ipc,shm: shorten critical region for shmat

Similar to other system calls, acquire the kern_ipc_perm lock after doing the initial permission and security checks. [sasha.levin@oracle.com: dont leave do_shmat with rcu lock held] Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

ipc,shm: shorten critical region for shmat
Similar to other system calls, acquire the kern_ipc_perm lock after doing the initial permission and security checks. [sasha.levin@oracle.com: dont leave do_shmat with rcu lock held] Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Davidlohr Bueso · Linus Torvalds
1 parent f42569b138
Showing 1 changed file with 10 additions and 4 deletions Side-by-side Diff
ipc/shm.c
@@ -19,6 +19,9 @@
  * namespaces support
  * OpenVZ, SWsoft Inc.
  * Pavel Emelianov <xemul@openvz.org>
+ *
+ * Better ipc lock (kern_ipc_perm.lock) handling
+ * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
  */
  
 #include <linux/slab.h>
  
@@ -1086,10 +1089,11 @@
 	 * additional creator id...
 	 */
 	ns = current->nsproxy->ipc_ns;
-	shp = shm_lock_check(ns, shmid);
+	rcu_read_lock();
+	shp = shm_obtain_object_check(ns, shmid);
 	if (IS_ERR(shp)) {
 		err = PTR_ERR(shp);
-		goto out;
+		goto out_unlock;
 	}
  
 	err = -EACCES;
  
@@ -1100,11 +1104,13 @@
 	if (err)
 		goto out_unlock;
  
+	ipc_lock_object(&shp->shm_perm);
 	path = shp->shm_file->f_path;
 	path_get(&path);
 	shp->shm_nattch++;
 	size = i_size_read(path.dentry->d_inode);
-	shm_unlock(shp);
+	ipc_unlock_object(&shp->shm_perm);
+	rcu_read_unlock();
  
 	err = -ENOMEM;
 	sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
@@ -1175,7 +1181,7 @@
 	return err;
  
 out_unlock:
-	shm_unlock(shp);
+	rcu_read_unlock();
 out:
 	return err;
 }
...	...	@@ -19,6 +19,9 @@
19	19	* namespaces support
20	20	* OpenVZ, SWsoft Inc.
21	21	* Pavel Emelianov <xemul@openvz.org>
	22	+ *
	23	+ * Better ipc lock (kern_ipc_perm.lock) handling
	24	+ * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
22	25	*/
23	26
24	27	#include <linux/slab.h>
25	28
...	...	@@ -1086,10 +1089,11 @@
1086	1089	* additional creator id...
1087	1090	*/
1088	1091	ns = current->nsproxy->ipc_ns;
1089		- shp = shm_lock_check(ns, shmid);
	1092	+ rcu_read_lock();
	1093	+ shp = shm_obtain_object_check(ns, shmid);
1090	1094	if (IS_ERR(shp)) {
1091	1095	err = PTR_ERR(shp);
1092		- goto out;
	1096	+ goto out_unlock;
1093	1097	}
1094	1098
1095	1099	err = -EACCES;
1096	1100
...	...	@@ -1100,11 +1104,13 @@
1100	1104	if (err)
1101	1105	goto out_unlock;
1102	1106
	1107	+ ipc_lock_object(&shp->shm_perm);
1103	1108	path = shp->shm_file->f_path;
1104	1109	path_get(&path);
1105	1110	shp->shm_nattch++;
1106	1111	size = i_size_read(path.dentry->d_inode);
1107		- shm_unlock(shp);
	1112	+ ipc_unlock_object(&shp->shm_perm);
	1113	+ rcu_read_unlock();
1108	1114
1109	1115	err = -ENOMEM;
1110	1116	sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
...	...	@@ -1175,7 +1181,7 @@
1175	1181	return err;
1176	1182
1177	1183	out_unlock:
1178		- shm_unlock(shp);
	1184	+ rcu_read_unlock();
1179	1185	out:
1180	1186	return err;
1181	1187	}