1 files changed, 4 insertions, 38 deletions
diff --git a/ipc/sem.c b/ipc/sem.c
index e803abec2b08..d56d3ab6bb8a 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -141,21 +141,6 @@ void __init sem_init (void)
 }
 /*
- * This routine is called in the paths where the rw_mutex is held to protect
- * access to the idr tree.
- */
-static inline struct sem_array *sem_lock_check_down(struct ipc_namespace *ns,
-                                                int id)
-{
-        struct kern_ipc_perm *ipcp = ipc_lock_check_down(&sem_ids(ns), id);
-        if (IS_ERR(ipcp))
-                return (struct sem_array *)ipcp;
-        return container_of(ipcp, struct sem_array, sem_perm);
-}
-/*
 * sem_lock_(check_) routines are called in the paths where the rw_mutex
 * is not held.
 */
@@ -878,31 +863,12 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
                if (copy_semid_from_user(&semid64, arg.buf, version))
                        return -EFAULT;
        }
-        down_write(&sem_ids(ns).rw_mutex);
-        sma = sem_lock_check_down(ns, semid);
-        if (IS_ERR(sma)) {
-                err = PTR_ERR(sma);
-                goto out_up;
-        }
-        ipcp = &sma->sem_perm;
-        err = audit_ipc_obj(ipcp);
+        ipcp = ipcctl_pre_down(&sem_ids(ns), semid, cmd, &semid64.sem_perm, 0);
-        if (err)
+        if (IS_ERR(ipcp))
-                goto out_unlock;
+                return PTR_ERR(ipcp);
-        if (cmd == IPC_SET) {
+        sma = container_of(ipcp, struct sem_array, sem_perm);
-                err = audit_ipc_set_perm(0, semid64.sem_perm.uid,
-                                         semid64.sem_perm.gid,
-                                         semid64.sem_perm.mode);
-                if (err)
-                        goto out_unlock;
-        }
-        if (current->euid != ipcp->cuid && 
-            current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
-                err=-EPERM;
-                goto out_unlock;
-        }
        err = security_sem_semctl(sma, cmd);
        if (err)

diff --git a/ipc/sem.c b/ipc/sem.c index e803abec2b08..d56d3ab6bb8a 100644 --- a/ipc/sem.c +++ b/ipc/sem.c
@@ -141,21 +141,6 @@ void __init sem_init (void)
141	}	141	}
142		142
143	/*	143	/*
144	* This routine is called in the paths where the rw_mutex is held to protect
145	* access to the idr tree.
146	*/
147	static inline struct sem_array sem_lock_check_down(struct ipc_namespace ns,
148	int id)
149	{
150	struct kern_ipc_perm *ipcp = ipc_lock_check_down(&sem_ids(ns), id);
151
152	if (IS_ERR(ipcp))
153	return (struct sem_array *)ipcp;
154
155	return container_of(ipcp, struct sem_array, sem_perm);
156	}
157
158	/*
159	* sem_lock_(check_) routines are called in the paths where the rw_mutex	144	* sem_lock_(check_) routines are called in the paths where the rw_mutex
160	* is not held.	145	* is not held.
161	*/	146	*/
@@ -878,31 +863,12 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
878	if (copy_semid_from_user(&semid64, arg.buf, version))	863	if (copy_semid_from_user(&semid64, arg.buf, version))
879	return -EFAULT;	864	return -EFAULT;
880	}	865	}
881	down_write(&sem_ids(ns).rw_mutex);
882	sma = sem_lock_check_down(ns, semid);
883	if (IS_ERR(sma)) {
884	err = PTR_ERR(sma);
885	goto out_up;
886	}
887
888	ipcp = &sma->sem_perm;
889		866
890	err = audit_ipc_obj(ipcp);	867	ipcp = ipcctl_pre_down(&sem_ids(ns), semid, cmd, &semid64.sem_perm, 0);
891	if (err)	868	if (IS_ERR(ipcp))
892	goto out_unlock;	869	return PTR_ERR(ipcp);
893		870
894	if (cmd == IPC_SET) {	871	sma = container_of(ipcp, struct sem_array, sem_perm);
895	err = audit_ipc_set_perm(0, semid64.sem_perm.uid,
896	semid64.sem_perm.gid,
897	semid64.sem_perm.mode);
898	if (err)
899	goto out_unlock;
900	}
901	if (current->euid != ipcp->cuid &&
902	current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
903	err=-EPERM;
904	goto out_unlock;
905	}
906		872
907	err = security_sem_semctl(sma, cmd);	873	err = security_sem_semctl(sma, cmd);
908	if (err)	874	if (err)