diff options
| author | Davidlohr Bueso <dave@stgolabs.net> | 2015-06-30 17:58:45 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-06-30 22:44:59 -0400 |
| commit | f8b5918495be32807c4f878de959540eb63a9b9f (patch) | |
| tree | 4f451f58daf8c894eaf4f3e9bac6d88b597c3881 /ipc/util.c | |
| parent | 55b7ae50167efc9b1c4f8fb60a99478cd46a82f7 (diff) | |
ipc,sysv: make return -EIDRM when racing with RMID consistent
The ipc_lock helper is used by all forms of sysv ipc to acquire the ipc
object's spinlock. Upon error (bogus identifier), we always return
-EINVAL, whether the problem be in the idr path or because we raced with a
task performing RMID. For the later, however, all ipc related manpages,
state the that for:
EIDRM <ID> points to a removed identifier.
And return:
EINVAL Invalid <ID> value, or unaligned, etc.
Which (EINVAL) should only return once the ipc resource is deleted. For
all types of ipc this is done immediately upon a RMID command. However,
shared memory behaves slightly different as it can merely mark a segment
for deletion, and delay the actual freeing until there are no more active
consumers. Per shmctl(IPC_RMID) manpage:
""
Mark the segment to be destroyed. The segment will only actually
be destroyed after the last process detaches it (i.e., when the
shm_nattch member of the associated structure shmid_ds is zero).
""
Unlike ipc_lock, paths that behave "correctly", at least per the manpage,
involve controlling the ipc resource via *ctl(), doing the exact same
validity check as ipc_lock after right acquiring the spinlock:
if (!ipc_valid_object()) {
err = -EIDRM;
goto out_unlock;
}
Thus make ipc_lock consistent with the rest of ipc code and return -EIDRM
in ipc_lock when !ipc_valid_object().
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc/util.c')
| -rw-r--r-- | ipc/util.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ipc/util.c b/ipc/util.c index 3fdfabfdd9c3..b99038699fee 100644 --- a/ipc/util.c +++ b/ipc/util.c | |||
| @@ -583,19 +583,22 @@ struct kern_ipc_perm *ipc_lock(struct ipc_ids *ids, int id) | |||
| 583 | rcu_read_lock(); | 583 | rcu_read_lock(); |
| 584 | out = ipc_obtain_object_idr(ids, id); | 584 | out = ipc_obtain_object_idr(ids, id); |
| 585 | if (IS_ERR(out)) | 585 | if (IS_ERR(out)) |
| 586 | goto err1; | 586 | goto err; |
| 587 | 587 | ||
| 588 | spin_lock(&out->lock); | 588 | spin_lock(&out->lock); |
| 589 | 589 | ||
| 590 | /* ipc_rmid() may have already freed the ID while ipc_lock | 590 | /* |
| 591 | * was spinning: here verify that the structure is still valid | 591 | * ipc_rmid() may have already freed the ID while ipc_lock() |
| 592 | * was spinning: here verify that the structure is still valid. | ||
| 593 | * Upon races with RMID, return -EIDRM, thus indicating that | ||
| 594 | * the ID points to a removed identifier. | ||
| 592 | */ | 595 | */ |
| 593 | if (ipc_valid_object(out)) | 596 | if (ipc_valid_object(out)) |
| 594 | return out; | 597 | return out; |
| 595 | 598 | ||
| 596 | spin_unlock(&out->lock); | 599 | spin_unlock(&out->lock); |
| 597 | out = ERR_PTR(-EINVAL); | 600 | out = ERR_PTR(-EIDRM); |
| 598 | err1: | 601 | err: |
| 599 | rcu_read_unlock(); | 602 | rcu_read_unlock(); |
| 600 | return out; | 603 | return out; |
| 601 | } | 604 | } |