Received: by 10.192.165.148 with SMTP id m20csp2892269imm;
        Sun, 22 Apr 2018 18:31:50 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+sFdUp7O3lKthF2gdQsGPKcL8G0I9MoPu25AO1iHUigJ6KKgfHzDkkv2YA5TADvM3DYh9S
X-Received: by 10.99.126.9 with SMTP id z9mr15800414pgc.437.1524447110824;
        Sun, 22 Apr 2018 18:31:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524447110; cv=none;
        d=google.com; s=arc-20160816;
        b=wOc/aXCu8JW9acw/BJG95FIGe79yxLt98h+aSUzdMvuKXl8g5hFfMdhWiUeiu3t2qj
         dBhP9iyBH+bwNAp8oJEeDrCmjl62Zy5xzkBRzt5IYapmbt2MhgY2QvqEGmqmXi1/8LHS
         r6CKFt1DWfTkGoP492Xg4i9l+/ikXz07PHQujTV7FNyxxL8ps/gtYmrWYS+Yhh7vwDiT
         bXB9j33gnxB9A+YWub8R7rsDxea+bcrv4Im+UpjbooGVnorqNaA89SbXR+hDMZ1931Za
         ejH0JG2dKgQaNzq0oS43ejgkMxN4XSrxyErcFMc2AM30HqSUg9YnNQ6K22fLFqY/gvyT
         Txtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=cuk6sDX8o7nsauhBQHksN4YSc9yeva33ef5c503AgNM=;
        b=TPFPTibPp0WPU+gHwH0OM8AjZqL/0yrBakne9sJm0jqGb2L/XXUD0B2jnPw+L04V5M
         QrFnqYznrSfztJcguDPYRJFvKmetXyvXjYf3sHF8nGvSNL0H5gNuS42S5P1Tud7EO2pe
         UWtsNIL3ClaVSKe4Gn3LiNIZS10i5ttQaBWL4W+ke1QLYUVW9DcI2U6UlCVEhc+5tXaF
         AoULA5kSJf5IJ39+ZPSXqPzNLFh/2bZUE0b8uDg2u6O5hKqRi7fzX1zc/JvaeNf/qRoX
         aDBkRu6fTNhnMDdglMbNTwGgGqCCWOtVJI6iW9/XY12GzMfqYOWVEUUW83hoGxl8AfLP
         vuMA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=IqdykaSB;
       dkim=fail header.i=@ocallahan-org.20150623.gappssmtp.com header.s=20150623 header.b=mBiG2LZe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1-v6si10641226pld.546.2018.04.22.18.31.36;
        Sun, 22 Apr 2018 18:31:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=IqdykaSB;
       dkim=fail header.i=@ocallahan-org.20150623.gappssmtp.com header.s=20150623 header.b=mBiG2LZe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753894AbeDWBaR (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Sun, 22 Apr 2018 21:30:17 -0400
Received: from mail-lf0-f51.google.com ([209.85.215.51]:44420 "EHLO
        mail-lf0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753821AbeDWBaN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 22 Apr 2018 21:30:13 -0400
Received: by mail-lf0-f51.google.com with SMTP id g203-v6so12455913lfg.11
        for <linux-kernel@vger.kernel.org>; Sun, 22 Apr 2018 18:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:reply-to:sender:from:date:message-id:subject:to:cc;
        bh=cuk6sDX8o7nsauhBQHksN4YSc9yeva33ef5c503AgNM=;
        b=IqdykaSB2Ga1A+0/LNs68A1poOChjBNfUUlKtaKNxkahQ8ox//xN/UKR3Y4ZuR4al+
         ZbelRB5OOxZj4hOE+nYFTbEV4WVvK+ugtRK4uuCix+rxpecC8HXRYr8fY8r9pBCBNHLI
         /6XlKzWcGh2b7C4zu/vSINiSbr4ePDxEnDA+PRX/9zOrM6Vvqrg9sxwzwhbW1Ml1R3Ba
         6quwHsbIvcrkFtPs5ws7/TBJVuwa5r5QJBjKAkWIjc+QT1o8t7EOoqwZ6/NFKN4V31hd
         O2bflgP5dLkbARogp9frjmIltj8ib0QgEpoOJUPA5bwtgdBjL+DY1ItWZ/RztcFWig4h
         tWXg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ocallahan-org.20150623.gappssmtp.com; s=20150623;
        h=mime-version:reply-to:sender:from:date:message-id:subject:to:cc;
        bh=cuk6sDX8o7nsauhBQHksN4YSc9yeva33ef5c503AgNM=;
        b=mBiG2LZeGq2uJ2gcEGVZ4tyl26K6XFRS3DYecDKrFmGeqnX+G7FgXOB3dQAnEppXiw
         Try9L0YHzPZ43UDHCEFRFmP6X60JTT9p0ulyl9MUPOxm3Xd3hfZUaalAF6lhu1X3GZoW
         pUI7wu+FMyNtFPPs071/sulWkoXOgVZjcnZ8227vtsAkCXtoea7j31hEKvcMTyZN8BsV
         G705BeADgb0xoZ7Xd9/7mOT0VNYZe5T8pPOhxiDyPNXD0WPppWgVJtYuuF5Qx3Z+5Olg
         QpdjjK47Q5Ik3LB2Rp3F1mm6esqPga1t3VmJN5emAnwcOTvLD2FeXXZfgK/MsGhpTV9z
         Rwtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:reply-to:sender:from:date
         :message-id:subject:to:cc;
        bh=cuk6sDX8o7nsauhBQHksN4YSc9yeva33ef5c503AgNM=;
        b=YOd+e7LoPM2LVThb9ddIsjEPgmdF8ECIAwLt90Hvu5t4QqInReDX/fF6Gdmv/N9K/1
         lf4gQO1f78mAfVLXGMGRSkEBhXdKrAUWXkwxtZ0Ddphj8DSgOtISRw34rdEA6YYsUvtP
         ax8vtHzqjwPUGPc2iZZGJN9IDxPPruE/dDLJGr3xjvvNYdTX1NOjM6oEEgvaWo8+twjU
         PADpyarPbHohPFyCbS8LluAQgAs9FtLgnoaBLP5VNN93NCgMTp1d3JkCG4z2pxqBnV/P
         IZbXDO2mEFr9zldSFxUdT600sPjLBxi27ugoWe6kCPVQ/mHMD1mi6FdzPAn++VA3K8LX
         mPHQ==
X-Gm-Message-State: ALQs6tBKr1l9pT5xto3ao5QZP+QcrT5ACpz1aZYYlRdQYxsfeb49uG2q
        NdabgvVuzFjwvTCd9UHYTEhWKAAJU5HIWVcuUsD4XNl7
X-Received: by 2002:a19:5348:: with SMTP id h69-v6mr7961136lfb.26.1524447012103;
 Sun, 22 Apr 2018 18:30:12 -0700 (PDT)
MIME-Version: 1.0
Reply-To: robert@ocallahan.org
Received: by 10.46.16.197 with HTTP; Sun, 22 Apr 2018 18:30:11 -0700 (PDT)
From:   "Robert O'Callahan" <robert@ocallahan.org>
Date:   Mon, 23 Apr 2018 13:30:11 +1200
X-Google-Sender-Auth: oOtJoOlclyW_nz5MZyGKLnT2rzU
Message-ID: <CAOp6jLboYSFC+Ms4Bo9PxNB3hpEBhEXwiuBAoe=xBoDMa810yQ@mail.gmail.com>
Subject: regression in 32-bit-compat dev_ioctl due to commit bf4405737f9f85a06db2b0ce5d76a818b61992e2
To:     Al Viro <viro@zeniv.linux.org.uk>
Cc:     LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The commit says

    Once upon a time net/socket.c:dev_ifsioc() used to handle SIOCSHWTSTAMP and
    SIOCSIFMAP.  These have different native and compat layout, so the format
    conversion had been needed.  In 2009 these two cases had been taken out,
    turning the rest into a convoluted way to calling sock_do_ioctl().  We copy
    compat structure into native one, call sock_do_ioctl() on that and copy
    the result back for the in/out ioctls.  No layout transformation anywhere,
    so we might as well just call sock_do_ioctl() and skip all the headache with
    copying.

However there is one problem: 32-bit 'struct ifreq' and 64-bit 'struct
ifreq' are not the same size. The former is 32 bytes and the latter is
40 bytes. Thus, if you place a 32-bit 'struct ifreq' immediately
before an unmapped page and try to pass it to one of these ioctls, the
syscall fails with EFAULT due to this commit.

More details including test program in
https://bugzilla.kernel.org/show_bug.cgi?id=199469.

I found this bug running the rr test suite.

Thanks,
Rob
-- 
Su ot deraeppa sah dna Rehtaf eht htiw saw hcihw, efil lanrete eht uoy
ot mialcorp ew dna, ti ot yfitset dna ti nees evah ew; deraeppa efil
eht. Efil fo Drow eht gninrecnoc mialcorp ew siht - dehcuot evah sdnah
ruo dna ta dekool evah ew hcihw, seye ruo htiw nees evah ew hcihw,
draeh evah ew hcihw, gninnigeb eht morf saw hcihw taht.