Re: [PATCH 0/4] ipc: shm and msg fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Manfred Spraul <manfred@colorfullife.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Davidlohr Bueso <davidlohr@hp.com>,
	Eric Paris <eparis@parisplace.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Rik van Riel <riel@redhat.com>, Mike Galbraith <efault@gmx.de>,
	Sedat Dilek <sedat.dilek@gmail.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <james.l.morris@oracle.com>,
	LSM List <linux-security-module@vger.kernel.org>,
	Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 0/4] ipc: shm and msg fixes
Date: Tue, 24 Sep 2013 10:49:49 +0200	[thread overview]
Message-ID: <5241522D.10008@colorfullife.com> (raw)
In-Reply-To: <CA+55aFxLi7PNP-4-ouoPJYjOhRCttsP6YxbCHgE2+PNee3hVGg@mail.gmail.com>

Hi Linus,

On 09/24/2013 03:22 AM, Linus Torvalds wrote:
> On Mon, Sep 23, 2013 at 5:04 PM, Davidlohr Bueso <davidlohr@hp.com> wrote:
>> Ok, so here's the code - again I've tested it with LTP on the resources
>> I have.
> This looks good to me.
>
> Manfred, mind giving this a look-over and see if this resolves your
> race concerns too?
All race concerns with regards to code outside ipc are resolved.

My current list of open issues:

https://bugzilla.kernel.org/show_bug.cgi?id=61351
     Fix is in mm tree (ipc-semc-fix-race-in-sem_lock.patch)

https://bugzilla.kernel.org/show_bug.cgi?id=61321
https://bugzilla.kernel.org/show_bug.cgi?id=61331
https://bugzilla.kernel.org/show_bug.cgi?id=61341
     All 3 are fixed by Davidlohr's patch

https://bugzilla.kernel.org/show_bug.cgi?id=61361
https://bugzilla.kernel.org/show_bug.cgi?id=61371
     Both still open. The fix is trivial:
     Sprinkle a fair amount of "if (perm.deleted) return -EIDRM;" after 
ipc_lock.

And now new:
1) ipc/namespace.c:
     free_ipcs() still assumes the "old style" free calls:
     rcu_lock and ipc_lock dropped within the callback.

     freeary() was converted - but free_ipcs was not updated.

     Thus:
     Closing a namespace with sem arrays and threads that are waiting on 
the array with semtimedop() and bad timing can deadlock the semtimedop 
thread.
     (i.e.: spin_lock() waiting forever).

2) ipc/sem.c:
     The proc interface calls ipc_lock() directly - thus the exclusion 
of simple semop's is missing with sysvipc_sem_proc_show().
     A "sem_wait_array()" might be added as the first line into 
sysvipc_sem_proc_show().

     It's more a correctness thing: Nothing breaks if get_semotime() is 
called in parallel with simple ops.

3) The missing update of sem_otime for simple ops that Jia He found
http://marc.info/?l=linux-kernel&m=137981594522009&w=2

--
     Manfred

next prev parent reply	other threads:[~2013-09-24  8:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-16  3:04 [PATCH 0/4] ipc: shm and msg fixes Davidlohr Bueso
2013-09-16  3:04 ` [PATCH 1/4] ipc,shm: fix race with selinux Davidlohr Bueso
2013-09-16  9:23   ` Manfred Spraul
2013-09-16  3:04 ` [PATCH 2/4] ipc,shm: prevent race with rmid in shmat(2) Davidlohr Bueso
2013-09-27  5:45   ` Manfred Spraul
2013-09-27 23:40     ` Davidlohr Bueso
2013-09-16  3:04 ` [PATCH 3/4] ipc,msg: fix race with selinux Davidlohr Bueso
2013-09-16  3:04 ` [PATCH 4/4] ipc,msg: prevent race with rmid in msgsnd,msgrcv Davidlohr Bueso
2013-09-27  5:50   ` Manfred Spraul
2013-09-19 21:22 ` [PATCH 0/4] ipc: shm and msg fixes Davidlohr Bueso
2013-09-20 18:08   ` Eric Paris
2013-09-21 18:30     ` Davidlohr Bueso
2013-09-21 18:58       ` Linus Torvalds
2013-09-23  6:42         ` Davidlohr Bueso
2013-09-23 16:54           ` Linus Torvalds
2013-09-24  0:04             ` Davidlohr Bueso
2013-09-24  1:22               ` Linus Torvalds
2013-09-24  8:49                 ` Manfred Spraul [this message]
2013-09-24  9:05               ` Manfred Spraul

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5241522D.10008@colorfullife.com \
    --to=manfred@colorfullife.com \
    --cc=akpm@linux-foundation.org \
    --cc=casey@schaufler-ca.com \
    --cc=davidlohr@hp.com \
    --cc=efault@gmx.de \
    --cc=eparis@parisplace.org \
    --cc=james.l.morris@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=riel@redhat.com \
    --cc=sds@tycho.nsa.gov \
    --cc=sedat.dilek@gmail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.