Commit 6c826818 authored by Paul Menage's avatar Paul Menage Committed by Linus Torvalds
Browse files

/proc/sysvipc/shm: fix 32-bit truncation of segment sizes

sysvipc_shm_proc_show() picks between format strings (based on the
expected maximum length of a SHM segment) in a way that prevents gcc from
performing format checks on the seq_printf() parameters.  This hid two
format errors - shp->shm_segsz and shp->shm_nattach are both unsigned
long, but were being printed as unsigned int and signed int respectively.
This leads to 32-bit truncation of SHM segment sizes reported in
/proc/sysvipc/shm.  (And for nattach, but that's less of a problem for
most users).

This patch makes the format string directly visible to gcc's format
specifier checker, and fixes the two broken format specifiers.
Signed-off-by: default avatarPaul Menage <>
Cc: Nadia Derbey <>
Cc: Manfred Spraul <>
Cc: Pierre Peiffer <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent bcf8039e
......@@ -1058,16 +1058,16 @@ asmlinkage long sys_shmdt(char __user *shmaddr)
static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
struct shmid_kernel *shp = it;
char *format;
#define SMALL_STRING "%10d %10d %4o %10u %5u %5u %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
#define BIG_STRING "%10d %10d %4o %21u %5u %5u %5d %5u %5u %5u %5u %10lu %10lu %10lu\n"
#if BITS_PER_LONG <= 32
#define SIZE_SPEC "%10lu"
#define SIZE_SPEC "%21lu"
if (sizeof(size_t) <= sizeof(int))
format = SMALL_STRING;
format = BIG_STRING;
return seq_printf(s, format,
return seq_printf(s,
"%10d %10d %4o " SIZE_SPEC " %5u %5u "
"%5lu %5u %5u %5u %5u %10lu %10lu %10lu\n",
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment