svn commit: r363245 - in stable/12: lib/libc/sys sys/kern
Mark Johnston
markj at FreeBSD.org
Thu Jul 16 13:38:21 UTC 2020
Author: markj
Date: Thu Jul 16 13:38:20 2020
New Revision: 363245
URL: https://svnweb.freebsd.org/changeset/base/363245
Log:
MFC r363051, r363055:
Avoid copying out kernel pointers from msgctl/semctl(IPC_STAT).
Modified:
stable/12/lib/libc/sys/msgctl.2
stable/12/lib/libc/sys/semctl.2
stable/12/sys/kern/sysv_msg.c
stable/12/sys/kern/sysv_sem.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/lib/libc/sys/msgctl.2
==============================================================================
--- stable/12/lib/libc/sys/msgctl.2 Thu Jul 16 13:37:32 2020 (r363244)
+++ stable/12/lib/libc/sys/msgctl.2 Thu Jul 16 13:38:20 2020 (r363245)
@@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"/
-.Dd July 9, 2009
+.Dd July 9, 2020
.Dt MSGCTL 2
.Os
.Sh NAME
@@ -63,8 +63,6 @@ and contains (amongst others) the following members:
.Bd -literal
struct msqid_ds {
struct ipc_perm msg_perm; /* msg queue permission bits */
- struct msg *__msg_first; /* kernel data, don't use */
- struct msg *__msg_last; /* kernel data, don't use */
msglen_t msg_cbytes; /* number of bytes in use on the queue */
msgqnum_t msg_qnum; /* number of msgs in the queue */
msglen_t msg_qbytes; /* max # of bytes on the queue */
Modified: stable/12/lib/libc/sys/semctl.2
==============================================================================
--- stable/12/lib/libc/sys/semctl.2 Thu Jul 16 13:37:32 2020 (r363244)
+++ stable/12/lib/libc/sys/semctl.2 Thu Jul 16 13:38:20 2020 (r363245)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 23, 2018
+.Dd July 9, 2020
.Dt SEMCTL 2
.Os
.Sh NAME
@@ -148,7 +148,6 @@ is defined as follows:
.Bd -literal
struct semid_ds {
struct ipc_perm sem_perm; /* operation permission struct */
- struct sem *__sem_base; /* kernel data, don't use */
u_short sem_nsems; /* number of sems in set */
time_t sem_otime; /* last operation time */
time_t sem_ctime; /* last change time */
Modified: stable/12/sys/kern/sysv_msg.c
==============================================================================
--- stable/12/sys/kern/sysv_msg.c Thu Jul 16 13:37:32 2020 (r363244)
+++ stable/12/sys/kern/sysv_msg.c Thu Jul 16 13:38:20 2020 (r363245)
@@ -615,6 +615,13 @@ kern_msgctl(struct thread *td, int msqid, int cmd, str
*msqbuf = msqkptr->u;
if (td->td_ucred->cr_prison != msqkptr->cred->cr_prison)
msqbuf->msg_perm.key = IPC_PRIVATE;
+
+ /*
+ * Try to hide the fact that the structure layout is shared by
+ * both the kernel and userland. These pointers are not useful
+ * to userspace.
+ */
+ msqbuf->__msg_first = msqbuf->__msg_last = NULL;
break;
default:
Modified: stable/12/sys/kern/sysv_sem.c
==============================================================================
--- stable/12/sys/kern/sysv_sem.c Thu Jul 16 13:37:32 2020 (r363244)
+++ stable/12/sys/kern/sysv_sem.c Thu Jul 16 13:38:20 2020 (r363245)
@@ -798,6 +798,13 @@ kern_semctl(struct thread *td, int semid, int semnum,
bcopy(&semakptr->u, arg->buf, sizeof(struct semid_ds));
if (cred->cr_prison != semakptr->cred->cr_prison)
arg->buf->sem_perm.key = IPC_PRIVATE;
+
+ /*
+ * Try to hide the fact that the structure layout is shared by
+ * both the kernel and userland. This pointer is not useful to
+ * userspace.
+ */
+ arg->buf->__sem_base = NULL;
break;
case GETNCNT:
More information about the svn-src-all
mailing list