user/sven/linux.git/ipc, branch v3.8.10 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.8.10 2013-04-17T04:48:28Z ipc: set msg back to -EAGAIN if copy wasn't performed 2013-04-17T04:48:28Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-04-01T07:40:51Z urn:sha1:fccf4d03235294c978b2390a9ce575b33b0fbe5a commit 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d upstream. Make sure that msg pointer is set back to error value in case of MSG_COPY flag is set and desired message to copy wasn't found. This garantees that msg is either a error pointer or a copy address. Otherwise the last message in queue will be freed without unlinking from the queue (which leads to memory corruption) and the dummy allocated copy won't be released. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipc: Restrict mounting the mqueue filesystem 2013-04-05T16:26:02Z Eric W. Biederman ebiederm@xmission.com 2013-03-22T01:13:15Z urn:sha1:63795cc597539dff38550070dfd945dc08862eef commit a636b702ed1805e988ad3d8ff8b52c060f8b341c upstream. Only allow mounting the mqueue filesystem if the caller has CAP_SYS_ADMIN rights over the ipc namespace. The principle here is if you create or have capabilities over it you can mount it, otherwise you get to live with what other people have mounted. This information is not particularly sensitive and mqueue essentially only reports which posix messages queues exist. Still when creating a restricted environment for an application to live any extra information may be of use to someone with sufficient creativity. The historical if imperfect way this information has been restricted has been not to allow mounts and restricting this to ipc namespace creators maintains the spirit of the historical restriction. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> mqueue: sys_mq_open: do not call mnt_drop_write() if read-only 2013-03-28T19:17:48Z Vladimir Davydov vdavydov@parallels.com 2013-03-22T22:04:51Z urn:sha1:6ad6c406dddbca431b5bd86585b085fd005dd87b commit 38d78e587d4960d0db94add518d27ee74bad2301 upstream. mnt_drop_write() must be called only if mnt_want_write() succeeded, otherwise the mnt_writers counter will diverge. mnt_writers counters are used to check if remounting FS as read-only is OK, so after an extra mnt_drop_write() call, it would be impossible to remount mqueue FS as read-only. Besides, on umount a warning would be printed like this one: ===================================== [ BUG: bad unlock balance detected! ] 3.9.0-rc3 #5 Not tainted ------------------------------------- a.out/12486 is trying to release lock (sb_writers) at: mnt_drop_write+0x1f/0x30 but there are no more locks to release! Signed-off-by: Vladimir Davydov <vdavydov@parallels.com> Cc: Doug Ledford <dledford@redhat.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipc: don't allocate a copy larger than max 2013-03-14T18:26:24Z Peter Hurley peter@hurleysoftware.com 2013-03-08T20:43:27Z urn:sha1:f273e02595b5b2ea6fca976ec7c19f16b366c057 commit 88b9e456b1649722673ffa147914299799dc9041 upstream. When MSG_COPY is set, a duplicate message must be allocated for the copy before locking the queue. However, the copy could not be larger than was sent which is limited to msg_ctlmax. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipc: fix potential oops when src msg > 4k w/ MSG_COPY 2013-03-14T18:26:24Z Peter Hurley peter@hurleysoftware.com 2013-03-08T20:43:26Z urn:sha1:32b25b63c222ff910834d577a6baa1f5a39b0a06 commit e1082f45f1e2bbf6e25f6b614fc6616ebf709d19 upstream. If the src msg is > 4k, then dest->next points to the next allocated segment; resetting it just prior to dereferencing is bad. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipc: add more comments to message copying related code 2013-01-05T00:11:46Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-01-04T23:35:03Z urn:sha1:3fcfe78658695b424314ddb76abc8d58b4fc98e6 Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ipc: simplify message copying 2013-01-05T00:11:46Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-01-04T23:35:01Z urn:sha1:51eeacaa07d1372a7bc9612548ffe6cd846f4f2f Remove the redundant and confusing fill_copy(). Also add copy_msg() check for error. In this case exit from the function have to be done instead of break, because further code interprets any error as EAGAIN. Also define copy_msg() for the case when CONFIG_CHECKPOINT_RESTORE is disabled. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ipc: convert prepare_copy() from macro to function 2013-01-05T00:11:46Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-01-04T23:35:00Z urn:sha1:b30efe2775ee0a1d911514292579770b214d31c3 This code works if CONFIG_CHECKPOINT_RESTORE is disabled. [akpm@linux-foundation.org: remove __maybe_unused] Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ipc: simplify free_copy() call 2013-01-05T00:11:45Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-01-04T23:34:58Z urn:sha1:85398aa8de1d68f44ff1b5d0ed9ceb2b0c51ce49 Passing and checking of msgflg to free_copy() is redundant. This patch sets copy to NULL on declaration instead and checks for non-NULL in free_copy(). Note: in case of copy allocation failure, error is returned immediately. So no need to check for IS_ERR() in free_copy(). Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> selftests: IPC message queue copy feature test 2013-01-05T00:11:45Z Stanislav Kinsbursky skinsbursky@parallels.com 2013-01-04T23:34:56Z urn:sha1:3a665531a3b7c2ad2c87903b24646be6916340e4 This test can be used to check wheither kernel supports IPC message queue copy and restore features (required by CRIU project). Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: Serge Hallyn <serge.hallyn@canonical.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>