- Apr 24, 2006
-
-
Alexey Kuznetsov authored
grow_ary() should not copy struct ipc_id_ary (it copies new->p, not new). Due to this, memcpy() src pointer could hit unmapped vmalloc page when near page boundary. Found during OpenVZ stress testing Signed-off-by:
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by:
Kirill Korotaev <dev@openvz.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
- Apr 17, 2006
-
-
Hugh Dickins authored
I found that all of 2.4 and 2.6 have been letting mprotect give write permission to a readonly attachment of shared memory, whether or not IPC would give the caller that permission. SUS says "The behaviour of this function [mprotect] is unspecified if the mapping was not established by a call to mmap", but I don't think we can interpret that as allowing it to subvert IPC permissions. I haven't tried 2.2, but the 2.2.26 source looks like it gets it right; and the patch below reproduces that behaviour - mprotect cannot be used to add write permission to a shared memory segment attached readonly. This patch is simple, and I'm sure it's what we should have done in 2.4.0: if you want to go on to switch write permission on and off with mprotect, just don't attach the segment readonly in the first place. However, we could have accumulated apps which attach readonly (even though they would be permitted to attach read/write), and which subsequently use mprotect to switch write permission on and off: it's not unreasonable. I was going to add a second ipcperms check in do_shmat, to check for writable when readonly, and if not writable find_vma and clear VM_MAYWRITE. But security_ipc_permission might do auditing, and it seems wrong to report an attempt for write permission when there has been none. Or we could flag the vma as SHM, note the shmid or shp in vm_private_data, and then get mprotect to check. But the patch below is a lot simpler: I'd rather stick with it, if we can convince ourselves somehow that it'll be safe. Signed-off-by:
Hugh Dickins <hugh@veritas.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
-
- Feb 10, 2006
-
-
KAMEZAWA Hiroyuki authored
sys_shmdt() can manage shm segments which are covered by multiple vmas. (This can happen when a user uses mprotect() after shmat().) This works well if shm is aligned to PAGE_SIZE, but if not, the last segment cannot be detached. It is because a comparison in sys_shmdt() (vma->vm_end - addr) < size addr == return address of shmat() size == shmsize, argments to shmget() size should be aligned to PAGE_SIZE before being compared with vma->vm_end, which is aligned. Signed-off-by:
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Manfred Spraul <manfred@colorfullife.com> Acked-by:
-
- Feb 09, 2006
-
-
Alexey Kuznetsov authored
netlink overrun was broken while improvement of netlink. Destination socket is used in the place where it was meant to be source socket, so that now overrun is never sent to user netlink sockets, when it should be, and it even can be set on kernel socket, which results in complete deadlock of rtnetlink. Suggested fix is to restore status quo passing source socket as additional argument to netlink_attachskb(). A little explanation: overrun is set on a socket, when it failed to receive some message and sender of this messages does not or even have no way to handle this error. This happens in two cases: 1. when kernel sends something. Kernel never retransmits and cannot wait for buffer space. 2. when user sends a broadcast and the message was not delivered to some recipients. Signed-off-by:
David S. Miller <davem@davemloft.net>
-
- Jan 14, 2006
-
-
Christian Kujau authored
I tried to send the forcedeth maintainer an email, but it came back with: "The mail address manfreds@colorfullife.com is not read anymore. Please resent your mail to manfred@ instead of manfreds@." This patch fixes this. Signed-off-by:Adrian Bunk <bunk@stusta.de>
-
Alexander Viro authored
Fixed the refcounting on failure exits in sys_mq_open() and cleaned the logics up. Rules are actually pretty simple - dentry_open() expects vfsmount and dentry to be pinned down and it either transfers them into created struct file or drops them. Old code had been very confused in that area - if dentry_open() had failed either in do_open() or do_create(), we ended up dentry and mqueue_mnt dropped twice, once by dentry_open() cleanup and then by sys_mq_open(). Fix consists of making the rules for do_create() and do_open() same as for dentry_open() and updating the sys_mq_open() accordingly; that actually leads to more straightforward code and less work on normal path. Signed-off-by:
Al Viro <aviro@redhat.com> Signed-off-by:
-
- Jan 11, 2006
-
-
Randy Dunlap authored
- Move capable() from sched.h to capability.h; - Use <linux/capability.h> where capable() is used (in include/, block/, ipc/, kernel/, a few drivers/, mm/, security/, & sound/; many more drivers/ to go) Signed-off-by:
Randy Dunlap <rdunlap@xenotime.net> Signed-off-by:
-
- Jan 09, 2006
-
-
Jes Sorensen authored
This patch converts the inode semaphore to a mutex. I have tested it on XFS and compiled as much as one can consider on an ia64. Anyway your luck with it might be different. Modified-by:
Ingo Molnar <mingo@elte.hu> (finished the conversion) Signed-off-by:
Jes Sorensen <jes@sgi.com> Signed-off-by:
-
- Jan 08, 2006
-
-
Andrew Morton authored
Unobfsucate this struct member Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by:
-
- Jan 06, 2006
-
-
David Howells authored
The attached patch makes the SYSV IPC shared memory facilities use the new ramfs facilities on a no-MMU kernel. The following changes are made: (1) There are now shmem_mmap() and shmem_get_unmapped_area() functions to allow the IPC SHM facilities to commune with the tiny-shmem and shmem code. (2) ramfs files now need resizing using do_truncate() rather than by modifying the inode size directly (see shmem_file_setup()). This causes ramfs to attempt to bind a block of pages of sufficient size to the inode. (3) CONFIG_SYSVIPC is no longer contingent on CONFIG_MMU. Signed-off-by:David Howells <dhowells@redhat.com> Signed-off-by:
-
- Dec 24, 2005
-
-
Linus Torvalds authored
Introduced by commit 6003a93e
-
Manfred Spraul authored
Two smp_wmb() statements are missing in the sysv sem code: This could cause stack corruptions. The attached patch adds them. Signed-Off-By:
Manfred Spraul <manfred@colorfullife.com> Signed-off-by:
-
- Nov 07, 2005
-
-
Randy Dunlap authored
Various core kernel-doc cleanups: - add missing function parameters in ipc, irq/manage, kernel/sys, kernel/sysctl, and mm/slab; - move description to just above function for kernel_restart() Signed-off-by:
-
Badari Pulavarty authored
Add SHM_NORESERVE functionality similar to MAP_NORESERVE for shared memory segments. This is mainly to avoid abuse of OVERCOMMIT_ALWAYS and this flag is ignored for OVERCOMMIT_NEVER. Signed-off-by:
Badari Pulavarty <pbadari@us.ibm.com> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by:
-
- Nov 06, 2005
-
-
Michal Wronski authored
-
- Oct 29, 2005
-
-
Krishnakumar R authored
Clean up some repeated code related to HugeTLB. hugetlb_zero_setup would have already allocated the file->f_op. Signed-off-by:
Krishnakumar. R <rkrishnakumar@gmail.com> Signed-off-by:
-
- Sep 27, 2005
-
-
Krzysztof Benedyczak authored
We ignored umask when creating new queues via mq_open (when creating with open() on mqueue fs it is ok of course). According to the specification this a bug. This trivial patch fixes this. Signed-off-by:
Krzysztof Benedyczak <golbi@mat.uni.torun.pl> Signed-off-by:
-
- Sep 10, 2005
-
-
Adrian Bunk authored
This patch contains the most trivial from Rusty's trivial patches: - spelling fixes - remove duplicate includes Signed-off-by:
-
- Sep 07, 2005
-
-
Mike Waychison authored
Change the /proc/sysvipc/shm|sem|msg files to use the generic seq_file implementation for struct ipc_ids. Signed-off-by:
Mike Waychison <mikew@google.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by:
-
Mike Waychison authored
The following two patches convert /proc/sysvipc/* to use seq_file. This gives us the following: - Self-consistent IPC records in proc. - O(n) reading of the files themselves. This patch: Add a generic method for ipc types to be displayed using seq_file. This patch abstracts out seq_file iterating over struct ipc_ids into ipc/util.c Signed-off-by:
-
Stephen Rothwell authored
When I first wrote the compat layer patches, I was somewhat cavalier about the definition of compat_uid_t and compat_gid_t (or maybe I just misunderstood :-)). This patch makes the compat types much more consistent with the types we are being compatible with and hopefully will fix a few bugs along the way. compat type type in compat arch __compat_[ug]id_t __kernel_[ug]id_t __compat_[ug]id32_t __kernel_[ug]id32_t compat_[ug]id_t [ug]id_t The difference is that compat_uid_t is always 32 bits (for the archs we care about) but __compat_uid_t may be 16 bits on some. Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
- Aug 05, 2005
-
-
Ingo Molnar authored
semundo->lock can leak if semundo->refcount goes from 2 to 1 while another thread has it locked. This causes major problems for PREEMPT kernels. The simplest fix for now is to undo the single-thread optimization. This bug was found via relentless testing by Dominik Karall. Signed-off-by:
-
- Aug 01, 2005
-
-
Andrew Morton authored
Fix bug found by Grant Coady <lkml@dodo.com.au>'s autobuild setup. shmem_set_policy() and shmem_get_policy() are macros if !CONFIG_SHMEM, so this doesn't work. Signed-off-by:
-
- Jul 12, 2005
-
-
Chris Zankel authored
This patch fixes some minor bugs introduced by the previous patch (remove old syscalls). Both patches remove the obsolete syscalls. The changes in this patch were suggested by Arnd Bergmann. The vmlinux.lds.S changes are required for the latest gcc/binutils. Signed-off-by:
Chris Zankel <chris@zankel.net> Signed-off-by:
-
- Jul 07, 2005
-
-
Jesse Millan authored
GCC 4 complains because the function put_compat_shminfo() can't get to its return statement if there is no error... If the function does not return -EFAULT, it doesn't return anything at all. Looks like a typo. Signed-off-by:
Jesse Millan <jessem@cs.pdx.edu> Signed-off-by:
Domen Puncer <domen@coderock.org> Signed-off-by:
-
- Jun 23, 2005
-
-
Manfred Spraul authored
Patrick noticed that the initial scan of the semaphore operations logs decrease and increase operations seperately, but then both cases are or'ed together and decrease is never used. The attached patch removes the decrease parameter - it shrinks sys_semtimedop() by 56 bytes. Signed-Of-By:
-
- May 01, 2005
-
-
Jesper Juhl authored
Convert most of the current code that uses _NSIG directly to instead use valid_signal(). This avoids gcc -W warnings and off-by-one errors. Signed-off-by:
Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by:
-
Stephen Rothwell authored
Signed-off-by:
-
akpm@osdl.org authored
Replace a number of memory barriers with smp_ variants. This means we won't take the unnecessary hit on UP machines. Signed-off-by:
Anton Blanchard <anton@samba.org> Signed-off-by:
-
- Apr 16, 2005
-
-
Linus Torvalds authored
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
-
