Re: [PATCH] eventfd: strictly check the count parameter of eventfd_write to avoid inputting illegal strings
From: Christian Brauner
Date: Wed Feb 07 2024 - 04:59:08 EST
On Wed, Feb 07, 2024 at 12:35:18AM +0800, wenyang.linux@xxxxxxxxxxx wrote:
> From: Wen Yang <wenyang.linux@xxxxxxxxxxx>
>
> Since eventfd's document has clearly stated: A write(2) call adds
> the 8-byte integer value supplied in its buffer to the counter.
>
> However, in the current implementation, the following code snippet
> did not cause an error:
>
> char str[16] = "hello world";
> uint64_t value;
> ssize_t size;
> int fd;
>
> fd = eventfd(0, 0);
> size = write(fd, &str, strlen(str));
> printf("eventfd: test writing a string, size=%ld\n", size);
> size = read(fd, &value, sizeof(value));
> printf("eventfd: test reading as uint64, size=%ld, valus=0x%lX\n",
> size, value);
>
> close(fd);
>
> And its output is:
> eventfd: test writing a string, size=8
> eventfd: test reading as uint64, size=8, valus=0x6F77206F6C6C6568
>
> By checking whether count is equal to sizeof(ucnt), such errors
> could be detected. It also follows the requirements of the manual.
>
> Signed-off-by: Wen Yang <wenyang.linux@xxxxxxxxxxx>
> Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
> Cc: Jens Axboe <axboe@xxxxxxxxx>
> Cc: Christian Brauner <brauner@xxxxxxxxxx>
> Cc: Jan Kara <jack@xxxxxxx>
> Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
> Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
> Cc: <linux-fsdevel@xxxxxxxxxxxxxxx>
> Cc: <linux-kernel@xxxxxxxxxxxxxxx>
> ---
Seems sensible but has the potential to break users that rely on this
but then again glibc already enforces a 64bit value via eventfd_write()
and eventfd_read().