syscalls, x86: add __NR_kcmp syscall

While doing the checkpoint-restore in the user space one need to determine whether various kernel objects (like mm_struct-s of file_struct-s) are shared between tasks and restore this state. The 2nd step can be solved by using appropriate CLONE_ flags and the unshare syscall, while there's currently no ways for solving the 1st one. One of the ways for checking whether two tasks share e.g. mm_struct is to provide some mm_struct ID of a task to its proc file, but showing such info considered to be not that good for security reasons. Thus after some debates we end up in conclusion that using that named 'comparison' syscall might be the best candidate. So here is it -- __NR_kcmp. It takes up to 5 arguments - the pids of the two tasks (which characteristics should be compared), the comparison type and (in case of comparison of files) two file descriptors. Lookups for pids are done in the caller's PID namespace only. At moment only x86 is supported and tested. [akpm@linux-foundation.org: fix up selftests, warnings] [akpm@linux-foundation.org: include errno.h] [akpm@linux-foundation.org: tweak comment text] Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Andrey Vagin <avagin@openvz.org> Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Glauber Costa <glommer@parallels.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Tejun Heo <tj@kernel.org> Cc: Matt Helsley <matthltc@us.ibm.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Vasiliy Kulikov <segoon@openwall.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Valdis.Kletnieks@vt.edu Cc: Michal Marek <mmarek@suse.cz> Cc: Frederic Weisbecker <fweisbec@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Cyrill Gorcunov <gorcunov@openvz.org> 2012-05-31 19:26:44 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-05-31 20:49:32 -0400
commit: d97b46a64674a267bc41c9e16132ee2a98c3347d (patch)
tree: 316f77d212c84aef226684eb05d5d33f40743ac9
parent: 818411616baf46ceba0cff6f05af3a9b294734f7 (diff)
10 files changed, 348 insertions, 1 deletions
diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl
index 29f9f0554f7d..7a35a6e71d44 100644
--- a/arch/x86/syscalls/syscall_32.tbl
+++ b/arch/x86/syscalls/syscall_32.tbl
@@ -355,3 +355,4 @@
 346     i386    setns                   sys_setns
 347     i386    process_vm_readv        sys_process_vm_readv            compat_sys_process_vm_readv
 348     i386    process_vm_writev       sys_process_vm_writev           compat_sys_process_vm_writev
+349     i386    kcmp                    sys_kcmp
diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl
index dd29a9ea27c5..51171aeff0dc 100644
--- a/arch/x86/syscalls/syscall_64.tbl
+++ b/arch/x86/syscalls/syscall_64.tbl
@@ -318,6 +318,8 @@
 309     common  getcpu                  sys_getcpu
 310     64      process_vm_readv        sys_process_vm_readv
 311     64      process_vm_writev       sys_process_vm_writev
+312     64      kcmp                    sys_kcmp
 #
 # x32-specific system call numbers start at 512 to avoid cache impact
 # for native 64-bit operation.
diff --git a/include/linux/kcmp.h b/include/linux/kcmp.h
new file mode 100644
index 000000000000..2dcd1b3aafc8
--- /dev/null
+++ b/include/linux/kcmp.h
@@ -0,0 +1,17 @@
+#ifndef _LINUX_KCMP_H
+#define _LINUX_KCMP_H
+/* Comparison type */
+enum kcmp_type {
+        KCMP_FILE,
+        KCMP_VM,
+        KCMP_FILES,
+        KCMP_FS,
+        KCMP_SIGHAND,
+        KCMP_IO,
+        KCMP_SYSVSEM,
+        KCMP_TYPES,
+};
+#endif /* _LINUX_KCMP_H */
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 3de3acb84a95..19439c75c5b2 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -858,4 +858,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
                                      unsigned long riovcnt,
                                      unsigned long flags);
+asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
+                         unsigned long idx1, unsigned long idx2);
 #endif
diff --git a/kernel/Makefile b/kernel/Makefile
index 6c07f30fa9b7..80be6ca0cc75 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -25,6 +25,9 @@ endif
 obj-y += sched/
 obj-y += power/
+ifeq ($(CONFIG_CHECKPOINT_RESTORE),y)
+obj-$(CONFIG_X86) += kcmp.o
+endif
 obj-$(CONFIG_FREEZER) += freezer.o
 obj-$(CONFIG_PROFILING) += profile.o
 obj-$(CONFIG_STACKTRACE) += stacktrace.o
diff --git a/kernel/kcmp.c b/kernel/kcmp.c
new file mode 100644
index 000000000000..30b7b225306c
--- /dev/null
+++ b/kernel/kcmp.c
@@ -0,0 +1,196 @@
+#include <linux/kernel.h>
+#include <linux/syscalls.h>
+#include <linux/fdtable.h>
+#include <linux/string.h>
+#include <linux/random.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/errno.h>
+#include <linux/cache.h>
+#include <linux/bug.h>
+#include <linux/err.h>
+#include <linux/kcmp.h>
+#include <asm/unistd.h>
+/*
+ * We don't expose the real in-memory order of objects for security reasons.
+ * But still the comparison results should be suitable for sorting. So we
+ * obfuscate kernel pointers values and compare the production instead.
+ *
+ * The obfuscation is done in two steps. First we xor the kernel pointer with
+ * a random value, which puts pointer into a new position in a reordered space.
+ * Secondly we multiply the xor production with a large odd random number to
+ * permute its bits even more (the odd multiplier guarantees that the product
+ * is unique ever after the high bits are truncated, since any odd number is
+ * relative prime to 2^n).
+ *
+ * Note also that the obfuscation itself is invisible to userspace and if needed
+ * it can be changed to an alternate scheme.
+ */
+static unsigned long cookies[KCMP_TYPES][2] __read_mostly;
+static long kptr_obfuscate(long v, int type)
+{
+        return (v ^ cookies[type][0]) * cookies[type][1];
+}
+/*
+ * 0 - equal, i.e. v1 = v2
+ * 1 - less than, i.e. v1 < v2
+ * 2 - greater than, i.e. v1 > v2
+ * 3 - not equal but ordering unavailable (reserved for future)
+ */
+static int kcmp_ptr(void *v1, void *v2, enum kcmp_type type)
+{
+        long ret;
+        ret = kptr_obfuscate((long)v1, type) - kptr_obfuscate((long)v2, type);
+        return (ret < 0) | ((ret > 0) << 1);
+}
+/* The caller must have pinned the task */
+static struct file *
+get_file_raw_ptr(struct task_struct *task, unsigned int idx)
+{
+        struct file *file = NULL;
+        task_lock(task);
+        rcu_read_lock();
+        if (task->files)
+                file = fcheck_files(task->files, idx);
+        rcu_read_unlock();
+        task_unlock(task);
+        return file;
+}
+static void kcmp_unlock(struct mutex *m1, struct mutex *m2)
+{
+        if (likely(m2 != m1))
+                mutex_unlock(m2);
+        mutex_unlock(m1);
+}
+static int kcmp_lock(struct mutex *m1, struct mutex *m2)
+{
+        int err;
+        if (m2 > m1)
+                swap(m1, m2);
+        err = mutex_lock_killable(m1);
+        if (!err && likely(m1 != m2)) {
+                err = mutex_lock_killable_nested(m2, SINGLE_DEPTH_NESTING);
+                if (err)
+                        mutex_unlock(m1);
+        }
+        return err;
+}
+SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
+                unsigned long, idx1, unsigned long, idx2)
+{
+        struct task_struct *task1, *task2;
+        int ret;
+        rcu_read_lock();
+        /*
+         * Tasks are looked up in caller's PID namespace only.
+         */
+        task1 = find_task_by_vpid(pid1);
+        task2 = find_task_by_vpid(pid2);
+        if (!task1 || !task2)
+                goto err_no_task;
+        get_task_struct(task1);
+        get_task_struct(task2);
+        rcu_read_unlock();
+        /*
+         * One should have enough rights to inspect task details.
+         */
+        ret = kcmp_lock(&task1->signal->cred_guard_mutex,
+                        &task2->signal->cred_guard_mutex);
+        if (ret)
+                goto err;
+        if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
+            !ptrace_may_access(task2, PTRACE_MODE_READ)) {
+                ret = -EPERM;
+                goto err_unlock;
+        }
+        switch (type) {
+        case KCMP_FILE: {
+                struct file *filp1, *filp2;
+                filp1 = get_file_raw_ptr(task1, idx1);
+                filp2 = get_file_raw_ptr(task2, idx2);
+                if (filp1 && filp2)
+                        ret = kcmp_ptr(filp1, filp2, KCMP_FILE);
+                else
+                        ret = -EBADF;
+                break;
+        }
+        case KCMP_VM:
+                ret = kcmp_ptr(task1->mm, task2->mm, KCMP_VM);
+                break;
+        case KCMP_FILES:
+                ret = kcmp_ptr(task1->files, task2->files, KCMP_FILES);
+                break;
+        case KCMP_FS:
+                ret = kcmp_ptr(task1->fs, task2->fs, KCMP_FS);
+                break;
+        case KCMP_SIGHAND:
+                ret = kcmp_ptr(task1->sighand, task2->sighand, KCMP_SIGHAND);
+                break;
+        case KCMP_IO:
+                ret = kcmp_ptr(task1->io_context, task2->io_context, KCMP_IO);
+                break;
+        case KCMP_SYSVSEM:
+#ifdef CONFIG_SYSVIPC
+                ret = kcmp_ptr(task1->sysvsem.undo_list,
+                               task2->sysvsem.undo_list,
+                               KCMP_SYSVSEM);
+#else
+                ret = -EOPNOTSUPP;
+#endif
+                break;
+        default:
+                ret = -EINVAL;
+                break;
+        }
+err_unlock:
+        kcmp_unlock(&task1->signal->cred_guard_mutex,
+                    &task2->signal->cred_guard_mutex);
+err:
+        put_task_struct(task1);
+        put_task_struct(task2);
+        return ret;
+err_no_task:
+        rcu_read_unlock();
+        return -ESRCH;
+}
+static __init int kcmp_cookies_init(void)
+{
+        int i;
+        get_random_bytes(cookies, sizeof(cookies));
+        for (i = 0; i < KCMP_TYPES; i++)
+                cookies[i][1] |= (~(~0UL >>  1) | 1);
+        return 0;
+}
+arch_initcall(kcmp_cookies_init);
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index 47bfa16430d7..dbff751e4086 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -203,3 +203,6 @@ cond_syscall(sys_fanotify_mark);
 cond_syscall(sys_name_to_handle_at);
 cond_syscall(sys_open_by_handle_at);
 cond_syscall(compat_sys_open_by_handle_at);
+/* compare kernel pointers */
+cond_syscall(sys_kcmp);
diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index 14972017a43e..a4162e15c25f 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -1,4 +1,4 @@
-TARGETS = breakpoints mqueue vm
+TARGETS = breakpoints kcmp mqueue vm
 all:
        for TARGET in $(TARGETS); do \
diff --git a/tools/testing/selftests/kcmp/Makefile b/tools/testing/selftests/kcmp/Makefile
new file mode 100644
index 000000000000..dc79b86ea65c
--- /dev/null
+++ b/tools/testing/selftests/kcmp/Makefile
@@ -0,0 +1,29 @@
+uname_M := $(shell uname -m 2>/dev/null || echo not)
+ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/i386/)
+ifeq ($(ARCH),i386)
+        ARCH := X86
+        CFLAGS := -DCONFIG_X86_32 -D__i386__
+endif
+ifeq ($(ARCH),x86_64)
+        ARCH := X86
+        CFLAGS := -DCONFIG_X86_64 -D__x86_64__
+endif
+CFLAGS += -I../../../../arch/x86/include/generated/
+CFLAGS += -I../../../../include/
+CFLAGS += -I../../../../usr/include/
+CFLAGS += -I../../../../arch/x86/include/
+all:
+ifeq ($(ARCH),X86)
+        gcc $(CFLAGS) kcmp_test.c -o run_test
+else
+        echo "Not an x86 target, can't build kcmp selftest"
+endif
+run-tests: all
+        ./kcmp_test
+clean:
+        rm -fr ./run_test
+        rm -fr ./test-file
diff --git a/tools/testing/selftests/kcmp/kcmp_test.c b/tools/testing/selftests/kcmp/kcmp_test.c
new file mode 100644
index 000000000000..358cc6bfa35d
--- /dev/null
+++ b/tools/testing/selftests/kcmp/kcmp_test.c
@@ -0,0 +1,94 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <limits.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+#include <linux/unistd.h>
+#include <linux/kcmp.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+static long sys_kcmp(int pid1, int pid2, int type, int fd1, int fd2)
+{
+        return syscall(__NR_kcmp, pid1, pid2, type, fd1, fd2);
+}
+int main(int argc, char **argv)
+{
+        const char kpath[] = "kcmp-test-file";
+        int pid1, pid2;
+        int fd1, fd2;
+        int status;
+        fd1 = open(kpath, O_RDWR | O_CREAT | O_TRUNC, 0644);
+        pid1 = getpid();
+        if (fd1 < 0) {
+                perror("Can't create file");
+                exit(1);
+        }
+        pid2 = fork();
+        if (pid2 < 0) {
+                perror("fork failed");
+                exit(1);
+        }
+        if (!pid2) {
+                int pid2 = getpid();
+                int ret;
+                fd2 = open(kpath, O_RDWR, 0644);
+                if (fd2 < 0) {
+                        perror("Can't open file");
+                        exit(1);
+                }
+                /* An example of output and arguments */
+                printf("pid1: %6d pid2: %6d FD: %2ld FILES: %2ld VM: %2ld "
+                       "FS: %2ld SIGHAND: %2ld IO: %2ld SYSVSEM: %2ld "
+                       "INV: %2ld\n",
+                       pid1, pid2,
+                       sys_kcmp(pid1, pid2, KCMP_FILE,          fd1, fd2),
+                       sys_kcmp(pid1, pid2, KCMP_FILES,         0, 0),
+                       sys_kcmp(pid1, pid2, KCMP_VM,            0, 0),
+                       sys_kcmp(pid1, pid2, KCMP_FS,            0, 0),
+                       sys_kcmp(pid1, pid2, KCMP_SIGHAND,       0, 0),
+                       sys_kcmp(pid1, pid2, KCMP_IO,            0, 0),
+                       sys_kcmp(pid1, pid2, KCMP_SYSVSEM,       0, 0),
+                        /* This one should fail */
+                       sys_kcmp(pid1, pid2, KCMP_TYPES + 1,     0, 0));
+                /* This one should return same fd */
+                ret = sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd1);
+                if (ret) {
+                        printf("FAIL: 0 expected but %d returned\n", ret);
+                        ret = -1;
+                } else
+                        printf("PASS: 0 returned as expected\n");
+                /* Compare with self */
+                ret = sys_kcmp(pid1, pid1, KCMP_VM, 0, 0);
+                if (ret) {
+                        printf("FAIL: 0 expected but %li returned\n", ret);
+                        ret = -1;
+                } else
+                        printf("PASS: 0 returned as expected\n");
+                exit(ret);
+        }
+        waitpid(pid2, &status, P_ALL);
+        return 0;
+}
author	Cyrill Gorcunov <gorcunov@openvz.org>	2012-05-31 19:26:44 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-05-31 20:49:32 -0400
commit	d97b46a64674a267bc41c9e16132ee2a98c3347d (patch)
tree	316f77d212c84aef226684eb05d5d33f40743ac9
parent	818411616baf46ceba0cff6f05af3a9b294734f7 (diff)

diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl index 29f9f0554f7d..7a35a6e71d44 100644 --- a/arch/x86/syscalls/syscall_32.tbl +++ b/arch/x86/syscalls/syscall_32.tbl
@@ -355,3 +355,4 @@
355	346 i386 setns sys_setns	355	346 i386 setns sys_setns
356	347 i386 process_vm_readv sys_process_vm_readv compat_sys_process_vm_readv	356	347 i386 process_vm_readv sys_process_vm_readv compat_sys_process_vm_readv
357	348 i386 process_vm_writev sys_process_vm_writev compat_sys_process_vm_writev	357	348 i386 process_vm_writev sys_process_vm_writev compat_sys_process_vm_writev
		358	349 i386 kcmp sys_kcmp


diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl index dd29a9ea27c5..51171aeff0dc 100644 --- a/arch/x86/syscalls/syscall_64.tbl +++ b/arch/x86/syscalls/syscall_64.tbl
@@ -318,6 +318,8 @@
318	309 common getcpu sys_getcpu	318	309 common getcpu sys_getcpu
319	310 64 process_vm_readv sys_process_vm_readv	319	310 64 process_vm_readv sys_process_vm_readv
320	311 64 process_vm_writev sys_process_vm_writev	320	311 64 process_vm_writev sys_process_vm_writev
		321	312 64 kcmp sys_kcmp
		322
321	#	323	#
322	# x32-specific system call numbers start at 512 to avoid cache impact	324	# x32-specific system call numbers start at 512 to avoid cache impact
323	# for native 64-bit operation.	325	# for native 64-bit operation.


diff --git a/include/linux/kcmp.h b/include/linux/kcmp.h new file mode 100644 index 000000000000..2dcd1b3aafc8 --- /dev/null +++ b/include/linux/kcmp.h
@@ -0,0 +1,17 @@
		1	#ifndef _LINUX_KCMP_H
		2	#define _LINUX_KCMP_H
		3
		4	/* Comparison type */
		5	enum kcmp_type {
		6	KCMP_FILE,
		7	KCMP_VM,
		8	KCMP_FILES,
		9	KCMP_FS,
		10	KCMP_SIGHAND,
		11	KCMP_IO,
		12	KCMP_SYSVSEM,
		13
		14	KCMP_TYPES,
		15	};
		16
		17	#endif /* _LINUX_KCMP_H */


diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 3de3acb84a95..19439c75c5b2 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h
@@ -858,4 +858,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
858	unsigned long riovcnt,	858	unsigned long riovcnt,
859	unsigned long flags);	859	unsigned long flags);
860		860
		861	asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
		862	unsigned long idx1, unsigned long idx2);
861	#endif	863	#endif


diff --git a/kernel/Makefile b/kernel/Makefile index 6c07f30fa9b7..80be6ca0cc75 100644 --- a/kernel/Makefile +++ b/kernel/Makefile
@@ -25,6 +25,9 @@ endif
25	obj-y += sched/	25	obj-y += sched/
26	obj-y += power/	26	obj-y += power/
27		27
		28	ifeq ($(CONFIG_CHECKPOINT_RESTORE),y)
		29	obj-$(CONFIG_X86) += kcmp.o
		30	endif
28	obj-$(CONFIG_FREEZER) += freezer.o	31	obj-$(CONFIG_FREEZER) += freezer.o
29	obj-$(CONFIG_PROFILING) += profile.o	32	obj-$(CONFIG_PROFILING) += profile.o
30	obj-$(CONFIG_STACKTRACE) += stacktrace.o	33	obj-$(CONFIG_STACKTRACE) += stacktrace.o


diff --git a/kernel/kcmp.c b/kernel/kcmp.c new file mode 100644 index 000000000000..30b7b225306c --- /dev/null +++ b/kernel/kcmp.c
@@ -0,0 +1,196 @@
		1	#include <linux/kernel.h>
		2	#include <linux/syscalls.h>
		3	#include <linux/fdtable.h>
		4	#include <linux/string.h>
		5	#include <linux/random.h>
		6	#include <linux/module.h>
		7	#include <linux/init.h>
		8	#include <linux/errno.h>
		9	#include <linux/cache.h>
		10	#include <linux/bug.h>
		11	#include <linux/err.h>
		12	#include <linux/kcmp.h>
		13
		14	#include <asm/unistd.h>
		15
		16	/*
		17	* We don't expose the real in-memory order of objects for security reasons.
		18	* But still the comparison results should be suitable for sorting. So we
		19	* obfuscate kernel pointers values and compare the production instead.
		20	*
		21	* The obfuscation is done in two steps. First we xor the kernel pointer with
		22	* a random value, which puts pointer into a new position in a reordered space.
		23	* Secondly we multiply the xor production with a large odd random number to
		24	* permute its bits even more (the odd multiplier guarantees that the product
		25	* is unique ever after the high bits are truncated, since any odd number is
		26	* relative prime to 2^n).
		27	*
		28	* Note also that the obfuscation itself is invisible to userspace and if needed
		29	* it can be changed to an alternate scheme.
		30	*/
		31	static unsigned long cookies[KCMP_TYPES][2] __read_mostly;
		32
		33	static long kptr_obfuscate(long v, int type)
		34	{
		35	return (v ^ cookies[type][0]) * cookies[type][1];
		36	}
		37
		38	/*
		39	* 0 - equal, i.e. v1 = v2
		40	* 1 - less than, i.e. v1 < v2
		41	* 2 - greater than, i.e. v1 > v2
		42	* 3 - not equal but ordering unavailable (reserved for future)
		43	*/
		44	static int kcmp_ptr(void v1, void v2, enum kcmp_type type)
		45	{
		46	long ret;
		47
		48	ret = kptr_obfuscate((long)v1, type) - kptr_obfuscate((long)v2, type);
		49
		50	return (ret < 0) \| ((ret > 0) << 1);
		51	}
		52
		53	/* The caller must have pinned the task */
		54	static struct file *
		55	get_file_raw_ptr(struct task_struct *task, unsigned int idx)
		56	{
		57	struct file *file = NULL;
		58
		59	task_lock(task);
		60	rcu_read_lock();
		61
		62	if (task->files)
		63	file = fcheck_files(task->files, idx);
		64
		65	rcu_read_unlock();
		66	task_unlock(task);
		67
		68	return file;
		69	}
		70
		71	static void kcmp_unlock(struct mutex m1, struct mutex m2)
		72	{
		73	if (likely(m2 != m1))
		74	mutex_unlock(m2);
		75	mutex_unlock(m1);
		76	}
		77
		78	static int kcmp_lock(struct mutex m1, struct mutex m2)
		79	{
		80	int err;
		81
		82	if (m2 > m1)
		83	swap(m1, m2);
		84
		85	err = mutex_lock_killable(m1);
		86	if (!err && likely(m1 != m2)) {
		87	err = mutex_lock_killable_nested(m2, SINGLE_DEPTH_NESTING);
		88	if (err)
		89	mutex_unlock(m1);
		90	}
		91
		92	return err;
		93	}
		94
		95	SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
		96	unsigned long, idx1, unsigned long, idx2)
		97	{
		98	struct task_struct task1, task2;
		99	int ret;
		100
		101	rcu_read_lock();
		102
		103	/*
		104	* Tasks are looked up in caller's PID namespace only.
		105	*/
		106	task1 = find_task_by_vpid(pid1);
		107	task2 = find_task_by_vpid(pid2);
		108	if (!task1 \|\| !task2)
		109	goto err_no_task;
		110
		111	get_task_struct(task1);
		112	get_task_struct(task2);
		113
		114	rcu_read_unlock();
		115
		116	/*
		117	* One should have enough rights to inspect task details.
		118	*/
		119	ret = kcmp_lock(&task1->signal->cred_guard_mutex,
		120	&task2->signal->cred_guard_mutex);
		121	if (ret)
		122	goto err;
		123	if (!ptrace_may_access(task1, PTRACE_MODE_READ) \|\|
		124	!ptrace_may_access(task2, PTRACE_MODE_READ)) {
		125	ret = -EPERM;
		126	goto err_unlock;
		127	}
		128
		129	switch (type) {
		130	case KCMP_FILE: {
		131	struct file filp1, filp2;
		132
		133	filp1 = get_file_raw_ptr(task1, idx1);
		134	filp2 = get_file_raw_ptr(task2, idx2);
		135
		136	if (filp1 && filp2)
		137	ret = kcmp_ptr(filp1, filp2, KCMP_FILE);
		138	else
		139	ret = -EBADF;
		140	break;
		141	}
		142	case KCMP_VM:
		143	ret = kcmp_ptr(task1->mm, task2->mm, KCMP_VM);
		144	break;
		145	case KCMP_FILES:
		146	ret = kcmp_ptr(task1->files, task2->files, KCMP_FILES);
		147	break;
		148	case KCMP_FS:
		149	ret = kcmp_ptr(task1->fs, task2->fs, KCMP_FS);
		150	break;
		151	case KCMP_SIGHAND:
		152	ret = kcmp_ptr(task1->sighand, task2->sighand, KCMP_SIGHAND);
		153	break;
		154	case KCMP_IO:
		155	ret = kcmp_ptr(task1->io_context, task2->io_context, KCMP_IO);
		156	break;
		157	case KCMP_SYSVSEM:
		158	#ifdef CONFIG_SYSVIPC
		159	ret = kcmp_ptr(task1->sysvsem.undo_list,
		160	task2->sysvsem.undo_list,
		161	KCMP_SYSVSEM);
		162	#else
		163	ret = -EOPNOTSUPP;
		164	#endif
		165	break;
		166	default:
		167	ret = -EINVAL;
		168	break;
		169	}
		170
		171	err_unlock:
		172	kcmp_unlock(&task1->signal->cred_guard_mutex,
		173	&task2->signal->cred_guard_mutex);
		174	err:
		175	put_task_struct(task1);
		176	put_task_struct(task2);
		177
		178	return ret;
		179
		180	err_no_task:
		181	rcu_read_unlock();
		182	return -ESRCH;
		183	}
		184
		185	static __init int kcmp_cookies_init(void)
		186	{
		187	int i;
		188
		189	get_random_bytes(cookies, sizeof(cookies));
		190
		191	for (i = 0; i < KCMP_TYPES; i++)
		192	cookies[i][1] \|= (~(~0UL >> 1) \| 1);
		193
		194	return 0;
		195	}
		196	arch_initcall(kcmp_cookies_init);


diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 47bfa16430d7..dbff751e4086 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c
@@ -203,3 +203,6 @@ cond_syscall(sys_fanotify_mark);
203	cond_syscall(sys_name_to_handle_at);	203	cond_syscall(sys_name_to_handle_at);
204	cond_syscall(sys_open_by_handle_at);	204	cond_syscall(sys_open_by_handle_at);
205	cond_syscall(compat_sys_open_by_handle_at);	205	cond_syscall(compat_sys_open_by_handle_at);
		206
		207	/* compare kernel pointers */
		208	cond_syscall(sys_kcmp);


diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 14972017a43e..a4162e15c25f 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile
@@ -1,4 +1,4 @@
1	TARGETS = breakpoints mqueue vm	1	TARGETS = breakpoints kcmp mqueue vm
2		2
3	all:	3	all:
4	for TARGET in $(TARGETS); do \	4	for TARGET in $(TARGETS); do \


diff --git a/tools/testing/selftests/kcmp/Makefile b/tools/testing/selftests/kcmp/Makefile new file mode 100644 index 000000000000..dc79b86ea65c --- /dev/null +++ b/tools/testing/selftests/kcmp/Makefile
@@ -0,0 +1,29 @@
		1	uname_M := $(shell uname -m 2>/dev/null \|\| echo not)
		2	ARCH ?= $(shell echo $(uname_M) \| sed -e s/i.86/i386/)
		3	ifeq ($(ARCH),i386)
		4	ARCH := X86
		5	CFLAGS := -DCONFIG_X86_32 -D__i386__
		6	endif
		7	ifeq ($(ARCH),x86_64)
		8	ARCH := X86
		9	CFLAGS := -DCONFIG_X86_64 -D__x86_64__
		10	endif
		11
		12	CFLAGS += -I../../../../arch/x86/include/generated/
		13	CFLAGS += -I../../../../include/
		14	CFLAGS += -I../../../../usr/include/
		15	CFLAGS += -I../../../../arch/x86/include/
		16
		17	all:
		18	ifeq ($(ARCH),X86)
		19	gcc $(CFLAGS) kcmp_test.c -o run_test
		20	else
		21	echo "Not an x86 target, can't build kcmp selftest"
		22	endif
		23
		24	run-tests: all
		25	./kcmp_test
		26
		27	clean:
		28	rm -fr ./run_test
		29	rm -fr ./test-file


diff --git a/tools/testing/selftests/kcmp/kcmp_test.c b/tools/testing/selftests/kcmp/kcmp_test.c new file mode 100644 index 000000000000..358cc6bfa35d --- /dev/null +++ b/tools/testing/selftests/kcmp/kcmp_test.c
@@ -0,0 +1,94 @@
		1	#define _GNU_SOURCE
		2
		3	#include <stdio.h>
		4	#include <stdlib.h>
		5	#include <signal.h>
		6	#include <limits.h>
		7	#include <unistd.h>
		8	#include <errno.h>
		9	#include <string.h>
		10	#include <fcntl.h>
		11
		12	#include <linux/unistd.h>
		13	#include <linux/kcmp.h>
		14
		15	#include <sys/syscall.h>
		16	#include <sys/types.h>
		17	#include <sys/stat.h>
		18	#include <sys/wait.h>
		19
		20	static long sys_kcmp(int pid1, int pid2, int type, int fd1, int fd2)
		21	{
		22	return syscall(__NR_kcmp, pid1, pid2, type, fd1, fd2);
		23	}
		24
		25	int main(int argc, char **argv)
		26	{
		27	const char kpath[] = "kcmp-test-file";
		28	int pid1, pid2;
		29	int fd1, fd2;
		30	int status;
		31
		32	fd1 = open(kpath, O_RDWR \| O_CREAT \| O_TRUNC, 0644);
		33	pid1 = getpid();
		34
		35	if (fd1 < 0) {
		36	perror("Can't create file");
		37	exit(1);
		38	}
		39
		40	pid2 = fork();
		41	if (pid2 < 0) {
		42	perror("fork failed");
		43	exit(1);
		44	}
		45
		46	if (!pid2) {
		47	int pid2 = getpid();
		48	int ret;
		49
		50	fd2 = open(kpath, O_RDWR, 0644);
		51	if (fd2 < 0) {
		52	perror("Can't open file");
		53	exit(1);
		54	}
		55
		56	/* An example of output and arguments */
		57	printf("pid1: %6d pid2: %6d FD: %2ld FILES: %2ld VM: %2ld "
		58	"FS: %2ld SIGHAND: %2ld IO: %2ld SYSVSEM: %2ld "
		59	"INV: %2ld\n",
		60	pid1, pid2,
		61	sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd2),
		62	sys_kcmp(pid1, pid2, KCMP_FILES, 0, 0),
		63	sys_kcmp(pid1, pid2, KCMP_VM, 0, 0),
		64	sys_kcmp(pid1, pid2, KCMP_FS, 0, 0),
		65	sys_kcmp(pid1, pid2, KCMP_SIGHAND, 0, 0),
		66	sys_kcmp(pid1, pid2, KCMP_IO, 0, 0),
		67	sys_kcmp(pid1, pid2, KCMP_SYSVSEM, 0, 0),
		68
		69	/* This one should fail */
		70	sys_kcmp(pid1, pid2, KCMP_TYPES + 1, 0, 0));
		71
		72	/* This one should return same fd */
		73	ret = sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd1);
		74	if (ret) {
		75	printf("FAIL: 0 expected but %d returned\n", ret);
		76	ret = -1;
		77	} else
		78	printf("PASS: 0 returned as expected\n");
		79
		80	/* Compare with self */
		81	ret = sys_kcmp(pid1, pid1, KCMP_VM, 0, 0);
		82	if (ret) {
		83	printf("FAIL: 0 expected but %li returned\n", ret);
		84	ret = -1;
		85	} else
		86	printf("PASS: 0 returned as expected\n");
		87
		88	exit(ret);
		89	}
		90
		91	waitpid(pid2, &status, P_ALL);
		92
		93	return 0;
		94	}