[linux-block.git] / kernel / pid_sysctl.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef LINUX_PID_SYSCTL_H
#define LINUX_PID_SYSCTL_H

#include <linux/pid_namespace.h>

#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns)
{
	ns->memfd_noexec_scope =
		task_active_pid_ns(current)->memfd_noexec_scope;
}

static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table,
	int write, void *buf, size_t *lenp, loff_t *ppos)
{
	struct pid_namespace *ns = task_active_pid_ns(current);
	struct ctl_table table_copy;

	if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
		return -EPERM;

	table_copy = *table;
	if (ns != &init_pid_ns)
		table_copy.data = &ns->memfd_noexec_scope;

	/*
	 * set minimum to current value, the effect is only bigger
	 * value is accepted.
	 */
	if (*(int *)table_copy.data > *(int *)table_copy.extra1)
		table_copy.extra1 = table_copy.data;

	return proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos);
}

static struct ctl_table pid_ns_ctl_table_vm[] = {
	{
		.procname	= "memfd_noexec",
		.data		= &init_pid_ns.memfd_noexec_scope,
		.maxlen		= sizeof(init_pid_ns.memfd_noexec_scope),
		.mode		= 0644,
		.proc_handler	= pid_mfd_noexec_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_TWO,
	},
	{ }
};
static struct ctl_path vm_path[] = { { .procname = "vm", }, { } };
static inline void register_pid_ns_sysctl_table_vm(void)
{
	register_sysctl_paths(vm_path, pid_ns_ctl_table_vm);
}
#else
static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) {}
static inline void set_memfd_noexec_scope(struct pid_namespace *ns) {}
static inline void register_pid_ns_sysctl_table_vm(void) {}
#endif

#endif /* LINUX_PID_SYSCTL_H */
Commit	Line	Data
105ff533 JX	1	/* SPDX-License-Identifier: GPL-2.0 */
	2	#ifndef LINUX_PID_SYSCTL_H
	3	#define LINUX_PID_SYSCTL_H
	4
	5	#include <linux/pid_namespace.h>
	6
	7	#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
	8	static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns)
	9	{
	10	ns->memfd_noexec_scope =
	11	task_active_pid_ns(current)->memfd_noexec_scope;
	12	}
	13
	14	static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table,
	15	int write, void buf, size_t lenp, loff_t *ppos)
	16	{
	17	struct pid_namespace *ns = task_active_pid_ns(current);
	18	struct ctl_table table_copy;
	19
	20	if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
	21	return -EPERM;
	22
	23	table_copy = *table;
	24	if (ns != &init_pid_ns)
	25	table_copy.data = &ns->memfd_noexec_scope;
	26
	27	/*
	28	* set minimum to current value, the effect is only bigger
	29	* value is accepted.
	30	*/
	31	if ((int )table_copy.data > (int )table_copy.extra1)
	32	table_copy.extra1 = table_copy.data;
	33
	34	return proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos);
	35	}
	36
	37	static struct ctl_table pid_ns_ctl_table_vm[] = {
	38	{
	39	.procname = "memfd_noexec",
	40	.data = &init_pid_ns.memfd_noexec_scope,
	41	.maxlen = sizeof(init_pid_ns.memfd_noexec_scope),
	42	.mode = 0644,
	43	.proc_handler = pid_mfd_noexec_dointvec_minmax,
	44	.extra1 = SYSCTL_ZERO,
	45	.extra2 = SYSCTL_TWO,
	46	},
	47	{ }
	48	};
	49	static struct ctl_path vm_path[] = { { .procname = "vm", }, { } };
	50	static inline void register_pid_ns_sysctl_table_vm(void)
	51	{
	52	register_sysctl_paths(vm_path, pid_ns_ctl_table_vm);
	53	}
	54	#else
	55	static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) {}
	56	static inline void set_memfd_noexec_scope(struct pid_namespace *ns) {}
	57	static inline void register_pid_ns_sysctl_table_vm(void) {}
	58	#endif
	59
	60	#endif /* LINUX_PID_SYSCTL_H */