Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/sys Fix stupid bugs in linux_sys_shmctl(): the index cou...
details: https://anonhg.NetBSD.org/src/rev/f4fa099be080
branches: trunk
changeset: 1002983:f4fa099be080
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Aug 23 10:22:14 2019 +0000
description:
Fix stupid bugs in linux_sys_shmctl(): the index could be out of bound
(page fault) and there was no proper locking.
Maybe we should just remove LINUX_SHM_STAT, like compat_linux32.
diffstat:
sys/compat/linux/common/linux_ipc.c | 10 +++++++---
sys/kern/sysv_shm.c | 24 ++++++++++++++++++++++--
sys/sys/shm.h | 4 +++-
3 files changed, 32 insertions(+), 6 deletions(-)
diffs (101 lines):
diff -r 1db329bf25ea -r f4fa099be080 sys/compat/linux/common/linux_ipc.c
--- a/sys/compat/linux/common/linux_ipc.c Fri Aug 23 09:41:26 2019 +0000
+++ b/sys/compat/linux/common/linux_ipc.c Fri Aug 23 10:22:14 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_ipc.c,v 1.56 2019/02/21 03:37:18 mrg Exp $ */
+/* $NetBSD: linux_ipc.c,v 1.57 2019/08/23 10:22:15 maxv Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.56 2019/02/21 03:37:18 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.57 2019/08/23 10:22:15 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_sysv.h"
@@ -568,6 +568,7 @@
syscallarg(struct linux_shmid_ds *) buf;
} */
struct shmid_ds bs;
+ struct ipc_perm perm;
struct linux_shmid_ds ls;
struct linux_shmid64_ds ls64;
struct linux_shminfo64 lsi64;
@@ -582,7 +583,10 @@
switch (cmd & ~LINUX_IPC_64) {
case LINUX_SHM_STAT:
- shmid = IXSEQ_TO_IPCID(shmid, shmsegs[shmid].shm_perm);
+ error = shm_find_segment_perm_by_index(shmid, &perm);
+ if (error)
+ return error;
+ shmid = IXSEQ_TO_IPCID(shmid, perm);
retval[0] = shmid;
/*FALLTHROUGH*/
diff -r 1db329bf25ea -r f4fa099be080 sys/kern/sysv_shm.c
--- a/sys/kern/sysv_shm.c Fri Aug 23 09:41:26 2019 +0000
+++ b/sys/kern/sysv_shm.c Fri Aug 23 10:22:14 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sysv_shm.c,v 1.137 2019/08/07 00:38:02 pgoyette Exp $ */
+/* $NetBSD: sysv_shm.c,v 1.138 2019/08/23 10:22:14 maxv Exp $ */
/*-
* Copyright (c) 1999, 2007 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.137 2019/08/07 00:38:02 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.138 2019/08/23 10:22:14 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_sysv.h"
@@ -121,6 +121,26 @@
static int shmrealloc(int);
/*
+ * Find the shared memory segment permission by the index. Only used by
+ * compat_linux to implement SHM_STAT.
+ */
+int
+shm_find_segment_perm_by_index(int index, struct ipc_perm *perm)
+{
+ struct shmid_ds *shmseg;
+
+ mutex_enter(&shm_lock);
+ if (index < 0 || index >= shminfo.shmmni) {
+ mutex_exit(&shm_lock);
+ return EINVAL;
+ }
+ shmseg = &shmsegs[index];
+ memcpy(perm, &shmseg->shm_perm, sizeof(*perm));
+ mutex_exit(&shm_lock);
+ return 0;
+}
+
+/*
* Find the shared memory segment by the identifier.
* => must be called with shm_lock held;
*/
diff -r 1db329bf25ea -r f4fa099be080 sys/sys/shm.h
--- a/sys/sys/shm.h Fri Aug 23 09:41:26 2019 +0000
+++ b/sys/sys/shm.h Fri Aug 23 10:22:14 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: shm.h,v 1.53 2019/08/07 00:38:02 pgoyette Exp $ */
+/* $NetBSD: shm.h,v 1.54 2019/08/23 10:22:14 maxv Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -178,6 +178,8 @@
void shmexit(struct vmspace *);
int shmctl1(struct lwp *, int, int, struct shmid_ds *);
+int shm_find_segment_perm_by_index(int, struct ipc_perm *);
+
extern void (*uvm_shmexit)(struct vmspace *);
extern void (*uvm_shmfork)(struct vmspace *, struct vmspace *);
Home |
Main Index |
Thread Index |
Old Index