1 /* 2 * linux/kernel/sys.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7 #include <linux/export.h> 8 #include <linux/mm.h> 9 #include <linux/utsname.h> 10 #include <linux/mman.h> 11 #include <linux/reboot.h> 12 #include <linux/prctl.h> 13 #include <linux/highuid.h> 14 #include <linux/fs.h> 15 #include <linux/kmod.h> 16 #include <linux/perf_event.h> 17 #include <linux/resource.h> 18 #include <linux/kernel.h> 19 #include <linux/workqueue.h> 20 #include <linux/capability.h> 21 #include <linux/device.h> 22 #include <linux/key.h> 23 #include <linux/times.h> 24 #include <linux/posix-timers.h> 25 #include <linux/security.h> 26 #include <linux/dcookies.h> 27 #include <linux/suspend.h> 28 #include <linux/tty.h> 29 #include <linux/signal.h> 30 #include <linux/cn_proc.h> 31 #include <linux/getcpu.h> 32 #include <linux/task_io_accounting_ops.h> 33 #include <linux/seccomp.h> 34 #include <linux/cpu.h> 35 #include <linux/personality.h> 36 #include <linux/ptrace.h> 37 #include <linux/fs_struct.h> 38 #include <linux/file.h> 39 #include <linux/mount.h> 40 #include <linux/gfp.h> 41 #include <linux/syscore_ops.h> 42 #include <linux/version.h> 43 #include <linux/ctype.h> 44 45 #include <linux/compat.h> 46 #include <linux/syscalls.h> 47 #include <linux/kprobes.h> 48 #include <linux/user_namespace.h> 49 #include <linux/binfmts.h> 50 51 #include <linux/sched.h> 52 #include <linux/rcupdate.h> 53 #include <linux/uidgid.h> 54 #include <linux/cred.h> 55 56 #include <linux/kmsg_dump.h> 57 /* Move somewhere else to avoid recompiling? */ 58 #include <generated/utsrelease.h> 59 60 #include <asm/uaccess.h> 61 #include <asm/io.h> 62 #include <asm/unistd.h> 63 64 #ifndef SET_UNALIGN_CTL 65 # define SET_UNALIGN_CTL(a, b) (-EINVAL) 66 #endif 67 #ifndef GET_UNALIGN_CTL 68 # define GET_UNALIGN_CTL(a, b) (-EINVAL) 69 #endif 70 #ifndef SET_FPEMU_CTL 71 # define SET_FPEMU_CTL(a, b) (-EINVAL) 72 #endif 73 #ifndef GET_FPEMU_CTL 74 # define GET_FPEMU_CTL(a, b) (-EINVAL) 75 #endif 76 #ifndef SET_FPEXC_CTL 77 # define SET_FPEXC_CTL(a, b) (-EINVAL) 78 #endif 79 #ifndef GET_FPEXC_CTL 80 # define GET_FPEXC_CTL(a, b) (-EINVAL) 81 #endif 82 #ifndef GET_ENDIAN 83 # define GET_ENDIAN(a, b) (-EINVAL) 84 #endif 85 #ifndef SET_ENDIAN 86 # define SET_ENDIAN(a, b) (-EINVAL) 87 #endif 88 #ifndef GET_TSC_CTL 89 # define GET_TSC_CTL(a) (-EINVAL) 90 #endif 91 #ifndef SET_TSC_CTL 92 # define SET_TSC_CTL(a) (-EINVAL) 93 #endif 94 #ifndef MPX_ENABLE_MANAGEMENT 95 # define MPX_ENABLE_MANAGEMENT(a) (-EINVAL) 96 #endif 97 #ifndef MPX_DISABLE_MANAGEMENT 98 # define MPX_DISABLE_MANAGEMENT(a) (-EINVAL) 99 #endif 100 #ifndef GET_FP_MODE 101 # define GET_FP_MODE(a) (-EINVAL) 102 #endif 103 #ifndef SET_FP_MODE 104 # define SET_FP_MODE(a,b) (-EINVAL) 105 #endif 106 107 /* 108 * this is where the system-wide overflow UID and GID are defined, for 109 * architectures that now have 32-bit UID/GID but didn't in the past 110 */ 111 112 int overflowuid = DEFAULT_OVERFLOWUID; 113 int overflowgid = DEFAULT_OVERFLOWGID; 114 115 EXPORT_SYMBOL(overflowuid); 116 EXPORT_SYMBOL(overflowgid); 117 118 /* 119 * the same as above, but for filesystems which can only store a 16-bit 120 * UID and GID. as such, this is needed on all architectures 121 */ 122 123 int fs_overflowuid = DEFAULT_FS_OVERFLOWUID; 124 int fs_overflowgid = DEFAULT_FS_OVERFLOWUID; 125 126 EXPORT_SYMBOL(fs_overflowuid); 127 EXPORT_SYMBOL(fs_overflowgid); 128 129 /* 130 * Returns true if current's euid is same as p's uid or euid, 131 * or has CAP_SYS_NICE to p's user_ns. 132 * 133 * Called with rcu_read_lock, creds are safe 134 */ 135 static bool set_one_prio_perm(struct task_struct *p) 136 { 137 const struct cred *cred = current_cred(), *pcred = __task_cred(p); 138 139 if (uid_eq(pcred->uid, cred->euid) || 140 uid_eq(pcred->euid, cred->euid)) 141 return true; 142 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) 143 return true; 144 return false; 145 } 146 147 /* 148 * set the priority of a task 149 * - the caller must hold the RCU read lock 150 */ 151 static int set_one_prio(struct task_struct *p, int niceval, int error) 152 { 153 int no_nice; 154 155 if (!set_one_prio_perm(p)) { 156 error = -EPERM; 157 goto out; 158 } 159 if (niceval < task_nice(p) && !can_nice(p, niceval)) { 160 error = -EACCES; 161 goto out; 162 } 163 no_nice = security_task_setnice(p, niceval); 164 if (no_nice) { 165 error = no_nice; 166 goto out; 167 } 168 if (error == -ESRCH) 169 error = 0; 170 set_user_nice(p, niceval); 171 out: 172 return error; 173 } 174 175 SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) 176 { 177 struct task_struct *g, *p; 178 struct user_struct *user; 179 const struct cred *cred = current_cred(); 180 int error = -EINVAL; 181 struct pid *pgrp; 182 kuid_t uid; 183 184 if (which > PRIO_USER || which < PRIO_PROCESS) 185 goto out; 186 187 /* normalize: avoid signed division (rounding problems) */ 188 error = -ESRCH; 189 if (niceval < MIN_NICE) 190 niceval = MIN_NICE; 191 if (niceval > MAX_NICE) 192 niceval = MAX_NICE; 193 194 rcu_read_lock(); 195 read_lock(&tasklist_lock); 196 switch (which) { 197 case PRIO_PROCESS: 198 if (who) 199 p = find_task_by_vpid(who); 200 else 201 p = current; 202 if (p) 203 error = set_one_prio(p, niceval, error); 204 break; 205 case PRIO_PGRP: 206 if (who) 207 pgrp = find_vpid(who); 208 else 209 pgrp = task_pgrp(current); 210 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 211 error = set_one_prio(p, niceval, error); 212 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 213 break; 214 case PRIO_USER: 215 uid = make_kuid(cred->user_ns, who); 216 user = cred->user; 217 if (!who) 218 uid = cred->uid; 219 else if (!uid_eq(uid, cred->uid)) { 220 user = find_user(uid); 221 if (!user) 222 goto out_unlock; /* No processes for this user */ 223 } 224 do_each_thread(g, p) { 225 if (uid_eq(task_uid(p), uid)) 226 error = set_one_prio(p, niceval, error); 227 } while_each_thread(g, p); 228 if (!uid_eq(uid, cred->uid)) 229 free_uid(user); /* For find_user() */ 230 break; 231 } 232 out_unlock: 233 read_unlock(&tasklist_lock); 234 rcu_read_unlock(); 235 out: 236 return error; 237 } 238 239 /* 240 * Ugh. To avoid negative return values, "getpriority()" will 241 * not return the normal nice-value, but a negated value that 242 * has been offset by 20 (ie it returns 40..1 instead of -20..19) 243 * to stay compatible. 244 */ 245 SYSCALL_DEFINE2(getpriority, int, which, int, who) 246 { 247 struct task_struct *g, *p; 248 struct user_struct *user; 249 const struct cred *cred = current_cred(); 250 long niceval, retval = -ESRCH; 251 struct pid *pgrp; 252 kuid_t uid; 253 254 if (which > PRIO_USER || which < PRIO_PROCESS) 255 return -EINVAL; 256 257 rcu_read_lock(); 258 read_lock(&tasklist_lock); 259 switch (which) { 260 case PRIO_PROCESS: 261 if (who) 262 p = find_task_by_vpid(who); 263 else 264 p = current; 265 if (p) { 266 niceval = nice_to_rlimit(task_nice(p)); 267 if (niceval > retval) 268 retval = niceval; 269 } 270 break; 271 case PRIO_PGRP: 272 if (who) 273 pgrp = find_vpid(who); 274 else 275 pgrp = task_pgrp(current); 276 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 277 niceval = nice_to_rlimit(task_nice(p)); 278 if (niceval > retval) 279 retval = niceval; 280 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 281 break; 282 case PRIO_USER: 283 uid = make_kuid(cred->user_ns, who); 284 user = cred->user; 285 if (!who) 286 uid = cred->uid; 287 else if (!uid_eq(uid, cred->uid)) { 288 user = find_user(uid); 289 if (!user) 290 goto out_unlock; /* No processes for this user */ 291 } 292 do_each_thread(g, p) { 293 if (uid_eq(task_uid(p), uid)) { 294 niceval = nice_to_rlimit(task_nice(p)); 295 if (niceval > retval) 296 retval = niceval; 297 } 298 } while_each_thread(g, p); 299 if (!uid_eq(uid, cred->uid)) 300 free_uid(user); /* for find_user() */ 301 break; 302 } 303 out_unlock: 304 read_unlock(&tasklist_lock); 305 rcu_read_unlock(); 306 307 return retval; 308 } 309 310 /* 311 * Unprivileged users may change the real gid to the effective gid 312 * or vice versa. (BSD-style) 313 * 314 * If you set the real gid at all, or set the effective gid to a value not 315 * equal to the real gid, then the saved gid is set to the new effective gid. 316 * 317 * This makes it possible for a setgid program to completely drop its 318 * privileges, which is often a useful assertion to make when you are doing 319 * a security audit over a program. 320 * 321 * The general idea is that a program which uses just setregid() will be 322 * 100% compatible with BSD. A program which uses just setgid() will be 323 * 100% compatible with POSIX with saved IDs. 324 * 325 * SMP: There are not races, the GIDs are checked only by filesystem 326 * operations (as far as semantic preservation is concerned). 327 */ 328 SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) 329 { 330 struct user_namespace *ns = current_user_ns(); 331 const struct cred *old; 332 struct cred *new; 333 int retval; 334 kgid_t krgid, kegid; 335 336 krgid = make_kgid(ns, rgid); 337 kegid = make_kgid(ns, egid); 338 339 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 340 return -EINVAL; 341 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 342 return -EINVAL; 343 344 new = prepare_creds(); 345 if (!new) 346 return -ENOMEM; 347 old = current_cred(); 348 349 retval = -EPERM; 350 if (rgid != (gid_t) -1) { 351 if (gid_eq(old->gid, krgid) || 352 gid_eq(old->egid, krgid) || 353 ns_capable(old->user_ns, CAP_SETGID)) 354 new->gid = krgid; 355 else 356 goto error; 357 } 358 if (egid != (gid_t) -1) { 359 if (gid_eq(old->gid, kegid) || 360 gid_eq(old->egid, kegid) || 361 gid_eq(old->sgid, kegid) || 362 ns_capable(old->user_ns, CAP_SETGID)) 363 new->egid = kegid; 364 else 365 goto error; 366 } 367 368 if (rgid != (gid_t) -1 || 369 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) 370 new->sgid = new->egid; 371 new->fsgid = new->egid; 372 373 return commit_creds(new); 374 375 error: 376 abort_creds(new); 377 return retval; 378 } 379 380 /* 381 * setgid() is implemented like SysV w/ SAVED_IDS 382 * 383 * SMP: Same implicit races as above. 384 */ 385 SYSCALL_DEFINE1(setgid, gid_t, gid) 386 { 387 struct user_namespace *ns = current_user_ns(); 388 const struct cred *old; 389 struct cred *new; 390 int retval; 391 kgid_t kgid; 392 393 kgid = make_kgid(ns, gid); 394 if (!gid_valid(kgid)) 395 return -EINVAL; 396 397 new = prepare_creds(); 398 if (!new) 399 return -ENOMEM; 400 old = current_cred(); 401 402 retval = -EPERM; 403 if (ns_capable(old->user_ns, CAP_SETGID)) 404 new->gid = new->egid = new->sgid = new->fsgid = kgid; 405 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) 406 new->egid = new->fsgid = kgid; 407 else 408 goto error; 409 410 return commit_creds(new); 411 412 error: 413 abort_creds(new); 414 return retval; 415 } 416 417 /* 418 * change the user struct in a credentials set to match the new UID 419 */ 420 static int set_user(struct cred *new) 421 { 422 struct user_struct *new_user; 423 424 new_user = alloc_uid(new->uid); 425 if (!new_user) 426 return -EAGAIN; 427 428 /* 429 * We don't fail in case of NPROC limit excess here because too many 430 * poorly written programs don't check set*uid() return code, assuming 431 * it never fails if called by root. We may still enforce NPROC limit 432 * for programs doing set*uid()+execve() by harmlessly deferring the 433 * failure to the execve() stage. 434 */ 435 if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) && 436 new_user != INIT_USER) 437 current->flags |= PF_NPROC_EXCEEDED; 438 else 439 current->flags &= ~PF_NPROC_EXCEEDED; 440 441 free_uid(new->user); 442 new->user = new_user; 443 return 0; 444 } 445 446 /* 447 * Unprivileged users may change the real uid to the effective uid 448 * or vice versa. (BSD-style) 449 * 450 * If you set the real uid at all, or set the effective uid to a value not 451 * equal to the real uid, then the saved uid is set to the new effective uid. 452 * 453 * This makes it possible for a setuid program to completely drop its 454 * privileges, which is often a useful assertion to make when you are doing 455 * a security audit over a program. 456 * 457 * The general idea is that a program which uses just setreuid() will be 458 * 100% compatible with BSD. A program which uses just setuid() will be 459 * 100% compatible with POSIX with saved IDs. 460 */ 461 SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) 462 { 463 struct user_namespace *ns = current_user_ns(); 464 const struct cred *old; 465 struct cred *new; 466 int retval; 467 kuid_t kruid, keuid; 468 469 kruid = make_kuid(ns, ruid); 470 keuid = make_kuid(ns, euid); 471 472 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 473 return -EINVAL; 474 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 475 return -EINVAL; 476 477 new = prepare_creds(); 478 if (!new) 479 return -ENOMEM; 480 old = current_cred(); 481 482 retval = -EPERM; 483 if (ruid != (uid_t) -1) { 484 new->uid = kruid; 485 if (!uid_eq(old->uid, kruid) && 486 !uid_eq(old->euid, kruid) && 487 !ns_capable(old->user_ns, CAP_SETUID)) 488 goto error; 489 } 490 491 if (euid != (uid_t) -1) { 492 new->euid = keuid; 493 if (!uid_eq(old->uid, keuid) && 494 !uid_eq(old->euid, keuid) && 495 !uid_eq(old->suid, keuid) && 496 !ns_capable(old->user_ns, CAP_SETUID)) 497 goto error; 498 } 499 500 if (!uid_eq(new->uid, old->uid)) { 501 retval = set_user(new); 502 if (retval < 0) 503 goto error; 504 } 505 if (ruid != (uid_t) -1 || 506 (euid != (uid_t) -1 && !uid_eq(keuid, old->uid))) 507 new->suid = new->euid; 508 new->fsuid = new->euid; 509 510 retval = security_task_fix_setuid(new, old, LSM_SETID_RE); 511 if (retval < 0) 512 goto error; 513 514 return commit_creds(new); 515 516 error: 517 abort_creds(new); 518 return retval; 519 } 520 521 /* 522 * setuid() is implemented like SysV with SAVED_IDS 523 * 524 * Note that SAVED_ID's is deficient in that a setuid root program 525 * like sendmail, for example, cannot set its uid to be a normal 526 * user and then switch back, because if you're root, setuid() sets 527 * the saved uid too. If you don't like this, blame the bright people 528 * in the POSIX committee and/or USG. Note that the BSD-style setreuid() 529 * will allow a root program to temporarily drop privileges and be able to 530 * regain them by swapping the real and effective uid. 531 */ 532 SYSCALL_DEFINE1(setuid, uid_t, uid) 533 { 534 struct user_namespace *ns = current_user_ns(); 535 const struct cred *old; 536 struct cred *new; 537 int retval; 538 kuid_t kuid; 539 540 kuid = make_kuid(ns, uid); 541 if (!uid_valid(kuid)) 542 return -EINVAL; 543 544 new = prepare_creds(); 545 if (!new) 546 return -ENOMEM; 547 old = current_cred(); 548 549 retval = -EPERM; 550 if (ns_capable(old->user_ns, CAP_SETUID)) { 551 new->suid = new->uid = kuid; 552 if (!uid_eq(kuid, old->uid)) { 553 retval = set_user(new); 554 if (retval < 0) 555 goto error; 556 } 557 } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) { 558 goto error; 559 } 560 561 new->fsuid = new->euid = kuid; 562 563 retval = security_task_fix_setuid(new, old, LSM_SETID_ID); 564 if (retval < 0) 565 goto error; 566 567 return commit_creds(new); 568 569 error: 570 abort_creds(new); 571 return retval; 572 } 573 574 575 /* 576 * This function implements a generic ability to update ruid, euid, 577 * and suid. This allows you to implement the 4.4 compatible seteuid(). 578 */ 579 SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) 580 { 581 struct user_namespace *ns = current_user_ns(); 582 const struct cred *old; 583 struct cred *new; 584 int retval; 585 kuid_t kruid, keuid, ksuid; 586 587 kruid = make_kuid(ns, ruid); 588 keuid = make_kuid(ns, euid); 589 ksuid = make_kuid(ns, suid); 590 591 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 592 return -EINVAL; 593 594 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 595 return -EINVAL; 596 597 if ((suid != (uid_t) -1) && !uid_valid(ksuid)) 598 return -EINVAL; 599 600 new = prepare_creds(); 601 if (!new) 602 return -ENOMEM; 603 604 old = current_cred(); 605 606 retval = -EPERM; 607 if (!ns_capable(old->user_ns, CAP_SETUID)) { 608 if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) && 609 !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid)) 610 goto error; 611 if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) && 612 !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid)) 613 goto error; 614 if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) && 615 !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid)) 616 goto error; 617 } 618 619 if (ruid != (uid_t) -1) { 620 new->uid = kruid; 621 if (!uid_eq(kruid, old->uid)) { 622 retval = set_user(new); 623 if (retval < 0) 624 goto error; 625 } 626 } 627 if (euid != (uid_t) -1) 628 new->euid = keuid; 629 if (suid != (uid_t) -1) 630 new->suid = ksuid; 631 new->fsuid = new->euid; 632 633 retval = security_task_fix_setuid(new, old, LSM_SETID_RES); 634 if (retval < 0) 635 goto error; 636 637 return commit_creds(new); 638 639 error: 640 abort_creds(new); 641 return retval; 642 } 643 644 SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp) 645 { 646 const struct cred *cred = current_cred(); 647 int retval; 648 uid_t ruid, euid, suid; 649 650 ruid = from_kuid_munged(cred->user_ns, cred->uid); 651 euid = from_kuid_munged(cred->user_ns, cred->euid); 652 suid = from_kuid_munged(cred->user_ns, cred->suid); 653 654 retval = put_user(ruid, ruidp); 655 if (!retval) { 656 retval = put_user(euid, euidp); 657 if (!retval) 658 return put_user(suid, suidp); 659 } 660 return retval; 661 } 662 663 /* 664 * Same as above, but for rgid, egid, sgid. 665 */ 666 SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) 667 { 668 struct user_namespace *ns = current_user_ns(); 669 const struct cred *old; 670 struct cred *new; 671 int retval; 672 kgid_t krgid, kegid, ksgid; 673 674 krgid = make_kgid(ns, rgid); 675 kegid = make_kgid(ns, egid); 676 ksgid = make_kgid(ns, sgid); 677 678 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 679 return -EINVAL; 680 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 681 return -EINVAL; 682 if ((sgid != (gid_t) -1) && !gid_valid(ksgid)) 683 return -EINVAL; 684 685 new = prepare_creds(); 686 if (!new) 687 return -ENOMEM; 688 old = current_cred(); 689 690 retval = -EPERM; 691 if (!ns_capable(old->user_ns, CAP_SETGID)) { 692 if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) && 693 !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid)) 694 goto error; 695 if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) && 696 !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid)) 697 goto error; 698 if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) && 699 !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid)) 700 goto error; 701 } 702 703 if (rgid != (gid_t) -1) 704 new->gid = krgid; 705 if (egid != (gid_t) -1) 706 new->egid = kegid; 707 if (sgid != (gid_t) -1) 708 new->sgid = ksgid; 709 new->fsgid = new->egid; 710 711 return commit_creds(new); 712 713 error: 714 abort_creds(new); 715 return retval; 716 } 717 718 SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp) 719 { 720 const struct cred *cred = current_cred(); 721 int retval; 722 gid_t rgid, egid, sgid; 723 724 rgid = from_kgid_munged(cred->user_ns, cred->gid); 725 egid = from_kgid_munged(cred->user_ns, cred->egid); 726 sgid = from_kgid_munged(cred->user_ns, cred->sgid); 727 728 retval = put_user(rgid, rgidp); 729 if (!retval) { 730 retval = put_user(egid, egidp); 731 if (!retval) 732 retval = put_user(sgid, sgidp); 733 } 734 735 return retval; 736 } 737 738 739 /* 740 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This 741 * is used for "access()" and for the NFS daemon (letting nfsd stay at 742 * whatever uid it wants to). It normally shadows "euid", except when 743 * explicitly set by setfsuid() or for access.. 744 */ 745 SYSCALL_DEFINE1(setfsuid, uid_t, uid) 746 { 747 const struct cred *old; 748 struct cred *new; 749 uid_t old_fsuid; 750 kuid_t kuid; 751 752 old = current_cred(); 753 old_fsuid = from_kuid_munged(old->user_ns, old->fsuid); 754 755 kuid = make_kuid(old->user_ns, uid); 756 if (!uid_valid(kuid)) 757 return old_fsuid; 758 759 new = prepare_creds(); 760 if (!new) 761 return old_fsuid; 762 763 if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) || 764 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || 765 ns_capable(old->user_ns, CAP_SETUID)) { 766 if (!uid_eq(kuid, old->fsuid)) { 767 new->fsuid = kuid; 768 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) 769 goto change_okay; 770 } 771 } 772 773 abort_creds(new); 774 return old_fsuid; 775 776 change_okay: 777 commit_creds(new); 778 return old_fsuid; 779 } 780 781 /* 782 * Samma på svenska.. 783 */ 784 SYSCALL_DEFINE1(setfsgid, gid_t, gid) 785 { 786 const struct cred *old; 787 struct cred *new; 788 gid_t old_fsgid; 789 kgid_t kgid; 790 791 old = current_cred(); 792 old_fsgid = from_kgid_munged(old->user_ns, old->fsgid); 793 794 kgid = make_kgid(old->user_ns, gid); 795 if (!gid_valid(kgid)) 796 return old_fsgid; 797 798 new = prepare_creds(); 799 if (!new) 800 return old_fsgid; 801 802 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || 803 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || 804 ns_capable(old->user_ns, CAP_SETGID)) { 805 if (!gid_eq(kgid, old->fsgid)) { 806 new->fsgid = kgid; 807 goto change_okay; 808 } 809 } 810 811 abort_creds(new); 812 return old_fsgid; 813 814 change_okay: 815 commit_creds(new); 816 return old_fsgid; 817 } 818 819 /** 820 * sys_getpid - return the thread group id of the current process 821 * 822 * Note, despite the name, this returns the tgid not the pid. The tgid and 823 * the pid are identical unless CLONE_THREAD was specified on clone() in 824 * which case the tgid is the same in all threads of the same group. 825 * 826 * This is SMP safe as current->tgid does not change. 827 */ 828 SYSCALL_DEFINE0(getpid) 829 { 830 return task_tgid_vnr(current); 831 } 832 833 /* Thread ID - the internal kernel "pid" */ 834 SYSCALL_DEFINE0(gettid) 835 { 836 return task_pid_vnr(current); 837 } 838 839 /* 840 * Accessing ->real_parent is not SMP-safe, it could 841 * change from under us. However, we can use a stale 842 * value of ->real_parent under rcu_read_lock(), see 843 * release_task()->call_rcu(delayed_put_task_struct). 844 */ 845 SYSCALL_DEFINE0(getppid) 846 { 847 int pid; 848 849 rcu_read_lock(); 850 pid = task_tgid_vnr(rcu_dereference(current->real_parent)); 851 rcu_read_unlock(); 852 853 return pid; 854 } 855 856 SYSCALL_DEFINE0(getuid) 857 { 858 /* Only we change this so SMP safe */ 859 return from_kuid_munged(current_user_ns(), current_uid()); 860 } 861 862 SYSCALL_DEFINE0(geteuid) 863 { 864 /* Only we change this so SMP safe */ 865 return from_kuid_munged(current_user_ns(), current_euid()); 866 } 867 868 SYSCALL_DEFINE0(getgid) 869 { 870 /* Only we change this so SMP safe */ 871 return from_kgid_munged(current_user_ns(), current_gid()); 872 } 873 874 SYSCALL_DEFINE0(getegid) 875 { 876 /* Only we change this so SMP safe */ 877 return from_kgid_munged(current_user_ns(), current_egid()); 878 } 879 880 void do_sys_times(struct tms *tms) 881 { 882 cputime_t tgutime, tgstime, cutime, cstime; 883 884 thread_group_cputime_adjusted(current, &tgutime, &tgstime); 885 cutime = current->signal->cutime; 886 cstime = current->signal->cstime; 887 tms->tms_utime = cputime_to_clock_t(tgutime); 888 tms->tms_stime = cputime_to_clock_t(tgstime); 889 tms->tms_cutime = cputime_to_clock_t(cutime); 890 tms->tms_cstime = cputime_to_clock_t(cstime); 891 } 892 893 SYSCALL_DEFINE1(times, struct tms __user *, tbuf) 894 { 895 if (tbuf) { 896 struct tms tmp; 897 898 do_sys_times(&tmp); 899 if (copy_to_user(tbuf, &tmp, sizeof(struct tms))) 900 return -EFAULT; 901 } 902 force_successful_syscall_return(); 903 return (long) jiffies_64_to_clock_t(get_jiffies_64()); 904 } 905 906 /* 907 * This needs some heavy checking ... 908 * I just haven't the stomach for it. I also don't fully 909 * understand sessions/pgrp etc. Let somebody who does explain it. 910 * 911 * OK, I think I have the protection semantics right.... this is really 912 * only important on a multi-user system anyway, to make sure one user 913 * can't send a signal to a process owned by another. -TYT, 12/12/91 914 * 915 * !PF_FORKNOEXEC check to conform completely to POSIX. 916 */ 917 SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid) 918 { 919 struct task_struct *p; 920 struct task_struct *group_leader = current->group_leader; 921 struct pid *pgrp; 922 int err; 923 924 if (!pid) 925 pid = task_pid_vnr(group_leader); 926 if (!pgid) 927 pgid = pid; 928 if (pgid < 0) 929 return -EINVAL; 930 rcu_read_lock(); 931 932 /* From this point forward we keep holding onto the tasklist lock 933 * so that our parent does not change from under us. -DaveM 934 */ 935 write_lock_irq(&tasklist_lock); 936 937 err = -ESRCH; 938 p = find_task_by_vpid(pid); 939 if (!p) 940 goto out; 941 942 err = -EINVAL; 943 if (!thread_group_leader(p)) 944 goto out; 945 946 if (same_thread_group(p->real_parent, group_leader)) { 947 err = -EPERM; 948 if (task_session(p) != task_session(group_leader)) 949 goto out; 950 err = -EACCES; 951 if (!(p->flags & PF_FORKNOEXEC)) 952 goto out; 953 } else { 954 err = -ESRCH; 955 if (p != group_leader) 956 goto out; 957 } 958 959 err = -EPERM; 960 if (p->signal->leader) 961 goto out; 962 963 pgrp = task_pid(p); 964 if (pgid != pid) { 965 struct task_struct *g; 966 967 pgrp = find_vpid(pgid); 968 g = pid_task(pgrp, PIDTYPE_PGID); 969 if (!g || task_session(g) != task_session(group_leader)) 970 goto out; 971 } 972 973 err = security_task_setpgid(p, pgid); 974 if (err) 975 goto out; 976 977 if (task_pgrp(p) != pgrp) 978 change_pid(p, PIDTYPE_PGID, pgrp); 979 980 err = 0; 981 out: 982 /* All paths lead to here, thus we are safe. -DaveM */ 983 write_unlock_irq(&tasklist_lock); 984 rcu_read_unlock(); 985 return err; 986 } 987 988 SYSCALL_DEFINE1(getpgid, pid_t, pid) 989 { 990 struct task_struct *p; 991 struct pid *grp; 992 int retval; 993 994 rcu_read_lock(); 995 if (!pid) 996 grp = task_pgrp(current); 997 else { 998 retval = -ESRCH; 999 p = find_task_by_vpid(pid); 1000 if (!p) 1001 goto out; 1002 grp = task_pgrp(p); 1003 if (!grp) 1004 goto out; 1005 1006 retval = security_task_getpgid(p); 1007 if (retval) 1008 goto out; 1009 } 1010 retval = pid_vnr(grp); 1011 out: 1012 rcu_read_unlock(); 1013 return retval; 1014 } 1015 1016 #ifdef __ARCH_WANT_SYS_GETPGRP 1017 1018 SYSCALL_DEFINE0(getpgrp) 1019 { 1020 return sys_getpgid(0); 1021 } 1022 1023 #endif 1024 1025 SYSCALL_DEFINE1(getsid, pid_t, pid) 1026 { 1027 struct task_struct *p; 1028 struct pid *sid; 1029 int retval; 1030 1031 rcu_read_lock(); 1032 if (!pid) 1033 sid = task_session(current); 1034 else { 1035 retval = -ESRCH; 1036 p = find_task_by_vpid(pid); 1037 if (!p) 1038 goto out; 1039 sid = task_session(p); 1040 if (!sid) 1041 goto out; 1042 1043 retval = security_task_getsid(p); 1044 if (retval) 1045 goto out; 1046 } 1047 retval = pid_vnr(sid); 1048 out: 1049 rcu_read_unlock(); 1050 return retval; 1051 } 1052 1053 static void set_special_pids(struct pid *pid) 1054 { 1055 struct task_struct *curr = current->group_leader; 1056 1057 if (task_session(curr) != pid) 1058 change_pid(curr, PIDTYPE_SID, pid); 1059 1060 if (task_pgrp(curr) != pid) 1061 change_pid(curr, PIDTYPE_PGID, pid); 1062 } 1063 1064 SYSCALL_DEFINE0(setsid) 1065 { 1066 struct task_struct *group_leader = current->group_leader; 1067 struct pid *sid = task_pid(group_leader); 1068 pid_t session = pid_vnr(sid); 1069 int err = -EPERM; 1070 1071 write_lock_irq(&tasklist_lock); 1072 /* Fail if I am already a session leader */ 1073 if (group_leader->signal->leader) 1074 goto out; 1075 1076 /* Fail if a process group id already exists that equals the 1077 * proposed session id. 1078 */ 1079 if (pid_task(sid, PIDTYPE_PGID)) 1080 goto out; 1081 1082 group_leader->signal->leader = 1; 1083 set_special_pids(sid); 1084 1085 proc_clear_tty(group_leader); 1086 1087 err = session; 1088 out: 1089 write_unlock_irq(&tasklist_lock); 1090 if (err > 0) { 1091 proc_sid_connector(group_leader); 1092 sched_autogroup_create_attach(group_leader); 1093 } 1094 return err; 1095 } 1096 1097 DECLARE_RWSEM(uts_sem); 1098 1099 #ifdef COMPAT_UTS_MACHINE 1100 #define override_architecture(name) \ 1101 (personality(current->personality) == PER_LINUX32 && \ 1102 copy_to_user(name->machine, COMPAT_UTS_MACHINE, \ 1103 sizeof(COMPAT_UTS_MACHINE))) 1104 #else 1105 #define override_architecture(name) 0 1106 #endif 1107 1108 /* 1109 * Work around broken programs that cannot handle "Linux 3.0". 1110 * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40 1111 */ 1112 static int override_release(char __user *release, size_t len) 1113 { 1114 int ret = 0; 1115 1116 if (current->personality & UNAME26) { 1117 const char *rest = UTS_RELEASE; 1118 char buf[65] = { 0 }; 1119 int ndots = 0; 1120 unsigned v; 1121 size_t copy; 1122 1123 while (*rest) { 1124 if (*rest == '.' && ++ndots >= 3) 1125 break; 1126 if (!isdigit(*rest) && *rest != '.') 1127 break; 1128 rest++; 1129 } 1130 v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40; 1131 copy = clamp_t(size_t, len, 1, sizeof(buf)); 1132 copy = scnprintf(buf, copy, "2.6.%u%s", v, rest); 1133 ret = copy_to_user(release, buf, copy + 1); 1134 } 1135 return ret; 1136 } 1137 1138 SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name) 1139 { 1140 int errno = 0; 1141 1142 down_read(&uts_sem); 1143 if (copy_to_user(name, utsname(), sizeof *name)) 1144 errno = -EFAULT; 1145 up_read(&uts_sem); 1146 1147 if (!errno && override_release(name->release, sizeof(name->release))) 1148 errno = -EFAULT; 1149 if (!errno && override_architecture(name)) 1150 errno = -EFAULT; 1151 return errno; 1152 } 1153 1154 #ifdef __ARCH_WANT_SYS_OLD_UNAME 1155 /* 1156 * Old cruft 1157 */ 1158 SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) 1159 { 1160 int error = 0; 1161 1162 if (!name) 1163 return -EFAULT; 1164 1165 down_read(&uts_sem); 1166 if (copy_to_user(name, utsname(), sizeof(*name))) 1167 error = -EFAULT; 1168 up_read(&uts_sem); 1169 1170 if (!error && override_release(name->release, sizeof(name->release))) 1171 error = -EFAULT; 1172 if (!error && override_architecture(name)) 1173 error = -EFAULT; 1174 return error; 1175 } 1176 1177 SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) 1178 { 1179 int error; 1180 1181 if (!name) 1182 return -EFAULT; 1183 if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname))) 1184 return -EFAULT; 1185 1186 down_read(&uts_sem); 1187 error = __copy_to_user(&name->sysname, &utsname()->sysname, 1188 __OLD_UTS_LEN); 1189 error |= __put_user(0, name->sysname + __OLD_UTS_LEN); 1190 error |= __copy_to_user(&name->nodename, &utsname()->nodename, 1191 __OLD_UTS_LEN); 1192 error |= __put_user(0, name->nodename + __OLD_UTS_LEN); 1193 error |= __copy_to_user(&name->release, &utsname()->release, 1194 __OLD_UTS_LEN); 1195 error |= __put_user(0, name->release + __OLD_UTS_LEN); 1196 error |= __copy_to_user(&name->version, &utsname()->version, 1197 __OLD_UTS_LEN); 1198 error |= __put_user(0, name->version + __OLD_UTS_LEN); 1199 error |= __copy_to_user(&name->machine, &utsname()->machine, 1200 __OLD_UTS_LEN); 1201 error |= __put_user(0, name->machine + __OLD_UTS_LEN); 1202 up_read(&uts_sem); 1203 1204 if (!error && override_architecture(name)) 1205 error = -EFAULT; 1206 if (!error && override_release(name->release, sizeof(name->release))) 1207 error = -EFAULT; 1208 return error ? -EFAULT : 0; 1209 } 1210 #endif 1211 1212 SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) 1213 { 1214 int errno; 1215 char tmp[__NEW_UTS_LEN]; 1216 1217 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1218 return -EPERM; 1219 1220 if (len < 0 || len > __NEW_UTS_LEN) 1221 return -EINVAL; 1222 down_write(&uts_sem); 1223 errno = -EFAULT; 1224 if (!copy_from_user(tmp, name, len)) { 1225 struct new_utsname *u = utsname(); 1226 1227 memcpy(u->nodename, tmp, len); 1228 memset(u->nodename + len, 0, sizeof(u->nodename) - len); 1229 errno = 0; 1230 uts_proc_notify(UTS_PROC_HOSTNAME); 1231 } 1232 up_write(&uts_sem); 1233 return errno; 1234 } 1235 1236 #ifdef __ARCH_WANT_SYS_GETHOSTNAME 1237 1238 SYSCALL_DEFINE2(gethostname, char __user *, name, int, len) 1239 { 1240 int i, errno; 1241 struct new_utsname *u; 1242 1243 if (len < 0) 1244 return -EINVAL; 1245 down_read(&uts_sem); 1246 u = utsname(); 1247 i = 1 + strlen(u->nodename); 1248 if (i > len) 1249 i = len; 1250 errno = 0; 1251 if (copy_to_user(name, u->nodename, i)) 1252 errno = -EFAULT; 1253 up_read(&uts_sem); 1254 return errno; 1255 } 1256 1257 #endif 1258 1259 /* 1260 * Only setdomainname; getdomainname can be implemented by calling 1261 * uname() 1262 */ 1263 SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len) 1264 { 1265 int errno; 1266 char tmp[__NEW_UTS_LEN]; 1267 1268 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1269 return -EPERM; 1270 if (len < 0 || len > __NEW_UTS_LEN) 1271 return -EINVAL; 1272 1273 down_write(&uts_sem); 1274 errno = -EFAULT; 1275 if (!copy_from_user(tmp, name, len)) { 1276 struct new_utsname *u = utsname(); 1277 1278 memcpy(u->domainname, tmp, len); 1279 memset(u->domainname + len, 0, sizeof(u->domainname) - len); 1280 errno = 0; 1281 uts_proc_notify(UTS_PROC_DOMAINNAME); 1282 } 1283 up_write(&uts_sem); 1284 return errno; 1285 } 1286 1287 SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1288 { 1289 struct rlimit value; 1290 int ret; 1291 1292 ret = do_prlimit(current, resource, NULL, &value); 1293 if (!ret) 1294 ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0; 1295 1296 return ret; 1297 } 1298 1299 #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT 1300 1301 /* 1302 * Back compatibility for getrlimit. Needed for some apps. 1303 */ 1304 SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1305 struct rlimit __user *, rlim) 1306 { 1307 struct rlimit x; 1308 if (resource >= RLIM_NLIMITS) 1309 return -EINVAL; 1310 1311 task_lock(current->group_leader); 1312 x = current->signal->rlim[resource]; 1313 task_unlock(current->group_leader); 1314 if (x.rlim_cur > 0x7FFFFFFF) 1315 x.rlim_cur = 0x7FFFFFFF; 1316 if (x.rlim_max > 0x7FFFFFFF) 1317 x.rlim_max = 0x7FFFFFFF; 1318 return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0; 1319 } 1320 1321 #endif 1322 1323 static inline bool rlim64_is_infinity(__u64 rlim64) 1324 { 1325 #if BITS_PER_LONG < 64 1326 return rlim64 >= ULONG_MAX; 1327 #else 1328 return rlim64 == RLIM64_INFINITY; 1329 #endif 1330 } 1331 1332 static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64) 1333 { 1334 if (rlim->rlim_cur == RLIM_INFINITY) 1335 rlim64->rlim_cur = RLIM64_INFINITY; 1336 else 1337 rlim64->rlim_cur = rlim->rlim_cur; 1338 if (rlim->rlim_max == RLIM_INFINITY) 1339 rlim64->rlim_max = RLIM64_INFINITY; 1340 else 1341 rlim64->rlim_max = rlim->rlim_max; 1342 } 1343 1344 static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim) 1345 { 1346 if (rlim64_is_infinity(rlim64->rlim_cur)) 1347 rlim->rlim_cur = RLIM_INFINITY; 1348 else 1349 rlim->rlim_cur = (unsigned long)rlim64->rlim_cur; 1350 if (rlim64_is_infinity(rlim64->rlim_max)) 1351 rlim->rlim_max = RLIM_INFINITY; 1352 else 1353 rlim->rlim_max = (unsigned long)rlim64->rlim_max; 1354 } 1355 1356 /* make sure you are allowed to change @tsk limits before calling this */ 1357 int do_prlimit(struct task_struct *tsk, unsigned int resource, 1358 struct rlimit *new_rlim, struct rlimit *old_rlim) 1359 { 1360 struct rlimit *rlim; 1361 int retval = 0; 1362 1363 if (resource >= RLIM_NLIMITS) 1364 return -EINVAL; 1365 if (new_rlim) { 1366 if (new_rlim->rlim_cur > new_rlim->rlim_max) 1367 return -EINVAL; 1368 if (resource == RLIMIT_NOFILE && 1369 new_rlim->rlim_max > sysctl_nr_open) 1370 return -EPERM; 1371 } 1372 1373 /* protect tsk->signal and tsk->sighand from disappearing */ 1374 read_lock(&tasklist_lock); 1375 if (!tsk->sighand) { 1376 retval = -ESRCH; 1377 goto out; 1378 } 1379 1380 rlim = tsk->signal->rlim + resource; 1381 task_lock(tsk->group_leader); 1382 if (new_rlim) { 1383 /* Keep the capable check against init_user_ns until 1384 cgroups can contain all limits */ 1385 if (new_rlim->rlim_max > rlim->rlim_max && 1386 !capable(CAP_SYS_RESOURCE)) 1387 retval = -EPERM; 1388 if (!retval) 1389 retval = security_task_setrlimit(tsk->group_leader, 1390 resource, new_rlim); 1391 if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) { 1392 /* 1393 * The caller is asking for an immediate RLIMIT_CPU 1394 * expiry. But we use the zero value to mean "it was 1395 * never set". So let's cheat and make it one second 1396 * instead 1397 */ 1398 new_rlim->rlim_cur = 1; 1399 } 1400 } 1401 if (!retval) { 1402 if (old_rlim) 1403 *old_rlim = *rlim; 1404 if (new_rlim) 1405 *rlim = *new_rlim; 1406 } 1407 task_unlock(tsk->group_leader); 1408 1409 /* 1410 * RLIMIT_CPU handling. Note that the kernel fails to return an error 1411 * code if it rejected the user's attempt to set RLIMIT_CPU. This is a 1412 * very long-standing error, and fixing it now risks breakage of 1413 * applications, so we live with it 1414 */ 1415 if (!retval && new_rlim && resource == RLIMIT_CPU && 1416 new_rlim->rlim_cur != RLIM_INFINITY) 1417 update_rlimit_cpu(tsk, new_rlim->rlim_cur); 1418 out: 1419 read_unlock(&tasklist_lock); 1420 return retval; 1421 } 1422 1423 /* rcu lock must be held */ 1424 static int check_prlimit_permission(struct task_struct *task) 1425 { 1426 const struct cred *cred = current_cred(), *tcred; 1427 1428 if (current == task) 1429 return 0; 1430 1431 tcred = __task_cred(task); 1432 if (uid_eq(cred->uid, tcred->euid) && 1433 uid_eq(cred->uid, tcred->suid) && 1434 uid_eq(cred->uid, tcred->uid) && 1435 gid_eq(cred->gid, tcred->egid) && 1436 gid_eq(cred->gid, tcred->sgid) && 1437 gid_eq(cred->gid, tcred->gid)) 1438 return 0; 1439 if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) 1440 return 0; 1441 1442 return -EPERM; 1443 } 1444 1445 SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, 1446 const struct rlimit64 __user *, new_rlim, 1447 struct rlimit64 __user *, old_rlim) 1448 { 1449 struct rlimit64 old64, new64; 1450 struct rlimit old, new; 1451 struct task_struct *tsk; 1452 int ret; 1453 1454 if (new_rlim) { 1455 if (copy_from_user(&new64, new_rlim, sizeof(new64))) 1456 return -EFAULT; 1457 rlim64_to_rlim(&new64, &new); 1458 } 1459 1460 rcu_read_lock(); 1461 tsk = pid ? find_task_by_vpid(pid) : current; 1462 if (!tsk) { 1463 rcu_read_unlock(); 1464 return -ESRCH; 1465 } 1466 ret = check_prlimit_permission(tsk); 1467 if (ret) { 1468 rcu_read_unlock(); 1469 return ret; 1470 } 1471 get_task_struct(tsk); 1472 rcu_read_unlock(); 1473 1474 ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL, 1475 old_rlim ? &old : NULL); 1476 1477 if (!ret && old_rlim) { 1478 rlim_to_rlim64(&old, &old64); 1479 if (copy_to_user(old_rlim, &old64, sizeof(old64))) 1480 ret = -EFAULT; 1481 } 1482 1483 put_task_struct(tsk); 1484 return ret; 1485 } 1486 1487 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1488 { 1489 struct rlimit new_rlim; 1490 1491 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) 1492 return -EFAULT; 1493 return do_prlimit(current, resource, &new_rlim, NULL); 1494 } 1495 1496 /* 1497 * It would make sense to put struct rusage in the task_struct, 1498 * except that would make the task_struct be *really big*. After 1499 * task_struct gets moved into malloc'ed memory, it would 1500 * make sense to do this. It will make moving the rest of the information 1501 * a lot simpler! (Which we're not doing right now because we're not 1502 * measuring them yet). 1503 * 1504 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have 1505 * races with threads incrementing their own counters. But since word 1506 * reads are atomic, we either get new values or old values and we don't 1507 * care which for the sums. We always take the siglock to protect reading 1508 * the c* fields from p->signal from races with exit.c updating those 1509 * fields when reaping, so a sample either gets all the additions of a 1510 * given child after it's reaped, or none so this sample is before reaping. 1511 * 1512 * Locking: 1513 * We need to take the siglock for CHILDEREN, SELF and BOTH 1514 * for the cases current multithreaded, non-current single threaded 1515 * non-current multithreaded. Thread traversal is now safe with 1516 * the siglock held. 1517 * Strictly speaking, we donot need to take the siglock if we are current and 1518 * single threaded, as no one else can take our signal_struct away, no one 1519 * else can reap the children to update signal->c* counters, and no one else 1520 * can race with the signal-> fields. If we do not take any lock, the 1521 * signal-> fields could be read out of order while another thread was just 1522 * exiting. So we should place a read memory barrier when we avoid the lock. 1523 * On the writer side, write memory barrier is implied in __exit_signal 1524 * as __exit_signal releases the siglock spinlock after updating the signal-> 1525 * fields. But we don't do this yet to keep things simple. 1526 * 1527 */ 1528 1529 static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r) 1530 { 1531 r->ru_nvcsw += t->nvcsw; 1532 r->ru_nivcsw += t->nivcsw; 1533 r->ru_minflt += t->min_flt; 1534 r->ru_majflt += t->maj_flt; 1535 r->ru_inblock += task_io_get_inblock(t); 1536 r->ru_oublock += task_io_get_oublock(t); 1537 } 1538 1539 static void k_getrusage(struct task_struct *p, int who, struct rusage *r) 1540 { 1541 struct task_struct *t; 1542 unsigned long flags; 1543 cputime_t tgutime, tgstime, utime, stime; 1544 unsigned long maxrss = 0; 1545 1546 memset((char *)r, 0, sizeof (*r)); 1547 utime = stime = 0; 1548 1549 if (who == RUSAGE_THREAD) { 1550 task_cputime_adjusted(current, &utime, &stime); 1551 accumulate_thread_rusage(p, r); 1552 maxrss = p->signal->maxrss; 1553 goto out; 1554 } 1555 1556 if (!lock_task_sighand(p, &flags)) 1557 return; 1558 1559 switch (who) { 1560 case RUSAGE_BOTH: 1561 case RUSAGE_CHILDREN: 1562 utime = p->signal->cutime; 1563 stime = p->signal->cstime; 1564 r->ru_nvcsw = p->signal->cnvcsw; 1565 r->ru_nivcsw = p->signal->cnivcsw; 1566 r->ru_minflt = p->signal->cmin_flt; 1567 r->ru_majflt = p->signal->cmaj_flt; 1568 r->ru_inblock = p->signal->cinblock; 1569 r->ru_oublock = p->signal->coublock; 1570 maxrss = p->signal->cmaxrss; 1571 1572 if (who == RUSAGE_CHILDREN) 1573 break; 1574 1575 case RUSAGE_SELF: 1576 thread_group_cputime_adjusted(p, &tgutime, &tgstime); 1577 utime += tgutime; 1578 stime += tgstime; 1579 r->ru_nvcsw += p->signal->nvcsw; 1580 r->ru_nivcsw += p->signal->nivcsw; 1581 r->ru_minflt += p->signal->min_flt; 1582 r->ru_majflt += p->signal->maj_flt; 1583 r->ru_inblock += p->signal->inblock; 1584 r->ru_oublock += p->signal->oublock; 1585 if (maxrss < p->signal->maxrss) 1586 maxrss = p->signal->maxrss; 1587 t = p; 1588 do { 1589 accumulate_thread_rusage(t, r); 1590 } while_each_thread(p, t); 1591 break; 1592 1593 default: 1594 BUG(); 1595 } 1596 unlock_task_sighand(p, &flags); 1597 1598 out: 1599 cputime_to_timeval(utime, &r->ru_utime); 1600 cputime_to_timeval(stime, &r->ru_stime); 1601 1602 if (who != RUSAGE_CHILDREN) { 1603 struct mm_struct *mm = get_task_mm(p); 1604 1605 if (mm) { 1606 setmax_mm_hiwater_rss(&maxrss, mm); 1607 mmput(mm); 1608 } 1609 } 1610 r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ 1611 } 1612 1613 int getrusage(struct task_struct *p, int who, struct rusage __user *ru) 1614 { 1615 struct rusage r; 1616 1617 k_getrusage(p, who, &r); 1618 return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0; 1619 } 1620 1621 SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru) 1622 { 1623 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1624 who != RUSAGE_THREAD) 1625 return -EINVAL; 1626 return getrusage(current, who, ru); 1627 } 1628 1629 #ifdef CONFIG_COMPAT 1630 COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru) 1631 { 1632 struct rusage r; 1633 1634 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1635 who != RUSAGE_THREAD) 1636 return -EINVAL; 1637 1638 k_getrusage(current, who, &r); 1639 return put_compat_rusage(&r, ru); 1640 } 1641 #endif 1642 1643 SYSCALL_DEFINE1(umask, int, mask) 1644 { 1645 mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); 1646 return mask; 1647 } 1648 1649 static int prctl_set_mm_exe_file_locked(struct mm_struct *mm, unsigned int fd) 1650 { 1651 struct fd exe; 1652 struct inode *inode; 1653 int err; 1654 1655 VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_sem), mm); 1656 1657 exe = fdget(fd); 1658 if (!exe.file) 1659 return -EBADF; 1660 1661 inode = file_inode(exe.file); 1662 1663 /* 1664 * Because the original mm->exe_file points to executable file, make 1665 * sure that this one is executable as well, to avoid breaking an 1666 * overall picture. 1667 */ 1668 err = -EACCES; 1669 if (!S_ISREG(inode->i_mode) || 1670 exe.file->f_path.mnt->mnt_flags & MNT_NOEXEC) 1671 goto exit; 1672 1673 err = inode_permission(inode, MAY_EXEC); 1674 if (err) 1675 goto exit; 1676 1677 /* 1678 * Forbid mm->exe_file change if old file still mapped. 1679 */ 1680 err = -EBUSY; 1681 if (mm->exe_file) { 1682 struct vm_area_struct *vma; 1683 1684 for (vma = mm->mmap; vma; vma = vma->vm_next) 1685 if (vma->vm_file && 1686 path_equal(&vma->vm_file->f_path, 1687 &mm->exe_file->f_path)) 1688 goto exit; 1689 } 1690 1691 /* 1692 * The symlink can be changed only once, just to disallow arbitrary 1693 * transitions malicious software might bring in. This means one 1694 * could make a snapshot over all processes running and monitor 1695 * /proc/pid/exe changes to notice unusual activity if needed. 1696 */ 1697 err = -EPERM; 1698 if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags)) 1699 goto exit; 1700 1701 err = 0; 1702 set_mm_exe_file(mm, exe.file); /* this grabs a reference to exe.file */ 1703 exit: 1704 fdput(exe); 1705 return err; 1706 } 1707 1708 #ifdef CONFIG_CHECKPOINT_RESTORE 1709 /* 1710 * WARNING: we don't require any capability here so be very careful 1711 * in what is allowed for modification from userspace. 1712 */ 1713 static int validate_prctl_map(struct prctl_mm_map *prctl_map) 1714 { 1715 unsigned long mmap_max_addr = TASK_SIZE; 1716 struct mm_struct *mm = current->mm; 1717 int error = -EINVAL, i; 1718 1719 static const unsigned char offsets[] = { 1720 offsetof(struct prctl_mm_map, start_code), 1721 offsetof(struct prctl_mm_map, end_code), 1722 offsetof(struct prctl_mm_map, start_data), 1723 offsetof(struct prctl_mm_map, end_data), 1724 offsetof(struct prctl_mm_map, start_brk), 1725 offsetof(struct prctl_mm_map, brk), 1726 offsetof(struct prctl_mm_map, start_stack), 1727 offsetof(struct prctl_mm_map, arg_start), 1728 offsetof(struct prctl_mm_map, arg_end), 1729 offsetof(struct prctl_mm_map, env_start), 1730 offsetof(struct prctl_mm_map, env_end), 1731 }; 1732 1733 /* 1734 * Make sure the members are not somewhere outside 1735 * of allowed address space. 1736 */ 1737 for (i = 0; i < ARRAY_SIZE(offsets); i++) { 1738 u64 val = *(u64 *)((char *)prctl_map + offsets[i]); 1739 1740 if ((unsigned long)val >= mmap_max_addr || 1741 (unsigned long)val < mmap_min_addr) 1742 goto out; 1743 } 1744 1745 /* 1746 * Make sure the pairs are ordered. 1747 */ 1748 #define __prctl_check_order(__m1, __op, __m2) \ 1749 ((unsigned long)prctl_map->__m1 __op \ 1750 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL 1751 error = __prctl_check_order(start_code, <, end_code); 1752 error |= __prctl_check_order(start_data, <, end_data); 1753 error |= __prctl_check_order(start_brk, <=, brk); 1754 error |= __prctl_check_order(arg_start, <=, arg_end); 1755 error |= __prctl_check_order(env_start, <=, env_end); 1756 if (error) 1757 goto out; 1758 #undef __prctl_check_order 1759 1760 error = -EINVAL; 1761 1762 /* 1763 * @brk should be after @end_data in traditional maps. 1764 */ 1765 if (prctl_map->start_brk <= prctl_map->end_data || 1766 prctl_map->brk <= prctl_map->end_data) 1767 goto out; 1768 1769 /* 1770 * Neither we should allow to override limits if they set. 1771 */ 1772 if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk, 1773 prctl_map->start_brk, prctl_map->end_data, 1774 prctl_map->start_data)) 1775 goto out; 1776 1777 /* 1778 * Someone is trying to cheat the auxv vector. 1779 */ 1780 if (prctl_map->auxv_size) { 1781 if (!prctl_map->auxv || prctl_map->auxv_size > sizeof(mm->saved_auxv)) 1782 goto out; 1783 } 1784 1785 /* 1786 * Finally, make sure the caller has the rights to 1787 * change /proc/pid/exe link: only local root should 1788 * be allowed to. 1789 */ 1790 if (prctl_map->exe_fd != (u32)-1) { 1791 struct user_namespace *ns = current_user_ns(); 1792 const struct cred *cred = current_cred(); 1793 1794 if (!uid_eq(cred->uid, make_kuid(ns, 0)) || 1795 !gid_eq(cred->gid, make_kgid(ns, 0))) 1796 goto out; 1797 } 1798 1799 error = 0; 1800 out: 1801 return error; 1802 } 1803 1804 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size) 1805 { 1806 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, }; 1807 unsigned long user_auxv[AT_VECTOR_SIZE]; 1808 struct mm_struct *mm = current->mm; 1809 int error; 1810 1811 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 1812 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256); 1813 1814 if (opt == PR_SET_MM_MAP_SIZE) 1815 return put_user((unsigned int)sizeof(prctl_map), 1816 (unsigned int __user *)addr); 1817 1818 if (data_size != sizeof(prctl_map)) 1819 return -EINVAL; 1820 1821 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) 1822 return -EFAULT; 1823 1824 error = validate_prctl_map(&prctl_map); 1825 if (error) 1826 return error; 1827 1828 if (prctl_map.auxv_size) { 1829 memset(user_auxv, 0, sizeof(user_auxv)); 1830 if (copy_from_user(user_auxv, 1831 (const void __user *)prctl_map.auxv, 1832 prctl_map.auxv_size)) 1833 return -EFAULT; 1834 1835 /* Last entry must be AT_NULL as specification requires */ 1836 user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL; 1837 user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL; 1838 } 1839 1840 down_write(&mm->mmap_sem); 1841 if (prctl_map.exe_fd != (u32)-1) 1842 error = prctl_set_mm_exe_file_locked(mm, prctl_map.exe_fd); 1843 downgrade_write(&mm->mmap_sem); 1844 if (error) 1845 goto out; 1846 1847 /* 1848 * We don't validate if these members are pointing to 1849 * real present VMAs because application may have correspond 1850 * VMAs already unmapped and kernel uses these members for statistics 1851 * output in procfs mostly, except 1852 * 1853 * - @start_brk/@brk which are used in do_brk but kernel lookups 1854 * for VMAs when updating these memvers so anything wrong written 1855 * here cause kernel to swear at userspace program but won't lead 1856 * to any problem in kernel itself 1857 */ 1858 1859 mm->start_code = prctl_map.start_code; 1860 mm->end_code = prctl_map.end_code; 1861 mm->start_data = prctl_map.start_data; 1862 mm->end_data = prctl_map.end_data; 1863 mm->start_brk = prctl_map.start_brk; 1864 mm->brk = prctl_map.brk; 1865 mm->start_stack = prctl_map.start_stack; 1866 mm->arg_start = prctl_map.arg_start; 1867 mm->arg_end = prctl_map.arg_end; 1868 mm->env_start = prctl_map.env_start; 1869 mm->env_end = prctl_map.env_end; 1870 1871 /* 1872 * Note this update of @saved_auxv is lockless thus 1873 * if someone reads this member in procfs while we're 1874 * updating -- it may get partly updated results. It's 1875 * known and acceptable trade off: we leave it as is to 1876 * not introduce additional locks here making the kernel 1877 * more complex. 1878 */ 1879 if (prctl_map.auxv_size) 1880 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv)); 1881 1882 error = 0; 1883 out: 1884 up_read(&mm->mmap_sem); 1885 return error; 1886 } 1887 #endif /* CONFIG_CHECKPOINT_RESTORE */ 1888 1889 static int prctl_set_mm(int opt, unsigned long addr, 1890 unsigned long arg4, unsigned long arg5) 1891 { 1892 struct mm_struct *mm = current->mm; 1893 struct vm_area_struct *vma; 1894 int error; 1895 1896 if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV && 1897 opt != PR_SET_MM_MAP && 1898 opt != PR_SET_MM_MAP_SIZE))) 1899 return -EINVAL; 1900 1901 #ifdef CONFIG_CHECKPOINT_RESTORE 1902 if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE) 1903 return prctl_set_mm_map(opt, (const void __user *)addr, arg4); 1904 #endif 1905 1906 if (!capable(CAP_SYS_RESOURCE)) 1907 return -EPERM; 1908 1909 if (opt == PR_SET_MM_EXE_FILE) { 1910 down_write(&mm->mmap_sem); 1911 error = prctl_set_mm_exe_file_locked(mm, (unsigned int)addr); 1912 up_write(&mm->mmap_sem); 1913 return error; 1914 } 1915 1916 if (addr >= TASK_SIZE || addr < mmap_min_addr) 1917 return -EINVAL; 1918 1919 error = -EINVAL; 1920 1921 down_read(&mm->mmap_sem); 1922 vma = find_vma(mm, addr); 1923 1924 switch (opt) { 1925 case PR_SET_MM_START_CODE: 1926 mm->start_code = addr; 1927 break; 1928 case PR_SET_MM_END_CODE: 1929 mm->end_code = addr; 1930 break; 1931 case PR_SET_MM_START_DATA: 1932 mm->start_data = addr; 1933 break; 1934 case PR_SET_MM_END_DATA: 1935 mm->end_data = addr; 1936 break; 1937 1938 case PR_SET_MM_START_BRK: 1939 if (addr <= mm->end_data) 1940 goto out; 1941 1942 if (check_data_rlimit(rlimit(RLIMIT_DATA), mm->brk, addr, 1943 mm->end_data, mm->start_data)) 1944 goto out; 1945 1946 mm->start_brk = addr; 1947 break; 1948 1949 case PR_SET_MM_BRK: 1950 if (addr <= mm->end_data) 1951 goto out; 1952 1953 if (check_data_rlimit(rlimit(RLIMIT_DATA), addr, mm->start_brk, 1954 mm->end_data, mm->start_data)) 1955 goto out; 1956 1957 mm->brk = addr; 1958 break; 1959 1960 /* 1961 * If command line arguments and environment 1962 * are placed somewhere else on stack, we can 1963 * set them up here, ARG_START/END to setup 1964 * command line argumets and ENV_START/END 1965 * for environment. 1966 */ 1967 case PR_SET_MM_START_STACK: 1968 case PR_SET_MM_ARG_START: 1969 case PR_SET_MM_ARG_END: 1970 case PR_SET_MM_ENV_START: 1971 case PR_SET_MM_ENV_END: 1972 if (!vma) { 1973 error = -EFAULT; 1974 goto out; 1975 } 1976 if (opt == PR_SET_MM_START_STACK) 1977 mm->start_stack = addr; 1978 else if (opt == PR_SET_MM_ARG_START) 1979 mm->arg_start = addr; 1980 else if (opt == PR_SET_MM_ARG_END) 1981 mm->arg_end = addr; 1982 else if (opt == PR_SET_MM_ENV_START) 1983 mm->env_start = addr; 1984 else if (opt == PR_SET_MM_ENV_END) 1985 mm->env_end = addr; 1986 break; 1987 1988 /* 1989 * This doesn't move auxiliary vector itself 1990 * since it's pinned to mm_struct, but allow 1991 * to fill vector with new values. It's up 1992 * to a caller to provide sane values here 1993 * otherwise user space tools which use this 1994 * vector might be unhappy. 1995 */ 1996 case PR_SET_MM_AUXV: { 1997 unsigned long user_auxv[AT_VECTOR_SIZE]; 1998 1999 if (arg4 > sizeof(user_auxv)) 2000 goto out; 2001 up_read(&mm->mmap_sem); 2002 2003 if (copy_from_user(user_auxv, (const void __user *)addr, arg4)) 2004 return -EFAULT; 2005 2006 /* Make sure the last entry is always AT_NULL */ 2007 user_auxv[AT_VECTOR_SIZE - 2] = 0; 2008 user_auxv[AT_VECTOR_SIZE - 1] = 0; 2009 2010 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 2011 2012 task_lock(current); 2013 memcpy(mm->saved_auxv, user_auxv, arg4); 2014 task_unlock(current); 2015 2016 return 0; 2017 } 2018 default: 2019 goto out; 2020 } 2021 2022 error = 0; 2023 out: 2024 up_read(&mm->mmap_sem); 2025 return error; 2026 } 2027 2028 #ifdef CONFIG_CHECKPOINT_RESTORE 2029 static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 2030 { 2031 return put_user(me->clear_child_tid, tid_addr); 2032 } 2033 #else 2034 static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 2035 { 2036 return -EINVAL; 2037 } 2038 #endif 2039 2040 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, 2041 unsigned long, arg4, unsigned long, arg5) 2042 { 2043 struct task_struct *me = current; 2044 unsigned char comm[sizeof(me->comm)]; 2045 long error; 2046 2047 error = security_task_prctl(option, arg2, arg3, arg4, arg5); 2048 if (error != -ENOSYS) 2049 return error; 2050 2051 error = 0; 2052 switch (option) { 2053 case PR_SET_PDEATHSIG: 2054 if (!valid_signal(arg2)) { 2055 error = -EINVAL; 2056 break; 2057 } 2058 me->pdeath_signal = arg2; 2059 break; 2060 case PR_GET_PDEATHSIG: 2061 error = put_user(me->pdeath_signal, (int __user *)arg2); 2062 break; 2063 case PR_GET_DUMPABLE: 2064 error = get_dumpable(me->mm); 2065 break; 2066 case PR_SET_DUMPABLE: 2067 if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) { 2068 error = -EINVAL; 2069 break; 2070 } 2071 set_dumpable(me->mm, arg2); 2072 break; 2073 2074 case PR_SET_UNALIGN: 2075 error = SET_UNALIGN_CTL(me, arg2); 2076 break; 2077 case PR_GET_UNALIGN: 2078 error = GET_UNALIGN_CTL(me, arg2); 2079 break; 2080 case PR_SET_FPEMU: 2081 error = SET_FPEMU_CTL(me, arg2); 2082 break; 2083 case PR_GET_FPEMU: 2084 error = GET_FPEMU_CTL(me, arg2); 2085 break; 2086 case PR_SET_FPEXC: 2087 error = SET_FPEXC_CTL(me, arg2); 2088 break; 2089 case PR_GET_FPEXC: 2090 error = GET_FPEXC_CTL(me, arg2); 2091 break; 2092 case PR_GET_TIMING: 2093 error = PR_TIMING_STATISTICAL; 2094 break; 2095 case PR_SET_TIMING: 2096 if (arg2 != PR_TIMING_STATISTICAL) 2097 error = -EINVAL; 2098 break; 2099 case PR_SET_NAME: 2100 comm[sizeof(me->comm) - 1] = 0; 2101 if (strncpy_from_user(comm, (char __user *)arg2, 2102 sizeof(me->comm) - 1) < 0) 2103 return -EFAULT; 2104 set_task_comm(me, comm); 2105 proc_comm_connector(me); 2106 break; 2107 case PR_GET_NAME: 2108 get_task_comm(comm, me); 2109 if (copy_to_user((char __user *)arg2, comm, sizeof(comm))) 2110 return -EFAULT; 2111 break; 2112 case PR_GET_ENDIAN: 2113 error = GET_ENDIAN(me, arg2); 2114 break; 2115 case PR_SET_ENDIAN: 2116 error = SET_ENDIAN(me, arg2); 2117 break; 2118 case PR_GET_SECCOMP: 2119 error = prctl_get_seccomp(); 2120 break; 2121 case PR_SET_SECCOMP: 2122 error = prctl_set_seccomp(arg2, (char __user *)arg3); 2123 break; 2124 case PR_GET_TSC: 2125 error = GET_TSC_CTL(arg2); 2126 break; 2127 case PR_SET_TSC: 2128 error = SET_TSC_CTL(arg2); 2129 break; 2130 case PR_TASK_PERF_EVENTS_DISABLE: 2131 error = perf_event_task_disable(); 2132 break; 2133 case PR_TASK_PERF_EVENTS_ENABLE: 2134 error = perf_event_task_enable(); 2135 break; 2136 case PR_GET_TIMERSLACK: 2137 error = current->timer_slack_ns; 2138 break; 2139 case PR_SET_TIMERSLACK: 2140 if (arg2 <= 0) 2141 current->timer_slack_ns = 2142 current->default_timer_slack_ns; 2143 else 2144 current->timer_slack_ns = arg2; 2145 break; 2146 case PR_MCE_KILL: 2147 if (arg4 | arg5) 2148 return -EINVAL; 2149 switch (arg2) { 2150 case PR_MCE_KILL_CLEAR: 2151 if (arg3 != 0) 2152 return -EINVAL; 2153 current->flags &= ~PF_MCE_PROCESS; 2154 break; 2155 case PR_MCE_KILL_SET: 2156 current->flags |= PF_MCE_PROCESS; 2157 if (arg3 == PR_MCE_KILL_EARLY) 2158 current->flags |= PF_MCE_EARLY; 2159 else if (arg3 == PR_MCE_KILL_LATE) 2160 current->flags &= ~PF_MCE_EARLY; 2161 else if (arg3 == PR_MCE_KILL_DEFAULT) 2162 current->flags &= 2163 ~(PF_MCE_EARLY|PF_MCE_PROCESS); 2164 else 2165 return -EINVAL; 2166 break; 2167 default: 2168 return -EINVAL; 2169 } 2170 break; 2171 case PR_MCE_KILL_GET: 2172 if (arg2 | arg3 | arg4 | arg5) 2173 return -EINVAL; 2174 if (current->flags & PF_MCE_PROCESS) 2175 error = (current->flags & PF_MCE_EARLY) ? 2176 PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE; 2177 else 2178 error = PR_MCE_KILL_DEFAULT; 2179 break; 2180 case PR_SET_MM: 2181 error = prctl_set_mm(arg2, arg3, arg4, arg5); 2182 break; 2183 case PR_GET_TID_ADDRESS: 2184 error = prctl_get_tid_address(me, (int __user **)arg2); 2185 break; 2186 case PR_SET_CHILD_SUBREAPER: 2187 me->signal->is_child_subreaper = !!arg2; 2188 break; 2189 case PR_GET_CHILD_SUBREAPER: 2190 error = put_user(me->signal->is_child_subreaper, 2191 (int __user *)arg2); 2192 break; 2193 case PR_SET_NO_NEW_PRIVS: 2194 if (arg2 != 1 || arg3 || arg4 || arg5) 2195 return -EINVAL; 2196 2197 task_set_no_new_privs(current); 2198 break; 2199 case PR_GET_NO_NEW_PRIVS: 2200 if (arg2 || arg3 || arg4 || arg5) 2201 return -EINVAL; 2202 return task_no_new_privs(current) ? 1 : 0; 2203 case PR_GET_THP_DISABLE: 2204 if (arg2 || arg3 || arg4 || arg5) 2205 return -EINVAL; 2206 error = !!(me->mm->def_flags & VM_NOHUGEPAGE); 2207 break; 2208 case PR_SET_THP_DISABLE: 2209 if (arg3 || arg4 || arg5) 2210 return -EINVAL; 2211 down_write(&me->mm->mmap_sem); 2212 if (arg2) 2213 me->mm->def_flags |= VM_NOHUGEPAGE; 2214 else 2215 me->mm->def_flags &= ~VM_NOHUGEPAGE; 2216 up_write(&me->mm->mmap_sem); 2217 break; 2218 case PR_MPX_ENABLE_MANAGEMENT: 2219 if (arg2 || arg3 || arg4 || arg5) 2220 return -EINVAL; 2221 error = MPX_ENABLE_MANAGEMENT(me); 2222 break; 2223 case PR_MPX_DISABLE_MANAGEMENT: 2224 if (arg2 || arg3 || arg4 || arg5) 2225 return -EINVAL; 2226 error = MPX_DISABLE_MANAGEMENT(me); 2227 break; 2228 case PR_SET_FP_MODE: 2229 error = SET_FP_MODE(me, arg2); 2230 break; 2231 case PR_GET_FP_MODE: 2232 error = GET_FP_MODE(me); 2233 break; 2234 default: 2235 error = -EINVAL; 2236 break; 2237 } 2238 return error; 2239 } 2240 2241 SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep, 2242 struct getcpu_cache __user *, unused) 2243 { 2244 int err = 0; 2245 int cpu = raw_smp_processor_id(); 2246 2247 if (cpup) 2248 err |= put_user(cpu, cpup); 2249 if (nodep) 2250 err |= put_user(cpu_to_node(cpu), nodep); 2251 return err ? -EFAULT : 0; 2252 } 2253 2254 /** 2255 * do_sysinfo - fill in sysinfo struct 2256 * @info: pointer to buffer to fill 2257 */ 2258 static int do_sysinfo(struct sysinfo *info) 2259 { 2260 unsigned long mem_total, sav_total; 2261 unsigned int mem_unit, bitcount; 2262 struct timespec tp; 2263 2264 memset(info, 0, sizeof(struct sysinfo)); 2265 2266 get_monotonic_boottime(&tp); 2267 info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0); 2268 2269 get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT); 2270 2271 info->procs = nr_threads; 2272 2273 si_meminfo(info); 2274 si_swapinfo(info); 2275 2276 /* 2277 * If the sum of all the available memory (i.e. ram + swap) 2278 * is less than can be stored in a 32 bit unsigned long then 2279 * we can be binary compatible with 2.2.x kernels. If not, 2280 * well, in that case 2.2.x was broken anyways... 2281 * 2282 * -Erik Andersen <andersee@debian.org> 2283 */ 2284 2285 mem_total = info->totalram + info->totalswap; 2286 if (mem_total < info->totalram || mem_total < info->totalswap) 2287 goto out; 2288 bitcount = 0; 2289 mem_unit = info->mem_unit; 2290 while (mem_unit > 1) { 2291 bitcount++; 2292 mem_unit >>= 1; 2293 sav_total = mem_total; 2294 mem_total <<= 1; 2295 if (mem_total < sav_total) 2296 goto out; 2297 } 2298 2299 /* 2300 * If mem_total did not overflow, multiply all memory values by 2301 * info->mem_unit and set it to 1. This leaves things compatible 2302 * with 2.2.x, and also retains compatibility with earlier 2.4.x 2303 * kernels... 2304 */ 2305 2306 info->mem_unit = 1; 2307 info->totalram <<= bitcount; 2308 info->freeram <<= bitcount; 2309 info->sharedram <<= bitcount; 2310 info->bufferram <<= bitcount; 2311 info->totalswap <<= bitcount; 2312 info->freeswap <<= bitcount; 2313 info->totalhigh <<= bitcount; 2314 info->freehigh <<= bitcount; 2315 2316 out: 2317 return 0; 2318 } 2319 2320 SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info) 2321 { 2322 struct sysinfo val; 2323 2324 do_sysinfo(&val); 2325 2326 if (copy_to_user(info, &val, sizeof(struct sysinfo))) 2327 return -EFAULT; 2328 2329 return 0; 2330 } 2331 2332 #ifdef CONFIG_COMPAT 2333 struct compat_sysinfo { 2334 s32 uptime; 2335 u32 loads[3]; 2336 u32 totalram; 2337 u32 freeram; 2338 u32 sharedram; 2339 u32 bufferram; 2340 u32 totalswap; 2341 u32 freeswap; 2342 u16 procs; 2343 u16 pad; 2344 u32 totalhigh; 2345 u32 freehigh; 2346 u32 mem_unit; 2347 char _f[20-2*sizeof(u32)-sizeof(int)]; 2348 }; 2349 2350 COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info) 2351 { 2352 struct sysinfo s; 2353 2354 do_sysinfo(&s); 2355 2356 /* Check to see if any memory value is too large for 32-bit and scale 2357 * down if needed 2358 */ 2359 if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) { 2360 int bitcount = 0; 2361 2362 while (s.mem_unit < PAGE_SIZE) { 2363 s.mem_unit <<= 1; 2364 bitcount++; 2365 } 2366 2367 s.totalram >>= bitcount; 2368 s.freeram >>= bitcount; 2369 s.sharedram >>= bitcount; 2370 s.bufferram >>= bitcount; 2371 s.totalswap >>= bitcount; 2372 s.freeswap >>= bitcount; 2373 s.totalhigh >>= bitcount; 2374 s.freehigh >>= bitcount; 2375 } 2376 2377 if (!access_ok(VERIFY_WRITE, info, sizeof(struct compat_sysinfo)) || 2378 __put_user(s.uptime, &info->uptime) || 2379 __put_user(s.loads[0], &info->loads[0]) || 2380 __put_user(s.loads[1], &info->loads[1]) || 2381 __put_user(s.loads[2], &info->loads[2]) || 2382 __put_user(s.totalram, &info->totalram) || 2383 __put_user(s.freeram, &info->freeram) || 2384 __put_user(s.sharedram, &info->sharedram) || 2385 __put_user(s.bufferram, &info->bufferram) || 2386 __put_user(s.totalswap, &info->totalswap) || 2387 __put_user(s.freeswap, &info->freeswap) || 2388 __put_user(s.procs, &info->procs) || 2389 __put_user(s.totalhigh, &info->totalhigh) || 2390 __put_user(s.freehigh, &info->freehigh) || 2391 __put_user(s.mem_unit, &info->mem_unit)) 2392 return -EFAULT; 2393 2394 return 0; 2395 } 2396 #endif /* CONFIG_COMPAT */ 2397