From 452e85b68cbd3266ab9d10e21a6c6fbe7091cfe0 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Thu, 16 Jul 2020 03:37:10 -0700 Subject: [PATCH] [PATCH] nptl: Zero-extend arguments to SETXID syscalls [BZ #26248] nptl has /* Opcodes and data types for communication with the signal handler to change user/group IDs. */ struct xid_command { int syscall_no; long int id[3]; volatile int cntr; volatile int error; }; /* This must be last, otherwise the current thread might not have permissions to send SIGSETXID syscall to the other threads. */ result = INTERNAL_SYSCALL_NCS (cmdp->syscall_no, 3, cmdp->id[0], cmdp->id[1], cmdp->id[2]); But the second argument of setgroups syscal is a pointer: int setgroups(size_t size, const gid_t *list); But on x32, pointers passed to syscall must have pointer type so that they will be zero-extended. The kernel XID arguments are unsigned and do not require sign extension. Change xid_command to struct xid_command { int syscall_no; unsigned long int id[3]; volatile int cntr; volatile int error; }; so that all arguments are zero-extended. A testcase is added for x32 and setgroups returned with EFAULT when running as root without the fix. Gbp-Pq: Topic x32 Gbp-Pq: Name submitted-fix-nptl-setgroups-x32.diff --- nptl/descr.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nptl/descr.h b/nptl/descr.h index 9dcf480bd..650331ad6 100644 --- a/nptl/descr.h +++ b/nptl/descr.h @@ -94,7 +94,13 @@ struct pthread_unwind_buf struct xid_command { int syscall_no; - long int id[3]; + /* Enforce zero-extension for the pointer argument in + + int setgroups(size_t size, const gid_t *list); + + The kernel XID arguments are unsigned and do not require sign + extension. */ + unsigned long int id[3]; volatile int cntr; volatile int error; /* -1: no call yet, 0: success seen, >0: error seen. */ }; -- 2.30.2