lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20120302164234.4938.38390934@jp.panasonic.com>
Date:	Fri, 02 Mar 2012 16:42:35 +0900
From:	Akira Takeuchi <takeuchi.akr@...panasonic.com>
To:	linux-kernel@...r.kernel.org
Cc:	torvalds@...ux-foundation.org
Subject: [REGRESSION][PATCH] mqueue: Ignore the validity of abs_timeout parameter when message can be performed immediately

This patch fixes up the regression problem of mq_timed{send,receive} syscall.

When a message of mqueue can be performed immediately,
the validity of abs_timeout parameter should not be checked.

According to the manpage of mq_timedreceive:
    Under no circumstance shall the operation fail with a timeout
    if a message can be removed from the message queue immediately.
    The validity of the abstime parameter need not be checked
    if a message can be removed from the message queue immediately.

On 2.6.35+ kernel, mq_timed{send,receive} returns EINVAL incorrectly,
in this situation.

I found this problem during the OPTS testcase
"conformance/interfaces/mq_timedreceive/10-2":

    # ./10-2.test
    FAIL: the validity of abs_timeout is checked
    Test FAILED

Signed-off-by: Akira Takeuchi <takeuchi.akr@...panasonic.com>
Signed-off-by: Kiyoshi Owada <owada.kiyoshi@...panasonic.com>
---
 ipc/mqueue.c |   31 +++++++++++++++++++++++++++----
 1 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 86ee272..7cd4411 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -861,14 +861,22 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
 	struct msg_msg *msg_ptr;
 	struct mqueue_inode_info *info;
 	ktime_t expires, *timeout = NULL;
+	int timeout_param_error = 0;
 	struct timespec ts;
 	int ret;
 
 	if (u_abs_timeout) {
 		int res = prepare_timeout(u_abs_timeout, &expires, &ts);
 		if (res)
-			return res;
-		timeout = &expires;
+			/*
+			 * The validity of the abs_timeout parameter need not be
+			 * checked when there is sufficient room in the queue.
+			 * So, do not return here, even if the parameter is
+			 * invalid.
+			 */
+			timeout_param_error = res;
+		else
+			timeout = &expires;
 	}
 
 	if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX))
@@ -916,6 +924,9 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
 		if (filp->f_flags & O_NONBLOCK) {
 			spin_unlock(&info->lock);
 			ret = -EAGAIN;
+		} else if (unlikely(timeout_param_error)) {
+			spin_unlock(&info->lock);
+			ret = timeout_param_error;
 		} else {
 			wait.task = current;
 			wait.msg = (void *) msg_ptr;
@@ -955,13 +966,21 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
 	struct mqueue_inode_info *info;
 	struct ext_wait_queue wait;
 	ktime_t expires, *timeout = NULL;
+	int timeout_param_error = 0;
 	struct timespec ts;
 
 	if (u_abs_timeout) {
 		int res = prepare_timeout(u_abs_timeout, &expires, &ts);
 		if (res)
-			return res;
-		timeout = &expires;
+			/*
+			 * The validity of the abs_timeout parameter need not be
+			 * checked if a message can be removed from the message
+			 * queue immediately. So, do not return here, even if
+			 * the parameter is invalid.
+			 */
+			timeout_param_error = res;
+		else
+			timeout = &expires;
 	}
 
 	audit_mq_sendrecv(mqdes, msg_len, 0, timeout ? &ts : NULL);
@@ -996,6 +1015,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
 		if (filp->f_flags & O_NONBLOCK) {
 			spin_unlock(&info->lock);
 			ret = -EAGAIN;
+		} else if (unlikely(timeout_param_error)) {
+			spin_unlock(&info->lock);
+			ret = timeout_param_error;
+			msg_ptr = NULL; /* just for shutting up warning */
 		} else {
 			wait.task = current;
 			wait.state = STATE_NONE;
-- 
1.7.4.1


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ