From: Oleg Nesterov <oleg@redhat.com>
To: Vasiliy Kulikov <segoon@openwall.com>
Cc: akpm@linux-foundation.org,
Serge Hallyn <serge.hallyn@canonical.com>,
daniel.lezcano@free.fr, ebiederm@xmission.com, mingo@elte.hu,
rdunlap@xenotime.net, tj@kernel.org,
kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] Re: [PATCH] shm: optimize locking and ipc_namespace getting
Date: Mon, 4 Jul 2011 19:29:45 +0200 [thread overview]
Message-ID: <20110704172945.GA14076@redhat.com> (raw)
In-Reply-To: <20110704170150.GA2806@albatros>
On 07/04, Vasiliy Kulikov wrote:
>
> exit_shm() and shm_destroy_orphaned() may avoid the loop by checking
> whether there is at least one segment in current ipc_namespace.
Obviously I can't ack because I do not really understand this code,
but looks good to me.
Minor nit,
> void exit_shm(struct task_struct *task)
> {
> - struct nsproxy *nsp = task->nsproxy;
> - struct ipc_namespace *ns;
> -
> - if (!nsp)
> - return;
> - ns = nsp->ipc_ns;
> - if (!ns)
> - return;
> + struct ipc_namespace *ns = task->nsproxy->ipc_ns;
>
> /* Destroy all already created segments, but not mapped yet */
> down_write(&shm_ids(ns).rw_mutex);
> - idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_current, ns);
> + if (&shm_ids(ns).in_use)
Afaics, unlike shm_destroy_orphaned(), exit_shm() can check .in_use
lockless and thus avoid down_write() in the fast path. Given that
this sem is "global", I think this makes sense.
exit_shm() only cares about shmid_kernel's which were created by
current, we can't miss .in_use++ in ipc_addid(), it was called by us.
and thus we can't miss in_use != 0 although it is not stable without
the lock.
Oleg.
next prev parent reply other threads:[~2011-07-04 17:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-29 22:14 + ipc-introduce-shm_rmid_forced-sysctl.patch added to -mm tree akpm
[not found] ` <20110630134855.GA6165@mail.hallyn.com>
2011-06-30 13:57 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-03 18:00 ` Vasiliy Kulikov
2011-07-04 11:55 ` [kernel-hardening] [PATCH] shm: handle separate PID namespaces case Vasiliy Kulikov
2011-07-04 15:05 ` [kernel-hardening] " Oleg Nesterov
2011-07-04 15:26 ` Vasiliy Kulikov
2011-07-04 15:37 ` Oleg Nesterov
2011-07-04 15:48 ` Vasiliy Kulikov
2011-07-04 17:01 ` [kernel-hardening] [PATCH] shm: optimize locking and ipc_namespace getting Vasiliy Kulikov
2011-07-04 17:29 ` Oleg Nesterov [this message]
2011-07-04 17:51 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-05 17:38 ` [kernel-hardening] [PATCH v2] " Vasiliy Kulikov
2011-07-05 17:37 ` [kernel-hardening] [PATCH v2] shm: handle separate PID namespaces case Vasiliy Kulikov
2011-07-15 6:45 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-05 14:26 ` [kernel-hardening] Re: [PATCH] " Serge Hallyn
2011-07-05 14:50 ` Vasiliy Kulikov
2011-07-05 15:57 ` Serge Hallyn
2011-07-05 17:42 ` Vasiliy Kulikov
2011-07-06 16:31 ` Serge Hallyn
2011-07-06 16:57 ` Vasiliy Kulikov
2011-07-06 18:08 ` Oleg Nesterov
2011-07-06 18:35 ` Vasiliy Kulikov
2011-07-05 17:29 ` Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110704172945.GA14076@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=daniel.lezcano@free.fr \
--cc=ebiederm@xmission.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=mingo@elte.hu \
--cc=rdunlap@xenotime.net \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.