summaryrefslogtreecommitdiffstats
path: root/ipc/namespace.c
diff options
context:
space:
mode:
authorTony Battersby2009-02-05 00:12:04 +0100
committerLinus Torvalds2009-02-05 21:56:47 +0100
commita68e61e8ff2d46327a37b69056998b47745db6fa (patch)
tree2445097933785b26d91577e6f4b41329e8bcd639 /ipc/namespace.c
parentfbmem: don't call copy_from/to_user() with mutex held (diff)
downloadkernel-qcow2-linux-a68e61e8ff2d46327a37b69056998b47745db6fa.tar.gz
kernel-qcow2-linux-a68e61e8ff2d46327a37b69056998b47745db6fa.tar.xz
kernel-qcow2-linux-a68e61e8ff2d46327a37b69056998b47745db6fa.zip
shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
shm_get_stat() assumes that the inode is a "struct shmem_inode_info", which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c: ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()). This bad assumption can cause shmctl(SHM_INFO) to lockup when shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM may encounter this lockup simply by invoking the 'ipcs' command. Reported by Jiri Olsa back in February 2008: http://lkml.org/lkml/2008/2/29/74 Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Cc: Jiri Kosina <jkosina@suse.cz> Reported-by: Jiri Olsa <olsajiri@gmail.com> Cc: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> [2.6.everything] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc/namespace.c')
0 files changed, 0 insertions, 0 deletions