[PATCH] ipc/util.c: sysvipc_find_ipc() incorrectly updates position index

From: Vasily Averin
Date: Wed May 06 2020 - 02:26:03 EST


new_pos should jump through hole of unused ids,
pos can be updated inside "for" cycle.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase position index")
Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
---
ipc/util.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipc/util.c b/ipc/util.c
index 7acccfd..cfa0045 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -764,21 +764,21 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos,
total++;
}

- *new_pos = pos + 1;
+ ipc = NULL;
if (total >= ids->in_use)
- return NULL;
+ goto out;

for (; pos < ipc_mni; pos++) {
ipc = idr_find(&ids->ipcs_idr, pos);
if (ipc != NULL) {
rcu_read_lock();
ipc_lock_object(ipc);
- return ipc;
+ break;
}
}
-
- /* Out of range - return NULL to terminate iteration */
- return NULL;
+out:
+ *new_pos = pos + 1;
+ return ipc;
}

static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos)
--
1.8.3.1