]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - ipc/msg.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipc: store ipcs into IDRs
[mirror_ubuntu-jammy-kernel.git] / ipc / msg.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/ipc/msg.c
5a06a363 3 * Copyright (C) 1992 Krishna Balasubramanian
1da177e4
LT		 4 *
5 * Removed all the remaining kerneld mess
6 * Catch the -EFAULT stuff properly
7 * Use GFP_KERNEL for messages as in 1.2
8 * Fixed up the unchecked user space derefs
9 * Copyright (C) 1998 Alan Cox & Andi Kleen
10 *
11 * /proc/sysvipc/msg support (c) 1999 Dragos Acostachioaie <dragos@iname.com>
12 *
13 * mostly rewritten, threaded and wake-one semantics added
14 * MSGMAX limit removed, sysctl's added
624dffcb 15 * (c) 1999 Manfred Spraul <manfred@colorfullife.com>
073115d6
SG		 16 *
17 * support for audit of ipc object properties and permission changes
18 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
1e786937
KK		 19 *
20 * namespaces support
21 * OpenVZ, SWsoft Inc.
22 * Pavel Emelianov <xemul@openvz.org>
1da177e4
LT		 23 */
24
c59ede7b 25#include <linux/capability.h>
1da177e4
LT		 26#include <linux/slab.h>
27#include <linux/msg.h>
28#include <linux/spinlock.h>
29#include <linux/init.h>
30#include <linux/proc_fs.h>
31#include <linux/list.h>
32#include <linux/security.h>
33#include <linux/sched.h>
34#include <linux/syscalls.h>
35#include <linux/audit.h>
19b4946c 36#include <linux/seq_file.h>
5f921ae9 37#include <linux/mutex.h>
1e786937 38#include <linux/nsproxy.h>
5f921ae9 39
1da177e4
LT		 40#include <asm/current.h>
41#include <asm/uaccess.h>
42#include "util.h"
43
5a06a363
IM		 44/*
45 * one msg_receiver structure for each sleeping receiver:
46 */
1da177e4 47struct msg_receiver {
5a06a363
IM		 48 struct list_head r_list;
49 struct task_struct *r_tsk;
1da177e4 50
5a06a363
IM		 51 int r_mode;
52 long r_msgtype;
53 long r_maxsize;
1da177e4 54
80491eb9 55 struct msg_msg *volatile r_msg;
1da177e4
LT		 56};
57
58/* one msg_sender for each sleeping sender */
59struct msg_sender {
5a06a363
IM		 60 struct list_head list;
61 struct task_struct *tsk;
1da177e4
LT		 62};
63
64#define SEARCH_ANY 1
65#define SEARCH_EQUAL 2
66#define SEARCH_NOTEQUAL 3
67#define SEARCH_LESSEQUAL 4
68
5a06a363
IM		 69static atomic_t msg_bytes = ATOMIC_INIT(0);
70static atomic_t msg_hdrs = ATOMIC_INIT(0);
1da177e4 71
1e786937 72static struct ipc_ids init_msg_ids;
1da177e4 73
1e786937 74#define msg_ids(ns) (*((ns)->ids[IPC_MSG_IDS]))
1da177e4 75
1e786937
KK		 76#define msg_lock(ns, id) ((struct msg_queue*)ipc_lock(&msg_ids(ns), id))
77#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm)
1e786937
KK		 78#define msg_checkid(ns, msq, msgid) \
79 ipc_checkid(&msg_ids(ns), &msq->q_perm, msgid)
80#define msg_buildid(ns, id, seq) \
81 ipc_buildid(&msg_ids(ns), id, seq)
82
7ca7e564 83static void freeque(struct ipc_namespace *, struct msg_queue *);
1e786937 84static int newque (struct ipc_namespace *ns, key_t key, int msgflg);
1da177e4 85#ifdef CONFIG_PROC_FS
19b4946c 86static int sysvipc_msg_proc_show(struct seq_file *s, void *it);
1da177e4
LT		 87#endif
88
7d69a1f4 89static void __msg_init_ns(struct ipc_namespace *ns, struct ipc_ids *ids)
1e786937
KK		 90{
91 ns->ids[IPC_MSG_IDS] = ids;
92 ns->msg_ctlmax = MSGMAX;
93 ns->msg_ctlmnb = MSGMNB;
94 ns->msg_ctlmni = MSGMNI;
7ca7e564 95 ipc_init_ids(ids);
1e786937
KK		 96}
97
1e786937
KK		 98int msg_init_ns(struct ipc_namespace *ns)
99{
100 struct ipc_ids *ids;
101
102 ids = kmalloc(sizeof(struct ipc_ids), GFP_KERNEL);
103 if (ids == NULL)
104 return -ENOMEM;
105
106 __msg_init_ns(ns, ids);
107 return 0;
108}
109
110void msg_exit_ns(struct ipc_namespace *ns)
111{
1e786937 112 struct msg_queue *msq;
7ca7e564
ND		 113 int next_id;
114 int total, in_use;
1e786937
KK		 115
116 mutex_lock(&msg_ids(ns).mutex);
7ca7e564
ND		 117
118 in_use = msg_ids(ns).in_use;
119
120 for (total = 0, next_id = 0; total < in_use; next_id++) {
121 msq = idr_find(&msg_ids(ns).ipcs_idr, next_id);
1e786937
KK		 122 if (msq == NULL)
123 continue;
7ca7e564
ND		 124 ipc_lock_by_ptr(&msq->q_perm);
125 freeque(ns, msq);
126 total++;
1e786937
KK		 127 }
128 mutex_unlock(&msg_ids(ns).mutex);
129
130 kfree(ns->ids[IPC_MSG_IDS]);
131 ns->ids[IPC_MSG_IDS] = NULL;
132}
1e786937 133
5a06a363 134void __init msg_init(void)
1da177e4 135{
1e786937 136 __msg_init_ns(&init_ipc_ns, &init_msg_ids);
19b4946c
MW		 137 ipc_init_proc_interface("sysvipc/msg",
138 " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n",
1e786937 139 IPC_MSG_IDS, sysvipc_msg_proc_show);
1da177e4
LT		 140}
141
7ca7e564
ND		 142static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s)
143{
144 ipc_rmid(&msg_ids(ns), &s->q_perm);
145}
146
1e786937 147static int newque (struct ipc_namespace *ns, key_t key, int msgflg)
1da177e4 148{
1da177e4 149 struct msg_queue *msq;
5a06a363 150 int id, retval;
1da177e4 151
5a06a363
IM		 152 msq = ipc_rcu_alloc(sizeof(*msq));
153 if (!msq)
1da177e4
LT		 154 return -ENOMEM;
155
5a06a363 156 msq->q_perm.mode = msgflg & S_IRWXUGO;
1da177e4
LT		 157 msq->q_perm.key = key;
158
159 msq->q_perm.security = NULL;
160 retval = security_msg_queue_alloc(msq);
161 if (retval) {
162 ipc_rcu_putref(msq);
163 return retval;
164 }
165
7ca7e564
ND		 166 /*
167 * ipc_addid() locks msq
168 */
1e786937 169 id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
5a06a363 170 if (id == -1) {
1da177e4
LT		 171 security_msg_queue_free(msq);
172 ipc_rcu_putref(msq);
173 return -ENOSPC;
174 }
175
7ca7e564 176 msq->q_perm.id = msg_buildid(ns, id, msq->q_perm.seq);
1da177e4
LT		 177 msq->q_stime = msq->q_rtime = 0;
178 msq->q_ctime = get_seconds();
179 msq->q_cbytes = msq->q_qnum = 0;
1e786937 180 msq->q_qbytes = ns->msg_ctlmnb;
1da177e4
LT		 181 msq->q_lspid = msq->q_lrpid = 0;
182 INIT_LIST_HEAD(&msq->q_messages);
183 INIT_LIST_HEAD(&msq->q_receivers);
184 INIT_LIST_HEAD(&msq->q_senders);
7ca7e564 185
1da177e4
LT		 186 msg_unlock(msq);
187
7ca7e564 188 return msq->q_perm.id;
1da177e4
LT		 189}
190
5a06a363 191static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss)
1da177e4 192{
5a06a363
IM		 193 mss->tsk = current;
194 current->state = TASK_INTERRUPTIBLE;
195 list_add_tail(&mss->list, &msq->q_senders);
1da177e4
LT		 196}
197
5a06a363 198static inline void ss_del(struct msg_sender *mss)
1da177e4 199{
5a06a363 200 if (mss->list.next != NULL)
1da177e4
LT		 201 list_del(&mss->list);
202}
203
5a06a363 204static void ss_wakeup(struct list_head *h, int kill)
1da177e4
LT		 205{
206 struct list_head *tmp;
207
208 tmp = h->next;
209 while (tmp != h) {
5a06a363
IM		 210 struct msg_sender *mss;
211
212 mss = list_entry(tmp, struct msg_sender, list);
1da177e4 213 tmp = tmp->next;
5a06a363
IM		 214 if (kill)
215 mss->list.next = NULL;
1da177e4
LT		 216 wake_up_process(mss->tsk);
217 }
218}
219
5a06a363 220static void expunge_all(struct msg_queue *msq, int res)
1da177e4
LT		 221{
222 struct list_head *tmp;
223
224 tmp = msq->q_receivers.next;
225 while (tmp != &msq->q_receivers) {
5a06a363
IM		 226 struct msg_receiver *msr;
227
228 msr = list_entry(tmp, struct msg_receiver, r_list);
1da177e4
LT		 229 tmp = tmp->next;
230 msr->r_msg = NULL;
231 wake_up_process(msr->r_tsk);
232 smp_mb();
233 msr->r_msg = ERR_PTR(res);
234 }
235}
5a06a363
IM		 236
237/*
238 * freeque() wakes up waiters on the sender and receiver waiting queue,
239 * removes the message queue from message queue ID
7ca7e564 240 * IDR, and cleans up all the messages associated with this queue.
1da177e4 241 *
7ca7e564 242 * msg_ids.mutex and the spinlock for this message queue are held
5f921ae9 243 * before freeque() is called. msg_ids.mutex remains locked on exit.
1da177e4 244 */
7ca7e564 245static void freeque(struct ipc_namespace *ns, struct msg_queue *msq)
1da177e4
LT		 246{
247 struct list_head *tmp;
248
5a06a363
IM		 249 expunge_all(msq, -EIDRM);
250 ss_wakeup(&msq->q_senders, 1);
7ca7e564 251 msg_rmid(ns, msq);
1da177e4 252 msg_unlock(msq);
5a06a363 253
1da177e4 254 tmp = msq->q_messages.next;
5a06a363
IM		 255 while (tmp != &msq->q_messages) {
256 struct msg_msg *msg = list_entry(tmp, struct msg_msg, m_list);
257
1da177e4
LT		 258 tmp = tmp->next;
259 atomic_dec(&msg_hdrs);
260 free_msg(msg);
261 }
262 atomic_sub(msq->q_cbytes, &msg_bytes);
263 security_msg_queue_free(msq);
264 ipc_rcu_putref(msq);
265}
266
5a06a363 267asmlinkage long sys_msgget(key_t key, int msgflg)
1da177e4 268{
1da177e4 269 struct msg_queue *msq;
7ca7e564 270 int ret;
1e786937
KK		 271 struct ipc_namespace *ns;
272
273 ns = current->nsproxy->ipc_ns;
7ca7e564
ND		 274
275 ret = idr_pre_get(&msg_ids(ns).ipcs_idr, GFP_KERNEL);
276
277 if (key == IPC_PRIVATE) {
278 if (!ret)
279 ret = -ENOMEM;
280 else {
281 mutex_lock(&msg_ids(ns).mutex);
1e786937 282 ret = newque(ns, key, msgflg);
7ca7e564
ND		 283 mutex_unlock(&msg_ids(ns).mutex);
284 }
1da177e4 285 } else {
7ca7e564
ND		 286 mutex_lock(&msg_ids(ns).mutex);
287 msq = (struct msg_queue *) ipc_findkey(&msg_ids(ns), key);
288 if (msq == NULL) {
289 /* key not used */
290 if (!(msgflg & IPC_CREAT))
291 ret = -ENOENT;
292 else if (!ret)
293 ret = -ENOMEM;
294 else
295 ret = newque(ns, key, msgflg);
296 } else {
297 /* msq has been locked by ipc_findkey() */
298
299 if (msgflg & IPC_CREAT && msgflg & IPC_EXCL)
300 ret = -EEXIST;
301 else {
302 if (ipcperms(&msq->q_perm, msgflg))
303 ret = -EACCES;
304 else {
305 ret = security_msg_queue_associate(
306 msq, msgflg);
307 if (!ret)
308 ret = msq->q_perm.id;
309 }
310 }
311 msg_unlock(msq);
1da177e4 312 }
7ca7e564 313 mutex_unlock(&msg_ids(ns).mutex);
1da177e4 314 }
5a06a363 315
1da177e4
LT		 316 return ret;
317}
318
5a06a363
IM		 319static inline unsigned long
320copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version)
1da177e4
LT		 321{
322 switch(version) {
323 case IPC_64:
5a06a363 324 return copy_to_user(buf, in, sizeof(*in));
1da177e4 325 case IPC_OLD:
5a06a363 326 {
1da177e4
LT		 327 struct msqid_ds out;
328
5a06a363 329 memset(&out, 0, sizeof(out));
1da177e4
LT		 330
331 ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm);
332
333 out.msg_stime = in->msg_stime;
334 out.msg_rtime = in->msg_rtime;
335 out.msg_ctime = in->msg_ctime;
336
5a06a363 337 if (in->msg_cbytes > USHRT_MAX)
1da177e4
LT		 338 out.msg_cbytes = USHRT_MAX;
339 else
340 out.msg_cbytes = in->msg_cbytes;
341 out.msg_lcbytes = in->msg_cbytes;
342
5a06a363 343 if (in->msg_qnum > USHRT_MAX)
1da177e4
LT		 344 out.msg_qnum = USHRT_MAX;
345 else
346 out.msg_qnum = in->msg_qnum;
347
5a06a363 348 if (in->msg_qbytes > USHRT_MAX)
1da177e4
LT		 349 out.msg_qbytes = USHRT_MAX;
350 else
351 out.msg_qbytes = in->msg_qbytes;
352 out.msg_lqbytes = in->msg_qbytes;
353
354 out.msg_lspid = in->msg_lspid;
355 out.msg_lrpid = in->msg_lrpid;
356
5a06a363
IM		 357 return copy_to_user(buf, &out, sizeof(out));
358 }
1da177e4
LT		 359 default:
360 return -EINVAL;
361 }
362}
363
364struct msq_setbuf {
365 unsigned long qbytes;
366 uid_t uid;
367 gid_t gid;
368 mode_t mode;
369};
370
5a06a363
IM		 371static inline unsigned long
372copy_msqid_from_user(struct msq_setbuf *out, void __user *buf, int version)
1da177e4
LT		 373{
374 switch(version) {
375 case IPC_64:
5a06a363 376 {
1da177e4
LT		 377 struct msqid64_ds tbuf;
378
5a06a363 379 if (copy_from_user(&tbuf, buf, sizeof(tbuf)))
1da177e4
LT		 380 return -EFAULT;
381
382 out->qbytes = tbuf.msg_qbytes;
383 out->uid = tbuf.msg_perm.uid;
384 out->gid = tbuf.msg_perm.gid;
385 out->mode = tbuf.msg_perm.mode;
386
387 return 0;
5a06a363 388 }
1da177e4 389 case IPC_OLD:
5a06a363 390 {
1da177e4
LT		 391 struct msqid_ds tbuf_old;
392
5a06a363 393 if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old)))
1da177e4
LT		 394 return -EFAULT;
395
396 out->uid = tbuf_old.msg_perm.uid;
397 out->gid = tbuf_old.msg_perm.gid;
398 out->mode = tbuf_old.msg_perm.mode;
399
5a06a363 400 if (tbuf_old.msg_qbytes == 0)
1da177e4
LT		 401 out->qbytes = tbuf_old.msg_lqbytes;
402 else
403 out->qbytes = tbuf_old.msg_qbytes;
404
405 return 0;
5a06a363 406 }
1da177e4
LT		 407 default:
408 return -EINVAL;
409 }
410}
411
5a06a363 412asmlinkage long sys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf)
1da177e4 413{
1da177e4 414 struct kern_ipc_perm *ipcp;
8e1c091c 415 struct msq_setbuf uninitialized_var(setbuf);
5a06a363
IM		 416 struct msg_queue *msq;
417 int err, version;
1e786937 418 struct ipc_namespace *ns;
5a06a363 419
1da177e4
LT		 420 if (msqid < 0 || cmd < 0)
421 return -EINVAL;
422
423 version = ipc_parse_version(&cmd);
1e786937 424 ns = current->nsproxy->ipc_ns;
1da177e4
LT		 425
426 switch (cmd) {
5a06a363
IM		 427 case IPC_INFO:
428 case MSG_INFO:
429 {
1da177e4
LT		 430 struct msginfo msginfo;
431 int max_id;
5a06a363 432
1da177e4
LT		 433 if (!buf)
434 return -EFAULT;
5a06a363
IM		 435 /*
436 * We must not return kernel stack data.
1da177e4
LT		 437 * due to padding, it's not enough
438 * to set all member fields.
439 */
1da177e4
LT		 440 err = security_msg_queue_msgctl(NULL, cmd);
441 if (err)
442 return err;
443
5a06a363 444 memset(&msginfo, 0, sizeof(msginfo));
1e786937
KK		 445 msginfo.msgmni = ns->msg_ctlmni;
446 msginfo.msgmax = ns->msg_ctlmax;
447 msginfo.msgmnb = ns->msg_ctlmnb;
1da177e4
LT		 448 msginfo.msgssz = MSGSSZ;
449 msginfo.msgseg = MSGSEG;
1e786937 450 mutex_lock(&msg_ids(ns).mutex);
1da177e4 451 if (cmd == MSG_INFO) {
1e786937 452 msginfo.msgpool = msg_ids(ns).in_use;
1da177e4
LT		 453 msginfo.msgmap = atomic_read(&msg_hdrs);
454 msginfo.msgtql = atomic_read(&msg_bytes);
455 } else {
456 msginfo.msgmap = MSGMAP;
457 msginfo.msgpool = MSGPOOL;
458 msginfo.msgtql = MSGTQL;
459 }
7ca7e564 460 max_id = ipc_get_maxid(&msg_ids(ns));
1e786937 461 mutex_unlock(&msg_ids(ns).mutex);
5a06a363 462 if (copy_to_user(buf, &msginfo, sizeof(struct msginfo)))
1da177e4 463 return -EFAULT;
5a06a363 464 return (max_id < 0) ? 0 : max_id;
1da177e4 465 }
7ca7e564 466 case MSG_STAT: /* msqid is an index rather than a msg queue id */
1da177e4
LT		 467 case IPC_STAT:
468 {
469 struct msqid64_ds tbuf;
470 int success_return;
5a06a363 471
1da177e4
LT		 472 if (!buf)
473 return -EFAULT;
1da177e4 474
5a06a363 475 memset(&tbuf, 0, sizeof(tbuf));
1da177e4 476
1e786937 477 msq = msg_lock(ns, msqid);
1da177e4
LT		 478 if (msq == NULL)
479 return -EINVAL;
480
5a06a363 481 if (cmd == MSG_STAT) {
7ca7e564 482 success_return = msq->q_perm.id;
1da177e4
LT		 483 } else {
484 err = -EIDRM;
1e786937 485 if (msg_checkid(ns, msq, msqid))
1da177e4
LT		 486 goto out_unlock;
487 success_return = 0;
488 }
489 err = -EACCES;
5a06a363 490 if (ipcperms(&msq->q_perm, S_IRUGO))
1da177e4
LT		 491 goto out_unlock;
492
493 err = security_msg_queue_msgctl(msq, cmd);
494 if (err)
495 goto out_unlock;
496
497 kernel_to_ipc64_perm(&msq->q_perm, &tbuf.msg_perm);
498 tbuf.msg_stime = msq->q_stime;
499 tbuf.msg_rtime = msq->q_rtime;
500 tbuf.msg_ctime = msq->q_ctime;
501 tbuf.msg_cbytes = msq->q_cbytes;
502 tbuf.msg_qnum = msq->q_qnum;
503 tbuf.msg_qbytes = msq->q_qbytes;
504 tbuf.msg_lspid = msq->q_lspid;
505 tbuf.msg_lrpid = msq->q_lrpid;
506 msg_unlock(msq);
507 if (copy_msqid_to_user(buf, &tbuf, version))
508 return -EFAULT;
509 return success_return;
510 }
511 case IPC_SET:
512 if (!buf)
513 return -EFAULT;
5a06a363 514 if (copy_msqid_from_user(&setbuf, buf, version))
1da177e4 515 return -EFAULT;
1da177e4
LT		 516 break;
517 case IPC_RMID:
518 break;
519 default:
520 return -EINVAL;
521 }
522
1e786937
KK		 523 mutex_lock(&msg_ids(ns).mutex);
524 msq = msg_lock(ns, msqid);
5a06a363 525 err = -EINVAL;
1da177e4
LT		 526 if (msq == NULL)
527 goto out_up;
528
529 err = -EIDRM;
1e786937 530 if (msg_checkid(ns, msq, msqid))
1da177e4
LT		 531 goto out_unlock_up;
532 ipcp = &msq->q_perm;
073115d6
SG		 533
534 err = audit_ipc_obj(ipcp);
535 if (err)
536 goto out_unlock_up;
8e1c091c 537 if (cmd == IPC_SET) {
5a06a363
IM		 538 err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid,
539 setbuf.mode);
ac03221a
LK		 540 if (err)
541 goto out_unlock_up;
542 }
073115d6 543
1da177e4 544 err = -EPERM;
5a06a363 545 if (current->euid != ipcp->cuid &&
1da177e4 546 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN))
5a06a363 547 /* We _could_ check for CAP_CHOWN above, but we don't */
1da177e4
LT		 548 goto out_unlock_up;
549
550 err = security_msg_queue_msgctl(msq, cmd);
551 if (err)
552 goto out_unlock_up;
553
554 switch (cmd) {
555 case IPC_SET:
556 {
557 err = -EPERM;
1e786937 558 if (setbuf.qbytes > ns->msg_ctlmnb && !capable(CAP_SYS_RESOURCE))
1da177e4
LT		 559 goto out_unlock_up;
560
561 msq->q_qbytes = setbuf.qbytes;
562
563 ipcp->uid = setbuf.uid;
564 ipcp->gid = setbuf.gid;
5a06a363
IM		 565 ipcp->mode = (ipcp->mode & ~S_IRWXUGO) |
566 (S_IRWXUGO & setbuf.mode);
1da177e4
LT		 567 msq->q_ctime = get_seconds();
568 /* sleeping receivers might be excluded by
569 * stricter permissions.
570 */
5a06a363 571 expunge_all(msq, -EAGAIN);
1da177e4
LT		 572 /* sleeping senders might be able to send
573 * due to a larger queue size.
574 */
5a06a363 575 ss_wakeup(&msq->q_senders, 0);
1da177e4
LT		 576 msg_unlock(msq);
577 break;
578 }
579 case IPC_RMID:
7ca7e564 580 freeque(ns, msq);
1da177e4
LT		 581 break;
582 }
583 err = 0;
584out_up:
1e786937 585 mutex_unlock(&msg_ids(ns).mutex);
1da177e4
LT		 586 return err;
587out_unlock_up:
588 msg_unlock(msq);
589 goto out_up;
590out_unlock:
591 msg_unlock(msq);
592 return err;
593}
594
5a06a363 595static int testmsg(struct msg_msg *msg, long type, int mode)
1da177e4
LT		 596{
597 switch(mode)
598 {
599 case SEARCH_ANY:
600 return 1;
601 case SEARCH_LESSEQUAL:
5a06a363 602 if (msg->m_type <=type)
1da177e4
LT		 603 return 1;
604 break;
605 case SEARCH_EQUAL:
5a06a363 606 if (msg->m_type == type)
1da177e4
LT		 607 return 1;
608 break;
609 case SEARCH_NOTEQUAL:
5a06a363 610 if (msg->m_type != type)
1da177e4
LT		 611 return 1;
612 break;
613 }
614 return 0;
615}
616
5a06a363 617static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg)
1da177e4 618{
5a06a363 619 struct list_head *tmp;
1da177e4
LT		 620
621 tmp = msq->q_receivers.next;
622 while (tmp != &msq->q_receivers) {
5a06a363
IM		 623 struct msg_receiver *msr;
624
625 msr = list_entry(tmp, struct msg_receiver, r_list);
1da177e4 626 tmp = tmp->next;
5a06a363
IM		 627 if (testmsg(msg, msr->r_msgtype, msr->r_mode) &&
628 !security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
629 msr->r_msgtype, msr->r_mode)) {
630
1da177e4 631 list_del(&msr->r_list);
5a06a363 632 if (msr->r_maxsize < msg->m_ts) {
1da177e4
LT		 633 msr->r_msg = NULL;
634 wake_up_process(msr->r_tsk);
635 smp_mb();
636 msr->r_msg = ERR_PTR(-E2BIG);
637 } else {
638 msr->r_msg = NULL;
b488893a 639 msq->q_lrpid = task_pid_vnr(msr->r_tsk);
1da177e4
LT		 640 msq->q_rtime = get_seconds();
641 wake_up_process(msr->r_tsk);
642 smp_mb();
643 msr->r_msg = msg;
5a06a363 644
1da177e4
LT		 645 return 1;
646 }
647 }
648 }
649 return 0;
650}
651
651971cb 652long do_msgsnd(int msqid, long mtype, void __user *mtext,
653 size_t msgsz, int msgflg)
1da177e4
LT		 654{
655 struct msg_queue *msq;
656 struct msg_msg *msg;
1da177e4 657 int err;
1e786937
KK		 658 struct ipc_namespace *ns;
659
660 ns = current->nsproxy->ipc_ns;
5a06a363 661
1e786937 662 if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0)
1da177e4 663 return -EINVAL;
1da177e4
LT		 664 if (mtype < 1)
665 return -EINVAL;
666
651971cb 667 msg = load_msg(mtext, msgsz);
5a06a363 668 if (IS_ERR(msg))
1da177e4
LT		 669 return PTR_ERR(msg);
670
671 msg->m_type = mtype;
672 msg->m_ts = msgsz;
673
1e786937 674 msq = msg_lock(ns, msqid);
5a06a363
IM		 675 err = -EINVAL;
676 if (msq == NULL)
1da177e4
LT		 677 goto out_free;
678
679 err= -EIDRM;
1e786937 680 if (msg_checkid(ns, msq, msqid))
1da177e4
LT		 681 goto out_unlock_free;
682
683 for (;;) {
684 struct msg_sender s;
685
5a06a363 686 err = -EACCES;
1da177e4
LT		 687 if (ipcperms(&msq->q_perm, S_IWUGO))
688 goto out_unlock_free;
689
690 err = security_msg_queue_msgsnd(msq, msg, msgflg);
691 if (err)
692 goto out_unlock_free;
693
5a06a363 694 if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
1da177e4
LT		 695 1 + msq->q_qnum <= msq->q_qbytes) {
696 break;
697 }
698
699 /* queue full, wait: */
5a06a363
IM		 700 if (msgflg & IPC_NOWAIT) {
701 err = -EAGAIN;
1da177e4
LT		 702 goto out_unlock_free;
703 }
704 ss_add(msq, &s);
705 ipc_rcu_getref(msq);
706 msg_unlock(msq);
707 schedule();
708
709 ipc_lock_by_ptr(&msq->q_perm);
710 ipc_rcu_putref(msq);
711 if (msq->q_perm.deleted) {
712 err = -EIDRM;
713 goto out_unlock_free;
714 }
715 ss_del(&s);
5a06a363 716
1da177e4 717 if (signal_pending(current)) {
5a06a363 718 err = -ERESTARTNOHAND;
1da177e4
LT		 719 goto out_unlock_free;
720 }
721 }
722
b488893a 723 msq->q_lspid = task_tgid_vnr(current);
1da177e4
LT		 724 msq->q_stime = get_seconds();
725
5a06a363 726 if (!pipelined_send(msq, msg)) {
1da177e4 727 /* noone is waiting for this message, enqueue it */
5a06a363 728 list_add_tail(&msg->m_list, &msq->q_messages);
1da177e4
LT		 729 msq->q_cbytes += msgsz;
730 msq->q_qnum++;
5a06a363 731 atomic_add(msgsz, &msg_bytes);
1da177e4
LT		 732 atomic_inc(&msg_hdrs);
733 }
5a06a363 734
1da177e4
LT		 735 err = 0;
736 msg = NULL;
737
738out_unlock_free:
739 msg_unlock(msq);
740out_free:
5a06a363 741 if (msg != NULL)
1da177e4
LT		 742 free_msg(msg);
743 return err;
744}
745
651971cb 746asmlinkage long
747sys_msgsnd(int msqid, struct msgbuf __user *msgp, size_t msgsz, int msgflg)
748{
749 long mtype;
750
751 if (get_user(mtype, &msgp->mtype))
752 return -EFAULT;
753 return do_msgsnd(msqid, mtype, msgp->mtext, msgsz, msgflg);
754}
755
5a06a363 756static inline int convert_mode(long *msgtyp, int msgflg)
1da177e4 757{
5a06a363 758 /*
1da177e4
LT		 759 * find message of correct type.
760 * msgtyp = 0 => get first.
761 * msgtyp > 0 => get first message of matching type.
5a06a363 762 * msgtyp < 0 => get message with least type must be < abs(msgtype).
1da177e4 763 */
5a06a363 764 if (*msgtyp == 0)
1da177e4 765 return SEARCH_ANY;
5a06a363
IM		 766 if (*msgtyp < 0) {
767 *msgtyp = -*msgtyp;
1da177e4
LT		 768 return SEARCH_LESSEQUAL;
769 }
5a06a363 770 if (msgflg & MSG_EXCEPT)
1da177e4
LT		 771 return SEARCH_NOTEQUAL;
772 return SEARCH_EQUAL;
773}
774
651971cb 775long do_msgrcv(int msqid, long *pmtype, void __user *mtext,
776 size_t msgsz, long msgtyp, int msgflg)
1da177e4
LT		 777{
778 struct msg_queue *msq;
779 struct msg_msg *msg;
780 int mode;
1e786937 781 struct ipc_namespace *ns;
1da177e4
LT		 782
783 if (msqid < 0 || (long) msgsz < 0)
784 return -EINVAL;
5a06a363 785 mode = convert_mode(&msgtyp, msgflg);
1e786937 786 ns = current->nsproxy->ipc_ns;
1da177e4 787
1e786937 788 msq = msg_lock(ns, msqid);
5a06a363 789 if (msq == NULL)
1da177e4
LT		 790 return -EINVAL;
791
792 msg = ERR_PTR(-EIDRM);
1e786937 793 if (msg_checkid(ns, msq, msqid))
1da177e4
LT		 794 goto out_unlock;
795
796 for (;;) {
797 struct msg_receiver msr_d;
5a06a363 798 struct list_head *tmp;
1da177e4
LT		 799
800 msg = ERR_PTR(-EACCES);
5a06a363 801 if (ipcperms(&msq->q_perm, S_IRUGO))
1da177e4
LT		 802 goto out_unlock;
803
804 msg = ERR_PTR(-EAGAIN);
805 tmp = msq->q_messages.next;
806 while (tmp != &msq->q_messages) {
807 struct msg_msg *walk_msg;
5a06a363
IM		 808
809 walk_msg = list_entry(tmp, struct msg_msg, m_list);
810 if (testmsg(walk_msg, msgtyp, mode) &&
811 !security_msg_queue_msgrcv(msq, walk_msg, current,
812 msgtyp, mode)) {
813
1da177e4 814 msg = walk_msg;
5a06a363
IM		 815 if (mode == SEARCH_LESSEQUAL &&
816 walk_msg->m_type != 1) {
817 msg = walk_msg;
818 msgtyp = walk_msg->m_type - 1;
1da177e4 819 } else {
5a06a363 820 msg = walk_msg;
1da177e4
LT		 821 break;
822 }
823 }
824 tmp = tmp->next;
825 }
5a06a363
IM		 826 if (!IS_ERR(msg)) {
827 /*
828 * Found a suitable message.
829 * Unlink it from the queue.
830 */
1da177e4
LT		 831 if ((msgsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) {
832 msg = ERR_PTR(-E2BIG);
833 goto out_unlock;
834 }
835 list_del(&msg->m_list);
836 msq->q_qnum--;
837 msq->q_rtime = get_seconds();
b488893a 838 msq->q_lrpid = task_tgid_vnr(current);
1da177e4 839 msq->q_cbytes -= msg->m_ts;
5a06a363 840 atomic_sub(msg->m_ts, &msg_bytes);
1da177e4 841 atomic_dec(&msg_hdrs);
5a06a363 842 ss_wakeup(&msq->q_senders, 0);
1da177e4
LT		 843 msg_unlock(msq);
844 break;
845 }
846 /* No message waiting. Wait for a message */
847 if (msgflg & IPC_NOWAIT) {
848 msg = ERR_PTR(-ENOMSG);
849 goto out_unlock;
850 }
5a06a363 851 list_add_tail(&msr_d.r_list, &msq->q_receivers);
1da177e4
LT		 852 msr_d.r_tsk = current;
853 msr_d.r_msgtype = msgtyp;
854 msr_d.r_mode = mode;
5a06a363 855 if (msgflg & MSG_NOERROR)
1da177e4 856 msr_d.r_maxsize = INT_MAX;
5a06a363 857 else
1da177e4
LT		 858 msr_d.r_maxsize = msgsz;
859 msr_d.r_msg = ERR_PTR(-EAGAIN);
860 current->state = TASK_INTERRUPTIBLE;
861 msg_unlock(msq);
862
863 schedule();
864
865 /* Lockless receive, part 1:
866 * Disable preemption. We don't hold a reference to the queue
867 * and getting a reference would defeat the idea of a lockless
868 * operation, thus the code relies on rcu to guarantee the
869 * existance of msq:
870 * Prior to destruction, expunge_all(-EIRDM) changes r_msg.
871 * Thus if r_msg is -EAGAIN, then the queue not yet destroyed.
872 * rcu_read_lock() prevents preemption between reading r_msg
873 * and the spin_lock() inside ipc_lock_by_ptr().
874 */
875 rcu_read_lock();
876
877 /* Lockless receive, part 2:
878 * Wait until pipelined_send or expunge_all are outside of
879 * wake_up_process(). There is a race with exit(), see
880 * ipc/mqueue.c for the details.
881 */
5a06a363 882 msg = (struct msg_msg*)msr_d.r_msg;
1da177e4
LT		 883 while (msg == NULL) {
884 cpu_relax();
5a06a363 885 msg = (struct msg_msg *)msr_d.r_msg;
1da177e4
LT		 886 }
887
888 /* Lockless receive, part 3:
889 * If there is a message or an error then accept it without
890 * locking.
891 */
5a06a363 892 if (msg != ERR_PTR(-EAGAIN)) {
1da177e4
LT		 893 rcu_read_unlock();
894 break;
895 }
896
897 /* Lockless receive, part 3:
898 * Acquire the queue spinlock.
899 */
900 ipc_lock_by_ptr(&msq->q_perm);
901 rcu_read_unlock();
902
903 /* Lockless receive, part 4:
904 * Repeat test after acquiring the spinlock.
905 */
906 msg = (struct msg_msg*)msr_d.r_msg;
5a06a363 907 if (msg != ERR_PTR(-EAGAIN))
1da177e4
LT		 908 goto out_unlock;
909
910 list_del(&msr_d.r_list);
911 if (signal_pending(current)) {
912 msg = ERR_PTR(-ERESTARTNOHAND);
913out_unlock:
914 msg_unlock(msq);
915 break;
916 }
917 }
918 if (IS_ERR(msg))
5a06a363 919 return PTR_ERR(msg);
1da177e4
LT		 920
921 msgsz = (msgsz > msg->m_ts) ? msg->m_ts : msgsz;
651971cb 922 *pmtype = msg->m_type;
923 if (store_msg(mtext, msg, msgsz))
5a06a363 924 msgsz = -EFAULT;
651971cb 925
1da177e4 926 free_msg(msg);
5a06a363 927
1da177e4
LT		 928 return msgsz;
929}
930
651971cb 931asmlinkage long sys_msgrcv(int msqid, struct msgbuf __user *msgp, size_t msgsz,
932 long msgtyp, int msgflg)
933{
934 long err, mtype;
935
936 err = do_msgrcv(msqid, &mtype, msgp->mtext, msgsz, msgtyp, msgflg);
937 if (err < 0)
938 goto out;
939
940 if (put_user(mtype, &msgp->mtype))
941 err = -EFAULT;
942out:
943 return err;
944}
945
1da177e4 946#ifdef CONFIG_PROC_FS
19b4946c 947static int sysvipc_msg_proc_show(struct seq_file *s, void *it)
1da177e4 948{
19b4946c
MW		 949 struct msg_queue *msq = it;
950
951 return seq_printf(s,
5a06a363
IM		 952 "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n",
953 msq->q_perm.key,
7ca7e564 954 msq->q_perm.id,
5a06a363
IM		 955 msq->q_perm.mode,
956 msq->q_cbytes,
957 msq->q_qnum,
958 msq->q_lspid,
959 msq->q_lrpid,
960 msq->q_perm.uid,
961 msq->q_perm.gid,
962 msq->q_perm.cuid,
963 msq->q_perm.cgid,
964 msq->q_stime,
965 msq->q_rtime,
966 msq->q_ctime);
1da177e4
LT		 967}
968#endif
Ubuntu Jammy Linux kernel mirror