Re: [S+Q 01/16] [PATCH] ipc/sem.c: Bugfix for semop() not reportingsuccessful operation
From: Andrew Morton
Date: Wed Jun 30 2010 - 15:51:42 EST
On Wed, 30 Jun 2010 21:38:43 +0200
Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> wrote:
> Hi Andrew,
>
> On 06/29/2010 09:08 PM, Andrew Morton wrote:
> > On Tue, 29 Jun 2010 10:42:42 -0500 (CDT)
> > Christoph Lameter<cl@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >
> >> This is a patch from Manfred. Required to make 2.6.35-rc3 work.
> >>
> >>
> > My current version of the patch is below.
> >
> > I believe that Luca has still seen problems with this patch applied so
> > its current status is "stuck, awaiting developments".
> >
> > Is that a correct determination?
> >
>
> I would propose that you forward a patch to Linus - either the one you
> have in your tree or the v2 that I've just posted.
OK, I added the incremental change:
--- a/ipc/sem.c~ipc-semc-bugfix-for-semop-not-reporting-successful-operation-update
+++ a/ipc/sem.c
@@ -1440,7 +1440,14 @@ SYSCALL_DEFINE4(semtimedop, int, semid,
if (error != -EINTR) {
/* fast path: update_queue already obtained all requested
- * resources */
+ * resources.
+ * Perform a smp_mb(): User space could assume that semop()
+ * is a memory barrier: Without the mb(), the cpu could
+ * speculatively read in user space stale data that was
+ * overwritten by the previous owner of the semaphore.
+ */
+ smp_mb();
+
goto out_free;
}
_
> With stock 2.6.35-rc3, my semtimedop() stress tests produces an oops or
> an invalid return value (i.e.:semtimedop() returns with "1") within a
> fraction of a second.
>
> With either of the patches applied, my test apps show the expected behavior.
OK, I'll queue it up.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/