diff options
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/mqueue.c | 2 | ||||
| -rw-r--r-- | ipc/namespace.c | 63 | ||||
| -rw-r--r-- | ipc/shm.c | 3 | ||||
| -rw-r--r-- | ipc/util.h | 6 |
4 files changed, 34 insertions, 40 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index e35ba2c3a8d..c5e68adc673 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -32,6 +32,7 @@ #include <linux/nsproxy.h> #include <linux/pid.h> #include <linux/ipc_namespace.h> +#include <linux/ima.h> #include <net/sock.h> #include "util.h" @@ -733,6 +734,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, mode_t, mode, error = PTR_ERR(filp); goto out_putfd; } + ima_counts_get(filp); fd_install(fd, filp); goto out_upsem; diff --git a/ipc/namespace.c b/ipc/namespace.c index 4a5e752a927..a1094ff0bef 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -14,7 +14,7 @@ #include "util.h" -static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) +static struct ipc_namespace *create_ipc_ns(void) { struct ipc_namespace *ns; int err; @@ -48,18 +48,9 @@ static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns) { - struct ipc_namespace *new_ns; - - BUG_ON(!ns); - get_ipc_ns(ns); - if (!(flags & CLONE_NEWIPC)) - return ns; - - new_ns = clone_ipc_ns(ns); - - put_ipc_ns(ns); - return new_ns; + return get_ipc_ns(ns); + return create_ipc_ns(); } /* @@ -92,6 +83,30 @@ void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, up_write(&ids->rw_mutex); } +static void free_ipc_ns(struct ipc_namespace *ns) +{ + /* + * Unregistering the hotplug notifier at the beginning guarantees + * that the ipc namespace won't be freed while we are inside the + * callback routine. Since the blocking_notifier_chain_XXX routines + * hold a rw lock on the notifier list, unregister_ipcns_notifier() + * won't take the rw lock before blocking_notifier_call_chain() has + * released the rd lock. + */ + unregister_ipcns_notifier(ns); + sem_exit_ns(ns); + msg_exit_ns(ns); + shm_exit_ns(ns); + kfree(ns); + atomic_dec(&nr_ipc_ns); + + /* + * Do the ipcns removal notification after decrementing nr_ipc_ns in + * order to have a correct value when recomputing msgmni. + */ + ipcns_notify(IPCNS_REMOVED); +} + /* * put_ipc_ns - drop a reference to an ipc namespace. * @ns: the namespace to put @@ -117,27 +132,3 @@ void put_ipc_ns(struct ipc_namespace *ns) free_ipc_ns(ns); } } - -void free_ipc_ns(struct ipc_namespace *ns) -{ - /* - * Unregistering the hotplug notifier at the beginning guarantees - * that the ipc namespace won't be freed while we are inside the - * callback routine. Since the blocking_notifier_chain_XXX routines - * hold a rw lock on the notifier list, unregister_ipcns_notifier() - * won't take the rw lock before blocking_notifier_call_chain() has - * released the rd lock. - */ - unregister_ipcns_notifier(ns); - sem_exit_ns(ns); - msg_exit_ns(ns); - shm_exit_ns(ns); - kfree(ns); - atomic_dec(&nr_ipc_ns); - - /* - * Do the ipcns removal notification after decrementing nr_ipc_ns in - * order to have a correct value when recomputing msgmni. - */ - ipcns_notify(IPCNS_REMOVED); -} diff --git a/ipc/shm.c b/ipc/shm.c index 42597160048..15dd238e533 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -384,7 +384,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) error = PTR_ERR(file); if (IS_ERR(file)) goto no_file; - ima_shm_check(file); id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); if (id < 0) { @@ -891,7 +890,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) file = alloc_file(path.mnt, path.dentry, f_mode, &shm_file_operations); if (!file) goto out_free; - ima_shm_check(file); + ima_counts_get(file); file->private_data = sfd; file->f_mapping = shp->shm_file->f_mapping; diff --git a/ipc/util.h b/ipc/util.h index 1187332a89d..764b51a37a6 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -10,6 +10,7 @@ #ifndef _IPC_UTIL_H #define _IPC_UTIL_H +#include <linux/unistd.h> #include <linux/err.h> #define SEQ_MULTIPLIER (IPCMNI) @@ -128,7 +129,7 @@ void ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out); struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd, struct ipc64_perm *perm, int extra_perm); -#if defined(__ia64__) || defined(__x86_64__) || defined(__hppa__) || defined(__XTENSA__) +#ifndef __ARCH_WANT_IPC_PARSE_VERSION /* On IA-64, we always use the "64-bit version" of the IPC structures. */ # define ipc_parse_version(cmd) IPC_64 #else @@ -171,5 +172,6 @@ static inline void ipc_unlock(struct kern_ipc_perm *perm) struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id); int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids, struct ipc_ops *ops, struct ipc_params *params); - +void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, + void (*free)(struct ipc_namespace *, struct kern_ipc_perm *)); #endif |