Pull namespace updates from Christian Brauner:
"This contains a larger set of changes around the generic namespace
infrastructure of the kernel.
Each specific namespace type (net, cgroup, mnt, ...) embedds a struct
ns_common which carries the reference count of the namespace and so
on.
We open-coded and cargo-culted so many quirks for each namespace type
that it just wasn't scalable anymore. So given there's a bunch of new
changes coming in that area I've started cleaning all of this up.
The core change is to make it possible to correctly initialize every
namespace uniformly and derive the correct initialization settings
from the type of the namespace such as namespace operations, namespace
type and so on. This leaves the new ns_common_init() function with a
single parameter which is the specific namespace type which derives
the correct parameters statically. This also means the compiler will
yell as soon as someone does something remotely fishy.
The ns_common_init() addition also allows us to remove ns_alloc_inum()
and drops any special-casing of the initial network namespace in the
network namespace initialization code that Linus complained about.
Another part is reworking the reference counting. The reference
counting was open-coded and copy-pasted for each namespace type even
though they all followed the same rules. This also removes all open
accesses to the reference count and makes it private and only uses a
very small set of dedicated helpers to manipulate them just like we do
for e.g., files.
In addition this generalizes the mount namespace iteration
infrastructure introduced a few cycles ago. As reminder, the vfs makes
it possible to iterate sequentially and bidirectionally through all
mount namespaces on the system or all mount namespaces that the caller
holds privilege over. This allow userspace to iterate over all mounts
in all mount namespaces using the listmount() and statmount() system
call.
Each mount namespace has a unique identifier for the lifetime of the
systems that is exposed to userspace. The network namespace also has a
unique identifier working exactly the same way. This extends the
concept to all other namespace types.
The new nstree type makes it possible to lookup namespaces purely by
their identifier and to walk the namespace list sequentially and
bidirectionally for all namespace types, allowing userspace to iterate
through all namespaces. Looking up namespaces in the namespace tree
works completely locklessly.
This also means we can move the mount namespace onto the generic
infrastructure and remove a bunch of code and members from struct
mnt_namespace itself.
There's a bunch of stuff coming on top of this in the future but for
now this uses the generic namespace tree to extend a concept
introduced first for pidfs a few cycles ago. For a while now we have
supported pidfs file handles for pidfds. This has proven to be very
useful.
This extends the concept to cover namespaces as well. It is possible
to encode and decode namespace file handles using the common
name_to_handle_at() and open_by_handle_at() apis.
As with pidfs file handles, namespace file handles are exhaustive,
meaning it is not required to actually hold a reference to nsfs in
able to decode aka open_by_handle_at() a namespace file handle.
Instead the FD_NSFS_ROOT constant can be passed which will let the
kernel grab a reference to the root of nsfs internally and thus decode
the file handle.
Namespaces file descriptors can already be derived from pidfds which
means they aren't subject to overmount protection bugs. IOW, it's
irrelevant if the caller would not have access to an appropriate
/proc/<pid>/ns/ directory as they could always just derive the
namespace based on a pidfd already.
It has the same advantage as pidfds. It's possible to reliably and for
the lifetime of the system refer to a namespace without pinning any
resources and to compare them trivially.
Permission checking is kept simple. If the caller is located in the
namespace the file handle refers to they are able to open it otherwise
they must hold privilege over the owning namespace of the relevant
namespace.
The namespace file handle layout is exposed as uapi and has a stable
and extensible format. For now it simply contains the namespace
identifier, the namespace type, and the inode number. The stable
format means that userspace may construct its own namespace file
handles without going through name_to_handle_at() as they are already
allowed for pidfs and cgroup file handles"
* tag 'namespace-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (65 commits)
ns: drop assert
ns: move ns type into struct ns_common
nstree: make struct ns_tree private
ns: add ns_debug()
ns: simplify ns_common_init() further
cgroup: add missing ns_common include
ns: use inode initializer for initial namespaces
selftests/namespaces: verify initial namespace inode numbers
ns: rename to __ns_ref
nsfs: port to ns_ref_*() helpers
net: port to ns_ref_*() helpers
uts: port to ns_ref_*() helpers
ipv4: use check_net()
net: use check_net()
net-sysfs: use check_net()
user: port to ns_ref_*() helpers
time: port to ns_ref_*() helpers
pid: port to ns_ref_*() helpers
ipc: port to ns_ref_*() helpers
cgroup: port to ns_ref_*() helpers
...
{
struct vfsmount *mnt;
struct mount *m;
- struct mnt_namespace *ns;
struct path root;
- mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", NULL);
+ mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", initramfs_options);
if (IS_ERR(mnt))
panic("Can't create rootfs");
return 0;
}
- if (ns->ops->type != CLONE_NEWPID)
+#ifdef CONFIG_PID_NS
+static int proc_parse_pidns_param(struct fs_context *fc,
+ struct fs_parameter *param,
+ struct fs_parse_result *result)
+{
+ struct proc_fs_context *ctx = fc->fs_private;
+ struct pid_namespace *target, *active = task_active_pid_ns(current);
+ struct ns_common *ns;
+ struct file *ns_filp __free(fput) = NULL;
+
+ switch (param->type) {
+ case fs_value_is_file:
+ /* came through fsconfig, steal the file reference */
+ ns_filp = no_free_ptr(param->file);
+ break;
+ case fs_value_is_string:
+ ns_filp = filp_open(param->string, O_RDONLY, 0);
+ break;
+ default:
+ WARN_ON_ONCE(true);
+ break;
+ }
+ if (!ns_filp)
+ ns_filp = ERR_PTR(-EBADF);
+ if (IS_ERR(ns_filp)) {
+ errorfc(fc, "could not get file from pidns argument");
+ return PTR_ERR(ns_filp);
+ }
+
+ if (!proc_ns_file(ns_filp))
+ return invalfc(fc, "pidns argument is not an nsfs file");
+ ns = get_proc_ns(file_inode(ns_filp));
++ if (ns->ns_type != CLONE_NEWPID)
+ return invalfc(fc, "pidns argument is not a pidns file");
+ target = container_of(ns, struct pid_namespace, ns);
+
+ /*
+ * pidns= is shorthand for joining the pidns to get a fsopen fd, so the
+ * permission model should be the same as pidns_install().
+ */
+ if (!ns_capable(target->user_ns, CAP_SYS_ADMIN)) {
+ errorfc(fc, "insufficient permissions to set pidns");
+ return -EPERM;
+ }
+ if (!pidns_is_ancestor(target, active))
+ return invalfc(fc, "cannot set pidns to non-descendant pidns");
+
+ put_pid_ns(ctx->pid_ns);
+ ctx->pid_ns = get_pid_ns(target);
+ put_user_ns(fc->user_ns);
+ fc->user_ns = get_user_ns(ctx->pid_ns->user_ns);
+ return 0;
+}
+#endif /* CONFIG_PID_NS */
+
static int proc_parse_param(struct fs_context *fc, struct fs_parameter *param)
{
struct proc_fs_context *ctx = fc->fs_private;
#endif /* CONFIG_CGROUP_DATA */
- struct cgroup_namespace {
- struct ns_common ns;
- struct user_namespace *user_ns;
- struct ucounts *ucounts;
- struct css_set *root_cset;
- };
-
- extern struct cgroup_namespace init_cgroup_ns;
-
- #ifdef CONFIG_CGROUPS
-
- void free_cgroup_ns(struct cgroup_namespace *ns);
-
- struct cgroup_namespace *copy_cgroup_ns(u64 flags,
- struct user_namespace *user_ns,
- struct cgroup_namespace *old_ns);
-
- int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
- struct cgroup_namespace *ns);
-
- static inline void get_cgroup_ns(struct cgroup_namespace *ns)
- {
- refcount_inc(&ns->ns.count);
- }
-
- static inline void put_cgroup_ns(struct cgroup_namespace *ns)
- {
- if (refcount_dec_and_test(&ns->ns.count))
- free_cgroup_ns(ns);
- }
-
- #else /* !CONFIG_CGROUPS */
-
- static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
- static inline struct cgroup_namespace *
- copy_cgroup_ns(u64 flags, struct user_namespace *user_ns,
- struct cgroup_namespace *old_ns)
- {
- return old_ns;
- }
-
- static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
- static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
-
- #endif /* !CONFIG_CGROUPS */
--
#ifdef CONFIG_CGROUPS
void cgroup_enter_frozen(void);
--- /dev/null
-struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
+ /* SPDX-License-Identifier: GPL-2.0 */
+ #ifndef _LINUX_CGROUP_NAMESPACE_H
+ #define _LINUX_CGROUP_NAMESPACE_H
+
+ #include <linux/ns_common.h>
+
+ struct cgroup_namespace {
+ struct ns_common ns;
+ struct user_namespace *user_ns;
+ struct ucounts *ucounts;
+ struct css_set *root_cset;
+ };
+
+ extern struct cgroup_namespace init_cgroup_ns;
+
+ #ifdef CONFIG_CGROUPS
+
+ static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
+ {
+ return container_of(ns, struct cgroup_namespace, ns);
+ }
+
+ void free_cgroup_ns(struct cgroup_namespace *ns);
+
-copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns,
++struct cgroup_namespace *copy_cgroup_ns(u64 flags,
+ struct user_namespace *user_ns,
+ struct cgroup_namespace *old_ns);
+
+ int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
+ struct cgroup_namespace *ns);
+
+ static inline void get_cgroup_ns(struct cgroup_namespace *ns)
+ {
+ ns_ref_inc(ns);
+ }
+
+ static inline void put_cgroup_ns(struct cgroup_namespace *ns)
+ {
+ if (ns_ref_put(ns))
+ free_cgroup_ns(ns);
+ }
+
+ #else /* !CONFIG_CGROUPS */
+
+ static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
+ static inline struct cgroup_namespace *
++copy_cgroup_ns(u64 flags, struct user_namespace *user_ns,
+ struct cgroup_namespace *old_ns)
+ {
+ return old_ns;
+ }
+
+ static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
+ static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
+
+ #endif /* !CONFIG_CGROUPS */
+
+ #endif /* _LINUX_CGROUP_NAMESPACE_H */
#endif
#if defined(CONFIG_IPC_NS)
-extern struct ipc_namespace *copy_ipcs(unsigned long flags,
+ static inline struct ipc_namespace *to_ipc_ns(struct ns_common *ns)
+ {
+ return container_of(ns, struct ipc_namespace, ns);
+ }
+
+extern struct ipc_namespace *copy_ipcs(u64 flags,
struct user_namespace *user_ns, struct ipc_namespace *ns);
static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
struct user_namespace;
struct ns_common;
-extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
+ extern struct mnt_namespace init_mnt_ns;
+
+extern struct mnt_namespace *copy_mnt_ns(u64, struct mnt_namespace *,
struct user_namespace *, struct fs_struct *);
extern void put_mnt_ns(struct mnt_namespace *ns);
DEFINE_FREE(put_mnt_ns, struct mnt_namespace *, if (!IS_ERR_OR_NULL(_T)) put_mnt_ns(_T))
--- /dev/null
-extern struct uts_namespace *copy_utsname(unsigned long flags,
+ /* SPDX-License-Identifier: GPL-2.0 */
+ #ifndef _LINUX_UTS_NAMESPACE_H
+ #define _LINUX_UTS_NAMESPACE_H
+
+ #include <linux/ns_common.h>
+ #include <uapi/linux/utsname.h>
+
+ struct user_namespace;
+ extern struct user_namespace init_user_ns;
+
+ struct uts_namespace {
+ struct new_utsname name;
+ struct user_namespace *user_ns;
+ struct ucounts *ucounts;
+ struct ns_common ns;
+ } __randomize_layout;
+
+ extern struct uts_namespace init_uts_ns;
+
+ #ifdef CONFIG_UTS_NS
+ static inline struct uts_namespace *to_uts_ns(struct ns_common *ns)
+ {
+ return container_of(ns, struct uts_namespace, ns);
+ }
+
+ static inline void get_uts_ns(struct uts_namespace *ns)
+ {
+ ns_ref_inc(ns);
+ }
+
-static inline struct uts_namespace *copy_utsname(unsigned long flags,
++extern struct uts_namespace *copy_utsname(u64 flags,
+ struct user_namespace *user_ns, struct uts_namespace *old_ns);
+ extern void free_uts_ns(struct uts_namespace *ns);
+
+ static inline void put_uts_ns(struct uts_namespace *ns)
+ {
+ if (ns_ref_put(ns))
+ free_uts_ns(ns);
+ }
+
+ void uts_ns_init(void);
+ #else
+ static inline void get_uts_ns(struct uts_namespace *ns)
+ {
+ }
+
+ static inline void put_uts_ns(struct uts_namespace *ns)
+ {
+ }
+
++static inline struct uts_namespace *copy_utsname(u64 flags,
+ struct user_namespace *user_ns, struct uts_namespace *old_ns)
+ {
+ if (flags & CLONE_NEWUTS)
+ return ERR_PTR(-EINVAL);
+
+ return old_ns;
+ }
+
+ static inline void uts_ns_init(void)
+ {
+ }
+ #endif
+
+ #endif /* _LINUX_UTS_NAMESPACE_H */
parent = ns->parent;
destroy_pid_namespace(ns);
ns = parent;
- } while (ns != &init_pid_ns && refcount_dec_and_test(&ns->ns.count));
+ } while (ns != &init_pid_ns && ns_ref_put(ns));
}
-struct pid_namespace *copy_pid_ns(unsigned long flags,
+struct pid_namespace *copy_pid_ns(u64 flags,
struct user_namespace *user_ns, struct pid_namespace *old_ns)
{
if (!(flags & CLONE_NEWPID))
projects / linux-2.6-microblaze.git / commitdiff