diff options
author | Stephen Rothwell <sfr@canb.auug.org.au> | 2010-03-29 14:12:12 +1100 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2010-03-29 14:12:12 +1100 |
commit | afb28a9cc1f270c04567a7dc7afb95d2ac0f4284 (patch) | |
tree | dc9a72f189de1fa1d9759e3c85cb27d46088cc90 /kernel | |
parent | 1a7c6f0bf921426e3011e89240aad88f6bcba15c (diff) | |
parent | 57158a0fd4c9e29b403d422ac820cf238066cedf (diff) |
Merge remote branch 'limits/writable_limits'
Conflicts:
arch/x86/ia32/ia32entry.S
arch/x86/include/asm/unistd_32.h
arch/x86/include/asm/unistd_64.h
arch/x86/kernel/syscall_table_32.S
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/compat.c | 98 | ||||
-rw-r--r-- | kernel/posix-cpu-timers.c | 10 | ||||
-rw-r--r-- | kernel/sys.c | 151 |
3 files changed, 203 insertions, 56 deletions
diff --git a/kernel/compat.c b/kernel/compat.c index f6c204f07ea6..c820552d0dc4 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -274,29 +274,50 @@ asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, return ret; } +static int get_compat_rlimit(struct rlimit *dst, + const struct compat_rlimit __user *src) +{ + if (!access_ok(VERIFY_READ, src, sizeof(*src)) || + __get_user(dst->rlim_cur, &src->rlim_cur) || + __get_user(dst->rlim_max, &src->rlim_max)) + return -EFAULT; + + if (dst->rlim_cur == COMPAT_RLIM_INFINITY) + dst->rlim_cur = RLIM_INFINITY; + if (dst->rlim_max == COMPAT_RLIM_INFINITY) + dst->rlim_max = RLIM_INFINITY; + return 0; +} + +static int put_compat_rlimit(const struct rlimit *src, + struct compat_rlimit __user *dst) +{ + struct rlimit r = *src; + + if (r.rlim_cur > COMPAT_RLIM_INFINITY) + r.rlim_cur = COMPAT_RLIM_INFINITY; + if (r.rlim_max > COMPAT_RLIM_INFINITY) + r.rlim_max = COMPAT_RLIM_INFINITY; + + if (!access_ok(VERIFY_WRITE, dst, sizeof(*dst)) || + __put_user(r.rlim_cur, &dst->rlim_cur) || + __put_user(r.rlim_max, &dst->rlim_max)) + return -EFAULT; + + return 0; +} + asmlinkage long compat_sys_setrlimit(unsigned int resource, struct compat_rlimit __user *rlim) { struct rlimit r; int ret; - mm_segment_t old_fs = get_fs (); - if (resource >= RLIM_NLIMITS) - return -EINVAL; - - if (!access_ok(VERIFY_READ, rlim, sizeof(*rlim)) || - __get_user(r.rlim_cur, &rlim->rlim_cur) || - __get_user(r.rlim_max, &rlim->rlim_max)) - return -EFAULT; + ret = get_compat_rlimit(&r, rlim); + if (ret) + return ret; - if (r.rlim_cur == COMPAT_RLIM_INFINITY) - r.rlim_cur = RLIM_INFINITY; - if (r.rlim_max == COMPAT_RLIM_INFINITY) - r.rlim_max = RLIM_INFINITY; - set_fs(KERNEL_DS); - ret = sys_setrlimit(resource, (struct rlimit __user *) &r); - set_fs(old_fs); - return ret; + return do_setrlimit(current, resource, &r); } #ifdef COMPAT_RLIM_OLD_INFINITY @@ -336,19 +357,42 @@ asmlinkage long compat_sys_getrlimit (unsigned int resource, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); - ret = sys_getrlimit(resource, (struct rlimit __user *) &r); + ret = sys_getrlimit(resource, (struct rlimit __force __user *)&r); set_fs(old_fs); - if (!ret) { - if (r.rlim_cur > COMPAT_RLIM_INFINITY) - r.rlim_cur = COMPAT_RLIM_INFINITY; - if (r.rlim_max > COMPAT_RLIM_INFINITY) - r.rlim_max = COMPAT_RLIM_INFINITY; + if (!ret) + ret = put_compat_rlimit(&r, rlim); + return ret; +} - if (!access_ok(VERIFY_WRITE, rlim, sizeof(*rlim)) || - __put_user(r.rlim_cur, &rlim->rlim_cur) || - __put_user(r.rlim_max, &rlim->rlim_max)) - return -EFAULT; - } +asmlinkage long compat_sys_setprlimit(pid_t pid, unsigned int resource, + struct compat_rlimit __user *rlim) +{ + mm_segment_t old_fs = get_fs(); + struct rlimit r; + int ret; + + ret = get_compat_rlimit(&r, rlim); + if (ret) + return ret; + + set_fs(KERNEL_DS); + ret = sys_setprlimit(pid, resource, (struct rlimit __force __user *)&r); + set_fs(old_fs); + return ret; +} + +asmlinkage long compat_sys_getprlimit(pid_t pid, unsigned int resource, + struct compat_rlimit __user *rlim) +{ + mm_segment_t old_fs = get_fs(); + struct rlimit r; + int ret; + + set_fs(KERNEL_DS); + ret = sys_getprlimit(pid, resource, (struct rlimit __force __user *)&r); + set_fs(old_fs); + if (!ret) + ret = put_compat_rlimit(&r, rlim); return ret; } diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index bc7704b3a443..2807ef88acbe 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -13,16 +13,16 @@ /* * Called after updating RLIMIT_CPU to set timer expiration if necessary. */ -void update_rlimit_cpu(unsigned long rlim_new) +void update_rlimit_cpu(struct task_struct *task, unsigned long rlim_new) { cputime_t cputime = secs_to_cputime(rlim_new); - struct signal_struct *const sig = current->signal; + struct signal_struct *const sig = task->signal; if (cputime_eq(sig->it[CPUCLOCK_PROF].expires, cputime_zero) || cputime_gt(sig->it[CPUCLOCK_PROF].expires, cputime)) { - spin_lock_irq(¤t->sighand->siglock); - set_process_cpu_timer(current, CPUCLOCK_PROF, &cputime, NULL); - spin_unlock_irq(¤t->sighand->siglock); + spin_lock_irq(&task->sighand->siglock); + set_process_cpu_timer(task, CPUCLOCK_PROF, &cputime, NULL); + spin_unlock_irq(&task->sighand->siglock); } } diff --git a/kernel/sys.c b/kernel/sys.c index 8298878f4f71..ee25411ff04a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1277,6 +1277,61 @@ SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim) } } +static int check_prlimit_permission(struct task_struct *task) +{ + const struct cred *cred = current_cred(), *tcred; + int ret = 0; + + rcu_read_lock(); + tcred = __task_cred(task); + if ((cred->uid != tcred->euid || + cred->uid != tcred->suid || + cred->uid != tcred->uid || + cred->gid != tcred->egid || + cred->gid != tcred->sgid || + cred->gid != tcred->gid) && + !capable(CAP_SYS_RESOURCE)) { + ret = -EPERM; + } + rcu_read_unlock(); + return ret; +} + +SYSCALL_DEFINE3(getprlimit, pid_t, pid, unsigned int, resource, + struct rlimit __user *, rlim) +{ + struct rlimit val; + struct task_struct *tsk; + int ret; + + if (resource >= RLIM_NLIMITS) + return -EINVAL; + + read_lock(&tasklist_lock); + + tsk = find_task_by_vpid(pid); + if (!tsk || !tsk->sighand) { + ret = -ESRCH; + goto err_unlock; + } + + ret = check_prlimit_permission(tsk); + if (ret) + goto err_unlock; + + task_lock(tsk->group_leader); + val = tsk->signal->rlim[resource]; + task_unlock(tsk->group_leader); + + read_unlock(&tasklist_lock); + + return copy_to_user(rlim, &val, sizeof(*rlim)) ? -EFAULT : 0; +err_unlock: + read_unlock(&tasklist_lock); + return ret; +} + + #ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT /* @@ -1302,43 +1357,52 @@ SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, #endif -SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) +/* make sure you are allowed to change @tsk limits before calling this */ +int do_setrlimit(struct task_struct *tsk, unsigned int resource, + struct rlimit *new_rlim) { - struct rlimit new_rlim, *old_rlim; - int retval; + struct rlimit *old_rlim; + int retval = 0; if (resource >= RLIM_NLIMITS) return -EINVAL; - if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) - return -EFAULT; - if (new_rlim.rlim_cur > new_rlim.rlim_max) + if (new_rlim->rlim_cur > new_rlim->rlim_max) return -EINVAL; - old_rlim = current->signal->rlim + resource; - if ((new_rlim.rlim_max > old_rlim->rlim_max) && - !capable(CAP_SYS_RESOURCE)) - return -EPERM; - if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open) + if (resource == RLIMIT_NOFILE && new_rlim->rlim_max > sysctl_nr_open) return -EPERM; - retval = security_task_setrlimit(resource, &new_rlim); - if (retval) - return retval; + /* optimization: 'current' doesn't need locking, e.g. setrlimit */ + if (tsk != current) { + /* protect tsk->signal and tsk->sighand from disappearing */ + read_lock(&tasklist_lock); + if (!tsk->sighand) { + retval = -ESRCH; + goto out; + } + } - if (resource == RLIMIT_CPU && new_rlim.rlim_cur == 0) { + if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) { /* * The caller is asking for an immediate RLIMIT_CPU * expiry. But we use the zero value to mean "it was * never set". So let's cheat and make it one second * instead */ - new_rlim.rlim_cur = 1; + new_rlim->rlim_cur = 1; } - task_lock(current->group_leader); - *old_rlim = new_rlim; - task_unlock(current->group_leader); - - if (resource != RLIMIT_CPU) + old_rlim = tsk->signal->rlim + resource; + task_lock(tsk->group_leader); + if ((new_rlim->rlim_max > old_rlim->rlim_max) && + !capable(CAP_SYS_RESOURCE)) + retval = -EPERM; + if (!retval) + retval = security_task_setrlimit(tsk, resource, new_rlim); + if (!retval) + *old_rlim = *new_rlim; + task_unlock(tsk->group_leader); + + if (retval || resource != RLIMIT_CPU) goto out; /* @@ -1347,12 +1411,51 @@ SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) * very long-standing error, and fixing it now risks breakage of * applications, so we live with it */ - if (new_rlim.rlim_cur == RLIM_INFINITY) + if (new_rlim->rlim_cur == RLIM_INFINITY) goto out; - update_rlimit_cpu(new_rlim.rlim_cur); + update_rlimit_cpu(tsk, new_rlim->rlim_cur); out: - return 0; + if (tsk != current) + read_unlock(&tasklist_lock); + return retval; +} + +SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim) +{ + struct rlimit new_rlim; + + if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) + return -EFAULT; + return do_setrlimit(current, resource, &new_rlim); +} + +SYSCALL_DEFINE3(setprlimit, pid_t, pid, unsigned int, resource, + struct rlimit __user *, rlim) +{ + struct task_struct *tsk; + struct rlimit new_rlim; + int ret; + + if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) + return -EFAULT; + + rcu_read_lock(); + tsk = find_task_by_vpid(pid); + if (!tsk) { + rcu_read_unlock(); + return -ESRCH; + } + get_task_struct(tsk); + rcu_read_unlock(); + + ret = check_prlimit_permission(tsk); + if (!ret) + ret = do_setrlimit(tsk, resource, &new_rlim); + + put_task_struct(tsk); + + return ret; } /* |