diff options
Diffstat (limited to 'ipc/shm.c')
| -rw-r--r-- | ipc/shm.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/ipc/shm.c b/ipc/shm.c index 3cf48988d68c..29978ee76c2e 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1002,6 +1002,11 @@ static int shmctl_stat(struct ipc_namespace *ns, int shmid, tbuf->shm_atime = shp->shm_atim; tbuf->shm_dtime = shp->shm_dtim; tbuf->shm_ctime = shp->shm_ctim; +#ifndef CONFIG_64BIT + tbuf->shm_atime_high = shp->shm_atim >> 32; + tbuf->shm_dtime_high = shp->shm_dtim >> 32; + tbuf->shm_ctime_high = shp->shm_ctim >> 32; +#endif tbuf->shm_cpid = pid_vnr(shp->shm_cprid); tbuf->shm_lpid = pid_vnr(shp->shm_lprid); tbuf->shm_nattch = shp->shm_nattch; @@ -1233,9 +1238,12 @@ static int copy_compat_shmid_to_user(void __user *buf, struct shmid64_ds *in, struct compat_shmid64_ds v; memset(&v, 0, sizeof(v)); to_compat_ipc64_perm(&v.shm_perm, &in->shm_perm); - v.shm_atime = in->shm_atime; - v.shm_dtime = in->shm_dtime; - v.shm_ctime = in->shm_ctime; + v.shm_atime = lower_32_bits(in->shm_atime); + v.shm_atime_high = upper_32_bits(in->shm_atime); + v.shm_dtime = lower_32_bits(in->shm_dtime); + v.shm_dtime_high = upper_32_bits(in->shm_dtime); + v.shm_ctime = lower_32_bits(in->shm_ctime); + v.shm_ctime_high = upper_32_bits(in->shm_ctime); v.shm_segsz = in->shm_segsz; v.shm_nattch = in->shm_nattch; v.shm_cpid = in->shm_cpid; @@ -1363,14 +1371,17 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, if (addr) { if (addr & (shmlba - 1)) { - /* - * Round down to the nearest multiple of shmlba. - * For sane do_mmap_pgoff() parameters, avoid - * round downs that trigger nil-page and MAP_FIXED. - */ - if ((shmflg & SHM_RND) && addr >= shmlba) - addr &= ~(shmlba - 1); - else + if (shmflg & SHM_RND) { + addr &= ~(shmlba - 1); /* round down */ + + /* + * Ensure that the round-down is non-nil + * when remapping. This can happen for + * cases when addr < shmlba. + */ + if (!addr && (shmflg & SHM_REMAP)) + goto out; + } else #ifndef __ARCH_FORCE_SHMLBA if (addr & ~PAGE_MASK) #endif |