Blame view
ipc/msg.c
23 KB
1da177e4c
|
1 2 |
/* * linux/ipc/msg.c |
5a06a363e
|
3 |
* Copyright (C) 1992 Krishna Balasubramanian |
1da177e4c
|
4 5 6 7 8 9 10 11 12 13 14 |
* * Removed all the remaining kerneld mess * Catch the -EFAULT stuff properly * Use GFP_KERNEL for messages as in 1.2 * Fixed up the unchecked user space derefs * Copyright (C) 1998 Alan Cox & Andi Kleen * * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com> * * mostly rewritten, threaded and wake-one semantics added * MSGMAX limit removed, sysctl's added |
624dffcbc
|
15 |
* (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
073115d6b
|
16 17 18 |
* * support for audit of ipc object properties and permission changes * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
1e7869373
|
19 20 21 22 |
* * namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
1da177e4c
|
23 |
*/ |
c59ede7b7
|
24 |
#include <linux/capability.h> |
1da177e4c
|
25 26 27 |
#include <linux/msg.h> #include <linux/spinlock.h> #include <linux/init.h> |
f7bf3df8b
|
28 |
#include <linux/mm.h> |
1da177e4c
|
29 30 31 32 33 34 |
#include <linux/proc_fs.h> #include <linux/list.h> #include <linux/security.h> #include <linux/sched.h> #include <linux/syscalls.h> #include <linux/audit.h> |
19b4946ca
|
35 |
#include <linux/seq_file.h> |
3e148c799
|
36 |
#include <linux/rwsem.h> |
1e7869373
|
37 |
#include <linux/nsproxy.h> |
ae5e1b22f
|
38 |
#include <linux/ipc_namespace.h> |
5f921ae96
|
39 |
|
1da177e4c
|
40 41 42 |
#include <asm/current.h> #include <asm/uaccess.h> #include "util.h" |
5a06a363e
|
43 44 45 |
/* * one msg_receiver structure for each sleeping receiver: */ |
1da177e4c
|
46 |
struct msg_receiver { |
5a06a363e
|
47 48 |
struct list_head r_list; struct task_struct *r_tsk; |
1da177e4c
|
49 |
|
5a06a363e
|
50 51 52 |
int r_mode; long r_msgtype; long r_maxsize; |
1da177e4c
|
53 |
|
80491eb90
|
54 |
struct msg_msg *volatile r_msg; |
1da177e4c
|
55 56 57 58 |
}; /* one msg_sender for each sleeping sender */ struct msg_sender { |
5a06a363e
|
59 60 |
struct list_head list; struct task_struct *tsk; |
1da177e4c
|
61 62 63 64 65 66 |
}; #define SEARCH_ANY 1 #define SEARCH_EQUAL 2 #define SEARCH_NOTEQUAL 3 #define SEARCH_LESSEQUAL 4 |
8ac6ed585
|
67 |
#define SEARCH_NUMBER 5 |
1da177e4c
|
68 |
|
ed2ddbf88
|
69 |
#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS]) |
1da177e4c
|
70 |
|
1e7869373
|
71 |
#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) |
1e7869373
|
72 |
|
01b8b07a5
|
73 |
static void freeque(struct ipc_namespace *, struct kern_ipc_perm *); |
7748dbfaa
|
74 |
static int newque(struct ipc_namespace *, struct ipc_params *); |
1da177e4c
|
75 |
#ifdef CONFIG_PROC_FS |
19b4946ca
|
76 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it); |
1da177e4c
|
77 |
#endif |
f7bf3df8b
|
78 79 80 |
/* * Scale msgmni with the available lowmem size: the memory dedicated to msg * queues should occupy at most 1/MSG_MEM_SCALE of lowmem. |
4d89dc6ab
|
81 82 |
* Also take into account the number of nsproxies created so far. * This should be done staying within the (MSGMNI , IPCMNI/nr_ipc_ns) range. |
f7bf3df8b
|
83 |
*/ |
b6b337ad1
|
84 |
void recompute_msgmni(struct ipc_namespace *ns) |
f7bf3df8b
|
85 86 87 |
{ struct sysinfo i; unsigned long allowed; |
4d89dc6ab
|
88 |
int nb_ns; |
f7bf3df8b
|
89 90 91 92 |
si_meminfo(&i); allowed = (((i.totalram - i.totalhigh) / MSG_MEM_SCALE) * i.mem_unit) / MSGMNB; |
4d89dc6ab
|
93 94 |
nb_ns = atomic_read(&nr_ipc_ns); allowed /= nb_ns; |
f7bf3df8b
|
95 96 97 |
if (allowed < MSGMNI) { ns->msg_ctlmni = MSGMNI; |
dfcceb26f
|
98 |
return; |
f7bf3df8b
|
99 |
} |
4d89dc6ab
|
100 101 |
if (allowed > IPCMNI / nb_ns) { ns->msg_ctlmni = IPCMNI / nb_ns; |
dfcceb26f
|
102 |
return; |
f7bf3df8b
|
103 104 105 |
} ns->msg_ctlmni = allowed; |
f7bf3df8b
|
106 |
} |
ed2ddbf88
|
107 |
void msg_init_ns(struct ipc_namespace *ns) |
1e7869373
|
108 |
{ |
1e7869373
|
109 110 |
ns->msg_ctlmax = MSGMAX; ns->msg_ctlmnb = MSGMNB; |
f7bf3df8b
|
111 112 |
recompute_msgmni(ns); |
3ac88a41f
|
113 114 |
atomic_set(&ns->msg_bytes, 0); atomic_set(&ns->msg_hdrs, 0); |
ed2ddbf88
|
115 |
ipc_init_ids(&ns->ids[IPC_MSG_IDS]); |
1e7869373
|
116 |
} |
ae5e1b22f
|
117 |
#ifdef CONFIG_IPC_NS |
1e7869373
|
118 119 |
void msg_exit_ns(struct ipc_namespace *ns) { |
01b8b07a5
|
120 |
free_ipcs(ns, &msg_ids(ns), freeque); |
7d6feeb28
|
121 |
idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr); |
1e7869373
|
122 |
} |
ae5e1b22f
|
123 |
#endif |
1e7869373
|
124 |
|
5a06a363e
|
125 |
void __init msg_init(void) |
1da177e4c
|
126 |
{ |
ed2ddbf88
|
127 |
msg_init_ns(&init_ipc_ns); |
dfcceb26f
|
128 129 130 131 |
printk(KERN_INFO "msgmni has been set to %d ", init_ipc_ns.msg_ctlmni); |
19b4946ca
|
132 133 134 |
ipc_init_proc_interface("sysvipc/msg", " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime ", |
1e7869373
|
135 |
IPC_MSG_IDS, sysvipc_msg_proc_show); |
1da177e4c
|
136 |
} |
a5001a0d9
|
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
static inline struct msg_queue *msq_obtain_object(struct ipc_namespace *ns, int id) { struct kern_ipc_perm *ipcp = ipc_obtain_object(&msg_ids(ns), id); if (IS_ERR(ipcp)) return ERR_CAST(ipcp); return container_of(ipcp, struct msg_queue, q_perm); } static inline struct msg_queue *msq_obtain_object_check(struct ipc_namespace *ns, int id) { struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&msg_ids(ns), id); if (IS_ERR(ipcp)) return ERR_CAST(ipcp); return container_of(ipcp, struct msg_queue, q_perm); } |
7ca7e564e
|
157 158 159 160 |
static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s) { ipc_rmid(&msg_ids(ns), &s->q_perm); } |
f4566f048
|
161 162 163 164 165 |
/** * newque - Create a new msg queue * @ns: namespace * @params: ptr to the structure that contains the key and msgflg * |
3e148c799
|
166 |
* Called with msg_ids.rw_mutex held (writer) |
f4566f048
|
167 |
*/ |
7748dbfaa
|
168 |
static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
1da177e4c
|
169 |
{ |
1da177e4c
|
170 |
struct msg_queue *msq; |
5a06a363e
|
171 |
int id, retval; |
7748dbfaa
|
172 173 |
key_t key = params->key; int msgflg = params->flg; |
1da177e4c
|
174 |
|
5a06a363e
|
175 176 |
msq = ipc_rcu_alloc(sizeof(*msq)); if (!msq) |
1da177e4c
|
177 |
return -ENOMEM; |
5a06a363e
|
178 |
msq->q_perm.mode = msgflg & S_IRWXUGO; |
1da177e4c
|
179 180 181 182 183 184 185 186 |
msq->q_perm.key = key; msq->q_perm.security = NULL; retval = security_msg_queue_alloc(msq); if (retval) { ipc_rcu_putref(msq); return retval; } |
dbfcd91f0
|
187 |
/* ipc_addid() locks msq upon success. */ |
1e7869373
|
188 |
id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
283bb7fad
|
189 |
if (id < 0) { |
1da177e4c
|
190 191 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); |
283bb7fad
|
192 |
return id; |
1da177e4c
|
193 194 195 196 197 |
} msq->q_stime = msq->q_rtime = 0; msq->q_ctime = get_seconds(); msq->q_cbytes = msq->q_qnum = 0; |
1e7869373
|
198 |
msq->q_qbytes = ns->msg_ctlmnb; |
1da177e4c
|
199 200 201 202 |
msq->q_lspid = msq->q_lrpid = 0; INIT_LIST_HEAD(&msq->q_messages); INIT_LIST_HEAD(&msq->q_receivers); INIT_LIST_HEAD(&msq->q_senders); |
7ca7e564e
|
203 |
|
cf9d5d78d
|
204 |
ipc_unlock_object(&msq->q_perm); |
dbfcd91f0
|
205 |
rcu_read_unlock(); |
1da177e4c
|
206 |
|
7ca7e564e
|
207 |
return msq->q_perm.id; |
1da177e4c
|
208 |
} |
5a06a363e
|
209 |
static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss) |
1da177e4c
|
210 |
{ |
5a06a363e
|
211 212 213 |
mss->tsk = current; current->state = TASK_INTERRUPTIBLE; list_add_tail(&mss->list, &msq->q_senders); |
1da177e4c
|
214 |
} |
5a06a363e
|
215 |
static inline void ss_del(struct msg_sender *mss) |
1da177e4c
|
216 |
{ |
5a06a363e
|
217 |
if (mss->list.next != NULL) |
1da177e4c
|
218 219 |
list_del(&mss->list); } |
5a06a363e
|
220 |
static void ss_wakeup(struct list_head *h, int kill) |
1da177e4c
|
221 |
{ |
41239fe82
|
222 |
struct msg_sender *mss, *t; |
1da177e4c
|
223 |
|
41239fe82
|
224 |
list_for_each_entry_safe(mss, t, h, list) { |
5a06a363e
|
225 226 |
if (kill) mss->list.next = NULL; |
1da177e4c
|
227 228 229 |
wake_up_process(mss->tsk); } } |
5a06a363e
|
230 |
static void expunge_all(struct msg_queue *msq, int res) |
1da177e4c
|
231 |
{ |
41239fe82
|
232 |
struct msg_receiver *msr, *t; |
5a06a363e
|
233 |
|
41239fe82
|
234 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) { |
1da177e4c
|
235 236 237 238 239 240 |
msr->r_msg = NULL; wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = ERR_PTR(res); } } |
5a06a363e
|
241 242 243 |
/* * freeque() wakes up waiters on the sender and receiver waiting queue, |
f4566f048
|
244 245 |
* removes the message queue from message queue ID IDR, and cleans up all the * messages associated with this queue. |
1da177e4c
|
246 |
* |
3e148c799
|
247 248 |
* msg_ids.rw_mutex (writer) and the spinlock for this message queue are held * before freeque() is called. msg_ids.rw_mutex remains locked on exit. |
1da177e4c
|
249 |
*/ |
01b8b07a5
|
250 |
static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
1da177e4c
|
251 |
{ |
41239fe82
|
252 |
struct msg_msg *msg, *t; |
01b8b07a5
|
253 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); |
1da177e4c
|
254 |
|
5a06a363e
|
255 256 |
expunge_all(msq, -EIDRM); ss_wakeup(&msq->q_senders, 1); |
7ca7e564e
|
257 |
msg_rmid(ns, msq); |
1da177e4c
|
258 |
msg_unlock(msq); |
5a06a363e
|
259 |
|
41239fe82
|
260 |
list_for_each_entry_safe(msg, t, &msq->q_messages, m_list) { |
3ac88a41f
|
261 |
atomic_dec(&ns->msg_hdrs); |
1da177e4c
|
262 263 |
free_msg(msg); } |
3ac88a41f
|
264 |
atomic_sub(msq->q_cbytes, &ns->msg_bytes); |
1da177e4c
|
265 266 267 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); } |
f4566f048
|
268 |
/* |
3e148c799
|
269 |
* Called with msg_ids.rw_mutex and ipcp locked. |
f4566f048
|
270 |
*/ |
03f02c765
|
271 |
static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) |
7748dbfaa
|
272 |
{ |
03f02c765
|
273 274 275 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); return security_msg_queue_associate(msq, msgflg); |
7748dbfaa
|
276 |
} |
e48fbb699
|
277 |
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg) |
1da177e4c
|
278 |
{ |
1e7869373
|
279 |
struct ipc_namespace *ns; |
7748dbfaa
|
280 281 |
struct ipc_ops msg_ops; struct ipc_params msg_params; |
1e7869373
|
282 283 |
ns = current->nsproxy->ipc_ns; |
7ca7e564e
|
284 |
|
7748dbfaa
|
285 286 287 288 289 290 |
msg_ops.getnew = newque; msg_ops.associate = msg_security; msg_ops.more_checks = NULL; msg_params.key = key; msg_params.flg = msgflg; |
5a06a363e
|
291 |
|
7748dbfaa
|
292 |
return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params); |
1da177e4c
|
293 |
} |
5a06a363e
|
294 295 |
static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) |
1da177e4c
|
296 297 298 |
{ switch(version) { case IPC_64: |
5a06a363e
|
299 |
return copy_to_user(buf, in, sizeof(*in)); |
1da177e4c
|
300 |
case IPC_OLD: |
5a06a363e
|
301 |
{ |
1da177e4c
|
302 |
struct msqid_ds out; |
5a06a363e
|
303 |
memset(&out, 0, sizeof(out)); |
1da177e4c
|
304 305 306 307 308 309 |
ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); out.msg_stime = in->msg_stime; out.msg_rtime = in->msg_rtime; out.msg_ctime = in->msg_ctime; |
4be929be3
|
310 311 |
if (in->msg_cbytes > USHRT_MAX) out.msg_cbytes = USHRT_MAX; |
1da177e4c
|
312 313 314 |
else out.msg_cbytes = in->msg_cbytes; out.msg_lcbytes = in->msg_cbytes; |
4be929be3
|
315 316 |
if (in->msg_qnum > USHRT_MAX) out.msg_qnum = USHRT_MAX; |
1da177e4c
|
317 318 |
else out.msg_qnum = in->msg_qnum; |
4be929be3
|
319 320 |
if (in->msg_qbytes > USHRT_MAX) out.msg_qbytes = USHRT_MAX; |
1da177e4c
|
321 322 323 324 325 326 |
else out.msg_qbytes = in->msg_qbytes; out.msg_lqbytes = in->msg_qbytes; out.msg_lspid = in->msg_lspid; out.msg_lrpid = in->msg_lrpid; |
5a06a363e
|
327 328 |
return copy_to_user(buf, &out, sizeof(out)); } |
1da177e4c
|
329 330 331 332 |
default: return -EINVAL; } } |
5a06a363e
|
333 |
static inline unsigned long |
016d7132f
|
334 |
copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version) |
1da177e4c
|
335 336 337 |
{ switch(version) { case IPC_64: |
016d7132f
|
338 |
if (copy_from_user(out, buf, sizeof(*out))) |
1da177e4c
|
339 |
return -EFAULT; |
1da177e4c
|
340 |
return 0; |
1da177e4c
|
341 |
case IPC_OLD: |
5a06a363e
|
342 |
{ |
1da177e4c
|
343 |
struct msqid_ds tbuf_old; |
5a06a363e
|
344 |
if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) |
1da177e4c
|
345 |
return -EFAULT; |
016d7132f
|
346 347 348 |
out->msg_perm.uid = tbuf_old.msg_perm.uid; out->msg_perm.gid = tbuf_old.msg_perm.gid; out->msg_perm.mode = tbuf_old.msg_perm.mode; |
1da177e4c
|
349 |
|
5a06a363e
|
350 |
if (tbuf_old.msg_qbytes == 0) |
016d7132f
|
351 |
out->msg_qbytes = tbuf_old.msg_lqbytes; |
1da177e4c
|
352 |
else |
016d7132f
|
353 |
out->msg_qbytes = tbuf_old.msg_qbytes; |
1da177e4c
|
354 355 |
return 0; |
5a06a363e
|
356 |
} |
1da177e4c
|
357 358 359 360 |
default: return -EINVAL; } } |
a0d092fc2
|
361 362 363 364 365 366 367 |
/* * This function handles some msgctl commands which require the rw_mutex * to be held in write mode. * NOTE: no locks must be held, the rw_mutex is taken inside this function. */ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, struct msqid_ds __user *buf, int version) |
1da177e4c
|
368 |
{ |
1da177e4c
|
369 |
struct kern_ipc_perm *ipcp; |
f1970c48e
|
370 |
struct msqid64_ds uninitialized_var(msqid64); |
a0d092fc2
|
371 372 373 374 |
struct msg_queue *msq; int err; if (cmd == IPC_SET) { |
016d7132f
|
375 |
if (copy_msqid_from_user(&msqid64, buf, version)) |
a0d092fc2
|
376 377 |
return -EFAULT; } |
7b4cc5d84
|
378 379 |
down_write(&msg_ids(ns).rw_mutex); rcu_read_lock(); |
15724ecb7
|
380 381 |
ipcp = ipcctl_pre_down_nolock(ns, &msg_ids(ns), msqid, cmd, &msqid64.msg_perm, msqid64.msg_qbytes); |
7b4cc5d84
|
382 383 |
if (IS_ERR(ipcp)) { err = PTR_ERR(ipcp); |
7b4cc5d84
|
384 385 |
goto out_unlock1; } |
a0d092fc2
|
386 |
|
a5f75e7f2
|
387 |
msq = container_of(ipcp, struct msg_queue, q_perm); |
a0d092fc2
|
388 389 390 |
err = security_msg_queue_msgctl(msq, cmd); if (err) |
15724ecb7
|
391 |
goto out_unlock1; |
a0d092fc2
|
392 393 394 |
switch (cmd) { case IPC_RMID: |
15724ecb7
|
395 |
ipc_lock_object(&msq->q_perm); |
7b4cc5d84
|
396 |
/* freeque unlocks the ipc object and rcu */ |
a0d092fc2
|
397 398 399 |
freeque(ns, ipcp); goto out_up; case IPC_SET: |
016d7132f
|
400 |
if (msqid64.msg_qbytes > ns->msg_ctlmnb && |
a0d092fc2
|
401 402 |
!capable(CAP_SYS_RESOURCE)) { err = -EPERM; |
15724ecb7
|
403 |
goto out_unlock1; |
a0d092fc2
|
404 |
} |
15724ecb7
|
405 |
ipc_lock_object(&msq->q_perm); |
1efdb69b0
|
406 407 |
err = ipc_update_perm(&msqid64.msg_perm, ipcp); if (err) |
7b4cc5d84
|
408 |
goto out_unlock0; |
1efdb69b0
|
409 |
|
016d7132f
|
410 |
msq->q_qbytes = msqid64.msg_qbytes; |
a0d092fc2
|
411 |
|
a0d092fc2
|
412 413 414 415 416 417 418 419 420 421 422 423 |
msq->q_ctime = get_seconds(); /* sleeping receivers might be excluded by * stricter permissions. */ expunge_all(msq, -EAGAIN); /* sleeping senders might be able to send * due to a larger queue size. */ ss_wakeup(&msq->q_senders, 0); break; default: err = -EINVAL; |
15724ecb7
|
424 |
goto out_unlock1; |
a0d092fc2
|
425 |
} |
7b4cc5d84
|
426 427 428 429 430 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
a0d092fc2
|
431 432 433 434 |
out_up: up_write(&msg_ids(ns).rw_mutex); return err; } |
2cafed30f
|
435 436 |
static int msgctl_nolock(struct ipc_namespace *ns, int msqid, int cmd, int version, void __user *buf) |
a0d092fc2
|
437 |
{ |
2cafed30f
|
438 |
int err; |
5a06a363e
|
439 |
struct msg_queue *msq; |
1da177e4c
|
440 441 |
switch (cmd) { |
5a06a363e
|
442 443 444 |
case IPC_INFO: case MSG_INFO: { |
1da177e4c
|
445 446 |
struct msginfo msginfo; int max_id; |
5a06a363e
|
447 |
|
1da177e4c
|
448 449 |
if (!buf) return -EFAULT; |
2cafed30f
|
450 |
|
5a06a363e
|
451 452 |
/* * We must not return kernel stack data. |
1da177e4c
|
453 454 455 |
* due to padding, it's not enough * to set all member fields. */ |
1da177e4c
|
456 457 458 |
err = security_msg_queue_msgctl(NULL, cmd); if (err) return err; |
5a06a363e
|
459 |
memset(&msginfo, 0, sizeof(msginfo)); |
1e7869373
|
460 461 462 |
msginfo.msgmni = ns->msg_ctlmni; msginfo.msgmax = ns->msg_ctlmax; msginfo.msgmnb = ns->msg_ctlmnb; |
1da177e4c
|
463 464 |
msginfo.msgssz = MSGSSZ; msginfo.msgseg = MSGSEG; |
3e148c799
|
465 |
down_read(&msg_ids(ns).rw_mutex); |
1da177e4c
|
466 |
if (cmd == MSG_INFO) { |
1e7869373
|
467 |
msginfo.msgpool = msg_ids(ns).in_use; |
3ac88a41f
|
468 469 |
msginfo.msgmap = atomic_read(&ns->msg_hdrs); msginfo.msgtql = atomic_read(&ns->msg_bytes); |
1da177e4c
|
470 471 472 473 474 |
} else { msginfo.msgmap = MSGMAP; msginfo.msgpool = MSGPOOL; msginfo.msgtql = MSGTQL; } |
7ca7e564e
|
475 |
max_id = ipc_get_maxid(&msg_ids(ns)); |
3e148c799
|
476 |
up_read(&msg_ids(ns).rw_mutex); |
5a06a363e
|
477 |
if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
1da177e4c
|
478 |
return -EFAULT; |
5a06a363e
|
479 |
return (max_id < 0) ? 0 : max_id; |
1da177e4c
|
480 |
} |
2cafed30f
|
481 482 |
case MSG_STAT: |
1da177e4c
|
483 484 485 486 |
case IPC_STAT: { struct msqid64_ds tbuf; int success_return; |
5a06a363e
|
487 |
|
1da177e4c
|
488 489 |
if (!buf) return -EFAULT; |
1da177e4c
|
490 |
|
ac0ba20ea
|
491 492 493 |
memset(&tbuf, 0, sizeof(tbuf)); rcu_read_lock(); |
5a06a363e
|
494 |
if (cmd == MSG_STAT) { |
ac0ba20ea
|
495 496 497 498 499 |
msq = msq_obtain_object(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_unlock; } |
7ca7e564e
|
500 |
success_return = msq->q_perm.id; |
1da177e4c
|
501 |
} else { |
ac0ba20ea
|
502 503 504 505 506 |
msq = msq_obtain_object_check(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_unlock; } |
1da177e4c
|
507 508 |
success_return = 0; } |
ac0ba20ea
|
509 |
|
1da177e4c
|
510 |
err = -EACCES; |
b0e77598f
|
511 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
1da177e4c
|
512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 |
goto out_unlock; err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm); tbuf.msg_stime = msq->q_stime; tbuf.msg_rtime = msq->q_rtime; tbuf.msg_ctime = msq->q_ctime; tbuf.msg_cbytes = msq->q_cbytes; tbuf.msg_qnum = msq->q_qnum; tbuf.msg_qbytes = msq->q_qbytes; tbuf.msg_lspid = msq->q_lspid; tbuf.msg_lrpid = msq->q_lrpid; |
ac0ba20ea
|
527 |
rcu_read_unlock(); |
1da177e4c
|
528 529 530 531 |
if (copy_msqid_to_user(buf, &tbuf, version)) return -EFAULT; return success_return; } |
2cafed30f
|
532 |
|
1da177e4c
|
533 |
default: |
2cafed30f
|
534 |
return -EINVAL; |
1da177e4c
|
535 |
} |
2cafed30f
|
536 |
return err; |
1da177e4c
|
537 |
out_unlock: |
ac0ba20ea
|
538 |
rcu_read_unlock(); |
1da177e4c
|
539 540 |
return err; } |
2cafed30f
|
541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 |
SYSCALL_DEFINE3(msgctl, int, msqid, int, cmd, struct msqid_ds __user *, buf) { int version; struct ipc_namespace *ns; if (msqid < 0 || cmd < 0) return -EINVAL; version = ipc_parse_version(&cmd); ns = current->nsproxy->ipc_ns; switch (cmd) { case IPC_INFO: case MSG_INFO: case MSG_STAT: /* msqid is an index rather than a msg queue id */ case IPC_STAT: return msgctl_nolock(ns, msqid, cmd, version, buf); case IPC_SET: case IPC_RMID: return msgctl_down(ns, msqid, cmd, buf, version); default: return -EINVAL; } } |
5a06a363e
|
565 |
static int testmsg(struct msg_msg *msg, long type, int mode) |
1da177e4c
|
566 567 568 569 |
{ switch(mode) { case SEARCH_ANY: |
8ac6ed585
|
570 |
case SEARCH_NUMBER: |
1da177e4c
|
571 572 |
return 1; case SEARCH_LESSEQUAL: |
5a06a363e
|
573 |
if (msg->m_type <=type) |
1da177e4c
|
574 575 576 |
return 1; break; case SEARCH_EQUAL: |
5a06a363e
|
577 |
if (msg->m_type == type) |
1da177e4c
|
578 579 580 |
return 1; break; case SEARCH_NOTEQUAL: |
5a06a363e
|
581 |
if (msg->m_type != type) |
1da177e4c
|
582 583 584 585 586 |
return 1; break; } return 0; } |
5a06a363e
|
587 |
static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg) |
1da177e4c
|
588 |
{ |
41239fe82
|
589 |
struct msg_receiver *msr, *t; |
5a06a363e
|
590 |
|
41239fe82
|
591 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) { |
5a06a363e
|
592 593 594 |
if (testmsg(msg, msr->r_msgtype, msr->r_mode) && !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { |
1da177e4c
|
595 |
list_del(&msr->r_list); |
5a06a363e
|
596 |
if (msr->r_maxsize < msg->m_ts) { |
1da177e4c
|
597 598 599 600 601 602 |
msr->r_msg = NULL; wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = ERR_PTR(-E2BIG); } else { msr->r_msg = NULL; |
b488893a3
|
603 |
msq->q_lrpid = task_pid_vnr(msr->r_tsk); |
1da177e4c
|
604 605 606 607 |
msq->q_rtime = get_seconds(); wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = msg; |
5a06a363e
|
608 |
|
1da177e4c
|
609 610 611 612 613 614 |
return 1; } } } return 0; } |
651971cb7
|
615 616 |
long do_msgsnd(int msqid, long mtype, void __user *mtext, size_t msgsz, int msgflg) |
1da177e4c
|
617 618 619 |
{ struct msg_queue *msq; struct msg_msg *msg; |
1da177e4c
|
620 |
int err; |
1e7869373
|
621 622 623 |
struct ipc_namespace *ns; ns = current->nsproxy->ipc_ns; |
5a06a363e
|
624 |
|
1e7869373
|
625 |
if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) |
1da177e4c
|
626 |
return -EINVAL; |
1da177e4c
|
627 628 |
if (mtype < 1) return -EINVAL; |
651971cb7
|
629 |
msg = load_msg(mtext, msgsz); |
5a06a363e
|
630 |
if (IS_ERR(msg)) |
1da177e4c
|
631 632 633 634 |
return PTR_ERR(msg); msg->m_type = mtype; msg->m_ts = msgsz; |
3dd1f784e
|
635 636 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
023a53557
|
637 638 |
if (IS_ERR(msq)) { err = PTR_ERR(msq); |
3dd1f784e
|
639 |
goto out_unlock1; |
023a53557
|
640 |
} |
1da177e4c
|
641 642 643 |
for (;;) { struct msg_sender s; |
5a06a363e
|
644 |
err = -EACCES; |
b0e77598f
|
645 |
if (ipcperms(ns, &msq->q_perm, S_IWUGO)) |
3dd1f784e
|
646 |
goto out_unlock1; |
1da177e4c
|
647 648 649 |
err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) |
3dd1f784e
|
650 |
goto out_unlock1; |
1da177e4c
|
651 |
|
5a06a363e
|
652 |
if (msgsz + msq->q_cbytes <= msq->q_qbytes && |
1da177e4c
|
653 654 655 656 657 |
1 + msq->q_qnum <= msq->q_qbytes) { break; } /* queue full, wait: */ |
5a06a363e
|
658 659 |
if (msgflg & IPC_NOWAIT) { err = -EAGAIN; |
3dd1f784e
|
660 |
goto out_unlock1; |
1da177e4c
|
661 |
} |
3dd1f784e
|
662 663 |
ipc_lock_object(&msq->q_perm); |
1da177e4c
|
664 |
ss_add(msq, &s); |
6062a8dc0
|
665 666 667 |
if (!ipc_rcu_getref(msq)) { err = -EIDRM; |
3dd1f784e
|
668 |
goto out_unlock0; |
6062a8dc0
|
669 |
} |
3dd1f784e
|
670 671 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
1da177e4c
|
672 |
schedule(); |
3dd1f784e
|
673 674 |
rcu_read_lock(); ipc_lock_object(&msq->q_perm); |
1da177e4c
|
675 676 677 |
ipc_rcu_putref(msq); if (msq->q_perm.deleted) { err = -EIDRM; |
3dd1f784e
|
678 |
goto out_unlock0; |
1da177e4c
|
679 |
} |
3dd1f784e
|
680 |
|
1da177e4c
|
681 |
ss_del(&s); |
5a06a363e
|
682 |
|
1da177e4c
|
683 |
if (signal_pending(current)) { |
5a06a363e
|
684 |
err = -ERESTARTNOHAND; |
3dd1f784e
|
685 |
goto out_unlock0; |
1da177e4c
|
686 |
} |
3dd1f784e
|
687 688 |
ipc_unlock_object(&msq->q_perm); |
1da177e4c
|
689 |
} |
3dd1f784e
|
690 |
ipc_lock_object(&msq->q_perm); |
b488893a3
|
691 |
msq->q_lspid = task_tgid_vnr(current); |
1da177e4c
|
692 |
msq->q_stime = get_seconds(); |
5a06a363e
|
693 |
if (!pipelined_send(msq, msg)) { |
25985edce
|
694 |
/* no one is waiting for this message, enqueue it */ |
5a06a363e
|
695 |
list_add_tail(&msg->m_list, &msq->q_messages); |
1da177e4c
|
696 697 |
msq->q_cbytes += msgsz; msq->q_qnum++; |
3ac88a41f
|
698 699 |
atomic_add(msgsz, &ns->msg_bytes); atomic_inc(&ns->msg_hdrs); |
1da177e4c
|
700 |
} |
5a06a363e
|
701 |
|
1da177e4c
|
702 703 |
err = 0; msg = NULL; |
3dd1f784e
|
704 705 706 707 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
5a06a363e
|
708 |
if (msg != NULL) |
1da177e4c
|
709 710 711 |
free_msg(msg); return err; } |
e48fbb699
|
712 713 |
SYSCALL_DEFINE4(msgsnd, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, int, msgflg) |
651971cb7
|
714 715 716 717 718 719 720 |
{ long mtype; if (get_user(mtype, &msgp->mtype)) return -EFAULT; return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg); } |
5a06a363e
|
721 |
static inline int convert_mode(long *msgtyp, int msgflg) |
1da177e4c
|
722 |
{ |
8ac6ed585
|
723 724 |
if (msgflg & MSG_COPY) return SEARCH_NUMBER; |
5a06a363e
|
725 |
/* |
1da177e4c
|
726 727 728 |
* find message of correct type. * msgtyp = 0 => get first. * msgtyp > 0 => get first message of matching type. |
5a06a363e
|
729 |
* msgtyp < 0 => get message with least type must be < abs(msgtype). |
1da177e4c
|
730 |
*/ |
5a06a363e
|
731 |
if (*msgtyp == 0) |
1da177e4c
|
732 |
return SEARCH_ANY; |
5a06a363e
|
733 734 |
if (*msgtyp < 0) { *msgtyp = -*msgtyp; |
1da177e4c
|
735 736 |
return SEARCH_LESSEQUAL; } |
5a06a363e
|
737 |
if (msgflg & MSG_EXCEPT) |
1da177e4c
|
738 739 740 |
return SEARCH_NOTEQUAL; return SEARCH_EQUAL; } |
f9dd87f47
|
741 742 743 744 745 746 747 748 749 750 751 752 753 |
static long do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz) { struct msgbuf __user *msgp = dest; size_t msgsz; if (put_user(msg->m_type, &msgp->mtype)) return -EFAULT; msgsz = (bufsz > msg->m_ts) ? msg->m_ts : bufsz; if (store_msg(msgp->mtext, msg, msgsz)) return -EFAULT; return msgsz; } |
4a674f34b
|
754 |
#ifdef CONFIG_CHECKPOINT_RESTORE |
3fcfe7865
|
755 756 757 758 |
/* * This function creates new kernel message structure, large enough to store * bufsz message bytes. */ |
8ac6ed585
|
759 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
4a674f34b
|
760 761 |
{ struct msg_msg *copy; |
4a674f34b
|
762 763 764 765 766 767 768 769 |
/* * Create dummy message to copy real message to. */ copy = load_msg(buf, bufsz); if (!IS_ERR(copy)) copy->m_ts = bufsz; return copy; } |
85398aa8d
|
770 |
static inline void free_copy(struct msg_msg *copy) |
4a674f34b
|
771 |
{ |
85398aa8d
|
772 |
if (copy) |
4a674f34b
|
773 774 775 |
free_msg(copy); } #else |
8ac6ed585
|
776 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
b30efe277
|
777 778 779 |
{ return ERR_PTR(-ENOSYS); } |
85398aa8d
|
780 781 782 |
static inline void free_copy(struct msg_msg *copy) { } |
4a674f34b
|
783 |
#endif |
daaf74cf0
|
784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 |
static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode) { struct msg_msg *msg; long count = 0; list_for_each_entry(msg, &msq->q_messages, m_list) { if (testmsg(msg, *msgtyp, mode) && !security_msg_queue_msgrcv(msq, msg, current, *msgtyp, mode)) { if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) { *msgtyp = msg->m_type - 1; } else if (mode == SEARCH_NUMBER) { if (*msgtyp == count) return msg; } else return msg; count++; } } return ERR_PTR(-EAGAIN); } |
41a0d523d
|
806 |
long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg, |
f9dd87f47
|
807 |
long (*msg_handler)(void __user *, struct msg_msg *, size_t)) |
1da177e4c
|
808 |
{ |
1da177e4c
|
809 |
int mode; |
41a0d523d
|
810 |
struct msg_queue *msq; |
1e7869373
|
811 |
struct ipc_namespace *ns; |
41a0d523d
|
812 |
struct msg_msg *msg, *copy = NULL; |
1da177e4c
|
813 |
|
88b9e456b
|
814 |
ns = current->nsproxy->ipc_ns; |
f9dd87f47
|
815 |
if (msqid < 0 || (long) bufsz < 0) |
1da177e4c
|
816 |
return -EINVAL; |
41a0d523d
|
817 |
|
4a674f34b
|
818 |
if (msgflg & MSG_COPY) { |
8ac6ed585
|
819 |
copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax)); |
4a674f34b
|
820 821 822 |
if (IS_ERR(copy)) return PTR_ERR(copy); } |
5a06a363e
|
823 |
mode = convert_mode(&msgtyp, msgflg); |
1da177e4c
|
824 |
|
41a0d523d
|
825 826 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
4a674f34b
|
827 |
if (IS_ERR(msq)) { |
41a0d523d
|
828 |
rcu_read_unlock(); |
85398aa8d
|
829 |
free_copy(copy); |
023a53557
|
830 |
return PTR_ERR(msq); |
4a674f34b
|
831 |
} |
1da177e4c
|
832 833 834 |
for (;;) { struct msg_receiver msr_d; |
1da177e4c
|
835 836 |
msg = ERR_PTR(-EACCES); |
b0e77598f
|
837 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
41a0d523d
|
838 |
goto out_unlock1; |
1da177e4c
|
839 |
|
41a0d523d
|
840 |
ipc_lock_object(&msq->q_perm); |
daaf74cf0
|
841 |
msg = find_msg(msq, &msgtyp, mode); |
5a06a363e
|
842 843 844 845 846 |
if (!IS_ERR(msg)) { /* * Found a suitable message. * Unlink it from the queue. */ |
f9dd87f47
|
847 |
if ((bufsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) { |
1da177e4c
|
848 |
msg = ERR_PTR(-E2BIG); |
41a0d523d
|
849 |
goto out_unlock0; |
1da177e4c
|
850 |
} |
3fcfe7865
|
851 852 853 854 |
/* * If we are copying, then do not unlink message and do * not update queue parameters. */ |
852028af8
|
855 856 |
if (msgflg & MSG_COPY) { msg = copy_msg(msg, copy); |
41a0d523d
|
857 |
goto out_unlock0; |
852028af8
|
858 |
} |
41a0d523d
|
859 |
|
1da177e4c
|
860 861 862 |
list_del(&msg->m_list); msq->q_qnum--; msq->q_rtime = get_seconds(); |
b488893a3
|
863 |
msq->q_lrpid = task_tgid_vnr(current); |
1da177e4c
|
864 |
msq->q_cbytes -= msg->m_ts; |
3ac88a41f
|
865 866 |
atomic_sub(msg->m_ts, &ns->msg_bytes); atomic_dec(&ns->msg_hdrs); |
5a06a363e
|
867 |
ss_wakeup(&msq->q_senders, 0); |
41a0d523d
|
868 869 |
goto out_unlock0; |
1da177e4c
|
870 |
} |
41a0d523d
|
871 |
|
1da177e4c
|
872 873 874 |
/* No message waiting. Wait for a message */ if (msgflg & IPC_NOWAIT) { msg = ERR_PTR(-ENOMSG); |
41a0d523d
|
875 |
goto out_unlock0; |
1da177e4c
|
876 |
} |
41a0d523d
|
877 |
|
5a06a363e
|
878 |
list_add_tail(&msr_d.r_list, &msq->q_receivers); |
1da177e4c
|
879 880 881 |
msr_d.r_tsk = current; msr_d.r_msgtype = msgtyp; msr_d.r_mode = mode; |
5a06a363e
|
882 |
if (msgflg & MSG_NOERROR) |
1da177e4c
|
883 |
msr_d.r_maxsize = INT_MAX; |
5a06a363e
|
884 |
else |
f9dd87f47
|
885 |
msr_d.r_maxsize = bufsz; |
1da177e4c
|
886 887 |
msr_d.r_msg = ERR_PTR(-EAGAIN); current->state = TASK_INTERRUPTIBLE; |
1da177e4c
|
888 |
|
41a0d523d
|
889 890 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
1da177e4c
|
891 892 893 894 895 896 |
schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue * and getting a reference would defeat the idea of a lockless * operation, thus the code relies on rcu to guarantee the |
25985edce
|
897 |
* existence of msq: |
1da177e4c
|
898 899 900 |
* Prior to destruction, expunge_all(-EIRDM) changes r_msg. * Thus if r_msg is -EAGAIN, then the queue not yet destroyed. * rcu_read_lock() prevents preemption between reading r_msg |
41a0d523d
|
901 |
* and acquiring the q_perm.lock in ipc_lock_object(). |
1da177e4c
|
902 903 904 905 906 907 908 909 |
*/ rcu_read_lock(); /* Lockless receive, part 2: * Wait until pipelined_send or expunge_all are outside of * wake_up_process(). There is a race with exit(), see * ipc/mqueue.c for the details. */ |
5a06a363e
|
910 |
msg = (struct msg_msg*)msr_d.r_msg; |
1da177e4c
|
911 912 |
while (msg == NULL) { cpu_relax(); |
5a06a363e
|
913 |
msg = (struct msg_msg *)msr_d.r_msg; |
1da177e4c
|
914 915 916 917 918 919 |
} /* Lockless receive, part 3: * If there is a message or an error then accept it without * locking. */ |
41a0d523d
|
920 921 |
if (msg != ERR_PTR(-EAGAIN)) goto out_unlock1; |
1da177e4c
|
922 923 924 925 |
/* Lockless receive, part 3: * Acquire the queue spinlock. */ |
41a0d523d
|
926 |
ipc_lock_object(&msq->q_perm); |
1da177e4c
|
927 928 929 930 931 |
/* Lockless receive, part 4: * Repeat test after acquiring the spinlock. */ msg = (struct msg_msg*)msr_d.r_msg; |
5a06a363e
|
932 |
if (msg != ERR_PTR(-EAGAIN)) |
41a0d523d
|
933 |
goto out_unlock0; |
1da177e4c
|
934 935 936 937 |
list_del(&msr_d.r_list); if (signal_pending(current)) { msg = ERR_PTR(-ERESTARTNOHAND); |
41a0d523d
|
938 |
goto out_unlock0; |
1da177e4c
|
939 |
} |
41a0d523d
|
940 941 |
ipc_unlock_object(&msq->q_perm); |
1da177e4c
|
942 |
} |
41a0d523d
|
943 944 945 946 947 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
4a674f34b
|
948 |
if (IS_ERR(msg)) { |
85398aa8d
|
949 |
free_copy(copy); |
5a06a363e
|
950 |
return PTR_ERR(msg); |
4a674f34b
|
951 |
} |
1da177e4c
|
952 |
|
f9dd87f47
|
953 |
bufsz = msg_handler(buf, msg, bufsz); |
1da177e4c
|
954 |
free_msg(msg); |
5a06a363e
|
955 |
|
f9dd87f47
|
956 |
return bufsz; |
1da177e4c
|
957 |
} |
e48fbb699
|
958 959 |
SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, long, msgtyp, int, msgflg) |
651971cb7
|
960 |
{ |
f9dd87f47
|
961 |
return do_msgrcv(msqid, msgp, msgsz, msgtyp, msgflg, do_msg_fill); |
651971cb7
|
962 |
} |
1da177e4c
|
963 |
#ifdef CONFIG_PROC_FS |
19b4946ca
|
964 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it) |
1da177e4c
|
965 |
{ |
1efdb69b0
|
966 |
struct user_namespace *user_ns = seq_user_ns(s); |
19b4946ca
|
967 968 969 |
struct msg_queue *msq = it; return seq_printf(s, |
5a06a363e
|
970 971 972 |
"%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu ", msq->q_perm.key, |
7ca7e564e
|
973 |
msq->q_perm.id, |
5a06a363e
|
974 975 976 977 978 |
msq->q_perm.mode, msq->q_cbytes, msq->q_qnum, msq->q_lspid, msq->q_lrpid, |
1efdb69b0
|
979 980 981 982 |
from_kuid_munged(user_ns, msq->q_perm.uid), from_kgid_munged(user_ns, msq->q_perm.gid), from_kuid_munged(user_ns, msq->q_perm.cuid), from_kgid_munged(user_ns, msq->q_perm.cgid), |
5a06a363e
|
983 984 985 |
msq->q_stime, msq->q_rtime, msq->q_ctime); |
1da177e4c
|
986 987 |
} #endif |