Message ID | 1404918390-32413-1-git-send-email-Anton.Kolesov@synopsys.com |
---|---|
State | Superseded |
Headers | show |
On 9 July 2014 17:06:46 Anton Kolesov <Anton.Kolesov@synopsys.com> wrote: > There was a runtime error in systems without large file support. Call > fseek(fd, 4096, SEEK_SET) has been failing with EINVAL, though it was > succeeding for offset = 4092. This has been happening because llseek system > call accepts 64-bit value as an offset argument and lseek function has been > ordering 32-bits words that form this offset value, according to the > endianness. However this ordering to match endianness is not required, > because llseek doesn't accept one 64-bit offset argument, it accepts two > 32-bit offset argument, then stitches them into one following its > endianness. As a result on little endian system, order of words has been > swapped two times: in libc and in kernel. Thus call to fseek with offset 4096 > (0x1000) was doing a system call to llseek with offset 0x1000_0000_0000. I'm > not entirely sure why then offset = 4092 hasn't been failing then. > > This patch removes malicious swap of words when calling llseek. Please also add a test case. TIA, > > Signed-off-by: Anton Kolesov <Anton.Kolesov@synopsys.com> > --- > libc/sysdeps/linux/common/lseek.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/libc/sysdeps/linux/common/lseek.c > b/libc/sysdeps/linux/common/lseek.c > index 500c6bf..11a1fbb 100644 > --- a/libc/sysdeps/linux/common/lseek.c > +++ b/libc/sysdeps/linux/common/lseek.c > @@ -24,9 +24,7 @@ off_t __NC(lseek)(int fd, off_t offset, int whence) > #elif __WORDSIZE == 32 > __off64_t result; > __off_t high = 0; > - return INLINE_SYSCALL(llseek, 5, fd, > - __LONG_LONG_PAIR(high, offset), > - &result, whence) ?: result; > + return INLINE_SYSCALL(llseek, 5, fd, high, offset, &result, whence) ?: > result; > #endif > /* No need to handle __WORDSIZE == 64 as such a kernel won't define > __NR_llseek */ > } > -- > 1.8.4.1 > > _______________________________________________ > uClibc mailing list > uClibc@uclibc.org > http://lists.busybox.net/mailman/listinfo/uclibc Sent with AquaMail for Android http://www.aqua-mail.com
diff --git a/libc/sysdeps/linux/common/lseek.c b/libc/sysdeps/linux/common/lseek.c index 500c6bf..11a1fbb 100644 --- a/libc/sysdeps/linux/common/lseek.c +++ b/libc/sysdeps/linux/common/lseek.c @@ -24,9 +24,7 @@ off_t __NC(lseek)(int fd, off_t offset, int whence) #elif __WORDSIZE == 32 __off64_t result; __off_t high = 0; - return INLINE_SYSCALL(llseek, 5, fd, - __LONG_LONG_PAIR(high, offset), - &result, whence) ?: result; + return INLINE_SYSCALL(llseek, 5, fd, high, offset, &result, whence) ?: result; #endif /* No need to handle __WORDSIZE == 64 as such a kernel won't define __NR_llseek */ }
There was a runtime error in systems without large file support. Call fseek(fd, 4096, SEEK_SET) has been failing with EINVAL, though it was succeeding for offset = 4092. This has been happening because llseek system call accepts 64-bit value as an offset argument and lseek function has been ordering 32-bits words that form this offset value, according to the endianness. However this ordering to match endianness is not required, because llseek doesn't accept one 64-bit offset argument, it accepts two 32-bit offset argument, then stitches them into one following its endianness. As a result on little endian system, order of words has been swapped two times: in libc and in kernel. Thus call to fseek with offset 4096 (0x1000) was doing a system call to llseek with offset 0x1000_0000_0000. I'm not entirely sure why then offset = 4092 hasn't been failing then. This patch removes malicious swap of words when calling llseek. Signed-off-by: Anton Kolesov <Anton.Kolesov@synopsys.com> --- libc/sysdeps/linux/common/lseek.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)