Re: 64bit kernel/N32 userspace - shmctl corrupts userspace memory

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ralf Baechle <ralf@linux-mips.org>
To: Chad Reese <creese@caviumnetworks.com.redhat.com>
Cc: linux-mips@linux-mips.org
Subject: Re: 64bit kernel/N32 userspace - shmctl corrupts userspace memory
Date: Tue, 25 Jul 2006 22:04:27 -0400	[thread overview]
Message-ID: <20060726020427.GA21024@linux-mips.org> (raw)
In-Reply-To: <44C6B829.8050508@caviumnetworks.com>

On Tue, Jul 25, 2006 at 05:32:41PM -0700, Chad Reese wrote:

> If you're running a 64bit kernel with N32 userspace, shmctl will corrupt
> memory in userspace. When copy_shmid_to_user() is called, it copies the
> entire kernel shmid_ds into userspace. For a 64bit kernel, this is 88
> bytes. In N32 userspace it is 76 bytes.
> 
> My hack to get around the problem is attached, but I expect someone here
> will be able to come up with a better fix. shmid_ds contains a lot of
> members that are marked unused. Are these really useless?

Can you try below patch?

  Ralf

diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
index 98abbc5..605d393 100644
--- a/arch/mips/kernel/scall64-n32.S
+++ b/arch/mips/kernel/scall64-n32.S
@@ -150,7 +150,7 @@ EXPORT(sysn32_call_table)
 	PTR	sys_madvise
 	PTR	sys_shmget
 	PTR	sys32_shmat
-	PTR	sys_shmctl			/* 6030 */
+	PTR	compat_sys_shmctl		/* 6030 */
 	PTR	sys_dup
 	PTR	sys_dup2
 	PTR	sys_pause

next prev parent reply	other threads:[~2006-07-26  2:05 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-26  0:32 64bit kernel/N32 userspace - shmctl corrupts userspace memory Chad Reese
2006-07-26  2:04 ` Ralf Baechle [this message]
2006-07-26  2:30   ` Chad Reese
2006-07-26  3:13     ` Atsushi Nemoto
2006-07-26  2:07 ` Ralf Baechle

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:98abbc5 dfblob:605d393 )
 OR (
bs:"Re: 64bit kernel/N32 userspace - shmctl corrupts userspace memory" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060726020427.GA21024@linux-mips.org \
    --to=ralf@linux-mips.org \
    --cc=creese@caviumnetworks.com.redhat.com \
    --cc=linux-mips@linux-mips.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.