1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * linux/ipc/msgutil.c |
4 | * Copyright (C) 1999, 2004 Manfred Spraul |
5 | */ |
6 | |
7 | #include <linux/spinlock.h> |
8 | #include <linux/init.h> |
9 | #include <linux/security.h> |
10 | #include <linux/slab.h> |
11 | #include <linux/ipc.h> |
12 | #include <linux/msg.h> |
13 | #include <linux/ipc_namespace.h> |
14 | #include <linux/utsname.h> |
15 | #include <linux/proc_ns.h> |
16 | #include <linux/uaccess.h> |
17 | #include <linux/sched.h> |
18 | |
19 | #include "util.h" |
20 | |
21 | DEFINE_SPINLOCK(mq_lock); |
22 | |
23 | /* |
24 | * The next 2 defines are here bc this is the only file |
25 | * compiled when either CONFIG_SYSVIPC and CONFIG_POSIX_MQUEUE |
26 | * and not CONFIG_IPC_NS. |
27 | */ |
28 | struct ipc_namespace init_ipc_ns = { |
29 | .ns.count = REFCOUNT_INIT(1), |
30 | .user_ns = &init_user_ns, |
31 | .ns.inum = PROC_IPC_INIT_INO, |
32 | #ifdef CONFIG_IPC_NS |
33 | .ns.ops = &ipcns_operations, |
34 | #endif |
35 | }; |
36 | |
37 | struct msg_msgseg { |
38 | struct msg_msgseg *next; |
39 | /* the next part of the message follows immediately */ |
40 | }; |
41 | |
42 | #define DATALEN_MSG ((size_t)PAGE_SIZE-sizeof(struct msg_msg)) |
43 | #define DATALEN_SEG ((size_t)PAGE_SIZE-sizeof(struct msg_msgseg)) |
44 | |
45 | |
46 | static struct msg_msg *alloc_msg(size_t len) |
47 | { |
48 | struct msg_msg *msg; |
49 | struct msg_msgseg **pseg; |
50 | size_t alen; |
51 | |
52 | alen = min(len, DATALEN_MSG); |
53 | msg = kmalloc(size: sizeof(*msg) + alen, GFP_KERNEL_ACCOUNT); |
54 | if (msg == NULL) |
55 | return NULL; |
56 | |
57 | msg->next = NULL; |
58 | msg->security = NULL; |
59 | |
60 | len -= alen; |
61 | pseg = &msg->next; |
62 | while (len > 0) { |
63 | struct msg_msgseg *seg; |
64 | |
65 | cond_resched(); |
66 | |
67 | alen = min(len, DATALEN_SEG); |
68 | seg = kmalloc(size: sizeof(*seg) + alen, GFP_KERNEL_ACCOUNT); |
69 | if (seg == NULL) |
70 | goto out_err; |
71 | *pseg = seg; |
72 | seg->next = NULL; |
73 | pseg = &seg->next; |
74 | len -= alen; |
75 | } |
76 | |
77 | return msg; |
78 | |
79 | out_err: |
80 | free_msg(msg); |
81 | return NULL; |
82 | } |
83 | |
84 | struct msg_msg *load_msg(const void __user *src, size_t len) |
85 | { |
86 | struct msg_msg *msg; |
87 | struct msg_msgseg *seg; |
88 | int err = -EFAULT; |
89 | size_t alen; |
90 | |
91 | msg = alloc_msg(len); |
92 | if (msg == NULL) |
93 | return ERR_PTR(error: -ENOMEM); |
94 | |
95 | alen = min(len, DATALEN_MSG); |
96 | if (copy_from_user(to: msg + 1, from: src, n: alen)) |
97 | goto out_err; |
98 | |
99 | for (seg = msg->next; seg != NULL; seg = seg->next) { |
100 | len -= alen; |
101 | src = (char __user *)src + alen; |
102 | alen = min(len, DATALEN_SEG); |
103 | if (copy_from_user(to: seg + 1, from: src, n: alen)) |
104 | goto out_err; |
105 | } |
106 | |
107 | err = security_msg_msg_alloc(msg); |
108 | if (err) |
109 | goto out_err; |
110 | |
111 | return msg; |
112 | |
113 | out_err: |
114 | free_msg(msg); |
115 | return ERR_PTR(error: err); |
116 | } |
117 | #ifdef CONFIG_CHECKPOINT_RESTORE |
118 | struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) |
119 | { |
120 | struct msg_msgseg *dst_pseg, *src_pseg; |
121 | size_t len = src->m_ts; |
122 | size_t alen; |
123 | |
124 | if (src->m_ts > dst->m_ts) |
125 | return ERR_PTR(error: -EINVAL); |
126 | |
127 | alen = min(len, DATALEN_MSG); |
128 | memcpy(dst + 1, src + 1, alen); |
129 | |
130 | for (dst_pseg = dst->next, src_pseg = src->next; |
131 | src_pseg != NULL; |
132 | dst_pseg = dst_pseg->next, src_pseg = src_pseg->next) { |
133 | |
134 | len -= alen; |
135 | alen = min(len, DATALEN_SEG); |
136 | memcpy(dst_pseg + 1, src_pseg + 1, alen); |
137 | } |
138 | |
139 | dst->m_type = src->m_type; |
140 | dst->m_ts = src->m_ts; |
141 | |
142 | return dst; |
143 | } |
144 | #else |
145 | struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) |
146 | { |
147 | return ERR_PTR(-ENOSYS); |
148 | } |
149 | #endif |
150 | int store_msg(void __user *dest, struct msg_msg *msg, size_t len) |
151 | { |
152 | size_t alen; |
153 | struct msg_msgseg *seg; |
154 | |
155 | alen = min(len, DATALEN_MSG); |
156 | if (copy_to_user(to: dest, from: msg + 1, n: alen)) |
157 | return -1; |
158 | |
159 | for (seg = msg->next; seg != NULL; seg = seg->next) { |
160 | len -= alen; |
161 | dest = (char __user *)dest + alen; |
162 | alen = min(len, DATALEN_SEG); |
163 | if (copy_to_user(to: dest, from: seg + 1, n: alen)) |
164 | return -1; |
165 | } |
166 | return 0; |
167 | } |
168 | |
169 | void free_msg(struct msg_msg *msg) |
170 | { |
171 | struct msg_msgseg *seg; |
172 | |
173 | security_msg_msg_free(msg); |
174 | |
175 | seg = msg->next; |
176 | kfree(objp: msg); |
177 | while (seg != NULL) { |
178 | struct msg_msgseg *tmp = seg->next; |
179 | |
180 | cond_resched(); |
181 | kfree(objp: seg); |
182 | seg = tmp; |
183 | } |
184 | } |
185 | |