Re: Linux - Patch to shmat

From: Christoph Rohland (cr@sap.com)
Date: Sat Dec 08 2001 - 04:53:57 EST


Hi Marcelo and Linus,

On Fri, 7 Dec 2001, David Egolf wrote:
> We put your patch on a dual processor IA32 machine. It correctly
> ran our prior test which did not employ threads. We also designed a
> test which was meant to stress the gating by attempting overlapped
> virtual mappings from ten different threads on the same process. We
> detected no problems with the patch as everything ran with correct
> status.

David Egolf and his colleages from Bull noticed that a pretty crucial
test was dropped by me when redesigning SYSV shm and tmpfs. If you
give an address to shmat it no longer checks if there is already a
mapping and happily maps it unconditionally at the given address. This
should only happen with the SHM_REMAP flag.

The appended patch reintroduces the necessary checks.

Please apply
                Christoph

--- 2.4.16/ipc/shm.c Sun Oct 28 16:59:03 2001
+++ m2.4.16/ipc/shm.c Sat Dec 8 10:35:17 2001
@@ -569,6 +569,7 @@
 {
         struct shmid_kernel *shp;
         unsigned long addr;
+ unsigned long size;
         struct file * file;
         int err;
         unsigned long flags;
@@ -588,8 +589,12 @@
                                 return -EINVAL;
                 }
                 flags = MAP_SHARED | MAP_FIXED;
- } else
+ } else {
+ if ((shmflg & SHM_REMAP))
+ return -EINVAL;
+
                 flags = MAP_SHARED;
+ }
 
         if (shmflg & SHM_RDONLY) {
                 prot = PROT_READ;
@@ -603,7 +608,7 @@
 
         /*
          * We cannot rely on the fs check since SYSV IPC does have an
- * aditional creator id...
+ * additional creator id...
          */
         shp = shm_lock(shmid);
         if(shp == NULL)
@@ -618,11 +623,27 @@
                 return -EACCES;
         }
         file = shp->shm_file;
+ size = file->f_dentry->d_inode->i_size;
         shp->shm_nattch++;
         shm_unlock(shmid);
 
         down_write(&current->mm->mmap_sem);
- user_addr = (void *) do_mmap (file, addr, file->f_dentry->d_inode->i_size, prot, flags, 0);
+ if (addr && !(shmflg & SHM_REMAP)) {
+ user_addr = ERR_PTR(-EINVAL);
+ if (find_vma_intersection(current->mm, addr, addr + size))
+ goto invalid;
+ /*
+ * If shm segment goes below stack, make sure there is some
+ * space left for the stack to grow (at least 4 pages).
+ */
+ if (addr < current->mm->start_stack &&
+ addr > current->mm->start_stack - size - PAGE_SIZE * 5)
+ goto invalid;
+ }
+
+ user_addr = (void*) do_mmap (file, addr, size, prot, flags, 0);
+
+invalid:
         up_write(&current->mm->mmap_sem);
 
         down (&shm_ids.sem);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Dec 15 2001 - 21:00:12 EST