On Tue, Oct 22, 2019 at 12:49 AM Guillem Jover <guillem@xxxxxxxxxxx> wrote:
>
> This type is used to pass the sigset_t from userland to the kernel,
> but it was using the kernel native pointer type for the member
> representing the compat userland pointer to the userland sigset_t.
>
> This messes up the layout, and makes the kernel eat up both the
> userland pointer and the size into the kernel pointer, and then
> reads garbage into the kernel sigsetsize. Which makes the sigset_t
> size consistency check fail, and consequently the syscall always
> returns -EINVAL.
>
> This breaks both libaio and strace on 32-bit userland running on 64-bit
> kernels. And there are apparently no users in the wild of the current
> broken layout (at least according to codesearch.debian.org and a brief
> check over github.com search). So it looks safe to fix this directly
> in the kernel, instead of either letting userland deal with this
> permanently with the additional overhead or trying to make the syscall
> infer what layout userland used, even though this is also being worked
> around in libaio to temporarily cope with kernels that have not yet
> been fixed.
>
> We use a proper compat_uptr_t instead of a compat_sigset_t pointer.
>
> Fixes: 7a074e96dee6 ("aio: implement io_pgetevents")
> Signed-off-by: Guillem Jover <guillem@xxxxxxxxxxx>
When resending a patch that has already been reviewed, please
add the tags you received so they get picked up into the final
changeset as well:
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Reviewed-by: Jeff Moyer <jmoyer@xxxxxxxxxx>
Let's make sure this also gets added to stable kernels
Cc: <stable@xxxxxxxxxxxxxxx> # v4.18+
Finally (if you like)
Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
Arnd
