[PATCH] Fix shmget for ppc64, s390-64 & sparc64.

The second parameter of the sys_ipc system wrapper on ppc64, s390-64 and
sparc64 is an "int".  sys_shmget gets called with this 32 bit value as the
size parameter.  This limits the maximum shared memory segment on these
three architectures to 2GB.  To fix this the second parameter is declared
as an "unsigned long" and is then casted to the type required by the The
same int vs.  unsigned long bug is fixed for sys_msgsnd and sys_msgrcv as
well.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/arch/ppc64/kernel/syscalls.c b/arch/ppc64/kernel/syscalls.c
index 930b93f3c1260c55c2a4f83618a500f5859a8774..365987190d71c2287ef02628ace13214053aa155 100644 (file)
--- a/arch/ppc64/kernel/syscalls.c
+++ b/arch/ppc64/kernel/syscalls.c
@@ -57,7 +57,8 @@ check_bugs(void)
  * This is really horribly ugly.
  */
 asmlinkage int 
-sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fifth)
+sys_ipc (uint call, int first, unsigned long second, long third,
+        void __user *ptr, long fifth)
 {
        int version, ret;
 
@@ -67,15 +68,16 @@ sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fi
        ret = -ENOSYS;
        switch (call) {
        case SEMOP:
-               ret = sys_semtimedop (first, (struct sembuf __user *)ptr, second,
-                                     NULL);
+               ret = sys_semtimedop(first, (struct sembuf __user *)ptr,
+                                     (unsigned)second, NULL);
                break;
        case SEMTIMEDOP:
-               ret = sys_semtimedop (first, (struct sembuf __user *)ptr, second,
+               ret = sys_semtimedop(first, (struct sembuf __user *)ptr,
+                                     (unsigned)second,
                                      (const struct timespec __user *) fifth);
                break;
        case SEMGET:
-               ret = sys_semget (first, second, third);
+               ret = sys_semget (first, (int)second, third);
                break;
        case SEMCTL: {
                union semun fourth;
@@ -85,11 +87,12 @@ sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fi
                        break;
                if ((ret = get_user(fourth.__pad, (void __user * __user *)ptr)))
                        break;
-               ret = sys_semctl (first, second, third, fourth);
+               ret = sys_semctl(first, (int)second, third, fourth);
                break;
        }
        case MSGSND:
-               ret = sys_msgsnd (first, (struct msgbuf __user *) ptr, second, third);
+               ret = sys_msgsnd(first, (struct msgbuf __user *)ptr,
+                                 (size_t)second, third);
                break;
        case MSGRCV:
                switch (version) {
@@ -103,27 +106,29 @@ sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fi
                                                (struct ipc_kludge __user *) ptr,
                                                sizeof (tmp)) ? -EFAULT : 0))
                                break;
-                       ret = sys_msgrcv (first, tmp.msgp, second, tmp.msgtyp,
-                                         third);
+                       ret = sys_msgrcv(first, tmp.msgp, (size_t) second,
+                                         tmp.msgtyp, third);
                        break;
                }
                default:
                        ret = sys_msgrcv (first, (struct msgbuf __user *) ptr,
-                                         second, fifth, third);
+                                         (size_t)second, fifth, third);
                        break;
                }
                break;
        case MSGGET:
-               ret = sys_msgget ((key_t) first, second);
+               ret = sys_msgget ((key_t)first, (int)second);
                break;
        case MSGCTL:
-               ret = sys_msgctl (first, second, (struct msqid_ds __user *) ptr);
+               ret = sys_msgctl(first, (int)second,
+                                 (struct msqid_ds __user *)ptr);
                break;
        case SHMAT:
                switch (version) {
                default: {
                        ulong raddr;
-                       ret = do_shmat (first, (char __user *) ptr, second, &raddr);
+                       ret = do_shmat(first, (char __user *) ptr,
+                                       (int)second, &raddr);
                        if (ret)
                                break;
                        ret = put_user (raddr, (ulong __user *) third);
@@ -133,8 +138,8 @@ sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fi
                        ret = -EINVAL;
                        if (!segment_eq(get_fs(), get_ds()))
                                break;
-                       ret = do_shmat (first, (char __user *) ptr, second,
-                                        (ulong *) third);
+                       ret = do_shmat(first, (char __user *)ptr,
+                                       (int)second, (ulong *)third);
                        break;
                }
                break;
@@ -142,10 +147,11 @@ sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fi
                ret = sys_shmdt ((char __user *)ptr);
                break;
        case SHMGET:
-               ret = sys_shmget (first, second, third);
+               ret = sys_shmget (first, (size_t)second, third);
                break;
        case SHMCTL:
-               ret = sys_shmctl (first, second, (struct shmid_ds __user *) ptr);
+               ret = sys_shmctl(first, (int)second,
+                                 (struct shmid_ds __user *)ptr);
                break;
        }
 

diff --git a/arch/s390/kernel/sys_s390.c b/arch/s390/kernel/sys_s390.c
index 9ea8becb8861f1dae946cc4eecf301d2de45699d..efe6b83b53f76fb35881c8e82f3d3f9dbe0e7a2d 100644 (file)
--- a/arch/s390/kernel/sys_s390.c
+++ b/arch/s390/kernel/sys_s390.c
@@ -145,7 +145,7 @@ asmlinkage long old_select(struct sel_arg_struct __user *arg)
  *
  * This is really horribly ugly.
  */
-asmlinkage long sys_ipc(uint call, int first, int second,
+asmlinkage long sys_ipc(uint call, int first, unsigned long second,
                                  unsigned long third, void __user *ptr)
 {
         struct ipc_kludge tmp;
@@ -153,24 +153,25 @@ asmlinkage long sys_ipc(uint call, int first, int second,
 
         switch (call) {
         case SEMOP:
-               return sys_semtimedop (first, (struct sembuf __user *) ptr, second,
-                                      NULL);
+               return sys_semtimedop(first, (struct sembuf __user *)ptr,
+                                      (unsigned)second, NULL);
        case SEMTIMEDOP:
-               return sys_semtimedop (first, (struct sembuf __user *) ptr, second,
+               return sys_semtimedop(first, (struct sembuf __user *)ptr,
+                                      (unsigned)second,
                                       (const struct timespec __user *) third);
         case SEMGET:
-                return sys_semget (first, second, third);
+                return sys_semget(first, (int)second, third);
         case SEMCTL: {
                 union semun fourth;
                 if (!ptr)
                         return -EINVAL;
                 if (get_user(fourth.__pad, (void __user * __user *) ptr))
                         return -EFAULT;
-                return sys_semctl (first, second, third, fourth);
+                return sys_semctl(first, (int)second, third, fourth);
         }
         case MSGSND:
                return sys_msgsnd (first, (struct msgbuf __user *) ptr,
-                                   second, third);
+                                   (size_t)second, third);
                break;
         case MSGRCV:
                 if (!ptr)
@@ -179,15 +180,17 @@ asmlinkage long sys_ipc(uint call, int first, int second,
                                     sizeof (struct ipc_kludge)))
                         return -EFAULT;
                 return sys_msgrcv (first, tmp.msgp,
-                                   second, tmp.msgtyp, third);
+                                   (size_t)second, tmp.msgtyp, third);
         case MSGGET:
-                return sys_msgget ((key_t) first, second);
+                return sys_msgget((key_t)first, (int)second);
         case MSGCTL:
-                return sys_msgctl (first, second, (struct msqid_ds __user *) ptr);
+                return sys_msgctl(first, (int)second,
+                                  (struct msqid_ds __user *)ptr);
 
        case SHMAT: {
                ulong raddr;
-               ret = do_shmat (first, (char __user *) ptr, second, &raddr);
+               ret = do_shmat(first, (char __user *)ptr,
+                               (int)second, &raddr);
                if (ret)
                        return ret;
                return put_user (raddr, (ulong __user *) third);
@@ -196,9 +199,9 @@ asmlinkage long sys_ipc(uint call, int first, int second,
        case SHMDT:
                return sys_shmdt ((char __user *)ptr);
        case SHMGET:
-               return sys_shmget (first, second, third);
+               return sys_shmget(first, (size_t)second, third);
        case SHMCTL:
-               return sys_shmctl (first, second,
+               return sys_shmctl(first, (int)second,
                                    (struct shmid_ds __user *) ptr);
        default:
                return -ENOSYS;

diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
index 76e62d43d62bf5a3c3365dd96bd4ffc6c9adc511..0077f02f4b374e34ced8a57e03490a6dd06c2165 100644 (file)
--- a/arch/sparc64/kernel/sys_sparc.c
+++ b/arch/sparc64/kernel/sys_sparc.c
@@ -199,7 +199,8 @@ out:
  * This is really horribly ugly.
  */
 
-asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long third, void __user *ptr, long fifth)
+asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
+                       unsigned long third, void __user *ptr, long fifth)
 {
        int err;
 
@@ -207,14 +208,15 @@ asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long
        if (call <= SEMCTL) {
                switch (call) {
                case SEMOP:
-                       err = sys_semtimedop(first, ptr, second, NULL);
+                       err = sys_semtimedop(first, ptr,
+                                            (unsigned)second, NULL);
                        goto out;
                case SEMTIMEDOP:
-                       err = sys_semtimedop(first, ptr, second,
+                       err = sys_semtimedop(first, ptr, (unsigned)second,
                                (const struct timespec __user *) fifth);
                        goto out;
                case SEMGET:
-                       err = sys_semget(first, second, (int)third);
+                       err = sys_semget(first, (int)second, (int)third);
                        goto out;
                case SEMCTL: {
                        union semun fourth;
@@ -225,7 +227,7 @@ asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long
                        if (get_user(fourth.__pad,
                                     (void __user * __user *) ptr))
                                goto out;
-                       err = sys_semctl(first, second | IPC_64,
+                       err = sys_semctl(first, (int)second | IPC_64,
                                         (int)third, fourth);
                        goto out;
                }
@@ -237,17 +239,18 @@ asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long
        if (call <= MSGCTL) {
                switch (call) {
                case MSGSND:
-                       err = sys_msgsnd(first, ptr, second, (int)third);
+                       err = sys_msgsnd(first, ptr, (size_t)second,
+                                        (int)third);
                        goto out;
                case MSGRCV:
-                       err = sys_msgrcv(first, ptr, second, fifth,
+                       err = sys_msgrcv(first, ptr, (size_t)second, fifth,
                                         (int)third);
                        goto out;
                case MSGGET:
-                       err = sys_msgget((key_t) first, second);
+                       err = sys_msgget((key_t)first, (int)second);
                        goto out;
                case MSGCTL:
-                       err = sys_msgctl(first, second | IPC_64, ptr);
+                       err = sys_msgctl(first, (int)second | IPC_64, ptr);
                        goto out;
                default:
                        err = -ENOSYS;
@@ -258,7 +261,7 @@ asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long
                switch (call) {
                case SHMAT: {
                        ulong raddr;
-                       err = do_shmat(first, ptr, second, &raddr);
+                       err = do_shmat(first, ptr, (int)second, &raddr);
                        if (!err) {
                                if (put_user(raddr,
                                             (ulong __user *) third))
@@ -270,10 +273,10 @@ asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long
                        err = sys_shmdt(ptr);
                        goto out;
                case SHMGET:
-                       err = sys_shmget(first, second, (int)third);
+                       err = sys_shmget(first, (size_t)second, (int)third);
                        goto out;
                case SHMCTL:
-                       err = sys_shmctl(first, second | IPC_64, ptr);
+                       err = sys_shmctl(first, (int)second | IPC_64, ptr);
                        goto out;
                default:
                        err = -ENOSYS;