~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/ipc/mqueue.c

Version: ~ [ linux-5.9-rc6 ] ~ [ linux-5.8.10 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.66 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.146 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.198 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.236 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.236 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * POSIX message queues filesystem for Linux.
  3  *
  4  * Copyright (C) 2003,2004  Krzysztof Benedyczak    (golbi@mat.uni.torun.pl)
  5  *                          Michal Wronski          (michal.wronski@gmail.com)
  6  *
  7  * Spinlocks:               Mohamed Abbas           (abbas.mohamed@intel.com)
  8  * Lockless receive & send, fd based notify:
  9  *                          Manfred Spraul          (manfred@colorfullife.com)
 10  *
 11  * Audit:                   George Wilson           (ltcgcw@us.ibm.com)
 12  *
 13  * This file is released under the GPL.
 14  */
 15 
 16 #include <linux/capability.h>
 17 #include <linux/init.h>
 18 #include <linux/pagemap.h>
 19 #include <linux/file.h>
 20 #include <linux/mount.h>
 21 #include <linux/namei.h>
 22 #include <linux/sysctl.h>
 23 #include <linux/poll.h>
 24 #include <linux/mqueue.h>
 25 #include <linux/msg.h>
 26 #include <linux/skbuff.h>
 27 #include <linux/vmalloc.h>
 28 #include <linux/netlink.h>
 29 #include <linux/syscalls.h>
 30 #include <linux/audit.h>
 31 #include <linux/signal.h>
 32 #include <linux/mutex.h>
 33 #include <linux/nsproxy.h>
 34 #include <linux/pid.h>
 35 #include <linux/ipc_namespace.h>
 36 #include <linux/user_namespace.h>
 37 #include <linux/slab.h>
 38 
 39 #include <net/sock.h>
 40 #include "util.h"
 41 
 42 #define MQUEUE_MAGIC    0x19800202
 43 #define DIRENT_SIZE     20
 44 #define FILENT_SIZE     80
 45 
 46 #define SEND            0
 47 #define RECV            1
 48 
 49 #define STATE_NONE      0
 50 #define STATE_PENDING   1
 51 #define STATE_READY     2
 52 
 53 struct posix_msg_tree_node {
 54         struct rb_node          rb_node;
 55         struct list_head        msg_list;
 56         int                     priority;
 57 };
 58 
 59 struct ext_wait_queue {         /* queue of sleeping tasks */
 60         struct task_struct *task;
 61         struct list_head list;
 62         struct msg_msg *msg;    /* ptr of loaded message */
 63         int state;              /* one of STATE_* values */
 64 };
 65 
 66 struct mqueue_inode_info {
 67         spinlock_t lock;
 68         struct inode vfs_inode;
 69         wait_queue_head_t wait_q;
 70 
 71         struct rb_root msg_tree;
 72         struct posix_msg_tree_node *node_cache;
 73         struct mq_attr attr;
 74 
 75         struct sigevent notify;
 76         struct pid *notify_owner;
 77         struct user_namespace *notify_user_ns;
 78         struct user_struct *user;       /* user who created, for accounting */
 79         struct sock *notify_sock;
 80         struct sk_buff *notify_cookie;
 81 
 82         /* for tasks waiting for free space and messages, respectively */
 83         struct ext_wait_queue e_wait_q[2];
 84 
 85         unsigned long qsize; /* size of queue in memory (sum of all msgs) */
 86 };
 87 
 88 static const struct inode_operations mqueue_dir_inode_operations;
 89 static const struct file_operations mqueue_file_operations;
 90 static const struct super_operations mqueue_super_ops;
 91 static void remove_notification(struct mqueue_inode_info *info);
 92 
 93 static struct kmem_cache *mqueue_inode_cachep;
 94 
 95 static struct ctl_table_header *mq_sysctl_table;
 96 
 97 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
 98 {
 99         return container_of(inode, struct mqueue_inode_info, vfs_inode);
100 }
101 
102 /*
103  * This routine should be called with the mq_lock held.
104  */
105 static inline struct ipc_namespace *__get_ns_from_inode(struct inode *inode)
106 {
107         return get_ipc_ns(inode->i_sb->s_fs_info);
108 }
109 
110 static struct ipc_namespace *get_ns_from_inode(struct inode *inode)
111 {
112         struct ipc_namespace *ns;
113 
114         spin_lock(&mq_lock);
115         ns = __get_ns_from_inode(inode);
116         spin_unlock(&mq_lock);
117         return ns;
118 }
119 
120 /* Auxiliary functions to manipulate messages' list */
121 static int msg_insert(struct msg_msg *msg, struct mqueue_inode_info *info)
122 {
123         struct rb_node **p, *parent = NULL;
124         struct posix_msg_tree_node *leaf;
125 
126         p = &info->msg_tree.rb_node;
127         while (*p) {
128                 parent = *p;
129                 leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node);
130 
131                 if (likely(leaf->priority == msg->m_type))
132                         goto insert_msg;
133                 else if (msg->m_type < leaf->priority)
134                         p = &(*p)->rb_left;
135                 else
136                         p = &(*p)->rb_right;
137         }
138         if (info->node_cache) {
139                 leaf = info->node_cache;
140                 info->node_cache = NULL;
141         } else {
142                 leaf = kmalloc(sizeof(*leaf), GFP_ATOMIC);
143                 if (!leaf)
144                         return -ENOMEM;
145                 INIT_LIST_HEAD(&leaf->msg_list);
146         }
147         leaf->priority = msg->m_type;
148         rb_link_node(&leaf->rb_node, parent, p);
149         rb_insert_color(&leaf->rb_node, &info->msg_tree);
150 insert_msg:
151         info->attr.mq_curmsgs++;
152         info->qsize += msg->m_ts;
153         list_add_tail(&msg->m_list, &leaf->msg_list);
154         return 0;
155 }
156 
157 static inline struct msg_msg *msg_get(struct mqueue_inode_info *info)
158 {
159         struct rb_node **p, *parent = NULL;
160         struct posix_msg_tree_node *leaf;
161         struct msg_msg *msg;
162 
163 try_again:
164         p = &info->msg_tree.rb_node;
165         while (*p) {
166                 parent = *p;
167                 /*
168                  * During insert, low priorities go to the left and high to the
169                  * right.  On receive, we want the highest priorities first, so
170                  * walk all the way to the right.
171                  */
172                 p = &(*p)->rb_right;
173         }
174         if (!parent) {
175                 if (info->attr.mq_curmsgs) {
176                         pr_warn_once("Inconsistency in POSIX message queue, "
177                                      "no tree element, but supposedly messages "
178                                      "should exist!\n");
179                         info->attr.mq_curmsgs = 0;
180                 }
181                 return NULL;
182         }
183         leaf = rb_entry(parent, struct posix_msg_tree_node, rb_node);
184         if (unlikely(list_empty(&leaf->msg_list))) {
185                 pr_warn_once("Inconsistency in POSIX message queue, "
186                              "empty leaf node but we haven't implemented "
187                              "lazy leaf delete!\n");
188                 rb_erase(&leaf->rb_node, &info->msg_tree);
189                 if (info->node_cache) {
190                         kfree(leaf);
191                 } else {
192                         info->node_cache = leaf;
193                 }
194                 goto try_again;
195         } else {
196                 msg = list_first_entry(&leaf->msg_list,
197                                        struct msg_msg, m_list);
198                 list_del(&msg->m_list);
199                 if (list_empty(&leaf->msg_list)) {
200                         rb_erase(&leaf->rb_node, &info->msg_tree);
201                         if (info->node_cache) {
202                                 kfree(leaf);
203                         } else {
204                                 info->node_cache = leaf;
205                         }
206                 }
207         }
208         info->attr.mq_curmsgs--;
209         info->qsize -= msg->m_ts;
210         return msg;
211 }
212 
213 static struct inode *mqueue_get_inode(struct super_block *sb,
214                 struct ipc_namespace *ipc_ns, umode_t mode,
215                 struct mq_attr *attr)
216 {
217         struct user_struct *u = current_user();
218         struct inode *inode;
219         int ret = -ENOMEM;
220 
221         inode = new_inode(sb);
222         if (!inode)
223                 goto err;
224 
225         inode->i_ino = get_next_ino();
226         inode->i_mode = mode;
227         inode->i_uid = current_fsuid();
228         inode->i_gid = current_fsgid();
229         inode->i_mtime = inode->i_ctime = inode->i_atime = CURRENT_TIME;
230 
231         if (S_ISREG(mode)) {
232                 struct mqueue_inode_info *info;
233                 unsigned long mq_bytes, mq_treesize;
234 
235                 inode->i_fop = &mqueue_file_operations;
236                 inode->i_size = FILENT_SIZE;
237                 /* mqueue specific info */
238                 info = MQUEUE_I(inode);
239                 spin_lock_init(&info->lock);
240                 init_waitqueue_head(&info->wait_q);
241                 INIT_LIST_HEAD(&info->e_wait_q[0].list);
242                 INIT_LIST_HEAD(&info->e_wait_q[1].list);
243                 info->notify_owner = NULL;
244                 info->notify_user_ns = NULL;
245                 info->qsize = 0;
246                 info->user = NULL;      /* set when all is ok */
247                 info->msg_tree = RB_ROOT;
248                 info->node_cache = NULL;
249                 memset(&info->attr, 0, sizeof(info->attr));
250                 info->attr.mq_maxmsg = min(ipc_ns->mq_msg_max,
251                                            ipc_ns->mq_msg_default);
252                 info->attr.mq_msgsize = min(ipc_ns->mq_msgsize_max,
253                                             ipc_ns->mq_msgsize_default);
254                 if (attr) {
255                         info->attr.mq_maxmsg = attr->mq_maxmsg;
256                         info->attr.mq_msgsize = attr->mq_msgsize;
257                 }
258                 /*
259                  * We used to allocate a static array of pointers and account
260                  * the size of that array as well as one msg_msg struct per
261                  * possible message into the queue size. That's no longer
262                  * accurate as the queue is now an rbtree and will grow and
263                  * shrink depending on usage patterns.  We can, however, still
264                  * account one msg_msg struct per message, but the nodes are
265                  * allocated depending on priority usage, and most programs
266                  * only use one, or a handful, of priorities.  However, since
267                  * this is pinned memory, we need to assume worst case, so
268                  * that means the min(mq_maxmsg, max_priorities) * struct
269                  * posix_msg_tree_node.
270                  */
271                 mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) +
272                         min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) *
273                         sizeof(struct posix_msg_tree_node);
274 
275                 mq_bytes = mq_treesize + (info->attr.mq_maxmsg *
276                                           info->attr.mq_msgsize);
277 
278                 spin_lock(&mq_lock);
279                 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
280                     u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
281                         spin_unlock(&mq_lock);
282                         /* mqueue_evict_inode() releases info->messages */
283                         ret = -EMFILE;
284                         goto out_inode;
285                 }
286                 u->mq_bytes += mq_bytes;
287                 spin_unlock(&mq_lock);
288 
289                 /* all is ok */
290                 info->user = get_uid(u);
291         } else if (S_ISDIR(mode)) {
292                 inc_nlink(inode);
293                 /* Some things misbehave if size == 0 on a directory */
294                 inode->i_size = 2 * DIRENT_SIZE;
295                 inode->i_op = &mqueue_dir_inode_operations;
296                 inode->i_fop = &simple_dir_operations;
297         }
298 
299         return inode;
300 out_inode:
301         iput(inode);
302 err:
303         return ERR_PTR(ret);
304 }
305 
306 static int mqueue_fill_super(struct super_block *sb, void *data, int silent)
307 {
308         struct inode *inode;
309         struct ipc_namespace *ns = data;
310 
311         sb->s_blocksize = PAGE_CACHE_SIZE;
312         sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
313         sb->s_magic = MQUEUE_MAGIC;
314         sb->s_op = &mqueue_super_ops;
315 
316         inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO, NULL);
317         if (IS_ERR(inode))
318                 return PTR_ERR(inode);
319 
320         sb->s_root = d_make_root(inode);
321         if (!sb->s_root)
322                 return -ENOMEM;
323         return 0;
324 }
325 
326 static struct dentry *mqueue_mount(struct file_system_type *fs_type,
327                          int flags, const char *dev_name,
328                          void *data)
329 {
330         if (!(flags & MS_KERNMOUNT)) {
331                 struct ipc_namespace *ns = current->nsproxy->ipc_ns;
332                 /* Don't allow mounting unless the caller has CAP_SYS_ADMIN
333                  * over the ipc namespace.
334                  */
335                 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
336                         return ERR_PTR(-EPERM);
337 
338                 data = ns;
339         }
340         return mount_ns(fs_type, flags, data, mqueue_fill_super);
341 }
342 
343 static void init_once(void *foo)
344 {
345         struct mqueue_inode_info *p = (struct mqueue_inode_info *) foo;
346 
347         inode_init_once(&p->vfs_inode);
348 }
349 
350 static struct inode *mqueue_alloc_inode(struct super_block *sb)
351 {
352         struct mqueue_inode_info *ei;
353 
354         ei = kmem_cache_alloc(mqueue_inode_cachep, GFP_KERNEL);
355         if (!ei)
356                 return NULL;
357         return &ei->vfs_inode;
358 }
359 
360 static void mqueue_i_callback(struct rcu_head *head)
361 {
362         struct inode *inode = container_of(head, struct inode, i_rcu);
363         kmem_cache_free(mqueue_inode_cachep, MQUEUE_I(inode));
364 }
365 
366 static void mqueue_destroy_inode(struct inode *inode)
367 {
368         call_rcu(&inode->i_rcu, mqueue_i_callback);
369 }
370 
371 static void mqueue_evict_inode(struct inode *inode)
372 {
373         struct mqueue_inode_info *info;
374         struct user_struct *user;
375         unsigned long mq_bytes, mq_treesize;
376         struct ipc_namespace *ipc_ns;
377         struct msg_msg *msg;
378 
379         clear_inode(inode);
380 
381         if (S_ISDIR(inode->i_mode))
382                 return;
383 
384         ipc_ns = get_ns_from_inode(inode);
385         info = MQUEUE_I(inode);
386         spin_lock(&info->lock);
387         while ((msg = msg_get(info)) != NULL)
388                 free_msg(msg);
389         kfree(info->node_cache);
390         spin_unlock(&info->lock);
391 
392         /* Total amount of bytes accounted for the mqueue */
393         mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) +
394                 min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) *
395                 sizeof(struct posix_msg_tree_node);
396 
397         mq_bytes = mq_treesize + (info->attr.mq_maxmsg *
398                                   info->attr.mq_msgsize);
399 
400         user = info->user;
401         if (user) {
402                 spin_lock(&mq_lock);
403                 user->mq_bytes -= mq_bytes;
404                 /*
405                  * get_ns_from_inode() ensures that the
406                  * (ipc_ns = sb->s_fs_info) is either a valid ipc_ns
407                  * to which we now hold a reference, or it is NULL.
408                  * We can't put it here under mq_lock, though.
409                  */
410                 if (ipc_ns)
411                         ipc_ns->mq_queues_count--;
412                 spin_unlock(&mq_lock);
413                 free_uid(user);
414         }
415         if (ipc_ns)
416                 put_ipc_ns(ipc_ns);
417 }
418 
419 static int mqueue_create(struct inode *dir, struct dentry *dentry,
420                                 umode_t mode, bool excl)
421 {
422         struct inode *inode;
423         struct mq_attr *attr = dentry->d_fsdata;
424         int error;
425         struct ipc_namespace *ipc_ns;
426 
427         spin_lock(&mq_lock);
428         ipc_ns = __get_ns_from_inode(dir);
429         if (!ipc_ns) {
430                 error = -EACCES;
431                 goto out_unlock;
432         }
433 
434         if (ipc_ns->mq_queues_count >= ipc_ns->mq_queues_max &&
435             !capable(CAP_SYS_RESOURCE)) {
436                 error = -ENOSPC;
437                 goto out_unlock;
438         }
439         ipc_ns->mq_queues_count++;
440         spin_unlock(&mq_lock);
441 
442         inode = mqueue_get_inode(dir->i_sb, ipc_ns, mode, attr);
443         if (IS_ERR(inode)) {
444                 error = PTR_ERR(inode);
445                 spin_lock(&mq_lock);
446                 ipc_ns->mq_queues_count--;
447                 goto out_unlock;
448         }
449 
450         put_ipc_ns(ipc_ns);
451         dir->i_size += DIRENT_SIZE;
452         dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
453 
454         d_instantiate(dentry, inode);
455         dget(dentry);
456         return 0;
457 out_unlock:
458         spin_unlock(&mq_lock);
459         if (ipc_ns)
460                 put_ipc_ns(ipc_ns);
461         return error;
462 }
463 
464 static int mqueue_unlink(struct inode *dir, struct dentry *dentry)
465 {
466         struct inode *inode = dentry->d_inode;
467 
468         dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
469         dir->i_size -= DIRENT_SIZE;
470         drop_nlink(inode);
471         dput(dentry);
472         return 0;
473 }
474 
475 /*
476 *       This is routine for system read from queue file.
477 *       To avoid mess with doing here some sort of mq_receive we allow
478 *       to read only queue size & notification info (the only values
479 *       that are interesting from user point of view and aren't accessible
480 *       through std routines)
481 */
482 static ssize_t mqueue_read_file(struct file *filp, char __user *u_data,
483                                 size_t count, loff_t *off)
484 {
485         struct mqueue_inode_info *info = MQUEUE_I(file_inode(filp));
486         char buffer[FILENT_SIZE];
487         ssize_t ret;
488 
489         spin_lock(&info->lock);
490         snprintf(buffer, sizeof(buffer),
491                         "QSIZE:%-10lu NOTIFY:%-5d SIGNO:%-5d NOTIFY_PID:%-6d\n",
492                         info->qsize,
493                         info->notify_owner ? info->notify.sigev_notify : 0,
494                         (info->notify_owner &&
495                          info->notify.sigev_notify == SIGEV_SIGNAL) ?
496                                 info->notify.sigev_signo : 0,
497                         pid_vnr(info->notify_owner));
498         spin_unlock(&info->lock);
499         buffer[sizeof(buffer)-1] = '\0';
500 
501         ret = simple_read_from_buffer(u_data, count, off, buffer,
502                                 strlen(buffer));
503         if (ret <= 0)
504                 return ret;
505 
506         file_inode(filp)->i_atime = file_inode(filp)->i_ctime = CURRENT_TIME;
507         return ret;
508 }
509 
510 static int mqueue_flush_file(struct file *filp, fl_owner_t id)
511 {
512         struct mqueue_inode_info *info = MQUEUE_I(file_inode(filp));
513 
514         spin_lock(&info->lock);
515         if (task_tgid(current) == info->notify_owner)
516                 remove_notification(info);
517 
518         spin_unlock(&info->lock);
519         return 0;
520 }
521 
522 static unsigned int mqueue_poll_file(struct file *filp, struct poll_table_struct *poll_tab)
523 {
524         struct mqueue_inode_info *info = MQUEUE_I(file_inode(filp));
525         int retval = 0;
526 
527         poll_wait(filp, &info->wait_q, poll_tab);
528 
529         spin_lock(&info->lock);
530         if (info->attr.mq_curmsgs)
531                 retval = POLLIN | POLLRDNORM;
532 
533         if (info->attr.mq_curmsgs < info->attr.mq_maxmsg)
534                 retval |= POLLOUT | POLLWRNORM;
535         spin_unlock(&info->lock);
536 
537         return retval;
538 }
539 
540 /* Adds current to info->e_wait_q[sr] before element with smaller prio */
541 static void wq_add(struct mqueue_inode_info *info, int sr,
542                         struct ext_wait_queue *ewp)
543 {
544         struct ext_wait_queue *walk;
545 
546         ewp->task = current;
547 
548         list_for_each_entry(walk, &info->e_wait_q[sr].list, list) {
549                 if (walk->task->static_prio <= current->static_prio) {
550                         list_add_tail(&ewp->list, &walk->list);
551                         return;
552                 }
553         }
554         list_add_tail(&ewp->list, &info->e_wait_q[sr].list);
555 }
556 
557 /*
558  * Puts current task to sleep. Caller must hold queue lock. After return
559  * lock isn't held.
560  * sr: SEND or RECV
561  */
562 static int wq_sleep(struct mqueue_inode_info *info, int sr,
563                     ktime_t *timeout, struct ext_wait_queue *ewp)
564 {
565         int retval;
566         signed long time;
567 
568         wq_add(info, sr, ewp);
569 
570         for (;;) {
571                 set_current_state(TASK_INTERRUPTIBLE);
572 
573                 spin_unlock(&info->lock);
574                 time = schedule_hrtimeout_range_clock(timeout, 0,
575                         HRTIMER_MODE_ABS, CLOCK_REALTIME);
576 
577                 while (ewp->state == STATE_PENDING)
578                         cpu_relax();
579 
580                 if (ewp->state == STATE_READY) {
581                         retval = 0;
582                         goto out;
583                 }
584                 spin_lock(&info->lock);
585                 if (ewp->state == STATE_READY) {
586                         retval = 0;
587                         goto out_unlock;
588                 }
589                 if (signal_pending(current)) {
590                         retval = -ERESTARTSYS;
591                         break;
592                 }
593                 if (time == 0) {
594                         retval = -ETIMEDOUT;
595                         break;
596                 }
597         }
598         list_del(&ewp->list);
599 out_unlock:
600         spin_unlock(&info->lock);
601 out:
602         return retval;
603 }
604 
605 /*
606  * Returns waiting task that should be serviced first or NULL if none exists
607  */
608 static struct ext_wait_queue *wq_get_first_waiter(
609                 struct mqueue_inode_info *info, int sr)
610 {
611         struct list_head *ptr;
612 
613         ptr = info->e_wait_q[sr].list.prev;
614         if (ptr == &info->e_wait_q[sr].list)
615                 return NULL;
616         return list_entry(ptr, struct ext_wait_queue, list);
617 }
618 
619 
620 static inline void set_cookie(struct sk_buff *skb, char code)
621 {
622         ((char *)skb->data)[NOTIFY_COOKIE_LEN-1] = code;
623 }
624 
625 /*
626  * The next function is only to split too long sys_mq_timedsend
627  */
628 static void __do_notify(struct mqueue_inode_info *info)
629 {
630         /* notification
631          * invoked when there is registered process and there isn't process
632          * waiting synchronously for message AND state of queue changed from
633          * empty to not empty. Here we are sure that no one is waiting
634          * synchronously. */
635         if (info->notify_owner &&
636             info->attr.mq_curmsgs == 1) {
637                 struct siginfo sig_i;
638                 switch (info->notify.sigev_notify) {
639                 case SIGEV_NONE:
640                         break;
641                 case SIGEV_SIGNAL:
642                         /* sends signal */
643 
644                         sig_i.si_signo = info->notify.sigev_signo;
645                         sig_i.si_errno = 0;
646                         sig_i.si_code = SI_MESGQ;
647                         sig_i.si_value = info->notify.sigev_value;
648                         /* map current pid/uid into info->owner's namespaces */
649                         rcu_read_lock();
650                         sig_i.si_pid = task_tgid_nr_ns(current,
651                                                 ns_of_pid(info->notify_owner));
652                         sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid());
653                         rcu_read_unlock();
654 
655                         kill_pid_info(info->notify.sigev_signo,
656                                       &sig_i, info->notify_owner);
657                         break;
658                 case SIGEV_THREAD:
659                         set_cookie(info->notify_cookie, NOTIFY_WOKENUP);
660                         netlink_sendskb(info->notify_sock, info->notify_cookie);
661                         break;
662                 }
663                 /* after notification unregisters process */
664                 put_pid(info->notify_owner);
665                 put_user_ns(info->notify_user_ns);
666                 info->notify_owner = NULL;
667                 info->notify_user_ns = NULL;
668         }
669         wake_up(&info->wait_q);
670 }
671 
672 static int prepare_timeout(const struct timespec __user *u_abs_timeout,
673                            ktime_t *expires, struct timespec *ts)
674 {
675         if (copy_from_user(ts, u_abs_timeout, sizeof(struct timespec)))
676                 return -EFAULT;
677         if (!timespec_valid(ts))
678                 return -EINVAL;
679 
680         *expires = timespec_to_ktime(*ts);
681         return 0;
682 }
683 
684 static void remove_notification(struct mqueue_inode_info *info)
685 {
686         if (info->notify_owner != NULL &&
687             info->notify.sigev_notify == SIGEV_THREAD) {
688                 set_cookie(info->notify_cookie, NOTIFY_REMOVED);
689                 netlink_sendskb(info->notify_sock, info->notify_cookie);
690         }
691         put_pid(info->notify_owner);
692         put_user_ns(info->notify_user_ns);
693         info->notify_owner = NULL;
694         info->notify_user_ns = NULL;
695 }
696 
697 static int mq_attr_ok(struct ipc_namespace *ipc_ns, struct mq_attr *attr)
698 {
699         int mq_treesize;
700         unsigned long total_size;
701 
702         if (attr->mq_maxmsg <= 0 || attr->mq_msgsize <= 0)
703                 return -EINVAL;
704         if (capable(CAP_SYS_RESOURCE)) {
705                 if (attr->mq_maxmsg > HARD_MSGMAX ||
706                     attr->mq_msgsize > HARD_MSGSIZEMAX)
707                         return -EINVAL;
708         } else {
709                 if (attr->mq_maxmsg > ipc_ns->mq_msg_max ||
710                                 attr->mq_msgsize > ipc_ns->mq_msgsize_max)
711                         return -EINVAL;
712         }
713         /* check for overflow */
714         if (attr->mq_msgsize > ULONG_MAX/attr->mq_maxmsg)
715                 return -EOVERFLOW;
716         mq_treesize = attr->mq_maxmsg * sizeof(struct msg_msg) +
717                 min_t(unsigned int, attr->mq_maxmsg, MQ_PRIO_MAX) *
718                 sizeof(struct posix_msg_tree_node);
719         total_size = attr->mq_maxmsg * attr->mq_msgsize;
720         if (total_size + mq_treesize < total_size)
721                 return -EOVERFLOW;
722         return 0;
723 }
724 
725 /*
726  * Invoked when creating a new queue via sys_mq_open
727  */
728 static struct file *do_create(struct ipc_namespace *ipc_ns, struct inode *dir,
729                         struct path *path, int oflag, umode_t mode,
730                         struct mq_attr *attr)
731 {
732         const struct cred *cred = current_cred();
733         int ret;
734 
735         if (attr) {
736                 ret = mq_attr_ok(ipc_ns, attr);
737                 if (ret)
738                         return ERR_PTR(ret);
739                 /* store for use during create */
740                 path->dentry->d_fsdata = attr;
741         } else {
742                 struct mq_attr def_attr;
743 
744                 def_attr.mq_maxmsg = min(ipc_ns->mq_msg_max,
745                                          ipc_ns->mq_msg_default);
746                 def_attr.mq_msgsize = min(ipc_ns->mq_msgsize_max,
747                                           ipc_ns->mq_msgsize_default);
748                 ret = mq_attr_ok(ipc_ns, &def_attr);
749                 if (ret)
750                         return ERR_PTR(ret);
751         }
752 
753         mode &= ~current_umask();
754         ret = vfs_create(dir, path->dentry, mode, true);
755         path->dentry->d_fsdata = NULL;
756         if (ret)
757                 return ERR_PTR(ret);
758         return dentry_open(path, oflag, cred);
759 }
760 
761 /* Opens existing queue */
762 static struct file *do_open(struct path *path, int oflag)
763 {
764         static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
765                                                   MAY_READ | MAY_WRITE };
766         int acc;
767         if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY))
768                 return ERR_PTR(-EINVAL);
769         acc = oflag2acc[oflag & O_ACCMODE];
770         if (inode_permission(path->dentry->d_inode, acc))
771                 return ERR_PTR(-EACCES);
772         return dentry_open(path, oflag, current_cred());
773 }
774 
775 SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode,
776                 struct mq_attr __user *, u_attr)
777 {
778         struct path path;
779         struct file *filp;
780         struct filename *name;
781         struct mq_attr attr;
782         int fd, error;
783         struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
784         struct vfsmount *mnt = ipc_ns->mq_mnt;
785         struct dentry *root = mnt->mnt_root;
786         int ro;
787 
788         if (u_attr && copy_from_user(&attr, u_attr, sizeof(struct mq_attr)))
789                 return -EFAULT;
790 
791         audit_mq_open(oflag, mode, u_attr ? &attr : NULL);
792 
793         if (IS_ERR(name = getname(u_name)))
794                 return PTR_ERR(name);
795 
796         fd = get_unused_fd_flags(O_CLOEXEC);
797         if (fd < 0)
798                 goto out_putname;
799 
800         ro = mnt_want_write(mnt);       /* we'll drop it in any case */
801         error = 0;
802         mutex_lock(&root->d_inode->i_mutex);
803         path.dentry = lookup_one_len(name->name, root, strlen(name->name));
804         if (IS_ERR(path.dentry)) {
805                 error = PTR_ERR(path.dentry);
806                 goto out_putfd;
807         }
808         path.mnt = mntget(mnt);
809 
810         if (oflag & O_CREAT) {
811                 if (path.dentry->d_inode) {     /* entry already exists */
812                         audit_inode(name, path.dentry, 0);
813                         if (oflag & O_EXCL) {
814                                 error = -EEXIST;
815                                 goto out;
816                         }
817                         filp = do_open(&path, oflag);
818                 } else {
819                         if (ro) {
820                                 error = ro;
821                                 goto out;
822                         }
823                         audit_inode_parent_hidden(name, root);
824                         filp = do_create(ipc_ns, root->d_inode,
825                                                 &path, oflag, mode,
826                                                 u_attr ? &attr : NULL);
827                 }
828         } else {
829                 if (!path.dentry->d_inode) {
830                         error = -ENOENT;
831                         goto out;
832                 }
833                 audit_inode(name, path.dentry, 0);
834                 filp = do_open(&path, oflag);
835         }
836 
837         if (!IS_ERR(filp))
838                 fd_install(fd, filp);
839         else
840                 error = PTR_ERR(filp);
841 out:
842         path_put(&path);
843 out_putfd:
844         if (error) {
845                 put_unused_fd(fd);
846                 fd = error;
847         }
848         mutex_unlock(&root->d_inode->i_mutex);
849         if (!ro)
850                 mnt_drop_write(mnt);
851 out_putname:
852         putname(name);
853         return fd;
854 }
855 
856 SYSCALL_DEFINE1(mq_unlink, const char __user *, u_name)
857 {
858         int err;
859         struct filename *name;
860         struct dentry *dentry;
861         struct inode *inode = NULL;
862         struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
863         struct vfsmount *mnt = ipc_ns->mq_mnt;
864 
865         name = getname(u_name);
866         if (IS_ERR(name))
867                 return PTR_ERR(name);
868 
869         audit_inode_parent_hidden(name, mnt->mnt_root);
870         err = mnt_want_write(mnt);
871         if (err)
872                 goto out_name;
873         mutex_lock_nested(&mnt->mnt_root->d_inode->i_mutex, I_MUTEX_PARENT);
874         dentry = lookup_one_len(name->name, mnt->mnt_root,
875                                 strlen(name->name));
876         if (IS_ERR(dentry)) {
877                 err = PTR_ERR(dentry);
878                 goto out_unlock;
879         }
880 
881         inode = dentry->d_inode;
882         if (!inode) {
883                 err = -ENOENT;
884         } else {
885                 ihold(inode);
886                 err = vfs_unlink(dentry->d_parent->d_inode, dentry, NULL);
887         }
888         dput(dentry);
889 
890 out_unlock:
891         mutex_unlock(&mnt->mnt_root->d_inode->i_mutex);
892         if (inode)
893                 iput(inode);
894         mnt_drop_write(mnt);
895 out_name:
896         putname(name);
897 
898         return err;
899 }
900 
901 /* Pipelined send and receive functions.
902  *
903  * If a receiver finds no waiting message, then it registers itself in the
904  * list of waiting receivers. A sender checks that list before adding the new
905  * message into the message array. If there is a waiting receiver, then it
906  * bypasses the message array and directly hands the message over to the
907  * receiver.
908  * The receiver accepts the message and returns without grabbing the queue
909  * spinlock. Therefore an intermediate STATE_PENDING state and memory barriers
910  * are necessary. The same algorithm is used for sysv semaphores, see
911  * ipc/sem.c for more details.
912  *
913  * The same algorithm is used for senders.
914  */
915 
916 /* pipelined_send() - send a message directly to the task waiting in
917  * sys_mq_timedreceive() (without inserting message into a queue).
918  */
919 static inline void pipelined_send(struct mqueue_inode_info *info,
920                                   struct msg_msg *message,
921                                   struct ext_wait_queue *receiver)
922 {
923         receiver->msg = message;
924         list_del(&receiver->list);
925         receiver->state = STATE_PENDING;
926         wake_up_process(receiver->task);
927         smp_wmb();
928         receiver->state = STATE_READY;
929 }
930 
931 /* pipelined_receive() - if there is task waiting in sys_mq_timedsend()
932  * gets its message and put to the queue (we have one free place for sure). */
933 static inline void pipelined_receive(struct mqueue_inode_info *info)
934 {
935         struct ext_wait_queue *sender = wq_get_first_waiter(info, SEND);
936 
937         if (!sender) {
938                 /* for poll */
939                 wake_up_interruptible(&info->wait_q);
940                 return;
941         }
942         if (msg_insert(sender->msg, info))
943                 return;
944         list_del(&sender->list);
945         sender->state = STATE_PENDING;
946         wake_up_process(sender->task);
947         smp_wmb();
948         sender->state = STATE_READY;
949 }
950 
951 SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
952                 size_t, msg_len, unsigned int, msg_prio,
953                 const struct timespec __user *, u_abs_timeout)
954 {
955         struct fd f;
956         struct inode *inode;
957         struct ext_wait_queue wait;
958         struct ext_wait_queue *receiver;
959         struct msg_msg *msg_ptr;
960         struct mqueue_inode_info *info;
961         ktime_t expires, *timeout = NULL;
962         struct timespec ts;
963         struct posix_msg_tree_node *new_leaf = NULL;
964         int ret = 0;
965 
966         if (u_abs_timeout) {
967                 int res = prepare_timeout(u_abs_timeout, &expires, &ts);
968                 if (res)
969                         return res;
970                 timeout = &expires;
971         }
972 
973         if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX))
974                 return -EINVAL;
975 
976         audit_mq_sendrecv(mqdes, msg_len, msg_prio, timeout ? &ts : NULL);
977 
978         f = fdget(mqdes);
979         if (unlikely(!f.file)) {
980                 ret = -EBADF;
981                 goto out;
982         }
983 
984         inode = file_inode(f.file);
985         if (unlikely(f.file->f_op != &mqueue_file_operations)) {
986                 ret = -EBADF;
987                 goto out_fput;
988         }
989         info = MQUEUE_I(inode);
990         audit_inode(NULL, f.file->f_path.dentry, 0);
991 
992         if (unlikely(!(f.file->f_mode & FMODE_WRITE))) {
993                 ret = -EBADF;
994                 goto out_fput;
995         }
996 
997         if (unlikely(msg_len > info->attr.mq_msgsize)) {
998                 ret = -EMSGSIZE;
999                 goto out_fput;
1000         }
1001 
1002         /* First try to allocate memory, before doing anything with
1003          * existing queues. */
1004         msg_ptr = load_msg(u_msg_ptr, msg_len);
1005         if (IS_ERR(msg_ptr)) {
1006                 ret = PTR_ERR(msg_ptr);
1007                 goto out_fput;
1008         }
1009         msg_ptr->m_ts = msg_len;
1010         msg_ptr->m_type = msg_prio;
1011 
1012         /*
1013          * msg_insert really wants us to have a valid, spare node struct so
1014          * it doesn't have to kmalloc a GFP_ATOMIC allocation, but it will
1015          * fall back to that if necessary.
1016          */
1017         if (!info->node_cache)
1018                 new_leaf = kmalloc(sizeof(*new_leaf), GFP_KERNEL);
1019 
1020         spin_lock(&info->lock);
1021 
1022         if (!info->node_cache && new_leaf) {
1023                 /* Save our speculative allocation into the cache */
1024                 INIT_LIST_HEAD(&new_leaf->msg_list);
1025                 info->node_cache = new_leaf;
1026                 new_leaf = NULL;
1027         } else {
1028                 kfree(new_leaf);
1029         }
1030 
1031         if (info->attr.mq_curmsgs == info->attr.mq_maxmsg) {
1032                 if (f.file->f_flags & O_NONBLOCK) {
1033                         ret = -EAGAIN;
1034                 } else {
1035                         wait.task = current;
1036                         wait.msg = (void *) msg_ptr;
1037                         wait.state = STATE_NONE;
1038                         ret = wq_sleep(info, SEND, timeout, &wait);
1039                         /*
1040                          * wq_sleep must be called with info->lock held, and
1041                          * returns with the lock released
1042                          */
1043                         goto out_free;
1044                 }
1045         } else {
1046                 receiver = wq_get_first_waiter(info, RECV);
1047                 if (receiver) {
1048                         pipelined_send(info, msg_ptr, receiver);
1049                 } else {
1050                         /* adds message to the queue */
1051                         ret = msg_insert(msg_ptr, info);
1052                         if (ret)
1053                                 goto out_unlock;
1054                         __do_notify(info);
1055                 }
1056                 inode->i_atime = inode->i_mtime = inode->i_ctime =
1057                                 CURRENT_TIME;
1058         }
1059 out_unlock:
1060         spin_unlock(&info->lock);
1061 out_free:
1062         if (ret)
1063                 free_msg(msg_ptr);
1064 out_fput:
1065         fdput(f);
1066 out:
1067         return ret;
1068 }
1069 
1070 SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
1071                 size_t, msg_len, unsigned int __user *, u_msg_prio,
1072                 const struct timespec __user *, u_abs_timeout)
1073 {
1074         ssize_t ret;
1075         struct msg_msg *msg_ptr;
1076         struct fd f;
1077         struct inode *inode;
1078         struct mqueue_inode_info *info;
1079         struct ext_wait_queue wait;
1080         ktime_t expires, *timeout = NULL;
1081         struct timespec ts;
1082         struct posix_msg_tree_node *new_leaf = NULL;
1083 
1084         if (u_abs_timeout) {
1085                 int res = prepare_timeout(u_abs_timeout, &expires, &ts);
1086                 if (res)
1087                         return res;
1088                 timeout = &expires;
1089         }
1090 
1091         audit_mq_sendrecv(mqdes, msg_len, 0, timeout ? &ts : NULL);
1092 
1093         f = fdget(mqdes);
1094         if (unlikely(!f.file)) {
1095                 ret = -EBADF;
1096                 goto out;
1097         }
1098 
1099         inode = file_inode(f.file);
1100         if (unlikely(f.file->f_op != &mqueue_file_operations)) {
1101                 ret = -EBADF;
1102                 goto out_fput;
1103         }
1104         info = MQUEUE_I(inode);
1105         audit_inode(NULL, f.file->f_path.dentry, 0);
1106 
1107         if (unlikely(!(f.file->f_mode & FMODE_READ))) {
1108                 ret = -EBADF;
1109                 goto out_fput;
1110         }
1111 
1112         /* checks if buffer is big enough */
1113         if (unlikely(msg_len < info->attr.mq_msgsize)) {
1114                 ret = -EMSGSIZE;
1115                 goto out_fput;
1116         }
1117 
1118         /*
1119          * msg_insert really wants us to have a valid, spare node struct so
1120          * it doesn't have to kmalloc a GFP_ATOMIC allocation, but it will
1121          * fall back to that if necessary.
1122          */
1123         if (!info->node_cache)
1124                 new_leaf = kmalloc(sizeof(*new_leaf), GFP_KERNEL);
1125 
1126         spin_lock(&info->lock);
1127 
1128         if (!info->node_cache && new_leaf) {
1129                 /* Save our speculative allocation into the cache */
1130                 INIT_LIST_HEAD(&new_leaf->msg_list);
1131                 info->node_cache = new_leaf;
1132         } else {
1133                 kfree(new_leaf);
1134         }
1135 
1136         if (info->attr.mq_curmsgs == 0) {
1137                 if (f.file->f_flags & O_NONBLOCK) {
1138                         spin_unlock(&info->lock);
1139                         ret = -EAGAIN;
1140                 } else {
1141                         wait.task = current;
1142                         wait.state = STATE_NONE;
1143                         ret = wq_sleep(info, RECV, timeout, &wait);
1144                         msg_ptr = wait.msg;
1145                 }
1146         } else {
1147                 msg_ptr = msg_get(info);
1148 
1149                 inode->i_atime = inode->i_mtime = inode->i_ctime =
1150                                 CURRENT_TIME;
1151 
1152                 /* There is now free space in queue. */
1153                 pipelined_receive(info);
1154                 spin_unlock(&info->lock);
1155                 ret = 0;
1156         }
1157         if (ret == 0) {
1158                 ret = msg_ptr->m_ts;
1159 
1160                 if ((u_msg_prio && put_user(msg_ptr->m_type, u_msg_prio)) ||
1161                         store_msg(u_msg_ptr, msg_ptr, msg_ptr->m_ts)) {
1162                         ret = -EFAULT;
1163                 }
1164                 free_msg(msg_ptr);
1165         }
1166 out_fput:
1167         fdput(f);
1168 out:
1169         return ret;
1170 }
1171 
1172 /*
1173  * Notes: the case when user wants us to deregister (with NULL as pointer)
1174  * and he isn't currently owner of notification, will be silently discarded.
1175  * It isn't explicitly defined in the POSIX.
1176  */
1177 SYSCALL_DEFINE2(mq_notify, mqd_t, mqdes,
1178                 const struct sigevent __user *, u_notification)
1179 {
1180         int ret;
1181         struct fd f;
1182         struct sock *sock;
1183         struct inode *inode;
1184         struct sigevent notification;
1185         struct mqueue_inode_info *info;
1186         struct sk_buff *nc;
1187 
1188         if (u_notification) {
1189                 if (copy_from_user(&notification, u_notification,
1190                                         sizeof(struct sigevent)))
1191                         return -EFAULT;
1192         }
1193 
1194         audit_mq_notify(mqdes, u_notification ? &notification : NULL);
1195 
1196         nc = NULL;
1197         sock = NULL;
1198         if (u_notification != NULL) {
1199                 if (unlikely(notification.sigev_notify != SIGEV_NONE &&
1200                              notification.sigev_notify != SIGEV_SIGNAL &&
1201                              notification.sigev_notify != SIGEV_THREAD))
1202                         return -EINVAL;
1203                 if (notification.sigev_notify == SIGEV_SIGNAL &&
1204                         !valid_signal(notification.sigev_signo)) {
1205                         return -EINVAL;
1206                 }
1207                 if (notification.sigev_notify == SIGEV_THREAD) {
1208                         long timeo;
1209 
1210                         /* create the notify skb */
1211                         nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
1212                         if (!nc) {
1213                                 ret = -ENOMEM;
1214                                 goto out;
1215                         }
1216                         if (copy_from_user(nc->data,
1217                                         notification.sigev_value.sival_ptr,
1218                                         NOTIFY_COOKIE_LEN)) {
1219                                 ret = -EFAULT;
1220                                 goto out;
1221                         }
1222 
1223                         /* TODO: add a header? */
1224                         skb_put(nc, NOTIFY_COOKIE_LEN);
1225                         /* and attach it to the socket */
1226 retry:
1227                         f = fdget(notification.sigev_signo);
1228                         if (!f.file) {
1229                                 ret = -EBADF;
1230                                 goto out;
1231                         }
1232                         sock = netlink_getsockbyfilp(f.file);
1233                         fdput(f);
1234                         if (IS_ERR(sock)) {
1235                                 ret = PTR_ERR(sock);
1236                                 sock = NULL;
1237                                 goto out;
1238                         }
1239 
1240                         timeo = MAX_SCHEDULE_TIMEOUT;
1241                         ret = netlink_attachskb(sock, nc, &timeo, NULL);
1242                         if (ret == 1)
1243                                 goto retry;
1244                         if (ret) {
1245                                 sock = NULL;
1246                                 nc = NULL;
1247                                 goto out;
1248                         }
1249                 }
1250         }
1251 
1252         f = fdget(mqdes);
1253         if (!f.file) {
1254                 ret = -EBADF;
1255                 goto out;
1256         }
1257 
1258         inode = file_inode(f.file);
1259         if (unlikely(f.file->f_op != &mqueue_file_operations)) {
1260                 ret = -EBADF;
1261                 goto out_fput;
1262         }
1263         info = MQUEUE_I(inode);
1264 
1265         ret = 0;
1266         spin_lock(&info->lock);
1267         if (u_notification == NULL) {
1268                 if (info->notify_owner == task_tgid(current)) {
1269                         remove_notification(info);
1270                         inode->i_atime = inode->i_ctime = CURRENT_TIME;
1271                 }
1272         } else if (info->notify_owner != NULL) {
1273                 ret = -EBUSY;
1274         } else {
1275                 switch (notification.sigev_notify) {
1276                 case SIGEV_NONE:
1277                         info->notify.sigev_notify = SIGEV_NONE;
1278                         break;
1279                 case SIGEV_THREAD:
1280                         info->notify_sock = sock;
1281                         info->notify_cookie = nc;
1282                         sock = NULL;
1283                         nc = NULL;
1284                         info->notify.sigev_notify = SIGEV_THREAD;
1285                         break;
1286                 case SIGEV_SIGNAL:
1287                         info->notify.sigev_signo = notification.sigev_signo;
1288                         info->notify.sigev_value = notification.sigev_value;
1289                         info->notify.sigev_notify = SIGEV_SIGNAL;
1290                         break;
1291                 }
1292 
1293                 info->notify_owner = get_pid(task_tgid(current));
1294                 info->notify_user_ns = get_user_ns(current_user_ns());
1295                 inode->i_atime = inode->i_ctime = CURRENT_TIME;
1296         }
1297         spin_unlock(&info->lock);
1298 out_fput:
1299         fdput(f);
1300 out:
1301         if (sock)
1302                 netlink_detachskb(sock, nc);
1303         else if (nc)
1304                 dev_kfree_skb(nc);
1305 
1306         return ret;
1307 }
1308 
1309 SYSCALL_DEFINE3(mq_getsetattr, mqd_t, mqdes,
1310                 const struct mq_attr __user *, u_mqstat,
1311                 struct mq_attr __user *, u_omqstat)
1312 {
1313         int ret;
1314         struct mq_attr mqstat, omqstat;
1315         struct fd f;
1316         struct inode *inode;
1317         struct mqueue_inode_info *info;
1318 
1319         if (u_mqstat != NULL) {
1320                 if (copy_from_user(&mqstat, u_mqstat, sizeof(struct mq_attr)))
1321                         return -EFAULT;
1322                 if (mqstat.mq_flags & (~O_NONBLOCK))
1323                         return -EINVAL;
1324         }
1325 
1326         f = fdget(mqdes);
1327         if (!f.file) {
1328                 ret = -EBADF;
1329                 goto out;
1330         }
1331 
1332         inode = file_inode(f.file);
1333         if (unlikely(f.file->f_op != &mqueue_file_operations)) {
1334                 ret = -EBADF;
1335                 goto out_fput;
1336         }
1337         info = MQUEUE_I(inode);
1338 
1339         spin_lock(&info->lock);
1340 
1341         omqstat = info->attr;
1342         omqstat.mq_flags = f.file->f_flags & O_NONBLOCK;
1343         if (u_mqstat) {
1344                 audit_mq_getsetattr(mqdes, &mqstat);
1345                 spin_lock(&f.file->f_lock);
1346                 if (mqstat.mq_flags & O_NONBLOCK)
1347                         f.file->f_flags |= O_NONBLOCK;
1348                 else
1349                         f.file->f_flags &= ~O_NONBLOCK;
1350                 spin_unlock(&f.file->f_lock);
1351 
1352                 inode->i_atime = inode->i_ctime = CURRENT_TIME;
1353         }
1354 
1355         spin_unlock(&info->lock);
1356 
1357         ret = 0;
1358         if (u_omqstat != NULL && copy_to_user(u_omqstat, &omqstat,
1359                                                 sizeof(struct mq_attr)))
1360                 ret = -EFAULT;
1361 
1362 out_fput:
1363         fdput(f);
1364 out:
1365         return ret;
1366 }
1367 
1368 static const struct inode_operations mqueue_dir_inode_operations = {
1369         .lookup = simple_lookup,
1370         .create = mqueue_create,
1371         .unlink = mqueue_unlink,
1372 };
1373 
1374 static const struct file_operations mqueue_file_operations = {
1375         .flush = mqueue_flush_file,
1376         .poll = mqueue_poll_file,
1377         .read = mqueue_read_file,
1378         .llseek = default_llseek,
1379 };
1380 
1381 static const struct super_operations mqueue_super_ops = {
1382         .alloc_inode = mqueue_alloc_inode,
1383         .destroy_inode = mqueue_destroy_inode,
1384         .evict_inode = mqueue_evict_inode,
1385         .statfs = simple_statfs,
1386 };
1387 
1388 static struct file_system_type mqueue_fs_type = {
1389         .name = "mqueue",
1390         .mount = mqueue_mount,
1391         .kill_sb = kill_litter_super,
1392         .fs_flags = FS_USERNS_MOUNT,
1393 };
1394 
1395 int mq_init_ns(struct ipc_namespace *ns)
1396 {
1397         ns->mq_queues_count  = 0;
1398         ns->mq_queues_max    = DFLT_QUEUESMAX;
1399         ns->mq_msg_max       = DFLT_MSGMAX;
1400         ns->mq_msgsize_max   = DFLT_MSGSIZEMAX;
1401         ns->mq_msg_default   = DFLT_MSG;
1402         ns->mq_msgsize_default  = DFLT_MSGSIZE;
1403 
1404         ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns);
1405         if (IS_ERR(ns->mq_mnt)) {
1406                 int err = PTR_ERR(ns->mq_mnt);
1407                 ns->mq_mnt = NULL;
1408                 return err;
1409         }
1410         return 0;
1411 }
1412 
1413 void mq_clear_sbinfo(struct ipc_namespace *ns)
1414 {
1415         ns->mq_mnt->mnt_sb->s_fs_info = NULL;
1416 }
1417 
1418 void mq_put_mnt(struct ipc_namespace *ns)
1419 {
1420         kern_unmount(ns->mq_mnt);
1421 }
1422 
1423 static int __init init_mqueue_fs(void)
1424 {
1425         int error;
1426 
1427         mqueue_inode_cachep = kmem_cache_create("mqueue_inode_cache",
1428                                 sizeof(struct mqueue_inode_info), 0,
1429                                 SLAB_HWCACHE_ALIGN, init_once);
1430         if (mqueue_inode_cachep == NULL)
1431                 return -ENOMEM;
1432 
1433         /* ignore failures - they are not fatal */
1434         mq_sysctl_table = mq_register_sysctl_table();
1435 
1436         error = register_filesystem(&mqueue_fs_type);
1437         if (error)
1438                 goto out_sysctl;
1439 
1440         spin_lock_init(&mq_lock);
1441 
1442         error = mq_init_ns(&init_ipc_ns);
1443         if (error)
1444                 goto out_filesystem;
1445 
1446         return 0;
1447 
1448 out_filesystem:
1449         unregister_filesystem(&mqueue_fs_type);
1450 out_sysctl:
1451         if (mq_sysctl_table)
1452                 unregister_sysctl_table(mq_sysctl_table);
1453         kmem_cache_destroy(mqueue_inode_cachep);
1454         return error;
1455 }
1456 
1457 __initcall(init_mqueue_fs);
1458 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp