From: Chad Reese <creese@caviumnetworks.com>
To: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Subject: Re: 64bit kernel/N32 userspace - shmctl corrupts userspace memory
Date: Tue, 25 Jul 2006 19:30:45 -0700 [thread overview]
Message-ID: <44C6D3D5.9080409@caviumnetworks.com> (raw)
In-Reply-To: <20060726020427.GA21024@linux-mips.org>
compat.c is only included if CONFIG_SYSVIPC_COMPAT is defined. This
isn't anywhere in 2.6.16.26. Is this what you're refering to?
Chad
Ralf Baechle wrote:
> On Tue, Jul 25, 2006 at 05:32:41PM -0700, Chad Reese wrote:
>
>
>>If you're running a 64bit kernel with N32 userspace, shmctl will corrupt
>>memory in userspace. When copy_shmid_to_user() is called, it copies the
>>entire kernel shmid_ds into userspace. For a 64bit kernel, this is 88
>>bytes. In N32 userspace it is 76 bytes.
>>
>>My hack to get around the problem is attached, but I expect someone here
>>will be able to come up with a better fix. shmid_ds contains a lot of
>>members that are marked unused. Are these really useless?
>
>
> Can you try below patch?
>
> Ralf
>
> diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
> index 98abbc5..605d393 100644
> --- a/arch/mips/kernel/scall64-n32.S
> +++ b/arch/mips/kernel/scall64-n32.S
> @@ -150,7 +150,7 @@ EXPORT(sysn32_call_table)
> PTR sys_madvise
> PTR sys_shmget
> PTR sys32_shmat
> - PTR sys_shmctl /* 6030 */
> + PTR compat_sys_shmctl /* 6030 */
> PTR sys_dup
> PTR sys_dup2
> PTR sys_pause
>
--
Chad Reese <kreese@caviumnetworks.com>
Cavium Networks
Phone: 650 - 623 - 7038
Cell: 321 - 438 - 7753
next prev parent reply other threads:[~2006-07-26 2:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-26 0:32 64bit kernel/N32 userspace - shmctl corrupts userspace memory Chad Reese
2006-07-26 2:04 ` Ralf Baechle
2006-07-26 2:30 ` Chad Reese [this message]
2006-07-26 3:13 ` Atsushi Nemoto
2006-07-26 2:07 ` Ralf Baechle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C6D3D5.9080409@caviumnetworks.com \
--to=creese@caviumnetworks.com \
--cc=linux-mips@linux-mips.org \
--cc=ralf@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.