Re: [PATCH] Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
From: Herton R. Krzesinski
Date: Tue Dec 17 2019 - 16:17:56 EST
On Mon, Dec 16, 2019 at 08:04:53PM +0100, Manfred Spraul wrote:
> Hi Ioanna,
>
> On 12/11/19 8:13 PM, Ioanna Alifieraki wrote:
> > This reverts commit a97955844807e327df11aa33869009d14d6b7de0.
> >
> > Commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage
> > in exit_sem()") removes a lock that is needed.
>
> Yes, you are right, the lock is needed.
>
> The documentation is already correct:
>
> sem_undo_list.list_proc: undo_list->lock for write.
>
> [...]
> > Removing elements from list_id is safe for both exit_sem() and freeary()
> > due to sem_lock(). Removing elements from list_proc is not safe;
>
> Correct, removing elements is not safe.
>
> Removing one element would be ok, as we hold sem_lock.
>
> But if there are two elements, then we don't hold sem_lock for the 2nd
> element, and thus the list is corrupted.
I think that's what I overlooked/missed back then, sorry for the bug.
>
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1694779
> >
> > Fixes: a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()")
> > Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@xxxxxxxxxxxxx>
> Acked-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Acked-by: Herton R. Krzesinski <herton@xxxxxxxxxx>
> > ---
> > ipc/sem.c | 6 ++----
> > 1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/ipc/sem.c b/ipc/sem.c
> > index ec97a7072413..fe12ea8dd2b3 100644
> > --- a/ipc/sem.c
> > +++ b/ipc/sem.c
> > @@ -2368,11 +2368,9 @@ void exit_sem(struct task_struct *tsk)
> > ipc_assert_locked_object(&sma->sem_perm);
> > list_del(&un->list_id);
> > - /* we are the last process using this ulp, acquiring ulp->lock
> > - * isn't required. Besides that, we are also protected against
> > - * IPC_RMID as we hold sma->sem_perm lock now
> > - */
> > + spin_lock(&ulp->lock);
> > list_del_rcu(&un->list_proc);
> > + spin_unlock(&ulp->lock);
> > /* perform adjustments registered in un */
> > for (i = 0; i < sma->sem_nsems; i++) {
>
>
--
[]'s
Herton