xref: /openbmc/linux/ipc/ipc_sysctl.c (revision d6344cc8) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  Copyright (C) 2007
4  *
5  *  Author: Eric Biederman <ebiederm@xmision.com>
6  */
7 
8 #include <linux/module.h>
9 #include <linux/ipc.h>
10 #include <linux/nsproxy.h>
11 #include <linux/sysctl.h>
12 #include <linux/uaccess.h>
13 #include <linux/capability.h>
14 #include <linux/ipc_namespace.h>
15 #include <linux/msg.h>
16 #include <linux/slab.h>
17 #include <linux/cred.h>
18 #include "util.h"
19 
20 static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write,
21 		void *buffer, size_t *lenp, loff_t *ppos)
22 {
23 	struct ipc_namespace *ns =
24 		container_of(table->data, struct ipc_namespace, shm_rmid_forced);
25 	int err;
26 
27 	err = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
28 
29 	if (err < 0)
30 		return err;
31 	if (ns->shm_rmid_forced)
32 		shm_destroy_orphaned(ns);
33 	return err;
34 }
35 
36 static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
37 		void *buffer, size_t *lenp, loff_t *ppos)
38 {
39 	struct ctl_table ipc_table;
40 	int dummy = 0;
41 
42 	memcpy(&ipc_table, table, sizeof(ipc_table));
43 	ipc_table.data = &dummy;
44 
45 	if (write)
46 		pr_info_once("writing to auto_msgmni has no effect");
47 
48 	return proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
49 }
50 
51 static int proc_ipc_sem_dointvec(struct ctl_table *table, int write,
52 	void *buffer, size_t *lenp, loff_t *ppos)
53 {
54 	struct ipc_namespace *ns =
55 		container_of(table->data, struct ipc_namespace, sem_ctls);
56 	int ret, semmni;
57 
58 	semmni = ns->sem_ctls[3];
59 	ret = proc_dointvec(table, write, buffer, lenp, ppos);
60 
61 	if (!ret)
62 		ret = sem_check_semmni(ns);
63 
64 	/*
65 	 * Reset the semmni value if an error happens.
66 	 */
67 	if (ret)
68 		ns->sem_ctls[3] = semmni;
69 	return ret;
70 }
71 
72 int ipc_mni = IPCMNI;
73 int ipc_mni_shift = IPCMNI_SHIFT;
74 int ipc_min_cycle = RADIX_TREE_MAP_SIZE;
75 
76 static struct ctl_table ipc_sysctls[] = {
77 	{
78 		.procname	= "shmmax",
79 		.data		= &init_ipc_ns.shm_ctlmax,
80 		.maxlen		= sizeof(init_ipc_ns.shm_ctlmax),
81 		.mode		= 0644,
82 		.proc_handler	= proc_doulongvec_minmax,
83 	},
84 	{
85 		.procname	= "shmall",
86 		.data		= &init_ipc_ns.shm_ctlall,
87 		.maxlen		= sizeof(init_ipc_ns.shm_ctlall),
88 		.mode		= 0644,
89 		.proc_handler	= proc_doulongvec_minmax,
90 	},
91 	{
92 		.procname	= "shmmni",
93 		.data		= &init_ipc_ns.shm_ctlmni,
94 		.maxlen		= sizeof(init_ipc_ns.shm_ctlmni),
95 		.mode		= 0644,
96 		.proc_handler	= proc_dointvec_minmax,
97 		.extra1		= SYSCTL_ZERO,
98 		.extra2		= &ipc_mni,
99 	},
100 	{
101 		.procname	= "shm_rmid_forced",
102 		.data		= &init_ipc_ns.shm_rmid_forced,
103 		.maxlen		= sizeof(init_ipc_ns.shm_rmid_forced),
104 		.mode		= 0644,
105 		.proc_handler	= proc_ipc_dointvec_minmax_orphans,
106 		.extra1		= SYSCTL_ZERO,
107 		.extra2		= SYSCTL_ONE,
108 	},
109 	{
110 		.procname	= "msgmax",
111 		.data		= &init_ipc_ns.msg_ctlmax,
112 		.maxlen		= sizeof(init_ipc_ns.msg_ctlmax),
113 		.mode		= 0644,
114 		.proc_handler	= proc_dointvec_minmax,
115 		.extra1		= SYSCTL_ZERO,
116 		.extra2		= SYSCTL_INT_MAX,
117 	},
118 	{
119 		.procname	= "msgmni",
120 		.data		= &init_ipc_ns.msg_ctlmni,
121 		.maxlen		= sizeof(init_ipc_ns.msg_ctlmni),
122 		.mode		= 0644,
123 		.proc_handler	= proc_dointvec_minmax,
124 		.extra1		= SYSCTL_ZERO,
125 		.extra2		= &ipc_mni,
126 	},
127 	{
128 		.procname	= "auto_msgmni",
129 		.data		= NULL,
130 		.maxlen		= sizeof(int),
131 		.mode		= 0644,
132 		.proc_handler	= proc_ipc_auto_msgmni,
133 		.extra1		= SYSCTL_ZERO,
134 		.extra2		= SYSCTL_ONE,
135 	},
136 	{
137 		.procname	=  "msgmnb",
138 		.data		= &init_ipc_ns.msg_ctlmnb,
139 		.maxlen		= sizeof(init_ipc_ns.msg_ctlmnb),
140 		.mode		= 0644,
141 		.proc_handler	= proc_dointvec_minmax,
142 		.extra1		= SYSCTL_ZERO,
143 		.extra2		= SYSCTL_INT_MAX,
144 	},
145 	{
146 		.procname	= "sem",
147 		.data		= &init_ipc_ns.sem_ctls,
148 		.maxlen		= 4*sizeof(int),
149 		.mode		= 0644,
150 		.proc_handler	= proc_ipc_sem_dointvec,
151 	},
152 #ifdef CONFIG_CHECKPOINT_RESTORE
153 	{
154 		.procname	= "sem_next_id",
155 		.data		= &init_ipc_ns.ids[IPC_SEM_IDS].next_id,
156 		.maxlen		= sizeof(init_ipc_ns.ids[IPC_SEM_IDS].next_id),
157 		.mode		= 0444,
158 		.proc_handler	= proc_dointvec_minmax,
159 		.extra1		= SYSCTL_ZERO,
160 		.extra2		= SYSCTL_INT_MAX,
161 	},
162 	{
163 		.procname	= "msg_next_id",
164 		.data		= &init_ipc_ns.ids[IPC_MSG_IDS].next_id,
165 		.maxlen		= sizeof(init_ipc_ns.ids[IPC_MSG_IDS].next_id),
166 		.mode		= 0444,
167 		.proc_handler	= proc_dointvec_minmax,
168 		.extra1		= SYSCTL_ZERO,
169 		.extra2		= SYSCTL_INT_MAX,
170 	},
171 	{
172 		.procname	= "shm_next_id",
173 		.data		= &init_ipc_ns.ids[IPC_SHM_IDS].next_id,
174 		.maxlen		= sizeof(init_ipc_ns.ids[IPC_SHM_IDS].next_id),
175 		.mode		= 0444,
176 		.proc_handler	= proc_dointvec_minmax,
177 		.extra1		= SYSCTL_ZERO,
178 		.extra2		= SYSCTL_INT_MAX,
179 	},
180 #endif
181 	{}
182 };
183 
184 static struct ctl_table_set *set_lookup(struct ctl_table_root *root)
185 {
186 	return &current->nsproxy->ipc_ns->ipc_set;
187 }
188 
189 static int set_is_seen(struct ctl_table_set *set)
190 {
191 	return &current->nsproxy->ipc_ns->ipc_set == set;
192 }
193 
194 static void ipc_set_ownership(struct ctl_table_header *head,
195 			      kuid_t *uid, kgid_t *gid)
196 {
197 	struct ipc_namespace *ns =
198 		container_of(head->set, struct ipc_namespace, ipc_set);
199 
200 	kuid_t ns_root_uid = make_kuid(ns->user_ns, 0);
201 	kgid_t ns_root_gid = make_kgid(ns->user_ns, 0);
202 
203 	*uid = uid_valid(ns_root_uid) ? ns_root_uid : GLOBAL_ROOT_UID;
204 	*gid = gid_valid(ns_root_gid) ? ns_root_gid : GLOBAL_ROOT_GID;
205 }
206 
207 static int ipc_permissions(struct ctl_table_header *head, struct ctl_table *table)
208 {
209 	int mode = table->mode;
210 
211 #ifdef CONFIG_CHECKPOINT_RESTORE
212 	struct ipc_namespace *ns =
213 		container_of(head->set, struct ipc_namespace, ipc_set);
214 
215 	if (((table->data == &ns->ids[IPC_SEM_IDS].next_id) ||
216 	     (table->data == &ns->ids[IPC_MSG_IDS].next_id) ||
217 	     (table->data == &ns->ids[IPC_SHM_IDS].next_id)) &&
218 	    checkpoint_restore_ns_capable(ns->user_ns))
219 		mode = 0666;
220 	else
221 #endif
222 	{
223 		kuid_t ns_root_uid;
224 		kgid_t ns_root_gid;
225 
226 		ipc_set_ownership(head, &ns_root_uid, &ns_root_gid);
227 
228 		if (uid_eq(current_euid(), ns_root_uid))
229 			mode >>= 6;
230 
231 		else if (in_egroup_p(ns_root_gid))
232 			mode >>= 3;
233 	}
234 
235 	mode &= 7;
236 
237 	return (mode << 6) | (mode << 3) | mode;
238 }
239 
240 static struct ctl_table_root set_root = {
241 	.lookup = set_lookup,
242 	.permissions = ipc_permissions,
243 	.set_ownership = ipc_set_ownership,
244 };
245 
246 bool setup_ipc_sysctls(struct ipc_namespace *ns)
247 {
248 	struct ctl_table *tbl;
249 
250 	setup_sysctl_set(&ns->ipc_set, &set_root, set_is_seen);
251 
252 	tbl = kmemdup(ipc_sysctls, sizeof(ipc_sysctls), GFP_KERNEL);
253 	if (tbl) {
254 		int i;
255 
256 		for (i = 0; i < ARRAY_SIZE(ipc_sysctls); i++) {
257 			if (tbl[i].data == &init_ipc_ns.shm_ctlmax)
258 				tbl[i].data = &ns->shm_ctlmax;
259 
260 			else if (tbl[i].data == &init_ipc_ns.shm_ctlall)
261 				tbl[i].data = &ns->shm_ctlall;
262 
263 			else if (tbl[i].data == &init_ipc_ns.shm_ctlmni)
264 				tbl[i].data = &ns->shm_ctlmni;
265 
266 			else if (tbl[i].data == &init_ipc_ns.shm_rmid_forced)
267 				tbl[i].data = &ns->shm_rmid_forced;
268 
269 			else if (tbl[i].data == &init_ipc_ns.msg_ctlmax)
270 				tbl[i].data = &ns->msg_ctlmax;
271 
272 			else if (tbl[i].data == &init_ipc_ns.msg_ctlmni)
273 				tbl[i].data = &ns->msg_ctlmni;
274 
275 			else if (tbl[i].data == &init_ipc_ns.msg_ctlmnb)
276 				tbl[i].data = &ns->msg_ctlmnb;
277 
278 			else if (tbl[i].data == &init_ipc_ns.sem_ctls)
279 				tbl[i].data = &ns->sem_ctls;
280 #ifdef CONFIG_CHECKPOINT_RESTORE
281 			else if (tbl[i].data == &init_ipc_ns.ids[IPC_SEM_IDS].next_id)
282 				tbl[i].data = &ns->ids[IPC_SEM_IDS].next_id;
283 
284 			else if (tbl[i].data == &init_ipc_ns.ids[IPC_MSG_IDS].next_id)
285 				tbl[i].data = &ns->ids[IPC_MSG_IDS].next_id;
286 
287 			else if (tbl[i].data == &init_ipc_ns.ids[IPC_SHM_IDS].next_id)
288 				tbl[i].data = &ns->ids[IPC_SHM_IDS].next_id;
289 #endif
290 			else
291 				tbl[i].data = NULL;
292 		}
293 
294 		ns->ipc_sysctls = __register_sysctl_table(&ns->ipc_set,
295 							  "kernel", tbl,
296 							  ARRAY_SIZE(ipc_sysctls));
297 	}
298 	if (!ns->ipc_sysctls) {
299 		kfree(tbl);
300 		retire_sysctl_set(&ns->ipc_set);
301 		return false;
302 	}
303 
304 	return true;
305 }
306 
307 void retire_ipc_sysctls(struct ipc_namespace *ns)
308 {
309 	struct ctl_table *tbl;
310 
311 	tbl = ns->ipc_sysctls->ctl_table_arg;
312 	unregister_sysctl_table(ns->ipc_sysctls);
313 	retire_sysctl_set(&ns->ipc_set);
314 	kfree(tbl);
315 }
316 
317 static int __init ipc_sysctl_init(void)
318 {
319 	if (!setup_ipc_sysctls(&init_ipc_ns)) {
320 		pr_warn("ipc sysctl registration failed\n");
321 		return -ENOMEM;
322 	}
323 	return 0;
324 }
325 
326 device_initcall(ipc_sysctl_init);
327 
328 static int __init ipc_mni_extend(char *str)
329 {
330 	ipc_mni = IPCMNI_EXTEND;
331 	ipc_mni_shift = IPCMNI_EXTEND_SHIFT;
332 	ipc_min_cycle = IPCMNI_EXTEND_MIN_CYCLE;
333 	pr_info("IPCMNI extended to %d.\n", ipc_mni);
334 	return 0;
335 }
336 early_param("ipcmni_extend", ipc_mni_extend);
337