Commit 5ec371b7 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] ipc msg race fix

Backport this fix from 2.4
parent dd329e9e
...@@ -837,11 +837,20 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf *msgp, size_t msgsz, ...@@ -837,11 +837,20 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf *msgp, size_t msgsz,
msg_unlock(msq); msg_unlock(msq);
schedule(); schedule();
current->state = TASK_RUNNING;
/*
* The below optimisation is buggy. A sleeping thread that is
* woken up checks if it got a message and if so, copies it to
* userspace and just returns without taking any locks.
* But this return to user space can be faster than the message
* send, and if the receiver immediately exits the
* wake_up_process performed by the sender will oops.
*/
#if 0
msg = (struct msg_msg*) msr_d.r_msg; msg = (struct msg_msg*) msr_d.r_msg;
if(!IS_ERR(msg)) if(!IS_ERR(msg))
goto out_success; goto out_success;
#endif
msq = msg_lock(msqid); msq = msg_lock(msqid);
msg = (struct msg_msg*)msr_d.r_msg; msg = (struct msg_msg*)msr_d.r_msg;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment