Blame view
ipc/util.c
22.8 KB
b24413180
|
1 |
// SPDX-License-Identifier: GPL-2.0 |
1da177e4c
|
2 3 4 5 6 7 8 9 10 |
/* * linux/ipc/util.c * Copyright (C) 1992 Krishna Balasubramanian * * Sep 1997 - Call suser() last after "normal" permission checks so we * get BSD style process accounting right. * Occurs in several places in the IPC code. * Chris Evans, <chris@ferret.lmh.ox.ac.uk> * Nov 1999 - ipc helper functions, unified SMP locking |
624dffcbc
|
11 |
* Manfred Spraul <manfred@colorfullife.com> |
1da177e4c
|
12 13 |
* Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). * Mingming Cao <cmm@us.ibm.com> |
073115d6b
|
14 15 |
* Mar 2006 - support for audit of ipc object properties * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
73ea41302
|
16 17 18 |
* Jun 2006 - namespaces ssupport * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
05603c44a
|
19 20 |
* * General sysv ipc locking scheme: |
18ccee263
|
21 22 23 24 25 |
* rcu_read_lock() * obtain the ipc object (kern_ipc_perm) by looking up the id in an idr * tree. * - perform initial checks (capabilities, auditing and permission, * etc). |
87ad4b0d8
|
26 27 |
* - perform read-only operations, such as INFO command, that * do not demand atomicity |
18ccee263
|
28 29 |
* acquire the ipc lock (kern_ipc_perm.lock) through * ipc_lock_object() |
87ad4b0d8
|
30 31 |
* - perform read-only operations that demand atomicity, * such as STAT command. |
18ccee263
|
32 33 34 35 36 37 38 39 40 41 42 43 44 |
* - perform data updates, such as SET, RMID commands and * mechanism-specific operations (semop/semtimedop, * msgsnd/msgrcv, shmat/shmdt). * drop the ipc lock, through ipc_unlock_object(). * rcu_read_unlock() * * The ids->rwsem must be taken when: * - creating, removing and iterating the existing entries in ipc * identifier sets. * - iterating through files under /proc/sysvipc/ * * Note that sems have a special fast path that avoids kern_ipc_perm.lock - * see sem_lock(). |
1da177e4c
|
45 |
*/ |
1da177e4c
|
46 47 48 49 |
#include <linux/mm.h> #include <linux/shm.h> #include <linux/init.h> #include <linux/msg.h> |
1da177e4c
|
50 51 |
#include <linux/vmalloc.h> #include <linux/slab.h> |
8f68fa2d1
|
52 |
#include <linux/notifier.h> |
c59ede7b7
|
53 |
#include <linux/capability.h> |
1da177e4c
|
54 55 56 57 |
#include <linux/highuid.h> #include <linux/security.h> #include <linux/rcupdate.h> #include <linux/workqueue.h> |
ae7817745
|
58 59 |
#include <linux/seq_file.h> #include <linux/proc_fs.h> |
073115d6b
|
60 |
#include <linux/audit.h> |
73ea41302
|
61 |
#include <linux/nsproxy.h> |
3e148c799
|
62 |
#include <linux/rwsem.h> |
b6b337ad1
|
63 |
#include <linux/memory.h> |
ae5e1b22f
|
64 |
#include <linux/ipc_namespace.h> |
0eb71a9da
|
65 |
#include <linux/rhashtable.h> |
1da177e4c
|
66 67 68 69 |
#include <asm/unistd.h> #include "util.h" |
ae7817745
|
70 71 72 |
struct ipc_proc_iface { const char *path; const char *header; |
73ea41302
|
73 |
int ids; |
ae7817745
|
74 75 |
int (*show)(struct seq_file *, void *); }; |
1da177e4c
|
76 |
/** |
8001c8581
|
77 |
* ipc_init - initialise ipc subsystem |
1da177e4c
|
78 |
* |
8001c8581
|
79 80 81 82 83 84 |
* The various sysv ipc resources (semaphores, messages and shared * memory) are initialised. * * A callback routine is registered into the memory hotplug notifier * chain: since msgmni scales to lowmem this callback routine will be * called upon successful memory add / remove to recompute msmgni. |
1da177e4c
|
85 |
*/ |
1da177e4c
|
86 87 |
static int __init ipc_init(void) { |
e74a0efff
|
88 |
proc_mkdir("sysvipc", NULL); |
eae04d25a
|
89 90 |
sem_init(); msg_init(); |
1da177e4c
|
91 |
shm_init(); |
0cfb6aee7
|
92 |
|
eae04d25a
|
93 |
return 0; |
1da177e4c
|
94 |
} |
6d08a2567
|
95 |
device_initcall(ipc_init); |
1da177e4c
|
96 |
|
0cfb6aee7
|
97 98 99 100 |
static const struct rhashtable_params ipc_kht_params = { .head_offset = offsetof(struct kern_ipc_perm, khtnode), .key_offset = offsetof(struct kern_ipc_perm, key), .key_len = FIELD_SIZEOF(struct kern_ipc_perm, key), |
0cfb6aee7
|
101 102 |
.automatic_shrinking = true, }; |
1da177e4c
|
103 |
/** |
8001c8581
|
104 105 |
* ipc_init_ids - initialise ipc identifiers * @ids: ipc identifier set |
1da177e4c
|
106 |
* |
8001c8581
|
107 |
* Set up the sequence range to use for the ipc identifier range (limited |
5ac893b8c
|
108 |
* below ipc_mni) then initialise the keys hashtable and ids idr. |
1da177e4c
|
109 |
*/ |
eae04d25a
|
110 |
void ipc_init_ids(struct ipc_ids *ids) |
1da177e4c
|
111 |
{ |
1da177e4c
|
112 |
ids->in_use = 0; |
1da177e4c
|
113 |
ids->seq = 0; |
daf948c7d
|
114 |
init_rwsem(&ids->rwsem); |
eae04d25a
|
115 |
rhashtable_init(&ids->key_ht, &ipc_kht_params); |
7ca7e564e
|
116 |
idr_init(&ids->ipcs_idr); |
27c331a17
|
117 |
ids->max_idx = -1; |
3278a2c20
|
118 |
ids->last_idx = -1; |
b8fd99838
|
119 120 121 |
#ifdef CONFIG_CHECKPOINT_RESTORE ids->next_id = -1; #endif |
1da177e4c
|
122 |
} |
ae7817745
|
123 |
#ifdef CONFIG_PROC_FS |
9a32144e9
|
124 |
static const struct file_operations sysvipc_proc_fops; |
ae7817745
|
125 |
/** |
8001c8581
|
126 127 128 129 130 |
* ipc_init_proc_interface - create a proc interface for sysipc types using a seq_file interface. * @path: Path in procfs * @header: Banner to be printed at the beginning of the file. * @ids: ipc id table to iterate. * @show: show routine. |
ae7817745
|
131 132 |
*/ void __init ipc_init_proc_interface(const char *path, const char *header, |
73ea41302
|
133 |
int ids, int (*show)(struct seq_file *, void *)) |
ae7817745
|
134 135 136 137 138 139 140 141 142 143 144 |
{ struct proc_dir_entry *pde; struct ipc_proc_iface *iface; iface = kmalloc(sizeof(*iface), GFP_KERNEL); if (!iface) return; iface->path = path; iface->header = header; iface->ids = ids; iface->show = show; |
6a6375db1
|
145 146 147 148 149 |
pde = proc_create_data(path, S_IRUGO, /* world readable */ NULL, /* parent dir */ &sysvipc_proc_fops, iface); |
3ab08fe20
|
150 |
if (!pde) |
ae7817745
|
151 |
kfree(iface); |
ae7817745
|
152 153 |
} #endif |
1da177e4c
|
154 |
/** |
8001c8581
|
155 156 157 |
* ipc_findkey - find a key in an ipc identifier set * @ids: ipc identifier set * @key: key to find |
46c0a8ca3
|
158 |
* |
8001c8581
|
159 160 161 |
* Returns the locked pointer to the ipc structure if found or NULL * otherwise. If key is found ipc points to the owning ipc structure * |
0cfb6aee7
|
162 |
* Called with writer ipc_ids.rwsem held. |
1da177e4c
|
163 |
*/ |
7748dbfaa
|
164 |
static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key) |
1da177e4c
|
165 |
{ |
dc2c8c84d
|
166 |
struct kern_ipc_perm *ipcp; |
7ca7e564e
|
167 |
|
dc2c8c84d
|
168 |
ipcp = rhashtable_lookup_fast(&ids->key_ht, &key, |
0cfb6aee7
|
169 |
ipc_kht_params); |
dc2c8c84d
|
170 171 |
if (!ipcp) return NULL; |
7ca7e564e
|
172 |
|
dc2c8c84d
|
173 174 175 |
rcu_read_lock(); ipc_lock_object(ipcp); return ipcp; |
1da177e4c
|
176 |
} |
b8fd99838
|
177 |
/* |
e2652ae6b
|
178 179 180 181 182 183 184 185 186 187 |
* Insert new IPC object into idr tree, and set sequence number and id * in the correct order. * Especially: * - the sequence number must be set before inserting the object into the idr, * because the sequence number is accessed without a lock. * - the id can/must be set after inserting the object into the idr. * All accesses must be done after getting kern_ipc_perm.lock. * * The caller must own kern_ipc_perm.lock.of the new object. * On error, the function returns a (negative) error code. |
3278a2c20
|
188 189 190 191 |
* * To conserve sequence number space, especially with extended ipc_mni, * the sequence number is incremented only when the returned ID is less than * the last one. |
b8fd99838
|
192 |
*/ |
e2652ae6b
|
193 |
static inline int ipc_idr_alloc(struct ipc_ids *ids, struct kern_ipc_perm *new) |
b8fd99838
|
194 |
{ |
e2652ae6b
|
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
int idx, next_id = -1; #ifdef CONFIG_CHECKPOINT_RESTORE next_id = ids->next_id; ids->next_id = -1; #endif /* * As soon as a new object is inserted into the idr, * ipc_obtain_object_idr() or ipc_obtain_object_check() can find it, * and the lockless preparations for ipc operations can start. * This means especially: permission checks, audit calls, allocation * of undo structures, ... * * Thus the object must be fully initialized, and if something fails, * then the full tear-down sequence must be followed. * (i.e.: set new->deleted, reduce refcount, call_rcu()) */ if (next_id < 0) { /* !CHECKPOINT_RESTORE or next_id is unset */ |
99db46ea2
|
215 216 217 218 |
int max_idx; max_idx = max(ids->in_use*3/2, ipc_min_cycle); max_idx = min(max_idx, ipc_mni); |
3278a2c20
|
219 220 |
/* allocate the idx, with a NULL struct kern_ipc_perm */ |
99db46ea2
|
221 222 |
idx = idr_alloc_cyclic(&ids->ipcs_idr, NULL, 0, max_idx, GFP_NOWAIT); |
3278a2c20
|
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 |
if (idx >= 0) { /* * idx got allocated successfully. * Now calculate the sequence number and set the * pointer for real. */ if (idx <= ids->last_idx) { ids->seq++; if (ids->seq >= ipcid_seq_max()) ids->seq = 0; } ids->last_idx = idx; new->seq = ids->seq; /* no need for smp_wmb(), this is done * inside idr_replace, as part of * rcu_assign_pointer */ idr_replace(&ids->ipcs_idr, new, idx); } |
b8fd99838
|
244 |
} else { |
e2652ae6b
|
245 246 247 |
new->seq = ipcid_to_seqx(next_id); idx = idr_alloc(&ids->ipcs_idr, new, ipcid_to_idx(next_id), 0, GFP_NOWAIT); |
b8fd99838
|
248 |
} |
e2652ae6b
|
249 |
if (idx >= 0) |
3278a2c20
|
250 |
new->id = (new->seq << ipcmni_seq_shift()) + idx; |
e2652ae6b
|
251 |
return idx; |
b8fd99838
|
252 |
} |
1da177e4c
|
253 |
/** |
8001c8581
|
254 255 256 |
* ipc_addid - add an ipc identifier * @ids: ipc identifier set * @new: new ipc permission set |
ebf66799a
|
257 |
* @limit: limit for the number of used ids |
1da177e4c
|
258 |
* |
8001c8581
|
259 |
* Add an entry 'new' to the ipc ids idr. The permissions object is |
27c331a17
|
260 |
* initialised and the first free entry is set up and the index assigned |
8001c8581
|
261 |
* is returned. The 'new' entry is returned in a locked state on success. |
39cfffd77
|
262 |
* |
8001c8581
|
263 |
* On failure the entry is not locked and a negative err-code is returned. |
39cfffd77
|
264 |
* The caller must use ipc_rcu_putref() to free the identifier. |
1da177e4c
|
265 |
* |
8001c8581
|
266 |
* Called with writer ipc_ids.rwsem held. |
1da177e4c
|
267 |
*/ |
ebf66799a
|
268 |
int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int limit) |
1da177e4c
|
269 |
{ |
1efdb69b0
|
270 271 |
kuid_t euid; kgid_t egid; |
e2652ae6b
|
272 |
int idx, err; |
1da177e4c
|
273 |
|
39cfffd77
|
274 275 |
/* 1) Initialize the refcount so that ipc_rcu_putref works */ refcount_set(&new->refcount, 1); |
5ac893b8c
|
276 277 |
if (limit > ipc_mni) limit = ipc_mni; |
7ca7e564e
|
278 |
|
dc2c8c84d
|
279 |
if (ids->in_use >= limit) |
283bb7fad
|
280 |
return -ENOSPC; |
7ca7e564e
|
281 |
|
54924ea33
|
282 |
idr_preload(GFP_KERNEL); |
e00b4ff7e
|
283 |
spin_lock_init(&new->lock); |
e00b4ff7e
|
284 285 |
rcu_read_lock(); spin_lock(&new->lock); |
b9a532277
|
286 287 288 |
current_euid_egid(&euid, &egid); new->cuid = new->uid = euid; new->gid = new->cgid = egid; |
39cfffd77
|
289 |
new->deleted = false; |
e2652ae6b
|
290 |
idx = ipc_idr_alloc(ids, new); |
54924ea33
|
291 |
idr_preload_end(); |
0cfb6aee7
|
292 |
|
e2652ae6b
|
293 |
if (idx >= 0 && new->key != IPC_PRIVATE) { |
0cfb6aee7
|
294 295 296 |
err = rhashtable_insert_fast(&ids->key_ht, &new->khtnode, ipc_kht_params); if (err < 0) { |
e2652ae6b
|
297 298 |
idr_remove(&ids->ipcs_idr, idx); idx = err; |
0cfb6aee7
|
299 300 |
} } |
e2652ae6b
|
301 |
if (idx < 0) { |
39cfffd77
|
302 |
new->deleted = true; |
e00b4ff7e
|
303 304 |
spin_unlock(&new->lock); rcu_read_unlock(); |
e2652ae6b
|
305 |
return idx; |
e00b4ff7e
|
306 |
} |
7ca7e564e
|
307 |
|
1da177e4c
|
308 |
ids->in_use++; |
27c331a17
|
309 310 |
if (idx > ids->max_idx) ids->max_idx = idx; |
e2652ae6b
|
311 |
return idx; |
1da177e4c
|
312 313 314 |
} /** |
8001c8581
|
315 316 |
* ipcget_new - create a new ipc object * @ns: ipc namespace |
da3dae54e
|
317 |
* @ids: ipc identifier set |
8001c8581
|
318 319 320 321 322 |
* @ops: the actual creation routine to call * @params: its parameters * * This routine is called by sys_msgget, sys_semget() and sys_shmget() * when the key is IPC_PRIVATE. |
7748dbfaa
|
323 |
*/ |
b2d75cddc
|
324 |
static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids, |
eb66ec44f
|
325 |
const struct ipc_ops *ops, struct ipc_params *params) |
7748dbfaa
|
326 327 |
{ int err; |
7748dbfaa
|
328 |
|
d9a605e40
|
329 |
down_write(&ids->rwsem); |
7748dbfaa
|
330 |
err = ops->getnew(ns, params); |
d9a605e40
|
331 |
up_write(&ids->rwsem); |
7748dbfaa
|
332 333 334 335 |
return err; } /** |
8001c8581
|
336 337 338 339 340 |
* ipc_check_perms - check security and permissions for an ipc object * @ns: ipc namespace * @ipcp: ipc permission set * @ops: the actual security routine to call * @params: its parameters |
f4566f048
|
341 |
* |
8001c8581
|
342 343 344 |
* This routine is called by sys_msgget(), sys_semget() and sys_shmget() * when the key is not IPC_PRIVATE and that key already exists in the * ds IDR. |
f4566f048
|
345 |
* |
8001c8581
|
346 |
* On success, the ipc id is returned. |
f4566f048
|
347 |
* |
8001c8581
|
348 |
* It is called with ipc_ids.rwsem and ipcp->lock held. |
7748dbfaa
|
349 |
*/ |
b0e77598f
|
350 351 |
static int ipc_check_perms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, |
eb66ec44f
|
352 |
const struct ipc_ops *ops, |
b0e77598f
|
353 |
struct ipc_params *params) |
7748dbfaa
|
354 355 |
{ int err; |
b0e77598f
|
356 |
if (ipcperms(ns, ipcp, params->flg)) |
7748dbfaa
|
357 358 359 360 361 362 363 364 365 366 367 |
err = -EACCES; else { err = ops->associate(ipcp, params->flg); if (!err) err = ipcp->id; } return err; } /** |
8001c8581
|
368 369 |
* ipcget_public - get an ipc object or create a new one * @ns: ipc namespace |
da3dae54e
|
370 |
* @ids: ipc identifier set |
8001c8581
|
371 372 373 374 375 376 377 378 379 |
* @ops: the actual creation routine to call * @params: its parameters * * This routine is called by sys_msgget, sys_semget() and sys_shmget() * when the key is not IPC_PRIVATE. * It adds a new entry if the key is not found and does some permission * / security checkings if the key is found. * * On success, the ipc id is returned. |
7748dbfaa
|
380 |
*/ |
b2d75cddc
|
381 |
static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, |
eb66ec44f
|
382 |
const struct ipc_ops *ops, struct ipc_params *params) |
7748dbfaa
|
383 384 385 386 |
{ struct kern_ipc_perm *ipcp; int flg = params->flg; int err; |
7748dbfaa
|
387 |
|
3e148c799
|
388 389 390 391 |
/* * Take the lock as a writer since we are potentially going to add * a new entry + read locks are not "upgradable" */ |
d9a605e40
|
392 |
down_write(&ids->rwsem); |
7748dbfaa
|
393 394 395 396 397 |
ipcp = ipc_findkey(ids, params->key); if (ipcp == NULL) { /* key not used */ if (!(flg & IPC_CREAT)) err = -ENOENT; |
7748dbfaa
|
398 399 400 401 402 403 404 405 406 407 408 409 |
else err = ops->getnew(ns, params); } else { /* ipc object has been locked by ipc_findkey() */ if (flg & IPC_CREAT && flg & IPC_EXCL) err = -EEXIST; else { err = 0; if (ops->more_checks) err = ops->more_checks(ipcp, params); if (!err) |
f4566f048
|
410 411 412 413 |
/* * ipc_check_perms returns the IPC id on * success */ |
b0e77598f
|
414 |
err = ipc_check_perms(ns, ipcp, ops, params); |
7748dbfaa
|
415 416 417 |
} ipc_unlock(ipcp); } |
d9a605e40
|
418 |
up_write(&ids->rwsem); |
7748dbfaa
|
419 420 421 |
return err; } |
0cfb6aee7
|
422 423 424 425 426 427 428 429 430 431 432 433 434 435 |
/** * ipc_kht_remove - remove an ipc from the key hashtable * @ids: ipc identifier set * @ipcp: ipc perm structure containing the key to remove * * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held * before this function is called, and remain locked on the exit. */ static void ipc_kht_remove(struct ipc_ids *ids, struct kern_ipc_perm *ipcp) { if (ipcp->key != IPC_PRIVATE) rhashtable_remove_fast(&ids->key_ht, &ipcp->khtnode, ipc_kht_params); } |
7748dbfaa
|
436 437 |
/** |
8001c8581
|
438 439 440 |
* ipc_rmid - remove an ipc identifier * @ids: ipc identifier set * @ipcp: ipc perm structure containing the identifier to remove |
1da177e4c
|
441 |
* |
8001c8581
|
442 443 |
* ipc_ids.rwsem (as a writer) and the spinlock for this ID are held * before this function is called, and remain locked on the exit. |
1da177e4c
|
444 |
*/ |
7ca7e564e
|
445 |
void ipc_rmid(struct ipc_ids *ids, struct kern_ipc_perm *ipcp) |
1da177e4c
|
446 |
{ |
27c331a17
|
447 |
int idx = ipcid_to_idx(ipcp->id); |
7ca7e564e
|
448 |
|
27c331a17
|
449 |
idr_remove(&ids->ipcs_idr, idx); |
0cfb6aee7
|
450 |
ipc_kht_remove(ids, ipcp); |
1da177e4c
|
451 |
ids->in_use--; |
72a8ff2f9
|
452 |
ipcp->deleted = true; |
15df03c87
|
453 |
|
27c331a17
|
454 |
if (unlikely(idx == ids->max_idx)) { |
15df03c87
|
455 |
do { |
27c331a17
|
456 457 |
idx--; if (idx == -1) |
15df03c87
|
458 |
break; |
27c331a17
|
459 460 |
} while (!idr_find(&ids->ipcs_idr, idx)); ids->max_idx = idx; |
15df03c87
|
461 |
} |
1da177e4c
|
462 |
} |
0cfb6aee7
|
463 464 465 466 467 468 469 470 471 472 473 474 475 |
/** * ipc_set_key_private - switch the key of an existing ipc to IPC_PRIVATE * @ids: ipc identifier set * @ipcp: ipc perm structure containing the key to modify * * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held * before this function is called, and remain locked on the exit. */ void ipc_set_key_private(struct ipc_ids *ids, struct kern_ipc_perm *ipcp) { ipc_kht_remove(ids, ipcp); ipcp->key = IPC_PRIVATE; } |
2a9d64810
|
476 |
bool ipc_rcu_getref(struct kern_ipc_perm *ptr) |
1da177e4c
|
477 |
{ |
9405c03ee
|
478 |
return refcount_inc_not_zero(&ptr->refcount); |
65f27f384
|
479 |
} |
dba4cdd39
|
480 481 |
void ipc_rcu_putref(struct kern_ipc_perm *ptr, void (*func)(struct rcu_head *head)) |
1da177e4c
|
482 |
{ |
9405c03ee
|
483 |
if (!refcount_dec_and_test(&ptr->refcount)) |
1da177e4c
|
484 |
return; |
dba4cdd39
|
485 |
call_rcu(&ptr->rcu, func); |
53dad6d3a
|
486 |
} |
1da177e4c
|
487 |
/** |
8001c8581
|
488 489 490 491 |
* ipcperms - check ipc permissions * @ns: ipc namespace * @ipcp: ipc permission set * @flag: desired permission set |
1da177e4c
|
492 |
* |
8001c8581
|
493 494 |
* Check user, group, other permissions for access * to ipc resources. return 0 if allowed |
b0e77598f
|
495 |
* |
0e056eb55
|
496 |
* @flag will most probably be 0 or ``S_...UGO`` from <linux/stat.h> |
1da177e4c
|
497 |
*/ |
b0e77598f
|
498 499 |
int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag) { |
1efdb69b0
|
500 |
kuid_t euid = current_euid(); |
a33e67510
|
501 |
int requested_mode, granted_mode; |
1da177e4c
|
502 |
|
a33e67510
|
503 |
audit_ipc_obj(ipcp); |
1da177e4c
|
504 505 |
requested_mode = (flag >> 6) | (flag >> 3) | flag; granted_mode = ipcp->mode; |
1efdb69b0
|
506 507 |
if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid)) |
1da177e4c
|
508 509 510 511 |
granted_mode >>= 6; else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) granted_mode >>= 3; /* is there some bit set in requested_mode but not in granted_mode? */ |
46c0a8ca3
|
512 |
if ((requested_mode & ~granted_mode & 0007) && |
b0e77598f
|
513 |
!ns_capable(ns->user_ns, CAP_IPC_OWNER)) |
1da177e4c
|
514 515 516 517 518 519 520 521 522 523 524 |
return -1; return security_ipc_permission(ipcp, flag); } /* * Functions to convert between the kern_ipc_perm structure and the * old/new ipc_perm structures */ /** |
8001c8581
|
525 526 527 |
* kernel_to_ipc64_perm - convert kernel ipc permissions to user * @in: kernel permissions * @out: new style ipc permissions |
1da177e4c
|
528 |
* |
8001c8581
|
529 530 |
* Turn the kernel object @in into a set of permissions descriptions * for returning to userspace (@out). |
1da177e4c
|
531 |
*/ |
239521f31
|
532 |
void kernel_to_ipc64_perm(struct kern_ipc_perm *in, struct ipc64_perm *out) |
1da177e4c
|
533 534 |
{ out->key = in->key; |
1efdb69b0
|
535 536 537 538 |
out->uid = from_kuid_munged(current_user_ns(), in->uid); out->gid = from_kgid_munged(current_user_ns(), in->gid); out->cuid = from_kuid_munged(current_user_ns(), in->cuid); out->cgid = from_kgid_munged(current_user_ns(), in->cgid); |
1da177e4c
|
539 540 541 542 543 |
out->mode = in->mode; out->seq = in->seq; } /** |
8001c8581
|
544 545 546 |
* ipc64_perm_to_ipc_perm - convert new ipc permissions to old * @in: new style ipc permissions * @out: old style ipc permissions |
1da177e4c
|
547 |
* |
8001c8581
|
548 549 |
* Turn the new style permissions object @in into a compatibility * object and store it into the @out pointer. |
1da177e4c
|
550 |
*/ |
239521f31
|
551 |
void ipc64_perm_to_ipc_perm(struct ipc64_perm *in, struct ipc_perm *out) |
1da177e4c
|
552 553 554 555 556 557 558 559 560 |
{ out->key = in->key; SET_UID(out->uid, in->uid); SET_GID(out->gid, in->gid); SET_UID(out->cuid, in->cuid); SET_GID(out->cgid, in->cgid); out->mode = in->mode; out->seq = in->seq; } |
f4566f048
|
561 |
/** |
0cfb6aee7
|
562 |
* ipc_obtain_object_idr |
4d2bff5eb
|
563 564 565 566 567 568 569 570 |
* @ids: ipc identifier set * @id: ipc id to look for * * Look for an id in the ipc ids idr and return associated ipc object. * * Call inside the RCU critical section. * The ipc object is *not* locked on exit. */ |
55b7ae501
|
571 |
struct kern_ipc_perm *ipc_obtain_object_idr(struct ipc_ids *ids, int id) |
4d2bff5eb
|
572 573 |
{ struct kern_ipc_perm *out; |
27c331a17
|
574 |
int idx = ipcid_to_idx(id); |
4d2bff5eb
|
575 |
|
27c331a17
|
576 |
out = idr_find(&ids->ipcs_idr, idx); |
4d2bff5eb
|
577 578 579 580 581 582 583 |
if (!out) return ERR_PTR(-EINVAL); return out; } /** |
4d2bff5eb
|
584 585 586 587 |
* ipc_obtain_object_check * @ids: ipc identifier set * @id: ipc id to look for * |
2e5ceb452
|
588 589 |
* Similar to ipc_obtain_object_idr() but also checks the ipc object * sequence number. |
4d2bff5eb
|
590 591 592 593 594 595 |
* * Call inside the RCU critical section. * The ipc object is *not* locked on exit. */ struct kern_ipc_perm *ipc_obtain_object_check(struct ipc_ids *ids, int id) { |
55b7ae501
|
596 |
struct kern_ipc_perm *out = ipc_obtain_object_idr(ids, id); |
4d2bff5eb
|
597 598 599 600 601 |
if (IS_ERR(out)) goto out; if (ipc_checkid(out, id)) |
6157dbbfb
|
602 |
return ERR_PTR(-EINVAL); |
4d2bff5eb
|
603 |
out: |
1da177e4c
|
604 605 |
return out; } |
b2d75cddc
|
606 607 |
/** * ipcget - Common sys_*get() code |
da3dae54e
|
608 |
* @ns: namespace |
8001c8581
|
609 610 611 612 |
* @ids: ipc identifier set * @ops: operations to be called on ipc object creation, permission checks * and further checks * @params: the parameters needed by the previous operations. |
b2d75cddc
|
613 614 615 616 |
* * Common routine called by sys_msgget(), sys_semget() and sys_shmget(). */ int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids, |
eb66ec44f
|
617 |
const struct ipc_ops *ops, struct ipc_params *params) |
b2d75cddc
|
618 619 620 621 622 623 |
{ if (params->key == IPC_PRIVATE) return ipcget_new(ns, ids, ops, params); else return ipcget_public(ns, ids, ops, params); } |
8f4a3809c
|
624 |
/** |
8001c8581
|
625 |
* ipc_update_perm - update the permissions of an ipc object |
8f4a3809c
|
626 627 628 |
* @in: the permission given as input. * @out: the permission of the ipc to set. */ |
1efdb69b0
|
629 |
int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out) |
8f4a3809c
|
630 |
{ |
1efdb69b0
|
631 632 633 634 635 636 637 |
kuid_t uid = make_kuid(current_user_ns(), in->uid); kgid_t gid = make_kgid(current_user_ns(), in->gid); if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; out->uid = uid; out->gid = gid; |
8f4a3809c
|
638 639 |
out->mode = (out->mode & ~S_IRWXUGO) | (in->mode & S_IRWXUGO); |
1efdb69b0
|
640 641 |
return 0; |
8f4a3809c
|
642 |
} |
a5f75e7f2
|
643 |
/** |
4241c1a30
|
644 |
* ipcctl_obtain_check - retrieve an ipc object and check permissions |
8001c8581
|
645 |
* @ns: ipc namespace |
a5f75e7f2
|
646 647 648 649 650 651 652 653 |
* @ids: the table of ids where to look for the ipc * @id: the id of the ipc to retrieve * @cmd: the cmd to check * @perm: the permission to set * @extra_perm: one extra permission parameter used by msq * * This function does some common audit and permissions check for some IPC_XXX * cmd and is called from semctl_down, shmctl_down and msgctl_down. |
0e056eb55
|
654 |
* |
4241c1a30
|
655 656 |
* It: * - retrieves the ipc object with the given id in the given table. |
0e056eb55
|
657 658 659 |
* - performs some audit and permission check, depending on the given cmd * - returns a pointer to the ipc object or otherwise, the corresponding * error. |
7b4cc5d84
|
660 |
* |
d9a605e40
|
661 |
* Call holding the both the rwsem and the rcu read lock. |
a5f75e7f2
|
662 |
*/ |
4241c1a30
|
663 |
struct kern_ipc_perm *ipcctl_obtain_check(struct ipc_namespace *ns, |
3b1c4ad37
|
664 665 |
struct ipc_ids *ids, int id, int cmd, struct ipc64_perm *perm, int extra_perm) |
444d0f621
|
666 |
{ |
1efdb69b0
|
667 |
kuid_t euid; |
444d0f621
|
668 669 |
int err = -EPERM; struct kern_ipc_perm *ipcp; |
a5f75e7f2
|
670 |
|
444d0f621
|
671 |
ipcp = ipc_obtain_object_check(ids, id); |
a5f75e7f2
|
672 673 |
if (IS_ERR(ipcp)) { err = PTR_ERR(ipcp); |
7b4cc5d84
|
674 |
goto err; |
a5f75e7f2
|
675 |
} |
a33e67510
|
676 |
audit_ipc_obj(ipcp); |
e816f370c
|
677 678 |
if (cmd == IPC_SET) audit_ipc_set_perm(extra_perm, perm->uid, |
444d0f621
|
679 |
perm->gid, perm->mode); |
414c0708d
|
680 681 |
euid = current_euid(); |
1efdb69b0
|
682 |
if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid) || |
b0e77598f
|
683 |
ns_capable(ns->user_ns, CAP_SYS_ADMIN)) |
7b4cc5d84
|
684 685 |
return ipcp; /* successful lookup */ err: |
a5f75e7f2
|
686 687 |
return ERR_PTR(err); } |
c1d7e01d7
|
688 |
#ifdef CONFIG_ARCH_WANT_IPC_PARSE_VERSION |
1da177e4c
|
689 690 691 |
/** |
8001c8581
|
692 693 |
* ipc_parse_version - ipc call version * @cmd: pointer to command |
1da177e4c
|
694 |
* |
8001c8581
|
695 696 697 |
* Return IPC_64 for new style IPC and IPC_OLD for old style IPC. * The @cmd value is turned from an encoding command and version into * just the command code. |
1da177e4c
|
698 |
*/ |
239521f31
|
699 |
int ipc_parse_version(int *cmd) |
1da177e4c
|
700 701 702 703 704 705 706 707 |
{ if (*cmd & IPC_64) { *cmd ^= IPC_64; return IPC_64; } else { return IPC_OLD; } } |
c1d7e01d7
|
708 |
#endif /* CONFIG_ARCH_WANT_IPC_PARSE_VERSION */ |
ae7817745
|
709 710 |
#ifdef CONFIG_PROC_FS |
bc1fc6d88
|
711 712 |
struct ipc_proc_iter { struct ipc_namespace *ns; |
03f1fc091
|
713 |
struct pid_namespace *pid_ns; |
bc1fc6d88
|
714 715 |
struct ipc_proc_iface *iface; }; |
03f1fc091
|
716 717 718 719 720 |
struct pid_namespace *ipc_seq_pid_ns(struct seq_file *s) { struct ipc_proc_iter *iter = s->private; return iter->pid_ns; } |
7ca7e564e
|
721 722 723 |
/* * This routine locks the ipc structure found at least at position pos. */ |
b524b9adb
|
724 725 |
static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, loff_t *new_pos) |
ae7817745
|
726 |
{ |
7ca7e564e
|
727 728 |
struct kern_ipc_perm *ipc; int total, id; |
73ea41302
|
729 |
|
7ca7e564e
|
730 731 732 733 734 735 |
total = 0; for (id = 0; id < pos && total < ids->in_use; id++) { ipc = idr_find(&ids->ipcs_idr, id); if (ipc != NULL) total++; } |
ae7817745
|
736 |
|
7ca7e564e
|
737 738 |
if (total >= ids->in_use) return NULL; |
ae7817745
|
739 |
|
5ac893b8c
|
740 |
for (; pos < ipc_mni; pos++) { |
7ca7e564e
|
741 742 743 |
ipc = idr_find(&ids->ipcs_idr, pos); if (ipc != NULL) { *new_pos = pos + 1; |
32a275001
|
744 745 |
rcu_read_lock(); ipc_lock_object(ipc); |
ae7817745
|
746 747 748 749 750 751 752 |
return ipc; } } /* Out of range - return NULL to terminate iteration */ return NULL; } |
7ca7e564e
|
753 754 755 756 757 758 759 760 761 |
static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) { struct ipc_proc_iter *iter = s->private; struct ipc_proc_iface *iface = iter->iface; struct kern_ipc_perm *ipc = it; /* If we had an ipc id locked before, unlock it */ if (ipc && ipc != SEQ_START_TOKEN) ipc_unlock(ipc); |
ed2ddbf88
|
762 |
return sysvipc_find_ipc(&iter->ns->ids[iface->ids], *pos, pos); |
7ca7e564e
|
763 |
} |
ae7817745
|
764 |
/* |
f4566f048
|
765 766 |
* File positions: pos 0 -> header, pos n -> ipc id = n - 1. * SeqFile iterator: iterator value locked ipc pointer or SEQ_TOKEN_START. |
ae7817745
|
767 768 769 |
*/ static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) { |
bc1fc6d88
|
770 771 |
struct ipc_proc_iter *iter = s->private; struct ipc_proc_iface *iface = iter->iface; |
73ea41302
|
772 |
struct ipc_ids *ids; |
ed2ddbf88
|
773 |
ids = &iter->ns->ids[iface->ids]; |
ae7817745
|
774 775 776 777 778 |
/* * Take the lock - this will be released by the corresponding * call to stop(). */ |
d9a605e40
|
779 |
down_read(&ids->rwsem); |
ae7817745
|
780 781 782 783 784 785 786 787 788 789 |
/* pos < 0 is invalid */ if (*pos < 0) return NULL; /* pos == 0 means header */ if (*pos == 0) return SEQ_START_TOKEN; /* Find the (pos-1)th ipc */ |
7ca7e564e
|
790 |
return sysvipc_find_ipc(ids, *pos - 1, pos); |
ae7817745
|
791 792 793 794 795 |
} static void sysvipc_proc_stop(struct seq_file *s, void *it) { struct kern_ipc_perm *ipc = it; |
bc1fc6d88
|
796 797 |
struct ipc_proc_iter *iter = s->private; struct ipc_proc_iface *iface = iter->iface; |
73ea41302
|
798 |
struct ipc_ids *ids; |
ae7817745
|
799 |
|
f4566f048
|
800 |
/* If we had a locked structure, release it */ |
ae7817745
|
801 802 |
if (ipc && ipc != SEQ_START_TOKEN) ipc_unlock(ipc); |
ed2ddbf88
|
803 |
ids = &iter->ns->ids[iface->ids]; |
ae7817745
|
804 |
/* Release the lock we took in start() */ |
d9a605e40
|
805 |
up_read(&ids->rwsem); |
ae7817745
|
806 807 808 809 |
} static int sysvipc_proc_show(struct seq_file *s, void *it) { |
bc1fc6d88
|
810 811 |
struct ipc_proc_iter *iter = s->private; struct ipc_proc_iface *iface = iter->iface; |
ae7817745
|
812 |
|
7f032d6ef
|
813 814 815 816 |
if (it == SEQ_START_TOKEN) { seq_puts(s, iface->header); return 0; } |
ae7817745
|
817 818 819 |
return iface->show(s, it); } |
88e9d34c7
|
820 |
static const struct seq_operations sysvipc_proc_seqops = { |
ae7817745
|
821 822 823 824 825 |
.start = sysvipc_proc_start, .stop = sysvipc_proc_stop, .next = sysvipc_proc_next, .show = sysvipc_proc_show, }; |
bc1fc6d88
|
826 827 |
static int sysvipc_proc_open(struct inode *inode, struct file *file) { |
bc1fc6d88
|
828 |
struct ipc_proc_iter *iter; |
d66a0520c
|
829 |
iter = __seq_open_private(file, &sysvipc_proc_seqops, sizeof(*iter)); |
bc1fc6d88
|
830 |
if (!iter) |
d66a0520c
|
831 |
return -ENOMEM; |
bc1fc6d88
|
832 |
|
d9dda78ba
|
833 |
iter->iface = PDE_DATA(inode); |
bc1fc6d88
|
834 |
iter->ns = get_ipc_ns(current->nsproxy->ipc_ns); |
03f1fc091
|
835 |
iter->pid_ns = get_pid_ns(task_active_pid_ns(current)); |
d66a0520c
|
836 837 |
return 0; |
bc1fc6d88
|
838 839 840 841 842 843 844 |
} static int sysvipc_proc_release(struct inode *inode, struct file *file) { struct seq_file *seq = file->private_data; struct ipc_proc_iter *iter = seq->private; put_ipc_ns(iter->ns); |
03f1fc091
|
845 |
put_pid_ns(iter->pid_ns); |
bc1fc6d88
|
846 |
return seq_release_private(inode, file); |
ae7817745
|
847 |
} |
9a32144e9
|
848 |
static const struct file_operations sysvipc_proc_fops = { |
ae7817745
|
849 850 851 |
.open = sysvipc_proc_open, .read = seq_read, .llseek = seq_lseek, |
bc1fc6d88
|
852 |
.release = sysvipc_proc_release, |
ae7817745
|
853 854 |
}; #endif /* CONFIG_PROC_FS */ |