summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKirill Korotaev <dev@openvz.org>2007-10-18 23:40:56 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-19 11:53:48 -0700
commit3ac88a41ff747b8c2f290f86b5243b2f8fce2cc0 (patch)
treea0a87ebb1b5cac9da1a2cee05475139b16a8dbc6
parentc530c6ac7eb1d4ae1ff6b382d9211be446ee82c6 (diff)
downloadkernel-crypto-3ac88a41ff747b8c2f290f86b5243b2f8fce2cc0.tar.gz
kernel-crypto-3ac88a41ff747b8c2f290f86b5243b2f8fce2cc0.tar.xz
kernel-crypto-3ac88a41ff747b8c2f290f86b5243b2f8fce2cc0.zip
virtualization of sysv msg queues is incomplete
Virtualization of sysv msg queues is incomplete: msg_hdrs and msg_bytes variables visible from userspace are global. Let's make them per-namespace. Signed-off-by: Alexey Kuznetsov <alexey@openvz.org> Signed-off-by: Kirill Korotaev <dev@openvz.org> Cc: Pierre Peiffer <pierre.peiffer@bull.net> Cc: Nadia Derbey <Nadia.Derbey@bull.net> Cc: Serge Hallyn <serue@us.ibm.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--include/linux/ipc.h2
-rw-r--r--ipc/msg.c21
2 files changed, 12 insertions, 11 deletions
diff --git a/include/linux/ipc.h b/include/linux/ipc.h
index 96988d1460d..408696ea518 100644
--- a/include/linux/ipc.h
+++ b/include/linux/ipc.h
@@ -111,6 +111,8 @@ struct ipc_namespace {
int msg_ctlmax;
int msg_ctlmnb;
int msg_ctlmni;
+ atomic_t msg_bytes;
+ atomic_t msg_hdrs;
size_t shm_ctlmax;
size_t shm_ctlall;
diff --git a/ipc/msg.c b/ipc/msg.c
index 4f1f2639350..ccf5f495db7 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -66,9 +66,6 @@ struct msg_sender {
#define SEARCH_NOTEQUAL 3
#define SEARCH_LESSEQUAL 4
-static atomic_t msg_bytes = ATOMIC_INIT(0);
-static atomic_t msg_hdrs = ATOMIC_INIT(0);
-
static struct ipc_ids init_msg_ids;
#define msg_ids(ns) (*((ns)->ids[IPC_MSG_IDS]))
@@ -88,6 +85,8 @@ static void __msg_init_ns(struct ipc_namespace *ns, struct ipc_ids *ids)
ns->msg_ctlmax = MSGMAX;
ns->msg_ctlmnb = MSGMNB;
ns->msg_ctlmni = MSGMNI;
+ atomic_set(&ns->msg_bytes, 0);
+ atomic_set(&ns->msg_hdrs, 0);
ipc_init_ids(ids);
}
@@ -293,10 +292,10 @@ static void freeque(struct ipc_namespace *ns, struct msg_queue *msq)
struct msg_msg *msg = list_entry(tmp, struct msg_msg, m_list);
tmp = tmp->next;
- atomic_dec(&msg_hdrs);
+ atomic_dec(&ns->msg_hdrs);
free_msg(msg);
}
- atomic_sub(msq->q_cbytes, &msg_bytes);
+ atomic_sub(msq->q_cbytes, &ns->msg_bytes);
security_msg_queue_free(msq);
ipc_rcu_putref(msq);
}
@@ -463,8 +462,8 @@ asmlinkage long sys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf)
down_read(&msg_ids(ns).rw_mutex);
if (cmd == MSG_INFO) {
msginfo.msgpool = msg_ids(ns).in_use;
- msginfo.msgmap = atomic_read(&msg_hdrs);
- msginfo.msgtql = atomic_read(&msg_bytes);
+ msginfo.msgmap = atomic_read(&ns->msg_hdrs);
+ msginfo.msgtql = atomic_read(&ns->msg_bytes);
} else {
msginfo.msgmap = MSGMAP;
msginfo.msgpool = MSGPOOL;
@@ -735,8 +734,8 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
list_add_tail(&msg->m_list, &msq->q_messages);
msq->q_cbytes += msgsz;
msq->q_qnum++;
- atomic_add(msgsz, &msg_bytes);
- atomic_inc(&msg_hdrs);
+ atomic_add(msgsz, &ns->msg_bytes);
+ atomic_inc(&ns->msg_hdrs);
}
err = 0;
@@ -840,8 +839,8 @@ long do_msgrcv(int msqid, long *pmtype, void __user *mtext,
msq->q_rtime = get_seconds();
msq->q_lrpid = task_tgid_vnr(current);
msq->q_cbytes -= msg->m_ts;
- atomic_sub(msg->m_ts, &msg_bytes);
- atomic_dec(&msg_hdrs);
+ atomic_sub(msg->m_ts, &ns->msg_bytes);
+ atomic_dec(&ns->msg_hdrs);
ss_wakeup(&msq->q_senders, 0);
msg_unlock(msq);
break;