Blame view
ipc/msg.c
23.3 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 |
/* * linux/ipc/msg.c |
5a06a363e [PATCH] ipc/msg.c... |
3 |
* Copyright (C) 1992 Krishna Balasubramanian |
1da177e4c Linux-2.6.12-rc2 |
4 5 6 7 8 9 10 11 12 13 14 |
* * Removed all the remaining kerneld mess * Catch the -EFAULT stuff properly * Use GFP_KERNEL for messages as in 1.2 * Fixed up the unchecked user space derefs * Copyright (C) 1998 Alan Cox & Andi Kleen * * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com> * * mostly rewritten, threaded and wake-one semantics added * MSGMAX limit removed, sysctl's added |
624dffcbc correct email add... |
15 |
* (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
073115d6b [PATCH] Rework of... |
16 17 18 |
* * support for audit of ipc object properties and permission changes * Dustin Kirkland <dustin.kirkland@us.ibm.com> |
1e7869373 [PATCH] IPC names... |
19 20 21 22 |
* * namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <xemul@openvz.org> |
1da177e4c Linux-2.6.12-rc2 |
23 |
*/ |
c59ede7b7 [PATCH] move capa... |
24 |
#include <linux/capability.h> |
1da177e4c Linux-2.6.12-rc2 |
25 26 27 |
#include <linux/msg.h> #include <linux/spinlock.h> #include <linux/init.h> |
f7bf3df8b ipc: scale msgmni... |
28 |
#include <linux/mm.h> |
1da177e4c Linux-2.6.12-rc2 |
29 30 31 32 33 34 |
#include <linux/proc_fs.h> #include <linux/list.h> #include <linux/security.h> #include <linux/sched.h> #include <linux/syscalls.h> #include <linux/audit.h> |
19b4946ca [PATCH] ipc: conv... |
35 |
#include <linux/seq_file.h> |
3e148c799 fix idr_find() lo... |
36 |
#include <linux/rwsem.h> |
1e7869373 [PATCH] IPC names... |
37 |
#include <linux/nsproxy.h> |
ae5e1b22f namespaces: move ... |
38 |
#include <linux/ipc_namespace.h> |
5f921ae96 [PATCH] sem2mutex... |
39 |
|
1da177e4c Linux-2.6.12-rc2 |
40 |
#include <asm/current.h> |
7153e4027 ipc, kernel: use ... |
41 |
#include <linux/uaccess.h> |
1da177e4c Linux-2.6.12-rc2 |
42 |
#include "util.h" |
4bb6657dd ipc,msg: document... |
43 |
/* one msg_receiver structure for each sleeping receiver */ |
1da177e4c Linux-2.6.12-rc2 |
44 |
struct msg_receiver { |
5a06a363e [PATCH] ipc/msg.c... |
45 46 |
struct list_head r_list; struct task_struct *r_tsk; |
1da177e4c Linux-2.6.12-rc2 |
47 |
|
5a06a363e [PATCH] ipc/msg.c... |
48 49 50 |
int r_mode; long r_msgtype; long r_maxsize; |
1da177e4c Linux-2.6.12-rc2 |
51 |
|
ee51636ca ipc/msg: implemen... |
52 |
struct msg_msg *r_msg; |
1da177e4c Linux-2.6.12-rc2 |
53 54 55 56 |
}; /* one msg_sender for each sleeping sender */ struct msg_sender { |
5a06a363e [PATCH] ipc/msg.c... |
57 58 |
struct list_head list; struct task_struct *tsk; |
ed27f9122 ipc/msg: avoid wa... |
59 |
size_t msgsz; |
1da177e4c Linux-2.6.12-rc2 |
60 61 62 63 64 65 |
}; #define SEARCH_ANY 1 #define SEARCH_EQUAL 2 #define SEARCH_NOTEQUAL 3 #define SEARCH_LESSEQUAL 4 |
8ac6ed585 ipc: implement MS... |
66 |
#define SEARCH_NUMBER 5 |
1da177e4c Linux-2.6.12-rc2 |
67 |
|
ed2ddbf88 IPC: make struct ... |
68 |
#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS]) |
1da177e4c Linux-2.6.12-rc2 |
69 |
|
a5001a0d9 ipc,msg: introduc... |
70 71 |
static inline struct msg_queue *msq_obtain_object(struct ipc_namespace *ns, int id) { |
55b7ae501 ipc: rename ipc_o... |
72 |
struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&msg_ids(ns), id); |
a5001a0d9 ipc,msg: introduc... |
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
if (IS_ERR(ipcp)) return ERR_CAST(ipcp); return container_of(ipcp, struct msg_queue, q_perm); } static inline struct msg_queue *msq_obtain_object_check(struct ipc_namespace *ns, int id) { struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&msg_ids(ns), id); if (IS_ERR(ipcp)) return ERR_CAST(ipcp); return container_of(ipcp, struct msg_queue, q_perm); } |
7ca7e564e ipc: store ipcs i... |
90 91 92 93 |
static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s) { ipc_rmid(&msg_ids(ns), &s->q_perm); } |
53dad6d3a ipc: fix race wit... |
94 95 96 97 98 99 100 101 |
static void msg_rcu_free(struct rcu_head *head) { struct ipc_rcu *p = container_of(head, struct ipc_rcu, rcu); struct msg_queue *msq = ipc_rcu_to_struct(p); security_msg_queue_free(msq); ipc_rcu_free(head); } |
f4566f048 ipc: fix wrong co... |
102 103 104 105 106 |
/** * newque - Create a new msg queue * @ns: namespace * @params: ptr to the structure that contains the key and msgflg * |
d9a605e40 ipc: rename ids->... |
107 |
* Called with msg_ids.rwsem held (writer) |
f4566f048 ipc: fix wrong co... |
108 |
*/ |
7748dbfaa ipc: unify the sy... |
109 |
static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
1da177e4c Linux-2.6.12-rc2 |
110 |
{ |
1da177e4c Linux-2.6.12-rc2 |
111 |
struct msg_queue *msq; |
5a06a363e [PATCH] ipc/msg.c... |
112 |
int id, retval; |
7748dbfaa ipc: unify the sy... |
113 114 |
key_t key = params->key; int msgflg = params->flg; |
1da177e4c Linux-2.6.12-rc2 |
115 |
|
5a06a363e [PATCH] ipc/msg.c... |
116 117 |
msq = ipc_rcu_alloc(sizeof(*msq)); if (!msq) |
1da177e4c Linux-2.6.12-rc2 |
118 |
return -ENOMEM; |
5a06a363e [PATCH] ipc/msg.c... |
119 |
msq->q_perm.mode = msgflg & S_IRWXUGO; |
1da177e4c Linux-2.6.12-rc2 |
120 121 122 123 124 |
msq->q_perm.key = key; msq->q_perm.security = NULL; retval = security_msg_queue_alloc(msq); if (retval) { |
53dad6d3a ipc: fix race wit... |
125 |
ipc_rcu_putref(msq, ipc_rcu_free); |
1da177e4c Linux-2.6.12-rc2 |
126 127 |
return retval; } |
1da177e4c Linux-2.6.12-rc2 |
128 129 130 |
msq->q_stime = msq->q_rtime = 0; msq->q_ctime = get_seconds(); msq->q_cbytes = msq->q_qnum = 0; |
1e7869373 [PATCH] IPC names... |
131 |
msq->q_qbytes = ns->msg_ctlmnb; |
1da177e4c Linux-2.6.12-rc2 |
132 133 134 135 |
msq->q_lspid = msq->q_lrpid = 0; INIT_LIST_HEAD(&msq->q_messages); INIT_LIST_HEAD(&msq->q_receivers); INIT_LIST_HEAD(&msq->q_senders); |
7ca7e564e ipc: store ipcs i... |
136 |
|
b9a532277 Initialize msg/sh... |
137 138 139 140 141 142 |
/* ipc_addid() locks msq upon success. */ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); if (id < 0) { ipc_rcu_putref(msq, msg_rcu_free); return id; } |
cf9d5d78d ipc: close open c... |
143 |
ipc_unlock_object(&msq->q_perm); |
dbfcd91f0 ipc: move rcu loc... |
144 |
rcu_read_unlock(); |
1da177e4c Linux-2.6.12-rc2 |
145 |
|
7ca7e564e ipc: store ipcs i... |
146 |
return msq->q_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
147 |
} |
ed27f9122 ipc/msg: avoid wa... |
148 149 150 151 152 153 154 155 |
static inline bool msg_fits_inqueue(struct msg_queue *msq, size_t msgsz) { return msgsz + msq->q_cbytes <= msq->q_qbytes && 1 + msq->q_qnum <= msq->q_qbytes; } static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss, size_t msgsz) |
1da177e4c Linux-2.6.12-rc2 |
156 |
{ |
5a06a363e [PATCH] ipc/msg.c... |
157 |
mss->tsk = current; |
ed27f9122 ipc/msg: avoid wa... |
158 |
mss->msgsz = msgsz; |
f75a2f358 ipc,msg: use curr... |
159 |
__set_current_state(TASK_INTERRUPTIBLE); |
5a06a363e [PATCH] ipc/msg.c... |
160 |
list_add_tail(&mss->list, &msq->q_senders); |
1da177e4c Linux-2.6.12-rc2 |
161 |
} |
5a06a363e [PATCH] ipc/msg.c... |
162 |
static inline void ss_del(struct msg_sender *mss) |
1da177e4c Linux-2.6.12-rc2 |
163 |
{ |
ed27f9122 ipc/msg: avoid wa... |
164 |
if (mss->list.next) |
1da177e4c Linux-2.6.12-rc2 |
165 166 |
list_del(&mss->list); } |
ed27f9122 ipc/msg: avoid wa... |
167 |
static void ss_wakeup(struct msg_queue *msq, |
d0d6a2a95 ipc/msg: make ss_... |
168 |
struct wake_q_head *wake_q, bool kill) |
1da177e4c Linux-2.6.12-rc2 |
169 |
{ |
41239fe82 ipc/msg.c: use li... |
170 |
struct msg_sender *mss, *t; |
ed27f9122 ipc/msg: avoid wa... |
171 172 |
struct task_struct *stop_tsk = NULL; struct list_head *h = &msq->q_senders; |
1da177e4c Linux-2.6.12-rc2 |
173 |
|
41239fe82 ipc/msg.c: use li... |
174 |
list_for_each_entry_safe(mss, t, h, list) { |
5a06a363e [PATCH] ipc/msg.c... |
175 176 |
if (kill) mss->list.next = NULL; |
ed27f9122 ipc/msg: avoid wa... |
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
/* * Stop at the first task we don't wakeup, * we've already iterated the original * sender queue. */ else if (stop_tsk == mss->tsk) break; /* * We are not in an EIDRM scenario here, therefore * verify that we really need to wakeup the task. * To maintain current semantics and wakeup order, * move the sender to the tail on behalf of the * blocked task. */ else if (!msg_fits_inqueue(msq, mss->msgsz)) { if (!stop_tsk) stop_tsk = mss->tsk; list_move_tail(&mss->list, &msq->q_senders); continue; } |
e3658538b ipc/msg: batch qu... |
199 |
wake_q_add(wake_q, mss->tsk); |
1da177e4c Linux-2.6.12-rc2 |
200 201 |
} } |
ee51636ca ipc/msg: implemen... |
202 203 |
static void expunge_all(struct msg_queue *msq, int res, struct wake_q_head *wake_q) |
1da177e4c Linux-2.6.12-rc2 |
204 |
{ |
41239fe82 ipc/msg.c: use li... |
205 |
struct msg_receiver *msr, *t; |
5a06a363e [PATCH] ipc/msg.c... |
206 |
|
41239fe82 ipc/msg.c: use li... |
207 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) { |
ee51636ca ipc/msg: implemen... |
208 209 |
wake_q_add(wake_q, msr->r_tsk); WRITE_ONCE(msr->r_msg, ERR_PTR(res)); |
1da177e4c Linux-2.6.12-rc2 |
210 211 |
} } |
5a06a363e [PATCH] ipc/msg.c... |
212 213 214 |
/* * freeque() wakes up waiters on the sender and receiver waiting queue, |
f4566f048 ipc: fix wrong co... |
215 216 |
* removes the message queue from message queue ID IDR, and cleans up all the * messages associated with this queue. |
1da177e4c Linux-2.6.12-rc2 |
217 |
* |
d9a605e40 ipc: rename ids->... |
218 219 |
* msg_ids.rwsem (writer) and the spinlock for this message queue are held * before freeque() is called. msg_ids.rwsem remains locked on exit. |
1da177e4c Linux-2.6.12-rc2 |
220 |
*/ |
01b8b07a5 IPC: consolidate ... |
221 |
static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
1da177e4c Linux-2.6.12-rc2 |
222 |
{ |
41239fe82 ipc/msg.c: use li... |
223 |
struct msg_msg *msg, *t; |
01b8b07a5 IPC: consolidate ... |
224 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); |
ee51636ca ipc/msg: implemen... |
225 |
WAKE_Q(wake_q); |
1da177e4c Linux-2.6.12-rc2 |
226 |
|
ee51636ca ipc/msg: implemen... |
227 |
expunge_all(msq, -EIDRM, &wake_q); |
ed27f9122 ipc/msg: avoid wa... |
228 |
ss_wakeup(msq, &wake_q, true); |
7ca7e564e ipc: store ipcs i... |
229 |
msg_rmid(ns, msq); |
4718787d1 ipc,msg: drop msg... |
230 |
ipc_unlock_object(&msq->q_perm); |
ee51636ca ipc/msg: implemen... |
231 |
wake_up_q(&wake_q); |
4718787d1 ipc,msg: drop msg... |
232 |
rcu_read_unlock(); |
5a06a363e [PATCH] ipc/msg.c... |
233 |
|
41239fe82 ipc/msg.c: use li... |
234 |
list_for_each_entry_safe(msg, t, &msq->q_messages, m_list) { |
3ac88a41f virtualization of... |
235 |
atomic_dec(&ns->msg_hdrs); |
1da177e4c Linux-2.6.12-rc2 |
236 237 |
free_msg(msg); } |
3ac88a41f virtualization of... |
238 |
atomic_sub(msq->q_cbytes, &ns->msg_bytes); |
53dad6d3a ipc: fix race wit... |
239 |
ipc_rcu_putref(msq, msg_rcu_free); |
1da177e4c Linux-2.6.12-rc2 |
240 |
} |
f4566f048 ipc: fix wrong co... |
241 |
/* |
d9a605e40 ipc: rename ids->... |
242 |
* Called with msg_ids.rwsem and ipcp locked. |
f4566f048 ipc: fix wrong co... |
243 |
*/ |
03f02c765 Storing ipcs into... |
244 |
static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) |
7748dbfaa ipc: unify the sy... |
245 |
{ |
03f02c765 Storing ipcs into... |
246 247 248 |
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm); return security_msg_queue_associate(msq, msgflg); |
7748dbfaa ipc: unify the sy... |
249 |
} |
e48fbb699 [CVE-2009-0029] S... |
250 |
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg) |
1da177e4c Linux-2.6.12-rc2 |
251 |
{ |
1e7869373 [PATCH] IPC names... |
252 |
struct ipc_namespace *ns; |
eb66ec44f ipc: constify ipc... |
253 254 255 256 |
static const struct ipc_ops msg_ops = { .getnew = newque, .associate = msg_security, }; |
7748dbfaa ipc: unify the sy... |
257 |
struct ipc_params msg_params; |
1e7869373 [PATCH] IPC names... |
258 259 |
ns = current->nsproxy->ipc_ns; |
7ca7e564e ipc: store ipcs i... |
260 |
|
7748dbfaa ipc: unify the sy... |
261 262 |
msg_params.key = key; msg_params.flg = msgflg; |
5a06a363e [PATCH] ipc/msg.c... |
263 |
|
7748dbfaa ipc: unify the sy... |
264 |
return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params); |
1da177e4c Linux-2.6.12-rc2 |
265 |
} |
5a06a363e [PATCH] ipc/msg.c... |
266 267 |
static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) |
1da177e4c Linux-2.6.12-rc2 |
268 |
{ |
239521f31 ipc: whitespace c... |
269 |
switch (version) { |
1da177e4c Linux-2.6.12-rc2 |
270 |
case IPC_64: |
5a06a363e [PATCH] ipc/msg.c... |
271 |
return copy_to_user(buf, in, sizeof(*in)); |
1da177e4c Linux-2.6.12-rc2 |
272 |
case IPC_OLD: |
5a06a363e [PATCH] ipc/msg.c... |
273 |
{ |
1da177e4c Linux-2.6.12-rc2 |
274 |
struct msqid_ds out; |
5a06a363e [PATCH] ipc/msg.c... |
275 |
memset(&out, 0, sizeof(out)); |
1da177e4c Linux-2.6.12-rc2 |
276 277 278 279 280 281 |
ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); out.msg_stime = in->msg_stime; out.msg_rtime = in->msg_rtime; out.msg_ctime = in->msg_ctime; |
4be929be3 kernel-wide: repl... |
282 283 |
if (in->msg_cbytes > USHRT_MAX) out.msg_cbytes = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
284 285 286 |
else out.msg_cbytes = in->msg_cbytes; out.msg_lcbytes = in->msg_cbytes; |
4be929be3 kernel-wide: repl... |
287 288 |
if (in->msg_qnum > USHRT_MAX) out.msg_qnum = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
289 290 |
else out.msg_qnum = in->msg_qnum; |
4be929be3 kernel-wide: repl... |
291 292 |
if (in->msg_qbytes > USHRT_MAX) out.msg_qbytes = USHRT_MAX; |
1da177e4c Linux-2.6.12-rc2 |
293 294 295 296 297 298 |
else out.msg_qbytes = in->msg_qbytes; out.msg_lqbytes = in->msg_qbytes; out.msg_lspid = in->msg_lspid; out.msg_lrpid = in->msg_lrpid; |
5a06a363e [PATCH] ipc/msg.c... |
299 300 |
return copy_to_user(buf, &out, sizeof(out)); } |
1da177e4c Linux-2.6.12-rc2 |
301 302 303 304 |
default: return -EINVAL; } } |
5a06a363e [PATCH] ipc/msg.c... |
305 |
static inline unsigned long |
016d7132f IPC: get rid of t... |
306 |
copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
307 |
{ |
239521f31 ipc: whitespace c... |
308 |
switch (version) { |
1da177e4c Linux-2.6.12-rc2 |
309 |
case IPC_64: |
016d7132f IPC: get rid of t... |
310 |
if (copy_from_user(out, buf, sizeof(*out))) |
1da177e4c Linux-2.6.12-rc2 |
311 |
return -EFAULT; |
1da177e4c Linux-2.6.12-rc2 |
312 |
return 0; |
1da177e4c Linux-2.6.12-rc2 |
313 |
case IPC_OLD: |
5a06a363e [PATCH] ipc/msg.c... |
314 |
{ |
1da177e4c Linux-2.6.12-rc2 |
315 |
struct msqid_ds tbuf_old; |
5a06a363e [PATCH] ipc/msg.c... |
316 |
if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) |
1da177e4c Linux-2.6.12-rc2 |
317 |
return -EFAULT; |
239521f31 ipc: whitespace c... |
318 319 320 |
out->msg_perm.uid = tbuf_old.msg_perm.uid; out->msg_perm.gid = tbuf_old.msg_perm.gid; out->msg_perm.mode = tbuf_old.msg_perm.mode; |
1da177e4c Linux-2.6.12-rc2 |
321 |
|
5a06a363e [PATCH] ipc/msg.c... |
322 |
if (tbuf_old.msg_qbytes == 0) |
016d7132f IPC: get rid of t... |
323 |
out->msg_qbytes = tbuf_old.msg_lqbytes; |
1da177e4c Linux-2.6.12-rc2 |
324 |
else |
016d7132f IPC: get rid of t... |
325 |
out->msg_qbytes = tbuf_old.msg_qbytes; |
1da177e4c Linux-2.6.12-rc2 |
326 327 |
return 0; |
5a06a363e [PATCH] ipc/msg.c... |
328 |
} |
1da177e4c Linux-2.6.12-rc2 |
329 330 331 332 |
default: return -EINVAL; } } |
a0d092fc2 IPC/message queue... |
333 |
/* |
d9a605e40 ipc: rename ids->... |
334 |
* This function handles some msgctl commands which require the rwsem |
a0d092fc2 IPC/message queue... |
335 |
* to be held in write mode. |
d9a605e40 ipc: rename ids->... |
336 |
* NOTE: no locks must be held, the rwsem is taken inside this function. |
a0d092fc2 IPC/message queue... |
337 338 339 |
*/ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, struct msqid_ds __user *buf, int version) |
1da177e4c Linux-2.6.12-rc2 |
340 |
{ |
1da177e4c Linux-2.6.12-rc2 |
341 |
struct kern_ipc_perm *ipcp; |
f1970c48e ipc: fix unused v... |
342 |
struct msqid64_ds uninitialized_var(msqid64); |
a0d092fc2 IPC/message queue... |
343 344 345 346 |
struct msg_queue *msq; int err; if (cmd == IPC_SET) { |
016d7132f IPC: get rid of t... |
347 |
if (copy_msqid_from_user(&msqid64, buf, version)) |
a0d092fc2 IPC/message queue... |
348 349 |
return -EFAULT; } |
d9a605e40 ipc: rename ids->... |
350 |
down_write(&msg_ids(ns).rwsem); |
7b4cc5d84 ipc: move locking... |
351 |
rcu_read_lock(); |
15724ecb7 ipc,msg: shorten ... |
352 353 |
ipcp = ipcctl_pre_down_nolock(ns, &msg_ids(ns), msqid, cmd, &msqid64.msg_perm, msqid64.msg_qbytes); |
7b4cc5d84 ipc: move locking... |
354 355 |
if (IS_ERR(ipcp)) { err = PTR_ERR(ipcp); |
7b4cc5d84 ipc: move locking... |
356 357 |
goto out_unlock1; } |
a0d092fc2 IPC/message queue... |
358 |
|
a5f75e7f2 IPC: consolidate ... |
359 |
msq = container_of(ipcp, struct msg_queue, q_perm); |
a0d092fc2 IPC/message queue... |
360 361 362 |
err = security_msg_queue_msgctl(msq, cmd); if (err) |
15724ecb7 ipc,msg: shorten ... |
363 |
goto out_unlock1; |
a0d092fc2 IPC/message queue... |
364 365 366 |
switch (cmd) { case IPC_RMID: |
15724ecb7 ipc,msg: shorten ... |
367 |
ipc_lock_object(&msq->q_perm); |
7b4cc5d84 ipc: move locking... |
368 |
/* freeque unlocks the ipc object and rcu */ |
a0d092fc2 IPC/message queue... |
369 370 371 |
freeque(ns, ipcp); goto out_up; case IPC_SET: |
e3658538b ipc/msg: batch qu... |
372 373 |
{ WAKE_Q(wake_q); |
016d7132f IPC: get rid of t... |
374 |
if (msqid64.msg_qbytes > ns->msg_ctlmnb && |
a0d092fc2 IPC/message queue... |
375 376 |
!capable(CAP_SYS_RESOURCE)) { err = -EPERM; |
15724ecb7 ipc,msg: shorten ... |
377 |
goto out_unlock1; |
a0d092fc2 IPC/message queue... |
378 |
} |
15724ecb7 ipc,msg: shorten ... |
379 |
ipc_lock_object(&msq->q_perm); |
1efdb69b0 userns: Convert i... |
380 381 |
err = ipc_update_perm(&msqid64.msg_perm, ipcp); if (err) |
7b4cc5d84 ipc: move locking... |
382 |
goto out_unlock0; |
1efdb69b0 userns: Convert i... |
383 |
|
016d7132f IPC: get rid of t... |
384 |
msq->q_qbytes = msqid64.msg_qbytes; |
a0d092fc2 IPC/message queue... |
385 |
|
a0d092fc2 IPC/message queue... |
386 |
msq->q_ctime = get_seconds(); |
e3658538b ipc/msg: batch qu... |
387 388 |
/* * Sleeping receivers might be excluded by |
a0d092fc2 IPC/message queue... |
389 390 |
* stricter permissions. */ |
ee51636ca ipc/msg: implemen... |
391 |
expunge_all(msq, -EAGAIN, &wake_q); |
e3658538b ipc/msg: batch qu... |
392 393 |
/* * Sleeping senders might be able to send |
a0d092fc2 IPC/message queue... |
394 395 |
* due to a larger queue size. */ |
ed27f9122 ipc/msg: avoid wa... |
396 |
ss_wakeup(msq, &wake_q, false); |
e3658538b ipc/msg: batch qu... |
397 398 399 400 401 |
ipc_unlock_object(&msq->q_perm); wake_up_q(&wake_q); goto out_unlock1; } |
a0d092fc2 IPC/message queue... |
402 403 |
default: err = -EINVAL; |
15724ecb7 ipc,msg: shorten ... |
404 |
goto out_unlock1; |
a0d092fc2 IPC/message queue... |
405 |
} |
7b4cc5d84 ipc: move locking... |
406 407 408 409 410 |
out_unlock0: ipc_unlock_object(&msq->q_perm); out_unlock1: rcu_read_unlock(); |
a0d092fc2 IPC/message queue... |
411 |
out_up: |
d9a605e40 ipc: rename ids->... |
412 |
up_write(&msg_ids(ns).rwsem); |
a0d092fc2 IPC/message queue... |
413 414 |
return err; } |
2cafed30f ipc,msg: introduc... |
415 416 |
static int msgctl_nolock(struct ipc_namespace *ns, int msqid, int cmd, int version, void __user *buf) |
a0d092fc2 IPC/message queue... |
417 |
{ |
2cafed30f ipc,msg: introduc... |
418 |
int err; |
5a06a363e [PATCH] ipc/msg.c... |
419 |
struct msg_queue *msq; |
1da177e4c Linux-2.6.12-rc2 |
420 421 |
switch (cmd) { |
5a06a363e [PATCH] ipc/msg.c... |
422 423 424 |
case IPC_INFO: case MSG_INFO: { |
1da177e4c Linux-2.6.12-rc2 |
425 426 |
struct msginfo msginfo; int max_id; |
5a06a363e [PATCH] ipc/msg.c... |
427 |
|
1da177e4c Linux-2.6.12-rc2 |
428 429 |
if (!buf) return -EFAULT; |
2cafed30f ipc,msg: introduc... |
430 |
|
5a06a363e [PATCH] ipc/msg.c... |
431 432 |
/* * We must not return kernel stack data. |
1da177e4c Linux-2.6.12-rc2 |
433 434 435 |
* due to padding, it's not enough * to set all member fields. */ |
1da177e4c Linux-2.6.12-rc2 |
436 437 438 |
err = security_msg_queue_msgctl(NULL, cmd); if (err) return err; |
5a06a363e [PATCH] ipc/msg.c... |
439 |
memset(&msginfo, 0, sizeof(msginfo)); |
1e7869373 [PATCH] IPC names... |
440 441 442 |
msginfo.msgmni = ns->msg_ctlmni; msginfo.msgmax = ns->msg_ctlmax; msginfo.msgmnb = ns->msg_ctlmnb; |
1da177e4c Linux-2.6.12-rc2 |
443 444 |
msginfo.msgssz = MSGSSZ; msginfo.msgseg = MSGSEG; |
d9a605e40 ipc: rename ids->... |
445 |
down_read(&msg_ids(ns).rwsem); |
1da177e4c Linux-2.6.12-rc2 |
446 |
if (cmd == MSG_INFO) { |
1e7869373 [PATCH] IPC names... |
447 |
msginfo.msgpool = msg_ids(ns).in_use; |
3ac88a41f virtualization of... |
448 449 |
msginfo.msgmap = atomic_read(&ns->msg_hdrs); msginfo.msgtql = atomic_read(&ns->msg_bytes); |
1da177e4c Linux-2.6.12-rc2 |
450 451 452 453 454 |
} else { msginfo.msgmap = MSGMAP; msginfo.msgpool = MSGPOOL; msginfo.msgtql = MSGTQL; } |
7ca7e564e ipc: store ipcs i... |
455 |
max_id = ipc_get_maxid(&msg_ids(ns)); |
d9a605e40 ipc: rename ids->... |
456 |
up_read(&msg_ids(ns).rwsem); |
5a06a363e [PATCH] ipc/msg.c... |
457 |
if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
1da177e4c Linux-2.6.12-rc2 |
458 |
return -EFAULT; |
5a06a363e [PATCH] ipc/msg.c... |
459 |
return (max_id < 0) ? 0 : max_id; |
1da177e4c Linux-2.6.12-rc2 |
460 |
} |
2cafed30f ipc,msg: introduc... |
461 462 |
case MSG_STAT: |
1da177e4c Linux-2.6.12-rc2 |
463 464 465 466 |
case IPC_STAT: { struct msqid64_ds tbuf; int success_return; |
5a06a363e [PATCH] ipc/msg.c... |
467 |
|
1da177e4c Linux-2.6.12-rc2 |
468 469 |
if (!buf) return -EFAULT; |
1da177e4c Linux-2.6.12-rc2 |
470 |
|
ac0ba20ea ipc,msg: make msg... |
471 472 473 |
memset(&tbuf, 0, sizeof(tbuf)); rcu_read_lock(); |
5a06a363e [PATCH] ipc/msg.c... |
474 |
if (cmd == MSG_STAT) { |
ac0ba20ea ipc,msg: make msg... |
475 476 477 478 479 |
msq = msq_obtain_object(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_unlock; } |
7ca7e564e ipc: store ipcs i... |
480 |
success_return = msq->q_perm.id; |
1da177e4c Linux-2.6.12-rc2 |
481 |
} else { |
ac0ba20ea ipc,msg: make msg... |
482 483 484 485 486 |
msq = msq_obtain_object_check(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_unlock; } |
1da177e4c Linux-2.6.12-rc2 |
487 488 |
success_return = 0; } |
ac0ba20ea ipc,msg: make msg... |
489 |
|
1da177e4c Linux-2.6.12-rc2 |
490 |
err = -EACCES; |
b0e77598f userns: user name... |
491 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
1da177e4c Linux-2.6.12-rc2 |
492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 |
goto out_unlock; err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm); tbuf.msg_stime = msq->q_stime; tbuf.msg_rtime = msq->q_rtime; tbuf.msg_ctime = msq->q_ctime; tbuf.msg_cbytes = msq->q_cbytes; tbuf.msg_qnum = msq->q_qnum; tbuf.msg_qbytes = msq->q_qbytes; tbuf.msg_lspid = msq->q_lspid; tbuf.msg_lrpid = msq->q_lrpid; |
ac0ba20ea ipc,msg: make msg... |
507 |
rcu_read_unlock(); |
1da177e4c Linux-2.6.12-rc2 |
508 509 510 511 |
if (copy_msqid_to_user(buf, &tbuf, version)) return -EFAULT; return success_return; } |
2cafed30f ipc,msg: introduc... |
512 |
|
1da177e4c Linux-2.6.12-rc2 |
513 |
default: |
2cafed30f ipc,msg: introduc... |
514 |
return -EINVAL; |
1da177e4c Linux-2.6.12-rc2 |
515 |
} |
2cafed30f ipc,msg: introduc... |
516 |
return err; |
1da177e4c Linux-2.6.12-rc2 |
517 |
out_unlock: |
ac0ba20ea ipc,msg: make msg... |
518 |
rcu_read_unlock(); |
1da177e4c Linux-2.6.12-rc2 |
519 520 |
return err; } |
2cafed30f ipc,msg: introduc... |
521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 |
SYSCALL_DEFINE3(msgctl, int, msqid, int, cmd, struct msqid_ds __user *, buf) { int version; struct ipc_namespace *ns; if (msqid < 0 || cmd < 0) return -EINVAL; version = ipc_parse_version(&cmd); ns = current->nsproxy->ipc_ns; switch (cmd) { case IPC_INFO: case MSG_INFO: case MSG_STAT: /* msqid is an index rather than a msg queue id */ case IPC_STAT: return msgctl_nolock(ns, msqid, cmd, version, buf); case IPC_SET: case IPC_RMID: return msgctl_down(ns, msqid, cmd, buf, version); default: return -EINVAL; } } |
5a06a363e [PATCH] ipc/msg.c... |
545 |
static int testmsg(struct msg_msg *msg, long type, int mode) |
1da177e4c Linux-2.6.12-rc2 |
546 |
{ |
46c0a8ca3 ipc, kernel: clea... |
547 548 549 550 551 552 553 554 555 556 |
switch (mode) { case SEARCH_ANY: case SEARCH_NUMBER: return 1; case SEARCH_LESSEQUAL: if (msg->m_type <= type) return 1; break; case SEARCH_EQUAL: if (msg->m_type == type) |
1da177e4c Linux-2.6.12-rc2 |
557 |
return 1; |
46c0a8ca3 ipc, kernel: clea... |
558 559 560 561 562 |
break; case SEARCH_NOTEQUAL: if (msg->m_type != type) return 1; break; |
1da177e4c Linux-2.6.12-rc2 |
563 564 565 |
} return 0; } |
ee51636ca ipc/msg: implemen... |
566 567 |
static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg, struct wake_q_head *wake_q) |
1da177e4c Linux-2.6.12-rc2 |
568 |
{ |
41239fe82 ipc/msg.c: use li... |
569 |
struct msg_receiver *msr, *t; |
5a06a363e [PATCH] ipc/msg.c... |
570 |
|
41239fe82 ipc/msg.c: use li... |
571 |
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) { |
5a06a363e [PATCH] ipc/msg.c... |
572 573 574 |
if (testmsg(msg, msr->r_msgtype, msr->r_mode) && !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { |
1da177e4c Linux-2.6.12-rc2 |
575 |
list_del(&msr->r_list); |
5a06a363e [PATCH] ipc/msg.c... |
576 |
if (msr->r_maxsize < msg->m_ts) { |
ee51636ca ipc/msg: implemen... |
577 578 |
wake_q_add(wake_q, msr->r_tsk); WRITE_ONCE(msr->r_msg, ERR_PTR(-E2BIG)); |
1da177e4c Linux-2.6.12-rc2 |
579 |
} else { |
b488893a3 pid namespaces: c... |
580 |
msq->q_lrpid = task_pid_vnr(msr->r_tsk); |
1da177e4c Linux-2.6.12-rc2 |
581 |
msq->q_rtime = get_seconds(); |
5a06a363e [PATCH] ipc/msg.c... |
582 |
|
ee51636ca ipc/msg: implemen... |
583 584 |
wake_q_add(wake_q, msr->r_tsk); WRITE_ONCE(msr->r_msg, msg); |
1da177e4c Linux-2.6.12-rc2 |
585 586 587 588 |
return 1; } } } |
ffa571daf ipc,msg: document... |
589 |
|
1da177e4c Linux-2.6.12-rc2 |
590 591 |
return 0; } |
651971cb7 [PATCH] Fix the s... |
592 593 |
long do_msgsnd(int msqid, long mtype, void __user *mtext, size_t msgsz, int msgflg) |
1da177e4c Linux-2.6.12-rc2 |
594 595 596 |
{ struct msg_queue *msq; struct msg_msg *msg; |
1da177e4c Linux-2.6.12-rc2 |
597 |
int err; |
1e7869373 [PATCH] IPC names... |
598 |
struct ipc_namespace *ns; |
ee51636ca ipc/msg: implemen... |
599 |
WAKE_Q(wake_q); |
1e7869373 [PATCH] IPC names... |
600 601 |
ns = current->nsproxy->ipc_ns; |
5a06a363e [PATCH] ipc/msg.c... |
602 |
|
1e7869373 [PATCH] IPC names... |
603 |
if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) |
1da177e4c Linux-2.6.12-rc2 |
604 |
return -EINVAL; |
1da177e4c Linux-2.6.12-rc2 |
605 606 |
if (mtype < 1) return -EINVAL; |
651971cb7 [PATCH] Fix the s... |
607 |
msg = load_msg(mtext, msgsz); |
5a06a363e [PATCH] ipc/msg.c... |
608 |
if (IS_ERR(msg)) |
1da177e4c Linux-2.6.12-rc2 |
609 610 611 612 |
return PTR_ERR(msg); msg->m_type = mtype; msg->m_ts = msgsz; |
3dd1f784e ipc,msg: shorten ... |
613 614 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
023a53557 ipc: integrate ip... |
615 616 |
if (IS_ERR(msq)) { err = PTR_ERR(msq); |
3dd1f784e ipc,msg: shorten ... |
617 |
goto out_unlock1; |
023a53557 ipc: integrate ip... |
618 |
} |
1da177e4c Linux-2.6.12-rc2 |
619 |
|
bebcb928c ipc/msg.c: Fix lo... |
620 |
ipc_lock_object(&msq->q_perm); |
1da177e4c Linux-2.6.12-rc2 |
621 622 |
for (;;) { struct msg_sender s; |
5a06a363e [PATCH] ipc/msg.c... |
623 |
err = -EACCES; |
b0e77598f userns: user name... |
624 |
if (ipcperms(ns, &msq->q_perm, S_IWUGO)) |
bebcb928c ipc/msg.c: Fix lo... |
625 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
626 |
|
4271b05a2 ipc,msg: prevent ... |
627 |
/* raced with RMID? */ |
0f3d2b013 ipc: introduce ip... |
628 |
if (!ipc_valid_object(&msq->q_perm)) { |
4271b05a2 ipc,msg: prevent ... |
629 630 631 |
err = -EIDRM; goto out_unlock0; } |
1da177e4c Linux-2.6.12-rc2 |
632 633 |
err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) |
bebcb928c ipc/msg.c: Fix lo... |
634 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
635 |
|
ed27f9122 ipc/msg: avoid wa... |
636 |
if (msg_fits_inqueue(msq, msgsz)) |
1da177e4c Linux-2.6.12-rc2 |
637 |
break; |
1da177e4c Linux-2.6.12-rc2 |
638 639 |
/* queue full, wait: */ |
5a06a363e [PATCH] ipc/msg.c... |
640 641 |
if (msgflg & IPC_NOWAIT) { err = -EAGAIN; |
bebcb928c ipc/msg.c: Fix lo... |
642 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
643 |
} |
3dd1f784e ipc,msg: shorten ... |
644 |
|
ffa571daf ipc,msg: document... |
645 |
/* enqueue the sender and prepare to block */ |
ed27f9122 ipc/msg: avoid wa... |
646 |
ss_add(msq, &s, msgsz); |
6062a8dc0 ipc,sem: fine gra... |
647 648 649 |
if (!ipc_rcu_getref(msq)) { err = -EIDRM; |
3dd1f784e ipc,msg: shorten ... |
650 |
goto out_unlock0; |
6062a8dc0 ipc,sem: fine gra... |
651 |
} |
3dd1f784e ipc,msg: shorten ... |
652 653 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
1da177e4c Linux-2.6.12-rc2 |
654 |
schedule(); |
3dd1f784e ipc,msg: shorten ... |
655 656 |
rcu_read_lock(); ipc_lock_object(&msq->q_perm); |
9b24fef9f sysv, ipc: fix se... |
657 |
ipc_rcu_putref(msq, msg_rcu_free); |
0f3d2b013 ipc: introduce ip... |
658 659 |
/* raced with RMID? */ if (!ipc_valid_object(&msq->q_perm)) { |
1da177e4c Linux-2.6.12-rc2 |
660 |
err = -EIDRM; |
3dd1f784e ipc,msg: shorten ... |
661 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
662 663 |
} ss_del(&s); |
5a06a363e [PATCH] ipc/msg.c... |
664 |
|
1da177e4c Linux-2.6.12-rc2 |
665 |
if (signal_pending(current)) { |
5a06a363e [PATCH] ipc/msg.c... |
666 |
err = -ERESTARTNOHAND; |
3dd1f784e ipc,msg: shorten ... |
667 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
668 |
} |
3dd1f784e ipc,msg: shorten ... |
669 |
|
1da177e4c Linux-2.6.12-rc2 |
670 |
} |
ed27f9122 ipc/msg: avoid wa... |
671 |
|
b488893a3 pid namespaces: c... |
672 |
msq->q_lspid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
673 |
msq->q_stime = get_seconds(); |
ee51636ca ipc/msg: implemen... |
674 |
if (!pipelined_send(msq, msg, &wake_q)) { |
25985edce Fix common misspe... |
675 |
/* no one is waiting for this message, enqueue it */ |
5a06a363e [PATCH] ipc/msg.c... |
676 |
list_add_tail(&msg->m_list, &msq->q_messages); |
1da177e4c Linux-2.6.12-rc2 |
677 678 |
msq->q_cbytes += msgsz; msq->q_qnum++; |
3ac88a41f virtualization of... |
679 680 |
atomic_add(msgsz, &ns->msg_bytes); atomic_inc(&ns->msg_hdrs); |
1da177e4c Linux-2.6.12-rc2 |
681 |
} |
5a06a363e [PATCH] ipc/msg.c... |
682 |
|
1da177e4c Linux-2.6.12-rc2 |
683 684 |
err = 0; msg = NULL; |
3dd1f784e ipc,msg: shorten ... |
685 686 |
out_unlock0: ipc_unlock_object(&msq->q_perm); |
ee51636ca ipc/msg: implemen... |
687 |
wake_up_q(&wake_q); |
3dd1f784e ipc,msg: shorten ... |
688 689 |
out_unlock1: rcu_read_unlock(); |
5a06a363e [PATCH] ipc/msg.c... |
690 |
if (msg != NULL) |
1da177e4c Linux-2.6.12-rc2 |
691 692 693 |
free_msg(msg); return err; } |
e48fbb699 [CVE-2009-0029] S... |
694 695 |
SYSCALL_DEFINE4(msgsnd, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, int, msgflg) |
651971cb7 [PATCH] Fix the s... |
696 697 698 699 700 701 702 |
{ long mtype; if (get_user(mtype, &msgp->mtype)) return -EFAULT; return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg); } |
5a06a363e [PATCH] ipc/msg.c... |
703 |
static inline int convert_mode(long *msgtyp, int msgflg) |
1da177e4c Linux-2.6.12-rc2 |
704 |
{ |
8ac6ed585 ipc: implement MS... |
705 706 |
if (msgflg & MSG_COPY) return SEARCH_NUMBER; |
5a06a363e [PATCH] ipc/msg.c... |
707 |
/* |
1da177e4c Linux-2.6.12-rc2 |
708 709 710 |
* find message of correct type. * msgtyp = 0 => get first. * msgtyp > 0 => get first message of matching type. |
5a06a363e [PATCH] ipc/msg.c... |
711 |
* msgtyp < 0 => get message with least type must be < abs(msgtype). |
1da177e4c Linux-2.6.12-rc2 |
712 |
*/ |
5a06a363e [PATCH] ipc/msg.c... |
713 |
if (*msgtyp == 0) |
1da177e4c Linux-2.6.12-rc2 |
714 |
return SEARCH_ANY; |
5a06a363e [PATCH] ipc/msg.c... |
715 716 |
if (*msgtyp < 0) { *msgtyp = -*msgtyp; |
1da177e4c Linux-2.6.12-rc2 |
717 718 |
return SEARCH_LESSEQUAL; } |
5a06a363e [PATCH] ipc/msg.c... |
719 |
if (msgflg & MSG_EXCEPT) |
1da177e4c Linux-2.6.12-rc2 |
720 721 722 |
return SEARCH_NOTEQUAL; return SEARCH_EQUAL; } |
f9dd87f47 ipc: message queu... |
723 724 725 726 727 728 729 730 731 732 733 734 735 |
static long do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz) { struct msgbuf __user *msgp = dest; size_t msgsz; if (put_user(msg->m_type, &msgp->mtype)) return -EFAULT; msgsz = (bufsz > msg->m_ts) ? msg->m_ts : bufsz; if (store_msg(msgp->mtext, msg, msgsz)) return -EFAULT; return msgsz; } |
4a674f34b ipc: introduce me... |
736 |
#ifdef CONFIG_CHECKPOINT_RESTORE |
3fcfe7865 ipc: add more com... |
737 738 739 740 |
/* * This function creates new kernel message structure, large enough to store * bufsz message bytes. */ |
8ac6ed585 ipc: implement MS... |
741 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
4a674f34b ipc: introduce me... |
742 743 |
{ struct msg_msg *copy; |
4a674f34b ipc: introduce me... |
744 745 746 747 748 749 750 751 |
/* * Create dummy message to copy real message to. */ copy = load_msg(buf, bufsz); if (!IS_ERR(copy)) copy->m_ts = bufsz; return copy; } |
85398aa8d ipc: simplify fre... |
752 |
static inline void free_copy(struct msg_msg *copy) |
4a674f34b ipc: introduce me... |
753 |
{ |
85398aa8d ipc: simplify fre... |
754 |
if (copy) |
4a674f34b ipc: introduce me... |
755 756 757 |
free_msg(copy); } #else |
8ac6ed585 ipc: implement MS... |
758 |
static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz) |
b30efe277 ipc: convert prep... |
759 760 761 |
{ return ERR_PTR(-ENOSYS); } |
85398aa8d ipc: simplify fre... |
762 763 764 |
static inline void free_copy(struct msg_msg *copy) { } |
4a674f34b ipc: introduce me... |
765 |
#endif |
daaf74cf0 ipc: refactor msg... |
766 767 |
static struct msg_msg *find_msg(struct msg_queue *msq, long *msgtyp, int mode) { |
368ae537e IPC: bugfix for m... |
768 |
struct msg_msg *msg, *found = NULL; |
daaf74cf0 ipc: refactor msg... |
769 770 771 772 773 774 775 776 |
long count = 0; list_for_each_entry(msg, &msq->q_messages, m_list) { if (testmsg(msg, *msgtyp, mode) && !security_msg_queue_msgrcv(msq, msg, current, *msgtyp, mode)) { if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) { *msgtyp = msg->m_type - 1; |
368ae537e IPC: bugfix for m... |
777 |
found = msg; |
daaf74cf0 ipc: refactor msg... |
778 779 780 781 782 783 784 785 |
} else if (mode == SEARCH_NUMBER) { if (*msgtyp == count) return msg; } else return msg; count++; } } |
368ae537e IPC: bugfix for m... |
786 |
return found ?: ERR_PTR(-EAGAIN); |
daaf74cf0 ipc: refactor msg... |
787 |
} |
41a0d523d ipc,msg: shorten ... |
788 |
long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, int msgflg, |
f9dd87f47 ipc: message queu... |
789 |
long (*msg_handler)(void __user *, struct msg_msg *, size_t)) |
1da177e4c Linux-2.6.12-rc2 |
790 |
{ |
1da177e4c Linux-2.6.12-rc2 |
791 |
int mode; |
41a0d523d ipc,msg: shorten ... |
792 |
struct msg_queue *msq; |
1e7869373 [PATCH] IPC names... |
793 |
struct ipc_namespace *ns; |
41a0d523d ipc,msg: shorten ... |
794 |
struct msg_msg *msg, *copy = NULL; |
e3658538b ipc/msg: batch qu... |
795 |
WAKE_Q(wake_q); |
1da177e4c Linux-2.6.12-rc2 |
796 |
|
88b9e456b ipc: don't alloca... |
797 |
ns = current->nsproxy->ipc_ns; |
f9dd87f47 ipc: message queu... |
798 |
if (msqid < 0 || (long) bufsz < 0) |
1da177e4c Linux-2.6.12-rc2 |
799 |
return -EINVAL; |
41a0d523d ipc,msg: shorten ... |
800 |
|
4a674f34b ipc: introduce me... |
801 |
if (msgflg & MSG_COPY) { |
4f87dac38 ipc: Fix 2 bugs i... |
802 803 |
if ((msgflg & MSG_EXCEPT) || !(msgflg & IPC_NOWAIT)) return -EINVAL; |
8ac6ed585 ipc: implement MS... |
804 |
copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax)); |
4a674f34b ipc: introduce me... |
805 806 807 |
if (IS_ERR(copy)) return PTR_ERR(copy); } |
5a06a363e [PATCH] ipc/msg.c... |
808 |
mode = convert_mode(&msgtyp, msgflg); |
1da177e4c Linux-2.6.12-rc2 |
809 |
|
41a0d523d ipc,msg: shorten ... |
810 811 |
rcu_read_lock(); msq = msq_obtain_object_check(ns, msqid); |
4a674f34b ipc: introduce me... |
812 |
if (IS_ERR(msq)) { |
41a0d523d ipc,msg: shorten ... |
813 |
rcu_read_unlock(); |
85398aa8d ipc: simplify fre... |
814 |
free_copy(copy); |
023a53557 ipc: integrate ip... |
815 |
return PTR_ERR(msq); |
4a674f34b ipc: introduce me... |
816 |
} |
1da177e4c Linux-2.6.12-rc2 |
817 818 819 |
for (;;) { struct msg_receiver msr_d; |
1da177e4c Linux-2.6.12-rc2 |
820 821 |
msg = ERR_PTR(-EACCES); |
b0e77598f userns: user name... |
822 |
if (ipcperms(ns, &msq->q_perm, S_IRUGO)) |
41a0d523d ipc,msg: shorten ... |
823 |
goto out_unlock1; |
1da177e4c Linux-2.6.12-rc2 |
824 |
|
41a0d523d ipc,msg: shorten ... |
825 |
ipc_lock_object(&msq->q_perm); |
4271b05a2 ipc,msg: prevent ... |
826 827 |
/* raced with RMID? */ |
0f3d2b013 ipc: introduce ip... |
828 |
if (!ipc_valid_object(&msq->q_perm)) { |
4271b05a2 ipc,msg: prevent ... |
829 830 831 |
msg = ERR_PTR(-EIDRM); goto out_unlock0; } |
daaf74cf0 ipc: refactor msg... |
832 |
msg = find_msg(msq, &msgtyp, mode); |
5a06a363e [PATCH] ipc/msg.c... |
833 834 835 836 837 |
if (!IS_ERR(msg)) { /* * Found a suitable message. * Unlink it from the queue. */ |
f9dd87f47 ipc: message queu... |
838 |
if ((bufsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) { |
1da177e4c Linux-2.6.12-rc2 |
839 |
msg = ERR_PTR(-E2BIG); |
41a0d523d ipc,msg: shorten ... |
840 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
841 |
} |
3fcfe7865 ipc: add more com... |
842 843 844 845 |
/* * If we are copying, then do not unlink message and do * not update queue parameters. */ |
852028af8 ipc: remove msg h... |
846 847 |
if (msgflg & MSG_COPY) { msg = copy_msg(msg, copy); |
41a0d523d ipc,msg: shorten ... |
848 |
goto out_unlock0; |
852028af8 ipc: remove msg h... |
849 |
} |
41a0d523d ipc,msg: shorten ... |
850 |
|
1da177e4c Linux-2.6.12-rc2 |
851 852 853 |
list_del(&msg->m_list); msq->q_qnum--; msq->q_rtime = get_seconds(); |
b488893a3 pid namespaces: c... |
854 |
msq->q_lrpid = task_tgid_vnr(current); |
1da177e4c Linux-2.6.12-rc2 |
855 |
msq->q_cbytes -= msg->m_ts; |
3ac88a41f virtualization of... |
856 857 |
atomic_sub(msg->m_ts, &ns->msg_bytes); atomic_dec(&ns->msg_hdrs); |
ed27f9122 ipc/msg: avoid wa... |
858 |
ss_wakeup(msq, &wake_q, false); |
41a0d523d ipc,msg: shorten ... |
859 860 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
861 |
} |
41a0d523d ipc,msg: shorten ... |
862 |
|
1da177e4c Linux-2.6.12-rc2 |
863 864 865 |
/* No message waiting. Wait for a message */ if (msgflg & IPC_NOWAIT) { msg = ERR_PTR(-ENOMSG); |
41a0d523d ipc,msg: shorten ... |
866 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
867 |
} |
41a0d523d ipc,msg: shorten ... |
868 |
|
5a06a363e [PATCH] ipc/msg.c... |
869 |
list_add_tail(&msr_d.r_list, &msq->q_receivers); |
1da177e4c Linux-2.6.12-rc2 |
870 871 872 |
msr_d.r_tsk = current; msr_d.r_msgtype = msgtyp; msr_d.r_mode = mode; |
5a06a363e [PATCH] ipc/msg.c... |
873 |
if (msgflg & MSG_NOERROR) |
1da177e4c Linux-2.6.12-rc2 |
874 |
msr_d.r_maxsize = INT_MAX; |
5a06a363e [PATCH] ipc/msg.c... |
875 |
else |
f9dd87f47 ipc: message queu... |
876 |
msr_d.r_maxsize = bufsz; |
1da177e4c Linux-2.6.12-rc2 |
877 |
msr_d.r_msg = ERR_PTR(-EAGAIN); |
f75a2f358 ipc,msg: use curr... |
878 |
__set_current_state(TASK_INTERRUPTIBLE); |
1da177e4c Linux-2.6.12-rc2 |
879 |
|
41a0d523d ipc,msg: shorten ... |
880 881 |
ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); |
1da177e4c Linux-2.6.12-rc2 |
882 |
schedule(); |
ee51636ca ipc/msg: implemen... |
883 884 885 886 887 888 |
/* * Lockless receive, part 1: * We don't hold a reference to the queue and getting a * reference would defeat the idea of a lockless operation, * thus the code relies on rcu to guarantee the existence of * msq: |
1da177e4c Linux-2.6.12-rc2 |
889 890 |
* Prior to destruction, expunge_all(-EIRDM) changes r_msg. * Thus if r_msg is -EAGAIN, then the queue not yet destroyed. |
1da177e4c Linux-2.6.12-rc2 |
891 892 |
*/ rcu_read_lock(); |
ee51636ca ipc/msg: implemen... |
893 894 895 896 897 898 |
/* * Lockless receive, part 2: * The work in pipelined_send() and expunge_all(): * - Set pointer to message * - Queue the receiver task for later wakeup * - Wake up the process after the lock is dropped. |
ff35e5ef8 ipc,msg: provide ... |
899 |
* |
ee51636ca ipc/msg: implemen... |
900 901 |
* Should the process wake up before this wakeup (due to a * signal) it will either see the message and continue ... |
1da177e4c Linux-2.6.12-rc2 |
902 |
*/ |
ee51636ca ipc/msg: implemen... |
903 |
msg = READ_ONCE(msr_d.r_msg); |
41a0d523d ipc,msg: shorten ... |
904 905 |
if (msg != ERR_PTR(-EAGAIN)) goto out_unlock1; |
1da177e4c Linux-2.6.12-rc2 |
906 |
|
ee51636ca ipc/msg: implemen... |
907 908 909 910 |
/* * ... or see -EAGAIN, acquire the lock to check the message * again. */ |
41a0d523d ipc,msg: shorten ... |
911 |
ipc_lock_object(&msq->q_perm); |
1da177e4c Linux-2.6.12-rc2 |
912 |
|
ee51636ca ipc/msg: implemen... |
913 |
msg = msr_d.r_msg; |
5a06a363e [PATCH] ipc/msg.c... |
914 |
if (msg != ERR_PTR(-EAGAIN)) |
41a0d523d ipc,msg: shorten ... |
915 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
916 917 918 919 |
list_del(&msr_d.r_list); if (signal_pending(current)) { msg = ERR_PTR(-ERESTARTNOHAND); |
41a0d523d ipc,msg: shorten ... |
920 |
goto out_unlock0; |
1da177e4c Linux-2.6.12-rc2 |
921 |
} |
41a0d523d ipc,msg: shorten ... |
922 923 |
ipc_unlock_object(&msq->q_perm); |
1da177e4c Linux-2.6.12-rc2 |
924 |
} |
41a0d523d ipc,msg: shorten ... |
925 926 927 |
out_unlock0: ipc_unlock_object(&msq->q_perm); |
e3658538b ipc/msg: batch qu... |
928 |
wake_up_q(&wake_q); |
41a0d523d ipc,msg: shorten ... |
929 930 |
out_unlock1: rcu_read_unlock(); |
4a674f34b ipc: introduce me... |
931 |
if (IS_ERR(msg)) { |
85398aa8d ipc: simplify fre... |
932 |
free_copy(copy); |
5a06a363e [PATCH] ipc/msg.c... |
933 |
return PTR_ERR(msg); |
4a674f34b ipc: introduce me... |
934 |
} |
1da177e4c Linux-2.6.12-rc2 |
935 |
|
f9dd87f47 ipc: message queu... |
936 |
bufsz = msg_handler(buf, msg, bufsz); |
1da177e4c Linux-2.6.12-rc2 |
937 |
free_msg(msg); |
5a06a363e [PATCH] ipc/msg.c... |
938 |
|
f9dd87f47 ipc: message queu... |
939 |
return bufsz; |
1da177e4c Linux-2.6.12-rc2 |
940 |
} |
e48fbb699 [CVE-2009-0029] S... |
941 942 |
SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, long, msgtyp, int, msgflg) |
651971cb7 [PATCH] Fix the s... |
943 |
{ |
f9dd87f47 ipc: message queu... |
944 |
return do_msgrcv(msqid, msgp, msgsz, msgtyp, msgflg, do_msg_fill); |
651971cb7 [PATCH] Fix the s... |
945 |
} |
3440a6bd1 ipc,msg: move som... |
946 947 948 949 950 |
void msg_init_ns(struct ipc_namespace *ns) { ns->msg_ctlmax = MSGMAX; ns->msg_ctlmnb = MSGMNB; |
0050ee059 ipc/msg: increase... |
951 |
ns->msg_ctlmni = MSGMNI; |
3440a6bd1 ipc,msg: move som... |
952 953 954 955 956 957 958 959 960 961 962 963 964 |
atomic_set(&ns->msg_bytes, 0); atomic_set(&ns->msg_hdrs, 0); ipc_init_ids(&ns->ids[IPC_MSG_IDS]); } #ifdef CONFIG_IPC_NS void msg_exit_ns(struct ipc_namespace *ns) { free_ipcs(ns, &msg_ids(ns), freeque); idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr); } #endif |
1da177e4c Linux-2.6.12-rc2 |
965 |
#ifdef CONFIG_PROC_FS |
19b4946ca [PATCH] ipc: conv... |
966 |
static int sysvipc_msg_proc_show(struct seq_file *s, void *it) |
1da177e4c Linux-2.6.12-rc2 |
967 |
{ |
1efdb69b0 userns: Convert i... |
968 |
struct user_namespace *user_ns = seq_user_ns(s); |
19b4946ca [PATCH] ipc: conv... |
969 |
struct msg_queue *msq = it; |
7f032d6ef ipc: remove use o... |
970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 |
seq_printf(s, "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu ", msq->q_perm.key, msq->q_perm.id, msq->q_perm.mode, msq->q_cbytes, msq->q_qnum, msq->q_lspid, msq->q_lrpid, from_kuid_munged(user_ns, msq->q_perm.uid), from_kgid_munged(user_ns, msq->q_perm.gid), from_kuid_munged(user_ns, msq->q_perm.cuid), from_kgid_munged(user_ns, msq->q_perm.cgid), msq->q_stime, msq->q_rtime, msq->q_ctime); return 0; |
1da177e4c Linux-2.6.12-rc2 |
989 990 |
} #endif |
3440a6bd1 ipc,msg: move som... |
991 992 993 994 |
void __init msg_init(void) { msg_init_ns(&init_ipc_ns); |
3440a6bd1 ipc,msg: move som... |
995 996 997 998 999 |
ipc_init_proc_interface("sysvipc/msg", " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime ", IPC_MSG_IDS, sysvipc_msg_proc_show); } |