Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 113289cc086f80f28acd06f160a7c6423cdd4191

Authored by Doug Ledford
Committed by Linus Torvalds
1 parent 2c12ea498f
Exists in smarc-l5.0.0_1.0.0-ga and in 5 other branches imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga

ipc/mqueue: strengthen checks on mqueue creation 

We already check the mq attr struct if it's passed in, but now that the
admin can set system wide defaults separate from maximums, it's actually
possible to set the defaults to something that would overflow.  So, if
there is no attr struct passed in to the open call, check the default
values.

While we are at it, simplify mq_attr_ok() by making it return 0 or an
error condition, so that way if we add more tests to it later, we have the
option of what error should be returned instead of the calling location
having to pick a possibly inaccurate error code.

[akpm@linux-foundation.org: s/ENOMEM/EOVERFLOW/]
Signed-off-by: Doug Ledford <dledford@redhat.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Manfred Spraul <manfred@colorfullife.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 18 additions and 9 deletions Inline Diff

1 /* 1 /*
2 * POSIX message queues filesystem for Linux. 2 * POSIX message queues filesystem for Linux.
3 * 3 *
4 * Copyright (C) 2003,2004 Krzysztof Benedyczak (golbi@mat.uni.torun.pl) 4 * Copyright (C) 2003,2004 Krzysztof Benedyczak (golbi@mat.uni.torun.pl)
5 * Michal Wronski (michal.wronski@gmail.com) 5 * Michal Wronski (michal.wronski@gmail.com)
6 * 6 *
7 * Spinlocks: Mohamed Abbas (abbas.mohamed@intel.com) 7 * Spinlocks: Mohamed Abbas (abbas.mohamed@intel.com)
8 * Lockless receive & send, fd based notify: 8 * Lockless receive & send, fd based notify:
9 * Manfred Spraul (manfred@colorfullife.com) 9 * Manfred Spraul (manfred@colorfullife.com)
10 * 10 *
11 * Audit: George Wilson (ltcgcw@us.ibm.com) 11 * Audit: George Wilson (ltcgcw@us.ibm.com)
12 * 12 *
13 * This file is released under the GPL. 13 * This file is released under the GPL.
14 */ 14 */
15 15
16 #include <linux/capability.h> 16 #include <linux/capability.h>
17 #include <linux/init.h> 17 #include <linux/init.h>
18 #include <linux/pagemap.h> 18 #include <linux/pagemap.h>
19 #include <linux/file.h> 19 #include <linux/file.h>
20 #include <linux/mount.h> 20 #include <linux/mount.h>
21 #include <linux/namei.h> 21 #include <linux/namei.h>
22 #include <linux/sysctl.h> 22 #include <linux/sysctl.h>
23 #include <linux/poll.h> 23 #include <linux/poll.h>
24 #include <linux/mqueue.h> 24 #include <linux/mqueue.h>
25 #include <linux/msg.h> 25 #include <linux/msg.h>
26 #include <linux/skbuff.h> 26 #include <linux/skbuff.h>
27 #include <linux/vmalloc.h> 27 #include <linux/vmalloc.h>
28 #include <linux/netlink.h> 28 #include <linux/netlink.h>
29 #include <linux/syscalls.h> 29 #include <linux/syscalls.h>
30 #include <linux/audit.h> 30 #include <linux/audit.h>
31 #include <linux/signal.h> 31 #include <linux/signal.h>
32 #include <linux/mutex.h> 32 #include <linux/mutex.h>
33 #include <linux/nsproxy.h> 33 #include <linux/nsproxy.h>
34 #include <linux/pid.h> 34 #include <linux/pid.h>
35 #include <linux/ipc_namespace.h> 35 #include <linux/ipc_namespace.h>
36 #include <linux/user_namespace.h> 36 #include <linux/user_namespace.h>
37 #include <linux/slab.h> 37 #include <linux/slab.h>
38 38
39 #include <net/sock.h> 39 #include <net/sock.h>
40 #include "util.h" 40 #include "util.h"
41 41
42 #define MQUEUE_MAGIC 0x19800202 42 #define MQUEUE_MAGIC 0x19800202
43 #define DIRENT_SIZE 20 43 #define DIRENT_SIZE 20
44 #define FILENT_SIZE 80 44 #define FILENT_SIZE 80
45 45
46 #define SEND 0 46 #define SEND 0
47 #define RECV 1 47 #define RECV 1
48 48
49 #define STATE_NONE 0 49 #define STATE_NONE 0
50 #define STATE_PENDING 1 50 #define STATE_PENDING 1
51 #define STATE_READY 2 51 #define STATE_READY 2
52 52
53 struct posix_msg_tree_node { 53 struct posix_msg_tree_node {
54 struct rb_node rb_node; 54 struct rb_node rb_node;
55 struct list_head msg_list; 55 struct list_head msg_list;
56 int priority; 56 int priority;
57 }; 57 };
58 58
59 struct ext_wait_queue { /* queue of sleeping tasks */ 59 struct ext_wait_queue { /* queue of sleeping tasks */
60 struct task_struct *task; 60 struct task_struct *task;
61 struct list_head list; 61 struct list_head list;
62 struct msg_msg *msg; /* ptr of loaded message */ 62 struct msg_msg *msg; /* ptr of loaded message */
63 int state; /* one of STATE_* values */ 63 int state; /* one of STATE_* values */
64 }; 64 };
65 65
66 struct mqueue_inode_info { 66 struct mqueue_inode_info {
67 spinlock_t lock; 67 spinlock_t lock;
68 struct inode vfs_inode; 68 struct inode vfs_inode;
69 wait_queue_head_t wait_q; 69 wait_queue_head_t wait_q;
70 70
71 struct rb_root msg_tree; 71 struct rb_root msg_tree;
72 struct mq_attr attr; 72 struct mq_attr attr;
73 73
74 struct sigevent notify; 74 struct sigevent notify;
75 struct pid* notify_owner; 75 struct pid* notify_owner;
76 struct user_namespace *notify_user_ns; 76 struct user_namespace *notify_user_ns;
77 struct user_struct *user; /* user who created, for accounting */ 77 struct user_struct *user; /* user who created, for accounting */
78 struct sock *notify_sock; 78 struct sock *notify_sock;
79 struct sk_buff *notify_cookie; 79 struct sk_buff *notify_cookie;
80 80
81 /* for tasks waiting for free space and messages, respectively */ 81 /* for tasks waiting for free space and messages, respectively */
82 struct ext_wait_queue e_wait_q[2]; 82 struct ext_wait_queue e_wait_q[2];
83 83
84 unsigned long qsize; /* size of queue in memory (sum of all msgs) */ 84 unsigned long qsize; /* size of queue in memory (sum of all msgs) */
85 }; 85 };
86 86
87 static const struct inode_operations mqueue_dir_inode_operations; 87 static const struct inode_operations mqueue_dir_inode_operations;
88 static const struct file_operations mqueue_file_operations; 88 static const struct file_operations mqueue_file_operations;
89 static const struct super_operations mqueue_super_ops; 89 static const struct super_operations mqueue_super_ops;
90 static void remove_notification(struct mqueue_inode_info *info); 90 static void remove_notification(struct mqueue_inode_info *info);
91 91
92 static struct kmem_cache *mqueue_inode_cachep; 92 static struct kmem_cache *mqueue_inode_cachep;
93 93
94 static struct ctl_table_header * mq_sysctl_table; 94 static struct ctl_table_header * mq_sysctl_table;
95 95
96 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode) 96 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
97 { 97 {
98 return container_of(inode, struct mqueue_inode_info, vfs_inode); 98 return container_of(inode, struct mqueue_inode_info, vfs_inode);
99 } 99 }
100 100
101 /* 101 /*
102 * This routine should be called with the mq_lock held. 102 * This routine should be called with the mq_lock held.
103 */ 103 */
104 static inline struct ipc_namespace *__get_ns_from_inode(struct inode *inode) 104 static inline struct ipc_namespace *__get_ns_from_inode(struct inode *inode)
105 { 105 {
106 return get_ipc_ns(inode->i_sb->s_fs_info); 106 return get_ipc_ns(inode->i_sb->s_fs_info);
107 } 107 }
108 108
109 static struct ipc_namespace *get_ns_from_inode(struct inode *inode) 109 static struct ipc_namespace *get_ns_from_inode(struct inode *inode)
110 { 110 {
111 struct ipc_namespace *ns; 111 struct ipc_namespace *ns;
112 112
113 spin_lock(&mq_lock); 113 spin_lock(&mq_lock);
114 ns = __get_ns_from_inode(inode); 114 ns = __get_ns_from_inode(inode);
115 spin_unlock(&mq_lock); 115 spin_unlock(&mq_lock);
116 return ns; 116 return ns;
117 } 117 }
118 118
119 /* Auxiliary functions to manipulate messages' list */ 119 /* Auxiliary functions to manipulate messages' list */
120 static int msg_insert(struct msg_msg *msg, struct mqueue_inode_info *info) 120 static int msg_insert(struct msg_msg *msg, struct mqueue_inode_info *info)
121 { 121 {
122 struct rb_node **p, *parent = NULL; 122 struct rb_node **p, *parent = NULL;
123 struct posix_msg_tree_node *leaf; 123 struct posix_msg_tree_node *leaf;
124 124
125 p = &info->msg_tree.rb_node; 125 p = &info->msg_tree.rb_node;
126 while (*p) { 126 while (*p) {
127 parent = *p; 127 parent = *p;
128 leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node); 128 leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node);
129 129
130 if (likely(leaf->priority == msg->m_type)) 130 if (likely(leaf->priority == msg->m_type))
131 goto insert_msg; 131 goto insert_msg;
132 else if (msg->m_type < leaf->priority) 132 else if (msg->m_type < leaf->priority)
133 p = &(*p)->rb_left; 133 p = &(*p)->rb_left;
134 else 134 else
135 p = &(*p)->rb_right; 135 p = &(*p)->rb_right;
136 } 136 }
137 leaf = kzalloc(sizeof(*leaf), GFP_ATOMIC); 137 leaf = kzalloc(sizeof(*leaf), GFP_ATOMIC);
138 if (!leaf) 138 if (!leaf)
139 return -ENOMEM; 139 return -ENOMEM;
140 rb_init_node(&leaf->rb_node); 140 rb_init_node(&leaf->rb_node);
141 INIT_LIST_HEAD(&leaf->msg_list); 141 INIT_LIST_HEAD(&leaf->msg_list);
142 leaf->priority = msg->m_type; 142 leaf->priority = msg->m_type;
143 rb_link_node(&leaf->rb_node, parent, p); 143 rb_link_node(&leaf->rb_node, parent, p);
144 rb_insert_color(&leaf->rb_node, &info->msg_tree); 144 rb_insert_color(&leaf->rb_node, &info->msg_tree);
145 info->qsize += sizeof(struct posix_msg_tree_node); 145 info->qsize += sizeof(struct posix_msg_tree_node);
146 insert_msg: 146 insert_msg:
147 info->attr.mq_curmsgs++; 147 info->attr.mq_curmsgs++;
148 info->qsize += msg->m_ts; 148 info->qsize += msg->m_ts;
149 list_add_tail(&msg->m_list, &leaf->msg_list); 149 list_add_tail(&msg->m_list, &leaf->msg_list);
150 return 0; 150 return 0;
151 } 151 }
152 152
153 static inline struct msg_msg *msg_get(struct mqueue_inode_info *info) 153 static inline struct msg_msg *msg_get(struct mqueue_inode_info *info)
154 { 154 {
155 struct rb_node **p, *parent = NULL; 155 struct rb_node **p, *parent = NULL;
156 struct posix_msg_tree_node *leaf; 156 struct posix_msg_tree_node *leaf;
157 struct msg_msg *msg; 157 struct msg_msg *msg;
158 158
159 try_again: 159 try_again:
160 p = &info->msg_tree.rb_node; 160 p = &info->msg_tree.rb_node;
161 while (*p) { 161 while (*p) {
162 parent = *p; 162 parent = *p;
163 /* 163 /*
164 * During insert, low priorities go to the left and high to the 164 * During insert, low priorities go to the left and high to the
165 * right. On receive, we want the highest priorities first, so 165 * right. On receive, we want the highest priorities first, so
166 * walk all the way to the right. 166 * walk all the way to the right.
167 */ 167 */
168 p = &(*p)->rb_right; 168 p = &(*p)->rb_right;
169 } 169 }
170 if (!parent) { 170 if (!parent) {
171 if (info->attr.mq_curmsgs) { 171 if (info->attr.mq_curmsgs) {
172 pr_warn_once("Inconsistency in POSIX message queue, " 172 pr_warn_once("Inconsistency in POSIX message queue, "
173 "no tree element, but supposedly messages " 173 "no tree element, but supposedly messages "
174 "should exist!\n"); 174 "should exist!\n");
175 info->attr.mq_curmsgs = 0; 175 info->attr.mq_curmsgs = 0;
176 } 176 }
177 return NULL; 177 return NULL;
178 } 178 }
179 leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node); 179 leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node);
180 if (list_empty(&leaf->msg_list)) { 180 if (list_empty(&leaf->msg_list)) {
181 pr_warn_once("Inconsistency in POSIX message queue, " 181 pr_warn_once("Inconsistency in POSIX message queue, "
182 "empty leaf node but we haven't implemented " 182 "empty leaf node but we haven't implemented "
183 "lazy leaf delete!\n"); 183 "lazy leaf delete!\n");
184 rb_erase(&leaf->rb_node, &info->msg_tree); 184 rb_erase(&leaf->rb_node, &info->msg_tree);
185 info->qsize -= sizeof(struct posix_msg_tree_node); 185 info->qsize -= sizeof(struct posix_msg_tree_node);
186 kfree(leaf); 186 kfree(leaf);
187 goto try_again; 187 goto try_again;
188 } else { 188 } else {
189 msg = list_first_entry(&leaf->msg_list, 189 msg = list_first_entry(&leaf->msg_list,
190 struct msg_msg, m_list); 190 struct msg_msg, m_list);
191 list_del(&msg->m_list); 191 list_del(&msg->m_list);
192 if (list_empty(&leaf->msg_list)) { 192 if (list_empty(&leaf->msg_list)) {
193 rb_erase(&leaf->rb_node, &info->msg_tree); 193 rb_erase(&leaf->rb_node, &info->msg_tree);
194 info->qsize -= sizeof(struct posix_msg_tree_node); 194 info->qsize -= sizeof(struct posix_msg_tree_node);
195 kfree(leaf); 195 kfree(leaf);
196 } 196 }
197 } 197 }
198 info->attr.mq_curmsgs--; 198 info->attr.mq_curmsgs--;
199 info->qsize -= msg->m_ts; 199 info->qsize -= msg->m_ts;
200 return msg; 200 return msg;
201 } 201 }
202 202
203 static struct inode *mqueue_get_inode(struct super_block *sb, 203 static struct inode *mqueue_get_inode(struct super_block *sb,
204 struct ipc_namespace *ipc_ns, umode_t mode, 204 struct ipc_namespace *ipc_ns, umode_t mode,
205 struct mq_attr *attr) 205 struct mq_attr *attr)
206 { 206 {
207 struct user_struct *u = current_user(); 207 struct user_struct *u = current_user();
208 struct inode *inode; 208 struct inode *inode;
209 int ret = -ENOMEM; 209 int ret = -ENOMEM;
210 210
211 inode = new_inode(sb); 211 inode = new_inode(sb);
212 if (!inode) 212 if (!inode)
213 goto err; 213 goto err;
214 214
215 inode->i_ino = get_next_ino(); 215 inode->i_ino = get_next_ino();
216 inode->i_mode = mode; 216 inode->i_mode = mode;
217 inode->i_uid = current_fsuid(); 217 inode->i_uid = current_fsuid();
218 inode->i_gid = current_fsgid(); 218 inode->i_gid = current_fsgid();
219 inode->i_mtime = inode->i_ctime = inode->i_atime = CURRENT_TIME; 219 inode->i_mtime = inode->i_ctime = inode->i_atime = CURRENT_TIME;
220 220
221 if (S_ISREG(mode)) { 221 if (S_ISREG(mode)) {
222 struct mqueue_inode_info *info; 222 struct mqueue_inode_info *info;
223 unsigned long mq_bytes, mq_treesize; 223 unsigned long mq_bytes, mq_treesize;
224 224
225 inode->i_fop = &mqueue_file_operations; 225 inode->i_fop = &mqueue_file_operations;
226 inode->i_size = FILENT_SIZE; 226 inode->i_size = FILENT_SIZE;
227 /* mqueue specific info */ 227 /* mqueue specific info */
228 info = MQUEUE_I(inode); 228 info = MQUEUE_I(inode);
229 spin_lock_init(&info->lock); 229 spin_lock_init(&info->lock);
230 init_waitqueue_head(&info->wait_q); 230 init_waitqueue_head(&info->wait_q);
231 INIT_LIST_HEAD(&info->e_wait_q[0].list); 231 INIT_LIST_HEAD(&info->e_wait_q[0].list);
232 INIT_LIST_HEAD(&info->e_wait_q[1].list); 232 INIT_LIST_HEAD(&info->e_wait_q[1].list);
233 info->notify_owner = NULL; 233 info->notify_owner = NULL;
234 info->notify_user_ns = NULL; 234 info->notify_user_ns = NULL;
235 info->qsize = 0; 235 info->qsize = 0;
236 info->user = NULL; /* set when all is ok */ 236 info->user = NULL; /* set when all is ok */
237 info->msg_tree = RB_ROOT; 237 info->msg_tree = RB_ROOT;
238 memset(&info->attr, 0, sizeof(info->attr)); 238 memset(&info->attr, 0, sizeof(info->attr));
239 info->attr.mq_maxmsg = min(ipc_ns->mq_msg_max, 239 info->attr.mq_maxmsg = min(ipc_ns->mq_msg_max,
240 ipc_ns->mq_msg_default); 240 ipc_ns->mq_msg_default);
241 info->attr.mq_msgsize = min(ipc_ns->mq_msgsize_max, 241 info->attr.mq_msgsize = min(ipc_ns->mq_msgsize_max,
242 ipc_ns->mq_msgsize_default); 242 ipc_ns->mq_msgsize_default);
243 if (attr) { 243 if (attr) {
244 info->attr.mq_maxmsg = attr->mq_maxmsg; 244 info->attr.mq_maxmsg = attr->mq_maxmsg;
245 info->attr.mq_msgsize = attr->mq_msgsize; 245 info->attr.mq_msgsize = attr->mq_msgsize;
246 } 246 }
247 /* 247 /*
248 * We used to allocate a static array of pointers and account 248 * We used to allocate a static array of pointers and account
249 * the size of that array as well as one msg_msg struct per 249 * the size of that array as well as one msg_msg struct per
250 * possible message into the queue size. That's no longer 250 * possible message into the queue size. That's no longer
251 * accurate as the queue is now an rbtree and will grow and 251 * accurate as the queue is now an rbtree and will grow and
252 * shrink depending on usage patterns. We can, however, still 252 * shrink depending on usage patterns. We can, however, still
253 * account one msg_msg struct per message, but the nodes are 253 * account one msg_msg struct per message, but the nodes are
254 * allocated depending on priority usage, and most programs 254 * allocated depending on priority usage, and most programs
255 * only use one, or a handful, of priorities. However, since 255 * only use one, or a handful, of priorities. However, since
256 * this is pinned memory, we need to assume worst case, so 256 * this is pinned memory, we need to assume worst case, so
257 * that means the min(mq_maxmsg, max_priorities) * struct 257 * that means the min(mq_maxmsg, max_priorities) * struct
258 * posix_msg_tree_node. 258 * posix_msg_tree_node.
259 */ 259 */
260 mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + 260 mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) +
261 min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * 261 min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) *
262 sizeof(struct posix_msg_tree_node); 262 sizeof(struct posix_msg_tree_node);
263 263
264 mq_bytes = mq_treesize + (info->attr.mq_maxmsg * 264 mq_bytes = mq_treesize + (info->attr.mq_maxmsg *
265 info->attr.mq_msgsize); 265 info->attr.mq_msgsize);
266 266
267 spin_lock(&mq_lock); 267 spin_lock(&mq_lock);
268 if (u->mq_bytes + mq_bytes < u->mq_bytes || 268 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
269 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { 269 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
270 spin_unlock(&mq_lock); 270 spin_unlock(&mq_lock);
271 /* mqueue_evict_inode() releases info->messages */ 271 /* mqueue_evict_inode() releases info->messages */
272 ret = -EMFILE; 272 ret = -EMFILE;
273 goto out_inode; 273 goto out_inode;
274 } 274 }
275 u->mq_bytes += mq_bytes; 275 u->mq_bytes += mq_bytes;
276 spin_unlock(&mq_lock); 276 spin_unlock(&mq_lock);
277 277
278 /* all is ok */ 278 /* all is ok */
279 info->user = get_uid(u); 279 info->user = get_uid(u);
280 } else if (S_ISDIR(mode)) { 280 } else if (S_ISDIR(mode)) {
281 inc_nlink(inode); 281 inc_nlink(inode);
282 /* Some things misbehave if size == 0 on a directory */ 282 /* Some things misbehave if size == 0 on a directory */
283 inode->i_size = 2 * DIRENT_SIZE; 283 inode->i_size = 2 * DIRENT_SIZE;
284 inode->i_op = &mqueue_dir_inode_operations; 284 inode->i_op = &mqueue_dir_inode_operations;
285 inode->i_fop = &simple_dir_operations; 285 inode->i_fop = &simple_dir_operations;
286 } 286 }
287 287
288 return inode; 288 return inode;
289 out_inode: 289 out_inode:
290 iput(inode); 290 iput(inode);
291 err: 291 err:
292 return ERR_PTR(ret); 292 return ERR_PTR(ret);
293 } 293 }
294 294
295 static int mqueue_fill_super(struct super_block *sb, void *data, int silent) 295 static int mqueue_fill_super(struct super_block *sb, void *data, int silent)
296 { 296 {
297 struct inode *inode; 297 struct inode *inode;
298 struct ipc_namespace *ns = data; 298 struct ipc_namespace *ns = data;
299 299
300 sb->s_blocksize = PAGE_CACHE_SIZE; 300 sb->s_blocksize = PAGE_CACHE_SIZE;
301 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 301 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
302 sb->s_magic = MQUEUE_MAGIC; 302 sb->s_magic = MQUEUE_MAGIC;
303 sb->s_op = &mqueue_super_ops; 303 sb->s_op = &mqueue_super_ops;
304 304
305 inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO, NULL); 305 inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO, NULL);
306 if (IS_ERR(inode)) 306 if (IS_ERR(inode))
307 return PTR_ERR(inode); 307 return PTR_ERR(inode);
308 308
309 sb->s_root = d_make_root(inode); 309 sb->s_root = d_make_root(inode);
310 if (!sb->s_root) 310 if (!sb->s_root)
311 return -ENOMEM; 311 return -ENOMEM;
312 return 0; 312 return 0;
313 } 313 }
314 314
315 static struct dentry *mqueue_mount(struct file_system_type *fs_type, 315 static struct dentry *mqueue_mount(struct file_system_type *fs_type,
316 int flags, const char *dev_name, 316 int flags, const char *dev_name,
317 void *data) 317 void *data)
318 { 318 {
319 if (!(flags & MS_KERNMOUNT)) 319 if (!(flags & MS_KERNMOUNT))
320 data = current->nsproxy->ipc_ns; 320 data = current->nsproxy->ipc_ns;
321 return mount_ns(fs_type, flags, data, mqueue_fill_super); 321 return mount_ns(fs_type, flags, data, mqueue_fill_super);
322 } 322 }
323 323
324 static void init_once(void *foo) 324 static void init_once(void *foo)
325 { 325 {
326 struct mqueue_inode_info *p = (struct mqueue_inode_info *) foo; 326 struct mqueue_inode_info *p = (struct mqueue_inode_info *) foo;
327 327
328 inode_init_once(&p->vfs_inode); 328 inode_init_once(&p->vfs_inode);
329 } 329 }
330 330
331 static struct inode *mqueue_alloc_inode(struct super_block *sb) 331 static struct inode *mqueue_alloc_inode(struct super_block *sb)
332 { 332 {
333 struct mqueue_inode_info *ei; 333 struct mqueue_inode_info *ei;
334 334
335 ei = kmem_cache_alloc(mqueue_inode_cachep, GFP_KERNEL); 335 ei = kmem_cache_alloc(mqueue_inode_cachep, GFP_KERNEL);
336 if (!ei) 336 if (!ei)
337 return NULL; 337 return NULL;
338 return &ei->vfs_inode; 338 return &ei->vfs_inode;
339 } 339 }
340 340
341 static void mqueue_i_callback(struct rcu_head *head) 341 static void mqueue_i_callback(struct rcu_head *head)
342 { 342 {
343 struct inode *inode = container_of(head, struct inode, i_rcu); 343 struct inode *inode = container_of(head, struct inode, i_rcu);
344 kmem_cache_free(mqueue_inode_cachep, MQUEUE_I(inode)); 344 kmem_cache_free(mqueue_inode_cachep, MQUEUE_I(inode));
345 } 345 }
346 346
347 static void mqueue_destroy_inode(struct inode *inode) 347 static void mqueue_destroy_inode(struct inode *inode)
348 { 348 {
349 call_rcu(&inode->i_rcu, mqueue_i_callback); 349 call_rcu(&inode->i_rcu, mqueue_i_callback);
350 } 350 }
351 351
352 static void mqueue_evict_inode(struct inode *inode) 352 static void mqueue_evict_inode(struct inode *inode)
353 { 353 {
354 struct mqueue_inode_info *info; 354 struct mqueue_inode_info *info;
355 struct user_struct *user; 355 struct user_struct *user;
356 unsigned long mq_bytes, mq_treesize; 356 unsigned long mq_bytes, mq_treesize;
357 struct ipc_namespace *ipc_ns; 357 struct ipc_namespace *ipc_ns;
358 struct msg_msg *msg; 358 struct msg_msg *msg;
359 359
360 clear_inode(inode); 360 clear_inode(inode);
361 361
362 if (S_ISDIR(inode->i_mode)) 362 if (S_ISDIR(inode->i_mode))
363 return; 363 return;
364 364
365 ipc_ns = get_ns_from_inode(inode); 365 ipc_ns = get_ns_from_inode(inode);
366 info = MQUEUE_I(inode); 366 info = MQUEUE_I(inode);
367 spin_lock(&info->lock); 367 spin_lock(&info->lock);
368 while ((msg = msg_get(info)) != NULL) 368 while ((msg = msg_get(info)) != NULL)
369 free_msg(msg); 369 free_msg(msg);
370 spin_unlock(&info->lock); 370 spin_unlock(&info->lock);
371 371
372 /* Total amount of bytes accounted for the mqueue */ 372 /* Total amount of bytes accounted for the mqueue */
373 mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + 373 mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) +
374 min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * 374 min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) *
375 sizeof(struct posix_msg_tree_node); 375 sizeof(struct posix_msg_tree_node);
376 376
377 mq_bytes = mq_treesize + (info->attr.mq_maxmsg * 377 mq_bytes = mq_treesize + (info->attr.mq_maxmsg *
378 info->attr.mq_msgsize); 378 info->attr.mq_msgsize);
379 379
380 user = info->user; 380 user = info->user;
381 if (user) { 381 if (user) {
382 spin_lock(&mq_lock); 382 spin_lock(&mq_lock);
383 user->mq_bytes -= mq_bytes; 383 user->mq_bytes -= mq_bytes;
384 /* 384 /*
385 * get_ns_from_inode() ensures that the 385 * get_ns_from_inode() ensures that the
386 * (ipc_ns = sb->s_fs_info) is either a valid ipc_ns 386 * (ipc_ns = sb->s_fs_info) is either a valid ipc_ns
387 * to which we now hold a reference, or it is NULL. 387 * to which we now hold a reference, or it is NULL.
388 * We can't put it here under mq_lock, though. 388 * We can't put it here under mq_lock, though.
389 */ 389 */
390 if (ipc_ns) 390 if (ipc_ns)
391 ipc_ns->mq_queues_count--; 391 ipc_ns->mq_queues_count--;
392 spin_unlock(&mq_lock); 392 spin_unlock(&mq_lock);
393 free_uid(user); 393 free_uid(user);
394 } 394 }
395 if (ipc_ns) 395 if (ipc_ns)
396 put_ipc_ns(ipc_ns); 396 put_ipc_ns(ipc_ns);
397 } 397 }
398 398
399 static int mqueue_create(struct inode *dir, struct dentry *dentry, 399 static int mqueue_create(struct inode *dir, struct dentry *dentry,
400 umode_t mode, struct nameidata *nd) 400 umode_t mode, struct nameidata *nd)
401 { 401 {
402 struct inode *inode; 402 struct inode *inode;
403 struct mq_attr *attr = dentry->d_fsdata; 403 struct mq_attr *attr = dentry->d_fsdata;
404 int error; 404 int error;
405 struct ipc_namespace *ipc_ns; 405 struct ipc_namespace *ipc_ns;
406 406
407 spin_lock(&mq_lock); 407 spin_lock(&mq_lock);
408 ipc_ns = __get_ns_from_inode(dir); 408 ipc_ns = __get_ns_from_inode(dir);
409 if (!ipc_ns) { 409 if (!ipc_ns) {
410 error = -EACCES; 410 error = -EACCES;
411 goto out_unlock; 411 goto out_unlock;
412 } 412 }
413 if (ipc_ns->mq_queues_count >= HARD_QUEUESMAX || 413 if (ipc_ns->mq_queues_count >= HARD_QUEUESMAX ||
414 (ipc_ns->mq_queues_count >= ipc_ns->mq_queues_max && 414 (ipc_ns->mq_queues_count >= ipc_ns->mq_queues_max &&
415 !capable(CAP_SYS_RESOURCE))) { 415 !capable(CAP_SYS_RESOURCE))) {
416 error = -ENOSPC; 416 error = -ENOSPC;
417 goto out_unlock; 417 goto out_unlock;
418 } 418 }
419 ipc_ns->mq_queues_count++; 419 ipc_ns->mq_queues_count++;
420 spin_unlock(&mq_lock); 420 spin_unlock(&mq_lock);
421 421
422 inode = mqueue_get_inode(dir->i_sb, ipc_ns, mode, attr); 422 inode = mqueue_get_inode(dir->i_sb, ipc_ns, mode, attr);
423 if (IS_ERR(inode)) { 423 if (IS_ERR(inode)) {
424 error = PTR_ERR(inode); 424 error = PTR_ERR(inode);
425 spin_lock(&mq_lock); 425 spin_lock(&mq_lock);
426 ipc_ns->mq_queues_count--; 426 ipc_ns->mq_queues_count--;
427 goto out_unlock; 427 goto out_unlock;
428 } 428 }
429 429
430 put_ipc_ns(ipc_ns); 430 put_ipc_ns(ipc_ns);
431 dir->i_size += DIRENT_SIZE; 431 dir->i_size += DIRENT_SIZE;
432 dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME; 432 dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
433 433
434 d_instantiate(dentry, inode); 434 d_instantiate(dentry, inode);
435 dget(dentry); 435 dget(dentry);
436 return 0; 436 return 0;
437 out_unlock: 437 out_unlock:
438 spin_unlock(&mq_lock); 438 spin_unlock(&mq_lock);
439 if (ipc_ns) 439 if (ipc_ns)
440 put_ipc_ns(ipc_ns); 440 put_ipc_ns(ipc_ns);
441 return error; 441 return error;
442 } 442 }
443 443
444 static int mqueue_unlink(struct inode *dir, struct dentry *dentry) 444 static int mqueue_unlink(struct inode *dir, struct dentry *dentry)
445 { 445 {
446 struct inode *inode = dentry->d_inode; 446 struct inode *inode = dentry->d_inode;
447 447
448 dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME; 448 dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
449 dir->i_size -= DIRENT_SIZE; 449 dir->i_size -= DIRENT_SIZE;
450 drop_nlink(inode); 450 drop_nlink(inode);
451 dput(dentry); 451 dput(dentry);
452 return 0; 452 return 0;
453 } 453 }
454 454
455 /* 455 /*
456 * This is routine for system read from queue file. 456 * This is routine for system read from queue file.
457 * To avoid mess with doing here some sort of mq_receive we allow 457 * To avoid mess with doing here some sort of mq_receive we allow
458 * to read only queue size & notification info (the only values 458 * to read only queue size & notification info (the only values
459 * that are interesting from user point of view and aren't accessible 459 * that are interesting from user point of view and aren't accessible
460 * through std routines) 460 * through std routines)
461 */ 461 */
462 static ssize_t mqueue_read_file(struct file *filp, char __user *u_data, 462 static ssize_t mqueue_read_file(struct file *filp, char __user *u_data,
463 size_t count, loff_t *off) 463 size_t count, loff_t *off)
464 { 464 {
465 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode); 465 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode);
466 char buffer[FILENT_SIZE]; 466 char buffer[FILENT_SIZE];
467 ssize_t ret; 467 ssize_t ret;
468 468
469 spin_lock(&info->lock); 469 spin_lock(&info->lock);
470 snprintf(buffer, sizeof(buffer), 470 snprintf(buffer, sizeof(buffer),
471 "QSIZE:%-10lu NOTIFY:%-5d SIGNO:%-5d NOTIFY_PID:%-6d\n", 471 "QSIZE:%-10lu NOTIFY:%-5d SIGNO:%-5d NOTIFY_PID:%-6d\n",
472 info->qsize, 472 info->qsize,
473 info->notify_owner ? info->notify.sigev_notify : 0, 473 info->notify_owner ? info->notify.sigev_notify : 0,
474 (info->notify_owner && 474 (info->notify_owner &&
475 info->notify.sigev_notify == SIGEV_SIGNAL) ? 475 info->notify.sigev_notify == SIGEV_SIGNAL) ?
476 info->notify.sigev_signo : 0, 476 info->notify.sigev_signo : 0,
477 pid_vnr(info->notify_owner)); 477 pid_vnr(info->notify_owner));
478 spin_unlock(&info->lock); 478 spin_unlock(&info->lock);
479 buffer[sizeof(buffer)-1] = '\0'; 479 buffer[sizeof(buffer)-1] = '\0';
480 480
481 ret = simple_read_from_buffer(u_data, count, off, buffer, 481 ret = simple_read_from_buffer(u_data, count, off, buffer,
482 strlen(buffer)); 482 strlen(buffer));
483 if (ret <= 0) 483 if (ret <= 0)
484 return ret; 484 return ret;
485 485
486 filp->f_path.dentry->d_inode->i_atime = filp->f_path.dentry->d_inode->i_ctime = CURRENT_TIME; 486 filp->f_path.dentry->d_inode->i_atime = filp->f_path.dentry->d_inode->i_ctime = CURRENT_TIME;
487 return ret; 487 return ret;
488 } 488 }
489 489
490 static int mqueue_flush_file(struct file *filp, fl_owner_t id) 490 static int mqueue_flush_file(struct file *filp, fl_owner_t id)
491 { 491 {
492 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode); 492 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode);
493 493
494 spin_lock(&info->lock); 494 spin_lock(&info->lock);
495 if (task_tgid(current) == info->notify_owner) 495 if (task_tgid(current) == info->notify_owner)
496 remove_notification(info); 496 remove_notification(info);
497 497
498 spin_unlock(&info->lock); 498 spin_unlock(&info->lock);
499 return 0; 499 return 0;
500 } 500 }
501 501
502 static unsigned int mqueue_poll_file(struct file *filp, struct poll_table_struct *poll_tab) 502 static unsigned int mqueue_poll_file(struct file *filp, struct poll_table_struct *poll_tab)
503 { 503 {
504 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode); 504 struct mqueue_inode_info *info = MQUEUE_I(filp->f_path.dentry->d_inode);
505 int retval = 0; 505 int retval = 0;
506 506
507 poll_wait(filp, &info->wait_q, poll_tab); 507 poll_wait(filp, &info->wait_q, poll_tab);
508 508
509 spin_lock(&info->lock); 509 spin_lock(&info->lock);
510 if (info->attr.mq_curmsgs) 510 if (info->attr.mq_curmsgs)
511 retval = POLLIN | POLLRDNORM; 511 retval = POLLIN | POLLRDNORM;
512 512
513 if (info->attr.mq_curmsgs < info->attr.mq_maxmsg) 513 if (info->attr.mq_curmsgs < info->attr.mq_maxmsg)
514 retval |= POLLOUT | POLLWRNORM; 514 retval |= POLLOUT | POLLWRNORM;
515 spin_unlock(&info->lock); 515 spin_unlock(&info->lock);
516 516
517 return retval; 517 return retval;
518 } 518 }
519 519
520 /* Adds current to info->e_wait_q[sr] before element with smaller prio */ 520 /* Adds current to info->e_wait_q[sr] before element with smaller prio */
521 static void wq_add(struct mqueue_inode_info *info, int sr, 521 static void wq_add(struct mqueue_inode_info *info, int sr,
522 struct ext_wait_queue *ewp) 522 struct ext_wait_queue *ewp)
523 { 523 {
524 struct ext_wait_queue *walk; 524 struct ext_wait_queue *walk;
525 525
526 ewp->task = current; 526 ewp->task = current;
527 527
528 list_for_each_entry(walk, &info->e_wait_q[sr].list, list) { 528 list_for_each_entry(walk, &info->e_wait_q[sr].list, list) {
529 if (walk->task->static_prio <= current->static_prio) { 529 if (walk->task->static_prio <= current->static_prio) {
530 list_add_tail(&ewp->list, &walk->list); 530 list_add_tail(&ewp->list, &walk->list);
531 return; 531 return;
532 } 532 }
533 } 533 }
534 list_add_tail(&ewp->list, &info->e_wait_q[sr].list); 534 list_add_tail(&ewp->list, &info->e_wait_q[sr].list);
535 } 535 }
536 536
537 /* 537 /*
538 * Puts current task to sleep. Caller must hold queue lock. After return 538 * Puts current task to sleep. Caller must hold queue lock. After return
539 * lock isn't held. 539 * lock isn't held.
540 * sr: SEND or RECV 540 * sr: SEND or RECV
541 */ 541 */
542 static int wq_sleep(struct mqueue_inode_info *info, int sr, 542 static int wq_sleep(struct mqueue_inode_info *info, int sr,
543 ktime_t *timeout, struct ext_wait_queue *ewp) 543 ktime_t *timeout, struct ext_wait_queue *ewp)
544 { 544 {
545 int retval; 545 int retval;
546 signed long time; 546 signed long time;
547 547
548 wq_add(info, sr, ewp); 548 wq_add(info, sr, ewp);
549 549
550 for (;;) { 550 for (;;) {
551 set_current_state(TASK_INTERRUPTIBLE); 551 set_current_state(TASK_INTERRUPTIBLE);
552 552
553 spin_unlock(&info->lock); 553 spin_unlock(&info->lock);
554 time = schedule_hrtimeout_range_clock(timeout, 0, 554 time = schedule_hrtimeout_range_clock(timeout, 0,
555 HRTIMER_MODE_ABS, CLOCK_REALTIME); 555 HRTIMER_MODE_ABS, CLOCK_REALTIME);
556 556
557 while (ewp->state == STATE_PENDING) 557 while (ewp->state == STATE_PENDING)
558 cpu_relax(); 558 cpu_relax();
559 559
560 if (ewp->state == STATE_READY) { 560 if (ewp->state == STATE_READY) {
561 retval = 0; 561 retval = 0;
562 goto out; 562 goto out;
563 } 563 }
564 spin_lock(&info->lock); 564 spin_lock(&info->lock);
565 if (ewp->state == STATE_READY) { 565 if (ewp->state == STATE_READY) {
566 retval = 0; 566 retval = 0;
567 goto out_unlock; 567 goto out_unlock;
568 } 568 }
569 if (signal_pending(current)) { 569 if (signal_pending(current)) {
570 retval = -ERESTARTSYS; 570 retval = -ERESTARTSYS;
571 break; 571 break;
572 } 572 }
573 if (time == 0) { 573 if (time == 0) {
574 retval = -ETIMEDOUT; 574 retval = -ETIMEDOUT;
575 break; 575 break;
576 } 576 }
577 } 577 }
578 list_del(&ewp->list); 578 list_del(&ewp->list);
579 out_unlock: 579 out_unlock:
580 spin_unlock(&info->lock); 580 spin_unlock(&info->lock);
581 out: 581 out:
582 return retval; 582 return retval;
583 } 583 }
584 584
585 /* 585 /*
586 * Returns waiting task that should be serviced first or NULL if none exists 586 * Returns waiting task that should be serviced first or NULL if none exists
587 */ 587 */
588 static struct ext_wait_queue *wq_get_first_waiter( 588 static struct ext_wait_queue *wq_get_first_waiter(
589 struct mqueue_inode_info *info, int sr) 589 struct mqueue_inode_info *info, int sr)
590 { 590 {
591 struct list_head *ptr; 591 struct list_head *ptr;
592 592
593 ptr = info->e_wait_q[sr].list.prev; 593 ptr = info->e_wait_q[sr].list.prev;
594 if (ptr == &info->e_wait_q[sr].list) 594 if (ptr == &info->e_wait_q[sr].list)
595 return NULL; 595 return NULL;
596 return list_entry(ptr, struct ext_wait_queue, list); 596 return list_entry(ptr, struct ext_wait_queue, list);
597 } 597 }
598 598
599 599
600 static inline void set_cookie(struct sk_buff *skb, char code) 600 static inline void set_cookie(struct sk_buff *skb, char code)
601 { 601 {
602 ((char*)skb->data)[NOTIFY_COOKIE_LEN-1] = code; 602 ((char*)skb->data)[NOTIFY_COOKIE_LEN-1] = code;
603 } 603 }
604 604
605 /* 605 /*
606 * The next function is only to split too long sys_mq_timedsend 606 * The next function is only to split too long sys_mq_timedsend
607 */ 607 */
608 static void __do_notify(struct mqueue_inode_info *info) 608 static void __do_notify(struct mqueue_inode_info *info)
609 { 609 {
610 /* notification 610 /* notification
611 * invoked when there is registered process and there isn't process 611 * invoked when there is registered process and there isn't process
612 * waiting synchronously for message AND state of queue changed from 612 * waiting synchronously for message AND state of queue changed from
613 * empty to not empty. Here we are sure that no one is waiting 613 * empty to not empty. Here we are sure that no one is waiting
614 * synchronously. */ 614 * synchronously. */
615 if (info->notify_owner && 615 if (info->notify_owner &&
616 info->attr.mq_curmsgs == 1) { 616 info->attr.mq_curmsgs == 1) {
617 struct siginfo sig_i; 617 struct siginfo sig_i;
618 switch (info->notify.sigev_notify) { 618 switch (info->notify.sigev_notify) {
619 case SIGEV_NONE: 619 case SIGEV_NONE:
620 break; 620 break;
621 case SIGEV_SIGNAL: 621 case SIGEV_SIGNAL:
622 /* sends signal */ 622 /* sends signal */
623 623
624 sig_i.si_signo = info->notify.sigev_signo; 624 sig_i.si_signo = info->notify.sigev_signo;
625 sig_i.si_errno = 0; 625 sig_i.si_errno = 0;
626 sig_i.si_code = SI_MESGQ; 626 sig_i.si_code = SI_MESGQ;
627 sig_i.si_value = info->notify.sigev_value; 627 sig_i.si_value = info->notify.sigev_value;
628 /* map current pid/uid into info->owner's namespaces */ 628 /* map current pid/uid into info->owner's namespaces */
629 rcu_read_lock(); 629 rcu_read_lock();
630 sig_i.si_pid = task_tgid_nr_ns(current, 630 sig_i.si_pid = task_tgid_nr_ns(current,
631 ns_of_pid(info->notify_owner)); 631 ns_of_pid(info->notify_owner));
632 sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid()); 632 sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid());
633 rcu_read_unlock(); 633 rcu_read_unlock();
634 634
635 kill_pid_info(info->notify.sigev_signo, 635 kill_pid_info(info->notify.sigev_signo,
636 &sig_i, info->notify_owner); 636 &sig_i, info->notify_owner);
637 break; 637 break;
638 case SIGEV_THREAD: 638 case SIGEV_THREAD:
639 set_cookie(info->notify_cookie, NOTIFY_WOKENUP); 639 set_cookie(info->notify_cookie, NOTIFY_WOKENUP);
640 netlink_sendskb(info->notify_sock, info->notify_cookie); 640 netlink_sendskb(info->notify_sock, info->notify_cookie);
641 break; 641 break;
642 } 642 }
643 /* after notification unregisters process */ 643 /* after notification unregisters process */
644 put_pid(info->notify_owner); 644 put_pid(info->notify_owner);
645 put_user_ns(info->notify_user_ns); 645 put_user_ns(info->notify_user_ns);
646 info->notify_owner = NULL; 646 info->notify_owner = NULL;
647 info->notify_user_ns = NULL; 647 info->notify_user_ns = NULL;
648 } 648 }
649 wake_up(&info->wait_q); 649 wake_up(&info->wait_q);
650 } 650 }
651 651
652 static int prepare_timeout(const struct timespec __user *u_abs_timeout, 652 static int prepare_timeout(const struct timespec __user *u_abs_timeout,
653 ktime_t *expires, struct timespec *ts) 653 ktime_t *expires, struct timespec *ts)
654 { 654 {
655 if (copy_from_user(ts, u_abs_timeout, sizeof(struct timespec))) 655 if (copy_from_user(ts, u_abs_timeout, sizeof(struct timespec)))
656 return -EFAULT; 656 return -EFAULT;
657 if (!timespec_valid(ts)) 657 if (!timespec_valid(ts))
658 return -EINVAL; 658 return -EINVAL;
659 659
660 *expires = timespec_to_ktime(*ts); 660 *expires = timespec_to_ktime(*ts);
661 return 0; 661 return 0;
662 } 662 }
663 663
664 static void remove_notification(struct mqueue_inode_info *info) 664 static void remove_notification(struct mqueue_inode_info *info)
665 { 665 {
666 if (info->notify_owner != NULL && 666 if (info->notify_owner != NULL &&
667 info->notify.sigev_notify == SIGEV_THREAD) { 667 info->notify.sigev_notify == SIGEV_THREAD) {
668 set_cookie(info->notify_cookie, NOTIFY_REMOVED); 668 set_cookie(info->notify_cookie, NOTIFY_REMOVED);
669 netlink_sendskb(info->notify_sock, info->notify_cookie); 669 netlink_sendskb(info->notify_sock, info->notify_cookie);
670 } 670 }
671 put_pid(info->notify_owner); 671 put_pid(info->notify_owner);
672 put_user_ns(info->notify_user_ns); 672 put_user_ns(info->notify_user_ns);
673 info->notify_owner = NULL; 673 info->notify_owner = NULL;
674 info->notify_user_ns = NULL; 674 info->notify_user_ns = NULL;
675 } 675 }
676 676
677 static int mq_attr_ok(struct ipc_namespace *ipc_ns, struct mq_attr *attr) 677 static int mq_attr_ok(struct ipc_namespace *ipc_ns, struct mq_attr *attr)
678 { 678 {
679 int mq_treesize; 679 int mq_treesize;
680 unsigned long total_size; 680 unsigned long total_size;
681 681
682 if (attr->mq_maxmsg <= 0 || attr->mq_msgsize <= 0) 682 if (attr->mq_maxmsg <= 0 || attr->mq_msgsize <= 0)
683 return 0; 683 return -EINVAL;
684 if (capable(CAP_SYS_RESOURCE)) { 684 if (capable(CAP_SYS_RESOURCE)) {
685 if (attr->mq_maxmsg > HARD_MSGMAX || 685 if (attr->mq_maxmsg > HARD_MSGMAX ||
686 attr->mq_msgsize > HARD_MSGSIZEMAX) 686 attr->mq_msgsize > HARD_MSGSIZEMAX)
687 return 0; 687 return -EINVAL;
688 } else { 688 } else {
689 if (attr->mq_maxmsg > ipc_ns->mq_msg_max || 689 if (attr->mq_maxmsg > ipc_ns->mq_msg_max ||
690 attr->mq_msgsize > ipc_ns->mq_msgsize_max) 690 attr->mq_msgsize > ipc_ns->mq_msgsize_max)
691 return 0; 691 return -EINVAL;
692 } 692 }
693 /* check for overflow */ 693 /* check for overflow */
694 if (attr->mq_msgsize > ULONG_MAX/attr->mq_maxmsg) 694 if (attr->mq_msgsize > ULONG_MAX/attr->mq_maxmsg)
695 return 0; 695 return -EOVERFLOW;
696 mq_treesize = attr->mq_maxmsg * sizeof(struct msg_msg) + 696 mq_treesize = attr->mq_maxmsg * sizeof(struct msg_msg) +
697 min_t(unsigned int, attr->mq_maxmsg, MQ_PRIO_MAX) * 697 min_t(unsigned int, attr->mq_maxmsg, MQ_PRIO_MAX) *
698 sizeof(struct posix_msg_tree_node); 698 sizeof(struct posix_msg_tree_node);
699 total_size = attr->mq_maxmsg * attr->mq_msgsize; 699 total_size = attr->mq_maxmsg * attr->mq_msgsize;
700 if (total_size + mq_treesize < total_size) 700 if (total_size + mq_treesize < total_size)
701 return 0; 701 return -EOVERFLOW;
702 return 1; 702 return 0;
703 } 703 }
704 704
705 /* 705 /*
706 * Invoked when creating a new queue via sys_mq_open 706 * Invoked when creating a new queue via sys_mq_open
707 */ 707 */
708 static struct file *do_create(struct ipc_namespace *ipc_ns, struct dentry *dir, 708 static struct file *do_create(struct ipc_namespace *ipc_ns, struct dentry *dir,
709 struct dentry *dentry, int oflag, umode_t mode, 709 struct dentry *dentry, int oflag, umode_t mode,
710 struct mq_attr *attr) 710 struct mq_attr *attr)
711 { 711 {
712 const struct cred *cred = current_cred(); 712 const struct cred *cred = current_cred();
713 struct file *result; 713 struct file *result;
714 int ret; 714 int ret;
715 715
716 if (attr) { 716 if (attr) {
717 if (!mq_attr_ok(ipc_ns, attr)) { 717 ret = mq_attr_ok(ipc_ns, attr);
718 ret = -EINVAL; 718 if (ret)
719 goto out; 719 goto out;
720 }
721 /* store for use during create */ 720 /* store for use during create */
722 dentry->d_fsdata = attr; 721 dentry->d_fsdata = attr;
722 } else {
723 struct mq_attr def_attr;
724
725 def_attr.mq_maxmsg = min(ipc_ns->mq_msg_max,
726 ipc_ns->mq_msg_default);
727 def_attr.mq_msgsize = min(ipc_ns->mq_msgsize_max,
728 ipc_ns->mq_msgsize_default);
729 ret = mq_attr_ok(ipc_ns, &def_attr);
730 if (ret)
731 goto out;
723 } 732 }
724 733
725 mode &= ~current_umask(); 734 mode &= ~current_umask();
726 ret = mnt_want_write(ipc_ns->mq_mnt); 735 ret = mnt_want_write(ipc_ns->mq_mnt);
727 if (ret) 736 if (ret)
728 goto out; 737 goto out;
729 ret = vfs_create(dir->d_inode, dentry, mode, NULL); 738 ret = vfs_create(dir->d_inode, dentry, mode, NULL);
730 dentry->d_fsdata = NULL; 739 dentry->d_fsdata = NULL;
731 if (ret) 740 if (ret)
732 goto out_drop_write; 741 goto out_drop_write;
733 742
734 result = dentry_open(dentry, ipc_ns->mq_mnt, oflag, cred); 743 result = dentry_open(dentry, ipc_ns->mq_mnt, oflag, cred);
735 /* 744 /*
736 * dentry_open() took a persistent mnt_want_write(), 745 * dentry_open() took a persistent mnt_want_write(),
737 * so we can now drop this one. 746 * so we can now drop this one.
738 */ 747 */
739 mnt_drop_write(ipc_ns->mq_mnt); 748 mnt_drop_write(ipc_ns->mq_mnt);
740 return result; 749 return result;
741 750
742 out_drop_write: 751 out_drop_write:
743 mnt_drop_write(ipc_ns->mq_mnt); 752 mnt_drop_write(ipc_ns->mq_mnt);
744 out: 753 out:
745 dput(dentry); 754 dput(dentry);
746 mntput(ipc_ns->mq_mnt); 755 mntput(ipc_ns->mq_mnt);
747 return ERR_PTR(ret); 756 return ERR_PTR(ret);
748 } 757 }
749 758
750 /* Opens existing queue */ 759 /* Opens existing queue */
751 static struct file *do_open(struct ipc_namespace *ipc_ns, 760 static struct file *do_open(struct ipc_namespace *ipc_ns,
752 struct dentry *dentry, int oflag) 761 struct dentry *dentry, int oflag)
753 { 762 {
754 int ret; 763 int ret;
755 const struct cred *cred = current_cred(); 764 const struct cred *cred = current_cred();
756 765
757 static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE, 766 static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
758 MAY_READ | MAY_WRITE }; 767 MAY_READ | MAY_WRITE };
759 768
760 if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) { 769 if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) {
761 ret = -EINVAL; 770 ret = -EINVAL;
762 goto err; 771 goto err;
763 } 772 }
764 773
765 if (inode_permission(dentry->d_inode, oflag2acc[oflag & O_ACCMODE])) { 774 if (inode_permission(dentry->d_inode, oflag2acc[oflag & O_ACCMODE])) {
766 ret = -EACCES; 775 ret = -EACCES;
767 goto err; 776 goto err;
768 } 777 }
769 778
770 return dentry_open(dentry, ipc_ns->mq_mnt, oflag, cred); 779 return dentry_open(dentry, ipc_ns->mq_mnt, oflag, cred);
771 780
772 err: 781 err:
773 dput(dentry); 782 dput(dentry);
774 mntput(ipc_ns->mq_mnt); 783 mntput(ipc_ns->mq_mnt);
775 return ERR_PTR(ret); 784 return ERR_PTR(ret);
776 } 785 }
777 786
778 SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, 787 SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode,
779 struct mq_attr __user *, u_attr) 788 struct mq_attr __user *, u_attr)
780 { 789 {
781 struct dentry *dentry; 790 struct dentry *dentry;
782 struct file *filp; 791 struct file *filp;
783 char *name; 792 char *name;
784 struct mq_attr attr; 793 struct mq_attr attr;
785 int fd, error; 794 int fd, error;
786 struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns; 795 struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
787 796
788 if (u_attr && copy_from_user(&attr, u_attr, sizeof(struct mq_attr))) 797 if (u_attr && copy_from_user(&attr, u_attr, sizeof(struct mq_attr)))
789 return -EFAULT; 798 return -EFAULT;
790 799
791 audit_mq_open(oflag, mode, u_attr ? &attr : NULL); 800 audit_mq_open(oflag, mode, u_attr ? &attr : NULL);
792 801
793 if (IS_ERR(name = getname(u_name))) 802 if (IS_ERR(name = getname(u_name)))
794 return PTR_ERR(name); 803 return PTR_ERR(name);
795 804
796 fd = get_unused_fd_flags(O_CLOEXEC); 805 fd = get_unused_fd_flags(O_CLOEXEC);
797 if (fd < 0) 806 if (fd < 0)
798 goto out_putname; 807 goto out_putname;
799 808
800 mutex_lock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex); 809 mutex_lock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex);
801 dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name)); 810 dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name));
802 if (IS_ERR(dentry)) { 811 if (IS_ERR(dentry)) {
803 error = PTR_ERR(dentry); 812 error = PTR_ERR(dentry);
804 goto out_putfd; 813 goto out_putfd;
805 } 814 }
806 mntget(ipc_ns->mq_mnt); 815 mntget(ipc_ns->mq_mnt);
807 816
808 if (oflag & O_CREAT) { 817 if (oflag & O_CREAT) {
809 if (dentry->d_inode) { /* entry already exists */ 818 if (dentry->d_inode) { /* entry already exists */
810 audit_inode(name, dentry); 819 audit_inode(name, dentry);
811 if (oflag & O_EXCL) { 820 if (oflag & O_EXCL) {
812 error = -EEXIST; 821 error = -EEXIST;
813 goto out; 822 goto out;
814 } 823 }
815 filp = do_open(ipc_ns, dentry, oflag); 824 filp = do_open(ipc_ns, dentry, oflag);
816 } else { 825 } else {
817 filp = do_create(ipc_ns, ipc_ns->mq_mnt->mnt_root, 826 filp = do_create(ipc_ns, ipc_ns->mq_mnt->mnt_root,
818 dentry, oflag, mode, 827 dentry, oflag, mode,
819 u_attr ? &attr : NULL); 828 u_attr ? &attr : NULL);
820 } 829 }
821 } else { 830 } else {
822 if (!dentry->d_inode) { 831 if (!dentry->d_inode) {
823 error = -ENOENT; 832 error = -ENOENT;
824 goto out; 833 goto out;
825 } 834 }
826 audit_inode(name, dentry); 835 audit_inode(name, dentry);
827 filp = do_open(ipc_ns, dentry, oflag); 836 filp = do_open(ipc_ns, dentry, oflag);
828 } 837 }
829 838
830 if (IS_ERR(filp)) { 839 if (IS_ERR(filp)) {
831 error = PTR_ERR(filp); 840 error = PTR_ERR(filp);
832 goto out_putfd; 841 goto out_putfd;
833 } 842 }
834 843
835 fd_install(fd, filp); 844 fd_install(fd, filp);
836 goto out_upsem; 845 goto out_upsem;
837 846
838 out: 847 out:
839 dput(dentry); 848 dput(dentry);
840 mntput(ipc_ns->mq_mnt); 849 mntput(ipc_ns->mq_mnt);
841 out_putfd: 850 out_putfd:
842 put_unused_fd(fd); 851 put_unused_fd(fd);
843 fd = error; 852 fd = error;
844 out_upsem: 853 out_upsem:
845 mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex); 854 mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex);
846 out_putname: 855 out_putname:
847 putname(name); 856 putname(name);
848 return fd; 857 return fd;
849 } 858 }
850 859
851 SYSCALL_DEFINE1(mq_unlink, const char __user *, u_name) 860 SYSCALL_DEFINE1(mq_unlink, const char __user *, u_name)
852 { 861 {
853 int err; 862 int err;
854 char *name; 863 char *name;
855 struct dentry *dentry; 864 struct dentry *dentry;
856 struct inode *inode = NULL; 865 struct inode *inode = NULL;
857 struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns; 866 struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
858 867
859 name = getname(u_name); 868 name = getname(u_name);
860 if (IS_ERR(name)) 869 if (IS_ERR(name))
861 return PTR_ERR(name); 870 return PTR_ERR(name);
862 871
863 mutex_lock_nested(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex, 872 mutex_lock_nested(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex,
864 I_MUTEX_PARENT); 873 I_MUTEX_PARENT);
865 dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name)); 874 dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name));
866 if (IS_ERR(dentry)) { 875 if (IS_ERR(dentry)) {
867 err = PTR_ERR(dentry); 876 err = PTR_ERR(dentry);
868 goto out_unlock; 877 goto out_unlock;
869 } 878 }
870 879
871 if (!dentry->d_inode) { 880 if (!dentry->d_inode) {
872 err = -ENOENT; 881 err = -ENOENT;
873 goto out_err; 882 goto out_err;
874 } 883 }
875 884
876 inode = dentry->d_inode; 885 inode = dentry->d_inode;
877 if (inode) 886 if (inode)
878 ihold(inode); 887 ihold(inode);
879 err = mnt_want_write(ipc_ns->mq_mnt); 888 err = mnt_want_write(ipc_ns->mq_mnt);
880 if (err) 889 if (err)
881 goto out_err; 890 goto out_err;
882 err = vfs_unlink(dentry->d_parent->d_inode, dentry); 891 err = vfs_unlink(dentry->d_parent->d_inode, dentry);
883 mnt_drop_write(ipc_ns->mq_mnt); 892 mnt_drop_write(ipc_ns->mq_mnt);
884 out_err: 893 out_err:
885 dput(dentry); 894 dput(dentry);
886 895
887 out_unlock: 896 out_unlock:
888 mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex); 897 mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex);
889 putname(name); 898 putname(name);
890 if (inode) 899 if (inode)
891 iput(inode); 900 iput(inode);
892 901
893 return err; 902 return err;
894 } 903 }
895 904
896 /* Pipelined send and receive functions. 905 /* Pipelined send and receive functions.
897 * 906 *
898 * If a receiver finds no waiting message, then it registers itself in the 907 * If a receiver finds no waiting message, then it registers itself in the
899 * list of waiting receivers. A sender checks that list before adding the new 908 * list of waiting receivers. A sender checks that list before adding the new
900 * message into the message array. If there is a waiting receiver, then it 909 * message into the message array. If there is a waiting receiver, then it
901 * bypasses the message array and directly hands the message over to the 910 * bypasses the message array and directly hands the message over to the
902 * receiver. 911 * receiver.
903 * The receiver accepts the message and returns without grabbing the queue 912 * The receiver accepts the message and returns without grabbing the queue
904 * spinlock. Therefore an intermediate STATE_PENDING state and memory barriers 913 * spinlock. Therefore an intermediate STATE_PENDING state and memory barriers
905 * are necessary. The same algorithm is used for sysv semaphores, see 914 * are necessary. The same algorithm is used for sysv semaphores, see
906 * ipc/sem.c for more details. 915 * ipc/sem.c for more details.
907 * 916 *
908 * The same algorithm is used for senders. 917 * The same algorithm is used for senders.
909 */ 918 */
910 919
911 /* pipelined_send() - send a message directly to the task waiting in 920 /* pipelined_send() - send a message directly to the task waiting in
912 * sys_mq_timedreceive() (without inserting message into a queue). 921 * sys_mq_timedreceive() (without inserting message into a queue).
913 */ 922 */
914 static inline void pipelined_send(struct mqueue_inode_info *info, 923 static inline void pipelined_send(struct mqueue_inode_info *info,
915 struct msg_msg *message, 924 struct msg_msg *message,
916 struct ext_wait_queue *receiver) 925 struct ext_wait_queue *receiver)
917 { 926 {
918 receiver->msg = message; 927 receiver->msg = message;
919 list_del(&receiver->list); 928 list_del(&receiver->list);
920 receiver->state = STATE_PENDING; 929 receiver->state = STATE_PENDING;
921 wake_up_process(receiver->task); 930 wake_up_process(receiver->task);
922 smp_wmb(); 931 smp_wmb();
923 receiver->state = STATE_READY; 932 receiver->state = STATE_READY;
924 } 933 }
925 934
926 /* pipelined_receive() - if there is task waiting in sys_mq_timedsend() 935 /* pipelined_receive() - if there is task waiting in sys_mq_timedsend()
927 * gets its message and put to the queue (we have one free place for sure). */ 936 * gets its message and put to the queue (we have one free place for sure). */
928 static inline void pipelined_receive(struct mqueue_inode_info *info) 937 static inline void pipelined_receive(struct mqueue_inode_info *info)
929 { 938 {
930 struct ext_wait_queue *sender = wq_get_first_waiter(info, SEND); 939 struct ext_wait_queue *sender = wq_get_first_waiter(info, SEND);
931 940
932 if (!sender) { 941 if (!sender) {
933 /* for poll */ 942 /* for poll */
934 wake_up_interruptible(&info->wait_q); 943 wake_up_interruptible(&info->wait_q);
935 return; 944 return;
936 } 945 }
937 if (msg_insert(sender->msg, info)) 946 if (msg_insert(sender->msg, info))
938 return; 947 return;
939 list_del(&sender->list); 948 list_del(&sender->list);
940 sender->state = STATE_PENDING; 949 sender->state = STATE_PENDING;
941 wake_up_process(sender->task); 950 wake_up_process(sender->task);
942 smp_wmb(); 951 smp_wmb();
943 sender->state = STATE_READY; 952 sender->state = STATE_READY;
944 } 953 }
945 954
946 SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, 955 SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
947 size_t, msg_len, unsigned int, msg_prio, 956 size_t, msg_len, unsigned int, msg_prio,
948 const struct timespec __user *, u_abs_timeout) 957 const struct timespec __user *, u_abs_timeout)
949 { 958 {
950 struct file *filp; 959 struct file *filp;
951 struct inode *inode; 960 struct inode *inode;
952 struct ext_wait_queue wait; 961 struct ext_wait_queue wait;
953 struct ext_wait_queue *receiver; 962 struct ext_wait_queue *receiver;
954 struct msg_msg *msg_ptr; 963 struct msg_msg *msg_ptr;
955 struct mqueue_inode_info *info; 964 struct mqueue_inode_info *info;
956 ktime_t expires, *timeout = NULL; 965 ktime_t expires, *timeout = NULL;
957 struct timespec ts; 966 struct timespec ts;
958 int ret; 967 int ret;
959 968
960 if (u_abs_timeout) { 969 if (u_abs_timeout) {
961 int res = prepare_timeout(u_abs_timeout, &expires, &ts); 970 int res = prepare_timeout(u_abs_timeout, &expires, &ts);
962 if (res) 971 if (res)
963 return res; 972 return res;
964 timeout = &expires; 973 timeout = &expires;
965 } 974 }
966 975
967 if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX)) 976 if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX))
968 return -EINVAL; 977 return -EINVAL;
969 978
970 audit_mq_sendrecv(mqdes, msg_len, msg_prio, timeout ? &ts : NULL); 979 audit_mq_sendrecv(mqdes, msg_len, msg_prio, timeout ? &ts : NULL);
971 980
972 filp = fget(mqdes); 981 filp = fget(mqdes);
973 if (unlikely(!filp)) { 982 if (unlikely(!filp)) {
974 ret = -EBADF; 983 ret = -EBADF;
975 goto out; 984 goto out;
976 } 985 }
977 986
978 inode = filp->f_path.dentry->d_inode; 987 inode = filp->f_path.dentry->d_inode;
979 if (unlikely(filp->f_op != &mqueue_file_operations)) { 988 if (unlikely(filp->f_op != &mqueue_file_operations)) {
980 ret = -EBADF; 989 ret = -EBADF;
981 goto out_fput; 990 goto out_fput;
982 } 991 }
983 info = MQUEUE_I(inode); 992 info = MQUEUE_I(inode);
984 audit_inode(NULL, filp->f_path.dentry); 993 audit_inode(NULL, filp->f_path.dentry);
985 994
986 if (unlikely(!(filp->f_mode & FMODE_WRITE))) { 995 if (unlikely(!(filp->f_mode & FMODE_WRITE))) {
987 ret = -EBADF; 996 ret = -EBADF;
988 goto out_fput; 997 goto out_fput;
989 } 998 }
990 999
991 if (unlikely(msg_len > info->attr.mq_msgsize)) { 1000 if (unlikely(msg_len > info->attr.mq_msgsize)) {
992 ret = -EMSGSIZE; 1001 ret = -EMSGSIZE;
993 goto out_fput; 1002 goto out_fput;
994 } 1003 }
995 1004
996 /* First try to allocate memory, before doing anything with 1005 /* First try to allocate memory, before doing anything with
997 * existing queues. */ 1006 * existing queues. */
998 msg_ptr = load_msg(u_msg_ptr, msg_len); 1007 msg_ptr = load_msg(u_msg_ptr, msg_len);
999 if (IS_ERR(msg_ptr)) { 1008 if (IS_ERR(msg_ptr)) {
1000 ret = PTR_ERR(msg_ptr); 1009 ret = PTR_ERR(msg_ptr);
1001 goto out_fput; 1010 goto out_fput;
1002 } 1011 }
1003 msg_ptr->m_ts = msg_len; 1012 msg_ptr->m_ts = msg_len;
1004 msg_ptr->m_type = msg_prio; 1013 msg_ptr->m_type = msg_prio;
1005 1014
1006 spin_lock(&info->lock); 1015 spin_lock(&info->lock);
1007 1016
1008 if (info->attr.mq_curmsgs == info->attr.mq_maxmsg) { 1017 if (info->attr.mq_curmsgs == info->attr.mq_maxmsg) {
1009 if (filp->f_flags & O_NONBLOCK) { 1018 if (filp->f_flags & O_NONBLOCK) {
1010 spin_unlock(&info->lock); 1019 spin_unlock(&info->lock);
1011 ret = -EAGAIN; 1020 ret = -EAGAIN;
1012 } else { 1021 } else {
1013 wait.task = current; 1022 wait.task = current;
1014 wait.msg = (void *) msg_ptr; 1023 wait.msg = (void *) msg_ptr;
1015 wait.state = STATE_NONE; 1024 wait.state = STATE_NONE;
1016 ret = wq_sleep(info, SEND, timeout, &wait); 1025 ret = wq_sleep(info, SEND, timeout, &wait);
1017 } 1026 }
1018 if (ret < 0) 1027 if (ret < 0)
1019 free_msg(msg_ptr); 1028 free_msg(msg_ptr);
1020 } else { 1029 } else {
1021 receiver = wq_get_first_waiter(info, RECV); 1030 receiver = wq_get_first_waiter(info, RECV);
1022 if (receiver) { 1031 if (receiver) {
1023 pipelined_send(info, msg_ptr, receiver); 1032 pipelined_send(info, msg_ptr, receiver);
1024 } else { 1033 } else {
1025 /* adds message to the queue */ 1034 /* adds message to the queue */
1026 if (msg_insert(msg_ptr, info)) { 1035 if (msg_insert(msg_ptr, info)) {
1027 free_msg(msg_ptr); 1036 free_msg(msg_ptr);
1028 ret = -ENOMEM; 1037 ret = -ENOMEM;
1029 spin_unlock(&info->lock); 1038 spin_unlock(&info->lock);
1030 goto out_fput; 1039 goto out_fput;
1031 } 1040 }
1032 __do_notify(info); 1041 __do_notify(info);
1033 } 1042 }
1034 inode->i_atime = inode->i_mtime = inode->i_ctime = 1043 inode->i_atime = inode->i_mtime = inode->i_ctime =
1035 CURRENT_TIME; 1044 CURRENT_TIME;
1036 spin_unlock(&info->lock); 1045 spin_unlock(&info->lock);
1037 ret = 0; 1046 ret = 0;
1038 } 1047 }
1039 out_fput: 1048 out_fput:
1040 fput(filp); 1049 fput(filp);
1041 out: 1050 out:
1042 return ret; 1051 return ret;
1043 } 1052 }
1044 1053
1045 SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, 1054 SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
1046 size_t, msg_len, unsigned int __user *, u_msg_prio, 1055 size_t, msg_len, unsigned int __user *, u_msg_prio,
1047 const struct timespec __user *, u_abs_timeout) 1056 const struct timespec __user *, u_abs_timeout)
1048 { 1057 {
1049 ssize_t ret; 1058 ssize_t ret;
1050 struct msg_msg *msg_ptr; 1059 struct msg_msg *msg_ptr;
1051 struct file *filp; 1060 struct file *filp;
1052 struct inode *inode; 1061 struct inode *inode;
1053 struct mqueue_inode_info *info; 1062 struct mqueue_inode_info *info;
1054 struct ext_wait_queue wait; 1063 struct ext_wait_queue wait;
1055 ktime_t expires, *timeout = NULL; 1064 ktime_t expires, *timeout = NULL;
1056 struct timespec ts; 1065 struct timespec ts;
1057 1066
1058 if (u_abs_timeout) { 1067 if (u_abs_timeout) {
1059 int res = prepare_timeout(u_abs_timeout, &expires, &ts); 1068 int res = prepare_timeout(u_abs_timeout, &expires, &ts);
1060 if (res) 1069 if (res)
1061 return res; 1070 return res;
1062 timeout = &expires; 1071 timeout = &expires;
1063 } 1072 }
1064 1073
1065 audit_mq_sendrecv(mqdes, msg_len, 0, timeout ? &ts : NULL); 1074 audit_mq_sendrecv(mqdes, msg_len, 0, timeout ? &ts : NULL);
1066 1075
1067 filp = fget(mqdes); 1076 filp = fget(mqdes);
1068 if (unlikely(!filp)) { 1077 if (unlikely(!filp)) {
1069 ret = -EBADF; 1078 ret = -EBADF;
1070 goto out; 1079 goto out;
1071 } 1080 }
1072 1081
1073 inode = filp->f_path.dentry->d_inode; 1082 inode = filp->f_path.dentry->d_inode;
1074 if (unlikely(filp->f_op != &mqueue_file_operations)) { 1083 if (unlikely(filp->f_op != &mqueue_file_operations)) {
1075 ret = -EBADF; 1084 ret = -EBADF;
1076 goto out_fput; 1085 goto out_fput;
1077 } 1086 }
1078 info = MQUEUE_I(inode); 1087 info = MQUEUE_I(inode);
1079 audit_inode(NULL, filp->f_path.dentry); 1088 audit_inode(NULL, filp->f_path.dentry);
1080 1089
1081 if (unlikely(!(filp->f_mode & FMODE_READ))) { 1090 if (unlikely(!(filp->f_mode & FMODE_READ))) {
1082 ret = -EBADF; 1091 ret = -EBADF;
1083 goto out_fput; 1092 goto out_fput;
1084 } 1093 }
1085 1094
1086 /* checks if buffer is big enough */ 1095 /* checks if buffer is big enough */
1087 if (unlikely(msg_len < info->attr.mq_msgsize)) { 1096 if (unlikely(msg_len < info->attr.mq_msgsize)) {
1088 ret = -EMSGSIZE; 1097 ret = -EMSGSIZE;
1089 goto out_fput; 1098 goto out_fput;
1090 } 1099 }
1091 1100
1092 spin_lock(&info->lock); 1101 spin_lock(&info->lock);
1093 if (info->attr.mq_curmsgs == 0) { 1102 if (info->attr.mq_curmsgs == 0) {
1094 if (filp->f_flags & O_NONBLOCK) { 1103 if (filp->f_flags & O_NONBLOCK) {
1095 spin_unlock(&info->lock); 1104 spin_unlock(&info->lock);
1096 ret = -EAGAIN; 1105 ret = -EAGAIN;
1097 } else { 1106 } else {
1098 wait.task = current; 1107 wait.task = current;
1099 wait.state = STATE_NONE; 1108 wait.state = STATE_NONE;
1100 ret = wq_sleep(info, RECV, timeout, &wait); 1109 ret = wq_sleep(info, RECV, timeout, &wait);
1101 msg_ptr = wait.msg; 1110 msg_ptr = wait.msg;
1102 } 1111 }
1103 } else { 1112 } else {
1104 msg_ptr = msg_get(info); 1113 msg_ptr = msg_get(info);
1105 1114
1106 inode->i_atime = inode->i_mtime = inode->i_ctime = 1115 inode->i_atime = inode->i_mtime = inode->i_ctime =
1107 CURRENT_TIME; 1116 CURRENT_TIME;
1108 1117
1109 /* There is now free space in queue. */ 1118 /* There is now free space in queue. */
1110 pipelined_receive(info); 1119 pipelined_receive(info);
1111 spin_unlock(&info->lock); 1120 spin_unlock(&info->lock);
1112 ret = 0; 1121 ret = 0;
1113 } 1122 }
1114 if (ret == 0) { 1123 if (ret == 0) {
1115 ret = msg_ptr->m_ts; 1124 ret = msg_ptr->m_ts;
1116 1125
1117 if ((u_msg_prio && put_user(msg_ptr->m_type, u_msg_prio)) || 1126 if ((u_msg_prio && put_user(msg_ptr->m_type, u_msg_prio)) ||
1118 store_msg(u_msg_ptr, msg_ptr, msg_ptr->m_ts)) { 1127 store_msg(u_msg_ptr, msg_ptr, msg_ptr->m_ts)) {
1119 ret = -EFAULT; 1128 ret = -EFAULT;
1120 } 1129 }
1121 free_msg(msg_ptr); 1130 free_msg(msg_ptr);
1122 } 1131 }
1123 out_fput: 1132 out_fput:
1124 fput(filp); 1133 fput(filp);
1125 out: 1134 out:
1126 return ret; 1135 return ret;
1127 } 1136 }
1128 1137
1129 /* 1138 /*
1130 * Notes: the case when user wants us to deregister (with NULL as pointer) 1139 * Notes: the case when user wants us to deregister (with NULL as pointer)
1131 * and he isn't currently owner of notification, will be silently discarded. 1140 * and he isn't currently owner of notification, will be silently discarded.
1132 * It isn't explicitly defined in the POSIX. 1141 * It isn't explicitly defined in the POSIX.
1133 */ 1142 */
1134 SYSCALL_DEFINE2(mq_notify, mqd_t, mqdes, 1143 SYSCALL_DEFINE2(mq_notify, mqd_t, mqdes,
1135 const struct sigevent __user *, u_notification) 1144 const struct sigevent __user *, u_notification)
1136 { 1145 {
1137 int ret; 1146 int ret;
1138 struct file *filp; 1147 struct file *filp;
1139 struct sock *sock; 1148 struct sock *sock;
1140 struct inode *inode; 1149 struct inode *inode;
1141 struct sigevent notification; 1150 struct sigevent notification;
1142 struct mqueue_inode_info *info; 1151 struct mqueue_inode_info *info;
1143 struct sk_buff *nc; 1152 struct sk_buff *nc;
1144 1153
1145 if (u_notification) { 1154 if (u_notification) {
1146 if (copy_from_user(&notification, u_notification, 1155 if (copy_from_user(&notification, u_notification,
1147 sizeof(struct sigevent))) 1156 sizeof(struct sigevent)))
1148 return -EFAULT; 1157 return -EFAULT;
1149 } 1158 }
1150 1159
1151 audit_mq_notify(mqdes, u_notification ? &notification : NULL); 1160 audit_mq_notify(mqdes, u_notification ? &notification : NULL);
1152 1161
1153 nc = NULL; 1162 nc = NULL;
1154 sock = NULL; 1163 sock = NULL;
1155 if (u_notification != NULL) { 1164 if (u_notification != NULL) {
1156 if (unlikely(notification.sigev_notify != SIGEV_NONE && 1165 if (unlikely(notification.sigev_notify != SIGEV_NONE &&
1157 notification.sigev_notify != SIGEV_SIGNAL && 1166 notification.sigev_notify != SIGEV_SIGNAL &&
1158 notification.sigev_notify != SIGEV_THREAD)) 1167 notification.sigev_notify != SIGEV_THREAD))
1159 return -EINVAL; 1168 return -EINVAL;
1160 if (notification.sigev_notify == SIGEV_SIGNAL && 1169 if (notification.sigev_notify == SIGEV_SIGNAL &&
1161 !valid_signal(notification.sigev_signo)) { 1170 !valid_signal(notification.sigev_signo)) {
1162 return -EINVAL; 1171 return -EINVAL;
1163 } 1172 }
1164 if (notification.sigev_notify == SIGEV_THREAD) { 1173 if (notification.sigev_notify == SIGEV_THREAD) {
1165 long timeo; 1174 long timeo;
1166 1175
1167 /* create the notify skb */ 1176 /* create the notify skb */
1168 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL); 1177 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
1169 if (!nc) { 1178 if (!nc) {
1170 ret = -ENOMEM; 1179 ret = -ENOMEM;
1171 goto out; 1180 goto out;
1172 } 1181 }
1173 if (copy_from_user(nc->data, 1182 if (copy_from_user(nc->data,
1174 notification.sigev_value.sival_ptr, 1183 notification.sigev_value.sival_ptr,
1175 NOTIFY_COOKIE_LEN)) { 1184 NOTIFY_COOKIE_LEN)) {
1176 ret = -EFAULT; 1185 ret = -EFAULT;
1177 goto out; 1186 goto out;
1178 } 1187 }
1179 1188
1180 /* TODO: add a header? */ 1189 /* TODO: add a header? */
1181 skb_put(nc, NOTIFY_COOKIE_LEN); 1190 skb_put(nc, NOTIFY_COOKIE_LEN);
1182 /* and attach it to the socket */ 1191 /* and attach it to the socket */
1183 retry: 1192 retry:
1184 filp = fget(notification.sigev_signo); 1193 filp = fget(notification.sigev_signo);
1185 if (!filp) { 1194 if (!filp) {
1186 ret = -EBADF; 1195 ret = -EBADF;
1187 goto out; 1196 goto out;
1188 } 1197 }
1189 sock = netlink_getsockbyfilp(filp); 1198 sock = netlink_getsockbyfilp(filp);
1190 fput(filp); 1199 fput(filp);
1191 if (IS_ERR(sock)) { 1200 if (IS_ERR(sock)) {
1192 ret = PTR_ERR(sock); 1201 ret = PTR_ERR(sock);
1193 sock = NULL; 1202 sock = NULL;
1194 goto out; 1203 goto out;
1195 } 1204 }
1196 1205
1197 timeo = MAX_SCHEDULE_TIMEOUT; 1206 timeo = MAX_SCHEDULE_TIMEOUT;
1198 ret = netlink_attachskb(sock, nc, &timeo, NULL); 1207 ret = netlink_attachskb(sock, nc, &timeo, NULL);
1199 if (ret == 1) 1208 if (ret == 1)
1200 goto retry; 1209 goto retry;
1201 if (ret) { 1210 if (ret) {
1202 sock = NULL; 1211 sock = NULL;
1203 nc = NULL; 1212 nc = NULL;
1204 goto out; 1213 goto out;
1205 } 1214 }
1206 } 1215 }
1207 } 1216 }
1208 1217
1209 filp = fget(mqdes); 1218 filp = fget(mqdes);
1210 if (!filp) { 1219 if (!filp) {
1211 ret = -EBADF; 1220 ret = -EBADF;
1212 goto out; 1221 goto out;
1213 } 1222 }
1214 1223
1215 inode = filp->f_path.dentry->d_inode; 1224 inode = filp->f_path.dentry->d_inode;
1216 if (unlikely(filp->f_op != &mqueue_file_operations)) { 1225 if (unlikely(filp->f_op != &mqueue_file_operations)) {
1217 ret = -EBADF; 1226 ret = -EBADF;
1218 goto out_fput; 1227 goto out_fput;
1219 } 1228 }
1220 info = MQUEUE_I(inode); 1229 info = MQUEUE_I(inode);
1221 1230
1222 ret = 0; 1231 ret = 0;
1223 spin_lock(&info->lock); 1232 spin_lock(&info->lock);
1224 if (u_notification == NULL) { 1233 if (u_notification == NULL) {
1225 if (info->notify_owner == task_tgid(current)) { 1234 if (info->notify_owner == task_tgid(current)) {
1226 remove_notification(info); 1235 remove_notification(info);
1227 inode->i_atime = inode->i_ctime = CURRENT_TIME; 1236 inode->i_atime = inode->i_ctime = CURRENT_TIME;
1228 } 1237 }
1229 } else if (info->notify_owner != NULL) { 1238 } else if (info->notify_owner != NULL) {
1230 ret = -EBUSY; 1239 ret = -EBUSY;
1231 } else { 1240 } else {
1232 switch (notification.sigev_notify) { 1241 switch (notification.sigev_notify) {
1233 case SIGEV_NONE: 1242 case SIGEV_NONE:
1234 info->notify.sigev_notify = SIGEV_NONE; 1243 info->notify.sigev_notify = SIGEV_NONE;
1235 break; 1244 break;
1236 case SIGEV_THREAD: 1245 case SIGEV_THREAD:
1237 info->notify_sock = sock; 1246 info->notify_sock = sock;
1238 info->notify_cookie = nc; 1247 info->notify_cookie = nc;
1239 sock = NULL; 1248 sock = NULL;
1240 nc = NULL; 1249 nc = NULL;
1241 info->notify.sigev_notify = SIGEV_THREAD; 1250 info->notify.sigev_notify = SIGEV_THREAD;
1242 break; 1251 break;
1243 case SIGEV_SIGNAL: 1252 case SIGEV_SIGNAL:
1244 info->notify.sigev_signo = notification.sigev_signo; 1253 info->notify.sigev_signo = notification.sigev_signo;
1245 info->notify.sigev_value = notification.sigev_value; 1254 info->notify.sigev_value = notification.sigev_value;
1246 info->notify.sigev_notify = SIGEV_SIGNAL; 1255 info->notify.sigev_notify = SIGEV_SIGNAL;
1247 break; 1256 break;
1248 } 1257 }
1249 1258
1250 info->notify_owner = get_pid(task_tgid(current)); 1259 info->notify_owner = get_pid(task_tgid(current));
1251 info->notify_user_ns = get_user_ns(current_user_ns()); 1260 info->notify_user_ns = get_user_ns(current_user_ns());
1252 inode->i_atime = inode->i_ctime = CURRENT_TIME; 1261 inode->i_atime = inode->i_ctime = CURRENT_TIME;
1253 } 1262 }
1254 spin_unlock(&info->lock); 1263 spin_unlock(&info->lock);
1255 out_fput: 1264 out_fput:
1256 fput(filp); 1265 fput(filp);
1257 out: 1266 out:
1258 if (sock) { 1267 if (sock) {
1259 netlink_detachskb(sock, nc); 1268 netlink_detachskb(sock, nc);
1260 } else if (nc) { 1269 } else if (nc) {
1261 dev_kfree_skb(nc); 1270 dev_kfree_skb(nc);
1262 } 1271 }
1263 return ret; 1272 return ret;
1264 } 1273 }
1265 1274
1266 SYSCALL_DEFINE3(mq_getsetattr, mqd_t, mqdes, 1275 SYSCALL_DEFINE3(mq_getsetattr, mqd_t, mqdes,
1267 const struct mq_attr __user *, u_mqstat, 1276 const struct mq_attr __user *, u_mqstat,
1268 struct mq_attr __user *, u_omqstat) 1277 struct mq_attr __user *, u_omqstat)
1269 { 1278 {
1270 int ret; 1279 int ret;
1271 struct mq_attr mqstat, omqstat; 1280 struct mq_attr mqstat, omqstat;
1272 struct file *filp; 1281 struct file *filp;
1273 struct inode *inode; 1282 struct inode *inode;
1274 struct mqueue_inode_info *info; 1283 struct mqueue_inode_info *info;
1275 1284
1276 if (u_mqstat != NULL) { 1285 if (u_mqstat != NULL) {
1277 if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr))) 1286 if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr)))
1278 return -EFAULT; 1287 return -EFAULT;
1279 if (mqstat.mq_flags & (~O_NONBLOCK)) 1288 if (mqstat.mq_flags & (~O_NONBLOCK))
1280 return -EINVAL; 1289 return -EINVAL;
1281 } 1290 }
1282 1291
1283 filp = fget(mqdes); 1292 filp = fget(mqdes);
1284 if (!filp) { 1293 if (!filp) {
1285 ret = -EBADF; 1294 ret = -EBADF;
1286 goto out; 1295 goto out;
1287 } 1296 }
1288 1297
1289 inode = filp->f_path.dentry->d_inode; 1298 inode = filp->f_path.dentry->d_inode;
1290 if (unlikely(filp->f_op != &mqueue_file_operations)) { 1299 if (unlikely(filp->f_op != &mqueue_file_operations)) {
1291 ret = -EBADF; 1300 ret = -EBADF;
1292 goto out_fput; 1301 goto out_fput;
1293 } 1302 }
1294 info = MQUEUE_I(inode); 1303 info = MQUEUE_I(inode);
1295 1304
1296 spin_lock(&info->lock); 1305 spin_lock(&info->lock);
1297 1306
1298 omqstat = info->attr; 1307 omqstat = info->attr;
1299 omqstat.mq_flags = filp->f_flags & O_NONBLOCK; 1308 omqstat.mq_flags = filp->f_flags & O_NONBLOCK;
1300 if (u_mqstat) { 1309 if (u_mqstat) {
1301 audit_mq_getsetattr(mqdes, &mqstat); 1310 audit_mq_getsetattr(mqdes, &mqstat);
1302 spin_lock(&filp->f_lock); 1311 spin_lock(&filp->f_lock);
1303 if (mqstat.mq_flags & O_NONBLOCK) 1312 if (mqstat.mq_flags & O_NONBLOCK)
1304 filp->f_flags |= O_NONBLOCK; 1313 filp->f_flags |= O_NONBLOCK;
1305 else 1314 else
1306 filp->f_flags &= ~O_NONBLOCK; 1315 filp->f_flags &= ~O_NONBLOCK;
1307 spin_unlock(&filp->f_lock); 1316 spin_unlock(&filp->f_lock);
1308 1317
1309 inode->i_atime = inode->i_ctime = CURRENT_TIME; 1318 inode->i_atime = inode->i_ctime = CURRENT_TIME;
1310 } 1319 }
1311 1320
1312 spin_unlock(&info->lock); 1321 spin_unlock(&info->lock);
1313 1322
1314 ret = 0; 1323 ret = 0;
1315 if (u_omqstat != NULL && copy_to_user(u_omqstat, &omqstat, 1324 if (u_omqstat != NULL && copy_to_user(u_omqstat, &omqstat,
1316 sizeof(struct mq_attr))) 1325 sizeof(struct mq_attr)))
1317 ret = -EFAULT; 1326 ret = -EFAULT;
1318 1327
1319 out_fput: 1328 out_fput:
1320 fput(filp); 1329 fput(filp);
1321 out: 1330 out:
1322 return ret; 1331 return ret;
1323 } 1332 }
1324 1333
1325 static const struct inode_operations mqueue_dir_inode_operations = { 1334 static const struct inode_operations mqueue_dir_inode_operations = {
1326 .lookup = simple_lookup, 1335 .lookup = simple_lookup,
1327 .create = mqueue_create, 1336 .create = mqueue_create,
1328 .unlink = mqueue_unlink, 1337 .unlink = mqueue_unlink,
1329 }; 1338 };
1330 1339
1331 static const struct file_operations mqueue_file_operations = { 1340 static const struct file_operations mqueue_file_operations = {
1332 .flush = mqueue_flush_file, 1341 .flush = mqueue_flush_file,
1333 .poll = mqueue_poll_file, 1342 .poll = mqueue_poll_file,
1334 .read = mqueue_read_file, 1343 .read = mqueue_read_file,
1335 .llseek = default_llseek, 1344 .llseek = default_llseek,
1336 }; 1345 };
1337 1346
1338 static const struct super_operations mqueue_super_ops = { 1347 static const struct super_operations mqueue_super_ops = {
1339 .alloc_inode = mqueue_alloc_inode, 1348 .alloc_inode = mqueue_alloc_inode,
1340 .destroy_inode = mqueue_destroy_inode, 1349 .destroy_inode = mqueue_destroy_inode,
1341 .evict_inode = mqueue_evict_inode, 1350 .evict_inode = mqueue_evict_inode,
1342 .statfs = simple_statfs, 1351 .statfs = simple_statfs,
1343 }; 1352 };
1344 1353
1345 static struct file_system_type mqueue_fs_type = { 1354 static struct file_system_type mqueue_fs_type = {
1346 .name = "mqueue", 1355 .name = "mqueue",
1347 .mount = mqueue_mount, 1356 .mount = mqueue_mount,
1348 .kill_sb = kill_litter_super, 1357 .kill_sb = kill_litter_super,
1349 }; 1358 };
1350 1359
1351 int mq_init_ns(struct ipc_namespace *ns) 1360 int mq_init_ns(struct ipc_namespace *ns)
1352 { 1361 {
1353 ns->mq_queues_count = 0; 1362 ns->mq_queues_count = 0;
1354 ns->mq_queues_max = DFLT_QUEUESMAX; 1363 ns->mq_queues_max = DFLT_QUEUESMAX;
1355 ns->mq_msg_max = DFLT_MSGMAX; 1364 ns->mq_msg_max = DFLT_MSGMAX;
1356 ns->mq_msgsize_max = DFLT_MSGSIZEMAX; 1365 ns->mq_msgsize_max = DFLT_MSGSIZEMAX;
1357 ns->mq_msg_default = DFLT_MSG; 1366 ns->mq_msg_default = DFLT_MSG;
1358 ns->mq_msgsize_default = DFLT_MSGSIZE; 1367 ns->mq_msgsize_default = DFLT_MSGSIZE;
1359 1368
1360 ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); 1369 ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns);
1361 if (IS_ERR(ns->mq_mnt)) { 1370 if (IS_ERR(ns->mq_mnt)) {
1362 int err = PTR_ERR(ns->mq_mnt); 1371 int err = PTR_ERR(ns->mq_mnt);
1363 ns->mq_mnt = NULL; 1372 ns->mq_mnt = NULL;
1364 return err; 1373 return err;
1365 } 1374 }
1366 return 0; 1375 return 0;
1367 } 1376 }
1368 1377
1369 void mq_clear_sbinfo(struct ipc_namespace *ns) 1378 void mq_clear_sbinfo(struct ipc_namespace *ns)
1370 { 1379 {
1371 ns->mq_mnt->mnt_sb->s_fs_info = NULL; 1380 ns->mq_mnt->mnt_sb->s_fs_info = NULL;
1372 } 1381 }
1373 1382
1374 void mq_put_mnt(struct ipc_namespace *ns) 1383 void mq_put_mnt(struct ipc_namespace *ns)
1375 { 1384 {
1376 kern_unmount(ns->mq_mnt); 1385 kern_unmount(ns->mq_mnt);
1377 } 1386 }
1378 1387
1379 static int __init init_mqueue_fs(void) 1388 static int __init init_mqueue_fs(void)
1380 { 1389 {
1381 int error; 1390 int error;
1382 1391
1383 mqueue_inode_cachep = kmem_cache_create("mqueue_inode_cache", 1392 mqueue_inode_cachep = kmem_cache_create("mqueue_inode_cache",
1384 sizeof(struct mqueue_inode_info), 0, 1393 sizeof(struct mqueue_inode_info), 0,
1385 SLAB_HWCACHE_ALIGN, init_once); 1394 SLAB_HWCACHE_ALIGN, init_once);
1386 if (mqueue_inode_cachep == NULL) 1395 if (mqueue_inode_cachep == NULL)
1387 return -ENOMEM; 1396 return -ENOMEM;
1388 1397
1389 /* ignore failures - they are not fatal */ 1398 /* ignore failures - they are not fatal */
1390 mq_sysctl_table = mq_register_sysctl_table(); 1399 mq_sysctl_table = mq_register_sysctl_table();
1391 1400
1392 error = register_filesystem(&mqueue_fs_type); 1401 error = register_filesystem(&mqueue_fs_type);
1393 if (error) 1402 if (error)
1394 goto out_sysctl; 1403 goto out_sysctl;
1395 1404
1396 spin_lock_init(&mq_lock); 1405 spin_lock_init(&mq_lock);
1397 1406
1398 error = mq_init_ns(&init_ipc_ns); 1407 error = mq_init_ns(&init_ipc_ns);
1399 if (error) 1408 if (error)
1400 goto out_filesystem; 1409 goto out_filesystem;
1401 1410
1402 return 0; 1411 return 0;
1403 1412
1404 out_filesystem: 1413 out_filesystem:
1405 unregister_filesystem(&mqueue_fs_type); 1414 unregister_filesystem(&mqueue_fs_type);
1406 out_sysctl: 1415 out_sysctl:
1407 if (mq_sysctl_table) 1416 if (mq_sysctl_table)
1408 unregister_sysctl_table(mq_sysctl_table); 1417 unregister_sysctl_table(mq_sysctl_table);
1409 kmem_cache_destroy(mqueue_inode_cachep); 1418 kmem_cache_destroy(mqueue_inode_cachep);
1410 return error; 1419 return error;
1411 } 1420 }
1412 1421
1413 __initcall(init_mqueue_fs); 1422 __initcall(init_mqueue_fs);