| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1469748819-19484-5-git-send-email-dave@stgolabs.net>
Date: Thu, 28 Jul 2016 16:33:38 -0700
From: Davidlohr Bueso <dave@...olabs.net>
To: akpm@...ux-foundation.org
Cc: manfred@...orfullife.com, bigeasy@...utronix.de,
peterz@...radead.org, tglx@...utronix.de, dave@...olabs.net,
linux-kernel@...r.kernel.org, Davidlohr Bueso <dbueso@...e.de>
Subject: [PATCH 4/5] ipc/msg: Lockless security checks for msgsnd
Just as with msgrcv (along with the rest of sysvipc since a few
years ago), perform the security checks without holding the ipc
object lock. This also reduces the hogging of the lock for the
entire duration of a sender, as we drop the lock upon every
iteration -- and this is exactly why we also check for racing
with RMID in the first place.
Signed-off-by: Davidlohr Bueso <dbueso@...e.de>
---
ipc/msg.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 5181259e2ff0..fe793304dddb 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -623,14 +623,14 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock1;
}
- ipc_lock_object(&msq->q_perm);
-
for (;;) {
struct msg_sender s;
err = -EACCES;
if (ipcperms(ns, &msq->q_perm, S_IWUGO))
- goto out_unlock0;
+ goto out_unlock1;
+
+ ipc_lock_object(&msq->q_perm);
/* raced with RMID? */
if (!ipc_valid_object(&msq->q_perm)) {
@@ -681,6 +681,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock0;
}
+ ipc_unlock_object(&msq->q_perm);
}
msq->q_lspid = task_tgid_vnr(current);
msq->q_stime = get_seconds();
--
2.6.6
Powered by blists - more mailing lists