static int semctl_down(int semid, int semnum, int cmd, int version, union semun arg)
{
struct sem_array *sma;
int err;
struct sem_setbuf setbuf;
struct kern_ipc_perm *ipcp;
if(cmd == IPC_SET) {
if(copy_semid_from_user (&setbuf, arg.buf, version))
return -EFAULT;
}
sma = sem_write_lock(semid);
if(sma==NULL)
return -EINVAL;
if (sem_checkid(sma,semid)) {
err=-EIDRM;
goto out_unlock;
}
ipcp = &sma->sem_perm;
if (current->euid != ipcp->cuid &&
current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
err=-EPERM;
goto out_unlock;
}
switch(cmd){
case IPC_RMID:
freeary(semid);
err = 0;
break;
case IPC_SET:
ipcp->uid = setbuf.uid;
ipcp->gid = setbuf.gid;
ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
| (setbuf.mode & S_IRWXUGO);
sma->sem_ctime = CURRENT_TIME;
sem_write_unlock(semid);
err = 0;
break;
default:
sem_write_unlock(semid);
err = -EINVAL;
break;
}
return err;
out_unlock:
sem_write_unlock(semid);
return err;
}
int sys_semctl (int semid, int semnum, int cmd, union semun arg)
{
struct semid_ds *buf = NULL;
struct semid_ds tbuf;
int i, id, val = 0;
struct semid_ds *sma;
struct ipc_perm *ipcp;
struct sem *curr = NULL;
struct sem_undo *un;
unsigned int nsems;
ushort *array = NULL;
ushort sem_io[SEMMSL];
if (semid < 0 || semnum < 0 || cmd < 0)
return -EINVAL;
switch (cmd) {
case IPC_INFO:
case SEM_INFO:
{
struct seminfo seminfo, *tmp = arg.__buf;
seminfo.semmni = SEMMNI;
seminfo.semmns = SEMMNS;
seminfo.semmsl = SEMMSL;
seminfo.semopm = SEMOPM;
seminfo.semvmx = SEMVMX;
seminfo.semmnu = SEMMNU;
seminfo.semmap = SEMMAP;
seminfo.semume = SEMUME;
seminfo.semusz = SEMUSZ;
seminfo.semaem = SEMAEM;
if (cmd == SEM_INFO) {
seminfo.semusz = used_semids;
seminfo.semaem = used_sems;
}
i = verify_area(VERIFY_WRITE, tmp, sizeof(struct seminfo));
if (i)
return i;
memcpy_tofs (tmp, &seminfo, sizeof(struct seminfo));
return max_semid;
}
case SEM_STAT:
buf = arg.buf;
i = verify_area (VERIFY_WRITE, buf, sizeof (*buf));
if (i)
return i;
if (semid > max_semid)
return -EINVAL;
sma = semary[semid];
if (sma == IPC_UNUSED || sma == IPC_NOID)
return -EINVAL;
if (ipcperms (&sma->sem_perm, S_IRUGO))
return -EACCES;
id = (unsigned int) sma->sem_perm.seq * SEMMNI + semid;
tbuf.sem_perm = sma->sem_perm;
tbuf.sem_otime = sma->sem_otime;
tbuf.sem_ctime = sma->sem_ctime;
tbuf.sem_nsems = sma->sem_nsems;
memcpy_tofs (buf, &tbuf, sizeof(*buf));
return id;
}
id = (unsigned int) semid % SEMMNI;
sma = semary [id];
if (sma == IPC_UNUSED || sma == IPC_NOID)
return -EINVAL;
ipcp = &sma->sem_perm;
nsems = sma->sem_nsems;
if (sma->sem_perm.seq != (unsigned int) semid / SEMMNI)
return -EIDRM;
switch (cmd) {
case GETVAL:
case GETPID:
case GETNCNT:
case GETZCNT:
case SETVAL:
if (semnum >= nsems)
return -EINVAL;
curr = &sma->sem_base[semnum];
break;
}
switch (cmd) {
case GETVAL:
case GETPID:
case GETNCNT:
case GETZCNT:
case GETALL:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
switch (cmd) {
case GETVAL : return curr->semval;
case GETPID : return curr->sempid;
case GETNCNT: return count_semncnt(sma,semnum);
case GETZCNT: return count_semzcnt(sma,semnum);
case GETALL:
array = arg.array;
i = verify_area (VERIFY_WRITE, array, nsems*sizeof(ushort));
if (i)
return i;
}
break;
case SETVAL:
val = arg.val;
if (val > SEMVMX || val < 0)
return -ERANGE;
break;
case IPC_RMID:
if (suser() || current->euid == ipcp->cuid || current->euid == ipcp->uid) {
freeary (id);
return 0;
}
return -EPERM;
case SETALL: /* arg is a pointer to an array of ushort */
array = arg.array;
if ((i = verify_area (VERIFY_READ, array, nsems*sizeof(ushort))))
return i;
memcpy_fromfs (sem_io, array, nsems*sizeof(ushort));
for (i = 0; i < nsems; i++)
if (sem_io[i] > SEMVMX)
return -ERANGE;
break;
case IPC_STAT:
buf = arg.buf;
if ((i = verify_area (VERIFY_WRITE, buf, sizeof(*buf))))
return i;
break;
case IPC_SET:
buf = arg.buf;
if ((i = verify_area (VERIFY_READ, buf, sizeof (*buf))))
return i;
memcpy_fromfs (&tbuf, buf, sizeof (*buf));
break;
}
if (semary[id] == IPC_UNUSED || semary[id] == IPC_NOID)
return -EIDRM;
if (sma->sem_perm.seq != (unsigned int) semid / SEMMNI)
return -EIDRM;
switch (cmd) {
case GETALL:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
for (i = 0; i < sma->sem_nsems; i++)
sem_io[i] = sma->sem_base[i].semval;
memcpy_tofs (array, sem_io, nsems*sizeof(ushort));
break;
case SETVAL:
if (ipcperms (ipcp, S_IWUGO))
return -EACCES;
for (un = sma->undo; un; un = un->id_next)
un->semadj[semnum] = 0;
curr->semval = val;
sma->sem_ctime = CURRENT_TIME;
/* maybe some queued-up processes were waiting for this */
update_queue(sma);
break;
case IPC_SET:
if (suser() || current->euid == ipcp->cuid || current->euid == ipcp->uid) {
ipcp->uid = tbuf.sem_perm.uid;
ipcp->gid = tbuf.sem_perm.gid;
ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
| (tbuf.sem_perm.mode & S_IRWXUGO);
sma->sem_ctime = CURRENT_TIME;
return 0;
}
return -EPERM;
case IPC_STAT:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
tbuf.sem_perm = sma->sem_perm;
tbuf.sem_otime = sma->sem_otime;
tbuf.sem_ctime = sma->sem_ctime;
tbuf.sem_nsems = sma->sem_nsems;
memcpy_tofs (buf, &tbuf, sizeof(*buf));
break;
case SETALL:
if (ipcperms (ipcp, S_IWUGO))
return -EACCES;
for (i = 0; i < nsems; i++)
sma->sem_base[i].semval = sem_io[i];
for (un = sma->undo; un; un = un->id_next)
for (i = 0; i < nsems; i++)
un->semadj[i] = 0;
sma->sem_ctime = CURRENT_TIME;
/* maybe some queued-up processes were waiting for this */
update_queue(sma);
break;
default:
return -EINVAL;
}
return 0;
}
asmlinkage int sys_semctl (int semid, int semnum, int cmd, union semun arg)
{
struct semid_ds *buf = NULL;
struct semid_ds tbuf;
int i, id, val = 0;
struct semid_ds *sma;
struct ipc_perm *ipcp;
struct sem *curr = NULL;
struct sem_undo *un;
unsigned int nsems;
ushort *array = NULL;
ushort sem_io[SEMMSL];
int err = -EINVAL;
lock_kernel();
if (semid < 0 || semnum < 0 || cmd < 0)
goto out;
switch (cmd) {
case IPC_INFO:
case SEM_INFO:
{
struct seminfo seminfo, *tmp = arg.__buf;
seminfo.semmni = SEMMNI;
seminfo.semmns = SEMMNS;
seminfo.semmsl = SEMMSL;
seminfo.semopm = SEMOPM;
seminfo.semvmx = SEMVMX;
seminfo.semmnu = SEMMNU;
seminfo.semmap = SEMMAP;
seminfo.semume = SEMUME;
seminfo.semusz = SEMUSZ;
seminfo.semaem = SEMAEM;
if (cmd == SEM_INFO) {
seminfo.semusz = used_semids;
seminfo.semaem = used_sems;
}
err = -EFAULT;
if (copy_to_user (tmp, &seminfo, sizeof(struct seminfo)))
goto out;
err = max_semid;
goto out;
}
case SEM_STAT:
buf = arg.buf;
err = -EINVAL;
if (semid > max_semid)
goto out;
sma = semary[semid];
if (sma == IPC_UNUSED || sma == IPC_NOID)
goto out;
err = -EACCES;
if (ipcperms (&sma->sem_perm, S_IRUGO))
goto out;
id = (unsigned int) sma->sem_perm.seq * SEMMNI + semid;
tbuf.sem_perm = sma->sem_perm;
tbuf.sem_otime = sma->sem_otime;
tbuf.sem_ctime = sma->sem_ctime;
tbuf.sem_nsems = sma->sem_nsems;
err = -EFAULT;
if (copy_to_user (buf, &tbuf, sizeof(*buf)) == 0)
err = id;
goto out;
}
id = (unsigned int) semid % SEMMNI;
sma = semary [id];
err = -EINVAL;
if (sma == IPC_UNUSED || sma == IPC_NOID)
goto out;
ipcp = &sma->sem_perm;
nsems = sma->sem_nsems;
err = -EIDRM;
if (sma->sem_perm.seq != (unsigned int) semid / SEMMNI)
goto out;
switch (cmd) {
case GETVAL:
case GETPID:
case GETNCNT:
case GETZCNT:
case SETVAL:
err = -EINVAL;
if (semnum >= nsems)
goto out;
curr = &sma->sem_base[semnum];
break;
}
switch (cmd) {
case GETVAL:
case GETPID:
case GETNCNT:
case GETZCNT:
case GETALL:
err = -EACCES;
if (ipcperms (ipcp, S_IRUGO))
goto out;
switch (cmd) {
case GETVAL : err = curr->semval; goto out;
case GETPID : err = curr->sempid & 0xffff; goto out;
case GETNCNT: err = count_semncnt(sma,semnum); goto out;
case GETZCNT: err = count_semzcnt(sma,semnum); goto out;
case GETALL:
array = arg.array;
break;
}
break;
case SETVAL:
val = arg.val;
err = -ERANGE;
if (val > SEMVMX || val < 0)
goto out;
break;
case IPC_RMID:
if (current->euid == ipcp->cuid ||
current->euid == ipcp->uid || capable(CAP_SYS_ADMIN)) {
freeary (id);
err = 0;
goto out;
}
err = -EPERM;
goto out;
case SETALL: /* arg is a pointer to an array of ushort */
array = arg.array;
err = -EFAULT;
if (copy_from_user (sem_io, array, nsems*sizeof(ushort)))
goto out;
err = 0;
for (i = 0; i < nsems; i++)
if (sem_io[i] > SEMVMX) {
err = -ERANGE;
goto out;
}
break;
case IPC_STAT:
buf = arg.buf;
break;
case IPC_SET:
buf = arg.buf;
err = copy_from_user (&tbuf, buf, sizeof (*buf));
if (err)
err = -EFAULT;
break;
}
err = -EIDRM;
if (semary[id] == IPC_UNUSED || semary[id] == IPC_NOID)
goto out;
if (sma->sem_perm.seq != (unsigned int) semid / SEMMNI)
goto out;
switch (cmd) {
case GETALL:
err = -EACCES;
if (ipcperms (ipcp, S_IRUGO))
goto out;
for (i = 0; i < sma->sem_nsems; i++)
sem_io[i] = sma->sem_base[i].semval;
if (copy_to_user (array, sem_io, nsems*sizeof(ushort)))
err = -EFAULT;
break;
case SETVAL:
err = -EACCES;
if (ipcperms (ipcp, S_IWUGO))
goto out;
for (un = sma->undo; un; un = un->id_next)
un->semadj[semnum] = 0;
curr->semval = val;
sma->sem_ctime = CURRENT_TIME;
/* maybe some queued-up processes were waiting for this */
update_queue(sma);
break;
case IPC_SET:
if (current->euid == ipcp->cuid ||
current->euid == ipcp->uid || capable(CAP_SYS_ADMIN)) {
ipcp->uid = tbuf.sem_perm.uid;
ipcp->gid = tbuf.sem_perm.gid;
ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
| (tbuf.sem_perm.mode & S_IRWXUGO);
sma->sem_ctime = CURRENT_TIME;
err = 0;
goto out;
}
err = -EPERM;
goto out;
case IPC_STAT:
err = -EACCES;
if (ipcperms (ipcp, S_IRUGO))
goto out;
tbuf.sem_perm = sma->sem_perm;
tbuf.sem_otime = sma->sem_otime;
tbuf.sem_ctime = sma->sem_ctime;
tbuf.sem_nsems = sma->sem_nsems;
if (copy_to_user (buf, &tbuf, sizeof(*buf)))
err = -EFAULT;
break;
case SETALL:
err = -EACCES;
if (ipcperms (ipcp, S_IWUGO))
goto out;
for (i = 0; i < nsems; i++)
sma->sem_base[i].semval = sem_io[i];
for (un = sma->undo; un; un = un->id_next)
for (i = 0; i < nsems; i++)
un->semadj[i] = 0;
sma->sem_ctime = CURRENT_TIME;
/* maybe some queued-up processes were waiting for this */
update_queue(sma);
break;
default:
err = -EINVAL;
goto out;
}
err = 0;
out:
unlock_kernel();
return err;
}
int sys_semctl (int semid, int semnum, int cmd, void *arg)
{
int i, id, val = 0;
struct semid_ds *sma, *buf = NULL, tbuf;
struct ipc_perm *ipcp;
struct sem *curr;
struct sem_undo *un;
ushort nsems, *array = NULL;
ushort sem_io[SEMMSL];
if (semid < 0 || semnum < 0 || cmd < 0)
return -EINVAL;
switch (cmd) {
case IPC_INFO:
case SEM_INFO:
{
struct seminfo seminfo, *tmp;
if (!arg || ! (tmp = (struct seminfo *) get_fs_long((int *)arg)))
return -EFAULT;
seminfo.semmni = SEMMNI;
seminfo.semmns = SEMMNS;
seminfo.semmsl = SEMMSL;
seminfo.semopm = SEMOPM;
seminfo.semvmx = SEMVMX;
seminfo.semmnu = SEMMNU;
seminfo.semmap = SEMMAP;
seminfo.semume = SEMUME;
seminfo.semusz = SEMUSZ;
seminfo.semaem = SEMAEM;
if (cmd == SEM_INFO) {
seminfo.semusz = used_semids;
seminfo.semaem = used_sems;
}
i= verify_area(VERIFY_WRITE, tmp, sizeof(struct seminfo));
if (i)
return i;
memcpy_tofs (tmp, &seminfo, sizeof(struct seminfo));
return max_semid;
}
case SEM_STAT:
if (!arg || ! (buf = (struct semid_ds *) get_fs_long((int *) arg)))
return -EFAULT;
i = verify_area (VERIFY_WRITE, buf, sizeof (*sma));
if (i)
return i;
if (semid > max_semid)
return -EINVAL;
sma = semary[semid];
if (sma == IPC_UNUSED || sma == IPC_NOID)
return -EINVAL;
if (ipcperms (&sma->sem_perm, S_IRUGO))
return -EACCES;
id = semid + sma->sem_perm.seq * SEMMNI;
memcpy_tofs (buf, sma, sizeof(*sma));
return id;
}
id = semid % SEMMNI;
sma = semary [id];
if (sma == IPC_UNUSED || sma == IPC_NOID)
return -EINVAL;
ipcp = &sma->sem_perm;
nsems = sma->sem_nsems;
if (ipcp->seq != semid / SEMMNI)
return -EIDRM;
if (semnum >= nsems)
return -EINVAL;
curr = &sma->sem_base[semnum];
switch (cmd) {
case GETVAL:
case GETPID:
case GETNCNT:
case GETZCNT:
case GETALL:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
switch (cmd) {
case GETVAL : return curr->semval;
case GETPID : return curr->sempid;
case GETNCNT: return curr->semncnt;
case GETZCNT: return curr->semzcnt;
case GETALL:
if (!arg || ! (array = (ushort *) get_fs_long((int *) arg)))
return -EFAULT;
i = verify_area (VERIFY_WRITE, array, nsems*sizeof(short));
if (i)
return i;
}
break;
case SETVAL:
if (!arg)
return -EFAULT;
if ((val = (int) get_fs_long ((int *) arg)) > SEMVMX || val < 0)
return -ERANGE;
break;
case IPC_RMID:
if (suser() || current->euid == ipcp->cuid ||
current->euid == ipcp->uid) {
freeary (id);
return 0;
}
return -EPERM;
case SETALL: /* arg is a pointer to an array of ushort */
if (!arg || ! (array = (ushort *) get_fs_long ((int *) arg)) )
return -EFAULT;
if ((i = verify_area (VERIFY_READ, array, sizeof tbuf)))
return i;
memcpy_fromfs (sem_io, array, nsems*sizeof(ushort));
for (i=0; i< nsems; i++)
if (sem_io[i] > SEMVMX)
return -ERANGE;
break;
case IPC_STAT:
if (!arg || !(buf = (struct semid_ds *) get_fs_long((int *) arg)))
return -EFAULT;
if ((i = verify_area (VERIFY_WRITE, buf, sizeof(*sma))))
return i;
break;
case IPC_SET:
if (!arg || !(buf = (struct semid_ds *) get_fs_long((int *) arg)))
return -EFAULT;
if ((i = verify_area (VERIFY_READ, buf, sizeof tbuf)))
return i;
memcpy_fromfs (&tbuf, buf, sizeof tbuf);
break;
}
if (semary[id] == IPC_UNUSED || semary[id] == IPC_NOID)
return -EIDRM;
if (ipcp->seq != semid / SEMMNI)
return -EIDRM;
switch (cmd) {
case GETALL:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
for (i=0; i< sma->sem_nsems; i++)
sem_io[i] = sma->sem_base[i].semval;
memcpy_tofs (array, sem_io, nsems*sizeof(ushort));
break;
case SETVAL:
if (ipcperms (ipcp, S_IWUGO))
return -EACCES;
for (un = sma->undo; un; un = un->id_next)
if (semnum == un->sem_num)
un->semadj = 0;
sma->sem_ctime = CURRENT_TIME;
curr->semval = val;
if (sma->eventn)
wake_up (&sma->eventn);
if (sma->eventz)
wake_up (&sma->eventz);
break;
case IPC_SET:
if (suser() || current->euid == ipcp->cuid ||
current->euid == ipcp->uid) {
ipcp->uid = tbuf.sem_perm.uid;
ipcp->gid = tbuf.sem_perm.gid;
ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
| (tbuf.sem_perm.mode & S_IRWXUGO);
sma->sem_ctime = CURRENT_TIME;
return 0;
}
return -EPERM;
case IPC_STAT:
if (ipcperms (ipcp, S_IRUGO))
return -EACCES;
memcpy_tofs (buf, sma, sizeof (*sma));
break;
case SETALL:
if (ipcperms (ipcp, S_IWUGO))
return -EACCES;
for (i=0; i<nsems; i++)
sma->sem_base[i].semval = sem_io[i];
for (un = sma->undo; un; un = un->id_next)
un->semadj = 0;
if (sma->eventn)
wake_up (&sma->eventn);
if (sma->eventz)
wake_up (&sma->eventz);
sma->sem_ctime = CURRENT_TIME;
break;
default:
return -EINVAL;
}
return 0;
}
