Re: [PATCH 2/4] ipc,shm: prevent race with rmid in shmat(2)

[Davidlohr Bueso]

Hi Manfred,

On Fri, 2013-09-27 at 07:45 +0200, Manfred Spraul wrote:
> Hi Davidlohr,
> 
> On 09/16/2013 05:04 AM, Davidlohr Bueso wrote:
> > This fixes a race in shmat() between finding the msq and
> > actually attaching the segment, as another thread can delete shmid
> > underneath us if we are preempted before acquiring the kern_ipc_perm.lock.
> According the the man page, Linux supports attaching to deleted shm 
> segments:
> 
> http://linux.die.net/man/2/shmat
> >
> > On Linux, it is possible to attach a shared memory segment even if it 
> > is already marked to be deleted. However, POSIX.1-2001 does not 
> > specify this behavior and many other implementations do not support it.
> >

Good catch!

> Does your patch change that?

Yes, it should and furthermore it affects the following property:

 shm_nattch is decremented by one.  If it becomes 0 and the segment is
marked for deletion, the segment is deleted.



> Unfortunately, I have neither any experience with ipc/shm nor any test 
> cases.
> 
> And:
> As far as I can see it's not a problem if we are attaching to a deleted 
> segment: shm_close cleans up everything.

Agreed, please disregard this patch.

Thanks,
Davidlohr

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/