Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
f30c2269 | 2 | * linux/ipc/msgutil.c |
1da177e4 LT |
3 | * Copyright (C) 1999, 2004 Manfred Spraul |
4 | * | |
5 | * This file is released under GNU General Public Licence version 2 or | |
6 | * (at your option) any later version. | |
7 | * | |
8 | * See the file COPYING for more details. | |
9 | */ | |
10 | ||
11 | #include <linux/spinlock.h> | |
12 | #include <linux/init.h> | |
13 | #include <linux/security.h> | |
14 | #include <linux/slab.h> | |
15 | #include <linux/ipc.h> | |
614b84cf | 16 | #include <linux/ipc_namespace.h> |
1da177e4 LT |
17 | #include <asm/uaccess.h> |
18 | ||
19 | #include "util.h" | |
20 | ||
614b84cf SH |
21 | /* |
22 | * The next 2 defines are here bc this is the only file | |
23 | * compiled when either CONFIG_SYSVIPC and CONFIG_POSIX_MQUEUE | |
24 | * and not CONFIG_IPC_NS. | |
25 | */ | |
26 | struct ipc_namespace init_ipc_ns = { | |
27 | .kref = { | |
28 | /* It's not for this patch to change, but should this be 1? */ | |
29 | .refcount = ATOMIC_INIT(2), | |
30 | }, | |
31 | #ifdef CONFIG_POSIX_MQUEUE | |
32 | .mq_mnt = NULL, | |
33 | .mq_queues_count = 0, | |
34 | .mq_queues_max = DFLT_QUEUESMAX, | |
35 | .mq_msg_max = DFLT_MSGMAX, | |
36 | .mq_msgsize_max = DFLT_MSGSIZEMAX, | |
37 | #endif | |
38 | }; | |
39 | ||
40 | atomic_t nr_ipc_ns = ATOMIC_INIT(1); | |
41 | ||
1da177e4 LT |
42 | struct msg_msgseg { |
43 | struct msg_msgseg* next; | |
44 | /* the next part of the message follows immediately */ | |
45 | }; | |
46 | ||
47 | #define DATALEN_MSG (PAGE_SIZE-sizeof(struct msg_msg)) | |
48 | #define DATALEN_SEG (PAGE_SIZE-sizeof(struct msg_msgseg)) | |
49 | ||
50 | struct msg_msg *load_msg(const void __user *src, int len) | |
51 | { | |
52 | struct msg_msg *msg; | |
53 | struct msg_msgseg **pseg; | |
54 | int err; | |
55 | int alen; | |
56 | ||
57 | alen = len; | |
58 | if (alen > DATALEN_MSG) | |
59 | alen = DATALEN_MSG; | |
60 | ||
5cbded58 | 61 | msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL); |
1da177e4 LT |
62 | if (msg == NULL) |
63 | return ERR_PTR(-ENOMEM); | |
64 | ||
65 | msg->next = NULL; | |
66 | msg->security = NULL; | |
67 | ||
68 | if (copy_from_user(msg + 1, src, alen)) { | |
69 | err = -EFAULT; | |
70 | goto out_err; | |
71 | } | |
72 | ||
73 | len -= alen; | |
74 | src = ((char __user *)src) + alen; | |
75 | pseg = &msg->next; | |
76 | while (len > 0) { | |
77 | struct msg_msgseg *seg; | |
78 | alen = len; | |
79 | if (alen > DATALEN_SEG) | |
80 | alen = DATALEN_SEG; | |
5cbded58 | 81 | seg = kmalloc(sizeof(*seg) + alen, |
1da177e4 LT |
82 | GFP_KERNEL); |
83 | if (seg == NULL) { | |
84 | err = -ENOMEM; | |
85 | goto out_err; | |
86 | } | |
87 | *pseg = seg; | |
88 | seg->next = NULL; | |
89 | if (copy_from_user(seg + 1, src, alen)) { | |
90 | err = -EFAULT; | |
91 | goto out_err; | |
92 | } | |
93 | pseg = &seg->next; | |
94 | len -= alen; | |
95 | src = ((char __user *)src) + alen; | |
96 | } | |
97 | ||
98 | err = security_msg_msg_alloc(msg); | |
99 | if (err) | |
100 | goto out_err; | |
101 | ||
102 | return msg; | |
103 | ||
104 | out_err: | |
105 | free_msg(msg); | |
106 | return ERR_PTR(err); | |
107 | } | |
108 | ||
109 | int store_msg(void __user *dest, struct msg_msg *msg, int len) | |
110 | { | |
111 | int alen; | |
112 | struct msg_msgseg *seg; | |
113 | ||
114 | alen = len; | |
115 | if (alen > DATALEN_MSG) | |
116 | alen = DATALEN_MSG; | |
117 | if (copy_to_user(dest, msg + 1, alen)) | |
118 | return -1; | |
119 | ||
120 | len -= alen; | |
121 | dest = ((char __user *)dest) + alen; | |
122 | seg = msg->next; | |
123 | while (len > 0) { | |
124 | alen = len; | |
125 | if (alen > DATALEN_SEG) | |
126 | alen = DATALEN_SEG; | |
127 | if (copy_to_user(dest, seg + 1, alen)) | |
128 | return -1; | |
129 | len -= alen; | |
130 | dest = ((char __user *)dest) + alen; | |
131 | seg = seg->next; | |
132 | } | |
133 | return 0; | |
134 | } | |
135 | ||
136 | void free_msg(struct msg_msg *msg) | |
137 | { | |
138 | struct msg_msgseg *seg; | |
139 | ||
140 | security_msg_msg_free(msg); | |
141 | ||
142 | seg = msg->next; | |
143 | kfree(msg); | |
144 | while (seg != NULL) { | |
145 | struct msg_msgseg *tmp = seg->next; | |
146 | kfree(seg); | |
147 | seg = tmp; | |
148 | } | |
149 | } |