userns: limit the maximum depth of user_namespace->parent chain

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / user_namespace.c

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6e50a44610eedc4b5ebeece393b9c9331b0b5abb..9064b919a4066fe9fca676581479e9162de56717 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -62,6 +62,9 @@ int create_user_ns(struct cred *new)
        kgid_t group = new->egid;
        int ret;
 
+       if (parent_ns->level > 32)
+               return -EUSERS;
+
        /*
         * Verify that we can not violate the policy of which files
         * may be accessed that is specified by the root directory,
@@ -92,6 +95,7 @@ int create_user_ns(struct cred *new)
        atomic_set(&ns->count, 1);
        /* Leave the new->user_ns reference with the new user namespace. */
        ns->parent = parent_ns;
+       ns->level = parent_ns->level + 1;
        ns->owner = owner;
        ns->group = group;