From: Linus Torvalds Date: Fri, 15 Sep 2017 00:37:26 +0000 (-0700) Subject: Merge branch 'work.ipc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cc73fee0bae2d66594d1fa2df92bbd783aa98e04;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git Merge branch 'work.ipc' of git://git./linux/kernel/git/viro/vfs Pull ipc compat cleanup and 64-bit time_t from Al Viro: "IPC copyin/copyout sanitizing, including 64bit time_t work from Deepa Dinamani" * 'work.ipc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: utimes: Make utimes y2038 safe ipc: shm: Make shmid_kernel timestamps y2038 safe ipc: sem: Make sem_array timestamps y2038 safe ipc: msg: Make msg_queue timestamps y2038 safe ipc: mqueue: Replace timespec with timespec64 ipc: Make sys_semtimedop() y2038 safe get rid of SYSVIPC_COMPAT on ia64 semtimedop(): move compat to native shmat(2): move compat to native msgrcv(2), msgsnd(2): move compat to native ipc(2): move compat to native ipc: make use of compat ipc_perm helpers semctl(): move compat to native semctl(): separate all layout-dependent copyin/copyout msgctl(): move compat to native msgctl(): split the actual work from copyin/copyout ipc: move compat shmctl to native shmctl: split the work from copyin/copyout --- cc73fee0bae2d66594d1fa2df92bbd783aa98e04 diff --cc include/linux/msg.h index a001305f5a79,05115342daa3..81263fe3f9dc --- a/include/linux/msg.h +++ b/include/linux/msg.h @@@ -29,14 -30,6 +30,6 @@@ struct msg_queue struct list_head q_messages; struct list_head q_receivers; struct list_head q_senders; -}; +} __randomize_layout; - /* Helper routines for sys_msgsnd and sys_msgrcv */ - extern long do_msgsnd(int msqid, long mtype, void __user *mtext, - size_t msgsz, int msgflg); - extern long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, - int msgflg, - long (*msg_fill)(void __user *, struct msg_msg *, - size_t)); - #endif /* _LINUX_MSG_H */ diff --cc ipc/msg.c index df82bc9a5531,0e7ccfc0700b..06be5a9adfa4 --- a/ipc/msg.c +++ b/ipc/msg.c @@@ -1010,8 -1132,30 +1132,30 @@@ SYSCALL_DEFINE5(msgrcv, int, msqid, str return do_msgrcv(msqid, msgp, msgsz, msgtyp, msgflg, do_msg_fill); } + #ifdef CONFIG_COMPAT + static long compat_do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz) + { + struct compat_msgbuf __user *msgp = dest; + size_t msgsz; + + if (put_user(msg->m_type, &msgp->mtype)) + return -EFAULT; + + msgsz = (bufsz > msg->m_ts) ? msg->m_ts : bufsz; + if (store_msg(msgp->mtext, msg, msgsz)) + return -EFAULT; + return msgsz; + } + + COMPAT_SYSCALL_DEFINE5(msgrcv, int, msqid, compat_uptr_t, msgp, + compat_ssize_t, msgsz, compat_long_t, msgtyp, int, msgflg) + { + return do_msgrcv(msqid, compat_ptr(msgp), (ssize_t)msgsz, (long)msgtyp, + msgflg, compat_do_msg_fill); + } + #endif -void msg_init_ns(struct ipc_namespace *ns) +int msg_init_ns(struct ipc_namespace *ns) { ns->msg_ctlmax = MSGMAX; ns->msg_ctlmnb = MSGMNB; @@@ -1035,11 -1178,10 +1179,11 @@@ void msg_exit_ns(struct ipc_namespace * static int sysvipc_msg_proc_show(struct seq_file *s, void *it) { struct user_namespace *user_ns = seq_user_ns(s); - struct msg_queue *msq = it; + struct kern_ipc_perm *ipcp = it; + struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); seq_printf(s, - "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n", + "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10llu %10llu %10llu\n", msq->q_perm.key, msq->q_perm.id, msq->q_perm.mode, diff --cc ipc/sem.c index 013c7981f3c7,f25ea86774c0..f7385bce5fd3 --- a/ipc/sem.c +++ b/ipc/sem.c @@@ -2181,9 -2291,8 +2293,9 @@@ void exit_sem(struct task_struct *tsk static int sysvipc_sem_proc_show(struct seq_file *s, void *it) { struct user_namespace *user_ns = seq_user_ns(s); - struct sem_array *sma = it; + struct kern_ipc_perm *ipcp = it; + struct sem_array *sma = container_of(ipcp, struct sem_array, sem_perm); - time_t sem_otime; + time64_t sem_otime; /* * The proc interface isn't aware of sem_lock(), it calls