shm_get_stat() assumes idr_find(&shm_ids(ns).ipcs_idr) returns
"struct shmid_kernel *"; all other callers assume that it returns
"struct kern_ipc_perm *". This works because "struct kern_ipc_perm"
is currently the first member of "struct shmid_kernel", but it would
be better to use container_of() to prevent future breakage.
Signed-off-by: Tony Battersby <[email protected]>
---
--- linux-2.6.29-rc2-git3/ipc/shm.c.orig 2009-01-27 16:23:10.000000000 -0500
+++ linux-2.6.29-rc2-git3/ipc/shm.c 2009-01-27 16:24:19.000000000 -0500
@@ -551,12 +551,14 @@ static void shm_get_stat(struct ipc_name
in_use = shm_ids(ns).in_use;
for (total = 0, next_id = 0; total < in_use; next_id++) {
+ struct kern_ipc_perm *ipc;
struct shmid_kernel *shp;
struct inode *inode;
- shp = idr_find(&shm_ids(ns).ipcs_idr, next_id);
- if (shp == NULL)
+ ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id);
+ if (ipc == NULL)
continue;
+ shp = container_of(ipc, struct shmid_kernel, shm_perm);
inode = shp->shm_file->f_path.dentry->d_inode;
On Tue, 27 Jan 2009 17:48:13 -0500
Tony Battersby <[email protected]> wrote:
> shm_get_stat() assumes idr_find(&shm_ids(ns).ipcs_idr) returns
> "struct shmid_kernel *"; all other callers assume that it returns
> "struct kern_ipc_perm *". This works because "struct kern_ipc_perm"
> is currently the first member of "struct shmid_kernel", but it would
> be better to use container_of() to prevent future breakage.
>
> Signed-off-by: Tony Battersby <[email protected]>
> ---
> --- linux-2.6.29-rc2-git3/ipc/shm.c.orig 2009-01-27 16:23:10.000000000 -0500
> +++ linux-2.6.29-rc2-git3/ipc/shm.c 2009-01-27 16:24:19.000000000 -0500
> @@ -551,12 +551,14 @@ static void shm_get_stat(struct ipc_name
> in_use = shm_ids(ns).in_use;
>
> for (total = 0, next_id = 0; total < in_use; next_id++) {
> + struct kern_ipc_perm *ipc;
> struct shmid_kernel *shp;
> struct inode *inode;
>
> - shp = idr_find(&shm_ids(ns).ipcs_idr, next_id);
> - if (shp == NULL)
> + ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id);
> + if (ipc == NULL)
> continue;
> + shp = container_of(ipc, struct shmid_kernel, shm_perm);
>
> inode = shp->shm_file->f_path.dentry->d_inode;
>
yup, well spotted.
It would be good to add a little typesafe wrapper:
static inline struct kern_ipc_perm *shm_idr_find(struct ipc_ids *ipc_ids)
{
return idr_find(&ipc_ids->ipcs_idr);
}
(or similar)
so that this sort of mistake cannot happen again.
As you've found, open-coded use of a bare void*-returning function is a
bit dangerous.