diff options
Diffstat (limited to 'ipc/sem.c')
| -rw-r--r-- | ipc/sem.c | 34 | 
1 files changed, 18 insertions, 16 deletions
| diff --git a/ipc/sem.c b/ipc/sem.c index 69b6a21f3844..19c8b980d1fe 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -243,6 +243,15 @@ static void merge_queues(struct sem_array *sma)  	}  } +static void sem_rcu_free(struct rcu_head *head) +{ +	struct ipc_rcu *p = container_of(head, struct ipc_rcu, rcu); +	struct sem_array *sma = ipc_rcu_to_struct(p); + +	security_sem_free(sma); +	ipc_rcu_free(head); +} +  /*   * If the request contains only one semaphore operation, and there are   * no complex transactions pending, lock only the semaphore involved. @@ -374,12 +383,7 @@ static inline struct sem_array *sem_obtain_object_check(struct ipc_namespace *ns  static inline void sem_lock_and_putref(struct sem_array *sma)  {  	sem_lock(sma, NULL, -1); -	ipc_rcu_putref(sma); -} - -static inline void sem_putref(struct sem_array *sma) -{ -	ipc_rcu_putref(sma); +	ipc_rcu_putref(sma, ipc_rcu_free);  }  static inline void sem_rmid(struct ipc_namespace *ns, struct sem_array *s) @@ -458,14 +462,13 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)  	sma->sem_perm.security = NULL;  	retval = security_sem_alloc(sma);  	if (retval) { -		ipc_rcu_putref(sma); +		ipc_rcu_putref(sma, ipc_rcu_free);  		return retval;  	}  	id = ipc_addid(&sem_ids(ns), &sma->sem_perm, ns->sc_semmni);  	if (id < 0) { -		security_sem_free(sma); -		ipc_rcu_putref(sma); +		ipc_rcu_putref(sma, sem_rcu_free);  		return id;  	}  	ns->used_sems += nsems; @@ -1047,8 +1050,7 @@ static void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)  	wake_up_sem_queue_do(&tasks);  	ns->used_sems -= sma->sem_nsems; -	security_sem_free(sma); -	ipc_rcu_putref(sma); +	ipc_rcu_putref(sma, sem_rcu_free);  }  static unsigned long copy_semid_to_user(void __user *buf, struct semid64_ds *in, int version) @@ -1292,7 +1294,7 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,  			rcu_read_unlock();  			sem_io = ipc_alloc(sizeof(ushort)*nsems);  			if(sem_io == NULL) { -				sem_putref(sma); +				ipc_rcu_putref(sma, ipc_rcu_free);  				return -ENOMEM;  			} @@ -1328,20 +1330,20 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,  		if(nsems > SEMMSL_FAST) {  			sem_io = ipc_alloc(sizeof(ushort)*nsems);  			if(sem_io == NULL) { -				sem_putref(sma); +				ipc_rcu_putref(sma, ipc_rcu_free);  				return -ENOMEM;  			}  		}  		if (copy_from_user (sem_io, p, nsems*sizeof(ushort))) { -			sem_putref(sma); +			ipc_rcu_putref(sma, ipc_rcu_free);  			err = -EFAULT;  			goto out_free;  		}  		for (i = 0; i < nsems; i++) {  			if (sem_io[i] > SEMVMX) { -				sem_putref(sma); +				ipc_rcu_putref(sma, ipc_rcu_free);  				err = -ERANGE;  				goto out_free;  			} @@ -1629,7 +1631,7 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)  	/* step 2: allocate new undo structure */  	new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL);  	if (!new) { -		sem_putref(sma); +		ipc_rcu_putref(sma, ipc_rcu_free);  		return ERR_PTR(-ENOMEM);  	} | 
