include/linux/ipc_namespace.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef __IPC_NAMESPACE_H__
0003 #define __IPC_NAMESPACE_H__
0004
0005 #include <linux/err.h>
0006 #include <linux/idr.h>
0007 #include <linux/rwsem.h>
0008 #include <linux/notifier.h>
0009 #include <linux/nsproxy.h>
0010 #include <linux/ns_common.h>
0011 #include <linux/refcount.h>
0012 #include <linux/rhashtable-types.h>
0013 #include <linux/sysctl.h>
0014
0015 struct user_namespace;
0016
0017 struct ipc_ids {
0018     int in_use;
0019     unsigned short seq;
0020     struct rw_semaphore rwsem;
0021     struct idr ipcs_idr;
0022     int max_idx;
0023     int last_idx;   /* For wrap around detection */
0024 #ifdef CONFIG_CHECKPOINT_RESTORE
0025     int next_id;
0026 #endif
0027     struct rhashtable key_ht;
0028 };
0029
0030 struct ipc_namespace {
0031     struct ipc_ids  ids[3];
0032
0033     int     sem_ctls[4];
0034     int     used_sems;
0035
0036     unsigned int    msg_ctlmax;
0037     unsigned int    msg_ctlmnb;
0038     unsigned int    msg_ctlmni;
0039     atomic_t    msg_bytes;
0040     atomic_t    msg_hdrs;
0041
0042     size_t      shm_ctlmax;
0043     size_t      shm_ctlall;
0044     unsigned long   shm_tot;
0045     int     shm_ctlmni;
0046     /*
0047      * Defines whether IPC_RMID is forced for _all_ shm segments regardless
0048      * of shmctl()
0049      */
0050     int     shm_rmid_forced;
0051
0052     struct notifier_block ipcns_nb;
0053
0054     /* The kern_mount of the mqueuefs sb.  We take a ref on it */
0055     struct vfsmount *mq_mnt;
0056
0057     /* # queues in this ns, protected by mq_lock */
0058     unsigned int    mq_queues_count;
0059
0060     /* next fields are set through sysctl */
0061     unsigned int    mq_queues_max;   /* initialized to DFLT_QUEUESMAX */
0062     unsigned int    mq_msg_max;      /* initialized to DFLT_MSGMAX */
0063     unsigned int    mq_msgsize_max;  /* initialized to DFLT_MSGSIZEMAX */
0064     unsigned int    mq_msg_default;
0065     unsigned int    mq_msgsize_default;
0066
0067     struct ctl_table_set    mq_set;
0068     struct ctl_table_header *mq_sysctls;
0069
0070     struct ctl_table_set    ipc_set;
0071     struct ctl_table_header *ipc_sysctls;
0072
0073     /* user_ns which owns the ipc ns */
0074     struct user_namespace *user_ns;
0075     struct ucounts *ucounts;
0076
0077     struct llist_node mnt_llist;
0078
0079     struct ns_common ns;
0080 } __randomize_layout;
0081
0082 extern struct ipc_namespace init_ipc_ns;
0083 extern spinlock_t mq_lock;
0084
0085 #ifdef CONFIG_SYSVIPC
0086 extern void shm_destroy_orphaned(struct ipc_namespace *ns);
0087 #else /* CONFIG_SYSVIPC */
0088 static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {}
0089 #endif /* CONFIG_SYSVIPC */
0090
0091 #ifdef CONFIG_POSIX_MQUEUE
0092 extern int mq_init_ns(struct ipc_namespace *ns);
0093 /*
0094  * POSIX Message Queue default values:
0095  *
0096  * MIN_*: Lowest value an admin can set the maximum unprivileged limit to
0097  * DFLT_*MAX: Default values for the maximum unprivileged limits
0098  * DFLT_{MSG,MSGSIZE}: Default values used when the user doesn't supply
0099  *   an attribute to the open call and the queue must be created
0100  * HARD_*: Highest value the maximums can be set to.  These are enforced
0101  *   on CAP_SYS_RESOURCE apps as well making them inviolate (so make them
0102  *   suitably high)
0103  *
0104  * POSIX Requirements:
0105  *   Per app minimum openable message queues - 8.  This does not map well
0106  *     to the fact that we limit the number of queues on a per namespace
0107  *     basis instead of a per app basis.  So, make the default high enough
0108  *     that no given app should have a hard time opening 8 queues.
0109  *   Minimum maximum for HARD_MSGMAX - 32767.  I bumped this to 65536.
0110  *   Minimum maximum for HARD_MSGSIZEMAX - POSIX is silent on this.  However,
0111  *     we have run into a situation where running applications in the wild
0112  *     require this to be at least 5MB, and preferably 10MB, so I set the
0113  *     value to 16MB in hopes that this user is the worst of the bunch and
0114  *     the new maximum will handle anyone else.  I may have to revisit this
0115  *     in the future.
0116  */
0117 #define DFLT_QUEUESMAX            256
0118 #define MIN_MSGMAX          1
0119 #define DFLT_MSG               10U
0120 #define DFLT_MSGMAX            10
0121 #define HARD_MSGMAX         65536
0122 #define MIN_MSGSIZEMAX            128
0123 #define DFLT_MSGSIZE             8192U
0124 #define DFLT_MSGSIZEMAX          8192
0125 #define HARD_MSGSIZEMAX     (16*1024*1024)
0126 #else
0127 static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }
0128 #endif
0129
0130 #if defined(CONFIG_IPC_NS)
0131 extern struct ipc_namespace *copy_ipcs(unsigned long flags,
0132     struct user_namespace *user_ns, struct ipc_namespace *ns);
0133
0134 static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
0135 {
0136     if (ns)
0137         refcount_inc(&ns->ns.count);
0138     return ns;
0139 }
0140
0141 static inline struct ipc_namespace *get_ipc_ns_not_zero(struct ipc_namespace *ns)
0142 {
0143     if (ns) {
0144         if (refcount_inc_not_zero(&ns->ns.count))
0145             return ns;
0146     }
0147
0148     return NULL;
0149 }
0150
0151 extern void put_ipc_ns(struct ipc_namespace *ns);
0152 #else
0153 static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
0154     struct user_namespace *user_ns, struct ipc_namespace *ns)
0155 {
0156     if (flags & CLONE_NEWIPC)
0157         return ERR_PTR(-EINVAL);
0158
0159     return ns;
0160 }
0161
0162 static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
0163 {
0164     return ns;
0165 }
0166
0167 static inline struct ipc_namespace *get_ipc_ns_not_zero(struct ipc_namespace *ns)
0168 {
0169     return ns;
0170 }
0171
0172 static inline void put_ipc_ns(struct ipc_namespace *ns)
0173 {
0174 }
0175 #endif
0176
0177 #ifdef CONFIG_POSIX_MQUEUE_SYSCTL
0178
0179 void retire_mq_sysctls(struct ipc_namespace *ns);
0180 bool setup_mq_sysctls(struct ipc_namespace *ns);
0181
0182 #else /* CONFIG_POSIX_MQUEUE_SYSCTL */
0183
0184 static inline void retire_mq_sysctls(struct ipc_namespace *ns)
0185 {
0186 }
0187
0188 static inline bool setup_mq_sysctls(struct ipc_namespace *ns)
0189 {
0190     return true;
0191 }
0192
0193 #endif /* CONFIG_POSIX_MQUEUE_SYSCTL */
0194
0195 #ifdef CONFIG_SYSVIPC_SYSCTL
0196
0197 bool setup_ipc_sysctls(struct ipc_namespace *ns);
0198 void retire_ipc_sysctls(struct ipc_namespace *ns);
0199
0200 #else /* CONFIG_SYSVIPC_SYSCTL */
0201
0202 static inline void retire_ipc_sysctls(struct ipc_namespace *ns)
0203 {
0204 }
0205
0206 static inline bool setup_ipc_sysctls(struct ipc_namespace *ns)
0207 {
0208     return true;
0209 }
0210
0211 #endif /* CONFIG_SYSVIPC_SYSCTL */
0212 #endif