1 // SPDX-License-Identifier: GPL-2.0
4 * Copyright (C) 1992, 1993 Krishna Balasubramanian
5 * Many improvements/fixes by Bruno Haible.
6 * Replaced `struct shm_desc' by `struct vm_area_struct', July 1994.
7 * Fixed the shm swap deallocation (shm_unuse()), August 1998 Andrea Arcangeli.
9 * /proc/sysvipc/shm support (c) 1999 Dragos Acostachioaie <dragos@iname.com>
10 * BIGMEM support, Andrea Arcangeli <andrea@suse.de>
11 * SMP thread shm, Jean-Luc Boyard <jean-luc.boyard@siemens.fr>
12 * HIGHMEM support, Ingo Molnar <mingo@redhat.com>
13 * Make shmmax, shmall, shmmni sysctl'able, Christoph Rohland <cr@sap.com>
14 * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com>
15 * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com>
17 * support for audit of ipc object properties and permission changes
18 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
22 * Pavel Emelianov <xemul@openvz.org>
24 * Better ipc lock (kern_ipc_perm.lock) handling
25 * Davidlohr Bueso <davidlohr.bueso@hp.com>, June 2013.
28 #include <linux/slab.h>
30 #include <linux/hugetlb.h>
31 #include <linux/shm.h>
32 #include <linux/init.h>
33 #include <linux/file.h>
34 #include <linux/mman.h>
35 #include <linux/shmem_fs.h>
36 #include <linux/security.h>
37 #include <linux/syscalls.h>
38 #include <linux/audit.h>
39 #include <linux/capability.h>
40 #include <linux/ptrace.h>
41 #include <linux/seq_file.h>
42 #include <linux/rwsem.h>
43 #include <linux/nsproxy.h>
44 #include <linux/mount.h>
45 #include <linux/ipc_namespace.h>
46 #include <linux/rhashtable.h>
48 #include <linux/uaccess.h>
52 struct shmid_kernel /* private to the kernel */
54 struct kern_ipc_perm shm_perm;
55 struct file *shm_file;
56 unsigned long shm_nattch;
57 unsigned long shm_segsz;
61 struct pid *shm_cprid;
62 struct pid *shm_lprid;
63 struct ucounts *mlock_ucounts;
66 * The task created the shm object, for
67 * task_lock(shp->shm_creator)
69 struct task_struct *shm_creator;
72 * List by creator. task_lock(->shm_creator) required for read/write.
73 * If list_empty(), then the creator is dead already.
75 struct list_head shm_clist;
76 struct ipc_namespace *ns;
79 /* shm_mode upper byte flags */
80 #define SHM_DEST 01000 /* segment will be destroyed on last detach */
81 #define SHM_LOCKED 02000 /* segment will not be swapped */
83 struct shm_file_data {
85 struct ipc_namespace *ns;
87 const struct vm_operations_struct *vm_ops;
90 #define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data))
92 static const struct file_operations shm_file_operations;
93 static const struct vm_operations_struct shm_vm_ops;
95 #define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS])
97 #define shm_unlock(shp) \
98 ipc_unlock(&(shp)->shm_perm)
100 static int newseg(struct ipc_namespace *, struct ipc_params *);
101 static void shm_open(struct vm_area_struct *vma);
102 static void shm_close(struct vm_area_struct *vma);
103 static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
104 #ifdef CONFIG_PROC_FS
105 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
108 void shm_init_ns(struct ipc_namespace *ns)
110 ns->shm_ctlmax = SHMMAX;
111 ns->shm_ctlall = SHMALL;
112 ns->shm_ctlmni = SHMMNI;
113 ns->shm_rmid_forced = 0;
115 ipc_init_ids(&shm_ids(ns));
119 * Called with shm_ids.rwsem (writer) and the shp structure locked.
120 * Only shm_ids.rwsem remains locked on exit.
122 static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
124 struct shmid_kernel *shp;
126 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
127 WARN_ON(ns != shp->ns);
129 if (shp->shm_nattch) {
130 shp->shm_perm.mode |= SHM_DEST;
131 /* Do not find it any more */
132 ipc_set_key_private(&shm_ids(ns), &shp->shm_perm);
135 shm_destroy(ns, shp);
139 void shm_exit_ns(struct ipc_namespace *ns)
141 free_ipcs(ns, &shm_ids(ns), do_shm_rmid);
142 idr_destroy(&ns->ids[IPC_SHM_IDS].ipcs_idr);
143 rhashtable_destroy(&ns->ids[IPC_SHM_IDS].key_ht);
147 static int __init ipc_ns_init(void)
149 shm_init_ns(&init_ipc_ns);
153 pure_initcall(ipc_ns_init);
155 void __init shm_init(void)
157 ipc_init_proc_interface("sysvipc/shm",
158 #if BITS_PER_LONG <= 32
159 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
161 " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
163 IPC_SHM_IDS, sysvipc_shm_proc_show);
166 static inline struct shmid_kernel *shm_obtain_object(struct ipc_namespace *ns, int id)
168 struct kern_ipc_perm *ipcp = ipc_obtain_object_idr(&shm_ids(ns), id);
171 return ERR_CAST(ipcp);
173 return container_of(ipcp, struct shmid_kernel, shm_perm);
176 static inline struct shmid_kernel *shm_obtain_object_check(struct ipc_namespace *ns, int id)
178 struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&shm_ids(ns), id);
181 return ERR_CAST(ipcp);
183 return container_of(ipcp, struct shmid_kernel, shm_perm);
187 * shm_lock_(check_) routines are called in the paths where the rwsem
188 * is not necessarily held.
190 static inline struct shmid_kernel *shm_lock(struct ipc_namespace *ns, int id)
192 struct kern_ipc_perm *ipcp;
195 ipcp = ipc_obtain_object_idr(&shm_ids(ns), id);
199 ipc_lock_object(ipcp);
201 * ipc_rmid() may have already freed the ID while ipc_lock_object()
202 * was spinning: here verify that the structure is still valid.
203 * Upon races with RMID, return -EIDRM, thus indicating that
204 * the ID points to a removed identifier.
206 if (ipc_valid_object(ipcp)) {
207 /* return a locked ipc object upon success */
208 return container_of(ipcp, struct shmid_kernel, shm_perm);
211 ipc_unlock_object(ipcp);
212 ipcp = ERR_PTR(-EIDRM);
216 * Callers of shm_lock() must validate the status of the returned ipc
217 * object pointer and error out as appropriate.
219 return ERR_CAST(ipcp);
222 static inline void shm_lock_by_ptr(struct shmid_kernel *ipcp)
225 ipc_lock_object(&ipcp->shm_perm);
228 static void shm_rcu_free(struct rcu_head *head)
230 struct kern_ipc_perm *ptr = container_of(head, struct kern_ipc_perm,
232 struct shmid_kernel *shp = container_of(ptr, struct shmid_kernel,
234 security_shm_free(&shp->shm_perm);
239 * It has to be called with shp locked.
240 * It must be called before ipc_rmid()
242 static inline void shm_clist_rm(struct shmid_kernel *shp)
244 struct task_struct *creator;
246 /* ensure that shm_creator does not disappear */
250 * A concurrent exit_shm may do a list_del_init() as well.
251 * Just do nothing if exit_shm already did the work
253 if (!list_empty(&shp->shm_clist)) {
255 * shp->shm_creator is guaranteed to be valid *only*
256 * if shp->shm_clist is not empty.
258 creator = shp->shm_creator;
262 * list_del_init() is a nop if the entry was already removed
265 list_del_init(&shp->shm_clist);
266 task_unlock(creator);
271 static inline void shm_rmid(struct shmid_kernel *s)
274 ipc_rmid(&shm_ids(s->ns), &s->shm_perm);
278 static int __shm_open(struct shm_file_data *sfd)
280 struct shmid_kernel *shp;
282 shp = shm_lock(sfd->ns, sfd->id);
287 if (shp->shm_file != sfd->file) {
293 shp->shm_atim = ktime_get_real_seconds();
294 ipc_update_pid(&shp->shm_lprid, task_tgid(current));
300 /* This is called by fork, once for every shm attach. */
301 static void shm_open(struct vm_area_struct *vma)
303 struct file *file = vma->vm_file;
304 struct shm_file_data *sfd = shm_file_data(file);
307 /* Always call underlying open if present */
308 if (sfd->vm_ops->open)
309 sfd->vm_ops->open(vma);
311 err = __shm_open(sfd);
313 * We raced in the idr lookup or with shm_destroy().
314 * Either way, the ID is busted.
320 * shm_destroy - free the struct shmid_kernel
323 * @shp: struct to free
325 * It has to be called with shp and shm_ids.rwsem (writer) locked,
326 * but returns with shp unlocked and freed.
328 static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
330 struct file *shm_file;
332 shm_file = shp->shm_file;
333 shp->shm_file = NULL;
334 ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
337 if (!is_file_hugepages(shm_file))
338 shmem_lock(shm_file, 0, shp->mlock_ucounts);
340 ipc_update_pid(&shp->shm_cprid, NULL);
341 ipc_update_pid(&shp->shm_lprid, NULL);
342 ipc_rcu_putref(&shp->shm_perm, shm_rcu_free);
346 * shm_may_destroy - identifies whether shm segment should be destroyed now
348 * Returns true if and only if there are no active users of the segment and
349 * one of the following is true:
351 * 1) shmctl(id, IPC_RMID, NULL) was called for this shp
353 * 2) sysctl kernel.shm_rmid_forced is set to 1.
355 static bool shm_may_destroy(struct shmid_kernel *shp)
357 return (shp->shm_nattch == 0) &&
358 (shp->ns->shm_rmid_forced ||
359 (shp->shm_perm.mode & SHM_DEST));
363 * remove the attach descriptor vma.
364 * free memory for segment if it is marked destroyed.
365 * The descriptor has already been removed from the current->mm->mmap list
366 * and will later be kfree()d.
368 static void __shm_close(struct shm_file_data *sfd)
370 struct shmid_kernel *shp;
371 struct ipc_namespace *ns = sfd->ns;
373 down_write(&shm_ids(ns).rwsem);
374 /* remove from the list of attaches of the shm segment */
375 shp = shm_lock(ns, sfd->id);
378 * We raced in the idr lookup or with shm_destroy().
379 * Either way, the ID is busted.
381 if (WARN_ON_ONCE(IS_ERR(shp)))
382 goto done; /* no-op */
384 ipc_update_pid(&shp->shm_lprid, task_tgid(current));
385 shp->shm_dtim = ktime_get_real_seconds();
387 if (shm_may_destroy(shp))
388 shm_destroy(ns, shp);
392 up_write(&shm_ids(ns).rwsem);
395 static void shm_close(struct vm_area_struct *vma)
397 struct file *file = vma->vm_file;
398 struct shm_file_data *sfd = shm_file_data(file);
400 /* Always call underlying close if present */
401 if (sfd->vm_ops->close)
402 sfd->vm_ops->close(vma);
407 /* Called with ns->shm_ids(ns).rwsem locked */
408 static int shm_try_destroy_orphaned(int id, void *p, void *data)
410 struct ipc_namespace *ns = data;
411 struct kern_ipc_perm *ipcp = p;
412 struct shmid_kernel *shp = container_of(ipcp, struct shmid_kernel, shm_perm);
415 * We want to destroy segments without users and with already
416 * exit'ed originating process.
418 * As shp->* are changed under rwsem, it's safe to skip shp locking.
420 if (!list_empty(&shp->shm_clist))
423 if (shm_may_destroy(shp)) {
424 shm_lock_by_ptr(shp);
425 shm_destroy(ns, shp);
430 void shm_destroy_orphaned(struct ipc_namespace *ns)
432 down_write(&shm_ids(ns).rwsem);
433 if (shm_ids(ns).in_use)
434 idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_orphaned, ns);
435 up_write(&shm_ids(ns).rwsem);
438 /* Locking assumes this will only be called with task == current */
439 void exit_shm(struct task_struct *task)
442 struct shmid_kernel *shp;
443 struct ipc_namespace *ns;
447 if (list_empty(&task->sysvshm.shm_clist)) {
452 shp = list_first_entry(&task->sysvshm.shm_clist, struct shmid_kernel,
456 * 1) Get pointer to the ipc namespace. It is worth to say
457 * that this pointer is guaranteed to be valid because
458 * shp lifetime is always shorter than namespace lifetime
459 * in which shp lives.
460 * We taken task_lock it means that shp won't be freed.
465 * 2) If kernel.shm_rmid_forced is not set then only keep track of
466 * which shmids are orphaned, so that a later set of the sysctl
469 if (!ns->shm_rmid_forced)
470 goto unlink_continue;
473 * 3) get a reference to the namespace.
474 * The refcount could be already 0. If it is 0, then
475 * the shm objects will be free by free_ipc_work().
477 ns = get_ipc_ns_not_zero(ns);
480 list_del_init(&shp->shm_clist);
486 * 4) get a reference to shp.
487 * This cannot fail: shm_clist_rm() is called before
488 * ipc_rmid(), thus the refcount cannot be 0.
490 WARN_ON(!ipc_rcu_getref(&shp->shm_perm));
493 * 5) unlink the shm segment from the list of segments
494 * created by current.
495 * This must be done last. After unlinking,
496 * only the refcounts obtained above prevent IPC_RMID
497 * from destroying the segment or the namespace.
499 list_del_init(&shp->shm_clist);
504 * 6) we have all references
505 * Thus lock & if needed destroy shp.
507 down_write(&shm_ids(ns).rwsem);
508 shm_lock_by_ptr(shp);
510 * rcu_read_lock was implicitly taken in shm_lock_by_ptr, it's
511 * safe to call ipc_rcu_putref here
513 ipc_rcu_putref(&shp->shm_perm, shm_rcu_free);
515 if (ipc_valid_object(&shp->shm_perm)) {
516 if (shm_may_destroy(shp))
517 shm_destroy(ns, shp);
522 * Someone else deleted the shp from namespace
523 * idr/kht while we have waited.
524 * Just unlock and continue.
529 up_write(&shm_ids(ns).rwsem);
530 put_ipc_ns(ns); /* paired with get_ipc_ns_not_zero */
534 static vm_fault_t shm_fault(struct vm_fault *vmf)
536 struct file *file = vmf->vma->vm_file;
537 struct shm_file_data *sfd = shm_file_data(file);
539 return sfd->vm_ops->fault(vmf);
542 static int shm_may_split(struct vm_area_struct *vma, unsigned long addr)
544 struct file *file = vma->vm_file;
545 struct shm_file_data *sfd = shm_file_data(file);
547 if (sfd->vm_ops->may_split)
548 return sfd->vm_ops->may_split(vma, addr);
553 static unsigned long shm_pagesize(struct vm_area_struct *vma)
555 struct file *file = vma->vm_file;
556 struct shm_file_data *sfd = shm_file_data(file);
558 if (sfd->vm_ops->pagesize)
559 return sfd->vm_ops->pagesize(vma);
565 static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol)
567 struct shm_file_data *sfd = shm_file_data(vma->vm_file);
570 if (sfd->vm_ops->set_policy)
571 err = sfd->vm_ops->set_policy(vma, mpol);
575 static struct mempolicy *shm_get_policy(struct vm_area_struct *vma,
576 unsigned long addr, pgoff_t *ilx)
578 struct shm_file_data *sfd = shm_file_data(vma->vm_file);
579 struct mempolicy *mpol = vma->vm_policy;
581 if (sfd->vm_ops->get_policy)
582 mpol = sfd->vm_ops->get_policy(vma, addr, ilx);
587 static int shm_mmap(struct file *file, struct vm_area_struct *vma)
589 struct shm_file_data *sfd = shm_file_data(file);
593 * In case of remap_file_pages() emulation, the file can represent an
594 * IPC ID that was removed, and possibly even reused by another shm
595 * segment already. Propagate this case as an error to caller.
597 ret = __shm_open(sfd);
601 ret = call_mmap(sfd->file, vma);
606 sfd->vm_ops = vma->vm_ops;
608 WARN_ON(!sfd->vm_ops->fault);
610 vma->vm_ops = &shm_vm_ops;
614 static int shm_release(struct inode *ino, struct file *file)
616 struct shm_file_data *sfd = shm_file_data(file);
620 shm_file_data(file) = NULL;
625 static int shm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
627 struct shm_file_data *sfd = shm_file_data(file);
629 if (!sfd->file->f_op->fsync)
631 return sfd->file->f_op->fsync(sfd->file, start, end, datasync);
634 static long shm_fallocate(struct file *file, int mode, loff_t offset,
637 struct shm_file_data *sfd = shm_file_data(file);
639 if (!sfd->file->f_op->fallocate)
641 return sfd->file->f_op->fallocate(file, mode, offset, len);
644 static unsigned long shm_get_unmapped_area(struct file *file,
645 unsigned long addr, unsigned long len, unsigned long pgoff,
648 struct shm_file_data *sfd = shm_file_data(file);
650 return sfd->file->f_op->get_unmapped_area(sfd->file, addr, len,
654 static const struct file_operations shm_file_operations = {
657 .release = shm_release,
658 .get_unmapped_area = shm_get_unmapped_area,
659 .llseek = noop_llseek,
660 .fallocate = shm_fallocate,
664 * shm_file_operations_huge is now identical to shm_file_operations,
665 * but we keep it distinct for the sake of is_file_shm_hugepages().
667 static const struct file_operations shm_file_operations_huge = {
670 .release = shm_release,
671 .get_unmapped_area = shm_get_unmapped_area,
672 .llseek = noop_llseek,
673 .fallocate = shm_fallocate,
676 bool is_file_shm_hugepages(struct file *file)
678 return file->f_op == &shm_file_operations_huge;
681 static const struct vm_operations_struct shm_vm_ops = {
682 .open = shm_open, /* callback for a new vm-area open */
683 .close = shm_close, /* callback for when the vm-area is released */
685 .may_split = shm_may_split,
686 .pagesize = shm_pagesize,
687 #if defined(CONFIG_NUMA)
688 .set_policy = shm_set_policy,
689 .get_policy = shm_get_policy,
694 * newseg - Create a new shared memory segment
696 * @params: ptr to the structure that contains key, size and shmflg
698 * Called with shm_ids.rwsem held as a writer.
700 static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
702 key_t key = params->key;
703 int shmflg = params->flg;
704 size_t size = params->u.size;
706 struct shmid_kernel *shp;
707 size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
710 vm_flags_t acctflag = 0;
712 if (size < SHMMIN || size > ns->shm_ctlmax)
715 if (numpages << PAGE_SHIFT < size)
718 if (ns->shm_tot + numpages < ns->shm_tot ||
719 ns->shm_tot + numpages > ns->shm_ctlall)
722 shp = kmalloc(sizeof(*shp), GFP_KERNEL_ACCOUNT);
726 shp->shm_perm.key = key;
727 shp->shm_perm.mode = (shmflg & S_IRWXUGO);
728 shp->mlock_ucounts = NULL;
730 shp->shm_perm.security = NULL;
731 error = security_shm_alloc(&shp->shm_perm);
737 sprintf(name, "SYSV%08x", key);
738 if (shmflg & SHM_HUGETLB) {
742 hs = hstate_sizelog((shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK);
747 hugesize = ALIGN(size, huge_page_size(hs));
749 /* hugetlb_file_setup applies strict accounting */
750 if (shmflg & SHM_NORESERVE)
751 acctflag = VM_NORESERVE;
752 file = hugetlb_file_setup(name, hugesize, acctflag,
753 HUGETLB_SHMFS_INODE, (shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK);
756 * Do not allow no accounting for OVERCOMMIT_NEVER, even
759 if ((shmflg & SHM_NORESERVE) &&
760 sysctl_overcommit_memory != OVERCOMMIT_NEVER)
761 acctflag = VM_NORESERVE;
762 file = shmem_kernel_file_setup(name, size, acctflag);
764 error = PTR_ERR(file);
768 shp->shm_cprid = get_pid(task_tgid(current));
769 shp->shm_lprid = NULL;
770 shp->shm_atim = shp->shm_dtim = 0;
771 shp->shm_ctim = ktime_get_real_seconds();
772 shp->shm_segsz = size;
774 shp->shm_file = file;
775 shp->shm_creator = current;
777 /* ipc_addid() locks shp upon success. */
778 error = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
785 list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist);
786 task_unlock(current);
789 * shmid gets reported as "inode#" in /proc/pid/maps.
790 * proc-ps tools use this. Changing this will break them.
792 file_inode(file)->i_ino = shp->shm_perm.id;
794 ns->shm_tot += numpages;
795 error = shp->shm_perm.id;
797 ipc_unlock_object(&shp->shm_perm);
802 ipc_update_pid(&shp->shm_cprid, NULL);
803 ipc_update_pid(&shp->shm_lprid, NULL);
805 ipc_rcu_putref(&shp->shm_perm, shm_rcu_free);
808 call_rcu(&shp->shm_perm.rcu, shm_rcu_free);
813 * Called with shm_ids.rwsem and ipcp locked.
815 static int shm_more_checks(struct kern_ipc_perm *ipcp, struct ipc_params *params)
817 struct shmid_kernel *shp;
819 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
820 if (shp->shm_segsz < params->u.size)
826 long ksys_shmget(key_t key, size_t size, int shmflg)
828 struct ipc_namespace *ns;
829 static const struct ipc_ops shm_ops = {
831 .associate = security_shm_associate,
832 .more_checks = shm_more_checks,
834 struct ipc_params shm_params;
836 ns = current->nsproxy->ipc_ns;
838 shm_params.key = key;
839 shm_params.flg = shmflg;
840 shm_params.u.size = size;
842 return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
845 SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
847 return ksys_shmget(key, size, shmflg);
850 static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
854 return copy_to_user(buf, in, sizeof(*in));
859 memset(&out, 0, sizeof(out));
860 ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
861 out.shm_segsz = in->shm_segsz;
862 out.shm_atime = in->shm_atime;
863 out.shm_dtime = in->shm_dtime;
864 out.shm_ctime = in->shm_ctime;
865 out.shm_cpid = in->shm_cpid;
866 out.shm_lpid = in->shm_lpid;
867 out.shm_nattch = in->shm_nattch;
869 return copy_to_user(buf, &out, sizeof(out));
876 static inline unsigned long
877 copy_shmid_from_user(struct shmid64_ds *out, void __user *buf, int version)
881 if (copy_from_user(out, buf, sizeof(*out)))
886 struct shmid_ds tbuf_old;
888 if (copy_from_user(&tbuf_old, buf, sizeof(tbuf_old)))
891 out->shm_perm.uid = tbuf_old.shm_perm.uid;
892 out->shm_perm.gid = tbuf_old.shm_perm.gid;
893 out->shm_perm.mode = tbuf_old.shm_perm.mode;
902 static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminfo64 *in, int version)
906 return copy_to_user(buf, in, sizeof(*in));
911 if (in->shmmax > INT_MAX)
912 out.shmmax = INT_MAX;
914 out.shmmax = (int)in->shmmax;
916 out.shmmin = in->shmmin;
917 out.shmmni = in->shmmni;
918 out.shmseg = in->shmseg;
919 out.shmall = in->shmall;
921 return copy_to_user(buf, &out, sizeof(out));
929 * Calculate and add used RSS and swap pages of a shm.
930 * Called with shm_ids.rwsem held as a reader
932 static void shm_add_rss_swap(struct shmid_kernel *shp,
933 unsigned long *rss_add, unsigned long *swp_add)
937 inode = file_inode(shp->shm_file);
939 if (is_file_hugepages(shp->shm_file)) {
940 struct address_space *mapping = inode->i_mapping;
941 struct hstate *h = hstate_file(shp->shm_file);
942 *rss_add += pages_per_huge_page(h) * mapping->nrpages;
945 struct shmem_inode_info *info = SHMEM_I(inode);
947 spin_lock_irq(&info->lock);
948 *rss_add += inode->i_mapping->nrpages;
949 *swp_add += info->swapped;
950 spin_unlock_irq(&info->lock);
952 *rss_add += inode->i_mapping->nrpages;
958 * Called with shm_ids.rwsem held as a reader
960 static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss,
969 in_use = shm_ids(ns).in_use;
971 for (total = 0, next_id = 0; total < in_use; next_id++) {
972 struct kern_ipc_perm *ipc;
973 struct shmid_kernel *shp;
975 ipc = idr_find(&shm_ids(ns).ipcs_idr, next_id);
978 shp = container_of(ipc, struct shmid_kernel, shm_perm);
980 shm_add_rss_swap(shp, rss, swp);
987 * This function handles some shmctl commands which require the rwsem
988 * to be held in write mode.
989 * NOTE: no locks must be held, the rwsem is taken inside this function.
991 static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
992 struct shmid64_ds *shmid64)
994 struct kern_ipc_perm *ipcp;
995 struct shmid_kernel *shp;
998 down_write(&shm_ids(ns).rwsem);
1001 ipcp = ipcctl_obtain_check(ns, &shm_ids(ns), shmid, cmd,
1002 &shmid64->shm_perm, 0);
1004 err = PTR_ERR(ipcp);
1008 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
1010 err = security_shm_shmctl(&shp->shm_perm, cmd);
1016 ipc_lock_object(&shp->shm_perm);
1017 /* do_shm_rmid unlocks the ipc object and rcu */
1018 do_shm_rmid(ns, ipcp);
1021 ipc_lock_object(&shp->shm_perm);
1022 err = ipc_update_perm(&shmid64->shm_perm, ipcp);
1025 shp->shm_ctim = ktime_get_real_seconds();
1033 ipc_unlock_object(&shp->shm_perm);
1037 up_write(&shm_ids(ns).rwsem);
1041 static int shmctl_ipc_info(struct ipc_namespace *ns,
1042 struct shminfo64 *shminfo)
1044 int err = security_shm_shmctl(NULL, IPC_INFO);
1046 memset(shminfo, 0, sizeof(*shminfo));
1047 shminfo->shmmni = shminfo->shmseg = ns->shm_ctlmni;
1048 shminfo->shmmax = ns->shm_ctlmax;
1049 shminfo->shmall = ns->shm_ctlall;
1050 shminfo->shmmin = SHMMIN;
1051 down_read(&shm_ids(ns).rwsem);
1052 err = ipc_get_maxidx(&shm_ids(ns));
1053 up_read(&shm_ids(ns).rwsem);
1060 static int shmctl_shm_info(struct ipc_namespace *ns,
1061 struct shm_info *shm_info)
1063 int err = security_shm_shmctl(NULL, SHM_INFO);
1065 memset(shm_info, 0, sizeof(*shm_info));
1066 down_read(&shm_ids(ns).rwsem);
1067 shm_info->used_ids = shm_ids(ns).in_use;
1068 shm_get_stat(ns, &shm_info->shm_rss, &shm_info->shm_swp);
1069 shm_info->shm_tot = ns->shm_tot;
1070 shm_info->swap_attempts = 0;
1071 shm_info->swap_successes = 0;
1072 err = ipc_get_maxidx(&shm_ids(ns));
1073 up_read(&shm_ids(ns).rwsem);
1080 static int shmctl_stat(struct ipc_namespace *ns, int shmid,
1081 int cmd, struct shmid64_ds *tbuf)
1083 struct shmid_kernel *shp;
1086 memset(tbuf, 0, sizeof(*tbuf));
1089 if (cmd == SHM_STAT || cmd == SHM_STAT_ANY) {
1090 shp = shm_obtain_object(ns, shmid);
1095 } else { /* IPC_STAT */
1096 shp = shm_obtain_object_check(ns, shmid);
1104 * Semantically SHM_STAT_ANY ought to be identical to
1105 * that functionality provided by the /proc/sysvipc/
1106 * interface. As such, only audit these calls and
1107 * do not do traditional S_IRUGO permission checks on
1110 if (cmd == SHM_STAT_ANY)
1111 audit_ipc_obj(&shp->shm_perm);
1114 if (ipcperms(ns, &shp->shm_perm, S_IRUGO))
1118 err = security_shm_shmctl(&shp->shm_perm, cmd);
1122 ipc_lock_object(&shp->shm_perm);
1124 if (!ipc_valid_object(&shp->shm_perm)) {
1125 ipc_unlock_object(&shp->shm_perm);
1130 kernel_to_ipc64_perm(&shp->shm_perm, &tbuf->shm_perm);
1131 tbuf->shm_segsz = shp->shm_segsz;
1132 tbuf->shm_atime = shp->shm_atim;
1133 tbuf->shm_dtime = shp->shm_dtim;
1134 tbuf->shm_ctime = shp->shm_ctim;
1135 #ifndef CONFIG_64BIT
1136 tbuf->shm_atime_high = shp->shm_atim >> 32;
1137 tbuf->shm_dtime_high = shp->shm_dtim >> 32;
1138 tbuf->shm_ctime_high = shp->shm_ctim >> 32;
1140 tbuf->shm_cpid = pid_vnr(shp->shm_cprid);
1141 tbuf->shm_lpid = pid_vnr(shp->shm_lprid);
1142 tbuf->shm_nattch = shp->shm_nattch;
1144 if (cmd == IPC_STAT) {
1146 * As defined in SUS:
1147 * Return 0 on success
1152 * SHM_STAT and SHM_STAT_ANY (both Linux specific)
1153 * Return the full id, including the sequence number
1155 err = shp->shm_perm.id;
1158 ipc_unlock_object(&shp->shm_perm);
1164 static int shmctl_do_lock(struct ipc_namespace *ns, int shmid, int cmd)
1166 struct shmid_kernel *shp;
1167 struct file *shm_file;
1171 shp = shm_obtain_object_check(ns, shmid);
1177 audit_ipc_obj(&(shp->shm_perm));
1178 err = security_shm_shmctl(&shp->shm_perm, cmd);
1182 ipc_lock_object(&shp->shm_perm);
1184 /* check if shm_destroy() is tearing down shp */
1185 if (!ipc_valid_object(&shp->shm_perm)) {
1190 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
1191 kuid_t euid = current_euid();
1193 if (!uid_eq(euid, shp->shm_perm.uid) &&
1194 !uid_eq(euid, shp->shm_perm.cuid)) {
1198 if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) {
1204 shm_file = shp->shm_file;
1205 if (is_file_hugepages(shm_file))
1208 if (cmd == SHM_LOCK) {
1209 struct ucounts *ucounts = current_ucounts();
1211 err = shmem_lock(shm_file, 1, ucounts);
1212 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)) {
1213 shp->shm_perm.mode |= SHM_LOCKED;
1214 shp->mlock_ucounts = ucounts;
1220 if (!(shp->shm_perm.mode & SHM_LOCKED))
1222 shmem_lock(shm_file, 0, shp->mlock_ucounts);
1223 shp->shm_perm.mode &= ~SHM_LOCKED;
1224 shp->mlock_ucounts = NULL;
1226 ipc_unlock_object(&shp->shm_perm);
1228 shmem_unlock_mapping(shm_file->f_mapping);
1234 ipc_unlock_object(&shp->shm_perm);
1240 static long ksys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf, int version)
1243 struct ipc_namespace *ns;
1244 struct shmid64_ds sem64;
1246 if (cmd < 0 || shmid < 0)
1249 ns = current->nsproxy->ipc_ns;
1253 struct shminfo64 shminfo;
1254 err = shmctl_ipc_info(ns, &shminfo);
1257 if (copy_shminfo_to_user(buf, &shminfo, version))
1262 struct shm_info shm_info;
1263 err = shmctl_shm_info(ns, &shm_info);
1266 if (copy_to_user(buf, &shm_info, sizeof(shm_info)))
1273 err = shmctl_stat(ns, shmid, cmd, &sem64);
1276 if (copy_shmid_to_user(buf, &sem64, version))
1281 if (copy_shmid_from_user(&sem64, buf, version))
1285 return shmctl_down(ns, shmid, cmd, &sem64);
1288 return shmctl_do_lock(ns, shmid, cmd);
1294 SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
1296 return ksys_shmctl(shmid, cmd, buf, IPC_64);
1299 #ifdef CONFIG_ARCH_WANT_IPC_PARSE_VERSION
1300 long ksys_old_shmctl(int shmid, int cmd, struct shmid_ds __user *buf)
1302 int version = ipc_parse_version(&cmd);
1304 return ksys_shmctl(shmid, cmd, buf, version);
1307 SYSCALL_DEFINE3(old_shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
1309 return ksys_old_shmctl(shmid, cmd, buf);
1313 #ifdef CONFIG_COMPAT
1315 struct compat_shmid_ds {
1316 struct compat_ipc_perm shm_perm;
1318 old_time32_t shm_atime;
1319 old_time32_t shm_dtime;
1320 old_time32_t shm_ctime;
1321 compat_ipc_pid_t shm_cpid;
1322 compat_ipc_pid_t shm_lpid;
1323 unsigned short shm_nattch;
1324 unsigned short shm_unused;
1325 compat_uptr_t shm_unused2;
1326 compat_uptr_t shm_unused3;
1329 struct compat_shminfo64 {
1330 compat_ulong_t shmmax;
1331 compat_ulong_t shmmin;
1332 compat_ulong_t shmmni;
1333 compat_ulong_t shmseg;
1334 compat_ulong_t shmall;
1335 compat_ulong_t __unused1;
1336 compat_ulong_t __unused2;
1337 compat_ulong_t __unused3;
1338 compat_ulong_t __unused4;
1341 struct compat_shm_info {
1342 compat_int_t used_ids;
1343 compat_ulong_t shm_tot, shm_rss, shm_swp;
1344 compat_ulong_t swap_attempts, swap_successes;
1347 static int copy_compat_shminfo_to_user(void __user *buf, struct shminfo64 *in,
1350 if (in->shmmax > INT_MAX)
1351 in->shmmax = INT_MAX;
1352 if (version == IPC_64) {
1353 struct compat_shminfo64 info;
1354 memset(&info, 0, sizeof(info));
1355 info.shmmax = in->shmmax;
1356 info.shmmin = in->shmmin;
1357 info.shmmni = in->shmmni;
1358 info.shmseg = in->shmseg;
1359 info.shmall = in->shmall;
1360 return copy_to_user(buf, &info, sizeof(info));
1362 struct shminfo info;
1363 memset(&info, 0, sizeof(info));
1364 info.shmmax = in->shmmax;
1365 info.shmmin = in->shmmin;
1366 info.shmmni = in->shmmni;
1367 info.shmseg = in->shmseg;
1368 info.shmall = in->shmall;
1369 return copy_to_user(buf, &info, sizeof(info));
1373 static int put_compat_shm_info(struct shm_info *ip,
1374 struct compat_shm_info __user *uip)
1376 struct compat_shm_info info;
1378 memset(&info, 0, sizeof(info));
1379 info.used_ids = ip->used_ids;
1380 info.shm_tot = ip->shm_tot;
1381 info.shm_rss = ip->shm_rss;
1382 info.shm_swp = ip->shm_swp;
1383 info.swap_attempts = ip->swap_attempts;
1384 info.swap_successes = ip->swap_successes;
1385 return copy_to_user(uip, &info, sizeof(info));
1388 static int copy_compat_shmid_to_user(void __user *buf, struct shmid64_ds *in,
1391 if (version == IPC_64) {
1392 struct compat_shmid64_ds v;
1393 memset(&v, 0, sizeof(v));
1394 to_compat_ipc64_perm(&v.shm_perm, &in->shm_perm);
1395 v.shm_atime = lower_32_bits(in->shm_atime);
1396 v.shm_atime_high = upper_32_bits(in->shm_atime);
1397 v.shm_dtime = lower_32_bits(in->shm_dtime);
1398 v.shm_dtime_high = upper_32_bits(in->shm_dtime);
1399 v.shm_ctime = lower_32_bits(in->shm_ctime);
1400 v.shm_ctime_high = upper_32_bits(in->shm_ctime);
1401 v.shm_segsz = in->shm_segsz;
1402 v.shm_nattch = in->shm_nattch;
1403 v.shm_cpid = in->shm_cpid;
1404 v.shm_lpid = in->shm_lpid;
1405 return copy_to_user(buf, &v, sizeof(v));
1407 struct compat_shmid_ds v;
1408 memset(&v, 0, sizeof(v));
1409 to_compat_ipc_perm(&v.shm_perm, &in->shm_perm);
1410 v.shm_perm.key = in->shm_perm.key;
1411 v.shm_atime = in->shm_atime;
1412 v.shm_dtime = in->shm_dtime;
1413 v.shm_ctime = in->shm_ctime;
1414 v.shm_segsz = in->shm_segsz;
1415 v.shm_nattch = in->shm_nattch;
1416 v.shm_cpid = in->shm_cpid;
1417 v.shm_lpid = in->shm_lpid;
1418 return copy_to_user(buf, &v, sizeof(v));
1422 static int copy_compat_shmid_from_user(struct shmid64_ds *out, void __user *buf,
1425 memset(out, 0, sizeof(*out));
1426 if (version == IPC_64) {
1427 struct compat_shmid64_ds __user *p = buf;
1428 return get_compat_ipc64_perm(&out->shm_perm, &p->shm_perm);
1430 struct compat_shmid_ds __user *p = buf;
1431 return get_compat_ipc_perm(&out->shm_perm, &p->shm_perm);
1435 static long compat_ksys_shmctl(int shmid, int cmd, void __user *uptr, int version)
1437 struct ipc_namespace *ns;
1438 struct shmid64_ds sem64;
1441 ns = current->nsproxy->ipc_ns;
1443 if (cmd < 0 || shmid < 0)
1448 struct shminfo64 shminfo;
1449 err = shmctl_ipc_info(ns, &shminfo);
1452 if (copy_compat_shminfo_to_user(uptr, &shminfo, version))
1457 struct shm_info shm_info;
1458 err = shmctl_shm_info(ns, &shm_info);
1461 if (put_compat_shm_info(&shm_info, uptr))
1468 err = shmctl_stat(ns, shmid, cmd, &sem64);
1471 if (copy_compat_shmid_to_user(uptr, &sem64, version))
1476 if (copy_compat_shmid_from_user(&sem64, uptr, version))
1480 return shmctl_down(ns, shmid, cmd, &sem64);
1483 return shmctl_do_lock(ns, shmid, cmd);
1490 COMPAT_SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, void __user *, uptr)
1492 return compat_ksys_shmctl(shmid, cmd, uptr, IPC_64);
1495 #ifdef CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION
1496 long compat_ksys_old_shmctl(int shmid, int cmd, void __user *uptr)
1498 int version = compat_ipc_parse_version(&cmd);
1500 return compat_ksys_shmctl(shmid, cmd, uptr, version);
1503 COMPAT_SYSCALL_DEFINE3(old_shmctl, int, shmid, int, cmd, void __user *, uptr)
1505 return compat_ksys_old_shmctl(shmid, cmd, uptr);
1511 * Fix shmaddr, allocate descriptor, map shm, add attach descriptor to lists.
1513 * NOTE! Despite the name, this is NOT a direct system call entrypoint. The
1514 * "raddr" thing points to kernel space, and there has to be a wrapper around
1517 long do_shmat(int shmid, char __user *shmaddr, int shmflg,
1518 ulong *raddr, unsigned long shmlba)
1520 struct shmid_kernel *shp;
1521 unsigned long addr = (unsigned long)shmaddr;
1523 struct file *file, *base;
1525 unsigned long flags = MAP_SHARED;
1528 struct ipc_namespace *ns;
1529 struct shm_file_data *sfd;
1531 unsigned long populate = 0;
1538 if (addr & (shmlba - 1)) {
1539 if (shmflg & SHM_RND) {
1540 addr &= ~(shmlba - 1); /* round down */
1543 * Ensure that the round-down is non-nil
1544 * when remapping. This can happen for
1545 * cases when addr < shmlba.
1547 if (!addr && (shmflg & SHM_REMAP))
1550 #ifndef __ARCH_FORCE_SHMLBA
1551 if (addr & ~PAGE_MASK)
1557 } else if ((shmflg & SHM_REMAP))
1560 if (shmflg & SHM_RDONLY) {
1565 prot = PROT_READ | PROT_WRITE;
1566 acc_mode = S_IRUGO | S_IWUGO;
1569 if (shmflg & SHM_EXEC) {
1571 acc_mode |= S_IXUGO;
1575 * We cannot rely on the fs check since SYSV IPC does have an
1576 * additional creator id...
1578 ns = current->nsproxy->ipc_ns;
1580 shp = shm_obtain_object_check(ns, shmid);
1587 if (ipcperms(ns, &shp->shm_perm, acc_mode))
1590 err = security_shm_shmat(&shp->shm_perm, shmaddr, shmflg);
1594 ipc_lock_object(&shp->shm_perm);
1596 /* check if shm_destroy() is tearing down shp */
1597 if (!ipc_valid_object(&shp->shm_perm)) {
1598 ipc_unlock_object(&shp->shm_perm);
1604 * We need to take a reference to the real shm file to prevent the
1605 * pointer from becoming stale in cases where the lifetime of the outer
1606 * file extends beyond that of the shm segment. It's not usually
1607 * possible, but it can happen during remap_file_pages() emulation as
1608 * that unmaps the memory, then does ->mmap() via file reference only.
1609 * We'll deny the ->mmap() if the shm segment was since removed, but to
1610 * detect shm ID reuse we need to compare the file pointers.
1612 base = get_file(shp->shm_file);
1614 size = i_size_read(file_inode(base));
1615 ipc_unlock_object(&shp->shm_perm);
1619 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
1625 file = alloc_file_clone(base, f_flags,
1626 is_file_hugepages(base) ?
1627 &shm_file_operations_huge :
1628 &shm_file_operations);
1629 err = PTR_ERR(file);
1636 sfd->id = shp->shm_perm.id;
1637 sfd->ns = get_ipc_ns(ns);
1640 file->private_data = sfd;
1642 err = security_mmap_file(file, prot, flags);
1646 if (mmap_write_lock_killable(current->mm)) {
1651 if (addr && !(shmflg & SHM_REMAP)) {
1653 if (addr + size < addr)
1656 if (find_vma_intersection(current->mm, addr, addr + size))
1660 addr = do_mmap(file, addr, size, prot, flags, 0, 0, &populate, NULL);
1663 if (IS_ERR_VALUE(addr))
1666 mmap_write_unlock(current->mm);
1668 mm_populate(addr, populate);
1674 down_write(&shm_ids(ns).rwsem);
1675 shp = shm_lock(ns, shmid);
1678 if (shm_may_destroy(shp))
1679 shm_destroy(ns, shp);
1682 up_write(&shm_ids(ns).rwsem);
1691 SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg)
1696 err = do_shmat(shmid, shmaddr, shmflg, &ret, SHMLBA);
1699 force_successful_syscall_return();
1703 #ifdef CONFIG_COMPAT
1705 #ifndef COMPAT_SHMLBA
1706 #define COMPAT_SHMLBA SHMLBA
1709 COMPAT_SYSCALL_DEFINE3(shmat, int, shmid, compat_uptr_t, shmaddr, int, shmflg)
1714 err = do_shmat(shmid, compat_ptr(shmaddr), shmflg, &ret, COMPAT_SHMLBA);
1717 force_successful_syscall_return();
1723 * detach and kill segment if marked destroyed.
1724 * The work is done in shm_close.
1726 long ksys_shmdt(char __user *shmaddr)
1728 struct mm_struct *mm = current->mm;
1729 struct vm_area_struct *vma;
1730 unsigned long addr = (unsigned long)shmaddr;
1731 int retval = -EINVAL;
1735 VMA_ITERATOR(vmi, mm, addr);
1738 if (addr & ~PAGE_MASK)
1741 if (mmap_write_lock_killable(mm))
1745 * This function tries to be smart and unmap shm segments that
1746 * were modified by partial mlock or munmap calls:
1747 * - It first determines the size of the shm segment that should be
1748 * unmapped: It searches for a vma that is backed by shm and that
1749 * started at address shmaddr. It records it's size and then unmaps
1751 * - Then it unmaps all shm vmas that started at shmaddr and that
1752 * are within the initially determined size and that are from the
1753 * same shm segment from which we determined the size.
1754 * Errors from do_munmap are ignored: the function only fails if
1755 * it's called with invalid parameters or if it's called to unmap
1756 * a part of a vma. Both calls in this function are for full vmas,
1757 * the parameters are directly copied from the vma itself and always
1758 * valid - therefore do_munmap cannot fail. (famous last words?)
1761 * If it had been mremap()'d, the starting address would not
1762 * match the usual checks anyway. So assume all vma's are
1763 * above the starting address given.
1767 for_each_vma(vmi, vma) {
1769 * Check if the starting address would match, i.e. it's
1770 * a fragment created by mprotect() and/or munmap(), or it
1771 * otherwise it starts at this address with no hassles.
1773 if ((vma->vm_ops == &shm_vm_ops) &&
1774 (vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) {
1777 * Record the file of the shm segment being
1778 * unmapped. With mremap(), someone could place
1779 * page from another segment but with equal offsets
1780 * in the range we are unmapping.
1782 file = vma->vm_file;
1783 size = i_size_read(file_inode(vma->vm_file));
1784 do_vma_munmap(&vmi, vma, vma->vm_start, vma->vm_end,
1787 * We discovered the size of the shm segment, so
1788 * break out of here and fall through to the next
1789 * loop that uses the size information to stop
1790 * searching for matching vma's.
1793 vma = vma_next(&vmi);
1799 * We need look no further than the maximum address a fragment
1800 * could possibly have landed at. Also cast things to loff_t to
1801 * prevent overflows and make comparisons vs. equal-width types.
1803 size = PAGE_ALIGN(size);
1804 while (vma && (loff_t)(vma->vm_end - addr) <= size) {
1805 /* finding a matching vma now does not alter retval */
1806 if ((vma->vm_ops == &shm_vm_ops) &&
1807 ((vma->vm_start - addr)/PAGE_SIZE == vma->vm_pgoff) &&
1808 (vma->vm_file == file)) {
1809 do_vma_munmap(&vmi, vma, vma->vm_start, vma->vm_end,
1813 vma = vma_next(&vmi);
1816 #else /* CONFIG_MMU */
1817 vma = vma_lookup(mm, addr);
1818 /* under NOMMU conditions, the exact address to be destroyed must be
1821 if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) {
1822 do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start, NULL);
1828 mmap_write_unlock(mm);
1832 SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
1834 return ksys_shmdt(shmaddr);
1837 #ifdef CONFIG_PROC_FS
1838 static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
1840 struct pid_namespace *pid_ns = ipc_seq_pid_ns(s);
1841 struct user_namespace *user_ns = seq_user_ns(s);
1842 struct kern_ipc_perm *ipcp = it;
1843 struct shmid_kernel *shp;
1844 unsigned long rss = 0, swp = 0;
1846 shp = container_of(ipcp, struct shmid_kernel, shm_perm);
1847 shm_add_rss_swap(shp, &rss, &swp);
1849 #if BITS_PER_LONG <= 32
1850 #define SIZE_SPEC "%10lu"
1852 #define SIZE_SPEC "%21lu"
1856 "%10d %10d %4o " SIZE_SPEC " %5u %5u "
1857 "%5lu %5u %5u %5u %5u %10llu %10llu %10llu "
1858 SIZE_SPEC " " SIZE_SPEC "\n",
1863 pid_nr_ns(shp->shm_cprid, pid_ns),
1864 pid_nr_ns(shp->shm_lprid, pid_ns),
1866 from_kuid_munged(user_ns, shp->shm_perm.uid),
1867 from_kgid_munged(user_ns, shp->shm_perm.gid),
1868 from_kuid_munged(user_ns, shp->shm_perm.cuid),
1869 from_kgid_munged(user_ns, shp->shm_perm.cgid),
projects / linux-modified.git / blob