From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20886 invoked from network); 9 Jan 2022 06:00:19 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 9 Jan 2022 06:00:19 -0000 Received: (qmail 28558 invoked by uid 550); 9 Jan 2022 06:00:16 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 28523 invoked from network); 9 Jan 2022 06:00:16 -0000 Date: Sun, 9 Jan 2022 01:00:03 -0500 From: Rich Felker To: "Minqiang Chen (ptpt52)" Cc: musl@lists.openwall.com Message-ID: <20220109060003.GR7074@brightrain.aerifal.cx> References: <1F85A2EF-1942-48CE-989E-7552970E6877@gmail.com> <20211116161817.GP7074@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211116161817.GP7074@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] BUG fix: mmap pass wrong offset to kernel On Tue, Nov 16, 2021 at 11:18:17AM -0500, Rich Felker wrote: > On Tue, Nov 16, 2021 at 11:56:57AM +0800, Minqiang Chen (ptpt52) wrote: > > From 146066a9794b8e39c53337b71a8476b86e79e7d4 Mon Sep 17 00:00:00 2001 > > From: Chen Minqiang > > Date: Mon, 16 Oct 2017 08:57:41 +0800 > > Subject: [PATCH] musl: fix mmap pass wrong offset to kernel > > > > on 32bit platform for example off_t x=0x8d9eb000, the x/4096 result > > is 0xfff8d9eb, but the sys_mmap2() is expecting 0x8d9eb to be pass to > > > > this happens on 32bit platform or 64bit platform when > > x > = 0x80000000 (32bit platform) > > or > > x > = 0x8000000000000000 (64bit platform) > > > > Signed-off-by: Chen Minqiang > > --- > > src/mman/mmap.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/src/mman/mmap.c b/src/mman/mmap.c > > index eff88d82..f225cdbb 100644 > > --- a/src/mman/mmap.c > > +++ b/src/mman/mmap.c > > @@ -26,7 +26,7 @@ void *__mmap(void *start, size_t len, int prot, int flags, int fd, off_t off) > > __vm_wait(); > > } > > #ifdef SYS_mmap2 > > - ret = __syscall(SYS_mmap2, start, len, prot, flags, fd, off/UNIT); > > + ret = __syscall(SYS_mmap2, start, len, prot, flags, fd, (unsigned long)off/UNIT); > > #else > > ret = __syscall(SYS_mmap, start, len, prot, flags, fd, off); > > #endif > > -- > > 2.17.1 > > This patch is wrong and truncates offsets over 32-bit (drops all the > high bits). There is a bug here, but it's just that UNIT has the wrong > type. commit b5bbe797493ea732d4cac15619753c545ed392af introduced the > regression by making UNIT have type unsigned long long. It should have > a small signed type; just int is fine. Following up on this again: there isn't actually a bug here. All valid offsets to mmap are non-negative off_t values, so coercion to unsigned long long does not alter the value. If the offset is negative, it was already caught by the mask against OFF_MASK in the first if statement. Rich