From c7e12b838989b0e432c7a1cdf1e6c6fd936007f6 Mon Sep 17 00:00:00 2001 From: Pavel Emelianov Date: Thu, 2 Nov 2006 22:07:03 -0800 Subject: [PATCH] Fix ipc entries removal Fix two issuses related to ipc_ids->entries freeing. 1. When freeing ipc namespace we need to free entries allocated with ipc_init_ids(). 2. When removing old entries in grow_ary() ipc_rcu_putref() may be called on entries set to &ids->nullentry earlier in ipc_init_ids(). This is almost impossible without namespaces, but with them this situation becomes possible. Found during OpenVZ testing after obvious leaks in beancounters. Signed-off-by: Pavel Emelianov Cc: Kirill Korotaev Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/msg.c | 1 + ipc/sem.c | 1 + ipc/shm.c | 1 + ipc/util.c | 2 +- ipc/util.h | 12 ++++++++++++ 5 files changed, 16 insertions(+), 1 deletion(-) (limited to 'ipc') diff --git a/ipc/msg.c b/ipc/msg.c index 5b213d9525..600e06f943 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -124,6 +124,7 @@ void msg_exit_ns(struct ipc_namespace *ns) } mutex_unlock(&msg_ids(ns).mutex); + ipc_fini_ids(ns->ids[IPC_MSG_IDS]); kfree(ns->ids[IPC_MSG_IDS]); ns->ids[IPC_MSG_IDS] = NULL; } diff --git a/ipc/sem.c b/ipc/sem.c index 0dafcc455f..21b3289d64 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -161,6 +161,7 @@ void sem_exit_ns(struct ipc_namespace *ns) } mutex_unlock(&sem_ids(ns).mutex); + ipc_fini_ids(ns->ids[IPC_SEM_IDS]); kfree(ns->ids[IPC_SEM_IDS]); ns->ids[IPC_SEM_IDS] = NULL; } diff --git a/ipc/shm.c b/ipc/shm.c index bfbd317ec1..d1198dd07a 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -116,6 +116,7 @@ void shm_exit_ns(struct ipc_namespace *ns) } mutex_unlock(&shm_ids(ns).mutex); + ipc_fini_ids(ns->ids[IPC_SHM_IDS]); kfree(ns->ids[IPC_SHM_IDS]); ns->ids[IPC_SHM_IDS] = NULL; } diff --git a/ipc/util.c b/ipc/util.c index 42479e4eec..cd8bb14a43 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -301,7 +301,7 @@ static int grow_ary(struct ipc_ids* ids, int newsize) */ rcu_assign_pointer(ids->entries, new); - ipc_rcu_putref(old); + __ipc_fini_ids(ids, old); return newsize; } diff --git a/ipc/util.h b/ipc/util.h index c8fd6b9d77..e3aa2c5c97 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -83,6 +83,18 @@ void* ipc_rcu_alloc(int size); void ipc_rcu_getref(void *ptr); void ipc_rcu_putref(void *ptr); +static inline void __ipc_fini_ids(struct ipc_ids *ids, + struct ipc_id_ary *entries) +{ + if (entries != &ids->nullentry) + ipc_rcu_putref(entries); +} + +static inline void ipc_fini_ids(struct ipc_ids *ids) +{ + __ipc_fini_ids(ids, ids->entries); +} + struct kern_ipc_perm* ipc_get(struct ipc_ids* ids, int id); struct kern_ipc_perm* ipc_lock(struct ipc_ids* ids, int id); void ipc_lock_by_ptr(struct kern_ipc_perm *ipcp); -- cgit v1.2.2 From 80491eb90c750fcd7d13830062f27ae9b7cc5f75 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sat, 4 Nov 2006 09:55:00 -0800 Subject: Revert unintentional "volatile" changes in ipc/msg.c Commit 5a06a363ef48444186f18095ae1b932dddbbfa89 ("[PATCH] ipc/msg.c: clean up coding style") breaks fakeroot on Alpha (variously hangs or oopses), according to a report by Falk Hueffner. The fact that the code seems to rely on compiler access ordering through the use of "volatile" is a pretty certain sign that the code has locking problems, and we should fix those properly and then remove the whole "volatile" entirely. But in the meantime, the movement of "volatile" was unintentional, and should be reverted. Cc: Falk Hueffner Cc: Andrew Morton Acked-by: Ingo Molnar Signed-off-by: Linus Torvalds --- ipc/msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ipc') diff --git a/ipc/msg.c b/ipc/msg.c index 600e06f943..1266b1d0c8 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -52,7 +52,7 @@ struct msg_receiver { long r_msgtype; long r_maxsize; - volatile struct msg_msg *r_msg; + struct msg_msg *volatile r_msg; }; /* one msg_sender for each sleeping sender */ -- cgit v1.2.2