NetBSD Problem Report #41620

From www@NetBSD.org  Sat Jun 20 09:13:24 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 140FE63C278
	for <gnats-bugs@gnats.netbsd.org>; Sat, 20 Jun 2009 09:13:24 +0000 (UTC)
Message-Id: <20090620091323.A9AAD63C277@www.NetBSD.org>
Date: Sat, 20 Jun 2009 09:13:23 +0000 (UTC)
From: ekamperi@gmail.com
Reply-To: ekamperi@gmail.com
To: gnats-bugs@NetBSD.org
Subject: lockf(3) doesn't fail upon invalid input
X-Send-Pr-Version: www-1.0

>Number:         41620
>Category:       lib
>Synopsis:       lockf(3) doesn't fail upon invalid input
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 20 09:15:00 +0000 2009
>Closed-Date:    Wed Aug 05 19:45:05 +0000 2009
>Last-Modified:  Sat Sep 05 11:40:02 +0000 2009
>Originator:     Stathis Kamperis
>Release:        NetBSD 5.0_STABLE
>Organization:
Aristotle University of Thessaloniki
>Environment:
NetBSD voyager 5.0_STABLE NetBSD 5.0_STABLE (MYGENERIC) #5: Fri Jun 19 14:00:32 EEST 2009  root@voyager:/usr/obj/sys/arch/i386/compile/MYGENERIC i386

>Description:
According to POSIX, issue 6 lockf(3) shall return:

[EINVAL]
The function argument is not one of F_LOCK, F_TLOCK, F_TEST, or F_ULOCK;
-> or size plus the current file offset is less than 0. <-

On the contrary NetBSD reports success (?). JFYI sunOS 5.10 returns the proper code. I didn't test on linux/glibc so I can't comment on that.
>How-To-Repeat:
[stathis@voyager ~] cat t_lockf.c
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
        int fd;

        fd = open("./foo", O_RDWR);
        assert(fd != -1);

        /* Just a sanity check. */
        assert(lseek(fd, 0, SEEK_SET) != -1);

        /* Size plus current file offset is less than 0. */
        assert(lockf(fd, F_LOCK, -1) == -1 && errno == EINVAL);

        assert(close(fd) != -1);

        printf("passed\n");

        return (EXIT_SUCCESS);
}
[stathis@voyager ~] gcc t_lockf.c -Wall
[stathis@voyager ~] ls -lh foo
-rw-r--r--  1 stathis  users  1.0K Jun 20 11:52 foo
[stathis@voyager ~] ./a.out 
assertion "lockf(fd, F_LOCK, -1) == -1 && errno == EINVAL" failed: file "t_lockf.c", line 19, f
unction "main"
Abort trap (core dumped)
[stathis@voyager ~] 


Am I missing sth ? 
Thanks!
>Fix:

>Release-Note:

>Audit-Trail:
From: David Laight <dsl@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41620 CVS commit: src/sys/kern
Date: Wed, 5 Aug 2009 19:39:50 +0000

 Module Name:	src
 Committed By:	dsl
 Date:		Wed Aug  5 19:39:50 UTC 2009

 Modified Files:
 	src/sys/kern: vfs_lockf.c

 Log Message:
 lockf() passes its arguments through to fcntl() but is supposed to
 support -ve lengths (lock area before current offset).
 Nothing in libc or the kernel allowed for this, so some random part
 of the file would get locked (no idea which bits).
 Although this could probably be fixed in libc, the stubs for posix file
 locks for emulations could easily get into the kernel with -ve lengths.
 So fixing in the kernel avoids those problems.
 This also fixes PR/41620 (attempting to lock negative offsets) - which
 is what I was looking into!


 To generate a diff of this commit:
 cvs rdiff -u -r1.71 -r1.72 src/sys/kern/vfs_lockf.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: dsl@NetBSD.org
State-Changed-When: Wed, 05 Aug 2009 19:45:05 +0000
State-Changed-Why:
Fixed (in the kernel) on head, and pullup request sent for 5.0
NB all -ve lengths to lockf() were borked.


From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41620 CVS commit: [netbsd-5] src/sys/kern
Date: Sat, 5 Sep 2009 11:36:29 +0000

 Module Name:	src
 Committed By:	bouyer
 Date:		Sat Sep  5 11:36:29 UTC 2009

 Modified Files:
 	src/sys/kern [netbsd-5]: vfs_lockf.c

 Log Message:
 Pull up following revision(s) (requested by dsl in ticket #900):
 	sys/kern/vfs_lockf.c: revision 1.72
 lockf() passes its arguments through to fcntl() but is supposed to
 support -ve lengths (lock area before current offset).
 Nothing in libc or the kernel allowed for this, so some random part
 of the file would get locked (no idea which bits).
 Although this could probably be fixed in libc, the stubs for posix file
 locks for emulations could easily get into the kernel with -ve lengths.
 So fixing in the kernel avoids those problems.
 This also fixes PR/41620 (attempting to lock negative offsets) - which
 is what I was looking into!


 To generate a diff of this commit:
 cvs rdiff -u -r1.69.4.2 -r1.69.4.3 src/sys/kern/vfs_lockf.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

Home	PR Database Search