[linux-2.6-block.git] / ipc / namespace.c

/*
 * linux/ipc/namespace.c
 * Copyright (C) 2006 Pavel Emelyanov <xemul@openvz.org> OpenVZ, SWsoft Inc.
 */

#include <linux/ipc.h>
#include <linux/msg.h>
#include <linux/ipc_namespace.h>
#include <linux/rcupdate.h>
#include <linux/nsproxy.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/mount.h>
#include <linux/user_namespace.h>

#include "util.h"

static struct ipc_namespace *create_ipc_ns(struct ipc_namespace *old_ns)
{
	struct ipc_namespace *ns;
	int err;

	ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL);
	if (ns == NULL)
		return ERR_PTR(-ENOMEM);

	atomic_set(&ns->count, 1);
	err = mq_init_ns(ns);
	if (err) {
		kfree(ns);
		return ERR_PTR(err);
	}
	atomic_inc(&nr_ipc_ns);

	sem_init_ns(ns);
	msg_init_ns(ns);
	shm_init_ns(ns);

	/*
	 * msgmni has already been computed for the new ipc ns.
	 * Thus, do the ipcns creation notification before registering that
	 * new ipcns in the chain.
	 */
	ipcns_notify(IPCNS_CREATED);
	register_ipcns_notifier(ns);

	ns->user_ns = old_ns->user_ns;
	get_user_ns(ns->user_ns);

	return ns;
}

struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns)
{
	if (!(flags & CLONE_NEWIPC))
		return get_ipc_ns(ns);
	return create_ipc_ns(ns);
}

/*
 * free_ipcs - free all ipcs of one type
 * @ns:   the namespace to remove the ipcs from
 * @ids:  the table of ipcs to free
 * @free: the function called to free each individual ipc
 *
 * Called for each kind of ipc when an ipc_namespace exits.
 */
void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids,
	       void (*free)(struct ipc_namespace *, struct kern_ipc_perm *))
{
	struct kern_ipc_perm *perm;
	int next_id;
	int total, in_use;

	down_write(&ids->rw_mutex);

	in_use = ids->in_use;

	for (total = 0, next_id = 0; total < in_use; next_id++) {
		perm = idr_find(&ids->ipcs_idr, next_id);
		if (perm == NULL)
			continue;
		ipc_lock_by_ptr(perm);
		free(ns, perm);
		total++;
	}
	up_write(&ids->rw_mutex);
}

static void free_ipc_ns(struct ipc_namespace *ns)
{
	/*
	 * Unregistering the hotplug notifier at the beginning guarantees
	 * that the ipc namespace won't be freed while we are inside the
	 * callback routine. Since the blocking_notifier_chain_XXX routines
	 * hold a rw lock on the notifier list, unregister_ipcns_notifier()
	 * won't take the rw lock before blocking_notifier_call_chain() has
	 * released the rd lock.
	 */
	unregister_ipcns_notifier(ns);
	sem_exit_ns(ns);
	msg_exit_ns(ns);
	shm_exit_ns(ns);
	kfree(ns);
	atomic_dec(&nr_ipc_ns);

	/*
	 * Do the ipcns removal notification after decrementing nr_ipc_ns in
	 * order to have a correct value when recomputing msgmni.
	 */
	ipcns_notify(IPCNS_REMOVED);
	put_user_ns(ns->user_ns);
}

/*
 * put_ipc_ns - drop a reference to an ipc namespace.
 * @ns: the namespace to put
 *
 * If this is the last task in the namespace exiting, and
 * it is dropping the refcount to 0, then it can race with
 * a task in another ipc namespace but in a mounts namespace
 * which has this ipcns's mqueuefs mounted, doing some action
 * with one of the mqueuefs files.  That can raise the refcount.
 * So dropping the refcount, and raising the refcount when
 * accessing it through the VFS, are protected with mq_lock.
 *
 * (Clearly, a task raising the refcount on its own ipc_ns
 * needn't take mq_lock since it can't race with the last task
 * in the ipcns exiting).
 */
void put_ipc_ns(struct ipc_namespace *ns)
{
	if (atomic_dec_and_lock(&ns->count, &mq_lock)) {
		mq_clear_sbinfo(ns);
		spin_unlock(&mq_lock);
		mq_put_mnt(ns);
		free_ipc_ns(ns);
	}
}
Commit	Line	Data
ae5e1b22 PE	1	/*
	2	* linux/ipc/namespace.c
	3	* Copyright (C) 2006 Pavel Emelyanov <xemul@openvz.org> OpenVZ, SWsoft Inc.
	4	*/
	5
	6	#include <linux/ipc.h>
	7	#include <linux/msg.h>
	8	#include <linux/ipc_namespace.h>
	9	#include <linux/rcupdate.h>
	10	#include <linux/nsproxy.h>
	11	#include <linux/slab.h>
7eafd7c7 SH	12	#include <linux/fs.h>
7eafd7c7 SH	13	#include <linux/mount.h>
b515498f	14	#include <linux/user_namespace.h>
ae5e1b22 PE	15
	16	#include "util.h"
	17
b515498f	18	static struct ipc_namespace create_ipc_ns(struct ipc_namespace old_ns)
ae5e1b22	19	{
ae5e1b22	20	struct ipc_namespace *ns;
7eafd7c7	21	int err;
ae5e1b22	22
ae5e1b22 PE	23	ns = kmalloc(sizeof(struct ipc_namespace), GFP_KERNEL);
ae5e1b22 PE	24	if (ns == NULL)
ed2ddbf8	25	return ERR_PTR(-ENOMEM);
ae5e1b22	26
7eafd7c7 SH	27	atomic_set(&ns->count, 1);
	28	err = mq_init_ns(ns);
	29	if (err) {
	30	kfree(ns);
	31	return ERR_PTR(err);
	32	}
4d89dc6a ND	33	atomic_inc(&nr_ipc_ns);
4d89dc6a ND	34
ed2ddbf8 PP	35	sem_init_ns(ns);
	36	msg_init_ns(ns);
	37	shm_init_ns(ns);
ae5e1b22	38
e2c284d8 ND	39	/*
	40	* msgmni has already been computed for the new ipc ns.
	41	* Thus, do the ipcns creation notification before registering that
	42	* new ipcns in the chain.
	43	*/
	44	ipcns_notify(IPCNS_CREATED);
b6b337ad ND	45	register_ipcns_notifier(ns);
b6b337ad ND	46
b515498f SH	47	ns->user_ns = old_ns->user_ns;
	48	get_user_ns(ns->user_ns);
	49
ae5e1b22	50	return ns;
ae5e1b22 PE	51	}
	52
	53	struct ipc_namespace copy_ipcs(unsigned long flags, struct ipc_namespace ns)
	54	{
ae5e1b22	55	if (!(flags & CLONE_NEWIPC))
64424289	56	return get_ipc_ns(ns);
b515498f	57	return create_ipc_ns(ns);
ae5e1b22 PE	58	}
ae5e1b22 PE	59
01b8b07a PP	60	/*
	61	* free_ipcs - free all ipcs of one type
	62	* @ns: the namespace to remove the ipcs from
	63	* @ids: the table of ipcs to free
	64	* @free: the function called to free each individual ipc
	65	*
	66	* Called for each kind of ipc when an ipc_namespace exits.
	67	*/
	68	void free_ipcs(struct ipc_namespace ns, struct ipc_ids ids,
	69	void (free)(struct ipc_namespace , struct kern_ipc_perm *))
	70	{
	71	struct kern_ipc_perm *perm;
	72	int next_id;
	73	int total, in_use;
	74
	75	down_write(&ids->rw_mutex);
	76
	77	in_use = ids->in_use;
	78
	79	for (total = 0, next_id = 0; total < in_use; next_id++) {
	80	perm = idr_find(&ids->ipcs_idr, next_id);
	81	if (perm == NULL)
	82	continue;
	83	ipc_lock_by_ptr(perm);
	84	free(ns, perm);
	85	total++;
	86	}
	87	up_write(&ids->rw_mutex);
	88	}
	89
b4188def AD	90	static void free_ipc_ns(struct ipc_namespace *ns)
	91	{
	92	/*
	93	* Unregistering the hotplug notifier at the beginning guarantees
	94	* that the ipc namespace won't be freed while we are inside the
	95	* callback routine. Since the blocking_notifier_chain_XXX routines
	96	* hold a rw lock on the notifier list, unregister_ipcns_notifier()
	97	* won't take the rw lock before blocking_notifier_call_chain() has
	98	* released the rd lock.
	99	*/
	100	unregister_ipcns_notifier(ns);
	101	sem_exit_ns(ns);
	102	msg_exit_ns(ns);
	103	shm_exit_ns(ns);
	104	kfree(ns);
	105	atomic_dec(&nr_ipc_ns);
	106
	107	/*
	108	* Do the ipcns removal notification after decrementing nr_ipc_ns in
	109	* order to have a correct value when recomputing msgmni.
	110	*/
	111	ipcns_notify(IPCNS_REMOVED);
b515498f	112	put_user_ns(ns->user_ns);
b4188def AD	113	}
b4188def AD	114
7eafd7c7 SH	115	/*
	116	* put_ipc_ns - drop a reference to an ipc namespace.
	117	* @ns: the namespace to put
	118	*
	119	* If this is the last task in the namespace exiting, and
	120	* it is dropping the refcount to 0, then it can race with
	121	* a task in another ipc namespace but in a mounts namespace
	122	* which has this ipcns's mqueuefs mounted, doing some action
	123	* with one of the mqueuefs files. That can raise the refcount.
	124	* So dropping the refcount, and raising the refcount when
	125	* accessing it through the VFS, are protected with mq_lock.
	126	*
	127	* (Clearly, a task raising the refcount on its own ipc_ns
	128	* needn't take mq_lock since it can't race with the last task
	129	* in the ipcns exiting).
	130	*/
	131	void put_ipc_ns(struct ipc_namespace *ns)
ae5e1b22	132	{
7eafd7c7 SH	133	if (atomic_dec_and_lock(&ns->count, &mq_lock)) {
	134	mq_clear_sbinfo(ns);
	135	spin_unlock(&mq_lock);
	136	mq_put_mnt(ns);
	137	free_ipc_ns(ns);
	138	}
	139	}