Here is the smoking gun from 2.3.1:
diff -u --recursive --new-file v2.3.0/linux/include/linux/msg.h linux/include/linux/msg.h
--- v2.3.0/linux/include/linux/msg.h Sun Dec 27 22:19:28 1998
+++ linux/include/linux/msg.h Tue May 11 14:37:40 1999
@@ -19,8 +19,8 @@
__kernel_time_t msg_stime; /* last msgsnd time */
__kernel_time_t msg_rtime; /* last msgrcv time */
__kernel_time_t msg_ctime; /* last change time */
- struct wait_queue *wwait;
- struct wait_queue *rwait;
+ wait_queue_head_t wwait;
+ wait_queue_head_t rwait;
unsigned short msg_cbytes; /* current number of bytes on queue */
unsigned short msg_qnum; /* number of messages in queue */
unsigned short msg_qbytes; /* max number of bytes on queue */
This is in the middle of 'struct msqid_ds' which is exported to user
space.
Here is an outline of a solution:
(1) Copy the structure. 'struct msqid_ds' has to remain available to
user space forever as part of source compatibility. Name the new
one 'struct kernel_msqid_ds' and put it inside the __KERNEL__ line.
(2) In 'struct msqid_ds', make wwait and rwait have type 'void *'.
(3) Carefully change ipc/msg.c to create msqid_ds and copy them to
to user space. This is not much code but just a matter of keeping
the types and pointers straight.
(4) Do "grep -r -l msqid_ds *" at the top of the tree. Pay particular
attention to functions which CALL sys_msgctl, as they still have to
use msqid_ds, not kernel_msqid_ds. arch/sparc64/kernel/sys_sparc32.c,
arch/sparc64/kernel/sys_sunos32.c, in particular.
Someone can write this up, or I can write it up this weekend. I already
have a patch from Clemens Huebner but it doesn't handle (4) at all,
it will break sparc64.
And then after that:
(5) The Stallion character drivers have the same problem.
(6) People who copy structures to and from user space, please make real
ABI structures, don't copy arbitrary kernel structures that have
internal data types in them like wait queues. Because then this
problem happens.
Michael Elizabeth Chastain
<mailto:mec@shout.net>
"love without fear"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/