Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 May 2013 11:01:59 +0100
From: Justin Cormack <justin@...cialbusservice.com>
To: musl@...ts.openwall.com
Subject: Re: procfs stdio writev problem

On Sun, May 5, 2013 at 10:16 AM, Jens <jensl@...s.mine.nu> wrote:
>
> Hello!
>
> I've noticed a problem when using bash linked with musl.
>
> laas:~# echo 60 > /proc/sys/kernel/panic
> -su: echo: write error: Invalid argument
>
> laas:~# cat t.sh
> #!/bin/bash
> echo 60 > /proc/sys/kernel/panic
>
> laas:~# strace -f t.sh
> ...
> writev(1, [{"60", 2}, {"\n", 1}], 2)    = 2
> writev(1, [{"", 0}, {"\n", 1}], 2)      = -1 EINVAL (Invalid argument)
>
> I'm guessing that musl uses writev in its stdio implementation.
>
> And I think the error is due to a simplistic implementation in procfs, that
> parses each write on its own, and that the writev is split into several
> writes.

Looks to me at a quick glance like stdio needs something like (untested)

--- ./src/stdio/__stdio_write.c~ 2012-12-01 22:56:34.156555480 +0000
+++ ./src/stdio/__stdio_write.c 2013-05-05 10:59:49.856504883 +0100
@@ -37,7 +37,7 @@
  return iovcnt == 2 ? 0 : len-iov[0].iov_len;
  }
  rem -= cnt;
- if (cnt > iov[0].iov_len) {
+ if (cnt >= iov[0].iov_len) {
  f->wpos = f->wbase = f->buf;
  cnt -= iov[0].iov_len;
  iov++; iovcnt--;

In the case where the kernel exactly eats the iov you need to move
onto the next one rather than have a zero length write pointing just
after the existing one, as that could be an invalid address.

Justin

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.