[PATCH 4/5] ipc,sysv: make return -EIDRM when racing with RMID consistent

From: Davidlohr Bueso
Date: Sat Jun 06 2015 - 09:38:58 EST

Next message: Davidlohr Bueso: "[PATCH 3/5] ipc: rename ipc_obtain_object"
Previous message: Davidlohr Bueso: "[PATCH 5/5] ipc,sysv: return -EINVAL upon incorrect id/seqnum"
In reply to: Davidlohr Bueso: "[PATCH 5/5] ipc,sysv: return -EINVAL upon incorrect id/seqnum"
Next in thread: Davidlohr Bueso: "[PATCH 3/5] ipc: rename ipc_obtain_object"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The ipc_lock helper is used by all forms of sysv ipc to acquire
the ipc object's spinlock. Upon error (bogus identifier), we
always return -EINVAL, whether the problem be in the idr path or
because we raced with a task performing RMID. For the later,
however, all ipc related manpages, state the that for:

EIDRM <ID> points to a removed identifier.

And return:

EINVAL Invalid <ID> value, or unaligned, etc.

Which (EINVAL) should only return once the ipc resource is deleted.
For all types of ipc this is done immediately upon a RMID command.
However, shared memory behaves slightly different as it can merely
mark a segment for deletion, and delay the actual freeing until
there are no more active consumers. Per shmctl(IPC_RMID) manpage:

""
Mark the segment to be destroyed. The segment will only actually
be destroyed after the last process detaches it (i.e., when the
shm_nattch member of the associated structure shmid_ds is zero).
""

Unlike ipc_lock, paths that behave "correctly", at least per the
manpage, involve controlling the ipc resource via *ctl(), doing
the exact same validity check as ipc_lock after right acquiring
the spinlock:

if (!ipc_valid_object()) {
err = -EIDRM;
goto out_unlock;
}

Thus make ipc_lock consistent with the rest of ipc code and return
-EIDRM in ipc_lock when !ipc_valid_object().

Signed-off-by: Davidlohr Bueso <dbueso@xxxxxxx>
---
ipc/util.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/ipc/util.c b/ipc/util.c
index adb8f89..15e750d 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -586,19 +586,22 @@ struct kern_ipc_perm *ipc_lock(struct ipc_ids *ids, int id)
rcu_read_lock();
out = ipc_obtain_object_idr(ids, id);
if (IS_ERR(out))
- goto err1;
+ goto err;

spin_lock(&out->lock);

- /* ipc_rmid() may have already freed the ID while ipc_lock
- * was spinning: here verify that the structure is still valid
+ /*
+ * ipc_rmid() may have already freed the ID while ipc_lock()
+ * was spinning: here verify that the structure is still valid.
+ * Upon races with RMID, return -EIDRM, thus indicating that
+ * the ID points to a removed identifier.
*/
if (ipc_valid_object(out))
return out;

spin_unlock(&out->lock);
- out = ERR_PTR(-EINVAL);
-err1:
+ out = ERR_PTR(-EIDRM);
+err:
rcu_read_unlock();
return out;
}
--
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Davidlohr Bueso: "[PATCH 3/5] ipc: rename ipc_obtain_object"
Previous message: Davidlohr Bueso: "[PATCH 5/5] ipc,sysv: return -EINVAL upon incorrect id/seqnum"
In reply to: Davidlohr Bueso: "[PATCH 5/5] ipc,sysv: return -EINVAL upon incorrect id/seqnum"
Next in thread: Davidlohr Bueso: "[PATCH 3/5] ipc: rename ipc_obtain_object"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]