On success, shmat syscall returns a void* to the attached memory segment. Enable shmat to return a capability in PCuABI by annotating it as returning a ptr.
At this stage, derive and return a root user capability, without any capability checks or logic.
Signed-off-by: Zachary Leaf zachary.leaf@arm.com ---
review branch at: https://git.morello-project.org/zdleaf/linux/-/tree/review/shmat
relevant LTP tests: shmat01, shmat02, kill05, kill07
include/uapi/asm-generic/unistd.h | 2 +- ipc/shm.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 736ca77b8101..be084b38187d 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -590,7 +590,7 @@ __SYSCALL(__NR_shmget, sys_shmget) #define __NR_shmctl 195 __SC_COMP(__NR_shmctl, sys_shmctl, compat_sys_shmctl) #define __NR_shmat 196 -__SC_COMP(__NR_shmat, sys_shmat, compat_sys_shmat) +__SC_COMP_RETPTR(__NR_shmat, sys_shmat, compat_sys_shmat) #define __NR_shmdt 197 __SYSCALL(__NR_shmdt, sys_shmdt)
diff --git a/ipc/shm.c b/ipc/shm.c index 9485f6474146..6d929205bc41 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1678,7 +1678,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, return err; }
-SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg) +SYSCALL_DEFINE3(__retptr__(shmat), int, shmid, char __user *, shmaddr, int, shmflg) { unsigned long ret; long err; @@ -1687,7 +1687,8 @@ SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg) if (err) return err; force_successful_syscall_return(); - return (long)ret; + /* TODO [PCuABI] - derive proper capability */ + return (user_uintptr_t)uaddr_to_user_ptr_safe(ret); }
#ifdef CONFIG_COMPAT