3 files changed, 8 insertions, 9 deletions

diff --git a/ipc/msg.c b/ipc/msg.c
index fbf757064a32..7eec5ed32379 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -220,8 +220,7 @@ asmlinkage long sys_msgget (key_t key, int msgflg)
                 ret = -EEXIST;
         } else {
                 msq = msg_lock(id);
-                if(msq==NULL)
-                        BUG();
+                BUG_ON(msq==NULL);
                 if (ipcperms(&msq->q_perm, msgflg))
                         ret = -EACCES;
                 else {
@@ -429,8 +428,6 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
                         return -EFAULT;
                 if (copy_msqid_from_user (&setbuf, buf, version))
                         return -EFAULT;
-                if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode)))
-                        return err;
                 break;
         case IPC_RMID:
                 break;
@@ -461,6 +458,9 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
         switch (cmd) {
         case IPC_SET:
         {
+                if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp)))
+                        goto out_unlock_up;
+
                 err = -EPERM;
                 if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE))
                         goto out_unlock_up;
diff --git a/ipc/sem.c b/ipc/sem.c
index 31fd4027d2b5..59696a840be1 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -809,8 +809,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
         if(cmd == IPC_SET) {
                 if(copy_semid_from_user (&setbuf, arg.buf, version))
                         return -EFAULT;
-                if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
-                        return err;
         }
         sma = sem_lock(semid);
         if(sma==NULL)
@@ -821,7 +819,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
                 goto out_unlock;
         }       
         ipcp = &sma->sem_perm;
-        
         if (current->euid != ipcp->cuid && 
             current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
                 err=-EPERM;
@@ -838,6 +835,8 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
                 err = 0;
                 break;
         case IPC_SET:
+                if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp)))
+                        goto out_unlock;
                 ipcp->uid = setbuf.uid;
                 ipcp->gid = setbuf.gid;
                 ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
diff --git a/ipc/shm.c b/ipc/shm.c
index 16fe2786087d..6f9615c09fb2 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -620,13 +620,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                         err = -EFAULT;
                         goto out;
                 }
-                if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
-                        return err;
                 down(&shm_ids.sem);
                 shp = shm_lock(shmid);
                 err=-EINVAL;
                 if(shp==NULL)
                         goto out_up;
+                if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm))))
+                        goto out_unlock_up;
                 err = shm_checkid(shp,shmid);
                 if(err)
                         goto out_unlock_up;