[linux-2.6-block.git] / include / linux / pid_namespace.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _LINUX_PID_NS_H
#define _LINUX_PID_NS_H

#include <linux/sched.h>
#include <linux/bug.h>
#include <linux/mm.h>
#include <linux/workqueue.h>
#include <linux/threads.h>
#include <linux/nsproxy.h>
#include <linux/ns_common.h>
#include <linux/idr.h>

/* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */
#define MAX_PID_NS_LEVEL 32

struct fs_pin;

#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
/* modes for vm.memfd_noexec sysctl */
#define MEMFD_NOEXEC_SCOPE_EXEC			0 /* MFD_EXEC implied if unset */
#define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL		1 /* MFD_NOEXEC_SEAL implied if unset */
#define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED	2 /* same as 1, except MFD_EXEC rejected */
#endif

struct pid_namespace {
	struct idr idr;
	struct rcu_head rcu;
	unsigned int pid_allocated;
	struct task_struct *child_reaper;
	struct kmem_cache *pid_cachep;
	unsigned int level;
	struct pid_namespace *parent;
#ifdef CONFIG_BSD_PROCESS_ACCT
	struct fs_pin *bacct;
#endif
	struct user_namespace *user_ns;
	struct ucounts *ucounts;
	int reboot;	/* group exit code if this pidns was rebooted */
	struct ns_common ns;
#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
	int memfd_noexec_scope;
#endif
} __randomize_layout;

extern struct pid_namespace init_pid_ns;

#define PIDNS_ADDING (1U << 31)

#ifdef CONFIG_PID_NS
static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
{
	if (ns != &init_pid_ns)
		refcount_inc(&ns->ns.count);
	return ns;
}

#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
{
	int scope = MEMFD_NOEXEC_SCOPE_EXEC;

	for (; ns; ns = ns->parent)
		scope = max(scope, READ_ONCE(ns->memfd_noexec_scope));

	return scope;
}
#else
static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
{
	return 0;
}
#endif

extern struct pid_namespace *copy_pid_ns(unsigned long flags,
	struct user_namespace *user_ns, struct pid_namespace *ns);
extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
extern void put_pid_ns(struct pid_namespace *ns);

#else /* !CONFIG_PID_NS */
#include <linux/err.h>

static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
{
	return ns;
}

static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
{
	return 0;
}

static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
	struct user_namespace *user_ns, struct pid_namespace *ns)
{
	if (flags & CLONE_NEWPID)
		ns = ERR_PTR(-EINVAL);
	return ns;
}

static inline void put_pid_ns(struct pid_namespace *ns)
{
}

static inline void zap_pid_ns_processes(struct pid_namespace *ns)
{
	BUG();
}

static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd)
{
	return 0;
}
#endif /* CONFIG_PID_NS */

extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk);
void pidhash_init(void);
void pid_idr_init(void);

static inline bool task_is_in_init_pid_ns(struct task_struct *tsk)
{
	return task_active_pid_ns(tsk) == &init_pid_ns;
}

#endif /* _LINUX_PID_NS_H */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
61a58c6c SB	2	#ifndef _LINUX_PID_NS_H
61a58c6c SB	3	#define _LINUX_PID_NS_H
aa5a6662 SB	4
aa5a6662 SB	5	#include <linux/sched.h>
187f1882	6	#include <linux/bug.h>
aa5a6662	7	#include <linux/mm.h>
a27bb332	8	#include <linux/workqueue.h>
aa5a6662	9	#include <linux/threads.h>
9a575a92	10	#include <linux/nsproxy.h>
435d5f4b	11	#include <linux/ns_common.h>
95846ecf	12	#include <linux/idr.h>
aa5a6662	13
49cb2fc4 AR	14	/* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */
49cb2fc4 AR	15	#define MAX_PID_NS_LEVEL 32
aa5a6662	16
59eda0e0	17	struct fs_pin;
20fad13a	18
105ff533	19	#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
202e1422 AS	20	/* modes for vm.memfd_noexec sysctl */
	21	#define MEMFD_NOEXEC_SCOPE_EXEC 0 /* MFD_EXEC implied if unset */
	22	#define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL 1 /* MFD_NOEXEC_SEAL implied if unset */
	23	#define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED 2 /* same as 1, except MFD_EXEC rejected */
105ff533 JX	24	#endif
105ff533 JX	25
61a58c6c	26	struct pid_namespace {
95846ecf	27	struct idr idr;
1adfcb03	28	struct rcu_head rcu;
e8cfbc24	29	unsigned int pid_allocated;
84d73786	30	struct task_struct *child_reaper;
baf8f0f8	31	struct kmem_cache *pid_cachep;
caafa432	32	unsigned int level;
faacbfd3	33	struct pid_namespace *parent;
20fad13a	34	#ifdef CONFIG_BSD_PROCESS_ACCT
59eda0e0	35	struct fs_pin *bacct;
20fad13a	36	#endif
49f4d8b9	37	struct user_namespace *user_ns;
f333c700	38	struct ucounts *ucounts;
cf3f8921	39	int reboot; /* group exit code if this pidns was rebooted */
435d5f4b	40	struct ns_common ns;
105ff533	41	#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
105ff533 JX	42	int memfd_noexec_scope;
105ff533 JX	43	#endif
3859a271	44	} __randomize_layout;
3fbc9648	45
61a58c6c	46	extern struct pid_namespace init_pid_ns;
3fbc9648	47
e8cfbc24	48	#define PIDNS_ADDING (1U << 31)
c876ad76	49
57d5f66b	50	#ifdef CONFIG_PID_NS
a05f7b15	51	static inline struct pid_namespace get_pid_ns(struct pid_namespace ns)
9a575a92	52	{
b461cc03	53	if (ns != &init_pid_ns)
8eb71d95	54	refcount_inc(&ns->ns.count);
a05f7b15	55	return ns;
9a575a92 CLG	56	}
9a575a92 CLG	57
9876cfe8 AS	58	#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
	59	static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
	60	{
	61	int scope = MEMFD_NOEXEC_SCOPE_EXEC;
	62
	63	for (; ns; ns = ns->parent)
	64	scope = max(scope, READ_ONCE(ns->memfd_noexec_scope));
	65
	66	return scope;
	67	}
	68	#else
	69	static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
	70	{
	71	return 0;
	72	}
	73	#endif
	74
49f4d8b9 EB	75	extern struct pid_namespace *copy_pid_ns(unsigned long flags,
49f4d8b9 EB	76	struct user_namespace user_ns, struct pid_namespace ns);
74bd59bb	77	extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
cf3f8921	78	extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
bbc2e3ef	79	extern void put_pid_ns(struct pid_namespace *ns);
9a575a92	80
57d5f66b EB	81	#else /* !CONFIG_PID_NS */
	82	#include <linux/err.h>
	83
	84	static inline struct pid_namespace get_pid_ns(struct pid_namespace ns)
	85	{
	86	return ns;
	87	}
	88
9876cfe8 AS	89	static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
	90	{
	91	return 0;
	92	}
	93
49f4d8b9 EB	94	static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
49f4d8b9 EB	95	struct user_namespace user_ns, struct pid_namespace ns)
57d5f66b EB	96	{
	97	if (flags & CLONE_NEWPID)
	98	ns = ERR_PTR(-EINVAL);
	99	return ns;
	100	}
	101
	102	static inline void put_pid_ns(struct pid_namespace *ns)
	103	{
	104	}
	105
74bd59bb PE	106	static inline void zap_pid_ns_processes(struct pid_namespace *ns)
	107	{
	108	BUG();
	109	}
cf3f8921 DL	110
	111	static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd)
	112	{
	113	return 0;
	114	}
57d5f66b EB	115	#endif /* CONFIG_PID_NS */
57d5f66b EB	116
61bce0f1	117	extern struct pid_namespace task_active_pid_ns(struct task_struct tsk);
3ae4eed3	118	void pidhash_init(void);
95846ecf	119	void pid_idr_init(void);
3ae4eed3	120
d7e4f854 LY	121	static inline bool task_is_in_init_pid_ns(struct task_struct *tsk)
	122	{
	123	return task_active_pid_ns(tsk) == &init_pid_ns;
	124	}
	125
61a58c6c	126	#endif /* _LINUX_PID_NS_H */