From: Peter Hurley <peter@hurleysoftware.com>
To: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, Dave Jones <davej@redhat.com>,
Peter Hurley <peter@hurleysoftware.com>
Subject: [PATCH 08/10] ipc: Implement MSG_COPY as a new receive mode
Date: Mon, 25 Feb 2013 21:21:45 -0500 [thread overview]
Message-ID: <1361845307-12737-9-git-send-email-peter@hurleysoftware.com> (raw)
In-Reply-To: <1361845307-12737-1-git-send-email-peter@hurleysoftware.com>
Teach the helper routines about MSG_COPY so that
msgtyp is preserved as the message number to copy.
The security functions affected by this change were audited
and no additional changes are necessary.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
ipc/msg.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index e8d3f15..418c5a5 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -66,6 +66,7 @@ struct msg_sender {
#define SEARCH_EQUAL 2
#define SEARCH_NOTEQUAL 3
#define SEARCH_LESSEQUAL 4
+#define SEARCH_NUMBER 5
#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS])
@@ -583,6 +584,7 @@ static int testmsg(struct msg_msg *msg, long type, int mode)
switch(mode)
{
case SEARCH_ANY:
+ case SEARCH_NUMBER:
return 1;
case SEARCH_LESSEQUAL:
if (msg->m_type <=type)
@@ -738,6 +740,8 @@ SYSCALL_DEFINE4(msgsnd, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz,
static inline int convert_mode(long *msgtyp, int msgflg)
{
+ if (msgflg & MSG_COPY)
+ return SEARCH_NUMBER;
/*
* find message of correct type.
* msgtyp = 0 => get first.
@@ -774,14 +778,10 @@ static long do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
* This function creates new kernel message structure, large enough to store
* bufsz message bytes.
*/
-static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz,
- int msgflg, long *msgtyp,
- unsigned long *copy_number)
+static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz)
{
struct msg_msg *copy;
- *copy_number = *msgtyp;
- *msgtyp = 0;
/*
* Create dummy message to copy real message to.
*/
@@ -797,9 +797,7 @@ static inline void free_copy(struct msg_msg *copy)
free_msg(copy);
}
#else
-static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz,
- int msgflg, long *msgtyp,
- unsigned long *copy_number)
+static inline struct msg_msg *prepare_copy(void __user *buf, size_t bufsz)
{
return ERR_PTR(-ENOSYS);
}
@@ -818,18 +816,17 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp,
int mode;
struct ipc_namespace *ns;
struct msg_msg *copy = NULL;
- unsigned long copy_number = 0;
ns = current->nsproxy->ipc_ns;
if (msqid < 0 || (long) bufsz < 0)
return -EINVAL;
if (msgflg & MSG_COPY) {
- copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax),
- msgflg, &msgtyp, ©_number);
+ copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax));
if (IS_ERR(copy))
return PTR_ERR(copy);
}
+
mode = convert_mode(&msgtyp, msgflg);
msq = msg_lock_check(ns, msqid);
@@ -861,8 +858,8 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp,
if (mode == SEARCH_LESSEQUAL &&
walk_msg->m_type != 1) {
msgtyp = walk_msg->m_type - 1;
- } else if (msgflg & MSG_COPY) {
- if (copy_number == msg_counter)
+ } else if (mode == SEARCH_NUMBER) {
+ if (msgtyp == msg_counter)
break;
} else
break;
--
1.8.1.2
next prev parent reply other threads:[~2013-02-26 2:23 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-26 2:21 [PATCH 00/10] ipc MSG_COPY fixes Peter Hurley
2013-02-26 2:21 ` [PATCH 01/10] ipc: Fix potential oops when src msg > 4k w/ MSG_COPY Peter Hurley
2013-02-26 2:21 ` [PATCH 02/10] ipc: Clamp with min() Peter Hurley
2013-02-26 2:21 ` [PATCH 03/10] ipc: Separate msg allocation from userspace copy Peter Hurley
2013-02-26 2:21 ` [PATCH 04/10] ipc: Tighten msg copy loops Peter Hurley
2013-02-26 2:21 ` [PATCH 05/10] ipc: Set EFAULT as default error in load_msg() Peter Hurley
2013-02-26 2:21 ` [PATCH 06/10] ipc: Don't allocate a copy larger than max Peter Hurley
2013-02-26 2:21 ` [PATCH 07/10] ipc: Remove msg handling from queue scan Peter Hurley
2013-02-26 2:21 ` Peter Hurley [this message]
2013-02-26 2:21 ` [PATCH 09/10] ipc: Simplify msg list search Peter Hurley
2013-02-26 2:48 ` [PATCH v2 " Peter Hurley
2013-02-26 2:21 ` [PATCH 10/10] ipc: Refactor msg list search into separate function Peter Hurley
2013-02-26 2:55 ` [PATCH v2 " Peter Hurley
2013-02-26 7:53 ` [PATCH 00/10] ipc MSG_COPY fixes Stanislav Kinsbursky
2013-02-26 12:00 ` Peter Hurley
2013-03-01 4:12 ` Stanislav Kinsbursky
2013-02-28 23:46 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1361845307-12737-9-git-send-email-peter@hurleysoftware.com \
--to=peter@hurleysoftware.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=skinsbursky@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.