From nobody Fri Apr 3 01:26:03 2026 Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 616E3381B0A for ; Wed, 25 Mar 2026 19:01:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774465266; cv=none; b=uRCFjfJJSWYfljI8P6wk8ZsROTyN5tlqIGPJuu3OauLPtZrUItRupteJGVocQSnAyJsrzF22o21lhoZlkumrcN9O0WqBWwaa97PNP5NX5vTQApVMmodyXH7sylmGVKvzVLC4DdNZkNaAFADuD1hoXZFejKouIShqMdu8+vZsT8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774465266; c=relaxed/simple; bh=sCgrEudUL2EwyvNHOVPpGOhp9GJITcyUXJp7Z4NABLs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=f7L6odHx1fNweza/IGaVmYMJRONeIE59jIgagLwWhBNp/UXonBVqgK61ak9hFgJzuz1bg6qwK2q0my6i9ghn7EIfb2cjFtK62fyJlRLV5qV6+URQB5od5QEFLxRYvoNOVqXMImBCRIegCztvJDxD0z/M7LTBejzlraMlwaUD3DY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ee.vjti.ac.in; spf=none smtp.mailfrom=ee.vjti.ac.in; dkim=pass (1024-bit key) header.d=vjti.ac.in header.i=@vjti.ac.in header.b=R4xlr3ft; arc=none smtp.client-ip=209.85.214.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ee.vjti.ac.in Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ee.vjti.ac.in Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=vjti.ac.in header.i=@vjti.ac.in header.b="R4xlr3ft" Received: by mail-pl1-f195.google.com with SMTP id d9443c01a7336-2adff872068so661425ad.1 for ; Wed, 25 Mar 2026 12:01:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vjti.ac.in; s=google; t=1774465261; x=1775070061; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2jCYdcHbAU8vXdPo+HmNvp6/WZwddntRiscW+I1qyME=; b=R4xlr3ftv/lchYB+/k28pxAs3v3CA0HYXVJs/481erJlMRqamIGHR96i561xICDHid V3Y8J12BzY0eOWP8lOSL720+TfBe9em6ipKmQ1X4dGHKshc1WGGt5dPiU8sHEY1DJx8F yqffUg3+lmJnPkAPDyh9c+ZIEuLMOj7rL0CCM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774465261; x=1775070061; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2jCYdcHbAU8vXdPo+HmNvp6/WZwddntRiscW+I1qyME=; b=OoJfto/5jznN1qYoqranOjnym13ieiLh63xGSdGh8VyUfm75te7Vb2HKH52iRkT7UE kOqRoVQxd8ijzZAMlLDiM76My+/unaoi+E6qv6FxZV16dcjh2T/9J0m/rtL6WGN6KF2Z bzl3UmMegE43LVNMGUNsD2mLXw0qAniO0ETBWo2XSQ9eZTN3QaehIVy29SuDvHyxCU4z FPkYjNxghv9OvuTxoSCywu5eGFwBlmPRrv06VV5nXoVAdJKVpfPPH/83R30YVySR11Av GgrbVFRPtoALIPzACSiGeWqJbbYJ3mo0lMqQezkuYtKYw1Dr/4Sp4f4s0llHsED66ITb hOyw== X-Gm-Message-State: AOJu0Yz7QGE5ngmF1Oh8TXDdUs97Xkuif8qwi1UEncezWDzdlmhzryT/ MoYkUh/e84kc1l34FdEKjf193TCsCdCRVXGu+oz3/fTSQC+Kd+jCJsbGV65OEMscPSHCFbj0A3A NubKo3Ln/ITOY X-Gm-Gg: ATEYQzz9X4RmvUk8rbHbgftr1A8xVK05RKHz+kT/R3uswbYPr5y9G71gL6zhSMwMStQ ldmpOX8IIjVFubPT8o+4QSbMbWnQCaoNHEGfE+fL84h/ptx2aJlQXLZ2qX3q7HFyw8pTnKHrx7X gkA9IIWtEFy3oizSFGmDp8twRDZETmLT8biBcE19lddlsy1oBsbW6zydxXvYpcw12MzaeUBTNEK NVFCn+SpzqgtDIaQe8Y5uOAE9r++10Tl+Mjwj3hwI5MwiWUwzpQ2PYPFeMQA+5rO8gMSTWQ/gAq qW3dszSdwzCKw0DvUTmyx2N4++iqD/2qpGzPXeTDuzAUlR1hWCmoXa1//1gMeIf2Z7rgUNZOJwv ldzaI+EXH9fksoabuRkdqx+365LyyQl599Yw12HZ0JlZWMQpxP75ifV5+CvyWZbkOn1IqwROHkC pUHykwtQq/hQFyBiFW/unj6pLzDSyUDNgZb3f8w6IHmL74jMMpVmSHWo8Pnr9hu4Ca1k2lYP3dG Njtev/aH0Y36+QcZEFpYQ== X-Received: by 2002:a17:903:182:b0:2b0:6961:150a with SMTP id d9443c01a7336-2b0b0ad2a61mr54895465ad.38.1774465260637; Wed, 25 Mar 2026 12:01:00 -0700 (PDT) Received: from ranegod-HP-ENVY-x360-Convertible-13-bd0xxx.www.tendawifi.com ([14.139.108.62]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b0bc79f7dbsm6483485ad.25.2026.03.25.12.00.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2026 12:00:59 -0700 (PDT) From: Shaurya Rane To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: manfred@colorfullife.com, viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, rstoyanov@fedoraproject.org, ptikhomirov@virtuozzo.com, Shaurya Rane Subject: [RFC PATCH 3/3] ipc/mqueue: implement fcntl(F_MQ_PEEK) for non-destructive message inspection Date: Thu, 26 Mar 2026 00:30:25 +0530 Message-Id: <20260325190025.40312-4-ssrane_b23@ee.vjti.ac.in> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260325190025.40312-1-ssrane_b23@ee.vjti.ac.in> References: <20260325190025.40312-1-ssrane_b23@ee.vjti.ac.in> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support for F_MQ_PEEK, a new fcntl command that reads a POSIX message queue message by index without removing it from the queue. Background: CRIU (Checkpoint/Restore In Userspace) supports live container migration and process checkpoint/restore. POSIX message queues are a widely-used IPC mechanism, but CRIU cannot checkpoint processes that hold open mqueue file descriptors: there is no kernel interface to inspect queued messages non-destructively. The SysV IPC analogue (MSG_COPY for msgrcv) was introduced specifically for CRIU in commit 4a674f34ba04 ("ipc: introduce message queue copy feature"). This patch provides the equivalent for POSIX mqueues. Implementation: The queue stores messages in a red-black tree (info->msg_tree) keyed by priority, with each tree node holding a FIFO list of messages at that priority level. mq_peek_at_offset() walks this structure in receive order (highest priority first, FIFO within priority) to locate the message at the requested index without modifying any state. Message payload is copied into a kvmalloc'd kernel buffer under info->lock using pure memcpy() (no page faults possible). This correctly handles multi-segment messages by walking the msg_msgseg chain. The lock is released before copy_to_user() transfers the kernel buffer to userspace. A new include/linux/mqueue.h kernel header is added to declare do_mq_peek() for use from fs/fcntl.c, following the same pattern as include/linux/memfd.h for memfd_fcntl(). Concurrency: The snapshot is consistent within the spin_lock() critical section. Between two F_MQ_PEEK calls the queue may change (messages may be sent or received). This is documented snapshot semantics, analogous to /proc entries. CRIU freezes the target process via ptrace before dumping, so in practice the queue is stable for the entire checkpoint sequence. Link: https://github.com/checkpoint-restore/criu/issues/2285 Signed-off-by: Shaurya Rane --- fs/fcntl.c | 4 ++ include/linux/mqueue.h | 19 ++++++ ipc/mqueue.c | 129 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 152 insertions(+) create mode 100644 include/linux/mqueue.h diff --git a/fs/fcntl.c b/fs/fcntl.c index f93dbca08435..32d0dcc8e544 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -563,6 +564,9 @@ static long do_fcntl(int fd, unsigned int cmd, unsigned= long arg, return -EFAULT; err =3D fcntl_setdeleg(fd, filp, &deleg); break; + case F_MQ_PEEK: + err =3D do_mq_peek(filp, argp); + break; default: break; } diff --git a/include/linux/mqueue.h b/include/linux/mqueue.h new file mode 100644 index 000000000000..a725fcf90d39 --- /dev/null +++ b/include/linux/mqueue.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __LINUX_MQUEUE_H +#define __LINUX_MQUEUE_H + +#include + +struct file; + +#ifdef CONFIG_POSIX_MQUEUE +long do_mq_peek(struct file *filp, struct mq_peek_attr __user *uattr); +#else +static inline long do_mq_peek(struct file *filp, + struct mq_peek_attr __user *uattr) +{ + return -EBADF; +} +#endif /* CONFIG_POSIX_MQUEUE */ + +#endif /* __LINUX_MQUEUE_H */ diff --git a/ipc/mqueue.c b/ipc/mqueue.c index bb7c9e5d2b90..5e73864a9657 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -286,6 +286,135 @@ static inline struct msg_msg *msg_get(struct mqueue_i= node_info *info) return msg; } =20 +/* + * mq_peek_at_offset - locate a message by receive-order index. + * + * Walk the priority tree from highest to lowest priority, and within each + * priority level in FIFO order, returning the message at position @offset + * (0 =3D next message that mq_receive() would dequeue). + * + * Must be called with info->lock held. Does not modify queue state. + * Returns NULL if @offset >=3D mq_curmsgs. + */ +static struct msg_msg *mq_peek_at_offset(struct mqueue_inode_info *info, + int offset) +{ + struct posix_msg_tree_node *leaf; + struct rb_node *node; + struct msg_msg *msg; + int count =3D 0; + + for (node =3D info->msg_tree_rightmost; node; node =3D rb_prev(node)) { + leaf =3D rb_entry(node, struct posix_msg_tree_node, rb_node); + list_for_each_entry(msg, &leaf->msg_list, m_list) { + if (count =3D=3D offset) + return msg; + count++; + } + } + return NULL; +} + +/* + * mq_msg_copy_to_buf - copy message payload into a flat kernel buffer. + * + * Handles multi-segment messages by walking the msg_msgseg chain. + * Uses only memcpy() so it is safe to call under info->lock. + * Returns the number of bytes copied. + */ +static size_t mq_msg_copy_to_buf(struct msg_msg *msg, void *buf, size_t bu= f_len) +{ + size_t alen, to_copy, copied =3D 0; + struct msg_msgseg *seg; + + to_copy =3D min(buf_len, msg->m_ts); + + alen =3D min(to_copy, DATALEN_MSG); + memcpy(buf, msg + 1, alen); + copied +=3D alen; + to_copy -=3D alen; + + for (seg =3D msg->next; seg && to_copy > 0; seg =3D seg->next) { + alen =3D min(to_copy, DATALEN_SEG); + memcpy((char *)buf + copied, seg + 1, alen); + copied +=3D alen; + to_copy -=3D alen; + } + return copied; +} + +/* + * do_mq_peek - implement fcntl(F_MQ_PEEK). + * + * Read the message at position @attr.offset in receive order from the + * queue without removing it. Position 0 is the message that the next + * mq_receive() would return (highest priority, FIFO within priority). + * + * The snapshot is consistent within the spin_lock() critical section. + * Between two F_MQ_PEEK calls the queue may change; this is documented + * snapshot semantics analogous to /proc entries. + * + * Returns bytes copied on success, -ENOMSG if offset >=3D mq_curmsgs. + */ +long do_mq_peek(struct file *filp, struct mq_peek_attr __user *uattr) +{ + struct mqueue_inode_info *info; + struct mq_peek_attr attr; + struct msg_msg *msg; + void *kbuf; + long ret; + + if (filp->f_op !=3D &mqueue_file_operations) + return -EBADF; + + if (!(filp->f_mode & FMODE_READ)) + return -EBADF; + + if (copy_from_user(&attr, uattr, sizeof(attr))) + return -EFAULT; + + if (attr.offset < 0 || !attr.buf_len || !attr.buf) + return -EINVAL; + + info =3D MQUEUE_I(file_inode(filp)); + + /* + * Allocate the kernel copy buffer before taking the spinlock. + * Cap at mq_msgsize: no message can exceed it. + */ + kbuf =3D kvmalloc(min_t(size_t, attr.buf_len, info->attr.mq_msgsize), + GFP_KERNEL); + if (!kbuf) + return -ENOMEM; + + spin_lock(&info->lock); + + msg =3D mq_peek_at_offset(info, attr.offset); + if (!msg) { + spin_unlock(&info->lock); + kvfree(kbuf); + return -ENOMSG; + } + + /* + * Copy the payload under the lock using pure memcpy() (no page + * faults), then transfer to userspace after releasing the lock. + */ + ret =3D mq_msg_copy_to_buf(msg, kbuf, + min_t(size_t, attr.buf_len, + info->attr.mq_msgsize)); + attr.msg_prio =3D msg->m_type; + + spin_unlock(&info->lock); + + if (copy_to_user(attr.buf, kbuf, ret) || + copy_to_user(uattr, &attr, sizeof(attr))) + ret =3D -EFAULT; + + kvfree(kbuf); + return ret; +} + static struct inode *mqueue_get_inode(struct super_block *sb, struct ipc_namespace *ipc_ns, umode_t mode, struct mq_attr *attr) --=20 2.34.1