cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

user_namespace.h (6140B)

      1/* SPDX-License-Identifier: GPL-2.0 */
      2#ifndef _LINUX_USER_NAMESPACE_H
      3#define _LINUX_USER_NAMESPACE_H
      4
      5#include <linux/kref.h>
      6#include <linux/nsproxy.h>
      7#include <linux/ns_common.h>
      8#include <linux/sched.h>
      9#include <linux/workqueue.h>
     10#include <linux/rwsem.h>
     11#include <linux/sysctl.h>
     12#include <linux/err.h>
     13
     14#define UID_GID_MAP_MAX_BASE_EXTENTS 5
     15#define UID_GID_MAP_MAX_EXTENTS 340
     16
     17struct uid_gid_extent {
     18	u32 first;
     19	u32 lower_first;
     20	u32 count;
     21};
     22
     23struct uid_gid_map { /* 64 bytes -- 1 cache line */
     24	u32 nr_extents;
     25	union {
     26		struct uid_gid_extent extent[UID_GID_MAP_MAX_BASE_EXTENTS];
     27		struct {
     28			struct uid_gid_extent *forward;
     29			struct uid_gid_extent *reverse;
     30		};
     31	};
     32};
     33
     34#define USERNS_SETGROUPS_ALLOWED 1UL
     35
     36#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
     37
     38struct ucounts;
     39
     40enum ucount_type {
     41	UCOUNT_USER_NAMESPACES,
     42	UCOUNT_PID_NAMESPACES,
     43	UCOUNT_UTS_NAMESPACES,
     44	UCOUNT_IPC_NAMESPACES,
     45	UCOUNT_NET_NAMESPACES,
     46	UCOUNT_MNT_NAMESPACES,
     47	UCOUNT_CGROUP_NAMESPACES,
     48	UCOUNT_TIME_NAMESPACES,
     49#ifdef CONFIG_INOTIFY_USER
     50	UCOUNT_INOTIFY_INSTANCES,
     51	UCOUNT_INOTIFY_WATCHES,
     52#endif
     53#ifdef CONFIG_FANOTIFY
     54	UCOUNT_FANOTIFY_GROUPS,
     55	UCOUNT_FANOTIFY_MARKS,
     56#endif
     57	UCOUNT_RLIMIT_NPROC,
     58	UCOUNT_RLIMIT_MSGQUEUE,
     59	UCOUNT_RLIMIT_SIGPENDING,
     60	UCOUNT_RLIMIT_MEMLOCK,
     61	UCOUNT_COUNTS,
     62};
     63
     64#define MAX_PER_NAMESPACE_UCOUNTS UCOUNT_RLIMIT_NPROC
     65
     66struct user_namespace {
     67	struct uid_gid_map	uid_map;
     68	struct uid_gid_map	gid_map;
     69	struct uid_gid_map	projid_map;
     70	struct user_namespace	*parent;
     71	int			level;
     72	kuid_t			owner;
     73	kgid_t			group;
     74	struct ns_common	ns;
     75	unsigned long		flags;
     76	/* parent_could_setfcap: true if the creator if this ns had CAP_SETFCAP
     77	 * in its effective capability set at the child ns creation time. */
     78	bool			parent_could_setfcap;
     79
     80#ifdef CONFIG_KEYS
     81	/* List of joinable keyrings in this namespace.  Modification access of
     82	 * these pointers is controlled by keyring_sem.  Once
     83	 * user_keyring_register is set, it won't be changed, so it can be
     84	 * accessed directly with READ_ONCE().
     85	 */
     86	struct list_head	keyring_name_list;
     87	struct key		*user_keyring_register;
     88	struct rw_semaphore	keyring_sem;
     89#endif
     90
     91	/* Register of per-UID persistent keyrings for this namespace */
     92#ifdef CONFIG_PERSISTENT_KEYRINGS
     93	struct key		*persistent_keyring_register;
     94#endif
     95	struct work_struct	work;
     96#ifdef CONFIG_SYSCTL
     97	struct ctl_table_set	set;
     98	struct ctl_table_header *sysctls;
     99#endif
    100	struct ucounts		*ucounts;
    101	long ucount_max[UCOUNT_COUNTS];
    102} __randomize_layout;
    103
    104struct ucounts {
    105	struct hlist_node node;
    106	struct user_namespace *ns;
    107	kuid_t uid;
    108	atomic_t count;
    109	atomic_long_t ucount[UCOUNT_COUNTS];
    110};
    111
    112extern struct user_namespace init_user_ns;
    113extern struct ucounts init_ucounts;
    114
    115bool setup_userns_sysctls(struct user_namespace *ns);
    116void retire_userns_sysctls(struct user_namespace *ns);
    117struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type);
    118void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
    119struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid);
    120struct ucounts * __must_check get_ucounts(struct ucounts *ucounts);
    121void put_ucounts(struct ucounts *ucounts);
    122
    123static inline long get_ucounts_value(struct ucounts *ucounts, enum ucount_type type)
    124{
    125	return atomic_long_read(&ucounts->ucount[type]);
    126}
    127
    128long inc_rlimit_ucounts(struct ucounts *ucounts, enum ucount_type type, long v);
    129bool dec_rlimit_ucounts(struct ucounts *ucounts, enum ucount_type type, long v);
    130long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum ucount_type type);
    131void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum ucount_type type);
    132bool is_ucounts_overlimit(struct ucounts *ucounts, enum ucount_type type, unsigned long max);
    133
    134static inline void set_rlimit_ucount_max(struct user_namespace *ns,
    135		enum ucount_type type, unsigned long max)
    136{
    137	ns->ucount_max[type] = max <= LONG_MAX ? max : LONG_MAX;
    138}
    139
    140#ifdef CONFIG_USER_NS
    141
    142static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
    143{
    144	if (ns)
    145		refcount_inc(&ns->ns.count);
    146	return ns;
    147}
    148
    149extern int create_user_ns(struct cred *new);
    150extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
    151extern void __put_user_ns(struct user_namespace *ns);
    152
    153static inline void put_user_ns(struct user_namespace *ns)
    154{
    155	if (ns && refcount_dec_and_test(&ns->ns.count))
    156		__put_user_ns(ns);
    157}
    158
    159struct seq_operations;
    160extern const struct seq_operations proc_uid_seq_operations;
    161extern const struct seq_operations proc_gid_seq_operations;
    162extern const struct seq_operations proc_projid_seq_operations;
    163extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
    164extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
    165extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
    166extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
    167extern int proc_setgroups_show(struct seq_file *m, void *v);
    168extern bool userns_may_setgroups(const struct user_namespace *ns);
    169extern bool in_userns(const struct user_namespace *ancestor,
    170		       const struct user_namespace *child);
    171extern bool current_in_userns(const struct user_namespace *target_ns);
    172struct ns_common *ns_get_owner(struct ns_common *ns);
    173#else
    174
    175static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
    176{
    177	return &init_user_ns;
    178}
    179
    180static inline int create_user_ns(struct cred *new)
    181{
    182	return -EINVAL;
    183}
    184
    185static inline int unshare_userns(unsigned long unshare_flags,
    186				 struct cred **new_cred)
    187{
    188	if (unshare_flags & CLONE_NEWUSER)
    189		return -EINVAL;
    190	return 0;
    191}
    192
    193static inline void put_user_ns(struct user_namespace *ns)
    194{
    195}
    196
    197static inline bool userns_may_setgroups(const struct user_namespace *ns)
    198{
    199	return true;
    200}
    201
    202static inline bool in_userns(const struct user_namespace *ancestor,
    203			     const struct user_namespace *child)
    204{
    205	return true;
    206}
    207
    208static inline bool current_in_userns(const struct user_namespace *target_ns)
    209{
    210	return true;
    211}
    212
    213static inline struct ns_common *ns_get_owner(struct ns_common *ns)
    214{
    215	return ERR_PTR(-EPERM);
    216}
    217#endif
    218
    219#endif /* _LINUX_USER_H */