1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/kernel/sys.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/export.h> 9 #include <linux/mm.h> 10 #include <linux/utsname.h> 11 #include <linux/mman.h> 12 #include <linux/reboot.h> 13 #include <linux/prctl.h> 14 #include <linux/highuid.h> 15 #include <linux/fs.h> 16 #include <linux/kmod.h> 17 #include <linux/perf_event.h> 18 #include <linux/resource.h> 19 #include <linux/kernel.h> 20 #include <linux/workqueue.h> 21 #include <linux/capability.h> 22 #include <linux/device.h> 23 #include <linux/key.h> 24 #include <linux/times.h> 25 #include <linux/posix-timers.h> 26 #include <linux/security.h> 27 #include <linux/suspend.h> 28 #include <linux/tty.h> 29 #include <linux/signal.h> 30 #include <linux/cn_proc.h> 31 #include <linux/getcpu.h> 32 #include <linux/task_io_accounting_ops.h> 33 #include <linux/seccomp.h> 34 #include <linux/cpu.h> 35 #include <linux/personality.h> 36 #include <linux/ptrace.h> 37 #include <linux/fs_struct.h> 38 #include <linux/file.h> 39 #include <linux/mount.h> 40 #include <linux/gfp.h> 41 #include <linux/syscore_ops.h> 42 #include <linux/version.h> 43 #include <linux/ctype.h> 44 #include <linux/syscall_user_dispatch.h> 45 46 #include <linux/compat.h> 47 #include <linux/syscalls.h> 48 #include <linux/kprobes.h> 49 #include <linux/user_namespace.h> 50 #include <linux/time_namespace.h> 51 #include <linux/binfmts.h> 52 53 #include <linux/sched.h> 54 #include <linux/sched/autogroup.h> 55 #include <linux/sched/loadavg.h> 56 #include <linux/sched/stat.h> 57 #include <linux/sched/mm.h> 58 #include <linux/sched/coredump.h> 59 #include <linux/sched/task.h> 60 #include <linux/sched/cputime.h> 61 #include <linux/rcupdate.h> 62 #include <linux/uidgid.h> 63 #include <linux/cred.h> 64 65 #include <linux/nospec.h> 66 67 #include <linux/kmsg_dump.h> 68 /* Move somewhere else to avoid recompiling? */ 69 #include <generated/utsrelease.h> 70 71 #include <linux/uaccess.h> 72 #include <asm/io.h> 73 #include <asm/unistd.h> 74 75 #include "uid16.h" 76 77 #ifndef SET_UNALIGN_CTL 78 # define SET_UNALIGN_CTL(a, b) (-EINVAL) 79 #endif 80 #ifndef GET_UNALIGN_CTL 81 # define GET_UNALIGN_CTL(a, b) (-EINVAL) 82 #endif 83 #ifndef SET_FPEMU_CTL 84 # define SET_FPEMU_CTL(a, b) (-EINVAL) 85 #endif 86 #ifndef GET_FPEMU_CTL 87 # define GET_FPEMU_CTL(a, b) (-EINVAL) 88 #endif 89 #ifndef SET_FPEXC_CTL 90 # define SET_FPEXC_CTL(a, b) (-EINVAL) 91 #endif 92 #ifndef GET_FPEXC_CTL 93 # define GET_FPEXC_CTL(a, b) (-EINVAL) 94 #endif 95 #ifndef GET_ENDIAN 96 # define GET_ENDIAN(a, b) (-EINVAL) 97 #endif 98 #ifndef SET_ENDIAN 99 # define SET_ENDIAN(a, b) (-EINVAL) 100 #endif 101 #ifndef GET_TSC_CTL 102 # define GET_TSC_CTL(a) (-EINVAL) 103 #endif 104 #ifndef SET_TSC_CTL 105 # define SET_TSC_CTL(a) (-EINVAL) 106 #endif 107 #ifndef GET_FP_MODE 108 # define GET_FP_MODE(a) (-EINVAL) 109 #endif 110 #ifndef SET_FP_MODE 111 # define SET_FP_MODE(a,b) (-EINVAL) 112 #endif 113 #ifndef SVE_SET_VL 114 # define SVE_SET_VL(a) (-EINVAL) 115 #endif 116 #ifndef SVE_GET_VL 117 # define SVE_GET_VL() (-EINVAL) 118 #endif 119 #ifndef PAC_RESET_KEYS 120 # define PAC_RESET_KEYS(a, b) (-EINVAL) 121 #endif 122 #ifndef PAC_SET_ENABLED_KEYS 123 # define PAC_SET_ENABLED_KEYS(a, b, c) (-EINVAL) 124 #endif 125 #ifndef PAC_GET_ENABLED_KEYS 126 # define PAC_GET_ENABLED_KEYS(a) (-EINVAL) 127 #endif 128 #ifndef SET_TAGGED_ADDR_CTRL 129 # define SET_TAGGED_ADDR_CTRL(a) (-EINVAL) 130 #endif 131 #ifndef GET_TAGGED_ADDR_CTRL 132 # define GET_TAGGED_ADDR_CTRL() (-EINVAL) 133 #endif 134 135 /* 136 * this is where the system-wide overflow UID and GID are defined, for 137 * architectures that now have 32-bit UID/GID but didn't in the past 138 */ 139 140 int overflowuid = DEFAULT_OVERFLOWUID; 141 int overflowgid = DEFAULT_OVERFLOWGID; 142 143 EXPORT_SYMBOL(overflowuid); 144 EXPORT_SYMBOL(overflowgid); 145 146 /* 147 * the same as above, but for filesystems which can only store a 16-bit 148 * UID and GID. as such, this is needed on all architectures 149 */ 150 151 int fs_overflowuid = DEFAULT_FS_OVERFLOWUID; 152 int fs_overflowgid = DEFAULT_FS_OVERFLOWGID; 153 154 EXPORT_SYMBOL(fs_overflowuid); 155 EXPORT_SYMBOL(fs_overflowgid); 156 157 /* 158 * Returns true if current's euid is same as p's uid or euid, 159 * or has CAP_SYS_NICE to p's user_ns. 160 * 161 * Called with rcu_read_lock, creds are safe 162 */ 163 static bool set_one_prio_perm(struct task_struct *p) 164 { 165 const struct cred *cred = current_cred(), *pcred = __task_cred(p); 166 167 if (uid_eq(pcred->uid, cred->euid) || 168 uid_eq(pcred->euid, cred->euid)) 169 return true; 170 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) 171 return true; 172 return false; 173 } 174 175 /* 176 * set the priority of a task 177 * - the caller must hold the RCU read lock 178 */ 179 static int set_one_prio(struct task_struct *p, int niceval, int error) 180 { 181 int no_nice; 182 183 if (!set_one_prio_perm(p)) { 184 error = -EPERM; 185 goto out; 186 } 187 if (niceval < task_nice(p) && !can_nice(p, niceval)) { 188 error = -EACCES; 189 goto out; 190 } 191 no_nice = security_task_setnice(p, niceval); 192 if (no_nice) { 193 error = no_nice; 194 goto out; 195 } 196 if (error == -ESRCH) 197 error = 0; 198 set_user_nice(p, niceval); 199 out: 200 return error; 201 } 202 203 SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) 204 { 205 struct task_struct *g, *p; 206 struct user_struct *user; 207 const struct cred *cred = current_cred(); 208 int error = -EINVAL; 209 struct pid *pgrp; 210 kuid_t uid; 211 212 if (which > PRIO_USER || which < PRIO_PROCESS) 213 goto out; 214 215 /* normalize: avoid signed division (rounding problems) */ 216 error = -ESRCH; 217 if (niceval < MIN_NICE) 218 niceval = MIN_NICE; 219 if (niceval > MAX_NICE) 220 niceval = MAX_NICE; 221 222 rcu_read_lock(); 223 read_lock(&tasklist_lock); 224 switch (which) { 225 case PRIO_PROCESS: 226 if (who) 227 p = find_task_by_vpid(who); 228 else 229 p = current; 230 if (p) 231 error = set_one_prio(p, niceval, error); 232 break; 233 case PRIO_PGRP: 234 if (who) 235 pgrp = find_vpid(who); 236 else 237 pgrp = task_pgrp(current); 238 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 239 error = set_one_prio(p, niceval, error); 240 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 241 break; 242 case PRIO_USER: 243 uid = make_kuid(cred->user_ns, who); 244 user = cred->user; 245 if (!who) 246 uid = cred->uid; 247 else if (!uid_eq(uid, cred->uid)) { 248 user = find_user(uid); 249 if (!user) 250 goto out_unlock; /* No processes for this user */ 251 } 252 do_each_thread(g, p) { 253 if (uid_eq(task_uid(p), uid) && task_pid_vnr(p)) 254 error = set_one_prio(p, niceval, error); 255 } while_each_thread(g, p); 256 if (!uid_eq(uid, cred->uid)) 257 free_uid(user); /* For find_user() */ 258 break; 259 } 260 out_unlock: 261 read_unlock(&tasklist_lock); 262 rcu_read_unlock(); 263 out: 264 return error; 265 } 266 267 /* 268 * Ugh. To avoid negative return values, "getpriority()" will 269 * not return the normal nice-value, but a negated value that 270 * has been offset by 20 (ie it returns 40..1 instead of -20..19) 271 * to stay compatible. 272 */ 273 SYSCALL_DEFINE2(getpriority, int, which, int, who) 274 { 275 struct task_struct *g, *p; 276 struct user_struct *user; 277 const struct cred *cred = current_cred(); 278 long niceval, retval = -ESRCH; 279 struct pid *pgrp; 280 kuid_t uid; 281 282 if (which > PRIO_USER || which < PRIO_PROCESS) 283 return -EINVAL; 284 285 rcu_read_lock(); 286 read_lock(&tasklist_lock); 287 switch (which) { 288 case PRIO_PROCESS: 289 if (who) 290 p = find_task_by_vpid(who); 291 else 292 p = current; 293 if (p) { 294 niceval = nice_to_rlimit(task_nice(p)); 295 if (niceval > retval) 296 retval = niceval; 297 } 298 break; 299 case PRIO_PGRP: 300 if (who) 301 pgrp = find_vpid(who); 302 else 303 pgrp = task_pgrp(current); 304 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) { 305 niceval = nice_to_rlimit(task_nice(p)); 306 if (niceval > retval) 307 retval = niceval; 308 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 309 break; 310 case PRIO_USER: 311 uid = make_kuid(cred->user_ns, who); 312 user = cred->user; 313 if (!who) 314 uid = cred->uid; 315 else if (!uid_eq(uid, cred->uid)) { 316 user = find_user(uid); 317 if (!user) 318 goto out_unlock; /* No processes for this user */ 319 } 320 do_each_thread(g, p) { 321 if (uid_eq(task_uid(p), uid) && task_pid_vnr(p)) { 322 niceval = nice_to_rlimit(task_nice(p)); 323 if (niceval > retval) 324 retval = niceval; 325 } 326 } while_each_thread(g, p); 327 if (!uid_eq(uid, cred->uid)) 328 free_uid(user); /* for find_user() */ 329 break; 330 } 331 out_unlock: 332 read_unlock(&tasklist_lock); 333 rcu_read_unlock(); 334 335 return retval; 336 } 337 338 /* 339 * Unprivileged users may change the real gid to the effective gid 340 * or vice versa. (BSD-style) 341 * 342 * If you set the real gid at all, or set the effective gid to a value not 343 * equal to the real gid, then the saved gid is set to the new effective gid. 344 * 345 * This makes it possible for a setgid program to completely drop its 346 * privileges, which is often a useful assertion to make when you are doing 347 * a security audit over a program. 348 * 349 * The general idea is that a program which uses just setregid() will be 350 * 100% compatible with BSD. A program which uses just setgid() will be 351 * 100% compatible with POSIX with saved IDs. 352 * 353 * SMP: There are not races, the GIDs are checked only by filesystem 354 * operations (as far as semantic preservation is concerned). 355 */ 356 #ifdef CONFIG_MULTIUSER 357 long __sys_setregid(gid_t rgid, gid_t egid) 358 { 359 struct user_namespace *ns = current_user_ns(); 360 const struct cred *old; 361 struct cred *new; 362 int retval; 363 kgid_t krgid, kegid; 364 365 krgid = make_kgid(ns, rgid); 366 kegid = make_kgid(ns, egid); 367 368 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 369 return -EINVAL; 370 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 371 return -EINVAL; 372 373 new = prepare_creds(); 374 if (!new) 375 return -ENOMEM; 376 old = current_cred(); 377 378 retval = -EPERM; 379 if (rgid != (gid_t) -1) { 380 if (gid_eq(old->gid, krgid) || 381 gid_eq(old->egid, krgid) || 382 ns_capable_setid(old->user_ns, CAP_SETGID)) 383 new->gid = krgid; 384 else 385 goto error; 386 } 387 if (egid != (gid_t) -1) { 388 if (gid_eq(old->gid, kegid) || 389 gid_eq(old->egid, kegid) || 390 gid_eq(old->sgid, kegid) || 391 ns_capable_setid(old->user_ns, CAP_SETGID)) 392 new->egid = kegid; 393 else 394 goto error; 395 } 396 397 if (rgid != (gid_t) -1 || 398 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) 399 new->sgid = new->egid; 400 new->fsgid = new->egid; 401 402 retval = security_task_fix_setgid(new, old, LSM_SETID_RE); 403 if (retval < 0) 404 goto error; 405 406 return commit_creds(new); 407 408 error: 409 abort_creds(new); 410 return retval; 411 } 412 413 SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) 414 { 415 return __sys_setregid(rgid, egid); 416 } 417 418 /* 419 * setgid() is implemented like SysV w/ SAVED_IDS 420 * 421 * SMP: Same implicit races as above. 422 */ 423 long __sys_setgid(gid_t gid) 424 { 425 struct user_namespace *ns = current_user_ns(); 426 const struct cred *old; 427 struct cred *new; 428 int retval; 429 kgid_t kgid; 430 431 kgid = make_kgid(ns, gid); 432 if (!gid_valid(kgid)) 433 return -EINVAL; 434 435 new = prepare_creds(); 436 if (!new) 437 return -ENOMEM; 438 old = current_cred(); 439 440 retval = -EPERM; 441 if (ns_capable_setid(old->user_ns, CAP_SETGID)) 442 new->gid = new->egid = new->sgid = new->fsgid = kgid; 443 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) 444 new->egid = new->fsgid = kgid; 445 else 446 goto error; 447 448 retval = security_task_fix_setgid(new, old, LSM_SETID_ID); 449 if (retval < 0) 450 goto error; 451 452 return commit_creds(new); 453 454 error: 455 abort_creds(new); 456 return retval; 457 } 458 459 SYSCALL_DEFINE1(setgid, gid_t, gid) 460 { 461 return __sys_setgid(gid); 462 } 463 464 /* 465 * change the user struct in a credentials set to match the new UID 466 */ 467 static int set_user(struct cred *new) 468 { 469 struct user_struct *new_user; 470 471 new_user = alloc_uid(new->uid); 472 if (!new_user) 473 return -EAGAIN; 474 475 /* 476 * We don't fail in case of NPROC limit excess here because too many 477 * poorly written programs don't check set*uid() return code, assuming 478 * it never fails if called by root. We may still enforce NPROC limit 479 * for programs doing set*uid()+execve() by harmlessly deferring the 480 * failure to the execve() stage. 481 */ 482 if (is_ucounts_overlimit(new->ucounts, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)) && 483 new_user != INIT_USER) 484 current->flags |= PF_NPROC_EXCEEDED; 485 else 486 current->flags &= ~PF_NPROC_EXCEEDED; 487 488 free_uid(new->user); 489 new->user = new_user; 490 return 0; 491 } 492 493 /* 494 * Unprivileged users may change the real uid to the effective uid 495 * or vice versa. (BSD-style) 496 * 497 * If you set the real uid at all, or set the effective uid to a value not 498 * equal to the real uid, then the saved uid is set to the new effective uid. 499 * 500 * This makes it possible for a setuid program to completely drop its 501 * privileges, which is often a useful assertion to make when you are doing 502 * a security audit over a program. 503 * 504 * The general idea is that a program which uses just setreuid() will be 505 * 100% compatible with BSD. A program which uses just setuid() will be 506 * 100% compatible with POSIX with saved IDs. 507 */ 508 long __sys_setreuid(uid_t ruid, uid_t euid) 509 { 510 struct user_namespace *ns = current_user_ns(); 511 const struct cred *old; 512 struct cred *new; 513 int retval; 514 kuid_t kruid, keuid; 515 516 kruid = make_kuid(ns, ruid); 517 keuid = make_kuid(ns, euid); 518 519 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 520 return -EINVAL; 521 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 522 return -EINVAL; 523 524 new = prepare_creds(); 525 if (!new) 526 return -ENOMEM; 527 old = current_cred(); 528 529 retval = -EPERM; 530 if (ruid != (uid_t) -1) { 531 new->uid = kruid; 532 if (!uid_eq(old->uid, kruid) && 533 !uid_eq(old->euid, kruid) && 534 !ns_capable_setid(old->user_ns, CAP_SETUID)) 535 goto error; 536 } 537 538 if (euid != (uid_t) -1) { 539 new->euid = keuid; 540 if (!uid_eq(old->uid, keuid) && 541 !uid_eq(old->euid, keuid) && 542 !uid_eq(old->suid, keuid) && 543 !ns_capable_setid(old->user_ns, CAP_SETUID)) 544 goto error; 545 } 546 547 if (!uid_eq(new->uid, old->uid)) { 548 retval = set_user(new); 549 if (retval < 0) 550 goto error; 551 } 552 if (ruid != (uid_t) -1 || 553 (euid != (uid_t) -1 && !uid_eq(keuid, old->uid))) 554 new->suid = new->euid; 555 new->fsuid = new->euid; 556 557 retval = security_task_fix_setuid(new, old, LSM_SETID_RE); 558 if (retval < 0) 559 goto error; 560 561 retval = set_cred_ucounts(new); 562 if (retval < 0) 563 goto error; 564 565 return commit_creds(new); 566 567 error: 568 abort_creds(new); 569 return retval; 570 } 571 572 SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) 573 { 574 return __sys_setreuid(ruid, euid); 575 } 576 577 /* 578 * setuid() is implemented like SysV with SAVED_IDS 579 * 580 * Note that SAVED_ID's is deficient in that a setuid root program 581 * like sendmail, for example, cannot set its uid to be a normal 582 * user and then switch back, because if you're root, setuid() sets 583 * the saved uid too. If you don't like this, blame the bright people 584 * in the POSIX committee and/or USG. Note that the BSD-style setreuid() 585 * will allow a root program to temporarily drop privileges and be able to 586 * regain them by swapping the real and effective uid. 587 */ 588 long __sys_setuid(uid_t uid) 589 { 590 struct user_namespace *ns = current_user_ns(); 591 const struct cred *old; 592 struct cred *new; 593 int retval; 594 kuid_t kuid; 595 596 kuid = make_kuid(ns, uid); 597 if (!uid_valid(kuid)) 598 return -EINVAL; 599 600 new = prepare_creds(); 601 if (!new) 602 return -ENOMEM; 603 old = current_cred(); 604 605 retval = -EPERM; 606 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { 607 new->suid = new->uid = kuid; 608 if (!uid_eq(kuid, old->uid)) { 609 retval = set_user(new); 610 if (retval < 0) 611 goto error; 612 } 613 } else if (!uid_eq(kuid, old->uid) && !uid_eq(kuid, new->suid)) { 614 goto error; 615 } 616 617 new->fsuid = new->euid = kuid; 618 619 retval = security_task_fix_setuid(new, old, LSM_SETID_ID); 620 if (retval < 0) 621 goto error; 622 623 retval = set_cred_ucounts(new); 624 if (retval < 0) 625 goto error; 626 627 return commit_creds(new); 628 629 error: 630 abort_creds(new); 631 return retval; 632 } 633 634 SYSCALL_DEFINE1(setuid, uid_t, uid) 635 { 636 return __sys_setuid(uid); 637 } 638 639 640 /* 641 * This function implements a generic ability to update ruid, euid, 642 * and suid. This allows you to implement the 4.4 compatible seteuid(). 643 */ 644 long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) 645 { 646 struct user_namespace *ns = current_user_ns(); 647 const struct cred *old; 648 struct cred *new; 649 int retval; 650 kuid_t kruid, keuid, ksuid; 651 652 kruid = make_kuid(ns, ruid); 653 keuid = make_kuid(ns, euid); 654 ksuid = make_kuid(ns, suid); 655 656 if ((ruid != (uid_t) -1) && !uid_valid(kruid)) 657 return -EINVAL; 658 659 if ((euid != (uid_t) -1) && !uid_valid(keuid)) 660 return -EINVAL; 661 662 if ((suid != (uid_t) -1) && !uid_valid(ksuid)) 663 return -EINVAL; 664 665 new = prepare_creds(); 666 if (!new) 667 return -ENOMEM; 668 669 old = current_cred(); 670 671 retval = -EPERM; 672 if (!ns_capable_setid(old->user_ns, CAP_SETUID)) { 673 if (ruid != (uid_t) -1 && !uid_eq(kruid, old->uid) && 674 !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid)) 675 goto error; 676 if (euid != (uid_t) -1 && !uid_eq(keuid, old->uid) && 677 !uid_eq(keuid, old->euid) && !uid_eq(keuid, old->suid)) 678 goto error; 679 if (suid != (uid_t) -1 && !uid_eq(ksuid, old->uid) && 680 !uid_eq(ksuid, old->euid) && !uid_eq(ksuid, old->suid)) 681 goto error; 682 } 683 684 if (ruid != (uid_t) -1) { 685 new->uid = kruid; 686 if (!uid_eq(kruid, old->uid)) { 687 retval = set_user(new); 688 if (retval < 0) 689 goto error; 690 } 691 } 692 if (euid != (uid_t) -1) 693 new->euid = keuid; 694 if (suid != (uid_t) -1) 695 new->suid = ksuid; 696 new->fsuid = new->euid; 697 698 retval = security_task_fix_setuid(new, old, LSM_SETID_RES); 699 if (retval < 0) 700 goto error; 701 702 retval = set_cred_ucounts(new); 703 if (retval < 0) 704 goto error; 705 706 return commit_creds(new); 707 708 error: 709 abort_creds(new); 710 return retval; 711 } 712 713 SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) 714 { 715 return __sys_setresuid(ruid, euid, suid); 716 } 717 718 SYSCALL_DEFINE3(getresuid, uid_t __user *, ruidp, uid_t __user *, euidp, uid_t __user *, suidp) 719 { 720 const struct cred *cred = current_cred(); 721 int retval; 722 uid_t ruid, euid, suid; 723 724 ruid = from_kuid_munged(cred->user_ns, cred->uid); 725 euid = from_kuid_munged(cred->user_ns, cred->euid); 726 suid = from_kuid_munged(cred->user_ns, cred->suid); 727 728 retval = put_user(ruid, ruidp); 729 if (!retval) { 730 retval = put_user(euid, euidp); 731 if (!retval) 732 return put_user(suid, suidp); 733 } 734 return retval; 735 } 736 737 /* 738 * Same as above, but for rgid, egid, sgid. 739 */ 740 long __sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) 741 { 742 struct user_namespace *ns = current_user_ns(); 743 const struct cred *old; 744 struct cred *new; 745 int retval; 746 kgid_t krgid, kegid, ksgid; 747 748 krgid = make_kgid(ns, rgid); 749 kegid = make_kgid(ns, egid); 750 ksgid = make_kgid(ns, sgid); 751 752 if ((rgid != (gid_t) -1) && !gid_valid(krgid)) 753 return -EINVAL; 754 if ((egid != (gid_t) -1) && !gid_valid(kegid)) 755 return -EINVAL; 756 if ((sgid != (gid_t) -1) && !gid_valid(ksgid)) 757 return -EINVAL; 758 759 new = prepare_creds(); 760 if (!new) 761 return -ENOMEM; 762 old = current_cred(); 763 764 retval = -EPERM; 765 if (!ns_capable_setid(old->user_ns, CAP_SETGID)) { 766 if (rgid != (gid_t) -1 && !gid_eq(krgid, old->gid) && 767 !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid)) 768 goto error; 769 if (egid != (gid_t) -1 && !gid_eq(kegid, old->gid) && 770 !gid_eq(kegid, old->egid) && !gid_eq(kegid, old->sgid)) 771 goto error; 772 if (sgid != (gid_t) -1 && !gid_eq(ksgid, old->gid) && 773 !gid_eq(ksgid, old->egid) && !gid_eq(ksgid, old->sgid)) 774 goto error; 775 } 776 777 if (rgid != (gid_t) -1) 778 new->gid = krgid; 779 if (egid != (gid_t) -1) 780 new->egid = kegid; 781 if (sgid != (gid_t) -1) 782 new->sgid = ksgid; 783 new->fsgid = new->egid; 784 785 retval = security_task_fix_setgid(new, old, LSM_SETID_RES); 786 if (retval < 0) 787 goto error; 788 789 return commit_creds(new); 790 791 error: 792 abort_creds(new); 793 return retval; 794 } 795 796 SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) 797 { 798 return __sys_setresgid(rgid, egid, sgid); 799 } 800 801 SYSCALL_DEFINE3(getresgid, gid_t __user *, rgidp, gid_t __user *, egidp, gid_t __user *, sgidp) 802 { 803 const struct cred *cred = current_cred(); 804 int retval; 805 gid_t rgid, egid, sgid; 806 807 rgid = from_kgid_munged(cred->user_ns, cred->gid); 808 egid = from_kgid_munged(cred->user_ns, cred->egid); 809 sgid = from_kgid_munged(cred->user_ns, cred->sgid); 810 811 retval = put_user(rgid, rgidp); 812 if (!retval) { 813 retval = put_user(egid, egidp); 814 if (!retval) 815 retval = put_user(sgid, sgidp); 816 } 817 818 return retval; 819 } 820 821 822 /* 823 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This 824 * is used for "access()" and for the NFS daemon (letting nfsd stay at 825 * whatever uid it wants to). It normally shadows "euid", except when 826 * explicitly set by setfsuid() or for access.. 827 */ 828 long __sys_setfsuid(uid_t uid) 829 { 830 const struct cred *old; 831 struct cred *new; 832 uid_t old_fsuid; 833 kuid_t kuid; 834 835 old = current_cred(); 836 old_fsuid = from_kuid_munged(old->user_ns, old->fsuid); 837 838 kuid = make_kuid(old->user_ns, uid); 839 if (!uid_valid(kuid)) 840 return old_fsuid; 841 842 new = prepare_creds(); 843 if (!new) 844 return old_fsuid; 845 846 if (uid_eq(kuid, old->uid) || uid_eq(kuid, old->euid) || 847 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || 848 ns_capable_setid(old->user_ns, CAP_SETUID)) { 849 if (!uid_eq(kuid, old->fsuid)) { 850 new->fsuid = kuid; 851 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) 852 goto change_okay; 853 } 854 } 855 856 abort_creds(new); 857 return old_fsuid; 858 859 change_okay: 860 commit_creds(new); 861 return old_fsuid; 862 } 863 864 SYSCALL_DEFINE1(setfsuid, uid_t, uid) 865 { 866 return __sys_setfsuid(uid); 867 } 868 869 /* 870 * Samma på svenska.. 871 */ 872 long __sys_setfsgid(gid_t gid) 873 { 874 const struct cred *old; 875 struct cred *new; 876 gid_t old_fsgid; 877 kgid_t kgid; 878 879 old = current_cred(); 880 old_fsgid = from_kgid_munged(old->user_ns, old->fsgid); 881 882 kgid = make_kgid(old->user_ns, gid); 883 if (!gid_valid(kgid)) 884 return old_fsgid; 885 886 new = prepare_creds(); 887 if (!new) 888 return old_fsgid; 889 890 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || 891 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || 892 ns_capable_setid(old->user_ns, CAP_SETGID)) { 893 if (!gid_eq(kgid, old->fsgid)) { 894 new->fsgid = kgid; 895 if (security_task_fix_setgid(new,old,LSM_SETID_FS) == 0) 896 goto change_okay; 897 } 898 } 899 900 abort_creds(new); 901 return old_fsgid; 902 903 change_okay: 904 commit_creds(new); 905 return old_fsgid; 906 } 907 908 SYSCALL_DEFINE1(setfsgid, gid_t, gid) 909 { 910 return __sys_setfsgid(gid); 911 } 912 #endif /* CONFIG_MULTIUSER */ 913 914 /** 915 * sys_getpid - return the thread group id of the current process 916 * 917 * Note, despite the name, this returns the tgid not the pid. The tgid and 918 * the pid are identical unless CLONE_THREAD was specified on clone() in 919 * which case the tgid is the same in all threads of the same group. 920 * 921 * This is SMP safe as current->tgid does not change. 922 */ 923 SYSCALL_DEFINE0(getpid) 924 { 925 return task_tgid_vnr(current); 926 } 927 928 /* Thread ID - the internal kernel "pid" */ 929 SYSCALL_DEFINE0(gettid) 930 { 931 return task_pid_vnr(current); 932 } 933 934 /* 935 * Accessing ->real_parent is not SMP-safe, it could 936 * change from under us. However, we can use a stale 937 * value of ->real_parent under rcu_read_lock(), see 938 * release_task()->call_rcu(delayed_put_task_struct). 939 */ 940 SYSCALL_DEFINE0(getppid) 941 { 942 int pid; 943 944 rcu_read_lock(); 945 pid = task_tgid_vnr(rcu_dereference(current->real_parent)); 946 rcu_read_unlock(); 947 948 return pid; 949 } 950 951 SYSCALL_DEFINE0(getuid) 952 { 953 /* Only we change this so SMP safe */ 954 return from_kuid_munged(current_user_ns(), current_uid()); 955 } 956 957 SYSCALL_DEFINE0(geteuid) 958 { 959 /* Only we change this so SMP safe */ 960 return from_kuid_munged(current_user_ns(), current_euid()); 961 } 962 963 SYSCALL_DEFINE0(getgid) 964 { 965 /* Only we change this so SMP safe */ 966 return from_kgid_munged(current_user_ns(), current_gid()); 967 } 968 969 SYSCALL_DEFINE0(getegid) 970 { 971 /* Only we change this so SMP safe */ 972 return from_kgid_munged(current_user_ns(), current_egid()); 973 } 974 975 static void do_sys_times(struct tms *tms) 976 { 977 u64 tgutime, tgstime, cutime, cstime; 978 979 thread_group_cputime_adjusted(current, &tgutime, &tgstime); 980 cutime = current->signal->cutime; 981 cstime = current->signal->cstime; 982 tms->tms_utime = nsec_to_clock_t(tgutime); 983 tms->tms_stime = nsec_to_clock_t(tgstime); 984 tms->tms_cutime = nsec_to_clock_t(cutime); 985 tms->tms_cstime = nsec_to_clock_t(cstime); 986 } 987 988 SYSCALL_DEFINE1(times, struct tms __user *, tbuf) 989 { 990 if (tbuf) { 991 struct tms tmp; 992 993 do_sys_times(&tmp); 994 if (copy_to_user(tbuf, &tmp, sizeof(struct tms))) 995 return -EFAULT; 996 } 997 force_successful_syscall_return(); 998 return (long) jiffies_64_to_clock_t(get_jiffies_64()); 999 } 1000 1001 #ifdef CONFIG_COMPAT 1002 static compat_clock_t clock_t_to_compat_clock_t(clock_t x) 1003 { 1004 return compat_jiffies_to_clock_t(clock_t_to_jiffies(x)); 1005 } 1006 1007 COMPAT_SYSCALL_DEFINE1(times, struct compat_tms __user *, tbuf) 1008 { 1009 if (tbuf) { 1010 struct tms tms; 1011 struct compat_tms tmp; 1012 1013 do_sys_times(&tms); 1014 /* Convert our struct tms to the compat version. */ 1015 tmp.tms_utime = clock_t_to_compat_clock_t(tms.tms_utime); 1016 tmp.tms_stime = clock_t_to_compat_clock_t(tms.tms_stime); 1017 tmp.tms_cutime = clock_t_to_compat_clock_t(tms.tms_cutime); 1018 tmp.tms_cstime = clock_t_to_compat_clock_t(tms.tms_cstime); 1019 if (copy_to_user(tbuf, &tmp, sizeof(tmp))) 1020 return -EFAULT; 1021 } 1022 force_successful_syscall_return(); 1023 return compat_jiffies_to_clock_t(jiffies); 1024 } 1025 #endif 1026 1027 /* 1028 * This needs some heavy checking ... 1029 * I just haven't the stomach for it. I also don't fully 1030 * understand sessions/pgrp etc. Let somebody who does explain it. 1031 * 1032 * OK, I think I have the protection semantics right.... this is really 1033 * only important on a multi-user system anyway, to make sure one user 1034 * can't send a signal to a process owned by another. -TYT, 12/12/91 1035 * 1036 * !PF_FORKNOEXEC check to conform completely to POSIX. 1037 */ 1038 SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid) 1039 { 1040 struct task_struct *p; 1041 struct task_struct *group_leader = current->group_leader; 1042 struct pid *pgrp; 1043 int err; 1044 1045 if (!pid) 1046 pid = task_pid_vnr(group_leader); 1047 if (!pgid) 1048 pgid = pid; 1049 if (pgid < 0) 1050 return -EINVAL; 1051 rcu_read_lock(); 1052 1053 /* From this point forward we keep holding onto the tasklist lock 1054 * so that our parent does not change from under us. -DaveM 1055 */ 1056 write_lock_irq(&tasklist_lock); 1057 1058 err = -ESRCH; 1059 p = find_task_by_vpid(pid); 1060 if (!p) 1061 goto out; 1062 1063 err = -EINVAL; 1064 if (!thread_group_leader(p)) 1065 goto out; 1066 1067 if (same_thread_group(p->real_parent, group_leader)) { 1068 err = -EPERM; 1069 if (task_session(p) != task_session(group_leader)) 1070 goto out; 1071 err = -EACCES; 1072 if (!(p->flags & PF_FORKNOEXEC)) 1073 goto out; 1074 } else { 1075 err = -ESRCH; 1076 if (p != group_leader) 1077 goto out; 1078 } 1079 1080 err = -EPERM; 1081 if (p->signal->leader) 1082 goto out; 1083 1084 pgrp = task_pid(p); 1085 if (pgid != pid) { 1086 struct task_struct *g; 1087 1088 pgrp = find_vpid(pgid); 1089 g = pid_task(pgrp, PIDTYPE_PGID); 1090 if (!g || task_session(g) != task_session(group_leader)) 1091 goto out; 1092 } 1093 1094 err = security_task_setpgid(p, pgid); 1095 if (err) 1096 goto out; 1097 1098 if (task_pgrp(p) != pgrp) 1099 change_pid(p, PIDTYPE_PGID, pgrp); 1100 1101 err = 0; 1102 out: 1103 /* All paths lead to here, thus we are safe. -DaveM */ 1104 write_unlock_irq(&tasklist_lock); 1105 rcu_read_unlock(); 1106 return err; 1107 } 1108 1109 static int do_getpgid(pid_t pid) 1110 { 1111 struct task_struct *p; 1112 struct pid *grp; 1113 int retval; 1114 1115 rcu_read_lock(); 1116 if (!pid) 1117 grp = task_pgrp(current); 1118 else { 1119 retval = -ESRCH; 1120 p = find_task_by_vpid(pid); 1121 if (!p) 1122 goto out; 1123 grp = task_pgrp(p); 1124 if (!grp) 1125 goto out; 1126 1127 retval = security_task_getpgid(p); 1128 if (retval) 1129 goto out; 1130 } 1131 retval = pid_vnr(grp); 1132 out: 1133 rcu_read_unlock(); 1134 return retval; 1135 } 1136 1137 SYSCALL_DEFINE1(getpgid, pid_t, pid) 1138 { 1139 return do_getpgid(pid); 1140 } 1141 1142 #ifdef __ARCH_WANT_SYS_GETPGRP 1143 1144 SYSCALL_DEFINE0(getpgrp) 1145 { 1146 return do_getpgid(0); 1147 } 1148 1149 #endif 1150 1151 SYSCALL_DEFINE1(getsid, pid_t, pid) 1152 { 1153 struct task_struct *p; 1154 struct pid *sid; 1155 int retval; 1156 1157 rcu_read_lock(); 1158 if (!pid) 1159 sid = task_session(current); 1160 else { 1161 retval = -ESRCH; 1162 p = find_task_by_vpid(pid); 1163 if (!p) 1164 goto out; 1165 sid = task_session(p); 1166 if (!sid) 1167 goto out; 1168 1169 retval = security_task_getsid(p); 1170 if (retval) 1171 goto out; 1172 } 1173 retval = pid_vnr(sid); 1174 out: 1175 rcu_read_unlock(); 1176 return retval; 1177 } 1178 1179 static void set_special_pids(struct pid *pid) 1180 { 1181 struct task_struct *curr = current->group_leader; 1182 1183 if (task_session(curr) != pid) 1184 change_pid(curr, PIDTYPE_SID, pid); 1185 1186 if (task_pgrp(curr) != pid) 1187 change_pid(curr, PIDTYPE_PGID, pid); 1188 } 1189 1190 int ksys_setsid(void) 1191 { 1192 struct task_struct *group_leader = current->group_leader; 1193 struct pid *sid = task_pid(group_leader); 1194 pid_t session = pid_vnr(sid); 1195 int err = -EPERM; 1196 1197 write_lock_irq(&tasklist_lock); 1198 /* Fail if I am already a session leader */ 1199 if (group_leader->signal->leader) 1200 goto out; 1201 1202 /* Fail if a process group id already exists that equals the 1203 * proposed session id. 1204 */ 1205 if (pid_task(sid, PIDTYPE_PGID)) 1206 goto out; 1207 1208 group_leader->signal->leader = 1; 1209 set_special_pids(sid); 1210 1211 proc_clear_tty(group_leader); 1212 1213 err = session; 1214 out: 1215 write_unlock_irq(&tasklist_lock); 1216 if (err > 0) { 1217 proc_sid_connector(group_leader); 1218 sched_autogroup_create_attach(group_leader); 1219 } 1220 return err; 1221 } 1222 1223 SYSCALL_DEFINE0(setsid) 1224 { 1225 return ksys_setsid(); 1226 } 1227 1228 DECLARE_RWSEM(uts_sem); 1229 1230 #ifdef COMPAT_UTS_MACHINE 1231 #define override_architecture(name) \ 1232 (personality(current->personality) == PER_LINUX32 && \ 1233 copy_to_user(name->machine, COMPAT_UTS_MACHINE, \ 1234 sizeof(COMPAT_UTS_MACHINE))) 1235 #else 1236 #define override_architecture(name) 0 1237 #endif 1238 1239 /* 1240 * Work around broken programs that cannot handle "Linux 3.0". 1241 * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40 1242 * And we map 4.x and later versions to 2.6.60+x, so 4.0/5.0/6.0/... would be 1243 * 2.6.60. 1244 */ 1245 static int override_release(char __user *release, size_t len) 1246 { 1247 int ret = 0; 1248 1249 if (current->personality & UNAME26) { 1250 const char *rest = UTS_RELEASE; 1251 char buf[65] = { 0 }; 1252 int ndots = 0; 1253 unsigned v; 1254 size_t copy; 1255 1256 while (*rest) { 1257 if (*rest == '.' && ++ndots >= 3) 1258 break; 1259 if (!isdigit(*rest) && *rest != '.') 1260 break; 1261 rest++; 1262 } 1263 v = LINUX_VERSION_PATCHLEVEL + 60; 1264 copy = clamp_t(size_t, len, 1, sizeof(buf)); 1265 copy = scnprintf(buf, copy, "2.6.%u%s", v, rest); 1266 ret = copy_to_user(release, buf, copy + 1); 1267 } 1268 return ret; 1269 } 1270 1271 SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name) 1272 { 1273 struct new_utsname tmp; 1274 1275 down_read(&uts_sem); 1276 memcpy(&tmp, utsname(), sizeof(tmp)); 1277 up_read(&uts_sem); 1278 if (copy_to_user(name, &tmp, sizeof(tmp))) 1279 return -EFAULT; 1280 1281 if (override_release(name->release, sizeof(name->release))) 1282 return -EFAULT; 1283 if (override_architecture(name)) 1284 return -EFAULT; 1285 return 0; 1286 } 1287 1288 #ifdef __ARCH_WANT_SYS_OLD_UNAME 1289 /* 1290 * Old cruft 1291 */ 1292 SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) 1293 { 1294 struct old_utsname tmp; 1295 1296 if (!name) 1297 return -EFAULT; 1298 1299 down_read(&uts_sem); 1300 memcpy(&tmp, utsname(), sizeof(tmp)); 1301 up_read(&uts_sem); 1302 if (copy_to_user(name, &tmp, sizeof(tmp))) 1303 return -EFAULT; 1304 1305 if (override_release(name->release, sizeof(name->release))) 1306 return -EFAULT; 1307 if (override_architecture(name)) 1308 return -EFAULT; 1309 return 0; 1310 } 1311 1312 SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) 1313 { 1314 struct oldold_utsname tmp; 1315 1316 if (!name) 1317 return -EFAULT; 1318 1319 memset(&tmp, 0, sizeof(tmp)); 1320 1321 down_read(&uts_sem); 1322 memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); 1323 memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); 1324 memcpy(&tmp.release, &utsname()->release, __OLD_UTS_LEN); 1325 memcpy(&tmp.version, &utsname()->version, __OLD_UTS_LEN); 1326 memcpy(&tmp.machine, &utsname()->machine, __OLD_UTS_LEN); 1327 up_read(&uts_sem); 1328 if (copy_to_user(name, &tmp, sizeof(tmp))) 1329 return -EFAULT; 1330 1331 if (override_architecture(name)) 1332 return -EFAULT; 1333 if (override_release(name->release, sizeof(name->release))) 1334 return -EFAULT; 1335 return 0; 1336 } 1337 #endif 1338 1339 SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) 1340 { 1341 int errno; 1342 char tmp[__NEW_UTS_LEN]; 1343 1344 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1345 return -EPERM; 1346 1347 if (len < 0 || len > __NEW_UTS_LEN) 1348 return -EINVAL; 1349 errno = -EFAULT; 1350 if (!copy_from_user(tmp, name, len)) { 1351 struct new_utsname *u; 1352 1353 down_write(&uts_sem); 1354 u = utsname(); 1355 memcpy(u->nodename, tmp, len); 1356 memset(u->nodename + len, 0, sizeof(u->nodename) - len); 1357 errno = 0; 1358 uts_proc_notify(UTS_PROC_HOSTNAME); 1359 up_write(&uts_sem); 1360 } 1361 return errno; 1362 } 1363 1364 #ifdef __ARCH_WANT_SYS_GETHOSTNAME 1365 1366 SYSCALL_DEFINE2(gethostname, char __user *, name, int, len) 1367 { 1368 int i; 1369 struct new_utsname *u; 1370 char tmp[__NEW_UTS_LEN + 1]; 1371 1372 if (len < 0) 1373 return -EINVAL; 1374 down_read(&uts_sem); 1375 u = utsname(); 1376 i = 1 + strlen(u->nodename); 1377 if (i > len) 1378 i = len; 1379 memcpy(tmp, u->nodename, i); 1380 up_read(&uts_sem); 1381 if (copy_to_user(name, tmp, i)) 1382 return -EFAULT; 1383 return 0; 1384 } 1385 1386 #endif 1387 1388 /* 1389 * Only setdomainname; getdomainname can be implemented by calling 1390 * uname() 1391 */ 1392 SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len) 1393 { 1394 int errno; 1395 char tmp[__NEW_UTS_LEN]; 1396 1397 if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) 1398 return -EPERM; 1399 if (len < 0 || len > __NEW_UTS_LEN) 1400 return -EINVAL; 1401 1402 errno = -EFAULT; 1403 if (!copy_from_user(tmp, name, len)) { 1404 struct new_utsname *u; 1405 1406 down_write(&uts_sem); 1407 u = utsname(); 1408 memcpy(u->domainname, tmp, len); 1409 memset(u->domainname + len, 0, sizeof(u->domainname) - len); 1410 errno = 0; 1411 uts_proc_notify(UTS_PROC_DOMAINNAME); 1412 up_write(&uts_sem); 1413 } 1414 return errno; 1415 } 1416 1417 SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1418 { 1419 struct rlimit value; 1420 int ret; 1421 1422 ret = do_prlimit(current, resource, NULL, &value); 1423 if (!ret) 1424 ret = copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0; 1425 1426 return ret; 1427 } 1428 1429 #ifdef CONFIG_COMPAT 1430 1431 COMPAT_SYSCALL_DEFINE2(setrlimit, unsigned int, resource, 1432 struct compat_rlimit __user *, rlim) 1433 { 1434 struct rlimit r; 1435 struct compat_rlimit r32; 1436 1437 if (copy_from_user(&r32, rlim, sizeof(struct compat_rlimit))) 1438 return -EFAULT; 1439 1440 if (r32.rlim_cur == COMPAT_RLIM_INFINITY) 1441 r.rlim_cur = RLIM_INFINITY; 1442 else 1443 r.rlim_cur = r32.rlim_cur; 1444 if (r32.rlim_max == COMPAT_RLIM_INFINITY) 1445 r.rlim_max = RLIM_INFINITY; 1446 else 1447 r.rlim_max = r32.rlim_max; 1448 return do_prlimit(current, resource, &r, NULL); 1449 } 1450 1451 COMPAT_SYSCALL_DEFINE2(getrlimit, unsigned int, resource, 1452 struct compat_rlimit __user *, rlim) 1453 { 1454 struct rlimit r; 1455 int ret; 1456 1457 ret = do_prlimit(current, resource, NULL, &r); 1458 if (!ret) { 1459 struct compat_rlimit r32; 1460 if (r.rlim_cur > COMPAT_RLIM_INFINITY) 1461 r32.rlim_cur = COMPAT_RLIM_INFINITY; 1462 else 1463 r32.rlim_cur = r.rlim_cur; 1464 if (r.rlim_max > COMPAT_RLIM_INFINITY) 1465 r32.rlim_max = COMPAT_RLIM_INFINITY; 1466 else 1467 r32.rlim_max = r.rlim_max; 1468 1469 if (copy_to_user(rlim, &r32, sizeof(struct compat_rlimit))) 1470 return -EFAULT; 1471 } 1472 return ret; 1473 } 1474 1475 #endif 1476 1477 #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT 1478 1479 /* 1480 * Back compatibility for getrlimit. Needed for some apps. 1481 */ 1482 SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1483 struct rlimit __user *, rlim) 1484 { 1485 struct rlimit x; 1486 if (resource >= RLIM_NLIMITS) 1487 return -EINVAL; 1488 1489 resource = array_index_nospec(resource, RLIM_NLIMITS); 1490 task_lock(current->group_leader); 1491 x = current->signal->rlim[resource]; 1492 task_unlock(current->group_leader); 1493 if (x.rlim_cur > 0x7FFFFFFF) 1494 x.rlim_cur = 0x7FFFFFFF; 1495 if (x.rlim_max > 0x7FFFFFFF) 1496 x.rlim_max = 0x7FFFFFFF; 1497 return copy_to_user(rlim, &x, sizeof(x)) ? -EFAULT : 0; 1498 } 1499 1500 #ifdef CONFIG_COMPAT 1501 COMPAT_SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, 1502 struct compat_rlimit __user *, rlim) 1503 { 1504 struct rlimit r; 1505 1506 if (resource >= RLIM_NLIMITS) 1507 return -EINVAL; 1508 1509 resource = array_index_nospec(resource, RLIM_NLIMITS); 1510 task_lock(current->group_leader); 1511 r = current->signal->rlim[resource]; 1512 task_unlock(current->group_leader); 1513 if (r.rlim_cur > 0x7FFFFFFF) 1514 r.rlim_cur = 0x7FFFFFFF; 1515 if (r.rlim_max > 0x7FFFFFFF) 1516 r.rlim_max = 0x7FFFFFFF; 1517 1518 if (put_user(r.rlim_cur, &rlim->rlim_cur) || 1519 put_user(r.rlim_max, &rlim->rlim_max)) 1520 return -EFAULT; 1521 return 0; 1522 } 1523 #endif 1524 1525 #endif 1526 1527 static inline bool rlim64_is_infinity(__u64 rlim64) 1528 { 1529 #if BITS_PER_LONG < 64 1530 return rlim64 >= ULONG_MAX; 1531 #else 1532 return rlim64 == RLIM64_INFINITY; 1533 #endif 1534 } 1535 1536 static void rlim_to_rlim64(const struct rlimit *rlim, struct rlimit64 *rlim64) 1537 { 1538 if (rlim->rlim_cur == RLIM_INFINITY) 1539 rlim64->rlim_cur = RLIM64_INFINITY; 1540 else 1541 rlim64->rlim_cur = rlim->rlim_cur; 1542 if (rlim->rlim_max == RLIM_INFINITY) 1543 rlim64->rlim_max = RLIM64_INFINITY; 1544 else 1545 rlim64->rlim_max = rlim->rlim_max; 1546 } 1547 1548 static void rlim64_to_rlim(const struct rlimit64 *rlim64, struct rlimit *rlim) 1549 { 1550 if (rlim64_is_infinity(rlim64->rlim_cur)) 1551 rlim->rlim_cur = RLIM_INFINITY; 1552 else 1553 rlim->rlim_cur = (unsigned long)rlim64->rlim_cur; 1554 if (rlim64_is_infinity(rlim64->rlim_max)) 1555 rlim->rlim_max = RLIM_INFINITY; 1556 else 1557 rlim->rlim_max = (unsigned long)rlim64->rlim_max; 1558 } 1559 1560 /* make sure you are allowed to change @tsk limits before calling this */ 1561 int do_prlimit(struct task_struct *tsk, unsigned int resource, 1562 struct rlimit *new_rlim, struct rlimit *old_rlim) 1563 { 1564 struct rlimit *rlim; 1565 int retval = 0; 1566 1567 if (resource >= RLIM_NLIMITS) 1568 return -EINVAL; 1569 if (new_rlim) { 1570 if (new_rlim->rlim_cur > new_rlim->rlim_max) 1571 return -EINVAL; 1572 if (resource == RLIMIT_NOFILE && 1573 new_rlim->rlim_max > sysctl_nr_open) 1574 return -EPERM; 1575 } 1576 1577 /* protect tsk->signal and tsk->sighand from disappearing */ 1578 read_lock(&tasklist_lock); 1579 if (!tsk->sighand) { 1580 retval = -ESRCH; 1581 goto out; 1582 } 1583 1584 rlim = tsk->signal->rlim + resource; 1585 task_lock(tsk->group_leader); 1586 if (new_rlim) { 1587 /* Keep the capable check against init_user_ns until 1588 cgroups can contain all limits */ 1589 if (new_rlim->rlim_max > rlim->rlim_max && 1590 !capable(CAP_SYS_RESOURCE)) 1591 retval = -EPERM; 1592 if (!retval) 1593 retval = security_task_setrlimit(tsk, resource, new_rlim); 1594 } 1595 if (!retval) { 1596 if (old_rlim) 1597 *old_rlim = *rlim; 1598 if (new_rlim) 1599 *rlim = *new_rlim; 1600 } 1601 task_unlock(tsk->group_leader); 1602 1603 /* 1604 * RLIMIT_CPU handling. Arm the posix CPU timer if the limit is not 1605 * infinite. In case of RLIM_INFINITY the posix CPU timer code 1606 * ignores the rlimit. 1607 */ 1608 if (!retval && new_rlim && resource == RLIMIT_CPU && 1609 new_rlim->rlim_cur != RLIM_INFINITY && 1610 IS_ENABLED(CONFIG_POSIX_TIMERS)) 1611 update_rlimit_cpu(tsk, new_rlim->rlim_cur); 1612 out: 1613 read_unlock(&tasklist_lock); 1614 return retval; 1615 } 1616 1617 /* rcu lock must be held */ 1618 static int check_prlimit_permission(struct task_struct *task, 1619 unsigned int flags) 1620 { 1621 const struct cred *cred = current_cred(), *tcred; 1622 bool id_match; 1623 1624 if (current == task) 1625 return 0; 1626 1627 tcred = __task_cred(task); 1628 id_match = (uid_eq(cred->uid, tcred->euid) && 1629 uid_eq(cred->uid, tcred->suid) && 1630 uid_eq(cred->uid, tcred->uid) && 1631 gid_eq(cred->gid, tcred->egid) && 1632 gid_eq(cred->gid, tcred->sgid) && 1633 gid_eq(cred->gid, tcred->gid)); 1634 if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) 1635 return -EPERM; 1636 1637 return security_task_prlimit(cred, tcred, flags); 1638 } 1639 1640 SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, 1641 const struct rlimit64 __user *, new_rlim, 1642 struct rlimit64 __user *, old_rlim) 1643 { 1644 struct rlimit64 old64, new64; 1645 struct rlimit old, new; 1646 struct task_struct *tsk; 1647 unsigned int checkflags = 0; 1648 int ret; 1649 1650 if (old_rlim) 1651 checkflags |= LSM_PRLIMIT_READ; 1652 1653 if (new_rlim) { 1654 if (copy_from_user(&new64, new_rlim, sizeof(new64))) 1655 return -EFAULT; 1656 rlim64_to_rlim(&new64, &new); 1657 checkflags |= LSM_PRLIMIT_WRITE; 1658 } 1659 1660 rcu_read_lock(); 1661 tsk = pid ? find_task_by_vpid(pid) : current; 1662 if (!tsk) { 1663 rcu_read_unlock(); 1664 return -ESRCH; 1665 } 1666 ret = check_prlimit_permission(tsk, checkflags); 1667 if (ret) { 1668 rcu_read_unlock(); 1669 return ret; 1670 } 1671 get_task_struct(tsk); 1672 rcu_read_unlock(); 1673 1674 ret = do_prlimit(tsk, resource, new_rlim ? &new : NULL, 1675 old_rlim ? &old : NULL); 1676 1677 if (!ret && old_rlim) { 1678 rlim_to_rlim64(&old, &old64); 1679 if (copy_to_user(old_rlim, &old64, sizeof(old64))) 1680 ret = -EFAULT; 1681 } 1682 1683 put_task_struct(tsk); 1684 return ret; 1685 } 1686 1687 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) 1688 { 1689 struct rlimit new_rlim; 1690 1691 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) 1692 return -EFAULT; 1693 return do_prlimit(current, resource, &new_rlim, NULL); 1694 } 1695 1696 /* 1697 * It would make sense to put struct rusage in the task_struct, 1698 * except that would make the task_struct be *really big*. After 1699 * task_struct gets moved into malloc'ed memory, it would 1700 * make sense to do this. It will make moving the rest of the information 1701 * a lot simpler! (Which we're not doing right now because we're not 1702 * measuring them yet). 1703 * 1704 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have 1705 * races with threads incrementing their own counters. But since word 1706 * reads are atomic, we either get new values or old values and we don't 1707 * care which for the sums. We always take the siglock to protect reading 1708 * the c* fields from p->signal from races with exit.c updating those 1709 * fields when reaping, so a sample either gets all the additions of a 1710 * given child after it's reaped, or none so this sample is before reaping. 1711 * 1712 * Locking: 1713 * We need to take the siglock for CHILDEREN, SELF and BOTH 1714 * for the cases current multithreaded, non-current single threaded 1715 * non-current multithreaded. Thread traversal is now safe with 1716 * the siglock held. 1717 * Strictly speaking, we donot need to take the siglock if we are current and 1718 * single threaded, as no one else can take our signal_struct away, no one 1719 * else can reap the children to update signal->c* counters, and no one else 1720 * can race with the signal-> fields. If we do not take any lock, the 1721 * signal-> fields could be read out of order while another thread was just 1722 * exiting. So we should place a read memory barrier when we avoid the lock. 1723 * On the writer side, write memory barrier is implied in __exit_signal 1724 * as __exit_signal releases the siglock spinlock after updating the signal-> 1725 * fields. But we don't do this yet to keep things simple. 1726 * 1727 */ 1728 1729 static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r) 1730 { 1731 r->ru_nvcsw += t->nvcsw; 1732 r->ru_nivcsw += t->nivcsw; 1733 r->ru_minflt += t->min_flt; 1734 r->ru_majflt += t->maj_flt; 1735 r->ru_inblock += task_io_get_inblock(t); 1736 r->ru_oublock += task_io_get_oublock(t); 1737 } 1738 1739 void getrusage(struct task_struct *p, int who, struct rusage *r) 1740 { 1741 struct task_struct *t; 1742 unsigned long flags; 1743 u64 tgutime, tgstime, utime, stime; 1744 unsigned long maxrss = 0; 1745 1746 memset((char *)r, 0, sizeof (*r)); 1747 utime = stime = 0; 1748 1749 if (who == RUSAGE_THREAD) { 1750 task_cputime_adjusted(current, &utime, &stime); 1751 accumulate_thread_rusage(p, r); 1752 maxrss = p->signal->maxrss; 1753 goto out; 1754 } 1755 1756 if (!lock_task_sighand(p, &flags)) 1757 return; 1758 1759 switch (who) { 1760 case RUSAGE_BOTH: 1761 case RUSAGE_CHILDREN: 1762 utime = p->signal->cutime; 1763 stime = p->signal->cstime; 1764 r->ru_nvcsw = p->signal->cnvcsw; 1765 r->ru_nivcsw = p->signal->cnivcsw; 1766 r->ru_minflt = p->signal->cmin_flt; 1767 r->ru_majflt = p->signal->cmaj_flt; 1768 r->ru_inblock = p->signal->cinblock; 1769 r->ru_oublock = p->signal->coublock; 1770 maxrss = p->signal->cmaxrss; 1771 1772 if (who == RUSAGE_CHILDREN) 1773 break; 1774 fallthrough; 1775 1776 case RUSAGE_SELF: 1777 thread_group_cputime_adjusted(p, &tgutime, &tgstime); 1778 utime += tgutime; 1779 stime += tgstime; 1780 r->ru_nvcsw += p->signal->nvcsw; 1781 r->ru_nivcsw += p->signal->nivcsw; 1782 r->ru_minflt += p->signal->min_flt; 1783 r->ru_majflt += p->signal->maj_flt; 1784 r->ru_inblock += p->signal->inblock; 1785 r->ru_oublock += p->signal->oublock; 1786 if (maxrss < p->signal->maxrss) 1787 maxrss = p->signal->maxrss; 1788 t = p; 1789 do { 1790 accumulate_thread_rusage(t, r); 1791 } while_each_thread(p, t); 1792 break; 1793 1794 default: 1795 BUG(); 1796 } 1797 unlock_task_sighand(p, &flags); 1798 1799 out: 1800 r->ru_utime = ns_to_kernel_old_timeval(utime); 1801 r->ru_stime = ns_to_kernel_old_timeval(stime); 1802 1803 if (who != RUSAGE_CHILDREN) { 1804 struct mm_struct *mm = get_task_mm(p); 1805 1806 if (mm) { 1807 setmax_mm_hiwater_rss(&maxrss, mm); 1808 mmput(mm); 1809 } 1810 } 1811 r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ 1812 } 1813 1814 SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru) 1815 { 1816 struct rusage r; 1817 1818 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1819 who != RUSAGE_THREAD) 1820 return -EINVAL; 1821 1822 getrusage(current, who, &r); 1823 return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0; 1824 } 1825 1826 #ifdef CONFIG_COMPAT 1827 COMPAT_SYSCALL_DEFINE2(getrusage, int, who, struct compat_rusage __user *, ru) 1828 { 1829 struct rusage r; 1830 1831 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN && 1832 who != RUSAGE_THREAD) 1833 return -EINVAL; 1834 1835 getrusage(current, who, &r); 1836 return put_compat_rusage(&r, ru); 1837 } 1838 #endif 1839 1840 SYSCALL_DEFINE1(umask, int, mask) 1841 { 1842 mask = xchg(¤t->fs->umask, mask & S_IRWXUGO); 1843 return mask; 1844 } 1845 1846 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) 1847 { 1848 struct fd exe; 1849 struct file *old_exe, *exe_file; 1850 struct inode *inode; 1851 int err; 1852 1853 exe = fdget(fd); 1854 if (!exe.file) 1855 return -EBADF; 1856 1857 inode = file_inode(exe.file); 1858 1859 /* 1860 * Because the original mm->exe_file points to executable file, make 1861 * sure that this one is executable as well, to avoid breaking an 1862 * overall picture. 1863 */ 1864 err = -EACCES; 1865 if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path)) 1866 goto exit; 1867 1868 err = file_permission(exe.file, MAY_EXEC); 1869 if (err) 1870 goto exit; 1871 1872 /* 1873 * Forbid mm->exe_file change if old file still mapped. 1874 */ 1875 exe_file = get_mm_exe_file(mm); 1876 err = -EBUSY; 1877 if (exe_file) { 1878 struct vm_area_struct *vma; 1879 1880 mmap_read_lock(mm); 1881 for (vma = mm->mmap; vma; vma = vma->vm_next) { 1882 if (!vma->vm_file) 1883 continue; 1884 if (path_equal(&vma->vm_file->f_path, 1885 &exe_file->f_path)) 1886 goto exit_err; 1887 } 1888 1889 mmap_read_unlock(mm); 1890 fput(exe_file); 1891 } 1892 1893 err = 0; 1894 /* set the new file, lockless */ 1895 get_file(exe.file); 1896 old_exe = xchg(&mm->exe_file, exe.file); 1897 if (old_exe) 1898 fput(old_exe); 1899 exit: 1900 fdput(exe); 1901 return err; 1902 exit_err: 1903 mmap_read_unlock(mm); 1904 fput(exe_file); 1905 goto exit; 1906 } 1907 1908 /* 1909 * Check arithmetic relations of passed addresses. 1910 * 1911 * WARNING: we don't require any capability here so be very careful 1912 * in what is allowed for modification from userspace. 1913 */ 1914 static int validate_prctl_map_addr(struct prctl_mm_map *prctl_map) 1915 { 1916 unsigned long mmap_max_addr = TASK_SIZE; 1917 int error = -EINVAL, i; 1918 1919 static const unsigned char offsets[] = { 1920 offsetof(struct prctl_mm_map, start_code), 1921 offsetof(struct prctl_mm_map, end_code), 1922 offsetof(struct prctl_mm_map, start_data), 1923 offsetof(struct prctl_mm_map, end_data), 1924 offsetof(struct prctl_mm_map, start_brk), 1925 offsetof(struct prctl_mm_map, brk), 1926 offsetof(struct prctl_mm_map, start_stack), 1927 offsetof(struct prctl_mm_map, arg_start), 1928 offsetof(struct prctl_mm_map, arg_end), 1929 offsetof(struct prctl_mm_map, env_start), 1930 offsetof(struct prctl_mm_map, env_end), 1931 }; 1932 1933 /* 1934 * Make sure the members are not somewhere outside 1935 * of allowed address space. 1936 */ 1937 for (i = 0; i < ARRAY_SIZE(offsets); i++) { 1938 u64 val = *(u64 *)((char *)prctl_map + offsets[i]); 1939 1940 if ((unsigned long)val >= mmap_max_addr || 1941 (unsigned long)val < mmap_min_addr) 1942 goto out; 1943 } 1944 1945 /* 1946 * Make sure the pairs are ordered. 1947 */ 1948 #define __prctl_check_order(__m1, __op, __m2) \ 1949 ((unsigned long)prctl_map->__m1 __op \ 1950 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL 1951 error = __prctl_check_order(start_code, <, end_code); 1952 error |= __prctl_check_order(start_data,<=, end_data); 1953 error |= __prctl_check_order(start_brk, <=, brk); 1954 error |= __prctl_check_order(arg_start, <=, arg_end); 1955 error |= __prctl_check_order(env_start, <=, env_end); 1956 if (error) 1957 goto out; 1958 #undef __prctl_check_order 1959 1960 error = -EINVAL; 1961 1962 /* 1963 * Neither we should allow to override limits if they set. 1964 */ 1965 if (check_data_rlimit(rlimit(RLIMIT_DATA), prctl_map->brk, 1966 prctl_map->start_brk, prctl_map->end_data, 1967 prctl_map->start_data)) 1968 goto out; 1969 1970 error = 0; 1971 out: 1972 return error; 1973 } 1974 1975 #ifdef CONFIG_CHECKPOINT_RESTORE 1976 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size) 1977 { 1978 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, }; 1979 unsigned long user_auxv[AT_VECTOR_SIZE]; 1980 struct mm_struct *mm = current->mm; 1981 int error; 1982 1983 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 1984 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256); 1985 1986 if (opt == PR_SET_MM_MAP_SIZE) 1987 return put_user((unsigned int)sizeof(prctl_map), 1988 (unsigned int __user *)addr); 1989 1990 if (data_size != sizeof(prctl_map)) 1991 return -EINVAL; 1992 1993 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) 1994 return -EFAULT; 1995 1996 error = validate_prctl_map_addr(&prctl_map); 1997 if (error) 1998 return error; 1999 2000 if (prctl_map.auxv_size) { 2001 /* 2002 * Someone is trying to cheat the auxv vector. 2003 */ 2004 if (!prctl_map.auxv || 2005 prctl_map.auxv_size > sizeof(mm->saved_auxv)) 2006 return -EINVAL; 2007 2008 memset(user_auxv, 0, sizeof(user_auxv)); 2009 if (copy_from_user(user_auxv, 2010 (const void __user *)prctl_map.auxv, 2011 prctl_map.auxv_size)) 2012 return -EFAULT; 2013 2014 /* Last entry must be AT_NULL as specification requires */ 2015 user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL; 2016 user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL; 2017 } 2018 2019 if (prctl_map.exe_fd != (u32)-1) { 2020 /* 2021 * Check if the current user is checkpoint/restore capable. 2022 * At the time of this writing, it checks for CAP_SYS_ADMIN 2023 * or CAP_CHECKPOINT_RESTORE. 2024 * Note that a user with access to ptrace can masquerade an 2025 * arbitrary program as any executable, even setuid ones. 2026 * This may have implications in the tomoyo subsystem. 2027 */ 2028 if (!checkpoint_restore_ns_capable(current_user_ns())) 2029 return -EPERM; 2030 2031 error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd); 2032 if (error) 2033 return error; 2034 } 2035 2036 /* 2037 * arg_lock protects concurrent updates but we still need mmap_lock for 2038 * read to exclude races with sys_brk. 2039 */ 2040 mmap_read_lock(mm); 2041 2042 /* 2043 * We don't validate if these members are pointing to 2044 * real present VMAs because application may have correspond 2045 * VMAs already unmapped and kernel uses these members for statistics 2046 * output in procfs mostly, except 2047 * 2048 * - @start_brk/@brk which are used in do_brk_flags but kernel lookups 2049 * for VMAs when updating these members so anything wrong written 2050 * here cause kernel to swear at userspace program but won't lead 2051 * to any problem in kernel itself 2052 */ 2053 2054 spin_lock(&mm->arg_lock); 2055 mm->start_code = prctl_map.start_code; 2056 mm->end_code = prctl_map.end_code; 2057 mm->start_data = prctl_map.start_data; 2058 mm->end_data = prctl_map.end_data; 2059 mm->start_brk = prctl_map.start_brk; 2060 mm->brk = prctl_map.brk; 2061 mm->start_stack = prctl_map.start_stack; 2062 mm->arg_start = prctl_map.arg_start; 2063 mm->arg_end = prctl_map.arg_end; 2064 mm->env_start = prctl_map.env_start; 2065 mm->env_end = prctl_map.env_end; 2066 spin_unlock(&mm->arg_lock); 2067 2068 /* 2069 * Note this update of @saved_auxv is lockless thus 2070 * if someone reads this member in procfs while we're 2071 * updating -- it may get partly updated results. It's 2072 * known and acceptable trade off: we leave it as is to 2073 * not introduce additional locks here making the kernel 2074 * more complex. 2075 */ 2076 if (prctl_map.auxv_size) 2077 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv)); 2078 2079 mmap_read_unlock(mm); 2080 return 0; 2081 } 2082 #endif /* CONFIG_CHECKPOINT_RESTORE */ 2083 2084 static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr, 2085 unsigned long len) 2086 { 2087 /* 2088 * This doesn't move the auxiliary vector itself since it's pinned to 2089 * mm_struct, but it permits filling the vector with new values. It's 2090 * up to the caller to provide sane values here, otherwise userspace 2091 * tools which use this vector might be unhappy. 2092 */ 2093 unsigned long user_auxv[AT_VECTOR_SIZE] = {}; 2094 2095 if (len > sizeof(user_auxv)) 2096 return -EINVAL; 2097 2098 if (copy_from_user(user_auxv, (const void __user *)addr, len)) 2099 return -EFAULT; 2100 2101 /* Make sure the last entry is always AT_NULL */ 2102 user_auxv[AT_VECTOR_SIZE - 2] = 0; 2103 user_auxv[AT_VECTOR_SIZE - 1] = 0; 2104 2105 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 2106 2107 task_lock(current); 2108 memcpy(mm->saved_auxv, user_auxv, len); 2109 task_unlock(current); 2110 2111 return 0; 2112 } 2113 2114 static int prctl_set_mm(int opt, unsigned long addr, 2115 unsigned long arg4, unsigned long arg5) 2116 { 2117 struct mm_struct *mm = current->mm; 2118 struct prctl_mm_map prctl_map = { 2119 .auxv = NULL, 2120 .auxv_size = 0, 2121 .exe_fd = -1, 2122 }; 2123 struct vm_area_struct *vma; 2124 int error; 2125 2126 if (arg5 || (arg4 && (opt != PR_SET_MM_AUXV && 2127 opt != PR_SET_MM_MAP && 2128 opt != PR_SET_MM_MAP_SIZE))) 2129 return -EINVAL; 2130 2131 #ifdef CONFIG_CHECKPOINT_RESTORE 2132 if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE) 2133 return prctl_set_mm_map(opt, (const void __user *)addr, arg4); 2134 #endif 2135 2136 if (!capable(CAP_SYS_RESOURCE)) 2137 return -EPERM; 2138 2139 if (opt == PR_SET_MM_EXE_FILE) 2140 return prctl_set_mm_exe_file(mm, (unsigned int)addr); 2141 2142 if (opt == PR_SET_MM_AUXV) 2143 return prctl_set_auxv(mm, addr, arg4); 2144 2145 if (addr >= TASK_SIZE || addr < mmap_min_addr) 2146 return -EINVAL; 2147 2148 error = -EINVAL; 2149 2150 /* 2151 * arg_lock protects concurrent updates of arg boundaries, we need 2152 * mmap_lock for a) concurrent sys_brk, b) finding VMA for addr 2153 * validation. 2154 */ 2155 mmap_read_lock(mm); 2156 vma = find_vma(mm, addr); 2157 2158 spin_lock(&mm->arg_lock); 2159 prctl_map.start_code = mm->start_code; 2160 prctl_map.end_code = mm->end_code; 2161 prctl_map.start_data = mm->start_data; 2162 prctl_map.end_data = mm->end_data; 2163 prctl_map.start_brk = mm->start_brk; 2164 prctl_map.brk = mm->brk; 2165 prctl_map.start_stack = mm->start_stack; 2166 prctl_map.arg_start = mm->arg_start; 2167 prctl_map.arg_end = mm->arg_end; 2168 prctl_map.env_start = mm->env_start; 2169 prctl_map.env_end = mm->env_end; 2170 2171 switch (opt) { 2172 case PR_SET_MM_START_CODE: 2173 prctl_map.start_code = addr; 2174 break; 2175 case PR_SET_MM_END_CODE: 2176 prctl_map.end_code = addr; 2177 break; 2178 case PR_SET_MM_START_DATA: 2179 prctl_map.start_data = addr; 2180 break; 2181 case PR_SET_MM_END_DATA: 2182 prctl_map.end_data = addr; 2183 break; 2184 case PR_SET_MM_START_STACK: 2185 prctl_map.start_stack = addr; 2186 break; 2187 case PR_SET_MM_START_BRK: 2188 prctl_map.start_brk = addr; 2189 break; 2190 case PR_SET_MM_BRK: 2191 prctl_map.brk = addr; 2192 break; 2193 case PR_SET_MM_ARG_START: 2194 prctl_map.arg_start = addr; 2195 break; 2196 case PR_SET_MM_ARG_END: 2197 prctl_map.arg_end = addr; 2198 break; 2199 case PR_SET_MM_ENV_START: 2200 prctl_map.env_start = addr; 2201 break; 2202 case PR_SET_MM_ENV_END: 2203 prctl_map.env_end = addr; 2204 break; 2205 default: 2206 goto out; 2207 } 2208 2209 error = validate_prctl_map_addr(&prctl_map); 2210 if (error) 2211 goto out; 2212 2213 switch (opt) { 2214 /* 2215 * If command line arguments and environment 2216 * are placed somewhere else on stack, we can 2217 * set them up here, ARG_START/END to setup 2218 * command line arguments and ENV_START/END 2219 * for environment. 2220 */ 2221 case PR_SET_MM_START_STACK: 2222 case PR_SET_MM_ARG_START: 2223 case PR_SET_MM_ARG_END: 2224 case PR_SET_MM_ENV_START: 2225 case PR_SET_MM_ENV_END: 2226 if (!vma) { 2227 error = -EFAULT; 2228 goto out; 2229 } 2230 } 2231 2232 mm->start_code = prctl_map.start_code; 2233 mm->end_code = prctl_map.end_code; 2234 mm->start_data = prctl_map.start_data; 2235 mm->end_data = prctl_map.end_data; 2236 mm->start_brk = prctl_map.start_brk; 2237 mm->brk = prctl_map.brk; 2238 mm->start_stack = prctl_map.start_stack; 2239 mm->arg_start = prctl_map.arg_start; 2240 mm->arg_end = prctl_map.arg_end; 2241 mm->env_start = prctl_map.env_start; 2242 mm->env_end = prctl_map.env_end; 2243 2244 error = 0; 2245 out: 2246 spin_unlock(&mm->arg_lock); 2247 mmap_read_unlock(mm); 2248 return error; 2249 } 2250 2251 #ifdef CONFIG_CHECKPOINT_RESTORE 2252 static int prctl_get_tid_address(struct task_struct *me, int __user * __user *tid_addr) 2253 { 2254 return put_user(me->clear_child_tid, tid_addr); 2255 } 2256 #else 2257 static int prctl_get_tid_address(struct task_struct *me, int __user * __user *tid_addr) 2258 { 2259 return -EINVAL; 2260 } 2261 #endif 2262 2263 static int propagate_has_child_subreaper(struct task_struct *p, void *data) 2264 { 2265 /* 2266 * If task has has_child_subreaper - all its descendants 2267 * already have these flag too and new descendants will 2268 * inherit it on fork, skip them. 2269 * 2270 * If we've found child_reaper - skip descendants in 2271 * it's subtree as they will never get out pidns. 2272 */ 2273 if (p->signal->has_child_subreaper || 2274 is_child_reaper(task_pid(p))) 2275 return 0; 2276 2277 p->signal->has_child_subreaper = 1; 2278 return 1; 2279 } 2280 2281 int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which) 2282 { 2283 return -EINVAL; 2284 } 2285 2286 int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, 2287 unsigned long ctrl) 2288 { 2289 return -EINVAL; 2290 } 2291 2292 #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) 2293 2294 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, 2295 unsigned long, arg4, unsigned long, arg5) 2296 { 2297 struct task_struct *me = current; 2298 unsigned char comm[sizeof(me->comm)]; 2299 long error; 2300 2301 error = security_task_prctl(option, arg2, arg3, arg4, arg5); 2302 if (error != -ENOSYS) 2303 return error; 2304 2305 error = 0; 2306 switch (option) { 2307 case PR_SET_PDEATHSIG: 2308 if (!valid_signal(arg2)) { 2309 error = -EINVAL; 2310 break; 2311 } 2312 me->pdeath_signal = arg2; 2313 break; 2314 case PR_GET_PDEATHSIG: 2315 error = put_user(me->pdeath_signal, (int __user *)arg2); 2316 break; 2317 case PR_GET_DUMPABLE: 2318 error = get_dumpable(me->mm); 2319 break; 2320 case PR_SET_DUMPABLE: 2321 if (arg2 != SUID_DUMP_DISABLE && arg2 != SUID_DUMP_USER) { 2322 error = -EINVAL; 2323 break; 2324 } 2325 set_dumpable(me->mm, arg2); 2326 break; 2327 2328 case PR_SET_UNALIGN: 2329 error = SET_UNALIGN_CTL(me, arg2); 2330 break; 2331 case PR_GET_UNALIGN: 2332 error = GET_UNALIGN_CTL(me, arg2); 2333 break; 2334 case PR_SET_FPEMU: 2335 error = SET_FPEMU_CTL(me, arg2); 2336 break; 2337 case PR_GET_FPEMU: 2338 error = GET_FPEMU_CTL(me, arg2); 2339 break; 2340 case PR_SET_FPEXC: 2341 error = SET_FPEXC_CTL(me, arg2); 2342 break; 2343 case PR_GET_FPEXC: 2344 error = GET_FPEXC_CTL(me, arg2); 2345 break; 2346 case PR_GET_TIMING: 2347 error = PR_TIMING_STATISTICAL; 2348 break; 2349 case PR_SET_TIMING: 2350 if (arg2 != PR_TIMING_STATISTICAL) 2351 error = -EINVAL; 2352 break; 2353 case PR_SET_NAME: 2354 comm[sizeof(me->comm) - 1] = 0; 2355 if (strncpy_from_user(comm, (char __user *)arg2, 2356 sizeof(me->comm) - 1) < 0) 2357 return -EFAULT; 2358 set_task_comm(me, comm); 2359 proc_comm_connector(me); 2360 break; 2361 case PR_GET_NAME: 2362 get_task_comm(comm, me); 2363 if (copy_to_user((char __user *)arg2, comm, sizeof(comm))) 2364 return -EFAULT; 2365 break; 2366 case PR_GET_ENDIAN: 2367 error = GET_ENDIAN(me, arg2); 2368 break; 2369 case PR_SET_ENDIAN: 2370 error = SET_ENDIAN(me, arg2); 2371 break; 2372 case PR_GET_SECCOMP: 2373 error = prctl_get_seccomp(); 2374 break; 2375 case PR_SET_SECCOMP: 2376 error = prctl_set_seccomp(arg2, (char __user *)arg3); 2377 break; 2378 case PR_GET_TSC: 2379 error = GET_TSC_CTL(arg2); 2380 break; 2381 case PR_SET_TSC: 2382 error = SET_TSC_CTL(arg2); 2383 break; 2384 case PR_TASK_PERF_EVENTS_DISABLE: 2385 error = perf_event_task_disable(); 2386 break; 2387 case PR_TASK_PERF_EVENTS_ENABLE: 2388 error = perf_event_task_enable(); 2389 break; 2390 case PR_GET_TIMERSLACK: 2391 if (current->timer_slack_ns > ULONG_MAX) 2392 error = ULONG_MAX; 2393 else 2394 error = current->timer_slack_ns; 2395 break; 2396 case PR_SET_TIMERSLACK: 2397 if (arg2 <= 0) 2398 current->timer_slack_ns = 2399 current->default_timer_slack_ns; 2400 else 2401 current->timer_slack_ns = arg2; 2402 break; 2403 case PR_MCE_KILL: 2404 if (arg4 | arg5) 2405 return -EINVAL; 2406 switch (arg2) { 2407 case PR_MCE_KILL_CLEAR: 2408 if (arg3 != 0) 2409 return -EINVAL; 2410 current->flags &= ~PF_MCE_PROCESS; 2411 break; 2412 case PR_MCE_KILL_SET: 2413 current->flags |= PF_MCE_PROCESS; 2414 if (arg3 == PR_MCE_KILL_EARLY) 2415 current->flags |= PF_MCE_EARLY; 2416 else if (arg3 == PR_MCE_KILL_LATE) 2417 current->flags &= ~PF_MCE_EARLY; 2418 else if (arg3 == PR_MCE_KILL_DEFAULT) 2419 current->flags &= 2420 ~(PF_MCE_EARLY|PF_MCE_PROCESS); 2421 else 2422 return -EINVAL; 2423 break; 2424 default: 2425 return -EINVAL; 2426 } 2427 break; 2428 case PR_MCE_KILL_GET: 2429 if (arg2 | arg3 | arg4 | arg5) 2430 return -EINVAL; 2431 if (current->flags & PF_MCE_PROCESS) 2432 error = (current->flags & PF_MCE_EARLY) ? 2433 PR_MCE_KILL_EARLY : PR_MCE_KILL_LATE; 2434 else 2435 error = PR_MCE_KILL_DEFAULT; 2436 break; 2437 case PR_SET_MM: 2438 error = prctl_set_mm(arg2, arg3, arg4, arg5); 2439 break; 2440 case PR_GET_TID_ADDRESS: 2441 error = prctl_get_tid_address(me, (int __user * __user *)arg2); 2442 break; 2443 case PR_SET_CHILD_SUBREAPER: 2444 me->signal->is_child_subreaper = !!arg2; 2445 if (!arg2) 2446 break; 2447 2448 walk_process_tree(me, propagate_has_child_subreaper, NULL); 2449 break; 2450 case PR_GET_CHILD_SUBREAPER: 2451 error = put_user(me->signal->is_child_subreaper, 2452 (int __user *)arg2); 2453 break; 2454 case PR_SET_NO_NEW_PRIVS: 2455 if (arg2 != 1 || arg3 || arg4 || arg5) 2456 return -EINVAL; 2457 2458 task_set_no_new_privs(current); 2459 break; 2460 case PR_GET_NO_NEW_PRIVS: 2461 if (arg2 || arg3 || arg4 || arg5) 2462 return -EINVAL; 2463 return task_no_new_privs(current) ? 1 : 0; 2464 case PR_GET_THP_DISABLE: 2465 if (arg2 || arg3 || arg4 || arg5) 2466 return -EINVAL; 2467 error = !!test_bit(MMF_DISABLE_THP, &me->mm->flags); 2468 break; 2469 case PR_SET_THP_DISABLE: 2470 if (arg3 || arg4 || arg5) 2471 return -EINVAL; 2472 if (mmap_write_lock_killable(me->mm)) 2473 return -EINTR; 2474 if (arg2) 2475 set_bit(MMF_DISABLE_THP, &me->mm->flags); 2476 else 2477 clear_bit(MMF_DISABLE_THP, &me->mm->flags); 2478 mmap_write_unlock(me->mm); 2479 break; 2480 case PR_MPX_ENABLE_MANAGEMENT: 2481 case PR_MPX_DISABLE_MANAGEMENT: 2482 /* No longer implemented: */ 2483 return -EINVAL; 2484 case PR_SET_FP_MODE: 2485 error = SET_FP_MODE(me, arg2); 2486 break; 2487 case PR_GET_FP_MODE: 2488 error = GET_FP_MODE(me); 2489 break; 2490 case PR_SVE_SET_VL: 2491 error = SVE_SET_VL(arg2); 2492 break; 2493 case PR_SVE_GET_VL: 2494 error = SVE_GET_VL(); 2495 break; 2496 case PR_GET_SPECULATION_CTRL: 2497 if (arg3 || arg4 || arg5) 2498 return -EINVAL; 2499 error = arch_prctl_spec_ctrl_get(me, arg2); 2500 break; 2501 case PR_SET_SPECULATION_CTRL: 2502 if (arg4 || arg5) 2503 return -EINVAL; 2504 error = arch_prctl_spec_ctrl_set(me, arg2, arg3); 2505 break; 2506 case PR_PAC_RESET_KEYS: 2507 if (arg3 || arg4 || arg5) 2508 return -EINVAL; 2509 error = PAC_RESET_KEYS(me, arg2); 2510 break; 2511 case PR_PAC_SET_ENABLED_KEYS: 2512 if (arg4 || arg5) 2513 return -EINVAL; 2514 error = PAC_SET_ENABLED_KEYS(me, arg2, arg3); 2515 break; 2516 case PR_PAC_GET_ENABLED_KEYS: 2517 if (arg2 || arg3 || arg4 || arg5) 2518 return -EINVAL; 2519 error = PAC_GET_ENABLED_KEYS(me); 2520 break; 2521 case PR_SET_TAGGED_ADDR_CTRL: 2522 if (arg3 || arg4 || arg5) 2523 return -EINVAL; 2524 error = SET_TAGGED_ADDR_CTRL(arg2); 2525 break; 2526 case PR_GET_TAGGED_ADDR_CTRL: 2527 if (arg2 || arg3 || arg4 || arg5) 2528 return -EINVAL; 2529 error = GET_TAGGED_ADDR_CTRL(); 2530 break; 2531 case PR_SET_IO_FLUSHER: 2532 if (!capable(CAP_SYS_RESOURCE)) 2533 return -EPERM; 2534 2535 if (arg3 || arg4 || arg5) 2536 return -EINVAL; 2537 2538 if (arg2 == 1) 2539 current->flags |= PR_IO_FLUSHER; 2540 else if (!arg2) 2541 current->flags &= ~PR_IO_FLUSHER; 2542 else 2543 return -EINVAL; 2544 break; 2545 case PR_GET_IO_FLUSHER: 2546 if (!capable(CAP_SYS_RESOURCE)) 2547 return -EPERM; 2548 2549 if (arg2 || arg3 || arg4 || arg5) 2550 return -EINVAL; 2551 2552 error = (current->flags & PR_IO_FLUSHER) == PR_IO_FLUSHER; 2553 break; 2554 case PR_SET_SYSCALL_USER_DISPATCH: 2555 error = set_syscall_user_dispatch(arg2, arg3, arg4, 2556 (char __user *) arg5); 2557 break; 2558 #ifdef CONFIG_SCHED_CORE 2559 case PR_SCHED_CORE: 2560 error = sched_core_share_pid(arg2, arg3, arg4, arg5); 2561 break; 2562 #endif 2563 default: 2564 error = -EINVAL; 2565 break; 2566 } 2567 return error; 2568 } 2569 2570 SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep, 2571 struct getcpu_cache __user *, unused) 2572 { 2573 int err = 0; 2574 int cpu = raw_smp_processor_id(); 2575 2576 if (cpup) 2577 err |= put_user(cpu, cpup); 2578 if (nodep) 2579 err |= put_user(cpu_to_node(cpu), nodep); 2580 return err ? -EFAULT : 0; 2581 } 2582 2583 /** 2584 * do_sysinfo - fill in sysinfo struct 2585 * @info: pointer to buffer to fill 2586 */ 2587 static int do_sysinfo(struct sysinfo *info) 2588 { 2589 unsigned long mem_total, sav_total; 2590 unsigned int mem_unit, bitcount; 2591 struct timespec64 tp; 2592 2593 memset(info, 0, sizeof(struct sysinfo)); 2594 2595 ktime_get_boottime_ts64(&tp); 2596 timens_add_boottime(&tp); 2597 info->uptime = tp.tv_sec + (tp.tv_nsec ? 1 : 0); 2598 2599 get_avenrun(info->loads, 0, SI_LOAD_SHIFT - FSHIFT); 2600 2601 info->procs = nr_threads; 2602 2603 si_meminfo(info); 2604 si_swapinfo(info); 2605 2606 /* 2607 * If the sum of all the available memory (i.e. ram + swap) 2608 * is less than can be stored in a 32 bit unsigned long then 2609 * we can be binary compatible with 2.2.x kernels. If not, 2610 * well, in that case 2.2.x was broken anyways... 2611 * 2612 * -Erik Andersen <andersee@debian.org> 2613 */ 2614 2615 mem_total = info->totalram + info->totalswap; 2616 if (mem_total < info->totalram || mem_total < info->totalswap) 2617 goto out; 2618 bitcount = 0; 2619 mem_unit = info->mem_unit; 2620 while (mem_unit > 1) { 2621 bitcount++; 2622 mem_unit >>= 1; 2623 sav_total = mem_total; 2624 mem_total <<= 1; 2625 if (mem_total < sav_total) 2626 goto out; 2627 } 2628 2629 /* 2630 * If mem_total did not overflow, multiply all memory values by 2631 * info->mem_unit and set it to 1. This leaves things compatible 2632 * with 2.2.x, and also retains compatibility with earlier 2.4.x 2633 * kernels... 2634 */ 2635 2636 info->mem_unit = 1; 2637 info->totalram <<= bitcount; 2638 info->freeram <<= bitcount; 2639 info->sharedram <<= bitcount; 2640 info->bufferram <<= bitcount; 2641 info->totalswap <<= bitcount; 2642 info->freeswap <<= bitcount; 2643 info->totalhigh <<= bitcount; 2644 info->freehigh <<= bitcount; 2645 2646 out: 2647 return 0; 2648 } 2649 2650 SYSCALL_DEFINE1(sysinfo, struct sysinfo __user *, info) 2651 { 2652 struct sysinfo val; 2653 2654 do_sysinfo(&val); 2655 2656 if (copy_to_user(info, &val, sizeof(struct sysinfo))) 2657 return -EFAULT; 2658 2659 return 0; 2660 } 2661 2662 #ifdef CONFIG_COMPAT 2663 struct compat_sysinfo { 2664 s32 uptime; 2665 u32 loads[3]; 2666 u32 totalram; 2667 u32 freeram; 2668 u32 sharedram; 2669 u32 bufferram; 2670 u32 totalswap; 2671 u32 freeswap; 2672 u16 procs; 2673 u16 pad; 2674 u32 totalhigh; 2675 u32 freehigh; 2676 u32 mem_unit; 2677 char _f[20-2*sizeof(u32)-sizeof(int)]; 2678 }; 2679 2680 COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info) 2681 { 2682 struct sysinfo s; 2683 struct compat_sysinfo s_32; 2684 2685 do_sysinfo(&s); 2686 2687 /* Check to see if any memory value is too large for 32-bit and scale 2688 * down if needed 2689 */ 2690 if (upper_32_bits(s.totalram) || upper_32_bits(s.totalswap)) { 2691 int bitcount = 0; 2692 2693 while (s.mem_unit < PAGE_SIZE) { 2694 s.mem_unit <<= 1; 2695 bitcount++; 2696 } 2697 2698 s.totalram >>= bitcount; 2699 s.freeram >>= bitcount; 2700 s.sharedram >>= bitcount; 2701 s.bufferram >>= bitcount; 2702 s.totalswap >>= bitcount; 2703 s.freeswap >>= bitcount; 2704 s.totalhigh >>= bitcount; 2705 s.freehigh >>= bitcount; 2706 } 2707 2708 memset(&s_32, 0, sizeof(s_32)); 2709 s_32.uptime = s.uptime; 2710 s_32.loads[0] = s.loads[0]; 2711 s_32.loads[1] = s.loads[1]; 2712 s_32.loads[2] = s.loads[2]; 2713 s_32.totalram = s.totalram; 2714 s_32.freeram = s.freeram; 2715 s_32.sharedram = s.sharedram; 2716 s_32.bufferram = s.bufferram; 2717 s_32.totalswap = s.totalswap; 2718 s_32.freeswap = s.freeswap; 2719 s_32.procs = s.procs; 2720 s_32.totalhigh = s.totalhigh; 2721 s_32.freehigh = s.freehigh; 2722 s_32.mem_unit = s.mem_unit; 2723 if (copy_to_user(info, &s_32, sizeof(s_32))) 2724 return -EFAULT; 2725 return 0; 2726 } 2727 #endif /* CONFIG_COMPAT */ 2728