aboutsummaryrefslogtreecommitdiffstats
path: root/ipc/msg.c
diff options
context:
space:
mode:
Diffstat (limited to 'ipc/msg.c')
-rw-r--r--ipc/msg.c389
1 files changed, 205 insertions, 184 deletions
diff --git a/ipc/msg.c b/ipc/msg.c
index cd92d342953e..2b4fccf8ea55 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -1,6 +1,6 @@
1/* 1/*
2 * linux/ipc/msg.c 2 * linux/ipc/msg.c
3 * Copyright (C) 1992 Krishna Balasubramanian 3 * Copyright (C) 1992 Krishna Balasubramanian
4 * 4 *
5 * Removed all the remaining kerneld mess 5 * Removed all the remaining kerneld mess
6 * Catch the -EFAULT stuff properly 6 * Catch the -EFAULT stuff properly
@@ -41,22 +41,24 @@ int msg_ctlmax = MSGMAX;
41int msg_ctlmnb = MSGMNB; 41int msg_ctlmnb = MSGMNB;
42int msg_ctlmni = MSGMNI; 42int msg_ctlmni = MSGMNI;
43 43
44/* one msg_receiver structure for each sleeping receiver */ 44/*
45 * one msg_receiver structure for each sleeping receiver:
46 */
45struct msg_receiver { 47struct msg_receiver {
46 struct list_head r_list; 48 struct list_head r_list;
47 struct task_struct* r_tsk; 49 struct task_struct *r_tsk;
48 50
49 int r_mode; 51 int r_mode;
50 long r_msgtype; 52 long r_msgtype;
51 long r_maxsize; 53 long r_maxsize;
52 54
53 struct msg_msg* volatile r_msg; 55 volatile struct msg_msg *r_msg;
54}; 56};
55 57
56/* one msg_sender for each sleeping sender */ 58/* one msg_sender for each sleeping sender */
57struct msg_sender { 59struct msg_sender {
58 struct list_head list; 60 struct list_head list;
59 struct task_struct* tsk; 61 struct task_struct *tsk;
60}; 62};
61 63
62#define SEARCH_ANY 1 64#define SEARCH_ANY 1
@@ -64,45 +66,42 @@ struct msg_sender {
64#define SEARCH_NOTEQUAL 3 66#define SEARCH_NOTEQUAL 3
65#define SEARCH_LESSEQUAL 4 67#define SEARCH_LESSEQUAL 4
66 68
67static atomic_t msg_bytes = ATOMIC_INIT(0); 69static atomic_t msg_bytes = ATOMIC_INIT(0);
68static atomic_t msg_hdrs = ATOMIC_INIT(0); 70static atomic_t msg_hdrs = ATOMIC_INIT(0);
69 71
70static struct ipc_ids msg_ids; 72static struct ipc_ids msg_ids;
71 73
72#define msg_lock(id) ((struct msg_queue*)ipc_lock(&msg_ids,id)) 74#define msg_lock(id) ((struct msg_queue *)ipc_lock(&msg_ids, id))
73#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) 75#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm)
74#define msg_rmid(id) ((struct msg_queue*)ipc_rmid(&msg_ids,id)) 76#define msg_rmid(id) ((struct msg_queue *)ipc_rmid(&msg_ids, id))
75#define msg_checkid(msq, msgid) \ 77#define msg_checkid(msq, msgid) ipc_checkid(&msg_ids, &msq->q_perm, msgid)
76 ipc_checkid(&msg_ids,&msq->q_perm,msgid) 78#define msg_buildid(id, seq) ipc_buildid(&msg_ids, id, seq)
77#define msg_buildid(id, seq) \
78 ipc_buildid(&msg_ids, id, seq)
79 79
80static void freeque (struct msg_queue *msq, int id); 80static void freeque(struct msg_queue *msq, int id);
81static int newque (key_t key, int msgflg); 81static int newque(key_t key, int msgflg);
82#ifdef CONFIG_PROC_FS 82#ifdef CONFIG_PROC_FS
83static int sysvipc_msg_proc_show(struct seq_file *s, void *it); 83static int sysvipc_msg_proc_show(struct seq_file *s, void *it);
84#endif 84#endif
85 85
86void __init msg_init (void) 86void __init msg_init(void)
87{ 87{
88 ipc_init_ids(&msg_ids,msg_ctlmni); 88 ipc_init_ids(&msg_ids, msg_ctlmni);
89 ipc_init_proc_interface("sysvipc/msg", 89 ipc_init_proc_interface("sysvipc/msg",
90 " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", 90 " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n",
91 &msg_ids, 91 &msg_ids,
92 sysvipc_msg_proc_show); 92 sysvipc_msg_proc_show);
93} 93}
94 94
95static int newque (key_t key, int msgflg) 95static int newque(key_t key, int msgflg)
96{ 96{
97 int id;
98 int retval;
99 struct msg_queue *msq; 97 struct msg_queue *msq;
98 int id, retval;
100 99
101 msq = ipc_rcu_alloc(sizeof(*msq)); 100 msq = ipc_rcu_alloc(sizeof(*msq));
102 if (!msq) 101 if (!msq)
103 return -ENOMEM; 102 return -ENOMEM;
104 103
105 msq->q_perm.mode = (msgflg & S_IRWXUGO); 104 msq->q_perm.mode = msgflg & S_IRWXUGO;
106 msq->q_perm.key = key; 105 msq->q_perm.key = key;
107 106
108 msq->q_perm.security = NULL; 107 msq->q_perm.security = NULL;
@@ -113,13 +112,13 @@ static int newque (key_t key, int msgflg)
113 } 112 }
114 113
115 id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni); 114 id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
116 if(id == -1) { 115 if (id == -1) {
117 security_msg_queue_free(msq); 116 security_msg_queue_free(msq);
118 ipc_rcu_putref(msq); 117 ipc_rcu_putref(msq);
119 return -ENOSPC; 118 return -ENOSPC;
120 } 119 }
121 120
122 msq->q_id = msg_buildid(id,msq->q_perm.seq); 121 msq->q_id = msg_buildid(id, msq->q_perm.seq);
123 msq->q_stime = msq->q_rtime = 0; 122 msq->q_stime = msq->q_rtime = 0;
124 msq->q_ctime = get_seconds(); 123 msq->q_ctime = get_seconds();
125 msq->q_cbytes = msq->q_qnum = 0; 124 msq->q_cbytes = msq->q_qnum = 0;
@@ -133,44 +132,44 @@ static int newque (key_t key, int msgflg)
133 return msq->q_id; 132 return msq->q_id;
134} 133}
135 134
136static inline void ss_add(struct msg_queue* msq, struct msg_sender* mss) 135static inline void ss_add(struct msg_queue *msq, struct msg_sender *mss)
137{ 136{
138 mss->tsk=current; 137 mss->tsk = current;
139 current->state=TASK_INTERRUPTIBLE; 138 current->state = TASK_INTERRUPTIBLE;
140 list_add_tail(&mss->list,&msq->q_senders); 139 list_add_tail(&mss->list, &msq->q_senders);
141} 140}
142 141
143static inline void ss_del(struct msg_sender* mss) 142static inline void ss_del(struct msg_sender *mss)
144{ 143{
145 if(mss->list.next != NULL) 144 if (mss->list.next != NULL)
146 list_del(&mss->list); 145 list_del(&mss->list);
147} 146}
148 147
149static void ss_wakeup(struct list_head* h, int kill) 148static void ss_wakeup(struct list_head *h, int kill)
150{ 149{
151 struct list_head *tmp; 150 struct list_head *tmp;
152 151
153 tmp = h->next; 152 tmp = h->next;
154 while (tmp != h) { 153 while (tmp != h) {
155 struct msg_sender* mss; 154 struct msg_sender *mss;
156 155
157 mss = list_entry(tmp,struct msg_sender,list); 156 mss = list_entry(tmp, struct msg_sender, list);
158 tmp = tmp->next; 157 tmp = tmp->next;
159 if(kill) 158 if (kill)
160 mss->list.next=NULL; 159 mss->list.next = NULL;
161 wake_up_process(mss->tsk); 160 wake_up_process(mss->tsk);
162 } 161 }
163} 162}
164 163
165static void expunge_all(struct msg_queue* msq, int res) 164static void expunge_all(struct msg_queue *msq, int res)
166{ 165{
167 struct list_head *tmp; 166 struct list_head *tmp;
168 167
169 tmp = msq->q_receivers.next; 168 tmp = msq->q_receivers.next;
170 while (tmp != &msq->q_receivers) { 169 while (tmp != &msq->q_receivers) {
171 struct msg_receiver* msr; 170 struct msg_receiver *msr;
172 171
173 msr = list_entry(tmp,struct msg_receiver,r_list); 172 msr = list_entry(tmp, struct msg_receiver, r_list);
174 tmp = tmp->next; 173 tmp = tmp->next;
175 msr->r_msg = NULL; 174 msr->r_msg = NULL;
176 wake_up_process(msr->r_tsk); 175 wake_up_process(msr->r_tsk);
@@ -178,26 +177,28 @@ static void expunge_all(struct msg_queue* msq, int res)
178 msr->r_msg = ERR_PTR(res); 177 msr->r_msg = ERR_PTR(res);
179 } 178 }
180} 179}
181/* 180
182 * freeque() wakes up waiters on the sender and receiver waiting queue, 181/*
183 * removes the message queue from message queue ID 182 * freeque() wakes up waiters on the sender and receiver waiting queue,
183 * removes the message queue from message queue ID
184 * array, and cleans up all the messages associated with this queue. 184 * array, and cleans up all the messages associated with this queue.
185 * 185 *
186 * msg_ids.mutex and the spinlock for this message queue is hold 186 * msg_ids.mutex and the spinlock for this message queue is hold
187 * before freeque() is called. msg_ids.mutex remains locked on exit. 187 * before freeque() is called. msg_ids.mutex remains locked on exit.
188 */ 188 */
189static void freeque (struct msg_queue *msq, int id) 189static void freeque(struct msg_queue *msq, int id)
190{ 190{
191 struct list_head *tmp; 191 struct list_head *tmp;
192 192
193 expunge_all(msq,-EIDRM); 193 expunge_all(msq, -EIDRM);
194 ss_wakeup(&msq->q_senders,1); 194 ss_wakeup(&msq->q_senders, 1);
195 msq = msg_rmid(id); 195 msq = msg_rmid(id);
196 msg_unlock(msq); 196 msg_unlock(msq);
197 197
198 tmp = msq->q_messages.next; 198 tmp = msq->q_messages.next;
199 while(tmp != &msq->q_messages) { 199 while (tmp != &msq->q_messages) {
200 struct msg_msg* msg = list_entry(tmp,struct msg_msg,m_list); 200 struct msg_msg *msg = list_entry(tmp, struct msg_msg, m_list);
201
201 tmp = tmp->next; 202 tmp = tmp->next;
202 atomic_dec(&msg_hdrs); 203 atomic_dec(&msg_hdrs);
203 free_msg(msg); 204 free_msg(msg);
@@ -207,10 +208,10 @@ static void freeque (struct msg_queue *msq, int id)
207 ipc_rcu_putref(msq); 208 ipc_rcu_putref(msq);
208} 209}
209 210
210asmlinkage long sys_msgget (key_t key, int msgflg) 211asmlinkage long sys_msgget(key_t key, int msgflg)
211{ 212{
212 int id, ret = -EPERM;
213 struct msg_queue *msq; 213 struct msg_queue *msq;
214 int id, ret = -EPERM;
214 215
215 mutex_lock(&msg_ids.mutex); 216 mutex_lock(&msg_ids.mutex);
216 if (key == IPC_PRIVATE) 217 if (key == IPC_PRIVATE)
@@ -224,31 +225,34 @@ asmlinkage long sys_msgget (key_t key, int msgflg)
224 ret = -EEXIST; 225 ret = -EEXIST;
225 } else { 226 } else {
226 msq = msg_lock(id); 227 msq = msg_lock(id);
227 BUG_ON(msq==NULL); 228 BUG_ON(msq == NULL);
228 if (ipcperms(&msq->q_perm, msgflg)) 229 if (ipcperms(&msq->q_perm, msgflg))
229 ret = -EACCES; 230 ret = -EACCES;
230 else { 231 else {
231 int qid = msg_buildid(id, msq->q_perm.seq); 232 int qid = msg_buildid(id, msq->q_perm.seq);
232 ret = security_msg_queue_associate(msq, msgflg); 233
234 ret = security_msg_queue_associate(msq, msgflg);
233 if (!ret) 235 if (!ret)
234 ret = qid; 236 ret = qid;
235 } 237 }
236 msg_unlock(msq); 238 msg_unlock(msq);
237 } 239 }
238 mutex_unlock(&msg_ids.mutex); 240 mutex_unlock(&msg_ids.mutex);
241
239 return ret; 242 return ret;
240} 243}
241 244
242static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version) 245static inline unsigned long
246copy_msqid_to_user(void __user *buf, struct msqid64_ds *in, int version)
243{ 247{
244 switch(version) { 248 switch(version) {
245 case IPC_64: 249 case IPC_64:
246 return copy_to_user (buf, in, sizeof(*in)); 250 return copy_to_user(buf, in, sizeof(*in));
247 case IPC_OLD: 251 case IPC_OLD:
248 { 252 {
249 struct msqid_ds out; 253 struct msqid_ds out;
250 254
251 memset(&out,0,sizeof(out)); 255 memset(&out, 0, sizeof(out));
252 256
253 ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm); 257 ipc64_perm_to_ipc_perm(&in->msg_perm, &out.msg_perm);
254 258
@@ -256,18 +260,18 @@ static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_
256 out.msg_rtime = in->msg_rtime; 260 out.msg_rtime = in->msg_rtime;
257 out.msg_ctime = in->msg_ctime; 261 out.msg_ctime = in->msg_ctime;
258 262
259 if(in->msg_cbytes > USHRT_MAX) 263 if (in->msg_cbytes > USHRT_MAX)
260 out.msg_cbytes = USHRT_MAX; 264 out.msg_cbytes = USHRT_MAX;
261 else 265 else
262 out.msg_cbytes = in->msg_cbytes; 266 out.msg_cbytes = in->msg_cbytes;
263 out.msg_lcbytes = in->msg_cbytes; 267 out.msg_lcbytes = in->msg_cbytes;
264 268
265 if(in->msg_qnum > USHRT_MAX) 269 if (in->msg_qnum > USHRT_MAX)
266 out.msg_qnum = USHRT_MAX; 270 out.msg_qnum = USHRT_MAX;
267 else 271 else
268 out.msg_qnum = in->msg_qnum; 272 out.msg_qnum = in->msg_qnum;
269 273
270 if(in->msg_qbytes > USHRT_MAX) 274 if (in->msg_qbytes > USHRT_MAX)
271 out.msg_qbytes = USHRT_MAX; 275 out.msg_qbytes = USHRT_MAX;
272 else 276 else
273 out.msg_qbytes = in->msg_qbytes; 277 out.msg_qbytes = in->msg_qbytes;
@@ -276,8 +280,8 @@ static inline unsigned long copy_msqid_to_user(void __user *buf, struct msqid64_
276 out.msg_lspid = in->msg_lspid; 280 out.msg_lspid = in->msg_lspid;
277 out.msg_lrpid = in->msg_lrpid; 281 out.msg_lrpid = in->msg_lrpid;
278 282
279 return copy_to_user (buf, &out, sizeof(out)); 283 return copy_to_user(buf, &out, sizeof(out));
280 } 284 }
281 default: 285 default:
282 return -EINVAL; 286 return -EINVAL;
283 } 287 }
@@ -290,14 +294,15 @@ struct msq_setbuf {
290 mode_t mode; 294 mode_t mode;
291}; 295};
292 296
293static inline unsigned long copy_msqid_from_user(struct msq_setbuf *out, void __user *buf, int version) 297static inline unsigned long
298copy_msqid_from_user(struct msq_setbuf *out, void __user *buf, int version)
294{ 299{
295 switch(version) { 300 switch(version) {
296 case IPC_64: 301 case IPC_64:
297 { 302 {
298 struct msqid64_ds tbuf; 303 struct msqid64_ds tbuf;
299 304
300 if (copy_from_user (&tbuf, buf, sizeof (tbuf))) 305 if (copy_from_user(&tbuf, buf, sizeof(tbuf)))
301 return -EFAULT; 306 return -EFAULT;
302 307
303 out->qbytes = tbuf.msg_qbytes; 308 out->qbytes = tbuf.msg_qbytes;
@@ -306,60 +311,61 @@ static inline unsigned long copy_msqid_from_user(struct msq_setbuf *out, void __
306 out->mode = tbuf.msg_perm.mode; 311 out->mode = tbuf.msg_perm.mode;
307 312
308 return 0; 313 return 0;
309 } 314 }
310 case IPC_OLD: 315 case IPC_OLD:
311 { 316 {
312 struct msqid_ds tbuf_old; 317 struct msqid_ds tbuf_old;
313 318
314 if (copy_from_user (&tbuf_old, buf, sizeof (tbuf_old))) 319 if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old)))
315 return -EFAULT; 320 return -EFAULT;
316 321
317 out->uid = tbuf_old.msg_perm.uid; 322 out->uid = tbuf_old.msg_perm.uid;
318 out->gid = tbuf_old.msg_perm.gid; 323 out->gid = tbuf_old.msg_perm.gid;
319 out->mode = tbuf_old.msg_perm.mode; 324 out->mode = tbuf_old.msg_perm.mode;
320 325
321 if(tbuf_old.msg_qbytes == 0) 326 if (tbuf_old.msg_qbytes == 0)
322 out->qbytes = tbuf_old.msg_lqbytes; 327 out->qbytes = tbuf_old.msg_lqbytes;
323 else 328 else
324 out->qbytes = tbuf_old.msg_qbytes; 329 out->qbytes = tbuf_old.msg_qbytes;
325 330
326 return 0; 331 return 0;
327 } 332 }
328 default: 333 default:
329 return -EINVAL; 334 return -EINVAL;
330 } 335 }
331} 336}
332 337
333asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) 338asmlinkage long sys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf)
334{ 339{
335 int err, version;
336 struct msg_queue *msq;
337 struct msq_setbuf setbuf;
338 struct kern_ipc_perm *ipcp; 340 struct kern_ipc_perm *ipcp;
339 341 struct msq_setbuf setbuf;
342 struct msg_queue *msq;
343 int err, version;
344
340 if (msqid < 0 || cmd < 0) 345 if (msqid < 0 || cmd < 0)
341 return -EINVAL; 346 return -EINVAL;
342 347
343 version = ipc_parse_version(&cmd); 348 version = ipc_parse_version(&cmd);
344 349
345 switch (cmd) { 350 switch (cmd) {
346 case IPC_INFO: 351 case IPC_INFO:
347 case MSG_INFO: 352 case MSG_INFO:
348 { 353 {
349 struct msginfo msginfo; 354 struct msginfo msginfo;
350 int max_id; 355 int max_id;
356
351 if (!buf) 357 if (!buf)
352 return -EFAULT; 358 return -EFAULT;
353 /* We must not return kernel stack data. 359 /*
360 * We must not return kernel stack data.
354 * due to padding, it's not enough 361 * due to padding, it's not enough
355 * to set all member fields. 362 * to set all member fields.
356 */ 363 */
357
358 err = security_msg_queue_msgctl(NULL, cmd); 364 err = security_msg_queue_msgctl(NULL, cmd);
359 if (err) 365 if (err)
360 return err; 366 return err;
361 367
362 memset(&msginfo,0,sizeof(msginfo)); 368 memset(&msginfo, 0, sizeof(msginfo));
363 msginfo.msgmni = msg_ctlmni; 369 msginfo.msgmni = msg_ctlmni;
364 msginfo.msgmax = msg_ctlmax; 370 msginfo.msgmax = msg_ctlmax;
365 msginfo.msgmnb = msg_ctlmnb; 371 msginfo.msgmnb = msg_ctlmnb;
@@ -377,36 +383,37 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
377 } 383 }
378 max_id = msg_ids.max_id; 384 max_id = msg_ids.max_id;
379 mutex_unlock(&msg_ids.mutex); 385 mutex_unlock(&msg_ids.mutex);
380 if (copy_to_user (buf, &msginfo, sizeof(struct msginfo))) 386 if (copy_to_user(buf, &msginfo, sizeof(struct msginfo)))
381 return -EFAULT; 387 return -EFAULT;
382 return (max_id < 0) ? 0: max_id; 388 return (max_id < 0) ? 0 : max_id;
383 } 389 }
384 case MSG_STAT: 390 case MSG_STAT:
385 case IPC_STAT: 391 case IPC_STAT:
386 { 392 {
387 struct msqid64_ds tbuf; 393 struct msqid64_ds tbuf;
388 int success_return; 394 int success_return;
395
389 if (!buf) 396 if (!buf)
390 return -EFAULT; 397 return -EFAULT;
391 if(cmd == MSG_STAT && msqid >= msg_ids.entries->size) 398 if (cmd == MSG_STAT && msqid >= msg_ids.entries->size)
392 return -EINVAL; 399 return -EINVAL;
393 400
394 memset(&tbuf,0,sizeof(tbuf)); 401 memset(&tbuf, 0, sizeof(tbuf));
395 402
396 msq = msg_lock(msqid); 403 msq = msg_lock(msqid);
397 if (msq == NULL) 404 if (msq == NULL)
398 return -EINVAL; 405 return -EINVAL;
399 406
400 if(cmd == MSG_STAT) { 407 if (cmd == MSG_STAT) {
401 success_return = msg_buildid(msqid, msq->q_perm.seq); 408 success_return = msg_buildid(msqid, msq->q_perm.seq);
402 } else { 409 } else {
403 err = -EIDRM; 410 err = -EIDRM;
404 if (msg_checkid(msq,msqid)) 411 if (msg_checkid(msq, msqid))
405 goto out_unlock; 412 goto out_unlock;
406 success_return = 0; 413 success_return = 0;
407 } 414 }
408 err = -EACCES; 415 err = -EACCES;
409 if (ipcperms (&msq->q_perm, S_IRUGO)) 416 if (ipcperms(&msq->q_perm, S_IRUGO))
410 goto out_unlock; 417 goto out_unlock;
411 418
412 err = security_msg_queue_msgctl(msq, cmd); 419 err = security_msg_queue_msgctl(msq, cmd);
@@ -430,7 +437,7 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
430 case IPC_SET: 437 case IPC_SET:
431 if (!buf) 438 if (!buf)
432 return -EFAULT; 439 return -EFAULT;
433 if (copy_msqid_from_user (&setbuf, buf, version)) 440 if (copy_msqid_from_user(&setbuf, buf, version))
434 return -EFAULT; 441 return -EFAULT;
435 break; 442 break;
436 case IPC_RMID: 443 case IPC_RMID:
@@ -441,12 +448,12 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
441 448
442 mutex_lock(&msg_ids.mutex); 449 mutex_lock(&msg_ids.mutex);
443 msq = msg_lock(msqid); 450 msq = msg_lock(msqid);
444 err=-EINVAL; 451 err = -EINVAL;
445 if (msq == NULL) 452 if (msq == NULL)
446 goto out_up; 453 goto out_up;
447 454
448 err = -EIDRM; 455 err = -EIDRM;
449 if (msg_checkid(msq,msqid)) 456 if (msg_checkid(msq, msqid))
450 goto out_unlock_up; 457 goto out_unlock_up;
451 ipcp = &msq->q_perm; 458 ipcp = &msq->q_perm;
452 459
@@ -454,15 +461,16 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
454 if (err) 461 if (err)
455 goto out_unlock_up; 462 goto out_unlock_up;
456 if (cmd==IPC_SET) { 463 if (cmd==IPC_SET) {
457 err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode); 464 err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid,
465 setbuf.mode);
458 if (err) 466 if (err)
459 goto out_unlock_up; 467 goto out_unlock_up;
460 } 468 }
461 469
462 err = -EPERM; 470 err = -EPERM;
463 if (current->euid != ipcp->cuid && 471 if (current->euid != ipcp->cuid &&
464 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) 472 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN))
465 /* We _could_ check for CAP_CHOWN above, but we don't */ 473 /* We _could_ check for CAP_CHOWN above, but we don't */
466 goto out_unlock_up; 474 goto out_unlock_up;
467 475
468 err = security_msg_queue_msgctl(msq, cmd); 476 err = security_msg_queue_msgctl(msq, cmd);
@@ -480,22 +488,22 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
480 488
481 ipcp->uid = setbuf.uid; 489 ipcp->uid = setbuf.uid;
482 ipcp->gid = setbuf.gid; 490 ipcp->gid = setbuf.gid;
483 ipcp->mode = (ipcp->mode & ~S_IRWXUGO) | 491 ipcp->mode = (ipcp->mode & ~S_IRWXUGO) |
484 (S_IRWXUGO & setbuf.mode); 492 (S_IRWXUGO & setbuf.mode);
485 msq->q_ctime = get_seconds(); 493 msq->q_ctime = get_seconds();
486 /* sleeping receivers might be excluded by 494 /* sleeping receivers might be excluded by
487 * stricter permissions. 495 * stricter permissions.
488 */ 496 */
489 expunge_all(msq,-EAGAIN); 497 expunge_all(msq, -EAGAIN);
490 /* sleeping senders might be able to send 498 /* sleeping senders might be able to send
491 * due to a larger queue size. 499 * due to a larger queue size.
492 */ 500 */
493 ss_wakeup(&msq->q_senders,0); 501 ss_wakeup(&msq->q_senders, 0);
494 msg_unlock(msq); 502 msg_unlock(msq);
495 break; 503 break;
496 } 504 }
497 case IPC_RMID: 505 case IPC_RMID:
498 freeque (msq, msqid); 506 freeque(msq, msqid);
499 break; 507 break;
500 } 508 }
501 err = 0; 509 err = 0;
@@ -510,41 +518,44 @@ out_unlock:
510 return err; 518 return err;
511} 519}
512 520
513static int testmsg(struct msg_msg* msg,long type,int mode) 521static int testmsg(struct msg_msg *msg, long type, int mode)
514{ 522{
515 switch(mode) 523 switch(mode)
516 { 524 {
517 case SEARCH_ANY: 525 case SEARCH_ANY:
518 return 1; 526 return 1;
519 case SEARCH_LESSEQUAL: 527 case SEARCH_LESSEQUAL:
520 if(msg->m_type <=type) 528 if (msg->m_type <=type)
521 return 1; 529 return 1;
522 break; 530 break;
523 case SEARCH_EQUAL: 531 case SEARCH_EQUAL:
524 if(msg->m_type == type) 532 if (msg->m_type == type)
525 return 1; 533 return 1;
526 break; 534 break;
527 case SEARCH_NOTEQUAL: 535 case SEARCH_NOTEQUAL:
528 if(msg->m_type != type) 536 if (msg->m_type != type)
529 return 1; 537 return 1;
530 break; 538 break;
531 } 539 }
532 return 0; 540 return 0;
533} 541}
534 542
535static inline int pipelined_send(struct msg_queue* msq, struct msg_msg* msg) 543static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg)
536{ 544{
537 struct list_head* tmp; 545 struct list_head *tmp;
538 546
539 tmp = msq->q_receivers.next; 547 tmp = msq->q_receivers.next;
540 while (tmp != &msq->q_receivers) { 548 while (tmp != &msq->q_receivers) {
541 struct msg_receiver* msr; 549 struct msg_receiver *msr;
542 msr = list_entry(tmp,struct msg_receiver,r_list); 550
551 msr = list_entry(tmp, struct msg_receiver, r_list);
543 tmp = tmp->next; 552 tmp = tmp->next;
544 if(testmsg(msg,msr->r_msgtype,msr->r_mode) && 553 if (testmsg(msg, msr->r_msgtype, msr->r_mode) &&
545 !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { 554 !security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
555 msr->r_msgtype, msr->r_mode)) {
556
546 list_del(&msr->r_list); 557 list_del(&msr->r_list);
547 if(msr->r_maxsize < msg->m_ts) { 558 if (msr->r_maxsize < msg->m_ts) {
548 msr->r_msg = NULL; 559 msr->r_msg = NULL;
549 wake_up_process(msr->r_tsk); 560 wake_up_process(msr->r_tsk);
550 smp_mb(); 561 smp_mb();
@@ -556,6 +567,7 @@ static inline int pipelined_send(struct msg_queue* msq, struct msg_msg* msg)
556 wake_up_process(msr->r_tsk); 567 wake_up_process(msr->r_tsk);
557 smp_mb(); 568 smp_mb();
558 msr->r_msg = msg; 569 msr->r_msg = msg;
570
559 return 1; 571 return 1;
560 } 572 }
561 } 573 }
@@ -563,40 +575,41 @@ static inline int pipelined_send(struct msg_queue* msq, struct msg_msg* msg)
563 return 0; 575 return 0;
564} 576}
565 577
566asmlinkage long sys_msgsnd (int msqid, struct msgbuf __user *msgp, size_t msgsz, int msgflg) 578asmlinkage long
579sys_msgsnd(int msqid, struct msgbuf __user *msgp, size_t msgsz, int msgflg)
567{ 580{
568 struct msg_queue *msq; 581 struct msg_queue *msq;
569 struct msg_msg *msg; 582 struct msg_msg *msg;
570 long mtype; 583 long mtype;
571 int err; 584 int err;
572 585
573 if (msgsz > msg_ctlmax || (long) msgsz < 0 || msqid < 0) 586 if (msgsz > msg_ctlmax || (long) msgsz < 0 || msqid < 0)
574 return -EINVAL; 587 return -EINVAL;
575 if (get_user(mtype, &msgp->mtype)) 588 if (get_user(mtype, &msgp->mtype))
576 return -EFAULT; 589 return -EFAULT;
577 if (mtype < 1) 590 if (mtype < 1)
578 return -EINVAL; 591 return -EINVAL;
579 592
580 msg = load_msg(msgp->mtext, msgsz); 593 msg = load_msg(msgp->mtext, msgsz);
581 if(IS_ERR(msg)) 594 if (IS_ERR(msg))
582 return PTR_ERR(msg); 595 return PTR_ERR(msg);
583 596
584 msg->m_type = mtype; 597 msg->m_type = mtype;
585 msg->m_ts = msgsz; 598 msg->m_ts = msgsz;
586 599
587 msq = msg_lock(msqid); 600 msq = msg_lock(msqid);
588 err=-EINVAL; 601 err = -EINVAL;
589 if(msq==NULL) 602 if (msq == NULL)
590 goto out_free; 603 goto out_free;
591 604
592 err= -EIDRM; 605 err= -EIDRM;
593 if (msg_checkid(msq,msqid)) 606 if (msg_checkid(msq, msqid))
594 goto out_unlock_free; 607 goto out_unlock_free;
595 608
596 for (;;) { 609 for (;;) {
597 struct msg_sender s; 610 struct msg_sender s;
598 611
599 err=-EACCES; 612 err = -EACCES;
600 if (ipcperms(&msq->q_perm, S_IWUGO)) 613 if (ipcperms(&msq->q_perm, S_IWUGO))
601 goto out_unlock_free; 614 goto out_unlock_free;
602 615
@@ -604,14 +617,14 @@ asmlinkage long sys_msgsnd (int msqid, struct msgbuf __user *msgp, size_t msgsz,
604 if (err) 617 if (err)
605 goto out_unlock_free; 618 goto out_unlock_free;
606 619
607 if(msgsz + msq->q_cbytes <= msq->q_qbytes && 620 if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
608 1 + msq->q_qnum <= msq->q_qbytes) { 621 1 + msq->q_qnum <= msq->q_qbytes) {
609 break; 622 break;
610 } 623 }
611 624
612 /* queue full, wait: */ 625 /* queue full, wait: */
613 if(msgflg&IPC_NOWAIT) { 626 if (msgflg & IPC_NOWAIT) {
614 err=-EAGAIN; 627 err = -EAGAIN;
615 goto out_unlock_free; 628 goto out_unlock_free;
616 } 629 }
617 ss_add(msq, &s); 630 ss_add(msq, &s);
@@ -626,9 +639,9 @@ asmlinkage long sys_msgsnd (int msqid, struct msgbuf __user *msgp, size_t msgsz,
626 goto out_unlock_free; 639 goto out_unlock_free;
627 } 640 }
628 ss_del(&s); 641 ss_del(&s);
629 642
630 if (signal_pending(current)) { 643 if (signal_pending(current)) {
631 err=-ERESTARTNOHAND; 644 err = -ERESTARTNOHAND;
632 goto out_unlock_free; 645 goto out_unlock_free;
633 } 646 }
634 } 647 }
@@ -636,47 +649,47 @@ asmlinkage long sys_msgsnd (int msqid, struct msgbuf __user *msgp, size_t msgsz,
636 msq->q_lspid = current->tgid; 649 msq->q_lspid = current->tgid;
637 msq->q_stime = get_seconds(); 650 msq->q_stime = get_seconds();
638 651
639 if(!pipelined_send(msq,msg)) { 652 if (!pipelined_send(msq, msg)) {
640 /* noone is waiting for this message, enqueue it */ 653 /* noone is waiting for this message, enqueue it */
641 list_add_tail(&msg->m_list,&msq->q_messages); 654 list_add_tail(&msg->m_list, &msq->q_messages);
642 msq->q_cbytes += msgsz; 655 msq->q_cbytes += msgsz;
643 msq->q_qnum++; 656 msq->q_qnum++;
644 atomic_add(msgsz,&msg_bytes); 657 atomic_add(msgsz, &msg_bytes);
645 atomic_inc(&msg_hdrs); 658 atomic_inc(&msg_hdrs);
646 } 659 }
647 660
648 err = 0; 661 err = 0;
649 msg = NULL; 662 msg = NULL;
650 663
651out_unlock_free: 664out_unlock_free:
652 msg_unlock(msq); 665 msg_unlock(msq);
653out_free: 666out_free:
654 if(msg!=NULL) 667 if (msg != NULL)
655 free_msg(msg); 668 free_msg(msg);
656 return err; 669 return err;
657} 670}
658 671
659static inline int convert_mode(long* msgtyp, int msgflg) 672static inline int convert_mode(long *msgtyp, int msgflg)
660{ 673{
661 /* 674 /*
662 * find message of correct type. 675 * find message of correct type.
663 * msgtyp = 0 => get first. 676 * msgtyp = 0 => get first.
664 * msgtyp > 0 => get first message of matching type. 677 * msgtyp > 0 => get first message of matching type.
665 * msgtyp < 0 => get message with least type must be < abs(msgtype). 678 * msgtyp < 0 => get message with least type must be < abs(msgtype).
666 */ 679 */
667 if(*msgtyp==0) 680 if (*msgtyp == 0)
668 return SEARCH_ANY; 681 return SEARCH_ANY;
669 if(*msgtyp<0) { 682 if (*msgtyp < 0) {
670 *msgtyp=-(*msgtyp); 683 *msgtyp = -*msgtyp;
671 return SEARCH_LESSEQUAL; 684 return SEARCH_LESSEQUAL;
672 } 685 }
673 if(msgflg & MSG_EXCEPT) 686 if (msgflg & MSG_EXCEPT)
674 return SEARCH_NOTEQUAL; 687 return SEARCH_NOTEQUAL;
675 return SEARCH_EQUAL; 688 return SEARCH_EQUAL;
676} 689}
677 690
678asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz, 691asmlinkage long sys_msgrcv(int msqid, struct msgbuf __user *msgp, size_t msgsz,
679 long msgtyp, int msgflg) 692 long msgtyp, int msgflg)
680{ 693{
681 struct msg_queue *msq; 694 struct msg_queue *msq;
682 struct msg_msg *msg; 695 struct msg_msg *msg;
@@ -684,44 +697,51 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
684 697
685 if (msqid < 0 || (long) msgsz < 0) 698 if (msqid < 0 || (long) msgsz < 0)
686 return -EINVAL; 699 return -EINVAL;
687 mode = convert_mode(&msgtyp,msgflg); 700 mode = convert_mode(&msgtyp, msgflg);
688 701
689 msq = msg_lock(msqid); 702 msq = msg_lock(msqid);
690 if(msq==NULL) 703 if (msq == NULL)
691 return -EINVAL; 704 return -EINVAL;
692 705
693 msg = ERR_PTR(-EIDRM); 706 msg = ERR_PTR(-EIDRM);
694 if (msg_checkid(msq,msqid)) 707 if (msg_checkid(msq, msqid))
695 goto out_unlock; 708 goto out_unlock;
696 709
697 for (;;) { 710 for (;;) {
698 struct msg_receiver msr_d; 711 struct msg_receiver msr_d;
699 struct list_head* tmp; 712 struct list_head *tmp;
700 713
701 msg = ERR_PTR(-EACCES); 714 msg = ERR_PTR(-EACCES);
702 if (ipcperms (&msq->q_perm, S_IRUGO)) 715 if (ipcperms(&msq->q_perm, S_IRUGO))
703 goto out_unlock; 716 goto out_unlock;
704 717
705 msg = ERR_PTR(-EAGAIN); 718 msg = ERR_PTR(-EAGAIN);
706 tmp = msq->q_messages.next; 719 tmp = msq->q_messages.next;
707 while (tmp != &msq->q_messages) { 720 while (tmp != &msq->q_messages) {
708 struct msg_msg *walk_msg; 721 struct msg_msg *walk_msg;
709 walk_msg = list_entry(tmp,struct msg_msg,m_list); 722
710 if(testmsg(walk_msg,msgtyp,mode) && 723 walk_msg = list_entry(tmp, struct msg_msg, m_list);
711 !security_msg_queue_msgrcv(msq, walk_msg, current, msgtyp, mode)) { 724 if (testmsg(walk_msg, msgtyp, mode) &&
725 !security_msg_queue_msgrcv(msq, walk_msg, current,
726 msgtyp, mode)) {
727
712 msg = walk_msg; 728 msg = walk_msg;
713 if(mode == SEARCH_LESSEQUAL && walk_msg->m_type != 1) { 729 if (mode == SEARCH_LESSEQUAL &&
714 msg=walk_msg; 730 walk_msg->m_type != 1) {
715 msgtyp=walk_msg->m_type-1; 731 msg = walk_msg;
732 msgtyp = walk_msg->m_type - 1;
716 } else { 733 } else {
717 msg=walk_msg; 734 msg = walk_msg;
718 break; 735 break;
719 } 736 }
720 } 737 }
721 tmp = tmp->next; 738 tmp = tmp->next;
722 } 739 }
723 if(!IS_ERR(msg)) { 740 if (!IS_ERR(msg)) {
724 /* Found a suitable message. Unlink it from the queue. */ 741 /*
742 * Found a suitable message.
743 * Unlink it from the queue.
744 */
725 if ((msgsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) { 745 if ((msgsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) {
726 msg = ERR_PTR(-E2BIG); 746 msg = ERR_PTR(-E2BIG);
727 goto out_unlock; 747 goto out_unlock;
@@ -731,9 +751,9 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
731 msq->q_rtime = get_seconds(); 751 msq->q_rtime = get_seconds();
732 msq->q_lrpid = current->tgid; 752 msq->q_lrpid = current->tgid;
733 msq->q_cbytes -= msg->m_ts; 753 msq->q_cbytes -= msg->m_ts;
734 atomic_sub(msg->m_ts,&msg_bytes); 754 atomic_sub(msg->m_ts, &msg_bytes);
735 atomic_dec(&msg_hdrs); 755 atomic_dec(&msg_hdrs);
736 ss_wakeup(&msq->q_senders,0); 756 ss_wakeup(&msq->q_senders, 0);
737 msg_unlock(msq); 757 msg_unlock(msq);
738 break; 758 break;
739 } 759 }
@@ -742,13 +762,13 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
742 msg = ERR_PTR(-ENOMSG); 762 msg = ERR_PTR(-ENOMSG);
743 goto out_unlock; 763 goto out_unlock;
744 } 764 }
745 list_add_tail(&msr_d.r_list,&msq->q_receivers); 765 list_add_tail(&msr_d.r_list, &msq->q_receivers);
746 msr_d.r_tsk = current; 766 msr_d.r_tsk = current;
747 msr_d.r_msgtype = msgtyp; 767 msr_d.r_msgtype = msgtyp;
748 msr_d.r_mode = mode; 768 msr_d.r_mode = mode;
749 if(msgflg & MSG_NOERROR) 769 if (msgflg & MSG_NOERROR)
750 msr_d.r_maxsize = INT_MAX; 770 msr_d.r_maxsize = INT_MAX;
751 else 771 else
752 msr_d.r_maxsize = msgsz; 772 msr_d.r_maxsize = msgsz;
753 msr_d.r_msg = ERR_PTR(-EAGAIN); 773 msr_d.r_msg = ERR_PTR(-EAGAIN);
754 current->state = TASK_INTERRUPTIBLE; 774 current->state = TASK_INTERRUPTIBLE;
@@ -773,17 +793,17 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
773 * wake_up_process(). There is a race with exit(), see 793 * wake_up_process(). There is a race with exit(), see
774 * ipc/mqueue.c for the details. 794 * ipc/mqueue.c for the details.
775 */ 795 */
776 msg = (struct msg_msg*) msr_d.r_msg; 796 msg = (struct msg_msg*)msr_d.r_msg;
777 while (msg == NULL) { 797 while (msg == NULL) {
778 cpu_relax(); 798 cpu_relax();
779 msg = (struct msg_msg*) msr_d.r_msg; 799 msg = (struct msg_msg *)msr_d.r_msg;
780 } 800 }
781 801
782 /* Lockless receive, part 3: 802 /* Lockless receive, part 3:
783 * If there is a message or an error then accept it without 803 * If there is a message or an error then accept it without
784 * locking. 804 * locking.
785 */ 805 */
786 if(msg != ERR_PTR(-EAGAIN)) { 806 if (msg != ERR_PTR(-EAGAIN)) {
787 rcu_read_unlock(); 807 rcu_read_unlock();
788 break; 808 break;
789 } 809 }
@@ -798,7 +818,7 @@ asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
798 * Repeat test after acquiring the spinlock. 818 * Repeat test after acquiring the spinlock.
799 */ 819 */
800 msg = (struct msg_msg*)msr_d.r_msg; 820 msg = (struct msg_msg*)msr_d.r_msg;
801 if(msg != ERR_PTR(-EAGAIN)) 821 if (msg != ERR_PTR(-EAGAIN))
802 goto out_unlock; 822 goto out_unlock;
803 823
804 list_del(&msr_d.r_list); 824 list_del(&msr_d.r_list);
@@ -810,14 +830,15 @@ out_unlock:
810 } 830 }
811 } 831 }
812 if (IS_ERR(msg)) 832 if (IS_ERR(msg))
813 return PTR_ERR(msg); 833 return PTR_ERR(msg);
814 834
815 msgsz = (msgsz > msg->m_ts) ? msg->m_ts : msgsz; 835 msgsz = (msgsz > msg->m_ts) ? msg->m_ts : msgsz;
816 if (put_user (msg->m_type, &msgp->mtype) || 836 if (put_user (msg->m_type, &msgp->mtype) ||
817 store_msg(msgp->mtext, msg, msgsz)) { 837 store_msg(msgp->mtext, msg, msgsz)) {
818 msgsz = -EFAULT; 838 msgsz = -EFAULT;
819 } 839 }
820 free_msg(msg); 840 free_msg(msg);
841
821 return msgsz; 842 return msgsz;
822} 843}
823 844
@@ -827,20 +848,20 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it)
827 struct msg_queue *msq = it; 848 struct msg_queue *msq = it;
828 849
829 return seq_printf(s, 850 return seq_printf(s,
830 "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n", 851 "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n",
831 msq->q_perm.key, 852 msq->q_perm.key,
832 msq->q_id, 853 msq->q_id,
833 msq->q_perm.mode, 854 msq->q_perm.mode,
834 msq->q_cbytes, 855 msq->q_cbytes,
835 msq->q_qnum, 856 msq->q_qnum,
836 msq->q_lspid, 857 msq->q_lspid,
837 msq->q_lrpid, 858 msq->q_lrpid,
838 msq->q_perm.uid, 859 msq->q_perm.uid,
839 msq->q_perm.gid, 860 msq->q_perm.gid,
840 msq->q_perm.cuid, 861 msq->q_perm.cuid,
841 msq->q_perm.cgid, 862 msq->q_perm.cgid,
842 msq->q_stime, 863 msq->q_stime,
843 msq->q_rtime, 864 msq->q_rtime,
844 msq->q_ctime); 865 msq->q_ctime);
845} 866}
846#endif 867#endif
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-06 11:24:09 -0500