1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (c) 2025 Christian Brauner <brauner@kernel.org> */ 3 4 #include <linux/nstree.h> 5 #include <linux/proc_ns.h> 6 #include <linux/rculist.h> 7 #include <linux/vfsdebug.h> 8 #include <linux/syscalls.h> 9 #include <linux/user_namespace.h> 10 11 static __cacheline_aligned_in_smp DEFINE_SEQLOCK(ns_tree_lock); 12 static struct rb_root ns_unified_tree = RB_ROOT; /* protected by ns_tree_lock */ 13 static LIST_HEAD(ns_unified_list); /* protected by ns_tree_lock */ 14 15 /** 16 * struct ns_tree - Namespace tree 17 * @ns_tree: Rbtree of namespaces of a particular type 18 * @ns_list: Sequentially walkable list of all namespaces of this type 19 * @type: type of namespaces in this tree 20 */ 21 struct ns_tree { 22 struct rb_root ns_tree; 23 struct list_head ns_list; 24 int type; 25 }; 26 27 struct ns_tree mnt_ns_tree = { 28 .ns_tree = RB_ROOT, 29 .ns_list = LIST_HEAD_INIT(mnt_ns_tree.ns_list), 30 .type = CLONE_NEWNS, 31 }; 32 33 struct ns_tree net_ns_tree = { 34 .ns_tree = RB_ROOT, 35 .ns_list = LIST_HEAD_INIT(net_ns_tree.ns_list), 36 .type = CLONE_NEWNET, 37 }; 38 EXPORT_SYMBOL_GPL(net_ns_tree); 39 40 struct ns_tree uts_ns_tree = { 41 .ns_tree = RB_ROOT, 42 .ns_list = LIST_HEAD_INIT(uts_ns_tree.ns_list), 43 .type = CLONE_NEWUTS, 44 }; 45 46 struct ns_tree user_ns_tree = { 47 .ns_tree = RB_ROOT, 48 .ns_list = LIST_HEAD_INIT(user_ns_tree.ns_list), 49 .type = CLONE_NEWUSER, 50 }; 51 52 struct ns_tree ipc_ns_tree = { 53 .ns_tree = RB_ROOT, 54 .ns_list = LIST_HEAD_INIT(ipc_ns_tree.ns_list), 55 .type = CLONE_NEWIPC, 56 }; 57 58 struct ns_tree pid_ns_tree = { 59 .ns_tree = RB_ROOT, 60 .ns_list = LIST_HEAD_INIT(pid_ns_tree.ns_list), 61 .type = CLONE_NEWPID, 62 }; 63 64 struct ns_tree cgroup_ns_tree = { 65 .ns_tree = RB_ROOT, 66 .ns_list = LIST_HEAD_INIT(cgroup_ns_tree.ns_list), 67 .type = CLONE_NEWCGROUP, 68 }; 69 70 struct ns_tree time_ns_tree = { 71 .ns_tree = RB_ROOT, 72 .ns_list = LIST_HEAD_INIT(time_ns_tree.ns_list), 73 .type = CLONE_NEWTIME, 74 }; 75 76 static inline struct ns_common *node_to_ns(const struct rb_node *node) 77 { 78 if (!node) 79 return NULL; 80 return rb_entry(node, struct ns_common, ns_tree_node); 81 } 82 83 static inline struct ns_common *node_to_ns_unified(const struct rb_node *node) 84 { 85 if (!node) 86 return NULL; 87 return rb_entry(node, struct ns_common, ns_unified_tree_node); 88 } 89 90 static inline struct ns_common *node_to_ns_owner(const struct rb_node *node) 91 { 92 if (!node) 93 return NULL; 94 return rb_entry(node, struct ns_common, ns_owner_tree_node); 95 } 96 97 static int ns_id_cmp(u64 id_a, u64 id_b) 98 { 99 if (id_a < id_b) 100 return -1; 101 if (id_a > id_b) 102 return 1; 103 return 0; 104 } 105 106 static int ns_cmp(struct rb_node *a, const struct rb_node *b) 107 { 108 return ns_id_cmp(node_to_ns(a)->ns_id, node_to_ns(b)->ns_id); 109 } 110 111 static int ns_cmp_unified(struct rb_node *a, const struct rb_node *b) 112 { 113 return ns_id_cmp(node_to_ns_unified(a)->ns_id, node_to_ns_unified(b)->ns_id); 114 } 115 116 static int ns_cmp_owner(struct rb_node *a, const struct rb_node *b) 117 { 118 return ns_id_cmp(node_to_ns_owner(a)->ns_id, node_to_ns_owner(b)->ns_id); 119 } 120 121 void __ns_tree_add_raw(struct ns_common *ns, struct ns_tree *ns_tree) 122 { 123 struct rb_node *node, *prev; 124 const struct proc_ns_operations *ops = ns->ops; 125 126 VFS_WARN_ON_ONCE(!ns->ns_id); 127 VFS_WARN_ON_ONCE(ns->ns_type != ns_tree->type); 128 129 write_seqlock(&ns_tree_lock); 130 131 node = rb_find_add_rcu(&ns->ns_tree_node, &ns_tree->ns_tree, ns_cmp); 132 /* 133 * If there's no previous entry simply add it after the 134 * head and if there is add it after the previous entry. 135 */ 136 prev = rb_prev(&ns->ns_tree_node); 137 if (!prev) 138 list_add_rcu(&ns->ns_list_node, &ns_tree->ns_list); 139 else 140 list_add_rcu(&ns->ns_list_node, &node_to_ns(prev)->ns_list_node); 141 142 /* Add to unified tree and list */ 143 rb_find_add_rcu(&ns->ns_unified_tree_node, &ns_unified_tree, ns_cmp_unified); 144 prev = rb_prev(&ns->ns_unified_tree_node); 145 if (!prev) 146 list_add_rcu(&ns->ns_unified_list_node, &ns_unified_list); 147 else 148 list_add_rcu(&ns->ns_unified_list_node, &node_to_ns_unified(prev)->ns_unified_list_node); 149 150 if (ops) { 151 struct user_namespace *user_ns; 152 153 VFS_WARN_ON_ONCE(!ops->owner); 154 user_ns = ops->owner(ns); 155 if (user_ns) { 156 struct ns_common *owner = &user_ns->ns; 157 VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER); 158 159 /* Insert into owner's rbtree */ 160 rb_find_add_rcu(&ns->ns_owner_tree_node, &owner->ns_owner_tree, ns_cmp_owner); 161 162 /* Insert into owner's list in sorted order */ 163 prev = rb_prev(&ns->ns_owner_tree_node); 164 if (!prev) 165 list_add_rcu(&ns->ns_owner_entry, &owner->ns_owner); 166 else 167 list_add_rcu(&ns->ns_owner_entry, &node_to_ns_owner(prev)->ns_owner_entry); 168 } else { 169 /* Only the initial user namespace doesn't have an owner. */ 170 VFS_WARN_ON_ONCE(ns != to_ns_common(&init_user_ns)); 171 } 172 } 173 write_sequnlock(&ns_tree_lock); 174 175 VFS_WARN_ON_ONCE(node); 176 177 /* 178 * Take an active reference on the owner namespace. This ensures 179 * that the owner remains visible while any of its child namespaces 180 * are active. For init namespaces this is a no-op as ns_owner() 181 * returns NULL for namespaces owned by init_user_ns. 182 */ 183 __ns_ref_active_get_owner(ns); 184 } 185 186 void __ns_tree_remove(struct ns_common *ns, struct ns_tree *ns_tree) 187 { 188 const struct proc_ns_operations *ops = ns->ops; 189 struct user_namespace *user_ns; 190 191 VFS_WARN_ON_ONCE(RB_EMPTY_NODE(&ns->ns_tree_node)); 192 VFS_WARN_ON_ONCE(list_empty(&ns->ns_list_node)); 193 VFS_WARN_ON_ONCE(ns->ns_type != ns_tree->type); 194 195 write_seqlock(&ns_tree_lock); 196 rb_erase(&ns->ns_tree_node, &ns_tree->ns_tree); 197 RB_CLEAR_NODE(&ns->ns_tree_node); 198 199 list_bidir_del_rcu(&ns->ns_list_node); 200 201 rb_erase(&ns->ns_unified_tree_node, &ns_unified_tree); 202 RB_CLEAR_NODE(&ns->ns_unified_tree_node); 203 204 list_bidir_del_rcu(&ns->ns_unified_list_node); 205 206 /* Remove from owner's rbtree if this namespace has an owner */ 207 if (ops) { 208 user_ns = ops->owner(ns); 209 if (user_ns) { 210 struct ns_common *owner = &user_ns->ns; 211 rb_erase(&ns->ns_owner_tree_node, &owner->ns_owner_tree); 212 RB_CLEAR_NODE(&ns->ns_owner_tree_node); 213 } 214 215 list_bidir_del_rcu(&ns->ns_owner_entry); 216 } 217 218 write_sequnlock(&ns_tree_lock); 219 } 220 EXPORT_SYMBOL_GPL(__ns_tree_remove); 221 222 static int ns_find(const void *key, const struct rb_node *node) 223 { 224 const u64 ns_id = *(u64 *)key; 225 const struct ns_common *ns = node_to_ns(node); 226 227 if (ns_id < ns->ns_id) 228 return -1; 229 if (ns_id > ns->ns_id) 230 return 1; 231 return 0; 232 } 233 234 static int ns_find_unified(const void *key, const struct rb_node *node) 235 { 236 const u64 ns_id = *(u64 *)key; 237 const struct ns_common *ns = node_to_ns_unified(node); 238 239 if (ns_id < ns->ns_id) 240 return -1; 241 if (ns_id > ns->ns_id) 242 return 1; 243 return 0; 244 } 245 246 static struct ns_tree *ns_tree_from_type(int ns_type) 247 { 248 switch (ns_type) { 249 case CLONE_NEWCGROUP: 250 return &cgroup_ns_tree; 251 case CLONE_NEWIPC: 252 return &ipc_ns_tree; 253 case CLONE_NEWNS: 254 return &mnt_ns_tree; 255 case CLONE_NEWNET: 256 return &net_ns_tree; 257 case CLONE_NEWPID: 258 return &pid_ns_tree; 259 case CLONE_NEWUSER: 260 return &user_ns_tree; 261 case CLONE_NEWUTS: 262 return &uts_ns_tree; 263 case CLONE_NEWTIME: 264 return &time_ns_tree; 265 } 266 267 return NULL; 268 } 269 270 static struct ns_common *__ns_unified_tree_lookup_rcu(u64 ns_id) 271 { 272 struct rb_node *node; 273 unsigned int seq; 274 275 do { 276 seq = read_seqbegin(&ns_tree_lock); 277 node = rb_find_rcu(&ns_id, &ns_unified_tree, ns_find_unified); 278 if (node) 279 break; 280 } while (read_seqretry(&ns_tree_lock, seq)); 281 282 return node_to_ns_unified(node); 283 } 284 285 static struct ns_common *__ns_tree_lookup_rcu(u64 ns_id, int ns_type) 286 { 287 struct ns_tree *ns_tree; 288 struct rb_node *node; 289 unsigned int seq; 290 291 ns_tree = ns_tree_from_type(ns_type); 292 if (!ns_tree) 293 return NULL; 294 295 do { 296 seq = read_seqbegin(&ns_tree_lock); 297 node = rb_find_rcu(&ns_id, &ns_tree->ns_tree, ns_find); 298 if (node) 299 break; 300 } while (read_seqretry(&ns_tree_lock, seq)); 301 302 return node_to_ns(node); 303 } 304 305 struct ns_common *ns_tree_lookup_rcu(u64 ns_id, int ns_type) 306 { 307 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_lookup_rcu() usage"); 308 309 if (ns_type) 310 return __ns_tree_lookup_rcu(ns_id, ns_type); 311 312 return __ns_unified_tree_lookup_rcu(ns_id); 313 } 314 315 /** 316 * ns_tree_adjoined_rcu - find the next/previous namespace in the same 317 * tree 318 * @ns: namespace to start from 319 * @previous: if true find the previous namespace, otherwise the next 320 * 321 * Find the next or previous namespace in the same tree as @ns. If 322 * there is no next/previous namespace, -ENOENT is returned. 323 */ 324 struct ns_common *__ns_tree_adjoined_rcu(struct ns_common *ns, 325 struct ns_tree *ns_tree, bool previous) 326 { 327 struct list_head *list; 328 329 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_adjoined_rcu() usage"); 330 331 if (previous) 332 list = rcu_dereference(list_bidir_prev_rcu(&ns->ns_list_node)); 333 else 334 list = rcu_dereference(list_next_rcu(&ns->ns_list_node)); 335 if (list_is_head(list, &ns_tree->ns_list)) 336 return ERR_PTR(-ENOENT); 337 338 VFS_WARN_ON_ONCE(list_entry_rcu(list, struct ns_common, ns_list_node)->ns_type != ns_tree->type); 339 340 return list_entry_rcu(list, struct ns_common, ns_list_node); 341 } 342 343 /** 344 * ns_tree_gen_id - generate a new namespace id 345 * @ns: namespace to generate id for 346 * @id: if non-zero, this is the initial namespace and this is a fixed id 347 * 348 * Generates a new namespace id and assigns it to the namespace. All 349 * namespaces types share the same id space and thus can be compared 350 * directly. IOW, when two ids of two namespace are equal, they are 351 * identical. 352 */ 353 u64 __ns_tree_gen_id(struct ns_common *ns, u64 id) 354 { 355 static atomic64_t namespace_cookie = ATOMIC64_INIT(NS_LAST_INIT_ID + 1); 356 357 if (id) 358 ns->ns_id = id; 359 else 360 ns->ns_id = atomic64_inc_return(&namespace_cookie); 361 return ns->ns_id; 362 } 363 364 struct klistns { 365 u64 __user *uns_ids; 366 u32 nr_ns_ids; 367 u64 last_ns_id; 368 u64 user_ns_id; 369 u32 ns_type; 370 struct user_namespace *user_ns; 371 bool userns_capable; 372 struct ns_common *first_ns; 373 }; 374 375 static void __free_klistns_free(const struct klistns *kls) 376 { 377 if (kls->user_ns_id != LISTNS_CURRENT_USER) 378 put_user_ns(kls->user_ns); 379 if (kls->first_ns && kls->first_ns->ops) 380 kls->first_ns->ops->put(kls->first_ns); 381 } 382 383 #define NS_ALL (PID_NS | USER_NS | MNT_NS | UTS_NS | IPC_NS | NET_NS | CGROUP_NS | TIME_NS) 384 385 static int copy_ns_id_req(const struct ns_id_req __user *req, 386 struct ns_id_req *kreq) 387 { 388 int ret; 389 size_t usize; 390 391 BUILD_BUG_ON(sizeof(struct ns_id_req) != NS_ID_REQ_SIZE_VER0); 392 393 ret = get_user(usize, &req->size); 394 if (ret) 395 return -EFAULT; 396 if (unlikely(usize > PAGE_SIZE)) 397 return -E2BIG; 398 if (unlikely(usize < NS_ID_REQ_SIZE_VER0)) 399 return -EINVAL; 400 memset(kreq, 0, sizeof(*kreq)); 401 ret = copy_struct_from_user(kreq, sizeof(*kreq), req, usize); 402 if (ret) 403 return ret; 404 if (kreq->spare != 0) 405 return -EINVAL; 406 if (kreq->ns_type & ~NS_ALL) 407 return -EOPNOTSUPP; 408 return 0; 409 } 410 411 static inline int prepare_klistns(struct klistns *kls, struct ns_id_req *kreq, 412 u64 __user *ns_ids, size_t nr_ns_ids) 413 { 414 kls->last_ns_id = kreq->ns_id; 415 kls->user_ns_id = kreq->user_ns_id; 416 kls->nr_ns_ids = nr_ns_ids; 417 kls->ns_type = kreq->ns_type; 418 kls->uns_ids = ns_ids; 419 return 0; 420 } 421 422 /* 423 * Lookup a namespace owned by owner with id >= ns_id. 424 * Returns the namespace with the smallest id that is >= ns_id. 425 */ 426 static struct ns_common *lookup_ns_owner_at(u64 ns_id, struct ns_common *owner) 427 { 428 struct ns_common *ret = NULL; 429 struct rb_node *node; 430 431 VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER); 432 433 read_seqlock_excl(&ns_tree_lock); 434 node = owner->ns_owner_tree.rb_node; 435 436 while (node) { 437 struct ns_common *ns; 438 439 ns = node_to_ns_owner(node); 440 if (ns_id <= ns->ns_id) { 441 ret = ns; 442 if (ns_id == ns->ns_id) 443 break; 444 node = node->rb_left; 445 } else { 446 node = node->rb_right; 447 } 448 } 449 450 if (ret) 451 ret = ns_get_unless_inactive(ret); 452 read_sequnlock_excl(&ns_tree_lock); 453 return ret; 454 } 455 456 static struct ns_common *lookup_ns_id(u64 mnt_ns_id, int ns_type) 457 { 458 struct ns_common *ns; 459 460 guard(rcu)(); 461 ns = ns_tree_lookup_rcu(mnt_ns_id, ns_type); 462 if (!ns) 463 return NULL; 464 465 if (!ns_get_unless_inactive(ns)) 466 return NULL; 467 468 return ns; 469 } 470 471 static inline bool __must_check ns_requested(const struct klistns *kls, 472 const struct ns_common *ns) 473 { 474 return !kls->ns_type || (kls->ns_type & ns->ns_type); 475 } 476 477 static inline bool __must_check may_list_ns(const struct klistns *kls, 478 struct ns_common *ns) 479 { 480 if (kls->user_ns) { 481 if (kls->userns_capable) 482 return true; 483 } else { 484 struct ns_common *owner; 485 struct user_namespace *user_ns; 486 487 owner = ns_owner(ns); 488 if (owner) 489 user_ns = to_user_ns(owner); 490 else 491 user_ns = &init_user_ns; 492 if (ns_capable_noaudit(user_ns, CAP_SYS_ADMIN)) 493 return true; 494 } 495 496 if (is_current_namespace(ns)) 497 return true; 498 499 if (ns->ns_type != CLONE_NEWUSER) 500 return false; 501 502 if (ns_capable_noaudit(to_user_ns(ns), CAP_SYS_ADMIN)) 503 return true; 504 505 return false; 506 } 507 508 static void __ns_put(struct ns_common *ns) 509 { 510 if (ns->ops) 511 ns->ops->put(ns); 512 } 513 514 DEFINE_FREE(ns_put, struct ns_common *, if (!IS_ERR_OR_NULL(_T)) __ns_put(_T)) 515 516 static inline struct ns_common *__must_check legitimize_ns(const struct klistns *kls, 517 struct ns_common *candidate) 518 { 519 struct ns_common *ns __free(ns_put) = NULL; 520 521 if (!ns_requested(kls, candidate)) 522 return NULL; 523 524 ns = ns_get_unless_inactive(candidate); 525 if (!ns) 526 return NULL; 527 528 if (!may_list_ns(kls, ns)) 529 return NULL; 530 531 return no_free_ptr(ns); 532 } 533 534 static ssize_t do_listns_userns(struct klistns *kls) 535 { 536 u64 __user *ns_ids = kls->uns_ids; 537 size_t nr_ns_ids = kls->nr_ns_ids; 538 struct ns_common *ns = NULL, *first_ns = NULL; 539 const struct list_head *head; 540 ssize_t ret; 541 542 VFS_WARN_ON_ONCE(!kls->user_ns_id); 543 544 if (kls->user_ns_id == LISTNS_CURRENT_USER) 545 ns = to_ns_common(current_user_ns()); 546 else if (kls->user_ns_id) 547 ns = lookup_ns_id(kls->user_ns_id, CLONE_NEWUSER); 548 if (!ns) 549 return -EINVAL; 550 kls->user_ns = to_user_ns(ns); 551 552 /* 553 * Use the rbtree to find the first namespace we care about and 554 * then use it's list entry to iterate from there. 555 */ 556 if (kls->last_ns_id) { 557 kls->first_ns = lookup_ns_owner_at(kls->last_ns_id + 1, ns); 558 if (!kls->first_ns) 559 return -ENOENT; 560 first_ns = kls->first_ns; 561 } 562 563 ret = 0; 564 head = &to_ns_common(kls->user_ns)->ns_owner; 565 kls->userns_capable = ns_capable_noaudit(kls->user_ns, CAP_SYS_ADMIN); 566 567 rcu_read_lock(); 568 569 if (!first_ns) 570 first_ns = list_entry_rcu(head->next, typeof(*ns), ns_owner_entry); 571 for (ns = first_ns; &ns->ns_owner_entry != head && nr_ns_ids; 572 ns = list_entry_rcu(ns->ns_owner_entry.next, typeof(*ns), ns_owner_entry)) { 573 struct ns_common *valid __free(ns_put); 574 575 valid = legitimize_ns(kls, ns); 576 if (!valid) 577 continue; 578 579 rcu_read_unlock(); 580 581 if (put_user(valid->ns_id, ns_ids + ret)) 582 return -EINVAL; 583 nr_ns_ids--; 584 ret++; 585 586 rcu_read_lock(); 587 } 588 589 rcu_read_unlock(); 590 return ret; 591 } 592 593 /* 594 * Lookup a namespace with id >= ns_id in either the unified tree or a type-specific tree. 595 * Returns the namespace with the smallest id that is >= ns_id. 596 */ 597 static struct ns_common *lookup_ns_id_at(u64 ns_id, int ns_type) 598 { 599 struct ns_common *ret = NULL; 600 struct ns_tree *ns_tree = NULL; 601 struct rb_node *node; 602 603 if (ns_type) { 604 ns_tree = ns_tree_from_type(ns_type); 605 if (!ns_tree) 606 return NULL; 607 } 608 609 read_seqlock_excl(&ns_tree_lock); 610 if (ns_tree) 611 node = ns_tree->ns_tree.rb_node; 612 else 613 node = ns_unified_tree.rb_node; 614 615 while (node) { 616 struct ns_common *ns; 617 618 if (ns_type) 619 ns = node_to_ns(node); 620 else 621 ns = node_to_ns_unified(node); 622 623 if (ns_id <= ns->ns_id) { 624 if (ns_type) 625 ret = node_to_ns(node); 626 else 627 ret = node_to_ns_unified(node); 628 if (ns_id == ns->ns_id) 629 break; 630 node = node->rb_left; 631 } else { 632 node = node->rb_right; 633 } 634 } 635 636 if (ret) 637 ret = ns_get_unless_inactive(ret); 638 read_sequnlock_excl(&ns_tree_lock); 639 return ret; 640 } 641 642 static inline struct ns_common *first_ns_common(const struct list_head *head, 643 struct ns_tree *ns_tree) 644 { 645 if (ns_tree) 646 return list_entry_rcu(head->next, struct ns_common, ns_list_node); 647 return list_entry_rcu(head->next, struct ns_common, ns_unified_list_node); 648 } 649 650 static inline struct ns_common *next_ns_common(struct ns_common *ns, 651 struct ns_tree *ns_tree) 652 { 653 if (ns_tree) 654 return list_entry_rcu(ns->ns_list_node.next, struct ns_common, ns_list_node); 655 return list_entry_rcu(ns->ns_unified_list_node.next, struct ns_common, ns_unified_list_node); 656 } 657 658 static inline bool ns_common_is_head(struct ns_common *ns, 659 const struct list_head *head, 660 struct ns_tree *ns_tree) 661 { 662 if (ns_tree) 663 return &ns->ns_list_node == head; 664 return &ns->ns_unified_list_node == head; 665 } 666 667 static ssize_t do_listns(struct klistns *kls) 668 { 669 u64 __user *ns_ids = kls->uns_ids; 670 size_t nr_ns_ids = kls->nr_ns_ids; 671 struct ns_common *ns, *first_ns = NULL; 672 struct ns_tree *ns_tree = NULL; 673 const struct list_head *head; 674 u32 ns_type; 675 ssize_t ret; 676 677 if (hweight32(kls->ns_type) == 1) 678 ns_type = kls->ns_type; 679 else 680 ns_type = 0; 681 682 if (ns_type) { 683 ns_tree = ns_tree_from_type(ns_type); 684 if (!ns_tree) 685 return -EINVAL; 686 } 687 688 if (kls->last_ns_id) { 689 kls->first_ns = lookup_ns_id_at(kls->last_ns_id + 1, ns_type); 690 if (!kls->first_ns) 691 return -ENOENT; 692 first_ns = kls->first_ns; 693 } 694 695 ret = 0; 696 if (ns_tree) 697 head = &ns_tree->ns_list; 698 else 699 head = &ns_unified_list; 700 701 rcu_read_lock(); 702 703 if (!first_ns) 704 first_ns = first_ns_common(head, ns_tree); 705 706 for (ns = first_ns; !ns_common_is_head(ns, head, ns_tree) && nr_ns_ids; 707 ns = next_ns_common(ns, ns_tree)) { 708 struct ns_common *valid __free(ns_put); 709 710 valid = legitimize_ns(kls, ns); 711 if (!valid) 712 continue; 713 714 rcu_read_unlock(); 715 716 if (put_user(valid->ns_id, ns_ids + ret)) 717 return -EINVAL; 718 719 nr_ns_ids--; 720 ret++; 721 722 rcu_read_lock(); 723 } 724 725 rcu_read_unlock(); 726 return ret; 727 } 728 729 SYSCALL_DEFINE4(listns, const struct ns_id_req __user *, req, 730 u64 __user *, ns_ids, size_t, nr_ns_ids, unsigned int, flags) 731 { 732 struct klistns klns __free(klistns_free) = {}; 733 const size_t maxcount = 1000000; 734 struct ns_id_req kreq; 735 ssize_t ret; 736 737 if (flags) 738 return -EINVAL; 739 740 if (unlikely(nr_ns_ids > maxcount)) 741 return -EOVERFLOW; 742 743 if (!access_ok(ns_ids, nr_ns_ids * sizeof(*ns_ids))) 744 return -EFAULT; 745 746 ret = copy_ns_id_req(req, &kreq); 747 if (ret) 748 return ret; 749 750 ret = prepare_klistns(&klns, &kreq, ns_ids, nr_ns_ids); 751 if (ret) 752 return ret; 753 754 if (kreq.user_ns_id) 755 return do_listns_userns(&klns); 756 757 return do_listns(&klns); 758 } 759