Re: [PATCH 4/4] ipc,msg: prevent race with rmid in msgsnd,msgrcv

From: Manfred Spraul
Date: Fri Sep 27 2013 - 01:50:54 EST

Next message: Ingo Molnar: "Re: [tip:x86/reboot] x86/reboot: Remove the duplicate C6100 entry inthe reboot quirks list"
Previous message: Ingo Molnar: "Re: [GIT PULL 3.12-rc2 fixes] clocksource: Several fixes for 3.12-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andrew,

Could you include the patch in -mm and push it towards Linus?

On 09/16/2013 05:04 AM, Davidlohr Bueso wrote:

This fixes a race in both msgrcv() and msgsnd() between finding the msg and
actually dealing with the queue, as another thread can delete shmid
underneath us if we are preempted before acquiring the kern_ipc_perm.lock.

Manfred illustrates this nicely:

Assume a preemptible kernel that is preempted just after
msq = msq_obtain_object_check(ns, msqid)
in do_msgrcv().
The only lock that is held is rcu_read_lock().

Now the other thread processes IPC_RMID.
When the first task is resumed, then it will happily wait for messages on a
deleted queue.

Fix this by checking for if the queue has been deleted after taking the lock.

Reported-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx # for 3.11
Signed-off-by: Davidlohr Bueso <davidlohr@xxxxxx>

Signed-off-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [tip:x86/reboot] x86/reboot: Remove the duplicate C6100 entry inthe reboot quirks list"
Previous message: Ingo Molnar: "Re: [GIT PULL 3.12-rc2 fixes] clocksource: Several fixes for 3.12-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]