Eric Lee / smarc-ti-linux-kernel

5
Download as
Browse Code ยป

Commit e79323bd87808fdfbc68ce6c5371bd224d9672ee

Authored by Mikulas Patocka
Committed by Linus Torvalds
1 parent c9eaa447e7
Exists in master and in 13 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.15.y, ti-lsk-linux-4.1.y

user namespace: fix incorrect memory barriers 

smp_read_barrier_depends() can be used if there is data dependency between
the readers - i.e. if the read operation after the barrier uses address
that was obtained from the read operation before the barrier.

In this file, there is only control dependency, no data dependecy, so the
use of smp_read_barrier_depends() is incorrect. The code could fail in the
following way:
* the cpu predicts that idx < entries is true and starts executing the
  body of the for loop
* the cpu fetches map->extent[0].first and map->extent[0].count
* the cpu fetches map->nr_extents
* the cpu verifies that idx < extents is true, so it commits the
  instructions in the body of the for loop

The problem is that in this scenario, the cpu read map->extent[0].first
and map->nr_extents in the wrong order. We need a full read memory barrier
to prevent it.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 5 additions and 6 deletions Inline Diff

kernel/user_namespace.c
Diff comments   View file @ e79323b
1 /* 1 /*
2 * This program is free software; you can redistribute it and/or 2 * This program is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU General Public License as 3 * modify it under the terms of the GNU General Public License as
4 * published by the Free Software Foundation, version 2 of the 4 * published by the Free Software Foundation, version 2 of the
5 * License. 5 * License.
6 */ 6 */
7 7
8 #include <linux/export.h> 8 #include <linux/export.h>
9 #include <linux/nsproxy.h> 9 #include <linux/nsproxy.h>
10 #include <linux/slab.h> 10 #include <linux/slab.h>
11 #include <linux/user_namespace.h> 11 #include <linux/user_namespace.h>
12 #include <linux/proc_ns.h> 12 #include <linux/proc_ns.h>
13 #include <linux/highuid.h> 13 #include <linux/highuid.h>
14 #include <linux/cred.h> 14 #include <linux/cred.h>
15 #include <linux/securebits.h> 15 #include <linux/securebits.h>
16 #include <linux/keyctl.h> 16 #include <linux/keyctl.h>
17 #include <linux/key-type.h> 17 #include <linux/key-type.h>
18 #include <keys/user-type.h> 18 #include <keys/user-type.h>
19 #include <linux/seq_file.h> 19 #include <linux/seq_file.h>
20 #include <linux/fs.h> 20 #include <linux/fs.h>
21 #include <linux/uaccess.h> 21 #include <linux/uaccess.h>
22 #include <linux/ctype.h> 22 #include <linux/ctype.h>
23 #include <linux/projid.h> 23 #include <linux/projid.h>
24 #include <linux/fs_struct.h> 24 #include <linux/fs_struct.h>
25 25
26 static struct kmem_cache *user_ns_cachep __read_mostly; 26 static struct kmem_cache *user_ns_cachep __read_mostly;
27 27
28 static bool new_idmap_permitted(const struct file *file, 28 static bool new_idmap_permitted(const struct file *file,
29 struct user_namespace *ns, int cap_setid, 29 struct user_namespace *ns, int cap_setid,
30 struct uid_gid_map *map); 30 struct uid_gid_map *map);
31 31
32 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) 32 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
33 { 33 {
34 /* Start with the same capabilities as init but useless for doing 34 /* Start with the same capabilities as init but useless for doing
35 * anything as the capabilities are bound to the new user namespace. 35 * anything as the capabilities are bound to the new user namespace.
36 */ 36 */
37 cred->securebits = SECUREBITS_DEFAULT; 37 cred->securebits = SECUREBITS_DEFAULT;
38 cred->cap_inheritable = CAP_EMPTY_SET; 38 cred->cap_inheritable = CAP_EMPTY_SET;
39 cred->cap_permitted = CAP_FULL_SET; 39 cred->cap_permitted = CAP_FULL_SET;
40 cred->cap_effective = CAP_FULL_SET; 40 cred->cap_effective = CAP_FULL_SET;
41 cred->cap_bset = CAP_FULL_SET; 41 cred->cap_bset = CAP_FULL_SET;
42 #ifdef CONFIG_KEYS 42 #ifdef CONFIG_KEYS
43 key_put(cred->request_key_auth); 43 key_put(cred->request_key_auth);
44 cred->request_key_auth = NULL; 44 cred->request_key_auth = NULL;
45 #endif 45 #endif
46 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */ 46 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
47 cred->user_ns = user_ns; 47 cred->user_ns = user_ns;
48 } 48 }
49 49
50 /* 50 /*
51 * Create a new user namespace, deriving the creator from the user in the 51 * Create a new user namespace, deriving the creator from the user in the
52 * passed credentials, and replacing that user with the new root user for the 52 * passed credentials, and replacing that user with the new root user for the
53 * new namespace. 53 * new namespace.
54 * 54 *
55 * This is called by copy_creds(), which will finish setting the target task's 55 * This is called by copy_creds(), which will finish setting the target task's
56 * credentials. 56 * credentials.
57 */ 57 */
58 int create_user_ns(struct cred *new) 58 int create_user_ns(struct cred *new)
59 { 59 {
60 struct user_namespace *ns, *parent_ns = new->user_ns; 60 struct user_namespace *ns, *parent_ns = new->user_ns;
61 kuid_t owner = new->euid; 61 kuid_t owner = new->euid;
62 kgid_t group = new->egid; 62 kgid_t group = new->egid;
63 int ret; 63 int ret;
64 64
65 if (parent_ns->level > 32) 65 if (parent_ns->level > 32)
66 return -EUSERS; 66 return -EUSERS;
67 67
68 /* 68 /*
69 * Verify that we can not violate the policy of which files 69 * Verify that we can not violate the policy of which files
70 * may be accessed that is specified by the root directory, 70 * may be accessed that is specified by the root directory,
71 * by verifing that the root directory is at the root of the 71 * by verifing that the root directory is at the root of the
72 * mount namespace which allows all files to be accessed. 72 * mount namespace which allows all files to be accessed.
73 */ 73 */
74 if (current_chrooted()) 74 if (current_chrooted())
75 return -EPERM; 75 return -EPERM;
76 76
77 /* The creator needs a mapping in the parent user namespace 77 /* The creator needs a mapping in the parent user namespace
78 * or else we won't be able to reasonably tell userspace who 78 * or else we won't be able to reasonably tell userspace who
79 * created a user_namespace. 79 * created a user_namespace.
80 */ 80 */
81 if (!kuid_has_mapping(parent_ns, owner) || 81 if (!kuid_has_mapping(parent_ns, owner) ||
82 !kgid_has_mapping(parent_ns, group)) 82 !kgid_has_mapping(parent_ns, group))
83 return -EPERM; 83 return -EPERM;
84 84
85 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); 85 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
86 if (!ns) 86 if (!ns)
87 return -ENOMEM; 87 return -ENOMEM;
88 88
89 ret = proc_alloc_inum(&ns->proc_inum); 89 ret = proc_alloc_inum(&ns->proc_inum);
90 if (ret) { 90 if (ret) {
91 kmem_cache_free(user_ns_cachep, ns); 91 kmem_cache_free(user_ns_cachep, ns);
92 return ret; 92 return ret;
93 } 93 }
94 94
95 atomic_set(&ns->count, 1); 95 atomic_set(&ns->count, 1);
96 /* Leave the new->user_ns reference with the new user namespace. */ 96 /* Leave the new->user_ns reference with the new user namespace. */
97 ns->parent = parent_ns; 97 ns->parent = parent_ns;
98 ns->level = parent_ns->level + 1; 98 ns->level = parent_ns->level + 1;
99 ns->owner = owner; 99 ns->owner = owner;
100 ns->group = group; 100 ns->group = group;
101 101
102 set_cred_user_ns(new, ns); 102 set_cred_user_ns(new, ns);
103 103
104 #ifdef CONFIG_PERSISTENT_KEYRINGS 104 #ifdef CONFIG_PERSISTENT_KEYRINGS
105 init_rwsem(&ns->persistent_keyring_register_sem); 105 init_rwsem(&ns->persistent_keyring_register_sem);
106 #endif 106 #endif
107 return 0; 107 return 0;
108 } 108 }
109 109
110 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) 110 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
111 { 111 {
112 struct cred *cred; 112 struct cred *cred;
113 int err = -ENOMEM; 113 int err = -ENOMEM;
114 114
115 if (!(unshare_flags & CLONE_NEWUSER)) 115 if (!(unshare_flags & CLONE_NEWUSER))
116 return 0; 116 return 0;
117 117
118 cred = prepare_creds(); 118 cred = prepare_creds();
119 if (cred) { 119 if (cred) {
120 err = create_user_ns(cred); 120 err = create_user_ns(cred);
121 if (err) 121 if (err)
122 put_cred(cred); 122 put_cred(cred);
123 else 123 else
124 *new_cred = cred; 124 *new_cred = cred;
125 } 125 }
126 126
127 return err; 127 return err;
128 } 128 }
129 129
130 void free_user_ns(struct user_namespace *ns) 130 void free_user_ns(struct user_namespace *ns)
131 { 131 {
132 struct user_namespace *parent; 132 struct user_namespace *parent;
133 133
134 do { 134 do {
135 parent = ns->parent; 135 parent = ns->parent;
136 #ifdef CONFIG_PERSISTENT_KEYRINGS 136 #ifdef CONFIG_PERSISTENT_KEYRINGS
137 key_put(ns->persistent_keyring_register); 137 key_put(ns->persistent_keyring_register);
138 #endif 138 #endif
139 proc_free_inum(ns->proc_inum); 139 proc_free_inum(ns->proc_inum);
140 kmem_cache_free(user_ns_cachep, ns); 140 kmem_cache_free(user_ns_cachep, ns);
141 ns = parent; 141 ns = parent;
142 } while (atomic_dec_and_test(&parent->count)); 142 } while (atomic_dec_and_test(&parent->count));
143 } 143 }
144 EXPORT_SYMBOL(free_user_ns); 144 EXPORT_SYMBOL(free_user_ns);
145 145
146 static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count) 146 static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count)
147 { 147 {
148 unsigned idx, extents; 148 unsigned idx, extents;
149 u32 first, last, id2; 149 u32 first, last, id2;
150 150
151 id2 = id + count - 1; 151 id2 = id + count - 1;
152 152
153 /* Find the matching extent */ 153 /* Find the matching extent */
154 extents = map->nr_extents; 154 extents = map->nr_extents;
155 smp_read_barrier_depends(); 155 smp_rmb();
156 for (idx = 0; idx < extents; idx++) { 156 for (idx = 0; idx < extents; idx++) {
157 first = map->extent[idx].first; 157 first = map->extent[idx].first;
158 last = first + map->extent[idx].count - 1; 158 last = first + map->extent[idx].count - 1;
159 if (id >= first && id <= last && 159 if (id >= first && id <= last &&
160 (id2 >= first && id2 <= last)) 160 (id2 >= first && id2 <= last))
161 break; 161 break;
162 } 162 }
163 /* Map the id or note failure */ 163 /* Map the id or note failure */
164 if (idx < extents) 164 if (idx < extents)
165 id = (id - first) + map->extent[idx].lower_first; 165 id = (id - first) + map->extent[idx].lower_first;
166 else 166 else
167 id = (u32) -1; 167 id = (u32) -1;
168 168
169 return id; 169 return id;
170 } 170 }
171 171
172 static u32 map_id_down(struct uid_gid_map *map, u32 id) 172 static u32 map_id_down(struct uid_gid_map *map, u32 id)
173 { 173 {
174 unsigned idx, extents; 174 unsigned idx, extents;
175 u32 first, last; 175 u32 first, last;
176 176
177 /* Find the matching extent */ 177 /* Find the matching extent */
178 extents = map->nr_extents; 178 extents = map->nr_extents;
179 smp_read_barrier_depends(); 179 smp_rmb();
180 for (idx = 0; idx < extents; idx++) { 180 for (idx = 0; idx < extents; idx++) {
181 first = map->extent[idx].first; 181 first = map->extent[idx].first;
182 last = first + map->extent[idx].count - 1; 182 last = first + map->extent[idx].count - 1;
183 if (id >= first && id <= last) 183 if (id >= first && id <= last)
184 break; 184 break;
185 } 185 }
186 /* Map the id or note failure */ 186 /* Map the id or note failure */
187 if (idx < extents) 187 if (idx < extents)
188 id = (id - first) + map->extent[idx].lower_first; 188 id = (id - first) + map->extent[idx].lower_first;
189 else 189 else
190 id = (u32) -1; 190 id = (u32) -1;
191 191
192 return id; 192 return id;
193 } 193 }
194 194
195 static u32 map_id_up(struct uid_gid_map *map, u32 id) 195 static u32 map_id_up(struct uid_gid_map *map, u32 id)
196 { 196 {
197 unsigned idx, extents; 197 unsigned idx, extents;
198 u32 first, last; 198 u32 first, last;
199 199
200 /* Find the matching extent */ 200 /* Find the matching extent */
201 extents = map->nr_extents; 201 extents = map->nr_extents;
202 smp_read_barrier_depends(); 202 smp_rmb();
203 for (idx = 0; idx < extents; idx++) { 203 for (idx = 0; idx < extents; idx++) {
204 first = map->extent[idx].lower_first; 204 first = map->extent[idx].lower_first;
205 last = first + map->extent[idx].count - 1; 205 last = first + map->extent[idx].count - 1;
206 if (id >= first && id <= last) 206 if (id >= first && id <= last)
207 break; 207 break;
208 } 208 }
209 /* Map the id or note failure */ 209 /* Map the id or note failure */
210 if (idx < extents) 210 if (idx < extents)
211 id = (id - first) + map->extent[idx].first; 211 id = (id - first) + map->extent[idx].first;
212 else 212 else
213 id = (u32) -1; 213 id = (u32) -1;
214 214
215 return id; 215 return id;
216 } 216 }
217 217
218 /** 218 /**
219 * make_kuid - Map a user-namespace uid pair into a kuid. 219 * make_kuid - Map a user-namespace uid pair into a kuid.
220 * @ns: User namespace that the uid is in 220 * @ns: User namespace that the uid is in
221 * @uid: User identifier 221 * @uid: User identifier
222 * 222 *
223 * Maps a user-namespace uid pair into a kernel internal kuid, 223 * Maps a user-namespace uid pair into a kernel internal kuid,
224 * and returns that kuid. 224 * and returns that kuid.
225 * 225 *
226 * When there is no mapping defined for the user-namespace uid 226 * When there is no mapping defined for the user-namespace uid
227 * pair INVALID_UID is returned. Callers are expected to test 227 * pair INVALID_UID is returned. Callers are expected to test
228 * for and handle INVALID_UID being returned. INVALID_UID 228 * for and handle INVALID_UID being returned. INVALID_UID
229 * may be tested for using uid_valid(). 229 * may be tested for using uid_valid().
230 */ 230 */
231 kuid_t make_kuid(struct user_namespace *ns, uid_t uid) 231 kuid_t make_kuid(struct user_namespace *ns, uid_t uid)
232 { 232 {
233 /* Map the uid to a global kernel uid */ 233 /* Map the uid to a global kernel uid */
234 return KUIDT_INIT(map_id_down(&ns->uid_map, uid)); 234 return KUIDT_INIT(map_id_down(&ns->uid_map, uid));
235 } 235 }
236 EXPORT_SYMBOL(make_kuid); 236 EXPORT_SYMBOL(make_kuid);
237 237
238 /** 238 /**
239 * from_kuid - Create a uid from a kuid user-namespace pair. 239 * from_kuid - Create a uid from a kuid user-namespace pair.
240 * @targ: The user namespace we want a uid in. 240 * @targ: The user namespace we want a uid in.
241 * @kuid: The kernel internal uid to start with. 241 * @kuid: The kernel internal uid to start with.
242 * 242 *
243 * Map @kuid into the user-namespace specified by @targ and 243 * Map @kuid into the user-namespace specified by @targ and
244 * return the resulting uid. 244 * return the resulting uid.
245 * 245 *
246 * There is always a mapping into the initial user_namespace. 246 * There is always a mapping into the initial user_namespace.
247 * 247 *
248 * If @kuid has no mapping in @targ (uid_t)-1 is returned. 248 * If @kuid has no mapping in @targ (uid_t)-1 is returned.
249 */ 249 */
250 uid_t from_kuid(struct user_namespace *targ, kuid_t kuid) 250 uid_t from_kuid(struct user_namespace *targ, kuid_t kuid)
251 { 251 {
252 /* Map the uid from a global kernel uid */ 252 /* Map the uid from a global kernel uid */
253 return map_id_up(&targ->uid_map, __kuid_val(kuid)); 253 return map_id_up(&targ->uid_map, __kuid_val(kuid));
254 } 254 }
255 EXPORT_SYMBOL(from_kuid); 255 EXPORT_SYMBOL(from_kuid);
256 256
257 /** 257 /**
258 * from_kuid_munged - Create a uid from a kuid user-namespace pair. 258 * from_kuid_munged - Create a uid from a kuid user-namespace pair.
259 * @targ: The user namespace we want a uid in. 259 * @targ: The user namespace we want a uid in.
260 * @kuid: The kernel internal uid to start with. 260 * @kuid: The kernel internal uid to start with.
261 * 261 *
262 * Map @kuid into the user-namespace specified by @targ and 262 * Map @kuid into the user-namespace specified by @targ and
263 * return the resulting uid. 263 * return the resulting uid.
264 * 264 *
265 * There is always a mapping into the initial user_namespace. 265 * There is always a mapping into the initial user_namespace.
266 * 266 *
267 * Unlike from_kuid from_kuid_munged never fails and always 267 * Unlike from_kuid from_kuid_munged never fails and always
268 * returns a valid uid. This makes from_kuid_munged appropriate 268 * returns a valid uid. This makes from_kuid_munged appropriate
269 * for use in syscalls like stat and getuid where failing the 269 * for use in syscalls like stat and getuid where failing the
270 * system call and failing to provide a valid uid are not an 270 * system call and failing to provide a valid uid are not an
271 * options. 271 * options.
272 * 272 *
273 * If @kuid has no mapping in @targ overflowuid is returned. 273 * If @kuid has no mapping in @targ overflowuid is returned.
274 */ 274 */
275 uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid) 275 uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid)
276 { 276 {
277 uid_t uid; 277 uid_t uid;
278 uid = from_kuid(targ, kuid); 278 uid = from_kuid(targ, kuid);
279 279
280 if (uid == (uid_t) -1) 280 if (uid == (uid_t) -1)
281 uid = overflowuid; 281 uid = overflowuid;
282 return uid; 282 return uid;
283 } 283 }
284 EXPORT_SYMBOL(from_kuid_munged); 284 EXPORT_SYMBOL(from_kuid_munged);
285 285
286 /** 286 /**
287 * make_kgid - Map a user-namespace gid pair into a kgid. 287 * make_kgid - Map a user-namespace gid pair into a kgid.
288 * @ns: User namespace that the gid is in 288 * @ns: User namespace that the gid is in
289 * @uid: group identifier 289 * @uid: group identifier
290 * 290 *
291 * Maps a user-namespace gid pair into a kernel internal kgid, 291 * Maps a user-namespace gid pair into a kernel internal kgid,
292 * and returns that kgid. 292 * and returns that kgid.
293 * 293 *
294 * When there is no mapping defined for the user-namespace gid 294 * When there is no mapping defined for the user-namespace gid
295 * pair INVALID_GID is returned. Callers are expected to test 295 * pair INVALID_GID is returned. Callers are expected to test
296 * for and handle INVALID_GID being returned. INVALID_GID may be 296 * for and handle INVALID_GID being returned. INVALID_GID may be
297 * tested for using gid_valid(). 297 * tested for using gid_valid().
298 */ 298 */
299 kgid_t make_kgid(struct user_namespace *ns, gid_t gid) 299 kgid_t make_kgid(struct user_namespace *ns, gid_t gid)
300 { 300 {
301 /* Map the gid to a global kernel gid */ 301 /* Map the gid to a global kernel gid */
302 return KGIDT_INIT(map_id_down(&ns->gid_map, gid)); 302 return KGIDT_INIT(map_id_down(&ns->gid_map, gid));
303 } 303 }
304 EXPORT_SYMBOL(make_kgid); 304 EXPORT_SYMBOL(make_kgid);
305 305
306 /** 306 /**
307 * from_kgid - Create a gid from a kgid user-namespace pair. 307 * from_kgid - Create a gid from a kgid user-namespace pair.
308 * @targ: The user namespace we want a gid in. 308 * @targ: The user namespace we want a gid in.
309 * @kgid: The kernel internal gid to start with. 309 * @kgid: The kernel internal gid to start with.
310 * 310 *
311 * Map @kgid into the user-namespace specified by @targ and 311 * Map @kgid into the user-namespace specified by @targ and
312 * return the resulting gid. 312 * return the resulting gid.
313 * 313 *
314 * There is always a mapping into the initial user_namespace. 314 * There is always a mapping into the initial user_namespace.
315 * 315 *
316 * If @kgid has no mapping in @targ (gid_t)-1 is returned. 316 * If @kgid has no mapping in @targ (gid_t)-1 is returned.
317 */ 317 */
318 gid_t from_kgid(struct user_namespace *targ, kgid_t kgid) 318 gid_t from_kgid(struct user_namespace *targ, kgid_t kgid)
319 { 319 {
320 /* Map the gid from a global kernel gid */ 320 /* Map the gid from a global kernel gid */
321 return map_id_up(&targ->gid_map, __kgid_val(kgid)); 321 return map_id_up(&targ->gid_map, __kgid_val(kgid));
322 } 322 }
323 EXPORT_SYMBOL(from_kgid); 323 EXPORT_SYMBOL(from_kgid);
324 324
325 /** 325 /**
326 * from_kgid_munged - Create a gid from a kgid user-namespace pair. 326 * from_kgid_munged - Create a gid from a kgid user-namespace pair.
327 * @targ: The user namespace we want a gid in. 327 * @targ: The user namespace we want a gid in.
328 * @kgid: The kernel internal gid to start with. 328 * @kgid: The kernel internal gid to start with.
329 * 329 *
330 * Map @kgid into the user-namespace specified by @targ and 330 * Map @kgid into the user-namespace specified by @targ and
331 * return the resulting gid. 331 * return the resulting gid.
332 * 332 *
333 * There is always a mapping into the initial user_namespace. 333 * There is always a mapping into the initial user_namespace.
334 * 334 *
335 * Unlike from_kgid from_kgid_munged never fails and always 335 * Unlike from_kgid from_kgid_munged never fails and always
336 * returns a valid gid. This makes from_kgid_munged appropriate 336 * returns a valid gid. This makes from_kgid_munged appropriate
337 * for use in syscalls like stat and getgid where failing the 337 * for use in syscalls like stat and getgid where failing the
338 * system call and failing to provide a valid gid are not options. 338 * system call and failing to provide a valid gid are not options.
339 * 339 *
340 * If @kgid has no mapping in @targ overflowgid is returned. 340 * If @kgid has no mapping in @targ overflowgid is returned.
341 */ 341 */
342 gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid) 342 gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid)
343 { 343 {
344 gid_t gid; 344 gid_t gid;
345 gid = from_kgid(targ, kgid); 345 gid = from_kgid(targ, kgid);
346 346
347 if (gid == (gid_t) -1) 347 if (gid == (gid_t) -1)
348 gid = overflowgid; 348 gid = overflowgid;
349 return gid; 349 return gid;
350 } 350 }
351 EXPORT_SYMBOL(from_kgid_munged); 351 EXPORT_SYMBOL(from_kgid_munged);
352 352
353 /** 353 /**
354 * make_kprojid - Map a user-namespace projid pair into a kprojid. 354 * make_kprojid - Map a user-namespace projid pair into a kprojid.
355 * @ns: User namespace that the projid is in 355 * @ns: User namespace that the projid is in
356 * @projid: Project identifier 356 * @projid: Project identifier
357 * 357 *
358 * Maps a user-namespace uid pair into a kernel internal kuid, 358 * Maps a user-namespace uid pair into a kernel internal kuid,
359 * and returns that kuid. 359 * and returns that kuid.
360 * 360 *
361 * When there is no mapping defined for the user-namespace projid 361 * When there is no mapping defined for the user-namespace projid
362 * pair INVALID_PROJID is returned. Callers are expected to test 362 * pair INVALID_PROJID is returned. Callers are expected to test
363 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID 363 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID
364 * may be tested for using projid_valid(). 364 * may be tested for using projid_valid().
365 */ 365 */
366 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid) 366 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)
367 { 367 {
368 /* Map the uid to a global kernel uid */ 368 /* Map the uid to a global kernel uid */
369 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid)); 369 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));
370 } 370 }
371 EXPORT_SYMBOL(make_kprojid); 371 EXPORT_SYMBOL(make_kprojid);
372 372
373 /** 373 /**
374 * from_kprojid - Create a projid from a kprojid user-namespace pair. 374 * from_kprojid - Create a projid from a kprojid user-namespace pair.
375 * @targ: The user namespace we want a projid in. 375 * @targ: The user namespace we want a projid in.
376 * @kprojid: The kernel internal project identifier to start with. 376 * @kprojid: The kernel internal project identifier to start with.
377 * 377 *
378 * Map @kprojid into the user-namespace specified by @targ and 378 * Map @kprojid into the user-namespace specified by @targ and
379 * return the resulting projid. 379 * return the resulting projid.
380 * 380 *
381 * There is always a mapping into the initial user_namespace. 381 * There is always a mapping into the initial user_namespace.
382 * 382 *
383 * If @kprojid has no mapping in @targ (projid_t)-1 is returned. 383 * If @kprojid has no mapping in @targ (projid_t)-1 is returned.
384 */ 384 */
385 projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid) 385 projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid)
386 { 386 {
387 /* Map the uid from a global kernel uid */ 387 /* Map the uid from a global kernel uid */
388 return map_id_up(&targ->projid_map, __kprojid_val(kprojid)); 388 return map_id_up(&targ->projid_map, __kprojid_val(kprojid));
389 } 389 }
390 EXPORT_SYMBOL(from_kprojid); 390 EXPORT_SYMBOL(from_kprojid);
391 391
392 /** 392 /**
393 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair. 393 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair.
394 * @targ: The user namespace we want a projid in. 394 * @targ: The user namespace we want a projid in.
395 * @kprojid: The kernel internal projid to start with. 395 * @kprojid: The kernel internal projid to start with.
396 * 396 *
397 * Map @kprojid into the user-namespace specified by @targ and 397 * Map @kprojid into the user-namespace specified by @targ and
398 * return the resulting projid. 398 * return the resulting projid.
399 * 399 *
400 * There is always a mapping into the initial user_namespace. 400 * There is always a mapping into the initial user_namespace.
401 * 401 *
402 * Unlike from_kprojid from_kprojid_munged never fails and always 402 * Unlike from_kprojid from_kprojid_munged never fails and always
403 * returns a valid projid. This makes from_kprojid_munged 403 * returns a valid projid. This makes from_kprojid_munged
404 * appropriate for use in syscalls like stat and where 404 * appropriate for use in syscalls like stat and where
405 * failing the system call and failing to provide a valid projid are 405 * failing the system call and failing to provide a valid projid are
406 * not an options. 406 * not an options.
407 * 407 *
408 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned. 408 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned.
409 */ 409 */
410 projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid) 410 projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid)
411 { 411 {
412 projid_t projid; 412 projid_t projid;
413 projid = from_kprojid(targ, kprojid); 413 projid = from_kprojid(targ, kprojid);
414 414
415 if (projid == (projid_t) -1) 415 if (projid == (projid_t) -1)
416 projid = OVERFLOW_PROJID; 416 projid = OVERFLOW_PROJID;
417 return projid; 417 return projid;
418 } 418 }
419 EXPORT_SYMBOL(from_kprojid_munged); 419 EXPORT_SYMBOL(from_kprojid_munged);
420 420
421 421
422 static int uid_m_show(struct seq_file *seq, void *v) 422 static int uid_m_show(struct seq_file *seq, void *v)
423 { 423 {
424 struct user_namespace *ns = seq->private; 424 struct user_namespace *ns = seq->private;
425 struct uid_gid_extent *extent = v; 425 struct uid_gid_extent *extent = v;
426 struct user_namespace *lower_ns; 426 struct user_namespace *lower_ns;
427 uid_t lower; 427 uid_t lower;
428 428
429 lower_ns = seq_user_ns(seq); 429 lower_ns = seq_user_ns(seq);
430 if ((lower_ns == ns) && lower_ns->parent) 430 if ((lower_ns == ns) && lower_ns->parent)
431 lower_ns = lower_ns->parent; 431 lower_ns = lower_ns->parent;
432 432
433 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first)); 433 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first));
434 434
435 seq_printf(seq, "%10u %10u %10u\n", 435 seq_printf(seq, "%10u %10u %10u\n",
436 extent->first, 436 extent->first,
437 lower, 437 lower,
438 extent->count); 438 extent->count);
439 439
440 return 0; 440 return 0;
441 } 441 }
442 442
443 static int gid_m_show(struct seq_file *seq, void *v) 443 static int gid_m_show(struct seq_file *seq, void *v)
444 { 444 {
445 struct user_namespace *ns = seq->private; 445 struct user_namespace *ns = seq->private;
446 struct uid_gid_extent *extent = v; 446 struct uid_gid_extent *extent = v;
447 struct user_namespace *lower_ns; 447 struct user_namespace *lower_ns;
448 gid_t lower; 448 gid_t lower;
449 449
450 lower_ns = seq_user_ns(seq); 450 lower_ns = seq_user_ns(seq);
451 if ((lower_ns == ns) && lower_ns->parent) 451 if ((lower_ns == ns) && lower_ns->parent)
452 lower_ns = lower_ns->parent; 452 lower_ns = lower_ns->parent;
453 453
454 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first)); 454 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first));
455 455
456 seq_printf(seq, "%10u %10u %10u\n", 456 seq_printf(seq, "%10u %10u %10u\n",
457 extent->first, 457 extent->first,
458 lower, 458 lower,
459 extent->count); 459 extent->count);
460 460
461 return 0; 461 return 0;
462 } 462 }
463 463
464 static int projid_m_show(struct seq_file *seq, void *v) 464 static int projid_m_show(struct seq_file *seq, void *v)
465 { 465 {
466 struct user_namespace *ns = seq->private; 466 struct user_namespace *ns = seq->private;
467 struct uid_gid_extent *extent = v; 467 struct uid_gid_extent *extent = v;
468 struct user_namespace *lower_ns; 468 struct user_namespace *lower_ns;
469 projid_t lower; 469 projid_t lower;
470 470
471 lower_ns = seq_user_ns(seq); 471 lower_ns = seq_user_ns(seq);
472 if ((lower_ns == ns) && lower_ns->parent) 472 if ((lower_ns == ns) && lower_ns->parent)
473 lower_ns = lower_ns->parent; 473 lower_ns = lower_ns->parent;
474 474
475 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first)); 475 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first));
476 476
477 seq_printf(seq, "%10u %10u %10u\n", 477 seq_printf(seq, "%10u %10u %10u\n",
478 extent->first, 478 extent->first,
479 lower, 479 lower,
480 extent->count); 480 extent->count);
481 481
482 return 0; 482 return 0;
483 } 483 }
484 484
485 static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map) 485 static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map)
486 { 486 {
487 struct uid_gid_extent *extent = NULL; 487 struct uid_gid_extent *extent = NULL;
488 loff_t pos = *ppos; 488 loff_t pos = *ppos;
489 489
490 if (pos < map->nr_extents) 490 if (pos < map->nr_extents)
491 extent = &map->extent[pos]; 491 extent = &map->extent[pos];
492 492
493 return extent; 493 return extent;
494 } 494 }
495 495
496 static void *uid_m_start(struct seq_file *seq, loff_t *ppos) 496 static void *uid_m_start(struct seq_file *seq, loff_t *ppos)
497 { 497 {
498 struct user_namespace *ns = seq->private; 498 struct user_namespace *ns = seq->private;
499 499
500 return m_start(seq, ppos, &ns->uid_map); 500 return m_start(seq, ppos, &ns->uid_map);
501 } 501 }
502 502
503 static void *gid_m_start(struct seq_file *seq, loff_t *ppos) 503 static void *gid_m_start(struct seq_file *seq, loff_t *ppos)
504 { 504 {
505 struct user_namespace *ns = seq->private; 505 struct user_namespace *ns = seq->private;
506 506
507 return m_start(seq, ppos, &ns->gid_map); 507 return m_start(seq, ppos, &ns->gid_map);
508 } 508 }
509 509
510 static void *projid_m_start(struct seq_file *seq, loff_t *ppos) 510 static void *projid_m_start(struct seq_file *seq, loff_t *ppos)
511 { 511 {
512 struct user_namespace *ns = seq->private; 512 struct user_namespace *ns = seq->private;
513 513
514 return m_start(seq, ppos, &ns->projid_map); 514 return m_start(seq, ppos, &ns->projid_map);
515 } 515 }
516 516
517 static void *m_next(struct seq_file *seq, void *v, loff_t *pos) 517 static void *m_next(struct seq_file *seq, void *v, loff_t *pos)
518 { 518 {
519 (*pos)++; 519 (*pos)++;
520 return seq->op->start(seq, pos); 520 return seq->op->start(seq, pos);
521 } 521 }
522 522
523 static void m_stop(struct seq_file *seq, void *v) 523 static void m_stop(struct seq_file *seq, void *v)
524 { 524 {
525 return; 525 return;
526 } 526 }
527 527
528 struct seq_operations proc_uid_seq_operations = { 528 struct seq_operations proc_uid_seq_operations = {
529 .start = uid_m_start, 529 .start = uid_m_start,
530 .stop = m_stop, 530 .stop = m_stop,
531 .next = m_next, 531 .next = m_next,
532 .show = uid_m_show, 532 .show = uid_m_show,
533 }; 533 };
534 534
535 struct seq_operations proc_gid_seq_operations = { 535 struct seq_operations proc_gid_seq_operations = {
536 .start = gid_m_start, 536 .start = gid_m_start,
537 .stop = m_stop, 537 .stop = m_stop,
538 .next = m_next, 538 .next = m_next,
539 .show = gid_m_show, 539 .show = gid_m_show,
540 }; 540 };
541 541
542 struct seq_operations proc_projid_seq_operations = { 542 struct seq_operations proc_projid_seq_operations = {
543 .start = projid_m_start, 543 .start = projid_m_start,
544 .stop = m_stop, 544 .stop = m_stop,
545 .next = m_next, 545 .next = m_next,
546 .show = projid_m_show, 546 .show = projid_m_show,
547 }; 547 };
548 548
549 static bool mappings_overlap(struct uid_gid_map *new_map, struct uid_gid_extent *extent) 549 static bool mappings_overlap(struct uid_gid_map *new_map, struct uid_gid_extent *extent)
550 { 550 {
551 u32 upper_first, lower_first, upper_last, lower_last; 551 u32 upper_first, lower_first, upper_last, lower_last;
552 unsigned idx; 552 unsigned idx;
553 553
554 upper_first = extent->first; 554 upper_first = extent->first;
555 lower_first = extent->lower_first; 555 lower_first = extent->lower_first;
556 upper_last = upper_first + extent->count - 1; 556 upper_last = upper_first + extent->count - 1;
557 lower_last = lower_first + extent->count - 1; 557 lower_last = lower_first + extent->count - 1;
558 558
559 for (idx = 0; idx < new_map->nr_extents; idx++) { 559 for (idx = 0; idx < new_map->nr_extents; idx++) {
560 u32 prev_upper_first, prev_lower_first; 560 u32 prev_upper_first, prev_lower_first;
561 u32 prev_upper_last, prev_lower_last; 561 u32 prev_upper_last, prev_lower_last;
562 struct uid_gid_extent *prev; 562 struct uid_gid_extent *prev;
563 563
564 prev = &new_map->extent[idx]; 564 prev = &new_map->extent[idx];
565 565
566 prev_upper_first = prev->first; 566 prev_upper_first = prev->first;
567 prev_lower_first = prev->lower_first; 567 prev_lower_first = prev->lower_first;
568 prev_upper_last = prev_upper_first + prev->count - 1; 568 prev_upper_last = prev_upper_first + prev->count - 1;
569 prev_lower_last = prev_lower_first + prev->count - 1; 569 prev_lower_last = prev_lower_first + prev->count - 1;
570 570
571 /* Does the upper range intersect a previous extent? */ 571 /* Does the upper range intersect a previous extent? */
572 if ((prev_upper_first <= upper_last) && 572 if ((prev_upper_first <= upper_last) &&
573 (prev_upper_last >= upper_first)) 573 (prev_upper_last >= upper_first))
574 return true; 574 return true;
575 575
576 /* Does the lower range intersect a previous extent? */ 576 /* Does the lower range intersect a previous extent? */
577 if ((prev_lower_first <= lower_last) && 577 if ((prev_lower_first <= lower_last) &&
578 (prev_lower_last >= lower_first)) 578 (prev_lower_last >= lower_first))
579 return true; 579 return true;
580 } 580 }
581 return false; 581 return false;
582 } 582 }
583 583
584 584
585 static DEFINE_MUTEX(id_map_mutex); 585 static DEFINE_MUTEX(id_map_mutex);
586 586
587 static ssize_t map_write(struct file *file, const char __user *buf, 587 static ssize_t map_write(struct file *file, const char __user *buf,
588 size_t count, loff_t *ppos, 588 size_t count, loff_t *ppos,
589 int cap_setid, 589 int cap_setid,
590 struct uid_gid_map *map, 590 struct uid_gid_map *map,
591 struct uid_gid_map *parent_map) 591 struct uid_gid_map *parent_map)
592 { 592 {
593 struct seq_file *seq = file->private_data; 593 struct seq_file *seq = file->private_data;
594 struct user_namespace *ns = seq->private; 594 struct user_namespace *ns = seq->private;
595 struct uid_gid_map new_map; 595 struct uid_gid_map new_map;
596 unsigned idx; 596 unsigned idx;
597 struct uid_gid_extent *extent = NULL; 597 struct uid_gid_extent *extent = NULL;
598 unsigned long page = 0; 598 unsigned long page = 0;
599 char *kbuf, *pos, *next_line; 599 char *kbuf, *pos, *next_line;
600 ssize_t ret = -EINVAL; 600 ssize_t ret = -EINVAL;
601 601
602 /* 602 /*
603 * The id_map_mutex serializes all writes to any given map. 603 * The id_map_mutex serializes all writes to any given map.
604 * 604 *
605 * Any map is only ever written once. 605 * Any map is only ever written once.
606 * 606 *
607 * An id map fits within 1 cache line on most architectures. 607 * An id map fits within 1 cache line on most architectures.
608 * 608 *
609 * On read nothing needs to be done unless you are on an 609 * On read nothing needs to be done unless you are on an
610 * architecture with a crazy cache coherency model like alpha. 610 * architecture with a crazy cache coherency model like alpha.
611 * 611 *
612 * There is a one time data dependency between reading the 612 * There is a one time data dependency between reading the
613 * count of the extents and the values of the extents. The 613 * count of the extents and the values of the extents. The
614 * desired behavior is to see the values of the extents that 614 * desired behavior is to see the values of the extents that
615 * were written before the count of the extents. 615 * were written before the count of the extents.
616 * 616 *
617 * To achieve this smp_wmb() is used on guarantee the write 617 * To achieve this smp_wmb() is used on guarantee the write
618 * order and smp_read_barrier_depends() is guaranteed that we 618 * order and smp_rmb() is guaranteed that we don't have crazy
619 * don't have crazy architectures returning stale data. 619 * architectures returning stale data.
620 *
621 */ 620 */
622 mutex_lock(&id_map_mutex); 621 mutex_lock(&id_map_mutex);
623 622
624 ret = -EPERM; 623 ret = -EPERM;
625 /* Only allow one successful write to the map */ 624 /* Only allow one successful write to the map */
626 if (map->nr_extents != 0) 625 if (map->nr_extents != 0)
627 goto out; 626 goto out;
628 627
629 /* 628 /*
630 * Adjusting namespace settings requires capabilities on the target. 629 * Adjusting namespace settings requires capabilities on the target.
631 */ 630 */
632 if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) 631 if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
633 goto out; 632 goto out;
634 633
635 /* Get a buffer */ 634 /* Get a buffer */
636 ret = -ENOMEM; 635 ret = -ENOMEM;
637 page = __get_free_page(GFP_TEMPORARY); 636 page = __get_free_page(GFP_TEMPORARY);
638 kbuf = (char *) page; 637 kbuf = (char *) page;
639 if (!page) 638 if (!page)
640 goto out; 639 goto out;
641 640
642 /* Only allow <= page size writes at the beginning of the file */ 641 /* Only allow <= page size writes at the beginning of the file */
643 ret = -EINVAL; 642 ret = -EINVAL;
644 if ((*ppos != 0) || (count >= PAGE_SIZE)) 643 if ((*ppos != 0) || (count >= PAGE_SIZE))
645 goto out; 644 goto out;
646 645
647 /* Slurp in the user data */ 646 /* Slurp in the user data */
648 ret = -EFAULT; 647 ret = -EFAULT;
649 if (copy_from_user(kbuf, buf, count)) 648 if (copy_from_user(kbuf, buf, count))
650 goto out; 649 goto out;
651 kbuf[count] = '\0'; 650 kbuf[count] = '\0';
652 651
653 /* Parse the user data */ 652 /* Parse the user data */
654 ret = -EINVAL; 653 ret = -EINVAL;
655 pos = kbuf; 654 pos = kbuf;
656 new_map.nr_extents = 0; 655 new_map.nr_extents = 0;
657 for (;pos; pos = next_line) { 656 for (;pos; pos = next_line) {
658 extent = &new_map.extent[new_map.nr_extents]; 657 extent = &new_map.extent[new_map.nr_extents];
659 658
660 /* Find the end of line and ensure I don't look past it */ 659 /* Find the end of line and ensure I don't look past it */
661 next_line = strchr(pos, '\n'); 660 next_line = strchr(pos, '\n');
662 if (next_line) { 661 if (next_line) {
663 *next_line = '\0'; 662 *next_line = '\0';
664 next_line++; 663 next_line++;
665 if (*next_line == '\0') 664 if (*next_line == '\0')
666 next_line = NULL; 665 next_line = NULL;
667 } 666 }
668 667
669 pos = skip_spaces(pos); 668 pos = skip_spaces(pos);
670 extent->first = simple_strtoul(pos, &pos, 10); 669 extent->first = simple_strtoul(pos, &pos, 10);
671 if (!isspace(*pos)) 670 if (!isspace(*pos))
672 goto out; 671 goto out;
673 672
674 pos = skip_spaces(pos); 673 pos = skip_spaces(pos);
675 extent->lower_first = simple_strtoul(pos, &pos, 10); 674 extent->lower_first = simple_strtoul(pos, &pos, 10);
676 if (!isspace(*pos)) 675 if (!isspace(*pos))
677 goto out; 676 goto out;
678 677
679 pos = skip_spaces(pos); 678 pos = skip_spaces(pos);
680 extent->count = simple_strtoul(pos, &pos, 10); 679 extent->count = simple_strtoul(pos, &pos, 10);
681 if (*pos && !isspace(*pos)) 680 if (*pos && !isspace(*pos))
682 goto out; 681 goto out;
683 682
684 /* Verify there is not trailing junk on the line */ 683 /* Verify there is not trailing junk on the line */
685 pos = skip_spaces(pos); 684 pos = skip_spaces(pos);
686 if (*pos != '\0') 685 if (*pos != '\0')
687 goto out; 686 goto out;
688 687
689 /* Verify we have been given valid starting values */ 688 /* Verify we have been given valid starting values */
690 if ((extent->first == (u32) -1) || 689 if ((extent->first == (u32) -1) ||
691 (extent->lower_first == (u32) -1 )) 690 (extent->lower_first == (u32) -1 ))
692 goto out; 691 goto out;
693 692
694 /* Verify count is not zero and does not cause the extent to wrap */ 693 /* Verify count is not zero and does not cause the extent to wrap */
695 if ((extent->first + extent->count) <= extent->first) 694 if ((extent->first + extent->count) <= extent->first)
696 goto out; 695 goto out;
697 if ((extent->lower_first + extent->count) <= extent->lower_first) 696 if ((extent->lower_first + extent->count) <= extent->lower_first)
698 goto out; 697 goto out;
699 698
700 /* Do the ranges in extent overlap any previous extents? */ 699 /* Do the ranges in extent overlap any previous extents? */
701 if (mappings_overlap(&new_map, extent)) 700 if (mappings_overlap(&new_map, extent))
702 goto out; 701 goto out;
703 702
704 new_map.nr_extents++; 703 new_map.nr_extents++;
705 704
706 /* Fail if the file contains too many extents */ 705 /* Fail if the file contains too many extents */
707 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) && 706 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) &&
708 (next_line != NULL)) 707 (next_line != NULL))
709 goto out; 708 goto out;
710 } 709 }
711 /* Be very certaint the new map actually exists */ 710 /* Be very certaint the new map actually exists */
712 if (new_map.nr_extents == 0) 711 if (new_map.nr_extents == 0)
713 goto out; 712 goto out;
714 713
715 ret = -EPERM; 714 ret = -EPERM;
716 /* Validate the user is allowed to use user id's mapped to. */ 715 /* Validate the user is allowed to use user id's mapped to. */
717 if (!new_idmap_permitted(file, ns, cap_setid, &new_map)) 716 if (!new_idmap_permitted(file, ns, cap_setid, &new_map))
718 goto out; 717 goto out;
719 718
720 /* Map the lower ids from the parent user namespace to the 719 /* Map the lower ids from the parent user namespace to the
721 * kernel global id space. 720 * kernel global id space.
722 */ 721 */
723 for (idx = 0; idx < new_map.nr_extents; idx++) { 722 for (idx = 0; idx < new_map.nr_extents; idx++) {
724 u32 lower_first; 723 u32 lower_first;
725 extent = &new_map.extent[idx]; 724 extent = &new_map.extent[idx];
726 725
727 lower_first = map_id_range_down(parent_map, 726 lower_first = map_id_range_down(parent_map,
728 extent->lower_first, 727 extent->lower_first,
729 extent->count); 728 extent->count);
730 729
731 /* Fail if we can not map the specified extent to 730 /* Fail if we can not map the specified extent to
732 * the kernel global id space. 731 * the kernel global id space.
733 */ 732 */
734 if (lower_first == (u32) -1) 733 if (lower_first == (u32) -1)
735 goto out; 734 goto out;
736 735
737 extent->lower_first = lower_first; 736 extent->lower_first = lower_first;
738 } 737 }
739 738
740 /* Install the map */ 739 /* Install the map */
741 memcpy(map->extent, new_map.extent, 740 memcpy(map->extent, new_map.extent,
742 new_map.nr_extents*sizeof(new_map.extent[0])); 741 new_map.nr_extents*sizeof(new_map.extent[0]));
743 smp_wmb(); 742 smp_wmb();
744 map->nr_extents = new_map.nr_extents; 743 map->nr_extents = new_map.nr_extents;
745 744
746 *ppos = count; 745 *ppos = count;
747 ret = count; 746 ret = count;
748 out: 747 out:
749 mutex_unlock(&id_map_mutex); 748 mutex_unlock(&id_map_mutex);
750 if (page) 749 if (page)
751 free_page(page); 750 free_page(page);
752 return ret; 751 return ret;
753 } 752 }
754 753
755 ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 754 ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
756 { 755 {
757 struct seq_file *seq = file->private_data; 756 struct seq_file *seq = file->private_data;
758 struct user_namespace *ns = seq->private; 757 struct user_namespace *ns = seq->private;
759 struct user_namespace *seq_ns = seq_user_ns(seq); 758 struct user_namespace *seq_ns = seq_user_ns(seq);
760 759
761 if (!ns->parent) 760 if (!ns->parent)
762 return -EPERM; 761 return -EPERM;
763 762
764 if ((seq_ns != ns) && (seq_ns != ns->parent)) 763 if ((seq_ns != ns) && (seq_ns != ns->parent))
765 return -EPERM; 764 return -EPERM;
766 765
767 return map_write(file, buf, size, ppos, CAP_SETUID, 766 return map_write(file, buf, size, ppos, CAP_SETUID,
768 &ns->uid_map, &ns->parent->uid_map); 767 &ns->uid_map, &ns->parent->uid_map);
769 } 768 }
770 769
771 ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 770 ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
772 { 771 {
773 struct seq_file *seq = file->private_data; 772 struct seq_file *seq = file->private_data;
774 struct user_namespace *ns = seq->private; 773 struct user_namespace *ns = seq->private;
775 struct user_namespace *seq_ns = seq_user_ns(seq); 774 struct user_namespace *seq_ns = seq_user_ns(seq);
776 775
777 if (!ns->parent) 776 if (!ns->parent)
778 return -EPERM; 777 return -EPERM;
779 778
780 if ((seq_ns != ns) && (seq_ns != ns->parent)) 779 if ((seq_ns != ns) && (seq_ns != ns->parent))
781 return -EPERM; 780 return -EPERM;
782 781
783 return map_write(file, buf, size, ppos, CAP_SETGID, 782 return map_write(file, buf, size, ppos, CAP_SETGID,
784 &ns->gid_map, &ns->parent->gid_map); 783 &ns->gid_map, &ns->parent->gid_map);
785 } 784 }
786 785
787 ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 786 ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
788 { 787 {
789 struct seq_file *seq = file->private_data; 788 struct seq_file *seq = file->private_data;
790 struct user_namespace *ns = seq->private; 789 struct user_namespace *ns = seq->private;
791 struct user_namespace *seq_ns = seq_user_ns(seq); 790 struct user_namespace *seq_ns = seq_user_ns(seq);
792 791
793 if (!ns->parent) 792 if (!ns->parent)
794 return -EPERM; 793 return -EPERM;
795 794
796 if ((seq_ns != ns) && (seq_ns != ns->parent)) 795 if ((seq_ns != ns) && (seq_ns != ns->parent))
797 return -EPERM; 796 return -EPERM;
798 797
799 /* Anyone can set any valid project id no capability needed */ 798 /* Anyone can set any valid project id no capability needed */
800 return map_write(file, buf, size, ppos, -1, 799 return map_write(file, buf, size, ppos, -1,
801 &ns->projid_map, &ns->parent->projid_map); 800 &ns->projid_map, &ns->parent->projid_map);
802 } 801 }
803 802
804 static bool new_idmap_permitted(const struct file *file, 803 static bool new_idmap_permitted(const struct file *file,
805 struct user_namespace *ns, int cap_setid, 804 struct user_namespace *ns, int cap_setid,
806 struct uid_gid_map *new_map) 805 struct uid_gid_map *new_map)
807 { 806 {
808 /* Allow mapping to your own filesystem ids */ 807 /* Allow mapping to your own filesystem ids */
809 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { 808 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
810 u32 id = new_map->extent[0].lower_first; 809 u32 id = new_map->extent[0].lower_first;
811 if (cap_setid == CAP_SETUID) { 810 if (cap_setid == CAP_SETUID) {
812 kuid_t uid = make_kuid(ns->parent, id); 811 kuid_t uid = make_kuid(ns->parent, id);
813 if (uid_eq(uid, file->f_cred->fsuid)) 812 if (uid_eq(uid, file->f_cred->fsuid))
814 return true; 813 return true;
815 } 814 }
816 else if (cap_setid == CAP_SETGID) { 815 else if (cap_setid == CAP_SETGID) {
817 kgid_t gid = make_kgid(ns->parent, id); 816 kgid_t gid = make_kgid(ns->parent, id);
818 if (gid_eq(gid, file->f_cred->fsgid)) 817 if (gid_eq(gid, file->f_cred->fsgid))
819 return true; 818 return true;
820 } 819 }
821 } 820 }
822 821
823 /* Allow anyone to set a mapping that doesn't require privilege */ 822 /* Allow anyone to set a mapping that doesn't require privilege */
824 if (!cap_valid(cap_setid)) 823 if (!cap_valid(cap_setid))
825 return true; 824 return true;
826 825
827 /* Allow the specified ids if we have the appropriate capability 826 /* Allow the specified ids if we have the appropriate capability
828 * (CAP_SETUID or CAP_SETGID) over the parent user namespace. 827 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
829 * And the opener of the id file also had the approprpiate capability. 828 * And the opener of the id file also had the approprpiate capability.
830 */ 829 */
831 if (ns_capable(ns->parent, cap_setid) && 830 if (ns_capable(ns->parent, cap_setid) &&
832 file_ns_capable(file, ns->parent, cap_setid)) 831 file_ns_capable(file, ns->parent, cap_setid))
833 return true; 832 return true;
834 833
835 return false; 834 return false;
836 } 835 }
837 836
838 static void *userns_get(struct task_struct *task) 837 static void *userns_get(struct task_struct *task)
839 { 838 {
840 struct user_namespace *user_ns; 839 struct user_namespace *user_ns;
841 840
842 rcu_read_lock(); 841 rcu_read_lock();
843 user_ns = get_user_ns(__task_cred(task)->user_ns); 842 user_ns = get_user_ns(__task_cred(task)->user_ns);
844 rcu_read_unlock(); 843 rcu_read_unlock();
845 844
846 return user_ns; 845 return user_ns;
847 } 846 }
848 847
849 static void userns_put(void *ns) 848 static void userns_put(void *ns)
850 { 849 {
851 put_user_ns(ns); 850 put_user_ns(ns);
852 } 851 }
853 852
854 static int userns_install(struct nsproxy *nsproxy, void *ns) 853 static int userns_install(struct nsproxy *nsproxy, void *ns)
855 { 854 {
856 struct user_namespace *user_ns = ns; 855 struct user_namespace *user_ns = ns;
857 struct cred *cred; 856 struct cred *cred;
858 857
859 /* Don't allow gaining capabilities by reentering 858 /* Don't allow gaining capabilities by reentering
860 * the same user namespace. 859 * the same user namespace.
861 */ 860 */
862 if (user_ns == current_user_ns()) 861 if (user_ns == current_user_ns())
863 return -EINVAL; 862 return -EINVAL;
864 863
865 /* Threaded processes may not enter a different user namespace */ 864 /* Threaded processes may not enter a different user namespace */
866 if (atomic_read(&current->mm->mm_users) > 1) 865 if (atomic_read(&current->mm->mm_users) > 1)
867 return -EINVAL; 866 return -EINVAL;
868 867
869 if (current->fs->users != 1) 868 if (current->fs->users != 1)
870 return -EINVAL; 869 return -EINVAL;
871 870
872 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 871 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
873 return -EPERM; 872 return -EPERM;
874 873
875 cred = prepare_creds(); 874 cred = prepare_creds();
876 if (!cred) 875 if (!cred)
877 return -ENOMEM; 876 return -ENOMEM;
878 877
879 put_user_ns(cred->user_ns); 878 put_user_ns(cred->user_ns);
880 set_cred_user_ns(cred, get_user_ns(user_ns)); 879 set_cred_user_ns(cred, get_user_ns(user_ns));
881 880
882 return commit_creds(cred); 881 return commit_creds(cred);
883 } 882 }
884 883
885 static unsigned int userns_inum(void *ns) 884 static unsigned int userns_inum(void *ns)
886 { 885 {
887 struct user_namespace *user_ns = ns; 886 struct user_namespace *user_ns = ns;
888 return user_ns->proc_inum; 887 return user_ns->proc_inum;
889 } 888 }
890 889
891 const struct proc_ns_operations userns_operations = { 890 const struct proc_ns_operations userns_operations = {
892 .name = "user", 891 .name = "user",
893 .type = CLONE_NEWUSER, 892 .type = CLONE_NEWUSER,
894 .get = userns_get, 893 .get = userns_get,
895 .put = userns_put, 894 .put = userns_put,
896 .install = userns_install, 895 .install = userns_install,
897 .inum = userns_inum, 896 .inum = userns_inum,
898 }; 897 };
899 898
900 static __init int user_namespaces_init(void) 899 static __init int user_namespaces_init(void)
901 { 900 {
902 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); 901 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
903 return 0; 902 return 0;
904 } 903 }
905 subsys_initcall(user_namespaces_init); 904 subsys_initcall(user_namespaces_init);
906 905