Hi Michael,
i sent out a fix for this two times now (along the lines you propose).
Nobody seems to care...
Fix is attached.
Regards,
Clemens
Michael Elizabeth Chastain wrote:
>
> Hello *,
>
> I'm looking at the wait queue changes in 2.3.1, and I noticed that one of the
> modified structures is "struct msqid_ds" in include/linux/msg.h.
>
> "struct msqid_ds" is part of the userland-visible ABI; that is why it appears
> above the __KERNEL__ line. It is used in file ipc/msg.c, function sys_msgctl,
> cases MSG_STAT, IPC_SET, and IPC_STAT. Some of the values copied between
> kernel and user space are located after parts of the structure that have
> changed size, so they now have different offsets!
>
> I think the canonical fix for this is to have two structures:
>
> struct user_msqid_ds /* userland layout, outside __KERNEL__ */
> struct kernel_msqid_ds /* kernel layout, inside __KERNEL__ */
>
> In user_msqid_ds, "wwait" and "rwait" should be void pointers, for
> compatibility with 2.2
>
> But I'm not attached to any particular solution. I just want to flag the
> problem.
>
> Note: keep an eye on the sparc32 code, which already does one level of
> translation (and I believe it works correctly at the moment, good job). Make
> sure that it keeps translating to the same structure that sys_msgctl accepts!
>
> Also, I checked out all the other structures affected in 2.3.1, and none
> of them triggered me to say "hmmm I remember entering that in my giant
> list of ABI Data Types". It's unusual for a wait-queue pointer to be
> in an ABI structure.
>
> Michael Elizabeth Chastain
> <mailto:mec@shout.net>
> "love without fear"
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
--------------CC448369B7C39732C9BAAAD0
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mozilla-Status2: 00000000
Message-ID: <37523C0E.CEAD1C57@att.net>
Date: Mon, 31 May 1999 00:36:46 -0700
From: Clemens Huebner <clemens.huebner@att.net>
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.3.3 i586)
X-Accept-Language: en, de
MIME-Version: 1.0
To: Linux Kernel Mailinglist <linux-kernel@vger.rutgers.edu>,
Linus Torvalds <torvalds@transmeta.com>
Subject: IPC msgctl MSG_STAT broken, fix proposal attached
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
i just joined the list, so i don't know whether someone else already
fixed this:
The message queue changes in 2.3.3 breaks the MSG_STAT function of the
msgctl ipc
userland function (segmentation fault due to buffer flow).
There are two possibilities to fix this:
1) change all userland programs to use the new msqid_ds structure. That
would be a major
hassle and have no real advantages
2) change the kernel to put out the structure with the old offsets.
Since the changed
fields are not copied out anyways, there is no drawback (except for
increasing
kernel source sice.
Clemens
Here's the patch:
diff -ur linux/include/linux/msg.h linux.new/include/linux/msg.h
--- linux/include/linux/msg.h Sat May 15 16:34:43 1999
+++ linux.new/include/linux/msg.h Sat May 29 21:03:42 1999
@@ -27,6 +27,25 @@
__kernel_ipc_pid_t msg_lspid; /* pid of last msgsnd */
__kernel_ipc_pid_t msg_lrpid; /* last receive pid */
};
+/* to keep compatibility with ipc msgctl syscall, keep old msqid_ds
+ struct */
+struct msqid_u_ds
+{
+ struct ipc_perm msg_perm;
+ struct msg *__msg_first;
+ struct msg *__msg_last;
+ __kernel_time_t msg_stime;
+ __kernel_time_t msg_rtime;
+ __kernel_time_t msg_ctime;
+ void *__wwait; /* not transmitted to userland */
+ void *__rwait; /* not transmitted to userland */
+ unsigned short int msg_cbytes;
+ unsigned short int msg_qnum;
+ unsigned short int msg_qbytes;
+ __kernel_ipc_pid_t msg_lspid;
+ __kernel_ipc_pid_t msg_lrpid;
+};
+
/* message buffer for msgsnd and msgrcv calls */
struct msgbuf {
@@ -73,7 +92,7 @@
asmlinkage int sys_msgsnd (int msqid, struct msgbuf *msgp, size_t
msgsz, int ms
gflg);
asmlinkage int sys_msgrcv (int msqid, struct msgbuf *msgp, size_t
msgsz, long m
sgtyp,
int msgflg);
-asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_ds *buf);
+asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_u_ds *buf);
#endif /* __KERNEL__ */
diff -ur linux/ipc/msg.c linux.new/ipc/msg.c
--- linux/ipc/msg.c Sat May 29 16:50:49 1999
+++ linux.new/ipc/msg.c Sat May 29 19:41:39 1999
@@ -352,11 +352,11 @@
kfree(msq);
}
-asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_ds *buf)
+asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_u_ds *buf)
{
int id, err = -EINVAL;
struct msqid_ds *msq;
- struct msqid_ds tbuf;
+ struct msqid_u_ds tbuf;
struct ipc_perm *ipcp;
printk("msgctl: %d %d %p\n",msqid,cmd,buf);
--------------CC448369B7C39732C9BAAAD0--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/