utsns: Add a limit on the number of uts namespaces

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 9ee94827728d90b2cd8af2fb0bc986c24ff01ae4..f9df7dd2609ad08f734e6229f4000dc3d96089ea 100644 (file)
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -27,6 +27,7 @@ struct ucounts;
 enum ucount_type {
        UCOUNT_USER_NAMESPACES,
        UCOUNT_PID_NAMESPACES,
+       UCOUNT_UTS_NAMESPACES,
        UCOUNT_COUNTS,
 };
 

diff --git a/include/linux/utsname.h b/include/linux/utsname.h
index 5093f58ae192c379b13b9e5e74605a0e6c571d25..60f0bb83b313af0e5429264bb83296735c8cdf01 100644 (file)
--- a/include/linux/utsname.h
+++ b/include/linux/utsname.h
@@ -24,6 +24,7 @@ struct uts_namespace {
        struct kref kref;
        struct new_utsname name;
        struct user_namespace *user_ns;
+       struct ucounts *ucounts;
        struct ns_common ns;
 };
 extern struct uts_namespace init_uts_ns;

diff --git a/kernel/ucount.c b/kernel/ucount.c
index 66eca94e4ada5f23408a338dc51813671d6b7d19..866850e2eb9292f15fa2ca977929f250a8d75ba6 100644 (file)
--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -69,6 +69,7 @@ static int int_max = INT_MAX;
 static struct ctl_table user_table[] = {
        UCOUNT_ENTRY("max_user_namespaces"),
        UCOUNT_ENTRY("max_pid_namespaces"),
+       UCOUNT_ENTRY("max_uts_namespaces"),
        { }
 };
 #endif /* CONFIG_SYSCTL */

diff --git a/kernel/utsname.c b/kernel/utsname.c
index 831ea71082320e1859daa1f434008816c3052333..f3b0bb4ac3ba7c02fec473e4b54001f29de87c54 100644 (file)
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -17,6 +17,16 @@
 #include <linux/user_namespace.h>
 #include <linux/proc_ns.h>
 
+static struct ucounts *inc_uts_namespaces(struct user_namespace *ns)
+{
+       return inc_ucount(ns, current_euid(), UCOUNT_UTS_NAMESPACES);
+}
+
+static void dec_uts_namespaces(struct ucounts *ucounts)
+{
+       dec_ucount(ucounts, UCOUNT_UTS_NAMESPACES);
+}
+
 static struct uts_namespace *create_uts_ns(void)
 {
        struct uts_namespace *uts_ns;
@@ -36,18 +46,24 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
                                          struct uts_namespace *old_ns)
 {
        struct uts_namespace *ns;
+       struct ucounts *ucounts;
        int err;
 
+       err = -ENFILE;
+       ucounts = inc_uts_namespaces(user_ns);
+       if (!ucounts)
+               goto fail;
+
+       err = -ENOMEM;
        ns = create_uts_ns();
        if (!ns)
-               return ERR_PTR(-ENOMEM);
+               goto fail_dec;
 
        err = ns_alloc_inum(&ns->ns);
-       if (err) {
-               kfree(ns);
-               return ERR_PTR(err);
-       }
+       if (err)
+               goto fail_free;
 
+       ns->ucounts = ucounts;
        ns->ns.ops = &utsns_operations;
 
        down_read(&uts_sem);
@@ -55,6 +71,13 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
        ns->user_ns = get_user_ns(user_ns);
        up_read(&uts_sem);
        return ns;
+
+fail_free:
+       kfree(ns);
+fail_dec:
+       dec_uts_namespaces(ucounts);
+fail:
+       return ERR_PTR(err);
 }
 
 /*
@@ -85,6 +108,7 @@ void free_uts_ns(struct kref *kref)
        struct uts_namespace *ns;
 
        ns = container_of(kref, struct uts_namespace, kref);
+       dec_uts_namespaces(ns->ucounts);
        put_user_ns(ns->user_ns);
        ns_free_inum(&ns->ns);
        kfree(ns);