cregit-Linux how code gets into the kernel

Release 4.15 kernel/ucount.c

Directory: kernel
/*
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU General Public License as
 *  published by the Free Software Foundation, version 2 of the
 *  License.
 */

#include <linux/stat.h>
#include <linux/sysctl.h>
#include <linux/slab.h>
#include <linux/cred.h>
#include <linux/hash.h>
#include <linux/user_namespace.h>


#define UCOUNTS_HASHTABLE_BITS 10

static struct hlist_head ucounts_hashtable[(1 << UCOUNTS_HASHTABLE_BITS)];
static DEFINE_SPINLOCK(ucounts_lock);


#define ucounts_hashfn(ns, uid)						\
	hash_long((unsigned long)__kuid_val(uid) + (unsigned long)(ns), \
                  UCOUNTS_HASHTABLE_BITS)

#define ucounts_hashentry(ns, uid)	\
	(ucounts_hashtable + ucounts_hashfn(ns, uid))


#ifdef CONFIG_SYSCTL

static struct ctl_table_set * set_lookup(struct ctl_table_root *root) { return &current_user_ns()->set; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann20100.00%1100.00%
Total20100.00%1100.00%


static int set_is_seen(struct ctl_table_set *set) { return &current_user_ns()->set == set; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann20100.00%1100.00%
Total20100.00%1100.00%


static int set_permissions(struct ctl_table_header *head, struct ctl_table *table) { struct user_namespace *user_ns = container_of(head->set, struct user_namespace, set); int mode; /* Allow users with CAP_SYS_RESOURCE unrestrained access */ if (ns_capable(user_ns, CAP_SYS_RESOURCE)) mode = (table->mode & S_IRWXU) >> 6; else /* Allow all others at most read-only access */ mode = table->mode & S_IROTH; return (mode << 6) | (mode << 3) | mode; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann83100.00%1100.00%
Total83100.00%1100.00%

static struct ctl_table_root set_root = { .lookup = set_lookup, .permissions = set_permissions, }; static int zero = 0; static int int_max = INT_MAX; #define UCOUNT_ENTRY(name) \ { \ .procname = name, \ .maxlen = sizeof(int), \ .mode = 0644, \ .proc_handler = proc_dointvec_minmax, \ .extra1 = &zero, \ .extra2 = &int_max, \ } static struct ctl_table user_table[] = { UCOUNT_ENTRY("max_user_namespaces"), UCOUNT_ENTRY("max_pid_namespaces"), UCOUNT_ENTRY("max_uts_namespaces"), UCOUNT_ENTRY("max_ipc_namespaces"), UCOUNT_ENTRY("max_net_namespaces"), UCOUNT_ENTRY("max_mnt_namespaces"), UCOUNT_ENTRY("max_cgroup_namespaces"), #ifdef CONFIG_INOTIFY_USER UCOUNT_ENTRY("max_inotify_instances"), UCOUNT_ENTRY("max_inotify_watches"), #endif { } }; #endif /* CONFIG_SYSCTL */
bool setup_userns_sysctls(struct user_namespace *ns) { #ifdef CONFIG_SYSCTL struct ctl_table *tbl; setup_sysctl_set(&ns->set, &set_root, set_is_seen); tbl = kmemdup(user_table, sizeof(user_table), GFP_KERNEL); if (tbl) { int i; for (i = 0; i < UCOUNT_COUNTS; i++) { tbl[i].data = &ns->ucount_max[i]; } ns->sysctls = __register_sysctl_table(&ns->set, "user", tbl); } if (!ns->sysctls) { kfree(tbl); retire_sysctl_set(&ns->set); return false; } #endif return true; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann130100.00%4100.00%
Total130100.00%4100.00%


void retire_userns_sysctls(struct user_namespace *ns) { #ifdef CONFIG_SYSCTL struct ctl_table *tbl; tbl = ns->sysctls->ctl_table_arg; unregister_sysctl_table(ns->sysctls); retire_sysctl_set(&ns->set); kfree(tbl); #endif }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann48100.00%1100.00%
Total48100.00%1100.00%


static struct ucounts *find_ucounts(struct user_namespace *ns, kuid_t uid, struct hlist_head *hashent) { struct ucounts *ucounts; hlist_for_each_entry(ucounts, hashent, node) { if (uid_eq(ucounts->uid, uid) && (ucounts->ns == ns)) return ucounts; } return NULL; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann61100.00%1100.00%
Total61100.00%1100.00%


static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid) { struct hlist_head *hashent = ucounts_hashentry(ns, uid); struct ucounts *ucounts, *new; spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (!ucounts) { spin_unlock_irq(&ucounts_lock); new = kzalloc(sizeof(*new), GFP_KERNEL); if (!new) return NULL; new->ns = ns; new->uid = uid; new->count = 0; spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (ucounts) { kfree(new); } else { hlist_add_head(&new->node, hashent); ucounts = new; } } if (ucounts->count == INT_MAX) ucounts = NULL; else ucounts->count += 1; spin_unlock_irq(&ucounts_lock); return ucounts; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann17497.75%266.67%
Nikolay Borisov42.25%133.33%
Total178100.00%3100.00%


static void put_ucounts(struct ucounts *ucounts) { unsigned long flags; spin_lock_irqsave(&ucounts_lock, flags); ucounts->count -= 1; if (!ucounts->count) hlist_del_init(&ucounts->node); else ucounts = NULL; spin_unlock_irqrestore(&ucounts_lock, flags); kfree(ucounts); }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann5283.87%266.67%
Nikolay Borisov1016.13%133.33%
Total62100.00%3100.00%


static inline bool atomic_inc_below(atomic_t *v, int u) { int c, old; c = atomic_read(v); for (;;) { if (unlikely(c >= u)) return false; old = atomic_cmpxchg(v, c, c+1); if (likely(old == c)) return true; c = old; } }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann74100.00%1100.00%
Total74100.00%1100.00%


struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type) { struct ucounts *ucounts, *iter, *bad; struct user_namespace *tns; ucounts = get_ucounts(ns, uid); for (iter = ucounts; iter; iter = tns->ucounts) { int max; tns = iter->ns; max = READ_ONCE(tns->ucount_max[type]); if (!atomic_inc_below(&iter->ucount[type], max)) goto fail; } return ucounts; fail: bad = iter; for (iter = ucounts; iter != bad; iter = iter->ns->ucounts) atomic_dec(&iter->ucount[type]); put_ucounts(ucounts); return NULL; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann146100.00%3100.00%
Total146100.00%3100.00%


void dec_ucount(struct ucounts *ucounts, enum ucount_type type) { struct ucounts *iter; for (iter = ucounts; iter; iter = iter->ns->ucounts) { int dec = atomic_dec_if_positive(&iter->ucount[type]); WARN_ON_ONCE(dec < 0); } put_ucounts(ucounts); }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann63100.00%3100.00%
Total63100.00%3100.00%


static __init int user_namespace_sysctl_init(void) { #ifdef CONFIG_SYSCTL static struct ctl_table_header *user_header; static struct ctl_table empty[1]; /* * It is necessary to register the user directory in the * default set so that registrations in the child sets work * properly. */ user_header = register_sysctl("user", empty); kmemleak_ignore(user_header); BUG_ON(!user_header); BUG_ON(!setup_userns_sysctls(&init_user_ns)); #endif return 0; }

Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann5791.94%266.67%
Luis R. Rodriguez58.06%133.33%
Total62100.00%3100.00%

subsys_initcall(user_namespace_sysctl_init);

Overall Contributors

PersonTokensPropCommitsCommitProp
Eric W. Biedermann107996.68%1173.33%
Nikolay Borisov292.60%213.33%
Luis R. Rodriguez50.45%16.67%
Ingo Molnar30.27%16.67%
Total1116100.00%15100.00%
Directory: kernel
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.
Created with cregit.