1 // SPDX-License-Identifier: GPL-2.0-only
12 	.ns    = &init_user_ns,
20 	[0 ... UCOUNTS_HASHTABLE_ENTRIES - 1] = HLIST_NULLS_HEAD_INIT(0)
24 #define ucounts_hashfn(ns, uid)						\  argument
25 	hash_long((unsigned long)__kuid_val(uid) + (unsigned long)(ns), \
27 #define ucounts_hashentry(ns, uid)	\  argument
28 	(ucounts_hashtable + ucounts_hashfn(ns, uid))
34 	return &current_user_ns()->set;  in set_lookup()
39 	return &current_user_ns()->set == set;  in set_is_seen()
46 		container_of(head->set, struct user_namespace, set);  in set_permissions()
51 		mode = (table->mode & S_IRWXU) >> 6;  in set_permissions()
53 	/* Allow all others at most read-only access */  in set_permissions()
54 		mode = table->mode & S_IROTH;  in set_permissions()
95 bool setup_userns_sysctls(struct user_namespace *ns)  in setup_userns_sysctls()  argument
101 	setup_sysctl_set(&ns->set, &set_root, set_is_seen);  in setup_userns_sysctls()
106 			tbl[i].data = &ns->ucount_max[i];  in setup_userns_sysctls()
108 		ns->sysctls = __register_sysctl_table(&ns->set, "user", tbl,  in setup_userns_sysctls()
111 	if (!ns->sysctls) {  in setup_userns_sysctls()
113 		retire_sysctl_set(&ns->set);  in setup_userns_sysctls()
120 void retire_userns_sysctls(struct user_namespace *ns)  in retire_userns_sysctls()  argument
125 	tbl = ns->sysctls->ctl_table_arg;  in retire_userns_sysctls()
126 	unregister_sysctl_table(ns->sysctls);  in retire_userns_sysctls()
127 	retire_sysctl_set(&ns->set);  in retire_userns_sysctls()
132 static struct ucounts *find_ucounts(struct user_namespace *ns, kuid_t uid,  in find_ucounts()  argument
140 		if (uid_eq(ucounts->uid, uid) && (ucounts->ns == ns)) {  in find_ucounts()
141 			if (rcuref_get(&ucounts->count))  in find_ucounts()
150 	struct hlist_nulls_head *hashent = ucounts_hashentry(ucounts->ns, ucounts->uid);  in hlist_add_ucounts()
153 	hlist_nulls_add_head_rcu(&ucounts->node, hashent);  in hlist_add_ucounts()
157 struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid)  in alloc_ucounts()  argument
159 	struct hlist_nulls_head *hashent = ucounts_hashentry(ns, uid);  in alloc_ucounts()
162 	ucounts = find_ucounts(ns, uid, hashent);  in alloc_ucounts()
170 	new->ns = ns;  in alloc_ucounts()
171 	new->uid = uid;  in alloc_ucounts()
172 	rcuref_init(&new->count, 1);  in alloc_ucounts()
175 	ucounts = find_ucounts(ns, uid, hashent);  in alloc_ucounts()
182 	hlist_nulls_add_head_rcu(&new->node, hashent);  in alloc_ucounts()
183 	get_user_ns(new->ns);  in alloc_ucounts()
192 	if (rcuref_put(&ucounts->count)) {  in put_ucounts()
194 		hlist_nulls_del_rcu(&ucounts->node);  in put_ucounts()
197 		put_user_ns(ucounts->ns);  in put_ucounts()
214 struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid,  in inc_ucount()  argument
219 	ucounts = alloc_ucounts(ns, uid);  in inc_ucount()
220 	for (iter = ucounts; iter; iter = tns->ucounts) {  in inc_ucount()
222 		tns = iter->ns;  in inc_ucount()
223 		max = READ_ONCE(tns->ucount_max[type]);  in inc_ucount()
224 		if (!atomic_long_inc_below(&iter->ucount[type], max))  in inc_ucount()
230 	for (iter = ucounts; iter != bad; iter = iter->ns->ucounts)  in inc_ucount()
231 		atomic_long_dec(&iter->ucount[type]);  in inc_ucount()
240 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {  in dec_ucount()
241 		long dec = atomic_long_dec_if_positive(&iter->ucount[type]);  in dec_ucount()
253 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {  in inc_rlimit_ucounts()
254 		long new = atomic_long_add_return(v, &iter->rlimit[type]);  in inc_rlimit_ucounts()
259 		max = get_userns_rlimit_max(iter->ns, type);  in inc_rlimit_ucounts()
267 	long new = -1; /* Silence compiler warning */  in dec_rlimit_ucounts()
268 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {  in dec_rlimit_ucounts()
269 		long dec = atomic_long_sub_return(v, &iter->rlimit[type]);  in dec_rlimit_ucounts()
282 		long dec = atomic_long_sub_return(1, &iter->rlimit[type]);  in do_dec_rlimit_put_ucounts()
284 		next = iter->ns->ucounts;  in do_dec_rlimit_put_ucounts()
303 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {  in inc_rlimit_get_ucounts()
304 		long new = atomic_long_add_return(1, &iter->rlimit[type]);  in inc_rlimit_get_ucounts()
310 			max = get_userns_rlimit_max(iter->ns, type);  in inc_rlimit_get_ucounts()
322 	dec = atomic_long_sub_return(1, &iter->rlimit[type]);  in inc_rlimit_get_ucounts()
334 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {  in is_rlimit_overlimit()
338 		max = get_userns_rlimit_max(iter->ns, type);  in is_rlimit_overlimit()