sys.c 57 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433
  1. /*
  2. * linux/kernel/sys.c
  3. *
  4. * Copyright (C) 1991, 1992 Linus Torvalds
  5. */
  6. #include <linux/export.h>
  7. #include <linux/mm.h>
  8. #include <linux/utsname.h>
  9. #include <linux/mman.h>
  10. #include <linux/reboot.h>
  11. #include <linux/prctl.h>
  12. #include <linux/highuid.h>
  13. #include <linux/fs.h>
  14. #include <linux/kmod.h>
  15. #include <linux/perf_event.h>
  16. #include <linux/resource.h>
  17. #include <linux/kernel.h>
  18. #include <linux/workqueue.h>
  19. #include <linux/capability.h>
  20. #include <linux/device.h>
  21. #include <linux/key.h>
  22. #include <linux/times.h>
  23. #include <linux/posix-timers.h>
  24. #include <linux/security.h>
  25. #include <linux/dcookies.h>
  26. #include <linux/suspend.h>
  27. #include <linux/tty.h>
  28. #include <linux/signal.h>
  29. #include <linux/cn_proc.h>
  30. #include <linux/getcpu.h>
  31. #include <linux/task_io_accounting_ops.h>
  32. #include <linux/seccomp.h>
  33. #include <linux/cpu.h>
  34. #include <linux/personality.h>
  35. #include <linux/ptrace.h>
  36. #include <linux/fs_struct.h>
  37. #include <linux/file.h>
  38. #include <linux/mount.h>
  39. #include <linux/gfp.h>
  40. #include <linux/syscore_ops.h>
  41. #include <linux/version.h>
  42. #include <linux/ctype.h>
  43. #include <linux/compat.h>
  44. #include <linux/syscalls.h>
  45. #include <linux/kprobes.h>
  46. #include <linux/user_namespace.h>
  47. #include <linux/binfmts.h>
  48. #include <linux/sched.h>
  49. #include <linux/rcupdate.h>
  50. #include <linux/uidgid.h>
  51. #include <linux/cred.h>
  52. #include <linux/kmsg_dump.h>
  53. /* Move somewhere else to avoid recompiling? */
  54. #include <generated/utsrelease.h>
  55. #include <asm/uaccess.h>
  56. #include <asm/io.h>
  57. #include <asm/unistd.h>
  58. #ifndef SET_UNALIGN_CTL
  59. # define SET_UNALIGN_CTL(a, b) (-EINVAL)
  60. #endif
  61. #ifndef GET_UNALIGN_CTL
  62. # define GET_UNALIGN_CTL(a, b) (-EINVAL)
  63. #endif
  64. #ifndef SET_FPEMU_CTL
  65. # define SET_FPEMU_CTL(a, b) (-EINVAL)
  66. #endif
  67. #ifndef GET_FPEMU_CTL
  68. # define GET_FPEMU_CTL(a, b) (-EINVAL)
  69. #endif
  70. #ifndef SET_FPEXC_CTL
  71. # define SET_FPEXC_CTL(a, b) (-EINVAL)
  72. #endif
  73. #ifndef GET_FPEXC_CTL
  74. # define GET_FPEXC_CTL(a, b) (-EINVAL)
  75. #endif
  76. #ifndef GET_ENDIAN
  77. # define GET_ENDIAN(a, b) (-EINVAL)
  78. #endif
  79. #ifndef SET_ENDIAN
  80. # define SET_ENDIAN(a, b) (-EINVAL)
  81. #endif
  82. #ifndef GET_TSC_CTL
  83. # define GET_TSC_CTL(a) (-EINVAL)
  84. #endif
  85. #ifndef SET_TSC_CTL
  86. # define SET_TSC_CTL(a) (-EINVAL)
  87. #endif
  88. #ifndef MPX_ENABLE_MANAGEMENT
  89. # define MPX_ENABLE_MANAGEMENT() (-EINVAL)
  90. #endif
  91. #ifndef MPX_DISABLE_MANAGEMENT
  92. # define MPX_DISABLE_MANAGEMENT() (-EINVAL)
  93. #endif
  94. #ifndef GET_FP_MODE
  95. # define GET_FP_MODE(a) (-EINVAL)
  96. #endif
  97. #ifndef SET_FP_MODE
  98. # define SET_FP_MODE(a,b) (-EINVAL)
  99. #endif
  100. /*
  101. * this is where the system-wide overflow UID and GID are defined, for
  102. * architectures that now have 32-bit UID/GID but didn't in the past
  103. */
  104. int overflowuid = DEFAULT_OVERFLOWUID;
  105. int overflowgid = DEFAULT_OVERFLOWGID;
  106. EXPORT_SYMBOL(overflowuid);
  107. EXPORT_SYMBOL(overflowgid);
  108. /*
  109. * the same as above, but for filesystems which can only store a 16-bit
  110. * UID and GID. as such, this is needed on all architectures
  111. */
  112. int fs_overflowuid = DEFAULT_FS_OVERFLOWUID;
  113. int fs_overflowgid = DEFAULT_FS_OVERFLOWUID;
  114. EXPORT_SYMBOL(fs_overflowuid);
  115. EXPORT_SYMBOL(fs_overflowgid);
  116. /*
  117. * Returns true if current's euid is same as p's uid or euid,
  118. * or has CAP_SYS_NICE to p's user_ns.
  119. *
  120. * Called with rcu_read_lock, creds are safe
  121. */
  122. static bool set_one_prio_perm(struct task_struct *p)
  123. {
  124. const struct cred *cred = current_cred(), *pcred = __task_cred(p);
  125. if (uid_eq(pcred->uid, cred->euid) ||
  126. uid_eq(pcred->euid, cred->euid))
  127. return true;
  128. if (ns_capable(pcred->user_ns, CAP_SYS_NICE))
  129. return true;
  130. return false;
  131. }
  132. /*
  133. * set the priority of a task
  134. * - the caller must hold the RCU read lock
  135. */
  136. static int set_one_prio(struct task_struct *p, int niceval, int error)
  137. {
  138. int no_nice;
  139. if (!set_one_prio_perm(p)) {
  140. error = -EPERM;
  141. goto out;
  142. }
  143. if (niceval < task_nice(p) && !can_nice(p, niceval)) {
  144. error = -EACCES;
  145. goto out;
  146. }
  147. no_nice = security_task_setnice(p, niceval);
  148. if (no_nice) {
  149. error = no_nice;
  150. goto out;
  151. }
  152. if (error == -ESRCH)
  153. error = 0;
  154. set_user_nice(p, niceval);
  155. out:
  156. return error;
  157. }
  158. SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval)
  159. {
  160. struct task_struct *g, *p;
  161. struct user_struct *user;
  162. const struct cred *cred = current_cred();
  163. int error = -EINVAL;
  164. struct pid *pgrp;
  165. kuid_t uid;
  166. if (which > PRIO_USER || which < PRIO_PROCESS)
  167. goto out;
  168. /* normalize: avoid signed division (rounding problems) */
  169. error = -ESRCH;
  170. if (niceval < MIN_NICE)
  171. niceval = MIN_NICE;
  172. if (niceval > MAX_NICE)
  173. niceval = MAX_NICE;
  174. rcu_read_lock();
  175. read_lock(&tasklist_lock);
  176. switch (which) {
  177. case PRIO_PROCESS:
  178. if (who)
  179. p = find_task_by_vpid(who);
  180. else
  181. p = current;
  182. if (p)
  183. error = set_one_prio(p, niceval, error);
  184. break;
  185. case PRIO_PGRP:
  186. if (who)
  187. pgrp = find_vpid(who);
  188. else
  189. pgrp = task_pgrp(current);
  190. do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
  191. error = set_one_prio(p, niceval, error);
  192. } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
  193. break;
  194. case PRIO_USER:
  195. uid = make_kuid(cred->user_ns, who);
  196. user = cred->user;
  197. if (!who)
  198. uid = cred->uid;
  199. else if (!uid_eq(uid, cred->uid)) {
  200. user = find_user(uid);
  201. if (!user)
  202. goto out_unlock; /* No processes for this user */
  203. }
  204. do_each_thread(g, p) {
  205. if (uid_eq(task_uid(p), uid))
  206. error = set_one_prio(p, niceval, error);
  207. } while_each_thread(g, p);
  208. if (!uid_eq(uid, cred->uid))
  209. free_uid(user); /* For find_user() */
  210. break;
  211. }
  212. out_unlock:
  213. read_unlock(&tasklist_lock);
  214. rcu_read_unlock();
  215. out:
  216. return error;
  217. }
  218. /*
  219. * Ugh. To avoid negative return values, "getpriority()" will
  220. * not return the normal nice-value, but a negated value that
  221. * has been offset by 20 (ie it returns 40..1 instead of -20..19)
  222. * to stay compatible.
  223. */
  224. SYSCALL_DEFINE2(getpriority, int, which, int, who)
  225. {
  226. struct task_struct *g, *p;
  227. struct user_struct *user;
  228. const struct cred *cred = current_cred();
  229. long niceval, retval = -ESRCH;
  230. struct pid *pgrp;
  231. kuid_t uid;
  232. if (which > PRIO_USER || which < PRIO_PROCESS)
  233. return -EINVAL;
  234. rcu_read_lock();
  235. read_lock(&tasklist_lock);
  236. switch (which) {
  237. case PRIO_PROCESS:
  238. if (who)
  239. p = find_task_by_vpid(who);
  240. else
  241. p = current;
  242. if (p) {
  243. niceval = nice_to_rlimit(task_nice(p));
  244. if (niceval > retval)
  245. retval = niceval;
  246. }
  247. break;
  248. case PRIO_PGRP:
  249. if (who)
  250. pgrp = find_vpid(who);
  251. else
  252. pgrp = task_pgrp(current);
  253. do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
  254. niceval = nice_to_rlimit(task_nice(p));
  255. if (niceval > retval)
  256. retval = niceval;
  257. } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
  258. break;
  259. case PRIO_USER:
  260. uid = make_kuid(cred->user_ns, who);
  261. user = cred->user;
  262. if (!who)
  263. uid = cred->uid;
  264. else if (!uid_eq(uid, cred->uid)) {
  265. user = find_user(uid);
  266. if (!user)
  267. goto out_unlock; /* No processes for this user */
  268. }
  269. do_each_thread(g, p) {
  270. if (uid_eq(task_uid(p), uid)) {
  271. niceval = nice_to_rlimit(task_nice(p));
  272. if (niceval > retval)
  273. retval = niceval;
  274. }
  275. } while_each_thread(g, p);
  276. if (!uid_eq(uid, cred->uid))
  277. free_uid(user); /* for find_user() */
  278. break;
  279. }
  280. out_unlock:
  281. read_unlock(&tasklist_lock);
  282. rcu_read_unlock();
  283. return retval;
  284. }
  285. /*
  286. * Unprivileged users may change the real gid to the effective gid
  287. * or vice versa. (BSD-style)
  288. *
  289. * If you set the real gid at all, or set the effective gid to a value not
  290. * equal to the real gid, then the saved gid is set to the new effective gid.
  291. *
  292. * This makes it possible for a setgid program to completely drop its
  293. * privileges, which is often a useful assertion to make when you are doing
  294. * a security audit over a program.
  295. *
  296. * The general idea is that a program which uses just setregid() will be
  297. * 100% compatible with BSD. A program which uses just setgid() will be
  298. * 100% compatible with POSIX with saved IDs.
  299. *
  300. * SMP: There are not races, the GIDs are checked only by filesystem
  301. * operations (as far as semantic preservation is concerned).
  302. */
  303. #ifdef CONFIG_MULTIUSER
  304. SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
  305. {
  306. struct user_namespace *ns = current_user_ns();
  307. const struct cred *old;
  308. struct cred *new;
  309. int retval;
  310. kgid_t krgid, kegid;
  311. krgid = make_kgid(ns, rgid);
  312. kegid = make_kgid(ns, egid);
  313. if ((rgid != (gid_t) -1) && !gid_valid(krgid))
  314. return -EINVAL;
  315. if ((egid != (gid_t) -1) && !gid_valid(kegid))
  316. return -EINVAL;
  317. new = prepare_creds();
  318. if (!new)
  319. return -ENOMEM;
  320. old = current_cred();
  321. retval = -EPERM;
  322. if (rgid != (gid_t) -1) {
  323. if (gid_eq(old->gid, krgid) ||
  324. gid_eq(old->egid, krgid) ||
  325. ns_capable(old->user_ns, CAP_SETGID))
  326. new->gid = krgid;
  327. else
  328. goto error;
  329. }
  330. if (egid != (gid_t) -1) {
  331. if (gid_eq(old->gid, kegid) ||
  332. gid_eq(old->egid, kegid) ||
  333. gid_eq(old->sgid, kegid) ||
  334. ns_capable(old->user_ns, CAP_SETGID))
  335. new->egid = kegid;
  336. else
  337. goto error;
  338. }
  339. if (rgid != (gid_t) -1 ||
  340. (egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
  341. new->sgid = new->egid;
  342. new->fsgid = new->egid;
  343. return commit_creds(new);
  344. error:
  345. abort_creds(new);
  346. return retval;
  347. }
  348. /*
  349. * setgid() is implemented like SysV w/ SAVED_IDS
  350. *
  351. * SMP: Same implicit races as above.
  352. */
  353. SYSCALL_DEFINE1(setgid, gid_t, gid)
  354. {
  355. struct user_namespace *ns = current_user_ns();
  356. const struct cred *old;
  357. struct cred *new;
  358. int retval;
  359. kgid_t kgid;
  360. kgid = make_kgid(ns, gid);
  361. if (!gid_valid(kgid))
  362. return -EINVAL;
  363. new = prepare_creds();
  364. if (!new)
  365. return -ENOMEM;
  366. old = current_cred();
  367. retval = -EPERM;
  368. if (ns_capable(old->user_ns, CAP_SETGID))
  369. new->gid = new->egid = new->sgid = new->fsgid = kgid;
  370. else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
  371. new->egid = new->fsgid = kgid;
  372. else
  373. goto error;
  374. return commit_creds(new);
  375. error:
  376. abort_creds(new);
  377. return retval;
  378. }
  379. /*
  380. * change the user struct in a credentials set to match the new UID
  381. */
  382. static int set_user(struct cred *new)
  383. {
  384. struct user_struct *new_user;
  385. new_user = alloc_uid(new->uid);
  386. if (!new_user)
  387. return -EAGAIN;
  388. /*
  389. * We don't fail in case of NPROC limit excess here because too many
  390. * poorly written programs don't check set*uid() return code, assuming
  391. * it never fails if called by root. We may still enforce NPROC limit
  392. * for programs doing set*uid()+execve() by harmlessly deferring the
  393. * failure to the execve() stage.
  394. */
  395. if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) &&
  396. new_user != INIT_USER)
  397. current->flags |= PF_NPROC_EXCEEDED;
  398. else
  399. current->flags &= ~PF_NPROC_EXCEEDED;
  400. free_uid(new->user);
  401. new->user = new_user;
  402. return 0;
  403. }
  404. /*
  405. * Unprivileged users may change the real uid to the effective uid
  406. * or vice versa. (BSD-style)
  407. *
  408. * If you set the real uid at all, or set the effective uid to a value not
  409. * equal to the real uid, then the saved uid is set to the new effective uid.
  410. *
  411. * This makes it possible for a setuid program to completely drop its
  412. * privileges, which is often a useful assertion to make when you are doing
  413. * a security audit over a program.
  414. *
  415. * The general idea is that a program which uses just setreuid() will be
  416. * 100% compatible with BSD. A program which uses just setuid() will be
  417. * 100% compatible with POSIX with saved IDs.
  418. */
  419. SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
  420. {
  421. struct user_namespace *ns = current_user_ns();
  422. const struct cred *old;
  423. struct cred *new;
  424. int retval;
  425. kuid_t kruid, keuid;
  426. kruid = make_kuid(ns, ruid);
  427. keuid = make_kuid(ns, euid);
  428. if ((ruid != (uid_t) -1) && !uid_valid(kruid))
  429. return -EINVAL;
  430. if ((euid != (uid_t) -1) && !uid_valid(keuid))
  431. return -EINVAL;
  432. new = prepare_creds();
  433. if (!new)
  434. return -ENOMEM;
  435. old = current_cred();
  436. retval = -EPERM;
  437. if (ruid != (uid_t) -1) {
  438. new->uid = kruid;
  439. if (!uid_eq(old->uid, kruid) &&
  440. !uid_eq(old->euid, kruid) &&
  441. !ns_capable(old->user_ns, CAP_SETUID))
  442. goto error;
  443. }
  444. if (euid != (uid_t) -1) {
  445. new->euid = keuid;
  446. if (!uid_eq(old->uid, keuid) &&
  447. !uid_eq(old->euid, keuid) &&
  448. !uid_eq(old->suid, keuid) &&
  449. !ns_capable(old->user_ns, CAP_SETUID))
  450. goto error;
  451. }
  452. if (!uid_eq(new->uid, old->uid)) {
  453. retval = set_user(new);
  454. if (retval < 0)
  455. goto error;
  456. }
  457. if (ruid != (uid_t) -1 ||
  458. (euid != (uid_t) -1 && !uid_eq(keuid, old->uid)))
  459. new->suid = new->euid;
  460. new->fsuid = new->euid;
  461. retval = security_task_fix_setuid(new, old, LSM_SETID_RE);
  462. if (retval < 0)
  463. goto error;
  464. return commit_creds(new);
  465. error:
  466. abort_creds(new);
  467. return retval;
  468. }
  469. /*
  470. * setuid() is implemented like SysV with SAVED_IDS
  471. *
  472. * Note that SAVED_ID's is deficient in that a setuid root program
  473. * like sendmail, for example, cannot set its uid to be a normal
  474. * user and then switch back, because if you're root, setuid() sets
  475. * the saved uid too. If you don't like this, blame the bright people
  476. * in the POSIX committee and/or USG. Note that the BSD-style setreuid()
  477. * will allow a root program to temporarily drop privileges and be able to
  478. * regain them by swapping the real and effective uid.
  479. */
  480. SYSCALL_DEFINE1(setuid, uid_t, uid)
  481. {
  482. struct user_namespace *ns = current_user_ns();
  483. const struct cred *old;
  484. struct cred *new;
  485. int retval;
  486. kuid_t kuid;
  487. kuid = make_kuid(ns, uid);
  488. if (!uid_valid(kuid))
  489. return -EINVAL;
  490. new = prepare_creds();
  491. if (!new)
  492. return -ENOMEM;
  493. old = current_cred();
  494. retval = -EPERM;
  495. if (ns_capable(old->user_ns, CAP_SETUID)) {
  496. new->suid = new->uid = kuid;
  497. if (!uid_eq(kuid, old->uid)) {
  498. retval = set_user(new);
  499. if (retval < 0)
  500. goto error;
  501. }
  502. } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) {
  503. goto error;
  504. }
  505. new->fsuid = new->euid = kuid;
  506. retval = security_task_fix_setuid(new, old, LSM_SETID_ID);
  507. if (retval < 0)
  508. goto error;
  509. return commit_creds(new);
  510. error:
  511. abort_creds(new);
  512. return retval;
  513. }
  514. /*
  515. * This function implements a generic ability to update ruid, euid,
  516. * and suid. This allows you to implement the 4.4 compatible seteuid().
  517. */
  518. SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
  519. {
  520. struct user_namespace *ns = current_user_ns();
  521. const struct cred *old;
  522. struct cred *new;
  523. int retval;
  524. kuid_t kruid, keuid, ksuid;
  525. kruid = make_kuid(ns, ruid);
  526. keuid = make_kuid(ns, euid);
  527. ksuid = make_kuid(ns, suid);
  528. if ((ruid != (uid_t) -1) && !uid_valid(kruid))
  529. return -EINVAL;
  530. if ((euid != (uid_t) -1) && !uid_valid(keuid))
  531. return -EINVAL;
  532. if ((suid != (uid_t) -1) && !uid_valid(ksuid))
  533. return -EINVAL;
  534. new = prepare_creds();
  535. if (!new)
  536. return -ENOMEM;
  537. old = current_cred();
  538. retval = -EPERM;
  539. if (!ns_capable(old->user_ns, CAP_SETUID)) {
  540. if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) &&
  541. !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))
  542. goto error;
  543. if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) &&
  544. !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid))
  545. goto error;
  546. if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) &&
  547. !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid))
  548. goto error;
  549. }
  550. if (ruid != (uid_t) -1) {
  551. new->uid = kruid;
  552. if (!uid_eq(kruid, old->uid)) {
  553. retval = set_user(new);
  554. if (retval < 0)
  555. goto error;
  556. }
  557. }
  558. if (euid != (uid_t) -1)
  559. new->euid = keuid;
  560. if (suid != (uid_t) -1)
  561. new->suid = ksuid;
  562. new->fsuid = new->euid;
  563. retval = security_task_fix_setuid(new, old, LSM_SETID_RES);
  564. if (retval < 0)
  565. goto error;
  566. return commit_creds(new);
  567. error:
  568. abort_creds(new);
  569. return retval;
  570. }
  571. SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp)
  572. {
  573. const struct cred *cred = current_cred();
  574. int retval;
  575. uid_t ruid, euid, suid;
  576. ruid = from_kuid_munged(cred->user_ns, cred->uid);
  577. euid = from_kuid_munged(cred->user_ns, cred->euid);
  578. suid = from_kuid_munged(cred->user_ns, cred->suid);
  579. retval = put_user(ruid, ruidp);
  580. if (!retval) {
  581. retval = put_user(euid, euidp);
  582. if (!retval)
  583. return put_user(suid, suidp);
  584. }
  585. return retval;
  586. }
  587. /*
  588. * Same as above, but for rgid, egid, sgid.
  589. */
  590. SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
  591. {
  592. struct user_namespace *ns = current_user_ns();
  593. const struct cred *old;
  594. struct cred *new;
  595. int retval;
  596. kgid_t krgid, kegid, ksgid;
  597. krgid = make_kgid(ns, rgid);
  598. kegid = make_kgid(ns, egid);
  599. ksgid = make_kgid(ns, sgid);
  600. if ((rgid != (gid_t) -1) && !gid_valid(krgid))
  601. return -EINVAL;
  602. if ((egid != (gid_t) -1) && !gid_valid(kegid))
  603. return -EINVAL;
  604. if ((sgid != (gid_t) -1) && !gid_valid(ksgid))
  605. return -EINVAL;
  606. new = prepare_creds();
  607. if (!new)
  608. return -ENOMEM;
  609. old = current_cred();
  610. retval = -EPERM;
  611. if (!ns_capable(old->user_ns, CAP_SETGID)) {
  612. if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) &&
  613. !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))
  614. goto error;
  615. if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) &&
  616. !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid))
  617. goto error;
  618. if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) &&
  619. !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid))
  620. goto error;
  621. }
  622. if (rgid != (gid_t) -1)
  623. new->gid = krgid;
  624. if (egid != (gid_t) -1)
  625. new->egid = kegid;
  626. if (sgid != (gid_t) -1)
  627. new->sgid = ksgid;
  628. new->fsgid = new->egid;
  629. return commit_creds(new);
  630. error:
  631. abort_creds(new);
  632. return retval;
  633. }
  634. SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp)
  635. {
  636. const struct cred *cred = current_cred();
  637. int retval;
  638. gid_t rgid, egid, sgid;
  639. rgid = from_kgid_munged(cred->user_ns, cred->gid);
  640. egid = from_kgid_munged(cred->user_ns, cred->egid);
  641. sgid = from_kgid_munged(cred->user_ns, cred->sgid);
  642. retval = put_user(rgid, rgidp);
  643. if (!retval) {
  644. retval = put_user(egid, egidp);
  645. if (!retval)
  646. retval = put_user(sgid, sgidp);
  647. }
  648. return retval;
  649. }
  650. /*
  651. * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
  652. * is used for "access()" and for the NFS daemon (letting nfsd stay at
  653. * whatever uid it wants to). It normally shadows "euid", except when
  654. * explicitly set by setfsuid() or for access..
  655. */
  656. SYSCALL_DEFINE1(setfsuid, uid_t, uid)
  657. {
  658. const struct cred *old;
  659. struct cred *new;
  660. uid_t old_fsuid;
  661. kuid_t kuid;
  662. old = current_cred();
  663. old_fsuid = from_kuid_munged(old->user_ns, old->fsuid);
  664. kuid = make_kuid(old->user_ns, uid);
  665. if (!uid_valid(kuid))
  666. return old_fsuid;
  667. new = prepare_creds();
  668. if (!new)
  669. return old_fsuid;
  670. if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) ||
  671. uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
  672. ns_capable(old->user_ns, CAP_SETUID)) {
  673. if (!uid_eq(kuid, old->fsuid)) {
  674. new->fsuid = kuid;
  675. if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
  676. goto change_okay;
  677. }
  678. }
  679. abort_creds(new);
  680. return old_fsuid;
  681. change_okay:
  682. commit_creds(new);
  683. return old_fsuid;
  684. }
  685. /*
  686. * Samma på svenska..
  687. */
  688. SYSCALL_DEFINE1(setfsgid, gid_t, gid)
  689. {
  690. const struct cred *old;
  691. struct cred *new;
  692. gid_t old_fsgid;
  693. kgid_t kgid;
  694. old = current_cred();
  695. old_fsgid = from_kgid_munged(old->user_ns, old->fsgid);
  696. kgid = make_kgid(old->user_ns, gid);
  697. if (!gid_valid(kgid))
  698. return old_fsgid;
  699. new = prepare_creds();
  700. if (!new)
  701. return old_fsgid;
  702. if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
  703. gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
  704. ns_capable(old->user_ns, CAP_SETGID)) {
  705. if (!gid_eq(kgid, old->fsgid)) {
  706. new->fsgid = kgid;
  707. goto change_okay;
  708. }
  709. }
  710. abort_creds(new);
  711. return old_fsgid;
  712. change_okay:
  713. commit_creds(new);
  714. return old_fsgid;
  715. }
  716. #endif /* CONFIG_MULTIUSER */
  717. /**
  718. * sys_getpid - return the thread group id of the current process
  719. *
  720. * Note, despite the name, this returns the tgid not the pid. The tgid and
  721. * the pid are identical unless CLONE_THREAD was specified on clone() in
  722. * which case the tgid is the same in all threads of the same group.
  723. *
  724. * This is SMP safe as current->tgid does not change.
  725. */
  726. SYSCALL_DEFINE0(getpid)
  727. {
  728. return task_tgid_vnr(current);
  729. }
  730. /* Thread ID - the internal kernel "pid" */
  731. SYSCALL_DEFINE0(gettid)
  732. {
  733. return task_pid_vnr(current);
  734. }
  735. /*
  736. * Accessing ->real_parent is not SMP-safe, it could
  737. * change from under us. However, we can use a stale
  738. * value of ->real_parent under rcu_read_lock(), see
  739. * release_task()->call_rcu(delayed_put_task_struct).
  740. */
  741. SYSCALL_DEFINE0(getppid)
  742. {
  743. int pid;
  744. rcu_read_lock();
  745. pid = task_tgid_vnr(rcu_dereference(current->real_parent));
  746. rcu_read_unlock();
  747. return pid;
  748. }
  749. SYSCALL_DEFINE0(getuid)
  750. {
  751. /* Only we change this so SMP safe */
  752. return from_kuid_munged(current_user_ns(), current_uid());
  753. }
  754. SYSCALL_DEFINE0(geteuid)
  755. {
  756. /* Only we change this so SMP safe */
  757. return from_kuid_munged(current_user_ns(), current_euid());
  758. }
  759. SYSCALL_DEFINE0(getgid)
  760. {
  761. /* Only we change this so SMP safe */
  762. return from_kgid_munged(current_user_ns(), current_gid());
  763. }
  764. SYSCALL_DEFINE0(getegid)
  765. {
  766. /* Only we change this so SMP safe */
  767. return from_kgid_munged(current_user_ns(), current_egid());
  768. }
  769. void do_sys_times(struct tms *tms)
  770. {
  771. cputime_t tgutime, tgstime, cutime, cstime;
  772. thread_group_cputime_adjusted(current, &tgutime, &tgstime);
  773. cutime = current->signal->cutime;
  774. cstime = current->signal->cstime;
  775. tms->tms_utime = cputime_to_clock_t(tgutime);
  776. tms->tms_stime = cputime_to_clock_t(tgstime);
  777. tms->tms_cutime = cputime_to_clock_t(cutime);
  778. tms->tms_cstime = cputime_to_clock_t(cstime);
  779. }
  780. SYSCALL_DEFINE1(times, struct tms __user *, tbuf)
  781. {
  782. if (tbuf) {
  783. struct tms tmp;
  784. do_sys_times(&tmp);
  785. if (copy_to_user(tbuf, &tmp, sizeof(struct tms)))
  786. return -EFAULT;
  787. }
  788. force_successful_syscall_return();
  789. return (long) jiffies_64_to_clock_t(get_jiffies_64());
  790. }
  791. /*
  792. * This needs some heavy checking ...
  793. * I just haven't the stomach for it. I also don't fully
  794. * understand sessions/pgrp etc. Let somebody who does explain it.
  795. *
  796. * OK, I think I have the protection semantics right.... this is really
  797. * only important on a multi-user system anyway, to make sure one user
  798. * can't send a signal to a process owned by another. -TYT, 12/12/91
  799. *
  800. * !PF_FORKNOEXEC check to conform completely to POSIX.
  801. */
  802. SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid)
  803. {
  804. struct task_struct *p;
  805. struct task_struct *group_leader = current->group_leader;
  806. struct pid *pgrp;
  807. int err;
  808. if (!pid)
  809. pid = task_pid_vnr(group_leader);
  810. if (!pgid)
  811. pgid = pid;
  812. if (pgid < 0)
  813. return -EINVAL;
  814. rcu_read_lock();
  815. /* From this point forward we keep holding onto the tasklist lock
  816. * so that our parent does not change from under us. -DaveM
  817. */
  818. write_lock_irq(&tasklist_lock);
  819. err = -ESRCH;
  820. p = find_task_by_vpid(pid);
  821. if (!p)
  822. goto out;
  823. err = -EINVAL;
  824. if (!thread_group_leader(p))
  825. goto out;
  826. if (same_thread_group(p->real_parent, group_leader)) {
  827. err = -EPERM;
  828. if (task_session(p) != task_session(group_leader))
  829. goto out;
  830. err = -EACCES;
  831. if (!(p->flags & PF_FORKNOEXEC))
  832. goto out;
  833. } else {
  834. err = -ESRCH;
  835. if (p != group_leader)
  836. goto out;
  837. }
  838. err = -EPERM;
  839. if (p->signal->leader)
  840. goto out;
  841. pgrp = task_pid(p);
  842. if (pgid != pid) {
  843. struct task_struct *g;
  844. pgrp = find_vpid(pgid);
  845. g = pid_task(pgrp, PIDTYPE_PGID);
  846. if (!g || task_session(g) != task_session(group_leader))
  847. goto out;
  848. }
  849. err = security_task_setpgid(p, pgid);
  850. if (err)
  851. goto out;
  852. if (task_pgrp(p) != pgrp)
  853. change_pid(p, PIDTYPE_PGID, pgrp);
  854. err = 0;
  855. out:
  856. /* All paths lead to here, thus we are safe. -DaveM */
  857. write_unlock_irq(&tasklist_lock);
  858. rcu_read_unlock();
  859. return err;
  860. }
  861. SYSCALL_DEFINE1(getpgid, pid_t, pid)
  862. {
  863. struct task_struct *p;
  864. struct pid *grp;
  865. int retval;
  866. rcu_read_lock();
  867. if (!pid)
  868. grp = task_pgrp(current);
  869. else {
  870. retval = -ESRCH;
  871. p = find_task_by_vpid(pid);
  872. if (!p)
  873. goto out;
  874. grp = task_pgrp(p);
  875. if (!grp)
  876. goto out;
  877. retval = security_task_getpgid(p);
  878. if (retval)
  879. goto out;
  880. }
  881. retval = pid_vnr(grp);
  882. out:
  883. rcu_read_unlock();
  884. return retval;
  885. }
  886. #ifdef __ARCH_WANT_SYS_GETPGRP
  887. SYSCALL_DEFINE0(getpgrp)
  888. {
  889. return sys_getpgid(0);
  890. }
  891. #endif
  892. SYSCALL_DEFINE1(getsid, pid_t, pid)
  893. {
  894. struct task_struct *p;
  895. struct pid *sid;
  896. int retval;
  897. rcu_read_lock();
  898. if (!pid)
  899. sid = task_session(current);
  900. else {
  901. retval = -ESRCH;
  902. p = find_task_by_vpid(pid);
  903. if (!p)
  904. goto out;
  905. sid = task_session(p);
  906. if (!sid)
  907. goto out;
  908. retval = security_task_getsid(p);
  909. if (retval)
  910. goto out;
  911. }
  912. retval = pid_vnr(sid);
  913. out:
  914. rcu_read_unlock();
  915. return retval;
  916. }
  917. static void set_special_pids(struct pid *pid)
  918. {
  919. struct task_struct *curr = current->group_leader;
  920. if (task_session(curr) != pid)
  921. change_pid(curr, PIDTYPE_SID, pid);
  922. if (task_pgrp(curr) != pid)
  923. change_pid(curr, PIDTYPE_PGID, pid);
  924. }
  925. SYSCALL_DEFINE0(setsid)
  926. {
  927. struct task_struct *group_leader = current->group_leader;
  928. struct pid *sid = task_pid(group_leader);
  929. pid_t session = pid_vnr(sid);
  930. int err = -EPERM;
  931. write_lock_irq(&tasklist_lock);
  932. /* Fail if I am already a session leader */
  933. if (group_leader->signal->leader)
  934. goto out;
  935. /* Fail if a process group id already exists that equals the
  936. * proposed session id.
  937. */
  938. if (pid_task(sid, PIDTYPE_PGID))
  939. goto out;
  940. group_leader->signal->leader = 1;
  941. set_special_pids(sid);
  942. proc_clear_tty(group_leader);
  943. err = session;
  944. out:
  945. write_unlock_irq(&tasklist_lock);
  946. if (err > 0) {
  947. proc_sid_connector(group_leader);
  948. sched_autogroup_create_attach(group_leader);
  949. }
  950. return err;
  951. }
  952. DECLARE_RWSEM(uts_sem);
  953. #ifdef COMPAT_UTS_MACHINE
  954. #define override_architecture(name) \
  955. (personality(current->personality) == PER_LINUX32 && \
  956. copy_to_user(name->machine, COMPAT_UTS_MACHINE, \
  957. sizeof(COMPAT_UTS_MACHINE)))
  958. #else
  959. #define override_architecture(name) 0
  960. #endif
  961. /*
  962. * Work around broken programs that cannot handle "Linux 3.0".
  963. * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
  964. * And we map 4.x to 2.6.60+x, so 4.0 would be 2.6.60.
  965. */
  966. static int override_release(char __user *release, size_t len)
  967. {
  968. int ret = 0;
  969. if (current->personality & UNAME26) {
  970. const char *rest = UTS_RELEASE;
  971. char buf[65] = { 0 };
  972. int ndots = 0;
  973. unsigned v;
  974. size_t copy;
  975. while (*rest) {
  976. if (*rest == '.' && ++ndots >= 3)
  977. break;
  978. if (!isdigit(*rest) && *rest != '.')
  979. break;
  980. rest++;
  981. }
  982. v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 60;
  983. copy = clamp_t(size_t, len, 1, sizeof(buf));
  984. copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
  985. ret = copy_to_user(release, buf, copy + 1);
  986. }
  987. return ret;
  988. }
  989. SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name)
  990. {
  991. int errno = 0;
  992. down_read(&uts_sem);
  993. if (copy_to_user(name, utsname(), sizeof *name))
  994. errno = -EFAULT;
  995. up_read(&uts_sem);
  996. if (!errno && override_release(name->release, sizeof(name->release)))
  997. errno = -EFAULT;
  998. if (!errno && override_architecture(name))
  999. errno = -EFAULT;
  1000. return errno;
  1001. }
  1002. #ifdef __ARCH_WANT_SYS_OLD_UNAME
  1003. /*
  1004. * Old cruft
  1005. */
  1006. SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
  1007. {
  1008. int error = 0;
  1009. if (!name)
  1010. return -EFAULT;
  1011. down_read(&uts_sem);
  1012. if (copy_to_user(name, utsname(), sizeof(*name)))
  1013. error = -EFAULT;
  1014. up_read(&uts_sem);
  1015. if (!error && override_release(name->release, sizeof(name->release)))
  1016. error = -EFAULT;
  1017. if (!error && override_architecture(name))
  1018. error = -EFAULT;
  1019. return error;
  1020. }
  1021. SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
  1022. {
  1023. int error;
  1024. if (!name)
  1025. return -EFAULT;
  1026. if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname)))
  1027. return -EFAULT;
  1028. down_read(&uts_sem);
  1029. error = __copy_to_user(&name->sysname, &utsname()->sysname,
  1030. __OLD_UTS_LEN);
  1031. error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
  1032. error |= __copy_to_user(&name->nodename, &utsname()->nodename,
  1033. __OLD_UTS_LEN);
  1034. error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
  1035. error |= __copy_to_user(&name->release, &utsname()->release,
  1036. __OLD_UTS_LEN);
  1037. error |= __put_user(0, name->release + __OLD_UTS_LEN);
  1038. error |= __copy_to_user(&name->version, &utsname()->version,
  1039. __OLD_UTS_LEN);
  1040. error |= __put_user(0, name->version + __OLD_UTS_LEN);
  1041. error |= __copy_to_user(&name->machine, &utsname()->machine,
  1042. __OLD_UTS_LEN);
  1043. error |= __put_user(0, name->machine + __OLD_UTS_LEN);
  1044. up_read(&uts_sem);
  1045. if (!error && override_architecture(name))
  1046. error = -EFAULT;
  1047. if (!error && override_release(name->release, sizeof(name->release)))
  1048. error = -EFAULT;
  1049. return error ? -EFAULT : 0;
  1050. }
  1051. #endif
  1052. SYSCALL_DEFINE2(sethostname, char __user *, name, int, len)
  1053. {
  1054. int errno;
  1055. char tmp[__NEW_UTS_LEN];
  1056. if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
  1057. return -EPERM;
  1058. if (len < 0 || len > __NEW_UTS_LEN)
  1059. return -EINVAL;
  1060. down_write(&uts_sem);
  1061. errno = -EFAULT;
  1062. if (!copy_from_user(tmp, name, len)) {
  1063. struct new_utsname *u = utsname();
  1064. memcpy(u->nodename, tmp, len);
  1065. memset(u->nodename + len, 0, sizeof(u->nodename) - len);
  1066. errno = 0;
  1067. uts_proc_notify(UTS_PROC_HOSTNAME);
  1068. }
  1069. up_write(&uts_sem);
  1070. return errno;
  1071. }
  1072. #ifdef __ARCH_WANT_SYS_GETHOSTNAME
  1073. SYSCALL_DEFINE2(gethostname, char __user *, name, int, len)
  1074. {
  1075. int i, errno;
  1076. struct new_utsname *u;
  1077. if (len < 0)
  1078. return -EINVAL;
  1079. down_read(&uts_sem);
  1080. u = utsname();
  1081. i = 1 + strlen(u->nodename);
  1082. if (i > len)
  1083. i = len;
  1084. errno = 0;
  1085. if (copy_to_user(name, u->nodename, i))
  1086. errno = -EFAULT;
  1087. up_read(&uts_sem);
  1088. return errno;
  1089. }
  1090. #endif
  1091. /*
  1092. * Only setdomainname; getdomainname can be implemented by calling
  1093. * uname()
  1094. */
  1095. SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len)
  1096. {
  1097. int errno;
  1098. char tmp[__NEW_UTS_LEN];
  1099. if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
  1100. return -EPERM;
  1101. if (len < 0 || len > __NEW_UTS_LEN)
  1102. return -EINVAL;
  1103. down_write(&uts_sem);
  1104. errno = -EFAULT;
  1105. if (!copy_from_user(tmp, name, len)) {
  1106. struct new_utsname *u = utsname();
  1107. memcpy(u->domainname, tmp, len);
  1108. memset(u->domainname + len, 0, sizeof(u->domainname) - len);
  1109. errno = 0;
  1110. uts_proc_notify(UTS_PROC_DOMAINNAME);
  1111. }
  1112. up_write(&uts_sem);
  1113. return errno;
  1114. }
  1115. SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim)
  1116. {
  1117. struct rlimit value;
  1118. int ret;
  1119. ret = do_prlimit(current, resource, NULL, &value);
  1120. if (!ret)
  1121. ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0;
  1122. return ret;
  1123. }
  1124. #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT
  1125. /*
  1126. * Back compatibility for getrlimit. Needed for some apps.
  1127. */
  1128. SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource,
  1129. struct rlimit __user *, rlim)
  1130. {
  1131. struct rlimit x;
  1132. if (resource >= RLIM_NLIMITS)
  1133. return -EINVAL;
  1134. task_lock(current->group_leader);
  1135. x = current->signal->rlim[resource];
  1136. task_unlock(current->group_leader);
  1137. if (x.rlim_cur > 0x7FFFFFFF)
  1138. x.rlim_cur = 0x7FFFFFFF;
  1139. if (x.rlim_max > 0x7FFFFFFF)
  1140. x.rlim_max = 0x7FFFFFFF;
  1141. return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0;
  1142. }
  1143. #endif
  1144. static inline bool rlim64_is_infinity(__u64 rlim64)
  1145. {
  1146. #if BITS_PER_LONG < 64
  1147. return rlim64 >= ULONG_MAX;
  1148. #else
  1149. return rlim64 == RLIM64_INFINITY;
  1150. #endif
  1151. }
  1152. static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64)
  1153. {
  1154. if (rlim->rlim_cur == RLIM_INFINITY)
  1155. rlim64->rlim_cur = RLIM64_INFINITY;
  1156. else
  1157. rlim64->rlim_cur = rlim->rlim_cur;
  1158. if (rlim->rlim_max == RLIM_INFINITY)
  1159. rlim64->rlim_max = RLIM64_INFINITY;
  1160. else
  1161. rlim64->rlim_max = rlim->rlim_max;
  1162. }
  1163. static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim)
  1164. {
  1165. if (rlim64_is_infinity(rlim64->rlim_cur))
  1166. rlim->rlim_cur = RLIM_INFINITY;
  1167. else
  1168. rlim->rlim_cur = (unsigned long)rlim64->rlim_cur;
  1169. if (rlim64_is_infinity(rlim64->rlim_max))
  1170. rlim->rlim_max = RLIM_INFINITY;
  1171. else
  1172. rlim->rlim_max = (unsigned long)rlim64->rlim_max;
  1173. }
  1174. /* make sure you are allowed to change @tsk limits before calling this */
  1175. int do_prlimit(struct task_struct *tsk, unsigned int resource,
  1176. struct rlimit *new_rlim, struct rlimit *old_rlim)
  1177. {
  1178. struct rlimit *rlim;
  1179. int retval = 0;
  1180. if (resource >= RLIM_NLIMITS)
  1181. return -EINVAL;
  1182. if (new_rlim) {
  1183. if (new_rlim->rlim_cur > new_rlim->rlim_max)
  1184. return -EINVAL;
  1185. if (resource == RLIMIT_NOFILE &&
  1186. new_rlim->rlim_max > sysctl_nr_open)
  1187. return -EPERM;
  1188. }
  1189. /* protect tsk->signal and tsk->sighand from disappearing */
  1190. read_lock(&tasklist_lock);
  1191. if (!tsk->sighand) {
  1192. retval = -ESRCH;
  1193. goto out;
  1194. }
  1195. rlim = tsk->signal->rlim + resource;
  1196. task_lock(tsk->group_leader);
  1197. if (new_rlim) {
  1198. /* Keep the capable check against init_user_ns until
  1199. cgroups can contain all limits */
  1200. if (new_rlim->rlim_max > rlim->rlim_max &&
  1201. !capable(CAP_SYS_RESOURCE))
  1202. retval = -EPERM;
  1203. if (!retval)
  1204. retval = security_task_setrlimit(tsk->group_leader,
  1205. resource, new_rlim);
  1206. if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
  1207. /*
  1208. * The caller is asking for an immediate RLIMIT_CPU
  1209. * expiry. But we use the zero value to mean "it was
  1210. * never set". So let's cheat and make it one second
  1211. * instead
  1212. */
  1213. new_rlim->rlim_cur = 1;
  1214. }
  1215. }
  1216. if (!retval) {
  1217. if (old_rlim)
  1218. *old_rlim = *rlim;
  1219. if (new_rlim)
  1220. *rlim = *new_rlim;
  1221. }
  1222. task_unlock(tsk->group_leader);
  1223. /*
  1224. * RLIMIT_CPU handling. Note that the kernel fails to return an error
  1225. * code if it rejected the user's attempt to set RLIMIT_CPU. This is a
  1226. * very long-standing error, and fixing it now risks breakage of
  1227. * applications, so we live with it
  1228. */
  1229. if (!retval && new_rlim && resource == RLIMIT_CPU &&
  1230. new_rlim->rlim_cur != RLIM_INFINITY)
  1231. update_rlimit_cpu(tsk, new_rlim->rlim_cur);
  1232. out:
  1233. read_unlock(&tasklist_lock);
  1234. return retval;
  1235. }
  1236. /* rcu lock must be held */
  1237. static int check_prlimit_permission(struct task_struct *task)
  1238. {
  1239. const struct cred *cred = current_cred(), *tcred;
  1240. if (current == task)
  1241. return 0;
  1242. tcred = __task_cred(task);
  1243. if (uid_eq(cred->uid, tcred->euid) &&
  1244. uid_eq(cred->uid, tcred->suid) &&
  1245. uid_eq(cred->uid, tcred->uid) &&
  1246. gid_eq(cred->gid, tcred->egid) &&
  1247. gid_eq(cred->gid, tcred->sgid) &&
  1248. gid_eq(cred->gid, tcred->gid))
  1249. return 0;
  1250. if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
  1251. return 0;
  1252. return -EPERM;
  1253. }
  1254. SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource,
  1255. const struct rlimit64 __user *, new_rlim,
  1256. struct rlimit64 __user *, old_rlim)
  1257. {
  1258. struct rlimit64 old64, new64;
  1259. struct rlimit old, new;
  1260. struct task_struct *tsk;
  1261. int ret;
  1262. if (new_rlim) {
  1263. if (copy_from_user(&new64, new_rlim, sizeof(new64)))
  1264. return -EFAULT;
  1265. rlim64_to_rlim(&new64, &new);
  1266. }
  1267. rcu_read_lock();
  1268. tsk = pid ? find_task_by_vpid(pid) : current;
  1269. if (!tsk) {
  1270. rcu_read_unlock();
  1271. return -ESRCH;
  1272. }
  1273. ret = check_prlimit_permission(tsk);
  1274. if (ret) {
  1275. rcu_read_unlock();
  1276. return ret;
  1277. }
  1278. get_task_struct(tsk);
  1279. rcu_read_unlock();
  1280. ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL,
  1281. old_rlim ? &old : NULL);
  1282. if (!ret && old_rlim) {
  1283. rlim_to_rlim64(&old, &old64);
  1284. if (copy_to_user(old_rlim, &old64, sizeof(old64)))
  1285. ret = -EFAULT;
  1286. }
  1287. put_task_struct(tsk);
  1288. return ret;
  1289. }
  1290. SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
  1291. {
  1292. struct rlimit new_rlim;
  1293. if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
  1294. return -EFAULT;
  1295. return do_prlimit(current, resource, &new_rlim, NULL);
  1296. }
  1297. /*
  1298. * It would make sense to put struct rusage in the task_struct,
  1299. * except that would make the task_struct be *really big*. After
  1300. * task_struct gets moved into malloc'ed memory, it would
  1301. * make sense to do this. It will make moving the rest of the information
  1302. * a lot simpler! (Which we're not doing right now because we're not
  1303. * measuring them yet).
  1304. *
  1305. * When sampling multiple threads for RUSAGE_SELF, under SMP we might have
  1306. * races with threads incrementing their own counters. But since word
  1307. * reads are atomic, we either get new values or old values and we don't
  1308. * care which for the sums. We always take the siglock to protect reading
  1309. * the c* fields from p->signal from races with exit.c updating those
  1310. * fields when reaping, so a sample either gets all the additions of a
  1311. * given child after it's reaped, or none so this sample is before reaping.
  1312. *
  1313. * Locking:
  1314. * We need to take the siglock for CHILDEREN, SELF and BOTH
  1315. * for the cases current multithreaded, non-current single threaded
  1316. * non-current multithreaded. Thread traversal is now safe with
  1317. * the siglock held.
  1318. * Strictly speaking, we donot need to take the siglock if we are current and
  1319. * single threaded, as no one else can take our signal_struct away, no one
  1320. * else can reap the children to update signal->c* counters, and no one else
  1321. * can race with the signal-> fields. If we do not take any lock, the
  1322. * signal-> fields could be read out of order while another thread was just
  1323. * exiting. So we should place a read memory barrier when we avoid the lock.
  1324. * On the writer side, write memory barrier is implied in __exit_signal
  1325. * as __exit_signal releases the siglock spinlock after updating the signal->
  1326. * fields. But we don't do this yet to keep things simple.
  1327. *
  1328. */
  1329. static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r)
  1330. {
  1331. r->ru_nvcsw += t->nvcsw;
  1332. r->ru_nivcsw += t->nivcsw;
  1333. r->ru_minflt += t->min_flt;
  1334. r->ru_majflt += t->maj_flt;
  1335. r->ru_inblock += task_io_get_inblock(t);
  1336. r->ru_oublock += task_io_get_oublock(t);
  1337. }
  1338. static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
  1339. {
  1340. struct task_struct *t;
  1341. unsigned long flags;
  1342. cputime_t tgutime, tgstime, utime, stime;
  1343. unsigned long maxrss = 0;
  1344. memset((char *)r, 0, sizeof (*r));
  1345. utime = stime = 0;
  1346. if (who == RUSAGE_THREAD) {
  1347. task_cputime_adjusted(current, &utime, &stime);
  1348. accumulate_thread_rusage(p, r);
  1349. maxrss = p->signal->maxrss;
  1350. goto out;
  1351. }
  1352. if (!lock_task_sighand(p, &flags))
  1353. return;
  1354. switch (who) {
  1355. case RUSAGE_BOTH:
  1356. case RUSAGE_CHILDREN:
  1357. utime = p->signal->cutime;
  1358. stime = p->signal->cstime;
  1359. r->ru_nvcsw = p->signal->cnvcsw;
  1360. r->ru_nivcsw = p->signal->cnivcsw;
  1361. r->ru_minflt = p->signal->cmin_flt;
  1362. r->ru_majflt = p->signal->cmaj_flt;
  1363. r->ru_inblock = p->signal->cinblock;
  1364. r->ru_oublock = p->signal->coublock;
  1365. maxrss = p->signal->cmaxrss;
  1366. if (who == RUSAGE_CHILDREN)
  1367. break;
  1368. case RUSAGE_SELF:
  1369. thread_group_cputime_adjusted(p, &tgutime, &tgstime);
  1370. utime += tgutime;
  1371. stime += tgstime;
  1372. r->ru_nvcsw += p->signal->nvcsw;
  1373. r->ru_nivcsw += p->signal->nivcsw;
  1374. r->ru_minflt += p->signal->min_flt;
  1375. r->ru_majflt += p->signal->maj_flt;
  1376. r->ru_inblock += p->signal->inblock;
  1377. r->ru_oublock += p->signal->oublock;
  1378. if (maxrss < p->signal->maxrss)
  1379. maxrss = p->signal->maxrss;
  1380. t = p;
  1381. do {
  1382. accumulate_thread_rusage(t, r);
  1383. } while_each_thread(p, t);
  1384. break;
  1385. default:
  1386. BUG();
  1387. }
  1388. unlock_task_sighand(p, &flags);
  1389. out:
  1390. cputime_to_timeval(utime, &r->ru_utime);
  1391. cputime_to_timeval(stime, &r->ru_stime);
  1392. if (who != RUSAGE_CHILDREN) {
  1393. struct mm_struct *mm = get_task_mm(p);
  1394. if (mm) {
  1395. setmax_mm_hiwater_rss(&maxrss, mm);
  1396. mmput(mm);
  1397. }
  1398. }
  1399. r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */
  1400. }
  1401. int getrusage(struct task_struct *p, int who, struct rusage __user *ru)
  1402. {
  1403. struct rusage r;
  1404. k_getrusage(p, who, &r);
  1405. return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0;
  1406. }
  1407. SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)
  1408. {
  1409. if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
  1410. who != RUSAGE_THREAD)
  1411. return -EINVAL;
  1412. return getrusage(current, who, ru);
  1413. }
  1414. #ifdef CONFIG_COMPAT
  1415. COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru)
  1416. {
  1417. struct rusage r;
  1418. if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
  1419. who != RUSAGE_THREAD)
  1420. return -EINVAL;
  1421. k_getrusage(current, who, &r);
  1422. return put_compat_rusage(&r, ru);
  1423. }
  1424. #endif
  1425. SYSCALL_DEFINE1(umask, int, mask)
  1426. {
  1427. mask = xchg(&current->fs->umask, mask & S_IRWXUGO);
  1428. return mask;
  1429. }
  1430. static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
  1431. {
  1432. struct fd exe;
  1433. struct file *old_exe, *exe_file;
  1434. struct inode *inode;
  1435. int err;
  1436. exe = fdget(fd);
  1437. if (!exe.file)
  1438. return -EBADF;
  1439. inode = file_inode(exe.file);
  1440. /*
  1441. * Because the original mm->exe_file points to executable file, make
  1442. * sure that this one is executable as well, to avoid breaking an
  1443. * overall picture.
  1444. */
  1445. err = -EACCES;
  1446. if (!S_ISREG(inode->i_mode) ||
  1447. exe.file->f_path.mnt->mnt_flags & MNT_NOEXEC)
  1448. goto exit;
  1449. err = inode_permission(inode, MAY_EXEC);
  1450. if (err)
  1451. goto exit;
  1452. /*
  1453. * Forbid mm->exe_file change if old file still mapped.
  1454. */
  1455. exe_file = get_mm_exe_file(mm);
  1456. err = -EBUSY;
  1457. if (exe_file) {
  1458. struct vm_area_struct *vma;
  1459. down_read(&mm->mmap_sem);
  1460. for (vma = mm->mmap; vma; vma = vma->vm_next) {
  1461. if (!vma->vm_file)
  1462. continue;
  1463. if (path_equal(&vma->vm_file->f_path,
  1464. &exe_file->f_path))
  1465. goto exit_err;
  1466. }
  1467. up_read(&mm->mmap_sem);
  1468. fput(exe_file);
  1469. }
  1470. /*
  1471. * The symlink can be changed only once, just to disallow arbitrary
  1472. * transitions malicious software might bring in. This means one
  1473. * could make a snapshot over all processes running and monitor
  1474. * /proc/pid/exe changes to notice unusual activity if needed.
  1475. */
  1476. err = -EPERM;
  1477. if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
  1478. goto exit;
  1479. err = 0;
  1480. /* set the new file, lockless */
  1481. get_file(exe.file);
  1482. old_exe = xchg(&mm->exe_file, exe.file);
  1483. if (old_exe)
  1484. fput(old_exe);
  1485. exit:
  1486. fdput(exe);
  1487. return err;
  1488. exit_err:
  1489. up_read(&mm->mmap_sem);
  1490. fput(exe_file);
  1491. goto exit;
  1492. }
  1493. /*
  1494. * WARNING: we don't require any capability here so be very careful
  1495. * in what is allowed for modification from userspace.
  1496. */
  1497. static int validate_prctl_map(struct prctl_mm_map *prctl_map)
  1498. {
  1499. unsigned long mmap_max_addr = TASK_SIZE;
  1500. struct mm_struct *mm = current->mm;
  1501. int error = -EINVAL, i;
  1502. static const unsigned char offsets[] = {
  1503. offsetof(struct prctl_mm_map, start_code),
  1504. offsetof(struct prctl_mm_map, end_code),
  1505. offsetof(struct prctl_mm_map, start_data),
  1506. offsetof(struct prctl_mm_map, end_data),
  1507. offsetof(struct prctl_mm_map, start_brk),
  1508. offsetof(struct prctl_mm_map, brk),
  1509. offsetof(struct prctl_mm_map, start_stack),
  1510. offsetof(struct prctl_mm_map, arg_start),
  1511. offsetof(struct prctl_mm_map, arg_end),
  1512. offsetof(struct prctl_mm_map, env_start),
  1513. offsetof(struct prctl_mm_map, env_end),
  1514. };
  1515. /*
  1516. * Make sure the members are not somewhere outside
  1517. * of allowed address space.
  1518. */
  1519. for (i = 0; i < ARRAY_SIZE(offsets); i++) {
  1520. u64 val = *(u64 *)((char *)prctl_map + offsets[i]);
  1521. if ((unsigned long)val >= mmap_max_addr ||
  1522. (unsigned long)val < mmap_min_addr)
  1523. goto out;
  1524. }
  1525. /*
  1526. * Make sure the pairs are ordered.
  1527. */
  1528. #define __prctl_check_order(__m1, __op, __m2) \
  1529. ((unsigned long)prctl_map->__m1 __op \
  1530. (unsigned long)prctl_map->__m2) ? 0 : -EINVAL
  1531. error = __prctl_check_order(start_code, <, end_code);
  1532. error |= __prctl_check_order(start_data, <, end_data);
  1533. error |= __prctl_check_order(start_brk, <=, brk);
  1534. error |= __prctl_check_order(arg_start, <=, arg_end);
  1535. error |= __prctl_check_order(env_start, <=, env_end);
  1536. if (error)
  1537. goto out;
  1538. #undef __prctl_check_order
  1539. error = -EINVAL;
  1540. /*
  1541. * @brk should be after @end_data in traditional maps.
  1542. */
  1543. if (prctl_map->start_brk <= prctl_map->end_data ||
  1544. prctl_map->brk <= prctl_map->end_data)
  1545. goto out;
  1546. /*
  1547. * Neither we should allow to override limits if they set.
  1548. */
  1549. if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk,
  1550. prctl_map->start_brk, prctl_map->end_data,
  1551. prctl_map->start_data))
  1552. goto out;
  1553. /*
  1554. * Someone is trying to cheat the auxv vector.
  1555. */
  1556. if (prctl_map->auxv_size) {
  1557. if (!prctl_map->auxv || prctl_map->auxv_size > sizeof(mm->saved_auxv))
  1558. goto out;
  1559. }
  1560. /*
  1561. * Finally, make sure the caller has the rights to
  1562. * change /proc/pid/exe link: only local root should
  1563. * be allowed to.
  1564. */
  1565. if (prctl_map->exe_fd != (u32)-1) {
  1566. struct user_namespace *ns = current_user_ns();
  1567. const struct cred *cred = current_cred();
  1568. if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
  1569. !gid_eq(cred->gid, make_kgid(ns, 0)))
  1570. goto out;
  1571. }
  1572. error = 0;
  1573. out:
  1574. return error;
  1575. }
  1576. #ifdef CONFIG_CHECKPOINT_RESTORE
  1577. static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size)
  1578. {
  1579. struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, };
  1580. unsigned long user_auxv[AT_VECTOR_SIZE];
  1581. struct mm_struct *mm = current->mm;
  1582. int error;
  1583. BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv));
  1584. BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256);
  1585. if (opt == PR_SET_MM_MAP_SIZE)
  1586. return put_user((unsigned int)sizeof(prctl_map),
  1587. (unsigned int __user *)addr);
  1588. if (data_size != sizeof(prctl_map))
  1589. return -EINVAL;
  1590. if (copy_from_user(&prctl_map, addr, sizeof(prctl_map)))
  1591. return -EFAULT;
  1592. error = validate_prctl_map(&prctl_map);
  1593. if (error)
  1594. return error;
  1595. if (prctl_map.auxv_size) {
  1596. memset(user_auxv, 0, sizeof(user_auxv));
  1597. if (copy_from_user(user_auxv,
  1598. (const void __user *)prctl_map.auxv,
  1599. prctl_map.auxv_size))
  1600. return -EFAULT;
  1601. /* Last entry must be AT_NULL as specification requires */
  1602. user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL;
  1603. user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
  1604. }
  1605. if (prctl_map.exe_fd != (u32)-1)
  1606. error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd);
  1607. down_read(&mm->mmap_sem);
  1608. if (error)
  1609. goto out;
  1610. /*
  1611. * We don't validate if these members are pointing to
  1612. * real present VMAs because application may have correspond
  1613. * VMAs already unmapped and kernel uses these members for statistics
  1614. * output in procfs mostly, except
  1615. *
  1616. * - @start_brk/@brk which are used in do_brk but kernel lookups
  1617. * for VMAs when updating these memvers so anything wrong written
  1618. * here cause kernel to swear at userspace program but won't lead
  1619. * to any problem in kernel itself
  1620. */
  1621. mm->start_code = prctl_map.start_code;
  1622. mm->end_code = prctl_map.end_code;
  1623. mm->start_data = prctl_map.start_data;
  1624. mm->end_data = prctl_map.end_data;
  1625. mm->start_brk = prctl_map.start_brk;
  1626. mm->brk = prctl_map.brk;
  1627. mm->start_stack = prctl_map.start_stack;
  1628. mm->arg_start = prctl_map.arg_start;
  1629. mm->arg_end = prctl_map.arg_end;
  1630. mm->env_start = prctl_map.env_start;
  1631. mm->env_end = prctl_map.env_end;
  1632. /*
  1633. * Note this update of @saved_auxv is lockless thus
  1634. * if someone reads this member in procfs while we're
  1635. * updating -- it may get partly updated results. It's
  1636. * known and acceptable trade off: we leave it as is to
  1637. * not introduce additional locks here making the kernel
  1638. * more complex.
  1639. */
  1640. if (prctl_map.auxv_size)
  1641. memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv));
  1642. error = 0;
  1643. out:
  1644. up_read(&mm->mmap_sem);
  1645. return error;
  1646. }
  1647. #endif /* CONFIG_CHECKPOINT_RESTORE */
  1648. static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
  1649. unsigned long len)
  1650. {
  1651. /*
  1652. * This doesn't move the auxiliary vector itself since it's pinned to
  1653. * mm_struct, but it permits filling the vector with new values. It's
  1654. * up to the caller to provide sane values here, otherwise userspace
  1655. * tools which use this vector might be unhappy.
  1656. */
  1657. unsigned long user_auxv[AT_VECTOR_SIZE];
  1658. if (len > sizeof(user_auxv))
  1659. return -EINVAL;
  1660. if (copy_from_user(user_auxv, (const void __user *)addr, len))
  1661. return -EFAULT;
  1662. /* Make sure the last entry is always AT_NULL */
  1663. user_auxv[AT_VECTOR_SIZE - 2] = 0;
  1664. user_auxv[AT_VECTOR_SIZE - 1] = 0;
  1665. BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv));
  1666. task_lock(current);
  1667. memcpy(mm->saved_auxv, user_auxv, len);
  1668. task_unlock(current);
  1669. return 0;
  1670. }
  1671. static int prctl_set_mm(int opt, unsigned long addr,
  1672. unsigned long arg4, unsigned long arg5)
  1673. {
  1674. struct mm_struct *mm = current->mm;
  1675. struct prctl_mm_map prctl_map;
  1676. struct vm_area_struct *vma;
  1677. int error;
  1678. if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV &&
  1679. opt != PR_SET_MM_MAP &&
  1680. opt != PR_SET_MM_MAP_SIZE)))
  1681. return -EINVAL;
  1682. #ifdef CONFIG_CHECKPOINT_RESTORE
  1683. if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE)
  1684. return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
  1685. #endif
  1686. if (!capable(CAP_SYS_RESOURCE))
  1687. return -EPERM;
  1688. if (opt == PR_SET_MM_EXE_FILE)
  1689. return prctl_set_mm_exe_file(mm, (unsigned int)addr);
  1690. if (opt == PR_SET_MM_AUXV)
  1691. return prctl_set_auxv(mm, addr, arg4);
  1692. if (addr >= TASK_SIZE || addr < mmap_min_addr)
  1693. return -EINVAL;
  1694. error = -EINVAL;
  1695. down_read(&mm->mmap_sem);
  1696. vma = find_vma(mm, addr);
  1697. prctl_map.start_code = mm->start_code;
  1698. prctl_map.end_code = mm->end_code;
  1699. prctl_map.start_data = mm->start_data;
  1700. prctl_map.end_data = mm->end_data;
  1701. prctl_map.start_brk = mm->start_brk;
  1702. prctl_map.brk = mm->brk;
  1703. prctl_map.start_stack = mm->start_stack;
  1704. prctl_map.arg_start = mm->arg_start;
  1705. prctl_map.arg_end = mm->arg_end;
  1706. prctl_map.env_start = mm->env_start;
  1707. prctl_map.env_end = mm->env_end;
  1708. prctl_map.auxv = NULL;
  1709. prctl_map.auxv_size = 0;
  1710. prctl_map.exe_fd = -1;
  1711. switch (opt) {
  1712. case PR_SET_MM_START_CODE:
  1713. prctl_map.start_code = addr;
  1714. break;
  1715. case PR_SET_MM_END_CODE:
  1716. prctl_map.end_code = addr;
  1717. break;
  1718. case PR_SET_MM_START_DATA:
  1719. prctl_map.start_data = addr;
  1720. break;
  1721. case PR_SET_MM_END_DATA:
  1722. prctl_map.end_data = addr;
  1723. break;
  1724. case PR_SET_MM_START_STACK:
  1725. prctl_map.start_stack = addr;
  1726. break;
  1727. case PR_SET_MM_START_BRK:
  1728. prctl_map.start_brk = addr;
  1729. break;
  1730. case PR_SET_MM_BRK:
  1731. prctl_map.brk = addr;
  1732. break;
  1733. case PR_SET_MM_ARG_START:
  1734. prctl_map.arg_start = addr;
  1735. break;
  1736. case PR_SET_MM_ARG_END:
  1737. prctl_map.arg_end = addr;
  1738. break;
  1739. case PR_SET_MM_ENV_START:
  1740. prctl_map.env_start = addr;
  1741. break;
  1742. case PR_SET_MM_ENV_END:
  1743. prctl_map.env_end = addr;
  1744. break;
  1745. default:
  1746. goto out;
  1747. }
  1748. error = validate_prctl_map(&prctl_map);
  1749. if (error)
  1750. goto out;
  1751. switch (opt) {
  1752. /*
  1753. * If command line arguments and environment
  1754. * are placed somewhere else on stack, we can
  1755. * set them up here, ARG_START/END to setup
  1756. * command line argumets and ENV_START/END
  1757. * for environment.
  1758. */
  1759. case PR_SET_MM_START_STACK:
  1760. case PR_SET_MM_ARG_START:
  1761. case PR_SET_MM_ARG_END:
  1762. case PR_SET_MM_ENV_START:
  1763. case PR_SET_MM_ENV_END:
  1764. if (!vma) {
  1765. error = -EFAULT;
  1766. goto out;
  1767. }
  1768. }
  1769. mm->start_code = prctl_map.start_code;
  1770. mm->end_code = prctl_map.end_code;
  1771. mm->start_data = prctl_map.start_data;
  1772. mm->end_data = prctl_map.end_data;
  1773. mm->start_brk = prctl_map.start_brk;
  1774. mm->brk = prctl_map.brk;
  1775. mm->start_stack = prctl_map.start_stack;
  1776. mm->arg_start = prctl_map.arg_start;
  1777. mm->arg_end = prctl_map.arg_end;
  1778. mm->env_start = prctl_map.env_start;
  1779. mm->env_end = prctl_map.env_end;
  1780. error = 0;
  1781. out:
  1782. up_read(&mm->mmap_sem);
  1783. return error;
  1784. }
  1785. #ifdef CONFIG_CHECKPOINT_RESTORE
  1786. static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
  1787. {
  1788. return put_user(me->clear_child_tid, tid_addr);
  1789. }
  1790. #else
  1791. static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
  1792. {
  1793. return -EINVAL;
  1794. }
  1795. #endif
  1796. SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
  1797. unsigned long, arg4, unsigned long, arg5)
  1798. {
  1799. struct task_struct *me = current;
  1800. unsigned char comm[sizeof(me->comm)];
  1801. long error;
  1802. error = security_task_prctl(option, arg2, arg3, arg4, arg5);
  1803. if (error != -ENOSYS)
  1804. return error;
  1805. error = 0;
  1806. switch (option) {
  1807. case PR_SET_PDEATHSIG:
  1808. if (!valid_signal(arg2)) {
  1809. error = -EINVAL;
  1810. break;
  1811. }
  1812. me->pdeath_signal = arg2;
  1813. break;
  1814. case PR_GET_PDEATHSIG:
  1815. error = put_user(me->pdeath_signal, (int __user *)arg2);
  1816. break;
  1817. case PR_GET_DUMPABLE:
  1818. error = get_dumpable(me->mm);
  1819. break;
  1820. case PR_SET_DUMPABLE:
  1821. if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) {
  1822. error = -EINVAL;
  1823. break;
  1824. }
  1825. set_dumpable(me->mm, arg2);
  1826. break;
  1827. case PR_SET_UNALIGN:
  1828. error = SET_UNALIGN_CTL(me, arg2);
  1829. break;
  1830. case PR_GET_UNALIGN:
  1831. error = GET_UNALIGN_CTL(me, arg2);
  1832. break;
  1833. case PR_SET_FPEMU:
  1834. error = SET_FPEMU_CTL(me, arg2);
  1835. break;
  1836. case PR_GET_FPEMU:
  1837. error = GET_FPEMU_CTL(me, arg2);
  1838. break;
  1839. case PR_SET_FPEXC:
  1840. error = SET_FPEXC_CTL(me, arg2);
  1841. break;
  1842. case PR_GET_FPEXC:
  1843. error = GET_FPEXC_CTL(me, arg2);
  1844. break;
  1845. case PR_GET_TIMING:
  1846. error = PR_TIMING_STATISTICAL;
  1847. break;
  1848. case PR_SET_TIMING:
  1849. if (arg2 != PR_TIMING_STATISTICAL)
  1850. error = -EINVAL;
  1851. break;
  1852. case PR_SET_NAME:
  1853. comm[sizeof(me->comm) - 1] = 0;
  1854. if (strncpy_from_user(comm, (char __user *)arg2,
  1855. sizeof(me->comm) - 1) < 0)
  1856. return -EFAULT;
  1857. set_task_comm(me, comm);
  1858. proc_comm_connector(me);
  1859. break;
  1860. case PR_GET_NAME:
  1861. get_task_comm(comm, me);
  1862. if (copy_to_user((char __user *)arg2, comm, sizeof(comm)))
  1863. return -EFAULT;
  1864. break;
  1865. case PR_GET_ENDIAN:
  1866. error = GET_ENDIAN(me, arg2);
  1867. break;
  1868. case PR_SET_ENDIAN:
  1869. error = SET_ENDIAN(me, arg2);
  1870. break;
  1871. case PR_GET_SECCOMP:
  1872. error = prctl_get_seccomp();
  1873. break;
  1874. case PR_SET_SECCOMP:
  1875. error = prctl_set_seccomp(arg2, (char __user *)arg3);
  1876. break;
  1877. case PR_GET_TSC:
  1878. error = GET_TSC_CTL(arg2);
  1879. break;
  1880. case PR_SET_TSC:
  1881. error = SET_TSC_CTL(arg2);
  1882. break;
  1883. case PR_TASK_PERF_EVENTS_DISABLE:
  1884. error = perf_event_task_disable();
  1885. break;
  1886. case PR_TASK_PERF_EVENTS_ENABLE:
  1887. error = perf_event_task_enable();
  1888. break;
  1889. case PR_GET_TIMERSLACK:
  1890. error = current->timer_slack_ns;
  1891. break;
  1892. case PR_SET_TIMERSLACK:
  1893. if (arg2 <= 0)
  1894. current->timer_slack_ns =
  1895. current->default_timer_slack_ns;
  1896. else
  1897. current->timer_slack_ns = arg2;
  1898. break;
  1899. case PR_MCE_KILL:
  1900. if (arg4 | arg5)
  1901. return -EINVAL;
  1902. switch (arg2) {
  1903. case PR_MCE_KILL_CLEAR:
  1904. if (arg3 != 0)
  1905. return -EINVAL;
  1906. current->flags &= ~PF_MCE_PROCESS;
  1907. break;
  1908. case PR_MCE_KILL_SET:
  1909. current->flags |= PF_MCE_PROCESS;
  1910. if (arg3 == PR_MCE_KILL_EARLY)
  1911. current->flags |= PF_MCE_EARLY;
  1912. else if (arg3 == PR_MCE_KILL_LATE)
  1913. current->flags &= ~PF_MCE_EARLY;
  1914. else if (arg3 == PR_MCE_KILL_DEFAULT)
  1915. current->flags &=
  1916. ~(PF_MCE_EARLY|PF_MCE_PROCESS);
  1917. else
  1918. return -EINVAL;
  1919. break;
  1920. default:
  1921. return -EINVAL;
  1922. }
  1923. break;
  1924. case PR_MCE_KILL_GET:
  1925. if (arg2 | arg3 | arg4 | arg5)
  1926. return -EINVAL;
  1927. if (current->flags & PF_MCE_PROCESS)
  1928. error = (current->flags & PF_MCE_EARLY) ?
  1929. PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE;
  1930. else
  1931. error = PR_MCE_KILL_DEFAULT;
  1932. break;
  1933. case PR_SET_MM:
  1934. error = prctl_set_mm(arg2, arg3, arg4, arg5);
  1935. break;
  1936. case PR_GET_TID_ADDRESS:
  1937. error = prctl_get_tid_address(me, (int __user **)arg2);
  1938. break;
  1939. case PR_SET_CHILD_SUBREAPER:
  1940. me->signal->is_child_subreaper = !!arg2;
  1941. break;
  1942. case PR_GET_CHILD_SUBREAPER:
  1943. error = put_user(me->signal->is_child_subreaper,
  1944. (int __user *)arg2);
  1945. break;
  1946. case PR_SET_NO_NEW_PRIVS:
  1947. if (arg2 != 1 || arg3 || arg4 || arg5)
  1948. return -EINVAL;
  1949. task_set_no_new_privs(current);
  1950. break;
  1951. case PR_GET_NO_NEW_PRIVS:
  1952. if (arg2 || arg3 || arg4 || arg5)
  1953. return -EINVAL;
  1954. return task_no_new_privs(current) ? 1 : 0;
  1955. case PR_GET_THP_DISABLE:
  1956. if (arg2 || arg3 || arg4 || arg5)
  1957. return -EINVAL;
  1958. error = !!(me->mm->def_flags & VM_NOHUGEPAGE);
  1959. break;
  1960. case PR_SET_THP_DISABLE:
  1961. if (arg3 || arg4 || arg5)
  1962. return -EINVAL;
  1963. down_write(&me->mm->mmap_sem);
  1964. if (arg2)
  1965. me->mm->def_flags |= VM_NOHUGEPAGE;
  1966. else
  1967. me->mm->def_flags &= ~VM_NOHUGEPAGE;
  1968. up_write(&me->mm->mmap_sem);
  1969. break;
  1970. case PR_MPX_ENABLE_MANAGEMENT:
  1971. if (arg2 || arg3 || arg4 || arg5)
  1972. return -EINVAL;
  1973. error = MPX_ENABLE_MANAGEMENT();
  1974. break;
  1975. case PR_MPX_DISABLE_MANAGEMENT:
  1976. if (arg2 || arg3 || arg4 || arg5)
  1977. return -EINVAL;
  1978. error = MPX_DISABLE_MANAGEMENT();
  1979. break;
  1980. case PR_SET_FP_MODE:
  1981. error = SET_FP_MODE(me, arg2);
  1982. break;
  1983. case PR_GET_FP_MODE:
  1984. error = GET_FP_MODE(me);
  1985. break;
  1986. default:
  1987. error = -EINVAL;
  1988. break;
  1989. }
  1990. return error;
  1991. }
  1992. SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep,
  1993. struct getcpu_cache __user *, unused)
  1994. {
  1995. int err = 0;
  1996. int cpu = raw_smp_processor_id();
  1997. if (cpup)
  1998. err |= put_user(cpu, cpup);
  1999. if (nodep)
  2000. err |= put_user(cpu_to_node(cpu), nodep);
  2001. return err ? -EFAULT : 0;
  2002. }
  2003. /**
  2004. * do_sysinfo - fill in sysinfo struct
  2005. * @info: pointer to buffer to fill
  2006. */
  2007. static int do_sysinfo(struct sysinfo *info)
  2008. {
  2009. unsigned long mem_total, sav_total;
  2010. unsigned int mem_unit, bitcount;
  2011. struct timespec tp;
  2012. memset(info, 0, sizeof(struct sysinfo));
  2013. get_monotonic_boottime(&tp);
  2014. info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0);
  2015. get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT);
  2016. info->procs = nr_threads;
  2017. si_meminfo(info);
  2018. si_swapinfo(info);
  2019. /*
  2020. * If the sum of all the available memory (i.e. ram + swap)
  2021. * is less than can be stored in a 32 bit unsigned long then
  2022. * we can be binary compatible with 2.2.x kernels. If not,
  2023. * well, in that case 2.2.x was broken anyways...
  2024. *
  2025. * -Erik Andersen <andersee@debian.org>
  2026. */
  2027. mem_total = info->totalram + info->totalswap;
  2028. if (mem_total < info->totalram || mem_total < info->totalswap)
  2029. goto out;
  2030. bitcount = 0;
  2031. mem_unit = info->mem_unit;
  2032. while (mem_unit > 1) {
  2033. bitcount++;
  2034. mem_unit >>= 1;
  2035. sav_total = mem_total;
  2036. mem_total <<= 1;
  2037. if (mem_total < sav_total)
  2038. goto out;
  2039. }
  2040. /*
  2041. * If mem_total did not overflow, multiply all memory values by
  2042. * info->mem_unit and set it to 1. This leaves things compatible
  2043. * with 2.2.x, and also retains compatibility with earlier 2.4.x
  2044. * kernels...
  2045. */
  2046. info->mem_unit = 1;
  2047. info->totalram <<= bitcount;
  2048. info->freeram <<= bitcount;
  2049. info->sharedram <<= bitcount;
  2050. info->bufferram <<= bitcount;
  2051. info->totalswap <<= bitcount;
  2052. info->freeswap <<= bitcount;
  2053. info->totalhigh <<= bitcount;
  2054. info->freehigh <<= bitcount;
  2055. out:
  2056. return 0;
  2057. }
  2058. SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info)
  2059. {
  2060. struct sysinfo val;
  2061. do_sysinfo(&val);
  2062. if (copy_to_user(info, &val, sizeof(struct sysinfo)))
  2063. return -EFAULT;
  2064. return 0;
  2065. }
  2066. #ifdef CONFIG_COMPAT
  2067. struct compat_sysinfo {
  2068. s32 uptime;
  2069. u32 loads[3];
  2070. u32 totalram;
  2071. u32 freeram;
  2072. u32 sharedram;
  2073. u32 bufferram;
  2074. u32 totalswap;
  2075. u32 freeswap;
  2076. u16 procs;
  2077. u16 pad;
  2078. u32 totalhigh;
  2079. u32 freehigh;
  2080. u32 mem_unit;
  2081. char _f[20-2*sizeof(u32)-sizeof(int)];
  2082. };
  2083. COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info)
  2084. {
  2085. struct sysinfo s;
  2086. do_sysinfo(&s);
  2087. /* Check to see if any memory value is too large for 32-bit and scale
  2088. * down if needed
  2089. */
  2090. if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) {
  2091. int bitcount = 0;
  2092. while (s.mem_unit < PAGE_SIZE) {
  2093. s.mem_unit <<= 1;
  2094. bitcount++;
  2095. }
  2096. s.totalram >>= bitcount;
  2097. s.freeram >>= bitcount;
  2098. s.sharedram >>= bitcount;
  2099. s.bufferram >>= bitcount;
  2100. s.totalswap >>= bitcount;
  2101. s.freeswap >>= bitcount;
  2102. s.totalhigh >>= bitcount;
  2103. s.freehigh >>= bitcount;
  2104. }
  2105. if (!access_ok(VERIFY_WRITE, info, sizeof(struct compat_sysinfo)) ||
  2106. __put_user(s.uptime, &info->uptime) ||
  2107. __put_user(s.loads[0], &info->loads[0]) ||
  2108. __put_user(s.loads[1], &info->loads[1]) ||
  2109. __put_user(s.loads[2], &info->loads[2]) ||
  2110. __put_user(s.totalram, &info->totalram) ||
  2111. __put_user(s.freeram, &info->freeram) ||
  2112. __put_user(s.sharedram, &info->sharedram) ||
  2113. __put_user(s.bufferram, &info->bufferram) ||
  2114. __put_user(s.totalswap, &info->totalswap) ||
  2115. __put_user(s.freeswap, &info->freeswap) ||
  2116. __put_user(s.procs, &info->procs) ||
  2117. __put_user(s.totalhigh, &info->totalhigh) ||
  2118. __put_user(s.freehigh, &info->freehigh) ||
  2119. __put_user(s.mem_unit, &info->mem_unit))
  2120. return -EFAULT;
  2121. return 0;
  2122. }
  2123. #endif /* CONFIG_COMPAT */