| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Nov 2009 15:51:57 +0100
From: Jiri Slaby <jslaby@...ell.com>
To: jirislaby@...il.com
Cc: mingo@...e.hu, nhorman@...driver.com, sfr@...b.auug.org.au,
linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
marcin.slusarz@...il.com, tglx@...utronix.de, mingo@...hat.com,
hpa@...or.com, torvalds@...ux-foundation.org,
Jiri Slaby <jslaby@...ell.com>,
James Morris <jmorris@...ei.org>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Roland Dreier <rolandd@...co.com>,
Sean Hefty <sean.hefty@...el.com>,
Hal Rosenstock <hal.rosenstock@...il.com>,
linux-rdma@...r.kernel.org
Subject: [PATCH 11/16] misc: use ACCESS_ONCE for rlimits
Make sure compiler won't do weird things with limits. E.g. fetching
them twice may return 2 different values after writable limits are
implemented.
Signed-off-by: Jiri Slaby <jslaby@...ell.com>
Cc: James Morris <jmorris@...ei.org>
Cc: Heiko Carstens <heiko.carstens@...ibm.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Ingo Molnar <mingo@...e.hu>
Cc: Roland Dreier <rolandd@...co.com>
Cc: Sean Hefty <sean.hefty@...el.com>
Cc: Hal Rosenstock <hal.rosenstock@...il.com>
Cc: linux-rdma@...r.kernel.org
---
drivers/infiniband/core/umem.c | 3 ++-
drivers/infiniband/hw/ipath/ipath_user_pages.c | 4 ++--
ipc/mqueue.c | 4 ++--
ipc/shm.c | 4 ++--
4 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index 6f7c096..90d806b 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -136,7 +136,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
down_write(¤t->mm->mmap_sem);
locked = npages + current->mm->locked_vm;
- lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
+ lock_limit = ACCESS_ONCE(current->signal->
+ rlim[RLIMIT_MEMLOCK].rlim_cur) >> PAGE_SHIFT;
if ((locked > lock_limit) && !capable(CAP_IPC_LOCK)) {
ret = -ENOMEM;
diff --git a/drivers/infiniband/hw/ipath/ipath_user_pages.c b/drivers/infiniband/hw/ipath/ipath_user_pages.c
index 82878e3..f7db156 100644
--- a/drivers/infiniband/hw/ipath/ipath_user_pages.c
+++ b/drivers/infiniband/hw/ipath/ipath_user_pages.c
@@ -59,8 +59,8 @@ static int __get_user_pages(unsigned long start_page, size_t num_pages,
size_t got;
int ret;
- lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >>
- PAGE_SHIFT;
+ lock_limit = ACCESS_ONCE(current->signal->
+ rlim[RLIMIT_MEMLOCK].rlim_cur) >> PAGE_SHIFT;
if (num_pages > lock_limit) {
ret = -ENOMEM;
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index ee9d697..d04869f 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -152,8 +152,8 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
spin_lock(&mq_lock);
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
- u->mq_bytes + mq_bytes >
- p->signal->rlim[RLIMIT_MSGQUEUE].rlim_cur) {
+ u->mq_bytes + mq_bytes > ACCESS_ONCE(p->signal->
+ rlim[RLIMIT_MSGQUEUE].rlim_cur)) {
spin_unlock(&mq_lock);
goto out_inode;
}
diff --git a/ipc/shm.c b/ipc/shm.c
index 464694e..99de87c 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -761,8 +761,8 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
if (euid != shp->shm_perm.uid &&
euid != shp->shm_perm.cuid)
goto out_unlock;
- if (cmd == SHM_LOCK &&
- !current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur)
+ if (cmd == SHM_LOCK && !ACCESS_ONCE(current->signal->
+ rlim[RLIMIT_MEMLOCK].rlim_cur))
goto out_unlock;
}
--
1.6.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists