[PATCH] USB: add new iTegno usb CDMA 1x card support for pl2303
[linux-2.6.git] / ipc / shm.c
index 0b92e874fc068fb1bc34f3e5940cfb45542f29f7..1c2faf62bc7301a823b26cee9ae738069e93aaa6 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
 #include <linux/security.h>
 #include <linux/syscalls.h>
 #include <linux/audit.h>
+#include <linux/capability.h>
 #include <linux/ptrace.h>
 #include <linux/seq_file.h>
+#include <linux/mutex.h>
 
 #include <asm/uaccess.h>
 
@@ -89,8 +91,8 @@ static inline int shm_addid(struct shmid_kernel *shp)
 static inline void shm_inc (int id) {
        struct shmid_kernel *shp;
 
-       if(!(shp = shm_lock(id)))
-               BUG();
+       shp = shm_lock(id);
+       BUG_ON(!shp);
        shp->shm_atim = get_seconds();
        shp->shm_lprid = current->tgid;
        shp->shm_nattch++;
@@ -108,7 +110,7 @@ static void shm_open (struct vm_area_struct *shmd)
  *
  * @shp: struct to free
  *
- * It has to be called with shp and shm_ids.sem locked,
+ * It has to be called with shp and shm_ids.mutex locked,
  * but returns with shp unlocked and freed.
  */
 static void shm_destroy (struct shmid_kernel *shp)
@@ -138,10 +140,10 @@ static void shm_close (struct vm_area_struct *shmd)
        int id = file->f_dentry->d_inode->i_ino;
        struct shmid_kernel *shp;
 
-       down (&shm_ids.sem);
+       mutex_lock(&shm_ids.mutex);
        /* remove from the list of attaches of the shm segment */
-       if(!(shp = shm_lock(id)))
-               BUG();
+       shp = shm_lock(id);
+       BUG_ON(!shp);
        shp->shm_lprid = current->tgid;
        shp->shm_dtim = get_seconds();
        shp->shm_nattch--;
@@ -150,7 +152,7 @@ static void shm_close (struct vm_area_struct *shmd)
                shm_destroy (shp);
        else
                shm_unlock(shp);
-       up (&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 }
 
 static int shm_mmap(struct file * file, struct vm_area_struct * vma)
@@ -160,6 +162,8 @@ static int shm_mmap(struct file * file, struct vm_area_struct * vma)
        ret = shmem_mmap(file, vma);
        if (ret == 0) {
                vma->vm_ops = &shm_vm_ops;
+               if (!(vma->vm_flags & VM_WRITE))
+                       vma->vm_flags &= ~VM_MAYWRITE;
                shm_inc(file->f_dentry->d_inode->i_ino);
        }
 
@@ -269,7 +273,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
        struct shmid_kernel *shp;
        int err, id = 0;
 
-       down(&shm_ids.sem);
+       mutex_lock(&shm_ids.mutex);
        if (key == IPC_PRIVATE) {
                err = newseg(key, shmflg, size);
        } else if ((id = ipc_findkey(&shm_ids, key)) == -1) {
@@ -281,8 +285,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
                err = -EEXIST;
        } else {
                shp = shm_lock(id);
-               if(shp==NULL)
-                       BUG();
+               BUG_ON(shp==NULL);
                if (shp->shm_segsz < size)
                        err = -EINVAL;
                else if (ipcperms(&shp->shm_perm, shmflg))
@@ -295,7 +298,7 @@ asmlinkage long sys_shmget (key_t key, size_t size, int shmflg)
                }
                shm_unlock(shp);
        }
-       up(&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 
        return err;
 }
@@ -466,14 +469,14 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        return err;
 
                memset(&shm_info,0,sizeof(shm_info));
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shm_info.used_ids = shm_ids.in_use;
                shm_get_stat (&shm_info.shm_rss, &shm_info.shm_swp);
                shm_info.shm_tot = shm_tot;
                shm_info.swap_attempts = 0;
                shm_info.swap_successes = 0;
                err = shm_ids.max_id;
-               up(&shm_ids.sem);
+               mutex_unlock(&shm_ids.mutex);
                if(copy_to_user (buf, &shm_info, sizeof(shm_info))) {
                        err = -EFAULT;
                        goto out;
@@ -582,7 +585,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                 *      Instead we set a destroyed flag, and then blow
                 *      the name away when the usage hits zero.
                 */
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shp = shm_lock(shmid);
                err = -EINVAL;
                if (shp == NULL) 
@@ -609,7 +612,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        shm_unlock(shp);
                } else
                        shm_destroy (shp);
-               up(&shm_ids.sem);
+               mutex_unlock(&shm_ids.mutex);
                goto out;
        }
 
@@ -619,13 +622,14 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
                        err = -EFAULT;
                        goto out;
                }
-               if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
-                       return err;
-               down(&shm_ids.sem);
+               mutex_lock(&shm_ids.mutex);
                shp = shm_lock(shmid);
                err=-EINVAL;
                if(shp==NULL)
                        goto out_up;
+               if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid,
+                                       setbuf.mode, &(shp->shm_perm))))
+                       goto out_unlock_up;
                err = shm_checkid(shp,shmid);
                if(err)
                        goto out_unlock_up;
@@ -657,7 +661,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
 out_unlock_up:
        shm_unlock(shp);
 out_up:
-       up(&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
        goto out;
 out_unlock:
        shm_unlock(shp);
@@ -770,16 +774,16 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
 invalid:
        up_write(&current->mm->mmap_sem);
 
-       down (&shm_ids.sem);
-       if(!(shp = shm_lock(shmid)))
-               BUG();
+       mutex_lock(&shm_ids.mutex);
+       shp = shm_lock(shmid);
+       BUG_ON(!shp);
        shp->shm_nattch--;
        if(shp->shm_nattch == 0 &&
           shp->shm_perm.mode & SHM_DEST)
                shm_destroy (shp);
        else
                shm_unlock(shp);
-       up (&shm_ids.sem);
+       mutex_unlock(&shm_ids.mutex);
 
        *raddr = (unsigned long) user_addr;
        err = 0;
@@ -813,6 +817,9 @@ asmlinkage long sys_shmdt(char __user *shmaddr)
        loff_t size = 0;
        int retval = -EINVAL;
 
+       if (addr & ~PAGE_MASK)
+               return retval;
+
        down_write(&mm->mmap_sem);
 
        /*
@@ -869,6 +876,7 @@ asmlinkage long sys_shmdt(char __user *shmaddr)
         * could possibly have landed at. Also cast things to loff_t to
         * prevent overflows and make comparisions vs. equal-width types.
         */
+       size = PAGE_ALIGN(size);
        while (vma && (loff_t)(vma->vm_end - addr) <= size) {
                next = vma->vm_next;