From 31a985fbb18c1600955124a1efd2343efa867549 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Wed, 17 Jun 2009 16:27:46 -0700 Subject: ipc: use __ARCH_WANT_IPC_PARSE_VERSION in ipc/util.h The definition of ipc_parse_version depends on __ARCH_WANT_IPC_PARSE_VERSION, but the header file declares it conditionally based on the architecture. Use the macro consistently to make it easier to add new architectures. Signed-off-by: Arnd Bergmann Acked-by: Serge Hallyn Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ipc') diff --git a/ipc/util.h b/ipc/util.h index 1187332a89d..f9fe90e4886 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -128,7 +128,7 @@ void ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out); struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd, struct ipc64_perm *perm, int extra_perm); -#if defined(__ia64__) || defined(__x86_64__) || defined(__hppa__) || defined(__XTENSA__) +#ifndef __ARCH_WANT_IPC_PARSE_VERSION /* On IA-64, we always use the "64-bit version" of the IPC structures. */ # define ipc_parse_version(cmd) IPC_64 #else -- cgit v1.2.3-18-g5258 From 64424289dd2e37b4800df1f7f2ef4fe550f58729 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Wed, 17 Jun 2009 16:27:54 -0700 Subject: ipcns: remove useless get/put while CLONE_NEWIPC copy_ipcs() doesn't actually copy anything. If new ipcns is created, it's created from scratch, in this case get/put on old ipcns isn't needed. Signed-off-by: Alexey Dobriyan Acked-by: Serge Hallyn Reviewed-by: WANG Cong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/namespace.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'ipc') diff --git a/ipc/namespace.c b/ipc/namespace.c index 4a5e752a927..a56fc598a80 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -50,15 +50,11 @@ struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns) { struct ipc_namespace *new_ns; - BUG_ON(!ns); - get_ipc_ns(ns); - if (!(flags & CLONE_NEWIPC)) - return ns; + return get_ipc_ns(ns); new_ns = clone_ipc_ns(ns); - put_ipc_ns(ns); return new_ns; } -- cgit v1.2.3-18-g5258 From 612ce478fac2729ad564ec3f5d3c551674b8e9c2 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Wed, 17 Jun 2009 16:27:55 -0700 Subject: ipcns: extract create_ipc_ns() clone_ipc_ns() is misnamed, it doesn't clone anything and doesn't use passed parameter. Rename it. create_ipc_ns() will be used by C/R to create fresh ipcns. Signed-off-by: Alexey Dobriyan Acked-by: Serge Hallyn Reviewed-by: WANG Cong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/namespace.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'ipc') diff --git a/ipc/namespace.c b/ipc/namespace.c index a56fc598a80..231ee5359ab 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -14,7 +14,7 @@ #include "util.h" -static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) +static struct ipc_namespace *create_ipc_ns(void) { struct ipc_namespace *ns; int err; @@ -48,14 +48,9 @@ static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns) { - struct ipc_namespace *new_ns; - if (!(flags & CLONE_NEWIPC)) return get_ipc_ns(ns); - - new_ns = clone_ipc_ns(ns); - - return new_ns; + return create_ipc_ns(); } /* -- cgit v1.2.3-18-g5258 From b4188def441197d38f20e0935372780ed7c0e19d Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Wed, 17 Jun 2009 16:27:56 -0700 Subject: ipcns: make free_ipc_ns() static Signed-off-by: Alexey Dobriyan Reviewed-by: WANG Cong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/namespace.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'ipc') diff --git a/ipc/namespace.c b/ipc/namespace.c index 231ee5359ab..a1094ff0bef 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -83,6 +83,30 @@ void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, up_write(&ids->rw_mutex); } +static void free_ipc_ns(struct ipc_namespace *ns) +{ + /* + * Unregistering the hotplug notifier at the beginning guarantees + * that the ipc namespace won't be freed while we are inside the + * callback routine. Since the blocking_notifier_chain_XXX routines + * hold a rw lock on the notifier list, unregister_ipcns_notifier() + * won't take the rw lock before blocking_notifier_call_chain() has + * released the rd lock. + */ + unregister_ipcns_notifier(ns); + sem_exit_ns(ns); + msg_exit_ns(ns); + shm_exit_ns(ns); + kfree(ns); + atomic_dec(&nr_ipc_ns); + + /* + * Do the ipcns removal notification after decrementing nr_ipc_ns in + * order to have a correct value when recomputing msgmni. + */ + ipcns_notify(IPCNS_REMOVED); +} + /* * put_ipc_ns - drop a reference to an ipc namespace. * @ns: the namespace to put @@ -108,27 +132,3 @@ void put_ipc_ns(struct ipc_namespace *ns) free_ipc_ns(ns); } } - -void free_ipc_ns(struct ipc_namespace *ns) -{ - /* - * Unregistering the hotplug notifier at the beginning guarantees - * that the ipc namespace won't be freed while we are inside the - * callback routine. Since the blocking_notifier_chain_XXX routines - * hold a rw lock on the notifier list, unregister_ipcns_notifier() - * won't take the rw lock before blocking_notifier_call_chain() has - * released the rd lock. - */ - unregister_ipcns_notifier(ns); - sem_exit_ns(ns); - msg_exit_ns(ns); - shm_exit_ns(ns); - kfree(ns); - atomic_dec(&nr_ipc_ns); - - /* - * Do the ipcns removal notification after decrementing nr_ipc_ns in - * order to have a correct value when recomputing msgmni. - */ - ipcns_notify(IPCNS_REMOVED); -} -- cgit v1.2.3-18-g5258 From 665c7741fb63c7ceeb515f1d1ed8b016efe65bf3 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Wed, 17 Jun 2009 16:27:57 -0700 Subject: ipcns: move free_ipcs() proto Function is really private to ipc/ and avoid struct kern_ipc_perm forward declaration. Signed-off-by: Alexey Dobriyan Reviewed-by: WANG Cong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- ipc/util.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ipc') diff --git a/ipc/util.h b/ipc/util.h index f9fe90e4886..ab3ebf2621b 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -171,5 +171,6 @@ static inline void ipc_unlock(struct kern_ipc_perm *perm) struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id); int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids, struct ipc_ops *ops, struct ipc_params *params); - +void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, + void (*free)(struct ipc_namespace *, struct kern_ipc_perm *)); #endif -- cgit v1.2.3-18-g5258 From 232086b19964d0e13359d30d74b11ca31b0751cb Mon Sep 17 00:00:00 2001 From: Johannes Weiner Date: Sat, 20 Jun 2009 02:23:29 +0200 Subject: ipc: unbreak 32-bit shmctl/semctl/msgctl 31a985f "ipc: use __ARCH_WANT_IPC_PARSE_VERSION in ipc/util.h" would choose the implementation of ipc_parse_version() based on a symbol defined in . But it failed to also include this header and thus broke IPC_64-passing 32-bit userspace because the flag wasn't masked out properly anymore and the command not understood. Include to give the architecture a chance to ask for the no-no-op ipc_parse_version(). Signed-off-by: Johannes Weiner Acked-by: Arnd Bergmann Signed-off-by: Linus Torvalds --- ipc/util.h | 1 + 1 file changed, 1 insertion(+) (limited to 'ipc') diff --git a/ipc/util.h b/ipc/util.h index ab3ebf2621b..764b51a37a6 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -10,6 +10,7 @@ #ifndef _IPC_UTIL_H #define _IPC_UTIL_H +#include #include #define SEQ_MULTIPLIER (IPCMNI) -- cgit v1.2.3-18-g5258 From 46690f3718d95e9bb712b6f2b5c869f8494521de Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 26 Jun 2009 11:24:05 -0400 Subject: integrity: ima mq_open imbalance msg fix This patch fixes an imbalance message as reported by Sanchin Sant. As we don't need to measure the message queue, just increment the counters. Reported-by: Sanchin Sant Signed-off-by: Mimi Zohar Acked-by: Serge Hallyn Signed-off-by: James Morris --- ipc/mqueue.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ipc') diff --git a/ipc/mqueue.c b/ipc/mqueue.c index e35ba2c3a8d..c5e68adc673 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include "util.h" @@ -733,6 +734,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, mode_t, mode, error = PTR_ERR(filp); goto out_putfd; } + ima_counts_get(filp); fd_install(fd, filp); goto out_upsem; -- cgit v1.2.3-18-g5258 From 353d5c30c666580347515da609dd74a2b8e9b828 Mon Sep 17 00:00:00 2001 From: Hugh Dickins Date: Mon, 24 Aug 2009 16:30:28 +0100 Subject: mm: fix hugetlb bug due to user_shm_unlock call 2.6.30's commit 8a0bdec194c21c8fdef840989d0d7b742bb5d4bc removed user_shm_lock() calls in hugetlb_file_setup() but left the user_shm_unlock call in shm_destroy(). In detail: Assume that can_do_hugetlb_shm() returns true and hence user_shm_lock() is not called in hugetlb_file_setup(). However, user_shm_unlock() is called in any case in shm_destroy() and in the following atomic_dec_and_lock(&up->__count) in free_uid() is executed and if up->__count gets zero, also cleanup_user_struct() is scheduled. Note that sched_destroy_user() is empty if CONFIG_USER_SCHED is not set. However, the ref counter up->__count gets unexpectedly non-positive and the corresponding structs are freed even though there are live references to them, resulting in a kernel oops after a lots of shmget(SHM_HUGETLB)/shmctl(IPC_RMID) cycles and CONFIG_USER_SCHED set. Hugh changed Stefan's suggested patch: can_do_hugetlb_shm() at the time of shm_destroy() may give a different answer from at the time of hugetlb_file_setup(). And fixed newseg()'s no_id error path, which has missed user_shm_unlock() ever since it came in 2.6.9. Reported-by: Stefan Huber Signed-off-by: Hugh Dickins Tested-by: Stefan Huber Cc: stable@kernel.org Signed-off-by: Linus Torvalds --- ipc/shm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'ipc') diff --git a/ipc/shm.c b/ipc/shm.c index 15dd238e533..1bc4701ef4f 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -174,7 +174,7 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) shm_unlock(shp); if (!is_file_hugepages(shp->shm_file)) shmem_lock(shp->shm_file, 0, shp->mlock_user); - else + else if (shp->mlock_user) user_shm_unlock(shp->shm_file->f_path.dentry->d_inode->i_size, shp->mlock_user); fput (shp->shm_file); @@ -369,8 +369,8 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) /* hugetlb_file_setup applies strict accounting */ if (shmflg & SHM_NORESERVE) acctflag = VM_NORESERVE; - file = hugetlb_file_setup(name, size, acctflag); - shp->mlock_user = current_user(); + file = hugetlb_file_setup(name, size, acctflag, + &shp->mlock_user); } else { /* * Do not allow no accounting for OVERCOMMIT_NEVER, even @@ -410,6 +410,8 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) return error; no_id: + if (shp->mlock_user) /* shmflg & SHM_HUGETLB case */ + user_shm_unlock(size, shp->mlock_user); fput(file); no_file: security_shm_free(shp); -- cgit v1.2.3-18-g5258