1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2025 Christian Brauner <brauner@kernel.org> */ 3 4 #include <linux/nstree.h> 5 #include <linux/proc_ns.h> 6 #include <linux/rculist.h> 7 #include <linux/vfsdebug.h> 8 #include <linux/syscalls.h> 9 #include <linux/user_namespace.h> 10 11 static __cacheline_aligned_in_smp DEFINE_SEQLOCK(ns_tree_lock); 12 static struct rb_root ns_unified_tree = RB_ROOT; /* protected by ns_tree_lock */ 13 static LIST_HEAD(ns_unified_list); /* protected by ns_tree_lock */ 14 15 /** 16 * struct ns_tree - Namespace tree 17 * @ns_tree: Rbtree of namespaces of a particular type 18 * @ns_list: Sequentially walkable list of all namespaces of this type 19 * @type: type of namespaces in this tree 20 */ 21 struct ns_tree { 22 struct rb_root ns_tree; 23 struct list_head ns_list; 24 int type; 25 }; 26 27 struct ns_tree mnt_ns_tree = { 28 .ns_tree = RB_ROOT, 29 .ns_list = LIST_HEAD_INIT(mnt_ns_tree.ns_list), 30 .type = CLONE_NEWNS, 31 }; 32 33 struct ns_tree net_ns_tree = { 34 .ns_tree = RB_ROOT, 35 .ns_list = LIST_HEAD_INIT(net_ns_tree.ns_list), 36 .type = CLONE_NEWNET, 37 }; 38 EXPORT_SYMBOL_GPL(net_ns_tree); 39 40 struct ns_tree uts_ns_tree = { 41 .ns_tree = RB_ROOT, 42 .ns_list = LIST_HEAD_INIT(uts_ns_tree.ns_list), 43 .type = CLONE_NEWUTS, 44 }; 45 46 struct ns_tree user_ns_tree = { 47 .ns_tree = RB_ROOT, 48 .ns_list = LIST_HEAD_INIT(user_ns_tree.ns_list), 49 .type = CLONE_NEWUSER, 50 }; 51 52 struct ns_tree ipc_ns_tree = { 53 .ns_tree = RB_ROOT, 54 .ns_list = LIST_HEAD_INIT(ipc_ns_tree.ns_list), 55 .type = CLONE_NEWIPC, 56 }; 57 58 struct ns_tree pid_ns_tree = { 59 .ns_tree = RB_ROOT, 60 .ns_list = LIST_HEAD_INIT(pid_ns_tree.ns_list), 61 .type = CLONE_NEWPID, 62 }; 63 64 struct ns_tree cgroup_ns_tree = { 65 .ns_tree = RB_ROOT, 66 .ns_list = LIST_HEAD_INIT(cgroup_ns_tree.ns_list), 67 .type = CLONE_NEWCGROUP, 68 }; 69 70 struct ns_tree time_ns_tree = { 71 .ns_tree = RB_ROOT, 72 .ns_list = LIST_HEAD_INIT(time_ns_tree.ns_list), 73 .type = CLONE_NEWTIME, 74 }; 75 76 static inline struct ns_common *node_to_ns(const struct rb_node *node) 77 { 78 if (!node) 79 return NULL; 80 return rb_entry(node, struct ns_common, ns_tree_node); 81 } 82 83 static inline struct ns_common *node_to_ns_unified(const struct rb_node *node) 84 { 85 if (!node) 86 return NULL; 87 return rb_entry(node, struct ns_common, ns_unified_tree_node); 88 } 89 90 static inline struct ns_common *node_to_ns_owner(const struct rb_node *node) 91 { 92 if (!node) 93 return NULL; 94 return rb_entry(node, struct ns_common, ns_owner_tree_node); 95 } 96 97 static int ns_id_cmp(u64 id_a, u64 id_b) 98 { 99 if (id_a < id_b) 100 return -1; 101 if (id_a > id_b) 102 return 1; 103 return 0; 104 } 105 106 static int ns_cmp(struct rb_node *a, const struct rb_node *b) 107 { 108 return ns_id_cmp(node_to_ns(a)->ns_id, node_to_ns(b)->ns_id); 109 } 110 111 static int ns_cmp_unified(struct rb_node *a, const struct rb_node *b) 112 { 113 return ns_id_cmp(node_to_ns_unified(a)->ns_id, node_to_ns_unified(b)->ns_id); 114 } 115 116 static int ns_cmp_owner(struct rb_node *a, const struct rb_node *b) 117 { 118 return ns_id_cmp(node_to_ns_owner(a)->ns_id, node_to_ns_owner(b)->ns_id); 119 } 120 121 void __ns_tree_add_raw(struct ns_common *ns, struct ns_tree *ns_tree) 122 { 123 struct rb_node *node, *prev; 124 const struct proc_ns_operations *ops = ns->ops; 125 126 VFS_WARN_ON_ONCE(!ns->ns_id); 127 VFS_WARN_ON_ONCE(ns->ns_type != ns_tree->type); 128 129 write_seqlock(&ns_tree_lock); 130 131 node = rb_find_add_rcu(&ns->ns_tree_node, &ns_tree->ns_tree, ns_cmp); 132 /* 133 * If there's no previous entry simply add it after the 134 * head and if there is add it after the previous entry. 135 */ 136 prev = rb_prev(&ns->ns_tree_node); 137 if (!prev) 138 list_add_rcu(&ns->ns_list_node, &ns_tree->ns_list); 139 else 140 list_add_rcu(&ns->ns_list_node, &node_to_ns(prev)->ns_list_node); 141 142 /* Add to unified tree and list */ 143 rb_find_add_rcu(&ns->ns_unified_tree_node, &ns_unified_tree, ns_cmp_unified); 144 prev = rb_prev(&ns->ns_unified_tree_node); 145 if (!prev) 146 list_add_rcu(&ns->ns_unified_list_node, &ns_unified_list); 147 else 148 list_add_rcu(&ns->ns_unified_list_node, &node_to_ns_unified(prev)->ns_unified_list_node); 149 150 if (ops) { 151 struct user_namespace *user_ns; 152 153 VFS_WARN_ON_ONCE(!ops->owner); 154 user_ns = ops->owner(ns); 155 if (user_ns) { 156 struct ns_common *owner = &user_ns->ns; 157 VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER); 158 159 /* Insert into owner's rbtree */ 160 rb_find_add_rcu(&ns->ns_owner_tree_node, &owner->ns_owner_tree, ns_cmp_owner); 161 162 /* Insert into owner's list in sorted order */ 163 prev = rb_prev(&ns->ns_owner_tree_node); 164 if (!prev) 165 list_add_rcu(&ns->ns_owner_entry, &owner->ns_owner); 166 else 167 list_add_rcu(&ns->ns_owner_entry, &node_to_ns_owner(prev)->ns_owner_entry); 168 } else { 169 /* Only the initial user namespace doesn't have an owner. */ 170 VFS_WARN_ON_ONCE(ns != to_ns_common(&init_user_ns)); 171 } 172 } 173 write_sequnlock(&ns_tree_lock); 174 175 VFS_WARN_ON_ONCE(node); 176 } 177 178 void __ns_tree_remove(struct ns_common *ns, struct ns_tree *ns_tree) 179 { 180 const struct proc_ns_operations *ops = ns->ops; 181 struct user_namespace *user_ns; 182 183 VFS_WARN_ON_ONCE(RB_EMPTY_NODE(&ns->ns_tree_node)); 184 VFS_WARN_ON_ONCE(list_empty(&ns->ns_list_node)); 185 VFS_WARN_ON_ONCE(ns->ns_type != ns_tree->type); 186 187 write_seqlock(&ns_tree_lock); 188 rb_erase(&ns->ns_tree_node, &ns_tree->ns_tree); 189 RB_CLEAR_NODE(&ns->ns_tree_node); 190 191 list_bidir_del_rcu(&ns->ns_list_node); 192 193 rb_erase(&ns->ns_unified_tree_node, &ns_unified_tree); 194 RB_CLEAR_NODE(&ns->ns_unified_tree_node); 195 196 list_bidir_del_rcu(&ns->ns_unified_list_node); 197 198 /* Remove from owner's rbtree if this namespace has an owner */ 199 if (ops) { 200 user_ns = ops->owner(ns); 201 if (user_ns) { 202 struct ns_common *owner = &user_ns->ns; 203 rb_erase(&ns->ns_owner_tree_node, &owner->ns_owner_tree); 204 RB_CLEAR_NODE(&ns->ns_owner_tree_node); 205 } 206 207 list_bidir_del_rcu(&ns->ns_owner_entry); 208 } 209 210 write_sequnlock(&ns_tree_lock); 211 } 212 EXPORT_SYMBOL_GPL(__ns_tree_remove); 213 214 static int ns_find(const void *key, const struct rb_node *node) 215 { 216 const u64 ns_id = *(u64 *)key; 217 const struct ns_common *ns = node_to_ns(node); 218 219 if (ns_id < ns->ns_id) 220 return -1; 221 if (ns_id > ns->ns_id) 222 return 1; 223 return 0; 224 } 225 226 static int ns_find_unified(const void *key, const struct rb_node *node) 227 { 228 const u64 ns_id = *(u64 *)key; 229 const struct ns_common *ns = node_to_ns_unified(node); 230 231 if (ns_id < ns->ns_id) 232 return -1; 233 if (ns_id > ns->ns_id) 234 return 1; 235 return 0; 236 } 237 238 static struct ns_tree *ns_tree_from_type(int ns_type) 239 { 240 switch (ns_type) { 241 case CLONE_NEWCGROUP: 242 return &cgroup_ns_tree; 243 case CLONE_NEWIPC: 244 return &ipc_ns_tree; 245 case CLONE_NEWNS: 246 return &mnt_ns_tree; 247 case CLONE_NEWNET: 248 return &net_ns_tree; 249 case CLONE_NEWPID: 250 return &pid_ns_tree; 251 case CLONE_NEWUSER: 252 return &user_ns_tree; 253 case CLONE_NEWUTS: 254 return &uts_ns_tree; 255 case CLONE_NEWTIME: 256 return &time_ns_tree; 257 } 258 259 return NULL; 260 } 261 262 static struct ns_common *__ns_unified_tree_lookup_rcu(u64 ns_id) 263 { 264 struct rb_node *node; 265 unsigned int seq; 266 267 do { 268 seq = read_seqbegin(&ns_tree_lock); 269 node = rb_find_rcu(&ns_id, &ns_unified_tree, ns_find_unified); 270 if (node) 271 break; 272 } while (read_seqretry(&ns_tree_lock, seq)); 273 274 return node_to_ns_unified(node); 275 } 276 277 static struct ns_common *__ns_tree_lookup_rcu(u64 ns_id, int ns_type) 278 { 279 struct ns_tree *ns_tree; 280 struct rb_node *node; 281 unsigned int seq; 282 283 ns_tree = ns_tree_from_type(ns_type); 284 if (!ns_tree) 285 return NULL; 286 287 do { 288 seq = read_seqbegin(&ns_tree_lock); 289 node = rb_find_rcu(&ns_id, &ns_tree->ns_tree, ns_find); 290 if (node) 291 break; 292 } while (read_seqretry(&ns_tree_lock, seq)); 293 294 return node_to_ns(node); 295 } 296 297 struct ns_common *ns_tree_lookup_rcu(u64 ns_id, int ns_type) 298 { 299 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_lookup_rcu() usage"); 300 301 if (ns_type) 302 return __ns_tree_lookup_rcu(ns_id, ns_type); 303 304 return __ns_unified_tree_lookup_rcu(ns_id); 305 } 306 307 /** 308 * ns_tree_adjoined_rcu - find the next/previous namespace in the same 309 * tree 310 * @ns: namespace to start from 311 * @previous: if true find the previous namespace, otherwise the next 312 * 313 * Find the next or previous namespace in the same tree as @ns. If 314 * there is no next/previous namespace, -ENOENT is returned. 315 */ 316 struct ns_common *__ns_tree_adjoined_rcu(struct ns_common *ns, 317 struct ns_tree *ns_tree, bool previous) 318 { 319 struct list_head *list; 320 321 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_adjoined_rcu() usage"); 322 323 if (previous) 324 list = rcu_dereference(list_bidir_prev_rcu(&ns->ns_list_node)); 325 else 326 list = rcu_dereference(list_next_rcu(&ns->ns_list_node)); 327 if (list_is_head(list, &ns_tree->ns_list)) 328 return ERR_PTR(-ENOENT); 329 330 VFS_WARN_ON_ONCE(list_entry_rcu(list, struct ns_common, ns_list_node)->ns_type != ns_tree->type); 331 332 return list_entry_rcu(list, struct ns_common, ns_list_node); 333 } 334 335 /** 336 * ns_tree_gen_id - generate a new namespace id 337 * @ns: namespace to generate id for 338 * @id: if non-zero, this is the initial namespace and this is a fixed id 339 * 340 * Generates a new namespace id and assigns it to the namespace. All 341 * namespaces types share the same id space and thus can be compared 342 * directly. IOW, when two ids of two namespace are equal, they are 343 * identical. 344 */ 345 u64 __ns_tree_gen_id(struct ns_common *ns, u64 id) 346 { 347 static atomic64_t namespace_cookie = ATOMIC64_INIT(NS_LAST_INIT_ID + 1); 348 349 if (id) 350 ns->ns_id = id; 351 else 352 ns->ns_id = atomic64_inc_return(&namespace_cookie); 353 return ns->ns_id; 354 } 355 356 struct klistns { 357 u64 __user *uns_ids; 358 u32 nr_ns_ids; 359 u64 last_ns_id; 360 u64 user_ns_id; 361 u32 ns_type; 362 struct user_namespace *user_ns; 363 bool userns_capable; 364 struct ns_common *first_ns; 365 }; 366 367 static void __free_klistns_free(const struct klistns *kls) 368 { 369 if (kls->user_ns_id != LISTNS_CURRENT_USER) 370 put_user_ns(kls->user_ns); 371 if (kls->first_ns && kls->first_ns->ops) 372 kls->first_ns->ops->put(kls->first_ns); 373 } 374 375 #define NS_ALL (PID_NS | USER_NS | MNT_NS | UTS_NS | IPC_NS | NET_NS | CGROUP_NS | TIME_NS) 376 377 static int copy_ns_id_req(const struct ns_id_req __user *req, 378 struct ns_id_req *kreq) 379 { 380 int ret; 381 size_t usize; 382 383 BUILD_BUG_ON(sizeof(struct ns_id_req) != NS_ID_REQ_SIZE_VER0); 384 385 ret = get_user(usize, &req->size); 386 if (ret) 387 return -EFAULT; 388 if (unlikely(usize > PAGE_SIZE)) 389 return -E2BIG; 390 if (unlikely(usize < NS_ID_REQ_SIZE_VER0)) 391 return -EINVAL; 392 memset(kreq, 0, sizeof(*kreq)); 393 ret = copy_struct_from_user(kreq, sizeof(*kreq), req, usize); 394 if (ret) 395 return ret; 396 if (kreq->spare != 0) 397 return -EINVAL; 398 if (kreq->ns_type & ~NS_ALL) 399 return -EOPNOTSUPP; 400 return 0; 401 } 402 403 static inline int prepare_klistns(struct klistns *kls, struct ns_id_req *kreq, 404 u64 __user *ns_ids, size_t nr_ns_ids) 405 { 406 kls->last_ns_id = kreq->ns_id; 407 kls->user_ns_id = kreq->user_ns_id; 408 kls->nr_ns_ids = nr_ns_ids; 409 kls->ns_type = kreq->ns_type; 410 kls->uns_ids = ns_ids; 411 return 0; 412 } 413 414 /* 415 * Lookup a namespace owned by owner with id >= ns_id. 416 * Returns the namespace with the smallest id that is >= ns_id. 417 */ 418 static struct ns_common *lookup_ns_owner_at(u64 ns_id, struct ns_common *owner) 419 { 420 struct ns_common *ret = NULL; 421 struct rb_node *node; 422 423 VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER); 424 425 read_seqlock_excl(&ns_tree_lock); 426 node = owner->ns_owner_tree.rb_node; 427 428 while (node) { 429 struct ns_common *ns; 430 431 ns = node_to_ns_owner(node); 432 if (ns_id <= ns->ns_id) { 433 ret = ns; 434 if (ns_id == ns->ns_id) 435 break; 436 node = node->rb_left; 437 } else { 438 node = node->rb_right; 439 } 440 } 441 442 if (ret) 443 ret = ns_get_unless_inactive(ret); 444 read_sequnlock_excl(&ns_tree_lock); 445 return ret; 446 } 447 448 static struct ns_common *lookup_ns_id(u64 mnt_ns_id, int ns_type) 449 { 450 struct ns_common *ns; 451 452 guard(rcu)(); 453 ns = ns_tree_lookup_rcu(mnt_ns_id, ns_type); 454 if (!ns) 455 return NULL; 456 457 if (!ns_get_unless_inactive(ns)) 458 return NULL; 459 460 return ns; 461 } 462 463 static inline bool __must_check ns_requested(const struct klistns *kls, 464 const struct ns_common *ns) 465 { 466 return !kls->ns_type || (kls->ns_type & ns->ns_type); 467 } 468 469 static inline bool __must_check may_list_ns(const struct klistns *kls, 470 struct ns_common *ns) 471 { 472 if (kls->user_ns) { 473 if (kls->userns_capable) 474 return true; 475 } else { 476 struct ns_common *owner; 477 struct user_namespace *user_ns; 478 479 owner = ns_owner(ns); 480 if (owner) 481 user_ns = to_user_ns(owner); 482 else 483 user_ns = &init_user_ns; 484 if (ns_capable_noaudit(user_ns, CAP_SYS_ADMIN)) 485 return true; 486 } 487 488 if (is_current_namespace(ns)) 489 return true; 490 491 if (ns->ns_type != CLONE_NEWUSER) 492 return false; 493 494 if (ns_capable_noaudit(to_user_ns(ns), CAP_SYS_ADMIN)) 495 return true; 496 497 return false; 498 } 499 500 static inline void ns_put(struct ns_common *ns) 501 { 502 if (ns && ns->ops) 503 ns->ops->put(ns); 504 } 505 506 DEFINE_FREE(ns_put, struct ns_common *, if (!IS_ERR_OR_NULL(_T)) ns_put(_T)) 507 508 static inline struct ns_common *__must_check legitimize_ns(const struct klistns *kls, 509 struct ns_common *candidate) 510 { 511 struct ns_common *ns __free(ns_put) = NULL; 512 513 if (!ns_requested(kls, candidate)) 514 return NULL; 515 516 ns = ns_get_unless_inactive(candidate); 517 if (!ns) 518 return NULL; 519 520 if (!may_list_ns(kls, ns)) 521 return NULL; 522 523 return no_free_ptr(ns); 524 } 525 526 static ssize_t do_listns_userns(struct klistns *kls) 527 { 528 u64 __user *ns_ids = kls->uns_ids; 529 size_t nr_ns_ids = kls->nr_ns_ids; 530 struct ns_common *ns = NULL, *first_ns = NULL, *prev = NULL; 531 const struct list_head *head; 532 ssize_t ret; 533 534 VFS_WARN_ON_ONCE(!kls->user_ns_id); 535 536 if (kls->user_ns_id == LISTNS_CURRENT_USER) 537 ns = to_ns_common(current_user_ns()); 538 else if (kls->user_ns_id) 539 ns = lookup_ns_id(kls->user_ns_id, CLONE_NEWUSER); 540 if (!ns) 541 return -EINVAL; 542 kls->user_ns = to_user_ns(ns); 543 544 /* 545 * Use the rbtree to find the first namespace we care about and 546 * then use it's list entry to iterate from there. 547 */ 548 if (kls->last_ns_id) { 549 kls->first_ns = lookup_ns_owner_at(kls->last_ns_id + 1, ns); 550 if (!kls->first_ns) 551 return -ENOENT; 552 first_ns = kls->first_ns; 553 } 554 555 ret = 0; 556 head = &to_ns_common(kls->user_ns)->ns_owner; 557 kls->userns_capable = ns_capable_noaudit(kls->user_ns, CAP_SYS_ADMIN); 558 559 rcu_read_lock(); 560 561 if (!first_ns) 562 first_ns = list_entry_rcu(head->next, typeof(*ns), ns_owner_entry); 563 564 for (ns = first_ns; &ns->ns_owner_entry != head && nr_ns_ids; 565 ns = list_entry_rcu(ns->ns_owner_entry.next, typeof(*ns), ns_owner_entry)) { 566 struct ns_common *valid; 567 568 valid = legitimize_ns(kls, ns); 569 if (!valid) 570 continue; 571 572 rcu_read_unlock(); 573 574 ns_put(prev); 575 prev = valid; 576 577 if (put_user(valid->ns_id, ns_ids + ret)) { 578 ns_put(prev); 579 return -EFAULT; 580 } 581 582 nr_ns_ids--; 583 ret++; 584 585 rcu_read_lock(); 586 } 587 588 rcu_read_unlock(); 589 ns_put(prev); 590 return ret; 591 } 592 593 /* 594 * Lookup a namespace with id >= ns_id in either the unified tree or a type-specific tree. 595 * Returns the namespace with the smallest id that is >= ns_id. 596 */ 597 static struct ns_common *lookup_ns_id_at(u64 ns_id, int ns_type) 598 { 599 struct ns_common *ret = NULL; 600 struct ns_tree *ns_tree = NULL; 601 struct rb_node *node; 602 603 if (ns_type) { 604 ns_tree = ns_tree_from_type(ns_type); 605 if (!ns_tree) 606 return NULL; 607 } 608 609 read_seqlock_excl(&ns_tree_lock); 610 if (ns_tree) 611 node = ns_tree->ns_tree.rb_node; 612 else 613 node = ns_unified_tree.rb_node; 614 615 while (node) { 616 struct ns_common *ns; 617 618 if (ns_type) 619 ns = node_to_ns(node); 620 else 621 ns = node_to_ns_unified(node); 622 623 if (ns_id <= ns->ns_id) { 624 if (ns_type) 625 ret = node_to_ns(node); 626 else 627 ret = node_to_ns_unified(node); 628 if (ns_id == ns->ns_id) 629 break; 630 node = node->rb_left; 631 } else { 632 node = node->rb_right; 633 } 634 } 635 636 if (ret) 637 ret = ns_get_unless_inactive(ret); 638 read_sequnlock_excl(&ns_tree_lock); 639 return ret; 640 } 641 642 static inline struct ns_common *first_ns_common(const struct list_head *head, 643 struct ns_tree *ns_tree) 644 { 645 if (ns_tree) 646 return list_entry_rcu(head->next, struct ns_common, ns_list_node); 647 return list_entry_rcu(head->next, struct ns_common, ns_unified_list_node); 648 } 649 650 static inline struct ns_common *next_ns_common(struct ns_common *ns, 651 struct ns_tree *ns_tree) 652 { 653 if (ns_tree) 654 return list_entry_rcu(ns->ns_list_node.next, struct ns_common, ns_list_node); 655 return list_entry_rcu(ns->ns_unified_list_node.next, struct ns_common, ns_unified_list_node); 656 } 657 658 static inline bool ns_common_is_head(struct ns_common *ns, 659 const struct list_head *head, 660 struct ns_tree *ns_tree) 661 { 662 if (ns_tree) 663 return &ns->ns_list_node == head; 664 return &ns->ns_unified_list_node == head; 665 } 666 667 static ssize_t do_listns(struct klistns *kls) 668 { 669 u64 __user *ns_ids = kls->uns_ids; 670 size_t nr_ns_ids = kls->nr_ns_ids; 671 struct ns_common *ns, *first_ns = NULL, *prev = NULL; 672 struct ns_tree *ns_tree = NULL; 673 const struct list_head *head; 674 u32 ns_type; 675 ssize_t ret; 676 677 if (hweight32(kls->ns_type) == 1) 678 ns_type = kls->ns_type; 679 else 680 ns_type = 0; 681 682 if (ns_type) { 683 ns_tree = ns_tree_from_type(ns_type); 684 if (!ns_tree) 685 return -EINVAL; 686 } 687 688 if (kls->last_ns_id) { 689 kls->first_ns = lookup_ns_id_at(kls->last_ns_id + 1, ns_type); 690 if (!kls->first_ns) 691 return -ENOENT; 692 first_ns = kls->first_ns; 693 } 694 695 ret = 0; 696 if (ns_tree) 697 head = &ns_tree->ns_list; 698 else 699 head = &ns_unified_list; 700 701 rcu_read_lock(); 702 703 if (!first_ns) 704 first_ns = first_ns_common(head, ns_tree); 705 706 for (ns = first_ns; !ns_common_is_head(ns, head, ns_tree) && nr_ns_ids; 707 ns = next_ns_common(ns, ns_tree)) { 708 struct ns_common *valid; 709 710 valid = legitimize_ns(kls, ns); 711 if (!valid) 712 continue; 713 714 rcu_read_unlock(); 715 716 ns_put(prev); 717 prev = valid; 718 719 if (put_user(valid->ns_id, ns_ids + ret)) { 720 ns_put(prev); 721 return -EFAULT; 722 } 723 724 nr_ns_ids--; 725 ret++; 726 727 rcu_read_lock(); 728 } 729 730 rcu_read_unlock(); 731 ns_put(prev); 732 return ret; 733 } 734 735 SYSCALL_DEFINE4(listns, const struct ns_id_req __user *, req, 736 u64 __user *, ns_ids, size_t, nr_ns_ids, unsigned int, flags) 737 { 738 struct klistns klns __free(klistns_free) = {}; 739 const size_t maxcount = 1000000; 740 struct ns_id_req kreq; 741 ssize_t ret; 742 743 if (flags) 744 return -EINVAL; 745 746 if (unlikely(nr_ns_ids > maxcount)) 747 return -EOVERFLOW; 748 749 if (!access_ok(ns_ids, nr_ns_ids * sizeof(*ns_ids))) 750 return -EFAULT; 751 752 ret = copy_ns_id_req(req, &kreq); 753 if (ret) 754 return ret; 755 756 ret = prepare_klistns(&klns, &kreq, ns_ids, nr_ns_ids); 757 if (ret) 758 return ret; 759 760 if (kreq.user_ns_id) 761 return do_listns_userns(&klns); 762 763 return do_listns(&klns); 764 } 765