From: Kees Cook <keescook@xxxxxxxxxxxx> Subject: ipc/shm: avoid ipc_rcu_alloc() Instead of using ipc_rcu_alloc() which only performs the refcount bump, open code it. This also allows for shmid_kernel structure layout to be randomized in the future. Link: http://lkml.kernel.org/r/20170525185107.12869-11-manfred@xxxxxxxxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- ipc/shm.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff -puN ipc/shm.c~ipc-shm-avoid-ipc_rcu_alloc ipc/shm.c --- a/ipc/shm.c~ipc-shm-avoid-ipc_rcu_alloc +++ a/ipc/shm.c @@ -518,6 +518,19 @@ static const struct vm_operations_struct #endif }; +static struct shmid_kernel *shm_alloc(void) +{ + struct shmid_kernel *shp; + + shp = kvmalloc(sizeof(*shp), GFP_KERNEL); + if (unlikely(!shp)) + return NULL; + + atomic_set(&shp->shm_perm.refcount, 1); + + return shp; +} + /** * newseg - Create a new shared memory segment * @ns: namespace @@ -548,10 +561,7 @@ static int newseg(struct ipc_namespace * ns->shm_tot + numpages > ns->shm_ctlall) return -ENOSPC; - BUILD_BUG_ON(offsetof(struct shmid_kernel, shm_perm) != 0); - - shp = container_of(ipc_rcu_alloc(sizeof(*shp)), struct shmid_kernel, - shm_perm); + shp = shm_alloc(); if (!shp) return -ENOMEM; _ -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
