Blame view
ipc/msg.c
23 KB
1da177e4c
Linux-2.6.12-rc2
|
1 2 |
/* * linux/ipc/msg.c |
5a06a363e
[PATCH] ipc/msg.c...
|
3 |
* Copyright (C) 1992 Krishna Balasubramanian |
|
1da177e4c
Linux-2.6.12-rc2
|
4 5 6 7 8 9 10 11 12 13 14 |
* * Removed all the remaining kerneld mess * Catch the -EFAULT stuff properly * Use GFP_KERNEL for messages as in 1.2 * Fixed up the unchecked user space derefs * Copyright (C) 1998 Alan Cox & Andi Kleen * * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com> * * mostly rewritten, threaded and wake-one semantics added * MSGMAX limit removed, sysctl's added |
624dffcbc
correct email add...
|
15 |
* (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
073115d6b
[PATCH] Rework of...
|
16 17 18 |
* * support for audit of ipc object properties and permission changes * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
1e7869373
[PATCH] IPC names...
|
19 20 21 22 |
* * namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
|
1da177e4c
Linux-2.6.12-rc2
|
23 |
*/ |
c59ede7b7
[PATCH] move capa...
|
24 |
#include <linux/capability.h> |
|
1da177e4c
Linux-2.6.12-rc2
|
25 26 27 |
#include <linux/msg.h> #include <linux/spinlock.h> #include <linux/init.h> |
f7bf3df8b
ipc: scale msgmni...
|
28 |
#include <linux/mm.h> |
|
1da177e4c
Linux-2.6.12-rc2
|
29 30 31 32 33 34 |
#include <linux/proc_fs.h> #include <linux/list.h> #include <linux/security.h> #include <linux/sched.h> #include <linux/syscalls.h> #include <linux/audit.h> |
19b4946ca
[PATCH] ipc: conv...
|
35 |
#include <linux/seq_file.h> |
|
3e148c799
fix idr_find() lo...
|
36 |
#include <linux/rwsem.h> |
|
1e7869373
[PATCH] IPC names...
|
37 |
#include <linux/nsproxy.h> |
ae5e1b22f
namespaces: move ...
|
38 |
#include <linux/ipc_namespace.h> |
|
5f921ae96
[PATCH] sem2mutex...
|
39 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
40 41 42 |
#include <asm/current.h> #include <asm/uaccess.h> #include "util.h" |
|
5a06a363e
[PATCH] ipc/msg.c...
|
43 44 45 |
/* * one msg_receiver structure for each sleeping receiver: */ |
|
1da177e4c
Linux-2.6.12-rc2
|
46 |
struct msg_receiver {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
47 48 |
struct list_head r_list; struct task_struct *r_tsk; |
|
1da177e4c
Linux-2.6.12-rc2
|
49 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
50 51 52 |
int r_mode; long r_msgtype; long r_maxsize; |
|
1da177e4c
Linux-2.6.12-rc2
|
53 |
|
80491eb90
Revert unintentio...
|
54 |
struct msg_msg *volatile r_msg; |
|
1da177e4c
Linux-2.6.12-rc2
|
55 56 57 58 |
};
/* one msg_sender for each sleeping sender */
struct msg_sender {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
59 60 |
struct list_head list; struct task_struct *tsk; |
|
1da177e4c
Linux-2.6.12-rc2
|
61 62 63 64 65 66 |
}; #define SEARCH_ANY 1 #define SEARCH_EQUAL 2 #define SEARCH_NOTEQUAL 3 #define SEARCH_LESSEQUAL 4 |
8ac6ed585
ipc: implement MS...
|
67 |
#define SEARCH_NUMBER 5 |
|
1da177e4c
Linux-2.6.12-rc2
|
68 |
|
ed2ddbf88
IPC: make struct ...
|
69 |
#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS]) |
|
1da177e4c
Linux-2.6.12-rc2
|
70 |
|
|
1e7869373
[PATCH] IPC names...
|
71 |
#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) |
|
1e7869373
[PATCH] IPC names...
|
72 |
|
|
01b8b07a5
IPC: consolidate ...
|
73 |
static void freeque(struct ipc_namespace *, struct kern_ipc_perm *); |
|
7748dbfaa
ipc: unify the sy...
|
74 |
static int newque(struct ipc_namespace *, struct ipc_params *); |
|
1da177e4c
Linux-2.6.12-rc2
|
75 |
#ifdef CONFIG_PROC_FS |
|
19b4946ca
[PATCH] ipc: conv...
|
76 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it); |
|
1da177e4c
Linux-2.6.12-rc2
|
77 |
#endif |
|
f7bf3df8b
ipc: scale msgmni...
|
78 79 80 |
/* * Scale msgmni with the available lowmem size: the memory dedicated to msg * queues should occupy at most 1/MSG_MEM_SCALE of lowmem. |
|
4d89dc6ab
ipc: scale msgmni...
|
81 82 |
* Also take into account the number of nsproxies created so far. * This should be done staying within the (MSGMNI , IPCMNI/nr_ipc_ns) range. |
|
f7bf3df8b
ipc: scale msgmni...
|
83 |
*/ |
|
b6b337ad1
ipc: recompute ms...
|
84 |
void recompute_msgmni(struct ipc_namespace *ns) |
|
f7bf3df8b
ipc: scale msgmni...
|
85 86 87 |
{
struct sysinfo i;
unsigned long allowed;
|
|
4d89dc6ab
ipc: scale msgmni...
|
88 |
int nb_ns; |
|
f7bf3df8b
ipc: scale msgmni...
|
89 90 91 92 |
si_meminfo(&i); allowed = (((i.totalram - i.totalhigh) / MSG_MEM_SCALE) * i.mem_unit) / MSGMNB; |
|
4d89dc6ab
ipc: scale msgmni...
|
93 94 |
nb_ns = atomic_read(&nr_ipc_ns); allowed /= nb_ns; |
|
f7bf3df8b
ipc: scale msgmni...
|
95 96 97 |
if (allowed < MSGMNI) {
ns->msg_ctlmni = MSGMNI;
|
|
dfcceb26f
ipc: only output ...
|
98 |
return; |
|
f7bf3df8b
ipc: scale msgmni...
|
99 |
} |
|
4d89dc6ab
ipc: scale msgmni...
|
100 101 |
if (allowed > IPCMNI / nb_ns) {
ns->msg_ctlmni = IPCMNI / nb_ns;
|
|
dfcceb26f
ipc: only output ...
|
102 |
return; |
|
f7bf3df8b
ipc: scale msgmni...
|
103 104 105 |
} ns->msg_ctlmni = allowed; |
|
f7bf3df8b
ipc: scale msgmni...
|
106 |
} |
|
ed2ddbf88
IPC: make struct ...
|
107 |
void msg_init_ns(struct ipc_namespace *ns) |
|
1e7869373
[PATCH] IPC names...
|
108 |
{
|
|
1e7869373
[PATCH] IPC names...
|
109 110 |
ns->msg_ctlmax = MSGMAX; ns->msg_ctlmnb = MSGMNB; |
|
f7bf3df8b
ipc: scale msgmni...
|
111 112 |
recompute_msgmni(ns); |
|
3ac88a41f
virtualization of...
|
113 114 |
atomic_set(&ns->msg_bytes, 0); atomic_set(&ns->msg_hdrs, 0); |
|
ed2ddbf88
IPC: make struct ...
|
115 |
ipc_init_ids(&ns->ids[IPC_MSG_IDS]); |
|
1e7869373
[PATCH] IPC names...
|
116 |
} |
|
ae5e1b22f
namespaces: move ...
|
117 |
#ifdef CONFIG_IPC_NS |
|
1e7869373
[PATCH] IPC names...
|
118 119 |
void msg_exit_ns(struct ipc_namespace *ns)
{
|
|
01b8b07a5
IPC: consolidate ...
|
120 |
free_ipcs(ns, &msg_ids(ns), freeque); |
7d6feeb28
ipc ns: fix memor...
|
121 |
idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr); |
|
1e7869373
[PATCH] IPC names...
|
122 |
} |
|
ae5e1b22f
namespaces: move ...
|
123 |
#endif |
|
1e7869373
[PATCH] IPC names...
|
124 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
125 |
void __init msg_init(void) |
|
1da177e4c
Linux-2.6.12-rc2
|
126 |
{
|
|
ed2ddbf88
IPC: make struct ...
|
127 |
msg_init_ns(&init_ipc_ns); |
|
dfcceb26f
ipc: only output ...
|
128 129 130 131 |
printk(KERN_INFO "msgmni has been set to %d ", init_ipc_ns.msg_ctlmni); |
|
19b4946ca
[PATCH] ipc: conv...
|
132 133 134 |
ipc_init_proc_interface("sysvipc/msg",
" key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime
",
|
|
1e7869373
[PATCH] IPC names...
|
135 |
IPC_MSG_IDS, sysvipc_msg_proc_show); |
|
1da177e4c
Linux-2.6.12-rc2
|
136 |
} |
a5001a0d9
ipc,msg: introduc...
|
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
static inline struct msg_queue *msq_obtain_object(struct ipc_namespace *ns, int id)
{
struct kern_ipc_perm *ipcp = ipc_obtain_object(&msg_ids(ns), id);
if (IS_ERR(ipcp))
return ERR_CAST(ipcp);
return container_of(ipcp, struct msg_queue, q_perm);
}
static inline struct msg_queue *msq_obtain_object_check(struct ipc_namespace *ns,
int id)
{
struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&msg_ids(ns), id);
if (IS_ERR(ipcp))
return ERR_CAST(ipcp);
return container_of(ipcp, struct msg_queue, q_perm);
}
|
|
7ca7e564e
ipc: store ipcs i...
|
157 158 159 160 |
static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s)
{
ipc_rmid(&msg_ids(ns), &s->q_perm);
}
|
|
f4566f048
ipc: fix wrong co...
|
161 162 163 164 165 |
/** * newque - Create a new msg queue * @ns: namespace * @params: ptr to the structure that contains the key and msgflg * |
|
3e148c799
fix idr_find() lo...
|
166 |
* Called with msg_ids.rw_mutex held (writer) |
|
f4566f048
ipc: fix wrong co...
|
167 |
*/ |
|
7748dbfaa
ipc: unify the sy...
|
168 |
static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
|
1da177e4c
Linux-2.6.12-rc2
|
169 |
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
170 |
struct msg_queue *msq; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
171 |
int id, retval; |
|
7748dbfaa
ipc: unify the sy...
|
172 173 |
key_t key = params->key; int msgflg = params->flg; |
|
1da177e4c
Linux-2.6.12-rc2
|
174 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
175 176 |
msq = ipc_rcu_alloc(sizeof(*msq)); if (!msq) |
|
1da177e4c
Linux-2.6.12-rc2
|
177 |
return -ENOMEM; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
178 |
msq->q_perm.mode = msgflg & S_IRWXUGO; |
|
1da177e4c
Linux-2.6.12-rc2
|
179 180 181 182 183 184 185 186 |
msq->q_perm.key = key;
msq->q_perm.security = NULL;
retval = security_msg_queue_alloc(msq);
if (retval) {
ipc_rcu_putref(msq);
return retval;
}
|
|
dbfcd91f0
ipc: move rcu loc...
|
187 |
/* ipc_addid() locks msq upon success. */ |
|
1e7869373
[PATCH] IPC names...
|
188 |
id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
|
283bb7fad
IPC: fix error ca...
|
189 |
if (id < 0) {
|
|
1da177e4c
Linux-2.6.12-rc2
|
190 191 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); |
|
283bb7fad
IPC: fix error ca...
|
192 |
return id; |
|
1da177e4c
Linux-2.6.12-rc2
|
193 194 195 196 197 |
} msq->q_stime = msq->q_rtime = 0; msq->q_ctime = get_seconds(); msq->q_cbytes = msq->q_qnum = 0; |
|
1e7869373
[PATCH] IPC names...
|
198 |
msq->q_qbytes = ns->msg_ctlmnb; |
|
1da177e4c
Linux-2.6.12-rc2
|
199 200 201 202 |
msq->q_lspid = msq->q_lrpid = 0; INIT_LIST_HEAD(&msq->q_messages); INIT_LIST_HEAD(&msq->q_receivers); INIT_LIST_HEAD(&msq->q_senders); |
|
7ca7e564e
ipc: store ipcs i...
|
203 |
|
|
cf9d5d78d
ipc: close open c...
|
204 |
ipc_unlock_object(&msq->q_perm); |
|
dbfcd91f0
ipc: move rcu loc...
|
205 |
rcu_read_unlock(); |
|
1da177e4c
Linux-2.6.12-rc2
|
206 |
|
|
7ca7e564e
ipc: store ipcs i...
|
207 |
return msq->q_perm.id; |
|
1da177e4c
Linux-2.6.12-rc2
|
208 |
} |
|
5a06a363e
[PATCH] ipc/msg.c...
|
209 |
static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss) |
|
1da177e4c
Linux-2.6.12-rc2
|
210 |
{
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
211 212 213 |
mss->tsk = current; current->state = TASK_INTERRUPTIBLE; list_add_tail(&mss->list, &msq->q_senders); |
|
1da177e4c
Linux-2.6.12-rc2
|
214 |
} |
|
5a06a363e
[PATCH] ipc/msg.c...
|
215 |
static inline void ss_del(struct msg_sender *mss) |
|
1da177e4c
Linux-2.6.12-rc2
|
216 |
{
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
217 |
if (mss->list.next != NULL) |
|
1da177e4c
Linux-2.6.12-rc2
|
218 219 |
list_del(&mss->list); } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
220 |
static void ss_wakeup(struct list_head *h, int kill) |
|
1da177e4c
Linux-2.6.12-rc2
|
221 |
{
|
41239fe82
ipc/msg.c: use li...
|
222 |
struct msg_sender *mss, *t; |
|
1da177e4c
Linux-2.6.12-rc2
|
223 |
|
|
41239fe82
ipc/msg.c: use li...
|
224 |
list_for_each_entry_safe(mss, t, h, list) {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
225 226 |
if (kill) mss->list.next = NULL; |
|
1da177e4c
Linux-2.6.12-rc2
|
227 228 229 |
wake_up_process(mss->tsk); } } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
230 |
static void expunge_all(struct msg_queue *msq, int res) |
|
1da177e4c
Linux-2.6.12-rc2
|
231 |
{
|
|
41239fe82
ipc/msg.c: use li...
|
232 |
struct msg_receiver *msr, *t; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
233 |
|
|
41239fe82
ipc/msg.c: use li...
|
234 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) {
|
|
1da177e4c
Linux-2.6.12-rc2
|
235 236 237 238 239 240 |
msr->r_msg = NULL; wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = ERR_PTR(res); } } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
241 242 243 |
/* * freeque() wakes up waiters on the sender and receiver waiting queue, |
|
f4566f048
ipc: fix wrong co...
|
244 245 |
* removes the message queue from message queue ID IDR, and cleans up all the * messages associated with this queue. |
|
1da177e4c
Linux-2.6.12-rc2
|
246 |
* |
|
3e148c799
fix idr_find() lo...
|
247 248 |
* msg_ids.rw_mutex (writer) and the spinlock for this message queue are held * before freeque() is called. msg_ids.rw_mutex remains locked on exit. |
|
1da177e4c
Linux-2.6.12-rc2
|
249 |
*/ |
|
01b8b07a5
IPC: consolidate ...
|
250 |
static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
|
1da177e4c
Linux-2.6.12-rc2
|
251 |
{
|
|
41239fe82
ipc/msg.c: use li...
|
252 |
struct msg_msg *msg, *t; |
|
01b8b07a5
IPC: consolidate ...
|
253 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
254 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
255 256 |
expunge_all(msq, -EIDRM); ss_wakeup(&msq->q_senders, 1); |
|
7ca7e564e
ipc: store ipcs i...
|
257 |
msg_rmid(ns, msq); |
|
1da177e4c
Linux-2.6.12-rc2
|
258 |
msg_unlock(msq); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
259 |
|
|
41239fe82
ipc/msg.c: use li...
|
260 |
list_for_each_entry_safe(msg, t, &msq->q_messages, m_list) {
|
|
3ac88a41f
virtualization of...
|
261 |
atomic_dec(&ns->msg_hdrs); |
|
1da177e4c
Linux-2.6.12-rc2
|
262 263 |
free_msg(msg); } |
|
3ac88a41f
virtualization of...
|
264 |
atomic_sub(msq->q_cbytes, &ns->msg_bytes); |
|
1da177e4c
Linux-2.6.12-rc2
|
265 266 267 |
security_msg_queue_free(msq); ipc_rcu_putref(msq); } |
|
f4566f048
ipc: fix wrong co...
|
268 |
/* |
|
3e148c799
fix idr_find() lo...
|
269 |
* Called with msg_ids.rw_mutex and ipcp locked. |
|
f4566f048
ipc: fix wrong co...
|
270 |
*/ |
|
03f02c765
Storing ipcs into...
|
271 |
static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) |
|
7748dbfaa
ipc: unify the sy...
|
272 |
{
|
|
03f02c765
Storing ipcs into...
|
273 274 275 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); return security_msg_queue_associate(msq, msgflg); |
|
7748dbfaa
ipc: unify the sy...
|
276 |
} |
e48fbb699
[CVE-2009-0029] S...
|
277 |
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg) |
|
1da177e4c
Linux-2.6.12-rc2
|
278 |
{
|
|
1e7869373
[PATCH] IPC names...
|
279 |
struct ipc_namespace *ns; |
|
7748dbfaa
ipc: unify the sy...
|
280 281 |
struct ipc_ops msg_ops; struct ipc_params msg_params; |
|
1e7869373
[PATCH] IPC names...
|
282 283 |
ns = current->nsproxy->ipc_ns; |
|
7ca7e564e
ipc: store ipcs i...
|
284 |
|
|
7748dbfaa
ipc: unify the sy...
|
285 286 287 288 289 290 |
msg_ops.getnew = newque; msg_ops.associate = msg_security; msg_ops.more_checks = NULL; msg_params.key = key; msg_params.flg = msgflg; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
291 |
|
|
7748dbfaa
ipc: unify the sy...
|
292 |
return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params); |
|
1da177e4c
Linux-2.6.12-rc2
|
293 |
} |
|
5a06a363e
[PATCH] ipc/msg.c...
|
294 295 |
static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) |
|
1da177e4c
Linux-2.6.12-rc2
|
296 297 298 |
{
switch(version) {
case IPC_64:
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
299 |
return copy_to_user(buf, in, sizeof(*in)); |
|
1da177e4c
Linux-2.6.12-rc2
|
300 |
case IPC_OLD: |
|
5a06a363e
[PATCH] ipc/msg.c...
|
301 |
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
302 |
struct msqid_ds out; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
303 |
memset(&out, 0, sizeof(out)); |
|
1da177e4c
Linux-2.6.12-rc2
|
304 305 306 307 308 309 |
ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); out.msg_stime = in->msg_stime; out.msg_rtime = in->msg_rtime; out.msg_ctime = in->msg_ctime; |
4be929be3
kernel-wide: repl...
|
310 311 |
if (in->msg_cbytes > USHRT_MAX) out.msg_cbytes = USHRT_MAX; |
|
1da177e4c
Linux-2.6.12-rc2
|
312 313 314 |
else out.msg_cbytes = in->msg_cbytes; out.msg_lcbytes = in->msg_cbytes; |
|
4be929be3
kernel-wide: repl...
|
315 316 |
if (in->msg_qnum > USHRT_MAX) out.msg_qnum = USHRT_MAX; |
|
1da177e4c
Linux-2.6.12-rc2
|
317 318 |
else out.msg_qnum = in->msg_qnum; |
|
4be929be3
kernel-wide: repl...
|
319 320 |
if (in->msg_qbytes > USHRT_MAX) out.msg_qbytes = USHRT_MAX; |
|
1da177e4c
Linux-2.6.12-rc2
|
321 322 323 324 325 326 |
else out.msg_qbytes = in->msg_qbytes; out.msg_lqbytes = in->msg_qbytes; out.msg_lspid = in->msg_lspid; out.msg_lrpid = in->msg_lrpid; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
327 328 |
return copy_to_user(buf, &out, sizeof(out)); } |
|
1da177e4c
Linux-2.6.12-rc2
|
329 330 331 332 |
default: return -EINVAL; } } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
333 |
static inline unsigned long |
|
016d7132f
IPC: get rid of t...
|
334 |
copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version) |
|
1da177e4c
Linux-2.6.12-rc2
|
335 336 337 |
{
switch(version) {
case IPC_64:
|
|
016d7132f
IPC: get rid of t...
|
338 |
if (copy_from_user(out, buf, sizeof(*out))) |
|
1da177e4c
Linux-2.6.12-rc2
|
339 |
return -EFAULT; |
|
1da177e4c
Linux-2.6.12-rc2
|
340 |
return 0; |
|
1da177e4c
Linux-2.6.12-rc2
|
341 |
case IPC_OLD: |
|
5a06a363e
[PATCH] ipc/msg.c...
|
342 |
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
343 |
struct msqid_ds tbuf_old; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
344 |
if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) |
|
1da177e4c
Linux-2.6.12-rc2
|
345 |
return -EFAULT; |
|
016d7132f
IPC: get rid of t...
|
346 347 348 |
out->msg_perm.uid = tbuf_old.msg_perm.uid; out->msg_perm.gid = tbuf_old.msg_perm.gid; out->msg_perm.mode = tbuf_old.msg_perm.mode; |
|
1da177e4c
Linux-2.6.12-rc2
|
349 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
350 |
if (tbuf_old.msg_qbytes == 0) |
|
016d7132f
IPC: get rid of t...
|
351 |
out->msg_qbytes = tbuf_old.msg_lqbytes; |
|
1da177e4c
Linux-2.6.12-rc2
|
352 |
else |
|
016d7132f
IPC: get rid of t...
|
353 |
out->msg_qbytes = tbuf_old.msg_qbytes; |
|
1da177e4c
Linux-2.6.12-rc2
|
354 355 |
return 0; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
356 |
} |
|
1da177e4c
Linux-2.6.12-rc2
|
357 358 359 360 |
default: return -EINVAL; } } |
|
a0d092fc2
IPC/message queue...
|
361 362 363 364 365 366 367 |
/* * This function handles some msgctl commands which require the rw_mutex * to be held in write mode. * NOTE: no locks must be held, the rw_mutex is taken inside this function. */ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, struct msqid_ds __user *buf, int version) |
|
1da177e4c
Linux-2.6.12-rc2
|
368 |
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
369 |
struct kern_ipc_perm *ipcp; |
f1970c48e
ipc: fix unused v...
|
370 |
struct msqid64_ds uninitialized_var(msqid64); |
|
a0d092fc2
IPC/message queue...
|
371 372 373 374 |
struct msg_queue *msq;
int err;
if (cmd == IPC_SET) {
|
|
016d7132f
IPC: get rid of t...
|
375 |
if (copy_msqid_from_user(&msqid64, buf, version)) |
|
a0d092fc2
IPC/message queue...
|
376 377 |
return -EFAULT; } |
|
7b4cc5d84
ipc: move locking...
|
378 379 |
down_write(&msg_ids(ns).rw_mutex); rcu_read_lock(); |
|
15724ecb7
ipc,msg: shorten ...
|
380 381 |
ipcp = ipcctl_pre_down_nolock(ns, &msg_ids(ns), msqid, cmd, &msqid64.msg_perm, msqid64.msg_qbytes); |
|
7b4cc5d84
ipc: move locking...
|
382 383 |
if (IS_ERR(ipcp)) {
err = PTR_ERR(ipcp);
|
|
7b4cc5d84
ipc: move locking...
|
384 385 |
goto out_unlock1; } |
|
a0d092fc2
IPC/message queue...
|
386 |
|
|
a5f75e7f2
IPC: consolidate ...
|
387 |
msq = container_of(ipcp, struct msg_queue, q_perm); |
|
a0d092fc2
IPC/message queue...
|
388 389 390 |
err = security_msg_queue_msgctl(msq, cmd); if (err) |
|
15724ecb7
ipc,msg: shorten ...
|
391 |
goto out_unlock1; |
|
a0d092fc2
IPC/message queue...
|
392 393 394 |
switch (cmd) {
case IPC_RMID:
|
|
15724ecb7
ipc,msg: shorten ...
|
395 |
ipc_lock_object(&msq->q_perm); |
|
7b4cc5d84
ipc: move locking...
|
396 |
/* freeque unlocks the ipc object and rcu */ |
|
a0d092fc2
IPC/message queue...
|
397 398 399 |
freeque(ns, ipcp); goto out_up; case IPC_SET: |
|
016d7132f
IPC: get rid of t...
|
400 |
if (msqid64.msg_qbytes > ns->msg_ctlmnb && |
|
a0d092fc2
IPC/message queue...
|
401 402 |
!capable(CAP_SYS_RESOURCE)) {
err = -EPERM;
|
|
15724ecb7
ipc,msg: shorten ...
|
403 |
goto out_unlock1; |
|
a0d092fc2
IPC/message queue...
|
404 |
} |
|
15724ecb7
ipc,msg: shorten ...
|
405 |
ipc_lock_object(&msq->q_perm); |
1efdb69b0
userns: Convert i...
|
406 407 |
err = ipc_update_perm(&msqid64.msg_perm, ipcp); if (err) |
|
7b4cc5d84
ipc: move locking...
|
408 |
goto out_unlock0; |
|
1efdb69b0
userns: Convert i...
|
409 |
|
|
016d7132f
IPC: get rid of t...
|
410 |
msq->q_qbytes = msqid64.msg_qbytes; |
|
a0d092fc2
IPC/message queue...
|
411 |
|
|
a0d092fc2
IPC/message queue...
|
412 413 414 415 416 417 418 419 420 421 422 423 |
msq->q_ctime = get_seconds(); /* sleeping receivers might be excluded by * stricter permissions. */ expunge_all(msq, -EAGAIN); /* sleeping senders might be able to send * due to a larger queue size. */ ss_wakeup(&msq->q_senders, 0); break; default: err = -EINVAL; |
|
15724ecb7
ipc,msg: shorten ...
|
424 |
goto out_unlock1; |
|
a0d092fc2
IPC/message queue...
|
425 |
} |
|
7b4cc5d84
ipc: move locking...
|
426 427 428 429 430 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
|
a0d092fc2
IPC/message queue...
|
431 432 433 434 |
out_up: up_write(&msg_ids(ns).rw_mutex); return err; } |
|
2cafed30f
ipc,msg: introduc...
|
435 436 |
static int msgctl_nolock(struct ipc_namespace *ns, int msqid, int cmd, int version, void __user *buf) |
|
a0d092fc2
IPC/message queue...
|
437 |
{
|
|
2cafed30f
ipc,msg: introduc...
|
438 |
int err; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
439 |
struct msg_queue *msq; |
|
1da177e4c
Linux-2.6.12-rc2
|
440 441 |
switch (cmd) {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
442 443 444 |
case IPC_INFO:
case MSG_INFO:
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
445 446 |
struct msginfo msginfo; int max_id; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
447 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
448 449 |
if (!buf) return -EFAULT; |
|
2cafed30f
ipc,msg: introduc...
|
450 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
451 452 |
/* * We must not return kernel stack data. |
|
1da177e4c
Linux-2.6.12-rc2
|
453 454 455 |
* due to padding, it's not enough * to set all member fields. */ |
|
1da177e4c
Linux-2.6.12-rc2
|
456 457 458 |
err = security_msg_queue_msgctl(NULL, cmd); if (err) return err; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
459 |
memset(&msginfo, 0, sizeof(msginfo)); |
|
1e7869373
[PATCH] IPC names...
|
460 461 462 |
msginfo.msgmni = ns->msg_ctlmni; msginfo.msgmax = ns->msg_ctlmax; msginfo.msgmnb = ns->msg_ctlmnb; |
|
1da177e4c
Linux-2.6.12-rc2
|
463 464 |
msginfo.msgssz = MSGSSZ; msginfo.msgseg = MSGSEG; |
|
3e148c799
fix idr_find() lo...
|
465 |
down_read(&msg_ids(ns).rw_mutex); |
|
1da177e4c
Linux-2.6.12-rc2
|
466 |
if (cmd == MSG_INFO) {
|
|
1e7869373
[PATCH] IPC names...
|
467 |
msginfo.msgpool = msg_ids(ns).in_use; |
|
3ac88a41f
virtualization of...
|
468 469 |
msginfo.msgmap = atomic_read(&ns->msg_hdrs); msginfo.msgtql = atomic_read(&ns->msg_bytes); |
|
1da177e4c
Linux-2.6.12-rc2
|
470 471 472 473 474 |
} else {
msginfo.msgmap = MSGMAP;
msginfo.msgpool = MSGPOOL;
msginfo.msgtql = MSGTQL;
}
|
|
7ca7e564e
ipc: store ipcs i...
|
475 |
max_id = ipc_get_maxid(&msg_ids(ns)); |
|
3e148c799
fix idr_find() lo...
|
476 |
up_read(&msg_ids(ns).rw_mutex); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
477 |
if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
|
1da177e4c
Linux-2.6.12-rc2
|
478 |
return -EFAULT; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
479 |
return (max_id < 0) ? 0 : max_id; |
|
1da177e4c
Linux-2.6.12-rc2
|
480 |
} |
|
2cafed30f
ipc,msg: introduc...
|
481 482 |
case MSG_STAT: |
|
1da177e4c
Linux-2.6.12-rc2
|
483 484 485 486 |
case IPC_STAT:
{
struct msqid64_ds tbuf;
int success_return;
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
487 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
488 489 |
if (!buf) return -EFAULT; |
|
1da177e4c
Linux-2.6.12-rc2
|
490 |
|
|
ac0ba20ea
ipc,msg: make msg...
|
491 492 493 |
memset(&tbuf, 0, sizeof(tbuf)); rcu_read_lock(); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
494 |
if (cmd == MSG_STAT) {
|
|
ac0ba20ea
ipc,msg: make msg...
|
495 496 497 498 499 |
msq = msq_obtain_object(ns, msqid);
if (IS_ERR(msq)) {
err = PTR_ERR(msq);
goto out_unlock;
}
|
|
7ca7e564e
ipc: store ipcs i...
|
500 |
success_return = msq->q_perm.id; |
|
1da177e4c
Linux-2.6.12-rc2
|
501 |
} else {
|
|
ac0ba20ea
ipc,msg: make msg...
|
502 503 504 505 506 |
msq = msq_obtain_object_check(ns, msqid);
if (IS_ERR(msq)) {
err = PTR_ERR(msq);
goto out_unlock;
}
|
|
1da177e4c
Linux-2.6.12-rc2
|
507 508 |
success_return = 0; } |
|
ac0ba20ea
ipc,msg: make msg...
|
509 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
510 |
err = -EACCES; |
b0e77598f
userns: user name...
|
511 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
|
1da177e4c
Linux-2.6.12-rc2
|
512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 |
goto out_unlock; err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm); tbuf.msg_stime = msq->q_stime; tbuf.msg_rtime = msq->q_rtime; tbuf.msg_ctime = msq->q_ctime; tbuf.msg_cbytes = msq->q_cbytes; tbuf.msg_qnum = msq->q_qnum; tbuf.msg_qbytes = msq->q_qbytes; tbuf.msg_lspid = msq->q_lspid; tbuf.msg_lrpid = msq->q_lrpid; |
|
ac0ba20ea
ipc,msg: make msg...
|
527 |
rcu_read_unlock(); |
|
1da177e4c
Linux-2.6.12-rc2
|
528 529 530 531 |
if (copy_msqid_to_user(buf, &tbuf, version)) return -EFAULT; return success_return; } |
|
2cafed30f
ipc,msg: introduc...
|
532 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
533 |
default: |
|
2cafed30f
ipc,msg: introduc...
|
534 |
return -EINVAL; |
|
1da177e4c
Linux-2.6.12-rc2
|
535 |
} |
|
2cafed30f
ipc,msg: introduc...
|
536 |
return err; |
|
1da177e4c
Linux-2.6.12-rc2
|
537 |
out_unlock: |
|
ac0ba20ea
ipc,msg: make msg...
|
538 |
rcu_read_unlock(); |
|
1da177e4c
Linux-2.6.12-rc2
|
539 540 |
return err; } |
|
2cafed30f
ipc,msg: introduc...
|
541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 |
SYSCALL_DEFINE3(msgctl, int, msqid, int, cmd, struct msqid_ds __user *, buf)
{
int version;
struct ipc_namespace *ns;
if (msqid < 0 || cmd < 0)
return -EINVAL;
version = ipc_parse_version(&cmd);
ns = current->nsproxy->ipc_ns;
switch (cmd) {
case IPC_INFO:
case MSG_INFO:
case MSG_STAT: /* msqid is an index rather than a msg queue id */
case IPC_STAT:
return msgctl_nolock(ns, msqid, cmd, version, buf);
case IPC_SET:
case IPC_RMID:
return msgctl_down(ns, msqid, cmd, buf, version);
default:
return -EINVAL;
}
}
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
565 |
static int testmsg(struct msg_msg *msg, long type, int mode) |
|
1da177e4c
Linux-2.6.12-rc2
|
566 567 568 569 |
{
switch(mode)
{
case SEARCH_ANY:
|
|
8ac6ed585
ipc: implement MS...
|
570 |
case SEARCH_NUMBER: |
|
1da177e4c
Linux-2.6.12-rc2
|
571 572 |
return 1; case SEARCH_LESSEQUAL: |
|
5a06a363e
[PATCH] ipc/msg.c...
|
573 |
if (msg->m_type <=type) |
|
1da177e4c
Linux-2.6.12-rc2
|
574 575 576 |
return 1; break; case SEARCH_EQUAL: |
|
5a06a363e
[PATCH] ipc/msg.c...
|
577 |
if (msg->m_type == type) |
|
1da177e4c
Linux-2.6.12-rc2
|
578 579 580 |
return 1; break; case SEARCH_NOTEQUAL: |
|
5a06a363e
[PATCH] ipc/msg.c...
|
581 |
if (msg->m_type != type) |
|
1da177e4c
Linux-2.6.12-rc2
|
582 583 584 585 586 |
return 1; break; } return 0; } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
587 |
static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg) |
|
1da177e4c
Linux-2.6.12-rc2
|
588 |
{
|
|
41239fe82
ipc/msg.c: use li...
|
589 |
struct msg_receiver *msr, *t; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
590 |
|
|
41239fe82
ipc/msg.c: use li...
|
591 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
592 593 594 |
if (testmsg(msg, msr->r_msgtype, msr->r_mode) &&
!security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
msr->r_msgtype, msr->r_mode)) {
|
|
1da177e4c
Linux-2.6.12-rc2
|
595 |
list_del(&msr->r_list); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
596 |
if (msr->r_maxsize < msg->m_ts) {
|
|
1da177e4c
Linux-2.6.12-rc2
|
597 598 599 600 601 602 |
msr->r_msg = NULL;
wake_up_process(msr->r_tsk);
smp_mb();
msr->r_msg = ERR_PTR(-E2BIG);
} else {
msr->r_msg = NULL;
|
|
b488893a3
pid namespaces: c...
|
603 |
msq->q_lrpid = task_pid_vnr(msr->r_tsk); |
|
1da177e4c
Linux-2.6.12-rc2
|
604 605 606 607 |
msq->q_rtime = get_seconds(); wake_up_process(msr->r_tsk); smp_mb(); msr->r_msg = msg; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
608 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
609 610 611 612 613 614 |
return 1; } } } return 0; } |
651971cb7
[PATCH] Fix the s...
|
615 616 |
long do_msgsnd(int msqid, long mtype, void __user *mtext, size_t msgsz, int msgflg) |
|
1da177e4c
Linux-2.6.12-rc2
|
617 618 619 |
{
struct msg_queue *msq;
struct msg_msg *msg;
|
|
1da177e4c
Linux-2.6.12-rc2
|
620 |
int err; |
|
1e7869373
[PATCH] IPC names...
|
621 622 623 |
struct ipc_namespace *ns; ns = current->nsproxy->ipc_ns; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
624 |
|
|
1e7869373
[PATCH] IPC names...
|
625 |
if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) |
|
1da177e4c
Linux-2.6.12-rc2
|
626 |
return -EINVAL; |
|
1da177e4c
Linux-2.6.12-rc2
|
627 628 |
if (mtype < 1) return -EINVAL; |
|
651971cb7
[PATCH] Fix the s...
|
629 |
msg = load_msg(mtext, msgsz); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
630 |
if (IS_ERR(msg)) |
|
1da177e4c
Linux-2.6.12-rc2
|
631 632 633 634 |
return PTR_ERR(msg); msg->m_type = mtype; msg->m_ts = msgsz; |
|
3dd1f784e
ipc,msg: shorten ...
|
635 636 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
|
023a53557
ipc: integrate ip...
|
637 638 |
if (IS_ERR(msq)) {
err = PTR_ERR(msq);
|
|
3dd1f784e
ipc,msg: shorten ...
|
639 |
goto out_unlock1; |
|
023a53557
ipc: integrate ip...
|
640 |
} |
|
1da177e4c
Linux-2.6.12-rc2
|
641 642 643 |
for (;;) {
struct msg_sender s;
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
644 |
err = -EACCES; |
|
b0e77598f
userns: user name...
|
645 |
if (ipcperms(ns, &msq->q_perm, S_IWUGO)) |
|
3dd1f784e
ipc,msg: shorten ...
|
646 |
goto out_unlock1; |
|
1da177e4c
Linux-2.6.12-rc2
|
647 648 649 |
err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) |
|
3dd1f784e
ipc,msg: shorten ...
|
650 |
goto out_unlock1; |
|
1da177e4c
Linux-2.6.12-rc2
|
651 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
652 |
if (msgsz + msq->q_cbytes <= msq->q_qbytes && |
|
1da177e4c
Linux-2.6.12-rc2
|
653 654 655 656 657 |
1 + msq->q_qnum <= msq->q_qbytes) {
break;
}
/* queue full, wait: */
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
658 659 |
if (msgflg & IPC_NOWAIT) {
err = -EAGAIN;
|
|
3dd1f784e
ipc,msg: shorten ...
|
660 |
goto out_unlock1; |
|
1da177e4c
Linux-2.6.12-rc2
|
661 |
} |
|
3dd1f784e
ipc,msg: shorten ...
|
662 663 |
ipc_lock_object(&msq->q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
664 |
ss_add(msq, &s); |
6062a8dc0
ipc,sem: fine gra...
|
665 666 667 |
if (!ipc_rcu_getref(msq)) {
err = -EIDRM;
|
|
3dd1f784e
ipc,msg: shorten ...
|
668 |
goto out_unlock0; |
|
6062a8dc0
ipc,sem: fine gra...
|
669 |
} |
|
3dd1f784e
ipc,msg: shorten ...
|
670 671 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
|
1da177e4c
Linux-2.6.12-rc2
|
672 |
schedule(); |
|
3dd1f784e
ipc,msg: shorten ...
|
673 674 |
rcu_read_lock(); ipc_lock_object(&msq->q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
675 676 677 |
ipc_rcu_putref(msq);
if (msq->q_perm.deleted) {
err = -EIDRM;
|
|
3dd1f784e
ipc,msg: shorten ...
|
678 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
679 |
} |
|
3dd1f784e
ipc,msg: shorten ...
|
680 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
681 |
ss_del(&s); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
682 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
683 |
if (signal_pending(current)) {
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
684 |
err = -ERESTARTNOHAND; |
|
3dd1f784e
ipc,msg: shorten ...
|
685 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
686 |
} |
|
3dd1f784e
ipc,msg: shorten ...
|
687 688 |
ipc_unlock_object(&msq->q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
689 |
} |
|
3dd1f784e
ipc,msg: shorten ...
|
690 |
ipc_lock_object(&msq->q_perm); |
|
b488893a3
pid namespaces: c...
|
691 |
msq->q_lspid = task_tgid_vnr(current); |
|
1da177e4c
Linux-2.6.12-rc2
|
692 |
msq->q_stime = get_seconds(); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
693 |
if (!pipelined_send(msq, msg)) {
|
25985edce
Fix common misspe...
|
694 |
/* no one is waiting for this message, enqueue it */ |
|
5a06a363e
[PATCH] ipc/msg.c...
|
695 |
list_add_tail(&msg->m_list, &msq->q_messages); |
|
1da177e4c
Linux-2.6.12-rc2
|
696 697 |
msq->q_cbytes += msgsz; msq->q_qnum++; |
|
3ac88a41f
virtualization of...
|
698 699 |
atomic_add(msgsz, &ns->msg_bytes); atomic_inc(&ns->msg_hdrs); |
|
1da177e4c
Linux-2.6.12-rc2
|
700 |
} |
|
5a06a363e
[PATCH] ipc/msg.c...
|
701 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
702 703 |
err = 0; msg = NULL; |
|
3dd1f784e
ipc,msg: shorten ...
|
704 705 706 707 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
708 |
if (msg != NULL) |
|
1da177e4c
Linux-2.6.12-rc2
|
709 710 711 |
free_msg(msg); return err; } |
|
e48fbb699
[CVE-2009-0029] S...
|
712 713 |
SYSCALL_DEFINE4(msgsnd, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, int, msgflg) |
|
651971cb7
[PATCH] Fix the s...
|
714 715 716 717 718 719 720 |
{
long mtype;
if (get_user(mtype, &msgp->mtype))
return -EFAULT;
return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg);
}
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
721 |
static inline int convert_mode(long *msgtyp, int msgflg) |
|
1da177e4c
Linux-2.6.12-rc2
|
722 |
{
|
|
8ac6ed585
ipc: implement MS...
|
723 724 |
if (msgflg & MSG_COPY) return SEARCH_NUMBER; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
725 |
/* |
|
1da177e4c
Linux-2.6.12-rc2
|
726 727 728 |
* find message of correct type. * msgtyp = 0 => get first. * msgtyp > 0 => get first message of matching type. |
|
5a06a363e
[PATCH] ipc/msg.c...
|
729 |
* msgtyp < 0 => get message with least type must be < abs(msgtype). |
|
1da177e4c
Linux-2.6.12-rc2
|
730 |
*/ |
|
5a06a363e
[PATCH] ipc/msg.c...
|
731 |
if (*msgtyp == 0) |
|
1da177e4c
Linux-2.6.12-rc2
|
732 |
return SEARCH_ANY; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
733 734 |
if (*msgtyp < 0) {
*msgtyp = -*msgtyp;
|
|
1da177e4c
Linux-2.6.12-rc2
|
735 736 |
return SEARCH_LESSEQUAL; } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
737 |
if (msgflg & MSG_EXCEPT) |
|
1da177e4c
Linux-2.6.12-rc2
|
738 739 740 |
return SEARCH_NOTEQUAL; return SEARCH_EQUAL; } |
f9dd87f47
ipc: message queu...
|
741 742 743 744 745 746 747 748 749 750 751 752 753 |
static long do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
{
struct msgbuf __user *msgp = dest;
size_t msgsz;
if (put_user(msg->m_type, &msgp->mtype))
return -EFAULT;
msgsz = (bufsz > msg->m_ts) ? msg->m_ts : bufsz;
if (store_msg(msgp->mtext, msg, msgsz))
return -EFAULT;
return msgsz;
}
|
|
4a674f34b
ipc: introduce me...
|
754 |
#ifdef CONFIG_CHECKPOINT_RESTORE |
|
3fcfe7865
ipc: add more com...
|
755 756 757 758 |
/* * This function creates new kernel message structure, large enough to store * bufsz message bytes. */ |
|
8ac6ed585
ipc: implement MS...
|
759 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
|
4a674f34b
ipc: introduce me...
|
760 761 |
{
struct msg_msg *copy;
|
|
4a674f34b
ipc: introduce me...
|
762 763 764 765 766 767 768 769 |
/* * Create dummy message to copy real message to. */ copy = load_msg(buf, bufsz); if (!IS_ERR(copy)) copy->m_ts = bufsz; return copy; } |
|
85398aa8d
ipc: simplify fre...
|
770 |
static inline void free_copy(struct msg_msg *copy) |
|
4a674f34b
ipc: introduce me...
|
771 |
{
|
|
85398aa8d
ipc: simplify fre...
|
772 |
if (copy) |
|
4a674f34b
ipc: introduce me...
|
773 774 775 |
free_msg(copy); } #else |
|
8ac6ed585
ipc: implement MS...
|
776 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
|
b30efe277
ipc: convert prep...
|
777 778 779 |
{
return ERR_PTR(-ENOSYS);
}
|
|
85398aa8d
ipc: simplify fre...
|
780 781 782 |
static inline void free_copy(struct msg_msg *copy)
{
}
|
|
4a674f34b
ipc: introduce me...
|
783 |
#endif |
|
daaf74cf0
ipc: refactor msg...
|
784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 |
static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode)
{
struct msg_msg *msg;
long count = 0;
list_for_each_entry(msg, &msq->q_messages, m_list) {
if (testmsg(msg, *msgtyp, mode) &&
!security_msg_queue_msgrcv(msq, msg, current,
*msgtyp, mode)) {
if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
*msgtyp = msg->m_type - 1;
} else if (mode == SEARCH_NUMBER) {
if (*msgtyp == count)
return msg;
} else
return msg;
count++;
}
}
return ERR_PTR(-EAGAIN);
}
|
|
41a0d523d
ipc,msg: shorten ...
|
806 |
long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg, |
|
f9dd87f47
ipc: message queu...
|
807 |
long (*msg_handler)(void __user *, struct msg_msg *, size_t)) |
|
1da177e4c
Linux-2.6.12-rc2
|
808 |
{
|
|
1da177e4c
Linux-2.6.12-rc2
|
809 |
int mode; |
|
41a0d523d
ipc,msg: shorten ...
|
810 |
struct msg_queue *msq; |
|
1e7869373
[PATCH] IPC names...
|
811 |
struct ipc_namespace *ns; |
|
41a0d523d
ipc,msg: shorten ...
|
812 |
struct msg_msg *msg, *copy = NULL; |
|
1da177e4c
Linux-2.6.12-rc2
|
813 |
|
|
88b9e456b
ipc: don't alloca...
|
814 |
ns = current->nsproxy->ipc_ns; |
|
f9dd87f47
ipc: message queu...
|
815 |
if (msqid < 0 || (long) bufsz < 0) |
|
1da177e4c
Linux-2.6.12-rc2
|
816 |
return -EINVAL; |
|
41a0d523d
ipc,msg: shorten ...
|
817 |
|
|
4a674f34b
ipc: introduce me...
|
818 |
if (msgflg & MSG_COPY) {
|
|
8ac6ed585
ipc: implement MS...
|
819 |
copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax)); |
|
4a674f34b
ipc: introduce me...
|
820 821 822 |
if (IS_ERR(copy)) return PTR_ERR(copy); } |
|
5a06a363e
[PATCH] ipc/msg.c...
|
823 |
mode = convert_mode(&msgtyp, msgflg); |
|
1da177e4c
Linux-2.6.12-rc2
|
824 |
|
|
41a0d523d
ipc,msg: shorten ...
|
825 826 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
|
4a674f34b
ipc: introduce me...
|
827 |
if (IS_ERR(msq)) {
|
|
41a0d523d
ipc,msg: shorten ...
|
828 |
rcu_read_unlock(); |
|
85398aa8d
ipc: simplify fre...
|
829 |
free_copy(copy); |
|
023a53557
ipc: integrate ip...
|
830 |
return PTR_ERR(msq); |
|
4a674f34b
ipc: introduce me...
|
831 |
} |
|
1da177e4c
Linux-2.6.12-rc2
|
832 833 834 |
for (;;) {
struct msg_receiver msr_d;
|
|
1da177e4c
Linux-2.6.12-rc2
|
835 836 |
msg = ERR_PTR(-EACCES); |
|
b0e77598f
userns: user name...
|
837 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
|
41a0d523d
ipc,msg: shorten ...
|
838 |
goto out_unlock1; |
|
1da177e4c
Linux-2.6.12-rc2
|
839 |
|
|
41a0d523d
ipc,msg: shorten ...
|
840 |
ipc_lock_object(&msq->q_perm); |
|
daaf74cf0
ipc: refactor msg...
|
841 |
msg = find_msg(msq, &msgtyp, mode); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
842 843 844 845 846 |
if (!IS_ERR(msg)) {
/*
* Found a suitable message.
* Unlink it from the queue.
*/
|
|
f9dd87f47
ipc: message queu...
|
847 |
if ((bufsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) {
|
|
1da177e4c
Linux-2.6.12-rc2
|
848 |
msg = ERR_PTR(-E2BIG); |
|
41a0d523d
ipc,msg: shorten ...
|
849 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
850 |
} |
|
3fcfe7865
ipc: add more com...
|
851 852 853 854 |
/* * If we are copying, then do not unlink message and do * not update queue parameters. */ |
|
852028af8
ipc: remove msg h...
|
855 856 |
if (msgflg & MSG_COPY) {
msg = copy_msg(msg, copy);
|
|
41a0d523d
ipc,msg: shorten ...
|
857 |
goto out_unlock0; |
|
852028af8
ipc: remove msg h...
|
858 |
} |
|
41a0d523d
ipc,msg: shorten ...
|
859 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
860 861 862 |
list_del(&msg->m_list); msq->q_qnum--; msq->q_rtime = get_seconds(); |
|
b488893a3
pid namespaces: c...
|
863 |
msq->q_lrpid = task_tgid_vnr(current); |
|
1da177e4c
Linux-2.6.12-rc2
|
864 |
msq->q_cbytes -= msg->m_ts; |
|
3ac88a41f
virtualization of...
|
865 866 |
atomic_sub(msg->m_ts, &ns->msg_bytes); atomic_dec(&ns->msg_hdrs); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
867 |
ss_wakeup(&msq->q_senders, 0); |
|
41a0d523d
ipc,msg: shorten ...
|
868 869 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
870 |
} |
|
41a0d523d
ipc,msg: shorten ...
|
871 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
872 873 874 |
/* No message waiting. Wait for a message */
if (msgflg & IPC_NOWAIT) {
msg = ERR_PTR(-ENOMSG);
|
|
41a0d523d
ipc,msg: shorten ...
|
875 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
876 |
} |
|
41a0d523d
ipc,msg: shorten ...
|
877 |
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
878 |
list_add_tail(&msr_d.r_list, &msq->q_receivers); |
|
1da177e4c
Linux-2.6.12-rc2
|
879 880 881 |
msr_d.r_tsk = current; msr_d.r_msgtype = msgtyp; msr_d.r_mode = mode; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
882 |
if (msgflg & MSG_NOERROR) |
|
1da177e4c
Linux-2.6.12-rc2
|
883 |
msr_d.r_maxsize = INT_MAX; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
884 |
else |
|
f9dd87f47
ipc: message queu...
|
885 |
msr_d.r_maxsize = bufsz; |
|
1da177e4c
Linux-2.6.12-rc2
|
886 887 |
msr_d.r_msg = ERR_PTR(-EAGAIN); current->state = TASK_INTERRUPTIBLE; |
|
1da177e4c
Linux-2.6.12-rc2
|
888 |
|
|
41a0d523d
ipc,msg: shorten ...
|
889 890 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
|
1da177e4c
Linux-2.6.12-rc2
|
891 892 893 894 895 896 |
schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue * and getting a reference would defeat the idea of a lockless * operation, thus the code relies on rcu to guarantee the |
|
25985edce
Fix common misspe...
|
897 |
* existence of msq: |
|
1da177e4c
Linux-2.6.12-rc2
|
898 899 900 |
* Prior to destruction, expunge_all(-EIRDM) changes r_msg. * Thus if r_msg is -EAGAIN, then the queue not yet destroyed. * rcu_read_lock() prevents preemption between reading r_msg |
|
41a0d523d
ipc,msg: shorten ...
|
901 |
* and acquiring the q_perm.lock in ipc_lock_object(). |
|
1da177e4c
Linux-2.6.12-rc2
|
902 903 904 905 906 907 908 909 |
*/ rcu_read_lock(); /* Lockless receive, part 2: * Wait until pipelined_send or expunge_all are outside of * wake_up_process(). There is a race with exit(), see * ipc/mqueue.c for the details. */ |
|
5a06a363e
[PATCH] ipc/msg.c...
|
910 |
msg = (struct msg_msg*)msr_d.r_msg; |
|
1da177e4c
Linux-2.6.12-rc2
|
911 912 |
while (msg == NULL) {
cpu_relax();
|
|
5a06a363e
[PATCH] ipc/msg.c...
|
913 |
msg = (struct msg_msg *)msr_d.r_msg; |
|
1da177e4c
Linux-2.6.12-rc2
|
914 915 916 917 918 919 |
} /* Lockless receive, part 3: * If there is a message or an error then accept it without * locking. */ |
|
41a0d523d
ipc,msg: shorten ...
|
920 921 |
if (msg != ERR_PTR(-EAGAIN)) goto out_unlock1; |
|
1da177e4c
Linux-2.6.12-rc2
|
922 923 924 925 |
/* Lockless receive, part 3: * Acquire the queue spinlock. */ |
|
41a0d523d
ipc,msg: shorten ...
|
926 |
ipc_lock_object(&msq->q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
927 928 929 930 931 |
/* Lockless receive, part 4: * Repeat test after acquiring the spinlock. */ msg = (struct msg_msg*)msr_d.r_msg; |
|
5a06a363e
[PATCH] ipc/msg.c...
|
932 |
if (msg != ERR_PTR(-EAGAIN)) |
|
41a0d523d
ipc,msg: shorten ...
|
933 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
934 935 936 937 |
list_del(&msr_d.r_list);
if (signal_pending(current)) {
msg = ERR_PTR(-ERESTARTNOHAND);
|
|
41a0d523d
ipc,msg: shorten ...
|
938 |
goto out_unlock0; |
|
1da177e4c
Linux-2.6.12-rc2
|
939 |
} |
|
41a0d523d
ipc,msg: shorten ...
|
940 941 |
ipc_unlock_object(&msq->q_perm); |
|
1da177e4c
Linux-2.6.12-rc2
|
942 |
} |
|
41a0d523d
ipc,msg: shorten ...
|
943 944 945 946 947 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
|
4a674f34b
ipc: introduce me...
|
948 |
if (IS_ERR(msg)) {
|
|
85398aa8d
ipc: simplify fre...
|
949 |
free_copy(copy); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
950 |
return PTR_ERR(msg); |
|
4a674f34b
ipc: introduce me...
|
951 |
} |
|
1da177e4c
Linux-2.6.12-rc2
|
952 |
|
|
f9dd87f47
ipc: message queu...
|
953 |
bufsz = msg_handler(buf, msg, bufsz); |
|
1da177e4c
Linux-2.6.12-rc2
|
954 |
free_msg(msg); |
|
5a06a363e
[PATCH] ipc/msg.c...
|
955 |
|
|
f9dd87f47
ipc: message queu...
|
956 |
return bufsz; |
|
1da177e4c
Linux-2.6.12-rc2
|
957 |
} |
|
e48fbb699
[CVE-2009-0029] S...
|
958 959 |
SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, long, msgtyp, int, msgflg) |
|
651971cb7
[PATCH] Fix the s...
|
960 |
{
|
|
f9dd87f47
ipc: message queu...
|
961 |
return do_msgrcv(msqid, msgp, msgsz, msgtyp, msgflg, do_msg_fill); |
|
651971cb7
[PATCH] Fix the s...
|
962 |
} |
|
1da177e4c
Linux-2.6.12-rc2
|
963 |
#ifdef CONFIG_PROC_FS |
|
19b4946ca
[PATCH] ipc: conv...
|
964 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it) |
|
1da177e4c
Linux-2.6.12-rc2
|
965 |
{
|
|
1efdb69b0
userns: Convert i...
|
966 |
struct user_namespace *user_ns = seq_user_ns(s); |
|
19b4946ca
[PATCH] ipc: conv...
|
967 968 969 |
struct msg_queue *msq = it; return seq_printf(s, |
|
5a06a363e
[PATCH] ipc/msg.c...
|
970 971 972 |
"%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu ", msq->q_perm.key, |
|
7ca7e564e
ipc: store ipcs i...
|
973 |
msq->q_perm.id, |
|
5a06a363e
[PATCH] ipc/msg.c...
|
974 975 976 977 978 |
msq->q_perm.mode, msq->q_cbytes, msq->q_qnum, msq->q_lspid, msq->q_lrpid, |
|
1efdb69b0
userns: Convert i...
|
979 980 981 982 |
from_kuid_munged(user_ns, msq->q_perm.uid), from_kgid_munged(user_ns, msq->q_perm.gid), from_kuid_munged(user_ns, msq->q_perm.cuid), from_kgid_munged(user_ns, msq->q_perm.cgid), |
|
5a06a363e
[PATCH] ipc/msg.c...
|
983 984 985 |
msq->q_stime, msq->q_rtime, msq->q_ctime); |
|
1da177e4c
Linux-2.6.12-rc2
|
986 987 |
} #endif |