Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-only
2 : #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 :
4 : #include <linux/workqueue.h>
5 : #include <linux/rtnetlink.h>
6 : #include <linux/cache.h>
7 : #include <linux/slab.h>
8 : #include <linux/list.h>
9 : #include <linux/delay.h>
10 : #include <linux/sched.h>
11 : #include <linux/idr.h>
12 : #include <linux/rculist.h>
13 : #include <linux/nsproxy.h>
14 : #include <linux/fs.h>
15 : #include <linux/proc_ns.h>
16 : #include <linux/file.h>
17 : #include <linux/export.h>
18 : #include <linux/user_namespace.h>
19 : #include <linux/net_namespace.h>
20 : #include <linux/sched/task.h>
21 : #include <linux/uidgid.h>
22 : #include <linux/cookie.h>
23 :
24 : #include <net/sock.h>
25 : #include <net/netlink.h>
26 : #include <net/net_namespace.h>
27 : #include <net/netns/generic.h>
28 :
29 : /*
30 : * Our network namespace constructor/destructor lists
31 : */
32 :
33 : static LIST_HEAD(pernet_list);
34 : static struct list_head *first_device = &pernet_list;
35 :
36 : LIST_HEAD(net_namespace_list);
37 : EXPORT_SYMBOL_GPL(net_namespace_list);
38 :
39 : /* Protects net_namespace_list. Nests iside rtnl_lock() */
40 : DECLARE_RWSEM(net_rwsem);
41 : EXPORT_SYMBOL_GPL(net_rwsem);
42 :
43 : #ifdef CONFIG_KEYS
44 : static struct key_tag init_net_key_domain = { .usage = REFCOUNT_INIT(1) };
45 : #endif
46 :
47 : struct net init_net = {
48 : .ns.count = REFCOUNT_INIT(1),
49 : .dev_base_head = LIST_HEAD_INIT(init_net.dev_base_head),
50 : #ifdef CONFIG_KEYS
51 : .key_domain = &init_net_key_domain,
52 : #endif
53 : };
54 : EXPORT_SYMBOL(init_net);
55 :
56 : static bool init_net_initialized;
57 : /*
58 : * pernet_ops_rwsem: protects: pernet_list, net_generic_ids,
59 : * init_net_initialized and first_device pointer.
60 : * This is internal net namespace object. Please, don't use it
61 : * outside.
62 : */
63 : DECLARE_RWSEM(pernet_ops_rwsem);
64 : EXPORT_SYMBOL_GPL(pernet_ops_rwsem);
65 :
66 : #define MIN_PERNET_OPS_ID \
67 : ((sizeof(struct net_generic) + sizeof(void *) - 1) / sizeof(void *))
68 :
69 : #define INITIAL_NET_GEN_PTRS 13 /* +1 for len +2 for rcu_head */
70 :
71 : static unsigned int max_gen_ptrs = INITIAL_NET_GEN_PTRS;
72 :
73 : DEFINE_COOKIE(net_cookie);
74 :
75 1 : static struct net_generic *net_alloc_generic(void)
76 : {
77 1 : struct net_generic *ng;
78 1 : unsigned int generic_size = offsetof(struct net_generic, ptr[max_gen_ptrs]);
79 :
80 1 : ng = kzalloc(generic_size, GFP_KERNEL);
81 1 : if (ng)
82 1 : ng->s.len = max_gen_ptrs;
83 :
84 1 : return ng;
85 : }
86 :
87 2 : static int net_assign_generic(struct net *net, unsigned int id, void *data)
88 : {
89 2 : struct net_generic *ng, *old_ng;
90 :
91 2 : BUG_ON(id < MIN_PERNET_OPS_ID);
92 :
93 4 : old_ng = rcu_dereference_protected(net->gen,
94 : lockdep_is_held(&pernet_ops_rwsem));
95 2 : if (old_ng->s.len > id) {
96 2 : old_ng->ptr[id] = data;
97 2 : return 0;
98 : }
99 :
100 0 : ng = net_alloc_generic();
101 0 : if (ng == NULL)
102 : return -ENOMEM;
103 :
104 : /*
105 : * Some synchronisation notes:
106 : *
107 : * The net_generic explores the net->gen array inside rcu
108 : * read section. Besides once set the net->gen->ptr[x]
109 : * pointer never changes (see rules in netns/generic.h).
110 : *
111 : * That said, we simply duplicate this array and schedule
112 : * the old copy for kfree after a grace period.
113 : */
114 :
115 0 : memcpy(&ng->ptr[MIN_PERNET_OPS_ID], &old_ng->ptr[MIN_PERNET_OPS_ID],
116 0 : (old_ng->s.len - MIN_PERNET_OPS_ID) * sizeof(void *));
117 0 : ng->ptr[id] = data;
118 :
119 0 : rcu_assign_pointer(net->gen, ng);
120 0 : kfree_rcu(old_ng, s.rcu);
121 : return 0;
122 : }
123 :
124 46 : static int ops_init(const struct pernet_operations *ops, struct net *net)
125 : {
126 46 : int err = -ENOMEM;
127 46 : void *data = NULL;
128 :
129 46 : if (ops->id && ops->size) {
130 2 : data = kzalloc(ops->size, GFP_KERNEL);
131 2 : if (!data)
132 0 : goto out;
133 :
134 2 : err = net_assign_generic(net, *ops->id, data);
135 2 : if (err)
136 0 : goto cleanup;
137 : }
138 46 : err = 0;
139 46 : if (ops->init)
140 45 : err = ops->init(net);
141 45 : if (!err)
142 46 : return 0;
143 :
144 0 : cleanup:
145 0 : kfree(data);
146 :
147 : out:
148 : return err;
149 : }
150 :
151 0 : static void ops_free(const struct pernet_operations *ops, struct net *net)
152 : {
153 0 : if (ops->id && ops->size) {
154 0 : kfree(net_generic(net, *ops->id));
155 : }
156 0 : }
157 :
158 0 : static void ops_pre_exit_list(const struct pernet_operations *ops,
159 : struct list_head *net_exit_list)
160 : {
161 0 : struct net *net;
162 :
163 0 : if (ops->pre_exit) {
164 0 : list_for_each_entry(net, net_exit_list, exit_list)
165 0 : ops->pre_exit(net);
166 : }
167 0 : }
168 :
169 0 : static void ops_exit_list(const struct pernet_operations *ops,
170 : struct list_head *net_exit_list)
171 : {
172 0 : struct net *net;
173 0 : if (ops->exit) {
174 0 : list_for_each_entry(net, net_exit_list, exit_list)
175 0 : ops->exit(net);
176 : }
177 0 : if (ops->exit_batch)
178 0 : ops->exit_batch(net_exit_list);
179 0 : }
180 :
181 0 : static void ops_free_list(const struct pernet_operations *ops,
182 : struct list_head *net_exit_list)
183 : {
184 0 : struct net *net;
185 0 : if (ops->size && ops->id) {
186 0 : list_for_each_entry(net, net_exit_list, exit_list)
187 0 : ops_free(ops, net);
188 : }
189 0 : }
190 :
191 : /* should be called with nsid_lock held */
192 0 : static int alloc_netid(struct net *net, struct net *peer, int reqid)
193 : {
194 0 : int min = 0, max = 0;
195 :
196 0 : if (reqid >= 0) {
197 0 : min = reqid;
198 0 : max = reqid + 1;
199 : }
200 :
201 0 : return idr_alloc(&net->netns_ids, peer, min, max, GFP_ATOMIC);
202 : }
203 :
204 : /* This function is used by idr_for_each(). If net is equal to peer, the
205 : * function returns the id so that idr_for_each() stops. Because we cannot
206 : * returns the id 0 (idr_for_each() will not stop), we return the magic value
207 : * NET_ID_ZERO (-1) for it.
208 : */
209 : #define NET_ID_ZERO -1
210 0 : static int net_eq_idr(int id, void *net, void *peer)
211 : {
212 0 : if (net_eq(net, peer))
213 0 : return id ? : NET_ID_ZERO;
214 : return 0;
215 : }
216 :
217 : /* Must be called from RCU-critical section or with nsid_lock held */
218 201 : static int __peernet2id(const struct net *net, struct net *peer)
219 : {
220 201 : int id = idr_for_each(&net->netns_ids, net_eq_idr, peer);
221 :
222 : /* Magic value for id 0. */
223 201 : if (id == NET_ID_ZERO)
224 : return 0;
225 201 : if (id > 0)
226 0 : return id;
227 :
228 : return NETNSA_NSID_NOT_ASSIGNED;
229 : }
230 :
231 : static void rtnl_net_notifyid(struct net *net, int cmd, int id, u32 portid,
232 : struct nlmsghdr *nlh, gfp_t gfp);
233 : /* This function returns the id of a peer netns. If no id is assigned, one will
234 : * be allocated and returned.
235 : */
236 0 : int peernet2id_alloc(struct net *net, struct net *peer, gfp_t gfp)
237 : {
238 0 : int id;
239 :
240 0 : if (refcount_read(&net->ns.count) == 0)
241 : return NETNSA_NSID_NOT_ASSIGNED;
242 :
243 0 : spin_lock_bh(&net->nsid_lock);
244 0 : id = __peernet2id(net, peer);
245 0 : if (id >= 0) {
246 0 : spin_unlock_bh(&net->nsid_lock);
247 0 : return id;
248 : }
249 :
250 : /* When peer is obtained from RCU lists, we may race with
251 : * its cleanup. Check whether it's alive, and this guarantees
252 : * we never hash a peer back to net->netns_ids, after it has
253 : * just been idr_remove()'d from there in cleanup_net().
254 : */
255 0 : if (!maybe_get_net(peer)) {
256 0 : spin_unlock_bh(&net->nsid_lock);
257 0 : return NETNSA_NSID_NOT_ASSIGNED;
258 : }
259 :
260 0 : id = alloc_netid(net, peer, -1);
261 0 : spin_unlock_bh(&net->nsid_lock);
262 :
263 0 : put_net(peer);
264 0 : if (id < 0)
265 : return NETNSA_NSID_NOT_ASSIGNED;
266 :
267 0 : rtnl_net_notifyid(net, RTM_NEWNSID, id, 0, NULL, gfp);
268 :
269 0 : return id;
270 : }
271 : EXPORT_SYMBOL_GPL(peernet2id_alloc);
272 :
273 : /* This function returns, if assigned, the id of a peer netns. */
274 201 : int peernet2id(const struct net *net, struct net *peer)
275 : {
276 201 : int id;
277 :
278 201 : rcu_read_lock();
279 201 : id = __peernet2id(net, peer);
280 201 : rcu_read_unlock();
281 :
282 201 : return id;
283 : }
284 : EXPORT_SYMBOL(peernet2id);
285 :
286 : /* This function returns true is the peer netns has an id assigned into the
287 : * current netns.
288 : */
289 0 : bool peernet_has_id(const struct net *net, struct net *peer)
290 : {
291 0 : return peernet2id(net, peer) >= 0;
292 : }
293 :
294 0 : struct net *get_net_ns_by_id(const struct net *net, int id)
295 : {
296 0 : struct net *peer;
297 :
298 0 : if (id < 0)
299 : return NULL;
300 :
301 0 : rcu_read_lock();
302 0 : peer = idr_find(&net->netns_ids, id);
303 0 : if (peer)
304 0 : peer = maybe_get_net(peer);
305 0 : rcu_read_unlock();
306 :
307 0 : return peer;
308 : }
309 :
310 : /*
311 : * setup_net runs the initializers for the network namespace object.
312 : */
313 1 : static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
314 : {
315 : /* Must be called with pernet_ops_rwsem held */
316 1 : const struct pernet_operations *ops, *saved_ops;
317 1 : int error = 0;
318 1 : LIST_HEAD(net_exit_list);
319 :
320 1 : refcount_set(&net->ns.count, 1);
321 1 : refcount_set(&net->passive, 1);
322 1 : get_random_bytes(&net->hash_mix, sizeof(u32));
323 1 : preempt_disable();
324 1 : net->net_cookie = gen_cookie_next(&net_cookie);
325 1 : preempt_enable();
326 1 : net->dev_base_seq = 1;
327 1 : net->user_ns = user_ns;
328 1 : idr_init(&net->netns_ids);
329 1 : spin_lock_init(&net->nsid_lock);
330 1 : mutex_init(&net->ipv4.ra_mutex);
331 :
332 2 : list_for_each_entry(ops, &pernet_list, list) {
333 1 : error = ops_init(ops, net);
334 1 : if (error < 0)
335 0 : goto out_undo;
336 : }
337 1 : down_write(&net_rwsem);
338 1 : list_add_tail_rcu(&net->list, &net_namespace_list);
339 1 : up_write(&net_rwsem);
340 1 : out:
341 1 : return error;
342 :
343 0 : out_undo:
344 : /* Walk through the list backwards calling the exit functions
345 : * for the pernet modules whose init functions did not fail.
346 : */
347 0 : list_add(&net->exit_list, &net_exit_list);
348 0 : saved_ops = ops;
349 0 : list_for_each_entry_continue_reverse(ops, &pernet_list, list)
350 0 : ops_pre_exit_list(ops, &net_exit_list);
351 :
352 0 : synchronize_rcu();
353 :
354 0 : ops = saved_ops;
355 0 : list_for_each_entry_continue_reverse(ops, &pernet_list, list)
356 0 : ops_exit_list(ops, &net_exit_list);
357 :
358 0 : ops = saved_ops;
359 0 : list_for_each_entry_continue_reverse(ops, &pernet_list, list)
360 0 : ops_free_list(ops, &net_exit_list);
361 :
362 0 : rcu_barrier();
363 0 : goto out;
364 : }
365 :
366 1 : static int __net_init net_defaults_init_net(struct net *net)
367 : {
368 1 : net->core.sysctl_somaxconn = SOMAXCONN;
369 1 : return 0;
370 : }
371 :
372 : static struct pernet_operations net_defaults_ops = {
373 : .init = net_defaults_init_net,
374 : };
375 :
376 1 : static __init int net_defaults_init(void)
377 : {
378 1 : if (register_pernet_subsys(&net_defaults_ops))
379 0 : panic("Cannot initialize net default settings");
380 :
381 1 : return 0;
382 : }
383 :
384 : core_initcall(net_defaults_init);
385 :
386 : #ifdef CONFIG_NET_NS
387 : static struct ucounts *inc_net_namespaces(struct user_namespace *ns)
388 : {
389 : return inc_ucount(ns, current_euid(), UCOUNT_NET_NAMESPACES);
390 : }
391 :
392 : static void dec_net_namespaces(struct ucounts *ucounts)
393 : {
394 : dec_ucount(ucounts, UCOUNT_NET_NAMESPACES);
395 : }
396 :
397 : static struct kmem_cache *net_cachep __ro_after_init;
398 : static struct workqueue_struct *netns_wq;
399 :
400 : static struct net *net_alloc(void)
401 : {
402 : struct net *net = NULL;
403 : struct net_generic *ng;
404 :
405 : ng = net_alloc_generic();
406 : if (!ng)
407 : goto out;
408 :
409 : net = kmem_cache_zalloc(net_cachep, GFP_KERNEL);
410 : if (!net)
411 : goto out_free;
412 :
413 : #ifdef CONFIG_KEYS
414 : net->key_domain = kzalloc(sizeof(struct key_tag), GFP_KERNEL);
415 : if (!net->key_domain)
416 : goto out_free_2;
417 : refcount_set(&net->key_domain->usage, 1);
418 : #endif
419 :
420 : rcu_assign_pointer(net->gen, ng);
421 : out:
422 : return net;
423 :
424 : #ifdef CONFIG_KEYS
425 : out_free_2:
426 : kmem_cache_free(net_cachep, net);
427 : net = NULL;
428 : #endif
429 : out_free:
430 : kfree(ng);
431 : goto out;
432 : }
433 :
434 : static void net_free(struct net *net)
435 : {
436 : kfree(rcu_access_pointer(net->gen));
437 : kmem_cache_free(net_cachep, net);
438 : }
439 :
440 : void net_drop_ns(void *p)
441 : {
442 : struct net *ns = p;
443 : if (ns && refcount_dec_and_test(&ns->passive))
444 : net_free(ns);
445 : }
446 :
447 : struct net *copy_net_ns(unsigned long flags,
448 : struct user_namespace *user_ns, struct net *old_net)
449 : {
450 : struct ucounts *ucounts;
451 : struct net *net;
452 : int rv;
453 :
454 : if (!(flags & CLONE_NEWNET))
455 : return get_net(old_net);
456 :
457 : ucounts = inc_net_namespaces(user_ns);
458 : if (!ucounts)
459 : return ERR_PTR(-ENOSPC);
460 :
461 : net = net_alloc();
462 : if (!net) {
463 : rv = -ENOMEM;
464 : goto dec_ucounts;
465 : }
466 : refcount_set(&net->passive, 1);
467 : net->ucounts = ucounts;
468 : get_user_ns(user_ns);
469 :
470 : rv = down_read_killable(&pernet_ops_rwsem);
471 : if (rv < 0)
472 : goto put_userns;
473 :
474 : rv = setup_net(net, user_ns);
475 :
476 : up_read(&pernet_ops_rwsem);
477 :
478 : if (rv < 0) {
479 : put_userns:
480 : key_remove_domain(net->key_domain);
481 : put_user_ns(user_ns);
482 : net_drop_ns(net);
483 : dec_ucounts:
484 : dec_net_namespaces(ucounts);
485 : return ERR_PTR(rv);
486 : }
487 : return net;
488 : }
489 :
490 : /**
491 : * net_ns_get_ownership - get sysfs ownership data for @net
492 : * @net: network namespace in question (can be NULL)
493 : * @uid: kernel user ID for sysfs objects
494 : * @gid: kernel group ID for sysfs objects
495 : *
496 : * Returns the uid/gid pair of root in the user namespace associated with the
497 : * given network namespace.
498 : */
499 : void net_ns_get_ownership(const struct net *net, kuid_t *uid, kgid_t *gid)
500 : {
501 : if (net) {
502 : kuid_t ns_root_uid = make_kuid(net->user_ns, 0);
503 : kgid_t ns_root_gid = make_kgid(net->user_ns, 0);
504 :
505 : if (uid_valid(ns_root_uid))
506 : *uid = ns_root_uid;
507 :
508 : if (gid_valid(ns_root_gid))
509 : *gid = ns_root_gid;
510 : } else {
511 : *uid = GLOBAL_ROOT_UID;
512 : *gid = GLOBAL_ROOT_GID;
513 : }
514 : }
515 : EXPORT_SYMBOL_GPL(net_ns_get_ownership);
516 :
517 : static void unhash_nsid(struct net *net, struct net *last)
518 : {
519 : struct net *tmp;
520 : /* This function is only called from cleanup_net() work,
521 : * and this work is the only process, that may delete
522 : * a net from net_namespace_list. So, when the below
523 : * is executing, the list may only grow. Thus, we do not
524 : * use for_each_net_rcu() or net_rwsem.
525 : */
526 : for_each_net(tmp) {
527 : int id;
528 :
529 : spin_lock_bh(&tmp->nsid_lock);
530 : id = __peernet2id(tmp, net);
531 : if (id >= 0)
532 : idr_remove(&tmp->netns_ids, id);
533 : spin_unlock_bh(&tmp->nsid_lock);
534 : if (id >= 0)
535 : rtnl_net_notifyid(tmp, RTM_DELNSID, id, 0, NULL,
536 : GFP_KERNEL);
537 : if (tmp == last)
538 : break;
539 : }
540 : spin_lock_bh(&net->nsid_lock);
541 : idr_destroy(&net->netns_ids);
542 : spin_unlock_bh(&net->nsid_lock);
543 : }
544 :
545 : static LLIST_HEAD(cleanup_list);
546 :
547 : static void cleanup_net(struct work_struct *work)
548 : {
549 : const struct pernet_operations *ops;
550 : struct net *net, *tmp, *last;
551 : struct llist_node *net_kill_list;
552 : LIST_HEAD(net_exit_list);
553 :
554 : /* Atomically snapshot the list of namespaces to cleanup */
555 : net_kill_list = llist_del_all(&cleanup_list);
556 :
557 : down_read(&pernet_ops_rwsem);
558 :
559 : /* Don't let anyone else find us. */
560 : down_write(&net_rwsem);
561 : llist_for_each_entry(net, net_kill_list, cleanup_list)
562 : list_del_rcu(&net->list);
563 : /* Cache last net. After we unlock rtnl, no one new net
564 : * added to net_namespace_list can assign nsid pointer
565 : * to a net from net_kill_list (see peernet2id_alloc()).
566 : * So, we skip them in unhash_nsid().
567 : *
568 : * Note, that unhash_nsid() does not delete nsid links
569 : * between net_kill_list's nets, as they've already
570 : * deleted from net_namespace_list. But, this would be
571 : * useless anyway, as netns_ids are destroyed there.
572 : */
573 : last = list_last_entry(&net_namespace_list, struct net, list);
574 : up_write(&net_rwsem);
575 :
576 : llist_for_each_entry(net, net_kill_list, cleanup_list) {
577 : unhash_nsid(net, last);
578 : list_add_tail(&net->exit_list, &net_exit_list);
579 : }
580 :
581 : /* Run all of the network namespace pre_exit methods */
582 : list_for_each_entry_reverse(ops, &pernet_list, list)
583 : ops_pre_exit_list(ops, &net_exit_list);
584 :
585 : /*
586 : * Another CPU might be rcu-iterating the list, wait for it.
587 : * This needs to be before calling the exit() notifiers, so
588 : * the rcu_barrier() below isn't sufficient alone.
589 : * Also the pre_exit() and exit() methods need this barrier.
590 : */
591 : synchronize_rcu();
592 :
593 : /* Run all of the network namespace exit methods */
594 : list_for_each_entry_reverse(ops, &pernet_list, list)
595 : ops_exit_list(ops, &net_exit_list);
596 :
597 : /* Free the net generic variables */
598 : list_for_each_entry_reverse(ops, &pernet_list, list)
599 : ops_free_list(ops, &net_exit_list);
600 :
601 : up_read(&pernet_ops_rwsem);
602 :
603 : /* Ensure there are no outstanding rcu callbacks using this
604 : * network namespace.
605 : */
606 : rcu_barrier();
607 :
608 : /* Finally it is safe to free my network namespace structure */
609 : list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
610 : list_del_init(&net->exit_list);
611 : dec_net_namespaces(net->ucounts);
612 : key_remove_domain(net->key_domain);
613 : put_user_ns(net->user_ns);
614 : net_drop_ns(net);
615 : }
616 : }
617 :
618 : /**
619 : * net_ns_barrier - wait until concurrent net_cleanup_work is done
620 : *
621 : * cleanup_net runs from work queue and will first remove namespaces
622 : * from the global list, then run net exit functions.
623 : *
624 : * Call this in module exit path to make sure that all netns
625 : * ->exit ops have been invoked before the function is removed.
626 : */
627 : void net_ns_barrier(void)
628 : {
629 : down_write(&pernet_ops_rwsem);
630 : up_write(&pernet_ops_rwsem);
631 : }
632 : EXPORT_SYMBOL(net_ns_barrier);
633 :
634 : static DECLARE_WORK(net_cleanup_work, cleanup_net);
635 :
636 : void __put_net(struct net *net)
637 : {
638 : /* Cleanup the network namespace in process context */
639 : if (llist_add(&net->cleanup_list, &cleanup_list))
640 : queue_work(netns_wq, &net_cleanup_work);
641 : }
642 : EXPORT_SYMBOL_GPL(__put_net);
643 :
644 : struct net *get_net_ns_by_fd(int fd)
645 : {
646 : struct file *file;
647 : struct ns_common *ns;
648 : struct net *net;
649 :
650 : file = proc_ns_fget(fd);
651 : if (IS_ERR(file))
652 : return ERR_CAST(file);
653 :
654 : ns = get_proc_ns(file_inode(file));
655 : if (ns->ops == &netns_operations)
656 : net = get_net(container_of(ns, struct net, ns));
657 : else
658 : net = ERR_PTR(-EINVAL);
659 :
660 : fput(file);
661 : return net;
662 : }
663 :
664 : #else
665 0 : struct net *get_net_ns_by_fd(int fd)
666 : {
667 0 : return ERR_PTR(-EINVAL);
668 : }
669 : #endif
670 : EXPORT_SYMBOL_GPL(get_net_ns_by_fd);
671 :
672 0 : struct net *get_net_ns_by_pid(pid_t pid)
673 : {
674 0 : struct task_struct *tsk;
675 0 : struct net *net;
676 :
677 : /* Lookup the network namespace */
678 0 : net = ERR_PTR(-ESRCH);
679 0 : rcu_read_lock();
680 0 : tsk = find_task_by_vpid(pid);
681 0 : if (tsk) {
682 0 : struct nsproxy *nsproxy;
683 0 : task_lock(tsk);
684 0 : nsproxy = tsk->nsproxy;
685 0 : if (nsproxy)
686 0 : net = get_net(nsproxy->net_ns);
687 0 : task_unlock(tsk);
688 : }
689 0 : rcu_read_unlock();
690 0 : return net;
691 : }
692 : EXPORT_SYMBOL_GPL(get_net_ns_by_pid);
693 :
694 1 : static __net_init int net_ns_net_init(struct net *net)
695 : {
696 : #ifdef CONFIG_NET_NS
697 : net->ns.ops = &netns_operations;
698 : #endif
699 1 : return ns_alloc_inum(&net->ns);
700 : }
701 :
702 0 : static __net_exit void net_ns_net_exit(struct net *net)
703 : {
704 0 : ns_free_inum(&net->ns);
705 0 : }
706 :
707 : static struct pernet_operations __net_initdata net_ns_ops = {
708 : .init = net_ns_net_init,
709 : .exit = net_ns_net_exit,
710 : };
711 :
712 : static const struct nla_policy rtnl_net_policy[NETNSA_MAX + 1] = {
713 : [NETNSA_NONE] = { .type = NLA_UNSPEC },
714 : [NETNSA_NSID] = { .type = NLA_S32 },
715 : [NETNSA_PID] = { .type = NLA_U32 },
716 : [NETNSA_FD] = { .type = NLA_U32 },
717 : [NETNSA_TARGET_NSID] = { .type = NLA_S32 },
718 : };
719 :
720 0 : static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh,
721 : struct netlink_ext_ack *extack)
722 : {
723 0 : struct net *net = sock_net(skb->sk);
724 0 : struct nlattr *tb[NETNSA_MAX + 1];
725 0 : struct nlattr *nla;
726 0 : struct net *peer;
727 0 : int nsid, err;
728 :
729 0 : err = nlmsg_parse_deprecated(nlh, sizeof(struct rtgenmsg), tb,
730 : NETNSA_MAX, rtnl_net_policy, extack);
731 0 : if (err < 0)
732 : return err;
733 0 : if (!tb[NETNSA_NSID]) {
734 0 : NL_SET_ERR_MSG(extack, "nsid is missing");
735 0 : return -EINVAL;
736 : }
737 0 : nsid = nla_get_s32(tb[NETNSA_NSID]);
738 :
739 0 : if (tb[NETNSA_PID]) {
740 0 : peer = get_net_ns_by_pid(nla_get_u32(tb[NETNSA_PID]));
741 0 : nla = tb[NETNSA_PID];
742 0 : } else if (tb[NETNSA_FD]) {
743 0 : peer = get_net_ns_by_fd(nla_get_u32(tb[NETNSA_FD]));
744 0 : nla = tb[NETNSA_FD];
745 : } else {
746 0 : NL_SET_ERR_MSG(extack, "Peer netns reference is missing");
747 0 : return -EINVAL;
748 : }
749 0 : if (IS_ERR(peer)) {
750 0 : NL_SET_BAD_ATTR(extack, nla);
751 0 : NL_SET_ERR_MSG(extack, "Peer netns reference is invalid");
752 0 : return PTR_ERR(peer);
753 : }
754 :
755 0 : spin_lock_bh(&net->nsid_lock);
756 0 : if (__peernet2id(net, peer) >= 0) {
757 0 : spin_unlock_bh(&net->nsid_lock);
758 0 : err = -EEXIST;
759 0 : NL_SET_BAD_ATTR(extack, nla);
760 0 : NL_SET_ERR_MSG(extack,
761 : "Peer netns already has a nsid assigned");
762 0 : goto out;
763 : }
764 :
765 0 : err = alloc_netid(net, peer, nsid);
766 0 : spin_unlock_bh(&net->nsid_lock);
767 0 : if (err >= 0) {
768 0 : rtnl_net_notifyid(net, RTM_NEWNSID, err, NETLINK_CB(skb).portid,
769 : nlh, GFP_KERNEL);
770 0 : err = 0;
771 0 : } else if (err == -ENOSPC && nsid >= 0) {
772 0 : err = -EEXIST;
773 0 : NL_SET_BAD_ATTR(extack, tb[NETNSA_NSID]);
774 0 : NL_SET_ERR_MSG(extack, "The specified nsid is already used");
775 : }
776 0 : out:
777 0 : put_net(peer);
778 : return err;
779 : }
780 :
781 0 : static int rtnl_net_get_size(void)
782 : {
783 0 : return NLMSG_ALIGN(sizeof(struct rtgenmsg))
784 0 : + nla_total_size(sizeof(s32)) /* NETNSA_NSID */
785 0 : + nla_total_size(sizeof(s32)) /* NETNSA_CURRENT_NSID */
786 : ;
787 : }
788 :
789 : struct net_fill_args {
790 : u32 portid;
791 : u32 seq;
792 : int flags;
793 : int cmd;
794 : int nsid;
795 : bool add_ref;
796 : int ref_nsid;
797 : };
798 :
799 0 : static int rtnl_net_fill(struct sk_buff *skb, struct net_fill_args *args)
800 : {
801 0 : struct nlmsghdr *nlh;
802 0 : struct rtgenmsg *rth;
803 :
804 0 : nlh = nlmsg_put(skb, args->portid, args->seq, args->cmd, sizeof(*rth),
805 : args->flags);
806 0 : if (!nlh)
807 : return -EMSGSIZE;
808 :
809 0 : rth = nlmsg_data(nlh);
810 0 : rth->rtgen_family = AF_UNSPEC;
811 :
812 0 : if (nla_put_s32(skb, NETNSA_NSID, args->nsid))
813 0 : goto nla_put_failure;
814 :
815 0 : if (args->add_ref &&
816 0 : nla_put_s32(skb, NETNSA_CURRENT_NSID, args->ref_nsid))
817 0 : goto nla_put_failure;
818 :
819 0 : nlmsg_end(skb, nlh);
820 0 : return 0;
821 :
822 0 : nla_put_failure:
823 0 : nlmsg_cancel(skb, nlh);
824 0 : return -EMSGSIZE;
825 : }
826 :
827 0 : static int rtnl_net_valid_getid_req(struct sk_buff *skb,
828 : const struct nlmsghdr *nlh,
829 : struct nlattr **tb,
830 : struct netlink_ext_ack *extack)
831 : {
832 0 : int i, err;
833 :
834 0 : if (!netlink_strict_get_check(skb))
835 0 : return nlmsg_parse_deprecated(nlh, sizeof(struct rtgenmsg),
836 : tb, NETNSA_MAX, rtnl_net_policy,
837 : extack);
838 :
839 0 : err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct rtgenmsg), tb,
840 : NETNSA_MAX, rtnl_net_policy,
841 : extack);
842 0 : if (err)
843 : return err;
844 :
845 0 : for (i = 0; i <= NETNSA_MAX; i++) {
846 0 : if (!tb[i])
847 0 : continue;
848 :
849 0 : switch (i) {
850 : case NETNSA_PID:
851 : case NETNSA_FD:
852 : case NETNSA_NSID:
853 : case NETNSA_TARGET_NSID:
854 : break;
855 0 : default:
856 0 : NL_SET_ERR_MSG(extack, "Unsupported attribute in peer netns getid request");
857 : return -EINVAL;
858 : }
859 : }
860 :
861 : return 0;
862 : }
863 :
864 0 : static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh,
865 : struct netlink_ext_ack *extack)
866 : {
867 0 : struct net *net = sock_net(skb->sk);
868 0 : struct nlattr *tb[NETNSA_MAX + 1];
869 0 : struct net_fill_args fillargs = {
870 0 : .portid = NETLINK_CB(skb).portid,
871 0 : .seq = nlh->nlmsg_seq,
872 : .cmd = RTM_NEWNSID,
873 : };
874 0 : struct net *peer, *target = net;
875 0 : struct nlattr *nla;
876 0 : struct sk_buff *msg;
877 0 : int err;
878 :
879 0 : err = rtnl_net_valid_getid_req(skb, nlh, tb, extack);
880 0 : if (err < 0)
881 : return err;
882 0 : if (tb[NETNSA_PID]) {
883 0 : peer = get_net_ns_by_pid(nla_get_u32(tb[NETNSA_PID]));
884 0 : nla = tb[NETNSA_PID];
885 0 : } else if (tb[NETNSA_FD]) {
886 0 : peer = get_net_ns_by_fd(nla_get_u32(tb[NETNSA_FD]));
887 0 : nla = tb[NETNSA_FD];
888 0 : } else if (tb[NETNSA_NSID]) {
889 0 : peer = get_net_ns_by_id(net, nla_get_s32(tb[NETNSA_NSID]));
890 0 : if (!peer)
891 0 : peer = ERR_PTR(-ENOENT);
892 0 : nla = tb[NETNSA_NSID];
893 : } else {
894 0 : NL_SET_ERR_MSG(extack, "Peer netns reference is missing");
895 0 : return -EINVAL;
896 : }
897 :
898 0 : if (IS_ERR(peer)) {
899 0 : NL_SET_BAD_ATTR(extack, nla);
900 0 : NL_SET_ERR_MSG(extack, "Peer netns reference is invalid");
901 0 : return PTR_ERR(peer);
902 : }
903 :
904 0 : if (tb[NETNSA_TARGET_NSID]) {
905 0 : int id = nla_get_s32(tb[NETNSA_TARGET_NSID]);
906 :
907 0 : target = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, id);
908 0 : if (IS_ERR(target)) {
909 0 : NL_SET_BAD_ATTR(extack, tb[NETNSA_TARGET_NSID]);
910 0 : NL_SET_ERR_MSG(extack,
911 : "Target netns reference is invalid");
912 0 : err = PTR_ERR(target);
913 0 : goto out;
914 : }
915 0 : fillargs.add_ref = true;
916 0 : fillargs.ref_nsid = peernet2id(net, peer);
917 : }
918 :
919 0 : msg = nlmsg_new(rtnl_net_get_size(), GFP_KERNEL);
920 0 : if (!msg) {
921 0 : err = -ENOMEM;
922 0 : goto out;
923 : }
924 :
925 0 : fillargs.nsid = peernet2id(target, peer);
926 0 : err = rtnl_net_fill(msg, &fillargs);
927 0 : if (err < 0)
928 0 : goto err_out;
929 :
930 0 : err = rtnl_unicast(msg, net, NETLINK_CB(skb).portid);
931 0 : goto out;
932 :
933 0 : err_out:
934 0 : nlmsg_free(msg);
935 0 : out:
936 0 : if (fillargs.add_ref)
937 0 : put_net(target);
938 0 : put_net(peer);
939 0 : return err;
940 : }
941 :
942 : struct rtnl_net_dump_cb {
943 : struct net *tgt_net;
944 : struct net *ref_net;
945 : struct sk_buff *skb;
946 : struct net_fill_args fillargs;
947 : int idx;
948 : int s_idx;
949 : };
950 :
951 : /* Runs in RCU-critical section. */
952 0 : static int rtnl_net_dumpid_one(int id, void *peer, void *data)
953 : {
954 0 : struct rtnl_net_dump_cb *net_cb = (struct rtnl_net_dump_cb *)data;
955 0 : int ret;
956 :
957 0 : if (net_cb->idx < net_cb->s_idx)
958 0 : goto cont;
959 :
960 0 : net_cb->fillargs.nsid = id;
961 0 : if (net_cb->fillargs.add_ref)
962 0 : net_cb->fillargs.ref_nsid = __peernet2id(net_cb->ref_net, peer);
963 0 : ret = rtnl_net_fill(net_cb->skb, &net_cb->fillargs);
964 0 : if (ret < 0)
965 : return ret;
966 :
967 0 : cont:
968 0 : net_cb->idx++;
969 0 : return 0;
970 : }
971 :
972 0 : static int rtnl_valid_dump_net_req(const struct nlmsghdr *nlh, struct sock *sk,
973 : struct rtnl_net_dump_cb *net_cb,
974 : struct netlink_callback *cb)
975 : {
976 0 : struct netlink_ext_ack *extack = cb->extack;
977 0 : struct nlattr *tb[NETNSA_MAX + 1];
978 0 : int err, i;
979 :
980 0 : err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct rtgenmsg), tb,
981 : NETNSA_MAX, rtnl_net_policy,
982 : extack);
983 0 : if (err < 0)
984 : return err;
985 :
986 0 : for (i = 0; i <= NETNSA_MAX; i++) {
987 0 : if (!tb[i])
988 0 : continue;
989 :
990 0 : if (i == NETNSA_TARGET_NSID) {
991 0 : struct net *net;
992 :
993 0 : net = rtnl_get_net_ns_capable(sk, nla_get_s32(tb[i]));
994 0 : if (IS_ERR(net)) {
995 0 : NL_SET_BAD_ATTR(extack, tb[i]);
996 0 : NL_SET_ERR_MSG(extack,
997 : "Invalid target network namespace id");
998 0 : return PTR_ERR(net);
999 : }
1000 0 : net_cb->fillargs.add_ref = true;
1001 0 : net_cb->ref_net = net_cb->tgt_net;
1002 0 : net_cb->tgt_net = net;
1003 : } else {
1004 0 : NL_SET_BAD_ATTR(extack, tb[i]);
1005 0 : NL_SET_ERR_MSG(extack,
1006 : "Unsupported attribute in dump request");
1007 0 : return -EINVAL;
1008 : }
1009 : }
1010 :
1011 : return 0;
1012 : }
1013 :
1014 0 : static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb)
1015 : {
1016 0 : struct rtnl_net_dump_cb net_cb = {
1017 0 : .tgt_net = sock_net(skb->sk),
1018 : .skb = skb,
1019 : .fillargs = {
1020 0 : .portid = NETLINK_CB(cb->skb).portid,
1021 0 : .seq = cb->nlh->nlmsg_seq,
1022 : .flags = NLM_F_MULTI,
1023 : .cmd = RTM_NEWNSID,
1024 : },
1025 : .idx = 0,
1026 0 : .s_idx = cb->args[0],
1027 : };
1028 0 : int err = 0;
1029 :
1030 0 : if (cb->strict_check) {
1031 0 : err = rtnl_valid_dump_net_req(cb->nlh, skb->sk, &net_cb, cb);
1032 0 : if (err < 0)
1033 0 : goto end;
1034 : }
1035 :
1036 0 : rcu_read_lock();
1037 0 : idr_for_each(&net_cb.tgt_net->netns_ids, rtnl_net_dumpid_one, &net_cb);
1038 0 : rcu_read_unlock();
1039 :
1040 0 : cb->args[0] = net_cb.idx;
1041 0 : end:
1042 0 : if (net_cb.fillargs.add_ref)
1043 0 : put_net(net_cb.tgt_net);
1044 0 : return err < 0 ? err : skb->len;
1045 : }
1046 :
1047 0 : static void rtnl_net_notifyid(struct net *net, int cmd, int id, u32 portid,
1048 : struct nlmsghdr *nlh, gfp_t gfp)
1049 : {
1050 0 : struct net_fill_args fillargs = {
1051 : .portid = portid,
1052 0 : .seq = nlh ? nlh->nlmsg_seq : 0,
1053 : .cmd = cmd,
1054 : .nsid = id,
1055 : };
1056 0 : struct sk_buff *msg;
1057 0 : int err = -ENOMEM;
1058 :
1059 0 : msg = nlmsg_new(rtnl_net_get_size(), gfp);
1060 0 : if (!msg)
1061 0 : goto out;
1062 :
1063 0 : err = rtnl_net_fill(msg, &fillargs);
1064 0 : if (err < 0)
1065 0 : goto err_out;
1066 :
1067 0 : rtnl_notify(msg, net, portid, RTNLGRP_NSID, nlh, gfp);
1068 0 : return;
1069 :
1070 0 : err_out:
1071 0 : nlmsg_free(msg);
1072 0 : out:
1073 0 : rtnl_set_sk_err(net, RTNLGRP_NSID, err);
1074 : }
1075 :
1076 1 : static int __init net_ns_init(void)
1077 : {
1078 1 : struct net_generic *ng;
1079 :
1080 : #ifdef CONFIG_NET_NS
1081 : net_cachep = kmem_cache_create("net_namespace", sizeof(struct net),
1082 : SMP_CACHE_BYTES,
1083 : SLAB_PANIC|SLAB_ACCOUNT, NULL);
1084 :
1085 : /* Create workqueue for cleanup */
1086 : netns_wq = create_singlethread_workqueue("netns");
1087 : if (!netns_wq)
1088 : panic("Could not create netns workq");
1089 : #endif
1090 :
1091 1 : ng = net_alloc_generic();
1092 1 : if (!ng)
1093 0 : panic("Could not allocate generic netns");
1094 :
1095 1 : rcu_assign_pointer(init_net.gen, ng);
1096 :
1097 1 : down_write(&pernet_ops_rwsem);
1098 1 : if (setup_net(&init_net, &init_user_ns))
1099 0 : panic("Could not setup the initial network namespace");
1100 :
1101 1 : init_net_initialized = true;
1102 1 : up_write(&pernet_ops_rwsem);
1103 :
1104 1 : if (register_pernet_subsys(&net_ns_ops))
1105 0 : panic("Could not register network namespace subsystems");
1106 :
1107 1 : rtnl_register(PF_UNSPEC, RTM_NEWNSID, rtnl_net_newid, NULL,
1108 : RTNL_FLAG_DOIT_UNLOCKED);
1109 1 : rtnl_register(PF_UNSPEC, RTM_GETNSID, rtnl_net_getid, rtnl_net_dumpid,
1110 : RTNL_FLAG_DOIT_UNLOCKED);
1111 :
1112 1 : return 0;
1113 : }
1114 :
1115 : pure_initcall(net_ns_init);
1116 :
1117 : #ifdef CONFIG_NET_NS
1118 : static int __register_pernet_operations(struct list_head *list,
1119 : struct pernet_operations *ops)
1120 : {
1121 : struct net *net;
1122 : int error;
1123 : LIST_HEAD(net_exit_list);
1124 :
1125 : list_add_tail(&ops->list, list);
1126 : if (ops->init || (ops->id && ops->size)) {
1127 : /* We held write locked pernet_ops_rwsem, and parallel
1128 : * setup_net() and cleanup_net() are not possible.
1129 : */
1130 : for_each_net(net) {
1131 : error = ops_init(ops, net);
1132 : if (error)
1133 : goto out_undo;
1134 : list_add_tail(&net->exit_list, &net_exit_list);
1135 : }
1136 : }
1137 : return 0;
1138 :
1139 : out_undo:
1140 : /* If I have an error cleanup all namespaces I initialized */
1141 : list_del(&ops->list);
1142 : ops_pre_exit_list(ops, &net_exit_list);
1143 : synchronize_rcu();
1144 : ops_exit_list(ops, &net_exit_list);
1145 : ops_free_list(ops, &net_exit_list);
1146 : return error;
1147 : }
1148 :
1149 : static void __unregister_pernet_operations(struct pernet_operations *ops)
1150 : {
1151 : struct net *net;
1152 : LIST_HEAD(net_exit_list);
1153 :
1154 : list_del(&ops->list);
1155 : /* See comment in __register_pernet_operations() */
1156 : for_each_net(net)
1157 : list_add_tail(&net->exit_list, &net_exit_list);
1158 : ops_pre_exit_list(ops, &net_exit_list);
1159 : synchronize_rcu();
1160 : ops_exit_list(ops, &net_exit_list);
1161 : ops_free_list(ops, &net_exit_list);
1162 : }
1163 :
1164 : #else
1165 :
1166 46 : static int __register_pernet_operations(struct list_head *list,
1167 : struct pernet_operations *ops)
1168 : {
1169 46 : if (!init_net_initialized) {
1170 1 : list_add_tail(&ops->list, list);
1171 1 : return 0;
1172 : }
1173 :
1174 45 : return ops_init(ops, &init_net);
1175 : }
1176 :
1177 0 : static void __unregister_pernet_operations(struct pernet_operations *ops)
1178 : {
1179 0 : if (!init_net_initialized) {
1180 0 : list_del(&ops->list);
1181 : } else {
1182 0 : LIST_HEAD(net_exit_list);
1183 0 : list_add(&init_net.exit_list, &net_exit_list);
1184 0 : ops_pre_exit_list(ops, &net_exit_list);
1185 0 : synchronize_rcu();
1186 0 : ops_exit_list(ops, &net_exit_list);
1187 0 : ops_free_list(ops, &net_exit_list);
1188 : }
1189 0 : }
1190 :
1191 : #endif /* CONFIG_NET_NS */
1192 :
1193 : static DEFINE_IDA(net_generic_ids);
1194 :
1195 46 : static int register_pernet_operations(struct list_head *list,
1196 : struct pernet_operations *ops)
1197 : {
1198 46 : int error;
1199 :
1200 46 : if (ops->id) {
1201 2 : error = ida_alloc_min(&net_generic_ids, MIN_PERNET_OPS_ID,
1202 : GFP_KERNEL);
1203 2 : if (error < 0)
1204 : return error;
1205 2 : *ops->id = error;
1206 2 : max_gen_ptrs = max(max_gen_ptrs, *ops->id + 1);
1207 : }
1208 46 : error = __register_pernet_operations(list, ops);
1209 46 : if (error) {
1210 0 : rcu_barrier();
1211 0 : if (ops->id)
1212 0 : ida_free(&net_generic_ids, *ops->id);
1213 : }
1214 :
1215 : return error;
1216 : }
1217 :
1218 0 : static void unregister_pernet_operations(struct pernet_operations *ops)
1219 : {
1220 0 : __unregister_pernet_operations(ops);
1221 0 : rcu_barrier();
1222 0 : if (ops->id)
1223 0 : ida_free(&net_generic_ids, *ops->id);
1224 0 : }
1225 :
1226 : /**
1227 : * register_pernet_subsys - register a network namespace subsystem
1228 : * @ops: pernet operations structure for the subsystem
1229 : *
1230 : * Register a subsystem which has init and exit functions
1231 : * that are called when network namespaces are created and
1232 : * destroyed respectively.
1233 : *
1234 : * When registered all network namespace init functions are
1235 : * called for every existing network namespace. Allowing kernel
1236 : * modules to have a race free view of the set of network namespaces.
1237 : *
1238 : * When a new network namespace is created all of the init
1239 : * methods are called in the order in which they were registered.
1240 : *
1241 : * When a network namespace is destroyed all of the exit methods
1242 : * are called in the reverse of the order with which they were
1243 : * registered.
1244 : */
1245 44 : int register_pernet_subsys(struct pernet_operations *ops)
1246 : {
1247 44 : int error;
1248 44 : down_write(&pernet_ops_rwsem);
1249 44 : error = register_pernet_operations(first_device, ops);
1250 44 : up_write(&pernet_ops_rwsem);
1251 44 : return error;
1252 : }
1253 : EXPORT_SYMBOL_GPL(register_pernet_subsys);
1254 :
1255 : /**
1256 : * unregister_pernet_subsys - unregister a network namespace subsystem
1257 : * @ops: pernet operations structure to manipulate
1258 : *
1259 : * Remove the pernet operations structure from the list to be
1260 : * used when network namespaces are created or destroyed. In
1261 : * addition run the exit method for all existing network
1262 : * namespaces.
1263 : */
1264 0 : void unregister_pernet_subsys(struct pernet_operations *ops)
1265 : {
1266 0 : down_write(&pernet_ops_rwsem);
1267 0 : unregister_pernet_operations(ops);
1268 0 : up_write(&pernet_ops_rwsem);
1269 0 : }
1270 : EXPORT_SYMBOL_GPL(unregister_pernet_subsys);
1271 :
1272 : /**
1273 : * register_pernet_device - register a network namespace device
1274 : * @ops: pernet operations structure for the subsystem
1275 : *
1276 : * Register a device which has init and exit functions
1277 : * that are called when network namespaces are created and
1278 : * destroyed respectively.
1279 : *
1280 : * When registered all network namespace init functions are
1281 : * called for every existing network namespace. Allowing kernel
1282 : * modules to have a race free view of the set of network namespaces.
1283 : *
1284 : * When a new network namespace is created all of the init
1285 : * methods are called in the order in which they were registered.
1286 : *
1287 : * When a network namespace is destroyed all of the exit methods
1288 : * are called in the reverse of the order with which they were
1289 : * registered.
1290 : */
1291 2 : int register_pernet_device(struct pernet_operations *ops)
1292 : {
1293 2 : int error;
1294 2 : down_write(&pernet_ops_rwsem);
1295 2 : error = register_pernet_operations(&pernet_list, ops);
1296 2 : if (!error && (first_device == &pernet_list))
1297 1 : first_device = &ops->list;
1298 2 : up_write(&pernet_ops_rwsem);
1299 2 : return error;
1300 : }
1301 : EXPORT_SYMBOL_GPL(register_pernet_device);
1302 :
1303 : /**
1304 : * unregister_pernet_device - unregister a network namespace netdevice
1305 : * @ops: pernet operations structure to manipulate
1306 : *
1307 : * Remove the pernet operations structure from the list to be
1308 : * used when network namespaces are created or destroyed. In
1309 : * addition run the exit method for all existing network
1310 : * namespaces.
1311 : */
1312 0 : void unregister_pernet_device(struct pernet_operations *ops)
1313 : {
1314 0 : down_write(&pernet_ops_rwsem);
1315 0 : if (&ops->list == first_device)
1316 0 : first_device = first_device->next;
1317 0 : unregister_pernet_operations(ops);
1318 0 : up_write(&pernet_ops_rwsem);
1319 0 : }
1320 : EXPORT_SYMBOL_GPL(unregister_pernet_device);
1321 :
1322 : #ifdef CONFIG_NET_NS
1323 : static struct ns_common *netns_get(struct task_struct *task)
1324 : {
1325 : struct net *net = NULL;
1326 : struct nsproxy *nsproxy;
1327 :
1328 : task_lock(task);
1329 : nsproxy = task->nsproxy;
1330 : if (nsproxy)
1331 : net = get_net(nsproxy->net_ns);
1332 : task_unlock(task);
1333 :
1334 : return net ? &net->ns : NULL;
1335 : }
1336 :
1337 : static inline struct net *to_net_ns(struct ns_common *ns)
1338 : {
1339 : return container_of(ns, struct net, ns);
1340 : }
1341 :
1342 : static void netns_put(struct ns_common *ns)
1343 : {
1344 : put_net(to_net_ns(ns));
1345 : }
1346 :
1347 : static int netns_install(struct nsset *nsset, struct ns_common *ns)
1348 : {
1349 : struct nsproxy *nsproxy = nsset->nsproxy;
1350 : struct net *net = to_net_ns(ns);
1351 :
1352 : if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) ||
1353 : !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
1354 : return -EPERM;
1355 :
1356 : put_net(nsproxy->net_ns);
1357 : nsproxy->net_ns = get_net(net);
1358 : return 0;
1359 : }
1360 :
1361 : static struct user_namespace *netns_owner(struct ns_common *ns)
1362 : {
1363 : return to_net_ns(ns)->user_ns;
1364 : }
1365 :
1366 : const struct proc_ns_operations netns_operations = {
1367 : .name = "net",
1368 : .type = CLONE_NEWNET,
1369 : .get = netns_get,
1370 : .put = netns_put,
1371 : .install = netns_install,
1372 : .owner = netns_owner,
1373 : };
1374 : #endif
|
