From gnats@FreeBSD.org  Thu Nov 30 18:27:50 2006
Return-Path: <gnats@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9B67616A403;
	Thu, 30 Nov 2006 18:27:49 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2F7BE43CB5;
	Thu, 30 Nov 2006 18:27:40 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kAUIRm8K001653;
	Thu, 30 Nov 2006 18:27:48 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kAUIRmhM001652;
	Thu, 30 Nov 2006 18:27:48 GMT
	(envelope-from gnats)
Message-Id: <200611301827.kAUIRmhM001652@freefall.freebsd.org>
Date: Thu, 30 Nov 2006 18:27:48 GMT
From: JAroslav Suchanek <jarda@grisoft.cz>
To: FreeBSD-gnats-submit@freebsd.org
Cc: linimon@FreeBSD.org
Subject: shmget regression in -CURRENT?
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         106078
>Category:       kern
>Synopsis:       shmget regression in -CURRENT?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 30 18:30:12 GMT 2006
>Closed-Date:    Sun Jan 13 16:28:35 UTC 2008
>Last-Modified:  Sun Jan 13 16:28:35 UTC 2008
>Originator:     JAroslav Suchanek
>Release:        FreeBSD-CURRENT
>Organization:
>Environment:
>Description:
I just wonder whether there was some change in shmget behavior in current.

Look at this patch to src/sys-cur/tools/regression/sysvshm/shmtest.c
	
--- shmtest_old.c	Tue Nov 28 09:59:55 2006
+++ shmtest.c	Tue Nov 28 09:58:39 2006
@@ -126,6 +126,9 @@
 	if ((sender_shmid = shmget(shmkey, pgsize, IPC_CREAT | 0640)) == -1)
 		err(1, "shmget");
 
+	if ((sender_shmid = shmget(shmkey, pgsize, 0640)) == -1)
+		err(1, "shmget");
+
 	if (shmctl(sender_shmid, IPC_STAT, &s_ds) == -1)
 		err(1, "shmctl IPC_STAT");
 

It failed with permission denied. Is that ok? Same code does not fail on STABLE
nor Linux.

The system is:
i386 FreeBSD 7.0-CURRENT

Relevant part of conf file:
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores

As I searched via cvsview, there were no suspicious changes in sysv ipc code
recently, the only change is switch to priv(9) from suser(9).

Thanks for clarification,
Jarda Suchanek
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Thu Nov 30 18:45:46 UTC 2006 
State-Changed-Why:  
This is a question, not a PR. Please email the question to the lists 
mentioned in the audit-trial/follow-up. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=106078 

From: Remko Lodder <remko@elvandar.org>
To: JAroslav Suchanek <jarda@grisoft.cz>
Cc: FreeBSD-gnats-submit@FreeBSD.org, linimon@FreeBSD.org
Subject: Re: kern/106078: shmget regression in -CURRENT?
Date: Thu, 30 Nov 2006 19:45:06 +0100

 Hello, thanks for taking the time to report this issue. However I need
 to disappoint you a little, this is not a PR, but a general question.
 Can you please email the freebsd-bugs and/or freebsd-current
 mailinglist(s) (findable via http://lists.freebsd.org/mailman/listinfo/)
 and get helped that way? (People will probably help you sooner that way
 as well).
 
 Thanks and Cheers!
 REmko
 
State-Changed-From-To: closed->open 
State-Changed-By: rwatson 
State-Changed-When: Fri Dec 1 01:04:03 UTC 2006 
State-Changed-Why:  
Re-open, grab ownership; there are additional messages from the current@ 
mailing list that I will apend to the PR that contain more context.  It 
looks like there's a bug in the sysv_ipc.c conversion to priv(9) that 
has lead to a new error return when querying existing shared memory 
segments after creation. 



Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Fri Dec 1 01:04:03 UTC 2006 
Responsible-Changed-Why:  
Re-open, grab ownership; there are additional messages from the current@ 
mailing list that I will apend to the PR that contain more context.  It 
looks like there's a bug in the sysv_ipc.c conversion to priv(9) that 
has lead to a new error return when querying existing shared memory 
segments after creation. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=106078 

From: Robert Watson <rwatson@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/106078: Re: shmget regression? (fwd)
Date: Fri, 1 Dec 2006 01:06:29 +0000 (GMT)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
 
 --envbJBWh7q8WU6mo
 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; format=flowed
 Content-ID: <20061201010604.B79653@fledge.watson.org>
 Content-Disposition: INLINE
 
 
 Mailing list content relating to this PR.
 
 Robert N M Watson
 Computer Laboratory
 University of Cambridge
 
 ---------- Forwarded message ----------
 Date: Thu, 30 Nov 2006 14:58:49 +0100
 From: JAroslav Suchanek <jaroslav.suchanek@grisoft.cz>
 To: Robert Watson <rwatson@FreeBSD.org>
 Cc: freebsd-current@FreeBSD.org
 Subject: Re: shmget regression?
 
 On Thu, Nov 30, 2006 at 01:45:21PM +0000, Robert Watson wrote:
 >
 > On Thu, 30 Nov 2006, JAroslav Suchanek wrote:
 >
 >>	I've tried to post PR, but it seems it got lost somewhere.
 >>
 >>	I just wonder whether there was some change in shmget behavior in
 >>	current.
 >>
 >>	Look at this patch to src/sys-cur/tools/regression/sysvshm/shmtest.c
 >
 > Can you send the output of 'ipcs' after the below code runs so that I can
 > see the mode it ended up being created with?  You might try reverting the
 > priv(9) change to sysv_ipc.c and see if that fixes thanks?
 
  	Thanks for your prompt reply. I've attached output of ipcs -ma before
  	and after the test, output of kdump as well...
 
  	I will try the revert later...
 
 Best regards,
 -- 
 Jarda Suchanek
 --envbJBWh7q8WU6mo
 Content-Type: TEXT/PLAIN; CHARSET=us-ascii
 Content-ID: <20061201010604.R79653@fledge.watson.org>
 Content-Description: 
 Content-Disposition: ATTACHMENT; FILENAME=ipcs_before.out
 
 Shared Memory:
 T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
 m      2424834            0 --rwarwarwa     root    guest     root    guest            1        94208        11174        11174  8:23:31  8:23:32  8:23:31
 m       458755            0 --rw-------    jarda    guest    jarda    guest            2       393216        11187        11174  8:23:55 10:12:02  8:23:55
 m        65540            0 --rw-------    jarda    guest    jarda    guest            2       393216        11187        11174  8:23:55 10:12:02  8:23:55
 m        65541            0 --rw-------    jarda    guest    jarda    guest            2       393216        11212        11174  8:25:56  8:25:57  8:25:56
 m        65542            0 --rw-------    jarda    guest    jarda    guest            2       393216        11212        11174  8:25:56  8:25:57  8:25:56
 m       131079            0 --rw-------    jarda    guest    jarda    guest            2       393216        32137        11174 14:31:46 14:31:48 14:31:46
 m       131080            0 --rw-------    jarda    guest    jarda    guest            2       393216        32137        11174 14:31:43 14:31:48 14:31:43
 m        65545            0 --rw-------    jarda    guest    jarda    guest            2       393216        13130        11174 12:26:09 no-entry 12:26:09
 m       983050            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       524299            0 --rw-r--r--     root    guest     root    guest            3       110592        11174        24738  9:49:46 no-entry  9:47:10
 m       196620            0 --rw-r--r--     root    guest     root    guest            2       122880        11174        24738  9:47:10 no-entry  9:47:10
 m       196621            0 --rw-r--r--     root    guest     root    guest            2       122880        11174        24738  9:47:10 no-entry  9:47:10
 m       196622            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196623            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196624            0 --rw-r--r--     root    guest     root    guest            3       122880        11174        24738  9:47:11 no-entry  9:47:11
 m       196625            0 --rw-r--r--     root    guest     root    guest            3       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196626            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 m       196627            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 m       196628            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 
 
 --envbJBWh7q8WU6mo
 Content-Type: TEXT/PLAIN; CHARSET=us-ascii
 Content-ID: <20061201010604.E79653@fledge.watson.org>
 Content-Description: 
 Content-Disposition: ATTACHMENT; FILENAME=ipcs_after.out
 
 Shared Memory:
 T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
 m       262145   1080653749 --rw-r-----     root    wheel     root    wheel            0         4096        32361            0 no-entry no-entry 14:53:35
 m      2424834            0 --rwarwarwa     root    guest     root    guest            1        94208        11174        11174  8:23:31  8:23:32  8:23:31
 m       458755            0 --rw-------    jarda    guest    jarda    guest            2       393216        11187        11174  8:23:55 10:12:02  8:23:55
 m        65540            0 --rw-------    jarda    guest    jarda    guest            2       393216        11187        11174  8:23:55 10:12:02  8:23:55
 m        65541            0 --rw-------    jarda    guest    jarda    guest            2       393216        11212        11174  8:25:56  8:25:57  8:25:56
 m        65542            0 --rw-------    jarda    guest    jarda    guest            2       393216        11212        11174  8:25:56  8:25:57  8:25:56
 m       131079            0 --rw-------    jarda    guest    jarda    guest            2       393216        32137        11174 14:31:46 14:31:48 14:31:46
 m       131080            0 --rw-------    jarda    guest    jarda    guest            2       393216        32137        11174 14:31:43 14:31:48 14:31:43
 m        65545            0 --rw-------    jarda    guest    jarda    guest            2       393216        13130        11174 12:26:09 no-entry 12:26:09
 m       983050            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       524299            0 --rw-r--r--     root    guest     root    guest            3       110592        11174        24738  9:49:46 no-entry  9:47:10
 m       196620            0 --rw-r--r--     root    guest     root    guest            2       122880        11174        24738  9:47:10 no-entry  9:47:10
 m       196621            0 --rw-r--r--     root    guest     root    guest            2       122880        11174        24738  9:47:10 no-entry  9:47:10
 m       196622            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196623            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196624            0 --rw-r--r--     root    guest     root    guest            3       122880        11174        24738  9:47:11 no-entry  9:47:11
 m       196625            0 --rw-r--r--     root    guest     root    guest            3       110592        11174        24738  9:47:10 no-entry  9:47:10
 m       196626            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 m       196627            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 m       196628            0 --rw-r--r--     root    guest     root    guest            2       110592        11174        24738  9:49:46 no-entry  9:49:46
 
 
 --envbJBWh7q8WU6mo
 Content-Type: TEXT/PLAIN; CHARSET=us-ascii
 Content-ID: <20061201010604.Q79653@fledge.watson.org>
 Content-Description: 
 Content-Disposition: ATTACHMENT; FILENAME=kdump.out
 
  32361 shmtest  CALL  stat(0xbfbfed5e,0xbfbfeb10)
  32361 shmtest  NAMI  "./shmtest"
  32361 shmtest  RET   stat 0
  32361 shmtest  CALL  getpid
  32361 shmtest  RET   getpid 32361/0x7e69
  32361 shmtest  CALL  shmget(0x406977b5,0x1000,0x3a0)
  32361 shmtest  RET   shmget 262145/0x40001
  32361 shmtest  CALL  shmget(0x406977b5,0x1000,0x1a0)
  32361 shmtest  RET   shmget -1 errno 13 Permission denied
 
 --envbJBWh7q8WU6mo--

From: Robert Watson <rwatson@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/106078
Date: Fri, 1 Dec 2006 01:06:50 +0000 (GMT)

 Mailing list content relating to this PR.
 
 Robert N M Watson
 Computer Laboratory
 University of Cambridge
 
 ---------- Forwarded message ----------
 Date: Thu, 30 Nov 2006 17:42:20 +0100
 From: JAroslav Suchanek <jarda@grisoft.cz>
 To: Robert Watson <rwatson@FreeBSD.org>
 Cc: freebsd-current@FreeBSD.org
 Subject: Re: shmget regression?
 
 On Thu, Nov 30, 2006 at 01:45:21PM +0000, Robert Watson wrote:
 >
 > On Thu, 30 Nov 2006, JAroslav Suchanek wrote:
 >
 >>	I've tried to post PR, but it seems it got lost somewhere.
 >>
 >>	I just wonder whether there was some change in shmget behavior in
 >>	current.
 >>
 >>	Look at this patch to src/sys-cur/tools/regression/sysvshm/shmtest.c
 >
 > Can you send the output of 'ipcs' after the below code runs so that I can
 > see the mode it ended up being created with?  You might try reverting the
 > priv(9) change to sysv_ipc.c and see if that fixes thanks?
 
  	Yop, the revert helped, I've used CVS revision 1.27.4.1 of the sysv_ipc.c.
 
 Best regards,
 --
 JArda Suchanek

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/106078: commit references a PR
Date: Sat, 16 Dec 2006 11:31:15 +0000 (UTC)

 rwatson     2006-12-16 11:30:54 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/kern             sysv_ipc.c 
   Log:
   For now, back out sysv_ipc.c:1.30, which caused shmget() with odd mode
   arguments to fail.  The mode field for shmget() appears to have undefined
   meaning in the context of an already-present IPC object, but applications
   appear to assume any arbitrary passed value will be ignored.  I had hoped
   to revisit this more quickly, but am removing the change for now to
   prevent toe-stubbing.
   
   Reported by:    JAroslav Suchanek <jarda at grisoft dot cz>
   PR:             kern/106078
   
   Revision  Changes    Path
   1.31      +37 -65    src/sys/kern/sysv_ipc.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/106078: commit references a PR
Date: Mon, 19 Feb 2007 22:56:16 +0000 (UTC)

 rwatson     2007-02-19 22:56:10 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/kern             sysv_shm.c 
   Log:
   Remove call to ipcperm() in shmget_existing().  The flags argument is
   ignored on other systems I investigated when accessing an existing
   memory segment rather than creating a new one.  This call to ipcperm()
   is the only one to pass in a complete mode flag to the permission
   checks rather than a simple access request mask, and caused problems
   for the revised ipcperm() based on the priv(9) interface, which can
   now be restored.
   
   PR:     106078
   
   Revision  Changes    Path
   1.109     +0 -3      src/sys/kern/sysv_shm.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/106078: commit references a PR
Date: Mon, 19 Feb 2007 22:59:28 +0000 (UTC)

 rwatson     2007-02-19 22:59:23 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/kern             sysv_ipc.c 
   Log:
   Restore sysv_ipc.c:1.30, which was backed out due to interactions with
   System V shared memory, now believed fixed in sysv_shm.c:1.109:
   
     date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
     Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
     specific privilege names to a broad range of privileges.  These may
     require some future tweaking.
   
     Sponsored by:           nCircle Network Security, Inc.
     Obtained from:          TrustedBSD Project
     Discussed on:           arch@
     Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                             Alex Lyashkov <umka at sevcity dot net>,
                             Skip Ford <skip dot ford at verizon dot net>,
                             Antoine Brodin <antoine dot brodin at laposte dot net>
   
   This restores fine-grained privilege support to System V IPC.
   
   PR:     106078
   
   Revision  Changes    Path
   1.32      +65 -37    src/sys/kern/sysv_ipc.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: rwatson 
State-Changed-When: Sun Jan 13 16:26:20 UTC 2008 
State-Changed-Why:  
Missing fine-grained functionality was reintroduced and is believed not 
to suffer from the reported problem, so closing the PR.  Please let me 
know if there are further problems? 


http://www.freebsd.org/cgi/query-pr.cgi?pr=106078 
>Unformatted:
