Re: [PATCH 2/2] ipc: Fix ipc data structures inconsistency

[Philippe Mikoyan]

On Fri, 1 Dec 2017 09:20:07 -0800
Davidlohr Bueso <dave@xxxxxxxxxxxx> wrote:

> 
> Hmm yeah that's pretty fishy, also shm_atime = 0, no?
> 

Yeah, definitely, other data structure fields can also be
inconsistent, and applying not only to shmem, but also to 
other ipc mechanisms.

Thank you for noting the typo, 'll send fixed version in next
message(without another patch, see below).

On Sat, 2 Dec 2017 07:03:30 +0100
Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> wrote:

> Especially: I don't know the shm code good enough to immediately
> check the change you make to nattach.

It seems that I didn't know the shm code good enough too: I've
recently discovered that 
[PATCH 1/2] ipc/shm: Fix shm_nattch incorrect value
is, frankly speaking, clearly total crap as it 
1) doesn't handle that shmem segment can be already RMID-ed
when entering shm_mmap, when called from 'remap_file_pages'
2) doesn't support (broken) logic of detaching remapped via
'remap_file_pages' shmem segment.

Regardless of handling (deprecated) 'remap_file_pages' call, patch
shall be OK. However, it has to be made over.

Sorry about that, hope I will find at least halfway elegant 
solution and send it ASAP.

On Sat, 2 Dec 2017 07:03:30 +0100
Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> wrote:

> 
> And, perhaps as a side information:
> There appears to be a use-after-free in shm, I now got a 2nd mail
> from syzbot:
> http://lkml.iu.edu/hypermail/linux/kernel/1702.3/02480.html
> 

Will dig into.


Thanks,
Phil