]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * linux/ipc/msg.c | |
5a06a363 | 3 | * Copyright (C) 1992 Krishna Balasubramanian |
1da177e4 LT |
4 | * |
5 | * Removed all the remaining kerneld mess | |
6 | * Catch the -EFAULT stuff properly | |
7 | * Use GFP_KERNEL for messages as in 1.2 | |
8 | * Fixed up the unchecked user space derefs | |
9 | * Copyright (C) 1998 Alan Cox & Andi Kleen | |
10 | * | |
11 | * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com> | |
12 | * | |
13 | * mostly rewritten, threaded and wake-one semantics added | |
14 | * MSGMAX limit removed, sysctl's added | |
624dffcb | 15 | * (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
073115d6 SG |
16 | * |
17 | * support for audit of ipc object properties and permission changes | |
18 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | |
1e786937 KK |
19 | * |
20 | * namespaces support | |
21 | * OpenVZ, SWsoft Inc. | |
22 | * Pavel Emelianov <xemul@openvz.org> | |
1da177e4 LT |
23 | */ |
24 | ||
c59ede7b | 25 | #include <linux/capability.h> |
1da177e4 LT |
26 | #include <linux/slab.h> |
27 | #include <linux/msg.h> | |
28 | #include <linux/spinlock.h> | |
29 | #include <linux/init.h> | |
30 | #include <linux/proc_fs.h> | |
31 | #include <linux/list.h> | |
32 | #include <linux/security.h> | |
33 | #include <linux/sched.h> | |
34 | #include <linux/syscalls.h> | |
35 | #include <linux/audit.h> | |
19b4946c | 36 | #include <linux/seq_file.h> |
5f921ae9 | 37 | #include <linux/mutex.h> |
1e786937 | 38 | #include <linux/nsproxy.h> |
5f921ae9 | 39 | |
1da177e4 LT |
40 | #include <asm/current.h> |
41 | #include <asm/uaccess.h> | |
42 | #include "util.h" | |
43 | ||
5a06a363 IM |
44 | /* |
45 | * one msg_receiver structure for each sleeping receiver: | |
46 | */ | |
1da177e4 | 47 | struct msg_receiver { |
5a06a363 IM |
48 | struct list_head r_list; |
49 | struct task_struct *r_tsk; | |
1da177e4 | 50 | |
5a06a363 IM |
51 | int r_mode; |
52 | long r_msgtype; | |
53 | long r_maxsize; | |
1da177e4 | 54 | |
80491eb9 | 55 | struct msg_msg *volatile r_msg; |
1da177e4 LT |
56 | }; |
57 | ||
58 | /* one msg_sender for each sleeping sender */ | |
59 | struct msg_sender { | |
5a06a363 IM |
60 | struct list_head list; |
61 | struct task_struct *tsk; | |
1da177e4 LT |
62 | }; |
63 | ||
64 | #define SEARCH_ANY 1 | |
65 | #define SEARCH_EQUAL 2 | |
66 | #define SEARCH_NOTEQUAL 3 | |
67 | #define SEARCH_LESSEQUAL 4 | |
68 | ||
5a06a363 IM |
69 | static atomic_t msg_bytes = ATOMIC_INIT(0); |
70 | static atomic_t msg_hdrs = ATOMIC_INIT(0); | |
1da177e4 | 71 | |
1e786937 | 72 | static struct ipc_ids init_msg_ids; |
1da177e4 | 73 | |
1e786937 | 74 | #define msg_ids(ns) (*((ns)->ids[IPC_MSG_IDS])) |
1da177e4 | 75 | |
1e786937 KK |
76 | #define msg_lock(ns, id) ((struct msg_queue*)ipc_lock(&msg_ids(ns), id)) |
77 | #define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) | |
1e786937 KK |
78 | #define msg_checkid(ns, msq, msgid) \ |
79 | ipc_checkid(&msg_ids(ns), &msq->q_perm, msgid) | |
80 | #define msg_buildid(ns, id, seq) \ | |
81 | ipc_buildid(&msg_ids(ns), id, seq) | |
82 | ||
7ca7e564 | 83 | static void freeque(struct ipc_namespace *, struct msg_queue *); |
1e786937 | 84 | static int newque (struct ipc_namespace *ns, key_t key, int msgflg); |
1da177e4 | 85 | #ifdef CONFIG_PROC_FS |
19b4946c | 86 | static int sysvipc_msg_proc_show(struct seq_file *s, void *it); |
1da177e4 LT |
87 | #endif |
88 | ||
7d69a1f4 | 89 | static void __msg_init_ns(struct ipc_namespace *ns, struct ipc_ids *ids) |
1e786937 KK |
90 | { |
91 | ns->ids[IPC_MSG_IDS] = ids; | |
92 | ns->msg_ctlmax = MSGMAX; | |
93 | ns->msg_ctlmnb = MSGMNB; | |
94 | ns->msg_ctlmni = MSGMNI; | |
7ca7e564 | 95 | ipc_init_ids(ids); |
1e786937 KK |
96 | } |
97 | ||
1e786937 KK |
98 | int msg_init_ns(struct ipc_namespace *ns) |
99 | { | |
100 | struct ipc_ids *ids; | |
101 | ||
102 | ids = kmalloc(sizeof(struct ipc_ids), GFP_KERNEL); | |
103 | if (ids == NULL) | |
104 | return -ENOMEM; | |
105 | ||
106 | __msg_init_ns(ns, ids); | |
107 | return 0; | |
108 | } | |
109 | ||
110 | void msg_exit_ns(struct ipc_namespace *ns) | |
111 | { | |
1e786937 | 112 | struct msg_queue *msq; |
7ca7e564 ND |
113 | int next_id; |
114 | int total, in_use; | |
1e786937 KK |
115 | |
116 | mutex_lock(&msg_ids(ns).mutex); | |
7ca7e564 ND |
117 | |
118 | in_use = msg_ids(ns).in_use; | |
119 | ||
120 | for (total = 0, next_id = 0; total < in_use; next_id++) { | |
121 | msq = idr_find(&msg_ids(ns).ipcs_idr, next_id); | |
1e786937 KK |
122 | if (msq == NULL) |
123 | continue; | |
7ca7e564 ND |
124 | ipc_lock_by_ptr(&msq->q_perm); |
125 | freeque(ns, msq); | |
126 | total++; | |
1e786937 KK |
127 | } |
128 | mutex_unlock(&msg_ids(ns).mutex); | |
129 | ||
130 | kfree(ns->ids[IPC_MSG_IDS]); | |
131 | ns->ids[IPC_MSG_IDS] = NULL; | |
132 | } | |
1e786937 | 133 | |
5a06a363 | 134 | void __init msg_init(void) |
1da177e4 | 135 | { |
1e786937 | 136 | __msg_init_ns(&init_ipc_ns, &init_msg_ids); |
19b4946c MW |
137 | ipc_init_proc_interface("sysvipc/msg", |
138 | " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", | |
1e786937 | 139 | IPC_MSG_IDS, sysvipc_msg_proc_show); |
1da177e4 LT |
140 | } |
141 | ||
7ca7e564 ND |
142 | static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s) |
143 | { | |
144 | ipc_rmid(&msg_ids(ns), &s->q_perm); | |
145 | } | |
146 | ||
1e786937 | 147 | static int newque (struct ipc_namespace *ns, key_t key, int msgflg) |
1da177e4 | 148 | { |
1da177e4 | 149 | struct msg_queue *msq; |
5a06a363 | 150 | int id, retval; |
1da177e4 | 151 | |
5a06a363 IM |
152 | msq = ipc_rcu_alloc(sizeof(*msq)); |
153 | if (!msq) | |
1da177e4 LT |
154 | return -ENOMEM; |
155 | ||
5a06a363 | 156 | msq->q_perm.mode = msgflg & S_IRWXUGO; |
1da177e4 LT |
157 | msq->q_perm.key = key; |
158 | ||
159 | msq->q_perm.security = NULL; | |
160 | retval = security_msg_queue_alloc(msq); | |
161 | if (retval) { | |
162 | ipc_rcu_putref(msq); | |
163 | return retval; | |
164 | } | |
165 | ||
7ca7e564 ND |
166 | /* |
167 | * ipc_addid() locks msq | |
168 | */ | |
1e786937 | 169 | id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
5a06a363 | 170 | if (id == -1) { |
1da177e4 LT |
171 | security_msg_queue_free(msq); |
172 | ipc_rcu_putref(msq); | |
173 | return -ENOSPC; | |
174 | } | |
175 | ||
7ca7e564 | 176 | msq->q_perm.id = msg_buildid(ns, id, msq->q_perm.seq); |
1da177e4 LT |
177 | msq->q_stime = msq->q_rtime = 0; |
178 | msq->q_ctime = get_seconds(); | |
179 | msq->q_cbytes = msq->q_qnum = 0; | |
1e786937 | 180 | msq->q_qbytes = ns->msg_ctlmnb; |
1da177e4 LT |
181 | msq->q_lspid = msq->q_lrpid = 0; |
182 | INIT_LIST_HEAD(&msq->q_messages); | |
183 | INIT_LIST_HEAD(&msq->q_receivers); | |
184 | INIT_LIST_HEAD(&msq->q_senders); | |
7ca7e564 | 185 | |
1da177e4 LT |
186 | msg_unlock(msq); |
187 | ||
7ca7e564 | 188 | return msq->q_perm.id; |
1da177e4 LT |
189 | } |
190 | ||
5a06a363 | 191 | static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss) |
1da177e4 | 192 | { |
5a06a363 IM |
193 | mss->tsk = current; |
194 | current->state = TASK_INTERRUPTIBLE; | |
195 | list_add_tail(&mss->list, &msq->q_senders); | |
1da177e4 LT |
196 | } |
197 | ||
5a06a363 | 198 | static inline void ss_del(struct msg_sender *mss) |
1da177e4 | 199 | { |
5a06a363 | 200 | if (mss->list.next != NULL) |
1da177e4 LT |
201 | list_del(&mss->list); |
202 | } | |
203 | ||
5a06a363 | 204 | static void ss_wakeup(struct list_head *h, int kill) |
1da177e4 LT |
205 | { |
206 | struct list_head *tmp; | |
207 | ||
208 | tmp = h->next; | |
209 | while (tmp != h) { | |
5a06a363 IM |
210 | struct msg_sender *mss; |
211 | ||
212 | mss = list_entry(tmp, struct msg_sender, list); | |
1da177e4 | 213 | tmp = tmp->next; |
5a06a363 IM |
214 | if (kill) |
215 | mss->list.next = NULL; | |
1da177e4 LT |
216 | wake_up_process(mss->tsk); |
217 | } | |
218 | } | |
219 | ||
5a06a363 | 220 | static void expunge_all(struct msg_queue *msq, int res) |
1da177e4 LT |
221 | { |
222 | struct list_head *tmp; | |
223 | ||
224 | tmp = msq->q_receivers.next; | |
225 | while (tmp != &msq->q_receivers) { | |
5a06a363 IM |
226 | struct msg_receiver *msr; |
227 | ||
228 | msr = list_entry(tmp, struct msg_receiver, r_list); | |
1da177e4 LT |
229 | tmp = tmp->next; |
230 | msr->r_msg = NULL; | |
231 | wake_up_process(msr->r_tsk); | |
232 | smp_mb(); | |
233 | msr->r_msg = ERR_PTR(res); | |
234 | } | |
235 | } | |
5a06a363 IM |
236 | |
237 | /* | |
238 | * freeque() wakes up waiters on the sender and receiver waiting queue, | |
239 | * removes the message queue from message queue ID | |
7ca7e564 | 240 | * IDR, and cleans up all the messages associated with this queue. |
1da177e4 | 241 | * |
7ca7e564 | 242 | * msg_ids.mutex and the spinlock for this message queue are held |
5f921ae9 | 243 | * before freeque() is called. msg_ids.mutex remains locked on exit. |
1da177e4 | 244 | */ |
7ca7e564 | 245 | static void freeque(struct ipc_namespace *ns, struct msg_queue *msq) |
1da177e4 LT |
246 | { |
247 | struct list_head *tmp; | |
248 | ||
5a06a363 IM |
249 | expunge_all(msq, -EIDRM); |
250 | ss_wakeup(&msq->q_senders, 1); | |
7ca7e564 | 251 | msg_rmid(ns, msq); |
1da177e4 | 252 | msg_unlock(msq); |
5a06a363 | 253 | |
1da177e4 | 254 | tmp = msq->q_messages.next; |
5a06a363 IM |
255 | while (tmp != &msq->q_messages) { |
256 | struct msg_msg *msg = list_entry(tmp, struct msg_msg, m_list); | |
257 | ||
1da177e4 LT |
258 | tmp = tmp->next; |
259 | atomic_dec(&msg_hdrs); | |
260 | free_msg(msg); | |
261 | } | |
262 | atomic_sub(msq->q_cbytes, &msg_bytes); | |
263 | security_msg_queue_free(msq); | |
264 | ipc_rcu_putref(msq); | |
265 | } | |
266 | ||
5a06a363 | 267 | asmlinkage long sys_msgget(key_t key, int msgflg) |
1da177e4 | 268 | { |
1da177e4 | 269 | struct msg_queue *msq; |
7ca7e564 | 270 | int ret; |
1e786937 KK |
271 | struct ipc_namespace *ns; |
272 | ||
273 | ns = current->nsproxy->ipc_ns; | |
7ca7e564 ND |
274 | |
275 | ret = idr_pre_get(&msg_ids(ns).ipcs_idr, GFP_KERNEL); | |
276 | ||
277 | if (key == IPC_PRIVATE) { | |
278 | if (!ret) | |
279 | ret = -ENOMEM; | |
280 | else { | |
281 | mutex_lock(&msg_ids(ns).mutex); | |
1e786937 | 282 | ret = newque(ns, key, msgflg); |
7ca7e564 ND |
283 | mutex_unlock(&msg_ids(ns).mutex); |
284 | } | |
1da177e4 | 285 | } else { |
7ca7e564 ND |
286 | mutex_lock(&msg_ids(ns).mutex); |
287 | msq = (struct msg_queue *) ipc_findkey(&msg_ids(ns), key); | |
288 | if (msq == NULL) { | |
289 | /* key not used */ | |
290 | if (!(msgflg & IPC_CREAT)) | |
291 | ret = -ENOENT; | |
292 | else if (!ret) | |
293 | ret = -ENOMEM; | |
294 | else | |
295 | ret = newque(ns, key, msgflg); | |
296 | } else { | |
297 | /* msq has been locked by ipc_findkey() */ | |
298 | ||
299 | if (msgflg & IPC_CREAT && msgflg & IPC_EXCL) | |
300 | ret = -EEXIST; | |
301 | else { | |
302 | if (ipcperms(&msq->q_perm, msgflg)) | |
303 | ret = -EACCES; | |
304 | else { | |
305 | ret = security_msg_queue_associate( | |
306 | msq, msgflg); | |
307 | if (!ret) | |
308 | ret = msq->q_perm.id; | |
309 | } | |
310 | } | |
311 | msg_unlock(msq); | |
1da177e4 | 312 | } |
7ca7e564 | 313 | mutex_unlock(&msg_ids(ns).mutex); |
1da177e4 | 314 | } |
5a06a363 | 315 | |
1da177e4 LT |
316 | return ret; |
317 | } | |
318 | ||
5a06a363 IM |
319 | static inline unsigned long |
320 | copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) | |
1da177e4 LT |
321 | { |
322 | switch(version) { | |
323 | case IPC_64: | |
5a06a363 | 324 | return copy_to_user(buf, in, sizeof(*in)); |
1da177e4 | 325 | case IPC_OLD: |
5a06a363 | 326 | { |
1da177e4 LT |
327 | struct msqid_ds out; |
328 | ||
5a06a363 | 329 | memset(&out, 0, sizeof(out)); |
1da177e4 LT |
330 | |
331 | ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); | |
332 | ||
333 | out.msg_stime = in->msg_stime; | |
334 | out.msg_rtime = in->msg_rtime; | |
335 | out.msg_ctime = in->msg_ctime; | |
336 | ||
5a06a363 | 337 | if (in->msg_cbytes > USHRT_MAX) |
1da177e4 LT |
338 | out.msg_cbytes = USHRT_MAX; |
339 | else | |
340 | out.msg_cbytes = in->msg_cbytes; | |
341 | out.msg_lcbytes = in->msg_cbytes; | |
342 | ||
5a06a363 | 343 | if (in->msg_qnum > USHRT_MAX) |
1da177e4 LT |
344 | out.msg_qnum = USHRT_MAX; |
345 | else | |
346 | out.msg_qnum = in->msg_qnum; | |
347 | ||
5a06a363 | 348 | if (in->msg_qbytes > USHRT_MAX) |
1da177e4 LT |
349 | out.msg_qbytes = USHRT_MAX; |
350 | else | |
351 | out.msg_qbytes = in->msg_qbytes; | |
352 | out.msg_lqbytes = in->msg_qbytes; | |
353 | ||
354 | out.msg_lspid = in->msg_lspid; | |
355 | out.msg_lrpid = in->msg_lrpid; | |
356 | ||
5a06a363 IM |
357 | return copy_to_user(buf, &out, sizeof(out)); |
358 | } | |
1da177e4 LT |
359 | default: |
360 | return -EINVAL; | |
361 | } | |
362 | } | |
363 | ||
364 | struct msq_setbuf { | |
365 | unsigned long qbytes; | |
366 | uid_t uid; | |
367 | gid_t gid; | |
368 | mode_t mode; | |
369 | }; | |
370 | ||
5a06a363 IM |
371 | static inline unsigned long |
372 | copy_msqid_from_user(struct msq_setbuf *out, void __user *buf, int version) | |
1da177e4 LT |
373 | { |
374 | switch(version) { | |
375 | case IPC_64: | |
5a06a363 | 376 | { |
1da177e4 LT |
377 | struct msqid64_ds tbuf; |
378 | ||
5a06a363 | 379 | if (copy_from_user(&tbuf, buf, sizeof(tbuf))) |
1da177e4 LT |
380 | return -EFAULT; |
381 | ||
382 | out->qbytes = tbuf.msg_qbytes; | |
383 | out->uid = tbuf.msg_perm.uid; | |
384 | out->gid = tbuf.msg_perm.gid; | |
385 | out->mode = tbuf.msg_perm.mode; | |
386 | ||
387 | return 0; | |
5a06a363 | 388 | } |
1da177e4 | 389 | case IPC_OLD: |
5a06a363 | 390 | { |
1da177e4 LT |
391 | struct msqid_ds tbuf_old; |
392 | ||
5a06a363 | 393 | if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old))) |
1da177e4 LT |
394 | return -EFAULT; |
395 | ||
396 | out->uid = tbuf_old.msg_perm.uid; | |
397 | out->gid = tbuf_old.msg_perm.gid; | |
398 | out->mode = tbuf_old.msg_perm.mode; | |
399 | ||
5a06a363 | 400 | if (tbuf_old.msg_qbytes == 0) |
1da177e4 LT |
401 | out->qbytes = tbuf_old.msg_lqbytes; |
402 | else | |
403 | out->qbytes = tbuf_old.msg_qbytes; | |
404 | ||
405 | return 0; | |
5a06a363 | 406 | } |
1da177e4 LT |
407 | default: |
408 | return -EINVAL; | |
409 | } | |
410 | } | |
411 | ||
5a06a363 | 412 | asmlinkage long sys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf) |
1da177e4 | 413 | { |
1da177e4 | 414 | struct kern_ipc_perm *ipcp; |
8e1c091c | 415 | struct msq_setbuf uninitialized_var(setbuf); |
5a06a363 IM |
416 | struct msg_queue *msq; |
417 | int err, version; | |
1e786937 | 418 | struct ipc_namespace *ns; |
5a06a363 | 419 | |
1da177e4 LT |
420 | if (msqid < 0 || cmd < 0) |
421 | return -EINVAL; | |
422 | ||
423 | version = ipc_parse_version(&cmd); | |
1e786937 | 424 | ns = current->nsproxy->ipc_ns; |
1da177e4 LT |
425 | |
426 | switch (cmd) { | |
5a06a363 IM |
427 | case IPC_INFO: |
428 | case MSG_INFO: | |
429 | { | |
1da177e4 LT |
430 | struct msginfo msginfo; |
431 | int max_id; | |
5a06a363 | 432 | |
1da177e4 LT |
433 | if (!buf) |
434 | return -EFAULT; | |
5a06a363 IM |
435 | /* |
436 | * We must not return kernel stack data. | |
1da177e4 LT |
437 | * due to padding, it's not enough |
438 | * to set all member fields. | |
439 | */ | |
1da177e4 LT |
440 | err = security_msg_queue_msgctl(NULL, cmd); |
441 | if (err) | |
442 | return err; | |
443 | ||
5a06a363 | 444 | memset(&msginfo, 0, sizeof(msginfo)); |
1e786937 KK |
445 | msginfo.msgmni = ns->msg_ctlmni; |
446 | msginfo.msgmax = ns->msg_ctlmax; | |
447 | msginfo.msgmnb = ns->msg_ctlmnb; | |
1da177e4 LT |
448 | msginfo.msgssz = MSGSSZ; |
449 | msginfo.msgseg = MSGSEG; | |
1e786937 | 450 | mutex_lock(&msg_ids(ns).mutex); |
1da177e4 | 451 | if (cmd == MSG_INFO) { |
1e786937 | 452 | msginfo.msgpool = msg_ids(ns).in_use; |
1da177e4 LT |
453 | msginfo.msgmap = atomic_read(&msg_hdrs); |
454 | msginfo.msgtql = atomic_read(&msg_bytes); | |
455 | } else { | |
456 | msginfo.msgmap = MSGMAP; | |
457 | msginfo.msgpool = MSGPOOL; | |
458 | msginfo.msgtql = MSGTQL; | |
459 | } | |
7ca7e564 | 460 | max_id = ipc_get_maxid(&msg_ids(ns)); |
1e786937 | 461 | mutex_unlock(&msg_ids(ns).mutex); |
5a06a363 | 462 | if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
1da177e4 | 463 | return -EFAULT; |
5a06a363 | 464 | return (max_id < 0) ? 0 : max_id; |
1da177e4 | 465 | } |
7ca7e564 | 466 | case MSG_STAT: /* msqid is an index rather than a msg queue id */ |
1da177e4 LT |
467 | case IPC_STAT: |
468 | { | |
469 | struct msqid64_ds tbuf; | |
470 | int success_return; | |
5a06a363 | 471 | |
1da177e4 LT |
472 | if (!buf) |
473 | return -EFAULT; | |
1da177e4 | 474 | |
5a06a363 | 475 | memset(&tbuf, 0, sizeof(tbuf)); |
1da177e4 | 476 | |
1e786937 | 477 | msq = msg_lock(ns, msqid); |
1da177e4 LT |
478 | if (msq == NULL) |
479 | return -EINVAL; | |
480 | ||
5a06a363 | 481 | if (cmd == MSG_STAT) { |
7ca7e564 | 482 | success_return = msq->q_perm.id; |
1da177e4 LT |
483 | } else { |
484 | err = -EIDRM; | |
1e786937 | 485 | if (msg_checkid(ns, msq, msqid)) |
1da177e4 LT |
486 | goto out_unlock; |
487 | success_return = 0; | |
488 | } | |
489 | err = -EACCES; | |
5a06a363 | 490 | if (ipcperms(&msq->q_perm, S_IRUGO)) |
1da177e4 LT |
491 | goto out_unlock; |
492 | ||
493 | err = security_msg_queue_msgctl(msq, cmd); | |
494 | if (err) | |
495 | goto out_unlock; | |
496 | ||
497 | kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm); | |
498 | tbuf.msg_stime = msq->q_stime; | |
499 | tbuf.msg_rtime = msq->q_rtime; | |
500 | tbuf.msg_ctime = msq->q_ctime; | |
501 | tbuf.msg_cbytes = msq->q_cbytes; | |
502 | tbuf.msg_qnum = msq->q_qnum; | |
503 | tbuf.msg_qbytes = msq->q_qbytes; | |
504 | tbuf.msg_lspid = msq->q_lspid; | |
505 | tbuf.msg_lrpid = msq->q_lrpid; | |
506 | msg_unlock(msq); | |
507 | if (copy_msqid_to_user(buf, &tbuf, version)) | |
508 | return -EFAULT; | |
509 | return success_return; | |
510 | } | |
511 | case IPC_SET: | |
512 | if (!buf) | |
513 | return -EFAULT; | |
5a06a363 | 514 | if (copy_msqid_from_user(&setbuf, buf, version)) |
1da177e4 | 515 | return -EFAULT; |
1da177e4 LT |
516 | break; |
517 | case IPC_RMID: | |
518 | break; | |
519 | default: | |
520 | return -EINVAL; | |
521 | } | |
522 | ||
1e786937 KK |
523 | mutex_lock(&msg_ids(ns).mutex); |
524 | msq = msg_lock(ns, msqid); | |
5a06a363 | 525 | err = -EINVAL; |
1da177e4 LT |
526 | if (msq == NULL) |
527 | goto out_up; | |
528 | ||
529 | err = -EIDRM; | |
1e786937 | 530 | if (msg_checkid(ns, msq, msqid)) |
1da177e4 LT |
531 | goto out_unlock_up; |
532 | ipcp = &msq->q_perm; | |
073115d6 SG |
533 | |
534 | err = audit_ipc_obj(ipcp); | |
535 | if (err) | |
536 | goto out_unlock_up; | |
8e1c091c | 537 | if (cmd == IPC_SET) { |
5a06a363 IM |
538 | err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid, |
539 | setbuf.mode); | |
ac03221a LK |
540 | if (err) |
541 | goto out_unlock_up; | |
542 | } | |
073115d6 | 543 | |
1da177e4 | 544 | err = -EPERM; |
5a06a363 | 545 | if (current->euid != ipcp->cuid && |
1da177e4 | 546 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) |
5a06a363 | 547 | /* We _could_ check for CAP_CHOWN above, but we don't */ |
1da177e4 LT |
548 | goto out_unlock_up; |
549 | ||
550 | err = security_msg_queue_msgctl(msq, cmd); | |
551 | if (err) | |
552 | goto out_unlock_up; | |
553 | ||
554 | switch (cmd) { | |
555 | case IPC_SET: | |
556 | { | |
557 | err = -EPERM; | |
1e786937 | 558 | if (setbuf.qbytes > ns->msg_ctlmnb && !capable(CAP_SYS_RESOURCE)) |
1da177e4 LT |
559 | goto out_unlock_up; |
560 | ||
561 | msq->q_qbytes = setbuf.qbytes; | |
562 | ||
563 | ipcp->uid = setbuf.uid; | |
564 | ipcp->gid = setbuf.gid; | |
5a06a363 IM |
565 | ipcp->mode = (ipcp->mode & ~S_IRWXUGO) | |
566 | (S_IRWXUGO & setbuf.mode); | |
1da177e4 LT |
567 | msq->q_ctime = get_seconds(); |
568 | /* sleeping receivers might be excluded by | |
569 | * stricter permissions. | |
570 | */ | |
5a06a363 | 571 | expunge_all(msq, -EAGAIN); |
1da177e4 LT |
572 | /* sleeping senders might be able to send |
573 | * due to a larger queue size. | |
574 | */ | |
5a06a363 | 575 | ss_wakeup(&msq->q_senders, 0); |
1da177e4 LT |
576 | msg_unlock(msq); |
577 | break; | |
578 | } | |
579 | case IPC_RMID: | |
7ca7e564 | 580 | freeque(ns, msq); |
1da177e4 LT |
581 | break; |
582 | } | |
583 | err = 0; | |
584 | out_up: | |
1e786937 | 585 | mutex_unlock(&msg_ids(ns).mutex); |
1da177e4 LT |
586 | return err; |
587 | out_unlock_up: | |
588 | msg_unlock(msq); | |
589 | goto out_up; | |
590 | out_unlock: | |
591 | msg_unlock(msq); | |
592 | return err; | |
593 | } | |
594 | ||
5a06a363 | 595 | static int testmsg(struct msg_msg *msg, long type, int mode) |
1da177e4 LT |
596 | { |
597 | switch(mode) | |
598 | { | |
599 | case SEARCH_ANY: | |
600 | return 1; | |
601 | case SEARCH_LESSEQUAL: | |
5a06a363 | 602 | if (msg->m_type <=type) |
1da177e4 LT |
603 | return 1; |
604 | break; | |
605 | case SEARCH_EQUAL: | |
5a06a363 | 606 | if (msg->m_type == type) |
1da177e4 LT |
607 | return 1; |
608 | break; | |
609 | case SEARCH_NOTEQUAL: | |
5a06a363 | 610 | if (msg->m_type != type) |
1da177e4 LT |
611 | return 1; |
612 | break; | |
613 | } | |
614 | return 0; | |
615 | } | |
616 | ||
5a06a363 | 617 | static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg) |
1da177e4 | 618 | { |
5a06a363 | 619 | struct list_head *tmp; |
1da177e4 LT |
620 | |
621 | tmp = msq->q_receivers.next; | |
622 | while (tmp != &msq->q_receivers) { | |
5a06a363 IM |
623 | struct msg_receiver *msr; |
624 | ||
625 | msr = list_entry(tmp, struct msg_receiver, r_list); | |
1da177e4 | 626 | tmp = tmp->next; |
5a06a363 IM |
627 | if (testmsg(msg, msr->r_msgtype, msr->r_mode) && |
628 | !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, | |
629 | msr->r_msgtype, msr->r_mode)) { | |
630 | ||
1da177e4 | 631 | list_del(&msr->r_list); |
5a06a363 | 632 | if (msr->r_maxsize < msg->m_ts) { |
1da177e4 LT |
633 | msr->r_msg = NULL; |
634 | wake_up_process(msr->r_tsk); | |
635 | smp_mb(); | |
636 | msr->r_msg = ERR_PTR(-E2BIG); | |
637 | } else { | |
638 | msr->r_msg = NULL; | |
b488893a | 639 | msq->q_lrpid = task_pid_vnr(msr->r_tsk); |
1da177e4 LT |
640 | msq->q_rtime = get_seconds(); |
641 | wake_up_process(msr->r_tsk); | |
642 | smp_mb(); | |
643 | msr->r_msg = msg; | |
5a06a363 | 644 | |
1da177e4 LT |
645 | return 1; |
646 | } | |
647 | } | |
648 | } | |
649 | return 0; | |
650 | } | |
651 | ||
651971cb | 652 | long do_msgsnd(int msqid, long mtype, void __user *mtext, |
653 | size_t msgsz, int msgflg) | |
1da177e4 LT |
654 | { |
655 | struct msg_queue *msq; | |
656 | struct msg_msg *msg; | |
1da177e4 | 657 | int err; |
1e786937 KK |
658 | struct ipc_namespace *ns; |
659 | ||
660 | ns = current->nsproxy->ipc_ns; | |
5a06a363 | 661 | |
1e786937 | 662 | if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) |
1da177e4 | 663 | return -EINVAL; |
1da177e4 LT |
664 | if (mtype < 1) |
665 | return -EINVAL; | |
666 | ||
651971cb | 667 | msg = load_msg(mtext, msgsz); |
5a06a363 | 668 | if (IS_ERR(msg)) |
1da177e4 LT |
669 | return PTR_ERR(msg); |
670 | ||
671 | msg->m_type = mtype; | |
672 | msg->m_ts = msgsz; | |
673 | ||
1e786937 | 674 | msq = msg_lock(ns, msqid); |
5a06a363 IM |
675 | err = -EINVAL; |
676 | if (msq == NULL) | |
1da177e4 LT |
677 | goto out_free; |
678 | ||
679 | err= -EIDRM; | |
1e786937 | 680 | if (msg_checkid(ns, msq, msqid)) |
1da177e4 LT |
681 | goto out_unlock_free; |
682 | ||
683 | for (;;) { | |
684 | struct msg_sender s; | |
685 | ||
5a06a363 | 686 | err = -EACCES; |
1da177e4 LT |
687 | if (ipcperms(&msq->q_perm, S_IWUGO)) |
688 | goto out_unlock_free; | |
689 | ||
690 | err = security_msg_queue_msgsnd(msq, msg, msgflg); | |
691 | if (err) | |
692 | goto out_unlock_free; | |
693 | ||
5a06a363 | 694 | if (msgsz + msq->q_cbytes <= msq->q_qbytes && |
1da177e4 LT |
695 | 1 + msq->q_qnum <= msq->q_qbytes) { |
696 | break; | |
697 | } | |
698 | ||
699 | /* queue full, wait: */ | |
5a06a363 IM |
700 | if (msgflg & IPC_NOWAIT) { |
701 | err = -EAGAIN; | |
1da177e4 LT |
702 | goto out_unlock_free; |
703 | } | |
704 | ss_add(msq, &s); | |
705 | ipc_rcu_getref(msq); | |
706 | msg_unlock(msq); | |
707 | schedule(); | |
708 | ||
709 | ipc_lock_by_ptr(&msq->q_perm); | |
710 | ipc_rcu_putref(msq); | |
711 | if (msq->q_perm.deleted) { | |
712 | err = -EIDRM; | |
713 | goto out_unlock_free; | |
714 | } | |
715 | ss_del(&s); | |
5a06a363 | 716 | |
1da177e4 | 717 | if (signal_pending(current)) { |
5a06a363 | 718 | err = -ERESTARTNOHAND; |
1da177e4 LT |
719 | goto out_unlock_free; |
720 | } | |
721 | } | |
722 | ||
b488893a | 723 | msq->q_lspid = task_tgid_vnr(current); |
1da177e4 LT |
724 | msq->q_stime = get_seconds(); |
725 | ||
5a06a363 | 726 | if (!pipelined_send(msq, msg)) { |
1da177e4 | 727 | /* noone is waiting for this message, enqueue it */ |
5a06a363 | 728 | list_add_tail(&msg->m_list, &msq->q_messages); |
1da177e4 LT |
729 | msq->q_cbytes += msgsz; |
730 | msq->q_qnum++; | |
5a06a363 | 731 | atomic_add(msgsz, &msg_bytes); |
1da177e4 LT |
732 | atomic_inc(&msg_hdrs); |
733 | } | |
5a06a363 | 734 | |
1da177e4 LT |
735 | err = 0; |
736 | msg = NULL; | |
737 | ||
738 | out_unlock_free: | |
739 | msg_unlock(msq); | |
740 | out_free: | |
5a06a363 | 741 | if (msg != NULL) |
1da177e4 LT |
742 | free_msg(msg); |
743 | return err; | |
744 | } | |
745 | ||
651971cb | 746 | asmlinkage long |
747 | sys_msgsnd(int msqid, struct msgbuf __user *msgp, size_t msgsz, int msgflg) | |
748 | { | |
749 | long mtype; | |
750 | ||
751 | if (get_user(mtype, &msgp->mtype)) | |
752 | return -EFAULT; | |
753 | return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg); | |
754 | } | |
755 | ||
5a06a363 | 756 | static inline int convert_mode(long *msgtyp, int msgflg) |
1da177e4 | 757 | { |
5a06a363 | 758 | /* |
1da177e4 LT |
759 | * find message of correct type. |
760 | * msgtyp = 0 => get first. | |
761 | * msgtyp > 0 => get first message of matching type. | |
5a06a363 | 762 | * msgtyp < 0 => get message with least type must be < abs(msgtype). |
1da177e4 | 763 | */ |
5a06a363 | 764 | if (*msgtyp == 0) |
1da177e4 | 765 | return SEARCH_ANY; |
5a06a363 IM |
766 | if (*msgtyp < 0) { |
767 | *msgtyp = -*msgtyp; | |
1da177e4 LT |
768 | return SEARCH_LESSEQUAL; |
769 | } | |
5a06a363 | 770 | if (msgflg & MSG_EXCEPT) |
1da177e4 LT |
771 | return SEARCH_NOTEQUAL; |
772 | return SEARCH_EQUAL; | |
773 | } | |
774 | ||
651971cb | 775 | long do_msgrcv(int msqid, long *pmtype, void __user *mtext, |
776 | size_t msgsz, long msgtyp, int msgflg) | |
1da177e4 LT |
777 | { |
778 | struct msg_queue *msq; | |
779 | struct msg_msg *msg; | |
780 | int mode; | |
1e786937 | 781 | struct ipc_namespace *ns; |
1da177e4 LT |
782 | |
783 | if (msqid < 0 || (long) msgsz < 0) | |
784 | return -EINVAL; | |
5a06a363 | 785 | mode = convert_mode(&msgtyp, msgflg); |
1e786937 | 786 | ns = current->nsproxy->ipc_ns; |
1da177e4 | 787 | |
1e786937 | 788 | msq = msg_lock(ns, msqid); |
5a06a363 | 789 | if (msq == NULL) |
1da177e4 LT |
790 | return -EINVAL; |
791 | ||
792 | msg = ERR_PTR(-EIDRM); | |
1e786937 | 793 | if (msg_checkid(ns, msq, msqid)) |
1da177e4 LT |
794 | goto out_unlock; |
795 | ||
796 | for (;;) { | |
797 | struct msg_receiver msr_d; | |
5a06a363 | 798 | struct list_head *tmp; |
1da177e4 LT |
799 | |
800 | msg = ERR_PTR(-EACCES); | |
5a06a363 | 801 | if (ipcperms(&msq->q_perm, S_IRUGO)) |
1da177e4 LT |
802 | goto out_unlock; |
803 | ||
804 | msg = ERR_PTR(-EAGAIN); | |
805 | tmp = msq->q_messages.next; | |
806 | while (tmp != &msq->q_messages) { | |
807 | struct msg_msg *walk_msg; | |
5a06a363 IM |
808 | |
809 | walk_msg = list_entry(tmp, struct msg_msg, m_list); | |
810 | if (testmsg(walk_msg, msgtyp, mode) && | |
811 | !security_msg_queue_msgrcv(msq, walk_msg, current, | |
812 | msgtyp, mode)) { | |
813 | ||
1da177e4 | 814 | msg = walk_msg; |
5a06a363 IM |
815 | if (mode == SEARCH_LESSEQUAL && |
816 | walk_msg->m_type != 1) { | |
817 | msg = walk_msg; | |
818 | msgtyp = walk_msg->m_type - 1; | |
1da177e4 | 819 | } else { |
5a06a363 | 820 | msg = walk_msg; |
1da177e4 LT |
821 | break; |
822 | } | |
823 | } | |
824 | tmp = tmp->next; | |
825 | } | |
5a06a363 IM |
826 | if (!IS_ERR(msg)) { |
827 | /* | |
828 | * Found a suitable message. | |
829 | * Unlink it from the queue. | |
830 | */ | |
1da177e4 LT |
831 | if ((msgsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) { |
832 | msg = ERR_PTR(-E2BIG); | |
833 | goto out_unlock; | |
834 | } | |
835 | list_del(&msg->m_list); | |
836 | msq->q_qnum--; | |
837 | msq->q_rtime = get_seconds(); | |
b488893a | 838 | msq->q_lrpid = task_tgid_vnr(current); |
1da177e4 | 839 | msq->q_cbytes -= msg->m_ts; |
5a06a363 | 840 | atomic_sub(msg->m_ts, &msg_bytes); |
1da177e4 | 841 | atomic_dec(&msg_hdrs); |
5a06a363 | 842 | ss_wakeup(&msq->q_senders, 0); |
1da177e4 LT |
843 | msg_unlock(msq); |
844 | break; | |
845 | } | |
846 | /* No message waiting. Wait for a message */ | |
847 | if (msgflg & IPC_NOWAIT) { | |
848 | msg = ERR_PTR(-ENOMSG); | |
849 | goto out_unlock; | |
850 | } | |
5a06a363 | 851 | list_add_tail(&msr_d.r_list, &msq->q_receivers); |
1da177e4 LT |
852 | msr_d.r_tsk = current; |
853 | msr_d.r_msgtype = msgtyp; | |
854 | msr_d.r_mode = mode; | |
5a06a363 | 855 | if (msgflg & MSG_NOERROR) |
1da177e4 | 856 | msr_d.r_maxsize = INT_MAX; |
5a06a363 | 857 | else |
1da177e4 LT |
858 | msr_d.r_maxsize = msgsz; |
859 | msr_d.r_msg = ERR_PTR(-EAGAIN); | |
860 | current->state = TASK_INTERRUPTIBLE; | |
861 | msg_unlock(msq); | |
862 | ||
863 | schedule(); | |
864 | ||
865 | /* Lockless receive, part 1: | |
866 | * Disable preemption. We don't hold a reference to the queue | |
867 | * and getting a reference would defeat the idea of a lockless | |
868 | * operation, thus the code relies on rcu to guarantee the | |
869 | * existance of msq: | |
870 | * Prior to destruction, expunge_all(-EIRDM) changes r_msg. | |
871 | * Thus if r_msg is -EAGAIN, then the queue not yet destroyed. | |
872 | * rcu_read_lock() prevents preemption between reading r_msg | |
873 | * and the spin_lock() inside ipc_lock_by_ptr(). | |
874 | */ | |
875 | rcu_read_lock(); | |
876 | ||
877 | /* Lockless receive, part 2: | |
878 | * Wait until pipelined_send or expunge_all are outside of | |
879 | * wake_up_process(). There is a race with exit(), see | |
880 | * ipc/mqueue.c for the details. | |
881 | */ | |
5a06a363 | 882 | msg = (struct msg_msg*)msr_d.r_msg; |
1da177e4 LT |
883 | while (msg == NULL) { |
884 | cpu_relax(); | |
5a06a363 | 885 | msg = (struct msg_msg *)msr_d.r_msg; |
1da177e4 LT |
886 | } |
887 | ||
888 | /* Lockless receive, part 3: | |
889 | * If there is a message or an error then accept it without | |
890 | * locking. | |
891 | */ | |
5a06a363 | 892 | if (msg != ERR_PTR(-EAGAIN)) { |
1da177e4 LT |
893 | rcu_read_unlock(); |
894 | break; | |
895 | } | |
896 | ||
897 | /* Lockless receive, part 3: | |
898 | * Acquire the queue spinlock. | |
899 | */ | |
900 | ipc_lock_by_ptr(&msq->q_perm); | |
901 | rcu_read_unlock(); | |
902 | ||
903 | /* Lockless receive, part 4: | |
904 | * Repeat test after acquiring the spinlock. | |
905 | */ | |
906 | msg = (struct msg_msg*)msr_d.r_msg; | |
5a06a363 | 907 | if (msg != ERR_PTR(-EAGAIN)) |
1da177e4 LT |
908 | goto out_unlock; |
909 | ||
910 | list_del(&msr_d.r_list); | |
911 | if (signal_pending(current)) { | |
912 | msg = ERR_PTR(-ERESTARTNOHAND); | |
913 | out_unlock: | |
914 | msg_unlock(msq); | |
915 | break; | |
916 | } | |
917 | } | |
918 | if (IS_ERR(msg)) | |
5a06a363 | 919 | return PTR_ERR(msg); |
1da177e4 LT |
920 | |
921 | msgsz = (msgsz > msg->m_ts) ? msg->m_ts : msgsz; | |
651971cb | 922 | *pmtype = msg->m_type; |
923 | if (store_msg(mtext, msg, msgsz)) | |
5a06a363 | 924 | msgsz = -EFAULT; |
651971cb | 925 | |
1da177e4 | 926 | free_msg(msg); |
5a06a363 | 927 | |
1da177e4 LT |
928 | return msgsz; |
929 | } | |
930 | ||
651971cb | 931 | asmlinkage long sys_msgrcv(int msqid, struct msgbuf __user *msgp, size_t msgsz, |
932 | long msgtyp, int msgflg) | |
933 | { | |
934 | long err, mtype; | |
935 | ||
936 | err = do_msgrcv(msqid, &mtype, msgp->mtext, msgsz, msgtyp, msgflg); | |
937 | if (err < 0) | |
938 | goto out; | |
939 | ||
940 | if (put_user(mtype, &msgp->mtype)) | |
941 | err = -EFAULT; | |
942 | out: | |
943 | return err; | |
944 | } | |
945 | ||
1da177e4 | 946 | #ifdef CONFIG_PROC_FS |
19b4946c | 947 | static int sysvipc_msg_proc_show(struct seq_file *s, void *it) |
1da177e4 | 948 | { |
19b4946c MW |
949 | struct msg_queue *msq = it; |
950 | ||
951 | return seq_printf(s, | |
5a06a363 IM |
952 | "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n", |
953 | msq->q_perm.key, | |
7ca7e564 | 954 | msq->q_perm.id, |
5a06a363 IM |
955 | msq->q_perm.mode, |
956 | msq->q_cbytes, | |
957 | msq->q_qnum, | |
958 | msq->q_lspid, | |
959 | msq->q_lrpid, | |
960 | msq->q_perm.uid, | |
961 | msq->q_perm.gid, | |
962 | msq->q_perm.cuid, | |
963 | msq->q_perm.cgid, | |
964 | msq->q_stime, | |
965 | msq->q_rtime, | |
966 | msq->q_ctime); | |
1da177e4 LT |
967 | } |
968 | #endif |