ACCESS DENIEDstruct group_info init_groups = { .usage = ATOMIC_INIT(2) };

1. ACCESS DENIED
2. struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
3.  
4. struct group_info *groups_alloc(int gidsetsize){
5.     struct group_info *group_info;
6.     int nblocks;
7.     int i;
8.  
9.  
10.     nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
11.     /* Make sure we always allocate at least one indirect block pointer */
12.     nblocks = nblocks ? : 1;
13.     group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
14.     if (!group_info)
15.         return NULL;
16.  
17.     group_info->ngroups = gidsetsize;
18.     group_info->nblocks = nblocks;
19.     atomic_set(&group_info->usage, 1);
20.  
21.     if (gidsetsize <= NGROUPS_SMALL)
22.         group_info->blocks[0] = group_info->small_block;
23.     else {
24.         for (i = 0; i < nblocks; i++) {
25.             gid_t *b;
26.             b = (void *)__get_free_page(GFP_USER);
27.             if (!b)
28.                 goto out_undo_partial_alloc;
29.             group_info->blocks[i] = b;
30.         }
31.     }
32.     return group_info;
33.  
34.  
35. out_undo_partial_alloc:
36.  
37.     while (--i >= 0) {
38.  
39.         free_page((unsigned long)group_info->blocks[i]);
40.  
41.     }
42.  
43.     kfree(group_info);
44.  
45.     return NULL;
46.  
47. }
48.  
49.  
50.  
51. EXPORT_SYMBOL(groups_alloc);
52.  
53.  
54.  
55. void groups_free(struct group_info *group_info)
56.  
57. {
58.  
59.     if (group_info->blocks[0] != group_info->small_block) {
60.  
61.         int i;
62.  
63.         for (i = 0; i < group_info->nblocks; i++)
64.  
65.             free_page((unsigned long)group_info->blocks[i]);
66.  
67.     }
68.  
69.     kfree(group_info);
70.  
71. }
72.  
73.  
74.  
75. EXPORT_SYMBOL(groups_free);
76.  
77.  
78.  
79. /* export the group_info to a user-space array */
80.  
81. static int groups_to_user(gid_t __user *grouplist,
82.  
83.               const struct group_info *group_info)
84.  
85. {
86.  
87.     int i;
88.  
89.     unsigned int count = group_info->ngroups;
90.  
91.  
92.  
93.     for (i = 0; i < group_info->nblocks; i++) {
94.  
95.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
96.  
97.         unsigned int len = cp_count * sizeof(*grouplist);
98.  
99.  
100.  
101.         if (copy_to_user(grouplist, group_info->blocks[i], len))
102.  
103.             return -EFAULT;
104.  
105.  
106.  
107.         grouplist += NGROUPS_PER_BLOCK;
108.  
109.         count -= cp_count;
110.  
111.     }
112.  
113.     return 0;
114.  
115. }
116.  
117.  
118.  
119. /* fill a group_info from a user-space array - it must be allocated already */
120.  
121. static int groups_from_user(struct group_info *group_info,
122.  
123.     gid_t __user *grouplist)
124.  
125. {
126.  
127.     int i;
128.  
129.     unsigned int count = group_info->ngroups;
130.  
131.  
132.  
133.     for (i = 0; i < group_info->nblocks; i++) {
134.  
135.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
136.  
137.         unsigned int len = cp_count * sizeof(*grouplist);
138.  
139.  
140.  
141.         if (copy_from_user(group_info->blocks[i], grouplist, len))
142.  
143.             return -EFAULT;
144.  
145.  
146.  
147.         grouplist += NGROUPS_PER_BLOCK;
148.  
149.         count -= cp_count;
150.  
151.     }
152.  
153.     return 0;
154.  
155. }
156.  
157.  
158.  
159. /* a simple Shell sort */
160.  
161. static void groups_sort(struct group_info *group_info)
162.  
163. {
164.  
165.     int base, max, stride;
166.  
167.     int gidsetsize = group_info->ngroups;
168.  
169.  
170.  
171.     for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
172.  
173.         ; /* nothing */
174.  
175.     stride /= 3;
176.  
177.  
178.  
179.     while (stride) {
180.  
181.         max = gidsetsize - stride;
182.  
183.         for (base = 0; base < max; base++) {
184.  
185.             int left = base;
186.  
187.             int right = left + stride;
188.  
189.             gid_t tmp = GROUP_AT(group_info, right);
190.  
191.  
192.  
193.             while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
194.  
195.                 GROUP_AT(group_info, right) =
196.  
197.                     GROUP_AT(group_info, left);
198.  
199.                 right = left;
200.  
201.                 left -= stride;
202.  
203.             }
204.  
205.             GROUP_AT(group_info, right) = tmp;
206.  
207.         }
208.  
209.         stride /= 3;
210.  
211.     }
212.  
213. }
214.  
215.  
216.  
217. /* a simple bsearch */
218.  
219. int groups_search(const struct group_info *group_info, gid_t grp)
220.  
221. {
222.  
223.     unsigned int left, right;
224.  
225.  
226.  
227.     if (!group_info)
228.  
229.         return 0;
230.  
231.  
232.  
233.     left = 0;
234.  
235.     right = group_info->ngroups;
236.  
237.     while (left < right) {
238.  
239.         unsigned int mid = left + (right - left)/2;
240.  
241.         if (grp > GROUP_AT(group_info, mid))
242.  
243.             left = mid + 1;
244.  
245.         else if (grp < GROUP_AT(group_info, mid))
246.  
247.             right = mid;
248.  
249.         else
250.  
251.             return 1;
252.  
253.     }
254.  
255.     return 0;
256.  
257. }
258.  
259.  
260.  
261. /**
262.  
263.  * set_groups - Change a group subscription in a set of credentials
264.  
265.  * @new: The newly prepared set of credentials to alter
266.  
267.  * @group_info: The group list to install
268.  
269.  *
270.  
271.  * Validate a group subscription and, if valid, insert it into a set
272.  
273.  * of credentials.
274.  
275.  */
276.  
277. int set_groups(struct cred *new, struct group_info *group_info)
278.  
279. {
280.  
281.     put_group_info(new->group_info);
282.  
283.     groups_sort(group_info);
284.  
285.     get_group_info(group_info);
286.  
287.     new->group_info = group_info;
288.  
289.     return 0;
290.  
291. }
292.  
293.  
294.  
295. EXPORT_SYMBOL(set_groups);
296.  
297.  
298.  
299. /**
300.  
301.  * set_current_groups - Change current's group subscription
302.  
303.  * @group_info: The group list to impose
304.  
305.  *
306.  
307.  * Validate a group subscription and, if valid, impose it upon current's task
308.  
309.  * security record.
310.  
311.  */
312.  
313. int set_current_groups(struct group_info *group_info)
314.  
315. {
316.  
317.     struct cred *new;
318.  
319.     int ret;
320.  
321.  
322.  
323.     new = prepare_creds();
324.  
325.     if (!new)
326.  
327.         return -ENOMEM;
328.  
329.  
330.  
331.     ret = set_groups(new, group_info);
332.  
333.     if (ret < 0) {
334.  
335.         abort_creds(new);
336.  
337.         return ret;
338.  
339.     }
340.  
341.  
342.  
343.     return commit_creds(new);
344.  
345. }
346.  
347.  
348.  
349. EXPORT_SYMBOL(set_current_groups);
350.  
351.  
352.  
353. SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
354.  
355. {
356.  
357.     const struct cred *cred = current_cred();
358.  
359.     int i;
360.  
361.  
362.  
363.     if (gidsetsize < 0)
364.  
365.         return -EINVAL;
366.  
367.  
368.  
369.     /* no need to grab task_lock here; it cannot change */
370.  
371.     i = cred->group_info->ngroups;
372.  
373.     if (gidsetsize) {
374.  
375.         if (i > gidsetsize) {
376.  
377.             i = -EINVAL;
378.  
379.             goto out;
380.  
381.         }
382.  
383.         if (groups_to_user(grouplist, cred->group_info)) {
384.  
385.             i = -EFAULT;
386.  
387.             goto out;
388.  
389.         }
390.  
391.     }
392.  
393. out:
394.  
395.     return i;
396.  
397. }
398.  
399.  
400.  
401. /*
402.  
403.  *    SMP: Our groups are copy-on-write. We can set them safely
404.  
405.  *    without another task interfering.
406.  
407.  */
408.  
409.  
410.  
411. SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
412.  
413. {
414.  
415.     struct group_info *group_info;
416.  
417.     int retval;
418.  
419.  
420.  
421.     if (!nsown_capable(CAP_SETGID))
422.  
423.         return -EPERM;
424.  
425.     if ((unsigned)gidsetsize > NGROUPS_MAX)
426.  
427.         return -EINVAL;
428.  
429.  
430.  
431.     group_info = groups_alloc(gidsetsize);
432.  
433.     if (!group_info)
434.  
435.         return -ENOMEM;
436.  
437.     retval = groups_from_user(group_info, grouplist);
438.  
439.     if (retval) {
440.  
441.         put_group_info(group_info);
442.  
443.         return retval;
444.  
445.     }
446.  
447.  
448.  
449.     retval = set_current_groups(group_info);
450.  
451.     put_group_info(group_info);
452.  
453.  
454.  
455.     return retval;
456.  
457. }
458.  
459.  
460.  
461. /*
462.  
463.  * Check whether we're fsgid/egid or in the supplemental group..
464.  
465.  */
466.  
467. int in_group_p(gid_t grp)
468.  
469. {
470.  
471.     const struct cred *cred = current_cred();
472.  
473.     int retval = 1;
474.  
475.  
476.  
477.     if (grp != cred->fsgid)
478.  
479.         retval = groups_search(cred->group_info, grp);
480.  
481.     return retval;
482.  
483. }
484.  
485.  
486.  
487. EXPORT_SYMBOL(in_group_p);
488.  
489.  
490.  
491. int in_egroup_p(gid_t grp)
492.  
493. {
494.  
495.     const struct cred *cred = current_cred();
496.  
497.     int retval = 1;
498.  
499.  
500.  
501.     if (grp != cred->egid)
502.  
503.         retval = groups_search(cred->group_info, grp);
504.  
505.     return retval;
506.  
507. }