Blame view
ipc/msg.c
20.9 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 |
/* * linux/ipc/msg.c |
5a06a363e [PATCH] ipc/msg.c... |
3 |
* Copyright (C) 1992 Krishna Balasubramanian |
1da177e4c Linux-2.6.12-rc2 |
4 5 6 7 8 9 10 11 12 13 14 |
* * Removed all the remaining kerneld mess * Catch the -EFAULT stuff properly * Use GFP_KERNEL for messages as in 1.2 * Fixed up the unchecked user space derefs * Copyright (C) 1998 Alan Cox & Andi Kleen * * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com> * * mostly rewritten, threaded and wake-one semantics added * MSGMAX limit removed, sysctl's added |
624dffcbc correct email add... |
15 |
* (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
073115d6b [PATCH] Rework of... |
16 17 18 |
* * support for audit of ipc object properties and permission changes * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
1e7869373 [PATCH] IPC names... |
19 20 21 22 |
* * namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
1da177e4c Linux-2.6.12-rc2 |
23 |
*/ |
c59ede7b7 [PATCH] move capa... |
24 |
#include <linux/capability.h> |
1da177e4c Linux-2.6.12-rc2 |
25 26 27 |
#include <linux/msg.h> #include <linux/spinlock.h> #include <linux/init.h> |
f7bf3df8b ipc: scale msgmni... |
28 |
#include <linux/mm.h> |
1da177e4c Linux-2.6.12-rc2 |
29 30 31 32 33 34 |
#include <linux/proc_fs.h> #include <linux/list.h> #include <linux/security.h> #include <linux/sched.h> #include <linux/syscalls.h> #include <linux/audit.h> |
19b4946ca [PATCH] ipc: conv... |
35 |
#include <linux/seq_file.h> |
3e148c799 fix idr_find() lo... |
36 |
#include <linux/rwsem.h> |
1e7869373 [PATCH] IPC names... |
37 |
#include <linux/nsproxy.h> |
ae5e1b22f namespaces: move ... |
38 |
#include <linux/ipc_namespace.h> |
5f921ae96 [PATCH] sem2mutex... |
39 |
|
1da177e4c Linux-2.6.12-rc2 |
40 41 42 |
#include <asm/current.h> #include <asm/uaccess.h> #include "util.h" |
5a06a363e [PATCH] ipc/msg.c... |
43 44 45 |
/* * one msg_receiver structure for each sleeping receiver: */ |
1da177e4c Linux-2.6.12-rc2 |
46 |
struct msg_receiver { |
5a06a363e [PATCH] ipc/msg.c... |
47 48 |
struct list_head r_list; struct task_struct *r_tsk; |
1da177e4c Linux-2.6.12-rc2 |
49 |
|
5a06a363e [PATCH] ipc/msg.c... |
50 51 52 |
int r_mode; long r_msgtype; long r_maxsize; |
1da177e4c Linux-2.6.12-rc2 |
53 |
|
80491eb90 Revert unintentio... |
54 |
struct msg_msg *volatile r_msg; |
1da177e4c Linux-2.6.12-rc2 |
55 56 57 58 |
}; /* one msg_sender for each sleeping sender */ struct msg_sender { |
5a06a363e [PATCH] ipc/msg.c... |
59 60 |
struct list_head list; struct task_struct *tsk; |
1da177e4c Linux-2.6.12-rc2 |
61 62 63 64 65 66 |
}; #define SEARCH_ANY 1 #define SEARCH_EQUAL 2 #define SEARCH_NOTEQUAL 3 #define SEARCH_LESSEQUAL 4 |
ed2ddbf88 IPC: make struct ... |
67 |
#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS]) |
1da177e4c Linux-2.6.12-rc2 |
68 |
|
1e7869373 [PATCH] IPC names... |
69 |
#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) |
1e7869373 [PATCH] IPC names... |
70 |
|
01b8b07a5 IPC: consolidate ... |
71 |
static void freeque(struct ipc_namespace *, struct kern_ipc_perm *); |
7748dbfaa ipc: unify the sy... |
72 |
static int newque(struct ipc_namespace *, struct ipc_params *); |
1da177e4c Linux-2.6.12-rc2 |
73 |
#ifdef CONFIG_PROC_FS |
19b4946ca [PATCH] ipc: conv... |
74 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it); |
1da177e4c Linux-2.6.12-rc2 |
75 |
#endif |
f7bf3df8b ipc: scale msgmni... |
76 77 78 |
/* * Scale msgmni with the available lowmem size: the memory dedicated to msg * queues should occupy at most 1/MSG_MEM_SCALE of lowmem. |
4d89dc6ab ipc: scale msgmni... |
79 80 |
* Also take into account the number of nsproxies created so far. * This should be done staying within the (MSGMNI , IPCMNI/nr_ipc_ns) range. |
f7bf3df8b ipc: scale msgmni... |
81 |
*/ |
b6b337ad1 ipc: recompute ms... |
82 |
void recompute_msgmni(struct ipc_namespace *ns) |
f7bf3df8b ipc: scale msgmni... |
83 84 85 |
{ struct sysinfo i; unsigned long allowed; |
4d89dc6ab ipc: scale msgmni... |
86 |
int nb_ns; |
f7bf3df8b ipc: scale msgmni... |
87 88 89 90 |
si_meminfo(&i); allowed = (((i.totalram - i.totalhigh) / MSG_MEM_SCALE) * i.mem_unit) / MSGMNB; |
4d89dc6ab ipc: scale msgmni... |
91 92 |
nb_ns = atomic_read(&nr_ipc_ns); allowed /= nb_ns; |
f7bf3df8b ipc: scale msgmni... |
93 94 95 |
if (allowed < MSGMNI) { ns->msg_ctlmni = MSGMNI; |
dfcceb26f ipc: only output ... |
96 |
return; |
f7bf3df8b ipc: scale msgmni... |
97 |
} |
4d89dc6ab ipc: scale msgmni... |
98 99 |
if (allowed > IPCMNI / nb_ns) { ns->msg_ctlmni = IPCMNI / nb_ns; |
dfcceb26f ipc: only output ... |
100 |
return; |
f7bf3df8b ipc: scale msgmni... |
101 102 103 |
} ns->msg_ctlmni = allowed; |
f7bf3df8b ipc: scale msgmni... |
104 |
} |
ed2ddbf88 IPC: make struct ... |
105 |
void msg_init_ns(struct ipc_namespace *ns) |
1e7869373 [PATCH] IPC names... |
106 |
{ |
1e7869373 [PATCH] IPC names... |
107 108 |
ns->msg_ctlmax = MSGMAX; ns->msg_ctlmnb = MSGMNB; |
f7bf3df8b ipc: scale msgmni... |
109 110 |
recompute_msgmni(ns); |
3ac88a41f virtualization of... |
111 112 |
atomic_set(&ns->msg_bytes, 0); atomic_set(&ns->msg_hdrs, 0); |
ed2ddbf88 IPC: make struct ... |
113 |
ipc_init_ids(&ns->ids[IPC_MSG_IDS]); |
1e7869373 [PATCH] IPC names... |
114 |
} |
ae5e1b22f namespaces: move ... |
115 |
#ifdef CONFIG_IPC_NS |
1e7869373 [PATCH] IPC names... |
116 117 |
void msg_exit_ns(struct ipc_namespace *ns) { |
01b8b07a5 IPC: consolidate ... |
118 |
free_ipcs(ns, &msg_ids(ns), freeque); |
7d6feeb28 ipc ns: fix memor... |
119 |
idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr); |
1e7869373 [PATCH] IPC names... |
120 |
} |
ae5e1b22f namespaces: move ... |
121 |
#endif |
1e7869373 [PATCH] IPC names... |
122 |
|
5a06a363e [PATCH] ipc/msg.c... |
123 |
void __init msg_init(void) |
1da177e4c Linux-2.6.12-rc2 |
124 |
{ |
ed2ddbf88 IPC: make struct ... |
125 |
msg_init_ns(&init_ipc_ns); |
dfcceb26f ipc: only output ... |
126 127 128 129 |
printk(KERN_INFO "msgmni has been set to %d ", init_ipc_ns.msg_ctlmni); |
19b4946ca [PATCH] ipc: conv... |
130 131 132 |
ipc_init_proc_interface("sysvipc/msg", " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime ", |
1e7869373 [PATCH] IPC names... |
133 |
IPC_MSG_IDS, sysvipc_msg_proc_show); |
1da177e4c Linux-2.6.12-rc2 |
134 |
} |
3e148c799 fix idr_find() lo... |
135 |
/* |
3e148c799 fix idr_find() lo... |
136 137 138 |
* msg_lock_(check_) routines are called in the paths where the rw_mutex * is not held. */ |
023a53557 ipc: integrate ip... |
139 140 |
static inline struct msg_queue *msg_lock(struct ipc_namespace *ns, int id) { |
03f02c765 Storing ipcs into... |
141 |
struct kern_ipc_perm *ipcp = ipc_lock(&msg_ids(ns), id); |
b1ed88b47 IPC: fix error ch... |
142 143 |
if (IS_ERR(ipcp)) return (struct msg_queue *)ipcp; |
03f02c765 Storing ipcs into... |
144 |
return container_of(ipcp, struct msg_queue, q_perm); |
023a53557 ipc: integrate ip... |
145 146 147 148 149 |
} static inline struct msg_queue *msg_lock_check(struct ipc_namespace *ns, int id) { |
03f02c765 Storing ipcs into... |
150 |
struct kern_ipc_perm *ipcp = ipc_lock_check(&msg_ids(ns), id); |
b1ed88b47 IPC: fix error ch... |
151 152 |
if (IS_ERR(ipcp)) return (struct msg_queue *)ipcp; |
03f02c765 Storing ipcs into... |
153 |
return container_of(ipcp, struct msg_queue, q_perm); |
023a53557 ipc: integrate ip... |
154 |
} |
7ca7e564e ipc: store ipcs i... |
155 156 157 158 |
static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s) { ipc_rmid(&msg_ids(ns), &s->q_perm); } |
f4566f048 ipc: fix wrong co... |
159 160 161 162 163 |
/** * newque - Create a new msg queue * @ns: namespace * @params: ptr to the structure that contains the key and msgflg * |
3e148c799 fix idr_find() lo... |
164 |
* Called with msg_ids.rw_mutex held (writer) |
f4566f048 ipc: fix wrong co... |
165 |
*/ |
7748dbfaa ipc: unify the sy... |
166 |
static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
1da177e4c Linux-2.6.12-rc2 |
167 |
{ |
1da177e4c Linux-2.6.12-rc2 |
168 |
struct msg_queue *msq; |
5a06a363e [PATCH] ipc/msg.c... |
169 |
int id, retval; |
7748dbfaa ipc: unify the sy... |
170 171 |
key_t key = params->key; int msgflg = params->flg; |
1da177e4c Linux-2.6.12-rc2 |
172 |
|
5a06a363e [PATCH] ipc/msg.c... |
173 174 |
msq = ipc_rcu_alloc(sizeof(*msq)); if (!msq) |
1da177e4c Linux-2.6.12-rc2 |
175 |
return -ENOMEM; |
5a06a363e [PATCH] ipc/msg.c... |
176 |
msq->q_perm.mode = msgflg & S_IRWXUGO; |
1da177e4c Linux-2.6.12-rc2 |
177 178 179 180 181 182 183 184 |
msq->q_perm.key = key; msq->q_perm.security = NULL; retval = security_msg_queue_alloc(msq); if (retval) { ipc_rcu_putref(msq); return retval; } |
7ca7e564e ipc: store ipcs i... |
185 186 187 |
/* * ipc_addid() locks msq */ |
1e7869373 [PATCH] IPC names... |
188 |
id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
283bb7fad IPC: fix error ca... |
189 |
if (id < 0) { |
1da177e4c Linux-2.6.12-rc2 |
190 191 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); |
283bb7fad IPC: fix error ca... |
192 |
return id; |
1da177e4c Linux-2.6.12-rc2 |
193 194 195 196 197 |
} msq->q_stime = msq->q_rtime = 0; msq->q_ctime = get_seconds(); msq->q_cbytes = msq->q_qnum = 0; |
1e7869373 [PATCH] IPC names... |
198 |
msq->q_qbytes = ns->msg_ctlmnb; |
1da177e4c Linux-2.6.12-rc2 |
199 200 201 202 |
msq->q_lspid = msq->q_lrpid = 0; INIT_LIST_HEAD(&msq->q_messages); INIT_LIST_HEAD(&msq->q_receivers); INIT_LIST_HEAD(&msq->q_senders); |
7ca7e564e ipc: store ipcs i... |
203 |
|
1da177e4c Linux-2.6.12-rc2 |
204 |
msg_unlock(msq); |
7ca7e564e ipc: store ipcs i... |
205 |
return msq->q_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
206 |
} |
5a06a363e [PATCH] ipc/msg.c... |
207 |
static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss) |
1da177e4c Linux-2.6.12-rc2 |
208 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
209 210 211 |
mss->tsk = current; current->state = TASK_INTERRUPTIBLE; list_add_tail(&mss->list, &msq->q_senders); |
1da177e4c Linux-2.6.12-rc2 |
212 |
} |
5a06a363e [PATCH] ipc/msg.c... |
213 |
static inline void ss_del(struct msg_sender *mss) |
1da177e4c Linux-2.6.12-rc2 |
214 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
215 |
if (mss->list.next != NULL) |
1da177e4c Linux-2.6.12-rc2 |
216 217 |
list_del(&mss->list); } |
5a06a363e [PATCH] ipc/msg.c... |
218 |
static void ss_wakeup(struct list_head *h, int kill) |
1da177e4c Linux-2.6.12-rc2 |
219 220 221 222 223 |
{ struct list_head *tmp; tmp = h->next; while (tmp != h) { |
5a06a363e [PATCH] ipc/msg.c... |
224 225 226 |
struct msg_sender *mss; mss = list_entry(tmp, struct msg_sender, list); |
1da177e4c Linux-2.6.12-rc2 |
227 |
tmp = tmp->next; |
5a06a363e [PATCH] ipc/msg.c... |
228 229 |
if (kill) mss->list.next = NULL; |
1da177e4c Linux-2.6.12-rc2 |
230 231 232 |
wake_up_process(mss->tsk); } } |
5a06a363e [PATCH] ipc/msg.c... |
233 |
static void expunge_all(struct msg_queue *msq, int res) |
1da177e4c Linux-2.6.12-rc2 |
234 235 236 237 238 |
{ struct list_head *tmp; tmp = msq->q_receivers.next; while (tmp != &msq->q_receivers) { |
5a06a363e [PATCH] ipc/msg.c... |
239 240 241 |
struct msg_receiver *msr; msr = list_entry(tmp, struct msg_receiver, r_list); |
1da177e4c Linux-2.6.12-rc2 |
242 243 244 245 246 247 248 |
tmp = tmp->next; msr->r_msg = NULL; wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = ERR_PTR(res); } } |
5a06a363e [PATCH] ipc/msg.c... |
249 250 251 |
/* * freeque() wakes up waiters on the sender and receiver waiting queue, |
f4566f048 ipc: fix wrong co... |
252 253 |
* removes the message queue from message queue ID IDR, and cleans up all the * messages associated with this queue. |
1da177e4c Linux-2.6.12-rc2 |
254 |
* |
3e148c799 fix idr_find() lo... |
255 256 |
* msg_ids.rw_mutex (writer) and the spinlock for this message queue are held * before freeque() is called. msg_ids.rw_mutex remains locked on exit. |
1da177e4c Linux-2.6.12-rc2 |
257 |
*/ |
01b8b07a5 IPC: consolidate ... |
258 |
static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
1da177e4c Linux-2.6.12-rc2 |
259 260 |
{ struct list_head *tmp; |
01b8b07a5 IPC: consolidate ... |
261 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); |
1da177e4c Linux-2.6.12-rc2 |
262 |
|
5a06a363e [PATCH] ipc/msg.c... |
263 264 |
expunge_all(msq, -EIDRM); ss_wakeup(&msq->q_senders, 1); |
7ca7e564e ipc: store ipcs i... |
265 |
msg_rmid(ns, msq); |
1da177e4c Linux-2.6.12-rc2 |
266 |
msg_unlock(msq); |
5a06a363e [PATCH] ipc/msg.c... |
267 |
|
1da177e4c Linux-2.6.12-rc2 |
268 |
tmp = msq->q_messages.next; |
5a06a363e [PATCH] ipc/msg.c... |
269 270 |
while (tmp != &msq->q_messages) { struct msg_msg *msg = list_entry(tmp, struct msg_msg, m_list); |
1da177e4c Linux-2.6.12-rc2 |
271 |
tmp = tmp->next; |
3ac88a41f virtualization of... |
272 |
atomic_dec(&ns->msg_hdrs); |
1da177e4c Linux-2.6.12-rc2 |
273 274 |
free_msg(msg); } |
3ac88a41f virtualization of... |
275 |
atomic_sub(msq->q_cbytes, &ns->msg_bytes); |
1da177e4c Linux-2.6.12-rc2 |
276 277 278 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); } |
f4566f048 ipc: fix wrong co... |
279 |
/* |
3e148c799 fix idr_find() lo... |
280 |
* Called with msg_ids.rw_mutex and ipcp locked. |
f4566f048 ipc: fix wrong co... |
281 |
*/ |
03f02c765 Storing ipcs into... |
282 |
static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) |
7748dbfaa ipc: unify the sy... |
283 |
{ |
03f02c765 Storing ipcs into... |
284 285 286 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); return security_msg_queue_associate(msq, msgflg); |
7748dbfaa ipc: unify the sy... |
287 |
} |
e48fbb699 [CVE-2009-0029] S... |
288 |
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg) |
1da177e4c Linux-2.6.12-rc2 |
289 |
{ |
1e7869373 [PATCH] IPC names... |
290 |
struct ipc_namespace *ns; |
7748dbfaa ipc: unify the sy... |
291 292 |
struct ipc_ops msg_ops; struct ipc_params msg_params; |
1e7869373 [PATCH] IPC names... |
293 294 |
ns = current->nsproxy->ipc_ns; |
7ca7e564e ipc: store ipcs i... |
295 |
|
7748dbfaa ipc: unify the sy... |
296 297 298 299 300 301 |
msg_ops.getnew = newque; msg_ops.associate = msg_security; msg_ops.more_checks = NULL; msg_params.key = key; msg_params.flg = msgflg; |
5a06a363e [PATCH] ipc/msg.c... |
302 |
|
7748dbfaa ipc: unify the sy... |
303 |
return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params); |
1da177e4c Linux-2.6.12-rc2 |
304 |
} |
5a06a363e [PATCH] ipc/msg.c... |
305 306 |
static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) |
1da177e4c Linux-2.6.12-rc2 |
307 308 309 |
{ switch(version) { case IPC_64: |
5a06a363e [PATCH] ipc/msg.c... |
310 |
return copy_to_user(buf, in, sizeof(*in)); |
1da177e4c Linux-2.6.12-rc2 |
311 |
case IPC_OLD: |
5a06a363e [PATCH] ipc/msg.c... |
312 |
{ |
1da177e4c Linux-2.6.12-rc2 |
313 |
struct msqid_ds out; |
5a06a363e [PATCH] ipc/msg.c... |
314 |
memset(&out, 0, sizeof(out)); |
1da177e4c Linux-2.6.12-rc2 |
315 316 317 318 319 320 |
ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); out.msg_stime = in->msg_stime; out.msg_rtime = in->msg_rtime; out.msg_ctime = in->msg_ctime; |
4be929be3 kernel-wide: repl... |
321 322 |
if (in->msg_cbytes > USHRT_MAX) out.msg_cbytes = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
323 324 325 |
else out.msg_cbytes = in->msg_cbytes; out.msg_lcbytes = in->msg_cbytes; |
4be929be3 kernel-wide: repl... |
326 327 |
if (in->msg_qnum > USHRT_MAX) out.msg_qnum = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
328 329 |
else out.msg_qnum = in->msg_qnum; |
4be929be3 kernel-wide: repl... |
330 331 |
if (in->msg_qbytes > USHRT_MAX) out.msg_qbytes = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
332 333 334 335 336 337 |
else out.msg_qbytes = in->msg_qbytes; out.msg_lqbytes = in->msg_qbytes; out.msg_lspid = in->msg_lspid; out.msg_lrpid = in->msg_lrpid; |
5a06a363e [PATCH] ipc/msg.c... |
338 339 |
return copy_to_user(buf, &out, sizeof(out)); } |
1da177e4c Linux-2.6.12-rc2 |
340 341 342 343 |
default: return -EINVAL; } } |
5a06a363e [PATCH] ipc/msg.c... |
344 |
static inline unsigned long |
016d7132f IPC: get rid of t... |
345 |
copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
346 347 348 |
{ switch(version) { case IPC_64: |
016d7132f IPC: get rid of t... |
349 |
if (copy_from_user(out, buf, sizeof(*out))) |
1da177e4c Linux-2.6.12-rc2 |
350 |
return -EFAULT; |
1da177e4c Linux-2.6.12-rc2 |
351 |
return 0; |
1da177e4c Linux-2.6.12-rc2 |
352 |
case IPC_OLD: |
5a06a363e [PATCH] ipc/msg.c... |
353 |
{ |
1da177e4c Linux-2.6.12-rc2 |
354 |
struct msqid_ds tbuf_old; |
5a06a363e [PATCH] ipc/msg.c... |
355 |
if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) |
1da177e4c Linux-2.6.12-rc2 |
356 |
return -EFAULT; |
016d7132f IPC: get rid of t... |
357 358 359 |
out->msg_perm.uid = tbuf_old.msg_perm.uid; out->msg_perm.gid = tbuf_old.msg_perm.gid; out->msg_perm.mode = tbuf_old.msg_perm.mode; |
1da177e4c Linux-2.6.12-rc2 |
360 |
|
5a06a363e [PATCH] ipc/msg.c... |
361 |
if (tbuf_old.msg_qbytes == 0) |
016d7132f IPC: get rid of t... |
362 |
out->msg_qbytes = tbuf_old.msg_lqbytes; |
1da177e4c Linux-2.6.12-rc2 |
363 |
else |
016d7132f IPC: get rid of t... |
364 |
out->msg_qbytes = tbuf_old.msg_qbytes; |
1da177e4c Linux-2.6.12-rc2 |
365 366 |
return 0; |
5a06a363e [PATCH] ipc/msg.c... |
367 |
} |
1da177e4c Linux-2.6.12-rc2 |
368 369 370 371 |
default: return -EINVAL; } } |
a0d092fc2 IPC/message queue... |
372 373 374 375 376 377 378 |
/* * This function handles some msgctl commands which require the rw_mutex * to be held in write mode. * NOTE: no locks must be held, the rw_mutex is taken inside this function. */ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, struct msqid_ds __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
379 |
{ |
1da177e4c Linux-2.6.12-rc2 |
380 |
struct kern_ipc_perm *ipcp; |
f1970c48e ipc: fix unused v... |
381 |
struct msqid64_ds uninitialized_var(msqid64); |
a0d092fc2 IPC/message queue... |
382 383 384 385 |
struct msg_queue *msq; int err; if (cmd == IPC_SET) { |
016d7132f IPC: get rid of t... |
386 |
if (copy_msqid_from_user(&msqid64, buf, version)) |
a0d092fc2 IPC/message queue... |
387 388 |
return -EFAULT; } |
b0e77598f userns: user name... |
389 |
ipcp = ipcctl_pre_down(ns, &msg_ids(ns), msqid, cmd, |
a5f75e7f2 IPC: consolidate ... |
390 391 392 |
&msqid64.msg_perm, msqid64.msg_qbytes); if (IS_ERR(ipcp)) return PTR_ERR(ipcp); |
a0d092fc2 IPC/message queue... |
393 |
|
a5f75e7f2 IPC: consolidate ... |
394 |
msq = container_of(ipcp, struct msg_queue, q_perm); |
a0d092fc2 IPC/message queue... |
395 396 397 398 399 400 401 402 403 404 |
err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; switch (cmd) { case IPC_RMID: freeque(ns, ipcp); goto out_up; case IPC_SET: |
016d7132f IPC: get rid of t... |
405 |
if (msqid64.msg_qbytes > ns->msg_ctlmnb && |
a0d092fc2 IPC/message queue... |
406 407 408 409 |
!capable(CAP_SYS_RESOURCE)) { err = -EPERM; goto out_unlock; } |
016d7132f IPC: get rid of t... |
410 |
msq->q_qbytes = msqid64.msg_qbytes; |
a0d092fc2 IPC/message queue... |
411 |
|
8f4a3809c IPC: introduce ip... |
412 |
ipc_update_perm(&msqid64.msg_perm, ipcp); |
a0d092fc2 IPC/message queue... |
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 |
msq->q_ctime = get_seconds(); /* sleeping receivers might be excluded by * stricter permissions. */ expunge_all(msq, -EAGAIN); /* sleeping senders might be able to send * due to a larger queue size. */ ss_wakeup(&msq->q_senders, 0); break; default: err = -EINVAL; } out_unlock: msg_unlock(msq); out_up: up_write(&msg_ids(ns).rw_mutex); return err; } |
e48fbb699 [CVE-2009-0029] S... |
432 |
SYSCALL_DEFINE3(msgctl, int, msqid, int, cmd, struct msqid_ds __user *, buf) |
a0d092fc2 IPC/message queue... |
433 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
434 435 |
struct msg_queue *msq; int err, version; |
1e7869373 [PATCH] IPC names... |
436 |
struct ipc_namespace *ns; |
5a06a363e [PATCH] ipc/msg.c... |
437 |
|
1da177e4c Linux-2.6.12-rc2 |
438 439 440 441 |
if (msqid < 0 || cmd < 0) return -EINVAL; version = ipc_parse_version(&cmd); |
1e7869373 [PATCH] IPC names... |
442 |
ns = current->nsproxy->ipc_ns; |
1da177e4c Linux-2.6.12-rc2 |
443 444 |
switch (cmd) { |
5a06a363e [PATCH] ipc/msg.c... |
445 446 447 |
case IPC_INFO: case MSG_INFO: { |
1da177e4c Linux-2.6.12-rc2 |
448 449 |
struct msginfo msginfo; int max_id; |
5a06a363e [PATCH] ipc/msg.c... |
450 |
|
1da177e4c Linux-2.6.12-rc2 |
451 452 |
if (!buf) return -EFAULT; |
5a06a363e [PATCH] ipc/msg.c... |
453 454 |
/* * We must not return kernel stack data. |
1da177e4c Linux-2.6.12-rc2 |
455 456 457 |
* due to padding, it's not enough * to set all member fields. */ |
1da177e4c Linux-2.6.12-rc2 |
458 459 460 |
err = security_msg_queue_msgctl(NULL, cmd); if (err) return err; |
5a06a363e [PATCH] ipc/msg.c... |
461 |
memset(&msginfo, 0, sizeof(msginfo)); |
1e7869373 [PATCH] IPC names... |
462 463 464 |
msginfo.msgmni = ns->msg_ctlmni; msginfo.msgmax = ns->msg_ctlmax; msginfo.msgmnb = ns->msg_ctlmnb; |
1da177e4c Linux-2.6.12-rc2 |
465 466 |
msginfo.msgssz = MSGSSZ; msginfo.msgseg = MSGSEG; |
3e148c799 fix idr_find() lo... |
467 |
down_read(&msg_ids(ns).rw_mutex); |
1da177e4c Linux-2.6.12-rc2 |
468 |
if (cmd == MSG_INFO) { |
1e7869373 [PATCH] IPC names... |
469 |
msginfo.msgpool = msg_ids(ns).in_use; |
3ac88a41f virtualization of... |
470 471 |
msginfo.msgmap = atomic_read(&ns->msg_hdrs); msginfo.msgtql = atomic_read(&ns->msg_bytes); |
1da177e4c Linux-2.6.12-rc2 |
472 473 474 475 476 |
} else { msginfo.msgmap = MSGMAP; msginfo.msgpool = MSGPOOL; msginfo.msgtql = MSGTQL; } |
7ca7e564e ipc: store ipcs i... |
477 |
max_id = ipc_get_maxid(&msg_ids(ns)); |
3e148c799 fix idr_find() lo... |
478 |
up_read(&msg_ids(ns).rw_mutex); |
5a06a363e [PATCH] ipc/msg.c... |
479 |
if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
1da177e4c Linux-2.6.12-rc2 |
480 |
return -EFAULT; |
5a06a363e [PATCH] ipc/msg.c... |
481 |
return (max_id < 0) ? 0 : max_id; |
1da177e4c Linux-2.6.12-rc2 |
482 |
} |
7ca7e564e ipc: store ipcs i... |
483 |
case MSG_STAT: /* msqid is an index rather than a msg queue id */ |
1da177e4c Linux-2.6.12-rc2 |
484 485 486 487 |
case IPC_STAT: { struct msqid64_ds tbuf; int success_return; |
5a06a363e [PATCH] ipc/msg.c... |
488 |
|
1da177e4c Linux-2.6.12-rc2 |
489 490 |
if (!buf) return -EFAULT; |
1da177e4c Linux-2.6.12-rc2 |
491 |
|
5a06a363e [PATCH] ipc/msg.c... |
492 |
if (cmd == MSG_STAT) { |
023a53557 ipc: integrate ip... |
493 494 495 |
msq = msg_lock(ns, msqid); if (IS_ERR(msq)) return PTR_ERR(msq); |
7ca7e564e ipc: store ipcs i... |
496 |
success_return = msq->q_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
497 |
} else { |
023a53557 ipc: integrate ip... |
498 499 500 |
msq = msg_lock_check(ns, msqid); if (IS_ERR(msq)) return PTR_ERR(msq); |
1da177e4c Linux-2.6.12-rc2 |
501 502 503 |
success_return = 0; } err = -EACCES; |
b0e77598f userns: user name... |
504 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
1da177e4c Linux-2.6.12-rc2 |
505 506 507 508 509 |
goto out_unlock; err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; |
023a53557 ipc: integrate ip... |
510 |
memset(&tbuf, 0, sizeof(tbuf)); |
1da177e4c Linux-2.6.12-rc2 |
511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 |
kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm); tbuf.msg_stime = msq->q_stime; tbuf.msg_rtime = msq->q_rtime; tbuf.msg_ctime = msq->q_ctime; tbuf.msg_cbytes = msq->q_cbytes; tbuf.msg_qnum = msq->q_qnum; tbuf.msg_qbytes = msq->q_qbytes; tbuf.msg_lspid = msq->q_lspid; tbuf.msg_lrpid = msq->q_lrpid; msg_unlock(msq); if (copy_msqid_to_user(buf, &tbuf, version)) return -EFAULT; return success_return; } case IPC_SET: |
1da177e4c Linux-2.6.12-rc2 |
526 |
case IPC_RMID: |
a0d092fc2 IPC/message queue... |
527 528 |
err = msgctl_down(ns, msqid, cmd, buf, version); return err; |
1da177e4c Linux-2.6.12-rc2 |
529 530 531 |
default: return -EINVAL; } |
1da177e4c Linux-2.6.12-rc2 |
532 533 534 535 |
out_unlock: msg_unlock(msq); return err; } |
5a06a363e [PATCH] ipc/msg.c... |
536 |
static int testmsg(struct msg_msg *msg, long type, int mode) |
1da177e4c Linux-2.6.12-rc2 |
537 538 539 540 541 542 |
{ switch(mode) { case SEARCH_ANY: return 1; case SEARCH_LESSEQUAL: |
5a06a363e [PATCH] ipc/msg.c... |
543 |
if (msg->m_type <=type) |
1da177e4c Linux-2.6.12-rc2 |
544 545 546 |
return 1; break; case SEARCH_EQUAL: |
5a06a363e [PATCH] ipc/msg.c... |
547 |
if (msg->m_type == type) |
1da177e4c Linux-2.6.12-rc2 |
548 549 550 |
return 1; break; case SEARCH_NOTEQUAL: |
5a06a363e [PATCH] ipc/msg.c... |
551 |
if (msg->m_type != type) |
1da177e4c Linux-2.6.12-rc2 |
552 553 554 555 556 |
return 1; break; } return 0; } |
5a06a363e [PATCH] ipc/msg.c... |
557 |
static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg) |
1da177e4c Linux-2.6.12-rc2 |
558 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
559 |
struct list_head *tmp; |
1da177e4c Linux-2.6.12-rc2 |
560 561 562 |
tmp = msq->q_receivers.next; while (tmp != &msq->q_receivers) { |
5a06a363e [PATCH] ipc/msg.c... |
563 564 565 |
struct msg_receiver *msr; msr = list_entry(tmp, struct msg_receiver, r_list); |
1da177e4c Linux-2.6.12-rc2 |
566 |
tmp = tmp->next; |
5a06a363e [PATCH] ipc/msg.c... |
567 568 569 |
if (testmsg(msg, msr->r_msgtype, msr->r_mode) && !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { |
1da177e4c Linux-2.6.12-rc2 |
570 |
list_del(&msr->r_list); |
5a06a363e [PATCH] ipc/msg.c... |
571 |
if (msr->r_maxsize < msg->m_ts) { |
1da177e4c Linux-2.6.12-rc2 |
572 573 574 575 576 577 |
msr->r_msg = NULL; wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = ERR_PTR(-E2BIG); } else { msr->r_msg = NULL; |
b488893a3 pid namespaces: c... |
578 |
msq->q_lrpid = task_pid_vnr(msr->r_tsk); |
1da177e4c Linux-2.6.12-rc2 |
579 580 581 582 |
msq->q_rtime = get_seconds(); wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = msg; |
5a06a363e [PATCH] ipc/msg.c... |
583 |
|
1da177e4c Linux-2.6.12-rc2 |
584 585 586 587 588 589 |
return 1; } } } return 0; } |
651971cb7 [PATCH] Fix the s... |
590 591 |
long do_msgsnd(int msqid, long mtype, void __user *mtext, size_t msgsz, int msgflg) |
1da177e4c Linux-2.6.12-rc2 |
592 593 594 |
{ struct msg_queue *msq; struct msg_msg *msg; |
1da177e4c Linux-2.6.12-rc2 |
595 |
int err; |
1e7869373 [PATCH] IPC names... |
596 597 598 |
struct ipc_namespace *ns; ns = current->nsproxy->ipc_ns; |
5a06a363e [PATCH] ipc/msg.c... |
599 |
|
1e7869373 [PATCH] IPC names... |
600 |
if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) |
1da177e4c Linux-2.6.12-rc2 |
601 |
return -EINVAL; |
1da177e4c Linux-2.6.12-rc2 |
602 603 |
if (mtype < 1) return -EINVAL; |
651971cb7 [PATCH] Fix the s... |
604 |
msg = load_msg(mtext, msgsz); |
5a06a363e [PATCH] ipc/msg.c... |
605 |
if (IS_ERR(msg)) |
1da177e4c Linux-2.6.12-rc2 |
606 607 608 609 |
return PTR_ERR(msg); msg->m_type = mtype; msg->m_ts = msgsz; |
023a53557 ipc: integrate ip... |
610 611 612 |
msq = msg_lock_check(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); |
1da177e4c Linux-2.6.12-rc2 |
613 |
goto out_free; |
023a53557 ipc: integrate ip... |
614 |
} |
1da177e4c Linux-2.6.12-rc2 |
615 616 617 |
for (;;) { struct msg_sender s; |
5a06a363e [PATCH] ipc/msg.c... |
618 |
err = -EACCES; |
b0e77598f userns: user name... |
619 |
if (ipcperms(ns, &msq->q_perm, S_IWUGO)) |
1da177e4c Linux-2.6.12-rc2 |
620 621 622 623 624 |
goto out_unlock_free; err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) goto out_unlock_free; |
5a06a363e [PATCH] ipc/msg.c... |
625 |
if (msgsz + msq->q_cbytes <= msq->q_qbytes && |
1da177e4c Linux-2.6.12-rc2 |
626 627 628 629 630 |
1 + msq->q_qnum <= msq->q_qbytes) { break; } /* queue full, wait: */ |
5a06a363e [PATCH] ipc/msg.c... |
631 632 |
if (msgflg & IPC_NOWAIT) { err = -EAGAIN; |
1da177e4c Linux-2.6.12-rc2 |
633 634 635 636 637 638 639 640 641 642 643 644 645 646 |
goto out_unlock_free; } ss_add(msq, &s); ipc_rcu_getref(msq); msg_unlock(msq); schedule(); ipc_lock_by_ptr(&msq->q_perm); ipc_rcu_putref(msq); if (msq->q_perm.deleted) { err = -EIDRM; goto out_unlock_free; } ss_del(&s); |
5a06a363e [PATCH] ipc/msg.c... |
647 |
|
1da177e4c Linux-2.6.12-rc2 |
648 |
if (signal_pending(current)) { |
5a06a363e [PATCH] ipc/msg.c... |
649 |
err = -ERESTARTNOHAND; |
1da177e4c Linux-2.6.12-rc2 |
650 651 652 |
goto out_unlock_free; } } |
b488893a3 pid namespaces: c... |
653 |
msq->q_lspid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
654 |
msq->q_stime = get_seconds(); |
5a06a363e [PATCH] ipc/msg.c... |
655 |
if (!pipelined_send(msq, msg)) { |
25985edce Fix common misspe... |
656 |
/* no one is waiting for this message, enqueue it */ |
5a06a363e [PATCH] ipc/msg.c... |
657 |
list_add_tail(&msg->m_list, &msq->q_messages); |
1da177e4c Linux-2.6.12-rc2 |
658 659 |
msq->q_cbytes += msgsz; msq->q_qnum++; |
3ac88a41f virtualization of... |
660 661 |
atomic_add(msgsz, &ns->msg_bytes); atomic_inc(&ns->msg_hdrs); |
1da177e4c Linux-2.6.12-rc2 |
662 |
} |
5a06a363e [PATCH] ipc/msg.c... |
663 |
|
1da177e4c Linux-2.6.12-rc2 |
664 665 666 667 668 669 |
err = 0; msg = NULL; out_unlock_free: msg_unlock(msq); out_free: |
5a06a363e [PATCH] ipc/msg.c... |
670 |
if (msg != NULL) |
1da177e4c Linux-2.6.12-rc2 |
671 672 673 |
free_msg(msg); return err; } |
e48fbb699 [CVE-2009-0029] S... |
674 675 |
SYSCALL_DEFINE4(msgsnd, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, int, msgflg) |
651971cb7 [PATCH] Fix the s... |
676 677 678 679 680 681 682 |
{ long mtype; if (get_user(mtype, &msgp->mtype)) return -EFAULT; return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg); } |
5a06a363e [PATCH] ipc/msg.c... |
683 |
static inline int convert_mode(long *msgtyp, int msgflg) |
1da177e4c Linux-2.6.12-rc2 |
684 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
685 |
/* |
1da177e4c Linux-2.6.12-rc2 |
686 687 688 |
* find message of correct type. * msgtyp = 0 => get first. * msgtyp > 0 => get first message of matching type. |
5a06a363e [PATCH] ipc/msg.c... |
689 |
* msgtyp < 0 => get message with least type must be < abs(msgtype). |
1da177e4c Linux-2.6.12-rc2 |
690 |
*/ |
5a06a363e [PATCH] ipc/msg.c... |
691 |
if (*msgtyp == 0) |
1da177e4c Linux-2.6.12-rc2 |
692 |
return SEARCH_ANY; |
5a06a363e [PATCH] ipc/msg.c... |
693 694 |
if (*msgtyp < 0) { *msgtyp = -*msgtyp; |
1da177e4c Linux-2.6.12-rc2 |
695 696 |
return SEARCH_LESSEQUAL; } |
5a06a363e [PATCH] ipc/msg.c... |
697 |
if (msgflg & MSG_EXCEPT) |
1da177e4c Linux-2.6.12-rc2 |
698 699 700 |
return SEARCH_NOTEQUAL; return SEARCH_EQUAL; } |
651971cb7 [PATCH] Fix the s... |
701 702 |
long do_msgrcv(int msqid, long *pmtype, void __user *mtext, size_t msgsz, long msgtyp, int msgflg) |
1da177e4c Linux-2.6.12-rc2 |
703 704 705 706 |
{ struct msg_queue *msq; struct msg_msg *msg; int mode; |
1e7869373 [PATCH] IPC names... |
707 |
struct ipc_namespace *ns; |
1da177e4c Linux-2.6.12-rc2 |
708 709 710 |
if (msqid < 0 || (long) msgsz < 0) return -EINVAL; |
5a06a363e [PATCH] ipc/msg.c... |
711 |
mode = convert_mode(&msgtyp, msgflg); |
1e7869373 [PATCH] IPC names... |
712 |
ns = current->nsproxy->ipc_ns; |
1da177e4c Linux-2.6.12-rc2 |
713 |
|
023a53557 ipc: integrate ip... |
714 715 716 |
msq = msg_lock_check(ns, msqid); if (IS_ERR(msq)) return PTR_ERR(msq); |
1da177e4c Linux-2.6.12-rc2 |
717 718 719 |
for (;;) { struct msg_receiver msr_d; |
5a06a363e [PATCH] ipc/msg.c... |
720 |
struct list_head *tmp; |
1da177e4c Linux-2.6.12-rc2 |
721 722 |
msg = ERR_PTR(-EACCES); |
b0e77598f userns: user name... |
723 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
1da177e4c Linux-2.6.12-rc2 |
724 725 726 727 728 729 |
goto out_unlock; msg = ERR_PTR(-EAGAIN); tmp = msq->q_messages.next; while (tmp != &msq->q_messages) { struct msg_msg *walk_msg; |
5a06a363e [PATCH] ipc/msg.c... |
730 731 732 733 734 |
walk_msg = list_entry(tmp, struct msg_msg, m_list); if (testmsg(walk_msg, msgtyp, mode) && !security_msg_queue_msgrcv(msq, walk_msg, current, msgtyp, mode)) { |
1da177e4c Linux-2.6.12-rc2 |
735 |
msg = walk_msg; |
5a06a363e [PATCH] ipc/msg.c... |
736 737 738 739 |
if (mode == SEARCH_LESSEQUAL && walk_msg->m_type != 1) { msg = walk_msg; msgtyp = walk_msg->m_type - 1; |
1da177e4c Linux-2.6.12-rc2 |
740 |
} else { |
5a06a363e [PATCH] ipc/msg.c... |
741 |
msg = walk_msg; |
1da177e4c Linux-2.6.12-rc2 |
742 743 744 745 746 |
break; } } tmp = tmp->next; } |
5a06a363e [PATCH] ipc/msg.c... |
747 748 749 750 751 |
if (!IS_ERR(msg)) { /* * Found a suitable message. * Unlink it from the queue. */ |
1da177e4c Linux-2.6.12-rc2 |
752 753 754 755 756 757 758 |
if ((msgsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) { msg = ERR_PTR(-E2BIG); goto out_unlock; } list_del(&msg->m_list); msq->q_qnum--; msq->q_rtime = get_seconds(); |
b488893a3 pid namespaces: c... |
759 |
msq->q_lrpid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
760 |
msq->q_cbytes -= msg->m_ts; |
3ac88a41f virtualization of... |
761 762 |
atomic_sub(msg->m_ts, &ns->msg_bytes); atomic_dec(&ns->msg_hdrs); |
5a06a363e [PATCH] ipc/msg.c... |
763 |
ss_wakeup(&msq->q_senders, 0); |
1da177e4c Linux-2.6.12-rc2 |
764 765 766 767 768 769 770 771 |
msg_unlock(msq); break; } /* No message waiting. Wait for a message */ if (msgflg & IPC_NOWAIT) { msg = ERR_PTR(-ENOMSG); goto out_unlock; } |
5a06a363e [PATCH] ipc/msg.c... |
772 |
list_add_tail(&msr_d.r_list, &msq->q_receivers); |
1da177e4c Linux-2.6.12-rc2 |
773 774 775 |
msr_d.r_tsk = current; msr_d.r_msgtype = msgtyp; msr_d.r_mode = mode; |
5a06a363e [PATCH] ipc/msg.c... |
776 |
if (msgflg & MSG_NOERROR) |
1da177e4c Linux-2.6.12-rc2 |
777 |
msr_d.r_maxsize = INT_MAX; |
5a06a363e [PATCH] ipc/msg.c... |
778 |
else |
1da177e4c Linux-2.6.12-rc2 |
779 780 781 782 783 784 785 786 787 788 789 |
msr_d.r_maxsize = msgsz; msr_d.r_msg = ERR_PTR(-EAGAIN); current->state = TASK_INTERRUPTIBLE; msg_unlock(msq); schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue * and getting a reference would defeat the idea of a lockless * operation, thus the code relies on rcu to guarantee the |
25985edce Fix common misspe... |
790 |
* existence of msq: |
1da177e4c Linux-2.6.12-rc2 |
791 792 793 794 795 796 797 798 799 800 801 802 |
* Prior to destruction, expunge_all(-EIRDM) changes r_msg. * Thus if r_msg is -EAGAIN, then the queue not yet destroyed. * rcu_read_lock() prevents preemption between reading r_msg * and the spin_lock() inside ipc_lock_by_ptr(). */ rcu_read_lock(); /* Lockless receive, part 2: * Wait until pipelined_send or expunge_all are outside of * wake_up_process(). There is a race with exit(), see * ipc/mqueue.c for the details. */ |
5a06a363e [PATCH] ipc/msg.c... |
803 |
msg = (struct msg_msg*)msr_d.r_msg; |
1da177e4c Linux-2.6.12-rc2 |
804 805 |
while (msg == NULL) { cpu_relax(); |
5a06a363e [PATCH] ipc/msg.c... |
806 |
msg = (struct msg_msg *)msr_d.r_msg; |
1da177e4c Linux-2.6.12-rc2 |
807 808 809 810 811 812 |
} /* Lockless receive, part 3: * If there is a message or an error then accept it without * locking. */ |
5a06a363e [PATCH] ipc/msg.c... |
813 |
if (msg != ERR_PTR(-EAGAIN)) { |
1da177e4c Linux-2.6.12-rc2 |
814 815 816 817 818 819 820 821 822 823 824 825 826 827 |
rcu_read_unlock(); break; } /* Lockless receive, part 3: * Acquire the queue spinlock. */ ipc_lock_by_ptr(&msq->q_perm); rcu_read_unlock(); /* Lockless receive, part 4: * Repeat test after acquiring the spinlock. */ msg = (struct msg_msg*)msr_d.r_msg; |
5a06a363e [PATCH] ipc/msg.c... |
828 |
if (msg != ERR_PTR(-EAGAIN)) |
1da177e4c Linux-2.6.12-rc2 |
829 830 831 832 833 834 835 836 837 838 839 |
goto out_unlock; list_del(&msr_d.r_list); if (signal_pending(current)) { msg = ERR_PTR(-ERESTARTNOHAND); out_unlock: msg_unlock(msq); break; } } if (IS_ERR(msg)) |
5a06a363e [PATCH] ipc/msg.c... |
840 |
return PTR_ERR(msg); |
1da177e4c Linux-2.6.12-rc2 |
841 842 |
msgsz = (msgsz > msg->m_ts) ? msg->m_ts : msgsz; |
651971cb7 [PATCH] Fix the s... |
843 844 |
*pmtype = msg->m_type; if (store_msg(mtext, msg, msgsz)) |
5a06a363e [PATCH] ipc/msg.c... |
845 |
msgsz = -EFAULT; |
651971cb7 [PATCH] Fix the s... |
846 |
|
1da177e4c Linux-2.6.12-rc2 |
847 |
free_msg(msg); |
5a06a363e [PATCH] ipc/msg.c... |
848 |
|
1da177e4c Linux-2.6.12-rc2 |
849 850 |
return msgsz; } |
e48fbb699 [CVE-2009-0029] S... |
851 852 |
SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, long, msgtyp, int, msgflg) |
651971cb7 [PATCH] Fix the s... |
853 854 855 856 857 858 859 860 861 862 863 864 |
{ long err, mtype; err = do_msgrcv(msqid, &mtype, msgp->mtext, msgsz, msgtyp, msgflg); if (err < 0) goto out; if (put_user(mtype, &msgp->mtype)) err = -EFAULT; out: return err; } |
1da177e4c Linux-2.6.12-rc2 |
865 |
#ifdef CONFIG_PROC_FS |
19b4946ca [PATCH] ipc: conv... |
866 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it) |
1da177e4c Linux-2.6.12-rc2 |
867 |
{ |
19b4946ca [PATCH] ipc: conv... |
868 869 870 |
struct msg_queue *msq = it; return seq_printf(s, |
5a06a363e [PATCH] ipc/msg.c... |
871 872 873 |
"%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu ", msq->q_perm.key, |
7ca7e564e ipc: store ipcs i... |
874 |
msq->q_perm.id, |
5a06a363e [PATCH] ipc/msg.c... |
875 876 877 878 879 880 881 882 883 884 885 886 |
msq->q_perm.mode, msq->q_cbytes, msq->q_qnum, msq->q_lspid, msq->q_lrpid, msq->q_perm.uid, msq->q_perm.gid, msq->q_perm.cuid, msq->q_perm.cgid, msq->q_stime, msq->q_rtime, msq->q_ctime); |
1da177e4c Linux-2.6.12-rc2 |
887 888 |
} #endif |