ipc,shm: shorten critical region for shmat

commit c2c737a0461e61a34676bd0bd1bc1a70a1b4e396 upstream. Similar to other system calls, acquire the kern_ipc_perm lock after doing the initial permission and security checks. [sasha.levin@oracle.com: dont leave do_shmat with rcu lock held] Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ipc,shm: shorten critical region for shmat
commit c2c737a0461e61a34676bd0bd1bc1a70a1b4e396 upstream. Similar to other system calls, acquire the kern_ipc_perm lock after doing the initial permission and security checks. [sasha.levin@oracle.com: dont leave do_shmat with rcu lock held] Signed-off-by: Davidlohr Bueso <davidlohr.bueso@hp.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Davidlohr Bueso · Greg Kroah-Hartman
1 parent dbb563ec7b
Showing 1 changed file with 10 additions and 4 deletions Side-by-side Diff
ipc/shm.c
@@ -19,6 +19,9 @@
  * namespaces support
  * OpenVZ, SWsoft Inc.
  * Pavel Emelianov <xemul@openvz.org>
+ *
+ * Better ipc lock (kern_ipc_perm.lock) handling
+ * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
  */
  
 #include <linux/slab.h>
  
@@ -1093,10 +1096,11 @@
 	 * additional creator id...
 	 */
 	ns = current->nsproxy->ipc_ns;
-	shp = shm_lock_check(ns, shmid);
+	rcu_read_lock();
+	shp = shm_obtain_object_check(ns, shmid);
 	if (IS_ERR(shp)) {
 		err = PTR_ERR(shp);
-		goto out;
+		goto out_unlock;
 	}
  
 	err = -EACCES;
  
@@ -1107,11 +1111,13 @@
 	if (err)
 		goto out_unlock;
  
+	ipc_lock_object(&shp->shm_perm);
 	path = shp->shm_file->f_path;
 	path_get(&path);
 	shp->shm_nattch++;
 	size = i_size_read(path.dentry->d_inode);
-	shm_unlock(shp);
+	ipc_unlock_object(&shp->shm_perm);
+	rcu_read_unlock();
  
 	err = -ENOMEM;
 	sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
@@ -1182,7 +1188,7 @@
 	return err;
  
 out_unlock:
-	shm_unlock(shp);
+	rcu_read_unlock();
 out:
 	return err;
 }
...	...	@@ -19,6 +19,9 @@
19	19	* namespaces support
20	20	* OpenVZ, SWsoft Inc.
21	21	* Pavel Emelianov <xemul@openvz.org>
	22	+ *
	23	+ * Better ipc lock (kern_ipc_perm.lock) handling
	24	+ * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
22	25	*/
23	26
24	27	#include <linux/slab.h>
25	28
...	...	@@ -1093,10 +1096,11 @@
1093	1096	* additional creator id...
1094	1097	*/
1095	1098	ns = current->nsproxy->ipc_ns;
1096		- shp = shm_lock_check(ns, shmid);
	1099	+ rcu_read_lock();
	1100	+ shp = shm_obtain_object_check(ns, shmid);
1097	1101	if (IS_ERR(shp)) {
1098	1102	err = PTR_ERR(shp);
1099		- goto out;
	1103	+ goto out_unlock;
1100	1104	}
1101	1105
1102	1106	err = -EACCES;
1103	1107
...	...	@@ -1107,11 +1111,13 @@
1107	1111	if (err)
1108	1112	goto out_unlock;
1109	1113
	1114	+ ipc_lock_object(&shp->shm_perm);
1110	1115	path = shp->shm_file->f_path;
1111	1116	path_get(&path);
1112	1117	shp->shm_nattch++;
1113	1118	size = i_size_read(path.dentry->d_inode);
1114		- shm_unlock(shp);
	1119	+ ipc_unlock_object(&shp->shm_perm);
	1120	+ rcu_read_unlock();
1115	1121
1116	1122	err = -ENOMEM;
1117	1123	sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
...	...	@@ -1182,7 +1188,7 @@
1182	1188	return err;
1183	1189
1184	1190	out_unlock:
1185		- shm_unlock(shp);
	1191	+ rcu_read_unlock();
1186	1192	out:
1187	1193	return err;
1188	1194	}