Back to home page

LXR

 
 

    


0001 /*
0002  *  This program is free software; you can redistribute it and/or
0003  *  modify it under the terms of the GNU General Public License as
0004  *  published by the Free Software Foundation, version 2 of the
0005  *  License.
0006  */
0007 
0008 #include <linux/stat.h>
0009 #include <linux/sysctl.h>
0010 #include <linux/slab.h>
0011 #include <linux/hash.h>
0012 #include <linux/user_namespace.h>
0013 
0014 #define UCOUNTS_HASHTABLE_BITS 10
0015 static struct hlist_head ucounts_hashtable[(1 << UCOUNTS_HASHTABLE_BITS)];
0016 static DEFINE_SPINLOCK(ucounts_lock);
0017 
0018 #define ucounts_hashfn(ns, uid)                     \
0019     hash_long((unsigned long)__kuid_val(uid) + (unsigned long)(ns), \
0020           UCOUNTS_HASHTABLE_BITS)
0021 #define ucounts_hashentry(ns, uid)  \
0022     (ucounts_hashtable + ucounts_hashfn(ns, uid))
0023 
0024 
0025 #ifdef CONFIG_SYSCTL
0026 static struct ctl_table_set *
0027 set_lookup(struct ctl_table_root *root)
0028 {
0029     return &current_user_ns()->set;
0030 }
0031 
0032 static int set_is_seen(struct ctl_table_set *set)
0033 {
0034     return &current_user_ns()->set == set;
0035 }
0036 
0037 static int set_permissions(struct ctl_table_header *head,
0038                   struct ctl_table *table)
0039 {
0040     struct user_namespace *user_ns =
0041         container_of(head->set, struct user_namespace, set);
0042     int mode;
0043 
0044     /* Allow users with CAP_SYS_RESOURCE unrestrained access */
0045     if (ns_capable(user_ns, CAP_SYS_RESOURCE))
0046         mode = (table->mode & S_IRWXU) >> 6;
0047     else
0048     /* Allow all others at most read-only access */
0049         mode = table->mode & S_IROTH;
0050     return (mode << 6) | (mode << 3) | mode;
0051 }
0052 
0053 static struct ctl_table_root set_root = {
0054     .lookup = set_lookup,
0055     .permissions = set_permissions,
0056 };
0057 
0058 static int zero = 0;
0059 static int int_max = INT_MAX;
0060 #define UCOUNT_ENTRY(name)              \
0061     {                       \
0062         .procname   = name,         \
0063         .maxlen     = sizeof(int),      \
0064         .mode       = 0644,         \
0065         .proc_handler   = proc_dointvec_minmax, \
0066         .extra1     = &zero,        \
0067         .extra2     = &int_max,     \
0068     }
0069 static struct ctl_table user_table[] = {
0070     UCOUNT_ENTRY("max_user_namespaces"),
0071     UCOUNT_ENTRY("max_pid_namespaces"),
0072     UCOUNT_ENTRY("max_uts_namespaces"),
0073     UCOUNT_ENTRY("max_ipc_namespaces"),
0074     UCOUNT_ENTRY("max_net_namespaces"),
0075     UCOUNT_ENTRY("max_mnt_namespaces"),
0076     UCOUNT_ENTRY("max_cgroup_namespaces"),
0077     { }
0078 };
0079 #endif /* CONFIG_SYSCTL */
0080 
0081 bool setup_userns_sysctls(struct user_namespace *ns)
0082 {
0083 #ifdef CONFIG_SYSCTL
0084     struct ctl_table *tbl;
0085     setup_sysctl_set(&ns->set, &set_root, set_is_seen);
0086     tbl = kmemdup(user_table, sizeof(user_table), GFP_KERNEL);
0087     if (tbl) {
0088         int i;
0089         for (i = 0; i < UCOUNT_COUNTS; i++) {
0090             tbl[i].data = &ns->ucount_max[i];
0091         }
0092         ns->sysctls = __register_sysctl_table(&ns->set, "user", tbl);
0093     }
0094     if (!ns->sysctls) {
0095         kfree(tbl);
0096         retire_sysctl_set(&ns->set);
0097         return false;
0098     }
0099 #endif
0100     return true;
0101 }
0102 
0103 void retire_userns_sysctls(struct user_namespace *ns)
0104 {
0105 #ifdef CONFIG_SYSCTL
0106     struct ctl_table *tbl;
0107 
0108     tbl = ns->sysctls->ctl_table_arg;
0109     unregister_sysctl_table(ns->sysctls);
0110     retire_sysctl_set(&ns->set);
0111     kfree(tbl);
0112 #endif
0113 }
0114 
0115 static struct ucounts *find_ucounts(struct user_namespace *ns, kuid_t uid, struct hlist_head *hashent)
0116 {
0117     struct ucounts *ucounts;
0118 
0119     hlist_for_each_entry(ucounts, hashent, node) {
0120         if (uid_eq(ucounts->uid, uid) && (ucounts->ns == ns))
0121             return ucounts;
0122     }
0123     return NULL;
0124 }
0125 
0126 static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
0127 {
0128     struct hlist_head *hashent = ucounts_hashentry(ns, uid);
0129     struct ucounts *ucounts, *new;
0130 
0131     spin_lock_irq(&ucounts_lock);
0132     ucounts = find_ucounts(ns, uid, hashent);
0133     if (!ucounts) {
0134         spin_unlock_irq(&ucounts_lock);
0135 
0136         new = kzalloc(sizeof(*new), GFP_KERNEL);
0137         if (!new)
0138             return NULL;
0139 
0140         new->ns = ns;
0141         new->uid = uid;
0142         atomic_set(&new->count, 0);
0143 
0144         spin_lock_irq(&ucounts_lock);
0145         ucounts = find_ucounts(ns, uid, hashent);
0146         if (ucounts) {
0147             kfree(new);
0148         } else {
0149             hlist_add_head(&new->node, hashent);
0150             ucounts = new;
0151         }
0152     }
0153     if (!atomic_add_unless(&ucounts->count, 1, INT_MAX))
0154         ucounts = NULL;
0155     spin_unlock_irq(&ucounts_lock);
0156     return ucounts;
0157 }
0158 
0159 static void put_ucounts(struct ucounts *ucounts)
0160 {
0161     unsigned long flags;
0162 
0163     if (atomic_dec_and_test(&ucounts->count)) {
0164         spin_lock_irqsave(&ucounts_lock, flags);
0165         hlist_del_init(&ucounts->node);
0166         spin_unlock_irqrestore(&ucounts_lock, flags);
0167 
0168         kfree(ucounts);
0169     }
0170 }
0171 
0172 static inline bool atomic_inc_below(atomic_t *v, int u)
0173 {
0174     int c, old;
0175     c = atomic_read(v);
0176     for (;;) {
0177         if (unlikely(c >= u))
0178             return false;
0179         old = atomic_cmpxchg(v, c, c+1);
0180         if (likely(old == c))
0181             return true;
0182         c = old;
0183     }
0184 }
0185 
0186 struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid,
0187                enum ucount_type type)
0188 {
0189     struct ucounts *ucounts, *iter, *bad;
0190     struct user_namespace *tns;
0191     ucounts = get_ucounts(ns, uid);
0192     for (iter = ucounts; iter; iter = tns->ucounts) {
0193         int max;
0194         tns = iter->ns;
0195         max = READ_ONCE(tns->ucount_max[type]);
0196         if (!atomic_inc_below(&iter->ucount[type], max))
0197             goto fail;
0198     }
0199     return ucounts;
0200 fail:
0201     bad = iter;
0202     for (iter = ucounts; iter != bad; iter = iter->ns->ucounts)
0203         atomic_dec(&iter->ucount[type]);
0204 
0205     put_ucounts(ucounts);
0206     return NULL;
0207 }
0208 
0209 void dec_ucount(struct ucounts *ucounts, enum ucount_type type)
0210 {
0211     struct ucounts *iter;
0212     for (iter = ucounts; iter; iter = iter->ns->ucounts) {
0213         int dec = atomic_dec_if_positive(&iter->ucount[type]);
0214         WARN_ON_ONCE(dec < 0);
0215     }
0216     put_ucounts(ucounts);
0217 }
0218 
0219 static __init int user_namespace_sysctl_init(void)
0220 {
0221 #ifdef CONFIG_SYSCTL
0222     static struct ctl_table_header *user_header;
0223     static struct ctl_table empty[1];
0224     /*
0225      * It is necessary to register the user directory in the
0226      * default set so that registrations in the child sets work
0227      * properly.
0228      */
0229     user_header = register_sysctl("user", empty);
0230     kmemleak_ignore(user_header);
0231     BUG_ON(!user_header);
0232     BUG_ON(!setup_userns_sysctls(&init_user_ns));
0233 #endif
0234     return 0;
0235 }
0236 subsys_initcall(user_namespace_sysctl_init);