Line data    Source code

       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : #ifndef __IPC_NAMESPACE_H__
       3             : #define __IPC_NAMESPACE_H__
       4             : 
       5             : #include <linux/err.h>
       6             : #include <linux/idr.h>
       7             : #include <linux/rwsem.h>
       8             : #include <linux/notifier.h>
       9             : #include <linux/nsproxy.h>
      10             : #include <linux/ns_common.h>
      11             : #include <linux/refcount.h>
      12             : #include <linux/rhashtable-types.h>
      13             : 
      14             : struct user_namespace;
      15             : 
      16             : struct ipc_ids {
      17             :         int in_use;
      18             :         unsigned short seq;
      19             :         struct rw_semaphore rwsem;
      20             :         struct idr ipcs_idr;
      21             :         int max_idx;
      22             :         int last_idx;   /* For wrap around detection */
      23             : #ifdef CONFIG_CHECKPOINT_RESTORE
      24             :         int next_id;
      25             : #endif
      26             :         struct rhashtable key_ht;
      27             : };
      28             : 
      29             : struct ipc_namespace {
      30             :         struct ipc_ids  ids[3];
      31             : 
      32             :         int             sem_ctls[4];
      33             :         int             used_sems;
      34             : 
      35             :         unsigned int    msg_ctlmax;
      36             :         unsigned int    msg_ctlmnb;
      37             :         unsigned int    msg_ctlmni;
      38             :         atomic_t        msg_bytes;
      39             :         atomic_t        msg_hdrs;
      40             : 
      41             :         size_t          shm_ctlmax;
      42             :         size_t          shm_ctlall;
      43             :         unsigned long   shm_tot;
      44             :         int             shm_ctlmni;
      45             :         /*
      46             :          * Defines whether IPC_RMID is forced for _all_ shm segments regardless
      47             :          * of shmctl()
      48             :          */
      49             :         int             shm_rmid_forced;
      50             : 
      51             :         struct notifier_block ipcns_nb;
      52             : 
      53             :         /* The kern_mount of the mqueuefs sb.  We take a ref on it */
      54             :         struct vfsmount *mq_mnt;
      55             : 
      56             :         /* # queues in this ns, protected by mq_lock */
      57             :         unsigned int    mq_queues_count;
      58             : 
      59             :         /* next fields are set through sysctl */
      60             :         unsigned int    mq_queues_max;   /* initialized to DFLT_QUEUESMAX */
      61             :         unsigned int    mq_msg_max;      /* initialized to DFLT_MSGMAX */
      62             :         unsigned int    mq_msgsize_max;  /* initialized to DFLT_MSGSIZEMAX */
      63             :         unsigned int    mq_msg_default;
      64             :         unsigned int    mq_msgsize_default;
      65             : 
      66             :         /* user_ns which owns the ipc ns */
      67             :         struct user_namespace *user_ns;
      68             :         struct ucounts *ucounts;
      69             : 
      70             :         struct llist_node mnt_llist;
      71             : 
      72             :         struct ns_common ns;
      73             : } __randomize_layout;
      74             : 
      75             : extern struct ipc_namespace init_ipc_ns;
      76             : extern spinlock_t mq_lock;
      77             : 
      78             : #ifdef CONFIG_SYSVIPC
      79             : extern void shm_destroy_orphaned(struct ipc_namespace *ns);
      80             : #else /* CONFIG_SYSVIPC */
      81             : static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {}
      82             : #endif /* CONFIG_SYSVIPC */
      83             : 
      84             : #ifdef CONFIG_POSIX_MQUEUE
      85             : extern int mq_init_ns(struct ipc_namespace *ns);
      86             : /*
      87             :  * POSIX Message Queue default values:
      88             :  *
      89             :  * MIN_*: Lowest value an admin can set the maximum unprivileged limit to
      90             :  * DFLT_*MAX: Default values for the maximum unprivileged limits
      91             :  * DFLT_{MSG,MSGSIZE}: Default values used when the user doesn't supply
      92             :  *   an attribute to the open call and the queue must be created
      93             :  * HARD_*: Highest value the maximums can be set to.  These are enforced
      94             :  *   on CAP_SYS_RESOURCE apps as well making them inviolate (so make them
      95             :  *   suitably high)
      96             :  *
      97             :  * POSIX Requirements:
      98             :  *   Per app minimum openable message queues - 8.  This does not map well
      99             :  *     to the fact that we limit the number of queues on a per namespace
     100             :  *     basis instead of a per app basis.  So, make the default high enough
     101             :  *     that no given app should have a hard time opening 8 queues.
     102             :  *   Minimum maximum for HARD_MSGMAX - 32767.  I bumped this to 65536.
     103             :  *   Minimum maximum for HARD_MSGSIZEMAX - POSIX is silent on this.  However,
     104             :  *     we have run into a situation where running applications in the wild
     105             :  *     require this to be at least 5MB, and preferably 10MB, so I set the
     106             :  *     value to 16MB in hopes that this user is the worst of the bunch and
     107             :  *     the new maximum will handle anyone else.  I may have to revisit this
     108             :  *     in the future.
     109             :  */
     110             : #define DFLT_QUEUESMAX                256
     111             : #define MIN_MSGMAX                      1
     112             : #define DFLT_MSG                       10U
     113             : #define DFLT_MSGMAX                    10
     114             : #define HARD_MSGMAX                 65536
     115             : #define MIN_MSGSIZEMAX                128
     116             : #define DFLT_MSGSIZE                 8192U
     117             : #define DFLT_MSGSIZEMAX              8192
     118             : #define HARD_MSGSIZEMAX     (16*1024*1024)
     119             : #else
     120             : static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }
     121             : #endif
     122             : 
     123             : #if defined(CONFIG_IPC_NS)
     124             : extern struct ipc_namespace *copy_ipcs(unsigned long flags,
     125             :         struct user_namespace *user_ns, struct ipc_namespace *ns);
     126             : 
     127             : static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
     128             : {
     129             :         if (ns)
     130             :                 refcount_inc(&ns->ns.count);
     131             :         return ns;
     132             : }
     133             : 
     134             : extern void put_ipc_ns(struct ipc_namespace *ns);
     135             : #else
     136          50 : static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
     137             :         struct user_namespace *user_ns, struct ipc_namespace *ns)
     138             : {
     139          50 :         if (flags & CLONE_NEWIPC)
     140           0 :                 return ERR_PTR(-EINVAL);
     141             : 
     142             :         return ns;
     143             : }
     144             : 
     145           3 : static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
     146             : {
     147           3 :         return ns;
     148             : }
     149             : 
     150           3 : static inline void put_ipc_ns(struct ipc_namespace *ns)
     151             : {
     152           3 : }
     153             : #endif
     154             : 
     155             : #ifdef CONFIG_POSIX_MQUEUE_SYSCTL
     156             : 
     157             : struct ctl_table_header;
     158             : extern struct ctl_table_header *mq_register_sysctl_table(void);
     159             : 
     160             : #else /* CONFIG_POSIX_MQUEUE_SYSCTL */
     161             : 
     162             : static inline struct ctl_table_header *mq_register_sysctl_table(void)
     163             : {
     164             :         return NULL;
     165             : }
     166             : 
     167             : #endif /* CONFIG_POSIX_MQUEUE_SYSCTL */
     168             : #endif