1 /* 2 * linux/kernel/sys.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7 #include <linux/export.h> 8 #include <linux/mm.h> 9 #include <linux/utsname.h> 10 #include <linux/mman.h> 11 #include <linux/reboot.h> 12 #include <linux/prctl.h> 13 #include <linux/highuid.h> 14 #include <linux/fs.h> 15 #include <linux/kmod.h> 16 #include <linux/perf_event.h> 17 #include <linux/resource.h> 18 #include <linux/kernel.h> 19 #include <linux/workqueue.h> 20 #include <linux/capability.h> 21 #include <linux/device.h> 22 #include <linux/key.h> 23 #include <linux/times.h> 24 #include <linux/posix-timers.h> 25 #include <linux/security.h> 26 #include <linux/dcookies.h> 27 #include <linux/suspend.h> 28 #include <linux/tty.h> 29 #include <linux/signal.h> 30 #include <linux/cn_proc.h> 31 #include <linux/getcpu.h> 32 #include <linux/task_io_accounting_ops.h> 33 #include <linux/seccomp.h> 34 #include <linux/cpu.h> 35 #include <linux/personality.h> 36 #include <linux/ptrace.h> 37 #include <linux/fs_struct.h> 38 #include <linux/file.h> 39 #include <linux/mount.h> 40 #include <linux/gfp.h> 41 #include <linux/syscore_ops.h> 42 #include <linux/version.h> 43 #include <linux/ctype.h> 44 45 #include <linux/compat.h> 46 #include <linux/syscalls.h> 47 #include <linux/kprobes.h> 48 #include <linux/user_namespace.h> 49 #include <linux/binfmts.h> 50 51 #include <linux/sched.h> 52 #include <linux/rcupdate.h> 53 #include <linux/uidgid.h> 54 #include <linux/cred.h> 55 56 #include <linux/kmsg_dump.h> 57 /* Move somewhere else to avoid recompiling? */ 58 #include <generated/utsrelease.h> 59 60 #include <asm/uaccess.h> 61 #include <asm/io.h> 62 #include <asm/unistd.h> 63 64 #ifndef SET_UNALIGN_CTL 65 # define SET_UNALIGN_CTL(a, b) (-EINVAL) 66 #endif 67 #ifndef GET_UNALIGN_CTL 68 # define GET_UNALIGN_CTL(a, b) (-EINVAL) 69 #endif 70 #ifndef SET_FPEMU_CTL 71 # define SET_FPEMU_CTL(a, b) (-EINVAL) 72 #endif 73 #ifndef GET_FPEMU_CTL 74 # define GET_FPEMU_CTL(a, b) (-EINVAL) 75 #endif 76 #ifndef SET_FPEXC_CTL 77 # define SET_FPEXC_CTL(a, b) (-EINVAL) 78 #endif 79 #ifndef GET_FPEXC_CTL 80 # define GET_FPEXC_CTL(a, b) (-EINVAL) 81 #endif 82 #ifndef GET_ENDIAN 83 # define GET_ENDIAN(a, b) (-EINVAL) 84 #endif 85 #ifndef SET_ENDIAN 86 # define SET_ENDIAN(a, b) (-EINVAL) 87 #endif 88 #ifndef GET_TSC_CTL 89 # define GET_TSC_CTL(a) (-EINVAL) 90 #endif 91 #ifndef SET_TSC_CTL 92 # define SET_TSC_CTL(a) (-EINVAL) 93 #endif 94 #ifndef MPX_ENABLE_MANAGEMENT 95 # define MPX_ENABLE_MANAGEMENT(a) (-EINVAL) 96 #endif 97 #ifndef MPX_DISABLE_MANAGEMENT 98 # define MPX_DISABLE_MANAGEMENT(a) (-EINVAL) 99 #endif 100 #ifndef GET_FP_MODE 101 # define GET_FP_MODE(a) (-EINVAL) 102 #endif 103 #ifndef SET_FP_MODE 104 # define SET_FP_MODE(a,b) (-EINVAL) 105 #endif 106 107 /* 108 * this is where the system-wide overflow UID and GID are defined, for 109 * architectures that now have 32-bit UID/GID but didn't in the past 110 */ 111 112 int overflowuid = DEFAULT_OVERFLOWUID; 113 int overflowgid = DEFAULT_OVERFLOWGID; 114 115 EXPORT_SYMBOL(overflowuid); 116 EXPORT_SYMBOL(overflowgid); 117 118 /* 119 * the same as above, but for filesystems which can only store a 16-bit 120 * UID and GID. as such, this is needed on all architectures 121 */ 122 123 int fs_overflowuid = DEFAULT_FS_OVERFLOWUID; 124 int fs_overflowgid = DEFAULT_FS_OVERFLOWUID; 125 126 EXPORT_SYMBOL(fs_overflowuid); 127 EXPORT_SYMBOL(fs_overflowgid); 128 129 /* 130 * Returns true if current's euid is same as p's uid or euid, 131 * or has CAP_SYS_NICE to p's user_ns. 132 * 133 * Called with rcu_read_lock, creds are safe 134 */ 135 static bool set_one_prio_perm(struct task_struct *p) 136 { 137 const struct cred *cred = current_cred(), *pcred = __task_cred(p); 138 139 if (uid_eq(pcred->uid, cred->euid) || 140 uid_eq(pcred->euid, cred->euid)) 141 return true; 142 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) 143 return true; 144 return false; 145 } 146 147 /* 148 * set the priority of a task 149 * - the caller must hold the RCU read lock 150 */ 151 static int set_one_prio(struct task_struct *p, int niceval, int error) 152 { 153 int no_nice; 154 155 if (!set_one_prio_perm(p)) { 156 error = -EPERM; 157 goto out; 158 } 159 if (niceval < task_nice(p) && !can_nice(p, niceval)) { 160 error = -EACCES; 161 goto out; 162 } 163 no_nice = security_task_setnice(p, niceval); 164 if (no_nice) { 165 error = no_nice; 166 goto out; 167 } 168 if (error == -ESRCH) 169 error = 0; 170 set_user_nice(p, niceval); 171 out: 172 return error; 173 } 174 175 SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) 176 { 177 struct task_struct *g, *p; 178 struct user_struct *user; 179 const struct cred *cred = current_cred(); 180 int error = -EINVAL; 181 struct pid *pgrp; 182 kuid_t uid; 183 184 if (which > PRIO_USER || which < PRIO_PROCESS) 185 goto out; 186 187 /* normalize: avoid signed division (rounding problems) */ 188 error = -ESRCH; 189 if (niceval < MIN_NICE) 190 niceval = MIN_NICE; 191 if (niceval > MAX_NICE) 192 niceval = MAX_NICE; 193 194 rcu_read_lock(); 195 read_lock(&tasklist_lock); 196 switch (which) { 197 case PRIO_PROCESS: 198 if (who) 199 p = find_task_by_vpid(who); 200 else 201 p = current; 202 if (p) 203 error = set_one_prio(p, niceval, error); 204 break; 205 case PRIO_PGRP: 206 if (who) 207 pgrp = find_vpid(who); 208 else 209 pgrp = task_pgrp(current); 210 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 211 error = set_one_prio(p, niceval, error); 212 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 213 break; 214 case PRIO_USER: 215 uid = make_kuid(cred->user_ns, who); 216 user = cred->user; 217 if (!who) 218 uid = cred->uid; 219 else if (!uid_eq(uid, cred->uid)) { 220 user = find_user(uid); 221 if (!user) 222 goto out_unlock; /* No processes for this user */ 223 } 224 do_each_thread(g, p) { 225 if (uid_eq(task_uid(p), uid)) 226 error = set_one_prio(p, niceval, error); 227 } while_each_thread(g, p); 228 if (!uid_eq(uid, cred->uid)) 229 free_uid(user); /* For find_user() */ 230 break; 231 } 232 out_unlock: 233 read_unlock(&tasklist_lock); 234 rcu_read_unlock(); 235 out: 236 return error; 237 } 238 239 /* 240 * Ugh. To avoid negative return values, "getpriority()" will 241 * not return the normal nice-value, but a negated value that 242 * has been offset by 20 (ie it returns 40..1 instead of -20..19) 243 * to stay compatible. 244 */ 245 SYSCALL_DEFINE2(getpriority, int, which, int, who) 246 { 247 struct task_struct *g, *p; 248 struct user_struct *user; 249 const struct cred *cred = current_cred(); 250 long niceval, retval = -ESRCH; 251 struct pid *pgrp; 252 kuid_t uid; 253 254 if (which > PRIO_USER || which < PRIO_PROCESS) 255 return -EINVAL; 256 257 rcu_read_lock(); 258 read_lock(&tasklist_lock); 259 switch (which) { 260 case PRIO_PROCESS: 261 if (who) 262 p = find_task_by_vpid(who); 263 else 264 p = current; 265 if (p) { 266 niceval = nice_to_rlimit(task_nice(p)); 267 if (niceval > retval) 268 retval = niceval; 269 } 270 break; 271 case PRIO_PGRP: 272 if (who) 273 pgrp = find_vpid(who); 274 else 275 pgrp = task_pgrp(current); 276 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 277 niceval = nice_to_rlimit(task_nice(p)); 278 if (niceval > retval) 279 retval = niceval; 280 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 281 break; 282 case PRIO_USER: 283 uid = make_kuid(cred->user_ns, who); 284 user = cred->user; 285 if (!who) 286 uid = cred->uid; 287 else if (!uid_eq(uid, cred->uid)) { 288 user = find_user(uid); 289 if (!user) 290 goto out_unlock; /* No processes for this user */ 291 } 292 do_each_thread(g, p) { 293 if (uid_eq(task_uid(p), uid)) { 294 niceval = nice_to_rlimit(task_nice(p)); 295 if (niceval > retval) 296 retval = niceval; 297 } 298 } while_each_thread(g, p); 299 if (!uid_eq(uid, cred->uid)) 300 free_uid(user); /* for find_user() */ 301 break; 302 } 303 out_unlock: 304 read_unlock(&tasklist_lock); 305 rcu_read_unlock(); 306 307 return retval; 308 } 309 310 /* 311 * Unprivileged users may change the real gid to the effective gid 312 * or vice versa. (BSD-style) 313 * 314 * If you set the real gid at all, or set the effective gid to a value not 315 * equal to the real gid, then the saved gid is set to the new effective gid. 316 * 317 * This makes it possible for a setgid program to completely drop its 318 * privileges, which is often a useful assertion to make when you are doing 319 * a security audit over a program. 320 * 321 * The general idea is that a program which uses just setregid() will be 322 * 100% compatible with BSD. A program which uses just setgid() will be 323 * 100% compatible with POSIX with saved IDs. 324 * 325 * SMP: There are not races, the GIDs are checked only by filesystem 326 * operations (as far as semantic preservation is concerned). 327 */ 328 SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) 329 { 330 struct user_namespace *ns = current_user_ns(); 331 const struct cred *old; 332 struct cred *new; 333 int retval; 334 kgid_t krgid, kegid; 335 336 krgid = make_kgid(ns, rgid); 337 kegid = make_kgid(ns, egid); 338 339 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 340 return -EINVAL; 341 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 342 return -EINVAL; 343 344 new = prepare_creds(); 345 if (!new) 346 return -ENOMEM; 347 old = current_cred(); 348 349 retval = -EPERM; 350 if (rgid != (gid_t) -1) { 351 if (gid_eq(old->gid, krgid) || 352 gid_eq(old->egid, krgid) || 353 ns_capable(old->user_ns, CAP_SETGID)) 354 new->gid = krgid; 355 else 356 goto error; 357 } 358 if (egid != (gid_t) -1) { 359 if (gid_eq(old->gid, kegid) || 360 gid_eq(old->egid, kegid) || 361 gid_eq(old->sgid, kegid) || 362 ns_capable(old->user_ns, CAP_SETGID)) 363 new->egid = kegid; 364 else 365 goto error; 366 } 367 368 if (rgid != (gid_t) -1 || 369 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) 370 new->sgid = new->egid; 371 new->fsgid = new->egid; 372 373 return commit_creds(new); 374 375 error: 376 abort_creds(new); 377 return retval; 378 } 379 380 /* 381 * setgid() is implemented like SysV w/ SAVED_IDS 382 * 383 * SMP: Same implicit races as above. 384 */ 385 SYSCALL_DEFINE1(setgid, gid_t, gid) 386 { 387 struct user_namespace *ns = current_user_ns(); 388 const struct cred *old; 389 struct cred *new; 390 int retval; 391 kgid_t kgid; 392 393 kgid = make_kgid(ns, gid); 394 if (!gid_valid(kgid)) 395 return -EINVAL; 396 397 new = prepare_creds(); 398 if (!new) 399 return -ENOMEM; 400 old = current_cred(); 401 402 retval = -EPERM; 403 if (ns_capable(old->user_ns, CAP_SETGID)) 404 new->gid = new->egid = new->sgid = new->fsgid = kgid; 405 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) 406 new->egid = new->fsgid = kgid; 407 else 408 goto error; 409 410 return commit_creds(new); 411 412 error: 413 abort_creds(new); 414 return retval; 415 } 416 417 /* 418 * change the user struct in a credentials set to match the new UID 419 */ 420 static int set_user(struct cred *new) 421 { 422 struct user_struct *new_user; 423 424 new_user = alloc_uid(new->uid); 425 if (!new_user) 426 return -EAGAIN; 427 428 /* 429 * We don't fail in case of NPROC limit excess here because too many 430 * poorly written programs don't check set*uid() return code, assuming 431 * it never fails if called by root. We may still enforce NPROC limit 432 * for programs doing set*uid()+execve() by harmlessly deferring the 433 * failure to the execve() stage. 434 */ 435 if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) && 436 new_user != INIT_USER) 437 current->flags |= PF_NPROC_EXCEEDED; 438 else 439 current->flags &= ~PF_NPROC_EXCEEDED; 440 441 free_uid(new->user); 442 new->user = new_user; 443 return 0; 444 } 445 446 /* 447 * Unprivileged users may change the real uid to the effective uid 448 * or vice versa. (BSD-style) 449 * 450 * If you set the real uid at all, or set the effective uid to a value not 451 * equal to the real uid, then the saved uid is set to the new effective uid. 452 * 453 * This makes it possible for a setuid program to completely drop its 454 * privileges, which is often a useful assertion to make when you are doing 455 * a security audit over a program. 456 * 457 * The general idea is that a program which uses just setreuid() will be 458 * 100% compatible with BSD. A program which uses just setuid() will be 459 * 100% compatible with POSIX with saved IDs. 460 */ 461 SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) 462 { 463 struct user_namespace *ns = current_user_ns(); 464 const struct cred *old; 465 struct cred *new; 466 int retval; 467 kuid_t kruid, keuid; 468 469 kruid = make_kuid(ns, ruid); 470 keuid = make_kuid(ns, euid); 471 472 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 473 return -EINVAL; 474 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 475 return -EINVAL; 476 477 new = prepare_creds(); 478 if (!new) 479 return -ENOMEM; 480 old = current_cred(); 481 482 retval = -EPERM; 483 if (ruid != (uid_t) -1) { 484 new->uid = kruid; 485 if (!uid_eq(old->uid, kruid) && 486 !uid_eq(old->euid, kruid) && 487 !ns_capable(old->user_ns, CAP_SETUID)) 488 goto error; 489 } 490 491 if (euid != (uid_t) -1) { 492 new->euid = keuid; 493 if (!uid_eq(old->uid, keuid) && 494 !uid_eq(old->euid, keuid) && 495 !uid_eq(old->suid, keuid) && 496 !ns_capable(old->user_ns, CAP_SETUID)) 497 goto error; 498 } 499 500 if (!uid_eq(new->uid, old->uid)) { 501 retval = set_user(new); 502 if (retval < 0) 503 goto error; 504 } 505 if (ruid != (uid_t) -1 || 506 (euid != (uid_t) -1 && !uid_eq(keuid, old->uid))) 507 new->suid = new->euid; 508 new->fsuid = new->euid; 509 510 retval = security_task_fix_setuid(new, old, LSM_SETID_RE); 511 if (retval < 0) 512 goto error; 513 514 return commit_creds(new); 515 516 error: 517 abort_creds(new); 518 return retval; 519 } 520 521 /* 522 * setuid() is implemented like SysV with SAVED_IDS 523 * 524 * Note that SAVED_ID's is deficient in that a setuid root program 525 * like sendmail, for example, cannot set its uid to be a normal 526 * user and then switch back, because if you're root, setuid() sets 527 * the saved uid too. If you don't like this, blame the bright people 528 * in the POSIX committee and/or USG. Note that the BSD-style setreuid() 529 * will allow a root program to temporarily drop privileges and be able to 530 * regain them by swapping the real and effective uid. 531 */ 532 SYSCALL_DEFINE1(setuid, uid_t, uid) 533 { 534 struct user_namespace *ns = current_user_ns(); 535 const struct cred *old; 536 struct cred *new; 537 int retval; 538 kuid_t kuid; 539 540 kuid = make_kuid(ns, uid); 541 if (!uid_valid(kuid)) 542 return -EINVAL; 543 544 new = prepare_creds(); 545 if (!new) 546 return -ENOMEM; 547 old = current_cred(); 548 549 retval = -EPERM; 550 if (ns_capable(old->user_ns, CAP_SETUID)) { 551 new->suid = new->uid = kuid; 552 if (!uid_eq(kuid, old->uid)) { 553 retval = set_user(new); 554 if (retval < 0) 555 goto error; 556 } 557 } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) { 558 goto error; 559 } 560 561 new->fsuid = new->euid = kuid; 562 563 retval = security_task_fix_setuid(new, old, LSM_SETID_ID); 564 if (retval < 0) 565 goto error; 566 567 return commit_creds(new); 568 569 error: 570 abort_creds(new); 571 return retval; 572 } 573 574 575 /* 576 * This function implements a generic ability to update ruid, euid, 577 * and suid. This allows you to implement the 4.4 compatible seteuid(). 578 */ 579 SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) 580 { 581 struct user_namespace *ns = current_user_ns(); 582 const struct cred *old; 583 struct cred *new; 584 int retval; 585 kuid_t kruid, keuid, ksuid; 586 587 kruid = make_kuid(ns, ruid); 588 keuid = make_kuid(ns, euid); 589 ksuid = make_kuid(ns, suid); 590 591 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 592 return -EINVAL; 593 594 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 595 return -EINVAL; 596 597 if ((suid != (uid_t) -1) && !uid_valid(ksuid)) 598 return -EINVAL; 599 600 new = prepare_creds(); 601 if (!new) 602 return -ENOMEM; 603 604 old = current_cred(); 605 606 retval = -EPERM; 607 if (!ns_capable(old->user_ns, CAP_SETUID)) { 608 if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) && 609 !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid)) 610 goto error; 611 if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) && 612 !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid)) 613 goto error; 614 if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) && 615 !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid)) 616 goto error; 617 } 618 619 if (ruid != (uid_t) -1) { 620 new->uid = kruid; 621 if (!uid_eq(kruid, old->uid)) { 622 retval = set_user(new); 623 if (retval < 0) 624 goto error; 625 } 626 } 627 if (euid != (uid_t) -1) 628 new->euid = keuid; 629 if (suid != (uid_t) -1) 630 new->suid = ksuid; 631 new->fsuid = new->euid; 632 633 retval = security_task_fix_setuid(new, old, LSM_SETID_RES); 634 if (retval < 0) 635 goto error; 636 637 return commit_creds(new); 638 639 error: 640 abort_creds(new); 641 return retval; 642 } 643 644 SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp) 645 { 646 const struct cred *cred = current_cred(); 647 int retval; 648 uid_t ruid, euid, suid; 649 650 ruid = from_kuid_munged(cred->user_ns, cred->uid); 651 euid = from_kuid_munged(cred->user_ns, cred->euid); 652 suid = from_kuid_munged(cred->user_ns, cred->suid); 653 654 retval = put_user(ruid, ruidp); 655 if (!retval) { 656 retval = put_user(euid, euidp); 657 if (!retval) 658 return put_user(suid, suidp); 659 } 660 return retval; 661 } 662 663 /* 664 * Same as above, but for rgid, egid, sgid. 665 */ 666 SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) 667 { 668 struct user_namespace *ns = current_user_ns(); 669 const struct cred *old; 670 struct cred *new; 671 int retval; 672 kgid_t krgid, kegid, ksgid; 673 674 krgid = make_kgid(ns, rgid); 675 kegid = make_kgid(ns, egid); 676 ksgid = make_kgid(ns, sgid); 677 678 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 679 return -EINVAL; 680 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 681 return -EINVAL; 682 if ((sgid != (gid_t) -1) && !gid_valid(ksgid)) 683 return -EINVAL; 684 685 new = prepare_creds(); 686 if (!new) 687 return -ENOMEM; 688 old = current_cred(); 689 690 retval = -EPERM; 691 if (!ns_capable(old->user_ns, CAP_SETGID)) { 692 if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) && 693 !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid)) 694 goto error; 695 if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) && 696 !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid)) 697 goto error; 698 if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) && 699 !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid)) 700 goto error; 701 } 702 703 if (rgid != (gid_t) -1) 704 new->gid = krgid; 705 if (egid != (gid_t) -1) 706 new->egid = kegid; 707 if (sgid != (gid_t) -1) 708 new->sgid = ksgid; 709 new->fsgid = new->egid; 710 711 return commit_creds(new); 712 713 error: 714 abort_creds(new); 715 return retval; 716 } 717 718 SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp) 719 { 720 const struct cred *cred = current_cred(); 721 int retval; 722 gid_t rgid, egid, sgid; 723 724 rgid = from_kgid_munged(cred->user_ns, cred->gid); 725 egid = from_kgid_munged(cred->user_ns, cred->egid); 726 sgid = from_kgid_munged(cred->user_ns, cred->sgid); 727 728 retval = put_user(rgid, rgidp); 729 if (!retval) { 730 retval = put_user(egid, egidp); 731 if (!retval) 732 retval = put_user(sgid, sgidp); 733 } 734 735 return retval; 736 } 737 738 739 /* 740 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This 741 * is used for "access()" and for the NFS daemon (letting nfsd stay at 742 * whatever uid it wants to). It normally shadows "euid", except when 743 * explicitly set by setfsuid() or for access.. 744 */ 745 SYSCALL_DEFINE1(setfsuid, uid_t, uid) 746 { 747 const struct cred *old; 748 struct cred *new; 749 uid_t old_fsuid; 750 kuid_t kuid; 751 752 old = current_cred(); 753 old_fsuid = from_kuid_munged(old->user_ns, old->fsuid); 754 755 kuid = make_kuid(old->user_ns, uid); 756 if (!uid_valid(kuid)) 757 return old_fsuid; 758 759 new = prepare_creds(); 760 if (!new) 761 return old_fsuid; 762 763 if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) || 764 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || 765 ns_capable(old->user_ns, CAP_SETUID)) { 766 if (!uid_eq(kuid, old->fsuid)) { 767 new->fsuid = kuid; 768 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) 769 goto change_okay; 770 } 771 } 772 773 abort_creds(new); 774 return old_fsuid; 775 776 change_okay: 777 commit_creds(new); 778 return old_fsuid; 779 } 780 781 /* 782 * Samma på svenska.. 783 */ 784 SYSCALL_DEFINE1(setfsgid, gid_t, gid) 785 { 786 const struct cred *old; 787 struct cred *new; 788 gid_t old_fsgid; 789 kgid_t kgid; 790 791 old = current_cred(); 792 old_fsgid = from_kgid_munged(old->user_ns, old->fsgid); 793 794 kgid = make_kgid(old->user_ns, gid); 795 if (!gid_valid(kgid)) 796 return old_fsgid; 797 798 new = prepare_creds(); 799 if (!new) 800 return old_fsgid; 801 802 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || 803 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || 804 ns_capable(old->user_ns, CAP_SETGID)) { 805 if (!gid_eq(kgid, old->fsgid)) { 806 new->fsgid = kgid; 807 goto change_okay; 808 } 809 } 810 811 abort_creds(new); 812 return old_fsgid; 813 814 change_okay: 815 commit_creds(new); 816 return old_fsgid; 817 } 818 819 /** 820 * sys_getpid - return the thread group id of the current process 821 * 822 * Note, despite the name, this returns the tgid not the pid. The tgid and 823 * the pid are identical unless CLONE_THREAD was specified on clone() in 824 * which case the tgid is the same in all threads of the same group. 825 * 826 * This is SMP safe as current->tgid does not change. 827 */ 828 SYSCALL_DEFINE0(getpid) 829 { 830 return task_tgid_vnr(current); 831 } 832 833 /* Thread ID - the internal kernel "pid" */ 834 SYSCALL_DEFINE0(gettid) 835 { 836 return task_pid_vnr(current); 837 } 838 839 /* 840 * Accessing ->real_parent is not SMP-safe, it could 841 * change from under us. However, we can use a stale 842 * value of ->real_parent under rcu_read_lock(), see 843 * release_task()->call_rcu(delayed_put_task_struct). 844 */ 845 SYSCALL_DEFINE0(getppid) 846 { 847 int pid; 848 849 rcu_read_lock(); 850 pid = task_tgid_vnr(rcu_dereference(current->real_parent)); 851 rcu_read_unlock(); 852 853 return pid; 854 } 855 856 SYSCALL_DEFINE0(getuid) 857 { 858 /* Only we change this so SMP safe */ 859 return from_kuid_munged(current_user_ns(), current_uid()); 860 } 861 862 SYSCALL_DEFINE0(geteuid) 863 { 864 /* Only we change this so SMP safe */ 865 return from_kuid_munged(current_user_ns(), current_euid()); 866 } 867 868 SYSCALL_DEFINE0(getgid) 869 { 870 /* Only we change this so SMP safe */ 871 return from_kgid_munged(current_user_ns(), current_gid()); 872 } 873 874 SYSCALL_DEFINE0(getegid) 875 { 876 /* Only we change this so SMP safe */ 877 return from_kgid_munged(current_user_ns(), current_egid()); 878 } 879 880 void do_sys_times(struct tms *tms) 881 { 882 cputime_t tgutime, tgstime, cutime, cstime; 883 884 thread_group_cputime_adjusted(current, &tgutime, &tgstime); 885 cutime = current->signal->cutime; 886 cstime = current->signal->cstime; 887 tms->tms_utime = cputime_to_clock_t(tgutime); 888 tms->tms_stime = cputime_to_clock_t(tgstime); 889 tms->tms_cutime = cputime_to_clock_t(cutime); 890 tms->tms_cstime = cputime_to_clock_t(cstime); 891 } 892 893 SYSCALL_DEFINE1(times, struct tms __user *, tbuf) 894 { 895 if (tbuf) { 896 struct tms tmp; 897 898 do_sys_times(&tmp); 899 if (copy_to_user(tbuf, &tmp, sizeof(struct tms))) 900 return -EFAULT; 901 } 902 force_successful_syscall_return(); 903 return (long) jiffies_64_to_clock_t(get_jiffies_64()); 904 } 905 906 /* 907 * This needs some heavy checking ... 908 * I just haven't the stomach for it. I also don't fully 909 * understand sessions/pgrp etc. Let somebody who does explain it. 910 * 911 * OK, I think I have the protection semantics right.... this is really 912 * only important on a multi-user system anyway, to make sure one user 913 * can't send a signal to a process owned by another. -TYT, 12/12/91 914 * 915 * !PF_FORKNOEXEC check to conform completely to POSIX. 916 */ 917 SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid) 918 { 919 struct task_struct *p; 920 struct task_struct *group_leader = current->group_leader; 921 struct pid *pgrp; 922 int err; 923 924 if (!pid) 925 pid = task_pid_vnr(group_leader); 926 if (!pgid) 927 pgid = pid; 928 if (pgid < 0) 929 return -EINVAL; 930 rcu_read_lock(); 931 932 /* From this point forward we keep holding onto the tasklist lock 933 * so that our parent does not change from under us. -DaveM 934 */ 935 write_lock_irq(&tasklist_lock); 936 937 err = -ESRCH; 938 p = find_task_by_vpid(pid); 939 if (!p) 940 goto out; 941 942 err = -EINVAL; 943 if (!thread_group_leader(p)) 944 goto out; 945 946 if (same_thread_group(p->real_parent, group_leader)) { 947 err = -EPERM; 948 if (task_session(p) != task_session(group_leader)) 949 goto out; 950 err = -EACCES; 951 if (!(p->flags & PF_FORKNOEXEC)) 952 goto out; 953 } else { 954 err = -ESRCH; 955 if (p != group_leader) 956 goto out; 957 } 958 959 err = -EPERM; 960 if (p->signal->leader) 961 goto out; 962 963 pgrp = task_pid(p); 964 if (pgid != pid) { 965 struct task_struct *g; 966 967 pgrp = find_vpid(pgid); 968 g = pid_task(pgrp, PIDTYPE_PGID); 969 if (!g || task_session(g) != task_session(group_leader)) 970 goto out; 971 } 972 973 err = security_task_setpgid(p, pgid); 974 if (err) 975 goto out; 976 977 if (task_pgrp(p) != pgrp) 978 change_pid(p, PIDTYPE_PGID, pgrp); 979 980 err = 0; 981 out: 982 /* All paths lead to here, thus we are safe. -DaveM */ 983 write_unlock_irq(&tasklist_lock); 984 rcu_read_unlock(); 985 return err; 986 } 987 988 SYSCALL_DEFINE1(getpgid, pid_t, pid) 989 { 990 struct task_struct *p; 991 struct pid *grp; 992 int retval; 993 994 rcu_read_lock(); 995 if (!pid) 996 grp = task_pgrp(current); 997 else { 998 retval = -ESRCH; 999 p = find_task_by_vpid(pid); 1000 if (!p) 1001 goto out; 1002 grp = task_pgrp(p); 1003 if (!grp) 1004 goto out; 1005 1006 retval = security_task_getpgid(p); 1007 if (retval) 1008 goto out; 1009 } 1010 retval = pid_vnr(grp); 1011 out: 1012 rcu_read_unlock(); 1013 return retval; 1014 } 1015 1016 #ifdef __ARCH_WANT_SYS_GETPGRP 1017 1018 SYSCALL_DEFINE0(getpgrp) 1019 { 1020 return sys_getpgid(0); 1021 } 1022 1023 #endif 1024 1025 SYSCALL_DEFINE1(getsid, pid_t, pid) 1026 { 1027 struct task_struct *p; 1028 struct pid *sid; 1029 int retval; 1030 1031 rcu_read_lock(); 1032 if (!pid) 1033 sid = task_session(current); 1034 else { 1035 retval = -ESRCH; 1036 p = find_task_by_vpid(pid); 1037 if (!p) 1038 goto out; 1039 sid = task_session(p); 1040 if (!sid) 1041 goto out; 1042 1043 retval = security_task_getsid(p); 1044 if (retval) 1045 goto out; 1046 } 1047 retval = pid_vnr(sid); 1048 out: 1049 rcu_read_unlock(); 1050 return retval; 1051 } 1052 1053 static void set_special_pids(struct pid *pid) 1054 { 1055 struct task_struct *curr = current->group_leader; 1056 1057 if (task_session(curr) != pid) 1058 change_pid(curr, PIDTYPE_SID, pid); 1059 1060 if (task_pgrp(curr) != pid) 1061 change_pid(curr, PIDTYPE_PGID, pid); 1062 } 1063 1064 SYSCALL_DEFINE0(setsid) 1065 { 1066 struct task_struct *group_leader = current->group_leader; 1067 struct pid *sid = task_pid(group_leader); 1068 pid_t session = pid_vnr(sid); 1069 int err = -EPERM; 1070 1071 write_lock_irq(&tasklist_lock); 1072 /* Fail if I am already a session leader */ 1073 if (group_leader->signal->leader) 1074 goto out; 1075 1076 /* Fail if a process group id already exists that equals the 1077 * proposed session id. 1078 */ 1079 if (pid_task(sid, PIDTYPE_PGID)) 1080 goto out; 1081 1082 group_leader->signal->leader = 1; 1083 set_special_pids(sid); 1084 1085 proc_clear_tty(group_leader); 1086 1087 err = session; 1088 out: 1089 write_unlock_irq(&tasklist_lock); 1090 if (err > 0) { 1091 proc_sid_connector(group_leader); 1092 sched_autogroup_create_attach(group_leader); 1093 } 1094 return err; 1095 } 1096 1097 DECLARE_RWSEM(uts_sem); 1098 1099 #ifdef COMPAT_UTS_MACHINE 1100 #define override_architecture(name) \ 1101 (personality(current->personality) == PER_LINUX32 && \ 1102 copy_to_user(name->machine, COMPAT_UTS_MACHINE, \ 1103 sizeof(COMPAT_UTS_MACHINE))) 1104 #else 1105 #define override_architecture(name) 0 1106 #endif 1107 1108 /* 1109 * Work around broken programs that cannot handle "Linux 3.0". 1110 * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40 1111 * And we map 4.x to 2.6.60+x, so 4.0 would be 2.6.60. 1112 */ 1113 static int override_release(char __user *release, size_t len) 1114 { 1115 int ret = 0; 1116 1117 if (current->personality & UNAME26) { 1118 const char *rest = UTS_RELEASE; 1119 char buf[65] = { 0 }; 1120 int ndots = 0; 1121 unsigned v; 1122 size_t copy; 1123 1124 while (*rest) { 1125 if (*rest == '.' && ++ndots >= 3) 1126 break; 1127 if (!isdigit(*rest) && *rest != '.') 1128 break; 1129 rest++; 1130 } 1131 v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 60; 1132 copy = clamp_t(size_t, len, 1, sizeof(buf)); 1133 copy = scnprintf(buf, copy, "2.6.%u%s", v, rest); 1134 ret = copy_to_user(release, buf, copy + 1); 1135 } 1136 return ret; 1137 } 1138 1139 SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name) 1140 { 1141 int errno = 0; 1142 1143 down_read(&uts_sem); 1144 if (copy_to_user(name, utsname(), sizeof *name)) 1145 errno = -EFAULT; 1146 up_read(&uts_sem); 1147 1148 if (!errno && override_release(name->release, sizeof(name->release))) 1149 errno = -EFAULT; 1150 if (!errno && override_architecture(name)) 1151 errno = -EFAULT; 1152 return errno; 1153 } 1154 1155 #ifdef __ARCH_WANT_SYS_OLD_UNAME 1156 /* 1157 * Old cruft 1158 */ 1159 SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) 1160 { 1161 int error = 0; 1162 1163 if (!name) 1164 return -EFAULT; 1165 1166 down_read(&uts_sem); 1167 if (copy_to_user(name, utsname(), sizeof(*name))) 1168 error = -EFAULT; 1169 up_read(&uts_sem); 1170 1171 if (!error && override_release(name->release, sizeof(name->release))) 1172 error = -EFAULT; 1173 if (!error && override_architecture(name)) 1174 error = -EFAULT; 1175 return error; 1176 } 1177 1178 SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) 1179 { 1180 int error; 1181 1182 if (!name) 1183 return -EFAULT; 1184 if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname))) 1185 return -EFAULT; 1186 1187 down_read(&uts_sem); 1188 error = __copy_to_user(&name->sysname, &utsname()->sysname, 1189 __OLD_UTS_LEN); 1190 error |= __put_user(0, name->sysname + __OLD_UTS_LEN); 1191 error |= __copy_to_user(&name->nodename, &utsname()->nodename, 1192 __OLD_UTS_LEN); 1193 error |= __put_user(0, name->nodename + __OLD_UTS_LEN); 1194 error |= __copy_to_user(&name->release, &utsname()->release, 1195 __OLD_UTS_LEN); 1196 error |= __put_user(0, name->release + __OLD_UTS_LEN); 1197 error |= __copy_to_user(&name->version, &utsname()->version, 1198 __OLD_UTS_LEN); 1199 error |= __put_user(0, name->version + __OLD_UTS_LEN); 1200 error |= __copy_to_user(&name->machine, &utsname()->machine, 1201 __OLD_UTS_LEN); 1202 error |= __put_user(0, name->machine + __OLD_UTS_LEN); 1203 up_read(&uts_sem); 1204 1205 if (!error && override_architecture(name)) 1206 error = -EFAULT; 1207 if (!error && override_release(name->release, sizeof(name->release))) 1208 error = -EFAULT; 1209 return error ? -EFAULT : 0; 1210 } 1211 #endif 1212 1213 SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) 1214 { 1215 int errno; 1216 char tmp[__NEW_UTS_LEN]; 1217 1218 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1219 return -EPERM; 1220 1221 if (len < 0 || len > __NEW_UTS_LEN) 1222 return -EINVAL; 1223 down_write(&uts_sem); 1224 errno = -EFAULT; 1225 if (!copy_from_user(tmp, name, len)) { 1226 struct new_utsname *u = utsname(); 1227 1228 memcpy(u->nodename, tmp, len); 1229 memset(u->nodename + len, 0, sizeof(u->nodename) - len); 1230 errno = 0; 1231 uts_proc_notify(UTS_PROC_HOSTNAME); 1232 } 1233 up_write(&uts_sem); 1234 return errno; 1235 } 1236 1237 #ifdef __ARCH_WANT_SYS_GETHOSTNAME 1238 1239 SYSCALL_DEFINE2(gethostname, char __user *, name, int, len) 1240 { 1241 int i, errno; 1242 struct new_utsname *u; 1243 1244 if (len < 0) 1245 return -EINVAL; 1246 down_read(&uts_sem); 1247 u = utsname(); 1248 i = 1 + strlen(u->nodename); 1249 if (i > len) 1250 i = len; 1251 errno = 0; 1252 if (copy_to_user(name, u->nodename, i)) 1253 errno = -EFAULT; 1254 up_read(&uts_sem); 1255 return errno; 1256 } 1257 1258 #endif 1259 1260 /* 1261 * Only setdomainname; getdomainname can be implemented by calling 1262 * uname() 1263 */ 1264 SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len) 1265 { 1266 int errno; 1267 char tmp[__NEW_UTS_LEN]; 1268 1269 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1270 return -EPERM; 1271 if (len < 0 || len > __NEW_UTS_LEN) 1272 return -EINVAL; 1273 1274 down_write(&uts_sem); 1275 errno = -EFAULT; 1276 if (!copy_from_user(tmp, name, len)) { 1277 struct new_utsname *u = utsname(); 1278 1279 memcpy(u->domainname, tmp, len); 1280 memset(u->domainname + len, 0, sizeof(u->domainname) - len); 1281 errno = 0; 1282 uts_proc_notify(UTS_PROC_DOMAINNAME); 1283 } 1284 up_write(&uts_sem); 1285 return errno; 1286 } 1287 1288 SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1289 { 1290 struct rlimit value; 1291 int ret; 1292 1293 ret = do_prlimit(current, resource, NULL, &value); 1294 if (!ret) 1295 ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0; 1296 1297 return ret; 1298 } 1299 1300 #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT 1301 1302 /* 1303 * Back compatibility for getrlimit. Needed for some apps. 1304 */ 1305 SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1306 struct rlimit __user *, rlim) 1307 { 1308 struct rlimit x; 1309 if (resource >= RLIM_NLIMITS) 1310 return -EINVAL; 1311 1312 task_lock(current->group_leader); 1313 x = current->signal->rlim[resource]; 1314 task_unlock(current->group_leader); 1315 if (x.rlim_cur > 0x7FFFFFFF) 1316 x.rlim_cur = 0x7FFFFFFF; 1317 if (x.rlim_max > 0x7FFFFFFF) 1318 x.rlim_max = 0x7FFFFFFF; 1319 return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0; 1320 } 1321 1322 #endif 1323 1324 static inline bool rlim64_is_infinity(__u64 rlim64) 1325 { 1326 #if BITS_PER_LONG < 64 1327 return rlim64 >= ULONG_MAX; 1328 #else 1329 return rlim64 == RLIM64_INFINITY; 1330 #endif 1331 } 1332 1333 static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64) 1334 { 1335 if (rlim->rlim_cur == RLIM_INFINITY) 1336 rlim64->rlim_cur = RLIM64_INFINITY; 1337 else 1338 rlim64->rlim_cur = rlim->rlim_cur; 1339 if (rlim->rlim_max == RLIM_INFINITY) 1340 rlim64->rlim_max = RLIM64_INFINITY; 1341 else 1342 rlim64->rlim_max = rlim->rlim_max; 1343 } 1344 1345 static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim) 1346 { 1347 if (rlim64_is_infinity(rlim64->rlim_cur)) 1348 rlim->rlim_cur = RLIM_INFINITY; 1349 else 1350 rlim->rlim_cur = (unsigned long)rlim64->rlim_cur; 1351 if (rlim64_is_infinity(rlim64->rlim_max)) 1352 rlim->rlim_max = RLIM_INFINITY; 1353 else 1354 rlim->rlim_max = (unsigned long)rlim64->rlim_max; 1355 } 1356 1357 /* make sure you are allowed to change @tsk limits before calling this */ 1358 int do_prlimit(struct task_struct *tsk, unsigned int resource, 1359 struct rlimit *new_rlim, struct rlimit *old_rlim) 1360 { 1361 struct rlimit *rlim; 1362 int retval = 0; 1363 1364 if (resource >= RLIM_NLIMITS) 1365 return -EINVAL; 1366 if (new_rlim) { 1367 if (new_rlim->rlim_cur > new_rlim->rlim_max) 1368 return -EINVAL; 1369 if (resource == RLIMIT_NOFILE && 1370 new_rlim->rlim_max > sysctl_nr_open) 1371 return -EPERM; 1372 } 1373 1374 /* protect tsk->signal and tsk->sighand from disappearing */ 1375 read_lock(&tasklist_lock); 1376 if (!tsk->sighand) { 1377 retval = -ESRCH; 1378 goto out; 1379 } 1380 1381 rlim = tsk->signal->rlim + resource; 1382 task_lock(tsk->group_leader); 1383 if (new_rlim) { 1384 /* Keep the capable check against init_user_ns until 1385 cgroups can contain all limits */ 1386 if (new_rlim->rlim_max > rlim->rlim_max && 1387 !capable(CAP_SYS_RESOURCE)) 1388 retval = -EPERM; 1389 if (!retval) 1390 retval = security_task_setrlimit(tsk->group_leader, 1391 resource, new_rlim); 1392 if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) { 1393 /* 1394 * The caller is asking for an immediate RLIMIT_CPU 1395 * expiry. But we use the zero value to mean "it was 1396 * never set". So let's cheat and make it one second 1397 * instead 1398 */ 1399 new_rlim->rlim_cur = 1; 1400 } 1401 } 1402 if (!retval) { 1403 if (old_rlim) 1404 *old_rlim = *rlim; 1405 if (new_rlim) 1406 *rlim = *new_rlim; 1407 } 1408 task_unlock(tsk->group_leader); 1409 1410 /* 1411 * RLIMIT_CPU handling. Note that the kernel fails to return an error 1412 * code if it rejected the user's attempt to set RLIMIT_CPU. This is a 1413 * very long-standing error, and fixing it now risks breakage of 1414 * applications, so we live with it 1415 */ 1416 if (!retval && new_rlim && resource == RLIMIT_CPU && 1417 new_rlim->rlim_cur != RLIM_INFINITY) 1418 update_rlimit_cpu(tsk, new_rlim->rlim_cur); 1419 out: 1420 read_unlock(&tasklist_lock); 1421 return retval; 1422 } 1423 1424 /* rcu lock must be held */ 1425 static int check_prlimit_permission(struct task_struct *task) 1426 { 1427 const struct cred *cred = current_cred(), *tcred; 1428 1429 if (current == task) 1430 return 0; 1431 1432 tcred = __task_cred(task); 1433 if (uid_eq(cred->uid, tcred->euid) && 1434 uid_eq(cred->uid, tcred->suid) && 1435 uid_eq(cred->uid, tcred->uid) && 1436 gid_eq(cred->gid, tcred->egid) && 1437 gid_eq(cred->gid, tcred->sgid) && 1438 gid_eq(cred->gid, tcred->gid)) 1439 return 0; 1440 if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) 1441 return 0; 1442 1443 return -EPERM; 1444 } 1445 1446 SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, 1447 const struct rlimit64 __user *, new_rlim, 1448 struct rlimit64 __user *, old_rlim) 1449 { 1450 struct rlimit64 old64, new64; 1451 struct rlimit old, new; 1452 struct task_struct *tsk; 1453 int ret; 1454 1455 if (new_rlim) { 1456 if (copy_from_user(&new64, new_rlim, sizeof(new64))) 1457 return -EFAULT; 1458 rlim64_to_rlim(&new64, &new); 1459 } 1460 1461 rcu_read_lock(); 1462 tsk = pid ? find_task_by_vpid(pid) : current; 1463 if (!tsk) { 1464 rcu_read_unlock(); 1465 return -ESRCH; 1466 } 1467 ret = check_prlimit_permission(tsk); 1468 if (ret) { 1469 rcu_read_unlock(); 1470 return ret; 1471 } 1472 get_task_struct(tsk); 1473 rcu_read_unlock(); 1474 1475 ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL, 1476 old_rlim ? &old : NULL); 1477 1478 if (!ret && old_rlim) { 1479 rlim_to_rlim64(&old, &old64); 1480 if (copy_to_user(old_rlim, &old64, sizeof(old64))) 1481 ret = -EFAULT; 1482 } 1483 1484 put_task_struct(tsk); 1485 return ret; 1486 } 1487 1488 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1489 { 1490 struct rlimit new_rlim; 1491 1492 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) 1493 return -EFAULT; 1494 return do_prlimit(current, resource, &new_rlim, NULL); 1495 } 1496 1497 /* 1498 * It would make sense to put struct rusage in the task_struct, 1499 * except that would make the task_struct be *really big*. After 1500 * task_struct gets moved into malloc'ed memory, it would 1501 * make sense to do this. It will make moving the rest of the information 1502 * a lot simpler! (Which we're not doing right now because we're not 1503 * measuring them yet). 1504 * 1505 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have 1506 * races with threads incrementing their own counters. But since word 1507 * reads are atomic, we either get new values or old values and we don't 1508 * care which for the sums. We always take the siglock to protect reading 1509 * the c* fields from p->signal from races with exit.c updating those 1510 * fields when reaping, so a sample either gets all the additions of a 1511 * given child after it's reaped, or none so this sample is before reaping. 1512 * 1513 * Locking: 1514 * We need to take the siglock for CHILDEREN, SELF and BOTH 1515 * for the cases current multithreaded, non-current single threaded 1516 * non-current multithreaded. Thread traversal is now safe with 1517 * the siglock held. 1518 * Strictly speaking, we donot need to take the siglock if we are current and 1519 * single threaded, as no one else can take our signal_struct away, no one 1520 * else can reap the children to update signal->c* counters, and no one else 1521 * can race with the signal-> fields. If we do not take any lock, the 1522 * signal-> fields could be read out of order while another thread was just 1523 * exiting. So we should place a read memory barrier when we avoid the lock. 1524 * On the writer side, write memory barrier is implied in __exit_signal 1525 * as __exit_signal releases the siglock spinlock after updating the signal-> 1526 * fields. But we don't do this yet to keep things simple. 1527 * 1528 */ 1529 1530 static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r) 1531 { 1532 r->ru_nvcsw += t->nvcsw; 1533 r->ru_nivcsw += t->nivcsw; 1534 r->ru_minflt += t->min_flt; 1535 r->ru_majflt += t->maj_flt; 1536 r->ru_inblock += task_io_get_inblock(t); 1537 r->ru_oublock += task_io_get_oublock(t); 1538 } 1539 1540 static void k_getrusage(struct task_struct *p, int who, struct rusage *r) 1541 { 1542 struct task_struct *t; 1543 unsigned long flags; 1544 cputime_t tgutime, tgstime, utime, stime; 1545 unsigned long maxrss = 0; 1546 1547 memset((char *)r, 0, sizeof (*r)); 1548 utime = stime = 0; 1549 1550 if (who == RUSAGE_THREAD) { 1551 task_cputime_adjusted(current, &utime, &stime); 1552 accumulate_thread_rusage(p, r); 1553 maxrss = p->signal->maxrss; 1554 goto out; 1555 } 1556 1557 if (!lock_task_sighand(p, &flags)) 1558 return; 1559 1560 switch (who) { 1561 case RUSAGE_BOTH: 1562 case RUSAGE_CHILDREN: 1563 utime = p->signal->cutime; 1564 stime = p->signal->cstime; 1565 r->ru_nvcsw = p->signal->cnvcsw; 1566 r->ru_nivcsw = p->signal->cnivcsw; 1567 r->ru_minflt = p->signal->cmin_flt; 1568 r->ru_majflt = p->signal->cmaj_flt; 1569 r->ru_inblock = p->signal->cinblock; 1570 r->ru_oublock = p->signal->coublock; 1571 maxrss = p->signal->cmaxrss; 1572 1573 if (who == RUSAGE_CHILDREN) 1574 break; 1575 1576 case RUSAGE_SELF: 1577 thread_group_cputime_adjusted(p, &tgutime, &tgstime); 1578 utime += tgutime; 1579 stime += tgstime; 1580 r->ru_nvcsw += p->signal->nvcsw; 1581 r->ru_nivcsw += p->signal->nivcsw; 1582 r->ru_minflt += p->signal->min_flt; 1583 r->ru_majflt += p->signal->maj_flt; 1584 r->ru_inblock += p->signal->inblock; 1585 r->ru_oublock += p->signal->oublock; 1586 if (maxrss < p->signal->maxrss) 1587 maxrss = p->signal->maxrss; 1588 t = p; 1589 do { 1590 accumulate_thread_rusage(t, r); 1591 } while_each_thread(p, t); 1592 break; 1593 1594 default: 1595 BUG(); 1596 } 1597 unlock_task_sighand(p, &flags); 1598 1599 out: 1600 cputime_to_timeval(utime, &r->ru_utime); 1601 cputime_to_timeval(stime, &r->ru_stime); 1602 1603 if (who != RUSAGE_CHILDREN) { 1604 struct mm_struct *mm = get_task_mm(p); 1605 1606 if (mm) { 1607 setmax_mm_hiwater_rss(&maxrss, mm); 1608 mmput(mm); 1609 } 1610 } 1611 r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ 1612 } 1613 1614 int getrusage(struct task_struct *p, int who, struct rusage __user *ru) 1615 { 1616 struct rusage r; 1617 1618 k_getrusage(p, who, &r); 1619 return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0; 1620 } 1621 1622 SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru) 1623 { 1624 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1625 who != RUSAGE_THREAD) 1626 return -EINVAL; 1627 return getrusage(current, who, ru); 1628 } 1629 1630 #ifdef CONFIG_COMPAT 1631 COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru) 1632 { 1633 struct rusage r; 1634 1635 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1636 who != RUSAGE_THREAD) 1637 return -EINVAL; 1638 1639 k_getrusage(current, who, &r); 1640 return put_compat_rusage(&r, ru); 1641 } 1642 #endif 1643 1644 SYSCALL_DEFINE1(umask, int, mask) 1645 { 1646 mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); 1647 return mask; 1648 } 1649 1650 static int prctl_set_mm_exe_file_locked(struct mm_struct *mm, unsigned int fd) 1651 { 1652 struct fd exe; 1653 struct inode *inode; 1654 int err; 1655 1656 VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_sem), mm); 1657 1658 exe = fdget(fd); 1659 if (!exe.file) 1660 return -EBADF; 1661 1662 inode = file_inode(exe.file); 1663 1664 /* 1665 * Because the original mm->exe_file points to executable file, make 1666 * sure that this one is executable as well, to avoid breaking an 1667 * overall picture. 1668 */ 1669 err = -EACCES; 1670 if (!S_ISREG(inode->i_mode) || 1671 exe.file->f_path.mnt->mnt_flags & MNT_NOEXEC) 1672 goto exit; 1673 1674 err = inode_permission(inode, MAY_EXEC); 1675 if (err) 1676 goto exit; 1677 1678 /* 1679 * Forbid mm->exe_file change if old file still mapped. 1680 */ 1681 err = -EBUSY; 1682 if (mm->exe_file) { 1683 struct vm_area_struct *vma; 1684 1685 for (vma = mm->mmap; vma; vma = vma->vm_next) 1686 if (vma->vm_file && 1687 path_equal(&vma->vm_file->f_path, 1688 &mm->exe_file->f_path)) 1689 goto exit; 1690 } 1691 1692 /* 1693 * The symlink can be changed only once, just to disallow arbitrary 1694 * transitions malicious software might bring in. This means one 1695 * could make a snapshot over all processes running and monitor 1696 * /proc/pid/exe changes to notice unusual activity if needed. 1697 */ 1698 err = -EPERM; 1699 if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags)) 1700 goto exit; 1701 1702 err = 0; 1703 set_mm_exe_file(mm, exe.file); /* this grabs a reference to exe.file */ 1704 exit: 1705 fdput(exe); 1706 return err; 1707 } 1708 1709 #ifdef CONFIG_CHECKPOINT_RESTORE 1710 /* 1711 * WARNING: we don't require any capability here so be very careful 1712 * in what is allowed for modification from userspace. 1713 */ 1714 static int validate_prctl_map(struct prctl_mm_map *prctl_map) 1715 { 1716 unsigned long mmap_max_addr = TASK_SIZE; 1717 struct mm_struct *mm = current->mm; 1718 int error = -EINVAL, i; 1719 1720 static const unsigned char offsets[] = { 1721 offsetof(struct prctl_mm_map, start_code), 1722 offsetof(struct prctl_mm_map, end_code), 1723 offsetof(struct prctl_mm_map, start_data), 1724 offsetof(struct prctl_mm_map, end_data), 1725 offsetof(struct prctl_mm_map, start_brk), 1726 offsetof(struct prctl_mm_map, brk), 1727 offsetof(struct prctl_mm_map, start_stack), 1728 offsetof(struct prctl_mm_map, arg_start), 1729 offsetof(struct prctl_mm_map, arg_end), 1730 offsetof(struct prctl_mm_map, env_start), 1731 offsetof(struct prctl_mm_map, env_end), 1732 }; 1733 1734 /* 1735 * Make sure the members are not somewhere outside 1736 * of allowed address space. 1737 */ 1738 for (i = 0; i < ARRAY_SIZE(offsets); i++) { 1739 u64 val = *(u64 *)((char *)prctl_map + offsets[i]); 1740 1741 if ((unsigned long)val >= mmap_max_addr || 1742 (unsigned long)val < mmap_min_addr) 1743 goto out; 1744 } 1745 1746 /* 1747 * Make sure the pairs are ordered. 1748 */ 1749 #define __prctl_check_order(__m1, __op, __m2) \ 1750 ((unsigned long)prctl_map->__m1 __op \ 1751 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL 1752 error = __prctl_check_order(start_code, <, end_code); 1753 error |= __prctl_check_order(start_data, <, end_data); 1754 error |= __prctl_check_order(start_brk, <=, brk); 1755 error |= __prctl_check_order(arg_start, <=, arg_end); 1756 error |= __prctl_check_order(env_start, <=, env_end); 1757 if (error) 1758 goto out; 1759 #undef __prctl_check_order 1760 1761 error = -EINVAL; 1762 1763 /* 1764 * @brk should be after @end_data in traditional maps. 1765 */ 1766 if (prctl_map->start_brk <= prctl_map->end_data || 1767 prctl_map->brk <= prctl_map->end_data) 1768 goto out; 1769 1770 /* 1771 * Neither we should allow to override limits if they set. 1772 */ 1773 if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk, 1774 prctl_map->start_brk, prctl_map->end_data, 1775 prctl_map->start_data)) 1776 goto out; 1777 1778 /* 1779 * Someone is trying to cheat the auxv vector. 1780 */ 1781 if (prctl_map->auxv_size) { 1782 if (!prctl_map->auxv || prctl_map->auxv_size > sizeof(mm->saved_auxv)) 1783 goto out; 1784 } 1785 1786 /* 1787 * Finally, make sure the caller has the rights to 1788 * change /proc/pid/exe link: only local root should 1789 * be allowed to. 1790 */ 1791 if (prctl_map->exe_fd != (u32)-1) { 1792 struct user_namespace *ns = current_user_ns(); 1793 const struct cred *cred = current_cred(); 1794 1795 if (!uid_eq(cred->uid, make_kuid(ns, 0)) || 1796 !gid_eq(cred->gid, make_kgid(ns, 0))) 1797 goto out; 1798 } 1799 1800 error = 0; 1801 out: 1802 return error; 1803 } 1804 1805 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size) 1806 { 1807 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, }; 1808 unsigned long user_auxv[AT_VECTOR_SIZE]; 1809 struct mm_struct *mm = current->mm; 1810 int error; 1811 1812 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 1813 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256); 1814 1815 if (opt == PR_SET_MM_MAP_SIZE) 1816 return put_user((unsigned int)sizeof(prctl_map), 1817 (unsigned int __user *)addr); 1818 1819 if (data_size != sizeof(prctl_map)) 1820 return -EINVAL; 1821 1822 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) 1823 return -EFAULT; 1824 1825 error = validate_prctl_map(&prctl_map); 1826 if (error) 1827 return error; 1828 1829 if (prctl_map.auxv_size) { 1830 memset(user_auxv, 0, sizeof(user_auxv)); 1831 if (copy_from_user(user_auxv, 1832 (const void __user *)prctl_map.auxv, 1833 prctl_map.auxv_size)) 1834 return -EFAULT; 1835 1836 /* Last entry must be AT_NULL as specification requires */ 1837 user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL; 1838 user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL; 1839 } 1840 1841 down_write(&mm->mmap_sem); 1842 if (prctl_map.exe_fd != (u32)-1) 1843 error = prctl_set_mm_exe_file_locked(mm, prctl_map.exe_fd); 1844 downgrade_write(&mm->mmap_sem); 1845 if (error) 1846 goto out; 1847 1848 /* 1849 * We don't validate if these members are pointing to 1850 * real present VMAs because application may have correspond 1851 * VMAs already unmapped and kernel uses these members for statistics 1852 * output in procfs mostly, except 1853 * 1854 * - @start_brk/@brk which are used in do_brk but kernel lookups 1855 * for VMAs when updating these memvers so anything wrong written 1856 * here cause kernel to swear at userspace program but won't lead 1857 * to any problem in kernel itself 1858 */ 1859 1860 mm->start_code = prctl_map.start_code; 1861 mm->end_code = prctl_map.end_code; 1862 mm->start_data = prctl_map.start_data; 1863 mm->end_data = prctl_map.end_data; 1864 mm->start_brk = prctl_map.start_brk; 1865 mm->brk = prctl_map.brk; 1866 mm->start_stack = prctl_map.start_stack; 1867 mm->arg_start = prctl_map.arg_start; 1868 mm->arg_end = prctl_map.arg_end; 1869 mm->env_start = prctl_map.env_start; 1870 mm->env_end = prctl_map.env_end; 1871 1872 /* 1873 * Note this update of @saved_auxv is lockless thus 1874 * if someone reads this member in procfs while we're 1875 * updating -- it may get partly updated results. It's 1876 * known and acceptable trade off: we leave it as is to 1877 * not introduce additional locks here making the kernel 1878 * more complex. 1879 */ 1880 if (prctl_map.auxv_size) 1881 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv)); 1882 1883 error = 0; 1884 out: 1885 up_read(&mm->mmap_sem); 1886 return error; 1887 } 1888 #endif /* CONFIG_CHECKPOINT_RESTORE */ 1889 1890 static int prctl_set_mm(int opt, unsigned long addr, 1891 unsigned long arg4, unsigned long arg5) 1892 { 1893 struct mm_struct *mm = current->mm; 1894 struct vm_area_struct *vma; 1895 int error; 1896 1897 if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV && 1898 opt != PR_SET_MM_MAP && 1899 opt != PR_SET_MM_MAP_SIZE))) 1900 return -EINVAL; 1901 1902 #ifdef CONFIG_CHECKPOINT_RESTORE 1903 if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE) 1904 return prctl_set_mm_map(opt, (const void __user *)addr, arg4); 1905 #endif 1906 1907 if (!capable(CAP_SYS_RESOURCE)) 1908 return -EPERM; 1909 1910 if (opt == PR_SET_MM_EXE_FILE) { 1911 down_write(&mm->mmap_sem); 1912 error = prctl_set_mm_exe_file_locked(mm, (unsigned int)addr); 1913 up_write(&mm->mmap_sem); 1914 return error; 1915 } 1916 1917 if (addr >= TASK_SIZE || addr < mmap_min_addr) 1918 return -EINVAL; 1919 1920 error = -EINVAL; 1921 1922 down_read(&mm->mmap_sem); 1923 vma = find_vma(mm, addr); 1924 1925 switch (opt) { 1926 case PR_SET_MM_START_CODE: 1927 mm->start_code = addr; 1928 break; 1929 case PR_SET_MM_END_CODE: 1930 mm->end_code = addr; 1931 break; 1932 case PR_SET_MM_START_DATA: 1933 mm->start_data = addr; 1934 break; 1935 case PR_SET_MM_END_DATA: 1936 mm->end_data = addr; 1937 break; 1938 1939 case PR_SET_MM_START_BRK: 1940 if (addr <= mm->end_data) 1941 goto out; 1942 1943 if (check_data_rlimit(rlimit(RLIMIT_DATA), mm->brk, addr, 1944 mm->end_data, mm->start_data)) 1945 goto out; 1946 1947 mm->start_brk = addr; 1948 break; 1949 1950 case PR_SET_MM_BRK: 1951 if (addr <= mm->end_data) 1952 goto out; 1953 1954 if (check_data_rlimit(rlimit(RLIMIT_DATA), addr, mm->start_brk, 1955 mm->end_data, mm->start_data)) 1956 goto out; 1957 1958 mm->brk = addr; 1959 break; 1960 1961 /* 1962 * If command line arguments and environment 1963 * are placed somewhere else on stack, we can 1964 * set them up here, ARG_START/END to setup 1965 * command line argumets and ENV_START/END 1966 * for environment. 1967 */ 1968 case PR_SET_MM_START_STACK: 1969 case PR_SET_MM_ARG_START: 1970 case PR_SET_MM_ARG_END: 1971 case PR_SET_MM_ENV_START: 1972 case PR_SET_MM_ENV_END: 1973 if (!vma) { 1974 error = -EFAULT; 1975 goto out; 1976 } 1977 if (opt == PR_SET_MM_START_STACK) 1978 mm->start_stack = addr; 1979 else if (opt == PR_SET_MM_ARG_START) 1980 mm->arg_start = addr; 1981 else if (opt == PR_SET_MM_ARG_END) 1982 mm->arg_end = addr; 1983 else if (opt == PR_SET_MM_ENV_START) 1984 mm->env_start = addr; 1985 else if (opt == PR_SET_MM_ENV_END) 1986 mm->env_end = addr; 1987 break; 1988 1989 /* 1990 * This doesn't move auxiliary vector itself 1991 * since it's pinned to mm_struct, but allow 1992 * to fill vector with new values. It's up 1993 * to a caller to provide sane values here 1994 * otherwise user space tools which use this 1995 * vector might be unhappy. 1996 */ 1997 case PR_SET_MM_AUXV: { 1998 unsigned long user_auxv[AT_VECTOR_SIZE]; 1999 2000 if (arg4 > sizeof(user_auxv)) 2001 goto out; 2002 up_read(&mm->mmap_sem); 2003 2004 if (copy_from_user(user_auxv, (const void __user *)addr, arg4)) 2005 return -EFAULT; 2006 2007 /* Make sure the last entry is always AT_NULL */ 2008 user_auxv[AT_VECTOR_SIZE - 2] = 0; 2009 user_auxv[AT_VECTOR_SIZE - 1] = 0; 2010 2011 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 2012 2013 task_lock(current); 2014 memcpy(mm->saved_auxv, user_auxv, arg4); 2015 task_unlock(current); 2016 2017 return 0; 2018 } 2019 default: 2020 goto out; 2021 } 2022 2023 error = 0; 2024 out: 2025 up_read(&mm->mmap_sem); 2026 return error; 2027 } 2028 2029 #ifdef CONFIG_CHECKPOINT_RESTORE 2030 static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 2031 { 2032 return put_user(me->clear_child_tid, tid_addr); 2033 } 2034 #else 2035 static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 2036 { 2037 return -EINVAL; 2038 } 2039 #endif 2040 2041 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, 2042 unsigned long, arg4, unsigned long, arg5) 2043 { 2044 struct task_struct *me = current; 2045 unsigned char comm[sizeof(me->comm)]; 2046 long error; 2047 2048 error = security_task_prctl(option, arg2, arg3, arg4, arg5); 2049 if (error != -ENOSYS) 2050 return error; 2051 2052 error = 0; 2053 switch (option) { 2054 case PR_SET_PDEATHSIG: 2055 if (!valid_signal(arg2)) { 2056 error = -EINVAL; 2057 break; 2058 } 2059 me->pdeath_signal = arg2; 2060 break; 2061 case PR_GET_PDEATHSIG: 2062 error = put_user(me->pdeath_signal, (int __user *)arg2); 2063 break; 2064 case PR_GET_DUMPABLE: 2065 error = get_dumpable(me->mm); 2066 break; 2067 case PR_SET_DUMPABLE: 2068 if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) { 2069 error = -EINVAL; 2070 break; 2071 } 2072 set_dumpable(me->mm, arg2); 2073 break; 2074 2075 case PR_SET_UNALIGN: 2076 error = SET_UNALIGN_CTL(me, arg2); 2077 break; 2078 case PR_GET_UNALIGN: 2079 error = GET_UNALIGN_CTL(me, arg2); 2080 break; 2081 case PR_SET_FPEMU: 2082 error = SET_FPEMU_CTL(me, arg2); 2083 break; 2084 case PR_GET_FPEMU: 2085 error = GET_FPEMU_CTL(me, arg2); 2086 break; 2087 case PR_SET_FPEXC: 2088 error = SET_FPEXC_CTL(me, arg2); 2089 break; 2090 case PR_GET_FPEXC: 2091 error = GET_FPEXC_CTL(me, arg2); 2092 break; 2093 case PR_GET_TIMING: 2094 error = PR_TIMING_STATISTICAL; 2095 break; 2096 case PR_SET_TIMING: 2097 if (arg2 != PR_TIMING_STATISTICAL) 2098 error = -EINVAL; 2099 break; 2100 case PR_SET_NAME: 2101 comm[sizeof(me->comm) - 1] = 0; 2102 if (strncpy_from_user(comm, (char __user *)arg2, 2103 sizeof(me->comm) - 1) < 0) 2104 return -EFAULT; 2105 set_task_comm(me, comm); 2106 proc_comm_connector(me); 2107 break; 2108 case PR_GET_NAME: 2109 get_task_comm(comm, me); 2110 if (copy_to_user((char __user *)arg2, comm, sizeof(comm))) 2111 return -EFAULT; 2112 break; 2113 case PR_GET_ENDIAN: 2114 error = GET_ENDIAN(me, arg2); 2115 break; 2116 case PR_SET_ENDIAN: 2117 error = SET_ENDIAN(me, arg2); 2118 break; 2119 case PR_GET_SECCOMP: 2120 error = prctl_get_seccomp(); 2121 break; 2122 case PR_SET_SECCOMP: 2123 error = prctl_set_seccomp(arg2, (char __user *)arg3); 2124 break; 2125 case PR_GET_TSC: 2126 error = GET_TSC_CTL(arg2); 2127 break; 2128 case PR_SET_TSC: 2129 error = SET_TSC_CTL(arg2); 2130 break; 2131 case PR_TASK_PERF_EVENTS_DISABLE: 2132 error = perf_event_task_disable(); 2133 break; 2134 case PR_TASK_PERF_EVENTS_ENABLE: 2135 error = perf_event_task_enable(); 2136 break; 2137 case PR_GET_TIMERSLACK: 2138 error = current->timer_slack_ns; 2139 break; 2140 case PR_SET_TIMERSLACK: 2141 if (arg2 <= 0) 2142 current->timer_slack_ns = 2143 current->default_timer_slack_ns; 2144 else 2145 current->timer_slack_ns = arg2; 2146 break; 2147 case PR_MCE_KILL: 2148 if (arg4 | arg5) 2149 return -EINVAL; 2150 switch (arg2) { 2151 case PR_MCE_KILL_CLEAR: 2152 if (arg3 != 0) 2153 return -EINVAL; 2154 current->flags &= ~PF_MCE_PROCESS; 2155 break; 2156 case PR_MCE_KILL_SET: 2157 current->flags |= PF_MCE_PROCESS; 2158 if (arg3 == PR_MCE_KILL_EARLY) 2159 current->flags |= PF_MCE_EARLY; 2160 else if (arg3 == PR_MCE_KILL_LATE) 2161 current->flags &= ~PF_MCE_EARLY; 2162 else if (arg3 == PR_MCE_KILL_DEFAULT) 2163 current->flags &= 2164 ~(PF_MCE_EARLY|PF_MCE_PROCESS); 2165 else 2166 return -EINVAL; 2167 break; 2168 default: 2169 return -EINVAL; 2170 } 2171 break; 2172 case PR_MCE_KILL_GET: 2173 if (arg2 | arg3 | arg4 | arg5) 2174 return -EINVAL; 2175 if (current->flags & PF_MCE_PROCESS) 2176 error = (current->flags & PF_MCE_EARLY) ? 2177 PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE; 2178 else 2179 error = PR_MCE_KILL_DEFAULT; 2180 break; 2181 case PR_SET_MM: 2182 error = prctl_set_mm(arg2, arg3, arg4, arg5); 2183 break; 2184 case PR_GET_TID_ADDRESS: 2185 error = prctl_get_tid_address(me, (int __user **)arg2); 2186 break; 2187 case PR_SET_CHILD_SUBREAPER: 2188 me->signal->is_child_subreaper = !!arg2; 2189 break; 2190 case PR_GET_CHILD_SUBREAPER: 2191 error = put_user(me->signal->is_child_subreaper, 2192 (int __user *)arg2); 2193 break; 2194 case PR_SET_NO_NEW_PRIVS: 2195 if (arg2 != 1 || arg3 || arg4 || arg5) 2196 return -EINVAL; 2197 2198 task_set_no_new_privs(current); 2199 break; 2200 case PR_GET_NO_NEW_PRIVS: 2201 if (arg2 || arg3 || arg4 || arg5) 2202 return -EINVAL; 2203 return task_no_new_privs(current) ? 1 : 0; 2204 case PR_GET_THP_DISABLE: 2205 if (arg2 || arg3 || arg4 || arg5) 2206 return -EINVAL; 2207 error = !!(me->mm->def_flags & VM_NOHUGEPAGE); 2208 break; 2209 case PR_SET_THP_DISABLE: 2210 if (arg3 || arg4 || arg5) 2211 return -EINVAL; 2212 down_write(&me->mm->mmap_sem); 2213 if (arg2) 2214 me->mm->def_flags |= VM_NOHUGEPAGE; 2215 else 2216 me->mm->def_flags &= ~VM_NOHUGEPAGE; 2217 up_write(&me->mm->mmap_sem); 2218 break; 2219 case PR_MPX_ENABLE_MANAGEMENT: 2220 if (arg2 || arg3 || arg4 || arg5) 2221 return -EINVAL; 2222 error = MPX_ENABLE_MANAGEMENT(me); 2223 break; 2224 case PR_MPX_DISABLE_MANAGEMENT: 2225 if (arg2 || arg3 || arg4 || arg5) 2226 return -EINVAL; 2227 error = MPX_DISABLE_MANAGEMENT(me); 2228 break; 2229 case PR_SET_FP_MODE: 2230 error = SET_FP_MODE(me, arg2); 2231 break; 2232 case PR_GET_FP_MODE: 2233 error = GET_FP_MODE(me); 2234 break; 2235 default: 2236 error = -EINVAL; 2237 break; 2238 } 2239 return error; 2240 } 2241 2242 SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep, 2243 struct getcpu_cache __user *, unused) 2244 { 2245 int err = 0; 2246 int cpu = raw_smp_processor_id(); 2247 2248 if (cpup) 2249 err |= put_user(cpu, cpup); 2250 if (nodep) 2251 err |= put_user(cpu_to_node(cpu), nodep); 2252 return err ? -EFAULT : 0; 2253 } 2254 2255 /** 2256 * do_sysinfo - fill in sysinfo struct 2257 * @info: pointer to buffer to fill 2258 */ 2259 static int do_sysinfo(struct sysinfo *info) 2260 { 2261 unsigned long mem_total, sav_total; 2262 unsigned int mem_unit, bitcount; 2263 struct timespec tp; 2264 2265 memset(info, 0, sizeof(struct sysinfo)); 2266 2267 get_monotonic_boottime(&tp); 2268 info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0); 2269 2270 get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT); 2271 2272 info->procs = nr_threads; 2273 2274 si_meminfo(info); 2275 si_swapinfo(info); 2276 2277 /* 2278 * If the sum of all the available memory (i.e. ram + swap) 2279 * is less than can be stored in a 32 bit unsigned long then 2280 * we can be binary compatible with 2.2.x kernels. If not, 2281 * well, in that case 2.2.x was broken anyways... 2282 * 2283 * -Erik Andersen <andersee@debian.org> 2284 */ 2285 2286 mem_total = info->totalram + info->totalswap; 2287 if (mem_total < info->totalram || mem_total < info->totalswap) 2288 goto out; 2289 bitcount = 0; 2290 mem_unit = info->mem_unit; 2291 while (mem_unit > 1) { 2292 bitcount++; 2293 mem_unit >>= 1; 2294 sav_total = mem_total; 2295 mem_total <<= 1; 2296 if (mem_total < sav_total) 2297 goto out; 2298 } 2299 2300 /* 2301 * If mem_total did not overflow, multiply all memory values by 2302 * info->mem_unit and set it to 1. This leaves things compatible 2303 * with 2.2.x, and also retains compatibility with earlier 2.4.x 2304 * kernels... 2305 */ 2306 2307 info->mem_unit = 1; 2308 info->totalram <<= bitcount; 2309 info->freeram <<= bitcount; 2310 info->sharedram <<= bitcount; 2311 info->bufferram <<= bitcount; 2312 info->totalswap <<= bitcount; 2313 info->freeswap <<= bitcount; 2314 info->totalhigh <<= bitcount; 2315 info->freehigh <<= bitcount; 2316 2317 out: 2318 return 0; 2319 } 2320 2321 SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info) 2322 { 2323 struct sysinfo val; 2324 2325 do_sysinfo(&val); 2326 2327 if (copy_to_user(info, &val, sizeof(struct sysinfo))) 2328 return -EFAULT; 2329 2330 return 0; 2331 } 2332 2333 #ifdef CONFIG_COMPAT 2334 struct compat_sysinfo { 2335 s32 uptime; 2336 u32 loads[3]; 2337 u32 totalram; 2338 u32 freeram; 2339 u32 sharedram; 2340 u32 bufferram; 2341 u32 totalswap; 2342 u32 freeswap; 2343 u16 procs; 2344 u16 pad; 2345 u32 totalhigh; 2346 u32 freehigh; 2347 u32 mem_unit; 2348 char _f[20-2*sizeof(u32)-sizeof(int)]; 2349 }; 2350 2351 COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info) 2352 { 2353 struct sysinfo s; 2354 2355 do_sysinfo(&s); 2356 2357 /* Check to see if any memory value is too large for 32-bit and scale 2358 * down if needed 2359 */ 2360 if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) { 2361 int bitcount = 0; 2362 2363 while (s.mem_unit < PAGE_SIZE) { 2364 s.mem_unit <<= 1; 2365 bitcount++; 2366 } 2367 2368 s.totalram >>= bitcount; 2369 s.freeram >>= bitcount; 2370 s.sharedram >>= bitcount; 2371 s.bufferram >>= bitcount; 2372 s.totalswap >>= bitcount; 2373 s.freeswap >>= bitcount; 2374 s.totalhigh >>= bitcount; 2375 s.freehigh >>= bitcount; 2376 } 2377 2378 if (!access_ok(VERIFY_WRITE, info, sizeof(struct compat_sysinfo)) || 2379 __put_user(s.uptime, &info->uptime) || 2380 __put_user(s.loads[0], &info->loads[0]) || 2381 __put_user(s.loads[1], &info->loads[1]) || 2382 __put_user(s.loads[2], &info->loads[2]) || 2383 __put_user(s.totalram, &info->totalram) || 2384 __put_user(s.freeram, &info->freeram) || 2385 __put_user(s.sharedram, &info->sharedram) || 2386 __put_user(s.bufferram, &info->bufferram) || 2387 __put_user(s.totalswap, &info->totalswap) || 2388 __put_user(s.freeswap, &info->freeswap) || 2389 __put_user(s.procs, &info->procs) || 2390 __put_user(s.totalhigh, &info->totalhigh) || 2391 __put_user(s.freehigh, &info->freehigh) || 2392 __put_user(s.mem_unit, &info->mem_unit)) 2393 return -EFAULT; 2394 2395 return 0; 2396 } 2397 #endif /* CONFIG_COMPAT */ 2398