X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fbus-kernel.c;h=6ee3f92832200ab555b6949bce26f8a81f130e50;hp=98fd4fd3ec60a72841ab70c17fa3bac948eb1524;hb=7d9fcc2bf6869993e5f38d5eb183fb59e8a52816;hpb=77adde638217112c9e080035197a76f4dc4af700 diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index 98fd4fd3e..6ee3f9283 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -32,6 +32,7 @@ #include "util.h" #include "strv.h" #include "memfd-util.h" +#include "capability.h" #include "cgroup-util.h" #include "fileio.h" @@ -294,8 +295,8 @@ static int bus_message_setup_kmsg(sd_bus *b, sd_bus_message *m) { memzero(m->kdbus, sz); m->kdbus->flags = - ((m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) ? 0 : KDBUS_MSG_FLAGS_EXPECT_REPLY) | - ((m->header->flags & BUS_MESSAGE_NO_AUTO_START) ? KDBUS_MSG_FLAGS_NO_AUTO_START : 0); + ((m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) ? 0 : KDBUS_MSG_EXPECT_REPLY) | + ((m->header->flags & BUS_MESSAGE_NO_AUTO_START) ? KDBUS_MSG_NO_AUTO_START : 0); if (well_known) /* verify_destination_id will usually be 0, which makes the kernel driver only look @@ -553,22 +554,17 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { case KDBUS_ITEM_PIDS: - /* The PID starttime/TID might be missing, - * when the data is faked by some data bus - * proxy and it lacks that information about - * the real client since SO_PEERCRED is used - * for that. */ + /* The PID/TID might be missing, when the data + * is faked by some data bus proxy and it + * lacks that information about the real + * client since SO_PEERCRED is used for + * that. */ if (d->pids.pid > 0) { m->creds.pid = (pid_t) d->pids.pid; m->creds.mask |= SD_BUS_CREDS_PID & bus->creds_mask; } - if (d->pids.starttime > 0) { - m->creds.pid_starttime = d->pids.starttime / NSEC_PER_USEC; - m->creds.mask |= SD_BUS_CREDS_PID_STARTTIME & bus->creds_mask; - } - if (d->pids.tid > 0) { m->creds.tid = (pid_t) d->pids.tid; m->creds.mask |= SD_BUS_CREDS_TID & bus->creds_mask; @@ -678,8 +674,13 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { break; case KDBUS_ITEM_CAPS: - m->creds.capability = (uint8_t *) d->caps.caps; - m->creds.capability_size = d->size - offsetof(struct kdbus_item, caps.caps); + if (d->caps.last_cap != cap_last_cap() || + d->size - offsetof(struct kdbus_item, caps.caps) < DIV_ROUND_UP(d->caps.last_cap, 32U) * 4 * 4) { + r = -EBADMSG; + goto fail; + } + + m->creds.capability = d->caps.caps; m->creds.mask |= (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS) & bus->creds_mask; break; @@ -749,7 +750,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { /* If we requested the list of well-known names to be appended * and the sender had none no item for it will be - * attached. However, this does *not* mean that we the kernel + * attached. However, this does *not* mean that the kernel * didn't want to provide this information to us. Hence, let's * explicitly mark this information as available if it was * requested. */ @@ -766,7 +767,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { } /* Refuse messages where the reply flag doesn't match up */ - if (!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) != !!(k->flags & KDBUS_MSG_FLAGS_EXPECT_REPLY)) { + if (!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) != !!(k->flags & KDBUS_MSG_EXPECT_REPLY)) { r = -EBADMSG; goto fail; } @@ -778,7 +779,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { } /* Refuse messages where the autostart flag doesn't match up */ - if (!(m->header->flags & BUS_MESSAGE_NO_AUTO_START) != !(k->flags & KDBUS_MSG_FLAGS_NO_AUTO_START)) { + if (!(m->header->flags & BUS_MESSAGE_NO_AUTO_START) != !(k->flags & KDBUS_MSG_NO_AUTO_START)) { r = -EBADMSG; goto fail; } @@ -820,7 +821,13 @@ fail: } int bus_kernel_take_fd(sd_bus *b) { + struct kdbus_cmd_free cmd_free = { + .size = sizeof(cmd_free), + .flags = 0, + }; + struct kdbus_bloom_parameter *bloom = NULL; struct kdbus_cmd_hello *hello; + struct kdbus_item_list *items; struct kdbus_item *item; _cleanup_free_ char *g = NULL; const char *name; @@ -933,23 +940,40 @@ int bus_kernel_take_fd(sd_bus *b) { b->kdbus_buffer = mmap(NULL, KDBUS_POOL_SIZE, PROT_READ, MAP_SHARED, b->input_fd, 0); if (b->kdbus_buffer == MAP_FAILED) { b->kdbus_buffer = NULL; - return -errno; + r = -errno; + goto fail; } } /* The higher 32bit of the bus_flags fields are considered * 'incompatible flags'. Refuse them all for now. */ - if (hello->bus_flags > 0xFFFFFFFFULL) - return -ENOTSUP; + if (hello->bus_flags > 0xFFFFFFFFULL) { + r = -ENOTSUP; + goto fail; + } - if (!bloom_validate_parameters((size_t) hello->bloom.size, (unsigned) hello->bloom.n_hash)) - return -ENOTSUP; + /* extract bloom parameters from items */ + items = (void*)((uint8_t*)b->kdbus_buffer + hello->offset); + KDBUS_ITEM_FOREACH(item, items, items) { + switch (item->type) { + case KDBUS_ITEM_BLOOM_PARAMETER: + bloom = &item->bloom_parameter; + break; + } + } + + if (!bloom || !bloom_validate_parameters((size_t) bloom->size, (unsigned) bloom->n_hash)) { + r = -ENOTSUP; + goto fail; + } - b->bloom_size = (size_t) hello->bloom.size; - b->bloom_n_hash = (unsigned) hello->bloom.n_hash; + b->bloom_size = (size_t) bloom->size; + b->bloom_n_hash = (unsigned) bloom->n_hash; - if (asprintf(&b->unique_name, ":1.%llu", (unsigned long long) hello->id) < 0) - return -ENOMEM; + if (asprintf(&b->unique_name, ":1.%llu", (unsigned long long) hello->id) < 0) { + r = -ENOMEM; + goto fail; + } b->unique_id = hello->id; @@ -962,7 +986,15 @@ int bus_kernel_take_fd(sd_bus *b) { /* the kernel told us the UUID of the underlying bus */ memcpy(b->server_id.bytes, hello->id128, sizeof(b->server_id.bytes)); + /* free returned items */ + (void) bus_kernel_cmd_free(b, hello->offset); + return bus_start_running(b); + +fail: + cmd_free.offset = hello->offset; + (void) ioctl(b->input_fd, KDBUS_CMD_FREE, &cmd_free); + return r; } int bus_kernel_connect(sd_bus *b) { @@ -985,6 +1017,7 @@ int bus_kernel_connect(sd_bus *b) { int bus_kernel_cmd_free(sd_bus *bus, uint64_t offset) { struct kdbus_cmd_free cmd = { + .size = sizeof(cmd), .flags = 0, .offset = offset, }; @@ -1017,6 +1050,7 @@ static void close_kdbus_msg(sd_bus *bus, struct kdbus_msg *k) { } int bus_kernel_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call) { + struct kdbus_cmd_send cmd = { }; int r; assert(bus); @@ -1032,15 +1066,20 @@ int bus_kernel_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call if (r < 0) return r; + cmd.size = sizeof(cmd); + cmd.msg_address = (uintptr_t)m->kdbus; + /* If this is a synchronous method call, then let's tell the * kernel, so that it can pass CPU time/scheduling to the * destination for the time, if it wants to. If we * synchronously wait for the result anyway, we won't need CPU * anyway. */ - if (hint_sync_call) - m->kdbus->flags |= KDBUS_MSG_FLAGS_EXPECT_REPLY|KDBUS_MSG_FLAGS_SYNC_REPLY; + if (hint_sync_call) { + m->kdbus->flags |= KDBUS_MSG_EXPECT_REPLY; + cmd.flags |= KDBUS_SEND_SYNC_REPLY; + } - r = ioctl(bus->output_fd, KDBUS_CMD_MSG_SEND, m->kdbus); + r = ioctl(bus->output_fd, KDBUS_CMD_SEND, &cmd); if (r < 0) { _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; sd_bus_message *reply; @@ -1090,7 +1129,7 @@ int bus_kernel_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call } else if (hint_sync_call) { struct kdbus_msg *k; - k = (struct kdbus_msg *)((uint8_t *)bus->kdbus_buffer + m->kdbus->offset_reply); + k = (struct kdbus_msg *)((uint8_t *)bus->kdbus_buffer + cmd.reply.offset); assert(k); if (k->payload_type == KDBUS_PAYLOAD_DBUS) { @@ -1234,6 +1273,9 @@ static int bus_kernel_translate_message(sd_bus *bus, struct kdbus_msg *k) { assert(k->payload_type == KDBUS_PAYLOAD_KERNEL); KDBUS_ITEM_FOREACH(d, k, items) { + if (d->type == KDBUS_ITEM_TIMESTAMP) + continue; + if (d->type >= _KDBUS_ITEM_KERNEL_BASE && d->type < _KDBUS_ITEM_KERNEL_BASE + ELEMENTSOF(translate)) { if (found) return -EBADMSG; @@ -1251,7 +1293,7 @@ static int bus_kernel_translate_message(sd_bus *bus, struct kdbus_msg *k) { } int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority) { - struct kdbus_cmd_recv recv = {}; + struct kdbus_cmd_recv recv = { .size = sizeof(recv) }; struct kdbus_msg *k; int r; @@ -1266,7 +1308,7 @@ int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority) { recv.priority = priority; } - r = ioctl(bus->input_fd, KDBUS_CMD_MSG_RECV, &recv); + r = ioctl(bus->input_fd, KDBUS_CMD_RECV, &recv); if (r < 0) { if (errno == EAGAIN) return 0; @@ -1279,7 +1321,7 @@ int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority) { return -errno; } - k = (struct kdbus_msg *)((uint8_t *)bus->kdbus_buffer + recv.offset); + k = (struct kdbus_msg *)((uint8_t *)bus->kdbus_buffer + recv.reply.offset); if (k->payload_type == KDBUS_PAYLOAD_DBUS) { r = bus_kernel_make_message(bus, k); @@ -1421,7 +1463,7 @@ uint64_t attach_flags_to_kdbus(uint64_t mask) { SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID)) m |= KDBUS_ATTACH_CREDS; - if (mask & (SD_BUS_CREDS_PID|SD_BUS_CREDS_PID_STARTTIME|SD_BUS_CREDS_TID)) + if (mask & (SD_BUS_CREDS_PID|SD_BUS_CREDS_TID)) m |= KDBUS_ATTACH_PIDS; if (mask & SD_BUS_CREDS_COMM) @@ -1477,6 +1519,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { make = alloca0_align(offsetof(struct kdbus_cmd_make, items) + ALIGN8(offsetof(struct kdbus_item, bloom_parameter) + sizeof(struct kdbus_bloom_parameter)) + ALIGN8(offsetof(struct kdbus_item, data64) + sizeof(uint64_t)) + + ALIGN8(offsetof(struct kdbus_item, data64) + sizeof(uint64_t)) + ALIGN8(offsetof(struct kdbus_item, str) + DECIMAL_STR_MAX(uid_t) + 1 + l + 1), 8); @@ -1503,6 +1546,13 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { n->data64[0] = _KDBUS_ATTACH_ANY; make->size += ALIGN8(n->size); + /* Provide all metadata via bus-owner queries */ + n = KDBUS_ITEM_NEXT(n); + n->type = KDBUS_ITEM_ATTACH_FLAGS_SEND; + n->size = offsetof(struct kdbus_item, data64) + sizeof(uint64_t); + n->data64[0] = _KDBUS_ATTACH_ANY; + make->size += ALIGN8(n->size); + /* Set the a good name */ n = KDBUS_ITEM_NEXT(n); sprintf(n->str, UID_FMT "-%s", getuid(), name); @@ -1532,69 +1582,6 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { return fd; } -static int bus_kernel_translate_access(BusPolicyAccess access) { - assert(access >= 0); - assert(access < _BUS_POLICY_ACCESS_MAX); - - switch (access) { - - case BUS_POLICY_ACCESS_SEE: - return KDBUS_POLICY_SEE; - - case BUS_POLICY_ACCESS_TALK: - return KDBUS_POLICY_TALK; - - case BUS_POLICY_ACCESS_OWN: - return KDBUS_POLICY_OWN; - - default: - assert_not_reached("Unknown policy access"); - } -} - -static int bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item) { - int r; - - assert(policy); - assert(item); - - switch (policy->type) { - - case BUSNAME_POLICY_TYPE_USER: { - const char *user = policy->name; - uid_t uid; - - r = get_user_creds(&user, &uid, NULL, NULL, NULL); - if (r < 0) - return r; - - item->policy_access.type = KDBUS_POLICY_ACCESS_USER; - item->policy_access.id = uid; - break; - } - - case BUSNAME_POLICY_TYPE_GROUP: { - const char *group = policy->name; - gid_t gid; - - r = get_group_creds(&group, &gid); - if (r < 0) - return r; - - item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP; - item->policy_access.id = gid; - break; - } - - default: - assert_not_reached("Unknown policy type"); - } - - item->policy_access.access = bus_kernel_translate_access(policy->access); - - return 0; -} - int bus_kernel_open_bus_fd(const char *bus, char **path) { char *p; int fd; @@ -1671,126 +1658,6 @@ int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char * return fd; } -int bus_kernel_set_endpoint_policy(int fd, uid_t uid, BusEndpoint *ep) { - - struct kdbus_cmd_update *update; - struct kdbus_item *n; - BusEndpointPolicy *po; - Iterator i; - size_t size; - int r; - - size = ALIGN8(offsetof(struct kdbus_cmd_update, items)); - - HASHMAP_FOREACH(po, ep->policy_hash, i) { - size += ALIGN8(offsetof(struct kdbus_item, str) + strlen(po->name) + 1); - size += ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access)); - } - - update = alloca0_align(size, 8); - update->size = size; - - n = update->items; - - HASHMAP_FOREACH(po, ep->policy_hash, i) { - n->type = KDBUS_ITEM_NAME; - n->size = offsetof(struct kdbus_item, str) + strlen(po->name) + 1; - strcpy(n->str, po->name); - n = KDBUS_ITEM_NEXT(n); - - n->type = KDBUS_ITEM_POLICY_ACCESS; - n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - - n->policy_access.type = KDBUS_POLICY_ACCESS_USER; - n->policy_access.access = bus_kernel_translate_access(po->access); - n->policy_access.id = uid; - - n = KDBUS_ITEM_NEXT(n); - } - - r = ioctl(fd, KDBUS_CMD_ENDPOINT_UPDATE, update); - if (r < 0) - return -errno; - - return 0; -} - -int bus_kernel_make_starter( - int fd, - const char *name, - bool activating, - bool accept_fd, - BusNamePolicy *policy, - BusPolicyAccess world_policy) { - - struct kdbus_cmd_hello *hello; - struct kdbus_item *n; - size_t policy_cnt = 0; - BusNamePolicy *po; - size_t size; - int r; - - assert(fd >= 0); - assert(name); - - LIST_FOREACH(policy, po, policy) - policy_cnt++; - - if (world_policy >= 0) - policy_cnt++; - - size = offsetof(struct kdbus_cmd_hello, items) + - ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) + - policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access)); - - hello = alloca0_align(size, 8); - - n = hello->items; - strcpy(n->str, name); - n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1; - n->type = KDBUS_ITEM_NAME; - n = KDBUS_ITEM_NEXT(n); - - LIST_FOREACH(policy, po, policy) { - n->type = KDBUS_ITEM_POLICY_ACCESS; - n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - - r = bus_kernel_translate_policy(po, n); - if (r < 0) - return r; - - n = KDBUS_ITEM_NEXT(n); - } - - if (world_policy >= 0) { - n->type = KDBUS_ITEM_POLICY_ACCESS; - n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - n->policy_access.type = KDBUS_POLICY_ACCESS_WORLD; - n->policy_access.access = bus_kernel_translate_access(world_policy); - } - - hello->size = size; - hello->flags = - (activating ? KDBUS_HELLO_ACTIVATOR : KDBUS_HELLO_POLICY_HOLDER) | - (accept_fd ? KDBUS_HELLO_ACCEPT_FD : 0); - hello->pool_size = KDBUS_POOL_SIZE; - hello->attach_flags_send = _KDBUS_ATTACH_ANY; - hello->attach_flags_recv = _KDBUS_ATTACH_ANY; - - if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) - return -errno; - - /* The higher 32bit of the bus_flags fields are considered - * 'incompatible flags'. Refuse them all for now. */ - if (hello->bus_flags > 0xFFFFFFFFULL) - return -ENOTSUP; - - if (!bloom_validate_parameters((size_t) hello->bloom.size, (unsigned) hello->bloom.n_hash)) - return -ENOTSUP; - - return fd; -} - int bus_kernel_try_close(sd_bus *bus) { assert(bus); assert(bus->is_kernel); @@ -1803,12 +1670,13 @@ int bus_kernel_try_close(sd_bus *bus) { int bus_kernel_drop_one(int fd) { struct kdbus_cmd_recv recv = { - .flags = KDBUS_RECV_DROP + .size = sizeof(recv), + .flags = KDBUS_RECV_DROP, }; assert(fd >= 0); - if (ioctl(fd, KDBUS_CMD_MSG_RECV, &recv) < 0) + if (ioctl(fd, KDBUS_CMD_RECV, &recv) < 0) return -errno; return 0; @@ -1869,7 +1737,7 @@ int bus_kernel_fix_attach_mask(void) { r = write_string_file("/sys/module/kdbus/parameters/attach_flags_mask", buf); if (r < 0) return log_full_errno( - r == -EROFS ? LOG_DEBUG : LOG_WARNING, r, + IN_SET(r, -ENOENT, -EROFS) ? LOG_DEBUG : LOG_WARNING, r, "Failed to write kdbus attach mask: %m"); return 0;