mirror of
				https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
				synced 2025-10-25 13:41:08 +00:00 
			
		
		
		
	 380af1b33b
			
		
	
	
		380af1b33b
		
	
	
	
	
		
			
			The attached patch: - reverses the locking order of ulp->lock and sem_lock: Previously, it was first ulp->lock, then inside sem_lock. Now it's the other way around. - converts the undo structure to rcu. Benefits: - With the old locking order, IPC_RMID could not kfree the undo structures. The stale entries remained in the linked lists and were released later. - The patch fixes a a race in semtimedop(): if both IPC_RMID and a semget() that recreates exactly the same id happen between find_alloc_undo() and sem_lock, then semtimedop() would access already kfree'd memory. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Manfred Spraul <manfred@colorfullife.com> Reviewed-by: Nadia Derbey <Nadia.Derbey@bull.net> Cc: Pierre Peiffer <peifferp@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
		
			
				
	
	
		
			160 lines
		
	
	
		
			4.9 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			160 lines
		
	
	
		
			4.9 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #ifndef _LINUX_SEM_H
 | |
| #define _LINUX_SEM_H
 | |
| 
 | |
| #include <linux/ipc.h>
 | |
| 
 | |
| /* semop flags */
 | |
| #define SEM_UNDO        0x1000  /* undo the operation on exit */
 | |
| 
 | |
| /* semctl Command Definitions. */
 | |
| #define GETPID  11       /* get sempid */
 | |
| #define GETVAL  12       /* get semval */
 | |
| #define GETALL  13       /* get all semval's */
 | |
| #define GETNCNT 14       /* get semncnt */
 | |
| #define GETZCNT 15       /* get semzcnt */
 | |
| #define SETVAL  16       /* set semval */
 | |
| #define SETALL  17       /* set all semval's */
 | |
| 
 | |
| /* ipcs ctl cmds */
 | |
| #define SEM_STAT 18
 | |
| #define SEM_INFO 19
 | |
| 
 | |
| /* Obsolete, used only for backwards compatibility and libc5 compiles */
 | |
| struct semid_ds {
 | |
| 	struct ipc_perm	sem_perm;		/* permissions .. see ipc.h */
 | |
| 	__kernel_time_t	sem_otime;		/* last semop time */
 | |
| 	__kernel_time_t	sem_ctime;		/* last change time */
 | |
| 	struct sem	*sem_base;		/* ptr to first semaphore in array */
 | |
| 	struct sem_queue *sem_pending;		/* pending operations to be processed */
 | |
| 	struct sem_queue **sem_pending_last;	/* last pending operation */
 | |
| 	struct sem_undo	*undo;			/* undo requests on this array */
 | |
| 	unsigned short	sem_nsems;		/* no. of semaphores in array */
 | |
| };
 | |
| 
 | |
| /* Include the definition of semid64_ds */
 | |
| #include <asm/sembuf.h>
 | |
| 
 | |
| /* semop system calls takes an array of these. */
 | |
| struct sembuf {
 | |
| 	unsigned short  sem_num;	/* semaphore index in array */
 | |
| 	short		sem_op;		/* semaphore operation */
 | |
| 	short		sem_flg;	/* operation flags */
 | |
| };
 | |
| 
 | |
| /* arg for semctl system calls. */
 | |
| union semun {
 | |
| 	int val;			/* value for SETVAL */
 | |
| 	struct semid_ds __user *buf;	/* buffer for IPC_STAT & IPC_SET */
 | |
| 	unsigned short __user *array;	/* array for GETALL & SETALL */
 | |
| 	struct seminfo __user *__buf;	/* buffer for IPC_INFO */
 | |
| 	void __user *__pad;
 | |
| };
 | |
| 
 | |
| struct  seminfo {
 | |
| 	int semmap;
 | |
| 	int semmni;
 | |
| 	int semmns;
 | |
| 	int semmnu;
 | |
| 	int semmsl;
 | |
| 	int semopm;
 | |
| 	int semume;
 | |
| 	int semusz;
 | |
| 	int semvmx;
 | |
| 	int semaem;
 | |
| };
 | |
| 
 | |
| #define SEMMNI  128             /* <= IPCMNI  max # of semaphore identifiers */
 | |
| #define SEMMSL  250             /* <= 8 000 max num of semaphores per id */
 | |
| #define SEMMNS  (SEMMNI*SEMMSL) /* <= INT_MAX max # of semaphores in system */
 | |
| #define SEMOPM  32	        /* <= 1 000 max num of ops per semop call */
 | |
| #define SEMVMX  32767           /* <= 32767 semaphore maximum value */
 | |
| #define SEMAEM  SEMVMX          /* adjust on exit max value */
 | |
| 
 | |
| /* unused */
 | |
| #define SEMUME  SEMOPM          /* max num of undo entries per process */
 | |
| #define SEMMNU  SEMMNS          /* num of undo structures system wide */
 | |
| #define SEMMAP  SEMMNS          /* # of entries in semaphore map */
 | |
| #define SEMUSZ  20		/* sizeof struct sem_undo */
 | |
| 
 | |
| #ifdef __KERNEL__
 | |
| #include <asm/atomic.h>
 | |
| #include <linux/rcupdate.h>
 | |
| 
 | |
| struct task_struct;
 | |
| 
 | |
| /* One semaphore structure for each semaphore in the system. */
 | |
| struct sem {
 | |
| 	int	semval;		/* current value */
 | |
| 	int	sempid;		/* pid of last operation */
 | |
| };
 | |
| 
 | |
| /* One sem_array data structure for each set of semaphores in the system. */
 | |
| struct sem_array {
 | |
| 	struct kern_ipc_perm	sem_perm;	/* permissions .. see ipc.h */
 | |
| 	time_t			sem_otime;	/* last semop time */
 | |
| 	time_t			sem_ctime;	/* last change time */
 | |
| 	struct sem		*sem_base;	/* ptr to first semaphore in array */
 | |
| 	struct list_head	sem_pending;	/* pending operations to be processed */
 | |
| 	struct list_head	list_id;	/* undo requests on this array */
 | |
| 	unsigned long		sem_nsems;	/* no. of semaphores in array */
 | |
| };
 | |
| 
 | |
| /* One queue for each sleeping process in the system. */
 | |
| struct sem_queue {
 | |
| 	struct list_head	list;	 /* queue of pending operations */
 | |
| 	struct task_struct	*sleeper; /* this process */
 | |
| 	struct sem_undo		*undo;	 /* undo structure */
 | |
| 	int    			pid;	 /* process id of requesting process */
 | |
| 	int    			status;	 /* completion status of operation */
 | |
| 	struct sembuf		*sops;	 /* array of pending operations */
 | |
| 	int			nsops;	 /* number of operations */
 | |
| 	int			alter;   /* does the operation alter the array? */
 | |
| };
 | |
| 
 | |
| /* Each task has a list of undo requests. They are executed automatically
 | |
|  * when the process exits.
 | |
|  */
 | |
| struct sem_undo {
 | |
| 	struct list_head	list_proc;	/* per-process list: all undos from one process. */
 | |
| 						/* rcu protected */
 | |
| 	struct rcu_head		rcu;		/* rcu struct for sem_undo() */
 | |
| 	struct sem_undo_list	*ulp;		/* sem_undo_list for the process */
 | |
| 	struct list_head	list_id;	/* per semaphore array list: all undos for one array */
 | |
| 	int			semid;		/* semaphore set identifier */
 | |
| 	short *			semadj;		/* array of adjustments, one per semaphore */
 | |
| };
 | |
| 
 | |
| /* sem_undo_list controls shared access to the list of sem_undo structures
 | |
|  * that may be shared among all a CLONE_SYSVSEM task group.
 | |
|  */ 
 | |
| struct sem_undo_list {
 | |
| 	atomic_t		refcnt;
 | |
| 	spinlock_t		lock;
 | |
| 	struct list_head	list_proc;
 | |
| };
 | |
| 
 | |
| struct sysv_sem {
 | |
| 	struct sem_undo_list *undo_list;
 | |
| };
 | |
| 
 | |
| #ifdef CONFIG_SYSVIPC
 | |
| 
 | |
| extern int copy_semundo(unsigned long clone_flags, struct task_struct *tsk);
 | |
| extern void exit_sem(struct task_struct *tsk);
 | |
| 
 | |
| #else
 | |
| static inline int copy_semundo(unsigned long clone_flags, struct task_struct *tsk)
 | |
| {
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| static inline void exit_sem(struct task_struct *tsk)
 | |
| {
 | |
| 	return;
 | |
| }
 | |
| #endif
 | |
| 
 | |
| #endif /* __KERNEL__ */
 | |
| 
 | |
| #endif /* _LINUX_SEM_H */
 |