Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* scm.c - Socket level control messages processing. |
3 | * | |
4 | * Author: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | |
5 | * Alignment and value checking mods by Craig Metz | |
1da177e4 LT |
6 | */ |
7 | ||
8 | #include <linux/module.h> | |
9 | #include <linux/signal.h> | |
4fc268d2 | 10 | #include <linux/capability.h> |
1da177e4 LT |
11 | #include <linux/errno.h> |
12 | #include <linux/sched.h> | |
8703e8a4 | 13 | #include <linux/sched/user.h> |
1da177e4 LT |
14 | #include <linux/mm.h> |
15 | #include <linux/kernel.h> | |
1da177e4 LT |
16 | #include <linux/stat.h> |
17 | #include <linux/socket.h> | |
18 | #include <linux/file.h> | |
19 | #include <linux/fcntl.h> | |
20 | #include <linux/net.h> | |
21 | #include <linux/interrupt.h> | |
22 | #include <linux/netdevice.h> | |
23 | #include <linux/security.h> | |
92f28d97 | 24 | #include <linux/pid_namespace.h> |
b488893a PE |
25 | #include <linux/pid.h> |
26 | #include <linux/nsproxy.h> | |
5a0e3ad6 | 27 | #include <linux/slab.h> |
9718475e | 28 | #include <linux/errqueue.h> |
1da177e4 | 29 | |
7c0f6ba6 | 30 | #include <linux/uaccess.h> |
1da177e4 LT |
31 | |
32 | #include <net/protocol.h> | |
33 | #include <linux/skbuff.h> | |
34 | #include <net/sock.h> | |
35 | #include <net/compat.h> | |
36 | #include <net/scm.h> | |
d8429506 | 37 | #include <net/cls_cgroup.h> |
1da177e4 LT |
38 | |
39 | ||
40 | /* | |
4ec93edb | 41 | * Only allow a user to send credentials, that they could set with |
1da177e4 LT |
42 | * setu(g)id. |
43 | */ | |
44 | ||
45 | static __inline__ int scm_check_creds(struct ucred *creds) | |
46 | { | |
86a264ab | 47 | const struct cred *cred = current_cred(); |
b2e4f544 EB |
48 | kuid_t uid = make_kuid(cred->user_ns, creds->uid); |
49 | kgid_t gid = make_kgid(cred->user_ns, creds->gid); | |
50 | ||
51 | if (!uid_valid(uid) || !gid_valid(gid)) | |
52 | return -EINVAL; | |
b6dff3ec | 53 | |
92f28d97 | 54 | if ((creds->pid == task_tgid_vnr(current) || |
d661684c | 55 | ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && |
b2e4f544 | 56 | ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || |
c7b96acf | 57 | uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && |
b2e4f544 | 58 | ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || |
c7b96acf | 59 | gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { |
1da177e4 LT |
60 | return 0; |
61 | } | |
62 | return -EPERM; | |
63 | } | |
64 | ||
65 | static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) | |
66 | { | |
67 | int *fdp = (int*)CMSG_DATA(cmsg); | |
68 | struct scm_fp_list *fpl = *fplp; | |
69 | struct file **fpp; | |
70 | int i, num; | |
71 | ||
1ff8cebf | 72 | num = (cmsg->cmsg_len - sizeof(struct cmsghdr))/sizeof(int); |
1da177e4 LT |
73 | |
74 | if (num <= 0) | |
75 | return 0; | |
76 | ||
77 | if (num > SCM_MAX_FD) | |
78 | return -EINVAL; | |
79 | ||
80 | if (!fpl) | |
81 | { | |
82 | fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); | |
83 | if (!fpl) | |
84 | return -ENOMEM; | |
85 | *fplp = fpl; | |
86 | fpl->count = 0; | |
bba14de9 | 87 | fpl->max = SCM_MAX_FD; |
415e3d3e | 88 | fpl->user = NULL; |
1da177e4 LT |
89 | } |
90 | fpp = &fpl->fp[fpl->count]; | |
91 | ||
bba14de9 | 92 | if (fpl->count + num > fpl->max) |
1da177e4 | 93 | return -EINVAL; |
4ec93edb | 94 | |
1da177e4 LT |
95 | /* |
96 | * Verify the descriptors and increment the usage count. | |
97 | */ | |
4ec93edb | 98 | |
1da177e4 LT |
99 | for (i=0; i< num; i++) |
100 | { | |
101 | int fd = fdp[i]; | |
102 | struct file *file; | |
103 | ||
326be7b4 | 104 | if (fd < 0 || !(file = fget_raw(fd))) |
1da177e4 LT |
105 | return -EBADF; |
106 | *fpp++ = file; | |
107 | fpl->count++; | |
108 | } | |
415e3d3e HFS |
109 | |
110 | if (!fpl->user) | |
111 | fpl->user = get_uid(current_user()); | |
112 | ||
1da177e4 LT |
113 | return num; |
114 | } | |
115 | ||
116 | void __scm_destroy(struct scm_cookie *scm) | |
117 | { | |
118 | struct scm_fp_list *fpl = scm->fp; | |
119 | int i; | |
120 | ||
121 | if (fpl) { | |
122 | scm->fp = NULL; | |
6120d3db AV |
123 | for (i=fpl->count-1; i>=0; i--) |
124 | fput(fpl->fp[i]); | |
415e3d3e | 125 | free_uid(fpl->user); |
6120d3db | 126 | kfree(fpl); |
1da177e4 LT |
127 | } |
128 | } | |
9e34a5b5 | 129 | EXPORT_SYMBOL(__scm_destroy); |
1da177e4 LT |
130 | |
131 | int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p) | |
132 | { | |
133 | struct cmsghdr *cmsg; | |
134 | int err; | |
135 | ||
f95b414e | 136 | for_each_cmsghdr(cmsg, msg) { |
1da177e4 LT |
137 | err = -EINVAL; |
138 | ||
139 | /* Verify that cmsg_len is at least sizeof(struct cmsghdr) */ | |
140 | /* The first check was omitted in <= 2.2.5. The reasoning was | |
141 | that parser checks cmsg_len in any case, so that | |
142 | additional check would be work duplication. | |
4ec93edb | 143 | But if cmsg_level is not SOL_SOCKET, we do not check |
1da177e4 LT |
144 | for too short ancillary data object at all! Oops. |
145 | OK, let's add it... | |
146 | */ | |
147 | if (!CMSG_OK(msg, cmsg)) | |
148 | goto error; | |
149 | ||
150 | if (cmsg->cmsg_level != SOL_SOCKET) | |
151 | continue; | |
152 | ||
153 | switch (cmsg->cmsg_type) | |
154 | { | |
155 | case SCM_RIGHTS: | |
76dadd76 EB |
156 | if (!sock->ops || sock->ops->family != PF_UNIX) |
157 | goto error; | |
1da177e4 LT |
158 | err=scm_fp_copy(cmsg, &p->fp); |
159 | if (err<0) | |
160 | goto error; | |
161 | break; | |
162 | case SCM_CREDENTIALS: | |
b2e4f544 | 163 | { |
dbe9a417 | 164 | struct ucred creds; |
b2e4f544 EB |
165 | kuid_t uid; |
166 | kgid_t gid; | |
1da177e4 LT |
167 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) |
168 | goto error; | |
dbe9a417 EB |
169 | memcpy(&creds, CMSG_DATA(cmsg), sizeof(struct ucred)); |
170 | err = scm_check_creds(&creds); | |
1da177e4 LT |
171 | if (err) |
172 | goto error; | |
257b5358 | 173 | |
dbe9a417 EB |
174 | p->creds.pid = creds.pid; |
175 | if (!p->pid || pid_vnr(p->pid) != creds.pid) { | |
257b5358 EB |
176 | struct pid *pid; |
177 | err = -ESRCH; | |
dbe9a417 | 178 | pid = find_get_pid(creds.pid); |
257b5358 EB |
179 | if (!pid) |
180 | goto error; | |
181 | put_pid(p->pid); | |
182 | p->pid = pid; | |
183 | } | |
184 | ||
b2e4f544 | 185 | err = -EINVAL; |
dbe9a417 EB |
186 | uid = make_kuid(current_user_ns(), creds.uid); |
187 | gid = make_kgid(current_user_ns(), creds.gid); | |
b2e4f544 EB |
188 | if (!uid_valid(uid) || !gid_valid(gid)) |
189 | goto error; | |
190 | ||
dbe9a417 EB |
191 | p->creds.uid = uid; |
192 | p->creds.gid = gid; | |
1da177e4 | 193 | break; |
b2e4f544 | 194 | } |
1da177e4 LT |
195 | default: |
196 | goto error; | |
197 | } | |
198 | } | |
199 | ||
200 | if (p->fp && !p->fp->count) | |
201 | { | |
202 | kfree(p->fp); | |
203 | p->fp = NULL; | |
204 | } | |
205 | return 0; | |
4ec93edb | 206 | |
1da177e4 LT |
207 | error: |
208 | scm_destroy(p); | |
209 | return err; | |
210 | } | |
9e34a5b5 | 211 | EXPORT_SYMBOL(__scm_send); |
1da177e4 LT |
212 | |
213 | int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) | |
214 | { | |
cfcabdcc SH |
215 | struct cmsghdr __user *cm |
216 | = (__force struct cmsghdr __user *)msg->msg_control; | |
1da177e4 LT |
217 | struct cmsghdr cmhdr; |
218 | int cmlen = CMSG_LEN(len); | |
219 | int err; | |
220 | ||
221 | if (MSG_CMSG_COMPAT & msg->msg_flags) | |
222 | return put_cmsg_compat(msg, level, type, len, data); | |
223 | ||
224 | if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { | |
225 | msg->msg_flags |= MSG_CTRUNC; | |
226 | return 0; /* XXX: return error? check spec. */ | |
227 | } | |
228 | if (msg->msg_controllen < cmlen) { | |
229 | msg->msg_flags |= MSG_CTRUNC; | |
230 | cmlen = msg->msg_controllen; | |
231 | } | |
232 | cmhdr.cmsg_level = level; | |
233 | cmhdr.cmsg_type = type; | |
234 | cmhdr.cmsg_len = cmlen; | |
235 | ||
236 | err = -EFAULT; | |
237 | if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) | |
4ec93edb | 238 | goto out; |
1da177e4 LT |
239 | if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) |
240 | goto out; | |
241 | cmlen = CMSG_SPACE(len); | |
1ac70e7a WY |
242 | if (msg->msg_controllen < cmlen) |
243 | cmlen = msg->msg_controllen; | |
1da177e4 LT |
244 | msg->msg_control += cmlen; |
245 | msg->msg_controllen -= cmlen; | |
246 | err = 0; | |
247 | out: | |
248 | return err; | |
249 | } | |
9e34a5b5 | 250 | EXPORT_SYMBOL(put_cmsg); |
1da177e4 | 251 | |
9718475e DD |
252 | void put_cmsg_scm_timestamping64(struct msghdr *msg, struct scm_timestamping_internal *tss_internal) |
253 | { | |
254 | struct scm_timestamping64 tss; | |
255 | int i; | |
256 | ||
257 | for (i = 0; i < ARRAY_SIZE(tss.ts); i++) { | |
258 | tss.ts[i].tv_sec = tss_internal->ts[i].tv_sec; | |
259 | tss.ts[i].tv_nsec = tss_internal->ts[i].tv_nsec; | |
260 | } | |
261 | ||
262 | put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPING_NEW, sizeof(tss), &tss); | |
263 | } | |
264 | EXPORT_SYMBOL(put_cmsg_scm_timestamping64); | |
265 | ||
266 | void put_cmsg_scm_timestamping(struct msghdr *msg, struct scm_timestamping_internal *tss_internal) | |
267 | { | |
268 | struct scm_timestamping tss; | |
269 | int i; | |
270 | ||
271 | for (i = 0; i < ARRAY_SIZE(tss.ts); i++) | |
272 | tss.ts[i] = timespec64_to_timespec(tss_internal->ts[i]); | |
273 | ||
274 | put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPING_OLD, sizeof(tss), &tss); | |
275 | } | |
276 | EXPORT_SYMBOL(put_cmsg_scm_timestamping); | |
277 | ||
1da177e4 LT |
278 | void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) |
279 | { | |
cfcabdcc SH |
280 | struct cmsghdr __user *cm |
281 | = (__force struct cmsghdr __user*)msg->msg_control; | |
1da177e4 LT |
282 | |
283 | int fdmax = 0; | |
284 | int fdnum = scm->fp->count; | |
285 | struct file **fp = scm->fp->fp; | |
286 | int __user *cmfptr; | |
287 | int err = 0, i; | |
288 | ||
289 | if (MSG_CMSG_COMPAT & msg->msg_flags) { | |
290 | scm_detach_fds_compat(msg, scm); | |
291 | return; | |
292 | } | |
293 | ||
294 | if (msg->msg_controllen > sizeof(struct cmsghdr)) | |
295 | fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr)) | |
296 | / sizeof(int)); | |
297 | ||
298 | if (fdnum < fdmax) | |
299 | fdmax = fdnum; | |
300 | ||
cfcabdcc SH |
301 | for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax; |
302 | i++, cmfptr++) | |
1da177e4 | 303 | { |
48a87cc2 | 304 | struct socket *sock; |
1da177e4 LT |
305 | int new_fd; |
306 | err = security_file_receive(fp[i]); | |
307 | if (err) | |
308 | break; | |
4a19542e UD |
309 | err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags |
310 | ? O_CLOEXEC : 0); | |
1da177e4 LT |
311 | if (err < 0) |
312 | break; | |
313 | new_fd = err; | |
314 | err = put_user(new_fd, cmfptr); | |
315 | if (err) { | |
316 | put_unused_fd(new_fd); | |
317 | break; | |
318 | } | |
319 | /* Bump the usage count and install the file. */ | |
48a87cc2 | 320 | sock = sock_from_file(fp[i], &err); |
d8429506 | 321 | if (sock) { |
2a56a1fe TH |
322 | sock_update_netprioidx(&sock->sk->sk_cgrp_data); |
323 | sock_update_classid(&sock->sk->sk_cgrp_data); | |
d8429506 | 324 | } |
cb0942b8 | 325 | fd_install(new_fd, get_file(fp[i])); |
1da177e4 LT |
326 | } |
327 | ||
328 | if (i > 0) | |
329 | { | |
330 | int cmlen = CMSG_LEN(i*sizeof(int)); | |
effee6a0 | 331 | err = put_user(SOL_SOCKET, &cm->cmsg_level); |
1da177e4 LT |
332 | if (!err) |
333 | err = put_user(SCM_RIGHTS, &cm->cmsg_type); | |
334 | if (!err) | |
335 | err = put_user(cmlen, &cm->cmsg_len); | |
336 | if (!err) { | |
337 | cmlen = CMSG_SPACE(i*sizeof(int)); | |
6900317f DB |
338 | if (msg->msg_controllen < cmlen) |
339 | cmlen = msg->msg_controllen; | |
1da177e4 LT |
340 | msg->msg_control += cmlen; |
341 | msg->msg_controllen -= cmlen; | |
342 | } | |
343 | } | |
344 | if (i < fdnum || (fdnum && fdmax <= 0)) | |
345 | msg->msg_flags |= MSG_CTRUNC; | |
346 | ||
347 | /* | |
348 | * All of the files that fit in the message have had their | |
349 | * usage counts incremented, so we just free the list. | |
350 | */ | |
351 | __scm_destroy(scm); | |
352 | } | |
9e34a5b5 | 353 | EXPORT_SYMBOL(scm_detach_fds); |
1da177e4 LT |
354 | |
355 | struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) | |
356 | { | |
357 | struct scm_fp_list *new_fpl; | |
358 | int i; | |
359 | ||
360 | if (!fpl) | |
361 | return NULL; | |
362 | ||
bba14de9 ED |
363 | new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]), |
364 | GFP_KERNEL); | |
1da177e4 | 365 | if (new_fpl) { |
bba14de9 | 366 | for (i = 0; i < fpl->count; i++) |
1da177e4 | 367 | get_file(fpl->fp[i]); |
bba14de9 | 368 | new_fpl->max = new_fpl->count; |
415e3d3e | 369 | new_fpl->user = get_uid(fpl->user); |
1da177e4 LT |
370 | } |
371 | return new_fpl; | |
372 | } | |
1da177e4 | 373 | EXPORT_SYMBOL(scm_fp_dup); |