bug on ppc (and potentially other arches) in setgroups.c

Phil Estes estesp at linux.vnet.ibm.com
Thu Jul 2 02:44:58 UTC 2009 

Before I open a bug, I thought I would look for clarification of what I 
believe I'm seeing in libc/sysdeps/linux/common/setgroups.c.  I think 
it's possible that the code was originally i386-centric and has not been 
updated as other architectures are added.

Background:  the LTP has a testcase "setgroups04"--the purpose of which 
is to try and get a -EFAULT out of the setgroups syscall by passing in a 
known invalid memory value.  This should flow into the kernel and get an 
-EFAULT after a failure of "copy_from_user" of the groups list pointer 
passed to the syscall.

In the case of uClibc on the ppc architecture, this means that the code 
flows through the setgroups "wrapper" in setgroups.c which tries to copy 
the passed-in group array to an array of allocated kernel_gid_t 
structs.   In tracing back through why this might be, it seems to be 
that this code would be for the compat syscall for 16-bit UIDs 
(implemented in the kernel in uid16.c); and therefore the kernel gid_t 
might not match the userspace gid_t; hence the copying.  It tries to 
only use this wrapper if __NR_setgroups32 isn't defined, which it is not 
for ppc.  But, on ppc, there is no 16-bit version or compat version of 
the setgroups syscall; therefore, there should also be no logic to 
attempt to perform the copying, which is really not useful on ppc (and 
potentially other architectures which don't have this setgroups vs. 
setgroups32 syscall issue).

The net result is that on ppc, the access of the invalid memory on line 
52 of setgroups.c 
(http://git.uclibc.org/uClibc/tree/libc/sysdeps/linux/common/setgroups.c) causes 
a segfault in the aforementioned LTP test, instead of an -EFAULT errno 
return as it expects.   If my assumptions are correct (about the copy 
being i386-centric for the compat 16-bit uid form of the setgroups 
syscall), then I think that the #else case for #if defined(__powerpc__) 
should be added that wires setgroups directly to the syscall interface 
instead of the wrapper.  This would at least save the unnecessary copy 
and fix an LTP failure for uClibc on ppc architectures.

Would love feedback from someone who knows this code and its history a 
bit better.

Thanks,
Phil Estes
estesp at linux.vnet.ibm.com

More information about the uClibc mailing list