Re: [PATCH] ipc/util.c: sysvipc_find_ipc() incorrectly updates position index

[Vasily Averin]

Dear Andrew,
could you please handle it,
it fixes broken ipcs in last mainline and stable kernels,
and on all its derivatives.

Thank you,
	Vasily Averin

On 5/6/20 6:59 PM, Waiman Long wrote:
> On 5/6/20 2:25 AM, Vasily Averin wrote:
>> new_pos should jump through hole of unused ids,
>> pos can be updated inside "for" cycle.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Fixes: 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase position index")
>> Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
>> ---
>> Â ipc/util.c | 12 ++++++------
>> Â 1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/ipc/util.c b/ipc/util.c
>> index 7acccfd..cfa0045 100644
>> --- a/ipc/util.c
>> +++ b/ipc/util.c
>> @@ -764,21 +764,21 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos,
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ total++;
>> ÂÂÂÂÂ }
>> Â -ÂÂÂ *new_pos = pos + 1;
>> +ÂÂÂ ipc = NULL;
>> ÂÂÂÂÂ if (total >= ids->in_use)
>> -ÂÂÂÂÂÂÂ return NULL;
>> +ÂÂÂÂÂÂÂ goto out;
>> Â ÂÂÂÂÂ for (; pos < ipc_mni; pos++) {
>> ÂÂÂÂÂÂÂÂÂ ipc = idr_find(&ids->ipcs_idr, pos);
>> ÂÂÂÂÂÂÂÂÂ if (ipc != NULL) {
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ rcu_read_lock();
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ ipc_lock_object(ipc);
>> -ÂÂÂÂÂÂÂÂÂÂÂ return ipc;
>> +ÂÂÂÂÂÂÂÂÂÂÂ break;
>> ÂÂÂÂÂÂÂÂÂ }
>> ÂÂÂÂÂ }
>> -
>> -ÂÂÂ /* Out of range - return NULL to terminate iteration */
>> -ÂÂÂ return NULL;
>> +out:
>> +ÂÂÂ *new_pos = pos + 1;
>> +ÂÂÂ return ipc;
>> Â }
>> Â Â static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos)
> 
> Acked-by: Waiman Long <longman@xxxxxxxxxx>
>