]> bbs.cooldavid.org Git - net-next-2.6.git/blame - kernel/sys.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
TOMOYO: Add description of lists and structures.
[net-next-2.6.git] / kernel / sys.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/kernel/sys.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
1da177e4
LT		 7#include <linux/module.h>
8#include <linux/mm.h>
9#include <linux/utsname.h>
10#include <linux/mman.h>
11#include <linux/smp_lock.h>
12#include <linux/notifier.h>
13#include <linux/reboot.h>
14#include <linux/prctl.h>
1da177e4
LT		 15#include <linux/highuid.h>
16#include <linux/fs.h>
3e88c553 17#include <linux/resource.h>
dc009d92
EB		 18#include <linux/kernel.h>
19#include <linux/kexec.h>
1da177e4 20#include <linux/workqueue.h>
c59ede7b 21#include <linux/capability.h>
1da177e4
LT		 22#include <linux/device.h>
23#include <linux/key.h>
24#include <linux/times.h>
25#include <linux/posix-timers.h>
26#include <linux/security.h>
27#include <linux/dcookies.h>
28#include <linux/suspend.h>
29#include <linux/tty.h>
7ed20e1a 30#include <linux/signal.h>
9f46080c 31#include <linux/cn_proc.h>
3cfc348b 32#include <linux/getcpu.h>
6eaeeaba 33#include <linux/task_io_accounting_ops.h>
1d9d02fe 34#include <linux/seccomp.h>
4047727e 35#include <linux/cpu.h>
e3d5a27d 36#include <linux/ptrace.h>
5ad4e53b 37#include <linux/fs_struct.h>
1da177e4
LT		 38
39#include <linux/compat.h>
40#include <linux/syscalls.h>
00d7c05a 41#include <linux/kprobes.h>
acce292c 42#include <linux/user_namespace.h>
1da177e4
LT		 43
44#include <asm/uaccess.h>
45#include <asm/io.h>
46#include <asm/unistd.h>
47
48#ifndef SET_UNALIGN_CTL
49# define SET_UNALIGN_CTL(a,b) (-EINVAL)
50#endif
51#ifndef GET_UNALIGN_CTL
52# define GET_UNALIGN_CTL(a,b) (-EINVAL)
53#endif
54#ifndef SET_FPEMU_CTL
55# define SET_FPEMU_CTL(a,b) (-EINVAL)
56#endif
57#ifndef GET_FPEMU_CTL
58# define GET_FPEMU_CTL(a,b) (-EINVAL)
59#endif
60#ifndef SET_FPEXC_CTL
61# define SET_FPEXC_CTL(a,b) (-EINVAL)
62#endif
63#ifndef GET_FPEXC_CTL
64# define GET_FPEXC_CTL(a,b) (-EINVAL)
65#endif
651d765d
AB		 66#ifndef GET_ENDIAN
67# define GET_ENDIAN(a,b) (-EINVAL)
68#endif
69#ifndef SET_ENDIAN
70# define SET_ENDIAN(a,b) (-EINVAL)
71#endif
8fb402bc
EB		 72#ifndef GET_TSC_CTL
73# define GET_TSC_CTL(a) (-EINVAL)
74#endif
75#ifndef SET_TSC_CTL
76# define SET_TSC_CTL(a) (-EINVAL)
77#endif
1da177e4
LT		 78
79/*
80 * this is where the system-wide overflow UID and GID are defined, for
81 * architectures that now have 32-bit UID/GID but didn't in the past
82 */
83
84int overflowuid = DEFAULT_OVERFLOWUID;
85int overflowgid = DEFAULT_OVERFLOWGID;
86
87#ifdef CONFIG_UID16
88EXPORT_SYMBOL(overflowuid);
89EXPORT_SYMBOL(overflowgid);
90#endif
91
92/*
93 * the same as above, but for filesystems which can only store a 16-bit
94 * UID and GID. as such, this is needed on all architectures
95 */
96
97int fs_overflowuid = DEFAULT_FS_OVERFLOWUID;
98int fs_overflowgid = DEFAULT_FS_OVERFLOWUID;
99
100EXPORT_SYMBOL(fs_overflowuid);
101EXPORT_SYMBOL(fs_overflowgid);
102
103/*
104 * this indicates whether you can reboot with ctrl-alt-del: the default is yes
105 */
106
107int C_A_D = 1;
9ec52099
CLG		 108struct pid *cad_pid;
109EXPORT_SYMBOL(cad_pid);
1da177e4 110
bd804eba
RW		 111/*
112 * If set, this is used for preparing the system to power off.
113 */
114
115void (*pm_power_off_prepare)(void);
bd804eba 116
c69e8d9c
DH		 117/*
118 * set the priority of a task
119 * - the caller must hold the RCU read lock
120 */
1da177e4
LT		 121static int set_one_prio(struct task_struct *p, int niceval, int error)
122{
c69e8d9c 123 const struct cred *cred = current_cred(), *pcred = __task_cred(p);
1da177e4
LT		 124 int no_nice;
125
c69e8d9c
DH		 126 if (pcred->uid != cred->euid &&
127 pcred->euid != cred->euid && !capable(CAP_SYS_NICE)) {
1da177e4
LT		 128 error = -EPERM;
129 goto out;
130 }
e43379f1 131 if (niceval < task_nice(p) && !can_nice(p, niceval)) {
1da177e4
LT		 132 error = -EACCES;
133 goto out;
134 }
135 no_nice = security_task_setnice(p, niceval);
136 if (no_nice) {
137 error = no_nice;
138 goto out;
139 }
140 if (error == -ESRCH)
141 error = 0;
142 set_user_nice(p, niceval);
143out:
144 return error;
145}
146
754fe8d2 147SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval)
1da177e4
LT		 148{
149 struct task_struct *g, *p;
150 struct user_struct *user;
86a264ab 151 const struct cred *cred = current_cred();
1da177e4 152 int error = -EINVAL;
41487c65 153 struct pid *pgrp;
1da177e4 154
3e88c553 155 if (which > PRIO_USER || which < PRIO_PROCESS)
1da177e4
LT		 156 goto out;
157
158 /* normalize: avoid signed division (rounding problems) */
159 error = -ESRCH;
160 if (niceval < -20)
161 niceval = -20;
162 if (niceval > 19)
163 niceval = 19;
164
165 read_lock(&tasklist_lock);
166 switch (which) {
167 case PRIO_PROCESS:
41487c65 168 if (who)
228ebcbe 169 p = find_task_by_vpid(who);
41487c65
EB		 170 else
171 p = current;
1da177e4
LT		 172 if (p)
173 error = set_one_prio(p, niceval, error);
174 break;
175 case PRIO_PGRP:
41487c65 176 if (who)
b488893a 177 pgrp = find_vpid(who);
41487c65
EB		 178 else
179 pgrp = task_pgrp(current);
2d70b68d 180 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
1da177e4 181 error = set_one_prio(p, niceval, error);
2d70b68d 182 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
1da177e4
LT		 183 break;
184 case PRIO_USER:
d84f4f99 185 user = (struct user_struct *) cred->user;
1da177e4 186 if (!who)
86a264ab
DH		 187 who = cred->uid;
188 else if ((who != cred->uid) &&
189 !(user = find_user(who)))
190 goto out_unlock; /* No processes for this user */
1da177e4
LT		 191
192 do_each_thread(g, p)
86a264ab 193 if (__task_cred(p)->uid == who)
1da177e4
LT		 194 error = set_one_prio(p, niceval, error);
195 while_each_thread(g, p);
86a264ab 196 if (who != cred->uid)
1da177e4
LT		 197 free_uid(user); /* For find_user() */
198 break;
199 }
200out_unlock:
201 read_unlock(&tasklist_lock);
202out:
203 return error;
204}
205
206/*
207 * Ugh. To avoid negative return values, "getpriority()" will
208 * not return the normal nice-value, but a negated value that
209 * has been offset by 20 (ie it returns 40..1 instead of -20..19)
210 * to stay compatible.
211 */
754fe8d2 212SYSCALL_DEFINE2(getpriority, int, which, int, who)
1da177e4
LT		 213{
214 struct task_struct *g, *p;
215 struct user_struct *user;
86a264ab 216 const struct cred *cred = current_cred();
1da177e4 217 long niceval, retval = -ESRCH;
41487c65 218 struct pid *pgrp;
1da177e4 219
3e88c553 220 if (which > PRIO_USER || which < PRIO_PROCESS)
1da177e4
LT		 221 return -EINVAL;
222
223 read_lock(&tasklist_lock);
224 switch (which) {
225 case PRIO_PROCESS:
41487c65 226 if (who)
228ebcbe 227 p = find_task_by_vpid(who);
41487c65
EB		 228 else
229 p = current;
1da177e4
LT		 230 if (p) {
231 niceval = 20 - task_nice(p);
232 if (niceval > retval)
233 retval = niceval;
234 }
235 break;
236 case PRIO_PGRP:
41487c65 237 if (who)
b488893a 238 pgrp = find_vpid(who);
41487c65
EB		 239 else
240 pgrp = task_pgrp(current);
2d70b68d 241 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
1da177e4
LT		 242 niceval = 20 - task_nice(p);
243 if (niceval > retval)
244 retval = niceval;
2d70b68d 245 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
1da177e4
LT		 246 break;
247 case PRIO_USER:
86a264ab 248 user = (struct user_struct *) cred->user;
1da177e4 249 if (!who)
86a264ab
DH		 250 who = cred->uid;
251 else if ((who != cred->uid) &&
252 !(user = find_user(who)))
253 goto out_unlock; /* No processes for this user */
1da177e4
LT		 254
255 do_each_thread(g, p)
86a264ab 256 if (__task_cred(p)->uid == who) {
1da177e4
LT		 257 niceval = 20 - task_nice(p);
258 if (niceval > retval)
259 retval = niceval;
260 }
261 while_each_thread(g, p);
86a264ab 262 if (who != cred->uid)
1da177e4
LT		 263 free_uid(user); /* for find_user() */
264 break;
265 }
266out_unlock:
267 read_unlock(&tasklist_lock);
268
269 return retval;
270}
271
e4c94330
EB		 272/**
273 * emergency_restart - reboot the system
274 *
275 * Without shutting down any hardware or taking any locks
276 * reboot the system. This is called when we know we are in
277 * trouble so this is our best effort to reboot. This is
278 * safe to call in interrupt context.
279 */
7c903473
EB		 280void emergency_restart(void)
281{
282 machine_emergency_restart();
283}
284EXPORT_SYMBOL_GPL(emergency_restart);
285
ca195b7f 286void kernel_restart_prepare(char *cmd)
4a00ea1e 287{
e041c683 288 blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
4a00ea1e 289 system_state = SYSTEM_RESTART;
4a00ea1e 290 device_shutdown();
58b3b71d 291 sysdev_shutdown();
e4c94330 292}
1e5d5331
RD		 293
294/**
295 * kernel_restart - reboot the system
296 * @cmd: pointer to buffer containing command to execute for restart
b8887e6e 297 * or %NULL
1e5d5331
RD		 298 *
299 * Shutdown everything and perform a clean reboot.
300 * This is not safe to call in interrupt context.
301 */
e4c94330
EB		 302void kernel_restart(char *cmd)
303{
304 kernel_restart_prepare(cmd);
756184b7 305 if (!cmd)
4a00ea1e 306 printk(KERN_EMERG "Restarting system.\n");
756184b7 307 else
4a00ea1e 308 printk(KERN_EMERG "Restarting system with command '%s'.\n", cmd);
4a00ea1e
EB		 309 machine_restart(cmd);
310}
311EXPORT_SYMBOL_GPL(kernel_restart);
312
4ef7229f 313static void kernel_shutdown_prepare(enum system_states state)
729b4d4c 314{
e041c683 315 blocking_notifier_call_chain(&reboot_notifier_list,
729b4d4c
AS		 316 (state == SYSTEM_HALT)?SYS_HALT:SYS_POWER_OFF, NULL);
317 system_state = state;
318 device_shutdown();
319}
e4c94330
EB		 320/**
321 * kernel_halt - halt the system
322 *
323 * Shutdown everything and perform a clean system halt.
324 */
e4c94330
EB		 325void kernel_halt(void)
326{
729b4d4c 327 kernel_shutdown_prepare(SYSTEM_HALT);
58b3b71d 328 sysdev_shutdown();
4a00ea1e
EB		 329 printk(KERN_EMERG "System halted.\n");
330 machine_halt();
331}
729b4d4c 332
4a00ea1e
EB		 333EXPORT_SYMBOL_GPL(kernel_halt);
334
e4c94330
EB		 335/**
336 * kernel_power_off - power_off the system
337 *
338 * Shutdown everything and perform a clean system power_off.
339 */
e4c94330
EB		 340void kernel_power_off(void)
341{
729b4d4c 342 kernel_shutdown_prepare(SYSTEM_POWER_OFF);
bd804eba
RW		 343 if (pm_power_off_prepare)
344 pm_power_off_prepare();
4047727e 345 disable_nonboot_cpus();
58b3b71d 346 sysdev_shutdown();
4a00ea1e
EB		 347 printk(KERN_EMERG "Power down.\n");
348 machine_power_off();
349}
350EXPORT_SYMBOL_GPL(kernel_power_off);
1da177e4
LT		 351/*
352 * Reboot system call: for obvious reasons only root may call it,
353 * and even root needs to set up some magic numbers in the registers
354 * so that some mistake won't make this reboot the whole machine.
355 * You can also set the meaning of the ctrl-alt-del-key here.
356 *
357 * reboot doesn't sync: do that yourself before calling this.
358 */
754fe8d2
HC		 359SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
360 void __user *, arg)
1da177e4
LT		 361{
362 char buffer[256];
3d26dcf7 363 int ret = 0;
1da177e4
LT		 364
365 /* We only trust the superuser with rebooting the system. */
366 if (!capable(CAP_SYS_BOOT))
367 return -EPERM;
368
369 /* For safety, we require "magic" arguments. */
370 if (magic1 != LINUX_REBOOT_MAGIC1 ||
371 (magic2 != LINUX_REBOOT_MAGIC2 &&
372 magic2 != LINUX_REBOOT_MAGIC2A &&
373 magic2 != LINUX_REBOOT_MAGIC2B &&
374 magic2 != LINUX_REBOOT_MAGIC2C))
375 return -EINVAL;
376
5e38291d
EB		 377 /* Instead of trying to make the power_off code look like
378 * halt when pm_power_off is not set do it the easy way.
379 */
380 if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
381 cmd = LINUX_REBOOT_CMD_HALT;
382
1da177e4
LT		 383 lock_kernel();
384 switch (cmd) {
385 case LINUX_REBOOT_CMD_RESTART:
4a00ea1e 386 kernel_restart(NULL);
1da177e4
LT		 387 break;
388
389 case LINUX_REBOOT_CMD_CAD_ON:
390 C_A_D = 1;
391 break;
392
393 case LINUX_REBOOT_CMD_CAD_OFF:
394 C_A_D = 0;
395 break;
396
397 case LINUX_REBOOT_CMD_HALT:
4a00ea1e 398 kernel_halt();
1da177e4
LT		 399 unlock_kernel();
400 do_exit(0);
3d26dcf7 401 panic("cannot halt");
1da177e4
LT		 402
403 case LINUX_REBOOT_CMD_POWER_OFF:
4a00ea1e 404 kernel_power_off();
1da177e4
LT		 405 unlock_kernel();
406 do_exit(0);
407 break;
408
409 case LINUX_REBOOT_CMD_RESTART2:
410 if (strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1) < 0) {
411 unlock_kernel();
412 return -EFAULT;
413 }
414 buffer[sizeof(buffer) - 1] = '\0';
415
4a00ea1e 416 kernel_restart(buffer);
1da177e4
LT		 417 break;
418
3ab83521 419#ifdef CONFIG_KEXEC
dc009d92 420 case LINUX_REBOOT_CMD_KEXEC:
3d26dcf7
AK		 421 ret = kernel_kexec();
422 break;
3ab83521 423#endif
4a00ea1e 424
b0cb1a19 425#ifdef CONFIG_HIBERNATION
1da177e4 426 case LINUX_REBOOT_CMD_SW_SUSPEND:
3d26dcf7
AK		 427 ret = hibernate();
428 break;
1da177e4
LT		 429#endif
430
431 default:
3d26dcf7
AK		 432 ret = -EINVAL;
433 break;
1da177e4
LT		 434 }
435 unlock_kernel();
3d26dcf7 436 return ret;
1da177e4
LT		 437}
438
65f27f38 439static void deferred_cad(struct work_struct *dummy)
1da177e4 440{
abcd9e51 441 kernel_restart(NULL);
1da177e4
LT		 442}
443
444/*
445 * This function gets called by ctrl-alt-del - ie the keyboard interrupt.
446 * As it's called within an interrupt, it may NOT sync: the only choice
447 * is whether to reboot at once, or just ignore the ctrl-alt-del.
448 */
449void ctrl_alt_del(void)
450{
65f27f38 451 static DECLARE_WORK(cad_work, deferred_cad);
1da177e4
LT		 452
453 if (C_A_D)
454 schedule_work(&cad_work);
455 else
9ec52099 456 kill_cad_pid(SIGINT, 1);
1da177e4
LT		 457}
458
1da177e4
LT		 459/*
460 * Unprivileged users may change the real gid to the effective gid
461 * or vice versa. (BSD-style)
462 *
463 * If you set the real gid at all, or set the effective gid to a value not
464 * equal to the real gid, then the saved gid is set to the new effective gid.
465 *
466 * This makes it possible for a setgid program to completely drop its
467 * privileges, which is often a useful assertion to make when you are doing
468 * a security audit over a program.
469 *
470 * The general idea is that a program which uses just setregid() will be
471 * 100% compatible with BSD. A program which uses just setgid() will be
472 * 100% compatible with POSIX with saved IDs.
473 *
474 * SMP: There are not races, the GIDs are checked only by filesystem
475 * operations (as far as semantic preservation is concerned).
476 */
ae1251ab 477SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
1da177e4 478{
d84f4f99
DH		 479 const struct cred *old;
480 struct cred *new;
1da177e4
LT		 481 int retval;
482
d84f4f99
DH		 483 new = prepare_creds();
484 if (!new)
485 return -ENOMEM;
486 old = current_cred();
487
1da177e4
LT		 488 retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
489 if (retval)
d84f4f99 490 goto error;
1da177e4 491
d84f4f99 492 retval = -EPERM;
1da177e4 493 if (rgid != (gid_t) -1) {
d84f4f99
DH		 494 if (old->gid == rgid ||
495 old->egid == rgid ||
1da177e4 496 capable(CAP_SETGID))
d84f4f99 497 new->gid = rgid;
1da177e4 498 else
d84f4f99 499 goto error;
1da177e4
LT		 500 }
501 if (egid != (gid_t) -1) {
d84f4f99
DH		 502 if (old->gid == egid ||
503 old->egid == egid ||
504 old->sgid == egid ||
1da177e4 505 capable(CAP_SETGID))
d84f4f99 506 new->egid = egid;
756184b7 507 else
d84f4f99 508 goto error;
1da177e4 509 }
d84f4f99 510
1da177e4 511 if (rgid != (gid_t) -1 ||
d84f4f99
DH		 512 (egid != (gid_t) -1 && egid != old->gid))
513 new->sgid = new->egid;
514 new->fsgid = new->egid;
515
516 return commit_creds(new);
517
518error:
519 abort_creds(new);
520 return retval;
1da177e4
LT		 521}
522
523/*
524 * setgid() is implemented like SysV w/ SAVED_IDS
525 *
526 * SMP: Same implicit races as above.
527 */
ae1251ab 528SYSCALL_DEFINE1(setgid, gid_t, gid)
1da177e4 529{
d84f4f99
DH		 530 const struct cred *old;
531 struct cred *new;
1da177e4
LT		 532 int retval;
533
d84f4f99
DH		 534 new = prepare_creds();
535 if (!new)
536 return -ENOMEM;
537 old = current_cred();
538
1da177e4
LT		 539 retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
540 if (retval)
d84f4f99 541 goto error;
1da177e4 542
d84f4f99
DH		 543 retval = -EPERM;
544 if (capable(CAP_SETGID))
545 new->gid = new->egid = new->sgid = new->fsgid = gid;
546 else if (gid == old->gid || gid == old->sgid)
547 new->egid = new->fsgid = gid;
1da177e4 548 else
d84f4f99 549 goto error;
1da177e4 550
d84f4f99
DH		 551 return commit_creds(new);
552
553error:
554 abort_creds(new);
555 return retval;
1da177e4 556}
54e99124 557
d84f4f99
DH		 558/*
559 * change the user struct in a credentials set to match the new UID
560 */
561static int set_user(struct cred *new)
1da177e4
LT		 562{
563 struct user_struct *new_user;
564
18b6e041 565 new_user = alloc_uid(current_user_ns(), new->uid);
1da177e4
LT		 566 if (!new_user)
567 return -EAGAIN;
568
54e99124
DG		 569 if (!task_can_switch_user(new_user, current)) {
570 free_uid(new_user);
571 return -EINVAL;
572 }
573
1da177e4
LT		 574 if (atomic_read(&new_user->processes) >=
575 current->signal->rlim[RLIMIT_NPROC].rlim_cur &&
18b6e041 576 new_user != INIT_USER) {
1da177e4
LT		 577 free_uid(new_user);
578 return -EAGAIN;
579 }
580
d84f4f99
DH		 581 free_uid(new->user);
582 new->user = new_user;
1da177e4
LT		 583 return 0;
584}
585
586/*
587 * Unprivileged users may change the real uid to the effective uid
588 * or vice versa. (BSD-style)
589 *
590 * If you set the real uid at all, or set the effective uid to a value not
591 * equal to the real uid, then the saved uid is set to the new effective uid.
592 *
593 * This makes it possible for a setuid program to completely drop its
594 * privileges, which is often a useful assertion to make when you are doing
595 * a security audit over a program.
596 *
597 * The general idea is that a program which uses just setreuid() will be
598 * 100% compatible with BSD. A program which uses just setuid() will be
599 * 100% compatible with POSIX with saved IDs.
600 */
ae1251ab 601SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
1da177e4 602{
d84f4f99
DH		 603 const struct cred *old;
604 struct cred *new;
1da177e4
LT		 605 int retval;
606
d84f4f99
DH		 607 new = prepare_creds();
608 if (!new)
609 return -ENOMEM;
610 old = current_cred();
611
1da177e4
LT		 612 retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
613 if (retval)
d84f4f99 614 goto error;
1da177e4 615
d84f4f99 616 retval = -EPERM;
1da177e4 617 if (ruid != (uid_t) -1) {
d84f4f99
DH		 618 new->uid = ruid;
619 if (old->uid != ruid &&
620 old->euid != ruid &&
1da177e4 621 !capable(CAP_SETUID))
d84f4f99 622 goto error;
1da177e4
LT		 623 }
624
625 if (euid != (uid_t) -1) {
d84f4f99
DH		 626 new->euid = euid;
627 if (old->uid != euid &&
628 old->euid != euid &&
629 old->suid != euid &&
1da177e4 630 !capable(CAP_SETUID))
d84f4f99 631 goto error;
1da177e4
LT		 632 }
633
54e99124
DG		 634 if (new->uid != old->uid) {
635 retval = set_user(new);
636 if (retval < 0)
637 goto error;
638 }
1da177e4 639 if (ruid != (uid_t) -1 ||
d84f4f99
DH		 640 (euid != (uid_t) -1 && euid != old->uid))
641 new->suid = new->euid;
642 new->fsuid = new->euid;
1da177e4 643
d84f4f99
DH		 644 retval = security_task_fix_setuid(new, old, LSM_SETID_RE);
645 if (retval < 0)
646 goto error;
1da177e4 647
d84f4f99 648 return commit_creds(new);
1da177e4 649
d84f4f99
DH		 650error:
651 abort_creds(new);
652 return retval;
653}
1da177e4
LT		 654
655/*
656 * setuid() is implemented like SysV with SAVED_IDS
657 *
658 * Note that SAVED_ID's is deficient in that a setuid root program
659 * like sendmail, for example, cannot set its uid to be a normal
660 * user and then switch back, because if you're root, setuid() sets
661 * the saved uid too. If you don't like this, blame the bright people
662 * in the POSIX committee and/or USG. Note that the BSD-style setreuid()
663 * will allow a root program to temporarily drop privileges and be able to
664 * regain them by swapping the real and effective uid.
665 */
ae1251ab 666SYSCALL_DEFINE1(setuid, uid_t, uid)
1da177e4 667{
d84f4f99
DH		 668 const struct cred *old;
669 struct cred *new;
1da177e4
LT		 670 int retval;
671
d84f4f99
DH		 672 new = prepare_creds();
673 if (!new)
674 return -ENOMEM;
675 old = current_cred();
676
1da177e4
LT		 677 retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
678 if (retval)
d84f4f99 679 goto error;
1da177e4 680
d84f4f99 681 retval = -EPERM;
1da177e4 682 if (capable(CAP_SETUID)) {
d84f4f99 683 new->suid = new->uid = uid;
54e99124
DG		 684 if (uid != old->uid) {
685 retval = set_user(new);
686 if (retval < 0)
687 goto error;
d84f4f99
DH		 688 }
689 } else if (uid != old->uid && uid != new->suid) {
690 goto error;
1da177e4 691 }
1da177e4 692
d84f4f99
DH		 693 new->fsuid = new->euid = uid;
694
695 retval = security_task_fix_setuid(new, old, LSM_SETID_ID);
696 if (retval < 0)
697 goto error;
698
699 return commit_creds(new);
1da177e4 700
d84f4f99
DH		 701error:
702 abort_creds(new);
703 return retval;
1da177e4
LT		 704}
705
706
707/*
708 * This function implements a generic ability to update ruid, euid,
709 * and suid. This allows you to implement the 4.4 compatible seteuid().
710 */
ae1251ab 711SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
1da177e4 712{
d84f4f99
DH		 713 const struct cred *old;
714 struct cred *new;
1da177e4
LT		 715 int retval;
716
d84f4f99
DH		 717 new = prepare_creds();
718 if (!new)
719 return -ENOMEM;
720
1da177e4
LT		 721 retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
722 if (retval)
d84f4f99
DH		 723 goto error;
724 old = current_cred();
1da177e4 725
d84f4f99 726 retval = -EPERM;
1da177e4 727 if (!capable(CAP_SETUID)) {
d84f4f99
DH		 728 if (ruid != (uid_t) -1 && ruid != old->uid &&
729 ruid != old->euid && ruid != old->suid)
730 goto error;
731 if (euid != (uid_t) -1 && euid != old->uid &&
732 euid != old->euid && euid != old->suid)
733 goto error;
734 if (suid != (uid_t) -1 && suid != old->uid &&
735 suid != old->euid && suid != old->suid)
736 goto error;
1da177e4 737 }
d84f4f99 738
1da177e4 739 if (ruid != (uid_t) -1) {
d84f4f99 740 new->uid = ruid;
54e99124
DG		 741 if (ruid != old->uid) {
742 retval = set_user(new);
743 if (retval < 0)
744 goto error;
745 }
1da177e4 746 }
d84f4f99
DH		 747 if (euid != (uid_t) -1)
748 new->euid = euid;
1da177e4 749 if (suid != (uid_t) -1)
d84f4f99
DH		 750 new->suid = suid;
751 new->fsuid = new->euid;
1da177e4 752
d84f4f99
DH		 753 retval = security_task_fix_setuid(new, old, LSM_SETID_RES);
754 if (retval < 0)
755 goto error;
1da177e4 756
d84f4f99
DH		 757 return commit_creds(new);
758
759error:
760 abort_creds(new);
761 return retval;
1da177e4
LT		 762}
763
dbf040d9 764SYSCALL_DEFINE3(getresuid, uid_t __user *, ruid, uid_t __user *, euid, uid_t __user *, suid)
1da177e4 765{
86a264ab 766 const struct cred *cred = current_cred();
1da177e4
LT		 767 int retval;
768
86a264ab
DH		 769 if (!(retval = put_user(cred->uid, ruid)) &&
770 !(retval = put_user(cred->euid, euid)))
b6dff3ec 771 retval = put_user(cred->suid, suid);
1da177e4
LT		 772
773 return retval;
774}
775
776/*
777 * Same as above, but for rgid, egid, sgid.
778 */
ae1251ab 779SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
1da177e4 780{
d84f4f99
DH		 781 const struct cred *old;
782 struct cred *new;
1da177e4
LT		 783 int retval;
784
d84f4f99
DH		 785 new = prepare_creds();
786 if (!new)
787 return -ENOMEM;
788 old = current_cred();
789
1da177e4
LT		 790 retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
791 if (retval)
d84f4f99 792 goto error;
1da177e4 793
d84f4f99 794 retval = -EPERM;
1da177e4 795 if (!capable(CAP_SETGID)) {
d84f4f99
DH		 796 if (rgid != (gid_t) -1 && rgid != old->gid &&
797 rgid != old->egid && rgid != old->sgid)
798 goto error;
799 if (egid != (gid_t) -1 && egid != old->gid &&
800 egid != old->egid && egid != old->sgid)
801 goto error;
802 if (sgid != (gid_t) -1 && sgid != old->gid &&
803 sgid != old->egid && sgid != old->sgid)
804 goto error;
1da177e4 805 }
d84f4f99 806
1da177e4 807 if (rgid != (gid_t) -1)
d84f4f99
DH		 808 new->gid = rgid;
809 if (egid != (gid_t) -1)
810 new->egid = egid;
1da177e4 811 if (sgid != (gid_t) -1)
d84f4f99
DH		 812 new->sgid = sgid;
813 new->fsgid = new->egid;
1da177e4 814
d84f4f99
DH		 815 return commit_creds(new);
816
817error:
818 abort_creds(new);
819 return retval;
1da177e4
LT		 820}
821
dbf040d9 822SYSCALL_DEFINE3(getresgid, gid_t __user *, rgid, gid_t __user *, egid, gid_t __user *, sgid)
1da177e4 823{
86a264ab 824 const struct cred *cred = current_cred();
1da177e4
LT		 825 int retval;
826
86a264ab
DH		 827 if (!(retval = put_user(cred->gid, rgid)) &&
828 !(retval = put_user(cred->egid, egid)))
b6dff3ec 829 retval = put_user(cred->sgid, sgid);
1da177e4
LT		 830
831 return retval;
832}
833
834
835/*
836 * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
837 * is used for "access()" and for the NFS daemon (letting nfsd stay at
838 * whatever uid it wants to). It normally shadows "euid", except when
839 * explicitly set by setfsuid() or for access..
840 */
ae1251ab 841SYSCALL_DEFINE1(setfsuid, uid_t, uid)
1da177e4 842{
d84f4f99
DH		 843 const struct cred *old;
844 struct cred *new;
845 uid_t old_fsuid;
846
847 new = prepare_creds();
848 if (!new)
849 return current_fsuid();
850 old = current_cred();
851 old_fsuid = old->fsuid;
1da177e4 852
d84f4f99
DH		 853 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
854 goto error;
1da177e4 855
d84f4f99
DH		 856 if (uid == old->uid || uid == old->euid ||
857 uid == old->suid || uid == old->fsuid ||
756184b7
CP		 858 capable(CAP_SETUID)) {
859 if (uid != old_fsuid) {
d84f4f99
DH		 860 new->fsuid = uid;
861 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
862 goto change_okay;
1da177e4 863 }
1da177e4
LT		 864 }
865
d84f4f99
DH		 866error:
867 abort_creds(new);
868 return old_fsuid;
1da177e4 869
d84f4f99
DH		 870change_okay:
871 commit_creds(new);
1da177e4
LT		 872 return old_fsuid;
873}
874
875/*
f42df9e6 876 * Samma på svenska..
1da177e4 877 */
ae1251ab 878SYSCALL_DEFINE1(setfsgid, gid_t, gid)
1da177e4 879{
d84f4f99
DH		 880 const struct cred *old;
881 struct cred *new;
882 gid_t old_fsgid;
883
884 new = prepare_creds();
885 if (!new)
886 return current_fsgid();
887 old = current_cred();
888 old_fsgid = old->fsgid;
1da177e4 889
1da177e4 890 if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))
d84f4f99 891 goto error;
1da177e4 892
d84f4f99
DH		 893 if (gid == old->gid || gid == old->egid ||
894 gid == old->sgid || gid == old->fsgid ||
756184b7
CP		 895 capable(CAP_SETGID)) {
896 if (gid != old_fsgid) {
d84f4f99
DH		 897 new->fsgid = gid;
898 goto change_okay;
1da177e4 899 }
1da177e4 900 }
d84f4f99
DH		 901
902error:
903 abort_creds(new);
904 return old_fsgid;
905
906change_okay:
907 commit_creds(new);
1da177e4
LT		 908 return old_fsgid;
909}
910
f06febc9
FM		 911void do_sys_times(struct tms *tms)
912{
913 struct task_cputime cputime;
914 cputime_t cutime, cstime;
915
f06febc9 916 thread_group_cputime(current, &cputime);
2b5fe6de 917 spin_lock_irq(&current->sighand->siglock);
f06febc9
FM		 918 cutime = current->signal->cutime;
919 cstime = current->signal->cstime;
920 spin_unlock_irq(&current->sighand->siglock);
921 tms->tms_utime = cputime_to_clock_t(cputime.utime);
922 tms->tms_stime = cputime_to_clock_t(cputime.stime);
923 tms->tms_cutime = cputime_to_clock_t(cutime);
924 tms->tms_cstime = cputime_to_clock_t(cstime);
925}
926
58fd3aa2 927SYSCALL_DEFINE1(times, struct tms __user *, tbuf)
1da177e4 928{
1da177e4
LT		 929 if (tbuf) {
930 struct tms tmp;
f06febc9
FM		 931
932 do_sys_times(&tmp);
1da177e4
LT		 933 if (copy_to_user(tbuf, &tmp, sizeof(struct tms)))
934 return -EFAULT;
935 }
e3d5a27d 936 force_successful_syscall_return();
1da177e4
LT		 937 return (long) jiffies_64_to_clock_t(get_jiffies_64());
938}
939
940/*
941 * This needs some heavy checking ...
942 * I just haven't the stomach for it. I also don't fully
943 * understand sessions/pgrp etc. Let somebody who does explain it.
944 *
945 * OK, I think I have the protection semantics right.... this is really
946 * only important on a multi-user system anyway, to make sure one user
947 * can't send a signal to a process owned by another. -TYT, 12/12/91
948 *
949 * Auch. Had to add the 'did_exec' flag to conform completely to POSIX.
950 * LBT 04.03.94
951 */
b290ebe2 952SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid)
1da177e4
LT		 953{
954 struct task_struct *p;
ee0acf90 955 struct task_struct *group_leader = current->group_leader;
4e021306
ON		 956 struct pid *pgrp;
957 int err;
1da177e4
LT		 958
959 if (!pid)
b488893a 960 pid = task_pid_vnr(group_leader);
1da177e4
LT		 961 if (!pgid)
962 pgid = pid;
963 if (pgid < 0)
964 return -EINVAL;
965
966 /* From this point forward we keep holding onto the tasklist lock
967 * so that our parent does not change from under us. -DaveM
968 */
969 write_lock_irq(&tasklist_lock);
970
971 err = -ESRCH;
4e021306 972 p = find_task_by_vpid(pid);
1da177e4
LT		 973 if (!p)
974 goto out;
975
976 err = -EINVAL;
977 if (!thread_group_leader(p))
978 goto out;
979
4e021306 980 if (same_thread_group(p->real_parent, group_leader)) {
1da177e4 981 err = -EPERM;
41487c65 982 if (task_session(p) != task_session(group_leader))
1da177e4
LT		 983 goto out;
984 err = -EACCES;
985 if (p->did_exec)
986 goto out;
987 } else {
988 err = -ESRCH;
ee0acf90 989 if (p != group_leader)
1da177e4
LT		 990 goto out;
991 }
992
993 err = -EPERM;
994 if (p->signal->leader)
995 goto out;
996
4e021306 997 pgrp = task_pid(p);
1da177e4 998 if (pgid != pid) {
b488893a 999 struct task_struct *g;
1da177e4 1000
4e021306
ON		 1001 pgrp = find_vpid(pgid);
1002 g = pid_task(pgrp, PIDTYPE_PGID);
41487c65 1003 if (!g || task_session(g) != task_session(group_leader))
f020bc46 1004 goto out;
1da177e4
LT		 1005 }
1006
1da177e4
LT		 1007 err = security_task_setpgid(p, pgid);
1008 if (err)
1009 goto out;
1010
1b0f7ffd 1011 if (task_pgrp(p) != pgrp)
83beaf3c 1012 change_pid(p, PIDTYPE_PGID, pgrp);
1da177e4
LT		 1013
1014 err = 0;
1015out:
1016 /* All paths lead to here, thus we are safe. -DaveM */
1017 write_unlock_irq(&tasklist_lock);
1018 return err;
1019}
1020
dbf040d9 1021SYSCALL_DEFINE1(getpgid, pid_t, pid)
1da177e4 1022{
12a3de0a
ON		 1023 struct task_struct *p;
1024 struct pid *grp;
1025 int retval;
1026
1027 rcu_read_lock();
756184b7 1028 if (!pid)
12a3de0a 1029 grp = task_pgrp(current);
756184b7 1030 else {
1da177e4 1031 retval = -ESRCH;
12a3de0a
ON		 1032 p = find_task_by_vpid(pid);
1033 if (!p)
1034 goto out;
1035 grp = task_pgrp(p);
1036 if (!grp)
1037 goto out;
1038
1039 retval = security_task_getpgid(p);
1040 if (retval)
1041 goto out;
1da177e4 1042 }
12a3de0a
ON		 1043 retval = pid_vnr(grp);
1044out:
1045 rcu_read_unlock();
1046 return retval;
1da177e4
LT		 1047}
1048
1049#ifdef __ARCH_WANT_SYS_GETPGRP
1050
dbf040d9 1051SYSCALL_DEFINE0(getpgrp)
1da177e4 1052{
12a3de0a 1053 return sys_getpgid(0);
1da177e4
LT		 1054}
1055
1056#endif
1057
dbf040d9 1058SYSCALL_DEFINE1(getsid, pid_t, pid)
1da177e4 1059{
1dd768c0
ON		 1060 struct task_struct *p;
1061 struct pid *sid;
1062 int retval;
1063
1064 rcu_read_lock();
756184b7 1065 if (!pid)
1dd768c0 1066 sid = task_session(current);
756184b7 1067 else {
1da177e4 1068 retval = -ESRCH;
1dd768c0
ON		 1069 p = find_task_by_vpid(pid);
1070 if (!p)
1071 goto out;
1072 sid = task_session(p);
1073 if (!sid)
1074 goto out;
1075
1076 retval = security_task_getsid(p);
1077 if (retval)
1078 goto out;
1da177e4 1079 }
1dd768c0
ON		 1080 retval = pid_vnr(sid);
1081out:
1082 rcu_read_unlock();
1083 return retval;
1da177e4
LT		 1084}
1085
b290ebe2 1086SYSCALL_DEFINE0(setsid)
1da177e4 1087{
e19f247a 1088 struct task_struct *group_leader = current->group_leader;
e4cc0a9c
ON		 1089 struct pid *sid = task_pid(group_leader);
1090 pid_t session = pid_vnr(sid);
1da177e4
LT		 1091 int err = -EPERM;
1092
1da177e4 1093 write_lock_irq(&tasklist_lock);
390e2ff0
EB		 1094 /* Fail if I am already a session leader */
1095 if (group_leader->signal->leader)
1096 goto out;
1097
430c6231
ON		 1098 /* Fail if a process group id already exists that equals the
1099 * proposed session id.
390e2ff0 1100 */
6806aac6 1101 if (pid_task(sid, PIDTYPE_PGID))
1da177e4
LT		 1102 goto out;
1103
e19f247a 1104 group_leader->signal->leader = 1;
8520d7c7 1105 __set_special_pids(sid);
24ec839c 1106
9c9f4ded 1107 proc_clear_tty(group_leader);
24ec839c 1108
e4cc0a9c 1109 err = session;
1da177e4
LT		 1110out:
1111 write_unlock_irq(&tasklist_lock);
1da177e4
LT		 1112 return err;
1113}
1114
1115/*
1116 * Supplementary group IDs
1117 */
1118
1119/* init to 2 - one for init_task, one to ensure it is never freed */
1120struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
1121
1122struct group_info *groups_alloc(int gidsetsize)
1123{
1124 struct group_info *group_info;
1125 int nblocks;
1126 int i;
1127
1128 nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
1129 /* Make sure we always allocate at least one indirect block pointer */
1130 nblocks = nblocks ? : 1;
1131 group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
1132 if (!group_info)
1133 return NULL;
1134 group_info->ngroups = gidsetsize;
1135 group_info->nblocks = nblocks;
1136 atomic_set(&group_info->usage, 1);
1137
756184b7 1138 if (gidsetsize <= NGROUPS_SMALL)
1da177e4 1139 group_info->blocks[0] = group_info->small_block;
756184b7 1140 else {
1da177e4
LT		 1141 for (i = 0; i < nblocks; i++) {
1142 gid_t *b;
1143 b = (void *)__get_free_page(GFP_USER);
1144 if (!b)
1145 goto out_undo_partial_alloc;
1146 group_info->blocks[i] = b;
1147 }
1148 }
1149 return group_info;
1150
1151out_undo_partial_alloc:
1152 while (--i >= 0) {
1153 free_page((unsigned long)group_info->blocks[i]);
1154 }
1155 kfree(group_info);
1156 return NULL;
1157}
1158
1159EXPORT_SYMBOL(groups_alloc);
1160
1161void groups_free(struct group_info *group_info)
1162{
1163 if (group_info->blocks[0] != group_info->small_block) {
1164 int i;
1165 for (i = 0; i < group_info->nblocks; i++)
1166 free_page((unsigned long)group_info->blocks[i]);
1167 }
1168 kfree(group_info);
1169}
1170
1171EXPORT_SYMBOL(groups_free);
1172
1173/* export the group_info to a user-space array */
1174static int groups_to_user(gid_t __user *grouplist,
d84f4f99 1175 const struct group_info *group_info)
1da177e4
LT		 1176{
1177 int i;
1bf47346 1178 unsigned int count = group_info->ngroups;
1da177e4
LT		 1179
1180 for (i = 0; i < group_info->nblocks; i++) {
1bf47346
ED		 1181 unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
1182 unsigned int len = cp_count * sizeof(*grouplist);
1da177e4 1183
1bf47346 1184 if (copy_to_user(grouplist, group_info->blocks[i], len))
1da177e4
LT		 1185 return -EFAULT;
1186
1bf47346 1187 grouplist += NGROUPS_PER_BLOCK;
1da177e4
LT		 1188 count -= cp_count;
1189 }
1190 return 0;
1191}
1192
1193/* fill a group_info from a user-space array - it must be allocated already */
1194static int groups_from_user(struct group_info *group_info,
1195 gid_t __user *grouplist)
756184b7 1196{
1da177e4 1197 int i;
1bf47346 1198 unsigned int count = group_info->ngroups;
1da177e4
LT		 1199
1200 for (i = 0; i < group_info->nblocks; i++) {
1bf47346
ED		 1201 unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
1202 unsigned int len = cp_count * sizeof(*grouplist);
1da177e4 1203
1bf47346 1204 if (copy_from_user(group_info->blocks[i], grouplist, len))
1da177e4
LT		 1205 return -EFAULT;
1206
1bf47346 1207 grouplist += NGROUPS_PER_BLOCK;
1da177e4
LT		 1208 count -= cp_count;
1209 }
1210 return 0;
1211}
1212
ebe8b541 1213/* a simple Shell sort */
1da177e4
LT		 1214static void groups_sort(struct group_info *group_info)
1215{
1216 int base, max, stride;
1217 int gidsetsize = group_info->ngroups;
1218
1219 for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
1220 ; /* nothing */
1221 stride /= 3;
1222
1223 while (stride) {
1224 max = gidsetsize - stride;
1225 for (base = 0; base < max; base++) {
1226 int left = base;
1227 int right = left + stride;
1228 gid_t tmp = GROUP_AT(group_info, right);
1229
1230 while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
1231 GROUP_AT(group_info, right) =
1232 GROUP_AT(group_info, left);
1233 right = left;
1234 left -= stride;
1235 }
1236 GROUP_AT(group_info, right) = tmp;
1237 }
1238 stride /= 3;
1239 }
1240}
1241
1242/* a simple bsearch */
86a264ab 1243int groups_search(const struct group_info *group_info, gid_t grp)
1da177e4 1244{
d74beb9f 1245 unsigned int left, right;
1da177e4
LT		 1246
1247 if (!group_info)
1248 return 0;
1249
1250 left = 0;
1251 right = group_info->ngroups;
1252 while (left < right) {
d74beb9f 1253 unsigned int mid = (left+right)/2;
1da177e4
LT		 1254 int cmp = grp - GROUP_AT(group_info, mid);
1255 if (cmp > 0)
1256 left = mid + 1;
1257 else if (cmp < 0)
1258 right = mid;
1259 else
1260 return 1;
1261 }
1262 return 0;
1263}
1264
b6dff3ec 1265/**
d84f4f99
DH		 1266 * set_groups - Change a group subscription in a set of credentials
1267 * @new: The newly prepared set of credentials to alter
1268 * @group_info: The group list to install
b6dff3ec 1269 *
d84f4f99
DH		 1270 * Validate a group subscription and, if valid, insert it into a set
1271 * of credentials.
b6dff3ec 1272 */
d84f4f99 1273int set_groups(struct cred *new, struct group_info *group_info)
1da177e4
LT		 1274{
1275 int retval;
1da177e4
LT		 1276
1277 retval = security_task_setgroups(group_info);
1278 if (retval)
1279 return retval;
1280
d84f4f99 1281 put_group_info(new->group_info);
1da177e4
LT		 1282 groups_sort(group_info);
1283 get_group_info(group_info);
d84f4f99 1284 new->group_info = group_info;
1da177e4
LT		 1285 return 0;
1286}
1287
b6dff3ec
DH		 1288EXPORT_SYMBOL(set_groups);
1289
1290/**
1291 * set_current_groups - Change current's group subscription
1292 * @group_info: The group list to impose
1293 *
1294 * Validate a group subscription and, if valid, impose it upon current's task
1295 * security record.
1296 */
1297int set_current_groups(struct group_info *group_info)
1298{
d84f4f99
DH		 1299 struct cred *new;
1300 int ret;
1301
1302 new = prepare_creds();
1303 if (!new)
1304 return -ENOMEM;
1305
1306 ret = set_groups(new, group_info);
1307 if (ret < 0) {
1308 abort_creds(new);
1309 return ret;
1310 }
1311
1312 return commit_creds(new);
b6dff3ec
DH		 1313}
1314
1da177e4
LT		 1315EXPORT_SYMBOL(set_current_groups);
1316
ae1251ab 1317SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
1da177e4 1318{
86a264ab
DH		 1319 const struct cred *cred = current_cred();
1320 int i;
1da177e4
LT		 1321
1322 if (gidsetsize < 0)
1323 return -EINVAL;
1324
1325 /* no need to grab task_lock here; it cannot change */
b6dff3ec 1326 i = cred->group_info->ngroups;
1da177e4
LT		 1327 if (gidsetsize) {
1328 if (i > gidsetsize) {
1329 i = -EINVAL;
1330 goto out;
1331 }
b6dff3ec 1332 if (groups_to_user(grouplist, cred->group_info)) {
1da177e4
LT		 1333 i = -EFAULT;
1334 goto out;
1335 }
1336 }
1337out:
1da177e4
LT		 1338 return i;
1339}
1340
1341/*
1342 * SMP: Our groups are copy-on-write. We can set them safely
1343 * without another task interfering.
1344 */
1345
b290ebe2 1346SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
1da177e4
LT		 1347{
1348 struct group_info *group_info;
1349 int retval;
1350
1351 if (!capable(CAP_SETGID))
1352 return -EPERM;
1353 if ((unsigned)gidsetsize > NGROUPS_MAX)
1354 return -EINVAL;
1355
1356 group_info = groups_alloc(gidsetsize);
1357 if (!group_info)
1358 return -ENOMEM;
1359 retval = groups_from_user(group_info, grouplist);
1360 if (retval) {
1361 put_group_info(group_info);
1362 return retval;
1363 }
1364
1365 retval = set_current_groups(group_info);
1366 put_group_info(group_info);
1367
1368 return retval;
1369}
1370
1371/*
1372 * Check whether we're fsgid/egid or in the supplemental group..
1373 */
1374int in_group_p(gid_t grp)
1375{
86a264ab 1376 const struct cred *cred = current_cred();
1da177e4 1377 int retval = 1;
86a264ab 1378
b6dff3ec
DH		 1379 if (grp != cred->fsgid)
1380 retval = groups_search(cred->group_info, grp);
1da177e4
LT		 1381 return retval;
1382}
1383
1384EXPORT_SYMBOL(in_group_p);
1385
1386int in_egroup_p(gid_t grp)
1387{
86a264ab 1388 const struct cred *cred = current_cred();
1da177e4 1389 int retval = 1;
86a264ab 1390
b6dff3ec
DH		 1391 if (grp != cred->egid)
1392 retval = groups_search(cred->group_info, grp);
1da177e4
LT		 1393 return retval;
1394}
1395
1396EXPORT_SYMBOL(in_egroup_p);
1397
1398DECLARE_RWSEM(uts_sem);
1399
e48fbb69 1400SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name)
1da177e4
LT		 1401{
1402 int errno = 0;
1403
1404 down_read(&uts_sem);
e9ff3990 1405 if (copy_to_user(name, utsname(), sizeof *name))
1da177e4
LT		 1406 errno = -EFAULT;
1407 up_read(&uts_sem);
1408 return errno;
1409}
1410
5a8a82b1 1411SYSCALL_DEFINE2(sethostname, char __user *, name, int, len)
1da177e4
LT		 1412{
1413 int errno;
1414 char tmp[__NEW_UTS_LEN];
1415
1416 if (!capable(CAP_SYS_ADMIN))
1417 return -EPERM;
1418 if (len < 0 || len > __NEW_UTS_LEN)
1419 return -EINVAL;
1420 down_write(&uts_sem);
1421 errno = -EFAULT;
1422 if (!copy_from_user(tmp, name, len)) {
9679e4dd
AM		 1423 struct new_utsname *u = utsname();
1424
1425 memcpy(u->nodename, tmp, len);
1426 memset(u->nodename + len, 0, sizeof(u->nodename) - len);
1da177e4
LT		 1427 errno = 0;
1428 }
1429 up_write(&uts_sem);
1430 return errno;
1431}
1432
1433#ifdef __ARCH_WANT_SYS_GETHOSTNAME
1434
5a8a82b1 1435SYSCALL_DEFINE2(gethostname, char __user *, name, int, len)
1da177e4
LT		 1436{
1437 int i, errno;
9679e4dd 1438 struct new_utsname *u;
1da177e4
LT		 1439
1440 if (len < 0)
1441 return -EINVAL;
1442 down_read(&uts_sem);
9679e4dd
AM		 1443 u = utsname();
1444 i = 1 + strlen(u->nodename);
1da177e4
LT		 1445 if (i > len)
1446 i = len;
1447 errno = 0;
9679e4dd 1448 if (copy_to_user(name, u->nodename, i))
1da177e4
LT		 1449 errno = -EFAULT;
1450 up_read(&uts_sem);
1451 return errno;
1452}
1453
1454#endif
1455
1456/*
1457 * Only setdomainname; getdomainname can be implemented by calling
1458 * uname()
1459 */
5a8a82b1 1460SYSCALL_DEFINE2(setdomainname, char __user *, name, int, len)
1da177e4
LT		 1461{
1462 int errno;
1463 char tmp[__NEW_UTS_LEN];
1464
1465 if (!capable(CAP_SYS_ADMIN))
1466 return -EPERM;
1467 if (len < 0 || len > __NEW_UTS_LEN)
1468 return -EINVAL;
1469
1470 down_write(&uts_sem);
1471 errno = -EFAULT;
1472 if (!copy_from_user(tmp, name, len)) {
9679e4dd
AM		 1473 struct new_utsname *u = utsname();
1474
1475 memcpy(u->domainname, tmp, len);
1476 memset(u->domainname + len, 0, sizeof(u->domainname) - len);
1da177e4
LT		 1477 errno = 0;
1478 }
1479 up_write(&uts_sem);
1480 return errno;
1481}
1482
e48fbb69 1483SYSCALL_DEFINE2(getrlimit, unsigned int, resource, struct rlimit __user *, rlim)
1da177e4
LT		 1484{
1485 if (resource >= RLIM_NLIMITS)
1486 return -EINVAL;
1487 else {
1488 struct rlimit value;
1489 task_lock(current->group_leader);
1490 value = current->signal->rlim[resource];
1491 task_unlock(current->group_leader);
1492 return copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0;
1493 }
1494}
1495
1496#ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT
1497
1498/*
1499 * Back compatibility for getrlimit. Needed for some apps.
1500 */
1501
e48fbb69
HC		 1502SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource,
1503 struct rlimit __user *, rlim)
1da177e4
LT		 1504{
1505 struct rlimit x;
1506 if (resource >= RLIM_NLIMITS)
1507 return -EINVAL;
1508
1509 task_lock(current->group_leader);
1510 x = current->signal->rlim[resource];
1511 task_unlock(current->group_leader);
756184b7 1512 if (x.rlim_cur > 0x7FFFFFFF)
1da177e4 1513 x.rlim_cur = 0x7FFFFFFF;
756184b7 1514 if (x.rlim_max > 0x7FFFFFFF)
1da177e4
LT		 1515 x.rlim_max = 0x7FFFFFFF;
1516 return copy_to_user(rlim, &x, sizeof(x))?-EFAULT:0;
1517}
1518
1519#endif
1520
e48fbb69 1521SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
1da177e4
LT		 1522{
1523 struct rlimit new_rlim, *old_rlim;
1524 int retval;
1525
1526 if (resource >= RLIM_NLIMITS)
1527 return -EINVAL;
ec9e16ba 1528 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
1da177e4 1529 return -EFAULT;
60fd760f
AM		 1530 if (new_rlim.rlim_cur > new_rlim.rlim_max)
1531 return -EINVAL;
1da177e4
LT		 1532 old_rlim = current->signal->rlim + resource;
1533 if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
1534 !capable(CAP_SYS_RESOURCE))
1535 return -EPERM;
60fd760f
AM		 1536 if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
1537 return -EPERM;
1da177e4
LT		 1538
1539 retval = security_task_setrlimit(resource, &new_rlim);
1540 if (retval)
1541 return retval;
1542
9926e4c7
TA		 1543 if (resource == RLIMIT_CPU && new_rlim.rlim_cur == 0) {
1544 /*
1545 * The caller is asking for an immediate RLIMIT_CPU
1546 * expiry. But we use the zero value to mean "it was
1547 * never set". So let's cheat and make it one second
1548 * instead
1549 */
1550 new_rlim.rlim_cur = 1;
1551 }
1552
1da177e4
LT		 1553 task_lock(current->group_leader);
1554 *old_rlim = new_rlim;
1555 task_unlock(current->group_leader);
1556
ec9e16ba
AM		 1557 if (resource != RLIMIT_CPU)
1558 goto out;
d3561f78
AM		 1559
1560 /*
1561 * RLIMIT_CPU handling. Note that the kernel fails to return an error
1562 * code if it rejected the user's attempt to set RLIMIT_CPU. This is a
1563 * very long-standing error, and fixing it now risks breakage of
1564 * applications, so we live with it
1565 */
ec9e16ba
AM		 1566 if (new_rlim.rlim_cur == RLIM_INFINITY)
1567 goto out;
1568
f06febc9 1569 update_rlimit_cpu(new_rlim.rlim_cur);
ec9e16ba 1570out:
1da177e4
LT		 1571 return 0;
1572}
1573
1574/*
1575 * It would make sense to put struct rusage in the task_struct,
1576 * except that would make the task_struct be *really big*. After
1577 * task_struct gets moved into malloc'ed memory, it would
1578 * make sense to do this. It will make moving the rest of the information
1579 * a lot simpler! (Which we're not doing right now because we're not
1580 * measuring them yet).
1581 *
1da177e4
LT		 1582 * When sampling multiple threads for RUSAGE_SELF, under SMP we might have
1583 * races with threads incrementing their own counters. But since word
1584 * reads are atomic, we either get new values or old values and we don't
1585 * care which for the sums. We always take the siglock to protect reading
1586 * the c* fields from p->signal from races with exit.c updating those
1587 * fields when reaping, so a sample either gets all the additions of a
1588 * given child after it's reaped, or none so this sample is before reaping.
2dd0ebcd 1589 *
de047c1b
RT		 1590 * Locking:
1591 * We need to take the siglock for CHILDEREN, SELF and BOTH
1592 * for the cases current multithreaded, non-current single threaded
1593 * non-current multithreaded. Thread traversal is now safe with
1594 * the siglock held.
1595 * Strictly speaking, we donot need to take the siglock if we are current and
1596 * single threaded, as no one else can take our signal_struct away, no one
1597 * else can reap the children to update signal->c* counters, and no one else
1598 * can race with the signal-> fields. If we do not take any lock, the
1599 * signal-> fields could be read out of order while another thread was just
1600 * exiting. So we should place a read memory barrier when we avoid the lock.
1601 * On the writer side, write memory barrier is implied in __exit_signal
1602 * as __exit_signal releases the siglock spinlock after updating the signal->
1603 * fields. But we don't do this yet to keep things simple.
2dd0ebcd 1604 *
1da177e4
LT		 1605 */
1606
f06febc9 1607static void accumulate_thread_rusage(struct task_struct *t, struct rusage *r)
679c9cd4 1608{
679c9cd4
SK		 1609 r->ru_nvcsw += t->nvcsw;
1610 r->ru_nivcsw += t->nivcsw;
1611 r->ru_minflt += t->min_flt;
1612 r->ru_majflt += t->maj_flt;
1613 r->ru_inblock += task_io_get_inblock(t);
1614 r->ru_oublock += task_io_get_oublock(t);
1615}
1616
1da177e4
LT		 1617static void k_getrusage(struct task_struct *p, int who, struct rusage *r)
1618{
1619 struct task_struct *t;
1620 unsigned long flags;
1621 cputime_t utime, stime;
f06febc9 1622 struct task_cputime cputime;
1da177e4
LT		 1623
1624 memset((char *) r, 0, sizeof *r);
2dd0ebcd 1625 utime = stime = cputime_zero;
1da177e4 1626
679c9cd4 1627 if (who == RUSAGE_THREAD) {
8916edef
KM		 1628 utime = task_utime(current);
1629 stime = task_stime(current);
f06febc9 1630 accumulate_thread_rusage(p, r);
679c9cd4
SK		 1631 goto out;
1632 }
1633
d6cf723a 1634 if (!lock_task_sighand(p, &flags))
de047c1b 1635 return;
0f59cc4a 1636
1da177e4 1637 switch (who) {
0f59cc4a 1638 case RUSAGE_BOTH:
1da177e4 1639 case RUSAGE_CHILDREN:
1da177e4
LT		 1640 utime = p->signal->cutime;
1641 stime = p->signal->cstime;
1642 r->ru_nvcsw = p->signal->cnvcsw;
1643 r->ru_nivcsw = p->signal->cnivcsw;
1644 r->ru_minflt = p->signal->cmin_flt;
1645 r->ru_majflt = p->signal->cmaj_flt;
6eaeeaba
ED		 1646 r->ru_inblock = p->signal->cinblock;
1647 r->ru_oublock = p->signal->coublock;
0f59cc4a
ON		 1648
1649 if (who == RUSAGE_CHILDREN)
1650 break;
1651
1da177e4 1652 case RUSAGE_SELF:
f06febc9
FM		 1653 thread_group_cputime(p, &cputime);
1654 utime = cputime_add(utime, cputime.utime);
1655 stime = cputime_add(stime, cputime.stime);
1da177e4
LT		 1656 r->ru_nvcsw += p->signal->nvcsw;
1657 r->ru_nivcsw += p->signal->nivcsw;
1658 r->ru_minflt += p->signal->min_flt;
1659 r->ru_majflt += p->signal->maj_flt;
6eaeeaba
ED		 1660 r->ru_inblock += p->signal->inblock;
1661 r->ru_oublock += p->signal->oublock;
1da177e4
LT		 1662 t = p;
1663 do {
f06febc9 1664 accumulate_thread_rusage(t, r);
1da177e4
LT		 1665 t = next_thread(t);
1666 } while (t != p);
1da177e4 1667 break;
0f59cc4a 1668
1da177e4
LT		 1669 default:
1670 BUG();
1671 }
de047c1b 1672 unlock_task_sighand(p, &flags);
de047c1b 1673
679c9cd4 1674out:
0f59cc4a
ON		 1675 cputime_to_timeval(utime, &r->ru_utime);
1676 cputime_to_timeval(stime, &r->ru_stime);
1da177e4
LT		 1677}
1678
1679int getrusage(struct task_struct *p, int who, struct rusage __user *ru)
1680{
1681 struct rusage r;
1da177e4 1682 k_getrusage(p, who, &r);
1da177e4
LT		 1683 return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0;
1684}
1685
e48fbb69 1686SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru)
1da177e4 1687{
679c9cd4
SK		 1688 if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN &&
1689 who != RUSAGE_THREAD)
1da177e4
LT		 1690 return -EINVAL;
1691 return getrusage(current, who, ru);
1692}
1693
e48fbb69 1694SYSCALL_DEFINE1(umask, int, mask)
1da177e4
LT		 1695{
1696 mask = xchg(&current->fs->umask, mask & S_IRWXUGO);
1697 return mask;
1698}
3b7391de 1699
c4ea37c2
HC		 1700SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1701 unsigned long, arg4, unsigned long, arg5)
1da177e4 1702{
b6dff3ec
DH		 1703 struct task_struct *me = current;
1704 unsigned char comm[sizeof(me->comm)];
1705 long error;
1da177e4 1706
d84f4f99
DH		 1707 error = security_task_prctl(option, arg2, arg3, arg4, arg5);
1708 if (error != -ENOSYS)
1da177e4
LT		 1709 return error;
1710
d84f4f99 1711 error = 0;
1da177e4
LT		 1712 switch (option) {
1713 case PR_SET_PDEATHSIG:
0730ded5 1714 if (!valid_signal(arg2)) {
1da177e4
LT		 1715 error = -EINVAL;
1716 break;
1717 }
b6dff3ec
DH		 1718 me->pdeath_signal = arg2;
1719 error = 0;
1da177e4
LT		 1720 break;
1721 case PR_GET_PDEATHSIG:
b6dff3ec 1722 error = put_user(me->pdeath_signal, (int __user *)arg2);
1da177e4
LT		 1723 break;
1724 case PR_GET_DUMPABLE:
b6dff3ec 1725 error = get_dumpable(me->mm);
1da177e4
LT		 1726 break;
1727 case PR_SET_DUMPABLE:
abf75a50 1728 if (arg2 < 0 || arg2 > 1) {
1da177e4
LT		 1729 error = -EINVAL;
1730 break;
1731 }
b6dff3ec
DH		 1732 set_dumpable(me->mm, arg2);
1733 error = 0;
1da177e4
LT		 1734 break;
1735
1736 case PR_SET_UNALIGN:
b6dff3ec 1737 error = SET_UNALIGN_CTL(me, arg2);
1da177e4
LT		 1738 break;
1739 case PR_GET_UNALIGN:
b6dff3ec 1740 error = GET_UNALIGN_CTL(me, arg2);
1da177e4
LT		 1741 break;
1742 case PR_SET_FPEMU:
b6dff3ec 1743 error = SET_FPEMU_CTL(me, arg2);
1da177e4
LT		 1744 break;
1745 case PR_GET_FPEMU:
b6dff3ec 1746 error = GET_FPEMU_CTL(me, arg2);
1da177e4
LT		 1747 break;
1748 case PR_SET_FPEXC:
b6dff3ec 1749 error = SET_FPEXC_CTL(me, arg2);
1da177e4
LT		 1750 break;
1751 case PR_GET_FPEXC:
b6dff3ec 1752 error = GET_FPEXC_CTL(me, arg2);
1da177e4
LT		 1753 break;
1754 case PR_GET_TIMING:
1755 error = PR_TIMING_STATISTICAL;
1756 break;
1757 case PR_SET_TIMING:
7b26655f 1758 if (arg2 != PR_TIMING_STATISTICAL)
1da177e4 1759 error = -EINVAL;
b6dff3ec
DH		 1760 else
1761 error = 0;
1da177e4
LT		 1762 break;
1763
b6dff3ec
DH		 1764 case PR_SET_NAME:
1765 comm[sizeof(me->comm)-1] = 0;
1766 if (strncpy_from_user(comm, (char __user *)arg2,
1767 sizeof(me->comm) - 1) < 0)
1da177e4 1768 return -EFAULT;
b6dff3ec 1769 set_task_comm(me, comm);
1da177e4 1770 return 0;
b6dff3ec
DH		 1771 case PR_GET_NAME:
1772 get_task_comm(comm, me);
1773 if (copy_to_user((char __user *)arg2, comm,
1774 sizeof(comm)))
1da177e4
LT		 1775 return -EFAULT;
1776 return 0;
651d765d 1777 case PR_GET_ENDIAN:
b6dff3ec 1778 error = GET_ENDIAN(me, arg2);
651d765d
AB		 1779 break;
1780 case PR_SET_ENDIAN:
b6dff3ec 1781 error = SET_ENDIAN(me, arg2);
651d765d
AB		 1782 break;
1783
1d9d02fe
AA		 1784 case PR_GET_SECCOMP:
1785 error = prctl_get_seccomp();
1786 break;
1787 case PR_SET_SECCOMP:
1788 error = prctl_set_seccomp(arg2);
1789 break;
8fb402bc
EB		 1790 case PR_GET_TSC:
1791 error = GET_TSC_CTL(arg2);
1792 break;
1793 case PR_SET_TSC:
1794 error = SET_TSC_CTL(arg2);
1795 break;
6976675d
AV		 1796 case PR_GET_TIMERSLACK:
1797 error = current->timer_slack_ns;
1798 break;
1799 case PR_SET_TIMERSLACK:
1800 if (arg2 <= 0)
1801 current->timer_slack_ns =
1802 current->default_timer_slack_ns;
1803 else
1804 current->timer_slack_ns = arg2;
b6dff3ec 1805 error = 0;
6976675d 1806 break;
1da177e4
LT		 1807 default:
1808 error = -EINVAL;
1809 break;
1810 }
1811 return error;
1812}
3cfc348b 1813
836f92ad
HC		 1814SYSCALL_DEFINE3(getcpu, unsigned __user *, cpup, unsigned __user *, nodep,
1815 struct getcpu_cache __user *, unused)
3cfc348b
AK		 1816{
1817 int err = 0;
1818 int cpu = raw_smp_processor_id();
1819 if (cpup)
1820 err |= put_user(cpu, cpup);
1821 if (nodep)
1822 err |= put_user(cpu_to_node(cpu), nodep);
3cfc348b
AK		 1823 return err ? -EFAULT : 0;
1824}
10a0a8d4
JF		 1825
1826char poweroff_cmd[POWEROFF_CMD_PATH_LEN] = "/sbin/poweroff";
1827
1828static void argv_cleanup(char **argv, char **envp)
1829{
1830 argv_free(argv);
1831}
1832
1833/**
1834 * orderly_poweroff - Trigger an orderly system poweroff
1835 * @force: force poweroff if command execution fails
1836 *
1837 * This may be called from any context to trigger a system shutdown.
1838 * If the orderly shutdown fails, it will force an immediate shutdown.
1839 */
1840int orderly_poweroff(bool force)
1841{
1842 int argc;
1843 char **argv = argv_split(GFP_ATOMIC, poweroff_cmd, &argc);
1844 static char *envp[] = {
1845 "HOME=/",
1846 "PATH=/sbin:/bin:/usr/sbin:/usr/bin",
1847 NULL
1848 };
1849 int ret = -ENOMEM;
1850 struct subprocess_info *info;
1851
1852 if (argv == NULL) {
1853 printk(KERN_WARNING "%s failed to allocate memory for \"%s\"\n",
1854 __func__, poweroff_cmd);
1855 goto out;
1856 }
1857
ac331d15 1858 info = call_usermodehelper_setup(argv[0], argv, envp, GFP_ATOMIC);
10a0a8d4
JF		 1859 if (info == NULL) {
1860 argv_free(argv);
1861 goto out;
1862 }
1863
1864 call_usermodehelper_setcleanup(info, argv_cleanup);
1865
86313c48 1866 ret = call_usermodehelper_exec(info, UMH_NO_WAIT);
10a0a8d4
JF		 1867
1868 out:
1869 if (ret && force) {
1870 printk(KERN_WARNING "Failed to start orderly shutdown: "
1871 "forcing the issue\n");
1872
1873 /* I guess this should try to kick off some daemon to
1874 sync and poweroff asap. Or not even bother syncing
1875 if we're doing an emergency shutdown? */
1876 emergency_sync();
1877 kernel_power_off();
1878 }
1879
1880 return ret;
1881}
1882EXPORT_SYMBOL_GPL(orderly_poweroff);
Clone of davem's net-next-2.6 tree