Blame view
ipc/shm.c
25.8 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
/* * linux/ipc/shm.c * Copyright (C) 1992, 1993 Krishna Balasubramanian * Many improvements/fixes by Bruno Haible. * Replaced `struct shm_desc' by `struct vm_area_struct', July 1994. * Fixed the shm swap deallocation (shm_unuse()), August 1998 Andrea Arcangeli. * * /proc/sysvipc/shm support (c) 1999 Dragos Acostachioaie <dragos@iname.com> * BIGMEM support, Andrea Arcangeli <andrea@suse.de> * SMP thread shm, Jean-Luc Boyard <jean-luc.boyard@siemens.fr> * HIGHMEM support, Ingo Molnar <mingo@redhat.com> * Make shmmax, shmall, shmmni sysctl'able, Christoph Rohland <cr@sap.com> * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> * |
073115d6b [PATCH] Rework of... |
16 17 |
* support for audit of ipc object properties and permission changes * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
4e9823111 [PATCH] IPC names... |
18 19 20 21 |
* * namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
1da177e4c Linux-2.6.12-rc2 |
22 |
*/ |
1da177e4c Linux-2.6.12-rc2 |
23 24 25 26 27 28 29 |
#include <linux/slab.h> #include <linux/mm.h> #include <linux/hugetlb.h> #include <linux/shm.h> #include <linux/init.h> #include <linux/file.h> #include <linux/mman.h> |
1da177e4c Linux-2.6.12-rc2 |
30 31 32 33 |
#include <linux/shmem_fs.h> #include <linux/security.h> #include <linux/syscalls.h> #include <linux/audit.h> |
c59ede7b7 [PATCH] move capa... |
34 |
#include <linux/capability.h> |
7d87e14c2 [PATCH] consolida... |
35 |
#include <linux/ptrace.h> |
19b4946ca [PATCH] ipc: conv... |
36 |
#include <linux/seq_file.h> |
3e148c799 fix idr_find() lo... |
37 |
#include <linux/rwsem.h> |
4e9823111 [PATCH] IPC names... |
38 |
#include <linux/nsproxy.h> |
bc56bba8f [PATCH] shm: make... |
39 |
#include <linux/mount.h> |
ae5e1b22f namespaces: move ... |
40 |
#include <linux/ipc_namespace.h> |
7d87e14c2 [PATCH] consolida... |
41 |
|
1da177e4c Linux-2.6.12-rc2 |
42 43 44 |
#include <asm/uaccess.h> #include "util.h" |
bc56bba8f [PATCH] shm: make... |
45 46 47 48 49 50 51 52 |
struct shm_file_data { int id; struct ipc_namespace *ns; struct file *file; const struct vm_operations_struct *vm_ops; }; #define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data)) |
9a32144e9 [PATCH] mark stru... |
53 |
static const struct file_operations shm_file_operations; |
f0f37e2f7 const: mark struc... |
54 |
static const struct vm_operations_struct shm_vm_ops; |
1da177e4c Linux-2.6.12-rc2 |
55 |
|
ed2ddbf88 IPC: make struct ... |
56 |
#define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS]) |
1da177e4c Linux-2.6.12-rc2 |
57 |
|
4e9823111 [PATCH] IPC names... |
58 59 |
#define shm_unlock(shp) \ ipc_unlock(&(shp)->shm_perm) |
1da177e4c Linux-2.6.12-rc2 |
60 |
|
7748dbfaa ipc: unify the sy... |
61 |
static int newseg(struct ipc_namespace *, struct ipc_params *); |
bc56bba8f [PATCH] shm: make... |
62 63 |
static void shm_open(struct vm_area_struct *vma); static void shm_close(struct vm_area_struct *vma); |
4e9823111 [PATCH] IPC names... |
64 |
static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); |
1da177e4c Linux-2.6.12-rc2 |
65 |
#ifdef CONFIG_PROC_FS |
19b4946ca [PATCH] ipc: conv... |
66 |
static int sysvipc_shm_proc_show(struct seq_file *s, void *it); |
1da177e4c Linux-2.6.12-rc2 |
67 |
#endif |
ed2ddbf88 IPC: make struct ... |
68 |
void shm_init_ns(struct ipc_namespace *ns) |
4e9823111 [PATCH] IPC names... |
69 |
{ |
4e9823111 [PATCH] IPC names... |
70 71 72 73 |
ns->shm_ctlmax = SHMMAX; ns->shm_ctlall = SHMALL; ns->shm_ctlmni = SHMMNI; ns->shm_tot = 0; |
e8148f758 ipc: clean up ipc... |
74 |
ipc_init_ids(&shm_ids(ns)); |
4e9823111 [PATCH] IPC names... |
75 |
} |
f4566f048 ipc: fix wrong co... |
76 |
/* |
3e148c799 fix idr_find() lo... |
77 78 |
* Called with shm_ids.rw_mutex (writer) and the shp structure locked. * Only shm_ids.rw_mutex remains locked on exit. |
f4566f048 ipc: fix wrong co... |
79 |
*/ |
01b8b07a5 IPC: consolidate ... |
80 |
static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
4e9823111 [PATCH] IPC names... |
81 |
{ |
01b8b07a5 IPC: consolidate ... |
82 83 |
struct shmid_kernel *shp; shp = container_of(ipcp, struct shmid_kernel, shm_perm); |
4e9823111 [PATCH] IPC names... |
84 85 86 87 88 89 90 91 |
if (shp->shm_nattch){ shp->shm_perm.mode |= SHM_DEST; /* Do not find it any more */ shp->shm_perm.key = IPC_PRIVATE; shm_unlock(shp); } else shm_destroy(ns, shp); } |
ae5e1b22f namespaces: move ... |
92 |
#ifdef CONFIG_IPC_NS |
4e9823111 [PATCH] IPC names... |
93 94 |
void shm_exit_ns(struct ipc_namespace *ns) { |
01b8b07a5 IPC: consolidate ... |
95 |
free_ipcs(ns, &shm_ids(ns), do_shm_rmid); |
7d6feeb28 ipc ns: fix memor... |
96 |
idr_destroy(&ns->ids[IPC_SHM_IDS].ipcs_idr); |
4e9823111 [PATCH] IPC names... |
97 |
} |
ae5e1b22f namespaces: move ... |
98 |
#endif |
1da177e4c Linux-2.6.12-rc2 |
99 100 101 |
void __init shm_init (void) { |
ed2ddbf88 IPC: make struct ... |
102 |
shm_init_ns(&init_ipc_ns); |
19b4946ca [PATCH] ipc: conv... |
103 104 105 |
ipc_init_proc_interface("sysvipc/shm", " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime ", |
4e9823111 [PATCH] IPC names... |
106 |
IPC_SHM_IDS, sysvipc_shm_proc_show); |
1da177e4c Linux-2.6.12-rc2 |
107 |
} |
3e148c799 fix idr_find() lo... |
108 |
/* |
3e148c799 fix idr_find() lo... |
109 |
* shm_lock_(check_) routines are called in the paths where the rw_mutex |
00c2bf85d ipc: get rid of i... |
110 |
* is not necessarily held. |
3e148c799 fix idr_find() lo... |
111 |
*/ |
023a53557 ipc: integrate ip... |
112 |
static inline struct shmid_kernel *shm_lock(struct ipc_namespace *ns, int id) |
1da177e4c Linux-2.6.12-rc2 |
113 |
{ |
03f02c765 Storing ipcs into... |
114 |
struct kern_ipc_perm *ipcp = ipc_lock(&shm_ids(ns), id); |
b1ed88b47 IPC: fix error ch... |
115 116 |
if (IS_ERR(ipcp)) return (struct shmid_kernel *)ipcp; |
03f02c765 Storing ipcs into... |
117 |
return container_of(ipcp, struct shmid_kernel, shm_perm); |
023a53557 ipc: integrate ip... |
118 119 120 121 122 |
} static inline struct shmid_kernel *shm_lock_check(struct ipc_namespace *ns, int id) { |
03f02c765 Storing ipcs into... |
123 |
struct kern_ipc_perm *ipcp = ipc_lock_check(&shm_ids(ns), id); |
b1ed88b47 IPC: fix error ch... |
124 125 |
if (IS_ERR(ipcp)) return (struct shmid_kernel *)ipcp; |
03f02c765 Storing ipcs into... |
126 |
return container_of(ipcp, struct shmid_kernel, shm_perm); |
1da177e4c Linux-2.6.12-rc2 |
127 |
} |
7ca7e564e ipc: store ipcs i... |
128 |
static inline void shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *s) |
1da177e4c Linux-2.6.12-rc2 |
129 |
{ |
7ca7e564e ipc: store ipcs i... |
130 |
ipc_rmid(&shm_ids(ns), &s->shm_perm); |
1da177e4c Linux-2.6.12-rc2 |
131 |
} |
1da177e4c Linux-2.6.12-rc2 |
132 |
|
bc56bba8f [PATCH] shm: make... |
133 134 |
/* This is called by fork, once for every shm attach. */ static void shm_open(struct vm_area_struct *vma) |
4e9823111 [PATCH] IPC names... |
135 |
{ |
bc56bba8f [PATCH] shm: make... |
136 137 |
struct file *file = vma->vm_file; struct shm_file_data *sfd = shm_file_data(file); |
1da177e4c Linux-2.6.12-rc2 |
138 |
struct shmid_kernel *shp; |
bc56bba8f [PATCH] shm: make... |
139 |
shp = shm_lock(sfd->ns, sfd->id); |
023a53557 ipc: integrate ip... |
140 |
BUG_ON(IS_ERR(shp)); |
1da177e4c Linux-2.6.12-rc2 |
141 |
shp->shm_atim = get_seconds(); |
b488893a3 pid namespaces: c... |
142 |
shp->shm_lprid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
143 144 145 |
shp->shm_nattch++; shm_unlock(shp); } |
1da177e4c Linux-2.6.12-rc2 |
146 147 148 |
/* * shm_destroy - free the struct shmid_kernel * |
f4566f048 ipc: fix wrong co... |
149 |
* @ns: namespace |
1da177e4c Linux-2.6.12-rc2 |
150 151 |
* @shp: struct to free * |
3e148c799 fix idr_find() lo... |
152 |
* It has to be called with shp and shm_ids.rw_mutex (writer) locked, |
1da177e4c Linux-2.6.12-rc2 |
153 154 |
* but returns with shp unlocked and freed. */ |
4e9823111 [PATCH] IPC names... |
155 |
static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) |
1da177e4c Linux-2.6.12-rc2 |
156 |
{ |
4e9823111 [PATCH] IPC names... |
157 |
ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT; |
7ca7e564e ipc: store ipcs i... |
158 |
shm_rmid(ns, shp); |
1da177e4c Linux-2.6.12-rc2 |
159 160 161 |
shm_unlock(shp); if (!is_file_hugepages(shp->shm_file)) shmem_lock(shp->shm_file, 0, shp->mlock_user); |
353d5c30c mm: fix hugetlb b... |
162 |
else if (shp->mlock_user) |
6d63079ad [PATCH] struct pa... |
163 |
user_shm_unlock(shp->shm_file->f_path.dentry->d_inode->i_size, |
1da177e4c Linux-2.6.12-rc2 |
164 165 166 167 168 169 170 |
shp->mlock_user); fput (shp->shm_file); security_shm_free(shp); ipc_rcu_putref(shp); } /* |
bc56bba8f [PATCH] shm: make... |
171 |
* remove the attach descriptor vma. |
1da177e4c Linux-2.6.12-rc2 |
172 173 174 175 |
* free memory for segment if it is marked destroyed. * The descriptor has already been removed from the current->mm->mmap list * and will later be kfree()d. */ |
bc56bba8f [PATCH] shm: make... |
176 |
static void shm_close(struct vm_area_struct *vma) |
1da177e4c Linux-2.6.12-rc2 |
177 |
{ |
bc56bba8f [PATCH] shm: make... |
178 179 |
struct file * file = vma->vm_file; struct shm_file_data *sfd = shm_file_data(file); |
1da177e4c Linux-2.6.12-rc2 |
180 |
struct shmid_kernel *shp; |
bc56bba8f [PATCH] shm: make... |
181 |
struct ipc_namespace *ns = sfd->ns; |
4e9823111 [PATCH] IPC names... |
182 |
|
3e148c799 fix idr_find() lo... |
183 |
down_write(&shm_ids(ns).rw_mutex); |
1da177e4c Linux-2.6.12-rc2 |
184 |
/* remove from the list of attaches of the shm segment */ |
00c2bf85d ipc: get rid of i... |
185 |
shp = shm_lock(ns, sfd->id); |
023a53557 ipc: integrate ip... |
186 |
BUG_ON(IS_ERR(shp)); |
b488893a3 pid namespaces: c... |
187 |
shp->shm_lprid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
188 189 190 |
shp->shm_dtim = get_seconds(); shp->shm_nattch--; if(shp->shm_nattch == 0 && |
b33291c0b [PATCH] ipc: expa... |
191 |
shp->shm_perm.mode & SHM_DEST) |
4e9823111 [PATCH] IPC names... |
192 |
shm_destroy(ns, shp); |
1da177e4c Linux-2.6.12-rc2 |
193 194 |
else shm_unlock(shp); |
3e148c799 fix idr_find() lo... |
195 |
up_write(&shm_ids(ns).rw_mutex); |
1da177e4c Linux-2.6.12-rc2 |
196 |
} |
d0217ac04 mm: fault feedbac... |
197 |
static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
bc56bba8f [PATCH] shm: make... |
198 199 200 |
{ struct file *file = vma->vm_file; struct shm_file_data *sfd = shm_file_data(file); |
d0217ac04 mm: fault feedbac... |
201 |
return sfd->vm_ops->fault(vma, vmf); |
bc56bba8f [PATCH] shm: make... |
202 203 204 |
} #ifdef CONFIG_NUMA |
d823e3e75 ipc/shm.c: make 2... |
205 |
static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) |
bc56bba8f [PATCH] shm: make... |
206 207 208 209 210 211 212 213 |
{ struct file *file = vma->vm_file; struct shm_file_data *sfd = shm_file_data(file); int err = 0; if (sfd->vm_ops->set_policy) err = sfd->vm_ops->set_policy(vma, new); return err; } |
d823e3e75 ipc/shm.c: make 2... |
214 215 |
static struct mempolicy *shm_get_policy(struct vm_area_struct *vma, unsigned long addr) |
bc56bba8f [PATCH] shm: make... |
216 217 218 219 220 221 222 |
{ struct file *file = vma->vm_file; struct shm_file_data *sfd = shm_file_data(file); struct mempolicy *pol = NULL; if (sfd->vm_ops->get_policy) pol = sfd->vm_ops->get_policy(vma, addr); |
52cd3b074 mempolicy: rework... |
223 |
else if (vma->vm_policy) |
bc56bba8f [PATCH] shm: make... |
224 |
pol = vma->vm_policy; |
52cd3b074 mempolicy: rework... |
225 |
|
bc56bba8f [PATCH] shm: make... |
226 227 228 |
return pol; } #endif |
1da177e4c Linux-2.6.12-rc2 |
229 230 |
static int shm_mmap(struct file * file, struct vm_area_struct * vma) { |
bc56bba8f [PATCH] shm: make... |
231 |
struct shm_file_data *sfd = shm_file_data(file); |
b0e15190e [PATCH] NOMMU: Ma... |
232 |
int ret; |
bc56bba8f [PATCH] shm: make... |
233 234 235 236 |
ret = sfd->file->f_op->mmap(sfd->file, vma); if (ret != 0) return ret; sfd->vm_ops = vma->vm_ops; |
2e92a3bae NOMMU: Fix SYSV I... |
237 |
#ifdef CONFIG_MMU |
54cb8821d mm: merge populat... |
238 |
BUG_ON(!sfd->vm_ops->fault); |
2e92a3bae NOMMU: Fix SYSV I... |
239 |
#endif |
bc56bba8f [PATCH] shm: make... |
240 241 |
vma->vm_ops = &shm_vm_ops; shm_open(vma); |
b0e15190e [PATCH] NOMMU: Ma... |
242 243 |
return ret; |
1da177e4c Linux-2.6.12-rc2 |
244 |
} |
4e9823111 [PATCH] IPC names... |
245 246 |
static int shm_release(struct inode *ino, struct file *file) { |
bc56bba8f [PATCH] shm: make... |
247 |
struct shm_file_data *sfd = shm_file_data(file); |
4e9823111 [PATCH] IPC names... |
248 |
|
bc56bba8f [PATCH] shm: make... |
249 250 251 |
put_ipc_ns(sfd->ns); shm_file_data(file) = NULL; kfree(sfd); |
4e9823111 [PATCH] IPC names... |
252 253 |
return 0; } |
7ea808591 drop unused dentr... |
254 |
static int shm_fsync(struct file *file, int datasync) |
516dffdcd [PATCH] Fix get_u... |
255 |
{ |
516dffdcd [PATCH] Fix get_u... |
256 |
struct shm_file_data *sfd = shm_file_data(file); |
516dffdcd [PATCH] Fix get_u... |
257 |
|
7ea808591 drop unused dentr... |
258 259 260 |
if (!sfd->file->f_op->fsync) return -EINVAL; return sfd->file->f_op->fsync(sfd->file, datasync); |
516dffdcd [PATCH] Fix get_u... |
261 |
} |
bc56bba8f [PATCH] shm: make... |
262 263 264 265 266 |
static unsigned long shm_get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) { struct shm_file_data *sfd = shm_file_data(file); |
c4caa7781 file ->get_unmapp... |
267 268 |
return sfd->file->f_op->get_unmapped_area(sfd->file, addr, len, pgoff, flags); |
bc56bba8f [PATCH] shm: make... |
269 |
} |
bc56bba8f [PATCH] shm: make... |
270 |
|
9a32144e9 [PATCH] mark stru... |
271 |
static const struct file_operations shm_file_operations = { |
4e9823111 [PATCH] IPC names... |
272 |
.mmap = shm_mmap, |
516dffdcd [PATCH] Fix get_u... |
273 |
.fsync = shm_fsync, |
4e9823111 [PATCH] IPC names... |
274 |
.release = shm_release, |
ed5e5894b nommu: fix SYSV S... |
275 276 277 |
#ifndef CONFIG_MMU .get_unmapped_area = shm_get_unmapped_area, #endif |
c4caa7781 file ->get_unmapp... |
278 279 280 281 282 283 |
}; static const struct file_operations shm_file_operations_huge = { .mmap = shm_mmap, .fsync = shm_fsync, .release = shm_release, |
bc56bba8f [PATCH] shm: make... |
284 |
.get_unmapped_area = shm_get_unmapped_area, |
1da177e4c Linux-2.6.12-rc2 |
285 |
}; |
c4caa7781 file ->get_unmapp... |
286 287 288 289 |
int is_file_shm_hugepages(struct file *file) { return file->f_op == &shm_file_operations_huge; } |
f0f37e2f7 const: mark struc... |
290 |
static const struct vm_operations_struct shm_vm_ops = { |
1da177e4c Linux-2.6.12-rc2 |
291 292 |
.open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ |
54cb8821d mm: merge populat... |
293 |
.fault = shm_fault, |
bc56bba8f [PATCH] shm: make... |
294 295 296 |
#if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, |
1da177e4c Linux-2.6.12-rc2 |
297 298 |
#endif }; |
f4566f048 ipc: fix wrong co... |
299 300 301 302 303 |
/** * newseg - Create a new shared memory segment * @ns: namespace * @params: ptr to the structure that contains key, size and shmflg * |
3e148c799 fix idr_find() lo... |
304 |
* Called with shm_ids.rw_mutex held as a writer. |
f4566f048 ipc: fix wrong co... |
305 |
*/ |
7748dbfaa ipc: unify the sy... |
306 |
static int newseg(struct ipc_namespace *ns, struct ipc_params *params) |
1da177e4c Linux-2.6.12-rc2 |
307 |
{ |
7748dbfaa ipc: unify the sy... |
308 309 310 |
key_t key = params->key; int shmflg = params->flg; size_t size = params->u.size; |
1da177e4c Linux-2.6.12-rc2 |
311 312 313 314 315 316 |
int error; struct shmid_kernel *shp; int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; struct file * file; char name[13]; int id; |
5a6fe1259 Do not account fo... |
317 |
int acctflag = 0; |
1da177e4c Linux-2.6.12-rc2 |
318 |
|
4e9823111 [PATCH] IPC names... |
319 |
if (size < SHMMIN || size > ns->shm_ctlmax) |
1da177e4c Linux-2.6.12-rc2 |
320 |
return -EINVAL; |
f66d45e99 [PATCH] correct s... |
321 |
if (ns->shm_tot + numpages > ns->shm_ctlall) |
1da177e4c Linux-2.6.12-rc2 |
322 323 324 325 326 327 328 |
return -ENOSPC; shp = ipc_rcu_alloc(sizeof(*shp)); if (!shp) return -ENOMEM; shp->shm_perm.key = key; |
b33291c0b [PATCH] ipc: expa... |
329 |
shp->shm_perm.mode = (shmflg & S_IRWXUGO); |
1da177e4c Linux-2.6.12-rc2 |
330 331 332 333 334 335 336 337 |
shp->mlock_user = NULL; shp->shm_perm.security = NULL; error = security_shm_alloc(shp); if (error) { ipc_rcu_putref(shp); return error; } |
9d66586f7 shm: fix the file... |
338 |
sprintf (name, "SYSV%08x", key); |
1da177e4c Linux-2.6.12-rc2 |
339 |
if (shmflg & SHM_HUGETLB) { |
5a6fe1259 Do not account fo... |
340 341 342 |
/* hugetlb_file_setup applies strict accounting */ if (shmflg & SHM_NORESERVE) acctflag = VM_NORESERVE; |
353d5c30c mm: fix hugetlb b... |
343 |
file = hugetlb_file_setup(name, size, acctflag, |
6bfde05bf hugetlbfs: allow ... |
344 |
&shp->mlock_user, HUGETLB_SHMFS_INODE); |
1da177e4c Linux-2.6.12-rc2 |
345 |
} else { |
bf8f972d3 [PATCH] SHM_NORES... |
346 347 348 349 350 351 |
/* * Do not allow no accounting for OVERCOMMIT_NEVER, even * if it's asked for. */ if ((shmflg & SHM_NORESERVE) && sysctl_overcommit_memory != OVERCOMMIT_NEVER) |
fc8744adc Stop playing sill... |
352 |
acctflag = VM_NORESERVE; |
bf8f972d3 [PATCH] SHM_NORES... |
353 |
file = shmem_file_setup(name, size, acctflag); |
1da177e4c Linux-2.6.12-rc2 |
354 355 356 357 |
} error = PTR_ERR(file); if (IS_ERR(file)) goto no_file; |
48dea404e IPC: use ipc_buil... |
358 |
id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); |
283bb7fad IPC: fix error ca... |
359 360 |
if (id < 0) { error = id; |
1da177e4c Linux-2.6.12-rc2 |
361 |
goto no_id; |
283bb7fad IPC: fix error ca... |
362 |
} |
1da177e4c Linux-2.6.12-rc2 |
363 |
|
b488893a3 pid namespaces: c... |
364 |
shp->shm_cprid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
365 366 367 368 369 |
shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); shp->shm_segsz = size; shp->shm_nattch = 0; |
1da177e4c Linux-2.6.12-rc2 |
370 |
shp->shm_file = file; |
30475cc12 Restore shmid as ... |
371 372 373 374 |
/* * shmid gets reported as "inode#" in /proc/pid/maps. * proc-ps tools use this. Changing this will break them. */ |
7ca7e564e ipc: store ipcs i... |
375 |
file->f_dentry->d_inode->i_ino = shp->shm_perm.id; |
551110a94 [PATCH] hugetlb: ... |
376 |
|
4e9823111 [PATCH] IPC names... |
377 |
ns->shm_tot += numpages; |
7ca7e564e ipc: store ipcs i... |
378 |
error = shp->shm_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
379 |
shm_unlock(shp); |
7ca7e564e ipc: store ipcs i... |
380 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
381 382 |
no_id: |
2195d2818 fix undefined ref... |
383 |
if (is_file_hugepages(file) && shp->mlock_user) |
353d5c30c mm: fix hugetlb b... |
384 |
user_shm_unlock(size, shp->mlock_user); |
1da177e4c Linux-2.6.12-rc2 |
385 386 387 388 389 390 |
fput(file); no_file: security_shm_free(shp); ipc_rcu_putref(shp); return error; } |
f4566f048 ipc: fix wrong co... |
391 |
/* |
3e148c799 fix idr_find() lo... |
392 |
* Called with shm_ids.rw_mutex and ipcp locked. |
f4566f048 ipc: fix wrong co... |
393 |
*/ |
03f02c765 Storing ipcs into... |
394 |
static inline int shm_security(struct kern_ipc_perm *ipcp, int shmflg) |
7748dbfaa ipc: unify the sy... |
395 |
{ |
03f02c765 Storing ipcs into... |
396 397 398 399 |
struct shmid_kernel *shp; shp = container_of(ipcp, struct shmid_kernel, shm_perm); return security_shm_associate(shp, shmflg); |
7748dbfaa ipc: unify the sy... |
400 |
} |
f4566f048 ipc: fix wrong co... |
401 |
/* |
3e148c799 fix idr_find() lo... |
402 |
* Called with shm_ids.rw_mutex and ipcp locked. |
f4566f048 ipc: fix wrong co... |
403 |
*/ |
03f02c765 Storing ipcs into... |
404 405 |
static inline int shm_more_checks(struct kern_ipc_perm *ipcp, struct ipc_params *params) |
7748dbfaa ipc: unify the sy... |
406 |
{ |
03f02c765 Storing ipcs into... |
407 408 409 410 |
struct shmid_kernel *shp; shp = container_of(ipcp, struct shmid_kernel, shm_perm); if (shp->shm_segsz < params->u.size) |
7748dbfaa ipc: unify the sy... |
411 412 413 414 |
return -EINVAL; return 0; } |
d5460c997 [CVE-2009-0029] S... |
415 |
SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg) |
1da177e4c Linux-2.6.12-rc2 |
416 |
{ |
4e9823111 [PATCH] IPC names... |
417 |
struct ipc_namespace *ns; |
7748dbfaa ipc: unify the sy... |
418 419 |
struct ipc_ops shm_ops; struct ipc_params shm_params; |
4e9823111 [PATCH] IPC names... |
420 421 |
ns = current->nsproxy->ipc_ns; |
1da177e4c Linux-2.6.12-rc2 |
422 |
|
7748dbfaa ipc: unify the sy... |
423 424 425 |
shm_ops.getnew = newseg; shm_ops.associate = shm_security; shm_ops.more_checks = shm_more_checks; |
7ca7e564e ipc: store ipcs i... |
426 |
|
7748dbfaa ipc: unify the sy... |
427 428 429 |
shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; |
1da177e4c Linux-2.6.12-rc2 |
430 |
|
7748dbfaa ipc: unify the sy... |
431 |
return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params); |
1da177e4c Linux-2.6.12-rc2 |
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 |
} static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version) { switch(version) { case IPC_64: return copy_to_user(buf, in, sizeof(*in)); case IPC_OLD: { struct shmid_ds out; ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm); out.shm_segsz = in->shm_segsz; out.shm_atime = in->shm_atime; out.shm_dtime = in->shm_dtime; out.shm_ctime = in->shm_ctime; out.shm_cpid = in->shm_cpid; out.shm_lpid = in->shm_lpid; out.shm_nattch = in->shm_nattch; return copy_to_user(buf, &out, sizeof(out)); } default: return -EINVAL; } } |
016d7132f IPC: get rid of t... |
458 459 |
static inline unsigned long copy_shmid_from_user(struct shmid64_ds *out, void __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
460 461 462 |
{ switch(version) { case IPC_64: |
016d7132f IPC: get rid of t... |
463 |
if (copy_from_user(out, buf, sizeof(*out))) |
1da177e4c Linux-2.6.12-rc2 |
464 |
return -EFAULT; |
1da177e4c Linux-2.6.12-rc2 |
465 |
return 0; |
1da177e4c Linux-2.6.12-rc2 |
466 467 468 469 470 471 |
case IPC_OLD: { struct shmid_ds tbuf_old; if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) return -EFAULT; |
016d7132f IPC: get rid of t... |
472 473 474 |
out->shm_perm.uid = tbuf_old.shm_perm.uid; out->shm_perm.gid = tbuf_old.shm_perm.gid; out->shm_perm.mode = tbuf_old.shm_perm.mode; |
1da177e4c Linux-2.6.12-rc2 |
475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 |
return 0; } default: return -EINVAL; } } static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminfo64 *in, int version) { switch(version) { case IPC_64: return copy_to_user(buf, in, sizeof(*in)); case IPC_OLD: { struct shminfo out; if(in->shmmax > INT_MAX) out.shmmax = INT_MAX; else out.shmmax = (int)in->shmmax; out.shmmin = in->shmmin; out.shmmni = in->shmmni; out.shmseg = in->shmseg; out.shmall = in->shmall; return copy_to_user(buf, &out, sizeof(out)); } default: return -EINVAL; } } |
f4566f048 ipc: fix wrong co... |
508 |
/* |
3e148c799 fix idr_find() lo... |
509 |
* Called with shm_ids.rw_mutex held as a reader |
f4566f048 ipc: fix wrong co... |
510 |
*/ |
4e9823111 [PATCH] IPC names... |
511 512 |
static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss, unsigned long *swp) |
1da177e4c Linux-2.6.12-rc2 |
513 |
{ |
7ca7e564e ipc: store ipcs i... |
514 515 |
int next_id; int total, in_use; |
1da177e4c Linux-2.6.12-rc2 |
516 517 518 |
*rss = 0; *swp = 0; |
7ca7e564e ipc: store ipcs i... |
519 520 521 |
in_use = shm_ids(ns).in_use; for (total = 0, next_id = 0; total < in_use; next_id++) { |
e562aebc6 ipc: make shm_get... |
522 |
struct kern_ipc_perm *ipc; |
1da177e4c Linux-2.6.12-rc2 |
523 524 |
struct shmid_kernel *shp; struct inode *inode; |
e562aebc6 ipc: make shm_get... |
525 526 |
ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id); if (ipc == NULL) |
1da177e4c Linux-2.6.12-rc2 |
527 |
continue; |
e562aebc6 ipc: make shm_get... |
528 |
shp = container_of(ipc, struct shmid_kernel, shm_perm); |
1da177e4c Linux-2.6.12-rc2 |
529 |
|
6d63079ad [PATCH] struct pa... |
530 |
inode = shp->shm_file->f_path.dentry->d_inode; |
1da177e4c Linux-2.6.12-rc2 |
531 532 533 |
if (is_file_hugepages(shp->shm_file)) { struct address_space *mapping = inode->i_mapping; |
a55164389 hugetlb: modular ... |
534 535 |
struct hstate *h = hstate_file(shp->shm_file); *rss += pages_per_huge_page(h) * mapping->nrpages; |
1da177e4c Linux-2.6.12-rc2 |
536 |
} else { |
a68e61e8f shm: fix shmctl(S... |
537 |
#ifdef CONFIG_SHMEM |
1da177e4c Linux-2.6.12-rc2 |
538 539 540 541 542 |
struct shmem_inode_info *info = SHMEM_I(inode); spin_lock(&info->lock); *rss += inode->i_mapping->nrpages; *swp += info->swapped; spin_unlock(&info->lock); |
a68e61e8f shm: fix shmctl(S... |
543 544 545 |
#else *rss += inode->i_mapping->nrpages; #endif |
1da177e4c Linux-2.6.12-rc2 |
546 |
} |
7ca7e564e ipc: store ipcs i... |
547 548 |
total++; |
1da177e4c Linux-2.6.12-rc2 |
549 550 |
} } |
8d4cc8b5c IPC/shared memory... |
551 552 553 554 555 556 557 |
/* * This function handles some shmctl commands which require the rw_mutex * to be held in write mode. * NOTE: no locks must be held, the rw_mutex is taken inside this function. */ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, struct shmid_ds __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
558 |
{ |
8d4cc8b5c IPC/shared memory... |
559 |
struct kern_ipc_perm *ipcp; |
016d7132f IPC: get rid of t... |
560 |
struct shmid64_ds shmid64; |
1da177e4c Linux-2.6.12-rc2 |
561 |
struct shmid_kernel *shp; |
8d4cc8b5c IPC/shared memory... |
562 563 564 |
int err; if (cmd == IPC_SET) { |
016d7132f IPC: get rid of t... |
565 |
if (copy_shmid_from_user(&shmid64, buf, version)) |
8d4cc8b5c IPC/shared memory... |
566 567 |
return -EFAULT; } |
a5f75e7f2 IPC: consolidate ... |
568 569 570 |
ipcp = ipcctl_pre_down(&shm_ids(ns), shmid, cmd, &shmid64.shm_perm, 0); if (IS_ERR(ipcp)) return PTR_ERR(ipcp); |
8d4cc8b5c IPC/shared memory... |
571 |
|
a5f75e7f2 IPC: consolidate ... |
572 |
shp = container_of(ipcp, struct shmid_kernel, shm_perm); |
8d4cc8b5c IPC/shared memory... |
573 574 575 576 577 578 579 580 581 |
err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock; switch (cmd) { case IPC_RMID: do_shm_rmid(ns, ipcp); goto out_up; case IPC_SET: |
8f4a3809c IPC: introduce ip... |
582 |
ipc_update_perm(&shmid64.shm_perm, ipcp); |
8d4cc8b5c IPC/shared memory... |
583 584 585 586 587 588 589 590 591 592 593 |
shp->shm_ctim = get_seconds(); break; default: err = -EINVAL; } out_unlock: shm_unlock(shp); out_up: up_write(&shm_ids(ns).rw_mutex); return err; } |
d5460c997 [CVE-2009-0029] S... |
594 |
SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
8d4cc8b5c IPC/shared memory... |
595 596 |
{ struct shmid_kernel *shp; |
1da177e4c Linux-2.6.12-rc2 |
597 |
int err, version; |
4e9823111 [PATCH] IPC names... |
598 |
struct ipc_namespace *ns; |
1da177e4c Linux-2.6.12-rc2 |
599 600 601 602 603 604 605 |
if (cmd < 0 || shmid < 0) { err = -EINVAL; goto out; } version = ipc_parse_version(&cmd); |
4e9823111 [PATCH] IPC names... |
606 |
ns = current->nsproxy->ipc_ns; |
1da177e4c Linux-2.6.12-rc2 |
607 608 609 610 611 612 613 614 615 |
switch (cmd) { /* replace with proc interface ? */ case IPC_INFO: { struct shminfo64 shminfo; err = security_shm_shmctl(NULL, cmd); if (err) return err; |
e8148f758 ipc: clean up ipc... |
616 |
memset(&shminfo, 0, sizeof(shminfo)); |
4e9823111 [PATCH] IPC names... |
617 618 619 |
shminfo.shmmni = shminfo.shmseg = ns->shm_ctlmni; shminfo.shmmax = ns->shm_ctlmax; shminfo.shmall = ns->shm_ctlall; |
1da177e4c Linux-2.6.12-rc2 |
620 621 622 623 |
shminfo.shmmin = SHMMIN; if(copy_shminfo_to_user (buf, &shminfo, version)) return -EFAULT; |
f4566f048 ipc: fix wrong co... |
624 |
|
3e148c799 fix idr_find() lo... |
625 |
down_read(&shm_ids(ns).rw_mutex); |
7ca7e564e ipc: store ipcs i... |
626 |
err = ipc_get_maxid(&shm_ids(ns)); |
3e148c799 fix idr_find() lo... |
627 |
up_read(&shm_ids(ns).rw_mutex); |
f4566f048 ipc: fix wrong co... |
628 |
|
1da177e4c Linux-2.6.12-rc2 |
629 630 631 632 633 634 635 636 637 638 639 |
if(err<0) err = 0; goto out; } case SHM_INFO: { struct shm_info shm_info; err = security_shm_shmctl(NULL, cmd); if (err) return err; |
e8148f758 ipc: clean up ipc... |
640 |
memset(&shm_info, 0, sizeof(shm_info)); |
3e148c799 fix idr_find() lo... |
641 |
down_read(&shm_ids(ns).rw_mutex); |
4e9823111 [PATCH] IPC names... |
642 643 644 |
shm_info.used_ids = shm_ids(ns).in_use; shm_get_stat (ns, &shm_info.shm_rss, &shm_info.shm_swp); shm_info.shm_tot = ns->shm_tot; |
1da177e4c Linux-2.6.12-rc2 |
645 646 |
shm_info.swap_attempts = 0; shm_info.swap_successes = 0; |
7ca7e564e ipc: store ipcs i... |
647 |
err = ipc_get_maxid(&shm_ids(ns)); |
3e148c799 fix idr_find() lo... |
648 |
up_read(&shm_ids(ns).rw_mutex); |
e8148f758 ipc: clean up ipc... |
649 |
if (copy_to_user(buf, &shm_info, sizeof(shm_info))) { |
1da177e4c Linux-2.6.12-rc2 |
650 651 652 653 654 655 656 657 658 659 660 661 |
err = -EFAULT; goto out; } err = err < 0 ? 0 : err; goto out; } case SHM_STAT: case IPC_STAT: { struct shmid64_ds tbuf; int result; |
023a53557 ipc: integrate ip... |
662 |
|
023a53557 ipc: integrate ip... |
663 664 665 666 667 668 |
if (cmd == SHM_STAT) { shp = shm_lock(ns, shmid); if (IS_ERR(shp)) { err = PTR_ERR(shp); goto out; } |
7ca7e564e ipc: store ipcs i... |
669 |
result = shp->shm_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
670 |
} else { |
023a53557 ipc: integrate ip... |
671 672 673 674 675 |
shp = shm_lock_check(ns, shmid); if (IS_ERR(shp)) { err = PTR_ERR(shp); goto out; } |
1da177e4c Linux-2.6.12-rc2 |
676 677 |
result = 0; } |
e8148f758 ipc: clean up ipc... |
678 |
err = -EACCES; |
1da177e4c Linux-2.6.12-rc2 |
679 680 681 682 683 |
if (ipcperms (&shp->shm_perm, S_IRUGO)) goto out_unlock; err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock; |
023a53557 ipc: integrate ip... |
684 |
memset(&tbuf, 0, sizeof(tbuf)); |
1da177e4c Linux-2.6.12-rc2 |
685 686 687 688 689 690 691 |
kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm); tbuf.shm_segsz = shp->shm_segsz; tbuf.shm_atime = shp->shm_atim; tbuf.shm_dtime = shp->shm_dtim; tbuf.shm_ctime = shp->shm_ctim; tbuf.shm_cpid = shp->shm_cprid; tbuf.shm_lpid = shp->shm_lprid; |
bc56bba8f [PATCH] shm: make... |
692 |
tbuf.shm_nattch = shp->shm_nattch; |
1da177e4c Linux-2.6.12-rc2 |
693 694 695 696 697 698 699 700 701 702 |
shm_unlock(shp); if(copy_shmid_to_user (buf, &tbuf, version)) err = -EFAULT; else err = result; goto out; } case SHM_LOCK: case SHM_UNLOCK: { |
89e004ea5 SHM_LOCKED pages ... |
703 704 705 |
struct file *uninitialized_var(shm_file); lru_add_drain_all(); /* drain pagevecs to lru lists */ |
023a53557 ipc: integrate ip... |
706 707 708 |
shp = shm_lock_check(ns, shmid); if (IS_ERR(shp)) { err = PTR_ERR(shp); |
1da177e4c Linux-2.6.12-rc2 |
709 710 |
goto out; } |
1da177e4c Linux-2.6.12-rc2 |
711 |
|
a33e67510 sanitize audit_ip... |
712 |
audit_ipc_obj(&(shp->shm_perm)); |
073115d6b [PATCH] Rework of... |
713 |
|
1da177e4c Linux-2.6.12-rc2 |
714 |
if (!capable(CAP_IPC_LOCK)) { |
414c0708d CRED: Wrap task c... |
715 |
uid_t euid = current_euid(); |
1da177e4c Linux-2.6.12-rc2 |
716 |
err = -EPERM; |
414c0708d CRED: Wrap task c... |
717 718 |
if (euid != shp->shm_perm.uid && euid != shp->shm_perm.cuid) |
1da177e4c Linux-2.6.12-rc2 |
719 |
goto out_unlock; |
f1eb1332b ipc: use rlimit h... |
720 |
if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) |
1da177e4c Linux-2.6.12-rc2 |
721 722 723 724 725 726 727 728 |
goto out_unlock; } err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock; if(cmd==SHM_LOCK) { |
86a264abe CRED: Wrap curren... |
729 |
struct user_struct *user = current_user(); |
1da177e4c Linux-2.6.12-rc2 |
730 731 |
if (!is_file_hugepages(shp->shm_file)) { err = shmem_lock(shp->shm_file, 1, user); |
7be77e20d Fix user struct l... |
732 |
if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ |
b33291c0b [PATCH] ipc: expa... |
733 |
shp->shm_perm.mode |= SHM_LOCKED; |
1da177e4c Linux-2.6.12-rc2 |
734 735 736 737 738 |
shp->mlock_user = user; } } } else if (!is_file_hugepages(shp->shm_file)) { shmem_lock(shp->shm_file, 0, shp->mlock_user); |
b33291c0b [PATCH] ipc: expa... |
739 |
shp->shm_perm.mode &= ~SHM_LOCKED; |
1da177e4c Linux-2.6.12-rc2 |
740 741 742 743 744 745 |
shp->mlock_user = NULL; } shm_unlock(shp); goto out; } case IPC_RMID: |
1da177e4c Linux-2.6.12-rc2 |
746 |
case IPC_SET: |
8d4cc8b5c IPC/shared memory... |
747 748 |
err = shmctl_down(ns, shmid, cmd, buf, version); return err; |
1da177e4c Linux-2.6.12-rc2 |
749 |
default: |
8d4cc8b5c IPC/shared memory... |
750 |
return -EINVAL; |
1da177e4c Linux-2.6.12-rc2 |
751 |
} |
1da177e4c Linux-2.6.12-rc2 |
752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 |
out_unlock: shm_unlock(shp); out: return err; } /* * Fix shmaddr, allocate descriptor, map shm, add attach descriptor to lists. * * NOTE! Despite the name, this is NOT a direct system call entrypoint. The * "raddr" thing points to kernel space, and there has to be a wrapper around * this. */ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) { struct shmid_kernel *shp; unsigned long addr; unsigned long size; struct file * file; int err; unsigned long flags; unsigned long prot; |
1da177e4c Linux-2.6.12-rc2 |
774 |
int acc_mode; |
bc56bba8f [PATCH] shm: make... |
775 |
unsigned long user_addr; |
4e9823111 [PATCH] IPC names... |
776 |
struct ipc_namespace *ns; |
bc56bba8f [PATCH] shm: make... |
777 778 |
struct shm_file_data *sfd; struct path path; |
aeb5d7270 [PATCH] introduce... |
779 |
fmode_t f_mode; |
1da177e4c Linux-2.6.12-rc2 |
780 |
|
bc56bba8f [PATCH] shm: make... |
781 782 |
err = -EINVAL; if (shmid < 0) |
1da177e4c Linux-2.6.12-rc2 |
783 |
goto out; |
bc56bba8f [PATCH] shm: make... |
784 |
else if ((addr = (ulong)shmaddr)) { |
1da177e4c Linux-2.6.12-rc2 |
785 786 787 788 789 790 791 |
if (addr & (SHMLBA-1)) { if (shmflg & SHM_RND) addr &= ~(SHMLBA-1); /* round down */ else #ifndef __ARCH_FORCE_SHMLBA if (addr & ~PAGE_MASK) #endif |
bc56bba8f [PATCH] shm: make... |
792 |
goto out; |
1da177e4c Linux-2.6.12-rc2 |
793 794 795 796 |
} flags = MAP_SHARED | MAP_FIXED; } else { if ((shmflg & SHM_REMAP)) |
bc56bba8f [PATCH] shm: make... |
797 |
goto out; |
1da177e4c Linux-2.6.12-rc2 |
798 799 800 801 802 803 |
flags = MAP_SHARED; } if (shmflg & SHM_RDONLY) { prot = PROT_READ; |
1da177e4c Linux-2.6.12-rc2 |
804 |
acc_mode = S_IRUGO; |
bc56bba8f [PATCH] shm: make... |
805 |
f_mode = FMODE_READ; |
1da177e4c Linux-2.6.12-rc2 |
806 807 |
} else { prot = PROT_READ | PROT_WRITE; |
1da177e4c Linux-2.6.12-rc2 |
808 |
acc_mode = S_IRUGO | S_IWUGO; |
bc56bba8f [PATCH] shm: make... |
809 |
f_mode = FMODE_READ | FMODE_WRITE; |
1da177e4c Linux-2.6.12-rc2 |
810 811 812 813 814 815 816 817 818 819 |
} if (shmflg & SHM_EXEC) { prot |= PROT_EXEC; acc_mode |= S_IXUGO; } /* * We cannot rely on the fs check since SYSV IPC does have an * additional creator id... */ |
4e9823111 [PATCH] IPC names... |
820 |
ns = current->nsproxy->ipc_ns; |
023a53557 ipc: integrate ip... |
821 822 823 |
shp = shm_lock_check(ns, shmid); if (IS_ERR(shp)) { err = PTR_ERR(shp); |
1da177e4c Linux-2.6.12-rc2 |
824 |
goto out; |
023a53557 ipc: integrate ip... |
825 |
} |
bc56bba8f [PATCH] shm: make... |
826 827 828 829 |
err = -EACCES; if (ipcperms(&shp->shm_perm, acc_mode)) goto out_unlock; |
1da177e4c Linux-2.6.12-rc2 |
830 831 |
err = security_shm_shmat(shp, shmaddr, shmflg); |
bc56bba8f [PATCH] shm: make... |
832 833 |
if (err) goto out_unlock; |
2c48b9c45 switch alloc_file... |
834 835 |
path = shp->shm_file->f_path; path_get(&path); |
1da177e4c Linux-2.6.12-rc2 |
836 |
shp->shm_nattch++; |
bc56bba8f [PATCH] shm: make... |
837 |
size = i_size_read(path.dentry->d_inode); |
1da177e4c Linux-2.6.12-rc2 |
838 |
shm_unlock(shp); |
bc56bba8f [PATCH] shm: make... |
839 840 841 |
err = -ENOMEM; sfd = kzalloc(sizeof(*sfd), GFP_KERNEL); if (!sfd) |
ce8d2cdf3 r/o bind mounts: ... |
842 |
goto out_put_dentry; |
bc56bba8f [PATCH] shm: make... |
843 |
|
2c48b9c45 switch alloc_file... |
844 845 |
file = alloc_file(&path, f_mode, is_file_hugepages(shp->shm_file) ? |
c4caa7781 file ->get_unmapp... |
846 847 |
&shm_file_operations_huge : &shm_file_operations); |
bc56bba8f [PATCH] shm: make... |
848 849 |
if (!file) goto out_free; |
bc56bba8f [PATCH] shm: make... |
850 |
file->private_data = sfd; |
bc56bba8f [PATCH] shm: make... |
851 |
file->f_mapping = shp->shm_file->f_mapping; |
7ca7e564e ipc: store ipcs i... |
852 |
sfd->id = shp->shm_perm.id; |
bc56bba8f [PATCH] shm: make... |
853 854 855 |
sfd->ns = get_ipc_ns(ns); sfd->file = shp->shm_file; sfd->vm_ops = NULL; |
1da177e4c Linux-2.6.12-rc2 |
856 857 |
down_write(¤t->mm->mmap_sem); if (addr && !(shmflg & SHM_REMAP)) { |
bc56bba8f [PATCH] shm: make... |
858 |
err = -EINVAL; |
1da177e4c Linux-2.6.12-rc2 |
859 860 861 862 863 864 865 866 867 868 869 |
if (find_vma_intersection(current->mm, addr, addr + size)) goto invalid; /* * If shm segment goes below stack, make sure there is some * space left for the stack to grow (at least 4 pages). */ if (addr < current->mm->start_stack && addr > current->mm->start_stack - size - PAGE_SIZE * 5) goto invalid; } |
bc56bba8f [PATCH] shm: make... |
870 871 872 873 874 |
user_addr = do_mmap (file, addr, size, prot, flags, 0); *raddr = user_addr; err = 0; if (IS_ERR_VALUE(user_addr)) err = (long)user_addr; |
1da177e4c Linux-2.6.12-rc2 |
875 876 |
invalid: up_write(¤t->mm->mmap_sem); |
bc56bba8f [PATCH] shm: make... |
877 878 879 |
fput(file); out_nattch: |
3e148c799 fix idr_find() lo... |
880 |
down_write(&shm_ids(ns).rw_mutex); |
00c2bf85d ipc: get rid of i... |
881 |
shp = shm_lock(ns, shmid); |
023a53557 ipc: integrate ip... |
882 |
BUG_ON(IS_ERR(shp)); |
1da177e4c Linux-2.6.12-rc2 |
883 884 |
shp->shm_nattch--; if(shp->shm_nattch == 0 && |
b33291c0b [PATCH] ipc: expa... |
885 |
shp->shm_perm.mode & SHM_DEST) |
4e9823111 [PATCH] IPC names... |
886 |
shm_destroy(ns, shp); |
1da177e4c Linux-2.6.12-rc2 |
887 888 |
else shm_unlock(shp); |
3e148c799 fix idr_find() lo... |
889 |
up_write(&shm_ids(ns).rw_mutex); |
1da177e4c Linux-2.6.12-rc2 |
890 |
|
1da177e4c Linux-2.6.12-rc2 |
891 892 |
out: return err; |
bc56bba8f [PATCH] shm: make... |
893 894 895 896 897 898 899 |
out_unlock: shm_unlock(shp); goto out; out_free: kfree(sfd); |
ce8d2cdf3 r/o bind mounts: ... |
900 |
out_put_dentry: |
2c48b9c45 switch alloc_file... |
901 |
path_put(&path); |
bc56bba8f [PATCH] shm: make... |
902 |
goto out_nattch; |
1da177e4c Linux-2.6.12-rc2 |
903 |
} |
d5460c997 [CVE-2009-0029] S... |
904 |
SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg) |
7d87e14c2 [PATCH] consolida... |
905 906 907 908 909 910 911 912 913 914 |
{ unsigned long ret; long err; err = do_shmat(shmid, shmaddr, shmflg, &ret); if (err) return err; force_successful_syscall_return(); return (long)ret; } |
1da177e4c Linux-2.6.12-rc2 |
915 916 917 918 |
/* * detach and kill segment if marked destroyed. * The work is done in shm_close. */ |
d5460c997 [CVE-2009-0029] S... |
919 |
SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) |
1da177e4c Linux-2.6.12-rc2 |
920 921 |
{ struct mm_struct *mm = current->mm; |
586c7e6a2 shm: fix unused w... |
922 |
struct vm_area_struct *vma; |
1da177e4c Linux-2.6.12-rc2 |
923 |
unsigned long addr = (unsigned long)shmaddr; |
1da177e4c Linux-2.6.12-rc2 |
924 |
int retval = -EINVAL; |
586c7e6a2 shm: fix unused w... |
925 926 927 928 |
#ifdef CONFIG_MMU loff_t size = 0; struct vm_area_struct *next; #endif |
1da177e4c Linux-2.6.12-rc2 |
929 |
|
df1e2fb54 [PATCH] shmdt: ch... |
930 931 |
if (addr & ~PAGE_MASK) return retval; |
1da177e4c Linux-2.6.12-rc2 |
932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 |
down_write(&mm->mmap_sem); /* * This function tries to be smart and unmap shm segments that * were modified by partial mlock or munmap calls: * - It first determines the size of the shm segment that should be * unmapped: It searches for a vma that is backed by shm and that * started at address shmaddr. It records it's size and then unmaps * it. * - Then it unmaps all shm vmas that started at shmaddr and that * are within the initially determined size. * Errors from do_munmap are ignored: the function only fails if * it's called with invalid parameters or if it's called to unmap * a part of a vma. Both calls in this function are for full vmas, * the parameters are directly copied from the vma itself and always * valid - therefore do_munmap cannot fail. (famous last words?) */ /* * If it had been mremap()'d, the starting address would not * match the usual checks anyway. So assume all vma's are * above the starting address given. */ vma = find_vma(mm, addr); |
8feae1311 NOMMU: Make VMAs ... |
955 |
#ifdef CONFIG_MMU |
1da177e4c Linux-2.6.12-rc2 |
956 957 958 959 960 961 962 963 |
while (vma) { next = vma->vm_next; /* * Check if the starting address would match, i.e. it's * a fragment created by mprotect() and/or munmap(), or it * otherwise it starts at this address with no hassles. */ |
bc56bba8f [PATCH] shm: make... |
964 |
if ((vma->vm_ops == &shm_vm_ops) && |
1da177e4c Linux-2.6.12-rc2 |
965 |
(vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) { |
6d63079ad [PATCH] struct pa... |
966 |
size = vma->vm_file->f_path.dentry->d_inode->i_size; |
1da177e4c Linux-2.6.12-rc2 |
967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 |
do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); /* * We discovered the size of the shm segment, so * break out of here and fall through to the next * loop that uses the size information to stop * searching for matching vma's. */ retval = 0; vma = next; break; } vma = next; } /* * We need look no further than the maximum address a fragment * could possibly have landed at. Also cast things to loff_t to * prevent overflows and make comparisions vs. equal-width types. */ |
8e36709d8 [PATCH] shmdt can... |
986 |
size = PAGE_ALIGN(size); |
1da177e4c Linux-2.6.12-rc2 |
987 988 989 990 |
while (vma && (loff_t)(vma->vm_end - addr) <= size) { next = vma->vm_next; /* finding a matching vma now does not alter retval */ |
bc56bba8f [PATCH] shm: make... |
991 |
if ((vma->vm_ops == &shm_vm_ops) && |
1da177e4c Linux-2.6.12-rc2 |
992 993 994 995 996 |
(vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); vma = next; } |
8feae1311 NOMMU: Make VMAs ... |
997 998 999 1000 1001 1002 1003 1004 1005 1006 |
#else /* CONFIG_MMU */ /* under NOMMU conditions, the exact address to be destroyed must be * given */ retval = -EINVAL; if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); retval = 0; } #endif |
1da177e4c Linux-2.6.12-rc2 |
1007 1008 1009 1010 1011 |
up_write(&mm->mmap_sem); return retval; } #ifdef CONFIG_PROC_FS |
19b4946ca [PATCH] ipc: conv... |
1012 |
static int sysvipc_shm_proc_show(struct seq_file *s, void *it) |
1da177e4c Linux-2.6.12-rc2 |
1013 |
{ |
19b4946ca [PATCH] ipc: conv... |
1014 |
struct shmid_kernel *shp = it; |
1da177e4c Linux-2.6.12-rc2 |
1015 |
|
6c826818f /proc/sysvipc/shm... |
1016 1017 1018 1019 1020 |
#if BITS_PER_LONG <= 32 #define SIZE_SPEC "%10lu" #else #define SIZE_SPEC "%21lu" #endif |
1da177e4c Linux-2.6.12-rc2 |
1021 |
|
6c826818f /proc/sysvipc/shm... |
1022 1023 1024 1025 |
return seq_printf(s, "%10d %10d %4o " SIZE_SPEC " %5u %5u " "%5lu %5u %5u %5u %5u %10lu %10lu %10lu ", |
19b4946ca [PATCH] ipc: conv... |
1026 |
shp->shm_perm.key, |
7ca7e564e ipc: store ipcs i... |
1027 |
shp->shm_perm.id, |
b33291c0b [PATCH] ipc: expa... |
1028 |
shp->shm_perm.mode, |
19b4946ca [PATCH] ipc: conv... |
1029 1030 1031 |
shp->shm_segsz, shp->shm_cprid, shp->shm_lprid, |
bc56bba8f [PATCH] shm: make... |
1032 |
shp->shm_nattch, |
19b4946ca [PATCH] ipc: conv... |
1033 1034 1035 1036 1037 1038 1039 |
shp->shm_perm.uid, shp->shm_perm.gid, shp->shm_perm.cuid, shp->shm_perm.cgid, shp->shm_atim, shp->shm_dtim, shp->shm_ctim); |
1da177e4c Linux-2.6.12-rc2 |
1040 1041 |
} #endif |