You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(122) |
Nov
(152) |
Dec
(69) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(6) |
Feb
(25) |
Mar
(73) |
Apr
(82) |
May
(24) |
Jun
(25) |
Jul
(10) |
Aug
(11) |
Sep
(10) |
Oct
(54) |
Nov
(203) |
Dec
(182) |
| 2004 |
Jan
(307) |
Feb
(305) |
Mar
(430) |
Apr
(312) |
May
(187) |
Jun
(342) |
Jul
(487) |
Aug
(637) |
Sep
(336) |
Oct
(373) |
Nov
(441) |
Dec
(210) |
| 2005 |
Jan
(385) |
Feb
(480) |
Mar
(636) |
Apr
(544) |
May
(679) |
Jun
(625) |
Jul
(810) |
Aug
(838) |
Sep
(634) |
Oct
(521) |
Nov
(965) |
Dec
(543) |
| 2006 |
Jan
(494) |
Feb
(431) |
Mar
(546) |
Apr
(411) |
May
(406) |
Jun
(322) |
Jul
(256) |
Aug
(401) |
Sep
(345) |
Oct
(542) |
Nov
(308) |
Dec
(481) |
| 2007 |
Jan
(427) |
Feb
(326) |
Mar
(367) |
Apr
(255) |
May
(244) |
Jun
(204) |
Jul
(223) |
Aug
(231) |
Sep
(354) |
Oct
(374) |
Nov
(497) |
Dec
(362) |
| 2008 |
Jan
(322) |
Feb
(482) |
Mar
(658) |
Apr
(422) |
May
(476) |
Jun
(396) |
Jul
(455) |
Aug
(267) |
Sep
(280) |
Oct
(253) |
Nov
(232) |
Dec
(304) |
| 2009 |
Jan
(486) |
Feb
(470) |
Mar
(458) |
Apr
(423) |
May
(696) |
Jun
(461) |
Jul
(551) |
Aug
(575) |
Sep
(134) |
Oct
(110) |
Nov
(157) |
Dec
(102) |
| 2010 |
Jan
(226) |
Feb
(86) |
Mar
(147) |
Apr
(117) |
May
(107) |
Jun
(203) |
Jul
(193) |
Aug
(238) |
Sep
(300) |
Oct
(246) |
Nov
(23) |
Dec
(75) |
| 2011 |
Jan
(133) |
Feb
(195) |
Mar
(315) |
Apr
(200) |
May
(267) |
Jun
(293) |
Jul
(353) |
Aug
(237) |
Sep
(278) |
Oct
(611) |
Nov
(274) |
Dec
(260) |
| 2012 |
Jan
(303) |
Feb
(391) |
Mar
(417) |
Apr
(441) |
May
(488) |
Jun
(655) |
Jul
(590) |
Aug
(610) |
Sep
(526) |
Oct
(478) |
Nov
(359) |
Dec
(372) |
| 2013 |
Jan
(467) |
Feb
(226) |
Mar
(391) |
Apr
(281) |
May
(299) |
Jun
(252) |
Jul
(311) |
Aug
(352) |
Sep
(481) |
Oct
(571) |
Nov
(222) |
Dec
(231) |
| 2014 |
Jan
(185) |
Feb
(329) |
Mar
(245) |
Apr
(238) |
May
(281) |
Jun
(399) |
Jul
(382) |
Aug
(500) |
Sep
(579) |
Oct
(435) |
Nov
(487) |
Dec
(256) |
| 2015 |
Jan
(338) |
Feb
(357) |
Mar
(330) |
Apr
(294) |
May
(191) |
Jun
(108) |
Jul
(142) |
Aug
(261) |
Sep
(190) |
Oct
(54) |
Nov
(83) |
Dec
(22) |
| 2016 |
Jan
(49) |
Feb
(89) |
Mar
(33) |
Apr
(50) |
May
(27) |
Jun
(34) |
Jul
(53) |
Aug
(53) |
Sep
(98) |
Oct
(206) |
Nov
(93) |
Dec
(53) |
| 2017 |
Jan
(65) |
Feb
(82) |
Mar
(102) |
Apr
(86) |
May
(187) |
Jun
(67) |
Jul
(23) |
Aug
(93) |
Sep
(65) |
Oct
(45) |
Nov
(35) |
Dec
(17) |
| 2018 |
Jan
(26) |
Feb
(35) |
Mar
(38) |
Apr
(32) |
May
(8) |
Jun
(43) |
Jul
(27) |
Aug
(30) |
Sep
(43) |
Oct
(42) |
Nov
(38) |
Dec
(67) |
| 2019 |
Jan
(32) |
Feb
(37) |
Mar
(53) |
Apr
(64) |
May
(49) |
Jun
(18) |
Jul
(14) |
Aug
(53) |
Sep
(25) |
Oct
(30) |
Nov
(49) |
Dec
(31) |
| 2020 |
Jan
(87) |
Feb
(45) |
Mar
(37) |
Apr
(51) |
May
(99) |
Jun
(36) |
Jul
(11) |
Aug
(14) |
Sep
(20) |
Oct
(24) |
Nov
(40) |
Dec
(23) |
| 2021 |
Jan
(14) |
Feb
(53) |
Mar
(85) |
Apr
(15) |
May
(19) |
Jun
(3) |
Jul
(14) |
Aug
(1) |
Sep
(57) |
Oct
(73) |
Nov
(56) |
Dec
(22) |
| 2022 |
Jan
(3) |
Feb
(22) |
Mar
(6) |
Apr
(55) |
May
(46) |
Jun
(39) |
Jul
(15) |
Aug
(9) |
Sep
(11) |
Oct
(34) |
Nov
(20) |
Dec
(36) |
| 2023 |
Jan
(79) |
Feb
(41) |
Mar
(99) |
Apr
(169) |
May
(48) |
Jun
(16) |
Jul
(16) |
Aug
(57) |
Sep
(19) |
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
1
(1) |
2
|
3
|
4
(2) |
5
(2) |
6
(4) |
7
|
|
8
|
9
(1) |
10
(2) |
11
(4) |
12
(2) |
13
|
14
(2) |
|
15
(4) |
16
(1) |
17
|
18
|
19
|
20
|
21
|
|
22
(7) |
23
|
24
|
25
|
26
|
27
|
28
|
|
29
|
30
|
|
|
|
|
|
|
From: Philippe W. <phi...@so...> - 2018-04-01 12:37:46
|
https://sourceware.org/git/gitweb.cgi?p=valgrind.git;h=54145019b045fffde625447b64f3a91f663de718 commit 54145019b045fffde625447b64f3a91f663de718 Author: Philippe Waroquiers <phi...@sk...> Date: Sun Apr 1 14:31:40 2018 +0200 n-i-bz Fix possible stack trashing by semctl syscall wrapping The modified test none/tests/sem crashes with a SEGV when valgrind is compiled with lto on various amd64 platforms (debian/gcc 6.3, RHEL7/gcc 6.4, Ubuntu/gcc 7.2) The problem is that the vki_semid_ds buf is not what is expected by the kernel: the kernel expects a bigger structure vki_semid64_ds (at least on these platforms). Getting the sem_nsems seems to work by chance, as sem_nsems is at the same offset in both vki_semid_ds and vki_semid64_ds. However, e.g. the ctime was not set properly after syscall return, and 2 words after sem_nsems were set to 0 by the kernel, causing the SEGV, as a spilled register became 0. Fix consists in using the 64 bit version for __NR_semctl. Tested on debian/amd64 and s390x. Diff: --- NEWS | 1 + coregrind/m_syswrap/syswrap-generic.c | 24 +++++++++------ include/vki/vki-linux.h | 1 + none/tests/sem.c | 56 ++++++++++++++++++++++++++++++++++- 4 files changed, 72 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index faee5cd..6577a5e 100644 --- a/NEWS +++ b/NEWS @@ -106,6 +106,7 @@ n-i-bz Fix missing workq_ops operations (macOS) n-i-bz fix bug in strspn replacement n-i-bz Add support for the Linux BLKFLSBUF ioctl n-i-bz Add support for the Linux BLKREPORTZONE and BLKRESETZONE ioctls +n-i-bz Fix possible stack trashing by semctl syscall wrapping Release 3.13.0 (15 June 2017) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c index b0fbfd9..7022316 100644 --- a/coregrind/m_syswrap/syswrap-generic.c +++ b/coregrind/m_syswrap/syswrap-generic.c @@ -1790,30 +1790,36 @@ ML_(generic_PRE_sys_semtimedop) ( ThreadId tid, static UInt get_sem_count( Int semid ) { - struct vki_semid_ds buf; union vki_semun arg; SysRes res; - /* Doesn't actually seem to be necessary, but gcc-4.4.0 20081017 - (experimental) otherwise complains that the use in the return - statement below is uninitialised. */ - buf.sem_nsems = 0; - - arg.buf = &buf; - # if defined(__NR_semctl) + struct vki_semid64_ds buf; + arg.buf64 = &buf; res = VG_(do_syscall4)(__NR_semctl, semid, 0, VKI_IPC_STAT, *(UWord *)&arg); + if (sr_isError(res)) + return 0; + + return buf.sem_nsems; # elif defined(__NR_semsys) /* Solaris */ + struct vki_semid_ds buf; + arg.buf = &buf; res = VG_(do_syscall5)(__NR_semsys, VKI_SEMCTL, semid, 0, VKI_IPC_STAT, *(UWord *)&arg); + if (sr_isError(res)) + return 0; + + return buf.sem_nsems; # else + struct vki_semid_ds buf; + arg.buf = &buf; res = VG_(do_syscall5)(__NR_ipc, 3 /* IPCOP_semctl */, semid, 0, VKI_IPC_STAT, (UWord)&arg); -# endif if (sr_isError(res)) return 0; return buf.sem_nsems; +# endif } void diff --git a/include/vki/vki-linux.h b/include/vki/vki-linux.h index ae3ad70..7072080 100644 --- a/include/vki/vki-linux.h +++ b/include/vki/vki-linux.h @@ -1205,6 +1205,7 @@ struct vki_sembuf { union vki_semun { int val; /* value for SETVAL */ struct vki_semid_ds __user *buf; /* buffer for IPC_STAT & IPC_SET */ + struct vki_semid64_ds __user *buf64; /* buffer for IPC_STAT & IPC_SET */ unsigned short __user *array; /* array for GETALL & SETALL */ struct vki_seminfo __user *__buf; /* buffer for IPC_INFO */ void __user *__pad; diff --git a/none/tests/sem.c b/none/tests/sem.c index 27db071..b293d5c 100644 --- a/none/tests/sem.c +++ b/none/tests/sem.c @@ -8,6 +8,59 @@ #include <sys/sem.h> #include <time.h> #include <unistd.h> + +void semctl_test (int trace, const char *fname) +{ + key_t key; + int semid; + int nr_of_readers; + int ret; + + union semun { + int val; /* Value for SETVAL */ + struct semid_ds *buf; /* Buffer for IPC_STAT, IPC_SET */ + unsigned short *array; /* Array for GETALL, SETALL */ + struct seminfo *__buf; /* Buffer for IPC_INFO + (Linux-specific) */ + } u; + + struct semid_ds ds; + + key = ftok (fname, 1); + if (key == -1) + perror ("ftok"); + nr_of_readers = 4; + + semid = semget (key, 2 * nr_of_readers, IPC_CREAT + 0660); + if (semid == -1) { + perror ("semget"); + } + if (trace) + printf("semid %d\n", semid); + + u.buf = &ds; + ret = semctl (semid, 0, IPC_STAT, u); + if (ret == -1) + perror("semctl IPC_STAT"); + if (trace) + printf("semid %d sem_nsems %d\n", semid, (int) ds.sem_nsems); + + { + unsigned short semarray[2 * nr_of_readers]; + for (int count = 0; count < nr_of_readers; count++) { + semarray[2 * count] = 0; + semarray[2 * count + 1] = 1000; + } + ret = semctl (semid, 0, SETALL, semarray); + if (ret == -1) + perror ("semctl SETALL"); + } + + ret = semctl (semid, 0, IPC_RMID); + if (ret == -1) + perror ("semctl IPC_RMID"); +} + int main(int argc, char **argv) { int semid; @@ -98,6 +151,7 @@ int main(int argc, char **argv) perror("semctl(IPC_RMID)"); exit(1); } - + + semctl_test(argc > 1, argv[0]); exit(0); } |