According to 'man msgrcv':
"If msgtyp is less than 0, the first message of the lowest type that is less
than or equal to the absolute value of msgtyp shall be received."
Bug: The kernel only returns a message if its type is 1; other messages with
type < abs(msgtype) will never get returned.
Fix: After having traversed the list to find the first message with the
lowest type, we need to actually return that message.
Signed-off-by: Svenning Soerensen <[email protected]>
diff --git a/ipc/msg.c b/ipc/msg.c
index bd60d7e..9f29d9e 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -839,7 +839,7 @@ static inline void free_copy(struct msg_msg *copy)
static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
{
- struct msg_msg *msg;
+ struct msg_msg *msg, *found = NULL;
long count = 0;
list_for_each_entry(msg, &msq->q_messages, m_list) {
@@ -848,6 +848,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
*msgtyp, mode)) {
if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
*msgtyp = msg->m_type - 1;
+ found = msg;
} else if (mode == SEARCH_NUMBER) {
if (*msgtyp == count)
return msg;
@@ -857,7 +858,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
}
}
- return ERR_PTR(-EAGAIN);
+ return found ?: ERR_PTR(-EAGAIN);
}
long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg,
On 08/24/2013 07:44 AM, Svenning Sørensen wrote:
> According to 'man msgrcv':
> "If msgtyp is less than 0, the first message of the lowest type that is less
> than or equal to the absolute value of msgtyp shall be received."
>
> Bug: The kernel only returns a message if its type is 1; other messages with
> type < abs(msgtype) will never get returned.
>
> Fix: After having traversed the list to find the first message with the
> lowest type, we need to actually return that message.
Sorry for the breakage. Needs to go to -stable as well.
Reviewed-by: Peter Hurley <[email protected]>
On Sat, 24 Aug 2013 13:44:49 +0200 Svenning S__rensen <[email protected]> wrote:
> According to 'man msgrcv':
> "If msgtyp is less than 0, the first message of the lowest type that is less
> than or equal to the absolute value of msgtyp shall be received."
>
> Bug: The kernel only returns a message if its type is 1; other messages with
> type < abs(msgtype) will never get returned.
>
> Fix: After having traversed the list to find the first message with the
> lowest type, we need to actually return that message.
>
> Signed-off-by: Svenning Soerensen <[email protected]>
>
> diff --git a/ipc/msg.c b/ipc/msg.c
> index bd60d7e..9f29d9e 100644
> --- a/ipc/msg.c
> +++ b/ipc/msg.c
> @@ -839,7 +839,7 @@ static inline void free_copy(struct msg_msg *copy)
>
> static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> {
> - struct msg_msg *msg;
> + struct msg_msg *msg, *found = NULL;
> long count = 0;
>
> list_for_each_entry(msg, &msq->q_messages, m_list) {
> @@ -848,6 +848,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> *msgtyp, mode)) {
> if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
> *msgtyp = msg->m_type - 1;
> + found = msg;
Should we continue the search in this case, or should the code
immediately return this message?
> } else if (mode == SEARCH_NUMBER) {
> if (*msgtyp == count)
> return msg;
> @@ -857,7 +858,7 @@ static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
> }
> }
>
> - return ERR_PTR(-EAGAIN);
> + return found ?: ERR_PTR(-EAGAIN);
> }
>
> long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg,
On Sat, 24 Aug 2013 08:49:25 -0400 Peter Hurley <[email protected]> wrote:
> On 08/24/2013 07:44 AM, Svenning S__rensen wrote:
> > According to 'man msgrcv':
> > "If msgtyp is less than 0, the first message of the lowest type that is less
> > than or equal to the absolute value of msgtyp shall be received."
> >
> > Bug: The kernel only returns a message if its type is 1; other messages with
> > type < abs(msgtype) will never get returned.
> >
> > Fix: After having traversed the list to find the first message with the
> > lowest type, we need to actually return that message.
>
> Sorry for the breakage. Needs to go to -stable as well.
Do you know which commit caused the regression? That would help those
who wish to fix up their kernels.
> Reviewed-by: Peter Hurley <[email protected]>
>
On 08/26/2013 04:42 PM, Andrew Morton wrote:
> On Sat, 24 Aug 2013 08:49:25 -0400 Peter Hurley <[email protected]> wrote:
>
>> On 08/24/2013 07:44 AM, Svenning S__rensen wrote:
>>> According to 'man msgrcv':
>>> "If msgtyp is less than 0, the first message of the lowest type that is less
>>> than or equal to the absolute value of msgtyp shall be received."
>>>
>>> Bug: The kernel only returns a message if its type is 1; other messages with
>>> type < abs(msgtype) will never get returned.
>>>
>>> Fix: After having traversed the list to find the first message with the
>>> lowest type, we need to actually return that message.
>>
>> Sorry for the breakage. Needs to go to -stable as well.
>
> Do you know which commit caused the regression? That would help those
> who wish to fix up their kernels.
Commit daaf74cf0867e3042090d56d10b194d6265b4684,
ipc: refactor msg list search into separate function
introduced this regression.
Regards,
Peter Hurley
>> Reviewed-by: Peter Hurley <[email protected]>
>>