From f214ff1b57fb1504c67a1bfaebd61df9624ceab0 Mon Sep 17 00:00:00 2001 From: Yoichi Umezawa Date: Mon, 8 Feb 2016 16:00:52 +0900 Subject: [PATCH] mcctrl: add MCEXEC_UP_SYS_MOUNT, MCEXEC_UP_SYS_UNSHARE --- configure | 303 +++++++++++++++++++++++++---- configure.ac | 65 +++++++ executer/include/uprotocol.h | 15 ++ executer/kernel/mcctrl/config.h.in | 25 +++ executer/kernel/mcctrl/control.c | 90 +++++++++ executer/kernel/mcctrl/driver.c | 2 + 6 files changed, 460 insertions(+), 40 deletions(-) create mode 100644 executer/kernel/mcctrl/config.h.in diff --git a/configure b/configure index d340febf..5c932b69 100755 --- a/configure +++ b/configure @@ -649,6 +649,7 @@ ac_user_opts=' enable_option_checking with_kernelsrc with_target +with_system_map enable_dcfa ' ac_precious_vars='build_alias @@ -1277,6 +1278,8 @@ Optional Packages: /lib/modules/uname_r/build --with-target={attached-mic | builtin-mic | builtin-x86 | smp-x86} target, default is attached-mic + --with-system_map=path Path to 'System.map file', default is + /boot/System.map-uname_r Some influential environment variables: CC C compiler command @@ -1784,6 +1787,15 @@ else fi + +# Check whether --with-system_map was given. +if test "${with_system_map+set}" = set; then : + withval=$with_system_map; WITH_SYSTEM_MAP=$withval +else + WITH_SYSTEM_MAP=yes +fi + + # Check whether --enable-dcfa was given. if test "${enable_dcfa+set}" = set; then : enableval=$enable_dcfa; @@ -3798,6 +3810,96 @@ esac KDIR="$WITH_KERNELSRC" TARGET="$WITH_TARGET" +MCCTRL_LINUX_SYMTAB="" +case "X$WITH_SYSTEM_MAP" in + Xyes | Xno | X) + MCCTRL_LINUX_SYMTAB="" + ;; + *) + MCCTRL_LINUX_SYMTAB="$WITH_SYSTEM_MAP" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for System.map" >&5 +$as_echo_n "checking for System.map... " >&6; } +if test -f "$MCCTRL_LINUX_SYMTAB"; then + MCCTRL_LINUX_SYMTAB="$MCCTRL_LINUX_SYMTAB" +elif test -f "/boot/System.map-`uname -r`"; then + MCCTRL_LINUX_SYMTAB="/boot/System.map-`uname -r`" +elif test -f "$KDIR/System.map"; then + MCCTRL_LINUX_SYMTAB="$KDIR/System.map" +fi + +if test "$MCCTRL_LINUX_SYMTAB" == ""; then + as_fn_error $? "could not find" "$LINENO" 5 +fi + +if test -z "`eval cat $MCCTRL_LINUX_SYMTAB`"; then + as_fn_error $? "could not read System.map file, no read permission?" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MCCTRL_LINUX_SYMTAB" >&5 +$as_echo "$MCCTRL_LINUX_SYMTAB" >&6; } + +MCCTRL_LINUX_SYMTAB_CMD="cat $MCCTRL_LINUX_SYMTAB" + +# MCCTRL_FIND_KSYM(SYMBOL) +# ------------------------------------------------------ +# Search System.map for address of the given symbol and +# do one of three things in config.h: +# If not found, leave MCCTRL_KSYM_foo undefined +# If found to be exported, "#define MCCTRL_KSYM_foo 0" +# If found not to be exported, "#define MCCTRL_KSYM_foo 0x" + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking System.map for symbol sys_mount" >&5 +$as_echo_n "checking System.map for symbol sys_mount... " >&6; } + mcctrl_addr=`eval $MCCTRL_LINUX_SYMTAB_CMD | grep " sys_mount\$" | cut -d\ -f1` + if test -z $mcctrl_addr; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + else + mcctrl_result=$mcctrl_addr + mcctrl_addr="0x$mcctrl_addr" + + if `eval $MCCTRL_LINUX_SYMTAB_CMD | grep " __ksymtab_sys_mount\$" >/dev/null`; then + mcctrl_result="exported" + mcctrl_addr="0" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mcctrl_result" >&5 +$as_echo "$mcctrl_result" >&6; } + +cat >>confdefs.h <<_ACEOF +#define MCCTRL_KSYM_sys_mount $mcctrl_addr +_ACEOF + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking System.map for symbol sys_unshare" >&5 +$as_echo_n "checking System.map for symbol sys_unshare... " >&6; } + mcctrl_addr=`eval $MCCTRL_LINUX_SYMTAB_CMD | grep " sys_unshare\$" | cut -d\ -f1` + if test -z $mcctrl_addr; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + else + mcctrl_result=$mcctrl_addr + mcctrl_addr="0x$mcctrl_addr" + + if `eval $MCCTRL_LINUX_SYMTAB_CMD | grep " __ksymtab_sys_unshare\$" >/dev/null`; then + mcctrl_result="exported" + mcctrl_addr="0" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mcctrl_result" >&5 +$as_echo "$mcctrl_result" >&6; } + +cat >>confdefs.h <<_ACEOF +#define MCCTRL_KSYM_sys_unshare $mcctrl_addr +_ACEOF + + fi @@ -3816,6 +3918,10 @@ TARGET="$WITH_TARGET" + + +ac_config_headers="$ac_config_headers executer/kernel/mcctrl/config.h" + ac_config_files="$ac_config_files Makefile executer/user/Makefile executer/kernel/mcctrl/Makefile executer/kernel/mcoverlayfs/Makefile kernel/Makefile kernel/Makefile.build arch/x86/tools/mcreboot-attached-mic.sh arch/x86/tools/mcshutdown-attached-mic.sh arch/x86/tools/mcreboot-builtin-x86.sh arch/x86/tools/mcreboot-smp-x86.sh arch/x86/tools/mcstop+release-smp-x86.sh arch/x86/tools/mcshutdown-builtin-x86.sh arch/x86/tools/mcreboot.1:arch/x86/tools/mcreboot.1in" @@ -3915,43 +4021,7 @@ test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -# -# If the first sed substitution is executed (which looks for macros that -# take arguments), then branch to the quote section. Otherwise, -# look for a macro that doesn't take arguments. -ac_script=' -:mline -/\\$/{ - N - s,\\\n,, - b mline -} -t clear -:clear -s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g -t quote -s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g -t quote -b any -:quote -s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g -s/\[/\\&/g -s/\]/\\&/g -s/\$/$$/g -H -:any -${ - g - s/^\n// - s/\n/ /g - p -} -' -DEFS=`sed -n "$ac_script" confdefs.h` - +DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= @@ -4385,11 +4455,15 @@ case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" +config_headers="$ac_config_headers" _ACEOF @@ -4410,10 +4484,15 @@ Usage: $0 [OPTION]... [TAG]... --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE Configuration files: $config_files +Configuration headers: +$config_headers + Report bugs to the package provider." _ACEOF @@ -4474,7 +4553,18 @@ do esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; - --he | --h | --help | --hel | -h ) + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) @@ -4530,6 +4620,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 for ac_config_target in $ac_config_targets do case $ac_config_target in + "executer/kernel/mcctrl/config.h") CONFIG_HEADERS="$CONFIG_HEADERS executer/kernel/mcctrl/config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "executer/user/Makefile") CONFIG_FILES="$CONFIG_FILES executer/user/Makefile" ;; "executer/kernel/mcctrl/Makefile") CONFIG_FILES="$CONFIG_FILES executer/kernel/mcctrl/Makefile" ;; @@ -4556,6 +4647,7 @@ done # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers fi # Have a temporary directory for convenience. Make it in the build tree @@ -4743,8 +4835,116 @@ fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF -eval set X " :F $CONFIG_FILES " +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " shift for ac_tag do @@ -4952,7 +5152,30 @@ which seems to be undefined. Please make sure it is defined" >&2;} esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi + ;; esac diff --git a/configure.ac b/configure.ac index 1eb76487..f5cce81e 100644 --- a/configure.ac +++ b/configure.ac @@ -27,6 +27,11 @@ AC_ARG_WITH([target], [--with-target={attached-mic | builtin-mic | builtin-x86 | smp-x86}],[target, default is attached-mic]), [WITH_TARGET=$withval],[WITH_TARGET=yes]) +AC_ARG_WITH([system_map], + AS_HELP_STRING( + [--with-system_map=path],[Path to 'System.map file', default is /boot/System.map-uname_r]), + [WITH_SYSTEM_MAP=$withval],[WITH_SYSTEM_MAP=yes]) + AC_ARG_ENABLE([dcfa], [AS_HELP_STRING( [--enable-dcfa],[Enable DCFA modules])],[],[enable_dcfa=no]) @@ -139,6 +144,65 @@ esac KDIR="$WITH_KERNELSRC" TARGET="$WITH_TARGET" +MCCTRL_LINUX_SYMTAB="" +case "X$WITH_SYSTEM_MAP" in + Xyes | Xno | X) + MCCTRL_LINUX_SYMTAB="" + ;; + *) + MCCTRL_LINUX_SYMTAB="$WITH_SYSTEM_MAP" + ;; +esac + +AC_MSG_CHECKING([[for System.map]]) +if test -f "$MCCTRL_LINUX_SYMTAB"; then + MCCTRL_LINUX_SYMTAB="$MCCTRL_LINUX_SYMTAB" +elif test -f "/boot/System.map-`uname -r`"; then + MCCTRL_LINUX_SYMTAB="/boot/System.map-`uname -r`" +elif test -f "$KDIR/System.map"; then + MCCTRL_LINUX_SYMTAB="$KDIR/System.map" +fi + +if test "$MCCTRL_LINUX_SYMTAB" == ""; then + AC_MSG_ERROR([could not find]) +fi + +if test -z "`eval cat $MCCTRL_LINUX_SYMTAB`"; then + AC_MSG_ERROR([could not read System.map file, no read permission?]) +fi +AC_MSG_RESULT([$MCCTRL_LINUX_SYMTAB]) + +MCCTRL_LINUX_SYMTAB_CMD="cat $MCCTRL_LINUX_SYMTAB" + +# MCCTRL_FIND_KSYM(SYMBOL) +# ------------------------------------------------------ +# Search System.map for address of the given symbol and +# do one of three things in config.h: +# If not found, leave MCCTRL_KSYM_foo undefined +# If found to be exported, "#define MCCTRL_KSYM_foo 0" +# If found not to be exported, "#define MCCTRL_KSYM_foo 0x" +AC_DEFUN([MCCTRL_FIND_KSYM],[ + AC_MSG_CHECKING([[System.map for symbol $1]]) + mcctrl_addr=`eval $MCCTRL_LINUX_SYMTAB_CMD | grep " $1\$" | cut -d\ -f1` + if test -z $mcctrl_addr; then + AC_MSG_RESULT([not found]) + else + mcctrl_result=$mcctrl_addr + mcctrl_addr="0x$mcctrl_addr" + m4_ifval([$2],[],[ + if `eval $MCCTRL_LINUX_SYMTAB_CMD | grep " __ksymtab_$1\$" >/dev/null`; then + mcctrl_result="exported" + mcctrl_addr="0" + fi + ]) + AC_MSG_RESULT([$mcctrl_result]) + AC_DEFINE_UNQUOTED(MCCTRL_KSYM_[]$1,$mcctrl_addr,[Define to address of kernel symbol $1, or 0 if exported]) + fi +]) + +MCCTRL_FIND_KSYM([sys_mount]) +MCCTRL_FIND_KSYM([sys_unshare]) + AC_SUBST(CC) AC_SUBST(XCC) AC_SUBST(ARCH) @@ -157,6 +221,7 @@ AC_SUBST(IHK_RELEASE_DATE) AC_SUBST(MCKERNEL_RELEASE_DATE) AC_SUBST(DCFA_RESEASE_DATE) +AC_CONFIG_HEADERS([executer/kernel/mcctrl/config.h]) AC_CONFIG_FILES([ Makefile executer/user/Makefile diff --git a/executer/include/uprotocol.h b/executer/include/uprotocol.h index 57cda78d..6247cc7b 100644 --- a/executer/include/uprotocol.h +++ b/executer/include/uprotocol.h @@ -48,6 +48,9 @@ #define MCEXEC_UP_OPEN_EXEC 0x30a02912 #define MCEXEC_UP_CLOSE_EXEC 0x30a02913 +#define MCEXEC_UP_SYS_MOUNT 0x30a02914 +#define MCEXEC_UP_SYS_UNSHARE 0x30a02915 + #define MCEXEC_UP_DEBUG_LOG 0x40000000 #define MCEXEC_UP_TRANSFER_TO_REMOTE 0 @@ -167,4 +170,16 @@ struct newprocess_desc { int pid; }; +struct sys_mount_desc { + char *dev_name; + char *dir_name; + char *type; + unsigned long flags; + void *data; +}; + +struct sys_unshare_desc { + unsigned long unshare_flags; +}; + #endif diff --git a/executer/kernel/mcctrl/config.h.in b/executer/kernel/mcctrl/config.h.in new file mode 100644 index 00000000..2cd067e0 --- /dev/null +++ b/executer/kernel/mcctrl/config.h.in @@ -0,0 +1,25 @@ +/* executer/kernel/mcctrl/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to address of kernel symbol sys_mount, or 0 if exported */ +#undef MCCTRL_KSYM_sys_mount + +/* Define to address of kernel symbol sys_unshare, or 0 if exported */ +#undef MCCTRL_KSYM_sys_unshare + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION diff --git a/executer/kernel/mcctrl/control.c b/executer/kernel/mcctrl/control.c index f2a88b9b..434f16fb 100644 --- a/executer/kernel/mcctrl/control.c +++ b/executer/kernel/mcctrl/control.c @@ -36,6 +36,7 @@ #include #include #include +#include "config.h" #include "mcctrl.h" //#define DEBUG @@ -46,6 +47,28 @@ #define dprintk(...) #endif +#ifdef MCCTRL_KSYM_sys_unshare +#if MCCTRL_KSYM_sys_unshare +typedef int (*int_star_fn_ulong_t)(unsigned long); +int (*mcctrl_sys_unshare)(unsigned long unshare_flags) = + (int_star_fn_ulong_t) + MCCTRL_KSYM_sys_unshare; +#else // exported +int (*mcctrl_sys_unshare)(unsigned long unshare_flags) = NULL; +#endif +#endif + +#ifdef MCCTRL_KSYM_sys_mount +#if MCCTRL_KSYM_sys_mount +typedef int (*int_star_fn_char_char_char_ulong_void_t)(char *, char *, char *, unsigned long, void *); +int (*mcctrl_sys_mount)(char *dev_name,char *dir_name, char *type, unsigned long flags, void *data) = + (int_star_fn_char_char_char_ulong_void_t) + MCCTRL_KSYM_sys_mount; +#else // exported +int (*mcctrl_sys_mount)(char *dev_name,char *dir_name, char *type, unsigned long flags, void *data) = NULL; +#endif +#endif + //static DECLARE_WAIT_QUEUE_HEAD(wq_prepare); //extern struct mcctrl_channel *channels; int mcctrl_ikc_set_recv_cpu(ihk_os_t os, int cpu); @@ -1011,6 +1034,67 @@ long mcexec_strncpy_from_user(ihk_os_t os, struct strncpy_from_user_desc * __use return 0; } +long mcexec_sys_mount(struct sys_mount_desc *__user arg) +{ + struct sys_mount_desc desc; + struct cred *promoted; + const struct cred *original; + int ret; + + if (copy_from_user(&desc, arg, sizeof(desc))) { + return -EFAULT; + } + + promoted = prepare_creds(); + if (!promoted) { + return -ENOMEM; + } + cap_raise(promoted->cap_effective, CAP_SYS_ADMIN); + original = override_creds(promoted); + +#if MCCTRL_KSYM_sys_mount + ret = mcctrl_sys_mount(desc.dev_name, desc.dir_name, desc.type, + desc.flags, desc.data); +#else + ret = -EFAULT; +#endif + + revert_creds(original); + put_cred(promoted); + + return ret; +} + +long mcexec_sys_unshare(struct sys_unshare_desc *__user arg) +{ + struct sys_unshare_desc desc; + struct cred *promoted; + const struct cred *original; + int ret; + + if (copy_from_user(&desc, arg, sizeof(desc))) { + return -EFAULT; + } + + promoted = prepare_creds(); + if (!promoted) { + return -ENOMEM; + } + cap_raise(promoted->cap_effective, CAP_SYS_ADMIN); + original = override_creds(promoted); + +#if MCCTRL_KSYM_sys_unshare + ret = mcctrl_sys_unshare(desc.unshare_flags); +#else + ret = -EFAULT; +#endif + + revert_creds(original); + put_cred(promoted); + + return ret; +} + long __mcctrl_control(ihk_os_t os, unsigned int req, unsigned long arg, struct file *file) { @@ -1065,6 +1149,12 @@ long __mcctrl_control(ihk_os_t os, unsigned int req, unsigned long arg, case MCEXEC_UP_GET_CREDV: return mcexec_getcredv((int *)arg); + case MCEXEC_UP_SYS_MOUNT: + return mcexec_sys_mount((struct sys_mount_desc *)arg); + + case MCEXEC_UP_SYS_UNSHARE: + return mcexec_sys_unshare((struct sys_unshare_desc *)arg); + case MCEXEC_UP_DEBUG_LOG: return mcexec_debug_log(os, arg); } diff --git a/executer/kernel/mcctrl/driver.c b/executer/kernel/mcctrl/driver.c index de8c84b2..60a545bb 100644 --- a/executer/kernel/mcctrl/driver.c +++ b/executer/kernel/mcctrl/driver.c @@ -68,6 +68,8 @@ static struct ihk_os_user_call_handler mcctrl_uchs[] = { { .request = MCEXEC_UP_CLOSE_EXEC, .func = mcctrl_ioctl }, { .request = MCEXEC_UP_GET_CRED, .func = mcctrl_ioctl }, { .request = MCEXEC_UP_GET_CREDV, .func = mcctrl_ioctl }, + { .request = MCEXEC_UP_SYS_MOUNT, .func = mcctrl_ioctl }, + { .request = MCEXEC_UP_SYS_UNSHARE, .func = mcctrl_ioctl }, { .request = MCEXEC_UP_DEBUG_LOG, .func = mcctrl_ioctl }, };