xref: /openbmc/linux/kernel/groups.c (revision a34a9f1a)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Supplementary group IDs
4  */
5 #include <linux/cred.h>
6 #include <linux/export.h>
7 #include <linux/slab.h>
8 #include <linux/security.h>
9 #include <linux/sort.h>
10 #include <linux/syscalls.h>
11 #include <linux/user_namespace.h>
12 #include <linux/vmalloc.h>
13 #include <linux/uaccess.h>
14 
15 struct group_info *groups_alloc(int gidsetsize)
16 {
17 	struct group_info *gi;
18 	gi = kvmalloc(struct_size(gi, gid, gidsetsize), GFP_KERNEL_ACCOUNT);
19 	if (!gi)
20 		return NULL;
21 
22 	atomic_set(&gi->usage, 1);
23 	gi->ngroups = gidsetsize;
24 	return gi;
25 }
26 
27 EXPORT_SYMBOL(groups_alloc);
28 
29 void groups_free(struct group_info *group_info)
30 {
31 	kvfree(group_info);
32 }
33 
34 EXPORT_SYMBOL(groups_free);
35 
36 /* export the group_info to a user-space array */
37 static int groups_to_user(gid_t __user *grouplist,
38 			  const struct group_info *group_info)
39 {
40 	struct user_namespace *user_ns = current_user_ns();
41 	int i;
42 	unsigned int count = group_info->ngroups;
43 
44 	for (i = 0; i < count; i++) {
45 		gid_t gid;
46 		gid = from_kgid_munged(user_ns, group_info->gid[i]);
47 		if (put_user(gid, grouplist+i))
48 			return -EFAULT;
49 	}
50 	return 0;
51 }
52 
53 /* fill a group_info from a user-space array - it must be allocated already */
54 static int groups_from_user(struct group_info *group_info,
55     gid_t __user *grouplist)
56 {
57 	struct user_namespace *user_ns = current_user_ns();
58 	int i;
59 	unsigned int count = group_info->ngroups;
60 
61 	for (i = 0; i < count; i++) {
62 		gid_t gid;
63 		kgid_t kgid;
64 		if (get_user(gid, grouplist+i))
65 			return -EFAULT;
66 
67 		kgid = make_kgid(user_ns, gid);
68 		if (!gid_valid(kgid))
69 			return -EINVAL;
70 
71 		group_info->gid[i] = kgid;
72 	}
73 	return 0;
74 }
75 
76 static int gid_cmp(const void *_a, const void *_b)
77 {
78 	kgid_t a = *(kgid_t *)_a;
79 	kgid_t b = *(kgid_t *)_b;
80 
81 	return gid_gt(a, b) - gid_lt(a, b);
82 }
83 
84 void groups_sort(struct group_info *group_info)
85 {
86 	sort(group_info->gid, group_info->ngroups, sizeof(*group_info->gid),
87 	     gid_cmp, NULL);
88 }
89 EXPORT_SYMBOL(groups_sort);
90 
91 /* a simple bsearch */
92 int groups_search(const struct group_info *group_info, kgid_t grp)
93 {
94 	unsigned int left, right;
95 
96 	if (!group_info)
97 		return 0;
98 
99 	left = 0;
100 	right = group_info->ngroups;
101 	while (left < right) {
102 		unsigned int mid = (left+right)/2;
103 		if (gid_gt(grp, group_info->gid[mid]))
104 			left = mid + 1;
105 		else if (gid_lt(grp, group_info->gid[mid]))
106 			right = mid;
107 		else
108 			return 1;
109 	}
110 	return 0;
111 }
112 
113 /**
114  * set_groups - Change a group subscription in a set of credentials
115  * @new: The newly prepared set of credentials to alter
116  * @group_info: The group list to install
117  */
118 void set_groups(struct cred *new, struct group_info *group_info)
119 {
120 	put_group_info(new->group_info);
121 	get_group_info(group_info);
122 	new->group_info = group_info;
123 }
124 
125 EXPORT_SYMBOL(set_groups);
126 
127 /**
128  * set_current_groups - Change current's group subscription
129  * @group_info: The group list to impose
130  *
131  * Validate a group subscription and, if valid, impose it upon current's task
132  * security record.
133  */
134 int set_current_groups(struct group_info *group_info)
135 {
136 	struct cred *new;
137 	const struct cred *old;
138 	int retval;
139 
140 	new = prepare_creds();
141 	if (!new)
142 		return -ENOMEM;
143 
144 	old = current_cred();
145 
146 	set_groups(new, group_info);
147 
148 	retval = security_task_fix_setgroups(new, old);
149 	if (retval < 0)
150 		goto error;
151 
152 	return commit_creds(new);
153 
154 error:
155 	abort_creds(new);
156 	return retval;
157 }
158 
159 EXPORT_SYMBOL(set_current_groups);
160 
161 SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
162 {
163 	const struct cred *cred = current_cred();
164 	int i;
165 
166 	if (gidsetsize < 0)
167 		return -EINVAL;
168 
169 	/* no need to grab task_lock here; it cannot change */
170 	i = cred->group_info->ngroups;
171 	if (gidsetsize) {
172 		if (i > gidsetsize) {
173 			i = -EINVAL;
174 			goto out;
175 		}
176 		if (groups_to_user(grouplist, cred->group_info)) {
177 			i = -EFAULT;
178 			goto out;
179 		}
180 	}
181 out:
182 	return i;
183 }
184 
185 bool may_setgroups(void)
186 {
187 	struct user_namespace *user_ns = current_user_ns();
188 
189 	return ns_capable_setid(user_ns, CAP_SETGID) &&
190 		userns_may_setgroups(user_ns);
191 }
192 
193 /*
194  *	SMP: Our groups are copy-on-write. We can set them safely
195  *	without another task interfering.
196  */
197 
198 SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
199 {
200 	struct group_info *group_info;
201 	int retval;
202 
203 	if (!may_setgroups())
204 		return -EPERM;
205 	if ((unsigned)gidsetsize > NGROUPS_MAX)
206 		return -EINVAL;
207 
208 	group_info = groups_alloc(gidsetsize);
209 	if (!group_info)
210 		return -ENOMEM;
211 	retval = groups_from_user(group_info, grouplist);
212 	if (retval) {
213 		put_group_info(group_info);
214 		return retval;
215 	}
216 
217 	groups_sort(group_info);
218 	retval = set_current_groups(group_info);
219 	put_group_info(group_info);
220 
221 	return retval;
222 }
223 
224 /*
225  * Check whether we're fsgid/egid or in the supplemental group..
226  */
227 int in_group_p(kgid_t grp)
228 {
229 	const struct cred *cred = current_cred();
230 	int retval = 1;
231 
232 	if (!gid_eq(grp, cred->fsgid))
233 		retval = groups_search(cred->group_info, grp);
234 	return retval;
235 }
236 
237 EXPORT_SYMBOL(in_group_p);
238 
239 int in_egroup_p(kgid_t grp)
240 {
241 	const struct cred *cred = current_cred();
242 	int retval = 1;
243 
244 	if (!gid_eq(grp, cred->egid))
245 		retval = groups_search(cred->group_info, grp);
246 	return retval;
247 }
248 
249 EXPORT_SYMBOL(in_egroup_p);
250