[RFC,PATCH] remove lockless receive from ipc/msg.c

From: Manfred Spraul (manfred@colorfullife.com)
Date: Sat Nov 09 2002 - 09:16:52 EST


Bernhard Kaindl noticed a race in the lockless receive path of msgrcv():
If a signal wakes up the thread that sleeps in msgrcv(), then
pipelined_send() can access an already invalid structure. This can cause
oopses during wake_up_process().

http://marc.theaimsgroup.com/?l=linux-kernel&m=103599896511067&w=2

The simplest solution is to remove the lockless receive, and always
acquire the spinlock during receive.
Unfortunately this would increase the number of spinlock operations for
ipc/msg.c by up to 50%. (from 2 to 3 spinlock calls for msgrcv()+msgsnd())

Any other ideas? Are there workloads that heavily rely on sysv msg?

Patch against 2.5.46 is attached.

--
    Manfred

--- 2.5/ipc/msg.c 2002-11-09 00:45:37.000000000 +0100 +++ build-2.5/ipc/msg.c 2002-11-09 15:01:13.000000000 +0100 @@ -799,10 +799,6 @@ schedule(); current->state = TASK_RUNNING; - msg = (struct msg_msg*) msr_d.r_msg; - if(!IS_ERR(msg)) - goto out_success; - msq = msg_lock(msqid); msg = (struct msg_msg*)msr_d.r_msg; if(!IS_ERR(msg)) {

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:17 EST