forked from luck/tmp_suning_uos_patched
387ad9674b
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: Tejun Heo <tj@kernel.org>
156 lines
3.3 KiB
C
156 lines
3.3 KiB
C
#include "cgroup-internal.h"
|
|
|
|
#include <linux/sched/task.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/nsproxy.h>
|
|
#include <linux/proc_ns.h>
|
|
|
|
|
|
/* cgroup namespaces */
|
|
|
|
static struct ucounts *inc_cgroup_namespaces(struct user_namespace *ns)
|
|
{
|
|
return inc_ucount(ns, current_euid(), UCOUNT_CGROUP_NAMESPACES);
|
|
}
|
|
|
|
static void dec_cgroup_namespaces(struct ucounts *ucounts)
|
|
{
|
|
dec_ucount(ucounts, UCOUNT_CGROUP_NAMESPACES);
|
|
}
|
|
|
|
static struct cgroup_namespace *alloc_cgroup_ns(void)
|
|
{
|
|
struct cgroup_namespace *new_ns;
|
|
int ret;
|
|
|
|
new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL);
|
|
if (!new_ns)
|
|
return ERR_PTR(-ENOMEM);
|
|
ret = ns_alloc_inum(&new_ns->ns);
|
|
if (ret) {
|
|
kfree(new_ns);
|
|
return ERR_PTR(ret);
|
|
}
|
|
refcount_set(&new_ns->count, 1);
|
|
new_ns->ns.ops = &cgroupns_operations;
|
|
return new_ns;
|
|
}
|
|
|
|
void free_cgroup_ns(struct cgroup_namespace *ns)
|
|
{
|
|
put_css_set(ns->root_cset);
|
|
dec_cgroup_namespaces(ns->ucounts);
|
|
put_user_ns(ns->user_ns);
|
|
ns_free_inum(&ns->ns);
|
|
kfree(ns);
|
|
}
|
|
EXPORT_SYMBOL(free_cgroup_ns);
|
|
|
|
struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
|
|
struct user_namespace *user_ns,
|
|
struct cgroup_namespace *old_ns)
|
|
{
|
|
struct cgroup_namespace *new_ns;
|
|
struct ucounts *ucounts;
|
|
struct css_set *cset;
|
|
|
|
BUG_ON(!old_ns);
|
|
|
|
if (!(flags & CLONE_NEWCGROUP)) {
|
|
get_cgroup_ns(old_ns);
|
|
return old_ns;
|
|
}
|
|
|
|
/* Allow only sysadmin to create cgroup namespace. */
|
|
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
|
|
return ERR_PTR(-EPERM);
|
|
|
|
ucounts = inc_cgroup_namespaces(user_ns);
|
|
if (!ucounts)
|
|
return ERR_PTR(-ENOSPC);
|
|
|
|
/* It is not safe to take cgroup_mutex here */
|
|
spin_lock_irq(&css_set_lock);
|
|
cset = task_css_set(current);
|
|
get_css_set(cset);
|
|
spin_unlock_irq(&css_set_lock);
|
|
|
|
new_ns = alloc_cgroup_ns();
|
|
if (IS_ERR(new_ns)) {
|
|
put_css_set(cset);
|
|
dec_cgroup_namespaces(ucounts);
|
|
return new_ns;
|
|
}
|
|
|
|
new_ns->user_ns = get_user_ns(user_ns);
|
|
new_ns->ucounts = ucounts;
|
|
new_ns->root_cset = cset;
|
|
|
|
return new_ns;
|
|
}
|
|
|
|
static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
|
|
{
|
|
return container_of(ns, struct cgroup_namespace, ns);
|
|
}
|
|
|
|
static int cgroupns_install(struct nsproxy *nsproxy, struct ns_common *ns)
|
|
{
|
|
struct cgroup_namespace *cgroup_ns = to_cg_ns(ns);
|
|
|
|
if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN) ||
|
|
!ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN))
|
|
return -EPERM;
|
|
|
|
/* Don't need to do anything if we are attaching to our own cgroupns. */
|
|
if (cgroup_ns == nsproxy->cgroup_ns)
|
|
return 0;
|
|
|
|
get_cgroup_ns(cgroup_ns);
|
|
put_cgroup_ns(nsproxy->cgroup_ns);
|
|
nsproxy->cgroup_ns = cgroup_ns;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static struct ns_common *cgroupns_get(struct task_struct *task)
|
|
{
|
|
struct cgroup_namespace *ns = NULL;
|
|
struct nsproxy *nsproxy;
|
|
|
|
task_lock(task);
|
|
nsproxy = task->nsproxy;
|
|
if (nsproxy) {
|
|
ns = nsproxy->cgroup_ns;
|
|
get_cgroup_ns(ns);
|
|
}
|
|
task_unlock(task);
|
|
|
|
return ns ? &ns->ns : NULL;
|
|
}
|
|
|
|
static void cgroupns_put(struct ns_common *ns)
|
|
{
|
|
put_cgroup_ns(to_cg_ns(ns));
|
|
}
|
|
|
|
static struct user_namespace *cgroupns_owner(struct ns_common *ns)
|
|
{
|
|
return to_cg_ns(ns)->user_ns;
|
|
}
|
|
|
|
const struct proc_ns_operations cgroupns_operations = {
|
|
.name = "cgroup",
|
|
.type = CLONE_NEWCGROUP,
|
|
.get = cgroupns_get,
|
|
.put = cgroupns_put,
|
|
.install = cgroupns_install,
|
|
.owner = cgroupns_owner,
|
|
};
|
|
|
|
static __init int cgroup_namespaces_init(void)
|
|
{
|
|
return 0;
|
|
}
|
|
subsys_initcall(cgroup_namespaces_init);
|