Re: [PATCH 0/4] ipc: shm and msg fixes

From: Manfred Spraul
Date: Tue Sep 24 2013 - 04:50:09 EST

Next message: Christoph Hellwig: "Re: [PATCH] sysv: Add forgotten superblock lock init for v7 fs"
Previous message: Christoph Hellwig: "Re: [PATCH] stable_kernel_rules.txt: Exclude networking from stablerules"
Next in thread: Manfred Spraul: "Re: [PATCH 0/4] ipc: shm and msg fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

On 09/24/2013 03:22 AM, Linus Torvalds wrote:

On Mon, Sep 23, 2013 at 5:04 PM, Davidlohr Bueso <davidlohr@xxxxxx> wrote:
Ok, so here's the code - again I've tested it with LTP on the resources
I have.

This looks good to me.

Manfred, mind giving this a look-over and see if this resolves your
race concerns too?

All race concerns with regards to code outside ipc are resolved.

My current list of open issues:

https://bugzilla.kernel.org/show_bug.cgi?id=61351
Fix is in mm tree (ipc-semc-fix-race-in-sem_lock.patch)

https://bugzilla.kernel.org/show_bug.cgi?id=61321
https://bugzilla.kernel.org/show_bug.cgi?id=61331
https://bugzilla.kernel.org/show_bug.cgi?id=61341
All 3 are fixed by Davidlohr's patch

https://bugzilla.kernel.org/show_bug.cgi?id=61361
https://bugzilla.kernel.org/show_bug.cgi?id=61371
Both still open. The fix is trivial:
Sprinkle a fair amount of "if (perm.deleted) return -EIDRM;" after ipc_lock.

And now new:
1) ipc/namespace.c:
free_ipcs() still assumes the "old style" free calls:
rcu_lock and ipc_lock dropped within the callback.

freeary() was converted - but free_ipcs was not updated.

Thus:
Closing a namespace with sem arrays and threads that are waiting on the array with semtimedop() and bad timing can deadlock the semtimedop thread.
(i.e.: spin_lock() waiting forever).

2) ipc/sem.c:
The proc interface calls ipc_lock() directly - thus the exclusion of simple semop's is missing with sysvipc_sem_proc_show().
A "sem_wait_array()" might be added as the first line into sysvipc_sem_proc_show().

It's more a correctness thing: Nothing breaks if get_semotime() is called in parallel with simple ops.

3) The missing update of sem_otime for simple ops that Jia He found
http://marc.info/?l=linux-kernel&m=137981594522009&w=2

--
Manfred
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [PATCH] sysv: Add forgotten superblock lock init for v7 fs"
Previous message: Christoph Hellwig: "Re: [PATCH] stable_kernel_rules.txt: Exclude networking from stablerules"
Next in thread: Manfred Spraul: "Re: [PATCH 0/4] ipc: shm and msg fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]