From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06402C07E96 for ; Tue, 6 Jul 2021 13:40:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DD8FA619D4 for ; Tue, 6 Jul 2021 13:40:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232111AbhGFNnL (ORCPT ); Tue, 6 Jul 2021 09:43:11 -0400 Received: from relay.sw.ru ([185.231.240.75]:36034 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232091AbhGFNnJ (ORCPT ); Tue, 6 Jul 2021 09:43:09 -0400 X-Greylist: delayed 1040 seconds by postgrey-1.27 at vger.kernel.org; Tue, 06 Jul 2021 09:43:08 EDT DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=MIME-Version:Message-Id:Date:Subject:From: Content-Type; bh=VWq52QzJY61Hg9Lh5zyzVxOv+TLoT34Qy5rgyEf6fBM=; b=rIBCGOscqGai 6TZr5OCxVKA+hHIhc2cNNUErPv6ci+RjRRySAd3Fhw+CWOgxRXN5ZMkvm6WpdLxdrzf43QQ62Uofr HN1tr12wQef21oCK+9MCg7ct661hHvpq97fxuXSaRh2+7IOnxw3qQFOf0S18lxQP38DwPRhPn27c1 fWJDs=; Received: from [192.168.15.247] (helo=mikhalitsyn-laptop.sw.ru) by relay.sw.ru with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1m0l2Y-0034RU-T2; Tue, 06 Jul 2021 16:23:06 +0300 From: Alexander Mikhalitsyn To: linux-kernel@vger.kernel.org Cc: Alexander Mikhalitsyn , Andrew Morton , Milton Miller , Jack Miller , Pavel Tikhomirov , Alexander Mikhalitsyn Subject: [PATCH 0/2] shm: omit forced shm destroy if task IPC namespace was changed Date: Tue, 6 Jul 2021 16:22:57 +0300 Message-Id: <20210706132259.71740-1-alexander.mikhalitsyn@virtuozzo.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, Task IPC namespace shm's has shm_rmid_forced feature which is per IPC namespace and controlled by kernel.shm_rmid_forced sysctl. When feature is turned on, then during task exit (and unshare(CLONE_NEWIPC)) all sysvshm's will be destroyed by exit_shm(struct task_struct *task) function. But there is a problem if task was changed IPC namespace since shmget() call. In such situation exit_shm() function will try to call shm_destroy(, ) which leads to the situation when sysvshm object still attached to old IPC namespace but freed; later during old IPC namespace cleanup we will try to free such sysvshm object for the second time and will get the problem :) First patch solves this problem by postponing shm_destroy to the moment when IPC namespace cleanup will be called. Second patch is useful to prevent (or easy catch) such bugs in the future by adding corresponding WARNings. Regards, Alex Cc: Andrew Morton Cc: Milton Miller Cc: Jack Miller Cc: Pavel Tikhomirov Cc: Alexander Mikhalitsyn Alexander Mikhalitsyn (2): shm: skip shm_destroy if task IPC namespace was changed ipc: WARN if trying to remove ipc object which is absent ipc/shm.c | 10 +++++++++- ipc/util.c | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) -- 2.31.1