search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
[linux/fpc-iii.git] / kernel / groups.c
blob74d431d252515042296bb739cb8aba456635113e
1 /*
2 * Supplementary group IDs
3 */
4 #include <linux/cred.h>
5 #include <linux/export.h>
6 #include <linux/slab.h>
7 #include <linux/security.h>
8 #include <linux/syscalls.h>
9 #include <linux/user_namespace.h>
10 #include <asm/uaccess.h>
11
12 struct group_info *groups_alloc(int gidsetsize)
13 {
14 struct group_info *group_info;
15 int nblocks;
16 int i;
17
18 nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
19 /* Make sure we always allocate at least one indirect block pointer */
20 nblocks = nblocks ? : 1;
21 group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
22 if (!group_info)
23 return NULL;
24 group_info->ngroups = gidsetsize;
25 group_info->nblocks = nblocks;
26 atomic_set(&group_info->usage, 1);
27
28 if (gidsetsize <= NGROUPS_SMALL)
29 group_info->blocks[0] = group_info->small_block;
30 else {
31 for (i = 0; i < nblocks; i++) {
32 kgid_t *b;
33 b = (void *)__get_free_page(GFP_USER);
34 if (!b)
35 goto out_undo_partial_alloc;
36 group_info->blocks[i] = b;
37 }
38 }
39 return group_info;
40
41 out_undo_partial_alloc:
42 while (--i >= 0) {
43 free_page((unsigned long)group_info->blocks[i]);
44 }
45 kfree(group_info);
46 return NULL;
47 }
48
49 EXPORT_SYMBOL(groups_alloc);
50
51 void groups_free(struct group_info *group_info)
52 {
53 if (group_info->blocks[0] != group_info->small_block) {
54 int i;
55 for (i = 0; i < group_info->nblocks; i++)
56 free_page((unsigned long)group_info->blocks[i]);
57 }
58 kfree(group_info);
59 }
60
61 EXPORT_SYMBOL(groups_free);
62
63 /* export the group_info to a user-space array */
64 static int groups_to_user(gid_t __user *grouplist,
65 const struct group_info *group_info)
66 {
67 struct user_namespace *user_ns = current_user_ns();
68 int i;
69 unsigned int count = group_info->ngroups;
70
71 for (i = 0; i < count; i++) {
72 gid_t gid;
73 gid = from_kgid_munged(user_ns, GROUP_AT(group_info, i));
74 if (put_user(gid, grouplist+i))
75 return -EFAULT;
76 }
77 return 0;
78 }
79
80 /* fill a group_info from a user-space array - it must be allocated already */
81 static int groups_from_user(struct group_info *group_info,
82 gid_t __user *grouplist)
83 {
84 struct user_namespace *user_ns = current_user_ns();
85 int i;
86 unsigned int count = group_info->ngroups;
87
88 for (i = 0; i < count; i++) {
89 gid_t gid;
90 kgid_t kgid;
91 if (get_user(gid, grouplist+i))
92 return -EFAULT;
93
94 kgid = make_kgid(user_ns, gid);
95 if (!gid_valid(kgid))
96 return -EINVAL;
97
98 GROUP_AT(group_info, i) = kgid;
99 }
100 return 0;
101 }
102
103 /* a simple Shell sort */
104 static void groups_sort(struct group_info *group_info)
105 {
106 int base, max, stride;
107 int gidsetsize = group_info->ngroups;
108
109 for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
110 ; /* nothing */
111 stride /= 3;
112
113 while (stride) {
114 max = gidsetsize - stride;
115 for (base = 0; base < max; base++) {
116 int left = base;
117 int right = left + stride;
118 kgid_t tmp = GROUP_AT(group_info, right);
119
120 while (left >= 0 && gid_gt(GROUP_AT(group_info, left), tmp)) {
121 GROUP_AT(group_info, right) =
122 GROUP_AT(group_info, left);
123 right = left;
124 left -= stride;
125 }
126 GROUP_AT(group_info, right) = tmp;
127 }
128 stride /= 3;
129 }
130 }
131
132 /* a simple bsearch */
133 int groups_search(const struct group_info *group_info, kgid_t grp)
134 {
135 unsigned int left, right;
136
137 if (!group_info)
138 return 0;
139
140 left = 0;
141 right = group_info->ngroups;
142 while (left < right) {
143 unsigned int mid = (left+right)/2;
144 if (gid_gt(grp, GROUP_AT(group_info, mid)))
145 left = mid + 1;
146 else if (gid_lt(grp, GROUP_AT(group_info, mid)))
147 right = mid;
148 else
149 return 1;
150 }
151 return 0;
152 }
153
154 /**
155 * set_groups - Change a group subscription in a set of credentials
156 * @new: The newly prepared set of credentials to alter
157 * @group_info: The group list to install
158 */
159 void set_groups(struct cred *new, struct group_info *group_info)
160 {
161 put_group_info(new->group_info);
162 groups_sort(group_info);
163 get_group_info(group_info);
164 new->group_info = group_info;
165 }
166
167 EXPORT_SYMBOL(set_groups);
168
169 /**
170 * set_current_groups - Change current's group subscription
171 * @group_info: The group list to impose
172 *
173 * Validate a group subscription and, if valid, impose it upon current's task
174 * security record.
175 */
176 int set_current_groups(struct group_info *group_info)
177 {
178 struct cred *new;
179
180 new = prepare_creds();
181 if (!new)
182 return -ENOMEM;
183
184 set_groups(new, group_info);
185 return commit_creds(new);
186 }
187
188 EXPORT_SYMBOL(set_current_groups);
189
190 SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
191 {
192 const struct cred *cred = current_cred();
193 int i;
194
195 if (gidsetsize < 0)
196 return -EINVAL;
197
198 /* no need to grab task_lock here; it cannot change */
199 i = cred->group_info->ngroups;
200 if (gidsetsize) {
201 if (i > gidsetsize) {
202 i = -EINVAL;
203 goto out;
204 }
205 if (groups_to_user(grouplist, cred->group_info)) {
206 i = -EFAULT;
207 goto out;
208 }
209 }
210 out:
211 return i;
212 }
213
214 bool may_setgroups(void)
215 {
216 struct user_namespace *user_ns = current_user_ns();
217
218 return ns_capable(user_ns, CAP_SETGID) &&
219 userns_may_setgroups(user_ns);
220 }
221
222 /*
223 * SMP: Our groups are copy-on-write. We can set them safely
224 * without another task interfering.
225 */
226
227 SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
228 {
229 struct group_info *group_info;
230 int retval;
231
232 if (!may_setgroups())
233 return -EPERM;
234 if ((unsigned)gidsetsize > NGROUPS_MAX)
235 return -EINVAL;
236
237 group_info = groups_alloc(gidsetsize);
238 if (!group_info)
239 return -ENOMEM;
240 retval = groups_from_user(group_info, grouplist);
241 if (retval) {
242 put_group_info(group_info);
243 return retval;
244 }
245
246 retval = set_current_groups(group_info);
247 put_group_info(group_info);
248
249 return retval;
250 }
251
252 /*
253 * Check whether we're fsgid/egid or in the supplemental group..
254 */
255 int in_group_p(kgid_t grp)
256 {
257 const struct cred *cred = current_cred();
258 int retval = 1;
259
260 if (!gid_eq(grp, cred->fsgid))
261 retval = groups_search(cred->group_info, grp);
262 return retval;
263 }
264
265 EXPORT_SYMBOL(in_group_p);
266
267 int in_egroup_p(kgid_t grp)
268 {
269 const struct cred *cred = current_cred();
270 int retval = 1;
271
272 if (!gid_eq(grp, cred->egid))
273 retval = groups_search(cred->group_info, grp);
274 return retval;
275 }
276
277 EXPORT_SYMBOL(in_egroup_p);
Linux with added FPC-III support