* [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
@ 2013-08-24 11:44 Svenning Sørensen
2013-08-24 12:49 ` Peter Hurley
2013-08-26 20:41 ` Andrew Morton
0 siblings, 2 replies; 5+ messages in thread
From: Svenning Sørensen @ 2013-08-24 11:44 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel
According to 'man msgrcv':
"If msgtyp is less than 0, the first message of the lowest type that is less
than or equal to the absolute value of msgtyp shall be received."
Bug: The kernel only returns a message if its type is 1; other messages with
type < abs(msgtype) will never get returned.
Fix: After having traversed the list to find the first message with the
lowest type, we need to actually return that message.
Signed-off-by: Svenning Soerensen <sss@secomea.dk>
diff --git a/ipc/msg.c b/ipc/msg.c
index bd60d7e..9f29d9e 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -839,7 +839,7 @@ static inline void free_copy(struct msg_msg *copy)
static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
{
- struct msg_msg *msg;
+ struct msg_msg *msg, *found = NULL;
long count = 0;
list_for_each_entry(msg, &msq->q_messages, m_list) {
@@ -848,6 +848,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
*msgtyp, mode)) {
if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
*msgtyp = msg->m_type - 1;
+ found = msg;
} else if (mode == SEARCH_NUMBER) {
if (*msgtyp == count)
return msg;
@@ -857,7 +858,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
}
}
- return ERR_PTR(-EAGAIN);
+ return found ?: ERR_PTR(-EAGAIN);
}
long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg,
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
2013-08-24 11:44 [PATCH] IPC: bugfix for msgrcv with msgtyp < 0 Svenning Sørensen
@ 2013-08-24 12:49 ` Peter Hurley
2013-08-26 20:42 ` Andrew Morton
2013-08-26 20:41 ` Andrew Morton
1 sibling, 1 reply; 5+ messages in thread
From: Peter Hurley @ 2013-08-24 12:49 UTC (permalink / raw)
To: Svenning Sørensen; +Cc: Andrew Morton, linux-kernel
On 08/24/2013 07:44 AM, Svenning Sørensen wrote:
> According to 'man msgrcv':
> "If msgtyp is less than 0, the first message of the lowest type that is less
> than or equal to the absolute value of msgtyp shall be received."
>
> Bug: The kernel only returns a message if its type is 1; other messages with
> type < abs(msgtype) will never get returned.
>
> Fix: After having traversed the list to find the first message with the
> lowest type, we need to actually return that message.
Sorry for the breakage. Needs to go to -stable as well.
Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
2013-08-24 11:44 [PATCH] IPC: bugfix for msgrcv with msgtyp < 0 Svenning Sørensen
2013-08-24 12:49 ` Peter Hurley
@ 2013-08-26 20:41 ` Andrew Morton
1 sibling, 0 replies; 5+ messages in thread
From: Andrew Morton @ 2013-08-26 20:41 UTC (permalink / raw)
To: Svenning Sørensen; +Cc: linux-kernel, Peter Hurley
On Sat, 24 Aug 2013 13:44:49 +0200 Svenning S__rensen <sss@secomea.dk> wrote:
> According to 'man msgrcv':
> "If msgtyp is less than 0, the first message of the lowest type that is less
> than or equal to the absolute value of msgtyp shall be received."
>
> Bug: The kernel only returns a message if its type is 1; other messages with
> type < abs(msgtype) will never get returned.
>
> Fix: After having traversed the list to find the first message with the
> lowest type, we need to actually return that message.
>
> Signed-off-by: Svenning Soerensen <sss@secomea.dk>
>
> diff --git a/ipc/msg.c b/ipc/msg.c
> index bd60d7e..9f29d9e 100644
> --- a/ipc/msg.c
> +++ b/ipc/msg.c
> @@ -839,7 +839,7 @@ static inline void free_copy(struct msg_msg *copy)
>
> static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> {
> - struct msg_msg *msg;
> + struct msg_msg *msg, *found = NULL;
> long count = 0;
>
> list_for_each_entry(msg, &msq->q_messages, m_list) {
> @@ -848,6 +848,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> *msgtyp, mode)) {
> if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
> *msgtyp = msg->m_type - 1;
> + found = msg;
Should we continue the search in this case, or should the code
immediately return this message?
> } else if (mode == SEARCH_NUMBER) {
> if (*msgtyp == count)
> return msg;
> @@ -857,7 +858,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> }
> }
>
> - return ERR_PTR(-EAGAIN);
> + return found ?: ERR_PTR(-EAGAIN);
> }
>
> long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg,
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
2013-08-24 12:49 ` Peter Hurley
@ 2013-08-26 20:42 ` Andrew Morton
2013-08-26 20:59 ` Peter Hurley
0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2013-08-26 20:42 UTC (permalink / raw)
To: Peter Hurley; +Cc: Svenning Sørensen, linux-kernel
On Sat, 24 Aug 2013 08:49:25 -0400 Peter Hurley <peter@hurleysoftware.com> wrote:
> On 08/24/2013 07:44 AM, Svenning S__rensen wrote:
> > According to 'man msgrcv':
> > "If msgtyp is less than 0, the first message of the lowest type that is less
> > than or equal to the absolute value of msgtyp shall be received."
> >
> > Bug: The kernel only returns a message if its type is 1; other messages with
> > type < abs(msgtype) will never get returned.
> >
> > Fix: After having traversed the list to find the first message with the
> > lowest type, we need to actually return that message.
>
> Sorry for the breakage. Needs to go to -stable as well.
Do you know which commit caused the regression? That would help those
who wish to fix up their kernels.
> Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] IPC: bugfix for msgrcv with msgtyp < 0
2013-08-26 20:42 ` Andrew Morton
@ 2013-08-26 20:59 ` Peter Hurley
0 siblings, 0 replies; 5+ messages in thread
From: Peter Hurley @ 2013-08-26 20:59 UTC (permalink / raw)
To: Andrew Morton; +Cc: Svenning Sørensen, linux-kernel
On 08/26/2013 04:42 PM, Andrew Morton wrote:
> On Sat, 24 Aug 2013 08:49:25 -0400 Peter Hurley <peter@hurleysoftware.com> wrote:
>
>> On 08/24/2013 07:44 AM, Svenning S__rensen wrote:
>>> According to 'man msgrcv':
>>> "If msgtyp is less than 0, the first message of the lowest type that is less
>>> than or equal to the absolute value of msgtyp shall be received."
>>>
>>> Bug: The kernel only returns a message if its type is 1; other messages with
>>> type < abs(msgtype) will never get returned.
>>>
>>> Fix: After having traversed the list to find the first message with the
>>> lowest type, we need to actually return that message.
>>
>> Sorry for the breakage. Needs to go to -stable as well.
>
> Do you know which commit caused the regression? That would help those
> who wish to fix up their kernels.
Commit daaf74cf0867e3042090d56d10b194d6265b4684,
ipc: refactor msg list search into separate function
introduced this regression.
Regards,
Peter Hurley
>> Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-08-26 20:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-24 11:44 [PATCH] IPC: bugfix for msgrcv with msgtyp < 0 Svenning Sørensen
2013-08-24 12:49 ` Peter Hurley
2013-08-26 20:42 ` Andrew Morton
2013-08-26 20:59 ` Peter Hurley
2013-08-26 20:41 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox