From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f182.google.com ([209.85.220.182]:41573 "EHLO mail-qk0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932112AbeCFSHH (ORCPT ); Tue, 6 Mar 2018 13:07:07 -0500 Received: by mail-qk0-f182.google.com with SMTP id w142so25923462qkb.8 for ; Tue, 06 Mar 2018 10:07:07 -0800 (PST) Date: Tue, 6 Mar 2018 13:07:04 -0500 From: Lance Richardson To: viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, mingo@redhat.com Subject: Re: [PATCH v2] fs: select/pselect buffer overrun with x32 abi Message-ID: <20180306180704.5ctpvwit4yothv3f@Corsair> References: <20180227153144.4629-1-lance.richardson.net@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180227153144.4629-1-lance.richardson.net@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Tue, Feb 27, 2018 at 10:31:44AM -0500, Lance Richardson wrote: > The definition of fd_set in X32 user-space uses a 32-bit base > data type for the fd array while the kernel uses a 64-bit base > data type. For applications using the glibc implementation of > select(2)/pselect(2), the size of fd_set is an integer multiple > of both base types, so there is no issue. > > For applications using fd_set sizes that are different from > the glibc default size, an overrun of the user-space fd_set > buffer will occur when the user-space buffer size is an odd > multiple of 4 bytes (e.g. user-space can pass a 12-byte fd_set > to the kernel and the kernel will copy 16 bytes to user-space > before returning from select/pselect system calls). OpenSSH is > one example of an application using fd_set sizes different from > the default. > Please let me know if there is a more appropriate list for patches in this area, or if there is a better list for x32 ABI issues. Thanks, Lance Richardson