projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| fc3fed8a GKH |
1 | From 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d Mon Sep 17 00:00:00 2001 |
| 2 | From: Stanislav Kinsbursky <skinsbursky@parallels.com> | |
| 3 | Date: Mon, 1 Apr 2013 11:40:51 +0400 | |
| 4 | Subject: ipc: set msg back to -EAGAIN if copy wasn't performed | |
| 5 | ||
| 6 | From: Stanislav Kinsbursky <skinsbursky@parallels.com> | |
| 7 | ||
| 8 | commit 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d upstream. | |
| 9 | ||
| 10 | Make sure that msg pointer is set back to error value in case of | |
| 11 | MSG_COPY flag is set and desired message to copy wasn't found. This | |
| 12 | garantees that msg is either a error pointer or a copy address. | |
| 13 | ||
| 14 | Otherwise the last message in queue will be freed without unlinking from | |
| 15 | the queue (which leads to memory corruption) and the dummy allocated | |
| 16 | copy won't be released. | |
| 17 | ||
| 18 | Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> | |
| 19 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
| 20 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 21 | ||
| 22 | --- | |
| 23 | ipc/msg.c | 1 + | |
| 24 | 1 file changed, 1 insertion(+) | |
| 25 | ||
| 26 | --- a/ipc/msg.c | |
| 27 | +++ b/ipc/msg.c | |
| 28 | @@ -872,6 +872,7 @@ long do_msgrcv(int msqid, void __user *b | |
| 29 | goto out_unlock; | |
| 30 | break; | |
| 31 | } | |
| 32 | + msg = ERR_PTR(-EAGAIN); | |
| 33 | } else | |
| 34 | break; | |
| 35 | msg_counter++; |