IPC: consolidate all xxxctl_down() functions

semctl_down(), msgctl_down() and shmctl_down() are used to handle the same set of commands for each kind of IPC. They all start to do the same job (they retrieve the ipc and do some permission checks) before handling the commands on their own. This patch proposes to consolidate this by moving these same pieces of code into one common function called ipcctl_pre_down(). It simplifies a little these xxxctl_down() functions and increases a little the maintainability. Signed-off-by: Pierre Peiffer <pierre.peiffer@bull.net> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Nadia Derbey <Nadia.Derbey@bull.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Pierre Peiffer <pierre.peiffer@bull.net> 2008-04-29 04:00:54 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29 11:06:14 -0400
commit: a5f75e7f256f75759ec3d6dbef0ba932f1b397d2 (patch)
tree: 89b2ed22547a9fca11f87eb6cba68bb84fcf1b8a /ipc/util.c
parent: 8f4a3809c18ff3107bdbb1fabe3f4e5d2a928321 (diff)
1 files changed, 51 insertions, 0 deletions
diff --git a/ipc/util.c b/ipc/util.c
index dc8943aa9719..c4f1d33b89e4 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -824,6 +824,57 @@ void ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out)
                | (in->mode & S_IRWXUGO);
 }
+/**
+ * ipcctl_pre_down - retrieve an ipc and check permissions for some IPC_XXX cmd
+ * @ids:  the table of ids where to look for the ipc
+ * @id:   the id of the ipc to retrieve
+ * @cmd:  the cmd to check
+ * @perm: the permission to set
+ * @extra_perm: one extra permission parameter used by msq
+ *
+ * This function does some common audit and permissions check for some IPC_XXX
+ * cmd and is called from semctl_down, shmctl_down and msgctl_down.
+ * It must be called without any lock held and
+ *  - retrieves the ipc with the given id in the given table.
+ *  - performs some audit and permission check, depending on the given cmd
+ *  - returns the ipc with both ipc and rw_mutex locks held in case of success
+ *    or an err-code without any lock held otherwise.
+ */
+struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd,
+                                      struct ipc64_perm *perm, int extra_perm)
+{
+        struct kern_ipc_perm *ipcp;
+        int err;
+        down_write(&ids->rw_mutex);
+        ipcp = ipc_lock_check_down(ids, id);
+        if (IS_ERR(ipcp)) {
+                err = PTR_ERR(ipcp);
+                goto out_up;
+        }
+        err = audit_ipc_obj(ipcp);
+        if (err)
+                goto out_unlock;
+        if (cmd == IPC_SET) {
+                err = audit_ipc_set_perm(extra_perm, perm->uid,
+                                         perm->gid, perm->mode);
+                if (err)
+                        goto out_unlock;
+        }
+        if (current->euid == ipcp->cuid ||
+            current->euid == ipcp->uid || capable(CAP_SYS_ADMIN))
+                return ipcp;
+        err = -EPERM;
+out_unlock:
+        ipc_unlock(ipcp);
+out_up:
+        up_write(&ids->rw_mutex);
+        return ERR_PTR(err);
+}
 #ifdef __ARCH_WANT_IPC_PARSE_VERSION
author	Pierre Peiffer <pierre.peiffer@bull.net>	2008-04-29 04:00:54 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-29 11:06:14 -0400
commit	a5f75e7f256f75759ec3d6dbef0ba932f1b397d2 (patch)
tree	89b2ed22547a9fca11f87eb6cba68bb84fcf1b8a /ipc/util.c
parent	8f4a3809c18ff3107bdbb1fabe3f4e5d2a928321 (diff)

diff --git a/ipc/util.c b/ipc/util.c index dc8943aa9719..c4f1d33b89e4 100644 --- a/ipc/util.c +++ b/ipc/util.c
@@ -824,6 +824,57 @@ void ipc_update_perm(struct ipc64_perm in, struct kern_ipc_perm out)
824	\| (in->mode & S_IRWXUGO);	824	\| (in->mode & S_IRWXUGO);
825	}	825	}
826		826
		827	/**
		828	* ipcctl_pre_down - retrieve an ipc and check permissions for some IPC_XXX cmd
		829	* @ids: the table of ids where to look for the ipc
		830	* @id: the id of the ipc to retrieve
		831	* @cmd: the cmd to check
		832	* @perm: the permission to set
		833	* @extra_perm: one extra permission parameter used by msq
		834	*
		835	* This function does some common audit and permissions check for some IPC_XXX
		836	* cmd and is called from semctl_down, shmctl_down and msgctl_down.
		837	* It must be called without any lock held and
		838	* - retrieves the ipc with the given id in the given table.
		839	* - performs some audit and permission check, depending on the given cmd
		840	* - returns the ipc with both ipc and rw_mutex locks held in case of success
		841	* or an err-code without any lock held otherwise.
		842	*/
		843	struct kern_ipc_perm ipcctl_pre_down(struct ipc_ids ids, int id, int cmd,
		844	struct ipc64_perm *perm, int extra_perm)
		845	{
		846	struct kern_ipc_perm *ipcp;
		847	int err;
		848
		849	down_write(&ids->rw_mutex);
		850	ipcp = ipc_lock_check_down(ids, id);
		851	if (IS_ERR(ipcp)) {
		852	err = PTR_ERR(ipcp);
		853	goto out_up;
		854	}
		855
		856	err = audit_ipc_obj(ipcp);
		857	if (err)
		858	goto out_unlock;
		859
		860	if (cmd == IPC_SET) {
		861	err = audit_ipc_set_perm(extra_perm, perm->uid,
		862	perm->gid, perm->mode);
		863	if (err)
		864	goto out_unlock;
		865	}
		866	if (current->euid == ipcp->cuid \|\|
		867	current->euid == ipcp->uid \|\| capable(CAP_SYS_ADMIN))
		868	return ipcp;
		869
		870	err = -EPERM;
		871	out_unlock:
		872	ipc_unlock(ipcp);
		873	out_up:
		874	up_write(&ids->rw_mutex);
		875	return ERR_PTR(err);
		876	}
		877
827	#ifdef __ARCH_WANT_IPC_PARSE_VERSION	878	#ifdef __ARCH_WANT_IPC_PARSE_VERSION
828		879
829		880