From: Stanislav Kinsbursky <skinsbursky@parallels.com>
To: akpm@linux-foundation.org
Cc: jmorris@namei.org, linux-kernel@vger.kernel.org, criu@openvz.org,
linux-security-module@vger.kernel.org, viro@zeniv.linux.org.uk,
eparis@parisplace.org, sds@tycho.nsa.gov
Subject: [PATCH 5/5] ipc: add new SEM_SET command for sys_semctl() call
Date: Thu, 09 Feb 2012 22:01:56 +0400 [thread overview]
Message-ID: <20120209180156.24392.28866.stgit@localhost6.localdomain6> (raw)
In-Reply-To: <20120209175043.24392.62810.stgit@localhost6.localdomain6>
New SEM_SET command will be interpreted exactly as IPC_SET, but also will
update key, cuid and cgid values. IOW, it allows to change existent key value.
The fact, that key is not used is checked before update. Otherwise -EEXIST is
returned.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
---
include/linux/sem.h | 1 +
ipc/compat.c | 1 +
ipc/sem.c | 10 ++++++++--
security/selinux/hooks.c | 1 +
security/smack/smack_lsm.c | 1 +
5 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/linux/sem.h b/include/linux/sem.h
index 10d6b22..c74b9b5 100644
--- a/include/linux/sem.h
+++ b/include/linux/sem.h
@@ -18,6 +18,7 @@
/* ipcs ctl cmds */
#define SEM_STAT 18
#define SEM_INFO 19
+#define SEM_SET 20
/* Obsolete, used only for backwards compatibility and libc5 compiles */
struct semid_ds {
diff --git a/ipc/compat.c b/ipc/compat.c
index 20d639e..b828244 100644
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -289,6 +289,7 @@ long compat_sys_semctl(int first, int second, int third, void __user *uptr)
break;
case IPC_SET:
+ case SEM_SET:
if (version == IPC_64) {
err = get_compat_semid64_ds(&s64, compat_ptr(pad));
} else {
diff --git a/ipc/sem.c b/ipc/sem.c
index 845c912..d9024d5 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1084,12 +1084,13 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
struct semid64_ds semid64;
struct kern_ipc_perm *ipcp;
- if(cmd == IPC_SET) {
+ if (cmd == IPC_SET || cmd == SEM_SET) {
if (copy_semid_from_user(&semid64, arg.buf, version))
return -EFAULT;
}
- ipcp = ipcctl_pre_down(ns, &sem_ids(ns), semid, cmd,
+ ipcp = ipcctl_pre_down(ns, &sem_ids(ns), semid,
+ (cmd != SEM_SET) ? : IPC_SET,
&semid64.sem_perm, 0);
if (IS_ERR(ipcp))
return PTR_ERR(ipcp);
@@ -1104,6 +1105,10 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
case IPC_RMID:
freeary(ns, ipcp);
goto out_up;
+ case SEM_SET:
+ err = ipc_update_key(&sem_ids(ns), &semid64.sem_perm, ipcp);
+ if (err)
+ break;
case IPC_SET:
ipc_update_perm(&semid64.sem_perm, ipcp);
sma->sem_ctime = get_seconds();
@@ -1149,6 +1154,7 @@ SYSCALL_DEFINE(semctl)(int semid, int semnum, int cmd, union semun arg)
return err;
case IPC_RMID:
case IPC_SET:
+ case SEM_SET:
err = semctl_down(ns, semid, cmd, version, arg);
return err;
default:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1428f8d..3bea7e3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5097,6 +5097,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
perms = SEM__DESTROY;
break;
case IPC_SET:
+ case SEM_SET:
perms = SEM__SETATTR;
break;
case IPC_STAT:
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 143c053..a4a5d0c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2329,6 +2329,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
case SETALL:
case IPC_RMID:
case IPC_SET:
+ case SEM_SET:
may = MAY_READWRITE;
break;
case IPC_INFO:
next prev parent reply other threads:[~2012-02-09 18:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 18:01 [PATCH 0/5] IPC: checkpoint/restore in userspace enhancements Stanislav Kinsbursky
2012-02-09 18:01 ` [PATCH 1/5] ipc: "use key as id" functionality for resource get system call introduced Stanislav Kinsbursky
2012-02-09 18:01 ` [PATCH 2/5] ipc: segment key change helper introduced Stanislav Kinsbursky
2012-02-09 18:01 ` [PATCH 3/5] ipc: add new SHM_SET command for sys_shmctl() call Stanislav Kinsbursky
2012-02-09 18:01 ` [PATCH 4/5] ipc: add new MSG_SET command for sys_msgctl() call Stanislav Kinsbursky
2012-02-09 18:01 ` Stanislav Kinsbursky [this message]
2012-02-10 18:29 ` [PATCH 0/5] IPC: checkpoint/restore in userspace enhancements Casey Schaufler
2012-02-13 11:03 ` Stanislav Kinsbursky
2012-02-13 16:11 ` Serge Hallyn
2012-02-13 16:48 ` Stanislav Kinsbursky
2012-02-13 17:39 ` Casey Schaufler
2012-02-14 11:33 ` Stanislav Kinsbursky
2012-03-05 13:04 ` [CRIU] " Kinsbursky Stanislav
2012-03-06 23:19 ` Andrew Morton
2012-04-24 9:17 ` Kinsbursky Stanislav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120209180156.24392.28866.stgit@localhost6.localdomain6 \
--to=skinsbursky@parallels.com \
--cc=akpm@linux-foundation.org \
--cc=criu@openvz.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.