1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/slab.h>
29#include <linux/mm.h>
30#include <linux/hugetlb.h>
31#include <linux/shm.h>
32#include <linux/init.h>
33#include <linux/file.h>
34#include <linux/mman.h>
35#include <linux/shmem_fs.h>
36#include <linux/security.h>
37#include <linux/syscalls.h>
38#include <linux/audit.h>
39#include <linux/capability.h>
40#include <linux/ptrace.h>
41#include <linux/seq_file.h>
42#include <linux/rwsem.h>
43#include <linux/nsproxy.h>
44#include <linux/mount.h>
45#include <linux/ipc_namespace.h>
46
47#include <linux/uaccess.h>
48
49#include "util.h"
50
51struct shmid_kernel
52{
53 struct kern_ipc_perm shm_perm;
54 struct file *shm_file;
55 unsigned long shm_nattch;
56 unsigned long shm_segsz;
57 time64_t shm_atim;
58 time64_t shm_dtim;
59 time64_t shm_ctim;
60 struct pid *shm_cprid;
61 struct pid *shm_lprid;
62 struct user_struct *mlock_user;
63
64
65 struct task_struct *shm_creator;
66 struct list_head shm_clist;
67} __randomize_layout;
68
69
70#define SHM_DEST 01000
71#define SHM_LOCKED 02000
72
73struct shm_file_data {
74 int id;
75 struct ipc_namespace *ns;
76 struct file *file;
77 const struct vm_operations_struct *vm_ops;
78};
79
80#define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data))
81
82static const struct file_operations shm_file_operations;
83static const struct vm_operations_struct shm_vm_ops;
84
85#define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS])
86
87#define shm_unlock(shp) \
88 ipc_unlock(&(shp)->shm_perm)
89
90static int newseg(struct ipc_namespace *, struct ipc_params *);
91static void shm_open(struct vm_area_struct *vma);
92static void shm_close(struct vm_area_struct *vma);
93static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
94#ifdef CONFIG_PROC_FS
95static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
96#endif
97
98int shm_init_ns(struct ipc_namespace *ns)
99{
100 ns->shm_ctlmax = SHMMAX;
101 ns->shm_ctlall = SHMALL;
102 ns->shm_ctlmni = SHMMNI;
103 ns->shm_rmid_forced = 0;
104 ns->shm_tot = 0;
105 return ipc_init_ids(&shm_ids(ns));
106}
107
108
109
110
111
112static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
113{
114 struct shmid_kernel *shp;
115
116 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
117
118 if (shp->shm_nattch) {
119 shp->shm_perm.mode |= SHM_DEST;
120
121 ipc_set_key_private(&shm_ids(ns), &shp->shm_perm);
122 shm_unlock(shp);
123 } else
124 shm_destroy(ns, shp);
125}
126
127#ifdef CONFIG_IPC_NS
128void shm_exit_ns(struct ipc_namespace *ns)
129{
130 free_ipcs(ns, &shm_ids(ns), do_shm_rmid);
131 idr_destroy(&ns->ids[IPC_SHM_IDS].ipcs_idr);
132 rhashtable_destroy(&ns->ids[IPC_SHM_IDS].key_ht);
133}
134#endif
135
136static int __init ipc_ns_init(void)
137{
138 const int err = shm_init_ns(&init_ipc_ns);
139 WARN(err, "ipc: sysv shm_init_ns failed: %d\n", err);
140 return err;
141}
142
143pure_initcall(ipc_ns_init);
144
145void __init shm_init(void)
146{
147 ipc_init_proc_interface("sysvipc/shm",
148#if BITS_PER_LONG <= 32
149 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
150#else
151 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
152#endif
153 IPC_SHM_IDS, sysvipc_shm_proc_show);
154}
155
156static inline struct shmid_kernel *shm_obtain_object(struct ipc_namespace *ns, int id)
157{
158 struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&shm_ids(ns), id);
159
160 if (IS_ERR(ipcp))
161 return ERR_CAST(ipcp);
162
163 return container_of(ipcp, struct shmid_kernel, shm_perm);
164}
165
166static inline struct shmid_kernel *shm_obtain_object_check(struct ipc_namespace *ns, int id)
167{
168 struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&shm_ids(ns), id);
169
170 if (IS_ERR(ipcp))
171 return ERR_CAST(ipcp);
172
173 return container_of(ipcp, struct shmid_kernel, shm_perm);
174}
175
176
177
178
179
180static inline struct shmid_kernel *shm_lock(struct ipc_namespace *ns, int id)
181{
182 struct kern_ipc_perm *ipcp = ipc_lock(&shm_ids(ns), id);
183
184
185
186
187
188
189 if (IS_ERR(ipcp))
190 return (void *)ipcp;
191 return container_of(ipcp, struct shmid_kernel, shm_perm);
192}
193
194static inline void shm_lock_by_ptr(struct shmid_kernel *ipcp)
195{
196 rcu_read_lock();
197 ipc_lock_object(&ipcp->shm_perm);
198}
199
200static void shm_rcu_free(struct rcu_head *head)
201{
202 struct kern_ipc_perm *ptr = container_of(head, struct kern_ipc_perm,
203 rcu);
204 struct shmid_kernel *shp = container_of(ptr, struct shmid_kernel,
205 shm_perm);
206 security_shm_free(&shp->shm_perm);
207 kvfree(shp);
208}
209
210static inline void shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *s)
211{
212 list_del(&s->shm_clist);
213 ipc_rmid(&shm_ids(ns), &s->shm_perm);
214}
215
216
217static int __shm_open(struct vm_area_struct *vma)
218{
219 struct file *file = vma->vm_file;
220 struct shm_file_data *sfd = shm_file_data(file);
221 struct shmid_kernel *shp;
222
223 shp = shm_lock(sfd->ns, sfd->id);
224
225 if (IS_ERR(shp))
226 return PTR_ERR(shp);
227
228 if (shp->shm_file != sfd->file) {
229
230 shm_unlock(shp);
231 return -EINVAL;
232 }
233
234 shp->shm_atim = ktime_get_real_seconds();
235 ipc_update_pid(&shp->shm_lprid, task_tgid(current));
236 shp->shm_nattch++;
237 shm_unlock(shp);
238 return 0;
239}
240
241
242static void shm_open(struct vm_area_struct *vma)
243{
244 int err = __shm_open(vma);
245
246
247
248
249 WARN_ON_ONCE(err);
250}
251
252
253
254
255
256
257
258
259
260
261static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
262{
263 struct file *shm_file;
264
265 shm_file = shp->shm_file;
266 shp->shm_file = NULL;
267 ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
268 shm_rmid(ns, shp);
269 shm_unlock(shp);
270 if (!is_file_hugepages(shm_file))
271 shmem_lock(shm_file, 0, shp->mlock_user);
272 else if (shp->mlock_user)
273 user_shm_unlock(i_size_read(file_inode(shm_file)),
274 shp->mlock_user);
275 fput(shm_file);
276 ipc_update_pid(&shp->shm_cprid, NULL);
277 ipc_update_pid(&shp->shm_lprid, NULL);
278 ipc_rcu_putref(&shp->shm_perm, shm_rcu_free);
279}
280
281
282
283
284
285
286
287
288
289
290
291static bool shm_may_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
292{
293 return (shp->shm_nattch == 0) &&
294 (ns->shm_rmid_forced ||
295 (shp->shm_perm.mode & SHM_DEST));
296}
297
298
299
300
301
302
303
304static void shm_close(struct vm_area_struct *vma)
305{
306 struct file *file = vma->vm_file;
307 struct shm_file_data *sfd = shm_file_data(file);
308 struct shmid_kernel *shp;
309 struct ipc_namespace *ns = sfd->ns;
310
311 down_write(&shm_ids(ns).rwsem);
312
313 shp = shm_lock(ns, sfd->id);
314
315
316
317
318
319 if (WARN_ON_ONCE(IS_ERR(shp)))
320 goto done;
321
322 ipc_update_pid(&shp->shm_lprid, task_tgid(current));
323 shp->shm_dtim = ktime_get_real_seconds();
324 shp->shm_nattch--;
325 if (shm_may_destroy(ns, shp))
326 shm_destroy(ns, shp);
327 else
328 shm_unlock(shp);
329done:
330 up_write(&shm_ids(ns).rwsem);
331}
332
333
334static int shm_try_destroy_orphaned(int id, void *p, void *data)
335{
336 struct ipc_namespace *ns = data;
337 struct kern_ipc_perm *ipcp = p;
338 struct shmid_kernel *shp = container_of(ipcp, struct shmid_kernel, shm_perm);
339
340
341
342
343
344
345
346 if (shp->shm_creator != NULL)
347 return 0;
348
349 if (shm_may_destroy(ns, shp)) {
350 shm_lock_by_ptr(shp);
351 shm_destroy(ns, shp);
352 }
353 return 0;
354}
355
356void shm_destroy_orphaned(struct ipc_namespace *ns)
357{
358 down_write(&shm_ids(ns).rwsem);
359 if (shm_ids(ns).in_use)
360 idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_orphaned, ns);
361 up_write(&shm_ids(ns).rwsem);
362}
363
364
365void exit_shm(struct task_struct *task)
366{
367 struct ipc_namespace *ns = task->nsproxy->ipc_ns;
368 struct shmid_kernel *shp, *n;
369
370 if (list_empty(&task->sysvshm.shm_clist))
371 return;
372
373
374
375
376
377
378 if (!ns->shm_rmid_forced) {
379 down_read(&shm_ids(ns).rwsem);
380 list_for_each_entry(shp, &task->sysvshm.shm_clist, shm_clist)
381 shp->shm_creator = NULL;
382
383
384
385
386 list_del(&task->sysvshm.shm_clist);
387 up_read(&shm_ids(ns).rwsem);
388 return;
389 }
390
391
392
393
394
395
396 down_write(&shm_ids(ns).rwsem);
397 list_for_each_entry_safe(shp, n, &task->sysvshm.shm_clist, shm_clist) {
398 shp->shm_creator = NULL;
399
400 if (shm_may_destroy(ns, shp)) {
401 shm_lock_by_ptr(shp);
402 shm_destroy(ns, shp);
403 }
404 }
405
406
407 list_del(&task->sysvshm.shm_clist);
408 up_write(&shm_ids(ns).rwsem);
409}
410
411static int shm_fault(struct vm_fault *vmf)
412{
413 struct file *file = vmf->vma->vm_file;
414 struct shm_file_data *sfd = shm_file_data(file);
415
416 return sfd->vm_ops->fault(vmf);
417}
418
419static int shm_split(struct vm_area_struct *vma, unsigned long addr)
420{
421 struct file *file = vma->vm_file;
422 struct shm_file_data *sfd = shm_file_data(file);
423
424 if (sfd->vm_ops->split)
425 return sfd->vm_ops->split(vma, addr);
426
427 return 0;
428}
429
430#ifdef CONFIG_NUMA
431static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new)
432{
433 struct file *file = vma->vm_file;
434 struct shm_file_data *sfd = shm_file_data(file);
435 int err = 0;
436
437 if (sfd->vm_ops->set_policy)
438 err = sfd->vm_ops->set_policy(vma, new);
439 return err;
440}
441
442static struct mempolicy *shm_get_policy(struct vm_area_struct *vma,
443 unsigned long addr)
444{
445 struct file *file = vma->vm_file;
446 struct shm_file_data *sfd = shm_file_data(file);
447 struct mempolicy *pol = NULL;
448
449 if (sfd->vm_ops->get_policy)
450 pol = sfd->vm_ops->get_policy(vma, addr);
451 else if (vma->vm_policy)
452 pol = vma->vm_policy;
453
454 return pol;
455}
456#endif
457
458static int shm_mmap(struct file *file, struct vm_area_struct *vma)
459{
460 struct shm_file_data *sfd = shm_file_data(file);
461 int ret;
462
463
464
465
466
467
468 ret = __shm_open(vma);
469 if (ret)
470 return ret;
471
472 ret = call_mmap(sfd->file, vma);
473 if (ret) {
474 shm_close(vma);
475 return ret;
476 }
477 sfd->vm_ops = vma->vm_ops;
478#ifdef CONFIG_MMU
479 WARN_ON(!sfd->vm_ops->fault);
480#endif
481 vma->vm_ops = &shm_vm_ops;
482 return 0;
483}
484
485static int shm_release(struct inode *ino, struct file *file)
486{
487 struct shm_file_data *sfd = shm_file_data(file);
488
489 put_ipc_ns(sfd->ns);
490 fput(sfd->file);
491 shm_file_data(file) = NULL;
492 kfree(sfd);
493 return 0;
494}
495
496static int shm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
497{
498 struct shm_file_data *sfd = shm_file_data(file);
499
500 if (!sfd->file->f_op->fsync)
501 return -EINVAL;
502 return sfd->file->f_op->fsync(sfd->file, start, end, datasync);
503}
504
505static long shm_fallocate(struct file *file, int mode, loff_t offset,
506 loff_t len)
507{
508 struct shm_file_data *sfd = shm_file_data(file);
509
510 if (!sfd->file->f_op->fallocate)
511 return -EOPNOTSUPP;
512 return sfd->file->f_op->fallocate(file, mode, offset, len);
513}
514
515static unsigned long shm_get_unmapped_area(struct file *file,
516 unsigned long addr, unsigned long len, unsigned long pgoff,
517 unsigned long flags)
518{
519 struct shm_file_data *sfd = shm_file_data(file);
520
521 return sfd->file->f_op->get_unmapped_area(sfd->file, addr, len,
522 pgoff, flags);
523}
524
525static const struct file_operations shm_file_operations = {
526 .mmap = shm_mmap,
527 .fsync = shm_fsync,
528 .release = shm_release,
529 .get_unmapped_area = shm_get_unmapped_area,
530 .llseek = noop_llseek,
531 .fallocate = shm_fallocate,
532};
533
534
535
536
537
538static const struct file_operations shm_file_operations_huge = {
539 .mmap = shm_mmap,
540 .fsync = shm_fsync,
541 .release = shm_release,
542 .get_unmapped_area = shm_get_unmapped_area,
543 .llseek = noop_llseek,
544 .fallocate = shm_fallocate,
545};
546
547bool is_file_shm_hugepages(struct file *file)
548{
549 return file->f_op == &shm_file_operations_huge;
550}
551
552static const struct vm_operations_struct shm_vm_ops = {
553 .open = shm_open,
554 .close = shm_close,
555 .fault = shm_fault,
556 .split = shm_split,
557#if defined(CONFIG_NUMA)
558 .set_policy = shm_set_policy,
559 .get_policy = shm_get_policy,
560#endif
561};
562
563
564
565
566
567
568
569
570static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
571{
572 key_t key = params->key;
573 int shmflg = params->flg;
574 size_t size = params->u.size;
575 int error;
576 struct shmid_kernel *shp;
577 size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
578 struct file *file;
579 char name[13];
580 vm_flags_t acctflag = 0;
581
582 if (size < SHMMIN || size > ns->shm_ctlmax)
583 return -EINVAL;
584
585 if (numpages << PAGE_SHIFT < size)
586 return -ENOSPC;
587
588 if (ns->shm_tot + numpages < ns->shm_tot ||
589 ns->shm_tot + numpages > ns->shm_ctlall)
590 return -ENOSPC;
591
592 shp = kvmalloc(sizeof(*shp), GFP_KERNEL);
593 if (unlikely(!shp))
594 return -ENOMEM;
595
596 shp->shm_perm.key = key;
597 shp->shm_perm.mode = (shmflg & S_IRWXUGO);
598 shp->mlock_user = NULL;
599
600 shp->shm_perm.security = NULL;
601 error = security_shm_alloc(&shp->shm_perm);
602 if (error) {
603 kvfree(shp);
604 return error;
605 }
606
607 sprintf(name, "SYSV%08x", key);
608 if (shmflg & SHM_HUGETLB) {
609 struct hstate *hs;
610 size_t hugesize;
611
612 hs = hstate_sizelog((shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK);
613 if (!hs) {
614 error = -EINVAL;
615 goto no_file;
616 }
617 hugesize = ALIGN(size, huge_page_size(hs));
618
619
620 if (shmflg & SHM_NORESERVE)
621 acctflag = VM_NORESERVE;
622 file = hugetlb_file_setup(name, hugesize, acctflag,
623 &shp->mlock_user, HUGETLB_SHMFS_INODE,
624 (shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK);
625 } else {
626
627
628
629
630 if ((shmflg & SHM_NORESERVE) &&
631 sysctl_overcommit_memory != OVERCOMMIT_NEVER)
632 acctflag = VM_NORESERVE;
633 file = shmem_kernel_file_setup(name, size, acctflag);
634 }
635 error = PTR_ERR(file);
636 if (IS_ERR(file))
637 goto no_file;
638
639 shp->shm_cprid = get_pid(task_tgid(current));
640 shp->shm_lprid = NULL;
641 shp->shm_atim = shp->shm_dtim = 0;
642 shp->shm_ctim = ktime_get_real_seconds();
643 shp->shm_segsz = size;
644 shp->shm_nattch = 0;
645 shp->shm_file = file;
646 shp->shm_creator = current;
647
648
649 error = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
650 if (error < 0)
651 goto no_id;
652
653 list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist);
654
655
656
657
658
659 file_inode(file)->i_ino = shp->shm_perm.id;
660
661 ns->shm_tot += numpages;
662 error = shp->shm_perm.id;
663
664 ipc_unlock_object(&shp->shm_perm);
665 rcu_read_unlock();
666 return error;
667
668no_id:
669 ipc_update_pid(&shp->shm_cprid, NULL);
670 ipc_update_pid(&shp->shm_lprid, NULL);
671 if (is_file_hugepages(file) && shp->mlock_user)
672 user_shm_unlock(size, shp->mlock_user);
673 fput(file);
674no_file:
675 call_rcu(&shp->shm_perm.rcu, shm_rcu_free);
676 return error;
677}
678
679
680
681
682static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
683 struct ipc_params *params)
684{
685 struct shmid_kernel *shp;
686
687 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
688 if (shp->shm_segsz < params->u.size)
689 return -EINVAL;
690
691 return 0;
692}
693
694long ksys_shmget(key_t key, size_t size, int shmflg)
695{
696 struct ipc_namespace *ns;
697 static const struct ipc_ops shm_ops = {
698 .getnew = newseg,
699 .associate = security_shm_associate,
700 .more_checks = shm_more_checks,
701 };
702 struct ipc_params shm_params;
703
704 ns = current->nsproxy->ipc_ns;
705
706 shm_params.key = key;
707 shm_params.flg = shmflg;
708 shm_params.u.size = size;
709
710 return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
711}
712
713SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
714{
715 return ksys_shmget(key, size, shmflg);
716}
717
718static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
719{
720 switch (version) {
721 case IPC_64:
722 return copy_to_user(buf, in, sizeof(*in));
723 case IPC_OLD:
724 {
725 struct shmid_ds out;
726
727 memset(&out, 0, sizeof(out));
728 ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
729 out.shm_segsz = in->shm_segsz;
730 out.shm_atime = in->shm_atime;
731 out.shm_dtime = in->shm_dtime;
732 out.shm_ctime = in->shm_ctime;
733 out.shm_cpid = in->shm_cpid;
734 out.shm_lpid = in->shm_lpid;
735 out.shm_nattch = in->shm_nattch;
736
737 return copy_to_user(buf, &out, sizeof(out));
738 }
739 default:
740 return -EINVAL;
741 }
742}
743
744static inline unsigned long
745copy_shmid_from_user(struct shmid64_ds *out, void __user *buf, int version)
746{
747 switch (version) {
748 case IPC_64:
749 if (copy_from_user(out, buf, sizeof(*out)))
750 return -EFAULT;
751 return 0;
752 case IPC_OLD:
753 {
754 struct shmid_ds tbuf_old;
755
756 if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old)))
757 return -EFAULT;
758
759 out->shm_perm.uid = tbuf_old.shm_perm.uid;
760 out->shm_perm.gid = tbuf_old.shm_perm.gid;
761 out->shm_perm.mode = tbuf_old.shm_perm.mode;
762
763 return 0;
764 }
765 default:
766 return -EINVAL;
767 }
768}
769
770static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminfo64 *in, int version)
771{
772 switch (version) {
773 case IPC_64:
774 return copy_to_user(buf, in, sizeof(*in));
775 case IPC_OLD:
776 {
777 struct shminfo out;
778
779 if (in->shmmax > INT_MAX)
780 out.shmmax = INT_MAX;
781 else
782 out.shmmax = (int)in->shmmax;
783
784 out.shmmin = in->shmmin;
785 out.shmmni = in->shmmni;
786 out.shmseg = in->shmseg;
787 out.shmall = in->shmall;
788
789 return copy_to_user(buf, &out, sizeof(out));
790 }
791 default:
792 return -EINVAL;
793 }
794}
795
796
797
798
799
800static void shm_add_rss_swap(struct shmid_kernel *shp,
801 unsigned long *rss_add, unsigned long *swp_add)
802{
803 struct inode *inode;
804
805 inode = file_inode(shp->shm_file);
806
807 if (is_file_hugepages(shp->shm_file)) {
808 struct address_space *mapping = inode->i_mapping;
809 struct hstate *h = hstate_file(shp->shm_file);
810 *rss_add += pages_per_huge_page(h) * mapping->nrpages;
811 } else {
812#ifdef CONFIG_SHMEM
813 struct shmem_inode_info *info = SHMEM_I(inode);
814
815 spin_lock_irq(&info->lock);
816 *rss_add += inode->i_mapping->nrpages;
817 *swp_add += info->swapped;
818 spin_unlock_irq(&info->lock);
819#else
820 *rss_add += inode->i_mapping->nrpages;
821#endif
822 }
823}
824
825
826
827
828static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss,
829 unsigned long *swp)
830{
831 int next_id;
832 int total, in_use;
833
834 *rss = 0;
835 *swp = 0;
836
837 in_use = shm_ids(ns).in_use;
838
839 for (total = 0, next_id = 0; total < in_use; next_id++) {
840 struct kern_ipc_perm *ipc;
841 struct shmid_kernel *shp;
842
843 ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id);
844 if (ipc == NULL)
845 continue;
846 shp = container_of(ipc, struct shmid_kernel, shm_perm);
847
848 shm_add_rss_swap(shp, rss, swp);
849
850 total++;
851 }
852}
853
854
855
856
857
858
859static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
860 struct shmid64_ds *shmid64)
861{
862 struct kern_ipc_perm *ipcp;
863 struct shmid_kernel *shp;
864 int err;
865
866 down_write(&shm_ids(ns).rwsem);
867 rcu_read_lock();
868
869 ipcp = ipcctl_pre_down_nolock(ns, &shm_ids(ns), shmid, cmd,
870 &shmid64->shm_perm, 0);
871 if (IS_ERR(ipcp)) {
872 err = PTR_ERR(ipcp);
873 goto out_unlock1;
874 }
875
876 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
877
878 err = security_shm_shmctl(&shp->shm_perm, cmd);
879 if (err)
880 goto out_unlock1;
881
882 switch (cmd) {
883 case IPC_RMID:
884 ipc_lock_object(&shp->shm_perm);
885
886 do_shm_rmid(ns, ipcp);
887 goto out_up;
888 case IPC_SET:
889 ipc_lock_object(&shp->shm_perm);
890 err = ipc_update_perm(&shmid64->shm_perm, ipcp);
891 if (err)
892 goto out_unlock0;
893 shp->shm_ctim = ktime_get_real_seconds();
894 break;
895 default:
896 err = -EINVAL;
897 goto out_unlock1;
898 }
899
900out_unlock0:
901 ipc_unlock_object(&shp->shm_perm);
902out_unlock1:
903 rcu_read_unlock();
904out_up:
905 up_write(&shm_ids(ns).rwsem);
906 return err;
907}
908
909static int shmctl_ipc_info(struct ipc_namespace *ns,
910 struct shminfo64 *shminfo)
911{
912 int err = security_shm_shmctl(NULL, IPC_INFO);
913 if (!err) {
914 memset(shminfo, 0, sizeof(*shminfo));
915 shminfo->shmmni = shminfo->shmseg = ns->shm_ctlmni;
916 shminfo->shmmax = ns->shm_ctlmax;
917 shminfo->shmall = ns->shm_ctlall;
918 shminfo->shmmin = SHMMIN;
919 down_read(&shm_ids(ns).rwsem);
920 err = ipc_get_maxid(&shm_ids(ns));
921 up_read(&shm_ids(ns).rwsem);
922 if (err < 0)
923 err = 0;
924 }
925 return err;
926}
927
928static int shmctl_shm_info(struct ipc_namespace *ns,
929 struct shm_info *shm_info)
930{
931 int err = security_shm_shmctl(NULL, SHM_INFO);
932 if (!err) {
933 memset(shm_info, 0, sizeof(*shm_info));
934 down_read(&shm_ids(ns).rwsem);
935 shm_info->used_ids = shm_ids(ns).in_use;
936 shm_get_stat(ns, &shm_info->shm_rss, &shm_info->shm_swp);
937 shm_info->shm_tot = ns->shm_tot;
938 shm_info->swap_attempts = 0;
939 shm_info->swap_successes = 0;
940 err = ipc_get_maxid(&shm_ids(ns));
941 up_read(&shm_ids(ns).rwsem);
942 if (err < 0)
943 err = 0;
944 }
945 return err;
946}
947
948static int shmctl_stat(struct ipc_namespace *ns, int shmid,
949 int cmd, struct shmid64_ds *tbuf)
950{
951 struct shmid_kernel *shp;
952 int id = 0;
953 int err;
954
955 memset(tbuf, 0, sizeof(*tbuf));
956
957 rcu_read_lock();
958 if (cmd == SHM_STAT || cmd == SHM_STAT_ANY) {
959 shp = shm_obtain_object(ns, shmid);
960 if (IS_ERR(shp)) {
961 err = PTR_ERR(shp);
962 goto out_unlock;
963 }
964 id = shp->shm_perm.id;
965 } else {
966 shp = shm_obtain_object_check(ns, shmid);
967 if (IS_ERR(shp)) {
968 err = PTR_ERR(shp);
969 goto out_unlock;
970 }
971 }
972
973
974
975
976
977
978
979
980 if (cmd == SHM_STAT_ANY)
981 audit_ipc_obj(&shp->shm_perm);
982 else {
983 err = -EACCES;
984 if (ipcperms(ns, &shp->shm_perm, S_IRUGO))
985 goto out_unlock;
986 }
987
988 err = security_shm_shmctl(&shp->shm_perm, cmd);
989 if (err)
990 goto out_unlock;
991
992 ipc_lock_object(&shp->shm_perm);
993
994 if (!ipc_valid_object(&shp->shm_perm)) {
995 ipc_unlock_object(&shp->shm_perm);
996 err = -EIDRM;
997 goto out_unlock;
998 }
999
1000 kernel_to_ipc64_perm(&shp->shm_perm, &tbuf->shm_perm);
1001 tbuf->shm_segsz = shp->shm_segsz;
1002 tbuf->shm_atime = shp->shm_atim;
1003 tbuf->shm_dtime = shp->shm_dtim;
1004 tbuf->shm_ctime = shp->shm_ctim;
1005 tbuf->shm_cpid = pid_vnr(shp->shm_cprid);
1006 tbuf->shm_lpid = pid_vnr(shp->shm_lprid);
1007 tbuf->shm_nattch = shp->shm_nattch;
1008
1009 ipc_unlock_object(&shp->shm_perm);
1010 rcu_read_unlock();
1011 return id;
1012
1013out_unlock:
1014 rcu_read_unlock();
1015 return err;
1016}
1017
1018static int shmctl_do_lock(struct ipc_namespace *ns, int shmid, int cmd)
1019{
1020 struct shmid_kernel *shp;
1021 struct file *shm_file;
1022 int err;
1023
1024 rcu_read_lock();
1025 shp = shm_obtain_object_check(ns, shmid);
1026 if (IS_ERR(shp)) {
1027 err = PTR_ERR(shp);
1028 goto out_unlock1;
1029 }
1030
1031 audit_ipc_obj(&(shp->shm_perm));
1032 err = security_shm_shmctl(&shp->shm_perm, cmd);
1033 if (err)
1034 goto out_unlock1;
1035
1036 ipc_lock_object(&shp->shm_perm);
1037
1038
1039 if (!ipc_valid_object(&shp->shm_perm)) {
1040 err = -EIDRM;
1041 goto out_unlock0;
1042 }
1043
1044 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
1045 kuid_t euid = current_euid();
1046
1047 if (!uid_eq(euid, shp->shm_perm.uid) &&
1048 !uid_eq(euid, shp->shm_perm.cuid)) {
1049 err = -EPERM;
1050 goto out_unlock0;
1051 }
1052 if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) {
1053 err = -EPERM;
1054 goto out_unlock0;
1055 }
1056 }
1057
1058 shm_file = shp->shm_file;
1059 if (is_file_hugepages(shm_file))
1060 goto out_unlock0;
1061
1062 if (cmd == SHM_LOCK) {
1063 struct user_struct *user = current_user();
1064
1065 err = shmem_lock(shm_file, 1, user);
1066 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)) {
1067 shp->shm_perm.mode |= SHM_LOCKED;
1068 shp->mlock_user = user;
1069 }
1070 goto out_unlock0;
1071 }
1072
1073
1074 if (!(shp->shm_perm.mode & SHM_LOCKED))
1075 goto out_unlock0;
1076 shmem_lock(shm_file, 0, shp->mlock_user);
1077 shp->shm_perm.mode &= ~SHM_LOCKED;
1078 shp->mlock_user = NULL;
1079 get_file(shm_file);
1080 ipc_unlock_object(&shp->shm_perm);
1081 rcu_read_unlock();
1082 shmem_unlock_mapping(shm_file->f_mapping);
1083
1084 fput(shm_file);
1085 return err;
1086
1087out_unlock0:
1088 ipc_unlock_object(&shp->shm_perm);
1089out_unlock1:
1090 rcu_read_unlock();
1091 return err;
1092}
1093
1094long ksys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf)
1095{
1096 int err, version;
1097 struct ipc_namespace *ns;
1098 struct shmid64_ds sem64;
1099
1100 if (cmd < 0 || shmid < 0)
1101 return -EINVAL;
1102
1103 version = ipc_parse_version(&cmd);
1104 ns = current->nsproxy->ipc_ns;
1105
1106 switch (cmd) {
1107 case IPC_INFO: {
1108 struct shminfo64 shminfo;
1109 err = shmctl_ipc_info(ns, &shminfo);
1110 if (err < 0)
1111 return err;
1112 if (copy_shminfo_to_user(buf, &shminfo, version))
1113 err = -EFAULT;
1114 return err;
1115 }
1116 case SHM_INFO: {
1117 struct shm_info shm_info;
1118 err = shmctl_shm_info(ns, &shm_info);
1119 if (err < 0)
1120 return err;
1121 if (copy_to_user(buf, &shm_info, sizeof(shm_info)))
1122 err = -EFAULT;
1123 return err;
1124 }
1125 case SHM_STAT:
1126 case SHM_STAT_ANY:
1127 case IPC_STAT: {
1128 err = shmctl_stat(ns, shmid, cmd, &sem64);
1129 if (err < 0)
1130 return err;
1131 if (copy_shmid_to_user(buf, &sem64, version))
1132 err = -EFAULT;
1133 return err;
1134 }
1135 case IPC_SET:
1136 if (copy_shmid_from_user(&sem64, buf, version))
1137 return -EFAULT;
1138
1139 case IPC_RMID:
1140 return shmctl_down(ns, shmid, cmd, &sem64);
1141 case SHM_LOCK:
1142 case SHM_UNLOCK:
1143 return shmctl_do_lock(ns, shmid, cmd);
1144 default:
1145 return -EINVAL;
1146 }
1147}
1148
1149SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
1150{
1151 return ksys_shmctl(shmid, cmd, buf);
1152}
1153
1154#ifdef CONFIG_COMPAT
1155
1156struct compat_shmid_ds {
1157 struct compat_ipc_perm shm_perm;
1158 int shm_segsz;
1159 compat_time_t shm_atime;
1160 compat_time_t shm_dtime;
1161 compat_time_t shm_ctime;
1162 compat_ipc_pid_t shm_cpid;
1163 compat_ipc_pid_t shm_lpid;
1164 unsigned short shm_nattch;
1165 unsigned short shm_unused;
1166 compat_uptr_t shm_unused2;
1167 compat_uptr_t shm_unused3;
1168};
1169
1170struct compat_shminfo64 {
1171 compat_ulong_t shmmax;
1172 compat_ulong_t shmmin;
1173 compat_ulong_t shmmni;
1174 compat_ulong_t shmseg;
1175 compat_ulong_t shmall;
1176 compat_ulong_t __unused1;
1177 compat_ulong_t __unused2;
1178 compat_ulong_t __unused3;
1179 compat_ulong_t __unused4;
1180};
1181
1182struct compat_shm_info {
1183 compat_int_t used_ids;
1184 compat_ulong_t shm_tot, shm_rss, shm_swp;
1185 compat_ulong_t swap_attempts, swap_successes;
1186};
1187
1188static int copy_compat_shminfo_to_user(void __user *buf, struct shminfo64 *in,
1189 int version)
1190{
1191 if (in->shmmax > INT_MAX)
1192 in->shmmax = INT_MAX;
1193 if (version == IPC_64) {
1194 struct compat_shminfo64 info;
1195 memset(&info, 0, sizeof(info));
1196 info.shmmax = in->shmmax;
1197 info.shmmin = in->shmmin;
1198 info.shmmni = in->shmmni;
1199 info.shmseg = in->shmseg;
1200 info.shmall = in->shmall;
1201 return copy_to_user(buf, &info, sizeof(info));
1202 } else {
1203 struct shminfo info;
1204 memset(&info, 0, sizeof(info));
1205 info.shmmax = in->shmmax;
1206 info.shmmin = in->shmmin;
1207 info.shmmni = in->shmmni;
1208 info.shmseg = in->shmseg;
1209 info.shmall = in->shmall;
1210 return copy_to_user(buf, &info, sizeof(info));
1211 }
1212}
1213
1214static int put_compat_shm_info(struct shm_info *ip,
1215 struct compat_shm_info __user *uip)
1216{
1217 struct compat_shm_info info;
1218
1219 memset(&info, 0, sizeof(info));
1220 info.used_ids = ip->used_ids;
1221 info.shm_tot = ip->shm_tot;
1222 info.shm_rss = ip->shm_rss;
1223 info.shm_swp = ip->shm_swp;
1224 info.swap_attempts = ip->swap_attempts;
1225 info.swap_successes = ip->swap_successes;
1226 return copy_to_user(uip, &info, sizeof(info));
1227}
1228
1229static int copy_compat_shmid_to_user(void __user *buf, struct shmid64_ds *in,
1230 int version)
1231{
1232 if (version == IPC_64) {
1233 struct compat_shmid64_ds v;
1234 memset(&v, 0, sizeof(v));
1235 to_compat_ipc64_perm(&v.shm_perm, &in->shm_perm);
1236 v.shm_atime = in->shm_atime;
1237 v.shm_dtime = in->shm_dtime;
1238 v.shm_ctime = in->shm_ctime;
1239 v.shm_segsz = in->shm_segsz;
1240 v.shm_nattch = in->shm_nattch;
1241 v.shm_cpid = in->shm_cpid;
1242 v.shm_lpid = in->shm_lpid;
1243 return copy_to_user(buf, &v, sizeof(v));
1244 } else {
1245 struct compat_shmid_ds v;
1246 memset(&v, 0, sizeof(v));
1247 to_compat_ipc_perm(&v.shm_perm, &in->shm_perm);
1248 v.shm_perm.key = in->shm_perm.key;
1249 v.shm_atime = in->shm_atime;
1250 v.shm_dtime = in->shm_dtime;
1251 v.shm_ctime = in->shm_ctime;
1252 v.shm_segsz = in->shm_segsz;
1253 v.shm_nattch = in->shm_nattch;
1254 v.shm_cpid = in->shm_cpid;
1255 v.shm_lpid = in->shm_lpid;
1256 return copy_to_user(buf, &v, sizeof(v));
1257 }
1258}
1259
1260static int copy_compat_shmid_from_user(struct shmid64_ds *out, void __user *buf,
1261 int version)
1262{
1263 memset(out, 0, sizeof(*out));
1264 if (version == IPC_64) {
1265 struct compat_shmid64_ds __user *p = buf;
1266 return get_compat_ipc64_perm(&out->shm_perm, &p->shm_perm);
1267 } else {
1268 struct compat_shmid_ds __user *p = buf;
1269 return get_compat_ipc_perm(&out->shm_perm, &p->shm_perm);
1270 }
1271}
1272
1273long compat_ksys_shmctl(int shmid, int cmd, void __user *uptr)
1274{
1275 struct ipc_namespace *ns;
1276 struct shmid64_ds sem64;
1277 int version = compat_ipc_parse_version(&cmd);
1278 int err;
1279
1280 ns = current->nsproxy->ipc_ns;
1281
1282 if (cmd < 0 || shmid < 0)
1283 return -EINVAL;
1284
1285 switch (cmd) {
1286 case IPC_INFO: {
1287 struct shminfo64 shminfo;
1288 err = shmctl_ipc_info(ns, &shminfo);
1289 if (err < 0)
1290 return err;
1291 if (copy_compat_shminfo_to_user(uptr, &shminfo, version))
1292 err = -EFAULT;
1293 return err;
1294 }
1295 case SHM_INFO: {
1296 struct shm_info shm_info;
1297 err = shmctl_shm_info(ns, &shm_info);
1298 if (err < 0)
1299 return err;
1300 if (put_compat_shm_info(&shm_info, uptr))
1301 err = -EFAULT;
1302 return err;
1303 }
1304 case IPC_STAT:
1305 case SHM_STAT_ANY:
1306 case SHM_STAT:
1307 err = shmctl_stat(ns, shmid, cmd, &sem64);
1308 if (err < 0)
1309 return err;
1310 if (copy_compat_shmid_to_user(uptr, &sem64, version))
1311 err = -EFAULT;
1312 return err;
1313
1314 case IPC_SET:
1315 if (copy_compat_shmid_from_user(&sem64, uptr, version))
1316 return -EFAULT;
1317
1318 case IPC_RMID:
1319 return shmctl_down(ns, shmid, cmd, &sem64);
1320 case SHM_LOCK:
1321 case SHM_UNLOCK:
1322 return shmctl_do_lock(ns, shmid, cmd);
1323 break;
1324 default:
1325 return -EINVAL;
1326 }
1327 return err;
1328}
1329
1330COMPAT_SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, void __user *, uptr)
1331{
1332 return compat_ksys_shmctl(shmid, cmd, uptr);
1333}
1334#endif
1335
1336
1337
1338
1339
1340
1341
1342
1343long do_shmat(int shmid, char __user *shmaddr, int shmflg,
1344 ulong *raddr, unsigned long shmlba)
1345{
1346 struct shmid_kernel *shp;
1347 unsigned long addr = (unsigned long)shmaddr;
1348 unsigned long size;
1349 struct file *file;
1350 int err;
1351 unsigned long flags = MAP_SHARED;
1352 unsigned long prot;
1353 int acc_mode;
1354 struct ipc_namespace *ns;
1355 struct shm_file_data *sfd;
1356 struct path path;
1357 fmode_t f_mode;
1358 unsigned long populate = 0;
1359
1360 err = -EINVAL;
1361 if (shmid < 0)
1362 goto out;
1363
1364 if (addr) {
1365 if (addr & (shmlba - 1)) {
1366 if (shmflg & SHM_RND) {
1367 addr &= ~(shmlba - 1);
1368
1369
1370
1371
1372
1373
1374 if (!addr && (shmflg & SHM_REMAP))
1375 goto out;
1376 } else
1377#ifndef __ARCH_FORCE_SHMLBA
1378 if (addr & ~PAGE_MASK)
1379#endif
1380 goto out;
1381 }
1382
1383 flags |= MAP_FIXED;
1384 } else if ((shmflg & SHM_REMAP))
1385 goto out;
1386
1387 if (shmflg & SHM_RDONLY) {
1388 prot = PROT_READ;
1389 acc_mode = S_IRUGO;
1390 f_mode = FMODE_READ;
1391 } else {
1392 prot = PROT_READ | PROT_WRITE;
1393 acc_mode = S_IRUGO | S_IWUGO;
1394 f_mode = FMODE_READ | FMODE_WRITE;
1395 }
1396 if (shmflg & SHM_EXEC) {
1397 prot |= PROT_EXEC;
1398 acc_mode |= S_IXUGO;
1399 }
1400
1401
1402
1403
1404
1405 ns = current->nsproxy->ipc_ns;
1406 rcu_read_lock();
1407 shp = shm_obtain_object_check(ns, shmid);
1408 if (IS_ERR(shp)) {
1409 err = PTR_ERR(shp);
1410 goto out_unlock;
1411 }
1412
1413 err = -EACCES;
1414 if (ipcperms(ns, &shp->shm_perm, acc_mode))
1415 goto out_unlock;
1416
1417 err = security_shm_shmat(&shp->shm_perm, shmaddr, shmflg);
1418 if (err)
1419 goto out_unlock;
1420
1421 ipc_lock_object(&shp->shm_perm);
1422
1423
1424 if (!ipc_valid_object(&shp->shm_perm)) {
1425 ipc_unlock_object(&shp->shm_perm);
1426 err = -EIDRM;
1427 goto out_unlock;
1428 }
1429
1430 path = shp->shm_file->f_path;
1431 path_get(&path);
1432 shp->shm_nattch++;
1433 size = i_size_read(d_inode(path.dentry));
1434 ipc_unlock_object(&shp->shm_perm);
1435 rcu_read_unlock();
1436
1437 err = -ENOMEM;
1438 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
1439 if (!sfd) {
1440 path_put(&path);
1441 goto out_nattch;
1442 }
1443
1444 file = alloc_file(&path, f_mode,
1445 is_file_hugepages(shp->shm_file) ?
1446 &shm_file_operations_huge :
1447 &shm_file_operations);
1448 err = PTR_ERR(file);
1449 if (IS_ERR(file)) {
1450 kfree(sfd);
1451 path_put(&path);
1452 goto out_nattch;
1453 }
1454
1455 file->private_data = sfd;
1456 file->f_mapping = shp->shm_file->f_mapping;
1457 sfd->id = shp->shm_perm.id;
1458 sfd->ns = get_ipc_ns(ns);
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468 sfd->file = get_file(shp->shm_file);
1469 sfd->vm_ops = NULL;
1470
1471 err = security_mmap_file(file, prot, flags);
1472 if (err)
1473 goto out_fput;
1474
1475 if (down_write_killable(¤t->mm->mmap_sem)) {
1476 err = -EINTR;
1477 goto out_fput;
1478 }
1479
1480 if (addr && !(shmflg & SHM_REMAP)) {
1481 err = -EINVAL;
1482 if (addr + size < addr)
1483 goto invalid;
1484
1485 if (find_vma_intersection(current->mm, addr, addr + size))
1486 goto invalid;
1487 }
1488
1489 addr = do_mmap_pgoff(file, addr, size, prot, flags, 0, &populate, NULL);
1490 *raddr = addr;
1491 err = 0;
1492 if (IS_ERR_VALUE(addr))
1493 err = (long)addr;
1494invalid:
1495 up_write(¤t->mm->mmap_sem);
1496 if (populate)
1497 mm_populate(addr, populate);
1498
1499out_fput:
1500 fput(file);
1501
1502out_nattch:
1503 down_write(&shm_ids(ns).rwsem);
1504 shp = shm_lock(ns, shmid);
1505 shp->shm_nattch--;
1506 if (shm_may_destroy(ns, shp))
1507 shm_destroy(ns, shp);
1508 else
1509 shm_unlock(shp);
1510 up_write(&shm_ids(ns).rwsem);
1511 return err;
1512
1513out_unlock:
1514 rcu_read_unlock();
1515out:
1516 return err;
1517}
1518
1519SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg)
1520{
1521 unsigned long ret;
1522 long err;
1523
1524 err = do_shmat(shmid, shmaddr, shmflg, &ret, SHMLBA);
1525 if (err)
1526 return err;
1527 force_successful_syscall_return();
1528 return (long)ret;
1529}
1530
1531#ifdef CONFIG_COMPAT
1532
1533#ifndef COMPAT_SHMLBA
1534#define COMPAT_SHMLBA SHMLBA
1535#endif
1536
1537COMPAT_SYSCALL_DEFINE3(shmat, int, shmid, compat_uptr_t, shmaddr, int, shmflg)
1538{
1539 unsigned long ret;
1540 long err;
1541
1542 err = do_shmat(shmid, compat_ptr(shmaddr), shmflg, &ret, COMPAT_SHMLBA);
1543 if (err)
1544 return err;
1545 force_successful_syscall_return();
1546 return (long)ret;
1547}
1548#endif
1549
1550
1551
1552
1553
1554long ksys_shmdt(char __user *shmaddr)
1555{
1556 struct mm_struct *mm = current->mm;
1557 struct vm_area_struct *vma;
1558 unsigned long addr = (unsigned long)shmaddr;
1559 int retval = -EINVAL;
1560#ifdef CONFIG_MMU
1561 loff_t size = 0;
1562 struct file *file;
1563 struct vm_area_struct *next;
1564#endif
1565
1566 if (addr & ~PAGE_MASK)
1567 return retval;
1568
1569 if (down_write_killable(&mm->mmap_sem))
1570 return -EINTR;
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593 vma = find_vma(mm, addr);
1594
1595#ifdef CONFIG_MMU
1596 while (vma) {
1597 next = vma->vm_next;
1598
1599
1600
1601
1602
1603
1604 if ((vma->vm_ops == &shm_vm_ops) &&
1605 (vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) {
1606
1607
1608
1609
1610
1611
1612
1613 file = vma->vm_file;
1614 size = i_size_read(file_inode(vma->vm_file));
1615 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start, NULL);
1616
1617
1618
1619
1620
1621
1622 retval = 0;
1623 vma = next;
1624 break;
1625 }
1626 vma = next;
1627 }
1628
1629
1630
1631
1632
1633
1634 size = PAGE_ALIGN(size);
1635 while (vma && (loff_t)(vma->vm_end - addr) <= size) {
1636 next = vma->vm_next;
1637
1638
1639 if ((vma->vm_ops == &shm_vm_ops) &&
1640 ((vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) &&
1641 (vma->vm_file == file))
1642 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start, NULL);
1643 vma = next;
1644 }
1645
1646#else
1647
1648
1649
1650 if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
1651 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start, NULL);
1652 retval = 0;
1653 }
1654
1655#endif
1656
1657 up_write(&mm->mmap_sem);
1658 return retval;
1659}
1660
1661SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
1662{
1663 return ksys_shmdt(shmaddr);
1664}
1665
1666#ifdef CONFIG_PROC_FS
1667static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
1668{
1669 struct pid_namespace *pid_ns = ipc_seq_pid_ns(s);
1670 struct user_namespace *user_ns = seq_user_ns(s);
1671 struct kern_ipc_perm *ipcp = it;
1672 struct shmid_kernel *shp;
1673 unsigned long rss = 0, swp = 0;
1674
1675 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
1676 shm_add_rss_swap(shp, &rss, &swp);
1677
1678#if BITS_PER_LONG <= 32
1679#define SIZE_SPEC "%10lu"
1680#else
1681#define SIZE_SPEC "%21lu"
1682#endif
1683
1684 seq_printf(s,
1685 "%10d %10d %4o " SIZE_SPEC " %5u %5u "
1686 "%5lu %5u %5u %5u %5u %10llu %10llu %10llu "
1687 SIZE_SPEC " " SIZE_SPEC "\n",
1688 shp->shm_perm.key,
1689 shp->shm_perm.id,
1690 shp->shm_perm.mode,
1691 shp->shm_segsz,
1692 pid_nr_ns(shp->shm_cprid, pid_ns),
1693 pid_nr_ns(shp->shm_lprid, pid_ns),
1694 shp->shm_nattch,
1695 from_kuid_munged(user_ns, shp->shm_perm.uid),
1696 from_kgid_munged(user_ns, shp->shm_perm.gid),
1697 from_kuid_munged(user_ns, shp->shm_perm.cuid),
1698 from_kgid_munged(user_ns, shp->shm_perm.cgid),
1699 shp->shm_atim,
1700 shp->shm_dtim,
1701 shp->shm_ctim,
1702 rss * PAGE_SIZE,
1703 swp * PAGE_SIZE);
1704
1705 return 0;
1706}
1707#endif
1708