* [RFC,PATCH] remove lockless receive from ipc/msg.c
@ 2002-11-09 14:16 Manfred Spraul
0 siblings, 0 replies; only message in thread
From: Manfred Spraul @ 2002-11-09 14:16 UTC (permalink / raw)
To: linux-kernel; +Cc: bk
[-- Attachment #1: Type: text/plain, Size: 685 bytes --]
Bernhard Kaindl noticed a race in the lockless receive path of msgrcv():
If a signal wakes up the thread that sleeps in msgrcv(), then
pipelined_send() can access an already invalid structure. This can cause
oopses during wake_up_process().
http://marc.theaimsgroup.com/?l=linux-kernel&m=103599896511067&w=2
The simplest solution is to remove the lockless receive, and always
acquire the spinlock during receive.
Unfortunately this would increase the number of spinlock operations for
ipc/msg.c by up to 50%. (from 2 to 3 spinlock calls for msgrcv()+msgsnd())
Any other ideas? Are there workloads that heavily rely on sysv msg?
Patch against 2.5.46 is attached.
--
Manfred
[-- Attachment #2: patch-ipc-race --]
[-- Type: text/plain, Size: 358 bytes --]
--- 2.5/ipc/msg.c 2002-11-09 00:45:37.000000000 +0100
+++ build-2.5/ipc/msg.c 2002-11-09 15:01:13.000000000 +0100
@@ -799,10 +799,6 @@
schedule();
current->state = TASK_RUNNING;
- msg = (struct msg_msg*) msr_d.r_msg;
- if(!IS_ERR(msg))
- goto out_success;
-
msq = msg_lock(msqid);
msg = (struct msg_msg*)msr_d.r_msg;
if(!IS_ERR(msg)) {
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-11-09 14:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-09 14:16 [RFC,PATCH] remove lockless receive from ipc/msg.c Manfred Spraul
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox