a pointer in the idr, without
acquiring the object lock.
- The caller is responsible for locking.
- _check means that the sequence number is checked.
Signed-off-by: Manfred Spraul
Cc: Davidlohr Bueso
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 +-
ipc/util.c | 8
ipc/util.h | 2 +
If idr_alloc within ipc_idr_alloc fails, then the return value (-ENOSPC)
is used to calculate new->id.
Technically, this is not a bug, because new->id is never accessed.
But: Clean it up anyways: On error, just return, do not set new->id.
And improve the documentation.
Signed-off-by
-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 ++
ipc/util.c | 12 ++--
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 829c2062ded4..5bf5cb8017ea 100644
--- a/ipc
any issues in my tests.
--
Manfred
-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 ++
ipc/util.c | 12 ++--
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 829c2062ded4..5bf5cb8017ea 100644
--- a/ipc
any issues in my tests.
--
Manfred
=true may disappear at
the end of the next rcu grace period.
Signed-off-by: Manfred Spraul
Cc: Davidlohr Bueso
---
ipc/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipc/util.c b/ipc/util.c
index bbb1ce212a0d..8133f10832a9 100644
--- a/ipc/util.c
+++ b/ipc/util.c
=true may disappear at
the end of the next rcu grace period.
Signed-off-by: Manfred Spraul
Cc: Davidlohr Bueso
---
ipc/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipc/util.c b/ipc/util.c
index bbb1ce212a0d..8133f10832a9 100644
--- a/ipc/util.c
+++ b/ipc/util.c
not fullfill that, i.e. more bugfixes are required.
Reported-by: syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Cc: Michael Kerrisk
---
Documentation/sysctl/kernel.txt | 3 ++-
ipc/util.c
not fullfill that, i.e. more bugfixes are required.
Reported-by: syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Cc: Michael Kerrisk
---
Documentation/sysctl/kernel.txt | 3 ++-
ipc/util.c
Hi Dmitry,
On 07/05/2018 10:36 AM, Dmitry Vyukov wrote:
[...]
Hi Manfred,
The series looks like a significant improvement to me. Thanks!
I feel that this code can be further simplified (unless I am missing
something here). Please take a look at this version:
https://github.com/dvyukov/linux
Hi Dmitry,
On 07/05/2018 10:36 AM, Dmitry Vyukov wrote:
[...]
Hi Manfred,
The series looks like a significant improvement to me. Thanks!
I feel that this code can be further simplified (unless I am missing
something here). Please take a look at this version:
https://github.com/dvyukov/linux
-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 ++
ipc/util.c | 12 ++--
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 829c2062ded4..5bf5cb8017ea 100644
--- a/ipc
-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 ++
ipc/util.c | 12 ++--
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 829c2062ded4..5bf5cb8017ea 100644
--- a/ipc
not fullfill that, i.e. more bugfixes are required.
Reported-by: syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Cc: Michael Kerrisk
Signed-off-by: Manfred Spraul
---
Documentation/sysctl/kernel.txt | 3
=true may disappear at
the end of the next rcu grace period.
Signed-off-by: Manfred Spraul
---
ipc/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipc/util.c b/ipc/util.c
index 4f2db913acf9..776a9ce2905f 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -646,8 +646,8
a pointer in the idr, without
acquiring the object lock.
- The caller is responsible for locking.
- _check means that some checks are made.
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 +-
ipc/util.c | 6 +++---
ipc/util.h | 2 +-
5 files changed, 7 insert
not fullfill that, i.e. more bugfixes are required.
Reported-by: syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Cc: Michael Kerrisk
Signed-off-by: Manfred Spraul
---
Documentation/sysctl/kernel.txt | 3
=true may disappear at
the end of the next rcu grace period.
Signed-off-by: Manfred Spraul
---
ipc/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipc/util.c b/ipc/util.c
index 4f2db913acf9..776a9ce2905f 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -646,8 +646,8
a pointer in the idr, without
acquiring the object lock.
- The caller is responsible for locking.
- _check means that some checks are made.
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 2 +-
ipc/sem.c | 2 +-
ipc/shm.c | 2 +-
ipc/util.c | 6 +++---
ipc/util.h | 2 +-
5 files changed, 7 insert
that it does not check the sequence counter.
Signed-off-by: Manfred Spraul
---
ipc/shm.c | 4 ++--
ipc/util.c | 10 ++
ipc/util.h | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index 426ba1039a7b..cd8655c7bb77 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
that it does not check the sequence counter.
Signed-off-by: Manfred Spraul
---
ipc/shm.c | 4 ++--
ipc/util.c | 10 ++
ipc/util.h | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index 426ba1039a7b..cd8655c7bb77 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
of
syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com:
syzbot found an issue with kern_ipc_perm.seq
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 19 ++-
ipc/sem.c | 18 +-
ipc/shm.c
of
syzbot+2827ef6b3385deb07...@syzkaller.appspotmail.com:
syzbot found an issue with kern_ipc_perm.seq
Signed-off-by: Manfred Spraul
Cc: Dmitry Vyukov
Cc: Kees Cook
Cc: Davidlohr Bueso
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 19 ++-
ipc/sem.c | 18 +-
ipc/shm.c
ment-in-ipc_obtain_object_che
Comment correction from code review
The patches are lightly tested, especially I have not tested
the checkpoint/restore code or tested the failure cases.
--
Manfred
ment-in-ipc_obtain_object_che
Comment correction from code review
The patches are lightly tested, especially I have not tested
the checkpoint/restore code or tested the failure cases.
--
Manfred
Hello Dmitry,
On 07/04/2018 12:03 PM, Dmitry Vyukov wrote:
On Wed, Jul 4, 2018 at 11:18 AM, Manfred Spraul
wrote:
There are 2 relevant values: kern_ipc_perm.id and kern_ipc_perm.seq.
For kern_ipc_perm.id, it is possible to move the access to the codepath that
hold the lock
Hello Dmitry,
On 07/04/2018 12:03 PM, Dmitry Vyukov wrote:
On Wed, Jul 4, 2018 at 11:18 AM, Manfred Spraul
wrote:
There are 2 relevant values: kern_ipc_perm.id and kern_ipc_perm.seq.
For kern_ipc_perm.id, it is possible to move the access to the codepath that
hold the lock
The ipc code uses the equivalent of
rcu_read_lock();
kfree_rcu(a, rcu);
if (a->deleted) {
rcu_read_unlock();
return FAILURE;
}
<...>
Is this safe, or is dereferencing "a" after having called call_rcu()
a use-after-free?
The ipc code uses the equivalent of
rcu_read_lock();
kfree_rcu(a, rcu);
if (a->deleted) {
rcu_read_unlock();
return FAILURE;
}
<...>
Is this safe, or is dereferencing "a" after having called call_rcu()
a use-after-free?
the newly created object has
temporarily sequence number 0 as well.
--
Manfred
>From 4791e604dcb618ed7ea1f42b2f6ca9cfe3c113c3 Mon Sep 17 00:00:00 2001
From: Manfred Spraul
Date: Wed, 4 Jul 2018 10:04:49 +0200
Subject: [PATCH] ipc: fix races with kern_ipc_perm.id and .seq
ipc_addid(
the newly created object has
temporarily sequence number 0 as well.
--
Manfred
>From 4791e604dcb618ed7ea1f42b2f6ca9cfe3c113c3 Mon Sep 17 00:00:00 2001
From: Manfred Spraul
Date: Wed, 4 Jul 2018 10:04:49 +0200
Subject: [PATCH] ipc: fix races with kern_ipc_perm.id and .seq
ipc_addid(
re than ~8 processes on a 40 core box) in a non
trivial way. For more processes it doesn't matter. We can confirm that
the
case for threads is irrelevant. While I'm not happy about the 30%
regression
I guess we can live with this.
Manfred, any thoughts?
Bugfixing has always first priority
re than ~8 processes on a 40 core box) in a non
trivial way. For more processes it doesn't matter. We can confirm that
the
case for threads is irrelevant. While I'm not happy about the 30%
regression
I guess we can live with this.
Manfred, any thoughts?
Bugfixing has always first priority
Hello Mathew,
On 03/29/2018 12:56 PM, Matthew Wilcox wrote:
On Thu, Mar 29, 2018 at 10:47:45AM +0200, Manfred Spraul wrote:
This can be implemented trivially with the current code
using idr_alloc_cyclic.
Is there a performance impact?
Right now, the idr tree is only large if there are lots
Hello Mathew,
On 03/29/2018 12:56 PM, Matthew Wilcox wrote:
On Thu, Mar 29, 2018 at 10:47:45AM +0200, Manfred Spraul wrote:
This can be implemented trivially with the current code
using idr_alloc_cyclic.
Is there a performance impact?
Right now, the idr tree is only large if there are lots
Hello together,
On 03/29/2018 04:14 AM, Davidlohr Bueso wrote:
Cc'ing mtk, Manfred and linux-api.
See below.
On Thu, 15 Mar 2018, Waiman Long wrote:
On 03/15/2018 03:00 PM, Eric W. Biederman wrote:
Waiman Long <long...@redhat.com> writes:
On 03/14/2018 08:49 PM, Eric W. Biederman
Hello together,
On 03/29/2018 04:14 AM, Davidlohr Bueso wrote:
Cc'ing mtk, Manfred and linux-api.
See below.
On Thu, 15 Mar 2018, Waiman Long wrote:
On 03/15/2018 03:00 PM, Eric W. Biederman wrote:
Waiman Long writes:
On 03/14/2018 08:49 PM, Eric W. Biederman wrote:
The define IPCMNI
rmance.
To solve this, we simply remove the double-check, which is a paranoia
check anyways.
The modification was intensively tested on i.MX6 with linux-4.1, Winbond
W29N04GV and Micron MT29F4G08ABADAH4.
Signed-off-by: Manfred Schlaegl <manfred.schla...@ginzinger.com>
---
drivers/mtd/nand/
rmance.
To solve this, we simply remove the double-check, which is a paranoia
check anyways.
The modification was intensively tested on i.MX6 with linux-4.1, Winbond
W29N04GV and Micron MT29F4G08ABADAH4.
Signed-off-by: Manfred Schlaegl
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c | 9 +
1 f
D_ONCE(*p); \
I don't see how ___p1 could be used uninitialized. Perhaps a compiler issue?
--
Manfred
D_ONCE(*p); \
I don't see how ___p1 could be used uninitialized. Perhaps a compiler issue?
--
Manfred
.
Unfortunately, I don't have any reproducer for this bug yet.
Is one of the recent issues reproducible?
Either something is wrong with the faster ipc_get, or the improved
ipc_get makes issues in other areas visible.
--
Manfred
.
Unfortunately, I don't have any reproducer for this bug yet.
Is one of the recent issues reproducible?
Either something is wrong with the faster ipc_get, or the improved
ipc_get makes issues in other areas visible.
--
Manfred
introduced. The changelog is really modest on information or
intention but I suspect this just got overlooked during review. SHM_STAT
has always been about read permission and it is explicitly documented
that way.
Are you sure that this patch changed the behavior?
The proc interface is much older.
--
Manfred
introduced. The changelog is really modest on information or
intention but I suspect this just got overlooked during review. SHM_STAT
has always been about read permission and it is explicitly documented
that way.
Are you sure that this patch changed the behavior?
The proc interface is much older.
--
Manfred
Hi,
On 12/01/2017 06:20 PM, Davidlohr Bueso wrote:
On Thu, 30 Nov 2017, Philippe Mikoyan wrote:
As described in the title, this patch fixes id_ds inconsistency
when ctl_stat runs concurrently with some ds-changing function,
e.g. shmat, msgsnd or whatever.
For instance, if shmctl(IPC_STAT) is
Hi,
On 12/01/2017 06:20 PM, Davidlohr Bueso wrote:
On Thu, 30 Nov 2017, Philippe Mikoyan wrote:
As described in the title, this patch fixes id_ds inconsistency
when ctl_stat runs concurrently with some ds-changing function,
e.g. shmat, msgsnd or whatever.
For instance, if shmctl(IPC_STAT) is
wrote:
* Manfred Spraul <manf...@colorfullife.com> wrote:
Hi Ingo,
On 07/07/2017 10:31 AM, Ingo Molnar wrote:
There's another, probably just as significant advantage:
queued_spin_unlock_wait()
is 'read-only', while spin_lock()+spin_unlock() dirties the lock cache line. On
any b
Hi Alan,
On 07/08/2017 06:21 PM, Alan Stern wrote:
Pardon me for barging in, but I found this whole interchange extremely
confusing...
On Sat, 8 Jul 2017, Ingo Molnar wrote:
* Paul E. McKenney wrote:
On Sat, Jul 08, 2017 at 10:35:43AM +0200, Ingo Molnar wrote:
* Manfred Spraul wrote
()/spin_unlock().
--
Manfred
()/spin_unlock().
--
Manfred
Hi Paul,
On 07/06/2017 01:31 AM, Paul E. McKenney wrote:
From: Manfred Spraul <manf...@colorfullife.com>
As we want to remove spin_unlock_wait() and replace it with explicit
spin_lock()/spin_unlock() calls, we can use this to simplify the
locking.
In addition:
- Reading nf_conntrack_loc
Hi Paul,
On 07/06/2017 01:31 AM, Paul E. McKenney wrote:
From: Manfred Spraul
As we want to remove spin_unlock_wait() and replace it with explicit
spin_lock()/spin_unlock() calls, we can use this to simplify the
locking.
In addition:
- Reading nf_conntrack_locks_all needs ACQUIRE memory
can test this?
semop() has a very short hotpath.
Either with aim9.shared_memory.ops_per_sec or
#sem-scalebench -t 10 -m 0
https://github.com/manfred-colorfu/ipcscale/blob/master/sem-scalebench.cpp
--
Manfred
>From b549e0281b66124b62aa94543f91b0e616abaf52 Mon Sep 17 00:00:00 2001
From: Manf
can test this?
semop() has a very short hotpath.
Either with aim9.shared_memory.ops_per_sec or
#sem-scalebench -t 10 -m 0
https://github.com/manfred-colorfu/ipcscale/blob/master/sem-scalebench.cpp
--
Manfred
>From b549e0281b66124b62aa94543f91b0e616abaf52 Mon Sep 17 00:00:00 2001
From: Manf
On 07/03/2017 07:14 PM, Paul E. McKenney wrote:
On Mon, Jul 03, 2017 at 10:39:49AM -0400, Alan Stern wrote:
On Sat, 1 Jul 2017, Manfred Spraul wrote:
As we want to remove spin_unlock_wait() and replace it with explicit
spin_lock()/spin_unlock() calls, we can use this to simplify the
locking
On 07/03/2017 07:14 PM, Paul E. McKenney wrote:
On Mon, Jul 03, 2017 at 10:39:49AM -0400, Alan Stern wrote:
On Sat, 1 Jul 2017, Manfred Spraul wrote:
As we want to remove spin_unlock_wait() and replace it with explicit
spin_lock()/spin_unlock() calls, we can use this to simplify the
locking
immediately by spin_unlock().
This should be safe from a performance perspective because exit_sem()
is rarely invoked in production.
Signed-off-by: Paul E. McKenney <paul...@linux.vnet.ibm.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Davidlohr Bueso <d...@stgolabs.net>
immediately by spin_unlock().
This should be safe from a performance perspective because exit_sem()
is rarely invoked in production.
Signed-off-by: Paul E. McKenney
Cc: Andrew Morton
Cc: Davidlohr Bueso
Cc: Manfred Spraul
Cc: Will Deacon
Cc: Peter Zijlstra
Cc: Alan Stern
Cc: Andrea Parri
for large arrays
- alloc undo
--
Manfred
for large arrays
- alloc undo
--
Manfred
ounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshet...@intel.com>
Signed-off-by: Hans Liljestrand <ishkam...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: David Windsor <dwind...@gmail.com>
M
to use-after-free
situations.
Signed-off-by: Elena Reshetova
Signed-off-by: Hans Liljestrand
Signed-off-by: Kees Cook
Signed-off-by: David Windsor
Manfred, is this okay by you? I think this should go via -mm...
The patch is ok, the refcounters are not in the critical path.
I'll try to test
Hi Kees,
On 05/25/2017 09:45 PM, Kees Cook wrote:
On Thu, May 25, 2017 at 11:50 AM, Manfred Spraul
<manf...@colorfullife.com> wrote:
Hi all,
Updated series. The series got longer, because I merged all patches
from Kees.
Main changes are:
- sems[] instead of sem[0].
- Immediate
Hi Kees,
On 05/25/2017 09:45 PM, Kees Cook wrote:
On Thu, May 25, 2017 at 11:50 AM, Manfred Spraul
wrote:
Hi all,
Updated series. The series got longer, because I merged all patches
from Kees.
Main changes are:
- sems[] instead of sem[0].
- Immediately use BUILD_BUG_ON()
- Immediately move
c code analysis.
- This is a cast between different non-void types, which the future
randstruct GCC plugin warns on.
And, as bonus, the code size gets smaller:
Before:
0 .text 3770
After:
0 .text 374e
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
i
c code analysis.
- This is a cast between different non-void types, which the future
randstruct GCC plugin warns on.
And, as bonus, the code size gets smaller:
Before:
0 .text 3770
After:
0 .text 374e
Signed-off-by: Manfred Spraul
---
include/linux/sem.
() was not
successful
@Andrew: Could you add them again to your tree?
@Michael:
Should we update man semctl(2)?
Several years ago, I did a review and found that sem_ctime is only
for Coherent the time of the last change...
http://calculix-rpm.sourceforge.net/sysvsem.html
--
Manfred
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/sem.c | 8 +---
ipc/util.c | 27 +++
ipc/util.h | 6 --
3 files changed, 8 insertions(+), 33 deletions(-)
diff --git a/ipc/sem.c b/ipc/sem.c
index bdff6d9..484ccf8 100644
--- a/ipc/sem.c
+++
The only users of ipc_alloc() were ipc_rcu_alloc() and the on-heap
sem_io fall-back memory. Better to just open-code these to make things
easier to read.
Signed-off-by: Kees Cook
[manf...@colorfullife.com: Rediff due to inclusion of memset() into
ipc_rcu_alloc().]
Signed-off-by: Manfred Spraul
() was not
successful
@Andrew: Could you add them again to your tree?
@Michael:
Should we update man semctl(2)?
Several years ago, I did a review and found that sem_ctime is only
for Coherent the time of the last change...
http://calculix-rpm.sourceforge.net/sysvsem.html
--
Manfred
that there is
a comment in include/linux/sem.h and man semctl(2) as well.
So: Correct wrong comments.
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
Cc: linux-...@vger.kernel.org
---
include/linux/sem.h | 2 +-
include/uapi/linux/sem.h | 2 +-
2 files changed, 2 insertions
that there is
a comment in include/linux/sem.h and man semctl(2) as well.
So: Correct wrong comments.
Signed-off-by: Manfred Spraul
Cc: linux-...@vger.kernel.org
---
include/linux/sem.h | 2 +-
include/uapi/linux/sem.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
;
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/shm.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index 2eb85bd..77e1bff 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -172,6 +172,11 @@ static inline void shm_lock_by_ptr(s
From: Kees Cook
Avoid using ipc_rcu_free, since it just re-finds the original structure
pointer. For the pre-list-init failure path, there is no RCU needed,
since it was just allocated. It can be directly freed.
Signed-off-by: Kees Cook
Signed-off-by: Manfred Spraul
---
ipc/shm.c | 9
;
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/msg.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 0ed7dae..25d43e2 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -95,13 +95,18 @@ static inline void msg_rmid(struct
From: Kees Cook
Avoid using ipc_rcu_free, since it just re-finds the original structure
pointer. For the pre-list-init failure path, there is no RCU needed,
since it was just allocated. It can be directly freed.
Signed-off-by: Kees Cook
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 9
From: Kees Cook <keesc...@chromium.org>
There are no more callers of ipc_rcu_free(), so remove it.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/util.c | 7 ---
ipc/util.h | 1 -
2 files changed, 8 deleti
From: Kees Cook
There are no more callers of ipc_rcu_free(), so remove it.
Signed-off-by: Kees Cook
Signed-off-by: Manfred Spraul
---
ipc/util.c | 7 ---
ipc/util.h | 1 -
2 files changed, 8 deletions(-)
diff --git a/ipc/util.c b/ipc/util.c
index dd73feb..556884b 100644
--- a/ipc/util.c
ed-off-by: Manfred Spraul <manf...@colorfullife.com>
Cc: Kees Cook <keesc...@chromium.org>
---
ipc/sem.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ipc/sem.c b/ipc/sem.c
index 445a5b5..2b2ed56 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -479,7 +479,
Loosely based on a patch from Kees Cook :
- id and retval can be merged
- if ipc_addid() fails, then use call_rcu() directly.
The difference is that call_rcu is used for failed ipc_addid() calls,
to continue to guaranteed an rcu delay for security_sem_free().
Signed-off-by: Manfred Spraul
Cc
delay for
security_sem_free().
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
Cc: Kees Cook <keesc...@chromium.org>
---
ipc/shm.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index c9f1f30..cb1d97e 100644
--- a/ipc/shm.c
+++ b/i
-off-by: Manfred Spraul
Cc: Kees Cook
---
ipc/shm.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index c9f1f30..cb1d97e 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -548,7 +548,6 @@ static int newseg(struct ipc_namespace *ns, struct
ipc_params
From: Kees Cook <keesc...@chromium.org>
Only after ipc_addid() has succeeded will refcounting be used, so
move initialization into ipc_addid() and remove from open-coded
*_alloc() routines.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Manfred Spraul <manf...@c
omium.org>
[manf...@colorfullife.com: Rediff, because the memset was
temporarily inside ipc_rcu_alloc()]
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/sem.c | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/ipc/sem.c b/ipc/s
From: Kees Cook
Only after ipc_addid() has succeeded will refcounting be used, so
move initialization into ipc_addid() and remove from open-coded
*_alloc() routines.
Signed-off-by: Kees Cook
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 2 --
ipc/sem.c | 1 -
ipc/shm.c | 2 --
ipc/util.c
the memset was
temporarily inside ipc_rcu_alloc()]
Signed-off-by: Manfred Spraul
---
ipc/sem.c | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/ipc/sem.c b/ipc/sem.c
index a04c4d6..445a5b5 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -451,6 +451,25 @@ static
From: Kees Cook <keesc...@chromium.org>
No callers remain for ipc_rcu_alloc(). Drop the function.
Signed-off-by: Kees Cook <keesc...@chromium.org>
[manf...@colorfullife.com: Rediff because the memset was
temporarily inside ipc_rcu_free()]
Signed-off-by: Manfred Spraul <manf...@c
From: Kees Cook
No callers remain for ipc_rcu_alloc(). Drop the function.
Signed-off-by: Kees Cook
[manf...@colorfullife.com: Rediff because the memset was
temporarily inside ipc_rcu_free()]
Signed-off-by: Manfred Spraul
---
ipc/util.c | 21 -
ipc/util.h | 3 ---
2
;
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/sem.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ipc/sem.c b/ipc/sem.c
index 484ccf8..a04c4d6 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -258,13 +258,18 @@ static void merge_queues(str
From: Kees Cook
Avoid using ipc_rcu_free, since it just re-finds the original structure
pointer. For the pre-list-init failure path, there is no RCU needed,
since it was just allocated. It can be directly freed.
Signed-off-by: Kees Cook
Signed-off-by: Manfred Spraul
---
ipc/sem.c | 9
Now that ipc_rcu_alloc() and ipc_rcu_free() are removed,
document when it is valid to use ipc_getref() and ipc_putref().
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/util.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipc/util.h b/ipc/util.h
index 77336c2b..c
_queue_alloc()]
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/msg.c | 24
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 770342e..5b25e07 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -95,29 +95,13 @@ static inline vo
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
Cc: Kees Cook <keesc...@chromium.org>
---
ipc/msg.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 10094a7..cd90bfd 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -132,7 +132,
a successful security_shm_alloc()]
Signed-off-by: Manfred Spraul <manf...@colorfullife.com>
---
ipc/shm.c | 24
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index b85db5a..ec5688e 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -172,1
From: Kees Cook
There is nothing special about the msg_alloc/free routines any more,
so remove them to make code more readable.
Signed-off-by: Kees Cook
[manf...@colorfullife.com: Rediff to keep rcu protection for
security_msg_queue_alloc()]
Signed-off-by: Manfred Spraul
---
ipc/msg.c | 24
Loosely based on a patch from Kees Cook :
- id and retval can be merged
- if ipc_addid() fails, then use call_rcu() directly.
The difference is that call_rcu is used for failed ipc_addid() calls,
to continue to guaranteed an rcu delay for security_msg_queue_free().
Signed-off-by: Manfred Spraul
From: Kees Cook
There is nothing special about the shm_alloc/free routines any more,
so remove them to make code more readable.
Signed-off-by: Kees Cook
[manf...@colorfullife.com: Rediff, to continue to keep rcu for
free calls after a successful security_shm_alloc()]
Signed-off-by: Manfred
Now that ipc_rcu_alloc() and ipc_rcu_free() are removed,
document when it is valid to use ipc_getref() and ipc_putref().
Signed-off-by: Manfred Spraul
---
ipc/util.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipc/util.h b/ipc/util.h
index 77336c2b..c692010 100644
--- a/ipc/util.h
101 - 200 of 1478 matches
Mail list logo