Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp4721918pxv; Tue, 6 Jul 2021 07:40:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUL2YyQ7LXcacSz23KhWAO9HQUpwv6FW+lBIqg44uPG76By/XKf6TBnn9fhzxQkWr4AVeU X-Received: by 2002:aa7:dd53:: with SMTP id o19mr24020817edw.259.1625582433049; Tue, 06 Jul 2021 07:40:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625582433; cv=none; d=google.com; s=arc-20160816; b=UfkN0Iu9CCBLeSBqzp8smRRnhoCjChxwajuYi9snMgXHME2wnJi4krXuQZHN97Fhql /XCHISrIXsVe4vmgOyAD020+9MAM9h7+F73L+5Mjh9me66KOZW9vduHxgnCGLTwbg3KX EqLJ3L705//NMswx7E0Yc4z2K8jx6Ifg1Sc7zTz/a81YeKg0d93Wt2NLYGcxWS/yU3IH 7VB8iF35RA8oiDnoAUnqgaqAO9EVmpWuOPVJ2eBDHfDJ1XgQrgCB4R8D28qiwUwwgHfm +yP8+zr9OPAbWbTbqQwWxlHUyBgc6dKZKs9zuIvKX0SPH526V2+L0Lg27nCzsQLIaYo/ Zm3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=VWq52QzJY61Hg9Lh5zyzVxOv+TLoT34Qy5rgyEf6fBM=; b=Wc1q/00WfoThBxjDhmaSWh70rbKBOKzjWC1nRoKlkL/HtV24z9n8s24CiAPy0D3p6t nVto8zvimN9PhJNhDk6ExM0CdNlQ2Wexc8UqoKEcYq/p1ToXE5vRwa+96Uv1fMHrgzKB BY8piIQY+FuGSZ8EZZcJKLObIMH6tWqC3LLDmFF0LliRRwUL0sHnH0rnCYU1g82iOM3i 0805qIZ4z7nhGGn00bIpnufMpGH+M+ELCrtx4DZ3/vuxvLHMJEYA0ZCNg0Zg3vQwVnot TMyccjDtOMkhqlPBEP+69j6zfR11QPS9CFAGA9nf7jzGl8AXW5FSklfU+ugi0YO66DCT KXmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=rIBCGOsc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id he38si6664521ejc.598.2021.07.06.07.40.08; Tue, 06 Jul 2021 07:40:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=rIBCGOsc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232105AbhGFNnJ (ORCPT + 99 others); Tue, 6 Jul 2021 09:43:09 -0400 Received: from relay.sw.ru ([185.231.240.75]:36034 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232091AbhGFNnJ (ORCPT ); Tue, 6 Jul 2021 09:43:09 -0400 X-Greylist: delayed 1040 seconds by postgrey-1.27 at vger.kernel.org; Tue, 06 Jul 2021 09:43:08 EDT DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=MIME-Version:Message-Id:Date:Subject:From: Content-Type; bh=VWq52QzJY61Hg9Lh5zyzVxOv+TLoT34Qy5rgyEf6fBM=; b=rIBCGOscqGai 6TZr5OCxVKA+hHIhc2cNNUErPv6ci+RjRRySAd3Fhw+CWOgxRXN5ZMkvm6WpdLxdrzf43QQ62Uofr HN1tr12wQef21oCK+9MCg7ct661hHvpq97fxuXSaRh2+7IOnxw3qQFOf0S18lxQP38DwPRhPn27c1 fWJDs=; Received: from [192.168.15.247] (helo=mikhalitsyn-laptop.sw.ru) by relay.sw.ru with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1m0l2Y-0034RU-T2; Tue, 06 Jul 2021 16:23:06 +0300 From: Alexander Mikhalitsyn To: linux-kernel@vger.kernel.org Cc: Alexander Mikhalitsyn , Andrew Morton , Milton Miller , Jack Miller , Pavel Tikhomirov , Alexander Mikhalitsyn Subject: [PATCH 0/2] shm: omit forced shm destroy if task IPC namespace was changed Date: Tue, 6 Jul 2021 16:22:57 +0300 Message-Id: <20210706132259.71740-1-alexander.mikhalitsyn@virtuozzo.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, Task IPC namespace shm's has shm_rmid_forced feature which is per IPC namespace and controlled by kernel.shm_rmid_forced sysctl. When feature is turned on, then during task exit (and unshare(CLONE_NEWIPC)) all sysvshm's will be destroyed by exit_shm(struct task_struct *task) function. But there is a problem if task was changed IPC namespace since shmget() call. In such situation exit_shm() function will try to call shm_destroy(, ) which leads to the situation when sysvshm object still attached to old IPC namespace but freed; later during old IPC namespace cleanup we will try to free such sysvshm object for the second time and will get the problem :) First patch solves this problem by postponing shm_destroy to the moment when IPC namespace cleanup will be called. Second patch is useful to prevent (or easy catch) such bugs in the future by adding corresponding WARNings. Regards, Alex Cc: Andrew Morton Cc: Milton Miller Cc: Jack Miller Cc: Pavel Tikhomirov Cc: Alexander Mikhalitsyn Alexander Mikhalitsyn (2): shm: skip shm_destroy if task IPC namespace was changed ipc: WARN if trying to remove ipc object which is absent ipc/shm.c | 10 +++++++++- ipc/util.c | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) -- 2.31.1