sys_pipe2() leaks file descriptors to %eax and %edx on i386

To: tech-kern%netbsd.org@localhost
Subject: sys_pipe2() leaks file descriptors to %eax and %edx on i386
From: Артем Анисимов <aanisimov%inbox.ru@localhost>
Date: Fri, 4 Nov 2011 09:52:28 +0300

Hi,

both sys_pipe() and sys_pipe2() use pipe1() as the actual implementation. 
Therefore they both fill retval[0] and retval[1] with file descriptors of read 
and write endpoints. For sys_pipe() it is the desired behaviour since its 
userland part picks these values from %eax and %edx and stores them to 
appropriate locations. However, for pipe2() such behaviour is wrong for its 
userland part treats %eax as a return value, hence pipe2() normally returns 
non-zero thus confusing its callers.

The following patch fixes this:

diff -u -r1.22 sys_descrip.c
--- sys_descrip.c       26 Jun 2011 16:42:42 -0000      1.22
+++ sys_descrip.c       31 Oct 2011 15:10:41 -0000
@@ -759,5 +759,6 @@
                return error;
        fd[0] = retval[0];
        fd[1] = retval[1];
+       retval[0] = retval[1] = 0;
        return copyout(fd, SCARG(uap, fildes), sizeof(fd));
 }

Prev by Date: Re: pthread_setaffinity_np() permissions / secmodel sysctl(7)s
Next by Date: Re: pthread_setaffinity_np() permissions / secmodel sysctl(7)s
Previous by Thread: Re: pthread_setaffinity_np() permissions / secmodel sysctl(7)s
Next by Thread: Patch: rework kernel random number subsystem (*nearly final*)
Indexes:

Home | Main Index | Thread Index | Old Index