Merge pull request #6108 from sudo-sturbia:msgqueue/syscalls

PiperOrigin-RevId: 386323389

3 files changed, 118 insertions, 169 deletions

diff --git a/pkg/sentry/kernel/semaphore/BUILD b/pkg/sentry/kernel/semaphore/BUILD
index a787c00a8..2ae08ed12 100644
--- a/pkg/sentry/kernel/semaphore/BUILD
+++ b/pkg/sentry/kernel/semaphore/BUILD
@@ -26,9 +26,9 @@ go_library(
         "//pkg/abi/linux",
         "//pkg/context",
         "//pkg/errors/linuxerr",
-        "//pkg/log",
         "//pkg/sentry/fs",
         "//pkg/sentry/kernel/auth",
+        "//pkg/sentry/kernel/ipc",
         "//pkg/sentry/kernel/time",
         "//pkg/sync",
         "//pkg/syserror",
@@ -41,10 +41,11 @@ go_test(
     srcs = ["semaphore_test.go"],
     library = ":semaphore",
     deps = [
-        "//pkg/abi/linux",
-        "//pkg/context",
-        "//pkg/sentry/contexttest",
-        "//pkg/sentry/kernel/auth",
-        "//pkg/syserror",
+        "//pkg/abi/linux",  # keep
+        "//pkg/context",  # keep
+        "//pkg/sentry/contexttest",  # keep
+        "//pkg/sentry/kernel/auth",  # keep
+        "//pkg/sentry/kernel/ipc",  # keep
+        "//pkg/syserror",  # keep
     ],
 )
diff --git a/pkg/sentry/kernel/semaphore/semaphore.go b/pkg/sentry/kernel/semaphore/semaphore.go
index 485c3a788..b7879d284 100644
--- a/pkg/sentry/kernel/semaphore/semaphore.go
+++ b/pkg/sentry/kernel/semaphore/semaphore.go
@@ -21,9 +21,9 @@ import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/errors/linuxerr"
-	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/ipc"
 	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/syserror"
@@ -47,15 +47,15 @@ const (
 //
 // +stateify savable
 type Registry struct {
-	// userNS owning the ipc name this registry belongs to. Immutable.
-	userNS *auth.UserNamespace
 	// mu protects all fields below.
-	mu         sync.Mutex `state:"nosave"`
-	semaphores map[int32]*Set
-	lastIDUsed int32
+	mu sync.Mutex `state:"nosave"`
+
+	// reg defines basic fields and operations needed for all SysV registries.
+	reg *ipc.Registry
+
 	// indexes maintains a mapping between a set's index in virtual array and
 	// its identifier.
-	indexes map[int32]int32
+	indexes map[int32]ipc.ID
 }
 
 // Set represents a set of semaphores that can be operated atomically.
@@ -65,19 +65,11 @@ type Set struct {
 	// registry owning this sem set. Immutable.
 	registry *Registry
 
-	// Id is a handle that identifies the set.
-	ID int32
-
-	// key is an user provided key that can be shared between processes.
-	key int32
+	// mu protects all fields below.
+	mu sync.Mutex `state:"nosave"`
 
-	// creator is the user that created the set. Immutable.
-	creator fs.FileOwner
+	obj *ipc.Object
 
-	// mu protects all fields below.
-	mu         sync.Mutex `state:"nosave"`
-	owner      fs.FileOwner
-	perms      fs.FilePermissions
 	opTime     ktime.Time
 	changeTime ktime.Time
 
@@ -115,9 +107,8 @@ type waiter struct {
 // NewRegistry creates a new semaphore set registry.
 func NewRegistry(userNS *auth.UserNamespace) *Registry {
 	return &Registry{
-		userNS:     userNS,
-		semaphores: make(map[int32]*Set),
-		indexes:    make(map[int32]int32),
+		reg:     ipc.NewRegistry(userNS),
+		indexes: make(map[int32]ipc.ID),
 	}
 }
 
@@ -126,7 +117,7 @@ func NewRegistry(userNS *auth.UserNamespace) *Registry {
 // a new set is always created. If create is false, it fails if a set cannot
 // be found. If exclusive is true, it fails if a set with the same key already
 // exists.
-func (r *Registry) FindOrCreate(ctx context.Context, key, nsems int32, mode linux.FileMode, private, create, exclusive bool) (*Set, error) {
+func (r *Registry) FindOrCreate(ctx context.Context, key ipc.Key, nsems int32, mode linux.FileMode, private, create, exclusive bool) (*Set, error) {
 	if nsems < 0 || nsems > semsMax {
 		return nil, linuxerr.EINVAL
 	}
@@ -135,31 +126,19 @@ func (r *Registry) FindOrCreate(ctx context.Context, key, nsems int32, mode linu
 	defer r.mu.Unlock()
 
 	if !private {
-		// Look up an existing semaphore.
-		if set := r.findByKey(key); set != nil {
-			set.mu.Lock()
-			defer set.mu.Unlock()
-
-			// Check that caller can access semaphore set.
-			creds := auth.CredentialsFromContext(ctx)
-			if !set.checkPerms(creds, fs.PermsFromMode(mode)) {
-				return nil, linuxerr.EACCES
-			}
+		set, err := r.reg.Find(ctx, key, mode, create, exclusive)
+		if err != nil {
+			return nil, err
+		}
 
-			// Validate parameters.
+		// Validate semaphore-specific parameters.
+		if set != nil {
+			set := set.(*Set)
 			if nsems > int32(set.Size()) {
 				return nil, linuxerr.EINVAL
 			}
-			if create && exclusive {
-				return nil, linuxerr.EEXIST
-			}
 			return set, nil
 		}
-
-		if !create {
-			// Semaphore not found and should not be created.
-			return nil, syserror.ENOENT
-		}
 	}
 
 	// Zero is only valid if an existing set is found.
@@ -169,9 +148,9 @@ func (r *Registry) FindOrCreate(ctx context.Context, key, nsems int32, mode linu
 
 	// Apply system limits.
 	//
-	// Map semaphores and map indexes in a registry are of the same size,
-	// check map semaphores only here for the system limit.
-	if len(r.semaphores) >= setsMax {
+	// Map reg.objects and map indexes in a registry are of the same size,
+	// check map reg.objects only here for the system limit.
+	if r.reg.ObjectCount() >= setsMax {
 		return nil, syserror.ENOSPC
 	}
 	if r.totalSems() > int(semsTotalMax-nsems) {
@@ -179,9 +158,7 @@ func (r *Registry) FindOrCreate(ctx context.Context, key, nsems int32, mode linu
 	}
 
 	// Finally create a new set.
-	owner := fs.FileOwnerFromContext(ctx)
-	perms := fs.FilePermsFromMode(mode)
-	return r.newSet(ctx, key, owner, owner, perms, nsems)
+	return r.newSetLocked(ctx, key, fs.FileOwnerFromContext(ctx), fs.FilePermsFromMode(mode), nsems)
 }
 
 // IPCInfo returns information about system-wide semaphore limits and parameters.
@@ -208,7 +185,7 @@ func (r *Registry) SemInfo() *linux.SemInfo {
 	defer r.mu.Unlock()
 
 	info := r.IPCInfo()
-	info.SemUsz = uint32(len(r.semaphores))
+	info.SemUsz = uint32(r.reg.ObjectCount())
 	info.SemAem = uint32(r.totalSems())
 
 	return info
@@ -231,77 +208,59 @@ func (r *Registry) HighestIndex() int32 {
 	return highestIndex
 }
 
-// RemoveID removes set with give 'id' from the registry and marks the set as
+// Remove removes set with give 'id' from the registry and marks the set as
 // dead. All waiters will be awakened and fail.
-func (r *Registry) RemoveID(id int32, creds *auth.Credentials) error {
+func (r *Registry) Remove(id ipc.ID, creds *auth.Credentials) error {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 
-	set := r.semaphores[id]
-	if set == nil {
-		return linuxerr.EINVAL
-	}
+	r.reg.Remove(id, creds)
+
 	index, found := r.findIndexByID(id)
 	if !found {
 		// Inconsistent state.
 		panic(fmt.Sprintf("unable to find an index for ID: %d", id))
 	}
-
-	set.mu.Lock()
-	defer set.mu.Unlock()
-
-	// "The effective user ID of the calling process must match the creator or
-	// owner of the semaphore set, or the caller must be privileged."
-	if !set.checkCredentials(creds) && !set.checkCapability(creds) {
-		return linuxerr.EACCES
-	}
-
-	delete(r.semaphores, set.ID)
 	delete(r.indexes, index)
-	set.destroy()
+
 	return nil
 }
 
-func (r *Registry) newSet(ctx context.Context, key int32, owner, creator fs.FileOwner, perms fs.FilePermissions, nsems int32) (*Set, error) {
+// newSetLocked creates a new Set using given fields. An error is returned if there
+// are no more available identifiers.
+//
+// Precondition: r.mu must be held.
+func (r *Registry) newSetLocked(ctx context.Context, key ipc.Key, creator fs.FileOwner, perms fs.FilePermissions, nsems int32) (*Set, error) {
 	set := &Set{
 		registry:   r,
-		key:        key,
-		owner:      owner,
-		creator:    owner,
-		perms:      perms,
+		obj:        ipc.NewObject(r.reg.UserNS, ipc.Key(key), creator, creator, perms),
 		changeTime: ktime.NowFromContext(ctx),
 		sems:       make([]sem, nsems),
 	}
 
-	// Find the next available ID.
-	for id := r.lastIDUsed + 1; id != r.lastIDUsed; id++ {
-		// Handle wrap around.
-		if id < 0 {
-			id = 0
-			continue
-		}
-		if r.semaphores[id] == nil {
-			index, found := r.findFirstAvailableIndex()
-			if !found {
-				panic("unable to find an available index")
-			}
-			r.indexes[index] = id
-			r.lastIDUsed = id
-			r.semaphores[id] = set
-			set.ID = id
-			return set, nil
-		}
+	err := r.reg.Register(set)
+	if err != nil {
+		return nil, err
 	}
 
-	log.Warningf("Semaphore map is full, they must be leaking")
-	return nil, syserror.ENOMEM
+	index, found := r.findFirstAvailableIndex()
+	if !found {
+		panic("unable to find an available index")
+	}
+	r.indexes[index] = set.obj.ID
+
+	return set, nil
 }
 
 // FindByID looks up a set given an ID.
-func (r *Registry) FindByID(id int32) *Set {
+func (r *Registry) FindByID(id ipc.ID) *Set {
 	r.mu.Lock()
 	defer r.mu.Unlock()
-	return r.semaphores[id]
+	mech := r.reg.FindByID(id)
+	if mech == nil {
+		return nil
+	}
+	return mech.(*Set)
 }
 
 // FindByIndex looks up a set given an index.
@@ -313,19 +272,10 @@ func (r *Registry) FindByIndex(index int32) *Set {
 	if !present {
 		return nil
 	}
-	return r.semaphores[id]
+	return r.reg.FindByID(id).(*Set)
 }
 
-func (r *Registry) findByKey(key int32) *Set {
-	for _, v := range r.semaphores {
-		if v.key == key {
-			return v
-		}
-	}
-	return nil
-}
-
-func (r *Registry) findIndexByID(id int32) (int32, bool) {
+func (r *Registry) findIndexByID(id ipc.ID) (int32, bool) {
 	for k, v := range r.indexes {
 		if v == id {
 			return k, true
@@ -345,12 +295,36 @@ func (r *Registry) findFirstAvailableIndex() (int32, bool) {
 
 func (r *Registry) totalSems() int {
 	totalSems := 0
-	for _, v := range r.semaphores {
-		totalSems += v.Size()
-	}
+	r.reg.ForAllObjects(
+		func(o ipc.Mechanism) {
+			totalSems += o.(*Set).Size()
+		},
+	)
 	return totalSems
 }
 
+// ID returns semaphore's ID.
+func (s *Set) ID() ipc.ID {
+	return s.obj.ID
+}
+
+// Object implements ipc.Mechanism.Object.
+func (s *Set) Object() *ipc.Object {
+	return s.obj
+}
+
+// Lock implements ipc.Mechanism.Lock.
+func (s *Set) Lock() {
+	s.mu.Lock()
+}
+
+// Unlock implements ipc.mechanism.Unlock.
+//
+// +checklocksignore
+func (s *Set) Unlock() {
+	s.mu.Unlock()
+}
+
 func (s *Set) findSem(num int32) *sem {
 	if num < 0 || int(num) >= s.Size() {
 		return nil
@@ -370,12 +344,12 @@ func (s *Set) Change(ctx context.Context, creds *auth.Credentials, owner fs.File
 
 	// "The effective UID of the calling process must match the owner or creator
 	// of the semaphore set, or the caller must be privileged."
-	if !s.checkCredentials(creds) && !s.checkCapability(creds) {
+	if !s.obj.CheckOwnership(creds) {
 		return linuxerr.EACCES
 	}
 
-	s.owner = owner
-	s.perms = perms
+	s.obj.Owner = owner
+	s.obj.Perms = perms
 	s.changeTime = ktime.NowFromContext(ctx)
 	return nil
 }
@@ -395,18 +369,18 @@ func (s *Set) semStat(creds *auth.Credentials, permMask fs.PermMask) (*linux.Sem
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	if !s.checkPerms(creds, permMask) {
+	if !s.obj.CheckPermissions(creds, permMask) {
 		return nil, linuxerr.EACCES
 	}
 
 	return &linux.SemidDS{
 		SemPerm: linux.IPCPerm{
-			Key:  uint32(s.key),
-			UID:  uint32(creds.UserNamespace.MapFromKUID(s.owner.UID)),
-			GID:  uint32(creds.UserNamespace.MapFromKGID(s.owner.GID)),
-			CUID: uint32(creds.UserNamespace.MapFromKUID(s.creator.UID)),
-			CGID: uint32(creds.UserNamespace.MapFromKGID(s.creator.GID)),
-			Mode: uint16(s.perms.LinuxMode()),
+			Key:  uint32(s.obj.Key),
+			UID:  uint32(creds.UserNamespace.MapFromKUID(s.obj.Owner.UID)),
+			GID:  uint32(creds.UserNamespace.MapFromKGID(s.obj.Owner.GID)),
+			CUID: uint32(creds.UserNamespace.MapFromKUID(s.obj.Creator.UID)),
+			CGID: uint32(creds.UserNamespace.MapFromKGID(s.obj.Creator.GID)),
+			Mode: uint16(s.obj.Perms.LinuxMode()),
 			Seq:  0, // IPC sequence not supported.
 		},
 		SemOTime: s.opTime.TimeT(),
@@ -425,7 +399,7 @@ func (s *Set) SetVal(ctx context.Context, num int32, val int16, creds *auth.Cred
 	defer s.mu.Unlock()
 
 	// "The calling process must have alter permission on the semaphore set."
-	if !s.checkPerms(creds, fs.PermMask{Write: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Write: true}) {
 		return linuxerr.EACCES
 	}
 
@@ -461,7 +435,7 @@ func (s *Set) SetValAll(ctx context.Context, vals []uint16, creds *auth.Credenti
 	defer s.mu.Unlock()
 
 	// "The calling process must have alter permission on the semaphore set."
-	if !s.checkPerms(creds, fs.PermMask{Write: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Write: true}) {
 		return linuxerr.EACCES
 	}
 
@@ -483,7 +457,7 @@ func (s *Set) GetVal(num int32, creds *auth.Credentials) (int16, error) {
 	defer s.mu.Unlock()
 
 	// "The calling process must have read permission on the semaphore set."
-	if !s.checkPerms(creds, fs.PermMask{Read: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Read: true}) {
 		return 0, linuxerr.EACCES
 	}
 
@@ -500,7 +474,7 @@ func (s *Set) GetValAll(creds *auth.Credentials) ([]uint16, error) {
 	defer s.mu.Unlock()
 
 	// "The calling process must have read permission on the semaphore set."
-	if !s.checkPerms(creds, fs.PermMask{Read: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Read: true}) {
 		return nil, linuxerr.EACCES
 	}
 
@@ -517,7 +491,7 @@ func (s *Set) GetPID(num int32, creds *auth.Credentials) (int32, error) {
 	defer s.mu.Unlock()
 
 	// "The calling process must have read permission on the semaphore set."
-	if !s.checkPerms(creds, fs.PermMask{Read: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Read: true}) {
 		return 0, linuxerr.EACCES
 	}
 
@@ -533,7 +507,7 @@ func (s *Set) countWaiters(num int32, creds *auth.Credentials, pred func(w *wait
 	defer s.mu.Unlock()
 
 	// The calling process must have read permission on the semaphore set.
-	if !s.checkPerms(creds, fs.PermMask{Read: true}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Read: true}) {
 		return 0, linuxerr.EACCES
 	}
 
@@ -589,7 +563,7 @@ func (s *Set) ExecuteOps(ctx context.Context, ops []linux.Sembuf, creds *auth.Cr
 		}
 	}
 
-	if !s.checkPerms(creds, fs.PermMask{Read: readOnly, Write: !readOnly}) {
+	if !s.obj.CheckPermissions(creds, fs.PermMask{Read: readOnly, Write: !readOnly}) {
 		return nil, 0, linuxerr.EACCES
 	}
 
@@ -675,38 +649,10 @@ func (s *Set) AbortWait(num int32, ch chan struct{}) {
 	// Waiter may not be found in case it raced with wakeWaiters().
 }
 
-func (s *Set) checkCredentials(creds *auth.Credentials) bool {
-	return s.owner.UID == creds.EffectiveKUID ||
-		s.owner.GID == creds.EffectiveKGID ||
-		s.creator.UID == creds.EffectiveKUID ||
-		s.creator.GID == creds.EffectiveKGID
-}
-
-func (s *Set) checkCapability(creds *auth.Credentials) bool {
-	return creds.HasCapabilityIn(linux.CAP_IPC_OWNER, s.registry.userNS) && creds.UserNamespace.MapFromKUID(s.owner.UID).Ok()
-}
-
-func (s *Set) checkPerms(creds *auth.Credentials, reqPerms fs.PermMask) bool {
-	// Are we owner, or in group, or other?
-	p := s.perms.Other
-	if s.owner.UID == creds.EffectiveKUID {
-		p = s.perms.User
-	} else if creds.InGroup(s.owner.GID) {
-		p = s.perms.Group
-	}
-
-	// Are permissions satisfied without capability checks?
-	if p.SupersetOf(reqPerms) {
-		return true
-	}
-
-	return s.checkCapability(creds)
-}
-
-// destroy destroys the set.
+// Destroy implements ipc.Mechanism.Destroy.
 //
 // Preconditions: Caller must hold 's.mu'.
-func (s *Set) destroy() {
+func (s *Set) Destroy() {
 	// Notify all waiters. They will fail on the next attempt to execute
 	// operations and return error.
 	s.dead = true
diff --git a/pkg/sentry/kernel/semaphore/semaphore_test.go b/pkg/sentry/kernel/semaphore/semaphore_test.go
index e47acefdf..2e4ab8121 100644
--- a/pkg/sentry/kernel/semaphore/semaphore_test.go
+++ b/pkg/sentry/kernel/semaphore/semaphore_test.go
@@ -21,6 +21,7 @@ import (
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/sentry/contexttest"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/ipc"
 	"gvisor.dev/gvisor/pkg/syserror"
 )
 
@@ -55,7 +56,7 @@ func signalled(ch chan struct{}) bool {
 
 func TestBasic(t *testing.T) {
 	ctx := contexttest.Context(t)
-	set := &Set{ID: 123, sems: make([]sem, 1)}
+	set := &Set{obj: &ipc.Object{ID: 123}, sems: make([]sem, 1)}
 	ops := []linux.Sembuf{
 		{SemOp: 1},
 	}
@@ -76,7 +77,7 @@ func TestBasic(t *testing.T) {
 
 func TestWaitForZero(t *testing.T) {
 	ctx := contexttest.Context(t)
-	set := &Set{ID: 123, sems: make([]sem, 1)}
+	set := &Set{obj: &ipc.Object{ID: 123}, sems: make([]sem, 1)}
 	ops := []linux.Sembuf{
 		{SemOp: 0},
 	}
@@ -115,7 +116,7 @@ func TestWaitForZero(t *testing.T) {
 
 func TestNoWait(t *testing.T) {
 	ctx := contexttest.Context(t)
-	set := &Set{ID: 123, sems: make([]sem, 1)}
+	set := &Set{obj: &ipc.Object{ID: 123}, sems: make([]sem, 1)}
 	ops := []linux.Sembuf{
 		{SemOp: 1},
 	}
@@ -138,11 +139,12 @@ func TestUnregister(t *testing.T) {
 	ctx := contexttest.Context(t)
 	r := NewRegistry(auth.NewRootUserNamespace())
 	set, err := r.FindOrCreate(ctx, 123, 2, linux.FileMode(0x600), true, true, true)
+
 	if err != nil {
 		t.Fatalf("FindOrCreate() failed, err: %v", err)
 	}
-	if got := r.FindByID(set.ID); got.ID != set.ID {
-		t.Fatalf("FindById(%d) failed, got: %+v, expected: %+v", set.ID, got, set)
+	if got := r.FindByID(set.obj.ID); got.obj.ID != set.obj.ID {
+		t.Fatalf("FindById(%d) failed, got: %+v, expected: %+v", set.obj.ID, got, set)
 	}
 
 	ops := []linux.Sembuf{
@@ -155,14 +157,14 @@ func TestUnregister(t *testing.T) {
 	}
 
 	creds := auth.CredentialsFromContext(ctx)
-	if err := r.RemoveID(set.ID, creds); err != nil {
-		t.Fatalf("RemoveID(%d) failed, err: %v", set.ID, err)
+	if err := r.Remove(set.obj.ID, creds); err != nil {
+		t.Fatalf("Remove(%d) failed, err: %v", set.obj.ID, err)
 	}
 	if !set.dead {
 		t.Fatalf("set is not dead: %+v", set)
 	}
-	if got := r.FindByID(set.ID); got != nil {
-		t.Fatalf("FindById(%d) failed, got: %+v, expected: nil", set.ID, got)
+	if got := r.FindByID(set.obj.ID); got != nil {
+		t.Fatalf("FindById(%d) failed, got: %+v, expected: nil", set.obj.ID, got)
 	}
 	for i, ch := range chs {
 		if !signalled(ch) {