projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
NFSv4: Don't clear the machine cred when client establish returns EACCES
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / user_namespace.c
CommitLineData
acce292c
CLG		 1/*
2 * This program is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU General Public License as
4 * published by the Free Software Foundation, version 2 of the
5 * License.
6 */
7
9984de1a 8#include <linux/export.h>
acce292c 9#include <linux/nsproxy.h>
1aeb272c 10#include <linux/slab.h>
acce292c 11#include <linux/user_namespace.h>
cde1975b 12#include <linux/proc_fs.h>
5c1469de 13#include <linux/highuid.h>
18b6e041 14#include <linux/cred.h>
973c5914 15#include <linux/securebits.h>
22d917d8
EB		 16#include <linux/keyctl.h>
17#include <linux/key-type.h>
18#include <keys/user-type.h>
19#include <linux/seq_file.h>
20#include <linux/fs.h>
21#include <linux/uaccess.h>
22#include <linux/ctype.h>
f76d207a 23#include <linux/projid.h>
acce292c 24
6164281a
PE		 25static struct kmem_cache *user_ns_cachep __read_mostly;
26
22d917d8
EB		 27static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
28 struct uid_gid_map *map);
29
cde1975b
EB		 30static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
31{
32 /* Start with the same capabilities as init but useless for doing
33 * anything as the capabilities are bound to the new user namespace.
34 */
35 cred->securebits = SECUREBITS_DEFAULT;
36 cred->cap_inheritable = CAP_EMPTY_SET;
37 cred->cap_permitted = CAP_FULL_SET;
38 cred->cap_effective = CAP_FULL_SET;
39 cred->cap_bset = CAP_FULL_SET;
40#ifdef CONFIG_KEYS
41 key_put(cred->request_key_auth);
42 cred->request_key_auth = NULL;
43#endif
44 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
45 cred->user_ns = user_ns;
46}
47
77ec739d 48/*
18b6e041
SH		 49 * Create a new user namespace, deriving the creator from the user in the
50 * passed credentials, and replacing that user with the new root user for the
51 * new namespace.
52 *
53 * This is called by copy_creds(), which will finish setting the target task's
54 * credentials.
77ec739d 55 */
18b6e041 56int create_user_ns(struct cred *new)
77ec739d 57{
0093ccb6 58 struct user_namespace *ns, *parent_ns = new->user_ns;
078de5f7
EB		 59 kuid_t owner = new->euid;
60 kgid_t group = new->egid;
98f842e6 61 int ret;
783291e6
EB		 62
63 /* The creator needs a mapping in the parent user namespace
64 * or else we won't be able to reasonably tell userspace who
65 * created a user_namespace.
66 */
67 if (!kuid_has_mapping(parent_ns, owner) ||
68 !kgid_has_mapping(parent_ns, group))
69 return -EPERM;
77ec739d 70
22d917d8 71 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
77ec739d 72 if (!ns)
18b6e041 73 return -ENOMEM;
77ec739d 74
98f842e6
EB		 75 ret = proc_alloc_inum(&ns->proc_inum);
76 if (ret) {
77 kmem_cache_free(user_ns_cachep, ns);
78 return ret;
79 }
80
c61a2810 81 atomic_set(&ns->count, 1);
cde1975b 82 /* Leave the new->user_ns reference with the new user namespace. */
aeb3ae9d 83 ns->parent = parent_ns;
783291e6
EB		 84 ns->owner = owner;
85 ns->group = group;
22d917d8 86
cde1975b 87 set_cred_user_ns(new, ns);
0093ccb6 88
18b6e041 89 return 0;
acce292c
CLG		 90}
91
b2e0d987
EB		 92int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
93{
94 struct cred *cred;
95
96 if (!(unshare_flags & CLONE_NEWUSER))
97 return 0;
98
99 cred = prepare_creds();
100 if (!cred)
101 return -ENOMEM;
102
103 *new_cred = cred;
104 return create_user_ns(cred);
105}
106
c61a2810 107void free_user_ns(struct user_namespace *ns)
acce292c 108{
c61a2810 109 struct user_namespace *parent;
783291e6 110
c61a2810
EB		 111 do {
112 parent = ns->parent;
113 proc_free_inum(ns->proc_inum);
114 kmem_cache_free(user_ns_cachep, ns);
115 ns = parent;
116 } while (atomic_dec_and_test(&parent->count));
acce292c 117}
6a3fd92e 118EXPORT_SYMBOL(free_user_ns);
5c1469de 119
22d917d8 120static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count)
5c1469de 121{
22d917d8
EB		 122 unsigned idx, extents;
123 u32 first, last, id2;
5c1469de 124
22d917d8 125 id2 = id + count - 1;
5c1469de 126
22d917d8
EB		 127 /* Find the matching extent */
128 extents = map->nr_extents;
129 smp_read_barrier_depends();
130 for (idx = 0; idx < extents; idx++) {
131 first = map->extent[idx].first;
132 last = first + map->extent[idx].count - 1;
133 if (id >= first && id <= last &&
134 (id2 >= first && id2 <= last))
135 break;
136 }
137 /* Map the id or note failure */
138 if (idx < extents)
139 id = (id - first) + map->extent[idx].lower_first;
140 else
141 id = (u32) -1;
142
143 return id;
144}
145
146static u32 map_id_down(struct uid_gid_map *map, u32 id)
147{
148 unsigned idx, extents;
149 u32 first, last;
150
151 /* Find the matching extent */
152 extents = map->nr_extents;
153 smp_read_barrier_depends();
154 for (idx = 0; idx < extents; idx++) {
155 first = map->extent[idx].first;
156 last = first + map->extent[idx].count - 1;
157 if (id >= first && id <= last)
158 break;
159 }
160 /* Map the id or note failure */
161 if (idx < extents)
162 id = (id - first) + map->extent[idx].lower_first;
163 else
164 id = (u32) -1;
165
166 return id;
167}
168
169static u32 map_id_up(struct uid_gid_map *map, u32 id)
170{
171 unsigned idx, extents;
172 u32 first, last;
173
174 /* Find the matching extent */
175 extents = map->nr_extents;
176 smp_read_barrier_depends();
177 for (idx = 0; idx < extents; idx++) {
178 first = map->extent[idx].lower_first;
179 last = first + map->extent[idx].count - 1;
180 if (id >= first && id <= last)
181 break;
5c1469de 182 }
22d917d8
EB		 183 /* Map the id or note failure */
184 if (idx < extents)
185 id = (id - first) + map->extent[idx].first;
186 else
187 id = (u32) -1;
188
189 return id;
190}
191
192/**
193 * make_kuid - Map a user-namespace uid pair into a kuid.
194 * @ns: User namespace that the uid is in
195 * @uid: User identifier
196 *
197 * Maps a user-namespace uid pair into a kernel internal kuid,
198 * and returns that kuid.
199 *
200 * When there is no mapping defined for the user-namespace uid
201 * pair INVALID_UID is returned. Callers are expected to test
202 * for and handle handle INVALID_UID being returned. INVALID_UID
203 * may be tested for using uid_valid().
204 */
205kuid_t make_kuid(struct user_namespace *ns, uid_t uid)
206{
207 /* Map the uid to a global kernel uid */
208 return KUIDT_INIT(map_id_down(&ns->uid_map, uid));
209}
210EXPORT_SYMBOL(make_kuid);
211
212/**
213 * from_kuid - Create a uid from a kuid user-namespace pair.
214 * @targ: The user namespace we want a uid in.
215 * @kuid: The kernel internal uid to start with.
216 *
217 * Map @kuid into the user-namespace specified by @targ and
218 * return the resulting uid.
219 *
220 * There is always a mapping into the initial user_namespace.
221 *
222 * If @kuid has no mapping in @targ (uid_t)-1 is returned.
223 */
224uid_t from_kuid(struct user_namespace *targ, kuid_t kuid)
225{
226 /* Map the uid from a global kernel uid */
227 return map_id_up(&targ->uid_map, __kuid_val(kuid));
228}
229EXPORT_SYMBOL(from_kuid);
230
231/**
232 * from_kuid_munged - Create a uid from a kuid user-namespace pair.
233 * @targ: The user namespace we want a uid in.
234 * @kuid: The kernel internal uid to start with.
235 *
236 * Map @kuid into the user-namespace specified by @targ and
237 * return the resulting uid.
238 *
239 * There is always a mapping into the initial user_namespace.
240 *
241 * Unlike from_kuid from_kuid_munged never fails and always
242 * returns a valid uid. This makes from_kuid_munged appropriate
243 * for use in syscalls like stat and getuid where failing the
244 * system call and failing to provide a valid uid are not an
245 * options.
246 *
247 * If @kuid has no mapping in @targ overflowuid is returned.
248 */
249uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid)
250{
251 uid_t uid;
252 uid = from_kuid(targ, kuid);
253
254 if (uid == (uid_t) -1)
255 uid = overflowuid;
256 return uid;
257}
258EXPORT_SYMBOL(from_kuid_munged);
259
260/**
261 * make_kgid - Map a user-namespace gid pair into a kgid.
262 * @ns: User namespace that the gid is in
263 * @uid: group identifier
264 *
265 * Maps a user-namespace gid pair into a kernel internal kgid,
266 * and returns that kgid.
267 *
268 * When there is no mapping defined for the user-namespace gid
269 * pair INVALID_GID is returned. Callers are expected to test
270 * for and handle INVALID_GID being returned. INVALID_GID may be
271 * tested for using gid_valid().
272 */
273kgid_t make_kgid(struct user_namespace *ns, gid_t gid)
274{
275 /* Map the gid to a global kernel gid */
276 return KGIDT_INIT(map_id_down(&ns->gid_map, gid));
277}
278EXPORT_SYMBOL(make_kgid);
279
280/**
281 * from_kgid - Create a gid from a kgid user-namespace pair.
282 * @targ: The user namespace we want a gid in.
283 * @kgid: The kernel internal gid to start with.
284 *
285 * Map @kgid into the user-namespace specified by @targ and
286 * return the resulting gid.
287 *
288 * There is always a mapping into the initial user_namespace.
289 *
290 * If @kgid has no mapping in @targ (gid_t)-1 is returned.
291 */
292gid_t from_kgid(struct user_namespace *targ, kgid_t kgid)
293{
294 /* Map the gid from a global kernel gid */
295 return map_id_up(&targ->gid_map, __kgid_val(kgid));
296}
297EXPORT_SYMBOL(from_kgid);
298
299/**
300 * from_kgid_munged - Create a gid from a kgid user-namespace pair.
301 * @targ: The user namespace we want a gid in.
302 * @kgid: The kernel internal gid to start with.
303 *
304 * Map @kgid into the user-namespace specified by @targ and
305 * return the resulting gid.
306 *
307 * There is always a mapping into the initial user_namespace.
308 *
309 * Unlike from_kgid from_kgid_munged never fails and always
310 * returns a valid gid. This makes from_kgid_munged appropriate
311 * for use in syscalls like stat and getgid where failing the
312 * system call and failing to provide a valid gid are not options.
313 *
314 * If @kgid has no mapping in @targ overflowgid is returned.
315 */
316gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid)
317{
318 gid_t gid;
319 gid = from_kgid(targ, kgid);
320
321 if (gid == (gid_t) -1)
322 gid = overflowgid;
323 return gid;
324}
325EXPORT_SYMBOL(from_kgid_munged);
326
f76d207a
EB		 327/**
328 * make_kprojid - Map a user-namespace projid pair into a kprojid.
329 * @ns: User namespace that the projid is in
330 * @projid: Project identifier
331 *
332 * Maps a user-namespace uid pair into a kernel internal kuid,
333 * and returns that kuid.
334 *
335 * When there is no mapping defined for the user-namespace projid
336 * pair INVALID_PROJID is returned. Callers are expected to test
337 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID
338 * may be tested for using projid_valid().
339 */
340kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)
341{
342 /* Map the uid to a global kernel uid */
343 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));
344}
345EXPORT_SYMBOL(make_kprojid);
346
347/**
348 * from_kprojid - Create a projid from a kprojid user-namespace pair.
349 * @targ: The user namespace we want a projid in.
350 * @kprojid: The kernel internal project identifier to start with.
351 *
352 * Map @kprojid into the user-namespace specified by @targ and
353 * return the resulting projid.
354 *
355 * There is always a mapping into the initial user_namespace.
356 *
357 * If @kprojid has no mapping in @targ (projid_t)-1 is returned.
358 */
359projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid)
360{
361 /* Map the uid from a global kernel uid */
362 return map_id_up(&targ->projid_map, __kprojid_val(kprojid));
363}
364EXPORT_SYMBOL(from_kprojid);
365
366/**
367 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair.
368 * @targ: The user namespace we want a projid in.
369 * @kprojid: The kernel internal projid to start with.
370 *
371 * Map @kprojid into the user-namespace specified by @targ and
372 * return the resulting projid.
373 *
374 * There is always a mapping into the initial user_namespace.
375 *
376 * Unlike from_kprojid from_kprojid_munged never fails and always
377 * returns a valid projid. This makes from_kprojid_munged
378 * appropriate for use in syscalls like stat and where
379 * failing the system call and failing to provide a valid projid are
380 * not an options.
381 *
382 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned.
383 */
384projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid)
385{
386 projid_t projid;
387 projid = from_kprojid(targ, kprojid);
388
389 if (projid == (projid_t) -1)
390 projid = OVERFLOW_PROJID;
391 return projid;
392}
393EXPORT_SYMBOL(from_kprojid_munged);
394
395
22d917d8
EB		 396static int uid_m_show(struct seq_file *seq, void *v)
397{
398 struct user_namespace *ns = seq->private;
399 struct uid_gid_extent *extent = v;
400 struct user_namespace *lower_ns;
401 uid_t lower;
5c1469de 402
c450f371 403 lower_ns = seq_user_ns(seq);
22d917d8
EB		 404 if ((lower_ns == ns) && lower_ns->parent)
405 lower_ns = lower_ns->parent;
406
407 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first));
408
409 seq_printf(seq, "%10u %10u %10u\n",
410 extent->first,
411 lower,
412 extent->count);
413
414 return 0;
5c1469de
EB		 415}
416
22d917d8 417static int gid_m_show(struct seq_file *seq, void *v)
5c1469de 418{
22d917d8
EB		 419 struct user_namespace *ns = seq->private;
420 struct uid_gid_extent *extent = v;
421 struct user_namespace *lower_ns;
422 gid_t lower;
5c1469de 423
c450f371 424 lower_ns = seq_user_ns(seq);
22d917d8
EB		 425 if ((lower_ns == ns) && lower_ns->parent)
426 lower_ns = lower_ns->parent;
5c1469de 427
22d917d8
EB		 428 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first));
429
430 seq_printf(seq, "%10u %10u %10u\n",
431 extent->first,
432 lower,
433 extent->count);
434
435 return 0;
436}
437
f76d207a
EB		 438static int projid_m_show(struct seq_file *seq, void *v)
439{
440 struct user_namespace *ns = seq->private;
441 struct uid_gid_extent *extent = v;
442 struct user_namespace *lower_ns;
443 projid_t lower;
444
445 lower_ns = seq_user_ns(seq);
446 if ((lower_ns == ns) && lower_ns->parent)
447 lower_ns = lower_ns->parent;
448
449 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first));
450
451 seq_printf(seq, "%10u %10u %10u\n",
452 extent->first,
453 lower,
454 extent->count);
455
456 return 0;
457}
458
22d917d8
EB		 459static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map)
460{
461 struct uid_gid_extent *extent = NULL;
462 loff_t pos = *ppos;
463
464 if (pos < map->nr_extents)
465 extent = &map->extent[pos];
466
467 return extent;
468}
469
470static void *uid_m_start(struct seq_file *seq, loff_t *ppos)
471{
472 struct user_namespace *ns = seq->private;
473
474 return m_start(seq, ppos, &ns->uid_map);
475}
476
477static void *gid_m_start(struct seq_file *seq, loff_t *ppos)
478{
479 struct user_namespace *ns = seq->private;
480
481 return m_start(seq, ppos, &ns->gid_map);
482}
483
f76d207a
EB		 484static void *projid_m_start(struct seq_file *seq, loff_t *ppos)
485{
486 struct user_namespace *ns = seq->private;
487
488 return m_start(seq, ppos, &ns->projid_map);
489}
490
22d917d8
EB		 491static void *m_next(struct seq_file *seq, void *v, loff_t *pos)
492{
493 (*pos)++;
494 return seq->op->start(seq, pos);
495}
496
497static void m_stop(struct seq_file *seq, void *v)
498{
499 return;
500}
501
502struct seq_operations proc_uid_seq_operations = {
503 .start = uid_m_start,
504 .stop = m_stop,
505 .next = m_next,
506 .show = uid_m_show,
507};
508
509struct seq_operations proc_gid_seq_operations = {
510 .start = gid_m_start,
511 .stop = m_stop,
512 .next = m_next,
513 .show = gid_m_show,
514};
515
f76d207a
EB		 516struct seq_operations proc_projid_seq_operations = {
517 .start = projid_m_start,
518 .stop = m_stop,
519 .next = m_next,
520 .show = projid_m_show,
521};
522
0bd14b4f
EB		 523static bool mappings_overlap(struct uid_gid_map *new_map, struct uid_gid_extent *extent)
524{
525 u32 upper_first, lower_first, upper_last, lower_last;
526 unsigned idx;
527
528 upper_first = extent->first;
529 lower_first = extent->lower_first;
530 upper_last = upper_first + extent->count - 1;
531 lower_last = lower_first + extent->count - 1;
532
533 for (idx = 0; idx < new_map->nr_extents; idx++) {
534 u32 prev_upper_first, prev_lower_first;
535 u32 prev_upper_last, prev_lower_last;
536 struct uid_gid_extent *prev;
537
538 prev = &new_map->extent[idx];
539
540 prev_upper_first = prev->first;
541 prev_lower_first = prev->lower_first;
542 prev_upper_last = prev_upper_first + prev->count - 1;
543 prev_lower_last = prev_lower_first + prev->count - 1;
544
545 /* Does the upper range intersect a previous extent? */
546 if ((prev_upper_first <= upper_last) &&
547 (prev_upper_last >= upper_first))
548 return true;
549
550 /* Does the lower range intersect a previous extent? */
551 if ((prev_lower_first <= lower_last) &&
552 (prev_lower_last >= lower_first))
553 return true;
554 }
555 return false;
556}
557
558
22d917d8
EB		 559static DEFINE_MUTEX(id_map_mutex);
560
561static ssize_t map_write(struct file *file, const char __user *buf,
562 size_t count, loff_t *ppos,
563 int cap_setid,
564 struct uid_gid_map *map,
565 struct uid_gid_map *parent_map)
566{
567 struct seq_file *seq = file->private_data;
568 struct user_namespace *ns = seq->private;
569 struct uid_gid_map new_map;
570 unsigned idx;
0bd14b4f 571 struct uid_gid_extent *extent = NULL;
22d917d8
EB		 572 unsigned long page = 0;
573 char *kbuf, *pos, *next_line;
574 ssize_t ret = -EINVAL;
575
576 /*
577 * The id_map_mutex serializes all writes to any given map.
578 *
579 * Any map is only ever written once.
580 *
581 * An id map fits within 1 cache line on most architectures.
582 *
583 * On read nothing needs to be done unless you are on an
584 * architecture with a crazy cache coherency model like alpha.
585 *
586 * There is a one time data dependency between reading the
587 * count of the extents and the values of the extents. The
588 * desired behavior is to see the values of the extents that
589 * were written before the count of the extents.
590 *
591 * To achieve this smp_wmb() is used on guarantee the write
592 * order and smp_read_barrier_depends() is guaranteed that we
593 * don't have crazy architectures returning stale data.
594 *
595 */
596 mutex_lock(&id_map_mutex);
597
598 ret = -EPERM;
599 /* Only allow one successful write to the map */
600 if (map->nr_extents != 0)
601 goto out;
602
603 /* Require the appropriate privilege CAP_SETUID or CAP_SETGID
604 * over the user namespace in order to set the id mapping.
5c1469de 605 */
f76d207a 606 if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid))
22d917d8
EB		 607 goto out;
608
609 /* Get a buffer */
610 ret = -ENOMEM;
611 page = __get_free_page(GFP_TEMPORARY);
612 kbuf = (char *) page;
613 if (!page)
614 goto out;
615
616 /* Only allow <= page size writes at the beginning of the file */
617 ret = -EINVAL;
618 if ((*ppos != 0) || (count >= PAGE_SIZE))
619 goto out;
620
621 /* Slurp in the user data */
622 ret = -EFAULT;
623 if (copy_from_user(kbuf, buf, count))
624 goto out;
625 kbuf[count] = '\0';
626
627 /* Parse the user data */
628 ret = -EINVAL;
629 pos = kbuf;
630 new_map.nr_extents = 0;
631 for (;pos; pos = next_line) {
632 extent = &new_map.extent[new_map.nr_extents];
633
634 /* Find the end of line and ensure I don't look past it */
635 next_line = strchr(pos, '\n');
636 if (next_line) {
637 *next_line = '\0';
638 next_line++;
639 if (*next_line == '\0')
640 next_line = NULL;
5c1469de 641 }
22d917d8
EB		 642
643 pos = skip_spaces(pos);
644 extent->first = simple_strtoul(pos, &pos, 10);
645 if (!isspace(*pos))
646 goto out;
647
648 pos = skip_spaces(pos);
649 extent->lower_first = simple_strtoul(pos, &pos, 10);
650 if (!isspace(*pos))
651 goto out;
652
653 pos = skip_spaces(pos);
654 extent->count = simple_strtoul(pos, &pos, 10);
655 if (*pos && !isspace(*pos))
656 goto out;
657
658 /* Verify there is not trailing junk on the line */
659 pos = skip_spaces(pos);
660 if (*pos != '\0')
661 goto out;
662
663 /* Verify we have been given valid starting values */
664 if ((extent->first == (u32) -1) ||
665 (extent->lower_first == (u32) -1 ))
666 goto out;
667
668 /* Verify count is not zero and does not cause the extent to wrap */
669 if ((extent->first + extent->count) <= extent->first)
670 goto out;
671 if ((extent->lower_first + extent->count) <= extent->lower_first)
672 goto out;
673
0bd14b4f
EB		 674 /* Do the ranges in extent overlap any previous extents? */
675 if (mappings_overlap(&new_map, extent))
22d917d8
EB		 676 goto out;
677
678 new_map.nr_extents++;
22d917d8
EB		 679
680 /* Fail if the file contains too many extents */
681 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) &&
682 (next_line != NULL))
683 goto out;
5c1469de 684 }
22d917d8
EB		 685 /* Be very certaint the new map actually exists */
686 if (new_map.nr_extents == 0)
687 goto out;
688
689 ret = -EPERM;
690 /* Validate the user is allowed to use user id's mapped to. */
691 if (!new_idmap_permitted(ns, cap_setid, &new_map))
692 goto out;
693
694 /* Map the lower ids from the parent user namespace to the
695 * kernel global id space.
696 */
697 for (idx = 0; idx < new_map.nr_extents; idx++) {
698 u32 lower_first;
699 extent = &new_map.extent[idx];
700
701 lower_first = map_id_range_down(parent_map,
702 extent->lower_first,
703 extent->count);
704
705 /* Fail if we can not map the specified extent to
706 * the kernel global id space.
707 */
708 if (lower_first == (u32) -1)
709 goto out;
710
711 extent->lower_first = lower_first;
712 }
713
714 /* Install the map */
715 memcpy(map->extent, new_map.extent,
716 new_map.nr_extents*sizeof(new_map.extent[0]));
717 smp_wmb();
718 map->nr_extents = new_map.nr_extents;
719
720 *ppos = count;
721 ret = count;
722out:
723 mutex_unlock(&id_map_mutex);
724 if (page)
725 free_page(page);
726 return ret;
727}
728
729ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
730{
731 struct seq_file *seq = file->private_data;
732 struct user_namespace *ns = seq->private;
c450f371 733 struct user_namespace *seq_ns = seq_user_ns(seq);
22d917d8
EB		 734
735 if (!ns->parent)
736 return -EPERM;
737
c450f371
EB		 738 if ((seq_ns != ns) && (seq_ns != ns->parent))
739 return -EPERM;
740
22d917d8
EB		 741 return map_write(file, buf, size, ppos, CAP_SETUID,
742 &ns->uid_map, &ns->parent->uid_map);
743}
744
745ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
746{
747 struct seq_file *seq = file->private_data;
748 struct user_namespace *ns = seq->private;
c450f371 749 struct user_namespace *seq_ns = seq_user_ns(seq);
22d917d8
EB		 750
751 if (!ns->parent)
752 return -EPERM;
753
c450f371
EB		 754 if ((seq_ns != ns) && (seq_ns != ns->parent))
755 return -EPERM;
756
22d917d8
EB		 757 return map_write(file, buf, size, ppos, CAP_SETGID,
758 &ns->gid_map, &ns->parent->gid_map);
759}
760
f76d207a
EB		 761ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
762{
763 struct seq_file *seq = file->private_data;
764 struct user_namespace *ns = seq->private;
765 struct user_namespace *seq_ns = seq_user_ns(seq);
766
767 if (!ns->parent)
768 return -EPERM;
769
770 if ((seq_ns != ns) && (seq_ns != ns->parent))
771 return -EPERM;
772
773 /* Anyone can set any valid project id no capability needed */
774 return map_write(file, buf, size, ppos, -1,
775 &ns->projid_map, &ns->parent->projid_map);
776}
777
22d917d8
EB		 778static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
779 struct uid_gid_map *new_map)
780{
37657da3
EB		 781 /* Allow mapping to your own filesystem ids */
782 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
783 u32 id = new_map->extent[0].lower_first;
784 if (cap_setid == CAP_SETUID) {
785 kuid_t uid = make_kuid(ns->parent, id);
786 if (uid_eq(uid, current_fsuid()))
787 return true;
788 }
789 else if (cap_setid == CAP_SETGID) {
790 kgid_t gid = make_kgid(ns->parent, id);
791 if (gid_eq(gid, current_fsgid()))
792 return true;
793 }
794 }
795
f76d207a
EB		 796 /* Allow anyone to set a mapping that doesn't require privilege */
797 if (!cap_valid(cap_setid))
798 return true;
799
22d917d8
EB		 800 /* Allow the specified ids if we have the appropriate capability
801 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
802 */
803 if (ns_capable(ns->parent, cap_setid))
804 return true;
5c1469de 805
22d917d8 806 return false;
5c1469de 807}
6164281a 808
cde1975b
EB		 809static void *userns_get(struct task_struct *task)
810{
811 struct user_namespace *user_ns;
812
813 rcu_read_lock();
814 user_ns = get_user_ns(__task_cred(task)->user_ns);
815 rcu_read_unlock();
816
817 return user_ns;
818}
819
820static void userns_put(void *ns)
821{
822 put_user_ns(ns);
823}
824
825static int userns_install(struct nsproxy *nsproxy, void *ns)
826{
827 struct user_namespace *user_ns = ns;
828 struct cred *cred;
829
830 /* Don't allow gaining capabilities by reentering
831 * the same user namespace.
832 */
833 if (user_ns == current_user_ns())
834 return -EINVAL;
835
5155040e 836 /* Threaded processes may not enter a different user namespace */
cde1975b
EB		 837 if (atomic_read(&current->mm->mm_users) > 1)
838 return -EINVAL;
839
840 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
841 return -EPERM;
842
843 cred = prepare_creds();
844 if (!cred)
845 return -ENOMEM;
846
847 put_user_ns(cred->user_ns);
848 set_cred_user_ns(cred, get_user_ns(user_ns));
849
850 return commit_creds(cred);
851}
852
98f842e6
EB		 853static unsigned int userns_inum(void *ns)
854{
855 struct user_namespace *user_ns = ns;
856 return user_ns->proc_inum;
857}
858
cde1975b
EB		 859const struct proc_ns_operations userns_operations = {
860 .name = "user",
861 .type = CLONE_NEWUSER,
862 .get = userns_get,
863 .put = userns_put,
864 .install = userns_install,
98f842e6 865 .inum = userns_inum,
cde1975b
EB		 866};
867
6164281a
PE		 868static __init int user_namespaces_init(void)
869{
870 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
871 return 0;
872}
873module_init(user_namespaces_init);
kernel source for telekom puls (alcatel/mediatek)