* [PATCH 1/2] fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
@ 2009-01-27 22:47 Tony Battersby
0 siblings, 0 replies; only message in thread
From: Tony Battersby @ 2009-01-27 22:47 UTC (permalink / raw)
To: linux-kernel; +Cc: Jiri Olsa, Jiri Kosina, Andrew Morton
shm_get_stat() assumes that the inode is a "struct
shmem_inode_info", which is incorrect for !CONFIG_SHMEM (see
fs/ramfs/inode.c::ramfs_get_inode() vs. mm/shmem.c::shmem_get_inode()).
This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
CC: <stable@kernel.org>
---
This bug was reported by Jiri Olsa back in February 2008; CC'ing the
people involved in the original discussion.
http://lkml.org/lkml/2008/2/29/74
--- linux-2.6.29-rc2-git3/ipc/shm.c.orig 2009-01-27 16:23:10.000000000 -0500
+++ linux-2.6.29-rc2-git3/ipc/shm.c 2009-01-27 16:23:32.000000000 -0500
@@ -565,11 +565,15 @@ static void shm_get_stat(struct ipc_name
struct hstate *h = hstate_file(shp->shm_file);
*rss += pages_per_huge_page(h) * mapping->nrpages;
} else {
+#ifdef CONFIG_SHMEM
struct shmem_inode_info *info = SHMEM_I(inode);
spin_lock(&info->lock);
*rss += inode->i_mapping->nrpages;
*swp += info->swapped;
spin_unlock(&info->lock);
+#else
+ *rss += inode->i_mapping->nrpages;
+#endif
}
total++;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-01-27 22:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-27 22:47 [PATCH 1/2] fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM Tony Battersby
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox