[PATCH 10/20] ipc/shm: Avoid ipc_rcu_alloc()
From: Manfred Spraul
Date: Thu May 25 2017 - 14:51:55 EST
From: Kees Cook <keescook@xxxxxxxxxxxx>
Instead of using ipc_rcu_alloc() which only performs the refcount
bump, open code it. This also allows for shmid_kernel structure
layout to be randomized in the future.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
---
ipc/shm.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/ipc/shm.c b/ipc/shm.c
index 77e1bff..c9f1f30 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -518,6 +518,19 @@ static const struct vm_operations_struct shm_vm_ops = {
#endif
};
+static struct shmid_kernel *shm_alloc(void)
+{
+ struct shmid_kernel *shp;
+
+ shp = kvmalloc(sizeof(*shp), GFP_KERNEL);
+ if (unlikely(!shp))
+ return NULL;
+
+ atomic_set(&shp->shm_perm.refcount, 1);
+
+ return shp;
+}
+
/**
* newseg - Create a new shared memory segment
* @ns: namespace
@@ -548,10 +561,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
ns->shm_tot + numpages > ns->shm_ctlall)
return -ENOSPC;
- BUILD_BUG_ON(offsetof(struct shmid_kernel, shm_perm) != 0);
-
- shp = container_of(ipc_rcu_alloc(sizeof(*shp)), struct shmid_kernel,
- shm_perm);
+ shp = shm_alloc();
if (!shp)
return -ENOMEM;
--
2.9.3