mirror of
https://github.com/Qortal/Brooklyn.git
synced 2025-01-30 23:02:18 +00:00
2a709f28fa
* 0day explit mitigation * Memory corruption prevention * Privilege escalation prevention * Buffer over flow prevention * File System corruption defense * Thread escape prevention This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base.
202 lines
4.5 KiB
C
202 lines
4.5 KiB
C
/*
|
|
* linux/kernel/futex_compat.c
|
|
*
|
|
* Futex compatibililty routines.
|
|
*
|
|
* Copyright 2006, Red Hat, Inc., Ingo Molnar
|
|
*/
|
|
|
|
#include <linux/linkage.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/nsproxy.h>
|
|
#include <linux/futex.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/syscalls.h>
|
|
|
|
#include <asm/uaccess.h>
|
|
|
|
|
|
/*
|
|
* Fetch a robust-list pointer. Bit 0 signals PI futexes:
|
|
*/
|
|
static inline int
|
|
fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
|
|
compat_uptr_t __user *head, unsigned int *pi)
|
|
{
|
|
if (get_user(*uentry, head))
|
|
return -EFAULT;
|
|
|
|
*entry = compat_ptr((*uentry) & ~1);
|
|
*pi = (unsigned int)(*uentry) & 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void __user __intentional_overflow(-1) *futex_uaddr(struct robust_list __user *entry,
|
|
compat_long_t futex_offset)
|
|
{
|
|
compat_uptr_t base = ptr_to_compat(entry);
|
|
void __user *uaddr = compat_ptr(base + futex_offset);
|
|
|
|
return uaddr;
|
|
}
|
|
|
|
/*
|
|
* Walk curr->robust_list (very carefully, it's a userspace list!)
|
|
* and mark any locks found there dead, and notify any waiters.
|
|
*
|
|
* We silently return on any sign of list-walking problem.
|
|
*/
|
|
void compat_exit_robust_list(struct task_struct *curr)
|
|
{
|
|
struct compat_robust_list_head __user *head = curr->compat_robust_list;
|
|
struct robust_list __user *entry, *next_entry, *pending;
|
|
unsigned int limit = ROBUST_LIST_LIMIT, pi, pip;
|
|
unsigned int uninitialized_var(next_pi);
|
|
compat_uptr_t uentry, next_uentry, upending;
|
|
compat_long_t futex_offset;
|
|
int rc;
|
|
|
|
if (!futex_cmpxchg_enabled)
|
|
return;
|
|
|
|
/*
|
|
* Fetch the list head (which was registered earlier, via
|
|
* sys_set_robust_list()):
|
|
*/
|
|
if (fetch_robust_entry(&uentry, &entry, &head->list.next, &pi))
|
|
return;
|
|
/*
|
|
* Fetch the relative futex offset:
|
|
*/
|
|
if (get_user(futex_offset, &head->futex_offset))
|
|
return;
|
|
/*
|
|
* Fetch any possibly pending lock-add first, and handle it
|
|
* if it exists:
|
|
*/
|
|
if (fetch_robust_entry(&upending, &pending,
|
|
&head->list_op_pending, &pip))
|
|
return;
|
|
|
|
next_entry = NULL; /* avoid warning with gcc */
|
|
while (entry != (struct robust_list __user *) &head->list) {
|
|
/*
|
|
* Fetch the next entry in the list before calling
|
|
* handle_futex_death:
|
|
*/
|
|
rc = fetch_robust_entry(&next_uentry, &next_entry,
|
|
(compat_uptr_t __user *)&entry->next, &next_pi);
|
|
/*
|
|
* A pending lock might already be on the list, so
|
|
* dont process it twice:
|
|
*/
|
|
if (entry != pending) {
|
|
void __user *uaddr = futex_uaddr(entry, futex_offset);
|
|
|
|
if (handle_futex_death(uaddr, curr, pi))
|
|
return;
|
|
}
|
|
if (rc)
|
|
return;
|
|
uentry = next_uentry;
|
|
entry = next_entry;
|
|
pi = next_pi;
|
|
/*
|
|
* Avoid excessively long or circular lists:
|
|
*/
|
|
if (!--limit)
|
|
break;
|
|
|
|
cond_resched();
|
|
}
|
|
if (pending) {
|
|
void __user *uaddr = futex_uaddr(pending, futex_offset);
|
|
|
|
handle_futex_death(uaddr, curr, pip);
|
|
}
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE2(set_robust_list,
|
|
struct compat_robust_list_head __user *, head,
|
|
compat_size_t, len)
|
|
{
|
|
if (!futex_cmpxchg_enabled)
|
|
return -ENOSYS;
|
|
|
|
if (unlikely(len != sizeof(*head)))
|
|
return -EINVAL;
|
|
|
|
current->compat_robust_list = head;
|
|
|
|
return 0;
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
|
|
compat_uptr_t __user *, head_ptr,
|
|
compat_size_t __user *, len_ptr)
|
|
{
|
|
struct compat_robust_list_head __user *head;
|
|
unsigned long ret;
|
|
struct task_struct *p;
|
|
|
|
if (!futex_cmpxchg_enabled)
|
|
return -ENOSYS;
|
|
|
|
rcu_read_lock();
|
|
|
|
ret = -ESRCH;
|
|
if (!pid)
|
|
p = current;
|
|
else {
|
|
p = find_task_by_vpid(pid);
|
|
if (!p)
|
|
goto err_unlock;
|
|
}
|
|
|
|
ret = -EPERM;
|
|
if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
|
|
goto err_unlock;
|
|
|
|
head = p->compat_robust_list;
|
|
rcu_read_unlock();
|
|
|
|
if (put_user(sizeof(*head), len_ptr))
|
|
return -EFAULT;
|
|
return put_user(ptr_to_compat(head), head_ptr);
|
|
|
|
err_unlock:
|
|
rcu_read_unlock();
|
|
|
|
return ret;
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val,
|
|
struct compat_timespec __user *, utime, u32 __user *, uaddr2,
|
|
u32, val3)
|
|
{
|
|
struct timespec ts;
|
|
ktime_t t, *tp = NULL;
|
|
int val2 = 0;
|
|
int cmd = op & FUTEX_CMD_MASK;
|
|
|
|
if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI ||
|
|
cmd == FUTEX_WAIT_BITSET ||
|
|
cmd == FUTEX_WAIT_REQUEUE_PI)) {
|
|
if (compat_get_timespec(&ts, utime))
|
|
return -EFAULT;
|
|
if (!timespec_valid(&ts))
|
|
return -EINVAL;
|
|
|
|
t = timespec_to_ktime(ts);
|
|
if (cmd == FUTEX_WAIT)
|
|
t = ktime_add_safe(ktime_get(), t);
|
|
tp = &t;
|
|
}
|
|
if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
|
|
cmd == FUTEX_CMP_REQUEUE_PI || cmd == FUTEX_WAKE_OP)
|
|
val2 = (int) (unsigned long) utime;
|
|
|
|
return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
|
|
}
|