mirror of
https://github.com/tbsdtv/linux_media.git
synced 2025-07-23 12:43:29 +02:00
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace rlimit handling update from Eric Biederman: "This is the work mainly by Alexey Gladkov to limit rlimits to the rlimits of the user that created a user namespace, and to allow users to have stricter limits on the resources created within a user namespace." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: cred: add missing return error code when set_cred_ucounts() failed ucounts: Silence warning in dec_rlimit_ucounts ucounts: Set ucount_max to the largest positive value the type can hold kselftests: Add test to check for rlimit changes in different user namespaces Reimplement RLIMIT_MEMLOCK on top of ucounts Reimplement RLIMIT_SIGPENDING on top of ucounts Reimplement RLIMIT_MSGQUEUE on top of ucounts Reimplement RLIMIT_NPROC on top of ucounts Use atomic_t for ucounts reference counting Add a reference to ucounts for each cred Increase size of ucounts to atomic_long_t
This commit is contained in:
Linus Torvalds
42
ipc/mqueue.c
42
ipc/mqueue.c
@@ -144,7 +144,7 @@ struct mqueue_inode_info {
|
||||
struct pid *notify_owner;
|
||||
u32 notify_self_exec_id;
|
||||
struct user_namespace *notify_user_ns;
|
||||
struct user_struct *user; /* user who created, for accounting */
|
||||
struct ucounts *ucounts; /* user who created, for accounting */
|
||||
struct sock *notify_sock;
|
||||
struct sk_buff *notify_cookie;
|
||||
|
||||
@@ -292,7 +292,6 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
|
||||
struct ipc_namespace *ipc_ns, umode_t mode,
|
||||
struct mq_attr *attr)
|
||||
{
|
||||
struct user_struct *u = current_user();
|
||||
struct inode *inode;
|
||||
int ret = -ENOMEM;
|
||||
|
||||
@@ -321,7 +320,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
|
||||
info->notify_owner = NULL;
|
||||
info->notify_user_ns = NULL;
|
||||
info->qsize = 0;
|
||||
info->user = NULL; /* set when all is ok */
|
||||
info->ucounts = NULL; /* set when all is ok */
|
||||
info->msg_tree = RB_ROOT;
|
||||
info->msg_tree_rightmost = NULL;
|
||||
info->node_cache = NULL;
|
||||
@@ -371,19 +370,23 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
|
||||
if (mq_bytes + mq_treesize < mq_bytes)
|
||||
goto out_inode;
|
||||
mq_bytes += mq_treesize;
|
||||
spin_lock(&mq_lock);
|
||||
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
|
||||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
|
||||
spin_unlock(&mq_lock);
|
||||
/* mqueue_evict_inode() releases info->messages */
|
||||
ret = -EMFILE;
|
||||
goto out_inode;
|
||||
}
|
||||
u->mq_bytes += mq_bytes;
|
||||
spin_unlock(&mq_lock);
|
||||
info->ucounts = get_ucounts(current_ucounts());
|
||||
if (info->ucounts) {
|
||||
long msgqueue;
|
||||
|
||||
/* all is ok */
|
||||
info->user = get_uid(u);
|
||||
spin_lock(&mq_lock);
|
||||
msgqueue = inc_rlimit_ucounts(info->ucounts, UCOUNT_RLIMIT_MSGQUEUE, mq_bytes);
|
||||
if (msgqueue == LONG_MAX || msgqueue > rlimit(RLIMIT_MSGQUEUE)) {
|
||||
dec_rlimit_ucounts(info->ucounts, UCOUNT_RLIMIT_MSGQUEUE, mq_bytes);
|
||||
spin_unlock(&mq_lock);
|
||||
put_ucounts(info->ucounts);
|
||||
info->ucounts = NULL;
|
||||
/* mqueue_evict_inode() releases info->messages */
|
||||
ret = -EMFILE;
|
||||
goto out_inode;
|
||||
}
|
||||
spin_unlock(&mq_lock);
|
||||
}
|
||||
} else if (S_ISDIR(mode)) {
|
||||
inc_nlink(inode);
|
||||
/* Some things misbehave if size == 0 on a directory */
|
||||
@@ -497,7 +500,6 @@ static void mqueue_free_inode(struct inode *inode)
|
||||
static void mqueue_evict_inode(struct inode *inode)
|
||||
{
|
||||
struct mqueue_inode_info *info;
|
||||
struct user_struct *user;
|
||||
struct ipc_namespace *ipc_ns;
|
||||
struct msg_msg *msg, *nmsg;
|
||||
LIST_HEAD(tmp_msg);
|
||||
@@ -520,8 +522,7 @@ static void mqueue_evict_inode(struct inode *inode)
|
||||
free_msg(msg);
|
||||
}
|
||||
|
||||
user = info->user;
|
||||
if (user) {
|
||||
if (info->ucounts) {
|
||||
unsigned long mq_bytes, mq_treesize;
|
||||
|
||||
/* Total amount of bytes accounted for the mqueue */
|
||||
@@ -533,7 +534,7 @@ static void mqueue_evict_inode(struct inode *inode)
|
||||
info->attr.mq_msgsize);
|
||||
|
||||
spin_lock(&mq_lock);
|
||||
user->mq_bytes -= mq_bytes;
|
||||
dec_rlimit_ucounts(info->ucounts, UCOUNT_RLIMIT_MSGQUEUE, mq_bytes);
|
||||
/*
|
||||
* get_ns_from_inode() ensures that the
|
||||
* (ipc_ns = sb->s_fs_info) is either a valid ipc_ns
|
||||
@@ -543,7 +544,8 @@ static void mqueue_evict_inode(struct inode *inode)
|
||||
if (ipc_ns)
|
||||
ipc_ns->mq_queues_count--;
|
||||
spin_unlock(&mq_lock);
|
||||
free_uid(user);
|
||||
put_ucounts(info->ucounts);
|
||||
info->ucounts = NULL;
|
||||
}
|
||||
if (ipc_ns)
|
||||
put_ipc_ns(ipc_ns);
|
||||
|
||||
Reference in New Issue
Block a user