Re: [SSI-devel] semctl problem
Brought to you by:
brucewalker,
rogertsang
Menu
▾
▴
Re: [SSI-devel] semctl problem
|
From: Bharata B R. <bha...@hp...> - 2005-01-24 12:45:34
|
Kishore,
While your fix solves the problem I witnessed, I hit upon another
problem in the following code. This manifests as a hang.
ipc/sem.c: alloc_semundo()
1224 sma = sem_lock(semid);
1225 if (!sma) {
1226 kfree(un);
1227 return -EINVAL;
1228 }
1229 error = sem_revalidate(semid, sma, nsems, alter ? S_IWUGO :
S_IRUGO);
1230 if(error) {
1231 kfree(un);
1232 sem_unlock(sma);
1233 return error;
1234 }
Here after doing sem_lock(), sem_revalidate() is called which again
tries sem_lock() on the same semid. This causes hang.
Also if sem_revalidate() fails, it never returns with sem_lock held, so
it shoudn't be doing sem_unlock().
I think the above piece of code should look like this:
sma = sem_lock(semid);
if (!sma) {
kfree(un);
return -EINVAL;
}
sem_unlock(sma);
error = sem_revalidate(semid, sma, nsems, alter ? S_IWUGO : S_IRUGO);
if(error) {
kfree(un);
return error;
}
Regards,
Bharata.
On Mon, 2005-01-24 at 16:09, SAMPATHKUMAR KISHORE KANIYAR wrote:
> I have fixed the code in error which caused the panic that you reported.
>
> I have also fixed the other instance which can cause panic in
> sys_semctl() for the client-site invocation.
>
> I have added checks in freeundos() as well so that it does not scan
> through the undolist without checking if the list is NULL.
>
> The patch below contains those fixes. Bharata, can you verify if
> this fixes your problem? Laura, can you review my fix? I plan to
> check-in tomorrow.
>
> Regards,
> - Kishore
>
> > I observed a NULL pointer dereference in semctl code.
> >
> > Call Trace:
> > [<c010a6df>] show_stack+0x7f/0xa0
> > [<c010a88e>] show_registers+0x15e/0x210
> > [<c010abb3>] die+0x93/0x120
> > [<c0121336>] do_page_fault+0x2e6/0x688
> > [<c010a341>] error_code+0x2d/0x38
> > [<c01c0bfa>] sys_semctl+0x1da/0x350
> > [<c0111d16>] sys_ipc+0xd6/0x340
> > [<c0109819>] sysenter_past_esp+0x52/0x71
> >
> > This particular problem is due to accessing undo_list without checking
> > its validity (ipc/sem.c:semctl_down(), line no.1055)
> >
> > There are at least a couple of other places in the same file where the
> > semaphore undo structures list is accessed w/o checking for its validity
> > first.
> >
> > Should we correct all references to undo_list to check for NULL before
> > accessing the list ?
> >
> > Regards,
> > Bharata.
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > ssic-linux-devel mailing list
> > ssi...@li...
> > https://lists.sourceforge.net/lists/listinfo/ssic-linux-devel
> >
>
|