1 /* 2 * linux/ipc/util.c 3 * Copyright (C) 1992 Krishna Balasubramanian 4 * 5 * Sep 1997 - Call suser() last after "normal" permission checks so we 6 * get BSD style process accounting right. 7 * Occurs in several places in the IPC code. 8 * Chris Evans, <chris@ferret.lmh.ox.ac.uk> 9 * Nov 1999 - ipc helper functions, unified SMP locking 10 * Manfred Spraul <manfred@colorfullife.com> 11 * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). 12 * Mingming Cao <cmm@us.ibm.com> 13 * Mar 2006 - support for audit of ipc object properties 14 * Dustin Kirkland <dustin.kirkland@us.ibm.com> 15 * Jun 2006 - namespaces ssupport 16 * OpenVZ, SWsoft Inc. 17 * Pavel Emelianov <xemul@openvz.org> 18 */ 19 20 #include <linux/mm.h> 21 #include <linux/shm.h> 22 #include <linux/init.h> 23 #include <linux/msg.h> 24 #include <linux/vmalloc.h> 25 #include <linux/slab.h> 26 #include <linux/capability.h> 27 #include <linux/highuid.h> 28 #include <linux/security.h> 29 #include <linux/rcupdate.h> 30 #include <linux/workqueue.h> 31 #include <linux/seq_file.h> 32 #include <linux/proc_fs.h> 33 #include <linux/audit.h> 34 #include <linux/nsproxy.h> 35 #include <linux/rwsem.h> 36 37 #include <asm/unistd.h> 38 39 #include "util.h" 40 41 struct ipc_proc_iface { 42 const char *path; 43 const char *header; 44 int ids; 45 int (*show)(struct seq_file *, void *); 46 }; 47 48 struct ipc_namespace init_ipc_ns = { 49 .kref = { 50 .refcount = ATOMIC_INIT(2), 51 }, 52 }; 53 54 static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) 55 { 56 int err; 57 struct ipc_namespace *ns; 58 59 err = -ENOMEM; 60 ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL); 61 if (ns == NULL) 62 goto err_mem; 63 64 err = sem_init_ns(ns); 65 if (err) 66 goto err_sem; 67 err = msg_init_ns(ns); 68 if (err) 69 goto err_msg; 70 err = shm_init_ns(ns); 71 if (err) 72 goto err_shm; 73 74 kref_init(&ns->kref); 75 return ns; 76 77 err_shm: 78 msg_exit_ns(ns); 79 err_msg: 80 sem_exit_ns(ns); 81 err_sem: 82 kfree(ns); 83 err_mem: 84 return ERR_PTR(err); 85 } 86 87 struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns) 88 { 89 struct ipc_namespace *new_ns; 90 91 BUG_ON(!ns); 92 get_ipc_ns(ns); 93 94 if (!(flags & CLONE_NEWIPC)) 95 return ns; 96 97 new_ns = clone_ipc_ns(ns); 98 99 put_ipc_ns(ns); 100 return new_ns; 101 } 102 103 void free_ipc_ns(struct kref *kref) 104 { 105 struct ipc_namespace *ns; 106 107 ns = container_of(kref, struct ipc_namespace, kref); 108 sem_exit_ns(ns); 109 msg_exit_ns(ns); 110 shm_exit_ns(ns); 111 kfree(ns); 112 } 113 114 /** 115 * ipc_init - initialise IPC subsystem 116 * 117 * The various system5 IPC resources (semaphores, messages and shared 118 * memory) are initialised 119 */ 120 121 static int __init ipc_init(void) 122 { 123 sem_init(); 124 msg_init(); 125 shm_init(); 126 return 0; 127 } 128 __initcall(ipc_init); 129 130 /** 131 * ipc_init_ids - initialise IPC identifiers 132 * @ids: Identifier set 133 * 134 * Set up the sequence range to use for the ipc identifier range (limited 135 * below IPCMNI) then initialise the ids idr. 136 */ 137 138 void ipc_init_ids(struct ipc_ids *ids) 139 { 140 init_rwsem(&ids->rw_mutex); 141 142 ids->in_use = 0; 143 ids->seq = 0; 144 { 145 int seq_limit = INT_MAX/SEQ_MULTIPLIER; 146 if(seq_limit > USHRT_MAX) 147 ids->seq_max = USHRT_MAX; 148 else 149 ids->seq_max = seq_limit; 150 } 151 152 idr_init(&ids->ipcs_idr); 153 } 154 155 #ifdef CONFIG_PROC_FS 156 static const struct file_operations sysvipc_proc_fops; 157 /** 158 * ipc_init_proc_interface - Create a proc interface for sysipc types using a seq_file interface. 159 * @path: Path in procfs 160 * @header: Banner to be printed at the beginning of the file. 161 * @ids: ipc id table to iterate. 162 * @show: show routine. 163 */ 164 void __init ipc_init_proc_interface(const char *path, const char *header, 165 int ids, int (*show)(struct seq_file *, void *)) 166 { 167 struct proc_dir_entry *pde; 168 struct ipc_proc_iface *iface; 169 170 iface = kmalloc(sizeof(*iface), GFP_KERNEL); 171 if (!iface) 172 return; 173 iface->path = path; 174 iface->header = header; 175 iface->ids = ids; 176 iface->show = show; 177 178 pde = create_proc_entry(path, 179 S_IRUGO, /* world readable */ 180 NULL /* parent dir */); 181 if (pde) { 182 pde->data = iface; 183 pde->proc_fops = &sysvipc_proc_fops; 184 } else { 185 kfree(iface); 186 } 187 } 188 #endif 189 190 /** 191 * ipc_findkey - find a key in an ipc identifier set 192 * @ids: Identifier set 193 * @key: The key to find 194 * 195 * Requires ipc_ids.rw_mutex locked. 196 * Returns the LOCKED pointer to the ipc structure if found or NULL 197 * if not. 198 * If key is found ipc points to the owning ipc structure 199 */ 200 201 static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key) 202 { 203 struct kern_ipc_perm *ipc; 204 int next_id; 205 int total; 206 207 for (total = 0, next_id = 0; total < ids->in_use; next_id++) { 208 ipc = idr_find(&ids->ipcs_idr, next_id); 209 210 if (ipc == NULL) 211 continue; 212 213 if (ipc->key != key) { 214 total++; 215 continue; 216 } 217 218 ipc_lock_by_ptr(ipc); 219 return ipc; 220 } 221 222 return NULL; 223 } 224 225 /** 226 * ipc_get_maxid - get the last assigned id 227 * @ids: IPC identifier set 228 * 229 * Called with ipc_ids.rw_mutex held. 230 */ 231 232 int ipc_get_maxid(struct ipc_ids *ids) 233 { 234 struct kern_ipc_perm *ipc; 235 int max_id = -1; 236 int total, id; 237 238 if (ids->in_use == 0) 239 return -1; 240 241 if (ids->in_use == IPCMNI) 242 return IPCMNI - 1; 243 244 /* Look for the last assigned id */ 245 total = 0; 246 for (id = 0; id < IPCMNI && total < ids->in_use; id++) { 247 ipc = idr_find(&ids->ipcs_idr, id); 248 if (ipc != NULL) { 249 max_id = id; 250 total++; 251 } 252 } 253 return max_id; 254 } 255 256 /** 257 * ipc_addid - add an IPC identifier 258 * @ids: IPC identifier set 259 * @new: new IPC permission set 260 * @size: limit for the number of used ids 261 * 262 * Add an entry 'new' to the IPC ids idr. The permissions object is 263 * initialised and the first free entry is set up and the id assigned 264 * is returned. The 'new' entry is returned in a locked state on success. 265 * On failure the entry is not locked and a negative err-code is returned. 266 * 267 * Called with ipc_ids.rw_mutex held as a writer. 268 */ 269 270 int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) 271 { 272 int id, err; 273 274 if (size > IPCMNI) 275 size = IPCMNI; 276 277 if (ids->in_use >= size) 278 return -ENOSPC; 279 280 err = idr_get_new(&ids->ipcs_idr, new, &id); 281 if (err) 282 return err; 283 284 ids->in_use++; 285 286 new->cuid = new->uid = current->euid; 287 new->gid = new->cgid = current->egid; 288 289 new->seq = ids->seq++; 290 if(ids->seq > ids->seq_max) 291 ids->seq = 0; 292 293 spin_lock_init(&new->lock); 294 new->deleted = 0; 295 rcu_read_lock(); 296 spin_lock(&new->lock); 297 return id; 298 } 299 300 /** 301 * ipcget_new - create a new ipc object 302 * @ns: namespace 303 * @ids: IPC identifer set 304 * @ops: the actual creation routine to call 305 * @params: its parameters 306 * 307 * This routine is called by sys_msgget, sys_semget() and sys_shmget() 308 * when the key is IPC_PRIVATE. 309 */ 310 int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids, 311 struct ipc_ops *ops, struct ipc_params *params) 312 { 313 int err; 314 retry: 315 err = idr_pre_get(&ids->ipcs_idr, GFP_KERNEL); 316 317 if (!err) 318 return -ENOMEM; 319 320 down_write(&ids->rw_mutex); 321 err = ops->getnew(ns, params); 322 up_write(&ids->rw_mutex); 323 324 if (err == -EAGAIN) 325 goto retry; 326 327 return err; 328 } 329 330 /** 331 * ipc_check_perms - check security and permissions for an IPC 332 * @ipcp: ipc permission set 333 * @ops: the actual security routine to call 334 * @params: its parameters 335 * 336 * This routine is called by sys_msgget(), sys_semget() and sys_shmget() 337 * when the key is not IPC_PRIVATE and that key already exists in the 338 * ids IDR. 339 * 340 * On success, the IPC id is returned. 341 * 342 * It is called with ipc_ids.rw_mutex and ipcp->lock held. 343 */ 344 static int ipc_check_perms(struct kern_ipc_perm *ipcp, struct ipc_ops *ops, 345 struct ipc_params *params) 346 { 347 int err; 348 349 if (ipcperms(ipcp, params->flg)) 350 err = -EACCES; 351 else { 352 err = ops->associate(ipcp, params->flg); 353 if (!err) 354 err = ipcp->id; 355 } 356 357 return err; 358 } 359 360 /** 361 * ipcget_public - get an ipc object or create a new one 362 * @ns: namespace 363 * @ids: IPC identifer set 364 * @ops: the actual creation routine to call 365 * @params: its parameters 366 * 367 * This routine is called by sys_msgget, sys_semget() and sys_shmget() 368 * when the key is not IPC_PRIVATE. 369 * It adds a new entry if the key is not found and does some permission 370 * / security checkings if the key is found. 371 * 372 * On success, the ipc id is returned. 373 */ 374 int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, 375 struct ipc_ops *ops, struct ipc_params *params) 376 { 377 struct kern_ipc_perm *ipcp; 378 int flg = params->flg; 379 int err; 380 retry: 381 err = idr_pre_get(&ids->ipcs_idr, GFP_KERNEL); 382 383 /* 384 * Take the lock as a writer since we are potentially going to add 385 * a new entry + read locks are not "upgradable" 386 */ 387 down_write(&ids->rw_mutex); 388 ipcp = ipc_findkey(ids, params->key); 389 if (ipcp == NULL) { 390 /* key not used */ 391 if (!(flg & IPC_CREAT)) 392 err = -ENOENT; 393 else if (!err) 394 err = -ENOMEM; 395 else 396 err = ops->getnew(ns, params); 397 } else { 398 /* ipc object has been locked by ipc_findkey() */ 399 400 if (flg & IPC_CREAT && flg & IPC_EXCL) 401 err = -EEXIST; 402 else { 403 err = 0; 404 if (ops->more_checks) 405 err = ops->more_checks(ipcp, params); 406 if (!err) 407 /* 408 * ipc_check_perms returns the IPC id on 409 * success 410 */ 411 err = ipc_check_perms(ipcp, ops, params); 412 } 413 ipc_unlock(ipcp); 414 } 415 up_write(&ids->rw_mutex); 416 417 if (err == -EAGAIN) 418 goto retry; 419 420 return err; 421 } 422 423 424 /** 425 * ipc_rmid - remove an IPC identifier 426 * @ids: IPC identifier set 427 * @ipcp: ipc perm structure containing the identifier to remove 428 * 429 * ipc_ids.rw_mutex (as a writer) and the spinlock for this ID are held 430 * before this function is called, and remain locked on the exit. 431 */ 432 433 void ipc_rmid(struct ipc_ids *ids, struct kern_ipc_perm *ipcp) 434 { 435 int lid = ipcid_to_idx(ipcp->id); 436 437 idr_remove(&ids->ipcs_idr, lid); 438 439 ids->in_use--; 440 441 ipcp->deleted = 1; 442 443 return; 444 } 445 446 /** 447 * ipc_alloc - allocate ipc space 448 * @size: size desired 449 * 450 * Allocate memory from the appropriate pools and return a pointer to it. 451 * NULL is returned if the allocation fails 452 */ 453 454 void* ipc_alloc(int size) 455 { 456 void* out; 457 if(size > PAGE_SIZE) 458 out = vmalloc(size); 459 else 460 out = kmalloc(size, GFP_KERNEL); 461 return out; 462 } 463 464 /** 465 * ipc_free - free ipc space 466 * @ptr: pointer returned by ipc_alloc 467 * @size: size of block 468 * 469 * Free a block created with ipc_alloc(). The caller must know the size 470 * used in the allocation call. 471 */ 472 473 void ipc_free(void* ptr, int size) 474 { 475 if(size > PAGE_SIZE) 476 vfree(ptr); 477 else 478 kfree(ptr); 479 } 480 481 /* 482 * rcu allocations: 483 * There are three headers that are prepended to the actual allocation: 484 * - during use: ipc_rcu_hdr. 485 * - during the rcu grace period: ipc_rcu_grace. 486 * - [only if vmalloc]: ipc_rcu_sched. 487 * Their lifetime doesn't overlap, thus the headers share the same memory. 488 * Unlike a normal union, they are right-aligned, thus some container_of 489 * forward/backward casting is necessary: 490 */ 491 struct ipc_rcu_hdr 492 { 493 int refcount; 494 int is_vmalloc; 495 void *data[0]; 496 }; 497 498 499 struct ipc_rcu_grace 500 { 501 struct rcu_head rcu; 502 /* "void *" makes sure alignment of following data is sane. */ 503 void *data[0]; 504 }; 505 506 struct ipc_rcu_sched 507 { 508 struct work_struct work; 509 /* "void *" makes sure alignment of following data is sane. */ 510 void *data[0]; 511 }; 512 513 #define HDRLEN_KMALLOC (sizeof(struct ipc_rcu_grace) > sizeof(struct ipc_rcu_hdr) ? \ 514 sizeof(struct ipc_rcu_grace) : sizeof(struct ipc_rcu_hdr)) 515 #define HDRLEN_VMALLOC (sizeof(struct ipc_rcu_sched) > HDRLEN_KMALLOC ? \ 516 sizeof(struct ipc_rcu_sched) : HDRLEN_KMALLOC) 517 518 static inline int rcu_use_vmalloc(int size) 519 { 520 /* Too big for a single page? */ 521 if (HDRLEN_KMALLOC + size > PAGE_SIZE) 522 return 1; 523 return 0; 524 } 525 526 /** 527 * ipc_rcu_alloc - allocate ipc and rcu space 528 * @size: size desired 529 * 530 * Allocate memory for the rcu header structure + the object. 531 * Returns the pointer to the object. 532 * NULL is returned if the allocation fails. 533 */ 534 535 void* ipc_rcu_alloc(int size) 536 { 537 void* out; 538 /* 539 * We prepend the allocation with the rcu struct, and 540 * workqueue if necessary (for vmalloc). 541 */ 542 if (rcu_use_vmalloc(size)) { 543 out = vmalloc(HDRLEN_VMALLOC + size); 544 if (out) { 545 out += HDRLEN_VMALLOC; 546 container_of(out, struct ipc_rcu_hdr, data)->is_vmalloc = 1; 547 container_of(out, struct ipc_rcu_hdr, data)->refcount = 1; 548 } 549 } else { 550 out = kmalloc(HDRLEN_KMALLOC + size, GFP_KERNEL); 551 if (out) { 552 out += HDRLEN_KMALLOC; 553 container_of(out, struct ipc_rcu_hdr, data)->is_vmalloc = 0; 554 container_of(out, struct ipc_rcu_hdr, data)->refcount = 1; 555 } 556 } 557 558 return out; 559 } 560 561 void ipc_rcu_getref(void *ptr) 562 { 563 container_of(ptr, struct ipc_rcu_hdr, data)->refcount++; 564 } 565 566 static void ipc_do_vfree(struct work_struct *work) 567 { 568 vfree(container_of(work, struct ipc_rcu_sched, work)); 569 } 570 571 /** 572 * ipc_schedule_free - free ipc + rcu space 573 * @head: RCU callback structure for queued work 574 * 575 * Since RCU callback function is called in bh, 576 * we need to defer the vfree to schedule_work(). 577 */ 578 static void ipc_schedule_free(struct rcu_head *head) 579 { 580 struct ipc_rcu_grace *grace; 581 struct ipc_rcu_sched *sched; 582 583 grace = container_of(head, struct ipc_rcu_grace, rcu); 584 sched = container_of(&(grace->data[0]), struct ipc_rcu_sched, 585 data[0]); 586 587 INIT_WORK(&sched->work, ipc_do_vfree); 588 schedule_work(&sched->work); 589 } 590 591 /** 592 * ipc_immediate_free - free ipc + rcu space 593 * @head: RCU callback structure that contains pointer to be freed 594 * 595 * Free from the RCU callback context. 596 */ 597 static void ipc_immediate_free(struct rcu_head *head) 598 { 599 struct ipc_rcu_grace *free = 600 container_of(head, struct ipc_rcu_grace, rcu); 601 kfree(free); 602 } 603 604 void ipc_rcu_putref(void *ptr) 605 { 606 if (--container_of(ptr, struct ipc_rcu_hdr, data)->refcount > 0) 607 return; 608 609 if (container_of(ptr, struct ipc_rcu_hdr, data)->is_vmalloc) { 610 call_rcu(&container_of(ptr, struct ipc_rcu_grace, data)->rcu, 611 ipc_schedule_free); 612 } else { 613 call_rcu(&container_of(ptr, struct ipc_rcu_grace, data)->rcu, 614 ipc_immediate_free); 615 } 616 } 617 618 /** 619 * ipcperms - check IPC permissions 620 * @ipcp: IPC permission set 621 * @flag: desired permission set. 622 * 623 * Check user, group, other permissions for access 624 * to ipc resources. return 0 if allowed 625 */ 626 627 int ipcperms (struct kern_ipc_perm *ipcp, short flag) 628 { /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ 629 int requested_mode, granted_mode, err; 630 631 if (unlikely((err = audit_ipc_obj(ipcp)))) 632 return err; 633 requested_mode = (flag >> 6) | (flag >> 3) | flag; 634 granted_mode = ipcp->mode; 635 if (current->euid == ipcp->cuid || current->euid == ipcp->uid) 636 granted_mode >>= 6; 637 else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) 638 granted_mode >>= 3; 639 /* is there some bit set in requested_mode but not in granted_mode? */ 640 if ((requested_mode & ~granted_mode & 0007) && 641 !capable(CAP_IPC_OWNER)) 642 return -1; 643 644 return security_ipc_permission(ipcp, flag); 645 } 646 647 /* 648 * Functions to convert between the kern_ipc_perm structure and the 649 * old/new ipc_perm structures 650 */ 651 652 /** 653 * kernel_to_ipc64_perm - convert kernel ipc permissions to user 654 * @in: kernel permissions 655 * @out: new style IPC permissions 656 * 657 * Turn the kernel object @in into a set of permissions descriptions 658 * for returning to userspace (@out). 659 */ 660 661 662 void kernel_to_ipc64_perm (struct kern_ipc_perm *in, struct ipc64_perm *out) 663 { 664 out->key = in->key; 665 out->uid = in->uid; 666 out->gid = in->gid; 667 out->cuid = in->cuid; 668 out->cgid = in->cgid; 669 out->mode = in->mode; 670 out->seq = in->seq; 671 } 672 673 /** 674 * ipc64_perm_to_ipc_perm - convert new ipc permissions to old 675 * @in: new style IPC permissions 676 * @out: old style IPC permissions 677 * 678 * Turn the new style permissions object @in into a compatibility 679 * object and store it into the @out pointer. 680 */ 681 682 void ipc64_perm_to_ipc_perm (struct ipc64_perm *in, struct ipc_perm *out) 683 { 684 out->key = in->key; 685 SET_UID(out->uid, in->uid); 686 SET_GID(out->gid, in->gid); 687 SET_UID(out->cuid, in->cuid); 688 SET_GID(out->cgid, in->cgid); 689 out->mode = in->mode; 690 out->seq = in->seq; 691 } 692 693 /** 694 * ipc_lock - Lock an ipc structure without rw_mutex held 695 * @ids: IPC identifier set 696 * @id: ipc id to look for 697 * 698 * Look for an id in the ipc ids idr and lock the associated ipc object. 699 * 700 * The ipc object is locked on exit. 701 * 702 * This is the routine that should be called when the rw_mutex is not already 703 * held, i.e. idr tree not protected: it protects the idr tree in read mode 704 * during the idr_find(). 705 */ 706 707 struct kern_ipc_perm *ipc_lock(struct ipc_ids *ids, int id) 708 { 709 struct kern_ipc_perm *out; 710 int lid = ipcid_to_idx(id); 711 712 down_read(&ids->rw_mutex); 713 714 rcu_read_lock(); 715 out = idr_find(&ids->ipcs_idr, lid); 716 if (out == NULL) { 717 rcu_read_unlock(); 718 up_read(&ids->rw_mutex); 719 return ERR_PTR(-EINVAL); 720 } 721 722 up_read(&ids->rw_mutex); 723 724 spin_lock(&out->lock); 725 726 /* ipc_rmid() may have already freed the ID while ipc_lock 727 * was spinning: here verify that the structure is still valid 728 */ 729 if (out->deleted) { 730 spin_unlock(&out->lock); 731 rcu_read_unlock(); 732 return ERR_PTR(-EINVAL); 733 } 734 735 return out; 736 } 737 738 /** 739 * ipc_lock_down - Lock an ipc structure with rw_sem held 740 * @ids: IPC identifier set 741 * @id: ipc id to look for 742 * 743 * Look for an id in the ipc ids idr and lock the associated ipc object. 744 * 745 * The ipc object is locked on exit. 746 * 747 * This is the routine that should be called when the rw_mutex is already 748 * held, i.e. idr tree protected. 749 */ 750 751 struct kern_ipc_perm *ipc_lock_down(struct ipc_ids *ids, int id) 752 { 753 struct kern_ipc_perm *out; 754 int lid = ipcid_to_idx(id); 755 756 rcu_read_lock(); 757 out = idr_find(&ids->ipcs_idr, lid); 758 if (out == NULL) { 759 rcu_read_unlock(); 760 return ERR_PTR(-EINVAL); 761 } 762 763 spin_lock(&out->lock); 764 765 /* 766 * No need to verify that the structure is still valid since the 767 * rw_mutex is held. 768 */ 769 return out; 770 } 771 772 #ifdef __ARCH_WANT_IPC_PARSE_VERSION 773 774 775 /** 776 * ipc_parse_version - IPC call version 777 * @cmd: pointer to command 778 * 779 * Return IPC_64 for new style IPC and IPC_OLD for old style IPC. 780 * The @cmd value is turned from an encoding command and version into 781 * just the command code. 782 */ 783 784 int ipc_parse_version (int *cmd) 785 { 786 if (*cmd & IPC_64) { 787 *cmd ^= IPC_64; 788 return IPC_64; 789 } else { 790 return IPC_OLD; 791 } 792 } 793 794 #endif /* __ARCH_WANT_IPC_PARSE_VERSION */ 795 796 #ifdef CONFIG_PROC_FS 797 struct ipc_proc_iter { 798 struct ipc_namespace *ns; 799 struct ipc_proc_iface *iface; 800 }; 801 802 /* 803 * This routine locks the ipc structure found at least at position pos. 804 */ 805 struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, 806 loff_t *new_pos) 807 { 808 struct kern_ipc_perm *ipc; 809 int total, id; 810 811 total = 0; 812 for (id = 0; id < pos && total < ids->in_use; id++) { 813 ipc = idr_find(&ids->ipcs_idr, id); 814 if (ipc != NULL) 815 total++; 816 } 817 818 if (total >= ids->in_use) 819 return NULL; 820 821 for ( ; pos < IPCMNI; pos++) { 822 ipc = idr_find(&ids->ipcs_idr, pos); 823 if (ipc != NULL) { 824 *new_pos = pos + 1; 825 ipc_lock_by_ptr(ipc); 826 return ipc; 827 } 828 } 829 830 /* Out of range - return NULL to terminate iteration */ 831 return NULL; 832 } 833 834 static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) 835 { 836 struct ipc_proc_iter *iter = s->private; 837 struct ipc_proc_iface *iface = iter->iface; 838 struct kern_ipc_perm *ipc = it; 839 840 /* If we had an ipc id locked before, unlock it */ 841 if (ipc && ipc != SEQ_START_TOKEN) 842 ipc_unlock(ipc); 843 844 return sysvipc_find_ipc(iter->ns->ids[iface->ids], *pos, pos); 845 } 846 847 /* 848 * File positions: pos 0 -> header, pos n -> ipc id = n - 1. 849 * SeqFile iterator: iterator value locked ipc pointer or SEQ_TOKEN_START. 850 */ 851 static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) 852 { 853 struct ipc_proc_iter *iter = s->private; 854 struct ipc_proc_iface *iface = iter->iface; 855 struct ipc_ids *ids; 856 857 ids = iter->ns->ids[iface->ids]; 858 859 /* 860 * Take the lock - this will be released by the corresponding 861 * call to stop(). 862 */ 863 down_read(&ids->rw_mutex); 864 865 /* pos < 0 is invalid */ 866 if (*pos < 0) 867 return NULL; 868 869 /* pos == 0 means header */ 870 if (*pos == 0) 871 return SEQ_START_TOKEN; 872 873 /* Find the (pos-1)th ipc */ 874 return sysvipc_find_ipc(ids, *pos - 1, pos); 875 } 876 877 static void sysvipc_proc_stop(struct seq_file *s, void *it) 878 { 879 struct kern_ipc_perm *ipc = it; 880 struct ipc_proc_iter *iter = s->private; 881 struct ipc_proc_iface *iface = iter->iface; 882 struct ipc_ids *ids; 883 884 /* If we had a locked structure, release it */ 885 if (ipc && ipc != SEQ_START_TOKEN) 886 ipc_unlock(ipc); 887 888 ids = iter->ns->ids[iface->ids]; 889 /* Release the lock we took in start() */ 890 up_read(&ids->rw_mutex); 891 } 892 893 static int sysvipc_proc_show(struct seq_file *s, void *it) 894 { 895 struct ipc_proc_iter *iter = s->private; 896 struct ipc_proc_iface *iface = iter->iface; 897 898 if (it == SEQ_START_TOKEN) 899 return seq_puts(s, iface->header); 900 901 return iface->show(s, it); 902 } 903 904 static struct seq_operations sysvipc_proc_seqops = { 905 .start = sysvipc_proc_start, 906 .stop = sysvipc_proc_stop, 907 .next = sysvipc_proc_next, 908 .show = sysvipc_proc_show, 909 }; 910 911 static int sysvipc_proc_open(struct inode *inode, struct file *file) 912 { 913 int ret; 914 struct seq_file *seq; 915 struct ipc_proc_iter *iter; 916 917 ret = -ENOMEM; 918 iter = kmalloc(sizeof(*iter), GFP_KERNEL); 919 if (!iter) 920 goto out; 921 922 ret = seq_open(file, &sysvipc_proc_seqops); 923 if (ret) 924 goto out_kfree; 925 926 seq = file->private_data; 927 seq->private = iter; 928 929 iter->iface = PDE(inode)->data; 930 iter->ns = get_ipc_ns(current->nsproxy->ipc_ns); 931 out: 932 return ret; 933 out_kfree: 934 kfree(iter); 935 goto out; 936 } 937 938 static int sysvipc_proc_release(struct inode *inode, struct file *file) 939 { 940 struct seq_file *seq = file->private_data; 941 struct ipc_proc_iter *iter = seq->private; 942 put_ipc_ns(iter->ns); 943 return seq_release_private(inode, file); 944 } 945 946 static const struct file_operations sysvipc_proc_fops = { 947 .open = sysvipc_proc_open, 948 .read = seq_read, 949 .llseek = seq_lseek, 950 .release = sysvipc_proc_release, 951 }; 952 #endif /* CONFIG_PROC_FS */ 953