Make sure we restrict Linux only IPC calls from being executed

through the FreeBSD ABI. IPC_INFO, SHM_INFO, SHM_STAT were added specifically for Linux binary support. They are not documented as being a part of the FreeBSD ABI, also, the structures necessary for them have been hidden away from the users for a long time. Also, the Linux ABI layer uses it's own structures to populate the responses back to the user to ensure that the ABI is consistent. I think there is a bit more separation work that needs to happen. Reviewed by: jhb Discussed with: jhb Discussed on: freebsd-arch@ (very briefly) MFC after: 1 month
svn path=/head/; revision=176221
2008-02-12 20:55:03 +00:00 · 2008-02-12 20:55:03 +00:00 · 4f18813f1f · 2020-12-20 02:59:44 +00:00
commit 4f18813f1f
parent b95bd24d29
3 changed files with 22 additions and 4 deletions
--- a/sys/kern/sysv_shm.c
+++ b/sys/kern/sysv_shm.c
@ -545,6 +545,15 @@ kern_shmctl(td, shmid, cmd, buf, bufsz)

 	mtx_lock(&Giant);
 	switch (cmd) {
+	/*
+	 * It is possible that kern_shmctl is being called from the Linux ABI
+	 * layer, in which case, we will need to implement IPC_INFO.  It should
+	 * be noted that other shmctl calls will be funneled through here for
+	 * Linix binaries as well.
+	 *
+	 * NB: The Linux ABI layer will convert this data to structure(s) more
+	 * consistent with the Linux ABI.
+	 */
 	case IPC_INFO:
 		memcpy(buf, &shminfo, sizeof(shminfo));
 		if (bufsz)
@ -639,6 +648,15 @@ shmctl(td, uap)
 	struct shmid_ds buf;
 	size_t bufsz;
 	
+	/*
+	 * The only reason IPC_INFO, SHM_INFO, SHM_STAT exists is to support
+	 * Linux binaries.  If we see the call come through the FreeBSD ABI,
+	 * return an error back to the user since we do not to support this.
+	 */
+	if (uap->cmd == IPC_INFO || uap->cmd == SHM_INFO ||
+	    uap->cmd == SHM_STAT)
+		return (EINVAL);
+
 	/* IPC_SET needs to copyin the buffer before calling kern_shmctl */
 	if (uap->cmd == IPC_SET) {
 		if ((error = copyin(uap->buf, &buf, sizeof(struct shmid_ds))))
@ -651,9 +669,6 @@ shmctl(td, uap)
 	
 	/* Cases in which we need to copyout */
 	switch (uap->cmd) {
-	case IPC_INFO:
-	case SHM_INFO:
-	case SHM_STAT:
 	case IPC_STAT:
 		error = copyout(&buf, uap->buf, bufsz);
 		break;
--- a/sys/sys/ipc.h
+++ b/sys/sys/ipc.h
@ -100,6 +100,9 @@ struct ipc_perm {
 #define	IPC_SET		1	/* set options */
 #define	IPC_STAT	2	/* get options */
 #if __BSD_VISIBLE
+/*
+ * For Linux compatability.
+ */
 #define	IPC_INFO	3	/* get info */
 #endif

--- a/sys/sys/shm.h
+++ b/sys/sys/shm.h
@ -56,7 +56,7 @@
 #define	SHM_LOCK	11
 #define	SHM_UNLOCK	12

-/* ipcs shmctl commands */
+/* ipcs shmctl commands for Linux compatability */
 #define	SHM_STAT	13
 #define	SHM_INFO	14