This is the important fix. The two prior changes are cleanups, but are pretty small. If you wanted to do an EN for 15.0, you could fix the size in the existing memcpy() to use __rangeof(), but this particular sort of bug is why we generally don't use memcpy() for this sort of thing.

emaste added a subscriber: emaste.Fri, Nov 14, 3:22 PM

Hadn't noticed this new revision (Phabricator mail sending seems to be delayed), so reposting the relevant part of the comment I added on D47878 in the meantime:

Indeed. I should have cast the pointers to uintptr_t or ptrdiff_t to avoid that. I don't think the memcpy() is particularly clever, but these structures are not supposed to change often, so explicitly listing all fields another time is not horrible (avoiding this is the real point for using memcpy(), not performance optimization). The really "clever" fix would be to use X macros, but given I'd like to ask for inclusion of a fix in 15.0, let's forget about it for the time being.

Thanks for noticing and the fix! Testing it now.

sys/compat/freebsd32/freebsd32_misc.c
4258	Not necessary, but OK to keep it, which probably even has advantages (removing it might disturb compiler optimizations, and some later modification re-purposing `sc_pad` would trigger a compile error here, reminding the author that he has to do something about it).

jhb added inline comments.Fri, Nov 14, 3:49 PM

sys/compat/freebsd32/freebsd32_misc.c
4258	Yes, I actually only included it to keep the one memcpy(). I would normally do a memset() of the structure to zero and then avoid copying the padding field. The compiler will know to only zero the padding in practice. If you would prefer that I'm happy to adjust it. BTW, the reason I found this bug is that for COMPAT_FREEBSD64 on CheriBSD, the subtraction was between different pointers types as `&sc_supp_groups` was a `uint64_t *`.

olce accepted this revision.Fri, Nov 14, 4:56 PM

olce added inline comments.

sys/compat/freebsd32/freebsd32_misc.c
4258	If you would prefer that I'm happy to adjust it. I'd prefer that, but the current code is also fine so really I'm not insisting. BTW, the reason I found this bug is that for COMPAT_FREEBSD64 on CheriBSD, the subtraction was between different pointers types as `&sc_supp_groups` was a `uint64_t *`. I see. Too bad it happens that, for 32-bit, `sc_uid` and `sc_supp_groups` have compatible types, else I would have got this error as well.

This revision is now accepted and ready to land.Fri, Nov 14, 4:56 PM

olce mentioned this in D53767: setcred(): Fix 32-bit compatibility copy-in.Fri, Nov 14, 8:52 PM

Planning to commit the minimal fix at D53767, is that OK for you?

olce mentioned this in rG4872b48b175c: setcred(): Fix 32-bit compatibility copy-in.Sat, Nov 15, 9:30 AM

olce mentioned this in rG190e6d67953c: setcred(): Fix 32-bit compatibility copy-in.Sat, Nov 15, 3:03 PM

cperciva mentioned this in rGb0447186a624: setcred(): Fix 32-bit compatibility copy-in.Sat, Nov 15, 3:05 PM

brooks accepted this revision.Mon, Nov 17, 10:08 AM

jhb retitled this revision from freebsd32_setcred: Copy all of the setcred fields to freebsd32_setcred: Copy all of the setcred fields individually.Mon, Nov 17, 5:30 PM

jhb edited the summary of this revision. (Show Details)

Rebase

This revision now requires review to proceed.Mon, Nov 17, 5:30 PM

Harbormaster completed remote builds in B68692: Diff 166585.Mon, Nov 17, 5:30 PM

olce accepted this revision.Mon, Nov 17, 5:56 PM

This revision is now accepted and ready to land.Mon, Nov 17, 5:56 PM