Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp693360ybj; Thu, 7 May 2020 05:34:29 -0700 (PDT) X-Google-Smtp-Source: APiQypK4dJ/SaJ8CZqoQJNw2TOxCF1JB7gkNkRooPhV3k6kjSJqEyKP94DcOKJlqhBZDdSHGI7Zi X-Received: by 2002:aa7:de0b:: with SMTP id h11mr11759128edv.133.1588854869533; Thu, 07 May 2020 05:34:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588854869; cv=none; d=google.com; s=arc-20160816; b=YPyIPK9f9K9t3b51qbxmaTPMhIht37ba/LxGztohEE1SOeOxK2V5TDE6PJnFOMsyb9 bs8Vt0P6OnGln8cMoW/pSumn+zTIR1G3ug35FhRjKrb+GoTNRbmBbJoaz9HompqqJYAD lllxPuQ0Aty2hX3+AU5e8sW2bJ/eleHtjbO360PBQ+9RdP7uzU6+R6w9OUXnHY6jh7Q2 f0KPhkOefnY262jTxV+KdmRl/5ywP6EZSZiQ/JXQGlMhmA4X38FRXli/2ZBKMa0ZA13z X3bidS3dLiseA415X89vdXmHhZKkD7UckpgNFVWKuxJ4I9vHNvxsn3llFBzZFZhOKvAU k1tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=TaPIgCkFt25QjKFyARFhKNC4ESm4mgDgqpaN6fqp1nI=; b=MSqH+L1L82PepbHrYGhbGNxtewZ0x7A/rB3Aw3vQw+RyCQBKCWVaQWutuf2ZZP+BmE smCPQZI3Vvt0f60EvA4y4qyTGMf/HigbChKRP/jOXayax08cXkv06J9KcKp3anav8K7b o15Teo/Ek2zmin5+el0mSKxgB708CjljwykgClP21nC1tvj3hVSRwYX9h6/mIUnjJ+0z 84XBdmMqwqfD2oh/RftKry+x6coUi4rFc5Hql1Z0FZZaL9vYt7lrYfXF4vCEBIk85GxM j2yC3v5QWstrmt0STS4Bm3n/vSJkPh6FwuYGCEjVVSfeHxCA73MHDLe/Mo5fL1u/ohHb DGvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g15si3123709eds.159.2020.05.07.05.34.04; Thu, 07 May 2020 05:34:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726470AbgEGM3z (ORCPT + 99 others); Thu, 7 May 2020 08:29:55 -0400 Received: from relay.sw.ru ([185.231.240.75]:45614 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725923AbgEGM3z (ORCPT ); Thu, 7 May 2020 08:29:55 -0400 Received: from vvs-ws.sw.ru ([172.16.24.21]) by relay.sw.ru with esmtp (Exim 4.92.3) (envelope-from ) id 1jWfek-0004GV-RM; Thu, 07 May 2020 15:29:38 +0300 Subject: Re: [PATCH] ipc/util.c: sysvipc_find_ipc() incorrectly updates position index To: Andrew Morton Cc: Waiman Long , linux-kernel@vger.kernel.org, Andreas Schwab References: <4921fe9b-9385-a2b4-1dc4-1099be6d2e39@virtuozzo.com> <8e04d756-29f5-9aff-2f0b-61663ecff649@redhat.com> From: Vasily Averin Message-ID: <5b1a3ac4-13f5-9a54-d62c-a1010d96056b@virtuozzo.com> Date: Thu, 7 May 2020 15:29:37 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <8e04d756-29f5-9aff-2f0b-61663ecff649@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dear Andrew, could you please handle it, it fixes broken ipcs in last mainline and stable kernels, and on all its derivatives. Thank you, Vasily Averin On 5/6/20 6:59 PM, Waiman Long wrote: > On 5/6/20 2:25 AM, Vasily Averin wrote: >> new_pos should jump through hole of unused ids, >> pos can be updated inside "for" cycle. >> >> Cc: stable@vger.kernel.org >> Fixes: 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase position index") >> Signed-off-by: Vasily Averin >> --- >>   ipc/util.c | 12 ++++++------ >>   1 file changed, 6 insertions(+), 6 deletions(-) >> >> diff --git a/ipc/util.c b/ipc/util.c >> index 7acccfd..cfa0045 100644 >> --- a/ipc/util.c >> +++ b/ipc/util.c >> @@ -764,21 +764,21 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, >>               total++; >>       } >>   -    *new_pos = pos + 1; >> +    ipc = NULL; >>       if (total >= ids->in_use) >> -        return NULL; >> +        goto out; >>         for (; pos < ipc_mni; pos++) { >>           ipc = idr_find(&ids->ipcs_idr, pos); >>           if (ipc != NULL) { >>               rcu_read_lock(); >>               ipc_lock_object(ipc); >> -            return ipc; >> +            break; >>           } >>       } >> - >> -    /* Out of range - return NULL to terminate iteration */ >> -    return NULL; >> +out: >> +    *new_pos = pos + 1; >> +    return ipc; >>   } >>     static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) > > Acked-by: Waiman Long >