aboutsummaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
Diffstat (limited to 'ipc')
-rw-r--r--ipc/ipc_sysctl.c93
-rw-r--r--ipc/mq_sysctl.c15
-rw-r--r--ipc/msg.c3
-rw-r--r--ipc/sem.c214
-rw-r--r--ipc/shm.c36
5 files changed, 182 insertions, 179 deletions
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 40eab7314aeb..56410faa4550 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -27,18 +27,18 @@ static void *get_ipc(ctl_table *table)
27} 27}
28 28
29#ifdef CONFIG_PROC_SYSCTL 29#ifdef CONFIG_PROC_SYSCTL
30static int proc_ipc_dointvec(ctl_table *table, int write, struct file *filp, 30static int proc_ipc_dointvec(ctl_table *table, int write,
31 void __user *buffer, size_t *lenp, loff_t *ppos) 31 void __user *buffer, size_t *lenp, loff_t *ppos)
32{ 32{
33 struct ctl_table ipc_table; 33 struct ctl_table ipc_table;
34 memcpy(&ipc_table, table, sizeof(ipc_table)); 34 memcpy(&ipc_table, table, sizeof(ipc_table));
35 ipc_table.data = get_ipc(table); 35 ipc_table.data = get_ipc(table);
36 36
37 return proc_dointvec(&ipc_table, write, filp, buffer, lenp, ppos); 37 return proc_dointvec(&ipc_table, write, buffer, lenp, ppos);
38} 38}
39 39
40static int proc_ipc_callback_dointvec(ctl_table *table, int write, 40static int proc_ipc_callback_dointvec(ctl_table *table, int write,
41 struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) 41 void __user *buffer, size_t *lenp, loff_t *ppos)
42{ 42{
43 struct ctl_table ipc_table; 43 struct ctl_table ipc_table;
44 size_t lenp_bef = *lenp; 44 size_t lenp_bef = *lenp;
@@ -47,7 +47,7 @@ static int proc_ipc_callback_dointvec(ctl_table *table, int write,
47 memcpy(&ipc_table, table, sizeof(ipc_table)); 47 memcpy(&ipc_table, table, sizeof(ipc_table));
48 ipc_table.data = get_ipc(table); 48 ipc_table.data = get_ipc(table);
49 49
50 rc = proc_dointvec(&ipc_table, write, filp, buffer, lenp, ppos); 50 rc = proc_dointvec(&ipc_table, write, buffer, lenp, ppos);
51 51
52 if (write && !rc && lenp_bef == *lenp) 52 if (write && !rc && lenp_bef == *lenp)
53 /* 53 /*
@@ -61,13 +61,13 @@ static int proc_ipc_callback_dointvec(ctl_table *table, int write,
61} 61}
62 62
63static int proc_ipc_doulongvec_minmax(ctl_table *table, int write, 63static int proc_ipc_doulongvec_minmax(ctl_table *table, int write,
64 struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) 64 void __user *buffer, size_t *lenp, loff_t *ppos)
65{ 65{
66 struct ctl_table ipc_table; 66 struct ctl_table ipc_table;
67 memcpy(&ipc_table, table, sizeof(ipc_table)); 67 memcpy(&ipc_table, table, sizeof(ipc_table));
68 ipc_table.data = get_ipc(table); 68 ipc_table.data = get_ipc(table);
69 69
70 return proc_doulongvec_minmax(&ipc_table, write, filp, buffer, 70 return proc_doulongvec_minmax(&ipc_table, write, buffer,
71 lenp, ppos); 71 lenp, ppos);
72} 72}
73 73
@@ -95,7 +95,7 @@ static void ipc_auto_callback(int val)
95} 95}
96 96
97static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, 97static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write,
98 struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) 98 void __user *buffer, size_t *lenp, loff_t *ppos)
99{ 99{
100 struct ctl_table ipc_table; 100 struct ctl_table ipc_table;
101 size_t lenp_bef = *lenp; 101 size_t lenp_bef = *lenp;
@@ -106,7 +106,7 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write,
106 ipc_table.data = get_ipc(table); 106 ipc_table.data = get_ipc(table);
107 oldval = *((int *)(ipc_table.data)); 107 oldval = *((int *)(ipc_table.data));
108 108
109 rc = proc_dointvec_minmax(&ipc_table, write, filp, buffer, lenp, ppos); 109 rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
110 110
111 if (write && !rc && lenp_bef == *lenp) { 111 if (write && !rc && lenp_bef == *lenp) {
112 int newval = *((int *)(ipc_table.data)); 112 int newval = *((int *)(ipc_table.data));
@@ -129,136 +129,60 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write,
129#define proc_ipcauto_dointvec_minmax NULL 129#define proc_ipcauto_dointvec_minmax NULL
130#endif 130#endif
131 131
132#ifdef CONFIG_SYSCTL_SYSCALL
133/* The generic sysctl ipc data routine. */
134static int sysctl_ipc_data(ctl_table *table,
135 void __user *oldval, size_t __user *oldlenp,
136 void __user *newval, size_t newlen)
137{
138 size_t len;
139 void *data;
140
141 /* Get out of I don't have a variable */
142 if (!table->data || !table->maxlen)
143 return -ENOTDIR;
144
145 data = get_ipc(table);
146 if (!data)
147 return -ENOTDIR;
148
149 if (oldval && oldlenp) {
150 if (get_user(len, oldlenp))
151 return -EFAULT;
152 if (len) {
153 if (len > table->maxlen)
154 len = table->maxlen;
155 if (copy_to_user(oldval, data, len))
156 return -EFAULT;
157 if (put_user(len, oldlenp))
158 return -EFAULT;
159 }
160 }
161
162 if (newval && newlen) {
163 if (newlen > table->maxlen)
164 newlen = table->maxlen;
165
166 if (copy_from_user(data, newval, newlen))
167 return -EFAULT;
168 }
169 return 1;
170}
171
172static int sysctl_ipc_registered_data(ctl_table *table,
173 void __user *oldval, size_t __user *oldlenp,
174 void __user *newval, size_t newlen)
175{
176 int rc;
177
178 rc = sysctl_ipc_data(table, oldval, oldlenp, newval, newlen);
179
180 if (newval && newlen && rc > 0)
181 /*
182 * Tunable has successfully been changed from userland
183 */
184 unregister_ipcns_notifier(current->nsproxy->ipc_ns);
185
186 return rc;
187}
188#else
189#define sysctl_ipc_data NULL
190#define sysctl_ipc_registered_data NULL
191#endif
192
193static int zero; 132static int zero;
194static int one = 1; 133static int one = 1;
195 134
196static struct ctl_table ipc_kern_table[] = { 135static struct ctl_table ipc_kern_table[] = {
197 { 136 {
198 .ctl_name = KERN_SHMMAX,
199 .procname = "shmmax", 137 .procname = "shmmax",
200 .data = &init_ipc_ns.shm_ctlmax, 138 .data = &init_ipc_ns.shm_ctlmax,
201 .maxlen = sizeof (init_ipc_ns.shm_ctlmax), 139 .maxlen = sizeof (init_ipc_ns.shm_ctlmax),
202 .mode = 0644, 140 .mode = 0644,
203 .proc_handler = proc_ipc_doulongvec_minmax, 141 .proc_handler = proc_ipc_doulongvec_minmax,
204 .strategy = sysctl_ipc_data,
205 }, 142 },
206 { 143 {
207 .ctl_name = KERN_SHMALL,
208 .procname = "shmall", 144 .procname = "shmall",
209 .data = &init_ipc_ns.shm_ctlall, 145 .data = &init_ipc_ns.shm_ctlall,
210 .maxlen = sizeof (init_ipc_ns.shm_ctlall), 146 .maxlen = sizeof (init_ipc_ns.shm_ctlall),
211 .mode = 0644, 147 .mode = 0644,
212 .proc_handler = proc_ipc_doulongvec_minmax, 148 .proc_handler = proc_ipc_doulongvec_minmax,
213 .strategy = sysctl_ipc_data,
214 }, 149 },
215 { 150 {
216 .ctl_name = KERN_SHMMNI,
217 .procname = "shmmni", 151 .procname = "shmmni",
218 .data = &init_ipc_ns.shm_ctlmni, 152 .data = &init_ipc_ns.shm_ctlmni,
219 .maxlen = sizeof (init_ipc_ns.shm_ctlmni), 153 .maxlen = sizeof (init_ipc_ns.shm_ctlmni),
220 .mode = 0644, 154 .mode = 0644,
221 .proc_handler = proc_ipc_dointvec, 155 .proc_handler = proc_ipc_dointvec,
222 .strategy = sysctl_ipc_data,
223 }, 156 },
224 { 157 {
225 .ctl_name = KERN_MSGMAX,
226 .procname = "msgmax", 158 .procname = "msgmax",
227 .data = &init_ipc_ns.msg_ctlmax, 159 .data = &init_ipc_ns.msg_ctlmax,
228 .maxlen = sizeof (init_ipc_ns.msg_ctlmax), 160 .maxlen = sizeof (init_ipc_ns.msg_ctlmax),
229 .mode = 0644, 161 .mode = 0644,
230 .proc_handler = proc_ipc_dointvec, 162 .proc_handler = proc_ipc_dointvec,
231 .strategy = sysctl_ipc_data,
232 }, 163 },
233 { 164 {
234 .ctl_name = KERN_MSGMNI,
235 .procname = "msgmni", 165 .procname = "msgmni",
236 .data = &init_ipc_ns.msg_ctlmni, 166 .data = &init_ipc_ns.msg_ctlmni,
237 .maxlen = sizeof (init_ipc_ns.msg_ctlmni), 167 .maxlen = sizeof (init_ipc_ns.msg_ctlmni),
238 .mode = 0644, 168 .mode = 0644,
239 .proc_handler = proc_ipc_callback_dointvec, 169 .proc_handler = proc_ipc_callback_dointvec,
240 .strategy = sysctl_ipc_registered_data,
241 }, 170 },
242 { 171 {
243 .ctl_name = KERN_MSGMNB,
244 .procname = "msgmnb", 172 .procname = "msgmnb",
245 .data = &init_ipc_ns.msg_ctlmnb, 173 .data = &init_ipc_ns.msg_ctlmnb,
246 .maxlen = sizeof (init_ipc_ns.msg_ctlmnb), 174 .maxlen = sizeof (init_ipc_ns.msg_ctlmnb),
247 .mode = 0644, 175 .mode = 0644,
248 .proc_handler = proc_ipc_dointvec, 176 .proc_handler = proc_ipc_dointvec,
249 .strategy = sysctl_ipc_data,
250 }, 177 },
251 { 178 {
252 .ctl_name = KERN_SEM,
253 .procname = "sem", 179 .procname = "sem",
254 .data = &init_ipc_ns.sem_ctls, 180 .data = &init_ipc_ns.sem_ctls,
255 .maxlen = 4*sizeof (int), 181 .maxlen = 4*sizeof (int),
256 .mode = 0644, 182 .mode = 0644,
257 .proc_handler = proc_ipc_dointvec, 183 .proc_handler = proc_ipc_dointvec,
258 .strategy = sysctl_ipc_data,
259 }, 184 },
260 { 185 {
261 .ctl_name = CTL_UNNUMBERED,
262 .procname = "auto_msgmni", 186 .procname = "auto_msgmni",
263 .data = &init_ipc_ns.auto_msgmni, 187 .data = &init_ipc_ns.auto_msgmni,
264 .maxlen = sizeof(int), 188 .maxlen = sizeof(int),
@@ -272,7 +196,6 @@ static struct ctl_table ipc_kern_table[] = {
272 196
273static struct ctl_table ipc_root_table[] = { 197static struct ctl_table ipc_root_table[] = {
274 { 198 {
275 .ctl_name = CTL_KERN,
276 .procname = "kernel", 199 .procname = "kernel",
277 .mode = 0555, 200 .mode = 0555,
278 .child = ipc_kern_table, 201 .child = ipc_kern_table,
diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
index 24ae46dfe45d..0c09366b96f3 100644
--- a/ipc/mq_sysctl.c
+++ b/ipc/mq_sysctl.c
@@ -31,24 +31,24 @@ static void *get_mq(ctl_table *table)
31 return which; 31 return which;
32} 32}
33 33
34static int proc_mq_dointvec(ctl_table *table, int write, struct file *filp, 34static int proc_mq_dointvec(ctl_table *table, int write,
35 void __user *buffer, size_t *lenp, loff_t *ppos) 35 void __user *buffer, size_t *lenp, loff_t *ppos)
36{ 36{
37 struct ctl_table mq_table; 37 struct ctl_table mq_table;
38 memcpy(&mq_table, table, sizeof(mq_table)); 38 memcpy(&mq_table, table, sizeof(mq_table));
39 mq_table.data = get_mq(table); 39 mq_table.data = get_mq(table);
40 40
41 return proc_dointvec(&mq_table, write, filp, buffer, lenp, ppos); 41 return proc_dointvec(&mq_table, write, buffer, lenp, ppos);
42} 42}
43 43
44static int proc_mq_dointvec_minmax(ctl_table *table, int write, 44static int proc_mq_dointvec_minmax(ctl_table *table, int write,
45 struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) 45 void __user *buffer, size_t *lenp, loff_t *ppos)
46{ 46{
47 struct ctl_table mq_table; 47 struct ctl_table mq_table;
48 memcpy(&mq_table, table, sizeof(mq_table)); 48 memcpy(&mq_table, table, sizeof(mq_table));
49 mq_table.data = get_mq(table); 49 mq_table.data = get_mq(table);
50 50
51 return proc_dointvec_minmax(&mq_table, write, filp, buffer, 51 return proc_dointvec_minmax(&mq_table, write, buffer,
52 lenp, ppos); 52 lenp, ppos);
53} 53}
54#else 54#else
@@ -88,7 +88,7 @@ static ctl_table mq_sysctls[] = {
88 .extra1 = &msg_maxsize_limit_min, 88 .extra1 = &msg_maxsize_limit_min,
89 .extra2 = &msg_maxsize_limit_max, 89 .extra2 = &msg_maxsize_limit_max,
90 }, 90 },
91 { .ctl_name = 0 } 91 {}
92}; 92};
93 93
94static ctl_table mq_sysctl_dir[] = { 94static ctl_table mq_sysctl_dir[] = {
@@ -97,17 +97,16 @@ static ctl_table mq_sysctl_dir[] = {
97 .mode = 0555, 97 .mode = 0555,
98 .child = mq_sysctls, 98 .child = mq_sysctls,
99 }, 99 },
100 { .ctl_name = 0 } 100 {}
101}; 101};
102 102
103static ctl_table mq_sysctl_root[] = { 103static ctl_table mq_sysctl_root[] = {
104 { 104 {
105 .ctl_name = CTL_FS,
106 .procname = "fs", 105 .procname = "fs",
107 .mode = 0555, 106 .mode = 0555,
108 .child = mq_sysctl_dir, 107 .child = mq_sysctl_dir,
109 }, 108 },
110 { .ctl_name = 0 } 109 {}
111}; 110};
112 111
113struct ctl_table_header *mq_register_sysctl_table(void) 112struct ctl_table_header *mq_register_sysctl_table(void)
diff --git a/ipc/msg.c b/ipc/msg.c
index 2ceab7f12fcb..af42ef8900a6 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -125,6 +125,7 @@ void msg_init_ns(struct ipc_namespace *ns)
125void msg_exit_ns(struct ipc_namespace *ns) 125void msg_exit_ns(struct ipc_namespace *ns)
126{ 126{
127 free_ipcs(ns, &msg_ids(ns), freeque); 127 free_ipcs(ns, &msg_ids(ns), freeque);
128 idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr);
128} 129}
129#endif 130#endif
130 131
@@ -412,7 +413,7 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
412 struct msqid_ds __user *buf, int version) 413 struct msqid_ds __user *buf, int version)
413{ 414{
414 struct kern_ipc_perm *ipcp; 415 struct kern_ipc_perm *ipcp;
415 struct msqid64_ds msqid64; 416 struct msqid64_ds uninitialized_var(msqid64);
416 struct msg_queue *msq; 417 struct msg_queue *msq;
417 int err; 418 int err;
418 419
diff --git a/ipc/sem.c b/ipc/sem.c
index 87c2b641fd7b..dbef95b15941 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -129,6 +129,7 @@ void sem_init_ns(struct ipc_namespace *ns)
129void sem_exit_ns(struct ipc_namespace *ns) 129void sem_exit_ns(struct ipc_namespace *ns)
130{ 130{
131 free_ipcs(ns, &sem_ids(ns), freeary); 131 free_ipcs(ns, &sem_ids(ns), freeary);
132 idr_destroy(&ns->ids[IPC_SEM_IDS].ipcs_idr);
132} 133}
133#endif 134#endif
134 135
@@ -240,6 +241,7 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)
240 key_t key = params->key; 241 key_t key = params->key;
241 int nsems = params->u.nsems; 242 int nsems = params->u.nsems;
242 int semflg = params->flg; 243 int semflg = params->flg;
244 int i;
243 245
244 if (!nsems) 246 if (!nsems)
245 return -EINVAL; 247 return -EINVAL;
@@ -272,6 +274,11 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)
272 ns->used_sems += nsems; 274 ns->used_sems += nsems;
273 275
274 sma->sem_base = (struct sem *) &sma[1]; 276 sma->sem_base = (struct sem *) &sma[1];
277
278 for (i = 0; i < nsems; i++)
279 INIT_LIST_HEAD(&sma->sem_base[i].sem_pending);
280
281 sma->complex_count = 0;
275 INIT_LIST_HEAD(&sma->sem_pending); 282 INIT_LIST_HEAD(&sma->sem_pending);
276 INIT_LIST_HEAD(&sma->list_id); 283 INIT_LIST_HEAD(&sma->list_id);
277 sma->sem_nsems = nsems; 284 sma->sem_nsems = nsems;
@@ -397,63 +404,109 @@ undo:
397 return result; 404 return result;
398} 405}
399 406
400/* Go through the pending queue for the indicated semaphore 407/*
401 * looking for tasks that can be completed. 408 * Wake up a process waiting on the sem queue with a given error.
409 * The queue is invalid (may not be accessed) after the function returns.
402 */ 410 */
403static void update_queue (struct sem_array * sma) 411static void wake_up_sem_queue(struct sem_queue *q, int error)
404{ 412{
405 int error; 413 /*
406 struct sem_queue * q; 414 * Hold preempt off so that we don't get preempted and have the
415 * wakee busy-wait until we're scheduled back on. We're holding
416 * locks here so it may not strictly be needed, however if the
417 * locks become preemptible then this prevents such a problem.
418 */
419 preempt_disable();
420 q->status = IN_WAKEUP;
421 wake_up_process(q->sleeper);
422 /* hands-off: q can disappear immediately after writing q->status. */
423 smp_wmb();
424 q->status = error;
425 preempt_enable();
426}
427
428static void unlink_queue(struct sem_array *sma, struct sem_queue *q)
429{
430 list_del(&q->list);
431 if (q->nsops == 1)
432 list_del(&q->simple_list);
433 else
434 sma->complex_count--;
435}
436
437
438/**
439 * update_queue(sma, semnum): Look for tasks that can be completed.
440 * @sma: semaphore array.
441 * @semnum: semaphore that was modified.
442 *
443 * update_queue must be called after a semaphore in a semaphore array
444 * was modified. If multiple semaphore were modified, then @semnum
445 * must be set to -1.
446 */
447static void update_queue(struct sem_array *sma, int semnum)
448{
449 struct sem_queue *q;
450 struct list_head *walk;
451 struct list_head *pending_list;
452 int offset;
453
454 /* if there are complex operations around, then knowing the semaphore
455 * that was modified doesn't help us. Assume that multiple semaphores
456 * were modified.
457 */
458 if (sma->complex_count)
459 semnum = -1;
460
461 if (semnum == -1) {
462 pending_list = &sma->sem_pending;
463 offset = offsetof(struct sem_queue, list);
464 } else {
465 pending_list = &sma->sem_base[semnum].sem_pending;
466 offset = offsetof(struct sem_queue, simple_list);
467 }
468
469again:
470 walk = pending_list->next;
471 while (walk != pending_list) {
472 int error, alter;
473
474 q = (struct sem_queue *)((char *)walk - offset);
475 walk = walk->next;
476
477 /* If we are scanning the single sop, per-semaphore list of
478 * one semaphore and that semaphore is 0, then it is not
479 * necessary to scan the "alter" entries: simple increments
480 * that affect only one entry succeed immediately and cannot
481 * be in the per semaphore pending queue, and decrements
482 * cannot be successful if the value is already 0.
483 */
484 if (semnum != -1 && sma->sem_base[semnum].semval == 0 &&
485 q->alter)
486 break;
407 487
408 q = list_entry(sma->sem_pending.next, struct sem_queue, list);
409 while (&q->list != &sma->sem_pending) {
410 error = try_atomic_semop(sma, q->sops, q->nsops, 488 error = try_atomic_semop(sma, q->sops, q->nsops,
411 q->undo, q->pid); 489 q->undo, q->pid);
412 490
413 /* Does q->sleeper still need to sleep? */ 491 /* Does q->sleeper still need to sleep? */
414 if (error <= 0) { 492 if (error > 0)
415 struct sem_queue *n; 493 continue;
416
417 /*
418 * Continue scanning. The next operation
419 * that must be checked depends on the type of the
420 * completed operation:
421 * - if the operation modified the array, then
422 * restart from the head of the queue and
423 * check for threads that might be waiting
424 * for semaphore values to become 0.
425 * - if the operation didn't modify the array,
426 * then just continue.
427 * The order of list_del() and reading ->next
428 * is crucial: In the former case, the list_del()
429 * must be done first [because we might be the
430 * first entry in ->sem_pending], in the latter
431 * case the list_del() must be done last
432 * [because the list is invalid after the list_del()]
433 */
434 if (q->alter) {
435 list_del(&q->list);
436 n = list_entry(sma->sem_pending.next,
437 struct sem_queue, list);
438 } else {
439 n = list_entry(q->list.next, struct sem_queue,
440 list);
441 list_del(&q->list);
442 }
443
444 /* wake up the waiting thread */
445 q->status = IN_WAKEUP;
446 494
447 wake_up_process(q->sleeper); 495 unlink_queue(sma, q);
448 /* hands-off: q will disappear immediately after 496
449 * writing q->status. 497 /*
450 */ 498 * The next operation that must be checked depends on the type
451 smp_wmb(); 499 * of the completed operation:
452 q->status = error; 500 * - if the operation modified the array, then restart from the
453 q = n; 501 * head of the queue and check for threads that might be
454 } else { 502 * waiting for the new semaphore values.
455 q = list_entry(q->list.next, struct sem_queue, list); 503 * - if the operation didn't modify the array, then just
456 } 504 * continue.
505 */
506 alter = q->alter;
507 wake_up_sem_queue(q, error);
508 if (alter && !error)
509 goto again;
457 } 510 }
458} 511}
459 512
@@ -533,12 +586,8 @@ static void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
533 586
534 /* Wake up all pending processes and let them fail with EIDRM. */ 587 /* Wake up all pending processes and let them fail with EIDRM. */
535 list_for_each_entry_safe(q, tq, &sma->sem_pending, list) { 588 list_for_each_entry_safe(q, tq, &sma->sem_pending, list) {
536 list_del(&q->list); 589 unlink_queue(sma, q);
537 590 wake_up_sem_queue(q, -EIDRM);
538 q->status = IN_WAKEUP;
539 wake_up_process(q->sleeper); /* doesn't sleep */
540 smp_wmb();
541 q->status = -EIDRM; /* hands-off q */
542 } 591 }
543 592
544 /* Remove the semaphore set from the IDR */ 593 /* Remove the semaphore set from the IDR */
@@ -575,7 +624,7 @@ static unsigned long copy_semid_to_user(void __user *buf, struct semid64_ds *in,
575static int semctl_nolock(struct ipc_namespace *ns, int semid, 624static int semctl_nolock(struct ipc_namespace *ns, int semid,
576 int cmd, int version, union semun arg) 625 int cmd, int version, union semun arg)
577{ 626{
578 int err = -EINVAL; 627 int err;
579 struct sem_array *sma; 628 struct sem_array *sma;
580 629
581 switch(cmd) { 630 switch(cmd) {
@@ -652,7 +701,6 @@ static int semctl_nolock(struct ipc_namespace *ns, int semid,
652 default: 701 default:
653 return -EINVAL; 702 return -EINVAL;
654 } 703 }
655 return err;
656out_unlock: 704out_unlock:
657 sem_unlock(sma); 705 sem_unlock(sma);
658 return err; 706 return err;
@@ -759,7 +807,7 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,
759 } 807 }
760 sma->sem_ctime = get_seconds(); 808 sma->sem_ctime = get_seconds();
761 /* maybe some queued-up processes were waiting for this */ 809 /* maybe some queued-up processes were waiting for this */
762 update_queue(sma); 810 update_queue(sma, -1);
763 err = 0; 811 err = 0;
764 goto out_unlock; 812 goto out_unlock;
765 } 813 }
@@ -801,7 +849,7 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,
801 curr->sempid = task_tgid_vnr(current); 849 curr->sempid = task_tgid_vnr(current);
802 sma->sem_ctime = get_seconds(); 850 sma->sem_ctime = get_seconds();
803 /* maybe some queued-up processes were waiting for this */ 851 /* maybe some queued-up processes were waiting for this */
804 update_queue(sma); 852 update_queue(sma, semnum);
805 err = 0; 853 err = 0;
806 goto out_unlock; 854 goto out_unlock;
807 } 855 }
@@ -961,17 +1009,31 @@ static inline int get_undo_list(struct sem_undo_list **undo_listp)
961 return 0; 1009 return 0;
962} 1010}
963 1011
964static struct sem_undo *lookup_undo(struct sem_undo_list *ulp, int semid) 1012static struct sem_undo *__lookup_undo(struct sem_undo_list *ulp, int semid)
965{ 1013{
966 struct sem_undo *walk; 1014 struct sem_undo *un;
967 1015
968 list_for_each_entry_rcu(walk, &ulp->list_proc, list_proc) { 1016 list_for_each_entry_rcu(un, &ulp->list_proc, list_proc) {
969 if (walk->semid == semid) 1017 if (un->semid == semid)
970 return walk; 1018 return un;
971 } 1019 }
972 return NULL; 1020 return NULL;
973} 1021}
974 1022
1023static struct sem_undo *lookup_undo(struct sem_undo_list *ulp, int semid)
1024{
1025 struct sem_undo *un;
1026
1027 assert_spin_locked(&ulp->lock);
1028
1029 un = __lookup_undo(ulp, semid);
1030 if (un) {
1031 list_del_rcu(&un->list_proc);
1032 list_add_rcu(&un->list_proc, &ulp->list_proc);
1033 }
1034 return un;
1035}
1036
975/** 1037/**
976 * find_alloc_undo - Lookup (and if not present create) undo array 1038 * find_alloc_undo - Lookup (and if not present create) undo array
977 * @ns: namespace 1039 * @ns: namespace
@@ -1163,7 +1225,8 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
1163 error = try_atomic_semop (sma, sops, nsops, un, task_tgid_vnr(current)); 1225 error = try_atomic_semop (sma, sops, nsops, un, task_tgid_vnr(current));
1164 if (error <= 0) { 1226 if (error <= 0) {
1165 if (alter && error == 0) 1227 if (alter && error == 0)
1166 update_queue (sma); 1228 update_queue(sma, (nsops == 1) ? sops[0].sem_num : -1);
1229
1167 goto out_unlock_free; 1230 goto out_unlock_free;
1168 } 1231 }
1169 1232
@@ -1181,6 +1244,19 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
1181 else 1244 else
1182 list_add(&queue.list, &sma->sem_pending); 1245 list_add(&queue.list, &sma->sem_pending);
1183 1246
1247 if (nsops == 1) {
1248 struct sem *curr;
1249 curr = &sma->sem_base[sops->sem_num];
1250
1251 if (alter)
1252 list_add_tail(&queue.simple_list, &curr->sem_pending);
1253 else
1254 list_add(&queue.simple_list, &curr->sem_pending);
1255 } else {
1256 INIT_LIST_HEAD(&queue.simple_list);
1257 sma->complex_count++;
1258 }
1259
1184 queue.status = -EINTR; 1260 queue.status = -EINTR;
1185 queue.sleeper = current; 1261 queue.sleeper = current;
1186 current->state = TASK_INTERRUPTIBLE; 1262 current->state = TASK_INTERRUPTIBLE;
@@ -1222,7 +1298,7 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
1222 */ 1298 */
1223 if (timeout && jiffies_left == 0) 1299 if (timeout && jiffies_left == 0)
1224 error = -EAGAIN; 1300 error = -EAGAIN;
1225 list_del(&queue.list); 1301 unlink_queue(sma, &queue);
1226 1302
1227out_unlock_free: 1303out_unlock_free:
1228 sem_unlock(sma); 1304 sem_unlock(sma);
@@ -1307,7 +1383,7 @@ void exit_sem(struct task_struct *tsk)
1307 if (IS_ERR(sma)) 1383 if (IS_ERR(sma))
1308 continue; 1384 continue;
1309 1385
1310 un = lookup_undo(ulp, semid); 1386 un = __lookup_undo(ulp, semid);
1311 if (un == NULL) { 1387 if (un == NULL) {
1312 /* exit_sem raced with IPC_RMID+semget() that created 1388 /* exit_sem raced with IPC_RMID+semget() that created
1313 * exactly the same semid. Nothing to do. 1389 * exactly the same semid. Nothing to do.
@@ -1351,7 +1427,7 @@ void exit_sem(struct task_struct *tsk)
1351 } 1427 }
1352 sma->sem_otime = get_seconds(); 1428 sma->sem_otime = get_seconds();
1353 /* maybe some queued-up processes were waiting for this */ 1429 /* maybe some queued-up processes were waiting for this */
1354 update_queue(sma); 1430 update_queue(sma, -1);
1355 sem_unlock(sma); 1431 sem_unlock(sma);
1356 1432
1357 call_rcu(&un->rcu, free_un); 1433 call_rcu(&un->rcu, free_un);
@@ -1365,7 +1441,7 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
1365 struct sem_array *sma = it; 1441 struct sem_array *sma = it;
1366 1442
1367 return seq_printf(s, 1443 return seq_printf(s,
1368 "%10d %10d %4o %10lu %5u %5u %5u %5u %10lu %10lu\n", 1444 "%10d %10d %4o %10u %5u %5u %5u %5u %10lu %10lu\n",
1369 sma->sem_perm.key, 1445 sma->sem_perm.key,
1370 sma->sem_perm.id, 1446 sma->sem_perm.id,
1371 sma->sem_perm.mode, 1447 sma->sem_perm.mode,
diff --git a/ipc/shm.c b/ipc/shm.c
index 9eb1488b543b..e9b039f74129 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -55,7 +55,7 @@ struct shm_file_data {
55#define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data)) 55#define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data))
56 56
57static const struct file_operations shm_file_operations; 57static const struct file_operations shm_file_operations;
58static struct vm_operations_struct shm_vm_ops; 58static const struct vm_operations_struct shm_vm_ops;
59 59
60#define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS]) 60#define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS])
61 61
@@ -101,6 +101,7 @@ static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
101void shm_exit_ns(struct ipc_namespace *ns) 101void shm_exit_ns(struct ipc_namespace *ns)
102{ 102{
103 free_ipcs(ns, &shm_ids(ns), do_shm_rmid); 103 free_ipcs(ns, &shm_ids(ns), do_shm_rmid);
104 idr_destroy(&ns->ids[IPC_SHM_IDS].ipcs_idr);
104} 105}
105#endif 106#endif
106 107
@@ -290,29 +291,29 @@ static unsigned long shm_get_unmapped_area(struct file *file,
290 unsigned long flags) 291 unsigned long flags)
291{ 292{
292 struct shm_file_data *sfd = shm_file_data(file); 293 struct shm_file_data *sfd = shm_file_data(file);
293 return get_unmapped_area(sfd->file, addr, len, pgoff, flags); 294 return sfd->file->f_op->get_unmapped_area(sfd->file, addr, len,
294} 295 pgoff, flags);
295
296int is_file_shm_hugepages(struct file *file)
297{
298 int ret = 0;
299
300 if (file->f_op == &shm_file_operations) {
301 struct shm_file_data *sfd;
302 sfd = shm_file_data(file);
303 ret = is_file_hugepages(sfd->file);
304 }
305 return ret;
306} 296}
307 297
308static const struct file_operations shm_file_operations = { 298static const struct file_operations shm_file_operations = {
309 .mmap = shm_mmap, 299 .mmap = shm_mmap,
310 .fsync = shm_fsync, 300 .fsync = shm_fsync,
311 .release = shm_release, 301 .release = shm_release,
302};
303
304static const struct file_operations shm_file_operations_huge = {
305 .mmap = shm_mmap,
306 .fsync = shm_fsync,
307 .release = shm_release,
312 .get_unmapped_area = shm_get_unmapped_area, 308 .get_unmapped_area = shm_get_unmapped_area,
313}; 309};
314 310
315static struct vm_operations_struct shm_vm_ops = { 311int is_file_shm_hugepages(struct file *file)
312{
313 return file->f_op == &shm_file_operations_huge;
314}
315
316static const struct vm_operations_struct shm_vm_ops = {
316 .open = shm_open, /* callback for a new vm-area open */ 317 .open = shm_open, /* callback for a new vm-area open */
317 .close = shm_close, /* callback for when the vm-area is released */ 318 .close = shm_close, /* callback for when the vm-area is released */
318 .fault = shm_fault, 319 .fault = shm_fault,
@@ -889,7 +890,10 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
889 if (!sfd) 890 if (!sfd)
890 goto out_put_dentry; 891 goto out_put_dentry;
891 892
892 file = alloc_file(path.mnt, path.dentry, f_mode, &shm_file_operations); 893 file = alloc_file(path.mnt, path.dentry, f_mode,
894 is_file_hugepages(shp->shm_file) ?
895 &shm_file_operations_huge :
896 &shm_file_operations);
893 if (!file) 897 if (!file)
894 goto out_free; 898 goto out_free;
895 ima_counts_get(file); 899 ima_counts_get(file);
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-02 07:49:02 -0400