*/
#include <linux/config.h>
+#include <linux/compat.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/utsname.h>
#include <linux/kexec.h>
#include <linux/workqueue.h>
#include <linux/device.h>
-#include <linux/key.h>
#include <linux/times.h>
#include <linux/security.h>
#include <linux/dcookies.h>
#include <linux/suspend.h>
-#include <linux/ckrm_events.h>
-#include <linux/tty.h>
+#include <linux/ckrm.h>
+#include <linux/vs_base.h>
#include <linux/vs_cvirt.h>
-#include <linux/compat.h>
-#include <linux/syscalls.h>
#include <asm/uaccess.h>
#include <asm/io.h>
}
EXPORT_SYMBOL(unregister_reboot_notifier);
+
+asmlinkage long sys_ni_syscall(void)
+{
+ return -ENOSYS;
+}
+
+cond_syscall(sys_nfsservctl)
+cond_syscall(sys_quotactl)
+cond_syscall(sys_acct)
+cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_swapon)
+cond_syscall(sys_swapoff)
+cond_syscall(sys_kexec_load)
+cond_syscall(sys_init_module)
+cond_syscall(sys_delete_module)
+cond_syscall(sys_socketpair)
+cond_syscall(sys_bind)
+cond_syscall(sys_listen)
+cond_syscall(sys_accept)
+cond_syscall(sys_connect)
+cond_syscall(sys_getsockname)
+cond_syscall(sys_getpeername)
+cond_syscall(sys_sendto)
+cond_syscall(sys_send)
+cond_syscall(sys_recvfrom)
+cond_syscall(sys_recv)
+cond_syscall(sys_socket)
+cond_syscall(sys_setsockopt)
+cond_syscall(sys_getsockopt)
+cond_syscall(sys_shutdown)
+cond_syscall(sys_sendmsg)
+cond_syscall(sys_recvmsg)
+cond_syscall(sys_socketcall)
+cond_syscall(sys_futex)
+cond_syscall(compat_sys_futex)
+cond_syscall(sys_epoll_create)
+cond_syscall(sys_epoll_ctl)
+cond_syscall(sys_epoll_wait)
+cond_syscall(sys_semget)
+cond_syscall(sys_semop)
+cond_syscall(sys_semtimedop)
+cond_syscall(sys_semctl)
+cond_syscall(sys_msgget)
+cond_syscall(sys_msgsnd)
+cond_syscall(sys_msgrcv)
+cond_syscall(sys_msgctl)
+cond_syscall(sys_shmget)
+cond_syscall(sys_shmdt)
+cond_syscall(sys_shmctl)
+cond_syscall(sys_mq_open)
+cond_syscall(sys_mq_unlink)
+cond_syscall(sys_mq_timedsend)
+cond_syscall(sys_mq_timedreceive)
+cond_syscall(sys_mq_notify)
+cond_syscall(sys_mq_getsetattr)
+cond_syscall(compat_sys_mq_open)
+cond_syscall(compat_sys_mq_timedsend)
+cond_syscall(compat_sys_mq_timedreceive)
+cond_syscall(compat_sys_mq_notify)
+cond_syscall(compat_sys_mq_getsetattr)
+cond_syscall(sys_mbind)
+cond_syscall(sys_get_mempolicy)
+cond_syscall(sys_set_mempolicy)
+cond_syscall(compat_mbind)
+cond_syscall(compat_get_mempolicy)
+cond_syscall(compat_set_mempolicy)
+
+/* arch-specific weak syscall entries */
+cond_syscall(sys_pciconfig_read)
+cond_syscall(sys_pciconfig_write)
+cond_syscall(sys_pciconfig_iobase)
+
static int set_one_prio(struct task_struct *p, int niceval, int error)
{
int no_nice;
} while_each_task_pid(who, PIDTYPE_PGID, p);
break;
case PRIO_USER:
- user = current->user;
if (!who)
- who = current->uid;
+ user = current->user;
else
- if ((who != current->uid) &&
- !(user = find_user(vx_current_xid(), who)))
- goto out_unlock; /* No processes for this user */
+ user = find_user(vx_current_xid(), who);
+
+ if (!user)
+ goto out_unlock;
do_each_thread(g, p)
if (p->uid == who)
error = set_one_prio(p, niceval, error);
while_each_thread(g, p);
- if (who != current->uid)
+ if (who)
free_uid(user); /* For find_user() */
break;
}
} while_each_task_pid(who, PIDTYPE_PGID, p);
break;
case PRIO_USER:
- user = current->user;
if (!who)
- who = current->uid;
+ user = current->user;
else
- if ((who != current->uid) &&
- !(user = find_user(vx_current_xid(), who)))
- goto out_unlock; /* No processes for this user */
+ user = find_user(vx_current_xid(), who);
+
+ if (!user)
+ goto out_unlock;
do_each_thread(g, p)
if (p->uid == who) {
retval = niceval;
}
while_each_thread(g, p);
- if (who != current->uid)
+ if (who)
free_uid(user); /* for find_user() */
break;
}
out_unlock:
read_unlock(&tasklist_lock);
- key_fsgid_changed(current);
- return 0;
+ return retval;
}
long vs_reboot(unsigned int, void *);
break;
}
#endif
-
#ifdef CONFIG_SOFTWARE_SUSPEND
case LINUX_REBOOT_CMD_SW_SUSPEND:
{
}
-
/*
* Unprivileged users may change the real gid to the effective gid
* or vice versa. (BSD-style)
current->egid = new_egid;
current->gid = new_rgid;
- key_fsgid_changed(current);
ckrm_cb_gid();
+
return 0;
}
else
return -EPERM;
- key_fsgid_changed(current);
ckrm_cb_gid();
return 0;
return -EAGAIN;
if (atomic_read(&new_user->processes) >=
- current->signal->rlim[RLIMIT_NPROC].rlim_cur &&
+ current->rlim[RLIMIT_NPROC].rlim_cur &&
new_user != &root_user) {
free_uid(new_user);
return -EAGAIN;
current->suid = current->euid;
current->fsuid = current->euid;
- key_fsuid_changed(current);
ckrm_cb_uid();
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
current->fsuid = current->euid = uid;
current->suid = new_suid;
- key_fsuid_changed(current);
ckrm_cb_uid();
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
if (suid != (uid_t) -1)
current->suid = suid;
- key_fsuid_changed(current);
ckrm_cb_uid();
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
if (sgid != (gid_t) -1)
current->sgid = sgid;
- key_fsgid_changed(current);
ckrm_cb_gid();
+
return 0;
}
current->fsuid = uid;
}
- key_fsuid_changed(current);
-
security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
return old_fsuid;
wmb();
}
current->fsgid = gid;
- key_fsgid_changed(current);
}
return old_fsgid;
}
if (!thread_group_leader(current))
return -EINVAL;
- down(&tty_sem);
write_lock_irq(&tasklist_lock);
pid = find_pid(PIDTYPE_PGID, current->pid);
err = process_group(current);
out:
write_unlock_irq(&tasklist_lock);
- up(&tty_sem);
return err;
}
{
if (resource >= RLIM_NLIMITS)
return -EINVAL;
- else {
- struct rlimit value;
- task_lock(current->group_leader);
- value = current->signal->rlim[resource];
- task_unlock(current->group_leader);
- return copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0;
- }
+ else
+ return copy_to_user(rlim, current->rlim + resource, sizeof(*rlim))
+ ? -EFAULT : 0;
}
#ifdef __ARCH_WANT_SYS_OLD_GETRLIMIT
if (resource >= RLIM_NLIMITS)
return -EINVAL;
- task_lock(current->group_leader);
- x = current->signal->rlim[resource];
- task_unlock(current->group_leader);
+ memcpy(&x, current->rlim + resource, sizeof(*rlim));
if(x.rlim_cur > 0x7FFFFFFF)
x.rlim_cur = 0x7FFFFFFF;
if(x.rlim_max > 0x7FFFFFFF)
return -EFAULT;
if (new_rlim.rlim_cur > new_rlim.rlim_max)
return -EINVAL;
- old_rlim = current->signal->rlim + resource;
- if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
+ old_rlim = current->rlim + resource;
+ if (((new_rlim.rlim_cur > old_rlim->rlim_max) ||
+ (new_rlim.rlim_max > old_rlim->rlim_max)) &&
!capable(CAP_SYS_RESOURCE) && !vx_ccaps(VXC_SET_RLIMIT))
return -EPERM;
- if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
+ if (resource == RLIMIT_NOFILE) {
+ if (new_rlim.rlim_cur > NR_OPEN || new_rlim.rlim_max > NR_OPEN)
return -EPERM;
+ }
retval = security_task_setrlimit(resource, &new_rlim);
if (retval)
return retval;
- task_lock(current->group_leader);
*old_rlim = new_rlim;
- task_unlock(current->group_leader);
return 0;
}
asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
- long error;
+ int error;
int sig;
error = security_task_prctl(option, arg2, arg3, arg4, arg5);
error = 1;
break;
case PR_SET_DUMPABLE:
- if (arg2 < 0 && arg2 > 2) {
+ if (arg2 < 0 || arg2 > 2) {
error = -EINVAL;
break;
}