Re: [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
From: Andrew Morton
Date: Mon Aug 26 2013 - 16:42:05 EST
On Sat, 24 Aug 2013 13:44:49 +0200 Svenning S__rensen <sss@xxxxxxxxxx> wrote:
> According to 'man msgrcv':
> "If msgtyp is less than 0, the first message of the lowest type that is less
> than or equal to the absolute value of msgtyp shall be received."
>
> Bug: The kernel only returns a message if its type is 1; other messages with
> type < abs(msgtype) will never get returned.
>
> Fix: After having traversed the list to find the first message with the
> lowest type, we need to actually return that message.
>
> Signed-off-by: Svenning Soerensen <sss@xxxxxxxxxx>
>
> diff --git a/ipc/msg.c b/ipc/msg.c
> index bd60d7e..9f29d9e 100644
> --- a/ipc/msg.c
> +++ b/ipc/msg.c
> @@ -839,7 +839,7 @@ static inline void free_copy(struct msg_msg *copy)
>
> static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> {
> - struct msg_msg *msg;
> + struct msg_msg *msg, *found = NULL;
> long count = 0;
>
> list_for_each_entry(msg, &msq->q_messages, m_list) {
> @@ -848,6 +848,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> *msgtyp, mode)) {
> if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
> *msgtyp = msg->m_type - 1;
> + found = msg;
Should we continue the search in this case, or should the code
immediately return this message?
> } else if (mode == SEARCH_NUMBER) {
> if (*msgtyp == count)
> return msg;
> @@ -857,7 +858,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> }
> }
>
> - return ERR_PTR(-EAGAIN);
> + return found ?: ERR_PTR(-EAGAIN);
> }
>
> long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/