aboutsummaryrefslogtreecommitdiffstats
path: root/ipc/shm.c
diff options
context:
space:
mode:
Diffstat (limited to 'ipc/shm.c')
-rw-r--r--ipc/shm.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/ipc/shm.c b/ipc/shm.c
index 7a51443a51d6..1bc68f115842 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -975,6 +975,13 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
975 goto out_unlock1; 975 goto out_unlock1;
976 976
977 ipc_lock_object(&shp->shm_perm); 977 ipc_lock_object(&shp->shm_perm);
978
979 /* check if shm_destroy() is tearing down shp */
980 if (!ipc_valid_object(&shp->shm_perm)) {
981 err = -EIDRM;
982 goto out_unlock0;
983 }
984
978 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { 985 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
979 kuid_t euid = current_euid(); 986 kuid_t euid = current_euid();
980 if (!uid_eq(euid, shp->shm_perm.uid) && 987 if (!uid_eq(euid, shp->shm_perm.uid) &&
@@ -989,13 +996,6 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
989 } 996 }
990 997
991 shm_file = shp->shm_file; 998 shm_file = shp->shm_file;
992
993 /* check if shm_destroy() is tearing down shp */
994 if (shm_file == NULL) {
995 err = -EIDRM;
996 goto out_unlock0;
997 }
998
999 if (is_file_hugepages(shm_file)) 999 if (is_file_hugepages(shm_file))
1000 goto out_unlock0; 1000 goto out_unlock0;
1001 1001
@@ -1116,7 +1116,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
1116 ipc_lock_object(&shp->shm_perm); 1116 ipc_lock_object(&shp->shm_perm);
1117 1117
1118 /* check if shm_destroy() is tearing down shp */ 1118 /* check if shm_destroy() is tearing down shp */
1119 if (shp->shm_file == NULL) { 1119 if (!ipc_valid_object(&shp->shm_perm)) {
1120 ipc_unlock_object(&shp->shm_perm); 1120 ipc_unlock_object(&shp->shm_perm);
1121 err = -EIDRM; 1121 err = -EIDRM;
1122 goto out_unlock; 1122 goto out_unlock;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-05 20:20:40 -0500