cgroup: Add generic cgroup subsystem permission checks.
[linux-2.6.git] / kernel / futex_compat.c
index 7d5e4b0..5f9e689 100644 (file)
@@ -19,7 +19,7 @@
  */
 static inline int
 fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
-                  compat_uptr_t __user *head, int *pi)
+                  compat_uptr_t __user *head, unsigned int *pi)
 {
        if (get_user(*uentry, head))
                return -EFAULT;
@@ -30,7 +30,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
        return 0;
 }
 
-static void __user *futex_uaddr(struct robust_list *entry,
+static void __user *futex_uaddr(struct robust_list __user *entry,
                                compat_long_t futex_offset)
 {
        compat_uptr_t base = ptr_to_compat(entry);
@@ -49,11 +49,15 @@ void compat_exit_robust_list(struct task_struct *curr)
 {
        struct compat_robust_list_head __user *head = curr->compat_robust_list;
        struct robust_list __user *entry, *next_entry, *pending;
-       unsigned int limit = ROBUST_LIST_LIMIT, pi, next_pi, pip;
+       unsigned int limit = ROBUST_LIST_LIMIT, pi, pip;
+       unsigned int uninitialized_var(next_pi);
        compat_uptr_t uentry, next_uentry, upending;
        compat_long_t futex_offset;
        int rc;
 
+       if (!futex_cmpxchg_enabled)
+               return;
+
        /*
         * Fetch the list head (which was registered earlier, via
         * sys_set_robust_list()):
@@ -115,6 +119,9 @@ asmlinkage long
 compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
                           compat_size_t len)
 {
+       if (!futex_cmpxchg_enabled)
+               return -ENOSYS;
+
        if (unlikely(len != sizeof(*head)))
                return -EINVAL;
 
@@ -129,6 +136,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
 {
        struct compat_robust_list_head __user *head;
        unsigned long ret;
+       const struct cred *cred = current_cred(), *pcred;
+
+       if (!futex_cmpxchg_enabled)
+               return -ENOSYS;
 
        if (!pid)
                head = current->compat_robust_list;
@@ -136,16 +147,27 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
                struct task_struct *p;
 
                ret = -ESRCH;
-               read_lock(&tasklist_lock);
+               rcu_read_lock();
                p = find_task_by_vpid(pid);
                if (!p)
                        goto err_unlock;
                ret = -EPERM;
-               if ((current->euid != p->euid) && (current->euid != p->uid) &&
-                               !capable(CAP_SYS_PTRACE))
+               pcred = __task_cred(p);
+               /* If victim is in different user_ns, then uids are not
+                  comparable, so we must have CAP_SYS_PTRACE */
+               if (cred->user->user_ns != pcred->user->user_ns) {
+                       if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
+                               goto err_unlock;
+                       goto ok;
+               }
+               /* If victim is in same user_ns, then uids are comparable */
+               if (cred->euid != pcred->euid &&
+                   cred->euid != pcred->uid &&
+                   !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
                        goto err_unlock;
+ok:
                head = p->compat_robust_list;
-               read_unlock(&tasklist_lock);
+               rcu_read_unlock();
        }
 
        if (put_user(sizeof(*head), len_ptr))
@@ -153,7 +175,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
        return put_user(ptr_to_compat(head), head_ptr);
 
 err_unlock:
-       read_unlock(&tasklist_lock);
+       rcu_read_unlock();
 
        return ret;
 }
@@ -168,7 +190,8 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val,
        int cmd = op & FUTEX_CMD_MASK;
 
        if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI ||
-                     cmd == FUTEX_WAIT_BITSET)) {
+                     cmd == FUTEX_WAIT_BITSET ||
+                     cmd == FUTEX_WAIT_REQUEUE_PI)) {
                if (get_compat_timespec(&ts, utime))
                        return -EFAULT;
                if (!timespec_valid(&ts))
@@ -179,7 +202,8 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val,
                        t = ktime_add_safe(ktime_get(), t);
                tp = &t;
        }
-       if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE)
+       if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
+           cmd == FUTEX_CMP_REQUEUE_PI || cmd == FUTEX_WAKE_OP)
                val2 = (int) (unsigned long) utime;
 
        return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);