svn commit: r363245 - in stable/12: lib/libc/sys sys/kern

Mark Johnston markj at FreeBSD.org
Thu Jul 16 13:38:21 UTC 2020 

Author: markj
Date: Thu Jul 16 13:38:20 2020
New Revision: 363245
URL: https://svnweb.freebsd.org/changeset/base/363245

Log:
  MFC r363051, r363055:
  Avoid copying out kernel pointers from msgctl/semctl(IPC_STAT).

Modified:
  stable/12/lib/libc/sys/msgctl.2
  stable/12/lib/libc/sys/semctl.2
  stable/12/sys/kern/sysv_msg.c
  stable/12/sys/kern/sysv_sem.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/lib/libc/sys/msgctl.2
==============================================================================
--- stable/12/lib/libc/sys/msgctl.2	Thu Jul 16 13:37:32 2020	(r363244)
+++ stable/12/lib/libc/sys/msgctl.2	Thu Jul 16 13:38:20 2020	(r363245)
@@ -31,7 +31,7 @@
 .\"
 .\" $FreeBSD$
 .\"/
-.Dd July 9, 2009
+.Dd July 9, 2020
 .Dt MSGCTL 2
 .Os
 .Sh NAME
@@ -63,8 +63,6 @@ and contains (amongst others) the following members:
 .Bd -literal
 struct msqid_ds {
 	struct	ipc_perm msg_perm;	/* msg queue permission bits */
-	struct	msg *__msg_first;	/* kernel data, don't use */
-	struct	msg *__msg_last;	/* kernel data, don't use */
 	msglen_t msg_cbytes;	/* number of bytes in use on the queue */
 	msgqnum_t msg_qnum;	/* number of msgs in the queue */
 	msglen_t msg_qbytes;	/* max # of bytes on the queue */

Modified: stable/12/lib/libc/sys/semctl.2
==============================================================================
--- stable/12/lib/libc/sys/semctl.2	Thu Jul 16 13:37:32 2020	(r363244)
+++ stable/12/lib/libc/sys/semctl.2	Thu Jul 16 13:38:20 2020	(r363245)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd February 23, 2018
+.Dd July 9, 2020
 .Dt SEMCTL 2
 .Os
 .Sh NAME
@@ -148,7 +148,6 @@ is defined as follows:
 .Bd -literal
 struct semid_ds {
         struct  ipc_perm sem_perm;      /* operation permission struct */
-        struct  sem *__sem_base;  /* kernel data, don't use */
         u_short sem_nsems;      /* number of sems in set */
         time_t  sem_otime;      /* last operation time */
         time_t  sem_ctime;      /* last change time */

Modified: stable/12/sys/kern/sysv_msg.c
==============================================================================
--- stable/12/sys/kern/sysv_msg.c	Thu Jul 16 13:37:32 2020	(r363244)
+++ stable/12/sys/kern/sysv_msg.c	Thu Jul 16 13:38:20 2020	(r363245)
@@ -615,6 +615,13 @@ kern_msgctl(struct thread *td, int msqid, int cmd, str
 		*msqbuf = msqkptr->u;
 		if (td->td_ucred->cr_prison != msqkptr->cred->cr_prison)
 			msqbuf->msg_perm.key = IPC_PRIVATE;
+
+		/*
+		 * Try to hide the fact that the structure layout is shared by
+		 * both the kernel and userland.  These pointers are not useful
+		 * to userspace.
+		 */
+		msqbuf->__msg_first = msqbuf->__msg_last = NULL;
 		break;
 
 	default:

Modified: stable/12/sys/kern/sysv_sem.c
==============================================================================
--- stable/12/sys/kern/sysv_sem.c	Thu Jul 16 13:37:32 2020	(r363244)
+++ stable/12/sys/kern/sysv_sem.c	Thu Jul 16 13:38:20 2020	(r363245)
@@ -798,6 +798,13 @@ kern_semctl(struct thread *td, int semid, int semnum, 
 		bcopy(&semakptr->u, arg->buf, sizeof(struct semid_ds));
 		if (cred->cr_prison != semakptr->cred->cr_prison)
 			arg->buf->sem_perm.key = IPC_PRIVATE;
+
+		/*
+		 * Try to hide the fact that the structure layout is shared by
+		 * both the kernel and userland.  This pointer is not useful to
+		 * userspace.
+		 */
+		arg->buf->__sem_base = NULL;
 		break;
 
 	case GETNCNT:

More information about the svn-src-all mailing list