If you're running a 64bit kernel with N32 userspace, shmctl will corrupt memory in userspace. When copy_shmid_to_user() is called, it copies the entire kernel shmid_ds into userspace. For a 64bit kernel, this is 88 bytes. In N32 userspace it is 76 bytes. My hack to get around the problem is attached, but I expect someone here will be able to come up with a better fix. shmid_ds contains a lot of members that are marked unused. Are these really useless? Chad
Index: linux/ipc/shm.c =================================================================== RCS file: /repository/octsw/linux/kernel_2.6/linux/ipc/shm.c,v retrieving revision 1.1.1.6 retrieving revision 1.2 diff -u -r1.1.1.6 -r1.2 --- linux/ipc/shm.c 7 Jun 2006 19:19:51 -0000 1.1.1.6 +++ linux/ipc/shm.c 22 Jul 2006 02:26:11 -0000 1.2 @@ -321,7 +321,11 @@ out.shm_lpid = in->shm_lpid; out.shm_nattch = in->shm_nattch; - return copy_to_user(buf, &out, sizeof(out)); + /* Use offsetof() instead of sizeof() since N32 userspace has a + different size including the unused fields. This just copies + what is used. The old method would corrupt data after the + structure */ + return copy_to_user(buf, &out, offsetof(struct shmid_ds, shm_unused2)); } default: return -EINVAL;
