1 files changed, 5 insertions, 43 deletions
diff --git a/ipc/msg.c b/ipc/msg.c
index 87d8b3852300..4a858f98a760 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -142,21 +142,6 @@ void __init msg_init(void)
 }
 /*
- * This routine is called in the paths where the rw_mutex is held to protect
- * access to the idr tree.
- */
-static inline struct msg_queue *msg_lock_check_down(struct ipc_namespace *ns,
-                                                int id)
-{
-        struct kern_ipc_perm *ipcp = ipc_lock_check_down(&msg_ids(ns), id);
-        if (IS_ERR(ipcp))
-                return (struct msg_queue *)ipcp;
-        return container_of(ipcp, struct msg_queue, q_perm);
-}
-/*
 * msg_lock_(check_) routines are called in the paths where the rw_mutex
 * is not held.
 */
@@ -437,35 +422,12 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
                        return -EFAULT;
        }
-        down_write(&msg_ids(ns).rw_mutex);
+        ipcp = ipcctl_pre_down(&msg_ids(ns), msqid, cmd,
-        msq = msg_lock_check_down(ns, msqid);
+                               &msqid64.msg_perm, msqid64.msg_qbytes);
-        if (IS_ERR(msq)) {
+        if (IS_ERR(ipcp))
-                err = PTR_ERR(msq);
+                return PTR_ERR(ipcp);
-                goto out_up;
-        }
-        ipcp = &msq->q_perm;
-        err = audit_ipc_obj(ipcp);
-        if (err)
-                goto out_unlock;
-        if (cmd == IPC_SET) {
-                err = audit_ipc_set_perm(msqid64.msg_qbytes,
-                                         msqid64.msg_perm.uid,
-                                         msqid64.msg_perm.gid,
-                                         msqid64.msg_perm.mode);
-                if (err)
-                        goto out_unlock;
-        }
-        if (current->euid != ipcp->cuid &&
+        msq = container_of(ipcp, struct msg_queue, q_perm);
-            current->euid != ipcp->uid &&
-            !capable(CAP_SYS_ADMIN)) {
-                /* We _could_ check for CAP_CHOWN above, but we don't */
-                err = -EPERM;
-                goto out_unlock;
-        }
        err = security_msg_queue_msgctl(msq, cmd);
        if (err)

diff --git a/ipc/msg.c b/ipc/msg.c index 87d8b3852300..4a858f98a760 100644 --- a/ipc/msg.c +++ b/ipc/msg.c
@@ -142,21 +142,6 @@ void __init msg_init(void)
142	}	142	}
143		143
144	/*	144	/*
145	* This routine is called in the paths where the rw_mutex is held to protect
146	* access to the idr tree.
147	*/
148	static inline struct msg_queue msg_lock_check_down(struct ipc_namespace ns,
149	int id)
150	{
151	struct kern_ipc_perm *ipcp = ipc_lock_check_down(&msg_ids(ns), id);
152
153	if (IS_ERR(ipcp))
154	return (struct msg_queue *)ipcp;
155
156	return container_of(ipcp, struct msg_queue, q_perm);
157	}
158
159	/*
160	* msg_lock_(check_) routines are called in the paths where the rw_mutex	145	* msg_lock_(check_) routines are called in the paths where the rw_mutex
161	* is not held.	146	* is not held.
162	*/	147	*/
@@ -437,35 +422,12 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
437	return -EFAULT;	422	return -EFAULT;
438	}	423	}
439		424
440	down_write(&msg_ids(ns).rw_mutex);	425	ipcp = ipcctl_pre_down(&msg_ids(ns), msqid, cmd,
441	msq = msg_lock_check_down(ns, msqid);	426	&msqid64.msg_perm, msqid64.msg_qbytes);
442	if (IS_ERR(msq)) {	427	if (IS_ERR(ipcp))
443	err = PTR_ERR(msq);	428	return PTR_ERR(ipcp);
444	goto out_up;
445	}
446
447	ipcp = &msq->q_perm;
448
449	err = audit_ipc_obj(ipcp);
450	if (err)
451	goto out_unlock;
452
453	if (cmd == IPC_SET) {
454	err = audit_ipc_set_perm(msqid64.msg_qbytes,
455	msqid64.msg_perm.uid,
456	msqid64.msg_perm.gid,
457	msqid64.msg_perm.mode);
458	if (err)
459	goto out_unlock;
460	}
461		429
462	if (current->euid != ipcp->cuid &&	430	msq = container_of(ipcp, struct msg_queue, q_perm);
463	current->euid != ipcp->uid &&
464	!capable(CAP_SYS_ADMIN)) {
465	/* We _could_ check for CAP_CHOWN above, but we don't */
466	err = -EPERM;
467	goto out_unlock;
468	}
469		431
470	err = security_msg_queue_msgctl(msq, cmd);	432	err = security_msg_queue_msgctl(msq, cmd);
471	if (err)	433	if (err)