1 /* Copyright (C) 2002-2021 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
19 #include <futex-internal.h>
22 #include <lowlevellock.h>
26 /* Check for consistency across set*id system call results. The abort
27 should not happen as long as all privileges changes happen through
28 the glibc wrappers. ERROR must be 0 (no error) or an errno
31 setxid_error (struct xid_command
*cmdp
, int error
)
35 int olderror
= cmdp
->error
;
36 if (olderror
== error
)
40 /* Mismatch between current and previous results. Save the
41 error value to memory so that is not clobbered by the
42 abort function and preserved in coredumps. */
43 volatile int xid_err
__attribute__ ((unused
)) = error
;
47 while (atomic_compare_and_exchange_bool_acq (&cmdp
->error
, error
, -1));
50 /* Set by __nptl_setxid and used by __nptl_setxid_sighandler. */
51 static struct xid_command
*xidcmd
;
53 /* We use the SIGSETXID signal in the setuid, setgid, etc. implementations to
54 tell each thread to call the respective setxid syscall on itself. This is
57 __nptl_setxid_sighandler (int sig
, siginfo_t
*si
, void *ctx
)
61 /* Safety check. It would be possible to call this function for
62 other signals and send a signal from another process. This is not
63 correct and might even be a security problem. Try to catch as
64 many incorrect invocations as possible. */
66 || si
->si_pid
!= __getpid ()
67 || si
->si_code
!= SI_TKILL
)
70 result
= INTERNAL_SYSCALL_NCS (xidcmd
->syscall_no
, 3, xidcmd
->id
[0],
71 xidcmd
->id
[1], xidcmd
->id
[2]);
73 if (__glibc_unlikely (INTERNAL_SYSCALL_ERROR_P (result
)))
74 error
= INTERNAL_SYSCALL_ERRNO (result
);
75 setxid_error (xidcmd
, error
);
77 /* Reset the SETXID flag. */
78 struct pthread
*self
= THREAD_SELF
;
82 flags
= THREAD_GETMEM (self
, cancelhandling
);
83 newval
= THREAD_ATOMIC_CMPXCHG_VAL (self
, cancelhandling
,
84 flags
& ~SETXID_BITMASK
, flags
);
86 while (flags
!= newval
);
88 /* And release the futex. */
89 self
->setxid_futex
= 1;
90 futex_wake (&self
->setxid_futex
, 1, FUTEX_PRIVATE
);
92 if (atomic_decrement_val (&xidcmd
->cntr
) == 0)
93 futex_wake ((unsigned int *) &xidcmd
->cntr
, 1, FUTEX_PRIVATE
);
95 libc_hidden_def (__nptl_setxid_sighandler
)
98 setxid_mark_thread (struct xid_command
*cmdp
, struct pthread
*t
)
102 /* Wait until this thread is cloned. */
103 if (t
->setxid_futex
== -1
104 && ! atomic_compare_and_exchange_bool_acq (&t
->setxid_futex
, -2, -1))
106 futex_wait_simple (&t
->setxid_futex
, -2, FUTEX_PRIVATE
);
107 while (t
->setxid_futex
== -2);
109 /* Don't let the thread exit before the setxid handler runs. */
114 ch
= t
->cancelhandling
;
116 /* If the thread is exiting right now, ignore it. */
117 if ((ch
& EXITING_BITMASK
) != 0)
119 /* Release the futex if there is no other setxid in
121 if ((ch
& SETXID_BITMASK
) == 0)
124 futex_wake (&t
->setxid_futex
, 1, FUTEX_PRIVATE
);
129 while (atomic_compare_and_exchange_bool_acq (&t
->cancelhandling
,
130 ch
| SETXID_BITMASK
, ch
));
135 setxid_unmark_thread (struct xid_command
*cmdp
, struct pthread
*t
)
141 ch
= t
->cancelhandling
;
142 if ((ch
& SETXID_BITMASK
) == 0)
145 while (atomic_compare_and_exchange_bool_acq (&t
->cancelhandling
,
146 ch
& ~SETXID_BITMASK
, ch
));
148 /* Release the futex just in case. */
150 futex_wake (&t
->setxid_futex
, 1, FUTEX_PRIVATE
);
155 setxid_signal_thread (struct xid_command
*cmdp
, struct pthread
*t
)
157 if ((t
->cancelhandling
& SETXID_BITMASK
) == 0)
161 pid_t pid
= __getpid ();
162 val
= INTERNAL_SYSCALL_CALL (tgkill
, pid
, t
->tid
, SIGSETXID
);
164 /* If this failed, it must have had not started yet or else exited. */
165 if (!INTERNAL_SYSCALL_ERROR_P (val
))
167 atomic_increment (&cmdp
->cntr
);
176 __nptl_setxid (struct xid_command
*cmdp
)
180 lll_lock (GL (dl_stack_cache_lock
), LLL_PRIVATE
);
186 struct pthread
*self
= THREAD_SELF
;
188 /* Iterate over the list with system-allocated threads first. */
190 list_for_each (runp
, &GL (dl_stack_used
))
192 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
196 setxid_mark_thread (cmdp
, t
);
199 /* Now the list with threads using user-allocated stacks. */
200 list_for_each (runp
, &GL (dl_stack_user
))
202 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
206 setxid_mark_thread (cmdp
, t
);
209 /* Iterate until we don't succeed in signalling anyone. That means
210 we have gotten all running threads, and their children will be
211 automatically correct once started. */
216 list_for_each (runp
, &GL (dl_stack_used
))
218 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
222 signalled
+= setxid_signal_thread (cmdp
, t
);
225 list_for_each (runp
, &GL (dl_stack_user
))
227 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
231 signalled
+= setxid_signal_thread (cmdp
, t
);
234 int cur
= cmdp
->cntr
;
237 futex_wait_simple ((unsigned int *) &cmdp
->cntr
, cur
,
242 while (signalled
!= 0);
244 /* Clean up flags, so that no thread blocks during exit waiting
245 for a signal which will never come. */
246 list_for_each (runp
, &GL (dl_stack_used
))
248 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
252 setxid_unmark_thread (cmdp
, t
);
255 list_for_each (runp
, &GL (dl_stack_user
))
257 struct pthread
*t
= list_entry (runp
, struct pthread
, list
);
261 setxid_unmark_thread (cmdp
, t
);
264 /* This must be last, otherwise the current thread might not have
265 permissions to send SIGSETXID syscall to the other threads. */
266 result
= INTERNAL_SYSCALL_NCS (cmdp
->syscall_no
, 3,
267 cmdp
->id
[0], cmdp
->id
[1], cmdp
->id
[2]);
269 if (__glibc_unlikely (INTERNAL_SYSCALL_ERROR_P (result
)))
271 error
= INTERNAL_SYSCALL_ERRNO (result
);
275 setxid_error (cmdp
, error
);
277 lll_unlock (GL (dl_stack_cache_lock
), LLL_PRIVATE
);