Re: [PATCH 2/4] ipc,shm: prevent race with rmid in shmat(2)
From: Davidlohr Bueso
Date: Fri Sep 27 2013 - 19:40:50 EST
Hi Manfred,
On Fri, 2013-09-27 at 07:45 +0200, Manfred Spraul wrote:
> Hi Davidlohr,
>
> On 09/16/2013 05:04 AM, Davidlohr Bueso wrote:
> > This fixes a race in shmat() between finding the msq and
> > actually attaching the segment, as another thread can delete shmid
> > underneath us if we are preempted before acquiring the kern_ipc_perm.lock.
> According the the man page, Linux supports attaching to deleted shm
> segments:
>
> http://linux.die.net/man/2/shmat
> >
> > On Linux, it is possible to attach a shared memory segment even if it
> > is already marked to be deleted. However, POSIX.1-2001 does not
> > specify this behavior and many other implementations do not support it.
> >
Good catch!
> Does your patch change that?
Yes, it should and furthermore it affects the following property:
shm_nattch is decremented by one. If it becomes 0 and the segment is
marked for deletion, the segment is deleted.
> Unfortunately, I have neither any experience with ipc/shm nor any test
> cases.
>
> And:
> As far as I can see it's not a problem if we are attaching to a deleted
> segment: shm_close cleans up everything.
Agreed, please disregard this patch.
Thanks,
Davidlohr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/