1 /* 2 * linux/ipc/util.c 3 * Copyright (C) 1992 Krishna Balasubramanian 4 * 5 * Sep 1997 - Call suser() last after "normal" permission checks so we 6 * get BSD style process accounting right. 7 * Occurs in several places in the IPC code. 8 * Chris Evans, <chris@ferret.lmh.ox.ac.uk> 9 * Nov 1999 - ipc helper functions, unified SMP locking 10 * Manfred Spraul <manfred@colorfullife.com> 11 * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). 12 * Mingming Cao <cmm@us.ibm.com> 13 * Mar 2006 - support for audit of ipc object properties 14 * Dustin Kirkland <dustin.kirkland@us.ibm.com> 15 * Jun 2006 - namespaces ssupport 16 * OpenVZ, SWsoft Inc. 17 * Pavel Emelianov <xemul@openvz.org> 18 * 19 * General sysv ipc locking scheme: 20 * rcu_read_lock() 21 * obtain the ipc object (kern_ipc_perm) by looking up the id in an idr 22 * tree. 23 * - perform initial checks (capabilities, auditing and permission, 24 * etc). 25 * - perform read-only operations, such as STAT, INFO commands. 26 * acquire the ipc lock (kern_ipc_perm.lock) through 27 * ipc_lock_object() 28 * - perform data updates, such as SET, RMID commands and 29 * mechanism-specific operations (semop/semtimedop, 30 * msgsnd/msgrcv, shmat/shmdt). 31 * drop the ipc lock, through ipc_unlock_object(). 32 * rcu_read_unlock() 33 * 34 * The ids->rwsem must be taken when: 35 * - creating, removing and iterating the existing entries in ipc 36 * identifier sets. 37 * - iterating through files under /proc/sysvipc/ 38 * 39 * Note that sems have a special fast path that avoids kern_ipc_perm.lock - 40 * see sem_lock(). 41 */ 42 43 #include <linux/mm.h> 44 #include <linux/shm.h> 45 #include <linux/init.h> 46 #include <linux/msg.h> 47 #include <linux/vmalloc.h> 48 #include <linux/slab.h> 49 #include <linux/notifier.h> 50 #include <linux/capability.h> 51 #include <linux/highuid.h> 52 #include <linux/security.h> 53 #include <linux/rcupdate.h> 54 #include <linux/workqueue.h> 55 #include <linux/seq_file.h> 56 #include <linux/proc_fs.h> 57 #include <linux/audit.h> 58 #include <linux/nsproxy.h> 59 #include <linux/rwsem.h> 60 #include <linux/memory.h> 61 #include <linux/ipc_namespace.h> 62 63 #include <asm/unistd.h> 64 65 #include "util.h" 66 67 struct ipc_proc_iface { 68 const char *path; 69 const char *header; 70 int ids; 71 int (*show)(struct seq_file *, void *); 72 }; 73 74 static void ipc_memory_notifier(struct work_struct *work) 75 { 76 ipcns_notify(IPCNS_MEMCHANGED); 77 } 78 79 static int ipc_memory_callback(struct notifier_block *self, 80 unsigned long action, void *arg) 81 { 82 static DECLARE_WORK(ipc_memory_wq, ipc_memory_notifier); 83 84 switch (action) { 85 case MEM_ONLINE: /* memory successfully brought online */ 86 case MEM_OFFLINE: /* or offline: it's time to recompute msgmni */ 87 /* 88 * This is done by invoking the ipcns notifier chain with the 89 * IPC_MEMCHANGED event. 90 * In order not to keep the lock on the hotplug memory chain 91 * for too long, queue a work item that will, when waken up, 92 * activate the ipcns notification chain. 93 * No need to keep several ipc work items on the queue. 94 */ 95 if (!work_pending(&ipc_memory_wq)) 96 schedule_work(&ipc_memory_wq); 97 break; 98 case MEM_GOING_ONLINE: 99 case MEM_GOING_OFFLINE: 100 case MEM_CANCEL_ONLINE: 101 case MEM_CANCEL_OFFLINE: 102 default: 103 break; 104 } 105 106 return NOTIFY_OK; 107 } 108 109 static struct notifier_block ipc_memory_nb = { 110 .notifier_call = ipc_memory_callback, 111 .priority = IPC_CALLBACK_PRI, 112 }; 113 114 /** 115 * ipc_init - initialise IPC subsystem 116 * 117 * The various system5 IPC resources (semaphores, messages and shared 118 * memory) are initialised 119 * A callback routine is registered into the memory hotplug notifier 120 * chain: since msgmni scales to lowmem this callback routine will be 121 * called upon successful memory add / remove to recompute msmgni. 122 */ 123 124 static int __init ipc_init(void) 125 { 126 sem_init(); 127 msg_init(); 128 shm_init(); 129 register_hotmemory_notifier(&ipc_memory_nb); 130 register_ipcns_notifier(&init_ipc_ns); 131 return 0; 132 } 133 __initcall(ipc_init); 134 135 /** 136 * ipc_init_ids - initialise IPC identifiers 137 * @ids: Identifier set 138 * 139 * Set up the sequence range to use for the ipc identifier range (limited 140 * below IPCMNI) then initialise the ids idr. 141 */ 142 143 void ipc_init_ids(struct ipc_ids *ids) 144 { 145 init_rwsem(&ids->rwsem); 146 147 ids->in_use = 0; 148 ids->seq = 0; 149 ids->next_id = -1; 150 { 151 int seq_limit = INT_MAX/SEQ_MULTIPLIER; 152 if (seq_limit > USHRT_MAX) 153 ids->seq_max = USHRT_MAX; 154 else 155 ids->seq_max = seq_limit; 156 } 157 158 idr_init(&ids->ipcs_idr); 159 } 160 161 #ifdef CONFIG_PROC_FS 162 static const struct file_operations sysvipc_proc_fops; 163 /** 164 * ipc_init_proc_interface - Create a proc interface for sysipc types using a seq_file interface. 165 * @path: Path in procfs 166 * @header: Banner to be printed at the beginning of the file. 167 * @ids: ipc id table to iterate. 168 * @show: show routine. 169 */ 170 void __init ipc_init_proc_interface(const char *path, const char *header, 171 int ids, int (*show)(struct seq_file *, void *)) 172 { 173 struct proc_dir_entry *pde; 174 struct ipc_proc_iface *iface; 175 176 iface = kmalloc(sizeof(*iface), GFP_KERNEL); 177 if (!iface) 178 return; 179 iface->path = path; 180 iface->header = header; 181 iface->ids = ids; 182 iface->show = show; 183 184 pde = proc_create_data(path, 185 S_IRUGO, /* world readable */ 186 NULL, /* parent dir */ 187 &sysvipc_proc_fops, 188 iface); 189 if (!pde) { 190 kfree(iface); 191 } 192 } 193 #endif 194 195 /** 196 * ipc_findkey - find a key in an ipc identifier set 197 * @ids: Identifier set 198 * @key: The key to find 199 * 200 * Requires ipc_ids.rwsem locked. 201 * Returns the LOCKED pointer to the ipc structure if found or NULL 202 * if not. 203 * If key is found ipc points to the owning ipc structure 204 */ 205 206 static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key) 207 { 208 struct kern_ipc_perm *ipc; 209 int next_id; 210 int total; 211 212 for (total = 0, next_id = 0; total < ids->in_use; next_id++) { 213 ipc = idr_find(&ids->ipcs_idr, next_id); 214 215 if (ipc == NULL) 216 continue; 217 218 if (ipc->key != key) { 219 total++; 220 continue; 221 } 222 223 rcu_read_lock(); 224 ipc_lock_object(ipc); 225 return ipc; 226 } 227 228 return NULL; 229 } 230 231 /** 232 * ipc_get_maxid - get the last assigned id 233 * @ids: IPC identifier set 234 * 235 * Called with ipc_ids.rwsem held. 236 */ 237 238 int ipc_get_maxid(struct ipc_ids *ids) 239 { 240 struct kern_ipc_perm *ipc; 241 int max_id = -1; 242 int total, id; 243 244 if (ids->in_use == 0) 245 return -1; 246 247 if (ids->in_use == IPCMNI) 248 return IPCMNI - 1; 249 250 /* Look for the last assigned id */ 251 total = 0; 252 for (id = 0; id < IPCMNI && total < ids->in_use; id++) { 253 ipc = idr_find(&ids->ipcs_idr, id); 254 if (ipc != NULL) { 255 max_id = id; 256 total++; 257 } 258 } 259 return max_id; 260 } 261 262 /** 263 * ipc_addid - add an IPC identifier 264 * @ids: IPC identifier set 265 * @new: new IPC permission set 266 * @size: limit for the number of used ids 267 * 268 * Add an entry 'new' to the IPC ids idr. The permissions object is 269 * initialised and the first free entry is set up and the id assigned 270 * is returned. The 'new' entry is returned in a locked state on success. 271 * On failure the entry is not locked and a negative err-code is returned. 272 * 273 * Called with writer ipc_ids.rwsem held. 274 */ 275 int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) 276 { 277 kuid_t euid; 278 kgid_t egid; 279 int id; 280 int next_id = ids->next_id; 281 282 if (size > IPCMNI) 283 size = IPCMNI; 284 285 if (ids->in_use >= size) 286 return -ENOSPC; 287 288 idr_preload(GFP_KERNEL); 289 290 spin_lock_init(&new->lock); 291 new->deleted = 0; 292 rcu_read_lock(); 293 spin_lock(&new->lock); 294 295 id = idr_alloc(&ids->ipcs_idr, new, 296 (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0, 297 GFP_NOWAIT); 298 idr_preload_end(); 299 if (id < 0) { 300 spin_unlock(&new->lock); 301 rcu_read_unlock(); 302 return id; 303 } 304 305 ids->in_use++; 306 307 current_euid_egid(&euid, &egid); 308 new->cuid = new->uid = euid; 309 new->gid = new->cgid = egid; 310 311 if (next_id < 0) { 312 new->seq = ids->seq++; 313 if (ids->seq > ids->seq_max) 314 ids->seq = 0; 315 } else { 316 new->seq = ipcid_to_seqx(next_id); 317 ids->next_id = -1; 318 } 319 320 new->id = ipc_buildid(id, new->seq); 321 return id; 322 } 323 324 /** 325 * ipcget_new - create a new ipc object 326 * @ns: namespace 327 * @ids: IPC identifer set 328 * @ops: the actual creation routine to call 329 * @params: its parameters 330 * 331 * This routine is called by sys_msgget, sys_semget() and sys_shmget() 332 * when the key is IPC_PRIVATE. 333 */ 334 static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids, 335 struct ipc_ops *ops, struct ipc_params *params) 336 { 337 int err; 338 339 down_write(&ids->rwsem); 340 err = ops->getnew(ns, params); 341 up_write(&ids->rwsem); 342 return err; 343 } 344 345 /** 346 * ipc_check_perms - check security and permissions for an IPC 347 * @ns: IPC namespace 348 * @ipcp: ipc permission set 349 * @ops: the actual security routine to call 350 * @params: its parameters 351 * 352 * This routine is called by sys_msgget(), sys_semget() and sys_shmget() 353 * when the key is not IPC_PRIVATE and that key already exists in the 354 * ids IDR. 355 * 356 * On success, the IPC id is returned. 357 * 358 * It is called with ipc_ids.rwsem and ipcp->lock held. 359 */ 360 static int ipc_check_perms(struct ipc_namespace *ns, 361 struct kern_ipc_perm *ipcp, 362 struct ipc_ops *ops, 363 struct ipc_params *params) 364 { 365 int err; 366 367 if (ipcperms(ns, ipcp, params->flg)) 368 err = -EACCES; 369 else { 370 err = ops->associate(ipcp, params->flg); 371 if (!err) 372 err = ipcp->id; 373 } 374 375 return err; 376 } 377 378 /** 379 * ipcget_public - get an ipc object or create a new one 380 * @ns: namespace 381 * @ids: IPC identifer set 382 * @ops: the actual creation routine to call 383 * @params: its parameters 384 * 385 * This routine is called by sys_msgget, sys_semget() and sys_shmget() 386 * when the key is not IPC_PRIVATE. 387 * It adds a new entry if the key is not found and does some permission 388 * / security checkings if the key is found. 389 * 390 * On success, the ipc id is returned. 391 */ 392 static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, 393 struct ipc_ops *ops, struct ipc_params *params) 394 { 395 struct kern_ipc_perm *ipcp; 396 int flg = params->flg; 397 int err; 398 399 /* 400 * Take the lock as a writer since we are potentially going to add 401 * a new entry + read locks are not "upgradable" 402 */ 403 down_write(&ids->rwsem); 404 ipcp = ipc_findkey(ids, params->key); 405 if (ipcp == NULL) { 406 /* key not used */ 407 if (!(flg & IPC_CREAT)) 408 err = -ENOENT; 409 else 410 err = ops->getnew(ns, params); 411 } else { 412 /* ipc object has been locked by ipc_findkey() */ 413 414 if (flg & IPC_CREAT && flg & IPC_EXCL) 415 err = -EEXIST; 416 else { 417 err = 0; 418 if (ops->more_checks) 419 err = ops->more_checks(ipcp, params); 420 if (!err) 421 /* 422 * ipc_check_perms returns the IPC id on 423 * success 424 */ 425 err = ipc_check_perms(ns, ipcp, ops, params); 426 } 427 ipc_unlock(ipcp); 428 } 429 up_write(&ids->rwsem); 430 431 return err; 432 } 433 434 435 /** 436 * ipc_rmid - remove an IPC identifier 437 * @ids: IPC identifier set 438 * @ipcp: ipc perm structure containing the identifier to remove 439 * 440 * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held 441 * before this function is called, and remain locked on the exit. 442 */ 443 444 void ipc_rmid(struct ipc_ids *ids, struct kern_ipc_perm *ipcp) 445 { 446 int lid = ipcid_to_idx(ipcp->id); 447 448 idr_remove(&ids->ipcs_idr, lid); 449 450 ids->in_use--; 451 452 ipcp->deleted = 1; 453 454 return; 455 } 456 457 /** 458 * ipc_alloc - allocate ipc space 459 * @size: size desired 460 * 461 * Allocate memory from the appropriate pools and return a pointer to it. 462 * NULL is returned if the allocation fails 463 */ 464 465 void *ipc_alloc(int size) 466 { 467 void *out; 468 if(size > PAGE_SIZE) 469 out = vmalloc(size); 470 else 471 out = kmalloc(size, GFP_KERNEL); 472 return out; 473 } 474 475 /** 476 * ipc_free - free ipc space 477 * @ptr: pointer returned by ipc_alloc 478 * @size: size of block 479 * 480 * Free a block created with ipc_alloc(). The caller must know the size 481 * used in the allocation call. 482 */ 483 484 void ipc_free(void* ptr, int size) 485 { 486 if(size > PAGE_SIZE) 487 vfree(ptr); 488 else 489 kfree(ptr); 490 } 491 492 /** 493 * ipc_rcu_alloc - allocate ipc and rcu space 494 * @size: size desired 495 * 496 * Allocate memory for the rcu header structure + the object. 497 * Returns the pointer to the object or NULL upon failure. 498 */ 499 void *ipc_rcu_alloc(int size) 500 { 501 /* 502 * We prepend the allocation with the rcu struct 503 */ 504 struct ipc_rcu *out = ipc_alloc(sizeof(struct ipc_rcu) + size); 505 if (unlikely(!out)) 506 return NULL; 507 atomic_set(&out->refcount, 1); 508 return out + 1; 509 } 510 511 int ipc_rcu_getref(void *ptr) 512 { 513 struct ipc_rcu *p = ((struct ipc_rcu *)ptr) - 1; 514 515 return atomic_inc_not_zero(&p->refcount); 516 } 517 518 void ipc_rcu_putref(void *ptr, void (*func)(struct rcu_head *head)) 519 { 520 struct ipc_rcu *p = ((struct ipc_rcu *)ptr) - 1; 521 522 if (!atomic_dec_and_test(&p->refcount)) 523 return; 524 525 call_rcu(&p->rcu, func); 526 } 527 528 void ipc_rcu_free(struct rcu_head *head) 529 { 530 struct ipc_rcu *p = container_of(head, struct ipc_rcu, rcu); 531 532 if (is_vmalloc_addr(p)) 533 vfree(p); 534 else 535 kfree(p); 536 } 537 538 /** 539 * ipcperms - check IPC permissions 540 * @ns: IPC namespace 541 * @ipcp: IPC permission set 542 * @flag: desired permission set. 543 * 544 * Check user, group, other permissions for access 545 * to ipc resources. return 0 if allowed 546 * 547 * @flag will most probably be 0 or S_...UGO from <linux/stat.h> 548 */ 549 550 int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag) 551 { 552 kuid_t euid = current_euid(); 553 int requested_mode, granted_mode; 554 555 audit_ipc_obj(ipcp); 556 requested_mode = (flag >> 6) | (flag >> 3) | flag; 557 granted_mode = ipcp->mode; 558 if (uid_eq(euid, ipcp->cuid) || 559 uid_eq(euid, ipcp->uid)) 560 granted_mode >>= 6; 561 else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) 562 granted_mode >>= 3; 563 /* is there some bit set in requested_mode but not in granted_mode? */ 564 if ((requested_mode & ~granted_mode & 0007) && 565 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) 566 return -1; 567 568 return security_ipc_permission(ipcp, flag); 569 } 570 571 /* 572 * Functions to convert between the kern_ipc_perm structure and the 573 * old/new ipc_perm structures 574 */ 575 576 /** 577 * kernel_to_ipc64_perm - convert kernel ipc permissions to user 578 * @in: kernel permissions 579 * @out: new style IPC permissions 580 * 581 * Turn the kernel object @in into a set of permissions descriptions 582 * for returning to userspace (@out). 583 */ 584 585 586 void kernel_to_ipc64_perm (struct kern_ipc_perm *in, struct ipc64_perm *out) 587 { 588 out->key = in->key; 589 out->uid = from_kuid_munged(current_user_ns(), in->uid); 590 out->gid = from_kgid_munged(current_user_ns(), in->gid); 591 out->cuid = from_kuid_munged(current_user_ns(), in->cuid); 592 out->cgid = from_kgid_munged(current_user_ns(), in->cgid); 593 out->mode = in->mode; 594 out->seq = in->seq; 595 } 596 597 /** 598 * ipc64_perm_to_ipc_perm - convert new ipc permissions to old 599 * @in: new style IPC permissions 600 * @out: old style IPC permissions 601 * 602 * Turn the new style permissions object @in into a compatibility 603 * object and store it into the @out pointer. 604 */ 605 606 void ipc64_perm_to_ipc_perm (struct ipc64_perm *in, struct ipc_perm *out) 607 { 608 out->key = in->key; 609 SET_UID(out->uid, in->uid); 610 SET_GID(out->gid, in->gid); 611 SET_UID(out->cuid, in->cuid); 612 SET_GID(out->cgid, in->cgid); 613 out->mode = in->mode; 614 out->seq = in->seq; 615 } 616 617 /** 618 * ipc_obtain_object 619 * @ids: ipc identifier set 620 * @id: ipc id to look for 621 * 622 * Look for an id in the ipc ids idr and return associated ipc object. 623 * 624 * Call inside the RCU critical section. 625 * The ipc object is *not* locked on exit. 626 */ 627 struct kern_ipc_perm *ipc_obtain_object(struct ipc_ids *ids, int id) 628 { 629 struct kern_ipc_perm *out; 630 int lid = ipcid_to_idx(id); 631 632 out = idr_find(&ids->ipcs_idr, lid); 633 if (!out) 634 return ERR_PTR(-EINVAL); 635 636 return out; 637 } 638 639 /** 640 * ipc_lock - Lock an ipc structure without rwsem held 641 * @ids: IPC identifier set 642 * @id: ipc id to look for 643 * 644 * Look for an id in the ipc ids idr and lock the associated ipc object. 645 * 646 * The ipc object is locked on successful exit. 647 */ 648 struct kern_ipc_perm *ipc_lock(struct ipc_ids *ids, int id) 649 { 650 struct kern_ipc_perm *out; 651 652 rcu_read_lock(); 653 out = ipc_obtain_object(ids, id); 654 if (IS_ERR(out)) 655 goto err1; 656 657 spin_lock(&out->lock); 658 659 /* ipc_rmid() may have already freed the ID while ipc_lock 660 * was spinning: here verify that the structure is still valid 661 */ 662 if (!out->deleted) 663 return out; 664 665 spin_unlock(&out->lock); 666 out = ERR_PTR(-EINVAL); 667 err1: 668 rcu_read_unlock(); 669 return out; 670 } 671 672 /** 673 * ipc_obtain_object_check 674 * @ids: ipc identifier set 675 * @id: ipc id to look for 676 * 677 * Similar to ipc_obtain_object() but also checks 678 * the ipc object reference counter. 679 * 680 * Call inside the RCU critical section. 681 * The ipc object is *not* locked on exit. 682 */ 683 struct kern_ipc_perm *ipc_obtain_object_check(struct ipc_ids *ids, int id) 684 { 685 struct kern_ipc_perm *out = ipc_obtain_object(ids, id); 686 687 if (IS_ERR(out)) 688 goto out; 689 690 if (ipc_checkid(out, id)) 691 return ERR_PTR(-EIDRM); 692 out: 693 return out; 694 } 695 696 /** 697 * ipcget - Common sys_*get() code 698 * @ns : namsepace 699 * @ids : IPC identifier set 700 * @ops : operations to be called on ipc object creation, permission checks 701 * and further checks 702 * @params : the parameters needed by the previous operations. 703 * 704 * Common routine called by sys_msgget(), sys_semget() and sys_shmget(). 705 */ 706 int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids, 707 struct ipc_ops *ops, struct ipc_params *params) 708 { 709 if (params->key == IPC_PRIVATE) 710 return ipcget_new(ns, ids, ops, params); 711 else 712 return ipcget_public(ns, ids, ops, params); 713 } 714 715 /** 716 * ipc_update_perm - update the permissions of an IPC. 717 * @in: the permission given as input. 718 * @out: the permission of the ipc to set. 719 */ 720 int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out) 721 { 722 kuid_t uid = make_kuid(current_user_ns(), in->uid); 723 kgid_t gid = make_kgid(current_user_ns(), in->gid); 724 if (!uid_valid(uid) || !gid_valid(gid)) 725 return -EINVAL; 726 727 out->uid = uid; 728 out->gid = gid; 729 out->mode = (out->mode & ~S_IRWXUGO) 730 | (in->mode & S_IRWXUGO); 731 732 return 0; 733 } 734 735 /** 736 * ipcctl_pre_down_nolock - retrieve an ipc and check permissions for some IPC_XXX cmd 737 * @ns: the ipc namespace 738 * @ids: the table of ids where to look for the ipc 739 * @id: the id of the ipc to retrieve 740 * @cmd: the cmd to check 741 * @perm: the permission to set 742 * @extra_perm: one extra permission parameter used by msq 743 * 744 * This function does some common audit and permissions check for some IPC_XXX 745 * cmd and is called from semctl_down, shmctl_down and msgctl_down. 746 * It must be called without any lock held and 747 * - retrieves the ipc with the given id in the given table. 748 * - performs some audit and permission check, depending on the given cmd 749 * - returns a pointer to the ipc object or otherwise, the corresponding error. 750 * 751 * Call holding the both the rwsem and the rcu read lock. 752 */ 753 struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns, 754 struct ipc_ids *ids, int id, int cmd, 755 struct ipc64_perm *perm, int extra_perm) 756 { 757 kuid_t euid; 758 int err = -EPERM; 759 struct kern_ipc_perm *ipcp; 760 761 ipcp = ipc_obtain_object_check(ids, id); 762 if (IS_ERR(ipcp)) { 763 err = PTR_ERR(ipcp); 764 goto err; 765 } 766 767 audit_ipc_obj(ipcp); 768 if (cmd == IPC_SET) 769 audit_ipc_set_perm(extra_perm, perm->uid, 770 perm->gid, perm->mode); 771 772 euid = current_euid(); 773 if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid) || 774 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) 775 return ipcp; /* successful lookup */ 776 err: 777 return ERR_PTR(err); 778 } 779 780 #ifdef CONFIG_ARCH_WANT_IPC_PARSE_VERSION 781 782 783 /** 784 * ipc_parse_version - IPC call version 785 * @cmd: pointer to command 786 * 787 * Return IPC_64 for new style IPC and IPC_OLD for old style IPC. 788 * The @cmd value is turned from an encoding command and version into 789 * just the command code. 790 */ 791 792 int ipc_parse_version (int *cmd) 793 { 794 if (*cmd & IPC_64) { 795 *cmd ^= IPC_64; 796 return IPC_64; 797 } else { 798 return IPC_OLD; 799 } 800 } 801 802 #endif /* CONFIG_ARCH_WANT_IPC_PARSE_VERSION */ 803 804 #ifdef CONFIG_PROC_FS 805 struct ipc_proc_iter { 806 struct ipc_namespace *ns; 807 struct ipc_proc_iface *iface; 808 }; 809 810 /* 811 * This routine locks the ipc structure found at least at position pos. 812 */ 813 static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, 814 loff_t *new_pos) 815 { 816 struct kern_ipc_perm *ipc; 817 int total, id; 818 819 total = 0; 820 for (id = 0; id < pos && total < ids->in_use; id++) { 821 ipc = idr_find(&ids->ipcs_idr, id); 822 if (ipc != NULL) 823 total++; 824 } 825 826 if (total >= ids->in_use) 827 return NULL; 828 829 for ( ; pos < IPCMNI; pos++) { 830 ipc = idr_find(&ids->ipcs_idr, pos); 831 if (ipc != NULL) { 832 *new_pos = pos + 1; 833 rcu_read_lock(); 834 ipc_lock_object(ipc); 835 return ipc; 836 } 837 } 838 839 /* Out of range - return NULL to terminate iteration */ 840 return NULL; 841 } 842 843 static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) 844 { 845 struct ipc_proc_iter *iter = s->private; 846 struct ipc_proc_iface *iface = iter->iface; 847 struct kern_ipc_perm *ipc = it; 848 849 /* If we had an ipc id locked before, unlock it */ 850 if (ipc && ipc != SEQ_START_TOKEN) 851 ipc_unlock(ipc); 852 853 return sysvipc_find_ipc(&iter->ns->ids[iface->ids], *pos, pos); 854 } 855 856 /* 857 * File positions: pos 0 -> header, pos n -> ipc id = n - 1. 858 * SeqFile iterator: iterator value locked ipc pointer or SEQ_TOKEN_START. 859 */ 860 static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) 861 { 862 struct ipc_proc_iter *iter = s->private; 863 struct ipc_proc_iface *iface = iter->iface; 864 struct ipc_ids *ids; 865 866 ids = &iter->ns->ids[iface->ids]; 867 868 /* 869 * Take the lock - this will be released by the corresponding 870 * call to stop(). 871 */ 872 down_read(&ids->rwsem); 873 874 /* pos < 0 is invalid */ 875 if (*pos < 0) 876 return NULL; 877 878 /* pos == 0 means header */ 879 if (*pos == 0) 880 return SEQ_START_TOKEN; 881 882 /* Find the (pos-1)th ipc */ 883 return sysvipc_find_ipc(ids, *pos - 1, pos); 884 } 885 886 static void sysvipc_proc_stop(struct seq_file *s, void *it) 887 { 888 struct kern_ipc_perm *ipc = it; 889 struct ipc_proc_iter *iter = s->private; 890 struct ipc_proc_iface *iface = iter->iface; 891 struct ipc_ids *ids; 892 893 /* If we had a locked structure, release it */ 894 if (ipc && ipc != SEQ_START_TOKEN) 895 ipc_unlock(ipc); 896 897 ids = &iter->ns->ids[iface->ids]; 898 /* Release the lock we took in start() */ 899 up_read(&ids->rwsem); 900 } 901 902 static int sysvipc_proc_show(struct seq_file *s, void *it) 903 { 904 struct ipc_proc_iter *iter = s->private; 905 struct ipc_proc_iface *iface = iter->iface; 906 907 if (it == SEQ_START_TOKEN) 908 return seq_puts(s, iface->header); 909 910 return iface->show(s, it); 911 } 912 913 static const struct seq_operations sysvipc_proc_seqops = { 914 .start = sysvipc_proc_start, 915 .stop = sysvipc_proc_stop, 916 .next = sysvipc_proc_next, 917 .show = sysvipc_proc_show, 918 }; 919 920 static int sysvipc_proc_open(struct inode *inode, struct file *file) 921 { 922 int ret; 923 struct seq_file *seq; 924 struct ipc_proc_iter *iter; 925 926 ret = -ENOMEM; 927 iter = kmalloc(sizeof(*iter), GFP_KERNEL); 928 if (!iter) 929 goto out; 930 931 ret = seq_open(file, &sysvipc_proc_seqops); 932 if (ret) 933 goto out_kfree; 934 935 seq = file->private_data; 936 seq->private = iter; 937 938 iter->iface = PDE_DATA(inode); 939 iter->ns = get_ipc_ns(current->nsproxy->ipc_ns); 940 out: 941 return ret; 942 out_kfree: 943 kfree(iter); 944 goto out; 945 } 946 947 static int sysvipc_proc_release(struct inode *inode, struct file *file) 948 { 949 struct seq_file *seq = file->private_data; 950 struct ipc_proc_iter *iter = seq->private; 951 put_ipc_ns(iter->ns); 952 return seq_release_private(inode, file); 953 } 954 955 static const struct file_operations sysvipc_proc_fops = { 956 .open = sysvipc_proc_open, 957 .read = seq_read, 958 .llseek = seq_lseek, 959 .release = sysvipc_proc_release, 960 }; 961 #endif /* CONFIG_PROC_FS */ 962