Merge branch 'master' of /home/trondmy/kernel/linux-2.6/

[pandora-kernel.git] / ipc / shm.c

diff --git a/ipc/shm.c b/ipc/shm.c
index f806a2e..4f133d2 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -13,6 +13,8 @@
  * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com>
  * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com>
  *
+ * support for audit of ipc object properties and permission changes
+ * Dustin Kirkland <dustin.kirkland@us.ibm.com>
  */
 
 #include <linux/config.h>
@@ -91,8 +93,8 @@ static inline int shm_addid(struct shmid_kernel *shp)
 static inline void shm_inc (int id) {
        struct shmid_kernel *shp;
 
-       if(!(shp = shm_lock(id)))
-               BUG();
+       shp = shm_lock(id);
+       BUG_ON(!shp);
        shp->shm_atim = get_seconds();
        shp->shm_lprid = current->tgid;
        shp->shm_nattch++;
@@ -142,8 +144,8 @@ static void shm_close (struct vm_area_struct *shmd)
 
        mutex_lock(&shm_ids.mutex);
        /* remove from the list of attaches of the shm segment */
-       if(!(shp = shm_lock(id)))
-               BUG();
+       shp = shm_lock(id);
+       BUG_ON(!shp);
        shp->shm_lprid = current->tgid;
        shp->shm_dtim = get_seconds();
        shp->shm_nattch--;
@@ -162,6 +164,8 @@ static int shm_mmap(struct file * file, struct vm_area_struct * vma)
        ret = shmem_mmap(file, vma);
        if (ret == 0) {
                vma->vm_ops = &shm_vm_ops;
+               if (!(vma->vm_flags & VM_WRITE))
+                       vma->vm_flags &= ~VM_MAYWRITE;
                shm_inc(file->f_dentry->d_inode->i_ino);
        }
 
@@ -283,8 +287,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
                err = -EEXIST;
        } else {
                shp = shm_lock(id);
-               if(shp==NULL)
-                       BUG();
+               BUG_ON(shp==NULL);
                if (shp->shm_segsz < size)
                        err = -EINVAL;
                else if (ipcperms(&shp->shm_perm, shmflg))
@@ -541,6 +544,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                if(err)
                        goto out_unlock;
 
+               err = audit_ipc_obj(&(shp->shm_perm));
+               if (err)
+                       goto out_unlock;
+
                if (!capable(CAP_IPC_LOCK)) {
                        err = -EPERM;
                        if (current->euid != shp->shm_perm.uid &&
@@ -593,6 +600,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                if(err)
                        goto out_unlock_up;
 
+               err = audit_ipc_obj(&(shp->shm_perm));
+               if (err)
+                       goto out_unlock_up;
+
                if (current->euid != shp->shm_perm.uid &&
                    current->euid != shp->shm_perm.cuid && 
                    !capable(CAP_SYS_ADMIN)) {
@@ -626,12 +637,15 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                err=-EINVAL;
                if(shp==NULL)
                        goto out_up;
-               if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid,
-                                       setbuf.mode, &(shp->shm_perm))))
-                       goto out_unlock_up;
                err = shm_checkid(shp,shmid);
                if(err)
                        goto out_unlock_up;
+               err = audit_ipc_obj(&(shp->shm_perm));
+               if (err)
+                       goto out_unlock_up;
+               err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode);
+               if (err)
+                       goto out_unlock_up;
                err=-EPERM;
                if (current->euid != shp->shm_perm.uid &&
                    current->euid != shp->shm_perm.cuid && 
@@ -774,8 +788,8 @@ invalid:
        up_write(&current->mm->mmap_sem);
 
        mutex_lock(&shm_ids.mutex);
-       if(!(shp = shm_lock(shmid)))
-               BUG();
+       shp = shm_lock(shmid);
+       BUG_ON(!shp);
        shp->shm_nattch--;
        if(shp->shm_nattch == 0 &&
           shp->shm_perm.mode & SHM_DEST)