linux-hardened/ipc
Tony Battersby a68e61e8ff shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
ramfs_get_inode() vs.  mm/shmem.c: shmem_get_inode()).

This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock).  Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.

Reported by Jiri Olsa back in February 2008:
http://lkml.org/lkml/2008/2/29/74

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Reported-by: Jiri Olsa <olsajiri@gmail.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: <stable@kernel.org>		[2.6.everything]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:47 -08:00
..
compat.c fix logic error in ipc compat semctl() 2007-07-06 10:23:43 -07:00
compat_mq.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipc_sysctl.c ipc/ipc_sysctl.c: move the definition of ipc_auto_callback() 2009-01-06 15:59:29 -08:00
ipcns_notifier.c ipc: do not use a negative value to re-enable msgmni automatic recomputing 2008-07-25 10:53:42 -07:00
Makefile ipc: recompute msgmni on ipc namespace creation/removal 2008-04-29 08:06:12 -07:00
mqueue.c [CVE-2009-0029] System call wrappers part 26 2009-01-14 14:15:29 +01:00
msg.c [CVE-2009-0029] System call wrappers part 24 2009-01-14 14:15:28 +01:00
msgutil.c [PATCH] getting rid of all casts of k[cmz]alloc() calls 2006-12-13 09:05:58 -08:00
namespace.c ipc: recompute msgmni on ipc namespace creation/removal 2008-04-29 08:06:12 -07:00
sem.c [CVE-2009-0029] System call wrappers part 25 2009-01-14 14:15:28 +01:00
shm.c shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM 2009-02-05 12:56:47 -08:00
util.c sanitize audit_ipc_set_perm() 2009-01-04 15:14:40 -05:00
util.h ipc: get rid of ipc_lock_down() 2008-07-25 10:53:42 -07:00