Blame view
kernel/user.c
5.44 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
/* * The "user cache". * * (C) Copyright 1991-2000 Linus Torvalds * * We have a per-user structure to keep track of how many * processes, files etc the user has claimed, in order to be * able to have per-user limits for system resources. */ #include <linux/init.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/bitops.h> #include <linux/key.h> |
4021cb279 [PATCH] fix uidha... |
16 |
#include <linux/interrupt.h> |
acce292c8 user namespace: a... |
17 18 |
#include <linux/module.h> #include <linux/user_namespace.h> |
1da177e4c Linux-2.6.12-rc2 |
19 20 21 22 23 |
/* * UID task count cache, to get fast user lookup in "alloc_uid" * when changing user ID's (ie setuid() and friends). */ |
1da177e4c Linux-2.6.12-rc2 |
24 25 |
#define UIDHASH_MASK (UIDHASH_SZ - 1) #define __uidhashfn(uid) (((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK) |
acce292c8 user namespace: a... |
26 |
#define uidhashentry(ns, uid) ((ns)->uidhash_table + __uidhashfn((uid))) |
1da177e4c Linux-2.6.12-rc2 |
27 |
|
e18b890bb [PATCH] slab: rem... |
28 |
static struct kmem_cache *uid_cachep; |
4021cb279 [PATCH] fix uidha... |
29 30 31 32 33 |
/* * The uidhash_lock is mostly taken from process context, but it is * occasionally also taken from softirq/tasklet context, when * task-structs get RCU-freed. Hence all locking must be softirq-safe. |
3fa97c9db [PATCH] "Fix uidh... |
34 35 36 37 |
* But free_uid() is also called with local interrupts disabled, and running * local_bh_enable() with local interrupts disabled is an error - we'll run * softirq callbacks, and they can unconditionally enable interrupts, and * the caller of free_uid() didn't expect that.. |
4021cb279 [PATCH] fix uidha... |
38 |
*/ |
1da177e4c Linux-2.6.12-rc2 |
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
static DEFINE_SPINLOCK(uidhash_lock); struct user_struct root_user = { .__count = ATOMIC_INIT(1), .processes = ATOMIC_INIT(1), .files = ATOMIC_INIT(0), .sigpending = ATOMIC_INIT(0), .mq_bytes = 0, .locked_shm = 0, #ifdef CONFIG_KEYS .uid_keyring = &root_user_keyring, .session_keyring = &root_session_keyring, #endif }; /* * These routines must be called with the uidhash spinlock held! */ static inline void uid_hash_insert(struct user_struct *up, struct list_head *hashent) { list_add(&up->uidhash_list, hashent); } static inline void uid_hash_remove(struct user_struct *up) { list_del(&up->uidhash_list); } static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent) { struct list_head *up; list_for_each(up, hashent) { struct user_struct *user; user = list_entry(up, struct user_struct, uidhash_list); if(user->uid == uid) { atomic_inc(&user->__count); return user; } } return NULL; } /* * Locate the user_struct for the passed UID. If found, take a ref on it. The * caller must undo that ref with free_uid(). * * If the user_struct could not be found, return NULL. */ struct user_struct *find_user(uid_t uid) { struct user_struct *ret; |
3fa97c9db [PATCH] "Fix uidh... |
94 |
unsigned long flags; |
acce292c8 user namespace: a... |
95 |
struct user_namespace *ns = current->nsproxy->user_ns; |
1da177e4c Linux-2.6.12-rc2 |
96 |
|
3fa97c9db [PATCH] "Fix uidh... |
97 |
spin_lock_irqsave(&uidhash_lock, flags); |
acce292c8 user namespace: a... |
98 |
ret = uid_hash_find(uid, uidhashentry(ns, uid)); |
3fa97c9db [PATCH] "Fix uidh... |
99 |
spin_unlock_irqrestore(&uidhash_lock, flags); |
1da177e4c Linux-2.6.12-rc2 |
100 101 102 103 104 |
return ret; } void free_uid(struct user_struct *up) { |
3fa97c9db [PATCH] "Fix uidh... |
105 |
unsigned long flags; |
36f574135 [PATCH] free_uid(... |
106 107 |
if (!up) return; |
3fa97c9db [PATCH] "Fix uidh... |
108 |
local_irq_save(flags); |
36f574135 [PATCH] free_uid(... |
109 |
if (atomic_dec_and_lock(&up->__count, &uidhash_lock)) { |
1da177e4c Linux-2.6.12-rc2 |
110 |
uid_hash_remove(up); |
36f574135 [PATCH] free_uid(... |
111 |
spin_unlock_irqrestore(&uidhash_lock, flags); |
1da177e4c Linux-2.6.12-rc2 |
112 113 114 |
key_put(up->uid_keyring); key_put(up->session_keyring); kmem_cache_free(uid_cachep, up); |
36f574135 [PATCH] free_uid(... |
115 116 |
} else { local_irq_restore(flags); |
1da177e4c Linux-2.6.12-rc2 |
117 118 |
} } |
acce292c8 user namespace: a... |
119 |
struct user_struct * alloc_uid(struct user_namespace *ns, uid_t uid) |
1da177e4c Linux-2.6.12-rc2 |
120 |
{ |
acce292c8 user namespace: a... |
121 |
struct list_head *hashent = uidhashentry(ns, uid); |
1da177e4c Linux-2.6.12-rc2 |
122 |
struct user_struct *up; |
3fa97c9db [PATCH] "Fix uidh... |
123 |
spin_lock_irq(&uidhash_lock); |
1da177e4c Linux-2.6.12-rc2 |
124 |
up = uid_hash_find(uid, hashent); |
3fa97c9db [PATCH] "Fix uidh... |
125 |
spin_unlock_irq(&uidhash_lock); |
1da177e4c Linux-2.6.12-rc2 |
126 127 128 |
if (!up) { struct user_struct *new; |
e94b17660 [PATCH] slab: rem... |
129 |
new = kmem_cache_alloc(uid_cachep, GFP_KERNEL); |
1da177e4c Linux-2.6.12-rc2 |
130 131 132 133 134 135 136 |
if (!new) return NULL; new->uid = uid; atomic_set(&new->__count, 1); atomic_set(&new->processes, 0); atomic_set(&new->files, 0); atomic_set(&new->sigpending, 0); |
2d9048e20 [PATCH] inotify (... |
137 |
#ifdef CONFIG_INOTIFY_USER |
0eeca2830 [PATCH] inotify |
138 139 140 |
atomic_set(&new->inotify_watches, 0); atomic_set(&new->inotify_devs, 0); #endif |
1da177e4c Linux-2.6.12-rc2 |
141 142 143 |
new->mq_bytes = 0; new->locked_shm = 0; |
d720024e9 [PATCH] selinux: ... |
144 |
if (alloc_uid_keyring(new, current) < 0) { |
1da177e4c Linux-2.6.12-rc2 |
145 146 147 148 149 150 151 152 |
kmem_cache_free(uid_cachep, new); return NULL; } /* * Before adding this, check whether we raced * on adding the same user already.. */ |
3fa97c9db [PATCH] "Fix uidh... |
153 |
spin_lock_irq(&uidhash_lock); |
1da177e4c Linux-2.6.12-rc2 |
154 155 156 157 158 159 160 161 162 |
up = uid_hash_find(uid, hashent); if (up) { key_put(new->uid_keyring); key_put(new->session_keyring); kmem_cache_free(uid_cachep, new); } else { uid_hash_insert(new, hashent); up = new; } |
3fa97c9db [PATCH] "Fix uidh... |
163 |
spin_unlock_irq(&uidhash_lock); |
1da177e4c Linux-2.6.12-rc2 |
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
} return up; } void switch_uid(struct user_struct *new_user) { struct user_struct *old_user; /* What if a process setreuid()'s and this brings the * new uid over his NPROC rlimit? We can check this now * cheaply with the new uid cache, so if it matters * we should be checking for it. -DaveM */ old_user = current->user; atomic_inc(&new_user->processes); atomic_dec(&old_user->processes); switch_uid_keyring(new_user); current->user = new_user; |
45c18b0bb Fix unlikely (but... |
183 184 185 186 187 188 189 190 191 192 |
/* * We need to synchronize with __sigqueue_alloc() * doing a get_uid(p->user).. If that saw the old * user value, we need to wait until it has exited * its critical region before we can free the old * structure. */ smp_mb(); spin_unlock_wait(¤t->sighand->siglock); |
1da177e4c Linux-2.6.12-rc2 |
193 194 195 196 197 198 199 200 201 202 |
free_uid(old_user); suid_keys(current); } static int __init uid_cache_init(void) { int n; uid_cachep = kmem_cache_create("uid_cache", sizeof(struct user_struct), |
20c2df83d mm: Remove slab d... |
203 |
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); |
1da177e4c Linux-2.6.12-rc2 |
204 205 |
for(n = 0; n < UIDHASH_SZ; ++n) |
acce292c8 user namespace: a... |
206 |
INIT_LIST_HEAD(init_user_ns.uidhash_table + n); |
1da177e4c Linux-2.6.12-rc2 |
207 208 |
/* Insert the root user immediately (init already runs as root) */ |
3fa97c9db [PATCH] "Fix uidh... |
209 |
spin_lock_irq(&uidhash_lock); |
acce292c8 user namespace: a... |
210 |
uid_hash_insert(&root_user, uidhashentry(&init_user_ns, 0)); |
3fa97c9db [PATCH] "Fix uidh... |
211 |
spin_unlock_irq(&uidhash_lock); |
1da177e4c Linux-2.6.12-rc2 |
212 213 214 215 216 |
return 0; } module_init(uid_cache_init); |