search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmaengine/amba-pl08x: Call pl08x_free_txd() instead of calling kfree() directly
[linux-2.6.git] / kernel / groups.c
blob1cc476d52dd3b6e477ebd2d70a0d97b61219f189
1 /*
2 * Supplementary group IDs
3 */
4 #include <linux/cred.h>
5 #include <linux/module.h>
6 #include <linux/slab.h>
7 #include <linux/security.h>
8 #include <linux/syscalls.h>
9 #include <asm/uaccess.h>
10
11 /* init to 2 - one for init_task, one to ensure it is never freed */
12 struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
13
14 struct group_info *groups_alloc(int gidsetsize)
15 {
16 struct group_info *group_info;
17 int nblocks;
18 int i;
19
20 nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
21 /* Make sure we always allocate at least one indirect block pointer */
22 nblocks = nblocks ? : 1;
23 group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
24 if (!group_info)
25 return NULL;
26 group_info->ngroups = gidsetsize;
27 group_info->nblocks = nblocks;
28 atomic_set(&group_info->usage, 1);
29
30 if (gidsetsize <= NGROUPS_SMALL)
31 group_info->blocks[0] = group_info->small_block;
32 else {
33 for (i = 0; i < nblocks; i++) {
34 gid_t *b;
35 b = (void *)__get_free_page(GFP_USER);
36 if (!b)
37 goto out_undo_partial_alloc;
38 group_info->blocks[i] = b;
39 }
40 }
41 return group_info;
42
43 out_undo_partial_alloc:
44 while (--i >= 0) {
45 free_page((unsigned long)group_info->blocks[i]);
46 }
47 kfree(group_info);
48 return NULL;
49 }
50
51 EXPORT_SYMBOL(groups_alloc);
52
53 void groups_free(struct group_info *group_info)
54 {
55 if (group_info->blocks[0] != group_info->small_block) {
56 int i;
57 for (i = 0; i < group_info->nblocks; i++)
58 free_page((unsigned long)group_info->blocks[i]);
59 }
60 kfree(group_info);
61 }
62
63 EXPORT_SYMBOL(groups_free);
64
65 /* export the group_info to a user-space array */
66 static int groups_to_user(gid_t __user *grouplist,
67 const struct group_info *group_info)
68 {
69 int i;
70 unsigned int count = group_info->ngroups;
71
72 for (i = 0; i < group_info->nblocks; i++) {
73 unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
74 unsigned int len = cp_count * sizeof(*grouplist);
75
76 if (copy_to_user(grouplist, group_info->blocks[i], len))
77 return -EFAULT;
78
79 grouplist += NGROUPS_PER_BLOCK;
80 count -= cp_count;
81 }
82 return 0;
83 }
84
85 /* fill a group_info from a user-space array - it must be allocated already */
86 static int groups_from_user(struct group_info *group_info,
87 gid_t __user *grouplist)
88 {
89 int i;
90 unsigned int count = group_info->ngroups;
91
92 for (i = 0; i < group_info->nblocks; i++) {
93 unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
94 unsigned int len = cp_count * sizeof(*grouplist);
95
96 if (copy_from_user(group_info->blocks[i], grouplist, len))
97 return -EFAULT;
98
99 grouplist += NGROUPS_PER_BLOCK;
100 count -= cp_count;
101 }
102 return 0;
103 }
104
105 /* a simple Shell sort */
106 static void groups_sort(struct group_info *group_info)
107 {
108 int base, max, stride;
109 int gidsetsize = group_info->ngroups;
110
111 for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
112 ; /* nothing */
113 stride /= 3;
114
115 while (stride) {
116 max = gidsetsize - stride;
117 for (base = 0; base < max; base++) {
118 int left = base;
119 int right = left + stride;
120 gid_t tmp = GROUP_AT(group_info, right);
121
122 while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
123 GROUP_AT(group_info, right) =
124 GROUP_AT(group_info, left);
125 right = left;
126 left -= stride;
127 }
128 GROUP_AT(group_info, right) = tmp;
129 }
130 stride /= 3;
131 }
132 }
133
134 /* a simple bsearch */
135 int groups_search(const struct group_info *group_info, gid_t grp)
136 {
137 unsigned int left, right;
138
139 if (!group_info)
140 return 0;
141
142 left = 0;
143 right = group_info->ngroups;
144 while (left < right) {
145 unsigned int mid = (left+right)/2;
146 if (grp > GROUP_AT(group_info, mid))
147 left = mid + 1;
148 else if (grp < GROUP_AT(group_info, mid))
149 right = mid;
150 else
151 return 1;
152 }
153 return 0;
154 }
155
156 /**
157 * set_groups - Change a group subscription in a set of credentials
158 * @new: The newly prepared set of credentials to alter
159 * @group_info: The group list to install
160 *
161 * Validate a group subscription and, if valid, insert it into a set
162 * of credentials.
163 */
164 int set_groups(struct cred *new, struct group_info *group_info)
165 {
166 put_group_info(new->group_info);
167 groups_sort(group_info);
168 get_group_info(group_info);
169 new->group_info = group_info;
170 return 0;
171 }
172
173 EXPORT_SYMBOL(set_groups);
174
175 /**
176 * set_current_groups - Change current's group subscription
177 * @group_info: The group list to impose
178 *
179 * Validate a group subscription and, if valid, impose it upon current's task
180 * security record.
181 */
182 int set_current_groups(struct group_info *group_info)
183 {
184 struct cred *new;
185 int ret;
186
187 new = prepare_creds();
188 if (!new)
189 return -ENOMEM;
190
191 ret = set_groups(new, group_info);
192 if (ret < 0) {
193 abort_creds(new);
194 return ret;
195 }
196
197 return commit_creds(new);
198 }
199
200 EXPORT_SYMBOL(set_current_groups);
201
202 SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
203 {
204 const struct cred *cred = current_cred();
205 int i;
206
207 if (gidsetsize < 0)
208 return -EINVAL;
209
210 /* no need to grab task_lock here; it cannot change */
211 i = cred->group_info->ngroups;
212 if (gidsetsize) {
213 if (i > gidsetsize) {
214 i = -EINVAL;
215 goto out;
216 }
217 if (groups_to_user(grouplist, cred->group_info)) {
218 i = -EFAULT;
219 goto out;
220 }
221 }
222 out:
223 return i;
224 }
225
226 /*
227 * SMP: Our groups are copy-on-write. We can set them safely
228 * without another task interfering.
229 */
230
231 SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
232 {
233 struct group_info *group_info;
234 int retval;
235
236 if (!nsown_capable(CAP_SETGID))
237 return -EPERM;
238 if ((unsigned)gidsetsize > NGROUPS_MAX)
239 return -EINVAL;
240
241 group_info = groups_alloc(gidsetsize);
242 if (!group_info)
243 return -ENOMEM;
244 retval = groups_from_user(group_info, grouplist);
245 if (retval) {
246 put_group_info(group_info);
247 return retval;
248 }
249
250 retval = set_current_groups(group_info);
251 put_group_info(group_info);
252
253 return retval;
254 }
255
256 /*
257 * Check whether we're fsgid/egid or in the supplemental group..
258 */
259 int in_group_p(gid_t grp)
260 {
261 const struct cred *cred = current_cred();
262 int retval = 1;
263
264 if (grp != cred->fsgid)
265 retval = groups_search(cred->group_info, grp);
266 return retval;
267 }
268
269 EXPORT_SYMBOL(in_group_p);
270
271 int in_egroup_p(gid_t grp)
272 {
273 const struct cred *cred = current_cred();
274 int retval = 1;
275
276 if (grp != cred->egid)
277 retval = groups_search(cred->group_info, grp);
278 return retval;
279 }
280
281 EXPORT_SYMBOL(in_egroup_p);
Linus' kernel tree