[Fwd: sysv ipc semctl() fix for sparc64]

Fabio Massimo Di Nitto fabbione at ubuntu.com
Wed Oct 10 10:35:38 UTC 2007


Can you please guys apply to gutsy if there is another uploading going in before
release or in first gutsy kernel update?

(or pull from
git://git.kernel.org/pub/scm/linux/kernel/git/davem/ldom-2.6.22.git - you
already have all the other commits in the current gutsy tree)

Thanks
Fabio

PS i am not subbed to the list. CC me on reply.

-------- Original Message --------
Subject: sysv ipc semctl() fix for sparc64
Date: Wed, 10 Oct 2007 03:23:38 -0700 (PDT)
From: David Miller <davem at davemloft.net>
To: fabbione at ubuntu.com


Just FYI, I checked the following fix into ldom2622 for you
guys.  It fixes a bug spotted by Tom Callaway, semctl() for
64-bit applications is totally busted.

Take care.

>From 6536a6b331d3225921c398eb7c6e4ecedb9b05e0 Mon Sep 17 00:00:00 2001
From: David S. Miller <davem at sunset.davemloft.net>
Date: Tue, 9 Oct 2007 20:56:31 -0700
Subject: [PATCH] [SPARC64]: Fix bugs in SYSV IPC handling in 64-bit processes.

Thanks to Tom Callaway for the excellent bug report and
test case.

sys_ipc() has several problems, most to due with semaphore
call handling:

1) 'err' return should be a 'long'
2) "union semun" is passed in a register on 64-bit compared
   to 32-bit which provides it on the stack and therefore
   by reference
3) Second and third arguments to SEMCTL are swapped compared
   to 32-bit.

Signed-off-by: David S. Miller <davem at davemloft.net>
---
 arch/sparc64/kernel/sys_sparc.c |   15 ++++-----------
 1 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
index d108eeb..0d5c502 100644
--- a/arch/sparc64/kernel/sys_sparc.c
+++ b/arch/sparc64/kernel/sys_sparc.c
@@ -436,7 +436,7 @@ out:
 asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
 			unsigned long third, void __user *ptr, long fifth)
 {
-	int err;
+	long err;

 	/* No need for backward compatibility. We can start fresh... */
 	if (call <= SEMCTL) {
@@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first,
unsigned long second,
 			err = sys_semget(first, (int)second, (int)third);
 			goto out;
 		case SEMCTL: {
-			union semun fourth;
-			err = -EINVAL;
-			if (!ptr)
-				goto out;
-			err = -EFAULT;
-			if (get_user(fourth.__pad,
-				     (void __user * __user *) ptr))
-				goto out;
-			err = sys_semctl(first, (int)second | IPC_64,
-					 (int)third, fourth);
+			err = sys_semctl(first, third,
+					 (int)second | IPC_64,
+					 (union semun) ptr);
 			goto out;
 		}
 		default:
-- 
1.5.3.3

-- 
I'm going to make him an offer he can't refuse.




More information about the kernel-team mailing list