1 files changed, 4 insertions, 38 deletions
diff --git a/ipc/shm.c b/ipc/shm.c
index 20e03dfc6adb..554429ade079 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -126,18 +126,6 @@ static inline struct shmid_kernel *shm_lock_down(struct ipc_namespace *ns,
        return container_of(ipcp, struct shmid_kernel, shm_perm);
 }
-static inline struct shmid_kernel *shm_lock_check_down(
-                                                struct ipc_namespace *ns,
-                                                int id)
-{
-        struct kern_ipc_perm *ipcp = ipc_lock_check_down(&shm_ids(ns), id);
-        if (IS_ERR(ipcp))
-                return (struct shmid_kernel *)ipcp;
-        return container_of(ipcp, struct shmid_kernel, shm_perm);
-}
 /*
 * shm_lock_(check_) routines are called in the paths where the rw_mutex
 * is not held.
@@ -620,33 +608,11 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
                        return -EFAULT;
        }
-        down_write(&shm_ids(ns).rw_mutex);
+        ipcp = ipcctl_pre_down(&shm_ids(ns), shmid, cmd, &shmid64.shm_perm, 0);
-        shp = shm_lock_check_down(ns, shmid);
+        if (IS_ERR(ipcp))
-        if (IS_ERR(shp)) {
+                return PTR_ERR(ipcp);
-                err = PTR_ERR(shp);
-                goto out_up;
-        }
-        ipcp = &shp->shm_perm;
-        err = audit_ipc_obj(ipcp);
-        if (err)
-                goto out_unlock;
-        if (cmd == IPC_SET) {
-                err = audit_ipc_set_perm(0, shmid64.shm_perm.uid,
-                                         shmid64.shm_perm.gid,
-                                         shmid64.shm_perm.mode);
-                if (err)
-                        goto out_unlock;
-        }
-        if (current->euid != ipcp->uid &&
+        shp = container_of(ipcp, struct shmid_kernel, shm_perm);
-            current->euid != ipcp->cuid &&
-            !capable(CAP_SYS_ADMIN)) {
-                err = -EPERM;
-                goto out_unlock;
-        }
        err = security_shm_shmctl(shp, cmd);
        if (err)

diff --git a/ipc/shm.c b/ipc/shm.c index 20e03dfc6adb..554429ade079 100644 --- a/ipc/shm.c +++ b/ipc/shm.c
@@ -126,18 +126,6 @@ static inline struct shmid_kernel shm_lock_down(struct ipc_namespace ns,
126	return container_of(ipcp, struct shmid_kernel, shm_perm);	126	return container_of(ipcp, struct shmid_kernel, shm_perm);
127	}	127	}
128		128
129	static inline struct shmid_kernel *shm_lock_check_down(
130	struct ipc_namespace *ns,
131	int id)
132	{
133	struct kern_ipc_perm *ipcp = ipc_lock_check_down(&shm_ids(ns), id);
134
135	if (IS_ERR(ipcp))
136	return (struct shmid_kernel *)ipcp;
137
138	return container_of(ipcp, struct shmid_kernel, shm_perm);
139	}
140
141	/*	129	/*
142	* shm_lock_(check_) routines are called in the paths where the rw_mutex	130	* shm_lock_(check_) routines are called in the paths where the rw_mutex
143	* is not held.	131	* is not held.
@@ -620,33 +608,11 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
620	return -EFAULT;	608	return -EFAULT;
621	}	609	}
622		610
623	down_write(&shm_ids(ns).rw_mutex);	611	ipcp = ipcctl_pre_down(&shm_ids(ns), shmid, cmd, &shmid64.shm_perm, 0);
624	shp = shm_lock_check_down(ns, shmid);	612	if (IS_ERR(ipcp))
625	if (IS_ERR(shp)) {	613	return PTR_ERR(ipcp);
626	err = PTR_ERR(shp);
627	goto out_up;
628	}
629
630	ipcp = &shp->shm_perm;
631
632	err = audit_ipc_obj(ipcp);
633	if (err)
634	goto out_unlock;
635
636	if (cmd == IPC_SET) {
637	err = audit_ipc_set_perm(0, shmid64.shm_perm.uid,
638	shmid64.shm_perm.gid,
639	shmid64.shm_perm.mode);
640	if (err)
641	goto out_unlock;
642	}
643		614
644	if (current->euid != ipcp->uid &&	615	shp = container_of(ipcp, struct shmid_kernel, shm_perm);
645	current->euid != ipcp->cuid &&
646	!capable(CAP_SYS_ADMIN)) {
647	err = -EPERM;
648	goto out_unlock;
649	}
650		616
651	err = security_shm_shmctl(shp, cmd);	617	err = security_shm_shmctl(shp, cmd);
652	if (err)	618	if (err)