From: Dave Hansen <[email protected]>
Andrew Morton noted
http://lkml.kernel.org/r/[email protected]
that the shmdt uses inode->i_size outside of i_mutex being held.
There is one more case in shm.c in shm_destroy(). This converts
both users over to use i_size_read().
Signed-off-by: Dave Hansen <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Manfred Spraul <[email protected]>
Cc: Davidlohr Bueso <[email protected]>
---
b/ipc/shm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff -puN ipc/shm.c~shmdt-use-i_isize_read ipc/shm.c
--- a/ipc/shm.c~shmdt-use-i_isize_read 2014-11-18 11:13:52.293599642 -0800
+++ b/ipc/shm.c 2014-11-18 11:16:47.354495228 -0800
@@ -219,7 +219,8 @@ static void shm_destroy(struct ipc_names
if (!is_file_hugepages(shm_file))
shmem_lock(shm_file, 0, shp->mlock_user);
else if (shp->mlock_user)
- user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user);
+ user_shm_unlock(i_size_read(file_inode(shm_file)),
+ shp->mlock_user);
fput(shm_file);
ipc_rcu_putref(shp, shm_rcu_free);
}
@@ -1272,7 +1273,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, sh
(vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) {
- size = file_inode(vma->vm_file)->i_size;
+ size = i_size_read(file_inode(vma->vm_file));
do_munmap(mm, vma->vm_start, vma->vm_end -
vma->vm_start);
/*
* We discovered the size of the shm segment, so
_
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
