1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/kernel/sys.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/export.h> 9 #include <linux/mm.h> 10 #include <linux/utsname.h> 11 #include <linux/mman.h> 12 #include <linux/reboot.h> 13 #include <linux/prctl.h> 14 #include <linux/highuid.h> 15 #include <linux/fs.h> 16 #include <linux/kmod.h> 17 #include <linux/perf_event.h> 18 #include <linux/resource.h> 19 #include <linux/kernel.h> 20 #include <linux/workqueue.h> 21 #include <linux/capability.h> 22 #include <linux/device.h> 23 #include <linux/key.h> 24 #include <linux/times.h> 25 #include <linux/posix-timers.h> 26 #include <linux/security.h> 27 #include <linux/suspend.h> 28 #include <linux/tty.h> 29 #include <linux/signal.h> 30 #include <linux/cn_proc.h> 31 #include <linux/getcpu.h> 32 #include <linux/task_io_accounting_ops.h> 33 #include <linux/seccomp.h> 34 #include <linux/cpu.h> 35 #include <linux/personality.h> 36 #include <linux/ptrace.h> 37 #include <linux/fs_struct.h> 38 #include <linux/file.h> 39 #include <linux/mount.h> 40 #include <linux/gfp.h> 41 #include <linux/syscore_ops.h> 42 #include <linux/version.h> 43 #include <linux/ctype.h> 44 #include <linux/syscall_user_dispatch.h> 45 46 #include <linux/compat.h> 47 #include <linux/syscalls.h> 48 #include <linux/kprobes.h> 49 #include <linux/user_namespace.h> 50 #include <linux/time_namespace.h> 51 #include <linux/binfmts.h> 52 53 #include <linux/sched.h> 54 #include <linux/sched/autogroup.h> 55 #include <linux/sched/loadavg.h> 56 #include <linux/sched/stat.h> 57 #include <linux/sched/mm.h> 58 #include <linux/sched/coredump.h> 59 #include <linux/sched/task.h> 60 #include <linux/sched/cputime.h> 61 #include <linux/rcupdate.h> 62 #include <linux/uidgid.h> 63 #include <linux/cred.h> 64 65 #include <linux/nospec.h> 66 67 #include <linux/kmsg_dump.h> 68 /* Move somewhere else to avoid recompiling? */ 69 #include <generated/utsrelease.h> 70 71 #include <linux/uaccess.h> 72 #include <asm/io.h> 73 #include <asm/unistd.h> 74 75 #include "uid16.h" 76 77 #ifndef SET_UNALIGN_CTL 78 # define SET_UNALIGN_CTL(a, b) (-EINVAL) 79 #endif 80 #ifndef GET_UNALIGN_CTL 81 # define GET_UNALIGN_CTL(a, b) (-EINVAL) 82 #endif 83 #ifndef SET_FPEMU_CTL 84 # define SET_FPEMU_CTL(a, b) (-EINVAL) 85 #endif 86 #ifndef GET_FPEMU_CTL 87 # define GET_FPEMU_CTL(a, b) (-EINVAL) 88 #endif 89 #ifndef SET_FPEXC_CTL 90 # define SET_FPEXC_CTL(a, b) (-EINVAL) 91 #endif 92 #ifndef GET_FPEXC_CTL 93 # define GET_FPEXC_CTL(a, b) (-EINVAL) 94 #endif 95 #ifndef GET_ENDIAN 96 # define GET_ENDIAN(a, b) (-EINVAL) 97 #endif 98 #ifndef SET_ENDIAN 99 # define SET_ENDIAN(a, b) (-EINVAL) 100 #endif 101 #ifndef GET_TSC_CTL 102 # define GET_TSC_CTL(a) (-EINVAL) 103 #endif 104 #ifndef SET_TSC_CTL 105 # define SET_TSC_CTL(a) (-EINVAL) 106 #endif 107 #ifndef GET_FP_MODE 108 # define GET_FP_MODE(a) (-EINVAL) 109 #endif 110 #ifndef SET_FP_MODE 111 # define SET_FP_MODE(a,b) (-EINVAL) 112 #endif 113 #ifndef SVE_SET_VL 114 # define SVE_SET_VL(a) (-EINVAL) 115 #endif 116 #ifndef SVE_GET_VL 117 # define SVE_GET_VL() (-EINVAL) 118 #endif 119 #ifndef PAC_RESET_KEYS 120 # define PAC_RESET_KEYS(a, b) (-EINVAL) 121 #endif 122 #ifndef PAC_SET_ENABLED_KEYS 123 # define PAC_SET_ENABLED_KEYS(a, b, c) (-EINVAL) 124 #endif 125 #ifndef PAC_GET_ENABLED_KEYS 126 # define PAC_GET_ENABLED_KEYS(a) (-EINVAL) 127 #endif 128 #ifndef SET_TAGGED_ADDR_CTRL 129 # define SET_TAGGED_ADDR_CTRL(a) (-EINVAL) 130 #endif 131 #ifndef GET_TAGGED_ADDR_CTRL 132 # define GET_TAGGED_ADDR_CTRL() (-EINVAL) 133 #endif 134 135 /* 136 * this is where the system-wide overflow UID and GID are defined, for 137 * architectures that now have 32-bit UID/GID but didn't in the past 138 */ 139 140 int overflowuid = DEFAULT_OVERFLOWUID; 141 int overflowgid = DEFAULT_OVERFLOWGID; 142 143 EXPORT_SYMBOL(overflowuid); 144 EXPORT_SYMBOL(overflowgid); 145 146 /* 147 * the same as above, but for filesystems which can only store a 16-bit 148 * UID and GID. as such, this is needed on all architectures 149 */ 150 151 int fs_overflowuid = DEFAULT_FS_OVERFLOWUID; 152 int fs_overflowgid = DEFAULT_FS_OVERFLOWGID; 153 154 EXPORT_SYMBOL(fs_overflowuid); 155 EXPORT_SYMBOL(fs_overflowgid); 156 157 /* 158 * Returns true if current's euid is same as p's uid or euid, 159 * or has CAP_SYS_NICE to p's user_ns. 160 * 161 * Called with rcu_read_lock, creds are safe 162 */ 163 static bool set_one_prio_perm(struct task_struct *p) 164 { 165 const struct cred *cred = current_cred(), *pcred = __task_cred(p); 166 167 if (uid_eq(pcred->uid, cred->euid) || 168 uid_eq(pcred->euid, cred->euid)) 169 return true; 170 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) 171 return true; 172 return false; 173 } 174 175 /* 176 * set the priority of a task 177 * - the caller must hold the RCU read lock 178 */ 179 static int set_one_prio(struct task_struct *p, int niceval, int error) 180 { 181 int no_nice; 182 183 if (!set_one_prio_perm(p)) { 184 error = -EPERM; 185 goto out; 186 } 187 if (niceval < task_nice(p) && !can_nice(p, niceval)) { 188 error = -EACCES; 189 goto out; 190 } 191 no_nice = security_task_setnice(p, niceval); 192 if (no_nice) { 193 error = no_nice; 194 goto out; 195 } 196 if (error == -ESRCH) 197 error = 0; 198 set_user_nice(p, niceval); 199 out: 200 return error; 201 } 202 203 SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) 204 { 205 struct task_struct *g, *p; 206 struct user_struct *user; 207 const struct cred *cred = current_cred(); 208 int error = -EINVAL; 209 struct pid *pgrp; 210 kuid_t uid; 211 212 if (which > PRIO_USER || which < PRIO_PROCESS) 213 goto out; 214 215 /* normalize: avoid signed division (rounding problems) */ 216 error = -ESRCH; 217 if (niceval < MIN_NICE) 218 niceval = MIN_NICE; 219 if (niceval > MAX_NICE) 220 niceval = MAX_NICE; 221 222 rcu_read_lock(); 223 read_lock(&tasklist_lock); 224 switch (which) { 225 case PRIO_PROCESS: 226 if (who) 227 p = find_task_by_vpid(who); 228 else 229 p = current; 230 if (p) 231 error = set_one_prio(p, niceval, error); 232 break; 233 case PRIO_PGRP: 234 if (who) 235 pgrp = find_vpid(who); 236 else 237 pgrp = task_pgrp(current); 238 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 239 error = set_one_prio(p, niceval, error); 240 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 241 break; 242 case PRIO_USER: 243 uid = make_kuid(cred->user_ns, who); 244 user = cred->user; 245 if (!who) 246 uid = cred->uid; 247 else if (!uid_eq(uid, cred->uid)) { 248 user = find_user(uid); 249 if (!user) 250 goto out_unlock; /* No processes for this user */ 251 } 252 do_each_thread(g, p) { 253 if (uid_eq(task_uid(p), uid) && task_pid_vnr(p)) 254 error = set_one_prio(p, niceval, error); 255 } while_each_thread(g, p); 256 if (!uid_eq(uid, cred->uid)) 257 free_uid(user); /* For find_user() */ 258 break; 259 } 260 out_unlock: 261 read_unlock(&tasklist_lock); 262 rcu_read_unlock(); 263 out: 264 return error; 265 } 266 267 /* 268 * Ugh. To avoid negative return values, "getpriority()" will 269 * not return the normal nice-value, but a negated value that 270 * has been offset by 20 (ie it returns 40..1 instead of -20..19) 271 * to stay compatible. 272 */ 273 SYSCALL_DEFINE2(getpriority, int, which, int, who) 274 { 275 struct task_struct *g, *p; 276 struct user_struct *user; 277 const struct cred *cred = current_cred(); 278 long niceval, retval = -ESRCH; 279 struct pid *pgrp; 280 kuid_t uid; 281 282 if (which > PRIO_USER || which < PRIO_PROCESS) 283 return -EINVAL; 284 285 rcu_read_lock(); 286 read_lock(&tasklist_lock); 287 switch (which) { 288 case PRIO_PROCESS: 289 if (who) 290 p = find_task_by_vpid(who); 291 else 292 p = current; 293 if (p) { 294 niceval = nice_to_rlimit(task_nice(p)); 295 if (niceval > retval) 296 retval = niceval; 297 } 298 break; 299 case PRIO_PGRP: 300 if (who) 301 pgrp = find_vpid(who); 302 else 303 pgrp = task_pgrp(current); 304 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 305 niceval = nice_to_rlimit(task_nice(p)); 306 if (niceval > retval) 307 retval = niceval; 308 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 309 break; 310 case PRIO_USER: 311 uid = make_kuid(cred->user_ns, who); 312 user = cred->user; 313 if (!who) 314 uid = cred->uid; 315 else if (!uid_eq(uid, cred->uid)) { 316 user = find_user(uid); 317 if (!user) 318 goto out_unlock; /* No processes for this user */ 319 } 320 do_each_thread(g, p) { 321 if (uid_eq(task_uid(p), uid) && task_pid_vnr(p)) { 322 niceval = nice_to_rlimit(task_nice(p)); 323 if (niceval > retval) 324 retval = niceval; 325 } 326 } while_each_thread(g, p); 327 if (!uid_eq(uid, cred->uid)) 328 free_uid(user); /* for find_user() */ 329 break; 330 } 331 out_unlock: 332 read_unlock(&tasklist_lock); 333 rcu_read_unlock(); 334 335 return retval; 336 } 337 338 /* 339 * Unprivileged users may change the real gid to the effective gid 340 * or vice versa. (BSD-style) 341 * 342 * If you set the real gid at all, or set the effective gid to a value not 343 * equal to the real gid, then the saved gid is set to the new effective gid. 344 * 345 * This makes it possible for a setgid program to completely drop its 346 * privileges, which is often a useful assertion to make when you are doing 347 * a security audit over a program. 348 * 349 * The general idea is that a program which uses just setregid() will be 350 * 100% compatible with BSD. A program which uses just setgid() will be 351 * 100% compatible with POSIX with saved IDs. 352 * 353 * SMP: There are not races, the GIDs are checked only by filesystem 354 * operations (as far as semantic preservation is concerned). 355 */ 356 #ifdef CONFIG_MULTIUSER 357 long __sys_setregid(gid_t rgid, gid_t egid) 358 { 359 struct user_namespace *ns = current_user_ns(); 360 const struct cred *old; 361 struct cred *new; 362 int retval; 363 kgid_t krgid, kegid; 364 365 krgid = make_kgid(ns, rgid); 366 kegid = make_kgid(ns, egid); 367 368 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 369 return -EINVAL; 370 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 371 return -EINVAL; 372 373 new = prepare_creds(); 374 if (!new) 375 return -ENOMEM; 376 old = current_cred(); 377 378 retval = -EPERM; 379 if (rgid != (gid_t) -1) { 380 if (gid_eq(old->gid, krgid) || 381 gid_eq(old->egid, krgid) || 382 ns_capable_setid(old->user_ns, CAP_SETGID)) 383 new->gid = krgid; 384 else 385 goto error; 386 } 387 if (egid != (gid_t) -1) { 388 if (gid_eq(old->gid, kegid) || 389 gid_eq(old->egid, kegid) || 390 gid_eq(old->sgid, kegid) || 391 ns_capable_setid(old->user_ns, CAP_SETGID)) 392 new->egid = kegid; 393 else 394 goto error; 395 } 396 397 if (rgid != (gid_t) -1 || 398 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) 399 new->sgid = new->egid; 400 new->fsgid = new->egid; 401 402 retval = security_task_fix_setgid(new, old, LSM_SETID_RE); 403 if (retval < 0) 404 goto error; 405 406 return commit_creds(new); 407 408 error: 409 abort_creds(new); 410 return retval; 411 } 412 413 SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) 414 { 415 return __sys_setregid(rgid, egid); 416 } 417 418 /* 419 * setgid() is implemented like SysV w/ SAVED_IDS 420 * 421 * SMP: Same implicit races as above. 422 */ 423 long __sys_setgid(gid_t gid) 424 { 425 struct user_namespace *ns = current_user_ns(); 426 const struct cred *old; 427 struct cred *new; 428 int retval; 429 kgid_t kgid; 430 431 kgid = make_kgid(ns, gid); 432 if (!gid_valid(kgid)) 433 return -EINVAL; 434 435 new = prepare_creds(); 436 if (!new) 437 return -ENOMEM; 438 old = current_cred(); 439 440 retval = -EPERM; 441 if (ns_capable_setid(old->user_ns, CAP_SETGID)) 442 new->gid = new->egid = new->sgid = new->fsgid = kgid; 443 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) 444 new->egid = new->fsgid = kgid; 445 else 446 goto error; 447 448 retval = security_task_fix_setgid(new, old, LSM_SETID_ID); 449 if (retval < 0) 450 goto error; 451 452 return commit_creds(new); 453 454 error: 455 abort_creds(new); 456 return retval; 457 } 458 459 SYSCALL_DEFINE1(setgid, gid_t, gid) 460 { 461 return __sys_setgid(gid); 462 } 463 464 /* 465 * change the user struct in a credentials set to match the new UID 466 */ 467 static int set_user(struct cred *new) 468 { 469 struct user_struct *new_user; 470 471 new_user = alloc_uid(new->uid); 472 if (!new_user) 473 return -EAGAIN; 474 475 /* 476 * We don't fail in case of NPROC limit excess here because too many 477 * poorly written programs don't check set*uid() return code, assuming 478 * it never fails if called by root. We may still enforce NPROC limit 479 * for programs doing set*uid()+execve() by harmlessly deferring the 480 * failure to the execve() stage. 481 */ 482 if (is_ucounts_overlimit(new->ucounts, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)) && 483 new_user != INIT_USER) 484 current->flags |= PF_NPROC_EXCEEDED; 485 else 486 current->flags &= ~PF_NPROC_EXCEEDED; 487 488 free_uid(new->user); 489 new->user = new_user; 490 return 0; 491 } 492 493 /* 494 * Unprivileged users may change the real uid to the effective uid 495 * or vice versa. (BSD-style) 496 * 497 * If you set the real uid at all, or set the effective uid to a value not 498 * equal to the real uid, then the saved uid is set to the new effective uid. 499 * 500 * This makes it possible for a setuid program to completely drop its 501 * privileges, which is often a useful assertion to make when you are doing 502 * a security audit over a program. 503 * 504 * The general idea is that a program which uses just setreuid() will be 505 * 100% compatible with BSD. A program which uses just setuid() will be 506 * 100% compatible with POSIX with saved IDs. 507 */ 508 long __sys_setreuid(uid_t ruid, uid_t euid) 509 { 510 struct user_namespace *ns = current_user_ns(); 511 const struct cred *old; 512 struct cred *new; 513 int retval; 514 kuid_t kruid, keuid; 515 516 kruid = make_kuid(ns, ruid); 517 keuid = make_kuid(ns, euid); 518 519 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 520 return -EINVAL; 521 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 522 return -EINVAL; 523 524 new = prepare_creds(); 525 if (!new) 526 return -ENOMEM; 527 old = current_cred(); 528 529 retval = -EPERM; 530 if (ruid != (uid_t) -1) { 531 new->uid = kruid; 532 if (!uid_eq(old->uid, kruid) && 533 !uid_eq(old->euid, kruid) && 534 !ns_capable_setid(old->user_ns, CAP_SETUID)) 535 goto error; 536 } 537 538 if (euid != (uid_t) -1) { 539 new->euid = keuid; 540 if (!uid_eq(old->uid, keuid) && 541 !uid_eq(old->euid, keuid) && 542 !uid_eq(old->suid, keuid) && 543 !ns_capable_setid(old->user_ns, CAP_SETUID)) 544 goto error; 545 } 546 547 if (!uid_eq(new->uid, old->uid)) { 548 retval = set_user(new); 549 if (retval < 0) 550 goto error; 551 } 552 if (ruid != (uid_t) -1 || 553 (euid != (uid_t) -1 && !uid_eq(keuid, old->uid))) 554 new->suid = new->euid; 555 new->fsuid = new->euid; 556 557 retval = security_task_fix_setuid(new, old, LSM_SETID_RE); 558 if (retval < 0) 559 goto error; 560 561 retval = set_cred_ucounts(new); 562 if (retval < 0) 563 goto error; 564 565 return commit_creds(new); 566 567 error: 568 abort_creds(new); 569 return retval; 570 } 571 572 SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) 573 { 574 return __sys_setreuid(ruid, euid); 575 } 576 577 /* 578 * setuid() is implemented like SysV with SAVED_IDS 579 * 580 * Note that SAVED_ID's is deficient in that a setuid root program 581 * like sendmail, for example, cannot set its uid to be a normal 582 * user and then switch back, because if you're root, setuid() sets 583 * the saved uid too. If you don't like this, blame the bright people 584 * in the POSIX committee and/or USG. Note that the BSD-style setreuid() 585 * will allow a root program to temporarily drop privileges and be able to 586 * regain them by swapping the real and effective uid. 587 */ 588 long __sys_setuid(uid_t uid) 589 { 590 struct user_namespace *ns = current_user_ns(); 591 const struct cred *old; 592 struct cred *new; 593 int retval; 594 kuid_t kuid; 595 596 kuid = make_kuid(ns, uid); 597 if (!uid_valid(kuid)) 598 return -EINVAL; 599 600 new = prepare_creds(); 601 if (!new) 602 return -ENOMEM; 603 old = current_cred(); 604 605 retval = -EPERM; 606 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { 607 new->suid = new->uid = kuid; 608 if (!uid_eq(kuid, old->uid)) { 609 retval = set_user(new); 610 if (retval < 0) 611 goto error; 612 } 613 } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) { 614 goto error; 615 } 616 617 new->fsuid = new->euid = kuid; 618 619 retval = security_task_fix_setuid(new, old, LSM_SETID_ID); 620 if (retval < 0) 621 goto error; 622 623 retval = set_cred_ucounts(new); 624 if (retval < 0) 625 goto error; 626 627 return commit_creds(new); 628 629 error: 630 abort_creds(new); 631 return retval; 632 } 633 634 SYSCALL_DEFINE1(setuid, uid_t, uid) 635 { 636 return __sys_setuid(uid); 637 } 638 639 640 /* 641 * This function implements a generic ability to update ruid, euid, 642 * and suid. This allows you to implement the 4.4 compatible seteuid(). 643 */ 644 long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) 645 { 646 struct user_namespace *ns = current_user_ns(); 647 const struct cred *old; 648 struct cred *new; 649 int retval; 650 kuid_t kruid, keuid, ksuid; 651 652 kruid = make_kuid(ns, ruid); 653 keuid = make_kuid(ns, euid); 654 ksuid = make_kuid(ns, suid); 655 656 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 657 return -EINVAL; 658 659 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 660 return -EINVAL; 661 662 if ((suid != (uid_t) -1) && !uid_valid(ksuid)) 663 return -EINVAL; 664 665 new = prepare_creds(); 666 if (!new) 667 return -ENOMEM; 668 669 old = current_cred(); 670 671 retval = -EPERM; 672 if (!ns_capable_setid(old->user_ns, CAP_SETUID)) { 673 if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) && 674 !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid)) 675 goto error; 676 if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) && 677 !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid)) 678 goto error; 679 if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) && 680 !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid)) 681 goto error; 682 } 683 684 if (ruid != (uid_t) -1) { 685 new->uid = kruid; 686 if (!uid_eq(kruid, old->uid)) { 687 retval = set_user(new); 688 if (retval < 0) 689 goto error; 690 } 691 } 692 if (euid != (uid_t) -1) 693 new->euid = keuid; 694 if (suid != (uid_t) -1) 695 new->suid = ksuid; 696 new->fsuid = new->euid; 697 698 retval = security_task_fix_setuid(new, old, LSM_SETID_RES); 699 if (retval < 0) 700 goto error; 701 702 retval = set_cred_ucounts(new); 703 if (retval < 0) 704 goto error; 705 706 return commit_creds(new); 707 708 error: 709 abort_creds(new); 710 return retval; 711 } 712 713 SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) 714 { 715 return __sys_setresuid(ruid, euid, suid); 716 } 717 718 SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp) 719 { 720 const struct cred *cred = current_cred(); 721 int retval; 722 uid_t ruid, euid, suid; 723 724 ruid = from_kuid_munged(cred->user_ns, cred->uid); 725 euid = from_kuid_munged(cred->user_ns, cred->euid); 726 suid = from_kuid_munged(cred->user_ns, cred->suid); 727 728 retval = put_user(ruid, ruidp); 729 if (!retval) { 730 retval = put_user(euid, euidp); 731 if (!retval) 732 return put_user(suid, suidp); 733 } 734 return retval; 735 } 736 737 /* 738 * Same as above, but for rgid, egid, sgid. 739 */ 740 long __sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) 741 { 742 struct user_namespace *ns = current_user_ns(); 743 const struct cred *old; 744 struct cred *new; 745 int retval; 746 kgid_t krgid, kegid, ksgid; 747 748 krgid = make_kgid(ns, rgid); 749 kegid = make_kgid(ns, egid); 750 ksgid = make_kgid(ns, sgid); 751 752 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 753 return -EINVAL; 754 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 755 return -EINVAL; 756 if ((sgid != (gid_t) -1) && !gid_valid(ksgid)) 757 return -EINVAL; 758 759 new = prepare_creds(); 760 if (!new) 761 return -ENOMEM; 762 old = current_cred(); 763 764 retval = -EPERM; 765 if (!ns_capable_setid(old->user_ns, CAP_SETGID)) { 766 if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) && 767 !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid)) 768 goto error; 769 if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) && 770 !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid)) 771 goto error; 772 if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) && 773 !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid)) 774 goto error; 775 } 776 777 if (rgid != (gid_t) -1) 778 new->gid = krgid; 779 if (egid != (gid_t) -1) 780 new->egid = kegid; 781 if (sgid != (gid_t) -1) 782 new->sgid = ksgid; 783 new->fsgid = new->egid; 784 785 retval = security_task_fix_setgid(new, old, LSM_SETID_RES); 786 if (retval < 0) 787 goto error; 788 789 return commit_creds(new); 790 791 error: 792 abort_creds(new); 793 return retval; 794 } 795 796 SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) 797 { 798 return __sys_setresgid(rgid, egid, sgid); 799 } 800 801 SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp) 802 { 803 const struct cred *cred = current_cred(); 804 int retval; 805 gid_t rgid, egid, sgid; 806 807 rgid = from_kgid_munged(cred->user_ns, cred->gid); 808 egid = from_kgid_munged(cred->user_ns, cred->egid); 809 sgid = from_kgid_munged(cred->user_ns, cred->sgid); 810 811 retval = put_user(rgid, rgidp); 812 if (!retval) { 813 retval = put_user(egid, egidp); 814 if (!retval) 815 retval = put_user(sgid, sgidp); 816 } 817 818 return retval; 819 } 820 821 822 /* 823 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This 824 * is used for "access()" and for the NFS daemon (letting nfsd stay at 825 * whatever uid it wants to). It normally shadows "euid", except when 826 * explicitly set by setfsuid() or for access.. 827 */ 828 long __sys_setfsuid(uid_t uid) 829 { 830 const struct cred *old; 831 struct cred *new; 832 uid_t old_fsuid; 833 kuid_t kuid; 834 835 old = current_cred(); 836 old_fsuid = from_kuid_munged(old->user_ns, old->fsuid); 837 838 kuid = make_kuid(old->user_ns, uid); 839 if (!uid_valid(kuid)) 840 return old_fsuid; 841 842 new = prepare_creds(); 843 if (!new) 844 return old_fsuid; 845 846 if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) || 847 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || 848 ns_capable_setid(old->user_ns, CAP_SETUID)) { 849 if (!uid_eq(kuid, old->fsuid)) { 850 new->fsuid = kuid; 851 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) 852 goto change_okay; 853 } 854 } 855 856 abort_creds(new); 857 return old_fsuid; 858 859 change_okay: 860 commit_creds(new); 861 return old_fsuid; 862 } 863 864 SYSCALL_DEFINE1(setfsuid, uid_t, uid) 865 { 866 return __sys_setfsuid(uid); 867 } 868 869 /* 870 * Samma på svenska.. 871 */ 872 long __sys_setfsgid(gid_t gid) 873 { 874 const struct cred *old; 875 struct cred *new; 876 gid_t old_fsgid; 877 kgid_t kgid; 878 879 old = current_cred(); 880 old_fsgid = from_kgid_munged(old->user_ns, old->fsgid); 881 882 kgid = make_kgid(old->user_ns, gid); 883 if (!gid_valid(kgid)) 884 return old_fsgid; 885 886 new = prepare_creds(); 887 if (!new) 888 return old_fsgid; 889 890 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || 891 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || 892 ns_capable_setid(old->user_ns, CAP_SETGID)) { 893 if (!gid_eq(kgid, old->fsgid)) { 894 new->fsgid = kgid; 895 if (security_task_fix_setgid(new,old,LSM_SETID_FS) == 0) 896 goto change_okay; 897 } 898 } 899 900 abort_creds(new); 901 return old_fsgid; 902 903 change_okay: 904 commit_creds(new); 905 return old_fsgid; 906 } 907 908 SYSCALL_DEFINE1(setfsgid, gid_t, gid) 909 { 910 return __sys_setfsgid(gid); 911 } 912 #endif /* CONFIG_MULTIUSER */ 913 914 /** 915 * sys_getpid - return the thread group id of the current process 916 * 917 * Note, despite the name, this returns the tgid not the pid. The tgid and 918 * the pid are identical unless CLONE_THREAD was specified on clone() in 919 * which case the tgid is the same in all threads of the same group. 920 * 921 * This is SMP safe as current->tgid does not change. 922 */ 923 SYSCALL_DEFINE0(getpid) 924 { 925 return task_tgid_vnr(current); 926 } 927 928 /* Thread ID - the internal kernel "pid" */ 929 SYSCALL_DEFINE0(gettid) 930 { 931 return task_pid_vnr(current); 932 } 933 934 /* 935 * Accessing ->real_parent is not SMP-safe, it could 936 * change from under us. However, we can use a stale 937 * value of ->real_parent under rcu_read_lock(), see 938 * release_task()->call_rcu(delayed_put_task_struct). 939 */ 940 SYSCALL_DEFINE0(getppid) 941 { 942 int pid; 943 944 rcu_read_lock(); 945 pid = task_tgid_vnr(rcu_dereference(current->real_parent)); 946 rcu_read_unlock(); 947 948 return pid; 949 } 950 951 SYSCALL_DEFINE0(getuid) 952 { 953 /* Only we change this so SMP safe */ 954 return from_kuid_munged(current_user_ns(), current_uid()); 955 } 956 957 SYSCALL_DEFINE0(geteuid) 958 { 959 /* Only we change this so SMP safe */ 960 return from_kuid_munged(current_user_ns(), current_euid()); 961 } 962 963 SYSCALL_DEFINE0(getgid) 964 { 965 /* Only we change this so SMP safe */ 966 return from_kgid_munged(current_user_ns(), current_gid()); 967 } 968 969 SYSCALL_DEFINE0(getegid) 970 { 971 /* Only we change this so SMP safe */ 972 return from_kgid_munged(current_user_ns(), current_egid()); 973 } 974 975 static void do_sys_times(struct tms *tms) 976 { 977 u64 tgutime, tgstime, cutime, cstime; 978 979 thread_group_cputime_adjusted(current, &tgutime, &tgstime); 980 cutime = current->signal->cutime; 981 cstime = current->signal->cstime; 982 tms->tms_utime = nsec_to_clock_t(tgutime); 983 tms->tms_stime = nsec_to_clock_t(tgstime); 984 tms->tms_cutime = nsec_to_clock_t(cutime); 985 tms->tms_cstime = nsec_to_clock_t(cstime); 986 } 987 988 SYSCALL_DEFINE1(times, struct tms __user *, tbuf) 989 { 990 if (tbuf) { 991 struct tms tmp; 992 993 do_sys_times(&tmp); 994 if (copy_to_user(tbuf, &tmp, sizeof(struct tms))) 995 return -EFAULT; 996 } 997 force_successful_syscall_return(); 998 return (long) jiffies_64_to_clock_t(get_jiffies_64()); 999 } 1000 1001 #ifdef CONFIG_COMPAT 1002 static compat_clock_t clock_t_to_compat_clock_t(clock_t x) 1003 { 1004 return compat_jiffies_to_clock_t(clock_t_to_jiffies(x)); 1005 } 1006 1007 COMPAT_SYSCALL_DEFINE1(times, struct compat_tms __user *, tbuf) 1008 { 1009 if (tbuf) { 1010 struct tms tms; 1011 struct compat_tms tmp; 1012 1013 do_sys_times(&tms); 1014 /* Convert our struct tms to the compat version. */ 1015 tmp.tms_utime = clock_t_to_compat_clock_t(tms.tms_utime); 1016 tmp.tms_stime = clock_t_to_compat_clock_t(tms.tms_stime); 1017 tmp.tms_cutime = clock_t_to_compat_clock_t(tms.tms_cutime); 1018 tmp.tms_cstime = clock_t_to_compat_clock_t(tms.tms_cstime); 1019 if (copy_to_user(tbuf, &tmp, sizeof(tmp))) 1020 return -EFAULT; 1021 } 1022 force_successful_syscall_return(); 1023 return compat_jiffies_to_clock_t(jiffies); 1024 } 1025 #endif 1026 1027 /* 1028 * This needs some heavy checking ... 1029 * I just haven't the stomach for it. I also don't fully 1030 * understand sessions/pgrp etc. Let somebody who does explain it. 1031 * 1032 * OK, I think I have the protection semantics right.... this is really 1033 * only important on a multi-user system anyway, to make sure one user 1034 * can't send a signal to a process owned by another. -TYT, 12/12/91 1035 * 1036 * !PF_FORKNOEXEC check to conform completely to POSIX. 1037 */ 1038 SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid) 1039 { 1040 struct task_struct *p; 1041 struct task_struct *group_leader = current->group_leader; 1042 struct pid *pgrp; 1043 int err; 1044 1045 if (!pid) 1046 pid = task_pid_vnr(group_leader); 1047 if (!pgid) 1048 pgid = pid; 1049 if (pgid < 0) 1050 return -EINVAL; 1051 rcu_read_lock(); 1052 1053 /* From this point forward we keep holding onto the tasklist lock 1054 * so that our parent does not change from under us. -DaveM 1055 */ 1056 write_lock_irq(&tasklist_lock); 1057 1058 err = -ESRCH; 1059 p = find_task_by_vpid(pid); 1060 if (!p) 1061 goto out; 1062 1063 err = -EINVAL; 1064 if (!thread_group_leader(p)) 1065 goto out; 1066 1067 if (same_thread_group(p->real_parent, group_leader)) { 1068 err = -EPERM; 1069 if (task_session(p) != task_session(group_leader)) 1070 goto out; 1071 err = -EACCES; 1072 if (!(p->flags & PF_FORKNOEXEC)) 1073 goto out; 1074 } else { 1075 err = -ESRCH; 1076 if (p != group_leader) 1077 goto out; 1078 } 1079 1080 err = -EPERM; 1081 if (p->signal->leader) 1082 goto out; 1083 1084 pgrp = task_pid(p); 1085 if (pgid != pid) { 1086 struct task_struct *g; 1087 1088 pgrp = find_vpid(pgid); 1089 g = pid_task(pgrp, PIDTYPE_PGID); 1090 if (!g || task_session(g) != task_session(group_leader)) 1091 goto out; 1092 } 1093 1094 err = security_task_setpgid(p, pgid); 1095 if (err) 1096 goto out; 1097 1098 if (task_pgrp(p) != pgrp) 1099 change_pid(p, PIDTYPE_PGID, pgrp); 1100 1101 err = 0; 1102 out: 1103 /* All paths lead to here, thus we are safe. -DaveM */ 1104 write_unlock_irq(&tasklist_lock); 1105 rcu_read_unlock(); 1106 return err; 1107 } 1108 1109 static int do_getpgid(pid_t pid) 1110 { 1111 struct task_struct *p; 1112 struct pid *grp; 1113 int retval; 1114 1115 rcu_read_lock(); 1116 if (!pid) 1117 grp = task_pgrp(current); 1118 else { 1119 retval = -ESRCH; 1120 p = find_task_by_vpid(pid); 1121 if (!p) 1122 goto out; 1123 grp = task_pgrp(p); 1124 if (!grp) 1125 goto out; 1126 1127 retval = security_task_getpgid(p); 1128 if (retval) 1129 goto out; 1130 } 1131 retval = pid_vnr(grp); 1132 out: 1133 rcu_read_unlock(); 1134 return retval; 1135 } 1136 1137 SYSCALL_DEFINE1(getpgid, pid_t, pid) 1138 { 1139 return do_getpgid(pid); 1140 } 1141 1142 #ifdef __ARCH_WANT_SYS_GETPGRP 1143 1144 SYSCALL_DEFINE0(getpgrp) 1145 { 1146 return do_getpgid(0); 1147 } 1148 1149 #endif 1150 1151 SYSCALL_DEFINE1(getsid, pid_t, pid) 1152 { 1153 struct task_struct *p; 1154 struct pid *sid; 1155 int retval; 1156 1157 rcu_read_lock(); 1158 if (!pid) 1159 sid = task_session(current); 1160 else { 1161 retval = -ESRCH; 1162 p = find_task_by_vpid(pid); 1163 if (!p) 1164 goto out; 1165 sid = task_session(p); 1166 if (!sid) 1167 goto out; 1168 1169 retval = security_task_getsid(p); 1170 if (retval) 1171 goto out; 1172 } 1173 retval = pid_vnr(sid); 1174 out: 1175 rcu_read_unlock(); 1176 return retval; 1177 } 1178 1179 static void set_special_pids(struct pid *pid) 1180 { 1181 struct task_struct *curr = current->group_leader; 1182 1183 if (task_session(curr) != pid) 1184 change_pid(curr, PIDTYPE_SID, pid); 1185 1186 if (task_pgrp(curr) != pid) 1187 change_pid(curr, PIDTYPE_PGID, pid); 1188 } 1189 1190 int ksys_setsid(void) 1191 { 1192 struct task_struct *group_leader = current->group_leader; 1193 struct pid *sid = task_pid(group_leader); 1194 pid_t session = pid_vnr(sid); 1195 int err = -EPERM; 1196 1197 write_lock_irq(&tasklist_lock); 1198 /* Fail if I am already a session leader */ 1199 if (group_leader->signal->leader) 1200 goto out; 1201 1202 /* Fail if a process group id already exists that equals the 1203 * proposed session id. 1204 */ 1205 if (pid_task(sid, PIDTYPE_PGID)) 1206 goto out; 1207 1208 group_leader->signal->leader = 1; 1209 set_special_pids(sid); 1210 1211 proc_clear_tty(group_leader); 1212 1213 err = session; 1214 out: 1215 write_unlock_irq(&tasklist_lock); 1216 if (err > 0) { 1217 proc_sid_connector(group_leader); 1218 sched_autogroup_create_attach(group_leader); 1219 } 1220 return err; 1221 } 1222 1223 SYSCALL_DEFINE0(setsid) 1224 { 1225 return ksys_setsid(); 1226 } 1227 1228 DECLARE_RWSEM(uts_sem); 1229 1230 #ifdef COMPAT_UTS_MACHINE 1231 #define override_architecture(name) \ 1232 (personality(current->personality) == PER_LINUX32 && \ 1233 copy_to_user(name->machine, COMPAT_UTS_MACHINE, \ 1234 sizeof(COMPAT_UTS_MACHINE))) 1235 #else 1236 #define override_architecture(name) 0 1237 #endif 1238 1239 /* 1240 * Work around broken programs that cannot handle "Linux 3.0". 1241 * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40 1242 * And we map 4.x and later versions to 2.6.60+x, so 4.0/5.0/6.0/... would be 1243 * 2.6.60. 1244 */ 1245 static int override_release(char __user *release, size_t len) 1246 { 1247 int ret = 0; 1248 1249 if (current->personality & UNAME26) { 1250 const char *rest = UTS_RELEASE; 1251 char buf[65] = { 0 }; 1252 int ndots = 0; 1253 unsigned v; 1254 size_t copy; 1255 1256 while (*rest) { 1257 if (*rest == '.' && ++ndots >= 3) 1258 break; 1259 if (!isdigit(*rest) && *rest != '.') 1260 break; 1261 rest++; 1262 } 1263 v = LINUX_VERSION_PATCHLEVEL + 60; 1264 copy = clamp_t(size_t, len, 1, sizeof(buf)); 1265 copy = scnprintf(buf, copy, "2.6.%u%s", v, rest); 1266 ret = copy_to_user(release, buf, copy + 1); 1267 } 1268 return ret; 1269 } 1270 1271 SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name) 1272 { 1273 struct new_utsname tmp; 1274 1275 down_read(&uts_sem); 1276 memcpy(&tmp, utsname(), sizeof(tmp)); 1277 up_read(&uts_sem); 1278 if (copy_to_user(name, &tmp, sizeof(tmp))) 1279 return -EFAULT; 1280 1281 if (override_release(name->release, sizeof(name->release))) 1282 return -EFAULT; 1283 if (override_architecture(name)) 1284 return -EFAULT; 1285 return 0; 1286 } 1287 1288 #ifdef __ARCH_WANT_SYS_OLD_UNAME 1289 /* 1290 * Old cruft 1291 */ 1292 SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) 1293 { 1294 struct old_utsname tmp; 1295 1296 if (!name) 1297 return -EFAULT; 1298 1299 down_read(&uts_sem); 1300 memcpy(&tmp, utsname(), sizeof(tmp)); 1301 up_read(&uts_sem); 1302 if (copy_to_user(name, &tmp, sizeof(tmp))) 1303 return -EFAULT; 1304 1305 if (override_release(name->release, sizeof(name->release))) 1306 return -EFAULT; 1307 if (override_architecture(name)) 1308 return -EFAULT; 1309 return 0; 1310 } 1311 1312 SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) 1313 { 1314 struct oldold_utsname tmp; 1315 1316 if (!name) 1317 return -EFAULT; 1318 1319 memset(&tmp, 0, sizeof(tmp)); 1320 1321 down_read(&uts_sem); 1322 memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); 1323 memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); 1324 memcpy(&tmp.release, &utsname()->release, __OLD_UTS_LEN); 1325 memcpy(&tmp.version, &utsname()->version, __OLD_UTS_LEN); 1326 memcpy(&tmp.machine, &utsname()->machine, __OLD_UTS_LEN); 1327 up_read(&uts_sem); 1328 if (copy_to_user(name, &tmp, sizeof(tmp))) 1329 return -EFAULT; 1330 1331 if (override_architecture(name)) 1332 return -EFAULT; 1333 if (override_release(name->release, sizeof(name->release))) 1334 return -EFAULT; 1335 return 0; 1336 } 1337 #endif 1338 1339 SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) 1340 { 1341 int errno; 1342 char tmp[__NEW_UTS_LEN]; 1343 1344 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1345 return -EPERM; 1346 1347 if (len < 0 || len > __NEW_UTS_LEN) 1348 return -EINVAL; 1349 errno = -EFAULT; 1350 if (!copy_from_user(tmp, name, len)) { 1351 struct new_utsname *u; 1352 1353 down_write(&uts_sem); 1354 u = utsname(); 1355 memcpy(u->nodename, tmp, len); 1356 memset(u->nodename + len, 0, sizeof(u->nodename) - len); 1357 errno = 0; 1358 uts_proc_notify(UTS_PROC_HOSTNAME); 1359 up_write(&uts_sem); 1360 } 1361 return errno; 1362 } 1363 1364 #ifdef __ARCH_WANT_SYS_GETHOSTNAME 1365 1366 SYSCALL_DEFINE2(gethostname, char __user *, name, int, len) 1367 { 1368 int i; 1369 struct new_utsname *u; 1370 char tmp[__NEW_UTS_LEN + 1]; 1371 1372 if (len < 0) 1373 return -EINVAL; 1374 down_read(&uts_sem); 1375 u = utsname(); 1376 i = 1 + strlen(u->nodename); 1377 if (i > len) 1378 i = len; 1379 memcpy(tmp, u->nodename, i); 1380 up_read(&uts_sem); 1381 if (copy_to_user(name, tmp, i)) 1382 return -EFAULT; 1383 return 0; 1384 } 1385 1386 #endif 1387 1388 /* 1389 * Only setdomainname; getdomainname can be implemented by calling 1390 * uname() 1391 */ 1392 SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len) 1393 { 1394 int errno; 1395 char tmp[__NEW_UTS_LEN]; 1396 1397 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1398 return -EPERM; 1399 if (len < 0 || len > __NEW_UTS_LEN) 1400 return -EINVAL; 1401 1402 errno = -EFAULT; 1403 if (!copy_from_user(tmp, name, len)) { 1404 struct new_utsname *u; 1405 1406 down_write(&uts_sem); 1407 u = utsname(); 1408 memcpy(u->domainname, tmp, len); 1409 memset(u->domainname + len, 0, sizeof(u->domainname) - len); 1410 errno = 0; 1411 uts_proc_notify(UTS_PROC_DOMAINNAME); 1412 up_write(&uts_sem); 1413 } 1414 return errno; 1415 } 1416 1417 SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1418 { 1419 struct rlimit value; 1420 int ret; 1421 1422 ret = do_prlimit(current, resource, NULL, &value); 1423 if (!ret) 1424 ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0; 1425 1426 return ret; 1427 } 1428 1429 #ifdef CONFIG_COMPAT 1430 1431 COMPAT_SYSCALL_DEFINE2(setrlimit, unsigned int, resource, 1432 struct compat_rlimit __user *, rlim) 1433 { 1434 struct rlimit r; 1435 struct compat_rlimit r32; 1436 1437 if (copy_from_user(&r32, rlim, sizeof(struct compat_rlimit))) 1438 return -EFAULT; 1439 1440 if (r32.rlim_cur == COMPAT_RLIM_INFINITY) 1441 r.rlim_cur = RLIM_INFINITY; 1442 else 1443 r.rlim_cur = r32.rlim_cur; 1444 if (r32.rlim_max == COMPAT_RLIM_INFINITY) 1445 r.rlim_max = RLIM_INFINITY; 1446 else 1447 r.rlim_max = r32.rlim_max; 1448 return do_prlimit(current, resource, &r, NULL); 1449 } 1450 1451 COMPAT_SYSCALL_DEFINE2(getrlimit, unsigned int, resource, 1452 struct compat_rlimit __user *, rlim) 1453 { 1454 struct rlimit r; 1455 int ret; 1456 1457 ret = do_prlimit(current, resource, NULL, &r); 1458 if (!ret) { 1459 struct compat_rlimit r32; 1460 if (r.rlim_cur > COMPAT_RLIM_INFINITY) 1461 r32.rlim_cur = COMPAT_RLIM_INFINITY; 1462 else 1463 r32.rlim_cur = r.rlim_cur; 1464 if (r.rlim_max > COMPAT_RLIM_INFINITY) 1465 r32.rlim_max = COMPAT_RLIM_INFINITY; 1466 else 1467 r32.rlim_max = r.rlim_max; 1468 1469 if (copy_to_user(rlim, &r32, sizeof(struct compat_rlimit))) 1470 return -EFAULT; 1471 } 1472 return ret; 1473 } 1474 1475 #endif 1476 1477 #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT 1478 1479 /* 1480 * Back compatibility for getrlimit. Needed for some apps. 1481 */ 1482 SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1483 struct rlimit __user *, rlim) 1484 { 1485 struct rlimit x; 1486 if (resource >= RLIM_NLIMITS) 1487 return -EINVAL; 1488 1489 resource = array_index_nospec(resource, RLIM_NLIMITS); 1490 task_lock(current->group_leader); 1491 x = current->signal->rlim[resource]; 1492 task_unlock(current->group_leader); 1493 if (x.rlim_cur > 0x7FFFFFFF) 1494 x.rlim_cur = 0x7FFFFFFF; 1495 if (x.rlim_max > 0x7FFFFFFF) 1496 x.rlim_max = 0x7FFFFFFF; 1497 return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0; 1498 } 1499 1500 #ifdef CONFIG_COMPAT 1501 COMPAT_SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1502 struct compat_rlimit __user *, rlim) 1503 { 1504 struct rlimit r; 1505 1506 if (resource >= RLIM_NLIMITS) 1507 return -EINVAL; 1508 1509 resource = array_index_nospec(resource, RLIM_NLIMITS); 1510 task_lock(current->group_leader); 1511 r = current->signal->rlim[resource]; 1512 task_unlock(current->group_leader); 1513 if (r.rlim_cur > 0x7FFFFFFF) 1514 r.rlim_cur = 0x7FFFFFFF; 1515 if (r.rlim_max > 0x7FFFFFFF) 1516 r.rlim_max = 0x7FFFFFFF; 1517 1518 if (put_user(r.rlim_cur, &rlim->rlim_cur) || 1519 put_user(r.rlim_max, &rlim->rlim_max)) 1520 return -EFAULT; 1521 return 0; 1522 } 1523 #endif 1524 1525 #endif 1526 1527 static inline bool rlim64_is_infinity(__u64 rlim64) 1528 { 1529 #if BITS_PER_LONG < 64 1530 return rlim64 >= ULONG_MAX; 1531 #else 1532 return rlim64 == RLIM64_INFINITY; 1533 #endif 1534 } 1535 1536 static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64) 1537 { 1538 if (rlim->rlim_cur == RLIM_INFINITY) 1539 rlim64->rlim_cur = RLIM64_INFINITY; 1540 else 1541 rlim64->rlim_cur = rlim->rlim_cur; 1542 if (rlim->rlim_max == RLIM_INFINITY) 1543 rlim64->rlim_max = RLIM64_INFINITY; 1544 else 1545 rlim64->rlim_max = rlim->rlim_max; 1546 } 1547 1548 static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim) 1549 { 1550 if (rlim64_is_infinity(rlim64->rlim_cur)) 1551 rlim->rlim_cur = RLIM_INFINITY; 1552 else 1553 rlim->rlim_cur = (unsigned long)rlim64->rlim_cur; 1554 if (rlim64_is_infinity(rlim64->rlim_max)) 1555 rlim->rlim_max = RLIM_INFINITY; 1556 else 1557 rlim->rlim_max = (unsigned long)rlim64->rlim_max; 1558 } 1559 1560 /* make sure you are allowed to change @tsk limits before calling this */ 1561 int do_prlimit(struct task_struct *tsk, unsigned int resource, 1562 struct rlimit *new_rlim, struct rlimit *old_rlim) 1563 { 1564 struct rlimit *rlim; 1565 int retval = 0; 1566 1567 if (resource >= RLIM_NLIMITS) 1568 return -EINVAL; 1569 if (new_rlim) { 1570 if (new_rlim->rlim_cur > new_rlim->rlim_max) 1571 return -EINVAL; 1572 if (resource == RLIMIT_NOFILE && 1573 new_rlim->rlim_max > sysctl_nr_open) 1574 return -EPERM; 1575 } 1576 1577 /* protect tsk->signal and tsk->sighand from disappearing */ 1578 read_lock(&tasklist_lock); 1579 if (!tsk->sighand) { 1580 retval = -ESRCH; 1581 goto out; 1582 } 1583 1584 rlim = tsk->signal->rlim + resource; 1585 task_lock(tsk->group_leader); 1586 if (new_rlim) { 1587 /* Keep the capable check against init_user_ns until 1588 cgroups can contain all limits */ 1589 if (new_rlim->rlim_max > rlim->rlim_max && 1590 !capable(CAP_SYS_RESOURCE)) 1591 retval = -EPERM; 1592 if (!retval) 1593 retval = security_task_setrlimit(tsk, resource, new_rlim); 1594 } 1595 if (!retval) { 1596 if (old_rlim) 1597 *old_rlim = *rlim; 1598 if (new_rlim) 1599 *rlim = *new_rlim; 1600 } 1601 task_unlock(tsk->group_leader); 1602 1603 /* 1604 * RLIMIT_CPU handling. Arm the posix CPU timer if the limit is not 1605 * infinite. In case of RLIM_INFINITY the posix CPU timer code 1606 * ignores the rlimit. 1607 */ 1608 if (!retval && new_rlim && resource == RLIMIT_CPU && 1609 new_rlim->rlim_cur != RLIM_INFINITY && 1610 IS_ENABLED(CONFIG_POSIX_TIMERS)) 1611 update_rlimit_cpu(tsk, new_rlim->rlim_cur); 1612 out: 1613 read_unlock(&tasklist_lock); 1614 return retval; 1615 } 1616 1617 /* rcu lock must be held */ 1618 static int check_prlimit_permission(struct task_struct *task, 1619 unsigned int flags) 1620 { 1621 const struct cred *cred = current_cred(), *tcred; 1622 bool id_match; 1623 1624 if (current == task) 1625 return 0; 1626 1627 tcred = __task_cred(task); 1628 id_match = (uid_eq(cred->uid, tcred->euid) && 1629 uid_eq(cred->uid, tcred->suid) && 1630 uid_eq(cred->uid, tcred->uid) && 1631 gid_eq(cred->gid, tcred->egid) && 1632 gid_eq(cred->gid, tcred->sgid) && 1633 gid_eq(cred->gid, tcred->gid)); 1634 if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) 1635 return -EPERM; 1636 1637 return security_task_prlimit(cred, tcred, flags); 1638 } 1639 1640 SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, 1641 const struct rlimit64 __user *, new_rlim, 1642 struct rlimit64 __user *, old_rlim) 1643 { 1644 struct rlimit64 old64, new64; 1645 struct rlimit old, new; 1646 struct task_struct *tsk; 1647 unsigned int checkflags = 0; 1648 int ret; 1649 1650 if (old_rlim) 1651 checkflags |= LSM_PRLIMIT_READ; 1652 1653 if (new_rlim) { 1654 if (copy_from_user(&new64, new_rlim, sizeof(new64))) 1655 return -EFAULT; 1656 rlim64_to_rlim(&new64, &new); 1657 checkflags |= LSM_PRLIMIT_WRITE; 1658 } 1659 1660 rcu_read_lock(); 1661 tsk = pid ? find_task_by_vpid(pid) : current; 1662 if (!tsk) { 1663 rcu_read_unlock(); 1664 return -ESRCH; 1665 } 1666 ret = check_prlimit_permission(tsk, checkflags); 1667 if (ret) { 1668 rcu_read_unlock(); 1669 return ret; 1670 } 1671 get_task_struct(tsk); 1672 rcu_read_unlock(); 1673 1674 ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL, 1675 old_rlim ? &old : NULL); 1676 1677 if (!ret && old_rlim) { 1678 rlim_to_rlim64(&old, &old64); 1679 if (copy_to_user(old_rlim, &old64, sizeof(old64))) 1680 ret = -EFAULT; 1681 } 1682 1683 put_task_struct(tsk); 1684 return ret; 1685 } 1686 1687 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1688 { 1689 struct rlimit new_rlim; 1690 1691 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) 1692 return -EFAULT; 1693 return do_prlimit(current, resource, &new_rlim, NULL); 1694 } 1695 1696 /* 1697 * It would make sense to put struct rusage in the task_struct, 1698 * except that would make the task_struct be *really big*. After 1699 * task_struct gets moved into malloc'ed memory, it would 1700 * make sense to do this. It will make moving the rest of the information 1701 * a lot simpler! (Which we're not doing right now because we're not 1702 * measuring them yet). 1703 * 1704 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have 1705 * races with threads incrementing their own counters. But since word 1706 * reads are atomic, we either get new values or old values and we don't 1707 * care which for the sums. We always take the siglock to protect reading 1708 * the c* fields from p->signal from races with exit.c updating those 1709 * fields when reaping, so a sample either gets all the additions of a 1710 * given child after it's reaped, or none so this sample is before reaping. 1711 * 1712 * Locking: 1713 * We need to take the siglock for CHILDEREN, SELF and BOTH 1714 * for the cases current multithreaded, non-current single threaded 1715 * non-current multithreaded. Thread traversal is now safe with 1716 * the siglock held. 1717 * Strictly speaking, we donot need to take the siglock if we are current and 1718 * single threaded, as no one else can take our signal_struct away, no one 1719 * else can reap the children to update signal->c* counters, and no one else 1720 * can race with the signal-> fields. If we do not take any lock, the 1721 * signal-> fields could be read out of order while another thread was just 1722 * exiting. So we should place a read memory barrier when we avoid the lock. 1723 * On the writer side, write memory barrier is implied in __exit_signal 1724 * as __exit_signal releases the siglock spinlock after updating the signal-> 1725 * fields. But we don't do this yet to keep things simple. 1726 * 1727 */ 1728 1729 static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r) 1730 { 1731 r->ru_nvcsw += t->nvcsw; 1732 r->ru_nivcsw += t->nivcsw; 1733 r->ru_minflt += t->min_flt; 1734 r->ru_majflt += t->maj_flt; 1735 r->ru_inblock += task_io_get_inblock(t); 1736 r->ru_oublock += task_io_get_oublock(t); 1737 } 1738 1739 void getrusage(struct task_struct *p, int who, struct rusage *r) 1740 { 1741 struct task_struct *t; 1742 unsigned long flags; 1743 u64 tgutime, tgstime, utime, stime; 1744 unsigned long maxrss = 0; 1745 1746 memset((char *)r, 0, sizeof (*r)); 1747 utime = stime = 0; 1748 1749 if (who == RUSAGE_THREAD) { 1750 task_cputime_adjusted(current, &utime, &stime); 1751 accumulate_thread_rusage(p, r); 1752 maxrss = p->signal->maxrss; 1753 goto out; 1754 } 1755 1756 if (!lock_task_sighand(p, &flags)) 1757 return; 1758 1759 switch (who) { 1760 case RUSAGE_BOTH: 1761 case RUSAGE_CHILDREN: 1762 utime = p->signal->cutime; 1763 stime = p->signal->cstime; 1764 r->ru_nvcsw = p->signal->cnvcsw; 1765 r->ru_nivcsw = p->signal->cnivcsw; 1766 r->ru_minflt = p->signal->cmin_flt; 1767 r->ru_majflt = p->signal->cmaj_flt; 1768 r->ru_inblock = p->signal->cinblock; 1769 r->ru_oublock = p->signal->coublock; 1770 maxrss = p->signal->cmaxrss; 1771 1772 if (who == RUSAGE_CHILDREN) 1773 break; 1774 fallthrough; 1775 1776 case RUSAGE_SELF: 1777 thread_group_cputime_adjusted(p, &tgutime, &tgstime); 1778 utime += tgutime; 1779 stime += tgstime; 1780 r->ru_nvcsw += p->signal->nvcsw; 1781 r->ru_nivcsw += p->signal->nivcsw; 1782 r->ru_minflt += p->signal->min_flt; 1783 r->ru_majflt += p->signal->maj_flt; 1784 r->ru_inblock += p->signal->inblock; 1785 r->ru_oublock += p->signal->oublock; 1786 if (maxrss < p->signal->maxrss) 1787 maxrss = p->signal->maxrss; 1788 t = p; 1789 do { 1790 accumulate_thread_rusage(t, r); 1791 } while_each_thread(p, t); 1792 break; 1793 1794 default: 1795 BUG(); 1796 } 1797 unlock_task_sighand(p, &flags); 1798 1799 out: 1800 r->ru_utime = ns_to_kernel_old_timeval(utime); 1801 r->ru_stime = ns_to_kernel_old_timeval(stime); 1802 1803 if (who != RUSAGE_CHILDREN) { 1804 struct mm_struct *mm = get_task_mm(p); 1805 1806 if (mm) { 1807 setmax_mm_hiwater_rss(&maxrss, mm); 1808 mmput(mm); 1809 } 1810 } 1811 r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ 1812 } 1813 1814 SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru) 1815 { 1816 struct rusage r; 1817 1818 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1819 who != RUSAGE_THREAD) 1820 return -EINVAL; 1821 1822 getrusage(current, who, &r); 1823 return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0; 1824 } 1825 1826 #ifdef CONFIG_COMPAT 1827 COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru) 1828 { 1829 struct rusage r; 1830 1831 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1832 who != RUSAGE_THREAD) 1833 return -EINVAL; 1834 1835 getrusage(current, who, &r); 1836 return put_compat_rusage(&r, ru); 1837 } 1838 #endif 1839 1840 SYSCALL_DEFINE1(umask, int, mask) 1841 { 1842 mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); 1843 return mask; 1844 } 1845 1846 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) 1847 { 1848 struct fd exe; 1849 struct file *old_exe, *exe_file; 1850 struct inode *inode; 1851 int err; 1852 1853 exe = fdget(fd); 1854 if (!exe.file) 1855 return -EBADF; 1856 1857 inode = file_inode(exe.file); 1858 1859 /* 1860 * Because the original mm->exe_file points to executable file, make 1861 * sure that this one is executable as well, to avoid breaking an 1862 * overall picture. 1863 */ 1864 err = -EACCES; 1865 if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path)) 1866 goto exit; 1867 1868 err = file_permission(exe.file, MAY_EXEC); 1869 if (err) 1870 goto exit; 1871 1872 /* 1873 * Forbid mm->exe_file change if old file still mapped. 1874 */ 1875 exe_file = get_mm_exe_file(mm); 1876 err = -EBUSY; 1877 if (exe_file) { 1878 struct vm_area_struct *vma; 1879 1880 mmap_read_lock(mm); 1881 for (vma = mm->mmap; vma; vma = vma->vm_next) { 1882 if (!vma->vm_file) 1883 continue; 1884 if (path_equal(&vma->vm_file->f_path, 1885 &exe_file->f_path)) 1886 goto exit_err; 1887 } 1888 1889 mmap_read_unlock(mm); 1890 fput(exe_file); 1891 } 1892 1893 err = 0; 1894 /* set the new file, lockless */ 1895 get_file(exe.file); 1896 old_exe = xchg(&mm->exe_file, exe.file); 1897 if (old_exe) 1898 fput(old_exe); 1899 exit: 1900 fdput(exe); 1901 return err; 1902 exit_err: 1903 mmap_read_unlock(mm); 1904 fput(exe_file); 1905 goto exit; 1906 } 1907 1908 /* 1909 * Check arithmetic relations of passed addresses. 1910 * 1911 * WARNING: we don't require any capability here so be very careful 1912 * in what is allowed for modification from userspace. 1913 */ 1914 static int validate_prctl_map_addr(struct prctl_mm_map *prctl_map) 1915 { 1916 unsigned long mmap_max_addr = TASK_SIZE; 1917 int error = -EINVAL, i; 1918 1919 static const unsigned char offsets[] = { 1920 offsetof(struct prctl_mm_map, start_code), 1921 offsetof(struct prctl_mm_map, end_code), 1922 offsetof(struct prctl_mm_map, start_data), 1923 offsetof(struct prctl_mm_map, end_data), 1924 offsetof(struct prctl_mm_map, start_brk), 1925 offsetof(struct prctl_mm_map, brk), 1926 offsetof(struct prctl_mm_map, start_stack), 1927 offsetof(struct prctl_mm_map, arg_start), 1928 offsetof(struct prctl_mm_map, arg_end), 1929 offsetof(struct prctl_mm_map, env_start), 1930 offsetof(struct prctl_mm_map, env_end), 1931 }; 1932 1933 /* 1934 * Make sure the members are not somewhere outside 1935 * of allowed address space. 1936 */ 1937 for (i = 0; i < ARRAY_SIZE(offsets); i++) { 1938 u64 val = *(u64 *)((char *)prctl_map + offsets[i]); 1939 1940 if ((unsigned long)val >= mmap_max_addr || 1941 (unsigned long)val < mmap_min_addr) 1942 goto out; 1943 } 1944 1945 /* 1946 * Make sure the pairs are ordered. 1947 */ 1948 #define __prctl_check_order(__m1, __op, __m2) \ 1949 ((unsigned long)prctl_map->__m1 __op \ 1950 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL 1951 error = __prctl_check_order(start_code, <, end_code); 1952 error |= __prctl_check_order(start_data,<=, end_data); 1953 error |= __prctl_check_order(start_brk, <=, brk); 1954 error |= __prctl_check_order(arg_start, <=, arg_end); 1955 error |= __prctl_check_order(env_start, <=, env_end); 1956 if (error) 1957 goto out; 1958 #undef __prctl_check_order 1959 1960 error = -EINVAL; 1961 1962 /* 1963 * @brk should be after @end_data in traditional maps. 1964 */ 1965 if (prctl_map->start_brk <= prctl_map->end_data || 1966 prctl_map->brk <= prctl_map->end_data) 1967 goto out; 1968 1969 /* 1970 * Neither we should allow to override limits if they set. 1971 */ 1972 if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk, 1973 prctl_map->start_brk, prctl_map->end_data, 1974 prctl_map->start_data)) 1975 goto out; 1976 1977 error = 0; 1978 out: 1979 return error; 1980 } 1981 1982 #ifdef CONFIG_CHECKPOINT_RESTORE 1983 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size) 1984 { 1985 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, }; 1986 unsigned long user_auxv[AT_VECTOR_SIZE]; 1987 struct mm_struct *mm = current->mm; 1988 int error; 1989 1990 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 1991 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256); 1992 1993 if (opt == PR_SET_MM_MAP_SIZE) 1994 return put_user((unsigned int)sizeof(prctl_map), 1995 (unsigned int __user *)addr); 1996 1997 if (data_size != sizeof(prctl_map)) 1998 return -EINVAL; 1999 2000 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) 2001 return -EFAULT; 2002 2003 error = validate_prctl_map_addr(&prctl_map); 2004 if (error) 2005 return error; 2006 2007 if (prctl_map.auxv_size) { 2008 /* 2009 * Someone is trying to cheat the auxv vector. 2010 */ 2011 if (!prctl_map.auxv || 2012 prctl_map.auxv_size > sizeof(mm->saved_auxv)) 2013 return -EINVAL; 2014 2015 memset(user_auxv, 0, sizeof(user_auxv)); 2016 if (copy_from_user(user_auxv, 2017 (const void __user *)prctl_map.auxv, 2018 prctl_map.auxv_size)) 2019 return -EFAULT; 2020 2021 /* Last entry must be AT_NULL as specification requires */ 2022 user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL; 2023 user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL; 2024 } 2025 2026 if (prctl_map.exe_fd != (u32)-1) { 2027 /* 2028 * Check if the current user is checkpoint/restore capable. 2029 * At the time of this writing, it checks for CAP_SYS_ADMIN 2030 * or CAP_CHECKPOINT_RESTORE. 2031 * Note that a user with access to ptrace can masquerade an 2032 * arbitrary program as any executable, even setuid ones. 2033 * This may have implications in the tomoyo subsystem. 2034 */ 2035 if (!checkpoint_restore_ns_capable(current_user_ns())) 2036 return -EPERM; 2037 2038 error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd); 2039 if (error) 2040 return error; 2041 } 2042 2043 /* 2044 * arg_lock protects concurrent updates but we still need mmap_lock for 2045 * read to exclude races with sys_brk. 2046 */ 2047 mmap_read_lock(mm); 2048 2049 /* 2050 * We don't validate if these members are pointing to 2051 * real present VMAs because application may have correspond 2052 * VMAs already unmapped and kernel uses these members for statistics 2053 * output in procfs mostly, except 2054 * 2055 * - @start_brk/@brk which are used in do_brk_flags but kernel lookups 2056 * for VMAs when updating these members so anything wrong written 2057 * here cause kernel to swear at userspace program but won't lead 2058 * to any problem in kernel itself 2059 */ 2060 2061 spin_lock(&mm->arg_lock); 2062 mm->start_code = prctl_map.start_code; 2063 mm->end_code = prctl_map.end_code; 2064 mm->start_data = prctl_map.start_data; 2065 mm->end_data = prctl_map.end_data; 2066 mm->start_brk = prctl_map.start_brk; 2067 mm->brk = prctl_map.brk; 2068 mm->start_stack = prctl_map.start_stack; 2069 mm->arg_start = prctl_map.arg_start; 2070 mm->arg_end = prctl_map.arg_end; 2071 mm->env_start = prctl_map.env_start; 2072 mm->env_end = prctl_map.env_end; 2073 spin_unlock(&mm->arg_lock); 2074 2075 /* 2076 * Note this update of @saved_auxv is lockless thus 2077 * if someone reads this member in procfs while we're 2078 * updating -- it may get partly updated results. It's 2079 * known and acceptable trade off: we leave it as is to 2080 * not introduce additional locks here making the kernel 2081 * more complex. 2082 */ 2083 if (prctl_map.auxv_size) 2084 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv)); 2085 2086 mmap_read_unlock(mm); 2087 return 0; 2088 } 2089 #endif /* CONFIG_CHECKPOINT_RESTORE */ 2090 2091 static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr, 2092 unsigned long len) 2093 { 2094 /* 2095 * This doesn't move the auxiliary vector itself since it's pinned to 2096 * mm_struct, but it permits filling the vector with new values. It's 2097 * up to the caller to provide sane values here, otherwise userspace 2098 * tools which use this vector might be unhappy. 2099 */ 2100 unsigned long user_auxv[AT_VECTOR_SIZE] = {}; 2101 2102 if (len > sizeof(user_auxv)) 2103 return -EINVAL; 2104 2105 if (copy_from_user(user_auxv, (const void __user *)addr, len)) 2106 return -EFAULT; 2107 2108 /* Make sure the last entry is always AT_NULL */ 2109 user_auxv[AT_VECTOR_SIZE - 2] = 0; 2110 user_auxv[AT_VECTOR_SIZE - 1] = 0; 2111 2112 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 2113 2114 task_lock(current); 2115 memcpy(mm->saved_auxv, user_auxv, len); 2116 task_unlock(current); 2117 2118 return 0; 2119 } 2120 2121 static int prctl_set_mm(int opt, unsigned long addr, 2122 unsigned long arg4, unsigned long arg5) 2123 { 2124 struct mm_struct *mm = current->mm; 2125 struct prctl_mm_map prctl_map = { 2126 .auxv = NULL, 2127 .auxv_size = 0, 2128 .exe_fd = -1, 2129 }; 2130 struct vm_area_struct *vma; 2131 int error; 2132 2133 if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV && 2134 opt != PR_SET_MM_MAP && 2135 opt != PR_SET_MM_MAP_SIZE))) 2136 return -EINVAL; 2137 2138 #ifdef CONFIG_CHECKPOINT_RESTORE 2139 if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE) 2140 return prctl_set_mm_map(opt, (const void __user *)addr, arg4); 2141 #endif 2142 2143 if (!capable(CAP_SYS_RESOURCE)) 2144 return -EPERM; 2145 2146 if (opt == PR_SET_MM_EXE_FILE) 2147 return prctl_set_mm_exe_file(mm, (unsigned int)addr); 2148 2149 if (opt == PR_SET_MM_AUXV) 2150 return prctl_set_auxv(mm, addr, arg4); 2151 2152 if (addr >= TASK_SIZE || addr < mmap_min_addr) 2153 return -EINVAL; 2154 2155 error = -EINVAL; 2156 2157 /* 2158 * arg_lock protects concurrent updates of arg boundaries, we need 2159 * mmap_lock for a) concurrent sys_brk, b) finding VMA for addr 2160 * validation. 2161 */ 2162 mmap_read_lock(mm); 2163 vma = find_vma(mm, addr); 2164 2165 spin_lock(&mm->arg_lock); 2166 prctl_map.start_code = mm->start_code; 2167 prctl_map.end_code = mm->end_code; 2168 prctl_map.start_data = mm->start_data; 2169 prctl_map.end_data = mm->end_data; 2170 prctl_map.start_brk = mm->start_brk; 2171 prctl_map.brk = mm->brk; 2172 prctl_map.start_stack = mm->start_stack; 2173 prctl_map.arg_start = mm->arg_start; 2174 prctl_map.arg_end = mm->arg_end; 2175 prctl_map.env_start = mm->env_start; 2176 prctl_map.env_end = mm->env_end; 2177 2178 switch (opt) { 2179 case PR_SET_MM_START_CODE: 2180 prctl_map.start_code = addr; 2181 break; 2182 case PR_SET_MM_END_CODE: 2183 prctl_map.end_code = addr; 2184 break; 2185 case PR_SET_MM_START_DATA: 2186 prctl_map.start_data = addr; 2187 break; 2188 case PR_SET_MM_END_DATA: 2189 prctl_map.end_data = addr; 2190 break; 2191 case PR_SET_MM_START_STACK: 2192 prctl_map.start_stack = addr; 2193 break; 2194 case PR_SET_MM_START_BRK: 2195 prctl_map.start_brk = addr; 2196 break; 2197 case PR_SET_MM_BRK: 2198 prctl_map.brk = addr; 2199 break; 2200 case PR_SET_MM_ARG_START: 2201 prctl_map.arg_start = addr; 2202 break; 2203 case PR_SET_MM_ARG_END: 2204 prctl_map.arg_end = addr; 2205 break; 2206 case PR_SET_MM_ENV_START: 2207 prctl_map.env_start = addr; 2208 break; 2209 case PR_SET_MM_ENV_END: 2210 prctl_map.env_end = addr; 2211 break; 2212 default: 2213 goto out; 2214 } 2215 2216 error = validate_prctl_map_addr(&prctl_map); 2217 if (error) 2218 goto out; 2219 2220 switch (opt) { 2221 /* 2222 * If command line arguments and environment 2223 * are placed somewhere else on stack, we can 2224 * set them up here, ARG_START/END to setup 2225 * command line arguments and ENV_START/END 2226 * for environment. 2227 */ 2228 case PR_SET_MM_START_STACK: 2229 case PR_SET_MM_ARG_START: 2230 case PR_SET_MM_ARG_END: 2231 case PR_SET_MM_ENV_START: 2232 case PR_SET_MM_ENV_END: 2233 if (!vma) { 2234 error = -EFAULT; 2235 goto out; 2236 } 2237 } 2238 2239 mm->start_code = prctl_map.start_code; 2240 mm->end_code = prctl_map.end_code; 2241 mm->start_data = prctl_map.start_data; 2242 mm->end_data = prctl_map.end_data; 2243 mm->start_brk = prctl_map.start_brk; 2244 mm->brk = prctl_map.brk; 2245 mm->start_stack = prctl_map.start_stack; 2246 mm->arg_start = prctl_map.arg_start; 2247 mm->arg_end = prctl_map.arg_end; 2248 mm->env_start = prctl_map.env_start; 2249 mm->env_end = prctl_map.env_end; 2250 2251 error = 0; 2252 out: 2253 spin_unlock(&mm->arg_lock); 2254 mmap_read_unlock(mm); 2255 return error; 2256 } 2257 2258 #ifdef CONFIG_CHECKPOINT_RESTORE 2259 static int prctl_get_tid_address(struct task_struct *me, int __user * __user *tid_addr) 2260 { 2261 return put_user(me->clear_child_tid, tid_addr); 2262 } 2263 #else 2264 static int prctl_get_tid_address(struct task_struct *me, int __user * __user *tid_addr) 2265 { 2266 return -EINVAL; 2267 } 2268 #endif 2269 2270 static int propagate_has_child_subreaper(struct task_struct *p, void *data) 2271 { 2272 /* 2273 * If task has has_child_subreaper - all its descendants 2274 * already have these flag too and new descendants will 2275 * inherit it on fork, skip them. 2276 * 2277 * If we've found child_reaper - skip descendants in 2278 * it's subtree as they will never get out pidns. 2279 */ 2280 if (p->signal->has_child_subreaper || 2281 is_child_reaper(task_pid(p))) 2282 return 0; 2283 2284 p->signal->has_child_subreaper = 1; 2285 return 1; 2286 } 2287 2288 int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which) 2289 { 2290 return -EINVAL; 2291 } 2292 2293 int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, 2294 unsigned long ctrl) 2295 { 2296 return -EINVAL; 2297 } 2298 2299 #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) 2300 2301 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, 2302 unsigned long, arg4, unsigned long, arg5) 2303 { 2304 struct task_struct *me = current; 2305 unsigned char comm[sizeof(me->comm)]; 2306 long error; 2307 2308 error = security_task_prctl(option, arg2, arg3, arg4, arg5); 2309 if (error != -ENOSYS) 2310 return error; 2311 2312 error = 0; 2313 switch (option) { 2314 case PR_SET_PDEATHSIG: 2315 if (!valid_signal(arg2)) { 2316 error = -EINVAL; 2317 break; 2318 } 2319 me->pdeath_signal = arg2; 2320 break; 2321 case PR_GET_PDEATHSIG: 2322 error = put_user(me->pdeath_signal, (int __user *)arg2); 2323 break; 2324 case PR_GET_DUMPABLE: 2325 error = get_dumpable(me->mm); 2326 break; 2327 case PR_SET_DUMPABLE: 2328 if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) { 2329 error = -EINVAL; 2330 break; 2331 } 2332 set_dumpable(me->mm, arg2); 2333 break; 2334 2335 case PR_SET_UNALIGN: 2336 error = SET_UNALIGN_CTL(me, arg2); 2337 break; 2338 case PR_GET_UNALIGN: 2339 error = GET_UNALIGN_CTL(me, arg2); 2340 break; 2341 case PR_SET_FPEMU: 2342 error = SET_FPEMU_CTL(me, arg2); 2343 break; 2344 case PR_GET_FPEMU: 2345 error = GET_FPEMU_CTL(me, arg2); 2346 break; 2347 case PR_SET_FPEXC: 2348 error = SET_FPEXC_CTL(me, arg2); 2349 break; 2350 case PR_GET_FPEXC: 2351 error = GET_FPEXC_CTL(me, arg2); 2352 break; 2353 case PR_GET_TIMING: 2354 error = PR_TIMING_STATISTICAL; 2355 break; 2356 case PR_SET_TIMING: 2357 if (arg2 != PR_TIMING_STATISTICAL) 2358 error = -EINVAL; 2359 break; 2360 case PR_SET_NAME: 2361 comm[sizeof(me->comm) - 1] = 0; 2362 if (strncpy_from_user(comm, (char __user *)arg2, 2363 sizeof(me->comm) - 1) < 0) 2364 return -EFAULT; 2365 set_task_comm(me, comm); 2366 proc_comm_connector(me); 2367 break; 2368 case PR_GET_NAME: 2369 get_task_comm(comm, me); 2370 if (copy_to_user((char __user *)arg2, comm, sizeof(comm))) 2371 return -EFAULT; 2372 break; 2373 case PR_GET_ENDIAN: 2374 error = GET_ENDIAN(me, arg2); 2375 break; 2376 case PR_SET_ENDIAN: 2377 error = SET_ENDIAN(me, arg2); 2378 break; 2379 case PR_GET_SECCOMP: 2380 error = prctl_get_seccomp(); 2381 break; 2382 case PR_SET_SECCOMP: 2383 error = prctl_set_seccomp(arg2, (char __user *)arg3); 2384 break; 2385 case PR_GET_TSC: 2386 error = GET_TSC_CTL(arg2); 2387 break; 2388 case PR_SET_TSC: 2389 error = SET_TSC_CTL(arg2); 2390 break; 2391 case PR_TASK_PERF_EVENTS_DISABLE: 2392 error = perf_event_task_disable(); 2393 break; 2394 case PR_TASK_PERF_EVENTS_ENABLE: 2395 error = perf_event_task_enable(); 2396 break; 2397 case PR_GET_TIMERSLACK: 2398 if (current->timer_slack_ns > ULONG_MAX) 2399 error = ULONG_MAX; 2400 else 2401 error = current->timer_slack_ns; 2402 break; 2403 case PR_SET_TIMERSLACK: 2404 if (arg2 <= 0) 2405 current->timer_slack_ns = 2406 current->default_timer_slack_ns; 2407 else 2408 current->timer_slack_ns = arg2; 2409 break; 2410 case PR_MCE_KILL: 2411 if (arg4 | arg5) 2412 return -EINVAL; 2413 switch (arg2) { 2414 case PR_MCE_KILL_CLEAR: 2415 if (arg3 != 0) 2416 return -EINVAL; 2417 current->flags &= ~PF_MCE_PROCESS; 2418 break; 2419 case PR_MCE_KILL_SET: 2420 current->flags |= PF_MCE_PROCESS; 2421 if (arg3 == PR_MCE_KILL_EARLY) 2422 current->flags |= PF_MCE_EARLY; 2423 else if (arg3 == PR_MCE_KILL_LATE) 2424 current->flags &= ~PF_MCE_EARLY; 2425 else if (arg3 == PR_MCE_KILL_DEFAULT) 2426 current->flags &= 2427 ~(PF_MCE_EARLY|PF_MCE_PROCESS); 2428 else 2429 return -EINVAL; 2430 break; 2431 default: 2432 return -EINVAL; 2433 } 2434 break; 2435 case PR_MCE_KILL_GET: 2436 if (arg2 | arg3 | arg4 | arg5) 2437 return -EINVAL; 2438 if (current->flags & PF_MCE_PROCESS) 2439 error = (current->flags & PF_MCE_EARLY) ? 2440 PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE; 2441 else 2442 error = PR_MCE_KILL_DEFAULT; 2443 break; 2444 case PR_SET_MM: 2445 error = prctl_set_mm(arg2, arg3, arg4, arg5); 2446 break; 2447 case PR_GET_TID_ADDRESS: 2448 error = prctl_get_tid_address(me, (int __user * __user *)arg2); 2449 break; 2450 case PR_SET_CHILD_SUBREAPER: 2451 me->signal->is_child_subreaper = !!arg2; 2452 if (!arg2) 2453 break; 2454 2455 walk_process_tree(me, propagate_has_child_subreaper, NULL); 2456 break; 2457 case PR_GET_CHILD_SUBREAPER: 2458 error = put_user(me->signal->is_child_subreaper, 2459 (int __user *)arg2); 2460 break; 2461 case PR_SET_NO_NEW_PRIVS: 2462 if (arg2 != 1 || arg3 || arg4 || arg5) 2463 return -EINVAL; 2464 2465 task_set_no_new_privs(current); 2466 break; 2467 case PR_GET_NO_NEW_PRIVS: 2468 if (arg2 || arg3 || arg4 || arg5) 2469 return -EINVAL; 2470 return task_no_new_privs(current) ? 1 : 0; 2471 case PR_GET_THP_DISABLE: 2472 if (arg2 || arg3 || arg4 || arg5) 2473 return -EINVAL; 2474 error = !!test_bit(MMF_DISABLE_THP, &me->mm->flags); 2475 break; 2476 case PR_SET_THP_DISABLE: 2477 if (arg3 || arg4 || arg5) 2478 return -EINVAL; 2479 if (mmap_write_lock_killable(me->mm)) 2480 return -EINTR; 2481 if (arg2) 2482 set_bit(MMF_DISABLE_THP, &me->mm->flags); 2483 else 2484 clear_bit(MMF_DISABLE_THP, &me->mm->flags); 2485 mmap_write_unlock(me->mm); 2486 break; 2487 case PR_MPX_ENABLE_MANAGEMENT: 2488 case PR_MPX_DISABLE_MANAGEMENT: 2489 /* No longer implemented: */ 2490 return -EINVAL; 2491 case PR_SET_FP_MODE: 2492 error = SET_FP_MODE(me, arg2); 2493 break; 2494 case PR_GET_FP_MODE: 2495 error = GET_FP_MODE(me); 2496 break; 2497 case PR_SVE_SET_VL: 2498 error = SVE_SET_VL(arg2); 2499 break; 2500 case PR_SVE_GET_VL: 2501 error = SVE_GET_VL(); 2502 break; 2503 case PR_GET_SPECULATION_CTRL: 2504 if (arg3 || arg4 || arg5) 2505 return -EINVAL; 2506 error = arch_prctl_spec_ctrl_get(me, arg2); 2507 break; 2508 case PR_SET_SPECULATION_CTRL: 2509 if (arg4 || arg5) 2510 return -EINVAL; 2511 error = arch_prctl_spec_ctrl_set(me, arg2, arg3); 2512 break; 2513 case PR_PAC_RESET_KEYS: 2514 if (arg3 || arg4 || arg5) 2515 return -EINVAL; 2516 error = PAC_RESET_KEYS(me, arg2); 2517 break; 2518 case PR_PAC_SET_ENABLED_KEYS: 2519 if (arg4 || arg5) 2520 return -EINVAL; 2521 error = PAC_SET_ENABLED_KEYS(me, arg2, arg3); 2522 break; 2523 case PR_PAC_GET_ENABLED_KEYS: 2524 if (arg2 || arg3 || arg4 || arg5) 2525 return -EINVAL; 2526 error = PAC_GET_ENABLED_KEYS(me); 2527 break; 2528 case PR_SET_TAGGED_ADDR_CTRL: 2529 if (arg3 || arg4 || arg5) 2530 return -EINVAL; 2531 error = SET_TAGGED_ADDR_CTRL(arg2); 2532 break; 2533 case PR_GET_TAGGED_ADDR_CTRL: 2534 if (arg2 || arg3 || arg4 || arg5) 2535 return -EINVAL; 2536 error = GET_TAGGED_ADDR_CTRL(); 2537 break; 2538 case PR_SET_IO_FLUSHER: 2539 if (!capable(CAP_SYS_RESOURCE)) 2540 return -EPERM; 2541 2542 if (arg3 || arg4 || arg5) 2543 return -EINVAL; 2544 2545 if (arg2 == 1) 2546 current->flags |= PR_IO_FLUSHER; 2547 else if (!arg2) 2548 current->flags &= ~PR_IO_FLUSHER; 2549 else 2550 return -EINVAL; 2551 break; 2552 case PR_GET_IO_FLUSHER: 2553 if (!capable(CAP_SYS_RESOURCE)) 2554 return -EPERM; 2555 2556 if (arg2 || arg3 || arg4 || arg5) 2557 return -EINVAL; 2558 2559 error = (current->flags & PR_IO_FLUSHER) == PR_IO_FLUSHER; 2560 break; 2561 case PR_SET_SYSCALL_USER_DISPATCH: 2562 error = set_syscall_user_dispatch(arg2, arg3, arg4, 2563 (char __user *) arg5); 2564 break; 2565 #ifdef CONFIG_SCHED_CORE 2566 case PR_SCHED_CORE: 2567 error = sched_core_share_pid(arg2, arg3, arg4, arg5); 2568 break; 2569 #endif 2570 default: 2571 error = -EINVAL; 2572 break; 2573 } 2574 return error; 2575 } 2576 2577 SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep, 2578 struct getcpu_cache __user *, unused) 2579 { 2580 int err = 0; 2581 int cpu = raw_smp_processor_id(); 2582 2583 if (cpup) 2584 err |= put_user(cpu, cpup); 2585 if (nodep) 2586 err |= put_user(cpu_to_node(cpu), nodep); 2587 return err ? -EFAULT : 0; 2588 } 2589 2590 /** 2591 * do_sysinfo - fill in sysinfo struct 2592 * @info: pointer to buffer to fill 2593 */ 2594 static int do_sysinfo(struct sysinfo *info) 2595 { 2596 unsigned long mem_total, sav_total; 2597 unsigned int mem_unit, bitcount; 2598 struct timespec64 tp; 2599 2600 memset(info, 0, sizeof(struct sysinfo)); 2601 2602 ktime_get_boottime_ts64(&tp); 2603 timens_add_boottime(&tp); 2604 info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0); 2605 2606 get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT); 2607 2608 info->procs = nr_threads; 2609 2610 si_meminfo(info); 2611 si_swapinfo(info); 2612 2613 /* 2614 * If the sum of all the available memory (i.e. ram + swap) 2615 * is less than can be stored in a 32 bit unsigned long then 2616 * we can be binary compatible with 2.2.x kernels. If not, 2617 * well, in that case 2.2.x was broken anyways... 2618 * 2619 * -Erik Andersen <andersee@debian.org> 2620 */ 2621 2622 mem_total = info->totalram + info->totalswap; 2623 if (mem_total < info->totalram || mem_total < info->totalswap) 2624 goto out; 2625 bitcount = 0; 2626 mem_unit = info->mem_unit; 2627 while (mem_unit > 1) { 2628 bitcount++; 2629 mem_unit >>= 1; 2630 sav_total = mem_total; 2631 mem_total <<= 1; 2632 if (mem_total < sav_total) 2633 goto out; 2634 } 2635 2636 /* 2637 * If mem_total did not overflow, multiply all memory values by 2638 * info->mem_unit and set it to 1. This leaves things compatible 2639 * with 2.2.x, and also retains compatibility with earlier 2.4.x 2640 * kernels... 2641 */ 2642 2643 info->mem_unit = 1; 2644 info->totalram <<= bitcount; 2645 info->freeram <<= bitcount; 2646 info->sharedram <<= bitcount; 2647 info->bufferram <<= bitcount; 2648 info->totalswap <<= bitcount; 2649 info->freeswap <<= bitcount; 2650 info->totalhigh <<= bitcount; 2651 info->freehigh <<= bitcount; 2652 2653 out: 2654 return 0; 2655 } 2656 2657 SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info) 2658 { 2659 struct sysinfo val; 2660 2661 do_sysinfo(&val); 2662 2663 if (copy_to_user(info, &val, sizeof(struct sysinfo))) 2664 return -EFAULT; 2665 2666 return 0; 2667 } 2668 2669 #ifdef CONFIG_COMPAT 2670 struct compat_sysinfo { 2671 s32 uptime; 2672 u32 loads[3]; 2673 u32 totalram; 2674 u32 freeram; 2675 u32 sharedram; 2676 u32 bufferram; 2677 u32 totalswap; 2678 u32 freeswap; 2679 u16 procs; 2680 u16 pad; 2681 u32 totalhigh; 2682 u32 freehigh; 2683 u32 mem_unit; 2684 char _f[20-2*sizeof(u32)-sizeof(int)]; 2685 }; 2686 2687 COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info) 2688 { 2689 struct sysinfo s; 2690 struct compat_sysinfo s_32; 2691 2692 do_sysinfo(&s); 2693 2694 /* Check to see if any memory value is too large for 32-bit and scale 2695 * down if needed 2696 */ 2697 if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) { 2698 int bitcount = 0; 2699 2700 while (s.mem_unit < PAGE_SIZE) { 2701 s.mem_unit <<= 1; 2702 bitcount++; 2703 } 2704 2705 s.totalram >>= bitcount; 2706 s.freeram >>= bitcount; 2707 s.sharedram >>= bitcount; 2708 s.bufferram >>= bitcount; 2709 s.totalswap >>= bitcount; 2710 s.freeswap >>= bitcount; 2711 s.totalhigh >>= bitcount; 2712 s.freehigh >>= bitcount; 2713 } 2714 2715 memset(&s_32, 0, sizeof(s_32)); 2716 s_32.uptime = s.uptime; 2717 s_32.loads[0] = s.loads[0]; 2718 s_32.loads[1] = s.loads[1]; 2719 s_32.loads[2] = s.loads[2]; 2720 s_32.totalram = s.totalram; 2721 s_32.freeram = s.freeram; 2722 s_32.sharedram = s.sharedram; 2723 s_32.bufferram = s.bufferram; 2724 s_32.totalswap = s.totalswap; 2725 s_32.freeswap = s.freeswap; 2726 s_32.procs = s.procs; 2727 s_32.totalhigh = s.totalhigh; 2728 s_32.freehigh = s.freehigh; 2729 s_32.mem_unit = s.mem_unit; 2730 if (copy_to_user(info, &s_32, sizeof(s_32))) 2731 return -EFAULT; 2732 return 0; 2733 } 2734 #endif /* CONFIG_COMPAT */ 2735