Merge branch 'akpm' (patches from Andrew)

Merge misc updates from Andrew Morton: - kasan updates - procfs - lib/bitmap updates - other lib/ updates - checkpatch tweaks - rapidio - ubsan - pipe fixes and cleanups - lots of other misc bits * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (114 commits) Documentation/sysctl/user.txt: fix typo MAINTAINERS: update ARM/QUALCOMM SUPPORT patterns MAINTAINERS: update various PALM patterns MAINTAINERS: update "ARM/OXNAS platform support" patterns MAINTAINERS: update Cortina/Gemini patterns MAINTAINERS: remove ARM/CLKDEV SUPPORT file pattern MAINTAINERS: remove ANDROID ION pattern mm: docs: add blank lines to silence sphinx "Unexpected indentation" errors mm: docs: fix parameter names mismatch mm: docs: fixup punctuation pipe: read buffer limits atomically pipe: simplify round_pipe_size() pipe: reject F_SETPIPE_SZ with size over UINT_MAX pipe: fix off-by-one error when checking buffer limits pipe: actually allow root to exceed the pipe buffer limits pipe, sysctl: remove pipe_proc_fn() pipe, sysctl: drop 'min' parameter from pipe-max-size converter kasan: rework Kconfig settings crash_dump: is_kdump_kernel can be boolean kernel/mutex: mutex_is_locked can be boolean ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-02-07 01:15:42 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-02-07 01:15:42 -0500
commit: a2e5790d841658485d642196dbb0927303d6c22f (patch)
tree: b3d28c9bcb7da6880806146fd22a88a7ee7f733e /ipc/msg.c
parent: ab2d92ad881da11331280aedf612d82e61cb6d41 (diff)
parent: 60c3e026d73ccabb075fb70ba02f8512ab40cf2c (diff)
1 files changed, 14 insertions, 6 deletions
diff --git a/ipc/msg.c b/ipc/msg.c
index 1bbc029d2b17..0dcc6699dc53 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -476,9 +476,9 @@ static int msgctl_info(struct ipc_namespace *ns, int msqid,
 static int msgctl_stat(struct ipc_namespace *ns, int msqid,
                         int cmd, struct msqid64_ds *p)
 {
-        int err;
        struct msg_queue *msq;
-        int success_return;
+        int id = 0;
+        int err;
        memset(p, 0, sizeof(*p));
@@ -489,14 +489,13 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid,
                        err = PTR_ERR(msq);
                        goto out_unlock;
                }
-                success_return = msq->q_perm.id;
+                id = msq->q_perm.id;
        } else {
                msq = msq_obtain_object_check(ns, msqid);
                if (IS_ERR(msq)) {
                        err = PTR_ERR(msq);
                        goto out_unlock;
                }
-                success_return = 0;
        }
        err = -EACCES;
@@ -507,6 +506,14 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid,
        if (err)
                goto out_unlock;
+        ipc_lock_object(&msq->q_perm);
+        if (!ipc_valid_object(&msq->q_perm)) {
+                ipc_unlock_object(&msq->q_perm);
+                err = -EIDRM;
+                goto out_unlock;
+        }
        kernel_to_ipc64_perm(&msq->q_perm, &p->msg_perm);
        p->msg_stime  = msq->q_stime;
        p->msg_rtime  = msq->q_rtime;
@@ -516,9 +523,10 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid,
        p->msg_qbytes = msq->q_qbytes;
        p->msg_lspid  = msq->q_lspid;
        p->msg_lrpid  = msq->q_lrpid;
-        rcu_read_unlock();
-        return success_return;
+        ipc_unlock_object(&msq->q_perm);
+        rcu_read_unlock();
+        return id;
 out_unlock:
        rcu_read_unlock();
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-02-07 01:15:42 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-02-07 01:15:42 -0500
commit	a2e5790d841658485d642196dbb0927303d6c22f (patch)
tree	b3d28c9bcb7da6880806146fd22a88a7ee7f733e /ipc/msg.c
parent	ab2d92ad881da11331280aedf612d82e61cb6d41 (diff)
parent	60c3e026d73ccabb075fb70ba02f8512ab40cf2c (diff)