diff options
Diffstat (limited to 'ipc/msg.c')
| -rw-r--r-- | ipc/msg.c | 37 |
1 files changed, 26 insertions, 11 deletions
diff --git a/ipc/msg.c b/ipc/msg.c index 114a21189613..3b6545302598 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -497,14 +497,14 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid, memset(p, 0, sizeof(*p)); rcu_read_lock(); - if (cmd == MSG_STAT) { + if (cmd == MSG_STAT || cmd == MSG_STAT_ANY) { msq = msq_obtain_object(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_unlock; } id = msq->q_perm.id; - } else { + } else { /* IPC_STAT */ msq = msq_obtain_object_check(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); @@ -512,9 +512,14 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid, } } - err = -EACCES; - if (ipcperms(ns, &msq->q_perm, S_IRUGO)) - goto out_unlock; + /* see comment for SHM_STAT_ANY */ + if (cmd == MSG_STAT_ANY) + audit_ipc_obj(&msq->q_perm); + else { + err = -EACCES; + if (ipcperms(ns, &msq->q_perm, S_IRUGO)) + goto out_unlock; + } err = security_msg_queue_msgctl(&msq->q_perm, cmd); if (err) @@ -532,6 +537,11 @@ static int msgctl_stat(struct ipc_namespace *ns, int msqid, p->msg_stime = msq->q_stime; p->msg_rtime = msq->q_rtime; p->msg_ctime = msq->q_ctime; +#ifndef CONFIG_64BIT + p->msg_stime_high = msq->q_stime >> 32; + p->msg_rtime_high = msq->q_rtime >> 32; + p->msg_ctime_high = msq->q_ctime >> 32; +#endif p->msg_cbytes = msq->q_cbytes; p->msg_qnum = msq->q_qnum; p->msg_qbytes = msq->q_qbytes; @@ -572,6 +582,7 @@ long ksys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf) return err; } case MSG_STAT: /* msqid is an index rather than a msg queue id */ + case MSG_STAT_ANY: case IPC_STAT: err = msgctl_stat(ns, msqid, cmd, &msqid64); if (err < 0) @@ -640,9 +651,12 @@ static int copy_compat_msqid_to_user(void __user *buf, struct msqid64_ds *in, struct compat_msqid64_ds v; memset(&v, 0, sizeof(v)); to_compat_ipc64_perm(&v.msg_perm, &in->msg_perm); - v.msg_stime = in->msg_stime; - v.msg_rtime = in->msg_rtime; - v.msg_ctime = in->msg_ctime; + v.msg_stime = lower_32_bits(in->msg_stime); + v.msg_stime_high = upper_32_bits(in->msg_stime); + v.msg_rtime = lower_32_bits(in->msg_rtime); + v.msg_rtime_high = upper_32_bits(in->msg_rtime); + v.msg_ctime = lower_32_bits(in->msg_ctime); + v.msg_ctime_high = upper_32_bits(in->msg_ctime); v.msg_cbytes = in->msg_cbytes; v.msg_qnum = in->msg_qnum; v.msg_qbytes = in->msg_qbytes; @@ -690,6 +704,7 @@ long compat_ksys_msgctl(int msqid, int cmd, void __user *uptr) } case IPC_STAT: case MSG_STAT: + case MSG_STAT_ANY: err = msgctl_stat(ns, msqid, cmd, &msqid64); if (err < 0) return err; @@ -751,7 +766,7 @@ static inline int pipelined_send(struct msg_queue *msq, struct msg_msg *msg, WRITE_ONCE(msr->r_msg, ERR_PTR(-E2BIG)); } else { ipc_update_pid(&msq->q_lrpid, task_pid(msr->r_tsk)); - msq->q_rtime = get_seconds(); + msq->q_rtime = ktime_get_real_seconds(); wake_q_add(wake_q, msr->r_tsk); WRITE_ONCE(msr->r_msg, msg); @@ -852,7 +867,7 @@ static long do_msgsnd(int msqid, long mtype, void __user *mtext, } ipc_update_pid(&msq->q_lspid, task_tgid(current)); - msq->q_stime = get_seconds(); + msq->q_stime = ktime_get_real_seconds(); if (!pipelined_send(msq, msg, &wake_q)) { /* no one is waiting for this message, enqueue it */ @@ -1080,7 +1095,7 @@ static long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, in list_del(&msg->m_list); msq->q_qnum--; - msq->q_rtime = get_seconds(); + msq->q_rtime = ktime_get_real_seconds(); ipc_update_pid(&msq->q_lrpid, task_tgid(current)); msq->q_cbytes -= msg->m_ts; atomic_sub(msg->m_ts, &ns->msg_bytes); |
