Re: [PATCH] ipc,shm: Correct error return value in shmctl (SHM_UNLOCK)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch (commit: 3a72660b07) is only slated for stable 3.12, but
should go to 3.10/11 as well, no?

On Wed, 2013-11-20 at 11:44 +0100, Jesper Nilsson wrote: 
> Commit 2caacaa82a51b78fc0c800e206473874094287ed restructured
> the ipc shm to shorten critical region, but introduced a path
> where the return value could be -EPERM, even if the operation
> actually was performed.
> 
> Before the commit, the err return value was reset by the return value
> from security_shm_shmctl() after the if (!ns_capable(...)) statement.
> 
> Now, we still exit the if statement with err set to -EPERM,
> and in the case of SHM_UNLOCK, it is not reset at all,
> and used as the return value from shmctl.
> 
> To fix this, we only set err when errors occur, leaving the
> fallthrough case alone.
> 
> Signed-off-by: Jesper Nilsson <jesper.nilsson@xxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Davidlohr Bueso <davidlohr@xxxxxx>
> Cc: Rik van Riel <riel@xxxxxxxxxx>
> Cc: Michel Lespinasse <walken@xxxxxxxxxx>
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> ---
>  ipc/shm.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/ipc/shm.c b/ipc/shm.c
> index d697396..4076f9e 100644
> --- a/ipc/shm.c
> +++ b/ipc/shm.c
> @@ -974,12 +974,15 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
>  		ipc_lock_object(&shp->shm_perm);
>  		if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
>  			kuid_t euid = current_euid();
> -			err = -EPERM;
>  			if (!uid_eq(euid, shp->shm_perm.uid) &&
> -			    !uid_eq(euid, shp->shm_perm.cuid))
> +			    !uid_eq(euid, shp->shm_perm.cuid)) {
> +				err = -EPERM;
>  				goto out_unlock0;
> -			if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK))
> +			}
> +			if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) {
> +				err = -EPERM;
>  				goto out_unlock0;
> +			}
>  		}
>  
>  		shm_file = shp->shm_file;
> -- 
> 1.8.4
> 
> 
> /^JN - Jesper Nilsson


--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]