Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Do not merge]fs/mqueue/mq_check.c: group level error check for mq operations #6570

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ritesh55555
Copy link
Contributor

This commit creates an api mq_check() for mqueue module. This api will check the mq descriptor value in the mq des list of the calling task's group. This will help to remove unwanted error in mq_send and mq_receive apis.

@@ -150,6 +150,11 @@ ssize_t mq_receive(mqd_t mqdes, FAR char *msg, size_t msglen, FAR int *prio)
return ERROR;
}

if (mq_check(mqdes) != OK) {
leave_cancellation_point();
return ERROR;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before ERROR return, we should set proper errno.

 * Return Value:
 *   One success, the length of the selected message in bytes is returned.
 *   On failure, -1 (ERROR) is returned and the errno is set appropriately:
 *
 *   EAGAIN   The queue was empty, and the O_NONBLOCK flag was set
 *            for the message queue description referred to by 'mqdes'.
 *   EPERM    Message queue opened not opened for reading.
 *   EMSGSIZE 'msglen' was less than the maxmsgsize attribute of the
 *            message queue.
 *   EINTR    The call was interrupted by a signal handler.
 *   EINVAL   Invalid 'msg' or 'mqdes'

@@ -154,6 +154,11 @@ int mq_send(mqd_t mqdes, FAR const char *msg, size_t msglen, int prio)
return ERROR;
}

if (mq_check(mqdes) != OK) {
leave_cancellation_point();
return ERROR;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as previous

@sunghan-chang
Copy link
Contributor

@ritesh55555 @kishore-sn I thought when we close or unlink a mq, if we get wrong or invalid mqdes or mqname, it could corrupt mq inode. If we use invalid mqdes for mq send and receive, is it possible to be corrupted?

@sunghan-chang
Copy link
Contributor

@ritesh55555 @kishore-sn I want to check whether this improves stability even it causes performance degradation by checking single queue every send and receive or not.

os/kernel/mqueue/mq_receive.c Outdated Show resolved Hide resolved
os/fs/mqueue/mq_check.c Outdated Show resolved Hide resolved
os/kernel/mqueue/mq_send.c Outdated Show resolved Hide resolved
Copy link
Contributor

@neel-samsung neel-samsung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check the github checks which are failing

@kishore-sn
Copy link
Contributor

ue every send and receive

Hi @sunghan-chang,
Do you have any suggestion on how to check stability?
In my opinion, we can run all our test cases. But apart from that, I am not sure of any other method.

@ritesh55555 ritesh55555 force-pushed the mq_fix branch 2 times, most recently from ae6edb3 to 3c40f54 Compare December 16, 2024 06:57
@@ -105,6 +105,10 @@ int mq_getattr(mqd_t mqdes, struct mq_attr *mq_stat)
{
int ret = ERROR;

if (mq_check(mqdes) != OK) {
return ERROR;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to set the errno before we return.

*
************************************************************************/

int mq_check(mqd_t mqdes)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename the function to show "check what".

*
* Return Value:
* OK - if mqdes is present in the calling task group list of mqdes
* ERROR - if mqdes is not present in the calling task group of mqdes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does not return ERROR, it does EBADF.

/**
* @brief get message queue attributes
* @details @b #include <mqueue.h> \n
* POSIX API (refer to : http://pubs.opengroup.org/onlinepubs/9699919799/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the POSIX API?

@@ -188,6 +188,13 @@ int mq_setattr(mqd_t mqdes, FAR const struct mq_attr *mq_stat, FAR struct mq_att
* @since TizenRT v1.0
*/
int mq_getattr(mqd_t mqdes, FAR struct mq_attr *mq_stat);
/**
* @brief get message queue attributes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

description looks wrong.

@@ -161,6 +161,11 @@ int mq_notify(mqd_t mqdes, const struct sigevent *notification)
return ERROR;
}

if (mq_check(mqdes) != OK) {
set_errno(EBADF);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should use the return value instead of hard coding here.

@@ -145,6 +145,12 @@ ssize_t mq_receive(mqd_t mqdes, FAR char *msg, size_t msglen, FAR int *prio)
/* mq_receive() is a cancellation point */
(void)enter_cancellation_point();

if (mq_check(mqdes) != OK) {
leave_cancellation_point();
set_errno(EINVAL);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When it has EINVAL, when it has EBADF?

@ritesh55555
Copy link
Contributor Author

@ritesh55555 @kishore-sn I thought when we close or unlink a mq, if we get wrong or invalid mqdes or mqname, it could corrupt mq inode. If we use invalid mqdes for mq send and receive, is it possible to be corrupted?

i dont think the inode will get corrupted if we use invalid mqdes for mq send and receive . But will lead to unintended behavior

int ret = -EBADF;
mqd_t mqdes_ptr;

FAR struct task_group_s *group = sched_self()->group;
Copy link
Contributor

@jeongarmy jeongarmy Dec 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to check mqdes and group because most of mq functions except mq_close don't check it.
DEBUGASSERT(mqdes != NULL && group != NULL);

@@ -114,6 +114,10 @@ int mq_setattr(mqd_t mqdes, const struct mq_attr *mq_stat, struct mq_attr *oldst
{
int ret = ERROR;

if (mq_check(mqdes) != OK) {
return ERROR;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Set errno is missnig

* POSIX API (refer to : http://pubs.opengroup.org/onlinepubs/9699919799/)
* @since TizenRT v1.0
*/
int mq_check(mqd_t mqdes);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like an internal api for mqueue, we need not expose it to outsize. Please check if we can we move this to some internal header file.

@@ -123,7 +123,8 @@
*
* EAGAIN The queue was empty, and the O_NONBLOCK flag was set for the
* message queue description referred to by mqdes.
* EINVAL Either msg or mqdes is NULL or the value of prio is invalid.
* EINVAL Either msg or mqdes is NULL or the value of prio is invalid,
* or mqdes is present in task group's mq list.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be,

Suggested change
* or mqdes is present in task group's mq list.
* or mqdes is not present in task group's mq list.

But here too, I think EBADF is better instead of EINVAL.

{
int ret = -EBADF;
mqd_t mqdes_ptr;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to take care of interrupt handler case here. Mq can be used to send msg from irq handler to any task. In that case, mq may be opened by any task which calls the device driver. But when irq is being handled, sched_self() will return the task running at the time of irq. This task might be different than the task which opened the device driver and the mq. So, if we are in irq hanlder, then we must NOT perform this check.

set_errno(EINVAL);
return ERROR;
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check needs to be done in all mq apis. Please check timedsend and timed receive.

@ritesh55555 ritesh55555 force-pushed the mq_fix branch 3 times, most recently from 9382099 to aaf51eb Compare January 3, 2025 11:36
	- This commit creates an api mq_check() for mqueue module.
	  This api will check the mq descriptor value in the
	  mq des list of the calling task's group. This will help
	  to remove unwanted error in mq_send and mq_receive apis.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants