On 2024-06-01 11:31:56+0000, Alejandro Colomar wrote: > Since libc's prctl(2) wrapper is a variadic function, arguments must > have the right width. Otherwise, the behavior is undefined. Ack. > Also, the 5 arguments must be specified always, or the behavior is also > undefined. libc reads 5 values and passes them all to the kernel, so if > one is uninitialized, the kernel will receive garbagge, which could > result in EINVAL (most likely), or worse, a different action. This seems surprising. The kernel should only check the arguments it documents and not more. glibc itself doesn't even specify all five arguments in its own calls to prctl(). If all five arguments are really required then prctl() wouldn't need to be variadic. How is random non-zero data less valid than a essentially random zero? And if the kernel actually validates this, how has it ever worked before? Other popular software like systemd or opendjk also don't specify unused arguments. So it doesn't really seem "broken". If the patch is more about "being on the safe side", then this should be spelled out. (Plus the cases where documented, required arguments are missing) > Also, avoid some casts to unsigned long, by changing the type of the > parameter to some local wrappers. > > And use consistently 0L. 0UL is basically the same, and uses one more > character. Keep it short. > > Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=6698b096a6f5342cb9b338c237ed875a8635497a> > Link: <https://lore.kernel.org/linux-man/ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf/T/#med306b5b003f9cc7cc2de69fcdd7ee2d056d0954> > Cc: Xi Ruoyao <xry111@xxxxxxxxxxx> > Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx> > --- > Range-diff against v0: > -: --------- > 1: afd73139e Call prctl(2) with long integers, specify 5 arguments, and avoid casts > > include/seccomp.h | 2 +- > lib/caputils.c | 4 ++-- > lib/env.c | 4 ++-- > misc-utils/enosys.c | 4 ++-- > schedutils/coresched.c | 6 +++--- > sys-utils/setpriv-landlock.c | 2 +- > sys-utils/setpriv.c | 34 ++++++++++++++++------------------ > tests/helpers/test_mkfds.c | 2 +- > 8 files changed, 28 insertions(+), 30 deletions(-) <snip>
