sys.c 58 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460
  1. /*
  2. * linux/kernel/sys.c
  3. *
  4. * Copyright (C) 1991, 1992 Linus Torvalds
  5. */
  6. #include <linux/export.h>
  7. #include <linux/mm.h>
  8. #include <linux/utsname.h>
  9. #include <linux/mman.h>
  10. #include <linux/reboot.h>
  11. #include <linux/prctl.h>
  12. #include <linux/highuid.h>
  13. #include <linux/fs.h>
  14. #include <linux/kmod.h>
  15. #include <linux/perf_event.h>
  16. #include <linux/resource.h>
  17. #include <linux/kernel.h>
  18. #include <linux/workqueue.h>
  19. #include <linux/capability.h>
  20. #include <linux/device.h>
  21. #include <linux/key.h>
  22. #include <linux/times.h>
  23. #include <linux/posix-timers.h>
  24. #include <linux/security.h>
  25. #include <linux/dcookies.h>
  26. #include <linux/suspend.h>
  27. #include <linux/tty.h>
  28. #include <linux/signal.h>
  29. #include <linux/cn_proc.h>
  30. #include <linux/getcpu.h>
  31. #include <linux/task_io_accounting_ops.h>
  32. #include <linux/seccomp.h>
  33. #include <linux/cpu.h>
  34. #include <linux/personality.h>
  35. #include <linux/ptrace.h>
  36. #include <linux/fs_struct.h>
  37. #include <linux/file.h>
  38. #include <linux/mount.h>
  39. #include <linux/gfp.h>
  40. #include <linux/syscore_ops.h>
  41. #include <linux/version.h>
  42. #include <linux/ctype.h>
  43. #include <linux/compat.h>
  44. #include <linux/syscalls.h>
  45. #include <linux/kprobes.h>
  46. #include <linux/user_namespace.h>
  47. #include <linux/binfmts.h>
  48. #include <linux/sched.h>
  49. #include <linux/sched/autogroup.h>
  50. #include <linux/sched/loadavg.h>
  51. #include <linux/sched/stat.h>
  52. #include <linux/sched/mm.h>
  53. #include <linux/sched/coredump.h>
  54. #include <linux/sched/task.h>
  55. #include <linux/sched/cputime.h>
  56. #include <linux/rcupdate.h>
  57. #include <linux/uidgid.h>
  58. #include <linux/cred.h>
  59. #include <linux/kmsg_dump.h>
  60. /* Move somewhere else to avoid recompiling? */
  61. #include <generated/utsrelease.h>
  62. #include <linux/uaccess.h>
  63. #include <asm/io.h>
  64. #include <asm/unistd.h>
  65. #ifndef SET_UNALIGN_CTL
  66. # define SET_UNALIGN_CTL(a, b) (-EINVAL)
  67. #endif
  68. #ifndef GET_UNALIGN_CTL
  69. # define GET_UNALIGN_CTL(a, b) (-EINVAL)
  70. #endif
  71. #ifndef SET_FPEMU_CTL
  72. # define SET_FPEMU_CTL(a, b) (-EINVAL)
  73. #endif
  74. #ifndef GET_FPEMU_CTL
  75. # define GET_FPEMU_CTL(a, b) (-EINVAL)
  76. #endif
  77. #ifndef SET_FPEXC_CTL
  78. # define SET_FPEXC_CTL(a, b) (-EINVAL)
  79. #endif
  80. #ifndef GET_FPEXC_CTL
  81. # define GET_FPEXC_CTL(a, b) (-EINVAL)
  82. #endif
  83. #ifndef GET_ENDIAN
  84. # define GET_ENDIAN(a, b) (-EINVAL)
  85. #endif
  86. #ifndef SET_ENDIAN
  87. # define SET_ENDIAN(a, b) (-EINVAL)
  88. #endif
  89. #ifndef GET_TSC_CTL
  90. # define GET_TSC_CTL(a) (-EINVAL)
  91. #endif
  92. #ifndef SET_TSC_CTL
  93. # define SET_TSC_CTL(a) (-EINVAL)
  94. #endif
  95. #ifndef MPX_ENABLE_MANAGEMENT
  96. # define MPX_ENABLE_MANAGEMENT() (-EINVAL)
  97. #endif
  98. #ifndef MPX_DISABLE_MANAGEMENT
  99. # define MPX_DISABLE_MANAGEMENT() (-EINVAL)
  100. #endif
  101. #ifndef GET_FP_MODE
  102. # define GET_FP_MODE(a) (-EINVAL)
  103. #endif
  104. #ifndef SET_FP_MODE
  105. # define SET_FP_MODE(a,b) (-EINVAL)
  106. #endif
  107. /*
  108. * this is where the system-wide overflow UID and GID are defined, for
  109. * architectures that now have 32-bit UID/GID but didn't in the past
  110. */
  111. int overflowuid = DEFAULT_OVERFLOWUID;
  112. int overflowgid = DEFAULT_OVERFLOWGID;
  113. EXPORT_SYMBOL(overflowuid);
  114. EXPORT_SYMBOL(overflowgid);
  115. /*
  116. * the same as above, but for filesystems which can only store a 16-bit
  117. * UID and GID. as such, this is needed on all architectures
  118. */
  119. int fs_overflowuid = DEFAULT_FS_OVERFLOWUID;
  120. int fs_overflowgid = DEFAULT_FS_OVERFLOWUID;
  121. EXPORT_SYMBOL(fs_overflowuid);
  122. EXPORT_SYMBOL(fs_overflowgid);
  123. /*
  124. * Returns true if current's euid is same as p's uid or euid,
  125. * or has CAP_SYS_NICE to p's user_ns.
  126. *
  127. * Called with rcu_read_lock, creds are safe
  128. */
  129. static bool set_one_prio_perm(struct task_struct *p)
  130. {
  131. const struct cred *cred = current_cred(), *pcred = __task_cred(p);
  132. if (uid_eq(pcred->uid, cred->euid) ||
  133. uid_eq(pcred->euid, cred->euid))
  134. return true;
  135. if (ns_capable(pcred->user_ns, CAP_SYS_NICE))
  136. return true;
  137. return false;
  138. }
  139. /*
  140. * set the priority of a task
  141. * - the caller must hold the RCU read lock
  142. */
  143. static int set_one_prio(struct task_struct *p, int niceval, int error)
  144. {
  145. int no_nice;
  146. if (!set_one_prio_perm(p)) {
  147. error = -EPERM;
  148. goto out;
  149. }
  150. if (niceval < task_nice(p) && !can_nice(p, niceval)) {
  151. error = -EACCES;
  152. goto out;
  153. }
  154. no_nice = security_task_setnice(p, niceval);
  155. if (no_nice) {
  156. error = no_nice;
  157. goto out;
  158. }
  159. if (error == -ESRCH)
  160. error = 0;
  161. set_user_nice(p, niceval);
  162. out:
  163. return error;
  164. }
  165. SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval)
  166. {
  167. struct task_struct *g, *p;
  168. struct user_struct *user;
  169. const struct cred *cred = current_cred();
  170. int error = -EINVAL;
  171. struct pid *pgrp;
  172. kuid_t uid;
  173. if (which > PRIO_USER || which < PRIO_PROCESS)
  174. goto out;
  175. /* normalize: avoid signed division (rounding problems) */
  176. error = -ESRCH;
  177. if (niceval < MIN_NICE)
  178. niceval = MIN_NICE;
  179. if (niceval > MAX_NICE)
  180. niceval = MAX_NICE;
  181. rcu_read_lock();
  182. read_lock(&tasklist_lock);
  183. switch (which) {
  184. case PRIO_PROCESS:
  185. if (who)
  186. p = find_task_by_vpid(who);
  187. else
  188. p = current;
  189. if (p)
  190. error = set_one_prio(p, niceval, error);
  191. break;
  192. case PRIO_PGRP:
  193. if (who)
  194. pgrp = find_vpid(who);
  195. else
  196. pgrp = task_pgrp(current);
  197. do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
  198. error = set_one_prio(p, niceval, error);
  199. } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
  200. break;
  201. case PRIO_USER:
  202. uid = make_kuid(cred->user_ns, who);
  203. user = cred->user;
  204. if (!who)
  205. uid = cred->uid;
  206. else if (!uid_eq(uid, cred->uid)) {
  207. user = find_user(uid);
  208. if (!user)
  209. goto out_unlock; /* No processes for this user */
  210. }
  211. do_each_thread(g, p) {
  212. if (uid_eq(task_uid(p), uid) && task_pid_vnr(p))
  213. error = set_one_prio(p, niceval, error);
  214. } while_each_thread(g, p);
  215. if (!uid_eq(uid, cred->uid))
  216. free_uid(user); /* For find_user() */
  217. break;
  218. }
  219. out_unlock:
  220. read_unlock(&tasklist_lock);
  221. rcu_read_unlock();
  222. out:
  223. return error;
  224. }
  225. /*
  226. * Ugh. To avoid negative return values, "getpriority()" will
  227. * not return the normal nice-value, but a negated value that
  228. * has been offset by 20 (ie it returns 40..1 instead of -20..19)
  229. * to stay compatible.
  230. */
  231. SYSCALL_DEFINE2(getpriority, int, which, int, who)
  232. {
  233. struct task_struct *g, *p;
  234. struct user_struct *user;
  235. const struct cred *cred = current_cred();
  236. long niceval, retval = -ESRCH;
  237. struct pid *pgrp;
  238. kuid_t uid;
  239. if (which > PRIO_USER || which < PRIO_PROCESS)
  240. return -EINVAL;
  241. rcu_read_lock();
  242. read_lock(&tasklist_lock);
  243. switch (which) {
  244. case PRIO_PROCESS:
  245. if (who)
  246. p = find_task_by_vpid(who);
  247. else
  248. p = current;
  249. if (p) {
  250. niceval = nice_to_rlimit(task_nice(p));
  251. if (niceval > retval)
  252. retval = niceval;
  253. }
  254. break;
  255. case PRIO_PGRP:
  256. if (who)
  257. pgrp = find_vpid(who);
  258. else
  259. pgrp = task_pgrp(current);
  260. do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
  261. niceval = nice_to_rlimit(task_nice(p));
  262. if (niceval > retval)
  263. retval = niceval;
  264. } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
  265. break;
  266. case PRIO_USER:
  267. uid = make_kuid(cred->user_ns, who);
  268. user = cred->user;
  269. if (!who)
  270. uid = cred->uid;
  271. else if (!uid_eq(uid, cred->uid)) {
  272. user = find_user(uid);
  273. if (!user)
  274. goto out_unlock; /* No processes for this user */
  275. }
  276. do_each_thread(g, p) {
  277. if (uid_eq(task_uid(p), uid) && task_pid_vnr(p)) {
  278. niceval = nice_to_rlimit(task_nice(p));
  279. if (niceval > retval)
  280. retval = niceval;
  281. }
  282. } while_each_thread(g, p);
  283. if (!uid_eq(uid, cred->uid))
  284. free_uid(user); /* for find_user() */
  285. break;
  286. }
  287. out_unlock:
  288. read_unlock(&tasklist_lock);
  289. rcu_read_unlock();
  290. return retval;
  291. }
  292. /*
  293. * Unprivileged users may change the real gid to the effective gid
  294. * or vice versa. (BSD-style)
  295. *
  296. * If you set the real gid at all, or set the effective gid to a value not
  297. * equal to the real gid, then the saved gid is set to the new effective gid.
  298. *
  299. * This makes it possible for a setgid program to completely drop its
  300. * privileges, which is often a useful assertion to make when you are doing
  301. * a security audit over a program.
  302. *
  303. * The general idea is that a program which uses just setregid() will be
  304. * 100% compatible with BSD. A program which uses just setgid() will be
  305. * 100% compatible with POSIX with saved IDs.
  306. *
  307. * SMP: There are not races, the GIDs are checked only by filesystem
  308. * operations (as far as semantic preservation is concerned).
  309. */
  310. #ifdef CONFIG_MULTIUSER
  311. SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
  312. {
  313. struct user_namespace *ns = current_user_ns();
  314. const struct cred *old;
  315. struct cred *new;
  316. int retval;
  317. kgid_t krgid, kegid;
  318. krgid = make_kgid(ns, rgid);
  319. kegid = make_kgid(ns, egid);
  320. if ((rgid != (gid_t) -1) && !gid_valid(krgid))
  321. return -EINVAL;
  322. if ((egid != (gid_t) -1) && !gid_valid(kegid))
  323. return -EINVAL;
  324. new = prepare_creds();
  325. if (!new)
  326. return -ENOMEM;
  327. old = current_cred();
  328. retval = -EPERM;
  329. if (rgid != (gid_t) -1) {
  330. if (gid_eq(old->gid, krgid) ||
  331. gid_eq(old->egid, krgid) ||
  332. ns_capable(old->user_ns, CAP_SETGID))
  333. new->gid = krgid;
  334. else
  335. goto error;
  336. }
  337. if (egid != (gid_t) -1) {
  338. if (gid_eq(old->gid, kegid) ||
  339. gid_eq(old->egid, kegid) ||
  340. gid_eq(old->sgid, kegid) ||
  341. ns_capable(old->user_ns, CAP_SETGID))
  342. new->egid = kegid;
  343. else
  344. goto error;
  345. }
  346. if (rgid != (gid_t) -1 ||
  347. (egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
  348. new->sgid = new->egid;
  349. new->fsgid = new->egid;
  350. return commit_creds(new);
  351. error:
  352. abort_creds(new);
  353. return retval;
  354. }
  355. /*
  356. * setgid() is implemented like SysV w/ SAVED_IDS
  357. *
  358. * SMP: Same implicit races as above.
  359. */
  360. SYSCALL_DEFINE1(setgid, gid_t, gid)
  361. {
  362. struct user_namespace *ns = current_user_ns();
  363. const struct cred *old;
  364. struct cred *new;
  365. int retval;
  366. kgid_t kgid;
  367. kgid = make_kgid(ns, gid);
  368. if (!gid_valid(kgid))
  369. return -EINVAL;
  370. new = prepare_creds();
  371. if (!new)
  372. return -ENOMEM;
  373. old = current_cred();
  374. retval = -EPERM;
  375. if (ns_capable(old->user_ns, CAP_SETGID))
  376. new->gid = new->egid = new->sgid = new->fsgid = kgid;
  377. else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
  378. new->egid = new->fsgid = kgid;
  379. else
  380. goto error;
  381. return commit_creds(new);
  382. error:
  383. abort_creds(new);
  384. return retval;
  385. }
  386. /*
  387. * change the user struct in a credentials set to match the new UID
  388. */
  389. static int set_user(struct cred *new)
  390. {
  391. struct user_struct *new_user;
  392. new_user = alloc_uid(new->uid);
  393. if (!new_user)
  394. return -EAGAIN;
  395. /*
  396. * We don't fail in case of NPROC limit excess here because too many
  397. * poorly written programs don't check set*uid() return code, assuming
  398. * it never fails if called by root. We may still enforce NPROC limit
  399. * for programs doing set*uid()+execve() by harmlessly deferring the
  400. * failure to the execve() stage.
  401. */
  402. if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) &&
  403. new_user != INIT_USER)
  404. current->flags |= PF_NPROC_EXCEEDED;
  405. else
  406. current->flags &= ~PF_NPROC_EXCEEDED;
  407. free_uid(new->user);
  408. new->user = new_user;
  409. return 0;
  410. }
  411. /*
  412. * Unprivileged users may change the real uid to the effective uid
  413. * or vice versa. (BSD-style)
  414. *
  415. * If you set the real uid at all, or set the effective uid to a value not
  416. * equal to the real uid, then the saved uid is set to the new effective uid.
  417. *
  418. * This makes it possible for a setuid program to completely drop its
  419. * privileges, which is often a useful assertion to make when you are doing
  420. * a security audit over a program.
  421. *
  422. * The general idea is that a program which uses just setreuid() will be
  423. * 100% compatible with BSD. A program which uses just setuid() will be
  424. * 100% compatible with POSIX with saved IDs.
  425. */
  426. SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
  427. {
  428. struct user_namespace *ns = current_user_ns();
  429. const struct cred *old;
  430. struct cred *new;
  431. int retval;
  432. kuid_t kruid, keuid;
  433. kruid = make_kuid(ns, ruid);
  434. keuid = make_kuid(ns, euid);
  435. if ((ruid != (uid_t) -1) && !uid_valid(kruid))
  436. return -EINVAL;
  437. if ((euid != (uid_t) -1) && !uid_valid(keuid))
  438. return -EINVAL;
  439. new = prepare_creds();
  440. if (!new)
  441. return -ENOMEM;
  442. old = current_cred();
  443. retval = -EPERM;
  444. if (ruid != (uid_t) -1) {
  445. new->uid = kruid;
  446. if (!uid_eq(old->uid, kruid) &&
  447. !uid_eq(old->euid, kruid) &&
  448. !ns_capable(old->user_ns, CAP_SETUID))
  449. goto error;
  450. }
  451. if (euid != (uid_t) -1) {
  452. new->euid = keuid;
  453. if (!uid_eq(old->uid, keuid) &&
  454. !uid_eq(old->euid, keuid) &&
  455. !uid_eq(old->suid, keuid) &&
  456. !ns_capable(old->user_ns, CAP_SETUID))
  457. goto error;
  458. }
  459. if (!uid_eq(new->uid, old->uid)) {
  460. retval = set_user(new);
  461. if (retval < 0)
  462. goto error;
  463. }
  464. if (ruid != (uid_t) -1 ||
  465. (euid != (uid_t) -1 && !uid_eq(keuid, old->uid)))
  466. new->suid = new->euid;
  467. new->fsuid = new->euid;
  468. retval = security_task_fix_setuid(new, old, LSM_SETID_RE);
  469. if (retval < 0)
  470. goto error;
  471. return commit_creds(new);
  472. error:
  473. abort_creds(new);
  474. return retval;
  475. }
  476. /*
  477. * setuid() is implemented like SysV with SAVED_IDS
  478. *
  479. * Note that SAVED_ID's is deficient in that a setuid root program
  480. * like sendmail, for example, cannot set its uid to be a normal
  481. * user and then switch back, because if you're root, setuid() sets
  482. * the saved uid too. If you don't like this, blame the bright people
  483. * in the POSIX committee and/or USG. Note that the BSD-style setreuid()
  484. * will allow a root program to temporarily drop privileges and be able to
  485. * regain them by swapping the real and effective uid.
  486. */
  487. SYSCALL_DEFINE1(setuid, uid_t, uid)
  488. {
  489. struct user_namespace *ns = current_user_ns();
  490. const struct cred *old;
  491. struct cred *new;
  492. int retval;
  493. kuid_t kuid;
  494. kuid = make_kuid(ns, uid);
  495. if (!uid_valid(kuid))
  496. return -EINVAL;
  497. new = prepare_creds();
  498. if (!new)
  499. return -ENOMEM;
  500. old = current_cred();
  501. retval = -EPERM;
  502. if (ns_capable(old->user_ns, CAP_SETUID)) {
  503. new->suid = new->uid = kuid;
  504. if (!uid_eq(kuid, old->uid)) {
  505. retval = set_user(new);
  506. if (retval < 0)
  507. goto error;
  508. }
  509. } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) {
  510. goto error;
  511. }
  512. new->fsuid = new->euid = kuid;
  513. retval = security_task_fix_setuid(new, old, LSM_SETID_ID);
  514. if (retval < 0)
  515. goto error;
  516. return commit_creds(new);
  517. error:
  518. abort_creds(new);
  519. return retval;
  520. }
  521. /*
  522. * This function implements a generic ability to update ruid, euid,
  523. * and suid. This allows you to implement the 4.4 compatible seteuid().
  524. */
  525. SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
  526. {
  527. struct user_namespace *ns = current_user_ns();
  528. const struct cred *old;
  529. struct cred *new;
  530. int retval;
  531. kuid_t kruid, keuid, ksuid;
  532. kruid = make_kuid(ns, ruid);
  533. keuid = make_kuid(ns, euid);
  534. ksuid = make_kuid(ns, suid);
  535. if ((ruid != (uid_t) -1) && !uid_valid(kruid))
  536. return -EINVAL;
  537. if ((euid != (uid_t) -1) && !uid_valid(keuid))
  538. return -EINVAL;
  539. if ((suid != (uid_t) -1) && !uid_valid(ksuid))
  540. return -EINVAL;
  541. new = prepare_creds();
  542. if (!new)
  543. return -ENOMEM;
  544. old = current_cred();
  545. retval = -EPERM;
  546. if (!ns_capable(old->user_ns, CAP_SETUID)) {
  547. if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) &&
  548. !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))
  549. goto error;
  550. if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) &&
  551. !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid))
  552. goto error;
  553. if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) &&
  554. !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid))
  555. goto error;
  556. }
  557. if (ruid != (uid_t) -1) {
  558. new->uid = kruid;
  559. if (!uid_eq(kruid, old->uid)) {
  560. retval = set_user(new);
  561. if (retval < 0)
  562. goto error;
  563. }
  564. }
  565. if (euid != (uid_t) -1)
  566. new->euid = keuid;
  567. if (suid != (uid_t) -1)
  568. new->suid = ksuid;
  569. new->fsuid = new->euid;
  570. retval = security_task_fix_setuid(new, old, LSM_SETID_RES);
  571. if (retval < 0)
  572. goto error;
  573. return commit_creds(new);
  574. error:
  575. abort_creds(new);
  576. return retval;
  577. }
  578. SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp)
  579. {
  580. const struct cred *cred = current_cred();
  581. int retval;
  582. uid_t ruid, euid, suid;
  583. ruid = from_kuid_munged(cred->user_ns, cred->uid);
  584. euid = from_kuid_munged(cred->user_ns, cred->euid);
  585. suid = from_kuid_munged(cred->user_ns, cred->suid);
  586. retval = put_user(ruid, ruidp);
  587. if (!retval) {
  588. retval = put_user(euid, euidp);
  589. if (!retval)
  590. return put_user(suid, suidp);
  591. }
  592. return retval;
  593. }
  594. /*
  595. * Same as above, but for rgid, egid, sgid.
  596. */
  597. SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
  598. {
  599. struct user_namespace *ns = current_user_ns();
  600. const struct cred *old;
  601. struct cred *new;
  602. int retval;
  603. kgid_t krgid, kegid, ksgid;
  604. krgid = make_kgid(ns, rgid);
  605. kegid = make_kgid(ns, egid);
  606. ksgid = make_kgid(ns, sgid);
  607. if ((rgid != (gid_t) -1) && !gid_valid(krgid))
  608. return -EINVAL;
  609. if ((egid != (gid_t) -1) && !gid_valid(kegid))
  610. return -EINVAL;
  611. if ((sgid != (gid_t) -1) && !gid_valid(ksgid))
  612. return -EINVAL;
  613. new = prepare_creds();
  614. if (!new)
  615. return -ENOMEM;
  616. old = current_cred();
  617. retval = -EPERM;
  618. if (!ns_capable(old->user_ns, CAP_SETGID)) {
  619. if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) &&
  620. !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))
  621. goto error;
  622. if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) &&
  623. !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid))
  624. goto error;
  625. if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) &&
  626. !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid))
  627. goto error;
  628. }
  629. if (rgid != (gid_t) -1)
  630. new->gid = krgid;
  631. if (egid != (gid_t) -1)
  632. new->egid = kegid;
  633. if (sgid != (gid_t) -1)
  634. new->sgid = ksgid;
  635. new->fsgid = new->egid;
  636. return commit_creds(new);
  637. error:
  638. abort_creds(new);
  639. return retval;
  640. }
  641. SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp)
  642. {
  643. const struct cred *cred = current_cred();
  644. int retval;
  645. gid_t rgid, egid, sgid;
  646. rgid = from_kgid_munged(cred->user_ns, cred->gid);
  647. egid = from_kgid_munged(cred->user_ns, cred->egid);
  648. sgid = from_kgid_munged(cred->user_ns, cred->sgid);
  649. retval = put_user(rgid, rgidp);
  650. if (!retval) {
  651. retval = put_user(egid, egidp);
  652. if (!retval)
  653. retval = put_user(sgid, sgidp);
  654. }
  655. return retval;
  656. }
  657. /*
  658. * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
  659. * is used for "access()" and for the NFS daemon (letting nfsd stay at
  660. * whatever uid it wants to). It normally shadows "euid", except when
  661. * explicitly set by setfsuid() or for access..
  662. */
  663. SYSCALL_DEFINE1(setfsuid, uid_t, uid)
  664. {
  665. const struct cred *old;
  666. struct cred *new;
  667. uid_t old_fsuid;
  668. kuid_t kuid;
  669. old = current_cred();
  670. old_fsuid = from_kuid_munged(old->user_ns, old->fsuid);
  671. kuid = make_kuid(old->user_ns, uid);
  672. if (!uid_valid(kuid))
  673. return old_fsuid;
  674. new = prepare_creds();
  675. if (!new)
  676. return old_fsuid;
  677. if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) ||
  678. uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
  679. ns_capable(old->user_ns, CAP_SETUID)) {
  680. if (!uid_eq(kuid, old->fsuid)) {
  681. new->fsuid = kuid;
  682. if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
  683. goto change_okay;
  684. }
  685. }
  686. abort_creds(new);
  687. return old_fsuid;
  688. change_okay:
  689. commit_creds(new);
  690. return old_fsuid;
  691. }
  692. /*
  693. * Samma på svenska..
  694. */
  695. SYSCALL_DEFINE1(setfsgid, gid_t, gid)
  696. {
  697. const struct cred *old;
  698. struct cred *new;
  699. gid_t old_fsgid;
  700. kgid_t kgid;
  701. old = current_cred();
  702. old_fsgid = from_kgid_munged(old->user_ns, old->fsgid);
  703. kgid = make_kgid(old->user_ns, gid);
  704. if (!gid_valid(kgid))
  705. return old_fsgid;
  706. new = prepare_creds();
  707. if (!new)
  708. return old_fsgid;
  709. if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
  710. gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
  711. ns_capable(old->user_ns, CAP_SETGID)) {
  712. if (!gid_eq(kgid, old->fsgid)) {
  713. new->fsgid = kgid;
  714. goto change_okay;
  715. }
  716. }
  717. abort_creds(new);
  718. return old_fsgid;
  719. change_okay:
  720. commit_creds(new);
  721. return old_fsgid;
  722. }
  723. #endif /* CONFIG_MULTIUSER */
  724. /**
  725. * sys_getpid - return the thread group id of the current process
  726. *
  727. * Note, despite the name, this returns the tgid not the pid. The tgid and
  728. * the pid are identical unless CLONE_THREAD was specified on clone() in
  729. * which case the tgid is the same in all threads of the same group.
  730. *
  731. * This is SMP safe as current->tgid does not change.
  732. */
  733. SYSCALL_DEFINE0(getpid)
  734. {
  735. return task_tgid_vnr(current);
  736. }
  737. /* Thread ID - the internal kernel "pid" */
  738. SYSCALL_DEFINE0(gettid)
  739. {
  740. return task_pid_vnr(current);
  741. }
  742. /*
  743. * Accessing ->real_parent is not SMP-safe, it could
  744. * change from under us. However, we can use a stale
  745. * value of ->real_parent under rcu_read_lock(), see
  746. * release_task()->call_rcu(delayed_put_task_struct).
  747. */
  748. SYSCALL_DEFINE0(getppid)
  749. {
  750. int pid;
  751. rcu_read_lock();
  752. pid = task_tgid_vnr(rcu_dereference(current->real_parent));
  753. rcu_read_unlock();
  754. return pid;
  755. }
  756. SYSCALL_DEFINE0(getuid)
  757. {
  758. /* Only we change this so SMP safe */
  759. return from_kuid_munged(current_user_ns(), current_uid());
  760. }
  761. SYSCALL_DEFINE0(geteuid)
  762. {
  763. /* Only we change this so SMP safe */
  764. return from_kuid_munged(current_user_ns(), current_euid());
  765. }
  766. SYSCALL_DEFINE0(getgid)
  767. {
  768. /* Only we change this so SMP safe */
  769. return from_kgid_munged(current_user_ns(), current_gid());
  770. }
  771. SYSCALL_DEFINE0(getegid)
  772. {
  773. /* Only we change this so SMP safe */
  774. return from_kgid_munged(current_user_ns(), current_egid());
  775. }
  776. void do_sys_times(struct tms *tms)
  777. {
  778. u64 tgutime, tgstime, cutime, cstime;
  779. thread_group_cputime_adjusted(current, &tgutime, &tgstime);
  780. cutime = current->signal->cutime;
  781. cstime = current->signal->cstime;
  782. tms->tms_utime = nsec_to_clock_t(tgutime);
  783. tms->tms_stime = nsec_to_clock_t(tgstime);
  784. tms->tms_cutime = nsec_to_clock_t(cutime);
  785. tms->tms_cstime = nsec_to_clock_t(cstime);
  786. }
  787. SYSCALL_DEFINE1(times, struct tms __user *, tbuf)
  788. {
  789. if (tbuf) {
  790. struct tms tmp;
  791. do_sys_times(&tmp);
  792. if (copy_to_user(tbuf, &tmp, sizeof(struct tms)))
  793. return -EFAULT;
  794. }
  795. force_successful_syscall_return();
  796. return (long) jiffies_64_to_clock_t(get_jiffies_64());
  797. }
  798. /*
  799. * This needs some heavy checking ...
  800. * I just haven't the stomach for it. I also don't fully
  801. * understand sessions/pgrp etc. Let somebody who does explain it.
  802. *
  803. * OK, I think I have the protection semantics right.... this is really
  804. * only important on a multi-user system anyway, to make sure one user
  805. * can't send a signal to a process owned by another. -TYT, 12/12/91
  806. *
  807. * !PF_FORKNOEXEC check to conform completely to POSIX.
  808. */
  809. SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid)
  810. {
  811. struct task_struct *p;
  812. struct task_struct *group_leader = current->group_leader;
  813. struct pid *pgrp;
  814. int err;
  815. if (!pid)
  816. pid = task_pid_vnr(group_leader);
  817. if (!pgid)
  818. pgid = pid;
  819. if (pgid < 0)
  820. return -EINVAL;
  821. rcu_read_lock();
  822. /* From this point forward we keep holding onto the tasklist lock
  823. * so that our parent does not change from under us. -DaveM
  824. */
  825. write_lock_irq(&tasklist_lock);
  826. err = -ESRCH;
  827. p = find_task_by_vpid(pid);
  828. if (!p)
  829. goto out;
  830. err = -EINVAL;
  831. if (!thread_group_leader(p))
  832. goto out;
  833. if (same_thread_group(p->real_parent, group_leader)) {
  834. err = -EPERM;
  835. if (task_session(p) != task_session(group_leader))
  836. goto out;
  837. err = -EACCES;
  838. if (!(p->flags & PF_FORKNOEXEC))
  839. goto out;
  840. } else {
  841. err = -ESRCH;
  842. if (p != group_leader)
  843. goto out;
  844. }
  845. err = -EPERM;
  846. if (p->signal->leader)
  847. goto out;
  848. pgrp = task_pid(p);
  849. if (pgid != pid) {
  850. struct task_struct *g;
  851. pgrp = find_vpid(pgid);
  852. g = pid_task(pgrp, PIDTYPE_PGID);
  853. if (!g || task_session(g) != task_session(group_leader))
  854. goto out;
  855. }
  856. err = security_task_setpgid(p, pgid);
  857. if (err)
  858. goto out;
  859. if (task_pgrp(p) != pgrp)
  860. change_pid(p, PIDTYPE_PGID, pgrp);
  861. err = 0;
  862. out:
  863. /* All paths lead to here, thus we are safe. -DaveM */
  864. write_unlock_irq(&tasklist_lock);
  865. rcu_read_unlock();
  866. return err;
  867. }
  868. SYSCALL_DEFINE1(getpgid, pid_t, pid)
  869. {
  870. struct task_struct *p;
  871. struct pid *grp;
  872. int retval;
  873. rcu_read_lock();
  874. if (!pid)
  875. grp = task_pgrp(current);
  876. else {
  877. retval = -ESRCH;
  878. p = find_task_by_vpid(pid);
  879. if (!p)
  880. goto out;
  881. grp = task_pgrp(p);
  882. if (!grp)
  883. goto out;
  884. retval = security_task_getpgid(p);
  885. if (retval)
  886. goto out;
  887. }
  888. retval = pid_vnr(grp);
  889. out:
  890. rcu_read_unlock();
  891. return retval;
  892. }
  893. #ifdef __ARCH_WANT_SYS_GETPGRP
  894. SYSCALL_DEFINE0(getpgrp)
  895. {
  896. return sys_getpgid(0);
  897. }
  898. #endif
  899. SYSCALL_DEFINE1(getsid, pid_t, pid)
  900. {
  901. struct task_struct *p;
  902. struct pid *sid;
  903. int retval;
  904. rcu_read_lock();
  905. if (!pid)
  906. sid = task_session(current);
  907. else {
  908. retval = -ESRCH;
  909. p = find_task_by_vpid(pid);
  910. if (!p)
  911. goto out;
  912. sid = task_session(p);
  913. if (!sid)
  914. goto out;
  915. retval = security_task_getsid(p);
  916. if (retval)
  917. goto out;
  918. }
  919. retval = pid_vnr(sid);
  920. out:
  921. rcu_read_unlock();
  922. return retval;
  923. }
  924. static void set_special_pids(struct pid *pid)
  925. {
  926. struct task_struct *curr = current->group_leader;
  927. if (task_session(curr) != pid)
  928. change_pid(curr, PIDTYPE_SID, pid);
  929. if (task_pgrp(curr) != pid)
  930. change_pid(curr, PIDTYPE_PGID, pid);
  931. }
  932. SYSCALL_DEFINE0(setsid)
  933. {
  934. struct task_struct *group_leader = current->group_leader;
  935. struct pid *sid = task_pid(group_leader);
  936. pid_t session = pid_vnr(sid);
  937. int err = -EPERM;
  938. write_lock_irq(&tasklist_lock);
  939. /* Fail if I am already a session leader */
  940. if (group_leader->signal->leader)
  941. goto out;
  942. /* Fail if a process group id already exists that equals the
  943. * proposed session id.
  944. */
  945. if (pid_task(sid, PIDTYPE_PGID))
  946. goto out;
  947. group_leader->signal->leader = 1;
  948. set_special_pids(sid);
  949. proc_clear_tty(group_leader);
  950. err = session;
  951. out:
  952. write_unlock_irq(&tasklist_lock);
  953. if (err > 0) {
  954. proc_sid_connector(group_leader);
  955. sched_autogroup_create_attach(group_leader);
  956. }
  957. return err;
  958. }
  959. DECLARE_RWSEM(uts_sem);
  960. #ifdef COMPAT_UTS_MACHINE
  961. #define override_architecture(name) \
  962. (personality(current->personality) == PER_LINUX32 && \
  963. copy_to_user(name->machine, COMPAT_UTS_MACHINE, \
  964. sizeof(COMPAT_UTS_MACHINE)))
  965. #else
  966. #define override_architecture(name) 0
  967. #endif
  968. /*
  969. * Work around broken programs that cannot handle "Linux 3.0".
  970. * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
  971. * And we map 4.x to 2.6.60+x, so 4.0 would be 2.6.60.
  972. */
  973. static int override_release(char __user *release, size_t len)
  974. {
  975. int ret = 0;
  976. if (current->personality & UNAME26) {
  977. const char *rest = UTS_RELEASE;
  978. char buf[65] = { 0 };
  979. int ndots = 0;
  980. unsigned v;
  981. size_t copy;
  982. while (*rest) {
  983. if (*rest == '.' && ++ndots >= 3)
  984. break;
  985. if (!isdigit(*rest) && *rest != '.')
  986. break;
  987. rest++;
  988. }
  989. v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 60;
  990. copy = clamp_t(size_t, len, 1, sizeof(buf));
  991. copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
  992. ret = copy_to_user(release, buf, copy + 1);
  993. }
  994. return ret;
  995. }
  996. SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name)
  997. {
  998. int errno = 0;
  999. down_read(&uts_sem);
  1000. if (copy_to_user(name, utsname(), sizeof *name))
  1001. errno = -EFAULT;
  1002. up_read(&uts_sem);
  1003. if (!errno && override_release(name->release, sizeof(name->release)))
  1004. errno = -EFAULT;
  1005. if (!errno && override_architecture(name))
  1006. errno = -EFAULT;
  1007. return errno;
  1008. }
  1009. #ifdef __ARCH_WANT_SYS_OLD_UNAME
  1010. /*
  1011. * Old cruft
  1012. */
  1013. SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
  1014. {
  1015. int error = 0;
  1016. if (!name)
  1017. return -EFAULT;
  1018. down_read(&uts_sem);
  1019. if (copy_to_user(name, utsname(), sizeof(*name)))
  1020. error = -EFAULT;
  1021. up_read(&uts_sem);
  1022. if (!error && override_release(name->release, sizeof(name->release)))
  1023. error = -EFAULT;
  1024. if (!error && override_architecture(name))
  1025. error = -EFAULT;
  1026. return error;
  1027. }
  1028. SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
  1029. {
  1030. int error;
  1031. if (!name)
  1032. return -EFAULT;
  1033. if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname)))
  1034. return -EFAULT;
  1035. down_read(&uts_sem);
  1036. error = __copy_to_user(&name->sysname, &utsname()->sysname,
  1037. __OLD_UTS_LEN);
  1038. error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
  1039. error |= __copy_to_user(&name->nodename, &utsname()->nodename,
  1040. __OLD_UTS_LEN);
  1041. error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
  1042. error |= __copy_to_user(&name->release, &utsname()->release,
  1043. __OLD_UTS_LEN);
  1044. error |= __put_user(0, name->release + __OLD_UTS_LEN);
  1045. error |= __copy_to_user(&name->version, &utsname()->version,
  1046. __OLD_UTS_LEN);
  1047. error |= __put_user(0, name->version + __OLD_UTS_LEN);
  1048. error |= __copy_to_user(&name->machine, &utsname()->machine,
  1049. __OLD_UTS_LEN);
  1050. error |= __put_user(0, name->machine + __OLD_UTS_LEN);
  1051. up_read(&uts_sem);
  1052. if (!error && override_architecture(name))
  1053. error = -EFAULT;
  1054. if (!error && override_release(name->release, sizeof(name->release)))
  1055. error = -EFAULT;
  1056. return error ? -EFAULT : 0;
  1057. }
  1058. #endif
  1059. SYSCALL_DEFINE2(sethostname, char __user *, name, int, len)
  1060. {
  1061. int errno;
  1062. char tmp[__NEW_UTS_LEN];
  1063. if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
  1064. return -EPERM;
  1065. if (len < 0 || len > __NEW_UTS_LEN)
  1066. return -EINVAL;
  1067. down_write(&uts_sem);
  1068. errno = -EFAULT;
  1069. if (!copy_from_user(tmp, name, len)) {
  1070. struct new_utsname *u = utsname();
  1071. memcpy(u->nodename, tmp, len);
  1072. memset(u->nodename + len, 0, sizeof(u->nodename) - len);
  1073. errno = 0;
  1074. uts_proc_notify(UTS_PROC_HOSTNAME);
  1075. }
  1076. up_write(&uts_sem);
  1077. return errno;
  1078. }
  1079. #ifdef __ARCH_WANT_SYS_GETHOSTNAME
  1080. SYSCALL_DEFINE2(gethostname, char __user *, name, int, len)
  1081. {
  1082. int i, errno;
  1083. struct new_utsname *u;
  1084. if (len < 0)
  1085. return -EINVAL;
  1086. down_read(&uts_sem);
  1087. u = utsname();
  1088. i = 1 + strlen(u->nodename);
  1089. if (i > len)
  1090. i = len;
  1091. errno = 0;
  1092. if (copy_to_user(name, u->nodename, i))
  1093. errno = -EFAULT;
  1094. up_read(&uts_sem);
  1095. return errno;
  1096. }
  1097. #endif
  1098. /*
  1099. * Only setdomainname; getdomainname can be implemented by calling
  1100. * uname()
  1101. */
  1102. SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len)
  1103. {
  1104. int errno;
  1105. char tmp[__NEW_UTS_LEN];
  1106. if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
  1107. return -EPERM;
  1108. if (len < 0 || len > __NEW_UTS_LEN)
  1109. return -EINVAL;
  1110. down_write(&uts_sem);
  1111. errno = -EFAULT;
  1112. if (!copy_from_user(tmp, name, len)) {
  1113. struct new_utsname *u = utsname();
  1114. memcpy(u->domainname, tmp, len);
  1115. memset(u->domainname + len, 0, sizeof(u->domainname) - len);
  1116. errno = 0;
  1117. uts_proc_notify(UTS_PROC_DOMAINNAME);
  1118. }
  1119. up_write(&uts_sem);
  1120. return errno;
  1121. }
  1122. SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim)
  1123. {
  1124. struct rlimit value;
  1125. int ret;
  1126. ret = do_prlimit(current, resource, NULL, &value);
  1127. if (!ret)
  1128. ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0;
  1129. return ret;
  1130. }
  1131. #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT
  1132. /*
  1133. * Back compatibility for getrlimit. Needed for some apps.
  1134. */
  1135. SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource,
  1136. struct rlimit __user *, rlim)
  1137. {
  1138. struct rlimit x;
  1139. if (resource >= RLIM_NLIMITS)
  1140. return -EINVAL;
  1141. task_lock(current->group_leader);
  1142. x = current->signal->rlim[resource];
  1143. task_unlock(current->group_leader);
  1144. if (x.rlim_cur > 0x7FFFFFFF)
  1145. x.rlim_cur = 0x7FFFFFFF;
  1146. if (x.rlim_max > 0x7FFFFFFF)
  1147. x.rlim_max = 0x7FFFFFFF;
  1148. return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0;
  1149. }
  1150. #endif
  1151. static inline bool rlim64_is_infinity(__u64 rlim64)
  1152. {
  1153. #if BITS_PER_LONG < 64
  1154. return rlim64 >= ULONG_MAX;
  1155. #else
  1156. return rlim64 == RLIM64_INFINITY;
  1157. #endif
  1158. }
  1159. static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64)
  1160. {
  1161. if (rlim->rlim_cur == RLIM_INFINITY)
  1162. rlim64->rlim_cur = RLIM64_INFINITY;
  1163. else
  1164. rlim64->rlim_cur = rlim->rlim_cur;
  1165. if (rlim->rlim_max == RLIM_INFINITY)
  1166. rlim64->rlim_max = RLIM64_INFINITY;
  1167. else
  1168. rlim64->rlim_max = rlim->rlim_max;
  1169. }
  1170. static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim)
  1171. {
  1172. if (rlim64_is_infinity(rlim64->rlim_cur))
  1173. rlim->rlim_cur = RLIM_INFINITY;
  1174. else
  1175. rlim->rlim_cur = (unsigned long)rlim64->rlim_cur;
  1176. if (rlim64_is_infinity(rlim64->rlim_max))
  1177. rlim->rlim_max = RLIM_INFINITY;
  1178. else
  1179. rlim->rlim_max = (unsigned long)rlim64->rlim_max;
  1180. }
  1181. /* make sure you are allowed to change @tsk limits before calling this */
  1182. int do_prlimit(struct task_struct *tsk, unsigned int resource,
  1183. struct rlimit *new_rlim, struct rlimit *old_rlim)
  1184. {
  1185. struct rlimit *rlim;
  1186. int retval = 0;
  1187. if (resource >= RLIM_NLIMITS)
  1188. return -EINVAL;
  1189. if (new_rlim) {
  1190. if (new_rlim->rlim_cur > new_rlim->rlim_max)
  1191. return -EINVAL;
  1192. if (resource == RLIMIT_NOFILE &&
  1193. new_rlim->rlim_max > sysctl_nr_open)
  1194. return -EPERM;
  1195. }
  1196. /* protect tsk->signal and tsk->sighand from disappearing */
  1197. read_lock(&tasklist_lock);
  1198. if (!tsk->sighand) {
  1199. retval = -ESRCH;
  1200. goto out;
  1201. }
  1202. rlim = tsk->signal->rlim + resource;
  1203. task_lock(tsk->group_leader);
  1204. if (new_rlim) {
  1205. /* Keep the capable check against init_user_ns until
  1206. cgroups can contain all limits */
  1207. if (new_rlim->rlim_max > rlim->rlim_max &&
  1208. !capable(CAP_SYS_RESOURCE))
  1209. retval = -EPERM;
  1210. if (!retval)
  1211. retval = security_task_setrlimit(tsk, resource, new_rlim);
  1212. if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
  1213. /*
  1214. * The caller is asking for an immediate RLIMIT_CPU
  1215. * expiry. But we use the zero value to mean "it was
  1216. * never set". So let's cheat and make it one second
  1217. * instead
  1218. */
  1219. new_rlim->rlim_cur = 1;
  1220. }
  1221. }
  1222. if (!retval) {
  1223. if (old_rlim)
  1224. *old_rlim = *rlim;
  1225. if (new_rlim)
  1226. *rlim = *new_rlim;
  1227. }
  1228. task_unlock(tsk->group_leader);
  1229. /*
  1230. * RLIMIT_CPU handling. Note that the kernel fails to return an error
  1231. * code if it rejected the user's attempt to set RLIMIT_CPU. This is a
  1232. * very long-standing error, and fixing it now risks breakage of
  1233. * applications, so we live with it
  1234. */
  1235. if (!retval && new_rlim && resource == RLIMIT_CPU &&
  1236. new_rlim->rlim_cur != RLIM_INFINITY &&
  1237. IS_ENABLED(CONFIG_POSIX_TIMERS))
  1238. update_rlimit_cpu(tsk, new_rlim->rlim_cur);
  1239. out:
  1240. read_unlock(&tasklist_lock);
  1241. return retval;
  1242. }
  1243. /* rcu lock must be held */
  1244. static int check_prlimit_permission(struct task_struct *task,
  1245. unsigned int flags)
  1246. {
  1247. const struct cred *cred = current_cred(), *tcred;
  1248. bool id_match;
  1249. if (current == task)
  1250. return 0;
  1251. tcred = __task_cred(task);
  1252. id_match = (uid_eq(cred->uid, tcred->euid) &&
  1253. uid_eq(cred->uid, tcred->suid) &&
  1254. uid_eq(cred->uid, tcred->uid) &&
  1255. gid_eq(cred->gid, tcred->egid) &&
  1256. gid_eq(cred->gid, tcred->sgid) &&
  1257. gid_eq(cred->gid, tcred->gid));
  1258. if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
  1259. return -EPERM;
  1260. return security_task_prlimit(cred, tcred, flags);
  1261. }
  1262. SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource,
  1263. const struct rlimit64 __user *, new_rlim,
  1264. struct rlimit64 __user *, old_rlim)
  1265. {
  1266. struct rlimit64 old64, new64;
  1267. struct rlimit old, new;
  1268. struct task_struct *tsk;
  1269. unsigned int checkflags = 0;
  1270. int ret;
  1271. if (old_rlim)
  1272. checkflags |= LSM_PRLIMIT_READ;
  1273. if (new_rlim) {
  1274. if (copy_from_user(&new64, new_rlim, sizeof(new64)))
  1275. return -EFAULT;
  1276. rlim64_to_rlim(&new64, &new);
  1277. checkflags |= LSM_PRLIMIT_WRITE;
  1278. }
  1279. rcu_read_lock();
  1280. tsk = pid ? find_task_by_vpid(pid) : current;
  1281. if (!tsk) {
  1282. rcu_read_unlock();
  1283. return -ESRCH;
  1284. }
  1285. ret = check_prlimit_permission(tsk, checkflags);
  1286. if (ret) {
  1287. rcu_read_unlock();
  1288. return ret;
  1289. }
  1290. get_task_struct(tsk);
  1291. rcu_read_unlock();
  1292. ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL,
  1293. old_rlim ? &old : NULL);
  1294. if (!ret && old_rlim) {
  1295. rlim_to_rlim64(&old, &old64);
  1296. if (copy_to_user(old_rlim, &old64, sizeof(old64)))
  1297. ret = -EFAULT;
  1298. }
  1299. put_task_struct(tsk);
  1300. return ret;
  1301. }
  1302. SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
  1303. {
  1304. struct rlimit new_rlim;
  1305. if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
  1306. return -EFAULT;
  1307. return do_prlimit(current, resource, &new_rlim, NULL);
  1308. }
  1309. /*
  1310. * It would make sense to put struct rusage in the task_struct,
  1311. * except that would make the task_struct be *really big*. After
  1312. * task_struct gets moved into malloc'ed memory, it would
  1313. * make sense to do this. It will make moving the rest of the information
  1314. * a lot simpler! (Which we're not doing right now because we're not
  1315. * measuring them yet).
  1316. *
  1317. * When sampling multiple threads for RUSAGE_SELF, under SMP we might have
  1318. * races with threads incrementing their own counters. But since word
  1319. * reads are atomic, we either get new values or old values and we don't
  1320. * care which for the sums. We always take the siglock to protect reading
  1321. * the c* fields from p->signal from races with exit.c updating those
  1322. * fields when reaping, so a sample either gets all the additions of a
  1323. * given child after it's reaped, or none so this sample is before reaping.
  1324. *
  1325. * Locking:
  1326. * We need to take the siglock for CHILDEREN, SELF and BOTH
  1327. * for the cases current multithreaded, non-current single threaded
  1328. * non-current multithreaded. Thread traversal is now safe with
  1329. * the siglock held.
  1330. * Strictly speaking, we donot need to take the siglock if we are current and
  1331. * single threaded, as no one else can take our signal_struct away, no one
  1332. * else can reap the children to update signal->c* counters, and no one else
  1333. * can race with the signal-> fields. If we do not take any lock, the
  1334. * signal-> fields could be read out of order while another thread was just
  1335. * exiting. So we should place a read memory barrier when we avoid the lock.
  1336. * On the writer side, write memory barrier is implied in __exit_signal
  1337. * as __exit_signal releases the siglock spinlock after updating the signal->
  1338. * fields. But we don't do this yet to keep things simple.
  1339. *
  1340. */
  1341. static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r)
  1342. {
  1343. r->ru_nvcsw += t->nvcsw;
  1344. r->ru_nivcsw += t->nivcsw;
  1345. r->ru_minflt += t->min_flt;
  1346. r->ru_majflt += t->maj_flt;
  1347. r->ru_inblock += task_io_get_inblock(t);
  1348. r->ru_oublock += task_io_get_oublock(t);
  1349. }
  1350. static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
  1351. {
  1352. struct task_struct *t;
  1353. unsigned long flags;
  1354. u64 tgutime, tgstime, utime, stime;
  1355. unsigned long maxrss = 0;
  1356. memset((char *)r, 0, sizeof (*r));
  1357. utime = stime = 0;
  1358. if (who == RUSAGE_THREAD) {
  1359. task_cputime_adjusted(current, &utime, &stime);
  1360. accumulate_thread_rusage(p, r);
  1361. maxrss = p->signal->maxrss;
  1362. goto out;
  1363. }
  1364. if (!lock_task_sighand(p, &flags))
  1365. return;
  1366. switch (who) {
  1367. case RUSAGE_BOTH:
  1368. case RUSAGE_CHILDREN:
  1369. utime = p->signal->cutime;
  1370. stime = p->signal->cstime;
  1371. r->ru_nvcsw = p->signal->cnvcsw;
  1372. r->ru_nivcsw = p->signal->cnivcsw;
  1373. r->ru_minflt = p->signal->cmin_flt;
  1374. r->ru_majflt = p->signal->cmaj_flt;
  1375. r->ru_inblock = p->signal->cinblock;
  1376. r->ru_oublock = p->signal->coublock;
  1377. maxrss = p->signal->cmaxrss;
  1378. if (who == RUSAGE_CHILDREN)
  1379. break;
  1380. case RUSAGE_SELF:
  1381. thread_group_cputime_adjusted(p, &tgutime, &tgstime);
  1382. utime += tgutime;
  1383. stime += tgstime;
  1384. r->ru_nvcsw += p->signal->nvcsw;
  1385. r->ru_nivcsw += p->signal->nivcsw;
  1386. r->ru_minflt += p->signal->min_flt;
  1387. r->ru_majflt += p->signal->maj_flt;
  1388. r->ru_inblock += p->signal->inblock;
  1389. r->ru_oublock += p->signal->oublock;
  1390. if (maxrss < p->signal->maxrss)
  1391. maxrss = p->signal->maxrss;
  1392. t = p;
  1393. do {
  1394. accumulate_thread_rusage(t, r);
  1395. } while_each_thread(p, t);
  1396. break;
  1397. default:
  1398. BUG();
  1399. }
  1400. unlock_task_sighand(p, &flags);
  1401. out:
  1402. r->ru_utime = ns_to_timeval(utime);
  1403. r->ru_stime = ns_to_timeval(stime);
  1404. if (who != RUSAGE_CHILDREN) {
  1405. struct mm_struct *mm = get_task_mm(p);
  1406. if (mm) {
  1407. setmax_mm_hiwater_rss(&maxrss, mm);
  1408. mmput(mm);
  1409. }
  1410. }
  1411. r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */
  1412. }
  1413. int getrusage(struct task_struct *p, int who, struct rusage __user *ru)
  1414. {
  1415. struct rusage r;
  1416. k_getrusage(p, who, &r);
  1417. return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0;
  1418. }
  1419. SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)
  1420. {
  1421. if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
  1422. who != RUSAGE_THREAD)
  1423. return -EINVAL;
  1424. return getrusage(current, who, ru);
  1425. }
  1426. #ifdef CONFIG_COMPAT
  1427. COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru)
  1428. {
  1429. struct rusage r;
  1430. if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
  1431. who != RUSAGE_THREAD)
  1432. return -EINVAL;
  1433. k_getrusage(current, who, &r);
  1434. return put_compat_rusage(&r, ru);
  1435. }
  1436. #endif
  1437. SYSCALL_DEFINE1(umask, int, mask)
  1438. {
  1439. mask = xchg(&current->fs->umask, mask & S_IRWXUGO);
  1440. return mask;
  1441. }
  1442. static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
  1443. {
  1444. struct fd exe;
  1445. struct file *old_exe, *exe_file;
  1446. struct inode *inode;
  1447. int err;
  1448. exe = fdget(fd);
  1449. if (!exe.file)
  1450. return -EBADF;
  1451. inode = file_inode(exe.file);
  1452. /*
  1453. * Because the original mm->exe_file points to executable file, make
  1454. * sure that this one is executable as well, to avoid breaking an
  1455. * overall picture.
  1456. */
  1457. err = -EACCES;
  1458. if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
  1459. goto exit;
  1460. err = inode_permission(inode, MAY_EXEC);
  1461. if (err)
  1462. goto exit;
  1463. /*
  1464. * Forbid mm->exe_file change if old file still mapped.
  1465. */
  1466. exe_file = get_mm_exe_file(mm);
  1467. err = -EBUSY;
  1468. if (exe_file) {
  1469. struct vm_area_struct *vma;
  1470. down_read(&mm->mmap_sem);
  1471. for (vma = mm->mmap; vma; vma = vma->vm_next) {
  1472. if (!vma->vm_file)
  1473. continue;
  1474. if (path_equal(&vma->vm_file->f_path,
  1475. &exe_file->f_path))
  1476. goto exit_err;
  1477. }
  1478. up_read(&mm->mmap_sem);
  1479. fput(exe_file);
  1480. }
  1481. err = 0;
  1482. /* set the new file, lockless */
  1483. get_file(exe.file);
  1484. old_exe = xchg(&mm->exe_file, exe.file);
  1485. if (old_exe)
  1486. fput(old_exe);
  1487. exit:
  1488. fdput(exe);
  1489. return err;
  1490. exit_err:
  1491. up_read(&mm->mmap_sem);
  1492. fput(exe_file);
  1493. goto exit;
  1494. }
  1495. /*
  1496. * WARNING: we don't require any capability here so be very careful
  1497. * in what is allowed for modification from userspace.
  1498. */
  1499. static int validate_prctl_map(struct prctl_mm_map *prctl_map)
  1500. {
  1501. unsigned long mmap_max_addr = TASK_SIZE;
  1502. struct mm_struct *mm = current->mm;
  1503. int error = -EINVAL, i;
  1504. static const unsigned char offsets[] = {
  1505. offsetof(struct prctl_mm_map, start_code),
  1506. offsetof(struct prctl_mm_map, end_code),
  1507. offsetof(struct prctl_mm_map, start_data),
  1508. offsetof(struct prctl_mm_map, end_data),
  1509. offsetof(struct prctl_mm_map, start_brk),
  1510. offsetof(struct prctl_mm_map, brk),
  1511. offsetof(struct prctl_mm_map, start_stack),
  1512. offsetof(struct prctl_mm_map, arg_start),
  1513. offsetof(struct prctl_mm_map, arg_end),
  1514. offsetof(struct prctl_mm_map, env_start),
  1515. offsetof(struct prctl_mm_map, env_end),
  1516. };
  1517. /*
  1518. * Make sure the members are not somewhere outside
  1519. * of allowed address space.
  1520. */
  1521. for (i = 0; i < ARRAY_SIZE(offsets); i++) {
  1522. u64 val = *(u64 *)((char *)prctl_map + offsets[i]);
  1523. if ((unsigned long)val >= mmap_max_addr ||
  1524. (unsigned long)val < mmap_min_addr)
  1525. goto out;
  1526. }
  1527. /*
  1528. * Make sure the pairs are ordered.
  1529. */
  1530. #define __prctl_check_order(__m1, __op, __m2) \
  1531. ((unsigned long)prctl_map->__m1 __op \
  1532. (unsigned long)prctl_map->__m2) ? 0 : -EINVAL
  1533. error = __prctl_check_order(start_code, <, end_code);
  1534. error |= __prctl_check_order(start_data, <, end_data);
  1535. error |= __prctl_check_order(start_brk, <=, brk);
  1536. error |= __prctl_check_order(arg_start, <=, arg_end);
  1537. error |= __prctl_check_order(env_start, <=, env_end);
  1538. if (error)
  1539. goto out;
  1540. #undef __prctl_check_order
  1541. error = -EINVAL;
  1542. /*
  1543. * @brk should be after @end_data in traditional maps.
  1544. */
  1545. if (prctl_map->start_brk <= prctl_map->end_data ||
  1546. prctl_map->brk <= prctl_map->end_data)
  1547. goto out;
  1548. /*
  1549. * Neither we should allow to override limits if they set.
  1550. */
  1551. if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk,
  1552. prctl_map->start_brk, prctl_map->end_data,
  1553. prctl_map->start_data))
  1554. goto out;
  1555. /*
  1556. * Someone is trying to cheat the auxv vector.
  1557. */
  1558. if (prctl_map->auxv_size) {
  1559. if (!prctl_map->auxv || prctl_map->auxv_size > sizeof(mm->saved_auxv))
  1560. goto out;
  1561. }
  1562. /*
  1563. * Finally, make sure the caller has the rights to
  1564. * change /proc/pid/exe link: only local root should
  1565. * be allowed to.
  1566. */
  1567. if (prctl_map->exe_fd != (u32)-1) {
  1568. struct user_namespace *ns = current_user_ns();
  1569. const struct cred *cred = current_cred();
  1570. if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
  1571. !gid_eq(cred->gid, make_kgid(ns, 0)))
  1572. goto out;
  1573. }
  1574. error = 0;
  1575. out:
  1576. return error;
  1577. }
  1578. #ifdef CONFIG_CHECKPOINT_RESTORE
  1579. static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size)
  1580. {
  1581. struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, };
  1582. unsigned long user_auxv[AT_VECTOR_SIZE];
  1583. struct mm_struct *mm = current->mm;
  1584. int error;
  1585. BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv));
  1586. BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256);
  1587. if (opt == PR_SET_MM_MAP_SIZE)
  1588. return put_user((unsigned int)sizeof(prctl_map),
  1589. (unsigned int __user *)addr);
  1590. if (data_size != sizeof(prctl_map))
  1591. return -EINVAL;
  1592. if (copy_from_user(&prctl_map, addr, sizeof(prctl_map)))
  1593. return -EFAULT;
  1594. error = validate_prctl_map(&prctl_map);
  1595. if (error)
  1596. return error;
  1597. if (prctl_map.auxv_size) {
  1598. memset(user_auxv, 0, sizeof(user_auxv));
  1599. if (copy_from_user(user_auxv,
  1600. (const void __user *)prctl_map.auxv,
  1601. prctl_map.auxv_size))
  1602. return -EFAULT;
  1603. /* Last entry must be AT_NULL as specification requires */
  1604. user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL;
  1605. user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
  1606. }
  1607. if (prctl_map.exe_fd != (u32)-1) {
  1608. error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd);
  1609. if (error)
  1610. return error;
  1611. }
  1612. down_write(&mm->mmap_sem);
  1613. /*
  1614. * We don't validate if these members are pointing to
  1615. * real present VMAs because application may have correspond
  1616. * VMAs already unmapped and kernel uses these members for statistics
  1617. * output in procfs mostly, except
  1618. *
  1619. * - @start_brk/@brk which are used in do_brk but kernel lookups
  1620. * for VMAs when updating these memvers so anything wrong written
  1621. * here cause kernel to swear at userspace program but won't lead
  1622. * to any problem in kernel itself
  1623. */
  1624. mm->start_code = prctl_map.start_code;
  1625. mm->end_code = prctl_map.end_code;
  1626. mm->start_data = prctl_map.start_data;
  1627. mm->end_data = prctl_map.end_data;
  1628. mm->start_brk = prctl_map.start_brk;
  1629. mm->brk = prctl_map.brk;
  1630. mm->start_stack = prctl_map.start_stack;
  1631. mm->arg_start = prctl_map.arg_start;
  1632. mm->arg_end = prctl_map.arg_end;
  1633. mm->env_start = prctl_map.env_start;
  1634. mm->env_end = prctl_map.env_end;
  1635. /*
  1636. * Note this update of @saved_auxv is lockless thus
  1637. * if someone reads this member in procfs while we're
  1638. * updating -- it may get partly updated results. It's
  1639. * known and acceptable trade off: we leave it as is to
  1640. * not introduce additional locks here making the kernel
  1641. * more complex.
  1642. */
  1643. if (prctl_map.auxv_size)
  1644. memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv));
  1645. up_write(&mm->mmap_sem);
  1646. return 0;
  1647. }
  1648. #endif /* CONFIG_CHECKPOINT_RESTORE */
  1649. static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
  1650. unsigned long len)
  1651. {
  1652. /*
  1653. * This doesn't move the auxiliary vector itself since it's pinned to
  1654. * mm_struct, but it permits filling the vector with new values. It's
  1655. * up to the caller to provide sane values here, otherwise userspace
  1656. * tools which use this vector might be unhappy.
  1657. */
  1658. unsigned long user_auxv[AT_VECTOR_SIZE];
  1659. if (len > sizeof(user_auxv))
  1660. return -EINVAL;
  1661. if (copy_from_user(user_auxv, (const void __user *)addr, len))
  1662. return -EFAULT;
  1663. /* Make sure the last entry is always AT_NULL */
  1664. user_auxv[AT_VECTOR_SIZE - 2] = 0;
  1665. user_auxv[AT_VECTOR_SIZE - 1] = 0;
  1666. BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv));
  1667. task_lock(current);
  1668. memcpy(mm->saved_auxv, user_auxv, len);
  1669. task_unlock(current);
  1670. return 0;
  1671. }
  1672. static int prctl_set_mm(int opt, unsigned long addr,
  1673. unsigned long arg4, unsigned long arg5)
  1674. {
  1675. struct mm_struct *mm = current->mm;
  1676. struct prctl_mm_map prctl_map;
  1677. struct vm_area_struct *vma;
  1678. int error;
  1679. if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV &&
  1680. opt != PR_SET_MM_MAP &&
  1681. opt != PR_SET_MM_MAP_SIZE)))
  1682. return -EINVAL;
  1683. #ifdef CONFIG_CHECKPOINT_RESTORE
  1684. if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE)
  1685. return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
  1686. #endif
  1687. if (!capable(CAP_SYS_RESOURCE))
  1688. return -EPERM;
  1689. if (opt == PR_SET_MM_EXE_FILE)
  1690. return prctl_set_mm_exe_file(mm, (unsigned int)addr);
  1691. if (opt == PR_SET_MM_AUXV)
  1692. return prctl_set_auxv(mm, addr, arg4);
  1693. if (addr >= TASK_SIZE || addr < mmap_min_addr)
  1694. return -EINVAL;
  1695. error = -EINVAL;
  1696. down_write(&mm->mmap_sem);
  1697. vma = find_vma(mm, addr);
  1698. prctl_map.start_code = mm->start_code;
  1699. prctl_map.end_code = mm->end_code;
  1700. prctl_map.start_data = mm->start_data;
  1701. prctl_map.end_data = mm->end_data;
  1702. prctl_map.start_brk = mm->start_brk;
  1703. prctl_map.brk = mm->brk;
  1704. prctl_map.start_stack = mm->start_stack;
  1705. prctl_map.arg_start = mm->arg_start;
  1706. prctl_map.arg_end = mm->arg_end;
  1707. prctl_map.env_start = mm->env_start;
  1708. prctl_map.env_end = mm->env_end;
  1709. prctl_map.auxv = NULL;
  1710. prctl_map.auxv_size = 0;
  1711. prctl_map.exe_fd = -1;
  1712. switch (opt) {
  1713. case PR_SET_MM_START_CODE:
  1714. prctl_map.start_code = addr;
  1715. break;
  1716. case PR_SET_MM_END_CODE:
  1717. prctl_map.end_code = addr;
  1718. break;
  1719. case PR_SET_MM_START_DATA:
  1720. prctl_map.start_data = addr;
  1721. break;
  1722. case PR_SET_MM_END_DATA:
  1723. prctl_map.end_data = addr;
  1724. break;
  1725. case PR_SET_MM_START_STACK:
  1726. prctl_map.start_stack = addr;
  1727. break;
  1728. case PR_SET_MM_START_BRK:
  1729. prctl_map.start_brk = addr;
  1730. break;
  1731. case PR_SET_MM_BRK:
  1732. prctl_map.brk = addr;
  1733. break;
  1734. case PR_SET_MM_ARG_START:
  1735. prctl_map.arg_start = addr;
  1736. break;
  1737. case PR_SET_MM_ARG_END:
  1738. prctl_map.arg_end = addr;
  1739. break;
  1740. case PR_SET_MM_ENV_START:
  1741. prctl_map.env_start = addr;
  1742. break;
  1743. case PR_SET_MM_ENV_END:
  1744. prctl_map.env_end = addr;
  1745. break;
  1746. default:
  1747. goto out;
  1748. }
  1749. error = validate_prctl_map(&prctl_map);
  1750. if (error)
  1751. goto out;
  1752. switch (opt) {
  1753. /*
  1754. * If command line arguments and environment
  1755. * are placed somewhere else on stack, we can
  1756. * set them up here, ARG_START/END to setup
  1757. * command line argumets and ENV_START/END
  1758. * for environment.
  1759. */
  1760. case PR_SET_MM_START_STACK:
  1761. case PR_SET_MM_ARG_START:
  1762. case PR_SET_MM_ARG_END:
  1763. case PR_SET_MM_ENV_START:
  1764. case PR_SET_MM_ENV_END:
  1765. if (!vma) {
  1766. error = -EFAULT;
  1767. goto out;
  1768. }
  1769. }
  1770. mm->start_code = prctl_map.start_code;
  1771. mm->end_code = prctl_map.end_code;
  1772. mm->start_data = prctl_map.start_data;
  1773. mm->end_data = prctl_map.end_data;
  1774. mm->start_brk = prctl_map.start_brk;
  1775. mm->brk = prctl_map.brk;
  1776. mm->start_stack = prctl_map.start_stack;
  1777. mm->arg_start = prctl_map.arg_start;
  1778. mm->arg_end = prctl_map.arg_end;
  1779. mm->env_start = prctl_map.env_start;
  1780. mm->env_end = prctl_map.env_end;
  1781. error = 0;
  1782. out:
  1783. up_write(&mm->mmap_sem);
  1784. return error;
  1785. }
  1786. #ifdef CONFIG_CHECKPOINT_RESTORE
  1787. static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
  1788. {
  1789. return put_user(me->clear_child_tid, tid_addr);
  1790. }
  1791. #else
  1792. static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
  1793. {
  1794. return -EINVAL;
  1795. }
  1796. #endif
  1797. static int propagate_has_child_subreaper(struct task_struct *p, void *data)
  1798. {
  1799. /*
  1800. * If task has has_child_subreaper - all its decendants
  1801. * already have these flag too and new decendants will
  1802. * inherit it on fork, skip them.
  1803. *
  1804. * If we've found child_reaper - skip descendants in
  1805. * it's subtree as they will never get out pidns.
  1806. */
  1807. if (p->signal->has_child_subreaper ||
  1808. is_child_reaper(task_pid(p)))
  1809. return 0;
  1810. p->signal->has_child_subreaper = 1;
  1811. return 1;
  1812. }
  1813. SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
  1814. unsigned long, arg4, unsigned long, arg5)
  1815. {
  1816. struct task_struct *me = current;
  1817. unsigned char comm[sizeof(me->comm)];
  1818. long error;
  1819. error = security_task_prctl(option, arg2, arg3, arg4, arg5);
  1820. if (error != -ENOSYS)
  1821. return error;
  1822. error = 0;
  1823. switch (option) {
  1824. case PR_SET_PDEATHSIG:
  1825. if (!valid_signal(arg2)) {
  1826. error = -EINVAL;
  1827. break;
  1828. }
  1829. me->pdeath_signal = arg2;
  1830. break;
  1831. case PR_GET_PDEATHSIG:
  1832. error = put_user(me->pdeath_signal, (int __user *)arg2);
  1833. break;
  1834. case PR_GET_DUMPABLE:
  1835. error = get_dumpable(me->mm);
  1836. break;
  1837. case PR_SET_DUMPABLE:
  1838. if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) {
  1839. error = -EINVAL;
  1840. break;
  1841. }
  1842. set_dumpable(me->mm, arg2);
  1843. break;
  1844. case PR_SET_UNALIGN:
  1845. error = SET_UNALIGN_CTL(me, arg2);
  1846. break;
  1847. case PR_GET_UNALIGN:
  1848. error = GET_UNALIGN_CTL(me, arg2);
  1849. break;
  1850. case PR_SET_FPEMU:
  1851. error = SET_FPEMU_CTL(me, arg2);
  1852. break;
  1853. case PR_GET_FPEMU:
  1854. error = GET_FPEMU_CTL(me, arg2);
  1855. break;
  1856. case PR_SET_FPEXC:
  1857. error = SET_FPEXC_CTL(me, arg2);
  1858. break;
  1859. case PR_GET_FPEXC:
  1860. error = GET_FPEXC_CTL(me, arg2);
  1861. break;
  1862. case PR_GET_TIMING:
  1863. error = PR_TIMING_STATISTICAL;
  1864. break;
  1865. case PR_SET_TIMING:
  1866. if (arg2 != PR_TIMING_STATISTICAL)
  1867. error = -EINVAL;
  1868. break;
  1869. case PR_SET_NAME:
  1870. comm[sizeof(me->comm) - 1] = 0;
  1871. if (strncpy_from_user(comm, (char __user *)arg2,
  1872. sizeof(me->comm) - 1) < 0)
  1873. return -EFAULT;
  1874. set_task_comm(me, comm);
  1875. proc_comm_connector(me);
  1876. break;
  1877. case PR_GET_NAME:
  1878. get_task_comm(comm, me);
  1879. if (copy_to_user((char __user *)arg2, comm, sizeof(comm)))
  1880. return -EFAULT;
  1881. break;
  1882. case PR_GET_ENDIAN:
  1883. error = GET_ENDIAN(me, arg2);
  1884. break;
  1885. case PR_SET_ENDIAN:
  1886. error = SET_ENDIAN(me, arg2);
  1887. break;
  1888. case PR_GET_SECCOMP:
  1889. error = prctl_get_seccomp();
  1890. break;
  1891. case PR_SET_SECCOMP:
  1892. error = prctl_set_seccomp(arg2, (char __user *)arg3);
  1893. break;
  1894. case PR_GET_TSC:
  1895. error = GET_TSC_CTL(arg2);
  1896. break;
  1897. case PR_SET_TSC:
  1898. error = SET_TSC_CTL(arg2);
  1899. break;
  1900. case PR_TASK_PERF_EVENTS_DISABLE:
  1901. error = perf_event_task_disable();
  1902. break;
  1903. case PR_TASK_PERF_EVENTS_ENABLE:
  1904. error = perf_event_task_enable();
  1905. break;
  1906. case PR_GET_TIMERSLACK:
  1907. if (current->timer_slack_ns > ULONG_MAX)
  1908. error = ULONG_MAX;
  1909. else
  1910. error = current->timer_slack_ns;
  1911. break;
  1912. case PR_SET_TIMERSLACK:
  1913. if (arg2 <= 0)
  1914. current->timer_slack_ns =
  1915. current->default_timer_slack_ns;
  1916. else
  1917. current->timer_slack_ns = arg2;
  1918. break;
  1919. case PR_MCE_KILL:
  1920. if (arg4 | arg5)
  1921. return -EINVAL;
  1922. switch (arg2) {
  1923. case PR_MCE_KILL_CLEAR:
  1924. if (arg3 != 0)
  1925. return -EINVAL;
  1926. current->flags &= ~PF_MCE_PROCESS;
  1927. break;
  1928. case PR_MCE_KILL_SET:
  1929. current->flags |= PF_MCE_PROCESS;
  1930. if (arg3 == PR_MCE_KILL_EARLY)
  1931. current->flags |= PF_MCE_EARLY;
  1932. else if (arg3 == PR_MCE_KILL_LATE)
  1933. current->flags &= ~PF_MCE_EARLY;
  1934. else if (arg3 == PR_MCE_KILL_DEFAULT)
  1935. current->flags &=
  1936. ~(PF_MCE_EARLY|PF_MCE_PROCESS);
  1937. else
  1938. return -EINVAL;
  1939. break;
  1940. default:
  1941. return -EINVAL;
  1942. }
  1943. break;
  1944. case PR_MCE_KILL_GET:
  1945. if (arg2 | arg3 | arg4 | arg5)
  1946. return -EINVAL;
  1947. if (current->flags & PF_MCE_PROCESS)
  1948. error = (current->flags & PF_MCE_EARLY) ?
  1949. PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE;
  1950. else
  1951. error = PR_MCE_KILL_DEFAULT;
  1952. break;
  1953. case PR_SET_MM:
  1954. error = prctl_set_mm(arg2, arg3, arg4, arg5);
  1955. break;
  1956. case PR_GET_TID_ADDRESS:
  1957. error = prctl_get_tid_address(me, (int __user **)arg2);
  1958. break;
  1959. case PR_SET_CHILD_SUBREAPER:
  1960. me->signal->is_child_subreaper = !!arg2;
  1961. if (!arg2)
  1962. break;
  1963. walk_process_tree(me, propagate_has_child_subreaper, NULL);
  1964. break;
  1965. case PR_GET_CHILD_SUBREAPER:
  1966. error = put_user(me->signal->is_child_subreaper,
  1967. (int __user *)arg2);
  1968. break;
  1969. case PR_SET_NO_NEW_PRIVS:
  1970. if (arg2 != 1 || arg3 || arg4 || arg5)
  1971. return -EINVAL;
  1972. task_set_no_new_privs(current);
  1973. break;
  1974. case PR_GET_NO_NEW_PRIVS:
  1975. if (arg2 || arg3 || arg4 || arg5)
  1976. return -EINVAL;
  1977. return task_no_new_privs(current) ? 1 : 0;
  1978. case PR_GET_THP_DISABLE:
  1979. if (arg2 || arg3 || arg4 || arg5)
  1980. return -EINVAL;
  1981. error = !!(me->mm->def_flags & VM_NOHUGEPAGE);
  1982. break;
  1983. case PR_SET_THP_DISABLE:
  1984. if (arg3 || arg4 || arg5)
  1985. return -EINVAL;
  1986. if (down_write_killable(&me->mm->mmap_sem))
  1987. return -EINTR;
  1988. if (arg2)
  1989. me->mm->def_flags |= VM_NOHUGEPAGE;
  1990. else
  1991. me->mm->def_flags &= ~VM_NOHUGEPAGE;
  1992. up_write(&me->mm->mmap_sem);
  1993. break;
  1994. case PR_MPX_ENABLE_MANAGEMENT:
  1995. if (arg2 || arg3 || arg4 || arg5)
  1996. return -EINVAL;
  1997. error = MPX_ENABLE_MANAGEMENT();
  1998. break;
  1999. case PR_MPX_DISABLE_MANAGEMENT:
  2000. if (arg2 || arg3 || arg4 || arg5)
  2001. return -EINVAL;
  2002. error = MPX_DISABLE_MANAGEMENT();
  2003. break;
  2004. case PR_SET_FP_MODE:
  2005. error = SET_FP_MODE(me, arg2);
  2006. break;
  2007. case PR_GET_FP_MODE:
  2008. error = GET_FP_MODE(me);
  2009. break;
  2010. default:
  2011. error = -EINVAL;
  2012. break;
  2013. }
  2014. return error;
  2015. }
  2016. SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep,
  2017. struct getcpu_cache __user *, unused)
  2018. {
  2019. int err = 0;
  2020. int cpu = raw_smp_processor_id();
  2021. if (cpup)
  2022. err |= put_user(cpu, cpup);
  2023. if (nodep)
  2024. err |= put_user(cpu_to_node(cpu), nodep);
  2025. return err ? -EFAULT : 0;
  2026. }
  2027. /**
  2028. * do_sysinfo - fill in sysinfo struct
  2029. * @info: pointer to buffer to fill
  2030. */
  2031. static int do_sysinfo(struct sysinfo *info)
  2032. {
  2033. unsigned long mem_total, sav_total;
  2034. unsigned int mem_unit, bitcount;
  2035. struct timespec tp;
  2036. memset(info, 0, sizeof(struct sysinfo));
  2037. get_monotonic_boottime(&tp);
  2038. info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0);
  2039. get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT);
  2040. info->procs = nr_threads;
  2041. si_meminfo(info);
  2042. si_swapinfo(info);
  2043. /*
  2044. * If the sum of all the available memory (i.e. ram + swap)
  2045. * is less than can be stored in a 32 bit unsigned long then
  2046. * we can be binary compatible with 2.2.x kernels. If not,
  2047. * well, in that case 2.2.x was broken anyways...
  2048. *
  2049. * -Erik Andersen <andersee@debian.org>
  2050. */
  2051. mem_total = info->totalram + info->totalswap;
  2052. if (mem_total < info->totalram || mem_total < info->totalswap)
  2053. goto out;
  2054. bitcount = 0;
  2055. mem_unit = info->mem_unit;
  2056. while (mem_unit > 1) {
  2057. bitcount++;
  2058. mem_unit >>= 1;
  2059. sav_total = mem_total;
  2060. mem_total <<= 1;
  2061. if (mem_total < sav_total)
  2062. goto out;
  2063. }
  2064. /*
  2065. * If mem_total did not overflow, multiply all memory values by
  2066. * info->mem_unit and set it to 1. This leaves things compatible
  2067. * with 2.2.x, and also retains compatibility with earlier 2.4.x
  2068. * kernels...
  2069. */
  2070. info->mem_unit = 1;
  2071. info->totalram <<= bitcount;
  2072. info->freeram <<= bitcount;
  2073. info->sharedram <<= bitcount;
  2074. info->bufferram <<= bitcount;
  2075. info->totalswap <<= bitcount;
  2076. info->freeswap <<= bitcount;
  2077. info->totalhigh <<= bitcount;
  2078. info->freehigh <<= bitcount;
  2079. out:
  2080. return 0;
  2081. }
  2082. SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info)
  2083. {
  2084. struct sysinfo val;
  2085. do_sysinfo(&val);
  2086. if (copy_to_user(info, &val, sizeof(struct sysinfo)))
  2087. return -EFAULT;
  2088. return 0;
  2089. }
  2090. #ifdef CONFIG_COMPAT
  2091. struct compat_sysinfo {
  2092. s32 uptime;
  2093. u32 loads[3];
  2094. u32 totalram;
  2095. u32 freeram;
  2096. u32 sharedram;
  2097. u32 bufferram;
  2098. u32 totalswap;
  2099. u32 freeswap;
  2100. u16 procs;
  2101. u16 pad;
  2102. u32 totalhigh;
  2103. u32 freehigh;
  2104. u32 mem_unit;
  2105. char _f[20-2*sizeof(u32)-sizeof(int)];
  2106. };
  2107. COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info)
  2108. {
  2109. struct sysinfo s;
  2110. do_sysinfo(&s);
  2111. /* Check to see if any memory value is too large for 32-bit and scale
  2112. * down if needed
  2113. */
  2114. if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) {
  2115. int bitcount = 0;
  2116. while (s.mem_unit < PAGE_SIZE) {
  2117. s.mem_unit <<= 1;
  2118. bitcount++;
  2119. }
  2120. s.totalram >>= bitcount;
  2121. s.freeram >>= bitcount;
  2122. s.sharedram >>= bitcount;
  2123. s.bufferram >>= bitcount;
  2124. s.totalswap >>= bitcount;
  2125. s.freeswap >>= bitcount;
  2126. s.totalhigh >>= bitcount;
  2127. s.freehigh >>= bitcount;
  2128. }
  2129. if (!access_ok(VERIFY_WRITE, info, sizeof(struct compat_sysinfo)) ||
  2130. __put_user(s.uptime, &info->uptime) ||
  2131. __put_user(s.loads[0], &info->loads[0]) ||
  2132. __put_user(s.loads[1], &info->loads[1]) ||
  2133. __put_user(s.loads[2], &info->loads[2]) ||
  2134. __put_user(s.totalram, &info->totalram) ||
  2135. __put_user(s.freeram, &info->freeram) ||
  2136. __put_user(s.sharedram, &info->sharedram) ||
  2137. __put_user(s.bufferram, &info->bufferram) ||
  2138. __put_user(s.totalswap, &info->totalswap) ||
  2139. __put_user(s.freeswap, &info->freeswap) ||
  2140. __put_user(s.procs, &info->procs) ||
  2141. __put_user(s.totalhigh, &info->totalhigh) ||
  2142. __put_user(s.freehigh, &info->freehigh) ||
  2143. __put_user(s.mem_unit, &info->mem_unit))
  2144. return -EFAULT;
  2145. return 0;
  2146. }
  2147. #endif /* CONFIG_COMPAT */