mirrors
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
anolis-cloud-kernel/kernel/pid_namespace.c

672 lines
16 KiB
C
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0-only
/*
* Pid namespaces
*
* Authors:
* (C) 2007 Pavel Emelyanov <xemul@openvz.org>, OpenVZ, SWsoft Inc.
* (C) 2007 Sukadev Bhattiprolu <sukadev@us.ibm.com>, IBM
* Many thanks to Oleg Nesterov for comments and help
*
*/
#include <linux/pid.h>
#include <linux/pid_namespace.h>
#include <linux/user_namespace.h>
#include <linux/syscalls.h>
#include <linux/cred.h>
#include <linux/err.h>
#include <linux/acct.h>
#include <linux/slab.h>
#include <linux/proc_ns.h>
#include <linux/reboot.h>
#include <linux/export.h>
#include <linux/sched/task.h>
#include <linux/sched/signal.h>
#include <linux/idr.h>
#if defined(CONFIG_RICH_CONTAINER_CG_SWITCH)
int sysctl_rich_container_enable = 1;
#elif defined(CONFIG_RICH_CONTAINER)
int sysctl_rich_container_enable;
/* 0 - current; 1 - child_reaper; 2 - current's parent cgroup */
int sysctl_rich_container_source;
static int __init rich_container_enable(char *str)
{
sysctl_rich_container_enable = 1;
#ifndef CONFIG_SCHEDSTATS_HOST
/* If enable the rich container, the schedstats should be enabled.
* We can't change the static branch directly of sched_schedstats
* because the jump label have been not set up. So we change the
* __sched_schedstats var and set up the static key later in the
* init_schedstats().
*/
__sched_schedstats = true;
#endif
return 0;
}
__setup("rich_container", rich_container_enable);
#endif
#ifdef CONFIG_RICH_CONTAINER
#define RC_FEATURE_CPUINFO_NAME "cpuinfo"
#define RC_FEATURE_MEMINFO_NAME "meminfo"
#define RC_FEATURE_CPUUSAGE_NAME "cpuusage"
#define RC_FEATURE_UPTIME_NAME "uptime"
#define RC_FEATURE_LOADAVG_NAME "loadavg"
#define RC_FEATURE_DISKQUOTA_NAME "diskquota"
static const char rc_feature_avail[] =
RC_FEATURE_CPUINFO_NAME " "
RC_FEATURE_MEMINFO_NAME " "
RC_FEATURE_CPUUSAGE_NAME " "
RC_FEATURE_UPTIME_NAME " "
RC_FEATURE_LOADAVG_NAME " "
RC_FEATURE_DISKQUOTA_NAME;
struct rich_container_feature rc_features[] = {
{
.name = RC_FEATURE_CPUINFO_NAME,
.id = RC_CPUINFO,
},
{
.name = RC_FEATURE_MEMINFO_NAME,
.id = RC_MEMINFO,
},
{
.name = RC_FEATURE_CPUUSAGE_NAME,
.id = RC_CPUUSAGE,
},
{
.name = RC_FEATURE_UPTIME_NAME,
.id = RC_UPTIME,
},
{
.name = RC_FEATURE_LOADAVG_NAME,
.id = RC_LOADAVG,
},
{
.name = RC_FEATURE_DISKQUOTA_NAME,
.id = RC_DISKQUOTA,
},
};
u16 rc_feature_disable_mask;
static int write_feature_control(struct ctl_table *ro_table,
void __user *buffer,
size_t *lenp, loff_t *ppos)
{
char features[sizeof(rc_feature_avail) * 2];
struct ctl_table table;
char *buf, *tok;
u16 enable = 0, disable = 0;
int ret;
memset(features, 0, sizeof(features));
table = *ro_table;
table.data = features;
table.maxlen = sizeof(features);
ret = proc_dostring(&table, 1, buffer, lenp, ppos);
if (ret)
return ret;
buf = features;
/*
* Parse input - space separated list of feature names prefixed
* with either + or -.
*/
buf = strstrip(buf);
while ((tok = strsep(&buf, " "))) {
int i;
if (tok[0] == '\0')
continue;
for (i = 0; i < ARRAY_SIZE(rc_features); i++) {
if (strcmp(tok + 1, rc_features[i].name))
continue;
if (*tok == '+') {
enable |= 1 << rc_features[i].id;
disable &= ~(1 << rc_features[i].id);
} else if (*tok == '-') {
disable |= 1 << rc_features[i].id;
enable &= ~(1 << rc_features[i].id);
} else {
return -EINVAL;
}
break;
}
if (i == RC_FEATURE_COUNT)
return -EINVAL;
}
rc_feature_disable_mask |= disable;
rc_feature_disable_mask &= ~enable;
return 0;
}
static int read_feature_control(struct ctl_table *ro_table, void __user *buffer,
size_t *lenp, loff_t *ppos)
{
char features[sizeof(rc_feature_avail)];
struct ctl_table table;
size_t size, ret;
char *buf;
int i;
memset(features, 0, sizeof(features));
buf = features;
size = sizeof(features);
for (i = 0; i < ARRAY_SIZE(rc_features); i++) {
if (!(rc_feature_disable_mask & (1 << rc_features[i].id))) {
ret = strscpy(buf, rc_features[i].name, size);
if (ret < 0)
return -EINVAL;
buf += ret;
size -= ret;
ret = strscpy(buf, " ", size);
if (ret < 0)
return -EINVAL;
buf += ret;
size -= ret;
}
}
table = *ro_table;
table.data = features;
table.maxlen = sizeof(features);
return proc_dostring(&table, 0, buffer, lenp, ppos);
}
int rich_container_feature_control_handler(struct ctl_table *ro_table,
int write, void *buffer,
size_t *lenp, loff_t *ppos)
{
int ret;
if (write)
ret = write_feature_control(ro_table, buffer, lenp, ppos);
else
ret = read_feature_control(ro_table, buffer, lenp, ppos);
return ret;
}
#endif
static DEFINE_MUTEX(pid_caches_mutex);
static struct kmem_cache *pid_ns_cachep;
/* Write once array, filled from the beginning. */
static struct kmem_cache *pid_cache[MAX_PID_NS_LEVEL];
/*
* creates the kmem cache to allocate pids from.
* @level: pid namespace level
*/
static struct kmem_cache *create_pid_cachep(unsigned int level)
{
/* Level 0 is init_pid_ns.pid_cachep */
struct kmem_cache **pkc = &pid_cache[level - 1];
struct kmem_cache *kc;
char name[4 + 10 + 1];
unsigned int len;
kc = READ_ONCE(*pkc);
if (kc)
return kc;
snprintf(name, sizeof(name), "pid_%u", level + 1);
len = sizeof(struct pid) + level * sizeof(struct upid);
mutex_lock(&pid_caches_mutex);
/* Name collision forces to do allocation under mutex. */
if (!*pkc)
*pkc = kmem_cache_create(name, len, 0,
SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, 0);
mutex_unlock(&pid_caches_mutex);
/* current can fail, but someone else can succeed. */
return READ_ONCE(*pkc);
}
static struct ucounts *inc_pid_namespaces(struct user_namespace *ns)
{
return inc_ucount(ns, current_euid(), UCOUNT_PID_NAMESPACES);
}
static void dec_pid_namespaces(struct ucounts *ucounts)
{
dec_ucount(ucounts, UCOUNT_PID_NAMESPACES);
}
static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns,
struct pid_namespace *parent_pid_ns)
{
struct pid_namespace *ns;
unsigned int level = parent_pid_ns->level + 1;
struct ucounts *ucounts;
int err;
err = -EINVAL;
if (!in_userns(parent_pid_ns->user_ns, user_ns))
goto out;
err = -ENOSPC;
if (level > MAX_PID_NS_LEVEL)
goto out;
ucounts = inc_pid_namespaces(user_ns);
if (!ucounts)
goto out;
err = -ENOMEM;
ns = kmem_cache_zalloc(pid_ns_cachep, GFP_KERNEL);
if (ns == NULL)
goto out_dec;
idr_init(&ns->idr);
ns->pid_cachep = create_pid_cachep(level);
if (ns->pid_cachep == NULL)
goto out_free_idr;
err = ns_alloc_inum(&ns->ns);
if (err)
goto out_free_idr;
ns->ns.ops = &pidns_operations;
kref_init(&ns->kref);
ns->level = level;
ns->parent = get_pid_ns(parent_pid_ns);
#ifdef CONFIG_MAX_PID_PER_NS
ns->pid_max = parent_pid_ns->pid_max;
#endif
ns->user_ns = get_user_ns(user_ns);
ns->ucounts = ucounts;
ns->pid_allocated = PIDNS_ADDING;
return ns;
out_free_idr:
idr_destroy(&ns->idr);
kmem_cache_free(pid_ns_cachep, ns);
out_dec:
dec_pid_namespaces(ucounts);
out:
return ERR_PTR(err);
}
static void delayed_free_pidns(struct rcu_head *p)
{
struct pid_namespace *ns = container_of(p, struct pid_namespace, rcu);
dec_pid_namespaces(ns->ucounts);
put_user_ns(ns->user_ns);
kmem_cache_free(pid_ns_cachep, ns);
}
static void destroy_pid_namespace(struct pid_namespace *ns)
{
ns_free_inum(&ns->ns);
idr_destroy(&ns->idr);
call_rcu(&ns->rcu, delayed_free_pidns);
}
struct pid_namespace *copy_pid_ns(unsigned long flags,
struct user_namespace *user_ns, struct pid_namespace *old_ns)
{
if (!(flags & CLONE_NEWPID))
return get_pid_ns(old_ns);
if (task_active_pid_ns(current) != old_ns)
return ERR_PTR(-EINVAL);
return create_pid_namespace(user_ns, old_ns);
}
static void free_pid_ns(struct kref *kref)
{
struct pid_namespace *ns;
ns = container_of(kref, struct pid_namespace, kref);
destroy_pid_namespace(ns);
}
void put_pid_ns(struct pid_namespace *ns)
{
struct pid_namespace *parent;
while (ns != &init_pid_ns) {
parent = ns->parent;
if (!kref_put(&ns->kref, free_pid_ns))
break;
ns = parent;
}
}
EXPORT_SYMBOL_GPL(put_pid_ns);
void zap_pid_ns_processes(struct pid_namespace *pid_ns)
{
int nr;
int rc;
struct task_struct *task, *me = current;
int init_pids = thread_group_leader(me) ? 1 : 2;
struct pid *pid;
/* Don't allow any more processes into the pid namespace */
disable_pid_allocation(pid_ns);
/*
* Ignore SIGCHLD causing any terminated children to autoreap.
* This speeds up the namespace shutdown, plus see the comment
* below.
*/
spin_lock_irq(&me->sighand->siglock);
me->sighand->action[SIGCHLD - 1].sa.sa_handler = SIG_IGN;
spin_unlock_irq(&me->sighand->siglock);
/*
* The last thread in the cgroup-init thread group is terminating.
* Find remaining pid_ts in the namespace, signal and wait for them
* to exit.
*
* Note: This signals each threads in the namespace - even those that
* belong to the same thread group, To avoid this, we would have
* to walk the entire tasklist looking a processes in this
* namespace, but that could be unnecessarily expensive if the
* pid namespace has just a few processes. Or we need to
* maintain a tasklist for each pid namespace.
*
*/
rcu_read_lock();
read_lock(&tasklist_lock);
nr = 2;
idr_for_each_entry_continue(&pid_ns->idr, pid, nr) {
task = pid_task(pid, PIDTYPE_PID);
if (task && !__fatal_signal_pending(task))
group_send_sig_info(SIGKILL, SEND_SIG_PRIV, task, PIDTYPE_MAX);
}
read_unlock(&tasklist_lock);
rcu_read_unlock();
/*
* Reap the EXIT_ZOMBIE children we had before we ignored SIGCHLD.
* kernel_wait4() will also block until our children traced from the
* parent namespace are detached and become EXIT_DEAD.
*/
do {
clear_thread_flag(TIF_SIGPENDING);
rc = kernel_wait4(-1, NULL, __WALL, NULL);
} while (rc != -ECHILD);
/*
* kernel_wait4() misses EXIT_DEAD children, and EXIT_ZOMBIE
* process whose parents processes are outside of the pid
* namespace. Such processes are created with setns()+fork().
*
* If those EXIT_ZOMBIE processes are not reaped by their
* parents before their parents exit, they will be reparented
* to pid_ns->child_reaper. Thus pidns->child_reaper needs to
* stay valid until they all go away.
*
* The code relies on the pid_ns->child_reaper ignoring
* SIGCHILD to cause those EXIT_ZOMBIE processes to be
* autoreaped if reparented.
*
* Semantically it is also desirable to wait for EXIT_ZOMBIE
* processes before allowing the child_reaper to be reaped, as
* that gives the invariant that when the init process of a
* pid namespace is reaped all of the processes in the pid
* namespace are gone.
*
* Once all of the other tasks are gone from the pid_namespace
* free_pid() will awaken this task.
*/
for (;;) {
set_current_state(TASK_INTERRUPTIBLE);
if (pid_ns->pid_allocated == init_pids)
break;
/*
* Release tasks_rcu_exit_srcu to avoid following deadlock:
*
* 1) TASK A unshare(CLONE_NEWPID)
* 2) TASK A fork() twice -> TASK B (child reaper for new ns)
* and TASK C
* 3) TASK B exits, kills TASK C, waits for TASK A to reap it
* 4) TASK A calls synchronize_rcu_tasks()
* -> synchronize_srcu(tasks_rcu_exit_srcu)
* 5) *DEADLOCK*
*
* It is considered safe to release tasks_rcu_exit_srcu here
* because we assume the current task can not be concurrently
* reaped at this point.
*/
exit_tasks_rcu_stop();
schedule();
exit_tasks_rcu_start();
}
__set_current_state(TASK_RUNNING);
if (pid_ns->reboot)
current->signal->group_exit_code = pid_ns->reboot;
acct_exit_ns(pid_ns);
return;
}
#ifdef CONFIG_CHECKPOINT_RESTORE
static int pid_ns_ctl_handler(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
struct pid_namespace *pid_ns = task_active_pid_ns(current);
struct ctl_table tmp = *table;
int ret, next;
if (write && !checkpoint_restore_ns_capable(pid_ns->user_ns))
return -EPERM;
/*
* Writing directly to ns' last_pid field is OK, since this field
* is volatile in a living namespace anyway and a code writing to
* it should synchronize its usage with external means.
*/
next = idr_get_cursor(&pid_ns->idr) - 1;
tmp.data = &next;
ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
if (!ret && write)
idr_set_cursor(&pid_ns->idr, next + 1);
return ret;
}
extern int pid_max;
static struct ctl_table pid_ns_ctl_table[] = {
{
.procname = "ns_last_pid",
.maxlen = sizeof(int),
.mode = 0666, /* permissions are checked in the handler */
.proc_handler = pid_ns_ctl_handler,
.extra1 = SYSCTL_ZERO,
.extra2 = &pid_max,
},
{ }
};
static struct ctl_path kern_path[] = { { .procname = "kernel", }, { } };
#endif /* CONFIG_CHECKPOINT_RESTORE */
int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd)
{
if (pid_ns == &init_pid_ns)
return 0;
switch (cmd) {
case LINUX_REBOOT_CMD_RESTART2:
case LINUX_REBOOT_CMD_RESTART:
pid_ns->reboot = SIGHUP;
break;
case LINUX_REBOOT_CMD_POWER_OFF:
case LINUX_REBOOT_CMD_HALT:
pid_ns->reboot = SIGINT;
break;
default:
return -EINVAL;
}
read_lock(&tasklist_lock);
send_sig(SIGKILL, pid_ns->child_reaper, 1);
read_unlock(&tasklist_lock);
do_exit(0);
/* Not reached */
return 0;
}
static inline struct pid_namespace *to_pid_ns(struct ns_common *ns)
{
return container_of(ns, struct pid_namespace, ns);
}
static struct ns_common *pidns_get(struct task_struct *task)
{
struct pid_namespace *ns;
rcu_read_lock();
ns = task_active_pid_ns(task);
if (ns)
get_pid_ns(ns);
rcu_read_unlock();
return ns ? &ns->ns : NULL;
}
static struct ns_common *pidns_for_children_get(struct task_struct *task)
{
struct pid_namespace *ns = NULL;
task_lock(task);
if (task->nsproxy) {
ns = task->nsproxy->pid_ns_for_children;
get_pid_ns(ns);
}
task_unlock(task);
if (ns) {
read_lock(&tasklist_lock);
if (!ns->child_reaper) {
put_pid_ns(ns);
ns = NULL;
}
read_unlock(&tasklist_lock);
}
return ns ? &ns->ns : NULL;
}
static void pidns_put(struct ns_common *ns)
{
put_pid_ns(to_pid_ns(ns));
}
static int pidns_install(struct nsset *nsset, struct ns_common *ns)
{
struct nsproxy *nsproxy = nsset->nsproxy;
struct pid_namespace *active = task_active_pid_ns(current);
struct pid_namespace *ancestor, *new = to_pid_ns(ns);
if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) ||
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
return -EPERM;
/*
* Only allow entering the current active pid namespace
* or a child of the current active pid namespace.
*
* This is required for fork to return a usable pid value and
* this maintains the property that processes and their
* children can not escape their current pid namespace.
*/
if (new->level < active->level)
return -EINVAL;
ancestor = new;
while (ancestor->level > active->level)
ancestor = ancestor->parent;
if (ancestor != active)
return -EINVAL;
put_pid_ns(nsproxy->pid_ns_for_children);
nsproxy->pid_ns_for_children = get_pid_ns(new);
return 0;
}
static struct ns_common *pidns_get_parent(struct ns_common *ns)
{
struct pid_namespace *active = task_active_pid_ns(current);
struct pid_namespace *pid_ns, *p;
/* See if the parent is in the current namespace */
pid_ns = p = to_pid_ns(ns)->parent;
for (;;) {
if (!p)
return ERR_PTR(-EPERM);
if (p == active)
break;
p = p->parent;
}
return &get_pid_ns(pid_ns)->ns;
}
static struct user_namespace *pidns_owner(struct ns_common *ns)
{
return to_pid_ns(ns)->user_ns;
}
const struct proc_ns_operations pidns_operations = {
.name = "pid",
.type = CLONE_NEWPID,
.get = pidns_get,
.put = pidns_put,
.install = pidns_install,
.owner = pidns_owner,
.get_parent = pidns_get_parent,
};
const struct proc_ns_operations pidns_for_children_operations = {
.name = "pid_for_children",
.real_ns_name = "pid",
.type = CLONE_NEWPID,
.get = pidns_for_children_get,
.put = pidns_put,
.install = pidns_install,
.owner = pidns_owner,
.get_parent = pidns_get_parent,
};
static __init int pid_namespaces_init(void)
{
pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC);
#ifdef CONFIG_CHECKPOINT_RESTORE
register_sysctl_paths(kern_path, pid_ns_ctl_table);
#endif
return 0;
}
__initcall(pid_namespaces_init);
Reference in New Issue View Git Blame Copy Permalink