Hello all,
I've got a patch for a little buglet in the IPC/SHM code.
Description of the buglet:
If an SHM segment is destroyed while there are still processes attached, the
kernel only marks it as destroyed until the last process detached (nothing
wrong with this).
The problem is, it is neither possible to attach to this segment (right) nor
possible to create a new segment with the same key (wrong).
All commercial Unix systems I could get my hands on allowed the second and IMHO
logical action.
The patch for this is more or less 1 line and attached for the kernel versions
2.2.x and 2.3.x (tried only on 2.3.20 and 2.3.25).
More information including a program triggering this bug and a patch for 2.0.x
can be found at:
http://www.vauban.uni-freiburg.de/~cla/linux/kpatches/shmpatch.html
Feel free to mail me if there are questions AND please CC me as I am not on
the list.
Regards,
Claudius
--Claudius Link linkclau@uni-freiburg.de
--3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="shmpatch_2.2.xx"
--- linux-2.2.12/ipc/shm.c Thu Aug 26 02:29:53 1999 +++ linux/ipc/shm.c Tue Oct 12 00:43:57 1999 @@ -62,8 +62,11 @@ sleep_on (&shm_lock); if (shp == IPC_UNUSED) continue; - if (key == shp->u.shm_perm.key) + if (key == shp->u.shm_perm.key) { + if (shp->u.shm_perm.mode & SHM_DEST) + continue; return id; + } } return -1; }
--3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="shmpatch_2.3.xx"
--- linux-2.3.20/ipc/shm.c Fri Oct 8 19:07:23 1999 +++ linux/ipc/shm.c Tue Oct 12 00:55:59 1999 @@ -95,8 +95,11 @@ } if (shp == IPC_UNUSED) continue; - if (key == shp->u.shm_perm.key) + if (key == shp->u.shm_perm.key) { + if(shp->u.shm_perm.mode & SHM_DEST) + continue; return id; + } } return -1; }
--3MwIy2ne0vdjdPXF--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/