Line data    Source code

       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : #ifndef _LINUX_NSPROXY_H
       3             : #define _LINUX_NSPROXY_H
       4             : 
       5             : #include <linux/spinlock.h>
       6             : #include <linux/sched.h>
       7             : 
       8             : struct mnt_namespace;
       9             : struct uts_namespace;
      10             : struct ipc_namespace;
      11             : struct pid_namespace;
      12             : struct cgroup_namespace;
      13             : struct fs_struct;
      14             : 
      15             : /*
      16             :  * A structure to contain pointers to all per-process
      17             :  * namespaces - fs (mount), uts, network, sysvipc, etc.
      18             :  *
      19             :  * The pid namespace is an exception -- it's accessed using
      20             :  * task_active_pid_ns.  The pid namespace here is the
      21             :  * namespace that children will use.
      22             :  *
      23             :  * 'count' is the number of tasks holding a reference.
      24             :  * The count for each namespace, then, will be the number
      25             :  * of nsproxies pointing to it, not the number of tasks.
      26             :  *
      27             :  * The nsproxy is shared by tasks which share all namespaces.
      28             :  * As soon as a single namespace is cloned or unshared, the
      29             :  * nsproxy is copied.
      30             :  */
      31             : struct nsproxy {
      32             :         atomic_t count;
      33             :         struct uts_namespace *uts_ns;
      34             :         struct ipc_namespace *ipc_ns;
      35             :         struct mnt_namespace *mnt_ns;
      36             :         struct pid_namespace *pid_ns_for_children;
      37             :         struct net           *net_ns;
      38             :         struct time_namespace *time_ns;
      39             :         struct time_namespace *time_ns_for_children;
      40             :         struct cgroup_namespace *cgroup_ns;
      41             : };
      42             : extern struct nsproxy init_nsproxy;
      43             : 
      44             : /*
      45             :  * A structure to encompass all bits needed to install
      46             :  * a partial or complete new set of namespaces.
      47             :  *
      48             :  * If a new user namespace is requested cred will
      49             :  * point to a modifiable set of credentials. If a pointer
      50             :  * to a modifiable set is needed nsset_cred() must be
      51             :  * used and tested.
      52             :  */
      53             : struct nsset {
      54             :         unsigned flags;
      55             :         struct nsproxy *nsproxy;
      56             :         struct fs_struct *fs;
      57             :         const struct cred *cred;
      58             : };
      59             : 
      60           0 : static inline struct cred *nsset_cred(struct nsset *set)
      61             : {
      62           0 :         if (set->flags & CLONE_NEWUSER)
      63           0 :                 return (struct cred *)set->cred;
      64             : 
      65             :         return NULL;
      66             : }
      67             : 
      68             : /*
      69             :  * the namespaces access rules are:
      70             :  *
      71             :  *  1. only current task is allowed to change tsk->nsproxy pointer or
      72             :  *     any pointer on the nsproxy itself.  Current must hold the task_lock
      73             :  *     when changing tsk->nsproxy.
      74             :  *
      75             :  *  2. when accessing (i.e. reading) current task's namespaces - no
      76             :  *     precautions should be taken - just dereference the pointers
      77             :  *
      78             :  *  3. the access to other task namespaces is performed like this
      79             :  *     task_lock(task);
      80             :  *     nsproxy = task->nsproxy;
      81             :  *     if (nsproxy != NULL) {
      82             :  *             / *
      83             :  *               * work with the namespaces here
      84             :  *               * e.g. get the reference on one of them
      85             :  *               * /
      86             :  *     } / *
      87             :  *         * NULL task->nsproxy means that this task is
      88             :  *         * almost dead (zombie)
      89             :  *         * /
      90             :  *     task_unlock(task);
      91             :  *
      92             :  */
      93             : 
      94             : int copy_namespaces(unsigned long flags, struct task_struct *tsk);
      95             : void exit_task_namespaces(struct task_struct *tsk);
      96             : void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
      97             : void free_nsproxy(struct nsproxy *ns);
      98             : int unshare_nsproxy_namespaces(unsigned long, struct nsproxy **,
      99             :         struct cred *, struct fs_struct *);
     100             : int __init nsproxy_cache_init(void);
     101             : 
     102         928 : static inline void put_nsproxy(struct nsproxy *ns)
     103             : {
     104        1856 :         if (atomic_dec_and_test(&ns->count)) {
     105          47 :                 free_nsproxy(ns);
     106             :         }
     107         928 : }
     108             : 
     109         958 : static inline void get_nsproxy(struct nsproxy *ns)
     110             : {
     111         958 :         atomic_inc(&ns->count);
     112         958 : }
     113             : 
     114             : #endif