Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/kernel/ucount.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3) #include <linux/stat.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4) #include <linux/sysctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) #include <linux/cred.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) #include <linux/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include <linux/kmemleak.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <linux/user_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #define UCOUNTS_HASHTABLE_BITS 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) static struct hlist_head ucounts_hashtable[(1 << UCOUNTS_HASHTABLE_BITS)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) static DEFINE_SPINLOCK(ucounts_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #define ucounts_hashfn(ns, uid)						\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) 	hash_long((unsigned long)__kuid_val(uid) + (unsigned long)(ns), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 		  UCOUNTS_HASHTABLE_BITS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #define ucounts_hashentry(ns, uid)	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 	(ucounts_hashtable + ucounts_hashfn(ns, uid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) static struct ctl_table_set *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) set_lookup(struct ctl_table_root *root)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	return &current_user_ns()->set;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) static int set_is_seen(struct ctl_table_set *set)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	return &current_user_ns()->set == set;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) static int set_permissions(struct ctl_table_header *head,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 				  struct ctl_table *table)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	struct user_namespace *user_ns =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 		container_of(head->set, struct user_namespace, set);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	/* Allow users with CAP_SYS_RESOURCE unrestrained access */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 	if (ns_capable(user_ns, CAP_SYS_RESOURCE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 		mode = (table->mode & S_IRWXU) >> 6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	/* Allow all others at most read-only access */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 		mode = table->mode & S_IROTH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	return (mode << 6) | (mode << 3) | mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) static struct ctl_table_root set_root = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	.lookup = set_lookup,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	.permissions = set_permissions,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) #define UCOUNT_ENTRY(name)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	{						\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 		.procname	= name,			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 		.maxlen		= sizeof(int),		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 		.mode		= 0644,			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		.proc_handler	= proc_dointvec_minmax,	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		.extra1		= SYSCTL_ZERO,		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 		.extra2		= SYSCTL_INT_MAX,	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) static struct ctl_table user_table[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	UCOUNT_ENTRY("max_user_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	UCOUNT_ENTRY("max_pid_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	UCOUNT_ENTRY("max_uts_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	UCOUNT_ENTRY("max_ipc_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	UCOUNT_ENTRY("max_net_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	UCOUNT_ENTRY("max_mnt_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	UCOUNT_ENTRY("max_cgroup_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	UCOUNT_ENTRY("max_time_namespaces"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) #ifdef CONFIG_INOTIFY_USER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	UCOUNT_ENTRY("max_inotify_instances"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	UCOUNT_ENTRY("max_inotify_watches"),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	{ }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) #endif /* CONFIG_SYSCTL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) bool setup_userns_sysctls(struct user_namespace *ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	struct ctl_table *tbl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	BUILD_BUG_ON(ARRAY_SIZE(user_table) != UCOUNT_COUNTS + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	setup_sysctl_set(&ns->set, &set_root, set_is_seen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	tbl = kmemdup(user_table, sizeof(user_table), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	if (tbl) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 		int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		for (i = 0; i < UCOUNT_COUNTS; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 			tbl[i].data = &ns->ucount_max[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		ns->sysctls = __register_sysctl_table(&ns->set, "user", tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	if (!ns->sysctls) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		kfree(tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		retire_sysctl_set(&ns->set);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) void retire_userns_sysctls(struct user_namespace *ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	struct ctl_table *tbl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	tbl = ns->sysctls->ctl_table_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	unregister_sysctl_table(ns->sysctls);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	retire_sysctl_set(&ns->set);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	kfree(tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) static struct ucounts *find_ucounts(struct user_namespace *ns, kuid_t uid, struct hlist_head *hashent)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	struct ucounts *ucounts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	hlist_for_each_entry(ucounts, hashent, node) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 		if (uid_eq(ucounts->uid, uid) && (ucounts->ns == ns))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 			return ucounts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	struct hlist_head *hashent = ucounts_hashentry(ns, uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 	struct ucounts *ucounts, *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	spin_lock_irq(&ucounts_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	ucounts = find_ucounts(ns, uid, hashent);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	if (!ucounts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 		spin_unlock_irq(&ucounts_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 		new = kzalloc(sizeof(*new), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		if (!new)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 			return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 		new->ns = ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 		new->uid = uid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		new->count = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 		spin_lock_irq(&ucounts_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		ucounts = find_ucounts(ns, uid, hashent);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		if (ucounts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 			kfree(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 			hlist_add_head(&new->node, hashent);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 			ucounts = new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	if (ucounts->count == INT_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		ucounts = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		ucounts->count += 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	spin_unlock_irq(&ucounts_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	return ucounts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) static void put_ucounts(struct ucounts *ucounts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	unsigned long flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	spin_lock_irqsave(&ucounts_lock, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	ucounts->count -= 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	if (!ucounts->count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		hlist_del_init(&ucounts->node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		ucounts = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	spin_unlock_irqrestore(&ucounts_lock, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	kfree(ucounts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) static inline bool atomic_inc_below(atomic_t *v, int u)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	int c, old;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	c = atomic_read(v);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 	for (;;) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 		if (unlikely(c >= u))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 			return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		old = atomic_cmpxchg(v, c, c+1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 		if (likely(old == c))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 			return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		c = old;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 			   enum ucount_type type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	struct ucounts *ucounts, *iter, *bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	struct user_namespace *tns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	ucounts = get_ucounts(ns, uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	for (iter = ucounts; iter; iter = tns->ucounts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		int max;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		tns = iter->ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		max = READ_ONCE(tns->ucount_max[type]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		if (!atomic_inc_below(&iter->ucount[type], max))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 			goto fail;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	return ucounts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) fail:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	bad = iter;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	for (iter = ucounts; iter != bad; iter = iter->ns->ucounts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 		atomic_dec(&iter->ucount[type]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	put_ucounts(ucounts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) void dec_ucount(struct ucounts *ucounts, enum ucount_type type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	struct ucounts *iter;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 		int dec = atomic_dec_if_positive(&iter->ucount[type]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		WARN_ON_ONCE(dec < 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	put_ucounts(ucounts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) static __init int user_namespace_sysctl_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	static struct ctl_table_header *user_header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	static struct ctl_table empty[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	 * It is necessary to register the user directory in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	 * default set so that registrations in the child sets work
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	 * properly.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	user_header = register_sysctl("user", empty);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	kmemleak_ignore(user_header);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	BUG_ON(!user_header);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	BUG_ON(!setup_userns_sysctls(&init_user_ns));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) subsys_initcall(user_namespace_sysctl_init);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.