On Mon, Apr 24, 2023 at 9:08 PM Waldek Kozaczuk <[email protected]>
wrote:
>
>
>
>
>>> 1. Fixing a potential bug in handling TCGETS in the console driver.
>>>
>>> I'm curious what this bug was - I am personally fond of this area of
>> this code, as you can see from the history
>> lesson in drivers/line-discipline.cc :-)
>>
> I think it may have to do with some size difference of the termios struct
> between glibc and OSv. The symptom seemed to be a corrupted stack after
> ioctl syscall call that ended up calling the code to handle TCGETS. This
> change seems to fix it:
>
> --- a/drivers/console.cc
>
> +++ b/drivers/console.cc
>
> @@ -68,7 +68,16 @@ console_ioctl(u_long request, void *arg)
>
> {
>
> switch (request) {
>
> case TCGETS:
>
> - *static_cast<termios*>(arg) = tio;
>
> + //*static_cast<termios*>(arg) = tio;
>
> + {
>
> + termios *in = static_cast<termios*>(arg);
>
> + in->c_iflag = tio.c_iflag;
>
> + in->c_oflag = tio.c_oflag;
>
> + in->c_cflag = tio.c_cflag;
>
> + in->c_lflag = tio.c_lflag;
>
> + in->c_line = tio.c_line;
>
> + }
>
> return 0;
>
> I think I have missed the c_cc field.
>
> Here is the relevant code in glibc -
> https://github.com/bminor/glibc/blob/ae612c45efb5e34713859a5facf92368307efb6e/sysdeps/unix/sysv/linux/tcgetattr.c
>
Ok, I think I know what's going on.
OSv's "struct termios" from include/api/termios.h is identical to that
which gcc defines in /usr/include/bits/termios-struct.h,
But looking at the code above, it turns out that glibc does NOT assume that
the kernel uses this termios structure, but something else called
__kernel_termios
So although our tcgetattr() function should return our usual termios
structure as-is, TCGETS should do something different - it should write a
__kernel_termios structure.
I think _kernel_termios is ktermios that you have in
/usr/include/asm-generic/termbits.h - you can see there that NCCS (the
number of control characters) is lower, just 19 instead of 32, which
explains the overflow you noticed.
I think the fix is simple - just copy a part of the termios struct - only
up to the 19th c_cc member, not the whole thing.
Nadav.
--
You received this message because you are subscribed to the Google Groups "OSv
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/osv-dev/CANEVyjvWQgtbqas_qbznRhGRpNOheEJMBfuhhVa9snSQoA1vjg%40mail.gmail.com.
