1 files changed, 5 insertions, 32 deletions
diff --git a/ipc/sem.c b/ipc/sem.c
index a82c88d0900f..e08b94851922 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -414,29 +414,6 @@ static inline void sem_unlock(struct sem_array *sma, int locknum)
 *
 * The caller holds the RCU read lock.
 */
-static inline struct sem_array *sem_obtain_lock(struct ipc_namespace *ns,
-                        int id, struct sembuf *sops, int nsops, int *locknum)
-{
-        struct kern_ipc_perm *ipcp;
-        struct sem_array *sma;
-        ipcp = ipc_obtain_object_idr(&sem_ids(ns), id);
-        if (IS_ERR(ipcp))
-                return ERR_CAST(ipcp);
-        sma = container_of(ipcp, struct sem_array, sem_perm);
-        *locknum = sem_lock(sma, sops, nsops);
-        /* ipc_rmid() may have already freed the ID while sem_lock
-         * was spinning: verify that the structure is still valid
-         */
-        if (ipc_valid_object(ipcp))
-                return container_of(ipcp, struct sem_array, sem_perm);
-        sem_unlock(sma, *locknum);
-        return ERR_PTR(-EINVAL);
-}
 static inline struct sem_array *sem_obtain_object(struct ipc_namespace *ns, int id)
 {
        struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&sem_ids(ns), id);
@@ -2000,16 +1977,12 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
                }
                rcu_read_lock();
-                sma = sem_obtain_lock(ns, semid, sops, nsops, &locknum);
+                sem_lock(sma, sops, nsops);
-                error = READ_ONCE(queue.status);
-                /*
+                if (!ipc_valid_object(&sma->sem_perm))
-                 * Array removed? If yes, leave without sem_unlock().
+                        goto out_unlock_free;
-                 */
-                if (IS_ERR(sma)) {
+                error = READ_ONCE(queue.status);
-                        rcu_read_unlock();
-                        goto out_free;
-                }
                /*
                 * If queue.status != -EINTR we are woken up by another process.

diff --git a/ipc/sem.c b/ipc/sem.c index a82c88d0900f..e08b94851922 100644 --- a/ipc/sem.c +++ b/ipc/sem.c
@@ -414,29 +414,6 @@ static inline void sem_unlock(struct sem_array *sma, int locknum)
414	*	414	*
415	* The caller holds the RCU read lock.	415	* The caller holds the RCU read lock.
416	*/	416	*/
417	static inline struct sem_array sem_obtain_lock(struct ipc_namespace ns,
418	int id, struct sembuf sops, int nsops, int locknum)
419	{
420	struct kern_ipc_perm *ipcp;
421	struct sem_array *sma;
422
423	ipcp = ipc_obtain_object_idr(&sem_ids(ns), id);
424	if (IS_ERR(ipcp))
425	return ERR_CAST(ipcp);
426
427	sma = container_of(ipcp, struct sem_array, sem_perm);
428	*locknum = sem_lock(sma, sops, nsops);
429
430	/* ipc_rmid() may have already freed the ID while sem_lock
431	* was spinning: verify that the structure is still valid
432	*/
433	if (ipc_valid_object(ipcp))
434	return container_of(ipcp, struct sem_array, sem_perm);
435
436	sem_unlock(sma, *locknum);
437	return ERR_PTR(-EINVAL);
438	}
439
440	static inline struct sem_array sem_obtain_object(struct ipc_namespace ns, int id)	417	static inline struct sem_array sem_obtain_object(struct ipc_namespace ns, int id)
441	{	418	{
442	struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&sem_ids(ns), id);	419	struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&sem_ids(ns), id);
@@ -2000,16 +1977,12 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
2000	}	1977	}
2001		1978
2002	rcu_read_lock();	1979	rcu_read_lock();
2003	sma = sem_obtain_lock(ns, semid, sops, nsops, &locknum);	1980	sem_lock(sma, sops, nsops);
2004	error = READ_ONCE(queue.status);
2005		1981
2006	/*	1982	if (!ipc_valid_object(&sma->sem_perm))
2007	* Array removed? If yes, leave without sem_unlock().	1983	goto out_unlock_free;
2008	*/	1984
2009	if (IS_ERR(sma)) {	1985	error = READ_ONCE(queue.status);
2010	rcu_read_unlock();
2011	goto out_free;
2012	}
2013		1986
2014	/*	1987	/*
2015	* If queue.status != -EINTR we are woken up by another process.	1988	* If queue.status != -EINTR we are woken up by another process.