Add a way to reserve shmop memory ids and prevent shmop_open (e.g. opcache's region)

[TysonAndre]

Description

php-src/ext/opcache/shared_alloc_shm.c

Line 112 in 5a5037f

shared_segments[i].common.p = shmat(shared_segments[i].shm_id, NULL, 0);

Related to #9944

Prevent accidentally or intentionally reading or writing to shared memory regions which would be used by opcache, or other extensions such as APCu

A possible approach:

1. Add a helper method in Zend/ directory to track ids used during module initialization
2. Make the ext/shmop extension check if those ids were already used and treat it like a native error code for https://php.net/shmop_open
3. Add an ini setting to disable this protection, in case userland debuggers/visualizers have valid use cases for this

[cmb69]

Prevent accidentally or intentionally reading or writing to shared memory regions which would be used by opcache

Couldn't OPcache just use IPC_PRIVATE even for the first segment:

php-src/ext/opcache/shared_alloc_shm.c

Line 58 in da47547

key_t first_segment_key = -1;

[TysonAndre]

Couldn't OPcache just use IPC_PRIVATE even for the first segment:

It is. In the windows polyfill, you can attach to the new segment id. https://man7.org/linux/man-pages/man2/shmget.2.html It seems like you can in linux when I manually tested, though the manual didn't make that clear

php-src/ext/opcache/shared_alloc_shm.c

Line 112 in 5a5037f

shared_segments[i].common.p = shmat(shared_segments[i].shm_id, NULL, 0);

TSRM/tsrm_win32.h
75:#define IPC_PRIVATE  0

---

Test scripts for being able to attach to IPC_PRIVATE(0) from userland on Linux if the id is known

<?php // test.php
$segment = shmop_open(0, 'c', 0666, 20);
var_dump($segment);
$segment2 = shmop_open(0, 'c', 0666, 20);
var_dump($segment2);
var_dump(shmop_write($segment, 'foo', 0));
var_dump(shmop_read($segment, 0, 3));

» sapi/cli/php test.php
old shmid=0
shmid=32827
object(Shmop)#1 (0) {
}
old shmid=32827
shmid=32828
object(Shmop)#2 (0) {
}
int(3)
string(3) "foo"

--- a/ext/shmop/shmop.c
+++ b/ext/shmop/shmop.c
@@ -181,8 +181,16 @@ PHP_FUNCTION(shmop_open)
                zend_argument_value_error(4, "must be greater than 0 for the \"c\" and \"n\" access modes");
                goto err;
        }
+       static int id = 0;
+       if (shmop->key == 0) {
+               shmop->key = id;
+       }
 
+       printf("old shmid=%d\n", (int)shmop->key);
        shmop->shmid = shmget(shmop->key, shmop->size, shmop->shmflg);
+       id = shmop->shmid;
+       printf("shmid=%d\n", (int)shmop->shmid);
+
        if (shmop->shmid == -1) {
                php_error_docref(NULL, E_WARNING, "Unable to attach or create shared memory segment \"%s\"", strerror(errno));
                goto err;

[cmb69]

It seems like you can in linux when I manually tested, though the manual didn't make that clear

Well, it is not guaranteed the IP_PRIVATE == 0, and it might not work for different processes. However, since this ticket is actually about the same process, just disregard my comment.

Note, though, that there is no issue regarding OPcache SHM on Windows, since only memory_model win32 is supported there (but not shm).