• Vasily Averin's avatar
    ipc/util.c: sysvipc_find_ipc() incorrectly updates position index · 15e0db6e
    Vasily Averin authored
    [ Upstream commit 5e698222 ]
    
    Commit 89163f93 ("ipc/util.c: sysvipc_find_ipc() should increase
    position index") is causing this bug (seen on 5.6.8):
    
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
    
       # ipcmk -Q
       Message queue id: 0
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
       0x82db8127 0          root       644        0            0
    
       # ipcmk -Q
       Message queue id: 1
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
       0x82db8127 0          root       644        0            0
       0x76d1fb2a 1          root       644        0            0
    
       # ipcrm -q 0
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
       0x76d1fb2a 1          root       644        0            0
       0x76d1fb2a 1          root       644        0            0
    
       # ipcmk -Q
       Message queue id: 2
       # ipcrm -q 2
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
       0x76d1fb2a 1          root       644        0            0
       0x76d1fb2a 1          root       644        0            0
    
       # ipcmk -Q
       Message queue id: 3
       # ipcrm -q 1
       # ipcs -q
    
       ------ Message Queues --------
       key        msqid      owner      perms      used-bytes   messages
       0x7c982867 3          root       644        0            0
       0x7c982867 3          root       644        0            0
       0x7c982867 3          root       644        0            0
       0x7c982867 3          root       644        0            0
    
    Whenever an IPC item with a low id is deleted, the items with higher ids
    are duplicated, as if filling a hole.
    
    new_pos should jump through hole of unused ids, pos can be updated
    inside "for" cycle.
    
    Fixes: 89163f93 ("ipc/util.c: sysvipc_find_ipc() should increase position index")
    Reported-by: default avatarAndreas Schwab <schwab@suse.de>
    Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
    Signed-off-by: default avatarVasily Averin <vvs@virtuozzo.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Acked-by: default avatarWaiman Long <longman@redhat.com>
    Cc: NeilBrown <neilb@suse.com>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Peter Oberparleiter <oberpar@linux.ibm.com>
    Cc: Davidlohr Bueso <dave@stgolabs.net>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Cc: <stable@vger.kernel.org>
    Link: http://lkml.kernel.org/r/4921fe9b-9385-a2b4-1dc4-1099be6d2e39@virtuozzo.comSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    15e0db6e
util.c 22.1 KB