linux/ipc, branch v3.0.87 Linux kernel source tree https://git.amat.us/linux/atom/ipc?h=v3.0.87 2013-05-08T02:57:27Z ipc: sysv shared memory limited to 8TiB 2013-05-08T02:57:27Z Robin Holt holt@sgi.com 2013-05-01T02:15:54Z urn:sha1:9b2bdb66b65fcbdd4f3a3d08c28e4c46b4a59364 commit d69f3bad4675ac519d41ca2b11e1c00ca115cecd upstream. Trying to run an application which was trying to put data into half of memory using shmget(), we found that having a shmall value below 8EiB-8TiB would prevent us from using anything more than 8TiB. By setting kernel.shmall greater than 8EiB-8TiB would make the job work. In the newseg() function, ns->shm_tot which, at 8TiB is INT_MAX. ipc/shm.c: 458 static int newseg(struct ipc_namespace *ns, struct ipc_params *params) 459 { ... 465 int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; ... 474 if (ns->shm_tot + numpages > ns->shm_ctlall) 475 return -ENOSPC; [akpm@linux-foundation.org: make ipc/shm.c:newseg()'s numpages size_t, not int] Signed-off-by: Robin Holt <holt@sgi.com> Reported-by: Alex Thorlton <athorlton@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipc/mqueue.c: fix mq_open() return value 2011-10-03T18:40:43Z Jiri Slaby jslaby@suse.cz 2011-07-26T23:08:47Z urn:sha1:0d39ea76fa3b9a97e9dc45282613bc239ffa8509 commit d40dcdb0172a1ba853464983a059fb45e0aaf61a upstream. We return ENOMEM from mqueue_get_inode even when we have enough memory. Namely in case the system rlimit of mqueue was reached. This error propagates to mq_queue and user sees the error unexpectedly. So fix this up to properly return EMFILE as described in the manpage: EMFILE The process already has the maximum number of files and message queues open. instead of: ENOMEM Insufficient memory. With the previous patch we just switch to ERR_PTR/PTR_ERR/IS_ERR error handling here. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> ipc/mqueue.c: refactor failure handling 2011-10-03T18:40:43Z Jiri Slaby jslaby@suse.cz 2011-07-26T23:08:46Z urn:sha1:7688ef38157babe5bb0e24b3779e769f730b85fc commit 04715206c0c2fd4ec5ca77fa51e3a5b41ce71492 upstream. If new_inode fails to allocate an inode we need only to return with NULL. But now we test the opposite and have all the work in a nested block. So do the opposite to save one indentation level (and remove unnecessary line breaks). This is only a preparation/cleanup for the next patch where we fix up return values from mqueue_get_inode. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID 2011-08-05T04:58:41Z Manfred Spraul manfred@colorfullife.com 2011-07-26T00:11:47Z urn:sha1:e73ff29041b5f8991ef81669a1a9f0553d14766a commit d694ad62bf539dbb20a0899ac2a954555f9e4a83 upstream. If a semaphore array is removed and in parallel a sleeping task is woken up (signal or timeout, does not matter), then the woken up task does not wait until wake_up_sem_queue_do() is completed. This will cause crashes, because wake_up_sem_queue_do() will read from a stale pointer. The fix is simple: Regardless of anything, always call get_queue_result(). This function waits until wake_up_sem_queue_do() has finished it's task. Addresses https://bugzilla.kernel.org/show_bug.cgi?id=27142 Reported-by: Yuriy Yevtukhov <yuriy@ucoz.com> Reported-by: Harald Laabs <kernel@dasr.de> Signed-off-by: Manfred Spraul <manfred@colorfullife.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> mm: don't access vm_flags as 'int' 2011-05-26T16:20:31Z KOSAKI Motohiro kosaki.motohiro@jp.fujitsu.com 2011-05-26T10:16:19Z urn:sha1:ca16d140af91febe25daeb9e032bf8bd46b8c31f The type of vma->vm_flags is 'unsigned long'. Neither 'int' nor 'unsigned int'. This patch fixes such misuse. Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> [ Changed to use a typedef - we'll extend it to cover more cases later, since there has been discussion about making it a 64-bit type.. - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ns proc: Add support for the ipc namespace 2011-05-10T21:35:47Z Eric W. Biederman ebiederm@xmission.com 2010-03-08T02:48:39Z urn:sha1:a00eaf11a223c63fbb212369d6db69ce4c55a2d1 Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Fix common misspellings 2011-03-31T14:26:23Z Lucas De Marchi lucas.demarchi@profusion.mobi 2011-03-31T01:57:33Z urn:sha1:25985edcedea6396277003854657b5f3cb31a628 Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> ipc: fix util.c kernel-doc warnings 2011-03-28T02:30:19Z Randy Dunlap randy.dunlap@oracle.com 2011-03-26T20:27:41Z urn:sha1:6213cfe82461e39219a3b06ecf1d0679b4c0657f Fix ipc/util.c kernel-doc warnings: Warning(ipc/util.c:336): No description found for parameter 'ns' Warning(ipc/util.c:620): No description found for parameter 'ns' Warning(ipc/util.c:790): No description found for parameter 'ns' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Reviewed-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ipcns: fix use after free in free_ipc_ns() 2011-03-26T00:45:16Z Xiaotian Feng dfeng@redhat.com 2011-03-25T08:57:01Z urn:sha1:be4d250ab41e13f8f945be6896695e870b38ba31 commit b515498 ("userns: add a user namespace owner of ipc ns") added a user namespace owner of ipc ns, but it also introduced a use after free in free_ipc_ns(). Signed-off-by: Xiaotian Feng <dfeng@redhat.com> Acked-by: "Serge E. Hallyn" <serge.hallyn@canonical.com> Acked-by: David Howells <dhowells@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> userns: user namespaces: convert several capable() calls 2011-03-24T02:47:08Z Serge E. Hallyn serge@hallyn.com 2011-03-23T23:43:24Z urn:sha1:b0e77598f87107001a00b8a4ece9c95e4254ccc4 CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(), because the resource comes from current's own ipc namespace. setuid/setgid are to uids in own namespace, so again checks can be against current_user_ns(). Changelog: Jan 11: Use task_ns_capable() in place of sched_capable(). Jan 11: Use nsown_capable() as suggested by Bastian Blank. Jan 11: Clarify (hopefully) some logic in futex and sched.c Feb 15: use ns_capable for ipc, not nsown_capable Feb 23: let copy_ipcs handle setting ipc_ns->user_ns Feb 23: pass ns down rather than taking it from current [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>