panic for msgctl(2) + IPC_STAT under compat netbsd32

To: NetBSD kernel <tech-kern%netbsd.org@localhost>
Subject: panic for msgctl(2) + IPC_STAT under compat netbsd32
From: Nicolas Joly <njoly%pasteur.fr@localhost>
Date: Fri, 23 May 2008 17:41:40 +0200

Hi,

I just encountered a kernel panic while using msgctl(2) IPC_STAT under
compat netbsd32 (same apply for IPC_SET) ...

topped in pid 460.1 (msgctl) at netbsd:netbsd32___msgctl13+0xa4:        movq    
 0(%rdx),%rax
db{1}> bt
netbsd32___msgctl13() at netbsd:netbsd32___msgctl13+0xa4
netbsd32_syscall() at netbsd:netbsd32_syscall+0xc6

The problem comes from netbsd32 <-> native msqid_ds conversion
... netbsd32_from_msqid_ds()/netbsd32_to_msqid_ds() wants to update
all fields, including the private ones. But 2 of them (_msg_first and
_msg_last) are pointers to struct and do not really exists when
interacting with userland.

The attached patch which simply remove the _msg_first/_msg_last
structures updates fix the problem.

Is it ok, or is there a better way to solve it ?

-- 
Nicolas Joly

Biological Software and Databanks.
Institut Pasteur, Paris.

Index: sys/compat/netbsd32/netbsd32_conv.h
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_conv.h,v
retrieving revision 1.17
diff -u -p -r1.17 netbsd32_conv.h
--- sys/compat/netbsd32/netbsd32_conv.h 4 Dec 2007 18:40:19 -0000       1.17
+++ sys/compat/netbsd32/netbsd32_conv.h 23 May 2008 15:06:25 -0000
@@ -460,8 +460,6 @@ netbsd32_to_msqid_ds(ds32p, dsp)
 {
 
        netbsd32_to_ipc_perm(&ds32p->msg_perm, &dsp->msg_perm);
-       netbsd32_to_msg(NETBSD32PTR64(ds32p->_msg_first), dsp->_msg_first);
-       netbsd32_to_msg(NETBSD32PTR64(ds32p->_msg_last), dsp->_msg_last);
        dsp->_msg_cbytes = (u_long)ds32p->_msg_cbytes;
        dsp->msg_qnum = (u_long)ds32p->msg_qnum;
        dsp->msg_qbytes = (u_long)ds32p->msg_qbytes;
@@ -479,8 +477,6 @@ netbsd32_from_msqid_ds(dsp, ds32p)
 {
 
        netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
-       netbsd32_from_msg(dsp->_msg_first, NETBSD32PTR64(ds32p->_msg_first));
-       netbsd32_from_msg(dsp->_msg_last, NETBSD32PTR64(ds32p->_msg_last));
        ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
        ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
        ds32p->msg_qbytes = (netbsd32_u_long)dsp->msg_qbytes;

Prev by Date: Re: [ARM32] panic when sshd responding
Next by Date: Re: CVS commit: [trunk, wrstuden-revivesa] src/sys
Previous by Thread: [ARM32] panic when sshd responding
Next by Thread: Bug fix for PR 26470 for review
Indexes:

Home | Main Index | Thread Index | Old Index