xref: /openbmc/linux/kernel/groups.c (revision b6dcefde)
1 /*
2  * Supplementary group IDs
3  */
4 #include <linux/cred.h>
5 #include <linux/module.h>
6 #include <linux/slab.h>
7 #include <linux/security.h>
8 #include <linux/syscalls.h>
9 #include <asm/uaccess.h>
10 
11 /* init to 2 - one for init_task, one to ensure it is never freed */
12 struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
13 
14 struct group_info *groups_alloc(int gidsetsize)
15 {
16 	struct group_info *group_info;
17 	int nblocks;
18 	int i;
19 
20 	nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
21 	/* Make sure we always allocate at least one indirect block pointer */
22 	nblocks = nblocks ? : 1;
23 	group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
24 	if (!group_info)
25 		return NULL;
26 	group_info->ngroups = gidsetsize;
27 	group_info->nblocks = nblocks;
28 	atomic_set(&group_info->usage, 1);
29 
30 	if (gidsetsize <= NGROUPS_SMALL)
31 		group_info->blocks[0] = group_info->small_block;
32 	else {
33 		for (i = 0; i < nblocks; i++) {
34 			gid_t *b;
35 			b = (void *)__get_free_page(GFP_USER);
36 			if (!b)
37 				goto out_undo_partial_alloc;
38 			group_info->blocks[i] = b;
39 		}
40 	}
41 	return group_info;
42 
43 out_undo_partial_alloc:
44 	while (--i >= 0) {
45 		free_page((unsigned long)group_info->blocks[i]);
46 	}
47 	kfree(group_info);
48 	return NULL;
49 }
50 
51 EXPORT_SYMBOL(groups_alloc);
52 
53 void groups_free(struct group_info *group_info)
54 {
55 	if (group_info->blocks[0] != group_info->small_block) {
56 		int i;
57 		for (i = 0; i < group_info->nblocks; i++)
58 			free_page((unsigned long)group_info->blocks[i]);
59 	}
60 	kfree(group_info);
61 }
62 
63 EXPORT_SYMBOL(groups_free);
64 
65 /* export the group_info to a user-space array */
66 static int groups_to_user(gid_t __user *grouplist,
67 			  const struct group_info *group_info)
68 {
69 	int i;
70 	unsigned int count = group_info->ngroups;
71 
72 	for (i = 0; i < group_info->nblocks; i++) {
73 		unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
74 		unsigned int len = cp_count * sizeof(*grouplist);
75 
76 		if (copy_to_user(grouplist, group_info->blocks[i], len))
77 			return -EFAULT;
78 
79 		grouplist += NGROUPS_PER_BLOCK;
80 		count -= cp_count;
81 	}
82 	return 0;
83 }
84 
85 /* fill a group_info from a user-space array - it must be allocated already */
86 static int groups_from_user(struct group_info *group_info,
87     gid_t __user *grouplist)
88 {
89 	int i;
90 	unsigned int count = group_info->ngroups;
91 
92 	for (i = 0; i < group_info->nblocks; i++) {
93 		unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
94 		unsigned int len = cp_count * sizeof(*grouplist);
95 
96 		if (copy_from_user(group_info->blocks[i], grouplist, len))
97 			return -EFAULT;
98 
99 		grouplist += NGROUPS_PER_BLOCK;
100 		count -= cp_count;
101 	}
102 	return 0;
103 }
104 
105 /* a simple Shell sort */
106 static void groups_sort(struct group_info *group_info)
107 {
108 	int base, max, stride;
109 	int gidsetsize = group_info->ngroups;
110 
111 	for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
112 		; /* nothing */
113 	stride /= 3;
114 
115 	while (stride) {
116 		max = gidsetsize - stride;
117 		for (base = 0; base < max; base++) {
118 			int left = base;
119 			int right = left + stride;
120 			gid_t tmp = GROUP_AT(group_info, right);
121 
122 			while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
123 				GROUP_AT(group_info, right) =
124 				    GROUP_AT(group_info, left);
125 				right = left;
126 				left -= stride;
127 			}
128 			GROUP_AT(group_info, right) = tmp;
129 		}
130 		stride /= 3;
131 	}
132 }
133 
134 /* a simple bsearch */
135 int groups_search(const struct group_info *group_info, gid_t grp)
136 {
137 	unsigned int left, right;
138 
139 	if (!group_info)
140 		return 0;
141 
142 	left = 0;
143 	right = group_info->ngroups;
144 	while (left < right) {
145 		unsigned int mid = (left+right)/2;
146 		int cmp = grp - GROUP_AT(group_info, mid);
147 		if (cmp > 0)
148 			left = mid + 1;
149 		else if (cmp < 0)
150 			right = mid;
151 		else
152 			return 1;
153 	}
154 	return 0;
155 }
156 
157 /**
158  * set_groups - Change a group subscription in a set of credentials
159  * @new: The newly prepared set of credentials to alter
160  * @group_info: The group list to install
161  *
162  * Validate a group subscription and, if valid, insert it into a set
163  * of credentials.
164  */
165 int set_groups(struct cred *new, struct group_info *group_info)
166 {
167 	int retval;
168 
169 	retval = security_task_setgroups(group_info);
170 	if (retval)
171 		return retval;
172 
173 	put_group_info(new->group_info);
174 	groups_sort(group_info);
175 	get_group_info(group_info);
176 	new->group_info = group_info;
177 	return 0;
178 }
179 
180 EXPORT_SYMBOL(set_groups);
181 
182 /**
183  * set_current_groups - Change current's group subscription
184  * @group_info: The group list to impose
185  *
186  * Validate a group subscription and, if valid, impose it upon current's task
187  * security record.
188  */
189 int set_current_groups(struct group_info *group_info)
190 {
191 	struct cred *new;
192 	int ret;
193 
194 	new = prepare_creds();
195 	if (!new)
196 		return -ENOMEM;
197 
198 	ret = set_groups(new, group_info);
199 	if (ret < 0) {
200 		abort_creds(new);
201 		return ret;
202 	}
203 
204 	return commit_creds(new);
205 }
206 
207 EXPORT_SYMBOL(set_current_groups);
208 
209 SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
210 {
211 	const struct cred *cred = current_cred();
212 	int i;
213 
214 	if (gidsetsize < 0)
215 		return -EINVAL;
216 
217 	/* no need to grab task_lock here; it cannot change */
218 	i = cred->group_info->ngroups;
219 	if (gidsetsize) {
220 		if (i > gidsetsize) {
221 			i = -EINVAL;
222 			goto out;
223 		}
224 		if (groups_to_user(grouplist, cred->group_info)) {
225 			i = -EFAULT;
226 			goto out;
227 		}
228 	}
229 out:
230 	return i;
231 }
232 
233 /*
234  *	SMP: Our groups are copy-on-write. We can set them safely
235  *	without another task interfering.
236  */
237 
238 SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
239 {
240 	struct group_info *group_info;
241 	int retval;
242 
243 	if (!capable(CAP_SETGID))
244 		return -EPERM;
245 	if ((unsigned)gidsetsize > NGROUPS_MAX)
246 		return -EINVAL;
247 
248 	group_info = groups_alloc(gidsetsize);
249 	if (!group_info)
250 		return -ENOMEM;
251 	retval = groups_from_user(group_info, grouplist);
252 	if (retval) {
253 		put_group_info(group_info);
254 		return retval;
255 	}
256 
257 	retval = set_current_groups(group_info);
258 	put_group_info(group_info);
259 
260 	return retval;
261 }
262 
263 /*
264  * Check whether we're fsgid/egid or in the supplemental group..
265  */
266 int in_group_p(gid_t grp)
267 {
268 	const struct cred *cred = current_cred();
269 	int retval = 1;
270 
271 	if (grp != cred->fsgid)
272 		retval = groups_search(cred->group_info, grp);
273 	return retval;
274 }
275 
276 EXPORT_SYMBOL(in_group_p);
277 
278 int in_egroup_p(gid_t grp)
279 {
280 	const struct cred *cred = current_cred();
281 	int retval = 1;
282 
283 	if (grp != cred->egid)
284 		retval = groups_search(cred->group_info, grp);
285 	return retval;
286 }
287 
288 EXPORT_SYMBOL(in_egroup_p);
289