linux/ipc
Manfred Spraul 6e224f9459 ipc/sem.c: synchronize semop and semctl with IPC_RMID
After acquiring the semlock spinlock, operations must test that the
array is still valid.

 - semctl() and exit_sem() would walk stale linked lists (ugly, but
   should be ok: all lists are empty)

 - semtimedop() would sleep forever - and if woken up due to a signal -
   access memory after free.

The patch also:
 - standardizes the tests for .deleted, so that all tests in one
   function leave the function with the same approach.
 - unconditionally tests for .deleted immediately after every call to
   sem_lock - even it it means that for semctl(GETALL), .deleted will be
   tested twice.

Both changes make the review simpler: After every sem_lock, there must
be a test of .deleted, followed by a goto to the cleanup code (if the
function uses "goto cleanup").

The only exception is semctl_down(): If sem_ids().rwsem is locked, then
the presence in ids->ipcs_idr is equivalent to !.deleted, thus no
additional test is required.

Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Cc: Mike Galbraith <efault@gmx.de>
Acked-by: Davidlohr Bueso <davidlohr@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-10-16 21:35:52 -07:00
..
compat_mq.c ipc: initialize structure memory to zero for compat functions 2010-10-27 18:03:13 -07:00
compat.c get rid of union semop in sys_semctl(2) arguments 2013-03-05 15:14:16 -05:00
ipc_sysctl.c ipc: add sysctl to specify desired next object id 2013-01-04 16:11:45 -08:00
ipcns_notifier.c
Makefile Add generic sys_ipc wrapper 2010-03-12 15:52:32 -08:00
mq_sysctl.c mqueue: separate mqueue default value from maximum value 2012-05-31 17:49:31 -07:00
mqueue.c audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record 2013-07-09 10:33:19 -07:00
msg.c ipc,msg: prevent race with rmid in msgsnd,msgrcv 2013-09-30 14:31:03 -07:00
msgutil.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
namespace.c ipc: drop ipc_lock_by_ptr 2013-09-11 15:59:44 -07:00
sem.c ipc/sem.c: synchronize semop and semctl with IPC_RMID 2013-10-16 21:35:52 -07:00
shm.c ipc: fix race with LSMs 2013-09-24 09:36:53 -07:00
syscall.c get rid of union semop in sys_semctl(2) arguments 2013-03-05 15:14:16 -05:00
util.c ipc: update locking scheme comments 2013-10-16 21:35:52 -07:00
util.h ipc: fix race with LSMs 2013-09-24 09:36:53 -07:00