| blob | 05cb9de66735086b5e09e3705b92e480a99d849e |
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/ipc/util.c
4 * Copyright (C) 1992 Krishna Balasubramanian
5 *
6 * Sep 1997 - Call suser() last after "normal" permission checks so we
7 * get BSD style process accounting right.
8 * Occurs in several places in the IPC code.
9 * Chris Evans, <chris@ferret.lmh.ox.ac.uk>
10 * Nov 1999 - ipc helper functions, unified SMP locking
11 * Manfred Spraul <manfred@colorfullife.com>
12 * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary().
13 * Mingming Cao <cmm@us.ibm.com>
14 * Mar 2006 - support for audit of ipc object properties
15 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
16 * Jun 2006 - namespaces ssupport
17 * OpenVZ, SWsoft Inc.
18 * Pavel Emelianov <xemul@openvz.org>
19 *
20 * General sysv ipc locking scheme:
21 * rcu_read_lock()
22 * obtain the ipc object (kern_ipc_perm) by looking up the id in an idr
23 * tree.
24 * - perform initial checks (capabilities, auditing and permission,
25 * etc).
26 * - perform read-only operations, such as INFO command, that
27 * do not demand atomicity
28 * acquire the ipc lock (kern_ipc_perm.lock) through
29 * ipc_lock_object()
30 * - perform read-only operations that demand atomicity,
31 * such as STAT command.
32 * - perform data updates, such as SET, RMID commands and
33 * mechanism-specific operations (semop/semtimedop,
34 * msgsnd/msgrcv, shmat/shmdt).
35 * drop the ipc lock, through ipc_unlock_object().
36 * rcu_read_unlock()
37 *
38 * The ids->rwsem must be taken when:
39 * - creating, removing and iterating the existing entries in ipc
40 * identifier sets.
41 * - iterating through files under /proc/sysvipc/
42 *
43 * Note that sems have a special fast path that avoids kern_ipc_perm.lock -
44 * see sem_lock().
45 */
47 #include <linux/mm.h>
48 #include <linux/shm.h>
49 #include <linux/init.h>
50 #include <linux/msg.h>
51 #include <linux/vmalloc.h>
52 #include <linux/slab.h>
53 #include <linux/notifier.h>
54 #include <linux/capability.h>
55 #include <linux/highuid.h>
56 #include <linux/security.h>
57 #include <linux/rcupdate.h>
58 #include <linux/workqueue.h>
59 #include <linux/seq_file.h>
60 #include <linux/proc_fs.h>
61 #include <linux/audit.h>
62 #include <linux/nsproxy.h>
63 #include <linux/rwsem.h>
64 #include <linux/memory.h>
65 #include <linux/ipc_namespace.h>
66 #include <linux/rhashtable.h>
67 #include <linux/log2.h>
69 #include <asm/unistd.h>
78 };
80 /**
81 * ipc_init - initialise ipc subsystem
82 *
83 * The various sysv ipc resources (semaphores, messages and shared
84 * memory) are initialised.
85 *
86 * A callback routine is registered into the memory hotplug notifier
87 * chain: since msgmni scales to lowmem this callback routine will be
88 * called upon successful memory add / remove to recompute msmgni.
89 */
91 {
98 }
106 };
108 /**
109 * ipc_init_ids - initialise ipc identifiers
110 * @ids: ipc identifier set
111 *
112 * Set up the sequence range to use for the ipc identifier range (limited
113 * below ipc_mni) then initialise the keys hashtable and ids idr.
114 */
116 {
124 #ifdef CONFIG_CHECKPOINT_RESTORE
126 #endif
127 }
129 #ifdef CONFIG_PROC_FS
131 /**
132 * ipc_init_proc_interface - create a proc interface for sysipc types using a seq_file interface.
133 * @path: Path in procfs
134 * @header: Banner to be printed at the beginning of the file.
135 * @ids: ipc id table to iterate.
136 * @show: show routine.
137 */
140 {
156 iface);
159 }
160 #endif
162 /**
163 * ipc_findkey - find a key in an ipc identifier set
164 * @ids: ipc identifier set
165 * @key: key to find
166 *
167 * Returns the locked pointer to the ipc structure if found or NULL
168 * otherwise. If key is found ipc points to the owning ipc structure
169 *
170 * Called with writer ipc_ids.rwsem held.
171 */
173 {
177 ipc_kht_params);
184 }
186 /*
187 * Insert new IPC object into idr tree, and set sequence number and id
188 * in the correct order.
189 * Especially:
190 * - the sequence number must be set before inserting the object into the idr,
191 * because the sequence number is accessed without a lock.
192 * - the id can/must be set after inserting the object into the idr.
193 * All accesses must be done after getting kern_ipc_perm.lock.
194 *
195 * The caller must own kern_ipc_perm.lock.of the new object.
196 * On error, the function returns a (negative) error code.
197 *
198 * To conserve sequence number space, especially with extended ipc_mni,
199 * the sequence number is incremented only when the returned ID is less than
200 * the last one.
201 */
203 {
206 #ifdef CONFIG_CHECKPOINT_RESTORE
209 #endif
211 /*
212 * As soon as a new object is inserted into the idr,
213 * ipc_obtain_object_idr() or ipc_obtain_object_check() can find it,
214 * and the lockless preparations for ipc operations can start.
215 * This means especially: permission checks, audit calls, allocation
216 * of undo structures, ...
217 *
218 * Thus the object must be fully initialized, and if something fails,
219 * then the full tear-down sequence must be followed.
220 * (i.e.: set new->deleted, reduce refcount, call_rcu())
221 */
229 /* allocate the idx, with a NULL struct kern_ipc_perm */
231 GFP_NOWAIT);
234 /*
235 * idx got allocated successfully.
236 * Now calculate the sequence number and set the
237 * pointer for real.
238 */
243 }
247 /* no need for smp_wmb(), this is done
248 * inside idr_replace, as part of
249 * rcu_assign_pointer
250 */
252 }
257 }
261 }
263 /**
264 * ipc_addid - add an ipc identifier
265 * @ids: ipc identifier set
266 * @new: new ipc permission set
267 * @limit: limit for the number of used ids
268 *
269 * Add an entry 'new' to the ipc ids idr. The permissions object is
270 * initialised and the first free entry is set up and the index assigned
271 * is returned. The 'new' entry is returned in a locked state on success.
272 *
273 * On failure the entry is not locked and a negative err-code is returned.
274 * The caller must use ipc_rcu_putref() to free the identifier.
275 *
276 * Called with writer ipc_ids.rwsem held.
277 */
279 {
280 kuid_t euid;
281 kgid_t egid;
284 /* 1) Initialize the refcount so that ipc_rcu_putref works */
310 ipc_kht_params);
314 }
315 }
321 }
327 }
329 /**
330 * ipcget_new - create a new ipc object
331 * @ns: ipc namespace
332 * @ids: ipc identifier set
333 * @ops: the actual creation routine to call
334 * @params: its parameters
335 *
336 * This routine is called by sys_msgget, sys_semget() and sys_shmget()
337 * when the key is IPC_PRIVATE.
338 */
341 {
348 }
350 /**
351 * ipc_check_perms - check security and permissions for an ipc object
352 * @ns: ipc namespace
353 * @ipcp: ipc permission set
354 * @ops: the actual security routine to call
355 * @params: its parameters
356 *
357 * This routine is called by sys_msgget(), sys_semget() and sys_shmget()
358 * when the key is not IPC_PRIVATE and that key already exists in the
359 * ds IDR.
360 *
361 * On success, the ipc id is returned.
362 *
363 * It is called with ipc_ids.rwsem and ipcp->lock held.
364 */
369 {
378 }
381 }
383 /**
384 * ipcget_public - get an ipc object or create a new one
385 * @ns: ipc namespace
386 * @ids: ipc identifier set
387 * @ops: the actual creation routine to call
388 * @params: its parameters
389 *
390 * This routine is called by sys_msgget, sys_semget() and sys_shmget()
391 * when the key is not IPC_PRIVATE.
392 * It adds a new entry if the key is not found and does some permission
393 * / security checkings if the key is found.
394 *
395 * On success, the ipc id is returned.
396 */
399 {
404 /*
405 * Take the lock as a writer since we are potentially going to add
406 * a new entry + read locks are not "upgradable"
407 */
411 /* key not used */
414 else
417 /* ipc object has been locked by ipc_findkey() */
426 /*
427 * ipc_check_perms returns the IPC id on
428 * success
429 */
431 }
433 }
437 }
439 /**
440 * ipc_kht_remove - remove an ipc from the key hashtable
441 * @ids: ipc identifier set
442 * @ipcp: ipc perm structure containing the key to remove
443 *
444 * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held
445 * before this function is called, and remain locked on the exit.
446 */
448 {
451 ipc_kht_params));
452 }
454 /**
455 * ipc_search_maxidx - search for the highest assigned index
456 * @ids: ipc identifier set
457 * @limit: known upper limit for highest assigned index
458 *
459 * The function determines the highest assigned index in @ids. It is intended
460 * to be called when ids->max_idx needs to be updated.
461 * Updating ids->max_idx is necessary when the current highest index ipc
462 * object is deleted.
463 * If no ipc object is allocated, then -1 is returned.
464 *
465 * ipc_ids.rwsem needs to be held by the caller.
466 */
468 {
478 /*
479 * "0" is a possible index value, thus search using
480 * e.g. 15,7,3,1,0 instead of 16,8,4,2,1.
481 */
485 }
487 }
489 /**
490 * ipc_rmid - remove an ipc identifier
491 * @ids: ipc identifier set
492 * @ipcp: ipc perm structure containing the identifier to remove
493 *
494 * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held
495 * before this function is called, and remain locked on the exit.
496 */
498 {
511 }
512 }
514 /**
515 * ipc_set_key_private - switch the key of an existing ipc to IPC_PRIVATE
516 * @ids: ipc identifier set
517 * @ipcp: ipc perm structure containing the key to modify
518 *
519 * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held
520 * before this function is called, and remain locked on the exit.
521 */
523 {
526 }
529 {
531 }
535 {
540 }
542 /**
543 * ipcperms - check ipc permissions
544 * @ns: ipc namespace
545 * @ipcp: ipc permission set
546 * @flag: desired permission set
547 *
548 * Check user, group, other permissions for access
549 * to ipc resources. return 0 if allowed
550 *
551 * @flag will most probably be 0 or ``S_...UGO`` from <linux/stat.h>
552 */
554 {
566 /* is there some bit set in requested_mode but not in granted_mode? */
572 }
574 /*
575 * Functions to convert between the kern_ipc_perm structure and the
576 * old/new ipc_perm structures
577 */
579 /**
580 * kernel_to_ipc64_perm - convert kernel ipc permissions to user
581 * @in: kernel permissions
582 * @out: new style ipc permissions
583 *
584 * Turn the kernel object @in into a set of permissions descriptions
585 * for returning to userspace (@out).
586 */
588 {
596 }
598 /**
599 * ipc64_perm_to_ipc_perm - convert new ipc permissions to old
600 * @in: new style ipc permissions
601 * @out: old style ipc permissions
602 *
603 * Turn the new style permissions object @in into a compatibility
604 * object and store it into the @out pointer.
605 */
607 {
615 }
617 /**
618 * ipc_obtain_object_idr
619 * @ids: ipc identifier set
620 * @id: ipc id to look for
621 *
622 * Look for an id in the ipc ids idr and return associated ipc object.
623 *
624 * Call inside the RCU critical section.
625 * The ipc object is *not* locked on exit.
626 */
628 {
637 }
639 /**
640 * ipc_obtain_object_check
641 * @ids: ipc identifier set
642 * @id: ipc id to look for
643 *
644 * Similar to ipc_obtain_object_idr() but also checks the ipc object
645 * sequence number.
646 *
647 * Call inside the RCU critical section.
648 * The ipc object is *not* locked on exit.
649 */
651 {
659 out:
661 }
663 /**
664 * ipcget - Common sys_*get() code
665 * @ns: namespace
666 * @ids: ipc identifier set
667 * @ops: operations to be called on ipc object creation, permission checks
668 * and further checks
669 * @params: the parameters needed by the previous operations.
670 *
671 * Common routine called by sys_msgget(), sys_semget() and sys_shmget().
672 */
675 {
678 else
680 }
682 /**
683 * ipc_update_perm - update the permissions of an ipc object
684 * @in: the permission given as input.
685 * @out: the permission of the ipc to set.
686 */
688 {
700 }
702 /**
703 * ipcctl_obtain_check - retrieve an ipc object and check permissions
704 * @ns: ipc namespace
705 * @ids: the table of ids where to look for the ipc
706 * @id: the id of the ipc to retrieve
707 * @cmd: the cmd to check
708 * @perm: the permission to set
709 * @extra_perm: one extra permission parameter used by msq
710 *
711 * This function does some common audit and permissions check for some IPC_XXX
712 * cmd and is called from semctl_down, shmctl_down and msgctl_down.
713 *
714 * It:
715 * - retrieves the ipc object with the given id in the given table.
716 * - performs some audit and permission check, depending on the given cmd
717 * - returns a pointer to the ipc object or otherwise, the corresponding
718 * error.
719 *
720 * Call holding the both the rwsem and the rcu read lock.
721 */
725 {
726 kuid_t euid;
734 }
745 err:
747 }
749 #ifdef CONFIG_ARCH_WANT_IPC_PARSE_VERSION
752 /**
753 * ipc_parse_version - ipc call version
754 * @cmd: pointer to command
755 *
756 * Return IPC_64 for new style IPC and IPC_OLD for old style IPC.
757 * The @cmd value is turned from an encoding command and version into
758 * just the command code.
759 */
761 {
767 }
768 }
772 #ifdef CONFIG_PROC_FS
777 };
780 {
783 }
785 /**
786 * sysvipc_find_ipc - Find and lock the ipc structure based on seq pos
787 * @ids: ipc identifier set
788 * @pos: expected position
789 *
790 * The function finds an ipc structure, based on the sequence file
791 * position @pos. If there is no ipc structure at position @pos, then
792 * the successor is selected.
793 * If a structure is found, then it is locked (both rcu_read_lock() and
794 * ipc_lock_object()) and @pos is set to the position needed to locate
795 * the found ipc structure.
796 * If nothing is found (i.e. EOF), @pos is not modified.
797 *
798 * The function returns the found ipc structure, or NULL at EOF.
799 */
801 {
805 /* convert from position to idr index -> "-1" */
813 /* convert from idr index to position -> "+1" */
815 }
817 }
820 {
825 /* If we had an ipc id locked before, unlock it */
829 /* Next -> search for *pos+1 */
832 }
834 /*
835 * File positions: pos 0 -> header, pos n -> ipc idx = n - 1.
836 * SeqFile iterator: iterator value locked ipc pointer or SEQ_TOKEN_START.
837 */
839 {
846 /*
847 * Take the lock - this will be released by the corresponding
848 * call to stop().
849 */
852 /* pos < 0 is invalid */
856 /* pos == 0 means header */
860 /* Otherwise return the correct ipc structure */
862 }
865 {
871 /* If we had a locked structure, release it */
876 /* Release the lock we took in start() */
878 }
881 {
888 }
891 }
898 };
901 {
913 }
916 {
922 }
930 };