1 files changed, 12 insertions, 0 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f5d332cf8c63..adc785146a1c 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -139,6 +139,18 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
                goto out;
        }
+        /*
+         * CLONE_NEWIPC must detach from the undolist: after switching
+         * to a new ipc namespace, the semaphore arrays from the old
+         * namespace are unreachable.  In clone parlance, CLONE_SYSVSEM
+         * means share undolist with parent, so we must forbid using
+         * it along with CLONE_NEWIPC.
+         */
+        if ((flags & CLONE_NEWIPC) && (flags & CLONE_SYSVSEM)) {
+                err = -EINVAL;
+                goto out;
+        }
        new_ns = create_new_namespaces(flags, tsk, tsk->fs);
        if (IS_ERR(new_ns)) {
                err = PTR_ERR(new_ns);

diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index f5d332cf8c63..adc785146a1c 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c
@@ -139,6 +139,18 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
139	goto out;	139	goto out;
140	}	140	}
141		141
		142	/*
		143	* CLONE_NEWIPC must detach from the undolist: after switching
		144	* to a new ipc namespace, the semaphore arrays from the old
		145	* namespace are unreachable. In clone parlance, CLONE_SYSVSEM
		146	* means share undolist with parent, so we must forbid using
		147	* it along with CLONE_NEWIPC.
		148	*/
		149	if ((flags & CLONE_NEWIPC) && (flags & CLONE_SYSVSEM)) {
		150	err = -EINVAL;
		151	goto out;
		152	}
		153
142	new_ns = create_new_namespaces(flags, tsk, tsk->fs);	154	new_ns = create_new_namespaces(flags, tsk, tsk->fs);
143	if (IS_ERR(new_ns)) {	155	if (IS_ERR(new_ns)) {
144	err = PTR_ERR(new_ns);	156	err = PTR_ERR(new_ns);