| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 May 2014 13:27:35 -0700
From: Davidlohr Bueso <davidlohr@...com>
To: manfred@...orfullife.com, akpm@...ux-foundation.org
Cc: davidlohr@...com, aswin@...com, linux-kernel@...r.kernel.org
Subject: [PATCH 3/5] ipc,msg: always respect MSG_NOERROR
When specifying the MSG_NOERROR flag, receivers can avoid returning
error (E2BIG) and just truncate the message text, if it is too large.
Currently, this logic is only respected when there are already pending
messages in the queue. Fix this for the case when there are only
receivers waiting for a msg to be sent. In order for this to work, save
the flags in the msg_receiver struct as it must be used later when
doing the pipeline send.
Also do some pipeline_send() cleanups while at it.
Signed-off-by: Davidlohr Bueso <davidlohr@...com>
---
ipc/msg.c | 65 +++++++++++++++++++++++++++++++++++----------------------------
1 file changed, 36 insertions(+), 29 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 6d33e30..c2cdb5b 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -50,6 +50,7 @@ struct msg_receiver {
struct task_struct *r_tsk;
int r_mode;
+ int r_msgflg;
long r_msgtype;
long r_maxsize;
@@ -562,42 +563,47 @@ static int testmsg(struct msg_msg *msg, long type, int mode)
return 0;
}
-static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg)
+static inline bool pipelined_send(struct msg_queue *msq, struct msg_msg *msg)
{
struct msg_receiver *msr, *t;
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) {
- if (testmsg(msg, msr->r_msgtype, msr->r_mode) &&
- !security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
- msr->r_msgtype, msr->r_mode)) {
-
- list_del(&msr->r_list);
- if (msr->r_maxsize < msg->m_ts) {
- /* initialize pipelined send ordering */
- msr->r_msg = NULL;
- wake_up_process(msr->r_tsk);
- smp_mb(); /* see barrier comment below */
- msr->r_msg = ERR_PTR(-E2BIG);
- } else {
- msr->r_msg = NULL;
- msq->q_lrpid = task_pid_vnr(msr->r_tsk);
- msq->q_rtime = get_seconds();
- wake_up_process(msr->r_tsk);
- /*
- * Ensure that the wakeup is visible before
- * setting r_msg, as the receiving end depends
- * on it. See lockless receive part 1 and 2 in
- * do_msgrcv().
- */
- smp_mb();
- msr->r_msg = msg;
-
- return 1;
- }
+ if (!testmsg(msg, msr->r_msgtype, msr->r_mode))
+ continue;
+ if (security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
+ msr->r_msgtype, msr->r_mode))
+ continue;
+
+ /* found a suitable receiver, time to dequeue and wake */
+ list_del(&msr->r_list);
+
+ /* initialize pipelined send ordering */
+ msr->r_msg = NULL;
+
+ if (msr->r_maxsize < msg->m_ts &&
+ !(msr->r_msgflg & MSG_NOERROR)) {
+ wake_up_process(msr->r_tsk);
+ smp_mb(); /* see barrier comment below */
+ msr->r_msg = ERR_PTR(-E2BIG);
+ } else {
+ msq->q_lrpid = task_pid_vnr(msr->r_tsk);
+ msq->q_rtime = get_seconds();
+ wake_up_process(msr->r_tsk);
+
+ /*
+ * Ensure that the wakeup is visible before
+ * setting r_msg, as the receiving end depends
+ * on it. See lockless receive part 1 and 2 in
+ * do_msgrcv().
+ */
+ smp_mb();
+ msr->r_msg = msg;
+
+ return true;
}
}
- return 0;
+ return false; /* no receivers on the other side */
}
long do_msgsnd(int msqid, long mtype, void __user *mtext,
@@ -901,6 +907,7 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgfl
list_add_tail(&msr_d.r_list, &msq->q_receivers);
msr_d.r_tsk = current;
msr_d.r_msgtype = msgtyp;
+ msr_d.r_msgflg = msgflg;
msr_d.r_mode = mode;
if (msgflg & MSG_NOERROR)
msr_d.r_maxsize = INT_MAX;
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists