NetBSD Problem Report #41620
From www@NetBSD.org Sat Jun 20 09:13:24 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 140FE63C278
for <gnats-bugs@gnats.netbsd.org>; Sat, 20 Jun 2009 09:13:24 +0000 (UTC)
Message-Id: <20090620091323.A9AAD63C277@www.NetBSD.org>
Date: Sat, 20 Jun 2009 09:13:23 +0000 (UTC)
From: ekamperi@gmail.com
Reply-To: ekamperi@gmail.com
To: gnats-bugs@NetBSD.org
Subject: lockf(3) doesn't fail upon invalid input
X-Send-Pr-Version: www-1.0
>Number: 41620
>Category: lib
>Synopsis: lockf(3) doesn't fail upon invalid input
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jun 20 09:15:00 +0000 2009
>Closed-Date: Wed Aug 05 19:45:05 +0000 2009
>Last-Modified: Sat Sep 05 11:40:02 +0000 2009
>Originator: Stathis Kamperis
>Release: NetBSD 5.0_STABLE
>Organization:
Aristotle University of Thessaloniki
>Environment:
NetBSD voyager 5.0_STABLE NetBSD 5.0_STABLE (MYGENERIC) #5: Fri Jun 19 14:00:32 EEST 2009 root@voyager:/usr/obj/sys/arch/i386/compile/MYGENERIC i386
>Description:
According to POSIX, issue 6 lockf(3) shall return:
[EINVAL]
The function argument is not one of F_LOCK, F_TLOCK, F_TEST, or F_ULOCK;
-> or size plus the current file offset is less than 0. <-
On the contrary NetBSD reports success (?). JFYI sunOS 5.10 returns the proper code. I didn't test on linux/glibc so I can't comment on that.
>How-To-Repeat:
[stathis@voyager ~] cat t_lockf.c
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int fd;
fd = open("./foo", O_RDWR);
assert(fd != -1);
/* Just a sanity check. */
assert(lseek(fd, 0, SEEK_SET) != -1);
/* Size plus current file offset is less than 0. */
assert(lockf(fd, F_LOCK, -1) == -1 && errno == EINVAL);
assert(close(fd) != -1);
printf("passed\n");
return (EXIT_SUCCESS);
}
[stathis@voyager ~] gcc t_lockf.c -Wall
[stathis@voyager ~] ls -lh foo
-rw-r--r-- 1 stathis users 1.0K Jun 20 11:52 foo
[stathis@voyager ~] ./a.out
assertion "lockf(fd, F_LOCK, -1) == -1 && errno == EINVAL" failed: file "t_lockf.c", line 19, f
unction "main"
Abort trap (core dumped)
[stathis@voyager ~]
Am I missing sth ?
Thanks!
>Fix:
>Release-Note:
>Audit-Trail:
From: David Laight <dsl@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41620 CVS commit: src/sys/kern
Date: Wed, 5 Aug 2009 19:39:50 +0000
Module Name: src
Committed By: dsl
Date: Wed Aug 5 19:39:50 UTC 2009
Modified Files:
src/sys/kern: vfs_lockf.c
Log Message:
lockf() passes its arguments through to fcntl() but is supposed to
support -ve lengths (lock area before current offset).
Nothing in libc or the kernel allowed for this, so some random part
of the file would get locked (no idea which bits).
Although this could probably be fixed in libc, the stubs for posix file
locks for emulations could easily get into the kernel with -ve lengths.
So fixing in the kernel avoids those problems.
This also fixes PR/41620 (attempting to lock negative offsets) - which
is what I was looking into!
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/kern/vfs_lockf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dsl@NetBSD.org
State-Changed-When: Wed, 05 Aug 2009 19:45:05 +0000
State-Changed-Why:
Fixed (in the kernel) on head, and pullup request sent for 5.0
NB all -ve lengths to lockf() were borked.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41620 CVS commit: [netbsd-5] src/sys/kern
Date: Sat, 5 Sep 2009 11:36:29 +0000
Module Name: src
Committed By: bouyer
Date: Sat Sep 5 11:36:29 UTC 2009
Modified Files:
src/sys/kern [netbsd-5]: vfs_lockf.c
Log Message:
Pull up following revision(s) (requested by dsl in ticket #900):
sys/kern/vfs_lockf.c: revision 1.72
lockf() passes its arguments through to fcntl() but is supposed to
support -ve lengths (lock area before current offset).
Nothing in libc or the kernel allowed for this, so some random part
of the file would get locked (no idea which bits).
Although this could probably be fixed in libc, the stubs for posix file
locks for emulations could easily get into the kernel with -ve lengths.
So fixing in the kernel avoids those problems.
This also fixes PR/41620 (attempting to lock negative offsets) - which
is what I was looking into!
To generate a diff of this commit:
cvs rdiff -u -r1.69.4.2 -r1.69.4.3 src/sys/kern/vfs_lockf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.