xref: /linux/kernel/time/namespace.c (revision 6b3f7af57881f6d6250c6dcc4d910fe8e855a607) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Author: Andrei Vagin <avagin@openvz.org>
4  * Author: Dmitry Safonov <dima@arista.com>
5  */
6 
7 #include <linux/time_namespace.h>
8 #include <linux/user_namespace.h>
9 #include <linux/sched/signal.h>
10 #include <linux/sched/task.h>
11 #include <linux/clocksource.h>
12 #include <linux/seq_file.h>
13 #include <linux/proc_ns.h>
14 #include <linux/export.h>
15 #include <linux/nstree.h>
16 #include <linux/time.h>
17 #include <linux/slab.h>
18 #include <linux/cred.h>
19 #include <linux/err.h>
20 #include <linux/mm.h>
21 #include <linux/cleanup.h>
22 
23 #include "namespace_internal.h"
24 
25 ktime_t do_timens_ktime_to_host(clockid_t clockid, ktime_t tim,
26 				struct timens_offsets *ns_offsets)
27 {
28 	ktime_t offset;
29 
30 	switch (clockid) {
31 	case CLOCK_MONOTONIC:
32 		offset = timespec64_to_ktime(ns_offsets->monotonic);
33 		break;
34 	case CLOCK_BOOTTIME:
35 	case CLOCK_BOOTTIME_ALARM:
36 		offset = timespec64_to_ktime(ns_offsets->boottime);
37 		break;
38 	default:
39 		return tim;
40 	}
41 
42 	/*
43 	 * Check that @tim value is in [offset, KTIME_MAX + offset]
44 	 * and subtract offset.
45 	 */
46 	if (tim < offset) {
47 		/*
48 		 * User can specify @tim *absolute* value - if it's lesser than
49 		 * the time namespace's offset - it's already expired.
50 		 */
51 		tim = 0;
52 	} else {
53 		tim = ktime_sub(tim, offset);
54 		if (unlikely(tim > KTIME_MAX))
55 			tim = KTIME_MAX;
56 	}
57 
58 	return tim;
59 }
60 EXPORT_SYMBOL_GPL(do_timens_ktime_to_host);
61 
62 static struct ucounts *inc_time_namespaces(struct user_namespace *ns)
63 {
64 	return inc_ucount(ns, current_euid(), UCOUNT_TIME_NAMESPACES);
65 }
66 
67 static void dec_time_namespaces(struct ucounts *ucounts)
68 {
69 	dec_ucount(ucounts, UCOUNT_TIME_NAMESPACES);
70 }
71 
72 /**
73  * clone_time_ns - Clone a time namespace
74  * @user_ns:	User namespace which owns a new namespace.
75  * @old_ns:	Namespace to clone
76  *
77  * Clone @old_ns and set the clone refcount to 1
78  *
79  * Return: The new namespace or ERR_PTR.
80  */
81 static struct time_namespace *clone_time_ns(struct user_namespace *user_ns,
82 					  struct time_namespace *old_ns)
83 {
84 	struct time_namespace *ns;
85 	struct ucounts *ucounts;
86 	int err;
87 
88 	err = -ENOSPC;
89 	ucounts = inc_time_namespaces(user_ns);
90 	if (!ucounts)
91 		goto fail;
92 
93 	err = -ENOMEM;
94 	ns = kzalloc_obj(*ns, GFP_KERNEL_ACCOUNT);
95 	if (!ns)
96 		goto fail_dec;
97 
98 	err = timens_vdso_alloc_vvar_page(ns);
99 	if (err)
100 		goto fail_free;
101 
102 	err = ns_common_init(ns);
103 	if (err)
104 		goto fail_free_page;
105 
106 	ns->ucounts = ucounts;
107 	ns->user_ns = get_user_ns(user_ns);
108 	ns->offsets = old_ns->offsets;
109 	ns->frozen_offsets = false;
110 	ns_tree_add(ns);
111 	return ns;
112 
113 fail_free_page:
114 	timens_vdso_free_vvar_page(ns);
115 fail_free:
116 	kfree(ns);
117 fail_dec:
118 	dec_time_namespaces(ucounts);
119 fail:
120 	return ERR_PTR(err);
121 }
122 
123 /**
124  * copy_time_ns - Create timens_for_children from @old_ns
125  * @flags:	Cloning flags
126  * @user_ns:	User namespace which owns a new namespace.
127  * @old_ns:	Namespace to clone
128  *
129  * If CLONE_NEWTIME specified in @flags, creates a new timens_for_children;
130  * adds a refcounter to @old_ns otherwise.
131  *
132  * Return: timens_for_children namespace or ERR_PTR.
133  */
134 struct time_namespace *copy_time_ns(u64 flags,
135 	struct user_namespace *user_ns, struct time_namespace *old_ns)
136 {
137 	if (!(flags & CLONE_NEWTIME))
138 		return get_time_ns(old_ns);
139 
140 	return clone_time_ns(user_ns, old_ns);
141 }
142 
143 DEFINE_MUTEX(timens_offset_lock);
144 
145 void free_time_ns(struct time_namespace *ns)
146 {
147 	ns_tree_remove(ns);
148 	dec_time_namespaces(ns->ucounts);
149 	put_user_ns(ns->user_ns);
150 	ns_common_free(ns);
151 	timens_vdso_free_vvar_page(ns);
152 	/* Concurrent nstree traversal depends on a grace period. */
153 	kfree_rcu(ns, ns.ns_rcu);
154 }
155 
156 static struct ns_common *timens_get(struct task_struct *task)
157 {
158 	struct time_namespace *ns;
159 	struct nsproxy *nsproxy;
160 
161 	guard(task_lock)(task);
162 	nsproxy = task->nsproxy;
163 	if (!nsproxy)
164 		return NULL;
165 
166 	ns = nsproxy->time_ns;
167 	get_time_ns(ns);
168 	return &ns->ns;
169 }
170 
171 static struct ns_common *timens_for_children_get(struct task_struct *task)
172 {
173 	struct time_namespace *ns;
174 	struct nsproxy *nsproxy;
175 
176 	guard(task_lock)(task);
177 	nsproxy = task->nsproxy;
178 	if (!nsproxy)
179 		return NULL;
180 
181 	ns = nsproxy->time_ns_for_children;
182 	get_time_ns(ns);
183 	return &ns->ns;
184 }
185 
186 static void timens_put(struct ns_common *ns)
187 {
188 	put_time_ns(to_time_ns(ns));
189 }
190 
191 static int timens_install(struct nsset *nsset, struct ns_common *new)
192 {
193 	struct nsproxy *nsproxy = nsset->nsproxy;
194 	struct time_namespace *ns = to_time_ns(new);
195 
196 	if (!current_is_single_threaded())
197 		return -EUSERS;
198 
199 	if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
200 	    !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
201 		return -EPERM;
202 
203 	get_time_ns(ns);
204 	put_time_ns(nsproxy->time_ns);
205 	nsproxy->time_ns = ns;
206 
207 	get_time_ns(ns);
208 	put_time_ns(nsproxy->time_ns_for_children);
209 	nsproxy->time_ns_for_children = ns;
210 	return 0;
211 }
212 
213 void timens_on_fork(struct nsproxy *nsproxy, struct task_struct *tsk)
214 {
215 	struct ns_common *nsc = &nsproxy->time_ns_for_children->ns;
216 	struct time_namespace *ns = to_time_ns(nsc);
217 
218 	/* create_new_namespaces() already incremented the ref counter */
219 	if (nsproxy->time_ns == nsproxy->time_ns_for_children)
220 		return;
221 
222 	get_time_ns(ns);
223 	put_time_ns(nsproxy->time_ns);
224 	nsproxy->time_ns = ns;
225 
226 	timens_commit(tsk, ns);
227 }
228 
229 static struct user_namespace *timens_owner(struct ns_common *ns)
230 {
231 	return to_time_ns(ns)->user_ns;
232 }
233 
234 static void show_offset(struct seq_file *m, int clockid, struct timespec64 *ts)
235 {
236 	char *clock;
237 
238 	switch (clockid) {
239 	case CLOCK_BOOTTIME:
240 		clock = "boottime";
241 		break;
242 	case CLOCK_MONOTONIC:
243 		clock = "monotonic";
244 		break;
245 	default:
246 		clock = "unknown";
247 		break;
248 	}
249 	seq_printf(m, "%-10s %10lld %9ld\n", clock, ts->tv_sec, ts->tv_nsec);
250 }
251 
252 void proc_timens_show_offsets(struct task_struct *p, struct seq_file *m)
253 {
254 	struct time_namespace *time_ns __free(time_ns) = NULL;
255 	struct ns_common *ns = timens_for_children_get(p);
256 
257 	if (!ns)
258 		return;
259 
260 	time_ns = to_time_ns(ns);
261 
262 	show_offset(m, CLOCK_MONOTONIC, &time_ns->offsets.monotonic);
263 	show_offset(m, CLOCK_BOOTTIME, &time_ns->offsets.boottime);
264 }
265 
266 int proc_timens_set_offset(struct file *file, struct task_struct *p,
267 			   struct proc_timens_offset *offsets, int noffsets)
268 {
269 	struct time_namespace *time_ns __free(time_ns) = NULL;
270 	struct ns_common *ns = timens_for_children_get(p);
271 	struct timespec64 tp;
272 	int i;
273 
274 	if (!ns)
275 		return -ESRCH;
276 
277 	time_ns = to_time_ns(ns);
278 
279 	if (!file_ns_capable(file, time_ns->user_ns, CAP_SYS_TIME))
280 		return -EPERM;
281 
282 	for (i = 0; i < noffsets; i++) {
283 		struct proc_timens_offset *off = &offsets[i];
284 
285 		switch (off->clockid) {
286 		case CLOCK_MONOTONIC:
287 			ktime_get_ts64(&tp);
288 			break;
289 		case CLOCK_BOOTTIME:
290 			ktime_get_boottime_ts64(&tp);
291 			break;
292 		default:
293 			return -EINVAL;
294 		}
295 
296 		if (off->val.tv_sec > KTIME_SEC_MAX ||
297 		    off->val.tv_sec < -KTIME_SEC_MAX)
298 			return -ERANGE;
299 
300 		tp = timespec64_add(tp, off->val);
301 		/*
302 		 * KTIME_SEC_MAX is divided by 2 to be sure that KTIME_MAX is
303 		 * still unreachable.
304 		 */
305 		if (tp.tv_sec < 0 || tp.tv_sec > KTIME_SEC_MAX / 2)
306 			return -ERANGE;
307 	}
308 
309 	guard(mutex)(&timens_offset_lock);
310 	if (time_ns->frozen_offsets)
311 		return -EACCES;
312 
313 	/* Don't report errors after this line */
314 	for (i = 0; i < noffsets; i++) {
315 		struct proc_timens_offset *off = &offsets[i];
316 		struct timespec64 *offset = NULL;
317 
318 		switch (off->clockid) {
319 		case CLOCK_MONOTONIC:
320 			offset = &time_ns->offsets.monotonic;
321 			break;
322 		case CLOCK_BOOTTIME:
323 			offset = &time_ns->offsets.boottime;
324 			break;
325 		}
326 
327 		*offset = off->val;
328 	}
329 
330 	return 0;
331 }
332 
333 const struct proc_ns_operations timens_operations = {
334 	.name		= "time",
335 	.get		= timens_get,
336 	.put		= timens_put,
337 	.install	= timens_install,
338 	.owner		= timens_owner,
339 };
340 
341 const struct proc_ns_operations timens_for_children_operations = {
342 	.name		= "time_for_children",
343 	.real_ns_name	= "time",
344 	.get		= timens_for_children_get,
345 	.put		= timens_put,
346 	.install	= timens_install,
347 	.owner		= timens_owner,
348 };
349 
350 struct time_namespace init_time_ns = {
351 	.ns		= NS_COMMON_INIT(init_time_ns),
352 	.user_ns	= &init_user_ns,
353 	.frozen_offsets	= true,
354 };
355 EXPORT_SYMBOL_GPL(init_time_ns);
356 
357 void __init time_ns_init(void)
358 {
359 	ns_tree_add(&init_time_ns);
360 }
361