kernel/user.c

   1 /*
   2  * The "user cache".
   3  *
   4  * (C) Copyright 1991-2000 Linus Torvalds
   5  *
   6  * We have a per-user structure to keep track of how many
   7  * processes, files etc the user has claimed, in order to be
   8  * able to have per-user limits for system resources.
   9  */
  10
  11 #include <linux/init.h>
  12 #include <linux/sched.h>
  13 #include <linux/slab.h>
  14 #include <linux/bitops.h>
  15 #include <linux/key.h>
  16 #include <linux/interrupt.h>
  17 #include <linux/module.h>
  18 #include <linux/user_namespace.h>
  19
  20 /*
  21  * UID task count cache, to get fast user lookup in "alloc_uid"
  22  * when changing user ID's (ie setuid() and friends).
  23  */
  24
  25 #define UIDHASH_MASK            (UIDHASH_SZ - 1)
  26 #define __uidhashfn(uid)        (((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK)
  27 #define uidhashentry(ns, uid)   ((ns)->uidhash_table + __uidhashfn((uid)))
  28
  29 static struct kmem_cache *uid_cachep;
  30
  31 /*
  32  * The uidhash_lock is mostly taken from process context, but it is
  33  * occasionally also taken from softirq/tasklet context, when
  34  * task-structs get RCU-freed. Hence all locking must be softirq-safe.
  35  * But free_uid() is also called with local interrupts disabled, and running
  36  * local_bh_enable() with local interrupts disabled is an error - we'll run
  37  * softirq callbacks, and they can unconditionally enable interrupts, and
  38  * the caller of free_uid() didn't expect that..
  39  */
  40 static DEFINE_SPINLOCK(uidhash_lock);
  41
  42 struct user_struct root_user = {
  43         .__count        = ATOMIC_INIT(1),
  44         .processes      = ATOMIC_INIT(1),
  45         .files          = ATOMIC_INIT(0),
  46         .sigpending     = ATOMIC_INIT(0),
  47         .mq_bytes       = 0,
  48         .locked_shm     = 0,
  49 #ifdef CONFIG_KEYS
  50         .uid_keyring    = &root_user_keyring,
  51         .session_keyring = &root_session_keyring,
  52 #endif
  53 };
  54
  55 /*
  56  * These routines must be called with the uidhash spinlock held!
  57  */
  58 static inline void uid_hash_insert(struct user_struct *up, struct list_head *hashent)
  59 {
  60         list_add(&up->uidhash_list, hashent);
  61 }
  62
  63 static inline void uid_hash_remove(struct user_struct *up)
  64 {
  65         list_del(&up->uidhash_list);
  66 }
  67
  68 static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent)
  69 {
  70         struct user_struct *user;
  71
  72         list_for_each_entry(user, hashent, uidhash_list) {
  73                 if(user->uid == uid) {
  74                         atomic_inc(&user->__count);
  75                         return user;
  76                 }
  77         }
  78
  79         return NULL;
  80 }
  81
  82 /*
  83  * Locate the user_struct for the passed UID.  If found, take a ref on it.  The
  84  * caller must undo that ref with free_uid().
  85  *
  86  * If the user_struct could not be found, return NULL.
  87  */
  88 struct user_struct *find_user(uid_t uid)
  89 {
  90         struct user_struct *ret;
  91         unsigned long flags;
  92         struct user_namespace *ns = current->nsproxy->user_ns;
  93
  94         spin_lock_irqsave(&uidhash_lock, flags);
  95         ret = uid_hash_find(uid, uidhashentry(ns, uid));
  96         spin_unlock_irqrestore(&uidhash_lock, flags);
  97         return ret;
  98 }
  99
 100 void free_uid(struct user_struct *up)
 101 {
 102         unsigned long flags;
 103
 104         if (!up)
 105                 return;
 106
 107         local_irq_save(flags);
 108         if (atomic_dec_and_lock(&up->__count, &uidhash_lock)) {
 109                 uid_hash_remove(up);
 110                 spin_unlock_irqrestore(&uidhash_lock, flags);
 111                 key_put(up->uid_keyring);
 112                 key_put(up->session_keyring);
 113                 kmem_cache_free(uid_cachep, up);
 114         } else {
 115                 local_irq_restore(flags);
 116         }
 117 }
 118
 119 struct user_struct * alloc_uid(struct user_namespace *ns, uid_t uid)
 120 {
 121         struct list_head *hashent = uidhashentry(ns, uid);
 122         struct user_struct *up;
 123
 124         spin_lock_irq(&uidhash_lock);
 125         up = uid_hash_find(uid, hashent);
 126         spin_unlock_irq(&uidhash_lock);
 127
 128         if (!up) {
 129                 struct user_struct *new;
 130
 131                 new = kmem_cache_alloc(uid_cachep, GFP_KERNEL);
 132                 if (!new)
 133                         return NULL;
 134                 new->uid = uid;
 135                 atomic_set(&new->__count, 1);
 136                 atomic_set(&new->processes, 0);
 137                 atomic_set(&new->files, 0);
 138                 atomic_set(&new->sigpending, 0);
 139 #ifdef CONFIG_INOTIFY_USER
 140                 atomic_set(&new->inotify_watches, 0);
 141                 atomic_set(&new->inotify_devs, 0);
 142 #endif
 143
 144                 new->mq_bytes = 0;
 145                 new->locked_shm = 0;
 146
 147                 if (alloc_uid_keyring(new, current) < 0) {
 148                         kmem_cache_free(uid_cachep, new);
 149                         return NULL;
 150                 }
 151
 152                 /*
 153                  * Before adding this, check whether we raced
 154                  * on adding the same user already..
 155                  */
 156                 spin_lock_irq(&uidhash_lock);
 157                 up = uid_hash_find(uid, hashent);
 158                 if (up) {
 159                         key_put(new->uid_keyring);
 160                         key_put(new->session_keyring);
 161                         kmem_cache_free(uid_cachep, new);
 162                 } else {
 163                         uid_hash_insert(new, hashent);
 164                         up = new;
 165                 }
 166                 spin_unlock_irq(&uidhash_lock);
 167
 168         }
 169         return up;
 170 }
 171
 172 void switch_uid(struct user_struct *new_user)
 173 {
 174         struct user_struct *old_user;
 175
 176         /* What if a process setreuid()'s and this brings the
 177          * new uid over his NPROC rlimit?  We can check this now
 178          * cheaply with the new uid cache, so if it matters
 179          * we should be checking for it.  -DaveM
 180          */
 181         old_user = current->user;
 182         atomic_inc(&new_user->processes);
 183         atomic_dec(&old_user->processes);
 184         switch_uid_keyring(new_user);
 185         current->user = new_user;
 186
 187         /*
 188          * We need to synchronize with __sigqueue_alloc()
 189          * doing a get_uid(p->user).. If that saw the old
 190          * user value, we need to wait until it has exited
 191          * its critical region before we can free the old
 192          * structure.
 193          */
 194         smp_mb();
 195         spin_unlock_wait(&current->sighand->siglock);
 196
 197         free_uid(old_user);
 198         suid_keys(current);
 199 }
 200
 201
 202 static int __init uid_cache_init(void)
 203 {
 204         int n;
 205
 206         uid_cachep = kmem_cache_create("uid_cache", sizeof(struct user_struct),
 207                         0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
 208
 209         for(n = 0; n < UIDHASH_SZ; ++n)
 210                 INIT_LIST_HEAD(init_user_ns.uidhash_table + n);
 211
 212         /* Insert the root user immediately (init already runs as root) */
 213         spin_lock_irq(&uidhash_lock);
 214         uid_hash_insert(&root_user, uidhashentry(&init_user_ns, 0));
 215         spin_unlock_irq(&uidhash_lock);
 216
 217         return 0;
 218 }
 219
 220 module_init(uid_cache_init);