]> bbs.cooldavid.org Git - net-next-2.6.git/blame - kernel/sys.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6
[net-next-2.6.git] / kernel / sys.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/kernel/sys.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7#include <linux/config.h>
8#include <linux/module.h>
9#include <linux/mm.h>
10#include <linux/utsname.h>
11#include <linux/mman.h>
12#include <linux/smp_lock.h>
13#include <linux/notifier.h>
14#include <linux/reboot.h>
15#include <linux/prctl.h>
16#include <linux/init.h>
17#include <linux/highuid.h>
18#include <linux/fs.h>
dc009d92
EB		 19#include <linux/kernel.h>
20#include <linux/kexec.h>
1da177e4
LT		 21#include <linux/workqueue.h>
22#include <linux/device.h>
23#include <linux/key.h>
24#include <linux/times.h>
25#include <linux/posix-timers.h>
26#include <linux/security.h>
27#include <linux/dcookies.h>
28#include <linux/suspend.h>
29#include <linux/tty.h>
7ed20e1a 30#include <linux/signal.h>
9f46080c 31#include <linux/cn_proc.h>
1da177e4
LT		 32
33#include <linux/compat.h>
34#include <linux/syscalls.h>
00d7c05a 35#include <linux/kprobes.h>
1da177e4
LT		 36
37#include <asm/uaccess.h>
38#include <asm/io.h>
39#include <asm/unistd.h>
40
41#ifndef SET_UNALIGN_CTL
42# define SET_UNALIGN_CTL(a,b) (-EINVAL)
43#endif
44#ifndef GET_UNALIGN_CTL
45# define GET_UNALIGN_CTL(a,b) (-EINVAL)
46#endif
47#ifndef SET_FPEMU_CTL
48# define SET_FPEMU_CTL(a,b) (-EINVAL)
49#endif
50#ifndef GET_FPEMU_CTL
51# define GET_FPEMU_CTL(a,b) (-EINVAL)
52#endif
53#ifndef SET_FPEXC_CTL
54# define SET_FPEXC_CTL(a,b) (-EINVAL)
55#endif
56#ifndef GET_FPEXC_CTL
57# define GET_FPEXC_CTL(a,b) (-EINVAL)
58#endif
59
60/*
61 * this is where the system-wide overflow UID and GID are defined, for
62 * architectures that now have 32-bit UID/GID but didn't in the past
63 */
64
65int overflowuid = DEFAULT_OVERFLOWUID;
66int overflowgid = DEFAULT_OVERFLOWGID;
67
68#ifdef CONFIG_UID16
69EXPORT_SYMBOL(overflowuid);
70EXPORT_SYMBOL(overflowgid);
71#endif
72
73/*
74 * the same as above, but for filesystems which can only store a 16-bit
75 * UID and GID. as such, this is needed on all architectures
76 */
77
78int fs_overflowuid = DEFAULT_FS_OVERFLOWUID;
79int fs_overflowgid = DEFAULT_FS_OVERFLOWUID;
80
81EXPORT_SYMBOL(fs_overflowuid);
82EXPORT_SYMBOL(fs_overflowgid);
83
84/*
85 * this indicates whether you can reboot with ctrl-alt-del: the default is yes
86 */
87
88int C_A_D = 1;
89int cad_pid = 1;
90
91/*
92 * Notifier list for kernel code which wants to be called
93 * at shutdown. This is used to stop any idling DMA operations
94 * and the like.
95 */
96
97static struct notifier_block *reboot_notifier_list;
98static DEFINE_RWLOCK(notifier_lock);
99
100/**
101 * notifier_chain_register - Add notifier to a notifier chain
102 * @list: Pointer to root list pointer
103 * @n: New entry in notifier chain
104 *
105 * Adds a notifier to a notifier chain.
106 *
107 * Currently always returns zero.
108 */
109
110int notifier_chain_register(struct notifier_block **list, struct notifier_block *n)
111{
112 write_lock(&notifier_lock);
113 while(*list)
114 {
115 if(n->priority > (*list)->priority)
116 break;
117 list= &((*list)->next);
118 }
119 n->next = *list;
120 *list=n;
121 write_unlock(&notifier_lock);
122 return 0;
123}
124
125EXPORT_SYMBOL(notifier_chain_register);
126
127/**
128 * notifier_chain_unregister - Remove notifier from a notifier chain
129 * @nl: Pointer to root list pointer
130 * @n: New entry in notifier chain
131 *
132 * Removes a notifier from a notifier chain.
133 *
134 * Returns zero on success, or %-ENOENT on failure.
135 */
136
137int notifier_chain_unregister(struct notifier_block **nl, struct notifier_block *n)
138{
139 write_lock(&notifier_lock);
140 while((*nl)!=NULL)
141 {
142 if((*nl)==n)
143 {
144 *nl=n->next;
145 write_unlock(&notifier_lock);
146 return 0;
147 }
148 nl=&((*nl)->next);
149 }
150 write_unlock(&notifier_lock);
151 return -ENOENT;
152}
153
154EXPORT_SYMBOL(notifier_chain_unregister);
155
156/**
157 * notifier_call_chain - Call functions in a notifier chain
158 * @n: Pointer to root pointer of notifier chain
159 * @val: Value passed unmodified to notifier function
160 * @v: Pointer passed unmodified to notifier function
161 *
162 * Calls each function in a notifier chain in turn.
163 *
164 * If the return value of the notifier can be and'd
165 * with %NOTIFY_STOP_MASK, then notifier_call_chain
166 * will return immediately, with the return value of
167 * the notifier function which halted execution.
168 * Otherwise, the return value is the return value
169 * of the last notifier function called.
170 */
171
00d7c05a 172int __kprobes notifier_call_chain(struct notifier_block **n, unsigned long val, void *v)
1da177e4
LT		 173{
174 int ret=NOTIFY_DONE;
175 struct notifier_block *nb = *n;
176
177 while(nb)
178 {
179 ret=nb->notifier_call(nb,val,v);
180 if(ret&NOTIFY_STOP_MASK)
181 {
182 return ret;
183 }
184 nb=nb->next;
185 }
186 return ret;
187}
188
189EXPORT_SYMBOL(notifier_call_chain);
190
191/**
192 * register_reboot_notifier - Register function to be called at reboot time
193 * @nb: Info about notifier function to be called
194 *
195 * Registers a function with the list of functions
196 * to be called at reboot time.
197 *
198 * Currently always returns zero, as notifier_chain_register
199 * always returns zero.
200 */
201
202int register_reboot_notifier(struct notifier_block * nb)
203{
204 return notifier_chain_register(&reboot_notifier_list, nb);
205}
206
207EXPORT_SYMBOL(register_reboot_notifier);
208
209/**
210 * unregister_reboot_notifier - Unregister previously registered reboot notifier
211 * @nb: Hook to be unregistered
212 *
213 * Unregisters a previously registered reboot
214 * notifier function.
215 *
216 * Returns zero on success, or %-ENOENT on failure.
217 */
218
219int unregister_reboot_notifier(struct notifier_block * nb)
220{
221 return notifier_chain_unregister(&reboot_notifier_list, nb);
222}
223
224EXPORT_SYMBOL(unregister_reboot_notifier);
225
226static int set_one_prio(struct task_struct *p, int niceval, int error)
227{
228 int no_nice;
229
230 if (p->uid != current->euid &&
231 p->euid != current->euid && !capable(CAP_SYS_NICE)) {
232 error = -EPERM;
233 goto out;
234 }
e43379f1 235 if (niceval < task_nice(p) && !can_nice(p, niceval)) {
1da177e4
LT		 236 error = -EACCES;
237 goto out;
238 }
239 no_nice = security_task_setnice(p, niceval);
240 if (no_nice) {
241 error = no_nice;
242 goto out;
243 }
244 if (error == -ESRCH)
245 error = 0;
246 set_user_nice(p, niceval);
247out:
248 return error;
249}
250
251asmlinkage long sys_setpriority(int which, int who, int niceval)
252{
253 struct task_struct *g, *p;
254 struct user_struct *user;
255 int error = -EINVAL;
256
257 if (which > 2 || which < 0)
258 goto out;
259
260 /* normalize: avoid signed division (rounding problems) */
261 error = -ESRCH;
262 if (niceval < -20)
263 niceval = -20;
264 if (niceval > 19)
265 niceval = 19;
266
267 read_lock(&tasklist_lock);
268 switch (which) {
269 case PRIO_PROCESS:
270 if (!who)
271 who = current->pid;
272 p = find_task_by_pid(who);
273 if (p)
274 error = set_one_prio(p, niceval, error);
275 break;
276 case PRIO_PGRP:
277 if (!who)
278 who = process_group(current);
279 do_each_task_pid(who, PIDTYPE_PGID, p) {
280 error = set_one_prio(p, niceval, error);
281 } while_each_task_pid(who, PIDTYPE_PGID, p);
282 break;
283 case PRIO_USER:
284 user = current->user;
285 if (!who)
286 who = current->uid;
287 else
288 if ((who != current->uid) && !(user = find_user(who)))
289 goto out_unlock; /* No processes for this user */
290
291 do_each_thread(g, p)
292 if (p->uid == who)
293 error = set_one_prio(p, niceval, error);
294 while_each_thread(g, p);
295 if (who != current->uid)
296 free_uid(user); /* For find_user() */
297 break;
298 }
299out_unlock:
300 read_unlock(&tasklist_lock);
301out:
302 return error;
303}
304
305/*
306 * Ugh. To avoid negative return values, "getpriority()" will
307 * not return the normal nice-value, but a negated value that
308 * has been offset by 20 (ie it returns 40..1 instead of -20..19)
309 * to stay compatible.
310 */
311asmlinkage long sys_getpriority(int which, int who)
312{
313 struct task_struct *g, *p;
314 struct user_struct *user;
315 long niceval, retval = -ESRCH;
316
317 if (which > 2 || which < 0)
318 return -EINVAL;
319
320 read_lock(&tasklist_lock);
321 switch (which) {
322 case PRIO_PROCESS:
323 if (!who)
324 who = current->pid;
325 p = find_task_by_pid(who);
326 if (p) {
327 niceval = 20 - task_nice(p);
328 if (niceval > retval)
329 retval = niceval;
330 }
331 break;
332 case PRIO_PGRP:
333 if (!who)
334 who = process_group(current);
335 do_each_task_pid(who, PIDTYPE_PGID, p) {
336 niceval = 20 - task_nice(p);
337 if (niceval > retval)
338 retval = niceval;
339 } while_each_task_pid(who, PIDTYPE_PGID, p);
340 break;
341 case PRIO_USER:
342 user = current->user;
343 if (!who)
344 who = current->uid;
345 else
346 if ((who != current->uid) && !(user = find_user(who)))
347 goto out_unlock; /* No processes for this user */
348
349 do_each_thread(g, p)
350 if (p->uid == who) {
351 niceval = 20 - task_nice(p);
352 if (niceval > retval)
353 retval = niceval;
354 }
355 while_each_thread(g, p);
356 if (who != current->uid)
357 free_uid(user); /* for find_user() */
358 break;
359 }
360out_unlock:
361 read_unlock(&tasklist_lock);
362
363 return retval;
364}
365
e4c94330
EB		 366/**
367 * emergency_restart - reboot the system
368 *
369 * Without shutting down any hardware or taking any locks
370 * reboot the system. This is called when we know we are in
371 * trouble so this is our best effort to reboot. This is
372 * safe to call in interrupt context.
373 */
7c903473
EB		 374void emergency_restart(void)
375{
376 machine_emergency_restart();
377}
378EXPORT_SYMBOL_GPL(emergency_restart);
379
e4c94330 380void kernel_restart_prepare(char *cmd)
4a00ea1e
EB		 381{
382 notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
383 system_state = SYSTEM_RESTART;
4a00ea1e 384 device_shutdown();
e4c94330 385}
1e5d5331
RD		 386
387/**
388 * kernel_restart - reboot the system
389 * @cmd: pointer to buffer containing command to execute for restart
b8887e6e 390 * or %NULL
1e5d5331
RD		 391 *
392 * Shutdown everything and perform a clean reboot.
393 * This is not safe to call in interrupt context.
394 */
e4c94330
EB		 395void kernel_restart(char *cmd)
396{
397 kernel_restart_prepare(cmd);
4a00ea1e
EB		 398 if (!cmd) {
399 printk(KERN_EMERG "Restarting system.\n");
400 } else {
401 printk(KERN_EMERG "Restarting system with command '%s'.\n", cmd);
402 }
403 printk(".\n");
404 machine_restart(cmd);
405}
406EXPORT_SYMBOL_GPL(kernel_restart);
407
e4c94330
EB		 408/**
409 * kernel_kexec - reboot the system
410 *
411 * Move into place and start executing a preloaded standalone
412 * executable. If nothing was preloaded return an error.
413 */
4a00ea1e
EB		 414void kernel_kexec(void)
415{
416#ifdef CONFIG_KEXEC
417 struct kimage *image;
418 image = xchg(&kexec_image, 0);
419 if (!image) {
420 return;
421 }
e4c94330 422 kernel_restart_prepare(NULL);
4a00ea1e
EB		 423 printk(KERN_EMERG "Starting new kernel\n");
424 machine_shutdown();
425 machine_kexec(image);
426#endif
427}
428EXPORT_SYMBOL_GPL(kernel_kexec);
429
e4c94330
EB		 430/**
431 * kernel_halt - halt the system
432 *
433 * Shutdown everything and perform a clean system halt.
434 */
435void kernel_halt_prepare(void)
4a00ea1e
EB		 436{
437 notifier_call_chain(&reboot_notifier_list, SYS_HALT, NULL);
438 system_state = SYSTEM_HALT;
4a00ea1e 439 device_shutdown();
e4c94330
EB		 440}
441void kernel_halt(void)
442{
443 kernel_halt_prepare();
4a00ea1e
EB		 444 printk(KERN_EMERG "System halted.\n");
445 machine_halt();
446}
447EXPORT_SYMBOL_GPL(kernel_halt);
448
e4c94330
EB		 449/**
450 * kernel_power_off - power_off the system
451 *
452 * Shutdown everything and perform a clean system power_off.
453 */
454void kernel_power_off_prepare(void)
4a00ea1e
EB		 455{
456 notifier_call_chain(&reboot_notifier_list, SYS_POWER_OFF, NULL);
457 system_state = SYSTEM_POWER_OFF;
4a00ea1e 458 device_shutdown();
e4c94330
EB		 459}
460void kernel_power_off(void)
461{
462 kernel_power_off_prepare();
4a00ea1e
EB		 463 printk(KERN_EMERG "Power down.\n");
464 machine_power_off();
465}
466EXPORT_SYMBOL_GPL(kernel_power_off);
1da177e4
LT		 467
468/*
469 * Reboot system call: for obvious reasons only root may call it,
470 * and even root needs to set up some magic numbers in the registers
471 * so that some mistake won't make this reboot the whole machine.
472 * You can also set the meaning of the ctrl-alt-del-key here.
473 *
474 * reboot doesn't sync: do that yourself before calling this.
475 */
476asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void __user * arg)
477{
478 char buffer[256];
479
480 /* We only trust the superuser with rebooting the system. */
481 if (!capable(CAP_SYS_BOOT))
482 return -EPERM;
483
484 /* For safety, we require "magic" arguments. */
485 if (magic1 != LINUX_REBOOT_MAGIC1 ||
486 (magic2 != LINUX_REBOOT_MAGIC2 &&
487 magic2 != LINUX_REBOOT_MAGIC2A &&
488 magic2 != LINUX_REBOOT_MAGIC2B &&
489 magic2 != LINUX_REBOOT_MAGIC2C))
490 return -EINVAL;
491
492 lock_kernel();
493 switch (cmd) {
494 case LINUX_REBOOT_CMD_RESTART:
4a00ea1e 495 kernel_restart(NULL);
1da177e4
LT		 496 break;
497
498 case LINUX_REBOOT_CMD_CAD_ON:
499 C_A_D = 1;
500 break;
501
502 case LINUX_REBOOT_CMD_CAD_OFF:
503 C_A_D = 0;
504 break;
505
506 case LINUX_REBOOT_CMD_HALT:
4a00ea1e 507 kernel_halt();
1da177e4
LT		 508 unlock_kernel();
509 do_exit(0);
510 break;
511
512 case LINUX_REBOOT_CMD_POWER_OFF:
4a00ea1e 513 kernel_power_off();
1da177e4
LT		 514 unlock_kernel();
515 do_exit(0);
516 break;
517
518 case LINUX_REBOOT_CMD_RESTART2:
519 if (strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1) < 0) {
520 unlock_kernel();
521 return -EFAULT;
522 }
523 buffer[sizeof(buffer) - 1] = '\0';
524
4a00ea1e 525 kernel_restart(buffer);
1da177e4
LT		 526 break;
527
dc009d92 528 case LINUX_REBOOT_CMD_KEXEC:
4a00ea1e
EB		 529 kernel_kexec();
530 unlock_kernel();
531 return -EINVAL;
532
1da177e4
LT		 533#ifdef CONFIG_SOFTWARE_SUSPEND
534 case LINUX_REBOOT_CMD_SW_SUSPEND:
535 {
536 int ret = software_suspend();
537 unlock_kernel();
538 return ret;
539 }
540#endif
541
542 default:
543 unlock_kernel();
544 return -EINVAL;
545 }
546 unlock_kernel();
547 return 0;
548}
549
550static void deferred_cad(void *dummy)
551{
abcd9e51 552 kernel_restart(NULL);
1da177e4
LT		 553}
554
555/*
556 * This function gets called by ctrl-alt-del - ie the keyboard interrupt.
557 * As it's called within an interrupt, it may NOT sync: the only choice
558 * is whether to reboot at once, or just ignore the ctrl-alt-del.
559 */
560void ctrl_alt_del(void)
561{
562 static DECLARE_WORK(cad_work, deferred_cad, NULL);
563
564 if (C_A_D)
565 schedule_work(&cad_work);
566 else
567 kill_proc(cad_pid, SIGINT, 1);
568}
569
570
571/*
572 * Unprivileged users may change the real gid to the effective gid
573 * or vice versa. (BSD-style)
574 *
575 * If you set the real gid at all, or set the effective gid to a value not
576 * equal to the real gid, then the saved gid is set to the new effective gid.
577 *
578 * This makes it possible for a setgid program to completely drop its
579 * privileges, which is often a useful assertion to make when you are doing
580 * a security audit over a program.
581 *
582 * The general idea is that a program which uses just setregid() will be
583 * 100% compatible with BSD. A program which uses just setgid() will be
584 * 100% compatible with POSIX with saved IDs.
585 *
586 * SMP: There are not races, the GIDs are checked only by filesystem
587 * operations (as far as semantic preservation is concerned).
588 */
589asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
590{
591 int old_rgid = current->gid;
592 int old_egid = current->egid;
593 int new_rgid = old_rgid;
594 int new_egid = old_egid;
595 int retval;
596
597 retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
598 if (retval)
599 return retval;
600
601 if (rgid != (gid_t) -1) {
602 if ((old_rgid == rgid) ||
603 (current->egid==rgid) ||
604 capable(CAP_SETGID))
605 new_rgid = rgid;
606 else
607 return -EPERM;
608 }
609 if (egid != (gid_t) -1) {
610 if ((old_rgid == egid) ||
611 (current->egid == egid) ||
612 (current->sgid == egid) ||
613 capable(CAP_SETGID))
614 new_egid = egid;
615 else {
616 return -EPERM;
617 }
618 }
619 if (new_egid != old_egid)
620 {
d6e71144 621 current->mm->dumpable = suid_dumpable;
d59dd462 622 smp_wmb();
1da177e4
LT		 623 }
624 if (rgid != (gid_t) -1 ||
625 (egid != (gid_t) -1 && egid != old_rgid))
626 current->sgid = new_egid;
627 current->fsgid = new_egid;
628 current->egid = new_egid;
629 current->gid = new_rgid;
630 key_fsgid_changed(current);
9f46080c 631 proc_id_connector(current, PROC_EVENT_GID);
1da177e4
LT		 632 return 0;
633}
634
635/*
636 * setgid() is implemented like SysV w/ SAVED_IDS
637 *
638 * SMP: Same implicit races as above.
639 */
640asmlinkage long sys_setgid(gid_t gid)
641{
642 int old_egid = current->egid;
643 int retval;
644
645 retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
646 if (retval)
647 return retval;
648
649 if (capable(CAP_SETGID))
650 {
651 if(old_egid != gid)
652 {
d6e71144 653 current->mm->dumpable = suid_dumpable;
d59dd462 654 smp_wmb();
1da177e4
LT		 655 }
656 current->gid = current->egid = current->sgid = current->fsgid = gid;
657 }
658 else if ((gid == current->gid) || (gid == current->sgid))
659 {
660 if(old_egid != gid)
661 {
d6e71144 662 current->mm->dumpable = suid_dumpable;
d59dd462 663 smp_wmb();
1da177e4
LT		 664 }
665 current->egid = current->fsgid = gid;
666 }
667 else
668 return -EPERM;
669
670 key_fsgid_changed(current);
9f46080c 671 proc_id_connector(current, PROC_EVENT_GID);
1da177e4
LT		 672 return 0;
673}
674
675static int set_user(uid_t new_ruid, int dumpclear)
676{
677 struct user_struct *new_user;
678
679 new_user = alloc_uid(new_ruid);
680 if (!new_user)
681 return -EAGAIN;
682
683 if (atomic_read(&new_user->processes) >=
684 current->signal->rlim[RLIMIT_NPROC].rlim_cur &&
685 new_user != &root_user) {
686 free_uid(new_user);
687 return -EAGAIN;
688 }
689
690 switch_uid(new_user);
691
692 if(dumpclear)
693 {
d6e71144 694 current->mm->dumpable = suid_dumpable;
d59dd462 695 smp_wmb();
1da177e4
LT		 696 }
697 current->uid = new_ruid;
698 return 0;
699}
700
701/*
702 * Unprivileged users may change the real uid to the effective uid
703 * or vice versa. (BSD-style)
704 *
705 * If you set the real uid at all, or set the effective uid to a value not
706 * equal to the real uid, then the saved uid is set to the new effective uid.
707 *
708 * This makes it possible for a setuid program to completely drop its
709 * privileges, which is often a useful assertion to make when you are doing
710 * a security audit over a program.
711 *
712 * The general idea is that a program which uses just setreuid() will be
713 * 100% compatible with BSD. A program which uses just setuid() will be
714 * 100% compatible with POSIX with saved IDs.
715 */
716asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
717{
718 int old_ruid, old_euid, old_suid, new_ruid, new_euid;
719 int retval;
720
721 retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
722 if (retval)
723 return retval;
724
725 new_ruid = old_ruid = current->uid;
726 new_euid = old_euid = current->euid;
727 old_suid = current->suid;
728
729 if (ruid != (uid_t) -1) {
730 new_ruid = ruid;
731 if ((old_ruid != ruid) &&
732 (current->euid != ruid) &&
733 !capable(CAP_SETUID))
734 return -EPERM;
735 }
736
737 if (euid != (uid_t) -1) {
738 new_euid = euid;
739 if ((old_ruid != euid) &&
740 (current->euid != euid) &&
741 (current->suid != euid) &&
742 !capable(CAP_SETUID))
743 return -EPERM;
744 }
745
746 if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0)
747 return -EAGAIN;
748
749 if (new_euid != old_euid)
750 {
d6e71144 751 current->mm->dumpable = suid_dumpable;
d59dd462 752 smp_wmb();
1da177e4
LT		 753 }
754 current->fsuid = current->euid = new_euid;
755 if (ruid != (uid_t) -1 ||
756 (euid != (uid_t) -1 && euid != old_ruid))
757 current->suid = current->euid;
758 current->fsuid = current->euid;
759
760 key_fsuid_changed(current);
9f46080c 761 proc_id_connector(current, PROC_EVENT_UID);
1da177e4
LT		 762
763 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
764}
765
766
767
768/*
769 * setuid() is implemented like SysV with SAVED_IDS
770 *
771 * Note that SAVED_ID's is deficient in that a setuid root program
772 * like sendmail, for example, cannot set its uid to be a normal
773 * user and then switch back, because if you're root, setuid() sets
774 * the saved uid too. If you don't like this, blame the bright people
775 * in the POSIX committee and/or USG. Note that the BSD-style setreuid()
776 * will allow a root program to temporarily drop privileges and be able to
777 * regain them by swapping the real and effective uid.
778 */
779asmlinkage long sys_setuid(uid_t uid)
780{
781 int old_euid = current->euid;
782 int old_ruid, old_suid, new_ruid, new_suid;
783 int retval;
784
785 retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
786 if (retval)
787 return retval;
788
789 old_ruid = new_ruid = current->uid;
790 old_suid = current->suid;
791 new_suid = old_suid;
792
793 if (capable(CAP_SETUID)) {
794 if (uid != old_ruid && set_user(uid, old_euid != uid) < 0)
795 return -EAGAIN;
796 new_suid = uid;
797 } else if ((uid != current->uid) && (uid != new_suid))
798 return -EPERM;
799
800 if (old_euid != uid)
801 {
d6e71144 802 current->mm->dumpable = suid_dumpable;
d59dd462 803 smp_wmb();
1da177e4
LT		 804 }
805 current->fsuid = current->euid = uid;
806 current->suid = new_suid;
807
808 key_fsuid_changed(current);
9f46080c 809 proc_id_connector(current, PROC_EVENT_UID);
1da177e4
LT		 810
811 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
812}
813
814
815/*
816 * This function implements a generic ability to update ruid, euid,
817 * and suid. This allows you to implement the 4.4 compatible seteuid().
818 */
819asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
820{
821 int old_ruid = current->uid;
822 int old_euid = current->euid;
823 int old_suid = current->suid;
824 int retval;
825
826 retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
827 if (retval)
828 return retval;
829
830 if (!capable(CAP_SETUID)) {
831 if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
832 (ruid != current->euid) && (ruid != current->suid))
833 return -EPERM;
834 if ((euid != (uid_t) -1) && (euid != current->uid) &&
835 (euid != current->euid) && (euid != current->suid))
836 return -EPERM;
837 if ((suid != (uid_t) -1) && (suid != current->uid) &&
838 (suid != current->euid) && (suid != current->suid))
839 return -EPERM;
840 }
841 if (ruid != (uid_t) -1) {
842 if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0)
843 return -EAGAIN;
844 }
845 if (euid != (uid_t) -1) {
846 if (euid != current->euid)
847 {
d6e71144 848 current->mm->dumpable = suid_dumpable;
d59dd462 849 smp_wmb();
1da177e4
LT		 850 }
851 current->euid = euid;
852 }
853 current->fsuid = current->euid;
854 if (suid != (uid_t) -1)
855 current->suid = suid;
856
857 key_fsuid_changed(current);
9f46080c 858 proc_id_connector(current, PROC_EVENT_UID);
1da177e4
LT		 859
860 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
861}
862
863asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid)
864{
865 int retval;
866
867 if (!(retval = put_user(current->uid, ruid)) &&
868 !(retval = put_user(current->euid, euid)))
869 retval = put_user(current->suid, suid);
870
871 return retval;
872}
873
874/*
875 * Same as above, but for rgid, egid, sgid.
876 */
877asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
878{
879 int retval;
880
881 retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
882 if (retval)
883 return retval;
884
885 if (!capable(CAP_SETGID)) {
886 if ((rgid != (gid_t) -1) && (rgid != current->gid) &&
887 (rgid != current->egid) && (rgid != current->sgid))
888 return -EPERM;
889 if ((egid != (gid_t) -1) && (egid != current->gid) &&
890 (egid != current->egid) && (egid != current->sgid))
891 return -EPERM;
892 if ((sgid != (gid_t) -1) && (sgid != current->gid) &&
893 (sgid != current->egid) && (sgid != current->sgid))
894 return -EPERM;
895 }
896 if (egid != (gid_t) -1) {
897 if (egid != current->egid)
898 {
d6e71144 899 current->mm->dumpable = suid_dumpable;
d59dd462 900 smp_wmb();
1da177e4
LT		 901 }
902 current->egid = egid;
903 }
904 current->fsgid = current->egid;
905 if (rgid != (gid_t) -1)
906 current->gid = rgid;
907 if (sgid != (gid_t) -1)
908 current->sgid = sgid;
909
910 key_fsgid_changed(current);
9f46080c 911 proc_id_connector(current, PROC_EVENT_GID);
1da177e4
LT		 912 return 0;
913}
914
915asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid)
916{
917 int retval;
918
919 if (!(retval = put_user(current->gid, rgid)) &&
920 !(retval = put_user(current->egid, egid)))
921 retval = put_user(current->sgid, sgid);
922
923 return retval;
924}
925
926
927/*
928 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
929 * is used for "access()" and for the NFS daemon (letting nfsd stay at
930 * whatever uid it wants to). It normally shadows "euid", except when
931 * explicitly set by setfsuid() or for access..
932 */
933asmlinkage long sys_setfsuid(uid_t uid)
934{
935 int old_fsuid;
936
937 old_fsuid = current->fsuid;
938 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))
939 return old_fsuid;
940
941 if (uid == current->uid || uid == current->euid ||
942 uid == current->suid || uid == current->fsuid ||
943 capable(CAP_SETUID))
944 {
945 if (uid != old_fsuid)
946 {
d6e71144 947 current->mm->dumpable = suid_dumpable;
d59dd462 948 smp_wmb();
1da177e4
LT		 949 }
950 current->fsuid = uid;
951 }
952
953 key_fsuid_changed(current);
9f46080c 954 proc_id_connector(current, PROC_EVENT_UID);
1da177e4
LT		 955
956 security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
957
958 return old_fsuid;
959}
960
961/*
962