1 : /*
2 : * linux/kernel/sys.c
3 : *
4 : * Copyright (C) 1991, 1992 Linus Torvalds
5 : */
6 :
7 : #include <linux/module.h>
8 : #include <linux/mm.h>
9 : #include <linux/utsname.h>
10 : #include <linux/mman.h>
11 : #include <linux/smp_lock.h>
12 : #include <linux/notifier.h>
13 : #include <linux/reboot.h>
14 : #include <linux/prctl.h>
15 : #include <linux/highuid.h>
16 : #include <linux/fs.h>
17 : #include <linux/resource.h>
18 : #include <linux/kernel.h>
19 : #include <linux/kexec.h>
20 : #include <linux/workqueue.h>
21 : #include <linux/capability.h>
22 : #include <linux/device.h>
23 : #include <linux/key.h>
24 : #include <linux/times.h>
25 : #include <linux/posix-timers.h>
26 : #include <linux/security.h>
27 : #include <linux/dcookies.h>
28 : #include <linux/suspend.h>
29 : #include <linux/tty.h>
30 : #include <linux/signal.h>
31 : #include <linux/cn_proc.h>
32 : #include <linux/getcpu.h>
33 : #include <linux/task_io_accounting_ops.h>
34 : #include <linux/seccomp.h>
35 : #include <linux/cpu.h>
36 :
37 : #include <linux/compat.h>
38 : #include <linux/syscalls.h>
39 : #include <linux/kprobes.h>
40 : #include <linux/user_namespace.h>
41 :
42 : #include <asm/uaccess.h>
43 : #include <asm/io.h>
44 : #include <asm/unistd.h>
45 :
46 : #ifndef SET_UNALIGN_CTL
47 : # define SET_UNALIGN_CTL(a,b) (-EINVAL)
48 : #endif
49 : #ifndef GET_UNALIGN_CTL
50 : # define GET_UNALIGN_CTL(a,b) (-EINVAL)
51 : #endif
52 : #ifndef SET_FPEMU_CTL
53 : # define SET_FPEMU_CTL(a,b) (-EINVAL)
54 : #endif
55 : #ifndef GET_FPEMU_CTL
56 : # define GET_FPEMU_CTL(a,b) (-EINVAL)
57 : #endif
58 : #ifndef SET_FPEXC_CTL
59 : # define SET_FPEXC_CTL(a,b) (-EINVAL)
60 : #endif
61 : #ifndef GET_FPEXC_CTL
62 : # define GET_FPEXC_CTL(a,b) (-EINVAL)
63 : #endif
64 : #ifndef GET_ENDIAN
65 : # define GET_ENDIAN(a,b) (-EINVAL)
66 : #endif
67 : #ifndef SET_ENDIAN
68 : # define SET_ENDIAN(a,b) (-EINVAL)
69 : #endif
70 : #ifndef GET_TSC_CTL
71 : # define GET_TSC_CTL(a) (-EINVAL)
72 : #endif
73 : #ifndef SET_TSC_CTL
74 : # define SET_TSC_CTL(a) (-EINVAL)
75 : #endif
76 :
77 : /*
78 : * this is where the system-wide overflow UID and GID are defined, for
79 : * architectures that now have 32-bit UID/GID but didn't in the past
80 : */
81 :
82 : int overflowuid = DEFAULT_OVERFLOWUID;
83 : int overflowgid = DEFAULT_OVERFLOWGID;
84 :
85 : #ifdef CONFIG_UID16
86 : EXPORT_SYMBOL(overflowuid);
87 : EXPORT_SYMBOL(overflowgid);
88 : #endif
89 :
90 : /*
91 : * the same as above, but for filesystems which can only store a 16-bit
92 : * UID and GID. as such, this is needed on all architectures
93 : */
94 :
95 : int fs_overflowuid = DEFAULT_FS_OVERFLOWUID;
96 : int fs_overflowgid = DEFAULT_FS_OVERFLOWUID;
97 :
98 : EXPORT_SYMBOL(fs_overflowuid);
99 : EXPORT_SYMBOL(fs_overflowgid);
100 :
101 : /*
102 : * this indicates whether you can reboot with ctrl-alt-del: the default is yes
103 : */
104 :
105 : int C_A_D = 1;
106 : struct pid *cad_pid;
107 : EXPORT_SYMBOL(cad_pid);
108 :
109 : /*
110 : * If set, this is used for preparing the system to power off.
111 : */
112 :
113 : void (*pm_power_off_prepare)(void);
114 :
115 : static int set_one_prio(struct task_struct *p, int niceval, int error)
116 505 : {
117 : int no_nice;
118 :
119 1012 : if (p->uid != current->euid &&
120 : p->euid != current->euid && !capable(CAP_SYS_NICE)) {
121 1 : error = -EPERM;
122 1 : goto out;
123 : }
124 504 : if (niceval < task_nice(p) && !can_nice(p, niceval)) {
125 2 : error = -EACCES;
126 2 : goto out;
127 : }
128 502 : no_nice = security_task_setnice(p, niceval);
129 502 : if (no_nice) {
130 0 : error = no_nice;
131 0 : goto out;
132 : }
133 502 : if (error == -ESRCH)
134 502 : error = 0;
135 502 : set_user_nice(p, niceval);
136 505 : out:
137 505 : return error;
138 : }
139 :
140 : asmlinkage long sys_setpriority(int which, int who, int niceval)
141 507 : {
142 : struct task_struct *g, *p;
143 : struct user_struct *user;
144 507 : int error = -EINVAL;
145 : struct pid *pgrp;
146 :
147 507 : if (which > PRIO_USER || which < PRIO_PROCESS)
148 1 : goto out;
149 :
150 : /* normalize: avoid signed division (rounding problems) */
151 506 : error = -ESRCH;
152 506 : if (niceval < -20)
153 0 : niceval = -20;
154 506 : if (niceval > 19)
155 1 : niceval = 19;
156 :
157 506 : read_lock(&tasklist_lock);
158 506 : switch (which) {
159 : case PRIO_PROCESS:
160 506 : if (who)
161 2 : p = find_task_by_vpid(who);
162 : else
163 504 : p = current;
164 506 : if (p)
165 505 : error = set_one_prio(p, niceval, error);
166 : break;
167 : case PRIO_PGRP:
168 0 : if (who)
169 0 : pgrp = find_vpid(who);
170 : else
171 0 : pgrp = task_pgrp(current);
172 0 : do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
173 0 : error = set_one_prio(p, niceval, error);
174 : } while_each_pid_task(pgrp, PIDTYPE_PGID, p);
175 : break;
176 : case PRIO_USER:
177 0 : user = current->user;
178 0 : if (!who)
179 0 : who = current->uid;
180 : else
181 0 : if ((who != current->uid) && !(user = find_user(who)))
182 0 : goto out_unlock; /* No processes for this user */
183 :
184 0 : do_each_thread(g, p)
185 0 : if (p->uid == who)
186 0 : error = set_one_prio(p, niceval, error);
187 0 : while_each_thread(g, p);
188 0 : if (who != current->uid)
189 0 : free_uid(user); /* For find_user() */
190 : break;
191 : }
192 506 : out_unlock:
193 : read_unlock(&tasklist_lock);
194 507 : out:
195 507 : return error;
196 : }
197 :
198 : /*
199 : * Ugh. To avoid negative return values, "getpriority()" will
200 : * not return the normal nice-value, but a negated value that
201 : * has been offset by 20 (ie it returns 40..1 instead of -20..19)
202 : * to stay compatible.
203 : */
204 : asmlinkage long sys_getpriority(int which, int who)
205 521 : {
206 : struct task_struct *g, *p;
207 : struct user_struct *user;
208 521 : long niceval, retval = -ESRCH;
209 : struct pid *pgrp;
210 :
211 521 : if (which > PRIO_USER || which < PRIO_PROCESS)
212 1 : return -EINVAL;
213 :
214 520 : read_lock(&tasklist_lock);
215 520 : switch (which) {
216 : case PRIO_PROCESS:
217 516 : if (who)
218 1 : p = find_task_by_vpid(who);
219 : else
220 515 : p = current;
221 516 : if (p) {
222 515 : niceval = 20 - task_nice(p);
223 515 : if (niceval > retval)
224 515 : retval = niceval;
225 : }
226 : break;
227 : case PRIO_PGRP:
228 2 : if (who)
229 1 : pgrp = find_vpid(who);
230 : else
231 1 : pgrp = task_pgrp(current);
232 4 : do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
233 1 : niceval = 20 - task_nice(p);
234 1 : if (niceval > retval)
235 1 : retval = niceval;
236 : } while_each_pid_task(pgrp, PIDTYPE_PGID, p);
237 : break;
238 : case PRIO_USER:
239 2 : user = current->user;
240 2 : if (!who)
241 1 : who = current->uid;
242 : else
243 2 : if ((who != current->uid) && !(user = find_user(who)))
244 1 : goto out_unlock; /* No processes for this user */
245 :
246 111 : do_each_thread(g, p)
247 188 : if (p->uid == who) {
248 128 : niceval = 20 - task_nice(p);
249 128 : if (niceval > retval)
250 3 : retval = niceval;
251 : }
252 188 : while_each_thread(g, p);
253 2 : if (who != current->uid)
254 0 : free_uid(user); /* for find_user() */
255 : break;
256 : }
257 520 : out_unlock:
258 : read_unlock(&tasklist_lock);
259 :
260 520 : return retval;
261 : }
262 :
263 : /**
264 : * emergency_restart - reboot the system
265 : *
266 : * Without shutting down any hardware or taking any locks
267 : * reboot the system. This is called when we know we are in
268 : * trouble so this is our best effort to reboot. This is
269 : * safe to call in interrupt context.
270 : */
271 : void emergency_restart(void)
272 0 : {
273 0 : machine_emergency_restart();
274 0 : }
275 : EXPORT_SYMBOL_GPL(emergency_restart);
276 :
277 : static void kernel_restart_prepare(char *cmd)
278 0 : {
279 0 : blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
280 0 : system_state = SYSTEM_RESTART;
281 0 : device_shutdown();
282 0 : sysdev_shutdown();
283 0 : }
284 :
285 : /**
286 : * kernel_restart - reboot the system
287 : * @cmd: pointer to buffer containing command to execute for restart
288 : * or %NULL
289 : *
290 : * Shutdown everything and perform a clean reboot.
291 : * This is not safe to call in interrupt context.
292 : */
293 : void kernel_restart(char *cmd)
294 0 : {
295 0 : kernel_restart_prepare(cmd);
296 0 : if (!cmd)
297 0 : printk(KERN_EMERG "Restarting system.\n");
298 : else
299 0 : printk(KERN_EMERG "Restarting system with command '%s'.\n", cmd);
300 0 : machine_restart(cmd);
301 0 : }
302 : EXPORT_SYMBOL_GPL(kernel_restart);
303 :
304 : /**
305 : * kernel_kexec - reboot the system
306 : *
307 : * Move into place and start executing a preloaded standalone
308 : * executable. If nothing was preloaded return an error.
309 : */
310 : static void kernel_kexec(void)
311 : {
312 : #ifdef CONFIG_KEXEC
313 : struct kimage *image;
314 0 : image = xchg(&kexec_image, NULL);
315 0 : if (!image)
316 : return;
317 0 : kernel_restart_prepare(NULL);
318 0 : printk(KERN_EMERG "Starting new kernel\n");
319 0 : machine_shutdown();
320 0 : machine_kexec(image);
321 : #endif
322 : }
323 :
324 : static void kernel_shutdown_prepare(enum system_states state)
325 0 : {
326 0 : blocking_notifier_call_chain(&reboot_notifier_list,
327 : (state == SYSTEM_HALT)?SYS_HALT:SYS_POWER_OFF, NULL);
328 0 : system_state = state;
329 0 : device_shutdown();
330 0 : }
331 : /**
332 : * kernel_halt - halt the system
333 : *
334 : * Shutdown everything and perform a clean system halt.
335 : */
336 : void kernel_halt(void)
337 0 : {
338 0 : kernel_shutdown_prepare(SYSTEM_HALT);
339 0 : sysdev_shutdown();
340 0 : printk(KERN_EMERG "System halted.\n");
341 0 : machine_halt();
342 0 : }
343 :
344 : EXPORT_SYMBOL_GPL(kernel_halt);
345 :
346 : /**
347 : * kernel_power_off - power_off the system
348 : *
349 : * Shutdown everything and perform a clean system power_off.
350 : */
351 : void kernel_power_off(void)
352 0 : {
353 0 : kernel_shutdown_prepare(SYSTEM_POWER_OFF);
354 0 : if (pm_power_off_prepare)
355 0 : pm_power_off_prepare();
356 0 : disable_nonboot_cpus();
357 0 : sysdev_shutdown();
358 0 : printk(KERN_EMERG "Power down.\n");
359 0 : machine_power_off();
360 0 : }
361 : EXPORT_SYMBOL_GPL(kernel_power_off);
362 : /*
363 : * Reboot system call: for obvious reasons only root may call it,
364 : * and even root needs to set up some magic numbers in the registers
365 : * so that some mistake won't make this reboot the whole machine.
366 : * You can also set the meaning of the ctrl-alt-del-key here.
367 : *
368 : * reboot doesn't sync: do that yourself before calling this.
369 : */
370 : asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void __user * arg)
371 4 : {
372 : char buffer[256];
373 :
374 : /* We only trust the superuser with rebooting the system. */
375 4 : if (!capable(CAP_SYS_BOOT))
376 1 : return -EPERM;
377 :
378 : /* For safety, we require "magic" arguments. */
379 3 : if (magic1 != LINUX_REBOOT_MAGIC1 ||
380 : (magic2 != LINUX_REBOOT_MAGIC2 &&
381 : magic2 != LINUX_REBOOT_MAGIC2A &&
382 : magic2 != LINUX_REBOOT_MAGIC2B &&
383 : magic2 != LINUX_REBOOT_MAGIC2C))
384 0 : return -EINVAL;
385 :
386 : /* Instead of trying to make the power_off code look like
387 : * halt when pm_power_off is not set do it the easy way.
388 : */
389 3 : if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
390 0 : cmd = LINUX_REBOOT_CMD_HALT;
391 :
392 3 : lock_kernel();
393 3 : switch (cmd) {
394 : case LINUX_REBOOT_CMD_RESTART:
395 0 : kernel_restart(NULL);
396 0 : break;
397 :
398 : case LINUX_REBOOT_CMD_CAD_ON:
399 1 : C_A_D = 1;
400 1 : break;
401 :
402 : case LINUX_REBOOT_CMD_CAD_OFF:
403 1 : C_A_D = 0;
404 1 : break;
405 :
406 : case LINUX_REBOOT_CMD_HALT:
407 0 : kernel_halt();
408 0 : unlock_kernel();
409 0 : do_exit(0);
410 : break;
411 :
412 : case LINUX_REBOOT_CMD_POWER_OFF:
413 0 : kernel_power_off();
414 0 : unlock_kernel();
415 0 : do_exit(0);
416 : break;
417 :
418 : case LINUX_REBOOT_CMD_RESTART2:
419 0 : if (strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1) < 0) {
420 0 : unlock_kernel();
421 0 : return -EFAULT;
422 : }
423 0 : buffer[sizeof(buffer) - 1] = '\0';
424 :
425 0 : kernel_restart(buffer);
426 0 : break;
427 :
428 : case LINUX_REBOOT_CMD_KEXEC:
429 : kernel_kexec();
430 0 : unlock_kernel();
431 0 : return -EINVAL;
432 :
433 : #ifdef CONFIG_HIBERNATION
434 : case LINUX_REBOOT_CMD_SW_SUSPEND:
435 : {
436 0 : int ret = hibernate();
437 0 : unlock_kernel();
438 0 : return ret;
439 : }
440 : #endif
441 :
442 : default:
443 1 : unlock_kernel();
444 1 : return -EINVAL;
445 : }
446 2 : unlock_kernel();
447 2 : return 0;
448 : }
449 :
450 : static void deferred_cad(struct work_struct *dummy)
451 0 : {
452 0 : kernel_restart(NULL);
453 0 : }
454 :
455 : /*
456 : * This function gets called by ctrl-alt-del - ie the keyboard interrupt.
457 : * As it's called within an interrupt, it may NOT sync: the only choice
458 : * is whether to reboot at once, or just ignore the ctrl-alt-del.
459 : */
460 : void ctrl_alt_del(void)
461 0 : {
462 : static DECLARE_WORK(cad_work, deferred_cad);
463 :
464 0 : if (C_A_D)
465 0 : schedule_work(&cad_work);
466 : else
467 : kill_cad_pid(SIGINT, 1);
468 0 : }
469 :
470 : /*
471 : * Unprivileged users may change the real gid to the effective gid
472 : * or vice versa. (BSD-style)
473 : *
474 : * If you set the real gid at all, or set the effective gid to a value not
475 : * equal to the real gid, then the saved gid is set to the new effective gid.
476 : *
477 : * This makes it possible for a setgid program to completely drop its
478 : * privileges, which is often a useful assertion to make when you are doing
479 : * a security audit over a program.
480 : *
481 : * The general idea is that a program which uses just setregid() will be
482 : * 100% compatible with BSD. A program which uses just setgid() will be
483 : * 100% compatible with POSIX with saved IDs.
484 : *
485 : * SMP: There are not races, the GIDs are checked only by filesystem
486 : * operations (as far as semantic preservation is concerned).
487 : */
488 : asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
489 4867 : {
490 4867 : int old_rgid = current->gid;
491 4867 : int old_egid = current->egid;
492 4867 : int new_rgid = old_rgid;
493 4867 : int new_egid = old_egid;
494 : int retval;
495 :
496 4867 : retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
497 4867 : if (retval)
498 0 : return retval;
499 :
500 4867 : if (rgid != (gid_t) -1) {
501 92 : if ((old_rgid == rgid) ||
502 : (current->egid==rgid) ||
503 : capable(CAP_SETGID))
504 26 : new_rgid = rgid;
505 : else
506 14 : return -EPERM;
507 : }
508 4853 : if (egid != (gid_t) -1) {
509 11142 : if ((old_rgid == egid) ||
510 : (current->egid == egid) ||
511 : (current->sgid == egid) ||
512 : capable(CAP_SETGID))
513 4825 : new_egid = egid;
514 : else
515 8 : return -EPERM;
516 : }
517 4845 : if (new_egid != old_egid) {
518 1014 : set_dumpable(current->mm, suid_dumpable);
519 507 : smp_wmb();
520 : }
521 4845 : if (rgid != (gid_t) -1 ||
522 : (egid != (gid_t) -1 && egid != old_rgid))
523 992 : current->sgid = new_egid;
524 4845 : current->fsgid = new_egid;
525 4845 : current->egid = new_egid;
526 4845 : current->gid = new_rgid;
527 4845 : key_fsgid_changed(current);
528 4845 : proc_id_connector(current, PROC_EVENT_GID);
529 4845 : return 0;
530 : }
531 :
532 : /*
533 : * setgid() is implemented like SysV w/ SAVED_IDS
534 : *
535 : * SMP: Same implicit races as above.
536 : */
537 : asmlinkage long sys_setgid(gid_t gid)
538 518 : {
539 518 : int old_egid = current->egid;
540 : int retval;
541 :
542 518 : retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
543 518 : if (retval)
544 0 : return retval;
545 :
546 518 : if (capable(CAP_SETGID)) {
547 516 : if (old_egid != gid) {
548 1000 : set_dumpable(current->mm, suid_dumpable);
549 500 : smp_wmb();
550 : }
551 516 : current->gid = current->egid = current->sgid = current->fsgid = gid;
552 4 : } else if ((gid == current->gid) || (gid == current->sgid)) {
553 0 : if (old_egid != gid) {
554 0 : set_dumpable(current->mm, suid_dumpable);
555 0 : smp_wmb();
556 : }
557 0 : current->egid = current->fsgid = gid;
558 : }
559 : else
560 2 : return -EPERM;
561 :
562 516 : key_fsgid_changed(current);
563 516 : proc_id_connector(current, PROC_EVENT_GID);
564 516 : return 0;
565 : }
566 :
567 : static int set_user(uid_t new_ruid, int dumpclear)
568 122 : {
569 : struct user_struct *new_user;
570 :
571 122 : new_user = alloc_uid(current->nsproxy->user_ns, new_ruid);
572 122 : if (!new_user)
573 0 : return -EAGAIN;
574 :
575 244 : if (atomic_read(&new_user->processes) >=
576 : current->signal->rlim[RLIMIT_NPROC].rlim_cur &&
577 : new_user != current->nsproxy->user_ns->root_user) {
578 0 : free_uid(new_user);
579 0 : return -EAGAIN;
580 : }
581 :
582 122 : switch_uid(new_user);
583 :
584 122 : if (dumpclear) {
585 216 : set_dumpable(current->mm, suid_dumpable);
586 108 : smp_wmb();
587 : }
588 122 : current->uid = new_ruid;
589 122 : return 0;
590 : }
591 :
592 : /*
593 : * Unprivileged users may change the real uid to the effective uid
594 : * or vice versa. (BSD-style)
595 : *
596 : * If you set the real uid at all, or set the effective uid to a value not
597 : * equal to the real uid, then the saved uid is set to the new effective uid.
598 : *
599 : * This makes it possible for a setuid program to completely drop its
600 : * privileges, which is often a useful assertion to make when you are doing
601 : * a security audit over a program.
602 : *
603 : * The general idea is that a program which uses just setreuid() will be
604 : * 100% compatible with BSD. A program which uses just setuid() will be
605 : * 100% compatible with POSIX with saved IDs.
606 : */
607 : asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
608 5390 : {
609 : int old_ruid, old_euid, old_suid, new_ruid, new_euid;
610 : int retval;
611 :
612 5390 : retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
613 5390 : if (retval)
614 0 : return retval;
615 :
616 5390 : new_ruid = old_ruid = current->uid;
617 5390 : new_euid = old_euid = current->euid;
618 5390 : old_suid = current->suid;
619 :
620 5390 : if (ruid != (uid_t) -1) {
621 1974 : new_ruid = ruid;
622 2021 : if ((old_ruid != ruid) &&
623 : (current->euid != ruid) &&
624 : !capable(CAP_SETUID))
625 16 : return -EPERM;
626 : }
627 :
628 5374 : if (euid != (uid_t) -1) {
629 5350 : new_euid = euid;
630 7370 : if ((old_ruid != euid) &&
631 : (current->euid != euid) &&
632 : (current->suid != euid) &&
633 : !capable(CAP_SETUID))
634 12 : return -EPERM;
635 : }
636 :
637 5362 : if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0)
638 0 : return -EAGAIN;
639 :
640 5362 : if (new_euid != old_euid) {
641 3966 : set_dumpable(current->mm, suid_dumpable);
642 1983 : smp_wmb();
643 : }
644 5362 : current->fsuid = current->euid = new_euid;
645 5362 : if (ruid != (uid_t) -1 ||
646 : (euid != (uid_t) -1 && euid != old_ruid))
647 1981 : current->suid = current->euid;
648 5362 : current->fsuid = current->euid;
649 :
650 5362 : key_fsuid_changed(current);
651 5362 : proc_id_connector(current, PROC_EVENT_UID);
652 :
653 5362 : return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
654 : }
655 :
656 :
657 :
658 : /*
659 : * setuid() is implemented like SysV with SAVED_IDS
660 : *
661 : * Note that SAVED_ID's is deficient in that a setuid root program
662 : * like sendmail, for example, cannot set its uid to be a normal
663 : * user and then switch back, because if you're root, setuid() sets
664 : * the saved uid too. If you don't like this, blame the bright people
665 : * in the POSIX committee and/or USG. Note that the BSD-style setreuid()
666 : * will allow a root program to temporarily drop privileges and be able to
667 : * regain them by swapping the real and effective uid.
668 : */
669 : asmlinkage long sys_setuid(uid_t uid)
670 2505 : {
671 2505 : int old_euid = current->euid;
672 : int old_ruid, old_suid, new_suid;
673 : int retval;
674 :
675 2505 : retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
676 2505 : if (retval)
677 0 : return retval;
678 :
679 2505 : old_ruid = current->uid;
680 2505 : old_suid = current->suid;
681 2505 : new_suid = old_suid;
682 :
683 2505 : if (capable(CAP_SETUID)) {
684 2498 : if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)
685 0 : return -EAGAIN;
686 2498 : new_suid = uid;
687 7 : } else if ((uid != current->uid) && (uid != new_suid))
688 2 : return -EPERM;
689 :
690 2503 : if (old_euid != uid) {
691 176 : set_dumpable(current->mm, suid_dumpable);
692 88 : smp_wmb();
693 : }
694 2503 : current->fsuid = current->euid = uid;
695 2503 : current->suid = new_suid;
696 :
697 2503 : key_fsuid_changed(current);
698 2503 : proc_id_connector(current, PROC_EVENT_UID);
699 :
700 2503 : return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
701 : }
702 :
703 :
704 : /*
705 : * This function implements a generic ability to update ruid, euid,
706 : * and suid. This allows you to implement the 4.4 compatible seteuid().
707 : */
708 : asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
709 364 : {
710 364 : int old_ruid = current->uid;
711 364 : int old_euid = current->euid;
712 364 : int old_suid = current->suid;
713 : int retval;
714 :
715 364 : retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
716 364 : if (retval)
717 0 : return retval;
718 :
719 364 : if (!capable(CAP_SETUID)) {
720 80 : if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
721 : (ruid != current->euid) && (ruid != current->suid))
722 2 : return -EPERM;
723 126 : if ((euid != (uid_t) -1) && (euid != current->uid) &&
724 : (euid != current->euid) && (euid != current->suid))
725 4 : return -EPERM;
726 84 : if ((suid != (uid_t) -1) && (suid != current->uid) &&
727 : (suid != current->euid) && (suid != current->suid))
728 4 : return -EPERM;
729 : }
730 354 : if (ruid != (uid_t) -1) {
731 220 : if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0)
732 0 : return -EAGAIN;
733 : }
734 354 : if (euid != (uid_t) -1) {
735 338 : if (euid != current->euid) {
736 260 : set_dumpable(current->mm, suid_dumpable);
737 130 : smp_wmb();
738 : }
739 338 : current->euid = euid;
740 : }
741 354 : current->fsuid = current->euid;
742 354 : if (suid != (uid_t) -1)
743 216 : current->suid = suid;
744 :
745 354 : key_fsuid_changed(current);
746 354 : proc_id_connector(current, PROC_EVENT_UID);
747 :
748 354 : return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
749 : }
750 :
751 : asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid)
752 46 : {
753 : int retval;
754 :
755 92 : if (!(retval = put_user(current->uid, ruid)) &&
756 46 : !(retval = put_user(current->euid, euid)))
757 46 : retval = put_user(current->suid, suid);
758 :
759 46 : return retval;
760 : }
761 :
762 : /*
763 : * Same as above, but for rgid, egid, sgid.
764 : */
765 : asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
766 48 : {
767 : int retval;
768 :
769 48 : retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
770 48 : if (retval)
771 0 : return retval;
772 :
773 48 : if (!capable(CAP_SETGID)) {
774 23 : if ((rgid != (gid_t) -1) && (rgid != current->gid) &&
775 : (rgid != current->egid) && (rgid != current->sgid))
776 4 : return -EPERM;
777 18 : if ((egid != (gid_t) -1) && (egid != current->gid) &&
778 : (egid != current->egid) && (egid != current->sgid))
779 2 : return -EPERM;
780 11 : if ((sgid != (gid_t) -1) && (sgid != current->gid) &&
781 : (sgid != current->egid) && (sgid != current->sgid))
782 2 : return -EPERM;
783 : }
784 40 : if (egid != (gid_t) -1) {
785 28 : if (egid != current->egid) {
786 56 : set_dumpable(current->mm, suid_dumpable);
787 28 : smp_wmb();
788 : }
789 28 : current->egid = egid;
790 : }
791 40 : current->fsgid = current->egid;
792 40 : if (rgid != (gid_t) -1)
793 12 : current->gid = rgid;
794 40 : if (sgid != (gid_t) -1)
795 14 : current->sgid = sgid;
796 :
797 40 : key_fsgid_changed(current);
798 40 : proc_id_connector(current, PROC_EVENT_GID);
799 40 : return 0;
800 : }
801 :
802 : asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid)
803 44 : {
804 : int retval;
805 :
806 88 : if (!(retval = put_user(current->gid, rgid)) &&
807 44 : !(retval = put_user(current->egid, egid)))
808 44 : retval = put_user(current->sgid, sgid);
809 :
810 44 : return retval;
811 : }
812 :
813 :
814 : /*
815 : * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
816 : * is used for "access()" and for the NFS daemon (letting nfsd stay at
817 : * whatever uid it wants to). It normally shadows "euid", except when
818 : * explicitly set by setfsuid() or for access..
819 : */
820 : asmlinkage long sys_setfsuid(uid_t uid)
821 10 : {
822 : int old_fsuid;
823 :
824 10 : old_fsuid = current->fsuid;
825 10 : if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))
826 0 : return old_fsuid;
827 :
828 28 : if (uid == current->uid || uid == current->euid ||
829 : uid == current->suid || uid == current->fsuid ||
830 : capable(CAP_SETUID)) {
831 8 : if (uid != old_fsuid) {
832 12 : set_dumpable(current->mm, suid_dumpable);
833 6 : smp_wmb();
834 : }
835 8 : current->fsuid = uid;
836 : }
837 :
838 10 : key_fsuid_changed(current);
839 10 : proc_id_connector(current, PROC_EVENT_UID);
840 :
841 10 : security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
842 :
843 10 : return old_fsuid;
844 : }
845 :
846 : /*
847 : * Samma på svenska..
848 : */
849 : asmlinkage long sys_setfsgid(gid_t gid)
850 6 : {
851 : int old_fsgid;
852 :
853 6 : old_fsgid = current->fsgid;
854 6 : if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))
855 0 : return old_fsgid;
856 :
857 18 : if (gid == current->gid || gid == current->egid ||
858 : gid == current->sgid || gid == current->fsgid ||
859 : capable(CAP_SETGID)) {
860 4 : if (gid != old_fsgid) {
861 4 : set_dumpable(current->mm, suid_dumpable);
862 2 : smp_wmb();
863 : }
864 4 : current->fsgid = gid;
865 4 : key_fsgid_changed(current);
866 4 : proc_id_connector(current, PROC_EVENT_GID);
867 : }
868 6 : return old_fsgid;
869 : }
870 :
871 : asmlinkage long sys_times(struct tms __user * tbuf)
872 64813 : {
873 : /*
874 : * In the SMP world we might just be unlucky and have one of
875 : * the times increment as we use it. Since the value is an
876 : * atomically safe type this is just fine. Conceptually its
877 : * as if the syscall took an instant longer to occur.
878 : */
879 64813 : if (tbuf) {
880 : struct tms tmp;
881 64813 : struct task_struct *tsk = current;
882 : struct task_struct *t;
883 : cputime_t utime, stime, cutime, cstime;
884 :
885 64813 : spin_lock_irq(&tsk->sighand->siglock);
886 64813 : utime = tsk->signal->utime;
887 64813 : stime = tsk->signal->stime;
888 64813 : t = tsk;
889 : do {
890 64813 : utime = cputime_add(utime, t->utime);
891 64813 : stime = cputime_add(stime, t->stime);
892 64813 : t = next_thread(t);
893 64813 : } while (t != tsk);
894 :
895 64813 : cutime = tsk->signal->cutime;
896 64813 : cstime = tsk->signal->cstime;
897 64813 : spin_unlock_irq(&tsk->sighand->siglock);
898 :
899 64813 : tmp.tms_utime = cputime_to_clock_t(utime);
900 64813 : tmp.tms_stime = cputime_to_clock_t(stime);
901 64813 : tmp.tms_cutime = cputime_to_clock_t(cutime);
902 64813 : tmp.tms_cstime = cputime_to_clock_t(cstime);
903 64813 : if (copy_to_user(tbuf, &tmp, sizeof(struct tms)))
904 0 : return -EFAULT;
905 : }
906 64813 : return (long) jiffies_64_to_clock_t(get_jiffies_64());
907 : }
908 :
909 : /*
910 : * This needs some heavy checking ...
911 : * I just haven't the stomach for it. I also don't fully
912 : * understand sessions/pgrp etc. Let somebody who does explain it.
913 : *
914 : * OK, I think I have the protection semantics right.... this is really
915 : * only important on a multi-user system anyway, to make sure one user
916 : * can't send a signal to a process owned by another. -TYT, 12/12/91
917 : *
918 : * Auch. Had to add the 'did_exec' flag to conform completely to POSIX.
919 : * LBT 04.03.94
920 : */
921 : asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
922 1696 : {
923 : struct task_struct *p;
924 1696 : struct task_struct *group_leader = current->group_leader;
925 : struct pid *pgrp;
926 : int err;
927 :
928 1696 : if (!pid)
929 935 : pid = task_pid_vnr(group_leader);
930 1696 : if (!pgid)
931 933 : pgid = pid;
932 1696 : if (pgid < 0)
933 1 : return -EINVAL;
934 :
935 : /* From this point forward we keep holding onto the tasklist lock
936 : * so that our parent does not change from under us. -DaveM
937 : */
938 1695 : write_lock_irq(&tasklist_lock);
939 :
940 1695 : err = -ESRCH;
941 1695 : p = find_task_by_vpid(pid);
942 1695 : if (!p)
943 1 : goto out;
944 :
945 1694 : err = -EINVAL;
946 1694 : if (!thread_group_leader(p))
947 0 : goto out;
948 :
949 3388 : if (same_thread_group(p->real_parent, group_leader)) {
950 381 : err = -EPERM;
951 381 : if (task_session(p) != task_session(group_leader))
952 1 : goto out;
953 380 : err = -EACCES;
954 380 : if (p->did_exec)
955 21 : goto out;
956 : } else {
957 1313 : err = -ESRCH;
958 1313 : if (p != group_leader)
959 0 : goto out;
960 : }
961 :
962 1672 : err = -EPERM;
963 1672 : if (p->signal->leader)
964 1 : goto out;
965 :
966 1671 : pgrp = task_pid(p);
967 1671 : if (pgid != pid) {
968 : struct task_struct *g;
969 :
970 505 : pgrp = find_vpid(pgid);
971 505 : g = pid_task(pgrp, PIDTYPE_PGID);
972 1009 : if (!g || task_session(g) != task_session(group_leader))
973 : goto out;
974 : }
975 :
976 1670 : err = security_task_setpgid(p, pgid);
977 1670 : if (err)
978 0 : goto out;
979 :
980 1670 : if (task_pgrp(p) != pgrp) {
981 1051 : change_pid(p, PIDTYPE_PGID, pgrp);
982 : set_task_pgrp(p, pid_nr(pgrp));
983 : }
984 :
985 1670 : err = 0;
986 1695 : out:
987 : /* All paths lead to here, thus we are safe. -DaveM */
988 : write_unlock_irq(&tasklist_lock);
989 1695 : return err;
990 : }
991 :
992 : asmlinkage long sys_getpgid(pid_t pid)
993 33 : {
994 : struct task_struct *p;
995 : struct pid *grp;
996 : int retval;
997 :
998 : rcu_read_lock();
999 33 : if (!pid)
1000 26 : grp = task_pgrp(current);
1001 : else {
1002 7 : retval = -ESRCH;
1003 7 : p = find_task_by_vpid(pid);
1004 7 : if (!p)
1005 2 : goto out;
1006 5 : grp = task_pgrp(p);
1007 5 : if (!grp)
1008 0 : goto out;
1009 :
1010 5 : retval = security_task_getpgid(p);
1011 5 : if (retval)
1012 0 : goto out;
1013 : }
1014 31 : retval = pid_vnr(grp);
1015 33 : out:
1016 : rcu_read_unlock();
1017 33 : return retval;
1018 : }
1019 :
1020 : #ifdef __ARCH_WANT_SYS_GETPGRP
1021 :
1022 : asmlinkage long sys_getpgrp(void)
1023 25 : {
1024 25 : return sys_getpgid(0);
1025 : }
1026 :
1027 : #endif
1028 :
1029 : asmlinkage long sys_getsid(pid_t pid)
1030 3 : {
1031 : struct task_struct *p;
1032 : struct pid *sid;
1033 : int retval;
1034 :
1035 : rcu_read_lock();
1036 3 : if (!pid)
1037 2 : sid = task_session(current);
1038 : else {
1039 1 : retval = -ESRCH;
1040 1 : p = find_task_by_vpid(pid);
1041 1 : if (!p)
1042 1 : goto out;
1043 0 : sid = task_session(p);
1044 0 : if (!sid)
1045 0 : goto out;
1046 :
1047 0 : retval = security_task_getsid(p);
1048 0 : if (retval)
1049 0 : goto out;
1050 : }
1051 2 : retval = pid_vnr(sid);
1052 3 : out:
1053 : rcu_read_unlock();
1054 3 : return retval;
1055 : }
1056 :
1057 : asmlinkage long sys_setsid(void)
1058 20 : {
1059 20 : struct task_struct *group_leader = current->group_leader;
1060 20 : struct pid *sid = task_pid(group_leader);
1061 20 : pid_t session = pid_vnr(sid);
1062 20 : int err = -EPERM;
1063 :
1064 20 : write_lock_irq(&tasklist_lock);
1065 : /* Fail if I am already a session leader */
1066 20 : if (group_leader->signal->leader)
1067 0 : goto out;
1068 :
1069 : /* Fail if a process group id already exists that equals the
1070 : * proposed session id.
1071 : */
1072 20 : if (pid_task(sid, PIDTYPE_PGID))
1073 1 : goto out;
1074 :
1075 19 : group_leader->signal->leader = 1;
1076 19 : __set_special_pids(sid);
1077 :
1078 19 : spin_lock(&group_leader->sighand->siglock);
1079 19 : group_leader->signal->tty = NULL;
1080 19 : spin_unlock(&group_leader->sighand->siglock);
1081 :
1082 19 : err = session;
1083 20 : out:
1084 : write_unlock_irq(&tasklist_lock);
1085 20 : return err;
1086 : }
1087 :
1088 : /*
1089 : * Supplementary group IDs
1090 : */
1091 :
1092 : /* init to 2 - one for init_task, one to ensure it is never freed */
1093 : struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
1094 :
1095 : struct group_info *groups_alloc(int gidsetsize)
1096 2428 : {
1097 : struct group_info *group_info;
1098 : int nblocks;
1099 : int i;
1100 :
1101 2428 : nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
1102 : /* Make sure we always allocate at least one indirect block pointer */
1103 2428 : nblocks = nblocks ? : 1;
1104 4856 : group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
1105 2428 : if (!group_info)
1106 0 : return NULL;
1107 2428 : group_info->ngroups = gidsetsize;
1108 2428 : group_info->nblocks = nblocks;
1109 2428 : atomic_set(&group_info->usage, 1);
1110 :
1111 2428 : if (gidsetsize <= NGROUPS_SMALL)
1112 2426 : group_info->blocks[0] = group_info->small_block;
1113 : else {
1114 130 : for (i = 0; i < nblocks; i++) {
1115 : gid_t *b;
1116 128 : b = (void *)__get_free_page(GFP_USER);
1117 128 : if (!b)
1118 0 : goto out_undo_partial_alloc;
1119 128 : group_info->blocks[i] = b;
1120 : }
1121 : }
1122 2428 : return group_info;
1123 :
1124 : out_undo_partial_alloc:
1125 0 : while (--i >= 0) {
1126 0 : free_page((unsigned long)group_info->blocks[i]);
1127 : }
1128 0 : kfree(group_info);
1129 0 : return NULL;
1130 : }
1131 :
1132 : EXPORT_SYMBOL(groups_alloc);
1133 :
1134 : void groups_free(struct group_info *group_info)
1135 2427 : {
1136 2427 : if (group_info->blocks[0] != group_info->small_block) {
1137 : int i;
1138 130 : for (i = 0; i < group_info->nblocks; i++)
1139 128 : free_page((unsigned long)group_info->blocks[i]);
1140 : }
1141 2427 : kfree(group_info);
1142 2427 : }
1143 :
1144 : EXPORT_SYMBOL(groups_free);
1145 :
1146 : /* export the group_info to a user-space array */
1147 : static int groups_to_user(gid_t __user *grouplist,
1148 : struct group_info *group_info)
1149 : {
1150 : int i;
1151 972 : unsigned int count = group_info->ngroups;
1152 :
1153 1944 : for (i = 0; i < group_info->nblocks; i++) {
1154 972 : unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
1155 972 : unsigned int len = cp_count * sizeof(*grouplist);
1156 :
1157 972 : if (copy_to_user(grouplist, group_info->blocks[i], len))
1158 0 : return -EFAULT;
1159 :
1160 972 : grouplist += NGROUPS_PER_BLOCK;
1161 972 : count -= cp_count;
1162 : }
1163 972 : return 0;
1164 : }
1165 :
1166 : /* fill a group_info from a user-space array - it must be allocated already */
1167 : static int groups_from_user(struct group_info *group_info,
1168 : gid_t __user *grouplist)
1169 : {
1170 : int i;
1171 2425 : unsigned int count = group_info->ngroups;
1172 :
1173 4849 : for (i = 0; i < group_info->nblocks; i++) {
1174 2425 : unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
1175 2425 : unsigned int len = cp_count * sizeof(*grouplist);
1176 :
1177 2425 : if (copy_from_user(group_info->blocks[i], grouplist, len))
1178 1 : return -EFAULT;
1179 :
1180 2424 : grouplist += NGROUPS_PER_BLOCK;
1181 2424 : count -= cp_count;
1182 : }
1183 2424 : return 0;
1184 : }
1185 :
1186 : /* a simple Shell sort */
1187 : static void groups_sort(struct group_info *group_info)
1188 2426 : {
1189 : int base, max, stride;
1190 2426 : int gidsetsize = group_info->ngroups;
1191 :
1192 2426 : for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
1193 : ; /* nothing */
1194 2426 : stride /= 3;
1195 :
1196 4874 : while (stride) {
1197 22 : max = gidsetsize - stride;
1198 143 : for (base = 0; base < max; base++) {
1199 121 : int left = base;
1200 121 : int right = left + stride;
1201 121 : gid_t tmp = GROUP_AT(group_info, right);
1202 :
1203 263 : while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
1204 21 : GROUP_AT(group_info, right) =
1205 : GROUP_AT(group_info, left);
1206 21 : right = left;
1207 21 : left -= stride;
1208 : }
1209 121 : GROUP_AT(group_info, right) = tmp;
1210 : }
1211 22 : stride /= 3;
1212 : }
1213 2426 : }
1214 :
1215 : /* a simple bsearch */
1216 : int groups_search(struct group_info *group_info, gid_t grp)
1217 58324 : {
1218 : unsigned int left, right;
1219 :
1220 58324 : if (!group_info)
1221 0 : return 0;
1222 :
1223 58324 : left = 0;
1224 58324 : right = group_info->ngroups;
1225 164284 : while (left < right) {
1226 48180 : unsigned int mid = (left+right)/2;
1227 48180 : int cmp = grp - GROUP_AT(group_info, mid);
1228 48180 : if (cmp > 0)
1229 45401 : left = mid + 1;
1230 2779 : else if (cmp < 0)
1231 2235 : right = mid;
1232 : else
1233 544 : return 1;
1234 : }
1235 57780 : return 0;
1236 : }
1237 :
1238 : /* validate and set current->group_info */
1239 : int set_current_groups(struct group_info *group_info)
1240 2426 : {
1241 : int retval;
1242 : struct group_info *old_info;
1243 :
1244 2426 : retval = security_task_setgroups(group_info);
1245 2426 : if (retval)
1246 0 : return retval;
1247 :
1248 2426 : groups_sort(group_info);
1249 2426 : get_group_info(group_info);
1250 :
1251 : task_lock(current);
1252 2426 : old_info = current->group_info;
1253 2426 : current->group_info = group_info;
1254 : task_unlock(current);
1255 :
1256 4852 : put_group_info(old_info);
1257 :
1258 2426 : return 0;
1259 : }
1260 :
1261 : EXPORT_SYMBOL(set_current_groups);
1262 :
1263 : asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist)
1264 1938 : {
1265 1938 : int i = 0;
1266 :
1267 : /*
1268 : * SMP: Nobody else can change our grouplist. Thus we are
1269 : * safe.
1270 : */
1271 :
1272 1938 : if (gidsetsize < 0)
1273 4 : return -EINVAL;
1274 :
1275 : /* no need to grab task_lock here; it cannot change */
1276 1934 : i = current->group_info->ngroups;
1277 1934 : if (gidsetsize) {
1278 972 : if (i > gidsetsize) {
1279 0 : i = -EINVAL;
1280 0 : goto out;
1281 : }
1282 1944 : if (groups_to_user(grouplist, current->group_info)) {
1283 0 : i = -EFAULT;
1284 0 : goto out;
1285 : }
1286 : }
1287 1934 : out:
1288 1934 : return i;
1289 : }
1290 :
1291 : /*
1292 : * SMP: Our groups are copy-on-write. We can set them safely
1293 : * without another task interfering.
1294 : */
1295 :
1296 : asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
1297 2427 : {
1298 : struct group_info *group_info;
1299 : int retval;
1300 :
1301 2427 : if (!capable(CAP_SETGID))
1302 1 : return -EPERM;
1303 2426 : if ((unsigned)gidsetsize > NGROUPS_MAX)
1304 1 : return -EINVAL;
1305 :
1306 2425 : group_info = groups_alloc(gidsetsize);
1307 2425 : if (!group_info)
1308 0 : return -ENOMEM;
1309 2425 : retval = groups_from_user(group_info, grouplist);
1310 2425 : if (retval) {
1311 2 : put_group_info(group_info);
1312 1 : return retval;
1313 : }
1314 :
1315 2424 : retval = set_current_groups(group_info);
1316 4848 : put_group_info(group_info);
1317 :
1318 2424 : return retval;
1319 : }
1320 :
1321 : /*
1322 : * Check whether we're fsgid/egid or in the supplemental group..
1323 : */
1324 : int in_group_p(gid_t grp)
1325 15845 : {
1326 15845 : int retval = 1;
1327 15845 : if (grp != current->fsgid)
1328 58321 : retval = groups_search(current->group_info, grp);
1329 15845 : return retval;
1330 : }
1331 :
1332 : EXPORT_SYMBOL(in_group_p);
1333 :
1334 : int in_egroup_p(gid_t grp)
1335 7 : {
1336 7 : int retval = 1;
1337 7 : if (grp != current->egid)
1338 3 : retval = groups_search(current->group_info, grp);
1339 7 : return retval;
1340 : }
1341 :
1342 : EXPORT_SYMBOL(in_egroup_p);
1343 :
1344 : DECLARE_RWSEM(uts_sem);
1345 :
1346 : EXPORT_SYMBOL(uts_sem);
1347 :
1348 : asmlinkage long sys_newuname(struct new_utsname __user * name)
1349 11283 : {
1350 11283 : int errno = 0;
1351 :
1352 11283 : down_read(&uts_sem);
1353 11283 : if (copy_to_user(name, utsname(), sizeof *name))
1354 1 : errno = -EFAULT;
1355 11283 : up_read(&uts_sem);
1356 11283 : return errno;
1357 : }
1358 :
1359 : asmlinkage long sys_sethostname(char __user *name, int len)
1360 8 : {
1361 : int errno;
1362 : char tmp[__NEW_UTS_LEN];
1363 :
1364 8 : if (!capable(CAP_SYS_ADMIN))
1365 1 : return -EPERM;
1366 7 : if (len < 0 || len > __NEW_UTS_LEN)
1367 2 : return -EINVAL;
1368 5 : down_write(&uts_sem);
1369 5 : errno = -EFAULT;
1370 5 : if (!copy_from_user(tmp, name, len)) {
1371 12 : memcpy(utsname()->nodename, tmp, len);
1372 4 : utsname()->nodename[len] = 0;
1373 4 : errno = 0;
1374 : }
1375 5 : up_write(&uts_sem);
1376 5 : return errno;
1377 : }
1378 :
1379 : #ifdef __ARCH_WANT_SYS_GETHOSTNAME
1380 :
1381 : asmlinkage long sys_gethostname(char __user *name, int len)
1382 0 : {
1383 : int i, errno;
1384 :
1385 0 : if (len < 0)
1386 0 : return -EINVAL;
1387 0 : down_read(&uts_sem);
1388 0 : i = 1 + strlen(utsname()->nodename);
1389 0 : if (i > len)
1390 0 : i = len;
1391 0 : errno = 0;
1392 0 : if (copy_to_user(name, utsname()->nodename, i))
1393 0 : errno = -EFAULT;
1394 0 : up_read(&uts_sem);
1395 0 : return errno;
1396 : }
1397 :
1398 : #endif
1399 :
1400 : /*
1401 : * Only setdomainname; getdomainname can be implemented by calling
1402 : * uname()
1403 : */
1404 : asmlinkage long sys_setdomainname(char __user *name, int len)
1405 8 : {
1406 : int errno;
1407 : char tmp[__NEW_UTS_LEN];
1408 :
1409 8 : if (!capable(CAP_SYS_ADMIN))
1410 1 : return -EPERM;
1411 7 : if (len < 0 || len > __NEW_UTS_LEN)
1412 2 : return -EINVAL;
1413 :
1414 5 : down_write(&uts_sem);
1415 5 : errno = -EFAULT;
1416 5 : if (!copy_from_user(tmp, name, len)) {
1417 12 : memcpy(utsname()->domainname, tmp, len);
1418 4 : utsname()->domainname[len] = 0;
1419 4 : errno = 0;
1420 : }
1421 5 : up_write(&uts_sem);
1422 5 : return errno;
1423 : }
1424 :
1425 : asmlinkage long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim)
1426 48487 : {
1427 48487 : if (resource >= RLIM_NLIMITS)
1428 1 : return -EINVAL;
1429 : else {
1430 : struct rlimit value;
1431 48486 : task_lock(current->group_leader);
1432 48486 : value = current->signal->rlim[resource];
1433 48486 : task_unlock(current->group_leader);
1434 48486 : return copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0;
1435 : }
1436 : }
1437 :
1438 : #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT
1439 :
1440 : /*
1441 : * Back compatibility for getrlimit. Needed for some apps.
1442 : */
1443 :
1444 : asmlinkage long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim)
1445 0 : {
1446 : struct rlimit x;
1447 0 : if (resource >= RLIM_NLIMITS)
1448 0 : return -EINVAL;
1449 :
1450 0 : task_lock(current->group_leader);
1451 0 : x = current->signal->rlim[resource];
1452 0 : task_unlock(current->group_leader);
1453 0 : if (x.rlim_cur > 0x7FFFFFFF)
1454 0 : x.rlim_cur = 0x7FFFFFFF;
1455 0 : if (x.rlim_max > 0x7FFFFFFF)
1456 0 : x.rlim_max = 0x7FFFFFFF;
1457 0 : return copy_to_user(rlim, &x, sizeof(x))?-EFAULT:0;
1458 : }
1459 :
1460 : #endif
1461 :
1462 : asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
1463 956 : {
1464 : struct rlimit new_rlim, *old_rlim;
1465 : unsigned long it_prof_secs;
1466 : int retval;
1467 :
1468 956 : if (resource >= RLIM_NLIMITS)
1469 1 : return -EINVAL;
1470 955 : if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
1471 1 : return -EFAULT;
1472 954 : if (new_rlim.rlim_cur > new_rlim.rlim_max)
1473 0 : return -EINVAL;
1474 954 : old_rlim = current->signal->rlim + resource;
1475 954 : if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
1476 : !capable(CAP_SYS_RESOURCE))
1477 1 : return -EPERM;
1478 953 : if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
1479 1 : return -EPERM;
1480 :
1481 952 : retval = security_task_setrlimit(resource, &new_rlim);
1482 952 : if (retval)
1483 0 : return retval;
1484 :
1485 952 : if (resource == RLIMIT_CPU && new_rlim.rlim_cur == 0) {
1486 : /*
1487 : * The caller is asking for an immediate RLIMIT_CPU
1488 : * expiry. But we use the zero value to mean "it was
1489 : * never set". So let's cheat and make it one second
1490 : * instead
1491 : */
1492 0 : new_rlim.rlim_cur = 1;
1493 : }
1494 :
1495 952 : task_lock(current->group_leader);
1496 952 : *old_rlim = new_rlim;
1497 952 : task_unlock(current->group_leader);
1498 :
1499 952 : if (resource != RLIMIT_CPU)
1500 952 : goto out;
1501 :
1502 : /*
1503 : * RLIMIT_CPU handling. Note that the kernel fails to return an error
1504 : * code if it rejected the user's attempt to set RLIMIT_CPU. This is a
1505 : * very long-standing error, and fixing it now risks breakage of
1506 : * applications, so we live with it
1507 : */
1508 0 : if (new_rlim.rlim_cur == RLIM_INFINITY)
1509 0 : goto out;
1510 :
1511 0 : it_prof_secs = cputime_to_secs(current->signal->it_prof_expires);
1512 0 : if (it_prof_secs == 0 || new_rlim.rlim_cur <= it_prof_secs) {
1513 0 : unsigned long rlim_cur = new_rlim.rlim_cur;
1514 : cputime_t cputime;
1515 :
1516 0 : cputime = secs_to_cputime(rlim_cur);
1517 0 : read_lock(&tasklist_lock);
1518 0 : spin_lock_irq(¤t->sighand->siglock);
1519 0 : set_process_cpu_timer(current, CPUCLOCK_PROF, &cputime, NULL);
1520 0 : spin_unlock_irq(¤t->sighand->siglock);
1521 : read_unlock(&tasklist_lock);
1522 : }
1523 952 : out:
1524 952 : return 0;
1525 : }
1526 :
1527 : /*
1528 : * It would make sense to put struct rusage in the task_struct,
1529 : * except that would make the task_struct be *really big*. After
1530 : * task_struct gets moved into malloc'ed memory, it would
1531 : * make sense to do this. It will make moving the rest of the information
1532 : * a lot simpler! (Which we're not doing right now because we're not
1533 : * measuring them yet).
1534 : *
1535 : * When sampling multiple threads for RUSAGE_SELF, under SMP we might have
1536 : * races with threads incrementing their own counters. But since word
1537 : * reads are atomic, we either get new values or old values and we don't
1538 : * care which for the sums. We always take the siglock to protect reading
1539 : * the c* fields from p->signal from races with exit.c updating those
1540 : * fields when reaping, so a sample either gets all the additions of a
1541 : * given child after it's reaped, or none so this sample is before reaping.
1542 : *
1543 : * Locking:
1544 : * We need to take the siglock for CHILDEREN, SELF and BOTH
1545 : * for the cases current multithreaded, non-current single threaded
1546 : * non-current multithreaded. Thread traversal is now safe with
1547 : * the siglock held.
1548 : * Strictly speaking, we donot need to take the siglock if we are current and
1549 : * single threaded, as no one else can take our signal_struct away, no one
1550 : * else can reap the children to update signal->c* counters, and no one else
1551 : * can race with the signal-> fields. If we do not take any lock, the
1552 : * signal-> fields could be read out of order while another thread was just
1553 : * exiting. So we should place a read memory barrier when we avoid the lock.
1554 : * On the writer side, write memory barrier is implied in __exit_signal
1555 : * as __exit_signal releases the siglock spinlock after updating the signal->
1556 : * fields. But we don't do this yet to keep things simple.
1557 : *
1558 : */
1559 :
1560 : static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r,
1561 : cputime_t *utimep, cputime_t *stimep)
1562 : {
1563 3233 : *utimep = cputime_add(*utimep, t->utime);
1564 3233 : *stimep = cputime_add(*stimep, t->stime);
1565 3233 : r->ru_nvcsw += t->nvcsw;
1566 3233 : r->ru_nivcsw += t->nivcsw;
1567 3233 : r->ru_minflt += t->min_flt;
1568 3233 : r->ru_majflt += t->maj_flt;
1569 6466 : r->ru_inblock += task_io_get_inblock(t);
1570 6466 : r->ru_oublock += task_io_get_oublock(t);
1571 : }
1572 :
1573 : static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
1574 3234 : {
1575 : struct task_struct *t;
1576 : unsigned long flags;
1577 : cputime_t utime, stime;
1578 :
1579 : memset((char *) r, 0, sizeof *r);
1580 3234 : utime = stime = cputime_zero;
1581 :
1582 3234 : if (who == RUSAGE_THREAD) {
1583 : accumulate_thread_rusage(p, r, &utime, &stime);
1584 : goto out;
1585 : }
1586 :
1587 3234 : if (!lock_task_sighand(p, &flags))
1588 0 : return;
1589 :
1590 3234 : switch (who) {
1591 : case RUSAGE_BOTH:
1592 : case RUSAGE_CHILDREN:
1593 2 : utime = p->signal->cutime;
1594 2 : stime = p->signal->cstime;
1595 2 : r->ru_nvcsw = p->signal->cnvcsw;
1596 2 : r->ru_nivcsw = p->signal->cnivcsw;
1597 2 : r->ru_minflt = p->signal->cmin_flt;
1598 2 : r->ru_majflt = p->signal->cmaj_flt;
1599 2 : r->ru_inblock = p->signal->cinblock;
1600 2 : r->ru_oublock = p->signal->coublock;
1601 :
1602 2 : if (who == RUSAGE_CHILDREN)
1603 1 : break;
1604 :
1605 : case RUSAGE_SELF:
1606 3233 : utime = cputime_add(utime, p->signal->utime);
1607 3233 : stime = cputime_add(stime, p->signal->stime);
1608 3233 : r->ru_nvcsw += p->signal->nvcsw;
1609 3233 : r->ru_nivcsw += p->signal->nivcsw;
1610 3233 : r->ru_minflt += p->signal->min_flt;
1611 3233 : r->ru_majflt += p->signal->maj_flt;
1612 3233 : r->ru_inblock += p->signal->inblock;
1613 3233 : r->ru_oublock += p->signal->oublock;
1614 3233 : t = p;
1615 : do {
1616 : accumulate_thread_rusage(t, r, &utime, &stime);
1617 3233 : t = next_thread(t);
1618 3233 : } while (t != p);
1619 : break;
1620 :
1621 : default:
1622 0 : BUG();
1623 : }
1624 : unlock_task_sighand(p, &flags);
1625 :
1626 3234 : out:
1627 3234 : cputime_to_timeval(utime, &r->ru_utime);
1628 3234 : cputime_to_timeval(stime, &r->ru_stime);
1629 : }
1630 :
1631 : int getrusage(struct task_struct *p, int who, struct rusage __user *ru)
1632 3234 : {
1633 : struct rusage r;
1634 3234 : k_getrusage(p, who, &r);
1635 3234 : return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0;
1636 : }
1637 :
1638 : asmlinkage long sys_getrusage(int who, struct rusage __user *ru)
1639 3234 : {
1640 3234 : if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
1641 : who != RUSAGE_THREAD)
1642 1 : return -EINVAL;
1643 3233 : return getrusage(current, who, ru);
1644 : }
1645 :
1646 : asmlinkage long sys_umask(int mask)
1647 11059 : {
1648 22118 : mask = xchg(¤t->fs->umask, mask & S_IRWXUGO);
1649 11059 : return mask;
1650 : }
1651 :
1652 : asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
1653 : unsigned long arg4, unsigned long arg5)
1654 4 : {
1655 4 : long error = 0;
1656 :
1657 4 : if (security_task_prctl(option, arg2, arg3, arg4, arg5, &error))
1658 0 : return error;
1659 :
1660 4 : switch (option) {
1661 : case PR_SET_PDEATHSIG:
1662 2 : if (!valid_signal(arg2)) {
1663 1 : error = -EINVAL;
1664 1 : break;
1665 : }
1666 1 : current->pdeath_signal = arg2;
1667 1 : break;
1668 : case PR_GET_PDEATHSIG:
1669 1 : error = put_user(current->pdeath_signal, (int __user *)arg2);
1670 1 : break;
1671 : case PR_GET_DUMPABLE:
1672 0 : error = get_dumpable(current->mm);
1673 0 : break;
1674 : case PR_SET_DUMPABLE:
1675 0 : if (arg2 < 0 || arg2 > 1) {
1676 0 : error = -EINVAL;
1677 0 : break;
1678 : }
1679 0 : set_dumpable(current->mm, arg2);
1680 0 : break;
1681 :
1682 : case PR_SET_UNALIGN:
1683 0 : error = SET_UNALIGN_CTL(current, arg2);
1684 0 : break;
1685 : case PR_GET_UNALIGN:
1686 0 : error = GET_UNALIGN_CTL(current, arg2);
1687 0 : break;
1688 : case PR_SET_FPEMU:
1689 0 : error = SET_FPEMU_CTL(current, arg2);
1690 0 : break;
1691 : case PR_GET_FPEMU:
1692 0 : error = GET_FPEMU_CTL(current, arg2);
1693 0 : break;
1694 : case PR_SET_FPEXC:
1695 0 : error = SET_FPEXC_CTL(current, arg2);
1696 0 : break;
1697 : case PR_GET_FPEXC:
1698 0 : error = GET_FPEXC_CTL(current, arg2);
1699 0 : break;
1700 : case PR_GET_TIMING:
1701 0 : error = PR_TIMING_STATISTICAL;
1702 0 : break;
1703 : case PR_SET_TIMING:
1704 0 : if (arg2 != PR_TIMING_STATISTICAL)
1705 0 : error = -EINVAL;
1706 : break;
1707 :
1708 : case PR_SET_NAME: {
1709 0 : struct task_struct *me = current;
1710 : unsigned char ncomm[sizeof(me->comm)];
1711 :
1712 0 : ncomm[sizeof(me->comm)-1] = 0;
1713 0 : if (strncpy_from_user(ncomm, (char __user *)arg2,
1714 : sizeof(me->comm)-1) < 0)
1715 0 : return -EFAULT;
1716 0 : set_task_comm(me, ncomm);
1717 0 : return 0;
1718 : }
1719 : case PR_GET_NAME: {
1720 0 : struct task_struct *me = current;
1721 : unsigned char tcomm[sizeof(me->comm)];
1722 :
1723 0 : get_task_comm(tcomm, me);
1724 0 : if (copy_to_user((char __user *)arg2, tcomm, sizeof(tcomm)))
1725 0 : return -EFAULT;
1726 0 : return 0;
1727 : }
1728 : case PR_GET_ENDIAN:
1729 0 : error = GET_ENDIAN(current, arg2);
1730 0 : break;
1731 : case PR_SET_ENDIAN:
1732 0 : error = SET_ENDIAN(current, arg2);
1733 0 : break;
1734 :
1735 : case PR_GET_SECCOMP:
1736 0 : error = prctl_get_seccomp();
1737 0 : break;
1738 : case PR_SET_SECCOMP:
1739 0 : error = prctl_set_seccomp(arg2);
1740 0 : break;
1741 : case PR_GET_TSC:
1742 0 : error = GET_TSC_CTL(arg2);
1743 0 : break;
1744 : case PR_SET_TSC:
1745 0 : error = SET_TSC_CTL(arg2);
1746 0 : break;
1747 : default:
1748 1 : error = -EINVAL;
1749 : break;
1750 : }
1751 4 : return error;
1752 : }
1753 :
1754 : asmlinkage long sys_getcpu(unsigned __user *cpup, unsigned __user *nodep,
1755 : struct getcpu_cache __user *unused)
1756 1 : {
1757 1 : int err = 0;
1758 1 : int cpu = raw_smp_processor_id();
1759 1 : if (cpup)
1760 1 : err |= put_user(cpu, cpup);
1761 1 : if (nodep)
1762 1 : err |= put_user(cpu_to_node(cpu), nodep);
1763 1 : return err ? -EFAULT : 0;
1764 : }
1765 :
1766 : char poweroff_cmd[POWEROFF_CMD_PATH_LEN] = "/sbin/poweroff";
1767 :
1768 : static void argv_cleanup(char **argv, char **envp)
1769 0 : {
1770 0 : argv_free(argv);
1771 0 : }
1772 :
1773 : /**
1774 : * orderly_poweroff - Trigger an orderly system poweroff
1775 : * @force: force poweroff if command execution fails
1776 : *
1777 : * This may be called from any context to trigger a system shutdown.
1778 : * If the orderly shutdown fails, it will force an immediate shutdown.
1779 : */
1780 : int orderly_poweroff(bool force)
1781 0 : {
1782 : int argc;
1783 0 : char **argv = argv_split(GFP_ATOMIC, poweroff_cmd, &argc);
1784 : static char *envp[] = {
1785 : "HOME=/",
1786 : "PATH=/sbin:/bin:/usr/sbin:/usr/bin",
1787 : NULL
1788 : };
1789 0 : int ret = -ENOMEM;
1790 : struct subprocess_info *info;
1791 :
1792 0 : if (argv == NULL) {
1793 0 : printk(KERN_WARNING "%s failed to allocate memory for \"%s\"\n",
1794 : __func__, poweroff_cmd);
1795 0 : goto out;
1796 : }
1797 :
1798 0 : info = call_usermodehelper_setup(argv[0], argv, envp);
1799 0 : if (info == NULL) {
1800 0 : argv_free(argv);
1801 0 : goto out;
1802 : }
1803 :
1804 0 : call_usermodehelper_setcleanup(info, argv_cleanup);
1805 :
1806 0 : ret = call_usermodehelper_exec(info, UMH_NO_WAIT);
1807 :
1808 0 : out:
1809 0 : if (ret && force) {
1810 0 : printk(KERN_WARNING "Failed to start orderly shutdown: "
1811 : "forcing the issue\n");
1812 :
1813 : /* I guess this should try to kick off some daemon to
1814 : sync and poweroff asap. Or not even bother syncing
1815 : if we're doing an emergency shutdown? */
1816 0 : emergency_sync();
1817 0 : kernel_power_off();
1818 : }
1819 :
1820 0 : return ret;
1821 : }
1822 : EXPORT_SYMBOL_GPL(orderly_poweroff);
|
