| Summary: | Bad usage of ioctl() in sys-fs/udev-146 causes spurious errors on amd64 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Andrew Church <achurch+gentoo> |
| Component: | [OLD] Core system | Assignee: | udev maintainers <udev-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gentoo, martin |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 286074 | ||
| Attachments: | Fix for incorrect ioctl() parameter type | ||
Created attachment 204988 [details, diff]
Fix for incorrect ioctl() parameter type
I'm assuming the use of int instead of [s]size_t in the kernel is intentional, since all the FIONREAD handlers seem to use int.
*** Bug 285941 has been marked as a duplicate of this bug. *** *** Bug 285050 has been marked as a duplicate of this bug. *** Fixed in udev-145-r3 and udev-146-r1. |
A bad parameter type to an ioctl() call causes udev-146 to generate "error getting buffer for inotify" messages in syslog. The offending code is roughly: ssize_t nbytes, pos; // ... ioctl(fd, FIONREAD, &nbytes); where ssize_t is 64 bits on amd64, but the kernel code for FIONREAD (at least through gentoo-sources-2.6.31) uses type int: p = (void __user *) arg; switch (cmd) { case FIONREAD: // ... ret = put_user(send_len, (int __user *) p); so the upper 32 bits of "nbytes" are left uninitialized, and the subsequent malloc(nbytes) fails unless those 32 bits happen to be zero (or the system has a LOT of memory). Patch will follow.