musl/src/ipc, branch v1.2.2 musl - an implementation of the standard library for Linux-based systems fix corrupt sysvipc timestamps on 32-bit archs with old kernels 2020-03-15T01:23:37+00:00 Rich Felker dalias@aerifal.cx 2020-03-13T20:27:10+00:00 2b2c8aafce9d80f9d58652643538f4d58e82b856 kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included in release v4.14) silently fixed a bug whereby the reserved space (which was later used for high bits of time) in IPC_STAT structures was left untouched rather than zeroed. this means that a caller that wants to read the high bits needs to pre-zero the memory. since it's not clear that these operations are permitted to modify the destination buffer on failure, use a temp buffer and copy back to the caller's buffer on success. 
kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included
in release v4.14) silently fixed a bug whereby the reserved space
(which was later used for high bits of time) in IPC_STAT structures
was left untouched rather than zeroed. this means that a caller that
wants to read the high bits needs to pre-zero the memory.

since it's not clear that these operations are permitted to modify the
destination buffer on failure, use a temp buffer and copy back to the
caller's buffer on success.
sysvipc: overhaul {sem,shm,msg}ctl for time64 2019-07-31T21:32:01+00:00 Rich Felker dalias@aerifal.cx 2019-07-30T18:51:53+00:00 8b2497047010e199bb04ed45e25a03c6f1e517fa being "ctl" functions that take command numbers, these will be handled like ioctl/sockopt/etc., using new command numbers for the time64 variants with an "IPC_TIME64" bit added to their values. to obtain such a reserved bit, we reuse the IPC_64 bit, 0x100, which served only as part of the libc-to-kernel interface, not as a public interface of the libc functions. using new command numbers avoids the need for compat shims (in ABIs doing time64 through symbol redirection and compat shims) and, by virtue of having a fixed time64 bit for all commands, we can ensure that libc can perform the appropriate translations, even if the application is using new commands from a newer version of the libc headers than the libc available at runtime. for the vast majority of 32-bit archs, the kernel {sem,shm,msq}id64_ds definitions left padding space intended for expanding their time_t fields to 64 bits in-place, and it would have been really nice to be able to do time64 support that way. however the padding was almost always in little-endian order (except on powerpc, and for msqid_ds only on mips, where it matched the arch's byte order), and more importantly, the alignment was overlooked. in semid_ds and msqid_ds, the time_t members were not suitably aligned to be expanded to 64-bit, due to the ipc_perm header consisting of 9 32-bit words -- except on powerpc where ipc_perm contains an extra padding word. in shmid_ds, the time_t members were suitably aligned, except that mips (accidentally?) omitted the padding for them alltogether. as a result, we're stuck with adding new time_t fields on the end of the structures, and assembling the 32-bit lo/hi parts (or 16-bit hi parts, for mips shmid_ds, which lacked sufficient reserved space for full 32-bit hi parts) to fill them in. all of the functional changes here are conditional on the IPC_TIME64 macro having a nonzero definition, which will only happen when IPC_STAT is redefined for 32-bit archs, and on time_t being larger than long, so for now the new code is all dead code. 
being "ctl" functions that take command numbers, these will be handled
like ioctl/sockopt/etc., using new command numbers for the time64
variants with an "IPC_TIME64" bit added to their values. to obtain
such a reserved bit, we reuse the IPC_64 bit, 0x100, which served only
as part of the libc-to-kernel interface, not as a public interface of
the libc functions.

using new command numbers avoids the need for compat shims (in ABIs
doing time64 through symbol redirection and compat shims) and, by
virtue of having a fixed time64 bit for all commands, we can ensure
that libc can perform the appropriate translations, even if the
application is using new commands from a newer version of the libc
headers than the libc available at runtime.

for the vast majority of 32-bit archs, the kernel {sem,shm,msq}id64_ds
definitions left padding space intended for expanding their time_t
fields to 64 bits in-place, and it would have been really nice to be
able to do time64 support that way. however the padding was almost
always in little-endian order (except on powerpc, and for msqid_ds
only on mips, where it matched the arch's byte order), and more
importantly, the alignment was overlooked. in semid_ds and msqid_ds,
the time_t members were not suitably aligned to be expanded to 64-bit,
due to the ipc_perm header consisting of 9 32-bit words -- except on
powerpc where ipc_perm contains an extra padding word. in shmid_ds,
the time_t members were suitably aligned, except that mips
(accidentally?) omitted the padding for them alltogether.

as a result, we're stuck with adding new time_t fields on the end of
the structures, and assembling the 32-bit lo/hi parts (or 16-bit hi
parts, for mips shmid_ds, which lacked sufficient reserved space for
full 32-bit hi parts) to fill them in.

all of the functional changes here are conditional on the IPC_TIME64
macro having a nonzero definition, which will only happen when
IPC_STAT is redefined for 32-bit archs, and on time_t being larger
than long, so for now the new code is all dead code.
fix semctl with SEM_STAT_ANY 2019-07-31T21:25:40+00:00 Rich Felker dalias@aerifal.cx 2019-07-31T21:25:40+00:00 fe5e72ae782238038ba4eaa3e1889e7bd16fecec due to the variadic signature, semctl needs to be made aware of any new commands that take arguments. this was overlooked when commit af55070eae5438476f921d827b7ae49e8141c3fe added SEM_STAT_ANY. 
due to the variadic signature, semctl needs to be made aware of any
new commands that take arguments. this was overlooked when commit
af55070eae5438476f921d827b7ae49e8141c3fe added SEM_STAT_ANY.
move IPC_64 from public bits/ipc.h to syscall_arch.h 2019-07-30T18:23:56+00:00 Rich Felker dalias@aerifal.cx 2019-07-30T17:07:55+00:00 f56d57f8a7aa536d40014933841a8b22f9c10328 the definition of the IPC_64 macro controls the interface between libc and the kernel through syscalls; it's not a public API. the meaning is rather obscure. long ago, Linux's sysvipc *id_ds structures used 16-bit uids/gids and wrong types for a few other fields. this was in the libc5 era, before glibc. the IPC_64 flag (64 is a misnomer; it's more like 32) tells the kernel to use the modern[-ish] versions of the structures. the definition of IPC_64 has nothing to do with whether the arch is 32- or 64-bit. rather, due to either historical accident or intentional obnoxiousness, the kernel only accepts and masks off the 0x100 IPC_64 flag conditional on CONFIG_ARCH_WANT_IPC_PARSE_VERSION, i.e. for archs that want to provide, or that accidentally provided, both. for archs which don't define this option, no masking is performed and commands with the 0x100 bit set will fail as invalid. so ultimately, the definition is just a matter of matching an arbitrary switch defined per-arch in the kernel. 
the definition of the IPC_64 macro controls the interface between libc
and the kernel through syscalls; it's not a public API. the meaning is
rather obscure. long ago, Linux's sysvipc *id_ds structures used
16-bit uids/gids and wrong types for a few other fields. this was in
the libc5 era, before glibc. the IPC_64 flag (64 is a misnomer; it's
more like 32) tells the kernel to use the modern[-ish] versions of the
structures.

the definition of IPC_64 has nothing to do with whether the arch is
32- or 64-bit. rather, due to either historical accident or
intentional obnoxiousness, the kernel only accepts and masks off the
0x100 IPC_64 flag conditional on CONFIG_ARCH_WANT_IPC_PARSE_VERSION,
i.e. for archs that want to provide, or that accidentally provided,
both. for archs which don't define this option, no masking is
performed and commands with the 0x100 bit set will fail as invalid. so
ultimately, the definition is just a matter of matching an arbitrary
switch defined per-arch in the kernel.
semtimedop: add time64 syscall support, decouple 32-bit time_t 2019-07-28T21:28:23+00:00 Rich Felker dalias@aerifal.cx 2019-07-28T21:28:23+00:00 eb2e298cdc814493a6ced8c05cf0d0f5cccc8b63 time64 syscall is used only if it's the only one defined for the arch, or if the requested timeout does not fit in 32 bits. on current 32-bit archs where time_t is a 32-bit type, this makes it statically unreachable. on 64-bit archs, there is no change to the code after preprocessing. on current 32-bit archs, the time is passed via an intermediate copy to remove the assumption that time_t is a 32-bit type. to avoid duplicating SYS_ipc/SYS_semtimedop choice logic, the code for 32-bit archs "falls through" after updating the timeout argument ts to point to a [compound literal] array of longs. in preparation for "time64-only" 32-bit archs, an extra case is added for neither SYS_ipc nor the non-time64 SYS_semtimedop existing; the ENOSYS failure path here should never be reachable, and is added just in case a compiler can't see that it's not reachable, to avoid spurious static analysis complaints. 
time64 syscall is used only if it's the only one defined for the arch,
or if the requested timeout does not fit in 32 bits. on current 32-bit
archs where time_t is a 32-bit type, this makes it statically
unreachable.

on 64-bit archs, there is no change to the code after preprocessing.
on current 32-bit archs, the time is passed via an intermediate copy
to remove the assumption that time_t is a 32-bit type.

to avoid duplicating SYS_ipc/SYS_semtimedop choice logic, the code for
32-bit archs "falls through" after updating the timeout argument ts to
point to a [compound literal] array of longs. in preparation for
"time64-only" 32-bit archs, an extra case is added for neither SYS_ipc
nor the non-time64 SYS_semtimedop existing; the ENOSYS failure path
here should never be reachable, and is added just in case a compiler
can't see that it's not reachable, to avoid spurious static analysis
complaints.
ipc: prefer SYS_ipc when it is defined 2019-07-01T18:17:59+00:00 Szabolcs Nagy nsz@port70.net 2019-05-09T22:49:28+00:00 4acfc287d859bc643c9f9fa63d82e8c90b984d7c Linux v5.1 introduced ipc syscalls on targets where previously only SYS_ipc was available, change the logic such that the ipc code keeps using SYS_ipc which works backward compatibly on older kernels. This changes behaviour on microblaze which had both mechanisms, now SYS_ipc will be used instead of separate syscalls. 
Linux v5.1 introduced ipc syscalls on targets where previously only
SYS_ipc was available, change the logic such that the ipc code keeps
using SYS_ipc which works backward compatibly on older kernels.

This changes behaviour on microblaze which had both mechanisms, now
SYS_ipc will be used instead of separate syscalls.
reduce spurious inclusion of libc.h 2018-09-12T18:34:37+00:00 Rich Felker dalias@aerifal.cx 2018-09-12T04:08:09+00:00 5ce3737931bb411a8d167356d4d0287b53b0cbdc libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway. 
libc.h was intended to be a header for access to global libc state and
related interfaces, but ended up included all over the place because
it was the way to get the weak_alias macro. most of the inclusions
removed here are places where weak_alias was needed. a few were
recently introduced for hidden. some go all the way back to when
libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented)
cancellation points had to include it.

remaining spurious users are mostly callers of the LOCK/UNLOCK macros
and files that use the LFS64 macro to define the awful *64 aliases.

in a few places, new inclusion of libc.h is added because several
internal headers no longer implicitly include libc.h.

declarations for __lockfile and __unlockfile are moved from libc.h to
stdio_impl.h so that the latter does not need libc.h. putting them in
libc.h made no sense at all, since the macros in stdio_impl.h are
needed to use them correctly anyway.
work around broken kernel struct ipc_perm on some big endian archs 2018-06-20T04:07:09+00:00 Rich Felker dalias@aerifal.cx 2018-06-20T04:07:09+00:00 0cd2be231481d68d244662bde25ad9cadbd7221d the mode member of struct ipc_perm is specified by POSIX to have type mode_t, which is uniformly defined as unsigned int. however, Linux defines it with type __kernel_mode_t, and defines __kernel_mode_t as unsigned short on some archs. since there is a subsequent padding field, treating it as a 32-bit unsigned int works on little endian archs, but the order is backwards on big endian archs with the erroneous definition. since multiple archs are affected, remedy the situation with fixup code in the affected functions (shmctl, semctl, and msgctl) rather than repeating the same shims in syscall_arch.h for every affected arch. 
the mode member of struct ipc_perm is specified by POSIX to have type
mode_t, which is uniformly defined as unsigned int. however, Linux
defines it with type __kernel_mode_t, and defines __kernel_mode_t as
unsigned short on some archs. since there is a subsequent padding
field, treating it as a 32-bit unsigned int works on little endian
archs, but the order is backwards on big endian archs with the
erroneous definition.

since multiple archs are affected, remedy the situation with fixup
code in the affected functions (shmctl, semctl, and msgctl) rather
than repeating the same shims in syscall_arch.h for every affected
arch.
fix signed overflow in ftok 2017-08-12T13:09:27+00:00 Daniel Sabogal dsabogalcc@gmail.com 2017-08-12T02:55:22+00:00 511b7042b3844b42a940f1c31436fb04ce93ac19 






semctl: fix UB causing crashes on powerpc
2014-03-13T19:52:34+00:00

rofl0r
retnyg@gmx.net

2014-03-13T19:27:55+00:00

2b47a7aff24bbfbe7ba89fc6d542acc9f5493ae2

it's UB to fetch variadic args when none are passed, and this caused
real crashes on ppc due to its calling convention, which defines that
for variadic functions aggregate types be passed as pointers.
the assignment caused that pointer to get dereferenced, resulting in
a crash.





it's UB to fetch variadic args when none are passed, and this caused
real crashes on ppc due to its calling convention, which defines that
for variadic functions aggregate types be passed as pointers.
the assignment caused that pointer to get dereferenced, resulting in
a crash.