/197049 Log: kern_select(9) copies fd_set in and out of userspace in quantities of longs. Since 32bit processes longs are 4 bytes, 64bit kernel may copy in or out 4 bytes more then the process expected. Calculate the amount of bytes to copy taking into account size of fd_set for the current process ABI. Diagnosed and tested by: Peter Jeremy <peterjeremy acm org> Reviewed by: jhb MFC after: 1 week Modified: head/sys/compat/freebsd32/freebsd32_misc.c head/sys/compat/linux/linux_misc.c head/sys/kern/sys_generic.c head/sys/sys/syscallsubr.h Modified: head/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- head/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 9 20:37:49 2009 (r197048) +++ head/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 9 20:59:01 2009 (r197049) @@ -589,7 +589,8 @@ freebsd32_select(struct thread *td, stru * XXX big-endian needs to convert the fd_sets too. * XXX Do pointers need PTRIN()? */ - return (kern_select(td, uap->nd, uap->in, uap->ou, uap->ex, tvp)); + return (kern_select(td, uap->nd, uap->in, uap->ou, uap->ex, tvp, + sizeof(int32_t) * 8)); } /* Modified: head/sys/compat/linux/linux_misc.c ============================================================================== --- head/sys/compat/linux/linux_misc.c Wed Sep 9 20:37:49 2009 (r197048) +++ head/sys/compat/linux/linux_misc.c Wed Sep 9 20:59:01 2009 (r197049) @@ -522,7 +522,7 @@ linux_select(struct thread *td, struct l tvp = NULL; error = kern_select(td, args->nfds, args->readfds, args->writefds, - args->exceptfds, tvp); + args->exceptfds, tvp, sizeof(l_int) * 8); #ifdef DEBUG if (ldebug(select)) Modified: head/sys/kern/sys_generic.c ============================================================================== --- head/sys/kern/sys_generic.c Wed Sep 9 20:37:49 2009 (r197048) +++ head/sys/kern/sys_generic.c Wed Sep 9 20:59:01 2009 (r197049) @@ -774,12 +774,13 @@ select(td, uap) } else tvp = NULL; - return (kern_select(td, uap->nd, uap->in, uap->ou, uap->ex, tvp)); + return (kern_select(td, uap->nd, uap->in, uap->ou, uap->ex, tvp, + NFDBITS)); } int kern_select(struct thread *td, int nd, fd_set *fd_in, fd_set *fd_ou, - fd_set *fd_ex, struct timeval *tvp) + fd_set *fd_ex, struct timeval *tvp, int abi_nfdbits) { struct filedesc *fdp; /* @@ -792,7 +793,7 @@ kern_select(struct thread *td, int nd, f fd_mask *ibits[3], *obits[3], *selbits, *sbp; struct timeval atv, rtv, ttv; int error, timo; - u_int nbufbytes, ncpbytes, nfdbits; + u_int nbufbytes, ncpbytes, ncpubytes, nfdbits; if (nd < 0) return (EINVAL); @@ -806,6 +807,7 @@ kern_select(struct thread *td, int nd, f */ nfdbits = roundup(nd, NFDBITS); ncpbytes = nfdbits / NBBY; + ncpubytes = roundup(nd, abi_nfdbits) / NBBY; nbufbytes = 0; if (fd_in != NULL) nbufbytes += 2 * ncpbytes; @@ -832,9 +834,11 @@ kern_select(struct thread *td, int nd, f ibits[x] = sbp + nbufbytes / 2 / sizeof *sbp; \ obits[x] = sbp; \ sbp += ncpbytes / sizeof *sbp; \ - error = copyin(name, ibits[x], ncpbytes); \ + error = copyin(name, ibits[x], ncpubytes); \ if (error != 0) \ goto done; \ + bzero((char *)ibits[x] + ncpubytes, \ + ncpbytes - ncpubytes); \ } \ } while (0) getbits(fd_in, 0); @@ -888,7 +892,7 @@ done: if (error == EWOULDBLOCK) error = 0; #define putbits(name, x) \ - if (name && (error2 = copyout(obits[x], name, ncpbytes))) \ + if (name && (error2 = copyout(obits[x], name, ncpubytes))) \ error = error2; if (error == 0) { int error2; Modified: head/sys/sys/syscallsubr.h ============================================================================== --- head/sys/sys/syscallsubr.h Wed Sep 9 20:37:49 2009 (r197048) +++ head/sys/sys/syscallsubr.h Wed Sep 9 20:59:01 2009 (r197049) @@ -170,7 +170,7 @@ int kern_sched_rr_get_interval(struct th int kern_semctl(struct thread *td, int semid, int semnum, int cmd, union semun *arg, register_t *rval); int kern_select(struct thread *td, int nd, fd_set *fd_in, fd_set *fd_ou, - fd_set *fd_ex, struct timeval *tvp); + fd_set *fd_ex, struct timeval *tvp, int abi_nfdbits); int kern_sendfile(struct thread *td, struct sendfile_args *uap, struct uio *hdr_uio, struct uio *trl_uio, int compat); int kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909092059.n89Kx1Oh097291>