18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * linux/ipc/msgutil.c 48c2ecf20Sopenharmony_ci * Copyright (C) 1999, 2004 Manfred Spraul 58c2ecf20Sopenharmony_ci */ 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_ci#include <linux/spinlock.h> 88c2ecf20Sopenharmony_ci#include <linux/init.h> 98c2ecf20Sopenharmony_ci#include <linux/security.h> 108c2ecf20Sopenharmony_ci#include <linux/slab.h> 118c2ecf20Sopenharmony_ci#include <linux/ipc.h> 128c2ecf20Sopenharmony_ci#include <linux/msg.h> 138c2ecf20Sopenharmony_ci#include <linux/ipc_namespace.h> 148c2ecf20Sopenharmony_ci#include <linux/utsname.h> 158c2ecf20Sopenharmony_ci#include <linux/proc_ns.h> 168c2ecf20Sopenharmony_ci#include <linux/uaccess.h> 178c2ecf20Sopenharmony_ci#include <linux/sched.h> 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_ci#include "util.h" 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ciDEFINE_SPINLOCK(mq_lock); 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_ci/* 248c2ecf20Sopenharmony_ci * The next 2 defines are here bc this is the only file 258c2ecf20Sopenharmony_ci * compiled when either CONFIG_SYSVIPC and CONFIG_POSIX_MQUEUE 268c2ecf20Sopenharmony_ci * and not CONFIG_IPC_NS. 278c2ecf20Sopenharmony_ci */ 288c2ecf20Sopenharmony_cistruct ipc_namespace init_ipc_ns = { 298c2ecf20Sopenharmony_ci .count = REFCOUNT_INIT(1), 308c2ecf20Sopenharmony_ci .user_ns = &init_user_ns, 318c2ecf20Sopenharmony_ci .ns.inum = PROC_IPC_INIT_INO, 328c2ecf20Sopenharmony_ci#ifdef CONFIG_IPC_NS 338c2ecf20Sopenharmony_ci .ns.ops = &ipcns_operations, 348c2ecf20Sopenharmony_ci#endif 358c2ecf20Sopenharmony_ci}; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_cistruct msg_msgseg { 388c2ecf20Sopenharmony_ci struct msg_msgseg *next; 398c2ecf20Sopenharmony_ci /* the next part of the message follows immediately */ 408c2ecf20Sopenharmony_ci}; 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_ci#define DATALEN_MSG ((size_t)PAGE_SIZE-sizeof(struct msg_msg)) 438c2ecf20Sopenharmony_ci#define DATALEN_SEG ((size_t)PAGE_SIZE-sizeof(struct msg_msgseg)) 448c2ecf20Sopenharmony_ci 458c2ecf20Sopenharmony_ci 468c2ecf20Sopenharmony_cistatic struct msg_msg *alloc_msg(size_t len) 478c2ecf20Sopenharmony_ci{ 488c2ecf20Sopenharmony_ci struct msg_msg *msg; 498c2ecf20Sopenharmony_ci struct msg_msgseg **pseg; 508c2ecf20Sopenharmony_ci size_t alen; 518c2ecf20Sopenharmony_ci 528c2ecf20Sopenharmony_ci alen = min(len, DATALEN_MSG); 538c2ecf20Sopenharmony_ci msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL_ACCOUNT); 548c2ecf20Sopenharmony_ci if (msg == NULL) 558c2ecf20Sopenharmony_ci return NULL; 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_ci msg->next = NULL; 588c2ecf20Sopenharmony_ci msg->security = NULL; 598c2ecf20Sopenharmony_ci 608c2ecf20Sopenharmony_ci len -= alen; 618c2ecf20Sopenharmony_ci pseg = &msg->next; 628c2ecf20Sopenharmony_ci while (len > 0) { 638c2ecf20Sopenharmony_ci struct msg_msgseg *seg; 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci cond_resched(); 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ci alen = min(len, DATALEN_SEG); 688c2ecf20Sopenharmony_ci seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL_ACCOUNT); 698c2ecf20Sopenharmony_ci if (seg == NULL) 708c2ecf20Sopenharmony_ci goto out_err; 718c2ecf20Sopenharmony_ci *pseg = seg; 728c2ecf20Sopenharmony_ci seg->next = NULL; 738c2ecf20Sopenharmony_ci pseg = &seg->next; 748c2ecf20Sopenharmony_ci len -= alen; 758c2ecf20Sopenharmony_ci } 768c2ecf20Sopenharmony_ci 778c2ecf20Sopenharmony_ci return msg; 788c2ecf20Sopenharmony_ci 798c2ecf20Sopenharmony_ciout_err: 808c2ecf20Sopenharmony_ci free_msg(msg); 818c2ecf20Sopenharmony_ci return NULL; 828c2ecf20Sopenharmony_ci} 838c2ecf20Sopenharmony_ci 848c2ecf20Sopenharmony_cistruct msg_msg *load_msg(const void __user *src, size_t len) 858c2ecf20Sopenharmony_ci{ 868c2ecf20Sopenharmony_ci struct msg_msg *msg; 878c2ecf20Sopenharmony_ci struct msg_msgseg *seg; 888c2ecf20Sopenharmony_ci int err = -EFAULT; 898c2ecf20Sopenharmony_ci size_t alen; 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci msg = alloc_msg(len); 928c2ecf20Sopenharmony_ci if (msg == NULL) 938c2ecf20Sopenharmony_ci return ERR_PTR(-ENOMEM); 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci alen = min(len, DATALEN_MSG); 968c2ecf20Sopenharmony_ci if (copy_from_user(msg + 1, src, alen)) 978c2ecf20Sopenharmony_ci goto out_err; 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci for (seg = msg->next; seg != NULL; seg = seg->next) { 1008c2ecf20Sopenharmony_ci len -= alen; 1018c2ecf20Sopenharmony_ci src = (char __user *)src + alen; 1028c2ecf20Sopenharmony_ci alen = min(len, DATALEN_SEG); 1038c2ecf20Sopenharmony_ci if (copy_from_user(seg + 1, src, alen)) 1048c2ecf20Sopenharmony_ci goto out_err; 1058c2ecf20Sopenharmony_ci } 1068c2ecf20Sopenharmony_ci 1078c2ecf20Sopenharmony_ci err = security_msg_msg_alloc(msg); 1088c2ecf20Sopenharmony_ci if (err) 1098c2ecf20Sopenharmony_ci goto out_err; 1108c2ecf20Sopenharmony_ci 1118c2ecf20Sopenharmony_ci return msg; 1128c2ecf20Sopenharmony_ci 1138c2ecf20Sopenharmony_ciout_err: 1148c2ecf20Sopenharmony_ci free_msg(msg); 1158c2ecf20Sopenharmony_ci return ERR_PTR(err); 1168c2ecf20Sopenharmony_ci} 1178c2ecf20Sopenharmony_ci#ifdef CONFIG_CHECKPOINT_RESTORE 1188c2ecf20Sopenharmony_cistruct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) 1198c2ecf20Sopenharmony_ci{ 1208c2ecf20Sopenharmony_ci struct msg_msgseg *dst_pseg, *src_pseg; 1218c2ecf20Sopenharmony_ci size_t len = src->m_ts; 1228c2ecf20Sopenharmony_ci size_t alen; 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci if (src->m_ts > dst->m_ts) 1258c2ecf20Sopenharmony_ci return ERR_PTR(-EINVAL); 1268c2ecf20Sopenharmony_ci 1278c2ecf20Sopenharmony_ci alen = min(len, DATALEN_MSG); 1288c2ecf20Sopenharmony_ci memcpy(dst + 1, src + 1, alen); 1298c2ecf20Sopenharmony_ci 1308c2ecf20Sopenharmony_ci for (dst_pseg = dst->next, src_pseg = src->next; 1318c2ecf20Sopenharmony_ci src_pseg != NULL; 1328c2ecf20Sopenharmony_ci dst_pseg = dst_pseg->next, src_pseg = src_pseg->next) { 1338c2ecf20Sopenharmony_ci 1348c2ecf20Sopenharmony_ci len -= alen; 1358c2ecf20Sopenharmony_ci alen = min(len, DATALEN_SEG); 1368c2ecf20Sopenharmony_ci memcpy(dst_pseg + 1, src_pseg + 1, alen); 1378c2ecf20Sopenharmony_ci } 1388c2ecf20Sopenharmony_ci 1398c2ecf20Sopenharmony_ci dst->m_type = src->m_type; 1408c2ecf20Sopenharmony_ci dst->m_ts = src->m_ts; 1418c2ecf20Sopenharmony_ci 1428c2ecf20Sopenharmony_ci return dst; 1438c2ecf20Sopenharmony_ci} 1448c2ecf20Sopenharmony_ci#else 1458c2ecf20Sopenharmony_cistruct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) 1468c2ecf20Sopenharmony_ci{ 1478c2ecf20Sopenharmony_ci return ERR_PTR(-ENOSYS); 1488c2ecf20Sopenharmony_ci} 1498c2ecf20Sopenharmony_ci#endif 1508c2ecf20Sopenharmony_ciint store_msg(void __user *dest, struct msg_msg *msg, size_t len) 1518c2ecf20Sopenharmony_ci{ 1528c2ecf20Sopenharmony_ci size_t alen; 1538c2ecf20Sopenharmony_ci struct msg_msgseg *seg; 1548c2ecf20Sopenharmony_ci 1558c2ecf20Sopenharmony_ci alen = min(len, DATALEN_MSG); 1568c2ecf20Sopenharmony_ci if (copy_to_user(dest, msg + 1, alen)) 1578c2ecf20Sopenharmony_ci return -1; 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci for (seg = msg->next; seg != NULL; seg = seg->next) { 1608c2ecf20Sopenharmony_ci len -= alen; 1618c2ecf20Sopenharmony_ci dest = (char __user *)dest + alen; 1628c2ecf20Sopenharmony_ci alen = min(len, DATALEN_SEG); 1638c2ecf20Sopenharmony_ci if (copy_to_user(dest, seg + 1, alen)) 1648c2ecf20Sopenharmony_ci return -1; 1658c2ecf20Sopenharmony_ci } 1668c2ecf20Sopenharmony_ci return 0; 1678c2ecf20Sopenharmony_ci} 1688c2ecf20Sopenharmony_ci 1698c2ecf20Sopenharmony_civoid free_msg(struct msg_msg *msg) 1708c2ecf20Sopenharmony_ci{ 1718c2ecf20Sopenharmony_ci struct msg_msgseg *seg; 1728c2ecf20Sopenharmony_ci 1738c2ecf20Sopenharmony_ci security_msg_msg_free(msg); 1748c2ecf20Sopenharmony_ci 1758c2ecf20Sopenharmony_ci seg = msg->next; 1768c2ecf20Sopenharmony_ci kfree(msg); 1778c2ecf20Sopenharmony_ci while (seg != NULL) { 1788c2ecf20Sopenharmony_ci struct msg_msgseg *tmp = seg->next; 1798c2ecf20Sopenharmony_ci 1808c2ecf20Sopenharmony_ci cond_resched(); 1818c2ecf20Sopenharmony_ci kfree(seg); 1828c2ecf20Sopenharmony_ci seg = tmp; 1838c2ecf20Sopenharmony_ci } 1848c2ecf20Sopenharmony_ci} 185