Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, 2013-07-27 at 21:34 +0800, Fengguang Wu wrote:
> On Sat, Jul 20, 2013 at 09:46:45AM -0700, Davidlohr Bueso wrote:
> > On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
> > > On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu
> > > wrote:
> > > > Greetings,
> > > >
> > > > I got the below dmesg and the first bad commit is
> > > >
> > > > commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
> > > > Author: Davidlohr Bueso
> > > > Date: Fri Jul 19 09:56:58 2013 +1000
> > > >
> > > > ipc,shm: shorten critical region for shmat
> > > >
> > > > Similar to other system calls, acquire the kern_ipc_perm lock after
> > > > doing
> > > > the initial permission and security checks.
> > > >
> > > > Signed-off-by: Davidlohr Bueso
> > > > Tested-by: Sedat Dilek
> > > > Cc: Rik van Riel
> > > > Cc: Manfred Spraul
> > > > Signed-off-by: Andrew Morton
> > > >
> > > > [ 20.702156]
> > > > [ 20.702493]
> > > > [ 20.703511] [ BUG: lock held when returning to user space! ]
> > > > [ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
> > > > [ 20.705416]
> > > > [ 20.706425] trinity-child0/174 is leaving the kernel with locks
> > > > still held!
> > > > [ 20.707638] 1 lock held by trinity-child0/174:
> > > > [ 20.708475] #0: (rcu_read_lock){.+.+..}, at: []
> > > > do_shmat+0xe1/0x500
> > > >
> > >
> > >
> > > ns = current->nsproxy->ipc_ns;
> > > - shp = shm_lock_check(ns, shmid);
> > > + rcu_read_lock();
> > > + shp = shm_obtain_object_check(ns, shmid);
> > > if (IS_ERR(shp)) {
> > > err = PTR_ERR(shp);
> > > goto out;
> > >
> > >
> > > If shm_obtain_object_check() failed, goto out will return with
> > > rcu_read_lock() held. I think following patch should cure this.
> >
> > Yep that should solve it, sorry about that. Sasha Levin sent out a fix
> > for it yesterday (offline).
>
> What's the patch's status? The bug is still there in linux-next 20130726.
Andrew, unless you have an objection (or have already done so), could
you pickup Sasha's fix?
Thanks,
Davidlohr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, 2013-07-27 at 21:34 +0800, Fengguang Wu wrote:
On Sat, Jul 20, 2013 at 09:46:45AM -0700, Davidlohr Bueso wrote:
On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu fengguang...@intel.com
wrote:
Greetings,
I got the below dmesg and the first bad commit is
commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
Author: Davidlohr Bueso davidlohr.bu...@hp.com
Date: Fri Jul 19 09:56:58 2013 +1000
ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after
doing
the initial permission and security checks.
Signed-off-by: Davidlohr Bueso davidlohr.bu...@hp.com
Tested-by: Sedat Dilek sedat.di...@gmail.com
Cc: Rik van Riel r...@redhat.com
Cc: Manfred Spraul manf...@colorfullife.com
Signed-off-by: Andrew Morton a...@linux-foundation.org
[ 20.702156]
[ 20.702493]
[ 20.703511] [ BUG: lock held when returning to user space! ]
[ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
[ 20.705416]
[ 20.706425] trinity-child0/174 is leaving the kernel with locks
still held!
[ 20.707638] 1 lock held by trinity-child0/174:
[ 20.708475] #0: (rcu_read_lock){.+.+..}, at: [814a8491]
do_shmat+0xe1/0x500
ns = current-nsproxy-ipc_ns;
- shp = shm_lock_check(ns, shmid);
+ rcu_read_lock();
+ shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
goto out;
If shm_obtain_object_check() failed, goto out will return with
rcu_read_lock() held. I think following patch should cure this.
Yep that should solve it, sorry about that. Sasha Levin sent out a fix
for it yesterday (offline).
What's the patch's status? The bug is still there in linux-next 20130726.
Andrew, unless you have an objection (or have already done so), could
you pickup Sasha's fix?
Thanks,
Davidlohr
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, Jul 20, 2013 at 09:46:45AM -0700, Davidlohr Bueso wrote:
> On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
> > On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu
> > wrote:
> > > Greetings,
> > >
> > > I got the below dmesg and the first bad commit is
> > >
> > > commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
> > > Author: Davidlohr Bueso
> > > Date: Fri Jul 19 09:56:58 2013 +1000
> > >
> > > ipc,shm: shorten critical region for shmat
> > >
> > > Similar to other system calls, acquire the kern_ipc_perm lock after
> > > doing
> > > the initial permission and security checks.
> > >
> > > Signed-off-by: Davidlohr Bueso
> > > Tested-by: Sedat Dilek
> > > Cc: Rik van Riel
> > > Cc: Manfred Spraul
> > > Signed-off-by: Andrew Morton
> > >
> > > [ 20.702156]
> > > [ 20.702493]
> > > [ 20.703511] [ BUG: lock held when returning to user space! ]
> > > [ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
> > > [ 20.705416]
> > > [ 20.706425] trinity-child0/174 is leaving the kernel with locks still
> > > held!
> > > [ 20.707638] 1 lock held by trinity-child0/174:
> > > [ 20.708475] #0: (rcu_read_lock){.+.+..}, at: []
> > > do_shmat+0xe1/0x500
> > >
> >
> >
> > ns = current->nsproxy->ipc_ns;
> > - shp = shm_lock_check(ns, shmid);
> > + rcu_read_lock();
> > + shp = shm_obtain_object_check(ns, shmid);
> > if (IS_ERR(shp)) {
> > err = PTR_ERR(shp);
> > goto out;
> >
> >
> > If shm_obtain_object_check() failed, goto out will return with
> > rcu_read_lock() held. I think following patch should cure this.
>
> Yep that should solve it, sorry about that. Sasha Levin sent out a fix
> for it yesterday (offline).
What's the patch's status? The bug is still there in linux-next 20130726.
Thanks,
Fengguang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, Jul 20, 2013 at 09:46:45AM -0700, Davidlohr Bueso wrote:
On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu fengguang...@intel.com
wrote:
Greetings,
I got the below dmesg and the first bad commit is
commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
Author: Davidlohr Bueso davidlohr.bu...@hp.com
Date: Fri Jul 19 09:56:58 2013 +1000
ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after
doing
the initial permission and security checks.
Signed-off-by: Davidlohr Bueso davidlohr.bu...@hp.com
Tested-by: Sedat Dilek sedat.di...@gmail.com
Cc: Rik van Riel r...@redhat.com
Cc: Manfred Spraul manf...@colorfullife.com
Signed-off-by: Andrew Morton a...@linux-foundation.org
[ 20.702156]
[ 20.702493]
[ 20.703511] [ BUG: lock held when returning to user space! ]
[ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
[ 20.705416]
[ 20.706425] trinity-child0/174 is leaving the kernel with locks still
held!
[ 20.707638] 1 lock held by trinity-child0/174:
[ 20.708475] #0: (rcu_read_lock){.+.+..}, at: [814a8491]
do_shmat+0xe1/0x500
ns = current-nsproxy-ipc_ns;
- shp = shm_lock_check(ns, shmid);
+ rcu_read_lock();
+ shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
goto out;
If shm_obtain_object_check() failed, goto out will return with
rcu_read_lock() held. I think following patch should cure this.
Yep that should solve it, sorry about that. Sasha Levin sent out a fix
for it yesterday (offline).
What's the patch's status? The bug is still there in linux-next 20130726.
Thanks,
Fengguang
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
> On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu wrote:
> > Greetings,
> >
> > I got the below dmesg and the first bad commit is
> >
> > commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
> > Author: Davidlohr Bueso
> > Date: Fri Jul 19 09:56:58 2013 +1000
> >
> > ipc,shm: shorten critical region for shmat
> >
> > Similar to other system calls, acquire the kern_ipc_perm lock after
> > doing
> > the initial permission and security checks.
> >
> > Signed-off-by: Davidlohr Bueso
> > Tested-by: Sedat Dilek
> > Cc: Rik van Riel
> > Cc: Manfred Spraul
> > Signed-off-by: Andrew Morton
> >
> > [ 20.702156]
> > [ 20.702493]
> > [ 20.703511] [ BUG: lock held when returning to user space! ]
> > [ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
> > [ 20.705416]
> > [ 20.706425] trinity-child0/174 is leaving the kernel with locks still
> > held!
> > [ 20.707638] 1 lock held by trinity-child0/174:
> > [ 20.708475] #0: (rcu_read_lock){.+.+..}, at: []
> > do_shmat+0xe1/0x500
> >
>
>
> ns = current->nsproxy->ipc_ns;
> - shp = shm_lock_check(ns, shmid);
> + rcu_read_lock();
> + shp = shm_obtain_object_check(ns, shmid);
> if (IS_ERR(shp)) {
> err = PTR_ERR(shp);
> goto out;
>
>
> If shm_obtain_object_check() failed, goto out will return with
> rcu_read_lock() held. I think following patch should cure this.
Yep that should solve it, sorry about that. Sasha Levin sent out a fix
for it yesterday (offline).
Thanks,
Davidlohr
>
> diff --git a/ipc/shm.c b/ipc/shm.c
> index 59f2194..cb2ceda 100644
> --- a/ipc/shm.c
> +++ b/ipc/shm.c
> @@ -1093,7 +1093,7 @@ long do_shmat(int shmid, char __user *shmaddr,
> int shmflg, ulong *raddr,
> shp = shm_obtain_object_check(ns, shmid);
> if (IS_ERR(shp)) {
> err = PTR_ERR(shp);
> - goto out;
> + goto out_unlock;
> }
>
> err = -EACCES;
>
>
>
>
> > git bisect start c1f631b9a68251007a6353041ae90f9f7dca771c
> > d03792f9db9b892f494d3aa19d767ddf0365d1ff --
> > git bisect good 10a3f1f902465ae1320cc95a3284fd3697e05dd8 # 11:14 65+
> > binfmt_elf.c: use get_random_int() to fix entropy depleting
> > git bisect bad dac28788378838efb63e37a7eabd7729d97aba6b # 11:32 0-
> > dcache: remove dentries from LRU before putting on dispose list
> > git bisect good 3140b2ed6dfe5c9e5eca371c77ca85dca05321d4 # 11:50 65+
> > ipc,shm: introduce shmctl_nolock
> > git bisect bad 48a91248649fa3327bd8a31c114ee9149a07f3a7 # 12:04 0-
> > staging/lustre/ldlm: convert to shrinkers to count/scan API
> > git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 12:14 65+
> > ipc,shm: cleanup do_shmat pasta
> > git bisect bad 36ccfd799cad33e2edd5c14ac8776b33e63d195b # 12:14 0-
> > ipc: rename ids->rw_mutex
> > git bisect bad c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2 # 12:14 0-
> > ipc,shm: shorten critical region for shmat
> > git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 15:34195+
> > ipc,shm: cleanup do_shmat pasta
> > git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 15:34 0-
> > Add linux-next specific files for 20130719
> > git bisect good 709b465ee655387c4ec056383fa27f16c64f48db # 18:21195+
> > Revert "ipc,shm: shorten critical region for shmat"
> > git bisect good d471ce53b1fab60110e4e9f647a345cea31752de # 18:44195+
> > Merge branch 'for-linus' of
> > git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
> > git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 18:44 0-
> > Add linux-next specific files for 20130719
> >
> > Thanks,
> > Fengguang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu wrote:
> Greetings,
>
> I got the below dmesg and the first bad commit is
>
> commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
> Author: Davidlohr Bueso
> Date: Fri Jul 19 09:56:58 2013 +1000
>
> ipc,shm: shorten critical region for shmat
>
> Similar to other system calls, acquire the kern_ipc_perm lock after doing
> the initial permission and security checks.
>
> Signed-off-by: Davidlohr Bueso
> Tested-by: Sedat Dilek
> Cc: Rik van Riel
> Cc: Manfred Spraul
> Signed-off-by: Andrew Morton
>
> [ 20.702156]
> [ 20.702493]
> [ 20.703511] [ BUG: lock held when returning to user space! ]
> [ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
> [ 20.705416]
> [ 20.706425] trinity-child0/174 is leaving the kernel with locks still held!
> [ 20.707638] 1 lock held by trinity-child0/174:
> [ 20.708475] #0: (rcu_read_lock){.+.+..}, at: []
> do_shmat+0xe1/0x500
>
ns = current->nsproxy->ipc_ns;
- shp = shm_lock_check(ns, shmid);
+ rcu_read_lock();
+ shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
goto out;
If shm_obtain_object_check() failed, goto out will return with
rcu_read_lock() held. I think following patch should cure this.
diff --git a/ipc/shm.c b/ipc/shm.c
index 59f2194..cb2ceda 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1093,7 +1093,7 @@ long do_shmat(int shmid, char __user *shmaddr,
int shmflg, ulong *raddr,
shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
- goto out;
+ goto out_unlock;
}
err = -EACCES;
> git bisect start c1f631b9a68251007a6353041ae90f9f7dca771c
> d03792f9db9b892f494d3aa19d767ddf0365d1ff --
> git bisect good 10a3f1f902465ae1320cc95a3284fd3697e05dd8 # 11:14 65+
> binfmt_elf.c: use get_random_int() to fix entropy depleting
> git bisect bad dac28788378838efb63e37a7eabd7729d97aba6b # 11:32 0-
> dcache: remove dentries from LRU before putting on dispose list
> git bisect good 3140b2ed6dfe5c9e5eca371c77ca85dca05321d4 # 11:50 65+
> ipc,shm: introduce shmctl_nolock
> git bisect bad 48a91248649fa3327bd8a31c114ee9149a07f3a7 # 12:04 0-
> staging/lustre/ldlm: convert to shrinkers to count/scan API
> git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 12:14 65+
> ipc,shm: cleanup do_shmat pasta
> git bisect bad 36ccfd799cad33e2edd5c14ac8776b33e63d195b # 12:14 0-
> ipc: rename ids->rw_mutex
> git bisect bad c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2 # 12:14 0-
> ipc,shm: shorten critical region for shmat
> git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 15:34195+
> ipc,shm: cleanup do_shmat pasta
> git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 15:34 0-
> Add linux-next specific files for 20130719
> git bisect good 709b465ee655387c4ec056383fa27f16c64f48db # 18:21195+
> Revert "ipc,shm: shorten critical region for shmat"
> git bisect good d471ce53b1fab60110e4e9f647a345cea31752de # 18:44195+
> Merge branch 'for-linus' of
> git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
> git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 18:44 0-
> Add linux-next specific files for 20130719
>
> Thanks,
> Fengguang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu fengguang...@intel.com wrote:
Greetings,
I got the below dmesg and the first bad commit is
commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
Author: Davidlohr Bueso davidlohr.bu...@hp.com
Date: Fri Jul 19 09:56:58 2013 +1000
ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after doing
the initial permission and security checks.
Signed-off-by: Davidlohr Bueso davidlohr.bu...@hp.com
Tested-by: Sedat Dilek sedat.di...@gmail.com
Cc: Rik van Riel r...@redhat.com
Cc: Manfred Spraul manf...@colorfullife.com
Signed-off-by: Andrew Morton a...@linux-foundation.org
[ 20.702156]
[ 20.702493]
[ 20.703511] [ BUG: lock held when returning to user space! ]
[ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
[ 20.705416]
[ 20.706425] trinity-child0/174 is leaving the kernel with locks still held!
[ 20.707638] 1 lock held by trinity-child0/174:
[ 20.708475] #0: (rcu_read_lock){.+.+..}, at: [814a8491]
do_shmat+0xe1/0x500
ns = current-nsproxy-ipc_ns;
- shp = shm_lock_check(ns, shmid);
+ rcu_read_lock();
+ shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
goto out;
If shm_obtain_object_check() failed, goto out will return with
rcu_read_lock() held. I think following patch should cure this.
diff --git a/ipc/shm.c b/ipc/shm.c
index 59f2194..cb2ceda 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1093,7 +1093,7 @@ long do_shmat(int shmid, char __user *shmaddr,
int shmflg, ulong *raddr,
shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
- goto out;
+ goto out_unlock;
}
err = -EACCES;
git bisect start c1f631b9a68251007a6353041ae90f9f7dca771c
d03792f9db9b892f494d3aa19d767ddf0365d1ff --
git bisect good 10a3f1f902465ae1320cc95a3284fd3697e05dd8 # 11:14 65+
binfmt_elf.c: use get_random_int() to fix entropy depleting
git bisect bad dac28788378838efb63e37a7eabd7729d97aba6b # 11:32 0-
dcache: remove dentries from LRU before putting on dispose list
git bisect good 3140b2ed6dfe5c9e5eca371c77ca85dca05321d4 # 11:50 65+
ipc,shm: introduce shmctl_nolock
git bisect bad 48a91248649fa3327bd8a31c114ee9149a07f3a7 # 12:04 0-
staging/lustre/ldlm: convert to shrinkers to count/scan API
git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 12:14 65+
ipc,shm: cleanup do_shmat pasta
git bisect bad 36ccfd799cad33e2edd5c14ac8776b33e63d195b # 12:14 0-
ipc: rename ids-rw_mutex
git bisect bad c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2 # 12:14 0-
ipc,shm: shorten critical region for shmat
git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 15:34195+
ipc,shm: cleanup do_shmat pasta
git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 15:34 0-
Add linux-next specific files for 20130719
git bisect good 709b465ee655387c4ec056383fa27f16c64f48db # 18:21195+
Revert ipc,shm: shorten critical region for shmat
git bisect good d471ce53b1fab60110e4e9f647a345cea31752de # 18:44195+
Merge branch 'for-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 18:44 0-
Add linux-next specific files for 20130719
Thanks,
Fengguang
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ipc,shm] BUG: lock held when returning to user space!
On Sun, 2013-07-21 at 00:02 +0800, Xiaotian Feng wrote:
On Sat, Jul 20, 2013 at 9:13 PM, Fengguang Wu fengguang...@intel.com wrote:
Greetings,
I got the below dmesg and the first bad commit is
commit c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2
Author: Davidlohr Bueso davidlohr.bu...@hp.com
Date: Fri Jul 19 09:56:58 2013 +1000
ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after
doing
the initial permission and security checks.
Signed-off-by: Davidlohr Bueso davidlohr.bu...@hp.com
Tested-by: Sedat Dilek sedat.di...@gmail.com
Cc: Rik van Riel r...@redhat.com
Cc: Manfred Spraul manf...@colorfullife.com
Signed-off-by: Andrew Morton a...@linux-foundation.org
[ 20.702156]
[ 20.702493]
[ 20.703511] [ BUG: lock held when returning to user space! ]
[ 20.704532] 3.11.0-rc1-next-20130719 #50 Not tainted
[ 20.705416]
[ 20.706425] trinity-child0/174 is leaving the kernel with locks still
held!
[ 20.707638] 1 lock held by trinity-child0/174:
[ 20.708475] #0: (rcu_read_lock){.+.+..}, at: [814a8491]
do_shmat+0xe1/0x500
ns = current-nsproxy-ipc_ns;
- shp = shm_lock_check(ns, shmid);
+ rcu_read_lock();
+ shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
goto out;
If shm_obtain_object_check() failed, goto out will return with
rcu_read_lock() held. I think following patch should cure this.
Yep that should solve it, sorry about that. Sasha Levin sent out a fix
for it yesterday (offline).
Thanks,
Davidlohr
diff --git a/ipc/shm.c b/ipc/shm.c
index 59f2194..cb2ceda 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1093,7 +1093,7 @@ long do_shmat(int shmid, char __user *shmaddr,
int shmflg, ulong *raddr,
shp = shm_obtain_object_check(ns, shmid);
if (IS_ERR(shp)) {
err = PTR_ERR(shp);
- goto out;
+ goto out_unlock;
}
err = -EACCES;
git bisect start c1f631b9a68251007a6353041ae90f9f7dca771c
d03792f9db9b892f494d3aa19d767ddf0365d1ff --
git bisect good 10a3f1f902465ae1320cc95a3284fd3697e05dd8 # 11:14 65+
binfmt_elf.c: use get_random_int() to fix entropy depleting
git bisect bad dac28788378838efb63e37a7eabd7729d97aba6b # 11:32 0-
dcache: remove dentries from LRU before putting on dispose list
git bisect good 3140b2ed6dfe5c9e5eca371c77ca85dca05321d4 # 11:50 65+
ipc,shm: introduce shmctl_nolock
git bisect bad 48a91248649fa3327bd8a31c114ee9149a07f3a7 # 12:04 0-
staging/lustre/ldlm: convert to shrinkers to count/scan API
git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 12:14 65+
ipc,shm: cleanup do_shmat pasta
git bisect bad 36ccfd799cad33e2edd5c14ac8776b33e63d195b # 12:14 0-
ipc: rename ids-rw_mutex
git bisect bad c5d0282a0405b0a81fa3390e4230e4cbb3ced7a2 # 12:14 0-
ipc,shm: shorten critical region for shmat
git bisect good 98b78126a51aa5d3ee6d5dae5768e0d16deeeaa3 # 15:34195+
ipc,shm: cleanup do_shmat pasta
git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 15:34 0-
Add linux-next specific files for 20130719
git bisect good 709b465ee655387c4ec056383fa27f16c64f48db # 18:21195+
Revert ipc,shm: shorten critical region for shmat
git bisect good d471ce53b1fab60110e4e9f647a345cea31752de # 18:44195+
Merge branch 'for-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
git bisect bad c1f631b9a68251007a6353041ae90f9f7dca771c # 18:44 0-
Add linux-next specific files for 20130719
Thanks,
Fengguang
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
