Commit | Line | Data |
---|---|---|
105ff533 JX |
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | #ifndef LINUX_PID_SYSCTL_H | |
3 | #define LINUX_PID_SYSCTL_H | |
4 | ||
5 | #include <linux/pid_namespace.h> | |
6 | ||
7 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) | |
8 | static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) | |
9 | { | |
10 | ns->memfd_noexec_scope = | |
11 | task_active_pid_ns(current)->memfd_noexec_scope; | |
12 | } | |
13 | ||
14 | static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table, | |
15 | int write, void *buf, size_t *lenp, loff_t *ppos) | |
16 | { | |
17 | struct pid_namespace *ns = task_active_pid_ns(current); | |
18 | struct ctl_table table_copy; | |
19 | ||
20 | if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN)) | |
21 | return -EPERM; | |
22 | ||
23 | table_copy = *table; | |
24 | if (ns != &init_pid_ns) | |
25 | table_copy.data = &ns->memfd_noexec_scope; | |
26 | ||
27 | /* | |
28 | * set minimum to current value, the effect is only bigger | |
29 | * value is accepted. | |
30 | */ | |
31 | if (*(int *)table_copy.data > *(int *)table_copy.extra1) | |
32 | table_copy.extra1 = table_copy.data; | |
33 | ||
34 | return proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos); | |
35 | } | |
36 | ||
37 | static struct ctl_table pid_ns_ctl_table_vm[] = { | |
38 | { | |
39 | .procname = "memfd_noexec", | |
40 | .data = &init_pid_ns.memfd_noexec_scope, | |
41 | .maxlen = sizeof(init_pid_ns.memfd_noexec_scope), | |
42 | .mode = 0644, | |
43 | .proc_handler = pid_mfd_noexec_dointvec_minmax, | |
44 | .extra1 = SYSCTL_ZERO, | |
45 | .extra2 = SYSCTL_TWO, | |
46 | }, | |
47 | { } | |
48 | }; | |
49 | static struct ctl_path vm_path[] = { { .procname = "vm", }, { } }; | |
50 | static inline void register_pid_ns_sysctl_table_vm(void) | |
51 | { | |
52 | register_sysctl_paths(vm_path, pid_ns_ctl_table_vm); | |
53 | } | |
54 | #else | |
55 | static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) {} | |
56 | static inline void set_memfd_noexec_scope(struct pid_namespace *ns) {} | |
57 | static inline void register_pid_ns_sysctl_table_vm(void) {} | |
58 | #endif | |
59 | ||
60 | #endif /* LINUX_PID_SYSCTL_H */ |