[patch 13/56] shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
From: Greg KH
Date: Tue Feb 10 2009 - 19:32:43 EST
2.6.27-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tony Battersby <tonyb@xxxxxxxxxxxxxxx>
commit a68e61e8ff2d46327a37b69056998b47745db6fa upstream.
shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()).
This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.
Reported by Jiri Olsa back in February 2008:
http://lkml.org/lkml/2008/2/29/74
Signed-off-by: Tony Battersby <tonyb@xxxxxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Reported-by: Jiri Olsa <olsajiri@xxxxxxxxx>
Cc: Hugh Dickins <hugh@xxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---
ipc/shm.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -565,11 +565,15 @@ static void shm_get_stat(struct ipc_name
struct hstate *h = hstate_file(shp->shm_file);
*rss += pages_per_huge_page(h) * mapping->nrpages;
} else {
+#ifdef CONFIG_SHMEM
struct shmem_inode_info *info = SHMEM_I(inode);
spin_lock(&info->lock);
*rss += inode->i_mapping->nrpages;
*swp += info->swapped;
spin_unlock(&info->lock);
+#else
+ *rss += inode->i_mapping->nrpages;
+#endif
}
total++;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/