BUG_ON() Conversion in fs/freevxfs/

[safe/jmp/linux-2.6] / ipc / shm.c

diff --git a/ipc/shm.c b/ipc/shm.c
index dca9048..f806a2e 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -27,15 +27,15 @@
 #include <linux/security.h>
 #include <linux/syscalls.h>
 #include <linux/audit.h>
+#include <linux/capability.h>
 #include <linux/ptrace.h>
 #include <linux/seq_file.h>
+#include <linux/mutex.h>
 
 #include <asm/uaccess.h>
 
 #include "util.h"
 
-#define shm_flags      shm_perm.mode
-
 static struct file_operations shm_file_operations;
 static struct vm_operations_struct shm_vm_ops;
 
@@ -110,7 +110,7 @@ static void shm_open (struct vm_area_struct *shmd)
  *
  * @shp: struct to free
  *
- * It has to be called with shp and shm_ids.sem locked,
+ * It has to be called with shp and shm_ids.mutex locked,
  * but returns with shp unlocked and freed.
  */
 static void shm_destroy (struct shmid_kernel *shp)
@@ -140,7 +140,7 @@ static void shm_close (struct vm_area_struct *shmd)
        int id = file->f_dentry->d_inode->i_ino;
        struct shmid_kernel *shp;
 
-       down (&shm_ids.sem);
+       mutex_lock(&shm_ids.mutex);
        /* remove from the list of attaches of the shm segment */
        if(!(shp = shm_lock(id)))
                BUG();
@@ -148,23 +148,31 @@ static void shm_close (struct vm_area_struct *shmd)
        shp->shm_dtim = get_seconds();
        shp->shm_nattch--;
        if(shp->shm_nattch == 0 &&
-          shp->shm_flags & SHM_DEST)
+          shp->shm_perm.mode & SHM_DEST)
                shm_destroy (shp);
        else
                shm_unlock(shp);
-       up (&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 }
 
 static int shm_mmap(struct file * file, struct vm_area_struct * vma)
 {
-       file_accessed(file);
-       vma->vm_ops = &shm_vm_ops;
-       shm_inc(file->f_dentry->d_inode->i_ino);
-       return 0;
+       int ret;
+
+       ret = shmem_mmap(file, vma);
+       if (ret == 0) {
+               vma->vm_ops = &shm_vm_ops;
+               shm_inc(file->f_dentry->d_inode->i_ino);
+       }
+
+       return ret;
 }
 
 static struct file_operations shm_file_operations = {
-       .mmap   = shm_mmap
+       .mmap   = shm_mmap,
+#ifndef CONFIG_MMU
+       .get_unmapped_area = shmem_get_unmapped_area,
+#endif
 };
 
 static struct vm_operations_struct shm_vm_ops = {
@@ -197,7 +205,7 @@ static int newseg (key_t key, int shmflg, size_t size)
                return -ENOMEM;
 
        shp->shm_perm.key = key;
-       shp->shm_flags = (shmflg & S_IRWXUGO);
+       shp->shm_perm.mode = (shmflg & S_IRWXUGO);
        shp->mlock_user = NULL;
 
        shp->shm_perm.security = NULL;
@@ -212,8 +220,16 @@ static int newseg (key_t key, int shmflg, size_t size)
                file = hugetlb_zero_setup(size);
                shp->mlock_user = current->user;
        } else {
+               int acctflag = VM_ACCOUNT;
+               /*
+                * Do not allow no accounting for OVERCOMMIT_NEVER, even
+                * if it's asked for.
+                */
+               if  ((shmflg & SHM_NORESERVE) &&
+                               sysctl_overcommit_memory != OVERCOMMIT_NEVER)
+                       acctflag = 0;
                sprintf (name, "SYSV%08x", key);
-               file = shmem_file_setup(name, size, VM_ACCOUNT);
+               file = shmem_file_setup(name, size, acctflag);
        }
        error = PTR_ERR(file);
        if (IS_ERR(file))
@@ -233,10 +249,11 @@ static int newseg (key_t key, int shmflg, size_t size)
        shp->id = shm_buildid(id,shp->shm_perm.seq);
        shp->shm_file = file;
        file->f_dentry->d_inode->i_ino = shp->id;
-       if (shmflg & SHM_HUGETLB)
-               set_file_hugepages(file);
-       else
+
+       /* Hugetlb ops would have already been assigned. */
+       if (!(shmflg & SHM_HUGETLB))
                file->f_op = &shm_file_operations;
+
        shm_tot += numpages;
        shm_unlock(shp);
        return shp->id;
@@ -254,7 +271,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
        struct shmid_kernel *shp;
        int err, id = 0;
 
-       down(&shm_ids.sem);
+       mutex_lock(&shm_ids.mutex);
        if (key == IPC_PRIVATE) {
                err = newseg(key, shmflg, size);
        } else if ((id = ipc_findkey(&shm_ids, key)) == -1) {
@@ -280,7 +297,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
                }
                shm_unlock(shp);
        }
-       up(&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 
        return err;
 }
@@ -328,7 +345,7 @@ static inline unsigned long copy_shmid_from_user(struct shm_setbuf *out, void __
 
                out->uid        = tbuf.shm_perm.uid;
                out->gid        = tbuf.shm_perm.gid;
-               out->mode       = tbuf.shm_flags;
+               out->mode       = tbuf.shm_perm.mode;
 
                return 0;
            }
@@ -341,7 +358,7 @@ static inline unsigned long copy_shmid_from_user(struct shm_setbuf *out, void __
 
                out->uid        = tbuf_old.shm_perm.uid;
                out->gid        = tbuf_old.shm_perm.gid;
-               out->mode       = tbuf_old.shm_flags;
+               out->mode       = tbuf_old.shm_perm.mode;
 
                return 0;
            }
@@ -451,14 +468,14 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        return err;
 
                memset(&shm_info,0,sizeof(shm_info));
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shm_info.used_ids = shm_ids.in_use;
                shm_get_stat (&shm_info.shm_rss, &shm_info.shm_swp);
                shm_info.shm_tot = shm_tot;
                shm_info.swap_attempts = 0;
                shm_info.swap_successes = 0;
                err = shm_ids.max_id;
-               up(&shm_ids.sem);
+               mutex_unlock(&shm_ids.mutex);
                if(copy_to_user (buf, &shm_info, sizeof(shm_info))) {
                        err = -EFAULT;
                        goto out;
@@ -543,13 +560,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        if (!is_file_hugepages(shp->shm_file)) {
                                err = shmem_lock(shp->shm_file, 1, user);
                                if (!err) {
-                                       shp->shm_flags |= SHM_LOCKED;
+                                       shp->shm_perm.mode |= SHM_LOCKED;
                                        shp->mlock_user = user;
                                }
                        }
                } else if (!is_file_hugepages(shp->shm_file)) {
                        shmem_lock(shp->shm_file, 0, shp->mlock_user);
-                       shp->shm_flags &= ~SHM_LOCKED;
+                       shp->shm_perm.mode &= ~SHM_LOCKED;
                        shp->mlock_user = NULL;
                }
                shm_unlock(shp);
@@ -567,7 +584,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                 *      Instead we set a destroyed flag, and then blow
                 *      the name away when the usage hits zero.
                 */
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shp = shm_lock(shmid);
                err = -EINVAL;
                if (shp == NULL) 
@@ -588,13 +605,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        goto out_unlock_up;
 
                if (shp->shm_nattch){
-                       shp->shm_flags |= SHM_DEST;
+                       shp->shm_perm.mode |= SHM_DEST;
                        /* Do not find it any more */
                        shp->shm_perm.key = IPC_PRIVATE;
                        shm_unlock(shp);
                } else
                        shm_destroy (shp);
-               up(&shm_ids.sem);
+               mutex_unlock(&shm_ids.mutex);
                goto out;
        }
 
@@ -604,13 +621,14 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        err = -EFAULT;
                        goto out;
                }
-               if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
-                       return err;
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shp = shm_lock(shmid);
                err=-EINVAL;
                if(shp==NULL)
                        goto out_up;
+               if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid,
+                                       setbuf.mode, &(shp->shm_perm))))
+                       goto out_unlock_up;
                err = shm_checkid(shp,shmid);
                if(err)
                        goto out_unlock_up;
@@ -627,7 +645,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                
                shp->shm_perm.uid = setbuf.uid;
                shp->shm_perm.gid = setbuf.gid;
-               shp->shm_flags = (shp->shm_flags & ~S_IRWXUGO)
+               shp->shm_perm.mode = (shp->shm_perm.mode & ~S_IRWXUGO)
                        | (setbuf.mode & S_IRWXUGO);
                shp->shm_ctim = get_seconds();
                break;
@@ -642,7 +660,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
 out_unlock_up:
        shm_unlock(shp);
 out_up:
-       up(&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
        goto out;
 out_unlock:
        shm_unlock(shp);
@@ -755,16 +773,16 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
 invalid:
        up_write(&current->mm->mmap_sem);
 
-       down (&shm_ids.sem);
+       mutex_lock(&shm_ids.mutex);
        if(!(shp = shm_lock(shmid)))
                BUG();
        shp->shm_nattch--;
        if(shp->shm_nattch == 0 &&
-          shp->shm_flags & SHM_DEST)
+          shp->shm_perm.mode & SHM_DEST)
                shm_destroy (shp);
        else
                shm_unlock(shp);
-       up (&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 
        *raddr = (unsigned long) user_addr;
        err = 0;
@@ -798,6 +816,9 @@ asmlinkage long sys_shmdt(char __user *shmaddr)
        loff_t size = 0;
        int retval = -EINVAL;
 
+       if (addr & ~PAGE_MASK)
+               return retval;
+
        down_write(&mm->mmap_sem);
 
        /*
@@ -854,6 +875,7 @@ asmlinkage long sys_shmdt(char __user *shmaddr)
         * could possibly have landed at. Also cast things to loff_t to
         * prevent overflows and make comparisions vs. equal-width types.
         */
+       size = PAGE_ALIGN(size);
        while (vma && (loff_t)(vma->vm_end - addr) <= size) {
                next = vma->vm_next;
 
@@ -885,7 +907,7 @@ static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
        return seq_printf(s, format,
                          shp->shm_perm.key,
                          shp->id,
-                         shp->shm_flags,
+                         shp->shm_perm.mode,
                          shp->shm_segsz,
                          shp->shm_cprid,
                          shp->shm_lprid,