Re: [PATCH v3] ipc/mqueue: Avoid relying on a stack reference past its expiry

From: Manfred Spraul
Date: Sat May 08 2021 - 15:25:47 EST

Next message: Sheng li Hung: "RE"
Previous message: Al Viro: "Re: [PATCH RFC 1/3] fs: introduce helper d_path_fast()"
Next in thread: Davidlohr Bueso: "Re: [PATCH v3] ipc/mqueue: Avoid relying on a stack reference past its expiry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Varad,

On 5/7/21 3:38 PM, Varad Gautam wrote:

@@ -1005,11 +1022,9 @@ static inline void __pipelined_op(struct wake_q_head *wake_q,
struct ext_wait_queue *this)
{
list_del(&this->list);
- get_task_struct(this->task);
-
+ wake_q_add(wake_q, this->task);
/* see MQ_BARRIER for purpose/pairing */
smp_store_release(&this->state, STATE_READY);
- wake_q_add_safe(wake_q, this->task);
}
/* pipelined_send() - send a message directly to the task waiting in

First, I was too fast: I had assumed that wake_q_add() before smp_store_release() would be a potential lost wakeup.

As __pipelined_op() is called within spin_lock(&info->lock), and as wq_sleep() will reread this->state after acquiring spin_lock(&info->lock), I do not see a bug anymore.

But I don't like the change: Why should ipc/*.c differ from kernel/futex.c?

--

Manfred

Next message: Sheng li Hung: "RE"
Previous message: Al Viro: "Re: [PATCH RFC 1/3] fs: introduce helper d_path_fast()"
Next in thread: Davidlohr Bueso: "Re: [PATCH v3] ipc/mqueue: Avoid relying on a stack reference past its expiry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]