Root/
1 | /* scm.c - Socket level control messages processing. |
2 | * |
3 | * Author: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> |
4 | * Alignment and value checking mods by Craig Metz |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #include <linux/module.h> |
13 | #include <linux/signal.h> |
14 | #include <linux/capability.h> |
15 | #include <linux/errno.h> |
16 | #include <linux/sched.h> |
17 | #include <linux/mm.h> |
18 | #include <linux/kernel.h> |
19 | #include <linux/stat.h> |
20 | #include <linux/socket.h> |
21 | #include <linux/file.h> |
22 | #include <linux/fcntl.h> |
23 | #include <linux/net.h> |
24 | #include <linux/interrupt.h> |
25 | #include <linux/netdevice.h> |
26 | #include <linux/security.h> |
27 | #include <linux/pid_namespace.h> |
28 | #include <linux/pid.h> |
29 | #include <linux/nsproxy.h> |
30 | #include <linux/slab.h> |
31 | |
32 | #include <asm/uaccess.h> |
33 | |
34 | #include <net/protocol.h> |
35 | #include <linux/skbuff.h> |
36 | #include <net/sock.h> |
37 | #include <net/compat.h> |
38 | #include <net/scm.h> |
39 | #include <net/cls_cgroup.h> |
40 | |
41 | |
42 | /* |
43 | * Only allow a user to send credentials, that they could set with |
44 | * setu(g)id. |
45 | */ |
46 | |
47 | static __inline__ int scm_check_creds(struct ucred *creds) |
48 | { |
49 | const struct cred *cred = current_cred(); |
50 | kuid_t uid = make_kuid(cred->user_ns, creds->uid); |
51 | kgid_t gid = make_kgid(cred->user_ns, creds->gid); |
52 | |
53 | if (!uid_valid(uid) || !gid_valid(gid)) |
54 | return -EINVAL; |
55 | |
56 | if ((creds->pid == task_tgid_vnr(current) || |
57 | ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && |
58 | ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || |
59 | uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && |
60 | ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || |
61 | gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { |
62 | return 0; |
63 | } |
64 | return -EPERM; |
65 | } |
66 | |
67 | static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) |
68 | { |
69 | int *fdp = (int*)CMSG_DATA(cmsg); |
70 | struct scm_fp_list *fpl = *fplp; |
71 | struct file **fpp; |
72 | int i, num; |
73 | |
74 | num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int); |
75 | |
76 | if (num <= 0) |
77 | return 0; |
78 | |
79 | if (num > SCM_MAX_FD) |
80 | return -EINVAL; |
81 | |
82 | if (!fpl) |
83 | { |
84 | fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); |
85 | if (!fpl) |
86 | return -ENOMEM; |
87 | *fplp = fpl; |
88 | fpl->count = 0; |
89 | fpl->max = SCM_MAX_FD; |
90 | } |
91 | fpp = &fpl->fp[fpl->count]; |
92 | |
93 | if (fpl->count + num > fpl->max) |
94 | return -EINVAL; |
95 | |
96 | /* |
97 | * Verify the descriptors and increment the usage count. |
98 | */ |
99 | |
100 | for (i=0; i< num; i++) |
101 | { |
102 | int fd = fdp[i]; |
103 | struct file *file; |
104 | |
105 | if (fd < 0 || !(file = fget_raw(fd))) |
106 | return -EBADF; |
107 | *fpp++ = file; |
108 | fpl->count++; |
109 | } |
110 | return num; |
111 | } |
112 | |
113 | void __scm_destroy(struct scm_cookie *scm) |
114 | { |
115 | struct scm_fp_list *fpl = scm->fp; |
116 | int i; |
117 | |
118 | if (fpl) { |
119 | scm->fp = NULL; |
120 | for (i=fpl->count-1; i>=0; i--) |
121 | fput(fpl->fp[i]); |
122 | kfree(fpl); |
123 | } |
124 | } |
125 | EXPORT_SYMBOL(__scm_destroy); |
126 | |
127 | int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p) |
128 | { |
129 | struct cmsghdr *cmsg; |
130 | int err; |
131 | |
132 | for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) |
133 | { |
134 | err = -EINVAL; |
135 | |
136 | /* Verify that cmsg_len is at least sizeof(struct cmsghdr) */ |
137 | /* The first check was omitted in <= 2.2.5. The reasoning was |
138 | that parser checks cmsg_len in any case, so that |
139 | additional check would be work duplication. |
140 | But if cmsg_level is not SOL_SOCKET, we do not check |
141 | for too short ancillary data object at all! Oops. |
142 | OK, let's add it... |
143 | */ |
144 | if (!CMSG_OK(msg, cmsg)) |
145 | goto error; |
146 | |
147 | if (cmsg->cmsg_level != SOL_SOCKET) |
148 | continue; |
149 | |
150 | switch (cmsg->cmsg_type) |
151 | { |
152 | case SCM_RIGHTS: |
153 | if (!sock->ops || sock->ops->family != PF_UNIX) |
154 | goto error; |
155 | err=scm_fp_copy(cmsg, &p->fp); |
156 | if (err<0) |
157 | goto error; |
158 | break; |
159 | case SCM_CREDENTIALS: |
160 | { |
161 | struct ucred creds; |
162 | kuid_t uid; |
163 | kgid_t gid; |
164 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) |
165 | goto error; |
166 | memcpy(&creds, CMSG_DATA(cmsg), sizeof(struct ucred)); |
167 | err = scm_check_creds(&creds); |
168 | if (err) |
169 | goto error; |
170 | |
171 | p->creds.pid = creds.pid; |
172 | if (!p->pid || pid_vnr(p->pid) != creds.pid) { |
173 | struct pid *pid; |
174 | err = -ESRCH; |
175 | pid = find_get_pid(creds.pid); |
176 | if (!pid) |
177 | goto error; |
178 | put_pid(p->pid); |
179 | p->pid = pid; |
180 | } |
181 | |
182 | err = -EINVAL; |
183 | uid = make_kuid(current_user_ns(), creds.uid); |
184 | gid = make_kgid(current_user_ns(), creds.gid); |
185 | if (!uid_valid(uid) || !gid_valid(gid)) |
186 | goto error; |
187 | |
188 | p->creds.uid = uid; |
189 | p->creds.gid = gid; |
190 | break; |
191 | } |
192 | default: |
193 | goto error; |
194 | } |
195 | } |
196 | |
197 | if (p->fp && !p->fp->count) |
198 | { |
199 | kfree(p->fp); |
200 | p->fp = NULL; |
201 | } |
202 | return 0; |
203 | |
204 | error: |
205 | scm_destroy(p); |
206 | return err; |
207 | } |
208 | EXPORT_SYMBOL(__scm_send); |
209 | |
210 | int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) |
211 | { |
212 | struct cmsghdr __user *cm |
213 | = (__force struct cmsghdr __user *)msg->msg_control; |
214 | struct cmsghdr cmhdr; |
215 | int cmlen = CMSG_LEN(len); |
216 | int err; |
217 | |
218 | if (MSG_CMSG_COMPAT & msg->msg_flags) |
219 | return put_cmsg_compat(msg, level, type, len, data); |
220 | |
221 | if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { |
222 | msg->msg_flags |= MSG_CTRUNC; |
223 | return 0; /* XXX: return error? check spec. */ |
224 | } |
225 | if (msg->msg_controllen < cmlen) { |
226 | msg->msg_flags |= MSG_CTRUNC; |
227 | cmlen = msg->msg_controllen; |
228 | } |
229 | cmhdr.cmsg_level = level; |
230 | cmhdr.cmsg_type = type; |
231 | cmhdr.cmsg_len = cmlen; |
232 | |
233 | err = -EFAULT; |
234 | if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) |
235 | goto out; |
236 | if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) |
237 | goto out; |
238 | cmlen = CMSG_SPACE(len); |
239 | if (msg->msg_controllen < cmlen) |
240 | cmlen = msg->msg_controllen; |
241 | msg->msg_control += cmlen; |
242 | msg->msg_controllen -= cmlen; |
243 | err = 0; |
244 | out: |
245 | return err; |
246 | } |
247 | EXPORT_SYMBOL(put_cmsg); |
248 | |
249 | void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) |
250 | { |
251 | struct cmsghdr __user *cm |
252 | = (__force struct cmsghdr __user*)msg->msg_control; |
253 | |
254 | int fdmax = 0; |
255 | int fdnum = scm->fp->count; |
256 | struct file **fp = scm->fp->fp; |
257 | int __user *cmfptr; |
258 | int err = 0, i; |
259 | |
260 | if (MSG_CMSG_COMPAT & msg->msg_flags) { |
261 | scm_detach_fds_compat(msg, scm); |
262 | return; |
263 | } |
264 | |
265 | if (msg->msg_controllen > sizeof(struct cmsghdr)) |
266 | fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr)) |
267 | / sizeof(int)); |
268 | |
269 | if (fdnum < fdmax) |
270 | fdmax = fdnum; |
271 | |
272 | for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax; |
273 | i++, cmfptr++) |
274 | { |
275 | struct socket *sock; |
276 | int new_fd; |
277 | err = security_file_receive(fp[i]); |
278 | if (err) |
279 | break; |
280 | err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags |
281 | ? O_CLOEXEC : 0); |
282 | if (err < 0) |
283 | break; |
284 | new_fd = err; |
285 | err = put_user(new_fd, cmfptr); |
286 | if (err) { |
287 | put_unused_fd(new_fd); |
288 | break; |
289 | } |
290 | /* Bump the usage count and install the file. */ |
291 | sock = sock_from_file(fp[i], &err); |
292 | if (sock) { |
293 | sock_update_netprioidx(sock->sk); |
294 | sock_update_classid(sock->sk); |
295 | } |
296 | fd_install(new_fd, get_file(fp[i])); |
297 | } |
298 | |
299 | if (i > 0) |
300 | { |
301 | int cmlen = CMSG_LEN(i*sizeof(int)); |
302 | err = put_user(SOL_SOCKET, &cm->cmsg_level); |
303 | if (!err) |
304 | err = put_user(SCM_RIGHTS, &cm->cmsg_type); |
305 | if (!err) |
306 | err = put_user(cmlen, &cm->cmsg_len); |
307 | if (!err) { |
308 | cmlen = CMSG_SPACE(i*sizeof(int)); |
309 | msg->msg_control += cmlen; |
310 | msg->msg_controllen -= cmlen; |
311 | } |
312 | } |
313 | if (i < fdnum || (fdnum && fdmax <= 0)) |
314 | msg->msg_flags |= MSG_CTRUNC; |
315 | |
316 | /* |
317 | * All of the files that fit in the message have had their |
318 | * usage counts incremented, so we just free the list. |
319 | */ |
320 | __scm_destroy(scm); |
321 | } |
322 | EXPORT_SYMBOL(scm_detach_fds); |
323 | |
324 | struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) |
325 | { |
326 | struct scm_fp_list *new_fpl; |
327 | int i; |
328 | |
329 | if (!fpl) |
330 | return NULL; |
331 | |
332 | new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]), |
333 | GFP_KERNEL); |
334 | if (new_fpl) { |
335 | for (i = 0; i < fpl->count; i++) |
336 | get_file(fpl->fp[i]); |
337 | new_fpl->max = new_fpl->count; |
338 | } |
339 | return new_fpl; |
340 | } |
341 | EXPORT_SYMBOL(scm_fp_dup); |
342 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9