Untitled

// SPDX-License-Identifier: GPL-2.0
/*
 * linux/kernel/futex_compat.c
 *
 * Futex compatibililty routines.
 *
 * Copyright 2006, Red Hat, Inc., Ingo Molnar
 */

#include <linux/linkage.h>
#include <linux/compat.h>
#include <linux/nsproxy.h>
#include <linux/futex.h>
#include <linux/ptrace.h>
#include <linux/syscalls.h>

#include <linux/uaccess.h>


/*
 * Fetch a robust-list pointer. Bit 0 signals PI futexes:
 */
static inline int
fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
           compat_uptr_t __user *head, unsigned int *pi)
{
    if (get_user(*uentry, head))
        return -EFAULT;

    *entry = compat_ptr((*uentry) & ~1);
    *pi = (unsigned int)(*uentry) & 1;

    return 0;
}

static void __user *futex_uaddr(struct robust_list __user *entry,
                compat_long_t futex_offset)
{
    compat_uptr_t base = ptr_to_compat(entry);
    void __user *uaddr = compat_ptr(base + futex_offset);

    return uaddr;
}

/*
 * Walk curr->robust_list (very carefully, it's a userspace list!)
 * and mark any locks found there dead, and notify any waiters.
 *
 * We silently return on any sign of list-walking problem.
 */
void compat_exit_robust_list(struct task_struct *curr)
{
    struct compat_robust_list_head __user *head = curr->compat_robust_list;
    struct robust_list __user *entry, *next_entry, *pending;
    unsigned int limit = ROBUST_LIST_LIMIT, pi, pip;
    unsigned int uninitialized_var(next_pi);
    compat_uptr_t uentry, next_uentry, upending;
    compat_long_t futex_offset;
    int rc;

    if (!futex_cmpxchg_enabled)
        return;

    /*
     * Fetch the list head (which was registered earlier, via
     * sys_set_robust_list()):
     */
    if (fetch_robust_entry(&uentry, &entry, &head->list.next, &pi))
        return;
    /*
     * Fetch the relative futex offset:
     */
    if (get_user(futex_offset, &head->futex_offset))
        return;
    /*
     * Fetch any possibly pending lock-add first, and handle it
     * if it exists:
     */
    if (fetch_robust_entry(&upending, &pending,
                   &head->list_op_pending, &pip))
        return;

    next_entry = NULL;  /* avoid warning with gcc */
    while (entry != (struct robust_list __user *) &head->list) {
        /*
         * Fetch the next entry in the list before calling
         * handle_futex_death:
         */
        rc = fetch_robust_entry(&next_uentry, &next_entry,
            (compat_uptr_t __user *)&entry->next, &next_pi);
        /*
         * A pending lock might already be on the list, so
         * dont process it twice:
         */
        if (entry != pending) {
            void __user *uaddr = futex_uaddr(entry, futex_offset);

            if (handle_futex_death(uaddr, curr, pi))
                return;
        }
        if (rc)
            return;
        uentry = next_uentry;
        entry = next_entry;
        pi = next_pi;
        /*
         * Avoid excessively long or circular lists:
         */
        if (!--limit)
            break;

        cond_resched();
    }
    if (pending) {
        void __user *uaddr = futex_uaddr(pending, futex_offset);

        handle_futex_death(uaddr, curr, pip);
    }
}

COMPAT_SYSCALL_DEFINE2(set_robust_list,
        struct compat_robust_list_head __user *, head,
        compat_size_t, len)
{
    if (!futex_cmpxchg_enabled)
        return -ENOSYS;

    if (unlikely(len != sizeof(*head)))
        return -EINVAL;

    current->compat_robust_list = head;

    return 0;
}

COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid,
            compat_uptr_t __user *, head_ptr,
            compat_size_t __user *, len_ptr)
{
    struct compat_robust_list_head __user *head;
    unsigned long ret;
    struct task_struct *p;

    if (!futex_cmpxchg_enabled)
        return -ENOSYS;

    rcu_read_lock();

    ret = -ESRCH;
    if (!pid)
        p = current;
    else {
        p = find_task_by_vpid(pid);
        if (!p)
            goto err_unlock;
    }

    ret = -EPERM;
    if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS))
        goto err_unlock;

    head = p->compat_robust_list;
    rcu_read_unlock();

    if (put_user(sizeof(*head), len_ptr))
        return -EFAULT;
    return put_user(ptr_to_compat(head), head_ptr);

err_unlock:
    rcu_read_unlock();

    return ret;
}

COMPAT_SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val,
        struct old_timespec32 __user *, utime, u32 __user *, uaddr2,
        u32, val3)
{
    struct timespec ts;
    ktime_t t, *tp = NULL;
    int val2 = 0;
    int cmd = op & FUTEX_CMD_MASK;

    if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI ||
              cmd == FUTEX_WAIT_BITSET ||
              cmd == FUTEX_WAIT_REQUEUE_PI)) {
        if (compat_get_timespec(&ts, utime))
            return -EFAULT;
        if (!timespec_valid(&ts))
            return -EINVAL;

        t = timespec_to_ktime(ts);
        if (cmd == FUTEX_WAIT)
            t = ktime_add_safe(ktime_get(), t);
        tp = &t;
    }
    if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
        cmd == FUTEX_CMP_REQUEUE_PI || cmd == FUTEX_WAKE_OP)
        val2 = (int) (unsigned long) utime;

    return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
}