sysvipc: fix the ipc structures initialization
authorNadia Derbey <Nadia.Derbey@bull.net>
Wed, 19 Nov 2008 23:36:08 +0000 (15:36 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 20 Nov 2008 02:49:57 +0000 (18:49 -0800)
A problem was found while reviewing the code after Bugzilla bug
http://bugzilla.kernel.org/show_bug.cgi?id=11796.

In ipc_addid(), the newly allocated ipc structure is inserted into the
ipcs tree (i.e made visible to readers) without locking it.  This is not
correct since its initialization continues after it has been inserted in
the tree.

This patch moves the ipc structure lock initialization + locking before
the actual insertion.

Signed-off-by: Nadia Derbey <Nadia.Derbey@bull.net>
Reported-by: Clement Calmels <cboulte@gmail.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@kernel.org> [2.6.27.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipc/util.c

index 49b3ea615dc5fa991d921667f44172da02331a55..361fd1c96fcf31b92475882803dc927f281a8718 100644 (file)
@@ -266,9 +266,17 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
        if (ids->in_use >= size)
                return -ENOSPC;
 
+       spin_lock_init(&new->lock);
+       new->deleted = 0;
+       rcu_read_lock();
+       spin_lock(&new->lock);
+
        err = idr_get_new(&ids->ipcs_idr, new, &id);
-       if (err)
+       if (err) {
+               spin_unlock(&new->lock);
+               rcu_read_unlock();
                return err;
+       }
 
        ids->in_use++;
 
@@ -280,10 +288,6 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
                ids->seq = 0;
 
        new->id = ipc_buildid(id, new->seq);
-       spin_lock_init(&new->lock);
-       new->deleted = 0;
-       rcu_read_lock();
-       spin_lock(&new->lock);
        return id;
 }