aboutsummaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
authorDavidlohr Bueso <davidlohr.bueso@hp.com>2013-09-11 17:26:23 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2013-09-11 18:59:42 -0400
commitc2c737a0461e61a34676bd0bd1bc1a70a1b4e396 (patch)
treef8d9d21cbc43ac12a67bbc428cab083adb31cd30 /ipc
parentf42569b1388b1408b574a5e93a23a663647d4181 (diff)
ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after doing the initial permission and security checks. [sasha.levin@oracle.com: dont leave do_shmat with rcu lock held] Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc')
-rw-r--r--ipc/shm.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/ipc/shm.c b/ipc/shm.c
index 115dccebc63e..28d19f4ece4b 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -19,6 +19,9 @@
19 * namespaces support 19 * namespaces support
20 * OpenVZ, SWsoft Inc. 20 * OpenVZ, SWsoft Inc.
21 * Pavel Emelianov <xemul@openvz.org> 21 * Pavel Emelianov <xemul@openvz.org>
22 *
23 * Better ipc lock (kern_ipc_perm.lock) handling
24 * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
22 */ 25 */
23 26
24#include <linux/slab.h> 27#include <linux/slab.h>
@@ -1086,10 +1089,11 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
1086 * additional creator id... 1089 * additional creator id...
1087 */ 1090 */
1088 ns = current->nsproxy->ipc_ns; 1091 ns = current->nsproxy->ipc_ns;
1089 shp = shm_lock_check(ns, shmid); 1092 rcu_read_lock();
1093 shp = shm_obtain_object_check(ns, shmid);
1090 if (IS_ERR(shp)) { 1094 if (IS_ERR(shp)) {
1091 err = PTR_ERR(shp); 1095 err = PTR_ERR(shp);
1092 goto out; 1096 goto out_unlock;
1093 } 1097 }
1094 1098
1095 err = -EACCES; 1099 err = -EACCES;
@@ -1100,11 +1104,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
1100 if (err) 1104 if (err)
1101 goto out_unlock; 1105 goto out_unlock;
1102 1106
1107 ipc_lock_object(&shp->shm_perm);
1103 path = shp->shm_file->f_path; 1108 path = shp->shm_file->f_path;
1104 path_get(&path); 1109 path_get(&path);
1105 shp->shm_nattch++; 1110 shp->shm_nattch++;
1106 size = i_size_read(path.dentry->d_inode); 1111 size = i_size_read(path.dentry->d_inode);
1107 shm_unlock(shp); 1112 ipc_unlock_object(&shp->shm_perm);
1113 rcu_read_unlock();
1108 1114
1109 err = -ENOMEM; 1115 err = -ENOMEM;
1110 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL); 1116 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
@@ -1175,7 +1181,7 @@ out_nattch:
1175 return err; 1181 return err;
1176 1182
1177out_unlock: 1183out_unlock:
1178 shm_unlock(shp); 1184 rcu_read_unlock();
1179out: 1185out:
1180 return err; 1186 return err;
1181} 1187}