X-Git-Url: http://git.agner.ch/gitweb/?a=blobdiff_plain;f=ipc%2Futil.c;h=0c97cb746160980733569830b1944451f9d33a22;hb=b9b2a700378016cead20f34232be87eea45087d2;hp=8193299f45f664e5b01e74960c804e9421bc4cf1;hpb=3e8e7c93d7eb091463839b5212789c4aae09459e;p=linux-drm-fsl-dcu.git diff --git a/ipc/util.c b/ipc/util.c index 8193299f45f6..0c97cb746160 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -12,9 +12,11 @@ * Mingming Cao * Mar 2006 - support for audit of ipc object properties * Dustin Kirkland + * Jun 2006 - namespaces ssupport + * OpenVZ, SWsoft Inc. + * Pavel Emelianov */ -#include #include #include #include @@ -30,6 +32,7 @@ #include #include #include +#include #include @@ -38,15 +41,116 @@ struct ipc_proc_iface { const char *path; const char *header; - struct ipc_ids *ids; + int ids; int (*show)(struct seq_file *, void *); }; +struct ipc_namespace init_ipc_ns = { + .kref = { + .refcount = ATOMIC_INIT(2), + }, +}; + +#ifdef CONFIG_IPC_NS +static struct ipc_namespace *clone_ipc_ns(struct ipc_namespace *old_ns) +{ + int err; + struct ipc_namespace *ns; + + err = -ENOMEM; + ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL); + if (ns == NULL) + goto err_mem; + + err = sem_init_ns(ns); + if (err) + goto err_sem; + err = msg_init_ns(ns); + if (err) + goto err_msg; + err = shm_init_ns(ns); + if (err) + goto err_shm; + + kref_init(&ns->kref); + return ns; + +err_shm: + msg_exit_ns(ns); +err_msg: + sem_exit_ns(ns); +err_sem: + kfree(ns); +err_mem: + return ERR_PTR(err); +} + +int unshare_ipcs(unsigned long unshare_flags, struct ipc_namespace **new_ipc) +{ + struct ipc_namespace *new; + + if (unshare_flags & CLONE_NEWIPC) { + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + + new = clone_ipc_ns(current->nsproxy->ipc_ns); + if (IS_ERR(new)) + return PTR_ERR(new); + + *new_ipc = new; + } + + return 0; +} + +int copy_ipcs(unsigned long flags, struct task_struct *tsk) +{ + struct ipc_namespace *old_ns = tsk->nsproxy->ipc_ns; + struct ipc_namespace *new_ns; + int err = 0; + + if (!old_ns) + return 0; + + get_ipc_ns(old_ns); + + if (!(flags & CLONE_NEWIPC)) + return 0; + + if (!capable(CAP_SYS_ADMIN)) { + err = -EPERM; + goto out; + } + + new_ns = clone_ipc_ns(old_ns); + if (!new_ns) { + err = -ENOMEM; + goto out; + } + + tsk->nsproxy->ipc_ns = new_ns; +out: + put_ipc_ns(old_ns); + return err; +} + +void free_ipc_ns(struct kref *kref) +{ + struct ipc_namespace *ns; + + ns = container_of(kref, struct ipc_namespace, kref); + sem_exit_ns(ns); + msg_exit_ns(ns); + shm_exit_ns(ns); + kfree(ns); +} +#endif + /** * ipc_init - initialise IPC subsystem * * The various system5 IPC resources (semaphores, messages and shared - * memory are initialised + * memory) are initialised */ static int __init ipc_init(void) @@ -68,7 +172,7 @@ __initcall(ipc_init); * array itself. */ -void __init ipc_init_ids(struct ipc_ids* ids, int size) +void __ipc_init ipc_init_ids(struct ipc_ids* ids, int size) { int i; @@ -103,16 +207,14 @@ void __init ipc_init_ids(struct ipc_ids* ids, int size) #ifdef CONFIG_PROC_FS static struct file_operations sysvipc_proc_fops; /** - * ipc_init_proc_interface - Create a proc interface for sysipc types - * using a seq_file interface. + * ipc_init_proc_interface - Create a proc interface for sysipc types using a seq_file interface. * @path: Path in procfs * @header: Banner to be printed at the beginning of the file. * @ids: ipc id table to iterate. * @show: show routine. */ void __init ipc_init_proc_interface(const char *path, const char *header, - struct ipc_ids *ids, - int (*show)(struct seq_file *, void *)) + int ids, int (*show)(struct seq_file *, void *)) { struct proc_dir_entry *pde; struct ipc_proc_iface *iface; @@ -198,7 +300,7 @@ static int grow_ary(struct ipc_ids* ids, int newsize) */ rcu_assign_pointer(ids->entries, new); - ipc_rcu_putref(old); + __ipc_fini_ids(ids, old); return newsize; } @@ -314,7 +416,7 @@ void* ipc_alloc(int size) * @ptr: pointer returned by ipc_alloc * @size: size of block * - * Free a block created with ipc_alloc. The caller must know the size + * Free a block created with ipc_alloc(). The caller must know the size * used in the allocation call. */ @@ -411,12 +513,17 @@ void ipc_rcu_getref(void *ptr) container_of(ptr, struct ipc_rcu_hdr, data)->refcount++; } +static void ipc_do_vfree(struct work_struct *work) +{ + vfree(container_of(work, struct ipc_rcu_sched, work)); +} + /** * ipc_schedule_free - free ipc + rcu space * @head: RCU callback structure for queued work * * Since RCU callback function is called in bh, - * we need to defer the vfree to schedule_work + * we need to defer the vfree to schedule_work(). */ static void ipc_schedule_free(struct rcu_head *head) { @@ -425,7 +532,7 @@ static void ipc_schedule_free(struct rcu_head *head) struct ipc_rcu_sched *sched = container_of(&(grace->data[0]), struct ipc_rcu_sched, data[0]); - INIT_WORK(&sched->work, vfree, sched); + INIT_WORK(&sched->work, ipc_do_vfree); schedule_work(&sched->work); } @@ -433,7 +540,7 @@ static void ipc_schedule_free(struct rcu_head *head) * ipc_immediate_free - free ipc + rcu space * @head: RCU callback structure that contains pointer to be freed * - * Free from the RCU callback context + * Free from the RCU callback context. */ static void ipc_immediate_free(struct rcu_head *head) { @@ -495,8 +602,8 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag) * @in: kernel permissions * @out: new style IPC permissions * - * Turn the kernel object 'in' into a set of permissions descriptions - * for returning to userspace (out). + * Turn the kernel object @in into a set of permissions descriptions + * for returning to userspace (@out). */ @@ -516,8 +623,8 @@ void kernel_to_ipc64_perm (struct kern_ipc_perm *in, struct ipc64_perm *out) * @in: new style IPC permissions * @out: old style IPC permissions * - * Turn the new style permissions object in into a compatibility - * object and store it into the 'out' pointer. + * Turn the new style permissions object @in into a compatibility + * object and store it into the @out pointer. */ void ipc64_perm_to_ipc_perm (struct ipc64_perm *in, struct ipc_perm *out) @@ -614,7 +721,7 @@ int ipc_checkid(struct ipc_ids* ids, struct kern_ipc_perm* ipcp, int uid) * @cmd: pointer to command * * Return IPC_64 for new style IPC and IPC_OLD for old style IPC. - * The cmd value is turned from an encoding command and version into + * The @cmd value is turned from an encoding command and version into * just the command code. */ @@ -636,6 +743,9 @@ static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) struct ipc_proc_iface *iface = s->private; struct kern_ipc_perm *ipc = it; loff_t p; + struct ipc_ids *ids; + + ids = current->nsproxy->ipc_ns->ids[iface->ids]; /* If we had an ipc id locked before, unlock it */ if (ipc && ipc != SEQ_START_TOKEN) @@ -645,8 +755,8 @@ static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) * p = *pos - 1 (because id 0 starts at position 1) * + 1 (because we increment the position by one) */ - for (p = *pos; p <= iface->ids->max_id; p++) { - if ((ipc = ipc_lock(iface->ids, p)) != NULL) { + for (p = *pos; p <= ids->max_id; p++) { + if ((ipc = ipc_lock(ids, p)) != NULL) { *pos = p + 1; return ipc; } @@ -665,12 +775,15 @@ static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) struct ipc_proc_iface *iface = s->private; struct kern_ipc_perm *ipc; loff_t p; + struct ipc_ids *ids; + + ids = current->nsproxy->ipc_ns->ids[iface->ids]; /* * Take the lock - this will be released by the corresponding * call to stop(). */ - mutex_lock(&iface->ids->mutex); + mutex_lock(&ids->mutex); /* pos < 0 is invalid */ if (*pos < 0) @@ -681,8 +794,8 @@ static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) return SEQ_START_TOKEN; /* Find the (pos-1)th ipc */ - for (p = *pos - 1; p <= iface->ids->max_id; p++) { - if ((ipc = ipc_lock(iface->ids, p)) != NULL) { + for (p = *pos - 1; p <= ids->max_id; p++) { + if ((ipc = ipc_lock(ids, p)) != NULL) { *pos = p + 1; return ipc; } @@ -694,13 +807,15 @@ static void sysvipc_proc_stop(struct seq_file *s, void *it) { struct kern_ipc_perm *ipc = it; struct ipc_proc_iface *iface = s->private; + struct ipc_ids *ids; /* If we had a locked segment, release it */ if (ipc && ipc != SEQ_START_TOKEN) ipc_unlock(ipc); + ids = current->nsproxy->ipc_ns->ids[iface->ids]; /* Release the lock we took in start() */ - mutex_unlock(&iface->ids->mutex); + mutex_unlock(&ids->mutex); } static int sysvipc_proc_show(struct seq_file *s, void *it)