Bug 22457 - Generic preadv/pwritev incorrectly calls __posix_memalign
Summary: Generic preadv/pwritev incorrectly calls __posix_memalign
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.26
: P2 normal
Target Milestone: 2.27
Assignee: Adhemerval Zanella
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-18 15:21 UTC by Florian Weimer
Modified: 2017-11-24 14:17 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2017-11-18 15:21:23 UTC 
An interposed malloc will not override __posix_memalign, so these functions free an invalid pointer.

This is not a problem on Linux because the system calls are always used.

My advice would be to replace these functions with an ENOSYS stub until Hurd implements them.
Comment 1 Florian Weimer 2017-11-18 16:12:58 UTC 
This also affects Linux because microblaze added preadv/pwritev support only in kernel version 3.15, and we require only kernel 3.2.
Comment 2 Sourceware Commits 2017-11-24 14:16:54 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  c45d78aac47db08bc8ea7641c5330cccaecd3ddb (commit)
      from  3ffc4cc1ad37fb36e419c9a3a72e1916d7d893d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c45d78aac47db08bc8ea7641c5330cccaecd3ddb

commit c45d78aac47db08bc8ea7641c5330cccaecd3ddb
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Nov 22 18:02:20 2017 -0200

    posix: Fix generic p{read,write}v buffer allocation (BZ#22457)
    
    As described in BZ#22457 an interpose malloc can free an invalid
    pointer for fallback preadv implementation.  Fortunately this is
    just and issue on microblaze-linux-gnu running kernels older than
    3.15.  This patch fixes it by calling mmap/unmap instead of
    posix_memalign/ free.
    
    Checked on microblaze-linux-gnu check with run-built-tests=no and
    by using the sysdeps/posix implementation on x86_64-linux-gnu (just
    for sanity test where it shown no regression).
    
    	[BZ #22457]
    	* sysdeps/posix/preadv_common.c (PREADV): Use mmap/munmap instead of
    	posix_memalign/free.
    	* sysdeps/posix/pwritev_common.c (PWRITEV): Likewise.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                      |    7 +++++++
 sysdeps/posix/preadv_common.c  |    8 +++++---
 sysdeps/posix/pwritev_common.c |    8 +++++---
 3 files changed, 17 insertions(+), 6 deletions(-)
Comment 3 Adhemerval Zanella 2017-11-24 14:17:51 UTC 
Fixed by c45d78aac47db08bc8ea7641c5330cccaecd3ddb