ipc/shm: do not use ipc_rcu_free()

[karo-tx-linux.git] / ipc / msg.c

diff --git a/ipc/msg.c b/ipc/msg.c
index 104926dc72be4e9ae53fbecbbd6e05ee1f81cda3..0ed7dae7d4e8b4ba27e06a930362e898bcc94119 100644 (file)
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -97,8 +97,8 @@ static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s)
 
 static void msg_rcu_free(struct rcu_head *head)
 {
-       struct ipc_rcu *p = container_of(head, struct ipc_rcu, rcu);
-       struct msg_queue *msq = ipc_rcu_to_struct(p);
+       struct kern_ipc_perm *p = container_of(head, struct kern_ipc_perm, rcu);
+       struct msg_queue *msq = container_of(p, struct msg_queue, q_perm);
 
        security_msg_queue_free(msq);
        ipc_rcu_free(head);
@@ -118,7 +118,10 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
        key_t key = params->key;
        int msgflg = params->flg;
 
-       msq = ipc_rcu_alloc(sizeof(*msq));
+       BUILD_BUG_ON(offsetof(struct msg_queue, q_perm) != 0);
+
+       msq = container_of(ipc_rcu_alloc(sizeof(*msq)), struct msg_queue,
+                               q_perm);
        if (!msq)
                return -ENOMEM;
 
@@ -128,7 +131,7 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
        msq->q_perm.security = NULL;
        retval = security_msg_queue_alloc(msq);
        if (retval) {
-               ipc_rcu_putref(msq, ipc_rcu_free);
+               ipc_rcu_putref(&msq->q_perm, ipc_rcu_free);
                return retval;
        }
 
@@ -144,7 +147,7 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
        /* ipc_addid() locks msq upon success. */
        id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
        if (id < 0) {
-               ipc_rcu_putref(msq, msg_rcu_free);
+               ipc_rcu_putref(&msq->q_perm, msg_rcu_free);
                return id;
        }
 
@@ -249,7 +252,7 @@ static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
                free_msg(msg);
        }
        atomic_sub(msq->q_cbytes, &ns->msg_bytes);
-       ipc_rcu_putref(msq, msg_rcu_free);
+       ipc_rcu_putref(&msq->q_perm, msg_rcu_free);
 }
 
 /*
@@ -688,7 +691,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
                /* enqueue the sender and prepare to block */
                ss_add(msq, &s, msgsz);
 
-               if (!ipc_rcu_getref(msq)) {
+               if (!ipc_rcu_getref(&msq->q_perm)) {
                        err = -EIDRM;
                        goto out_unlock0;
                }
@@ -700,7 +703,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
                rcu_read_lock();
                ipc_lock_object(&msq->q_perm);
 
-               ipc_rcu_putref(msq, msg_rcu_free);
+               ipc_rcu_putref(&msq->q_perm, msg_rcu_free);
                /* raced with RMID? */
                if (!ipc_valid_object(&msq->q_perm)) {
                        err = -EIDRM;