[SPARC64]: Fix bugs in SYSV IPC handling in 64-bit processes. (7379b42b) · Commits · 戴 / test

Thanks to Tom Callaway for the excellent bug report and test case. sys_ipc() has several problems, most to due with semaphore call handling: 1) 'err' return should be a 'long' 2) "union semun" is passed in a register on 64-bit compared to 32-bit which provides it on the stack and therefore by reference 3) Second and third arguments to SEMCTL are swapped compared to 32-bit. Signed-off-by:

David S. Miller <davem@davemloft.net>

arch/sparc64/kernel/sys_sparc.c

+4 −11

Original line number	Diff line number	Diff line
		@@ -436,7 +436,7 @@ out:
		asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
		unsigned long third, void __user *ptr, long fifth)
		{
		int err;
		long err;

		/* No need for backward compatibility. We can start fresh... */
		if (call <= SEMCTL) {
		@@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
		err = sys_semget(first, (int)second, (int)third);
		goto out;
		case SEMCTL: {
		union semun fourth;
		err = -EINVAL;
		if (!ptr)
		goto out;
		err = -EFAULT;
		if (get_user(fourth.__pad,
		(void __user * __user *) ptr))
		goto out;
		err = sys_semctl(first, (int)second \| IPC_64,
		(int)third, fourth);
		err = sys_semctl(first, third,
		(int)second \| IPC_64,
		(union semun) ptr);
		goto out;
		}
		default:

Admin message