| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | #ifndef _LINUX_PID_NS_H |
| 3 | #define _LINUX_PID_NS_H |
| 4 | |
| 5 | #include <linux/sched.h> |
| 6 | #include <linux/bug.h> |
| 7 | #include <linux/mm.h> |
| 8 | #include <linux/workqueue.h> |
| 9 | #include <linux/threads.h> |
| 10 | #include <linux/nsproxy.h> |
| 11 | #include <linux/ns_common.h> |
| 12 | #include <linux/idr.h> |
| 13 | |
| 14 | /* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */ |
| 15 | #define MAX_PID_NS_LEVEL 32 |
| 16 | |
| 17 | struct fs_pin; |
| 18 | |
| 19 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) |
| 20 | /* modes for vm.memfd_noexec sysctl */ |
| 21 | #define MEMFD_NOEXEC_SCOPE_EXEC 0 /* MFD_EXEC implied if unset */ |
| 22 | #define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL 1 /* MFD_NOEXEC_SEAL implied if unset */ |
| 23 | #define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED 2 /* same as 1, except MFD_EXEC rejected */ |
| 24 | #endif |
| 25 | |
| 26 | struct pid_namespace { |
| 27 | struct idr idr; |
| 28 | struct rcu_head rcu; |
| 29 | unsigned int pid_allocated; |
| 30 | struct task_struct *child_reaper; |
| 31 | struct kmem_cache *pid_cachep; |
| 32 | unsigned int level; |
| 33 | int pid_max; |
| 34 | struct pid_namespace *parent; |
| 35 | #ifdef CONFIG_BSD_PROCESS_ACCT |
| 36 | struct fs_pin *bacct; |
| 37 | #endif |
| 38 | struct user_namespace *user_ns; |
| 39 | struct ucounts *ucounts; |
| 40 | int reboot; /* group exit code if this pidns was rebooted */ |
| 41 | struct ns_common ns; |
| 42 | struct work_struct work; |
| 43 | #ifdef CONFIG_SYSCTL |
| 44 | struct ctl_table_set set; |
| 45 | struct ctl_table_header *sysctls; |
| 46 | #if defined(CONFIG_MEMFD_CREATE) |
| 47 | int memfd_noexec_scope; |
| 48 | #endif |
| 49 | #endif |
| 50 | } __randomize_layout; |
| 51 | |
| 52 | extern struct pid_namespace init_pid_ns; |
| 53 | |
| 54 | #define PIDNS_ADDING (1U << 31) |
| 55 | |
| 56 | #ifdef CONFIG_PID_NS |
| 57 | static inline struct pid_namespace *to_pid_ns(struct ns_common *ns) |
| 58 | { |
| 59 | return container_of(ns, struct pid_namespace, ns); |
| 60 | } |
| 61 | |
| 62 | static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns) |
| 63 | { |
| 64 | if (ns != &init_pid_ns) |
| 65 | ns_ref_inc(ns); |
| 66 | return ns; |
| 67 | } |
| 68 | |
| 69 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) |
| 70 | static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) |
| 71 | { |
| 72 | int scope = MEMFD_NOEXEC_SCOPE_EXEC; |
| 73 | |
| 74 | for (; ns; ns = ns->parent) |
| 75 | scope = max(scope, READ_ONCE(ns->memfd_noexec_scope)); |
| 76 | |
| 77 | return scope; |
| 78 | } |
| 79 | #else |
| 80 | static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) |
| 81 | { |
| 82 | return 0; |
| 83 | } |
| 84 | #endif |
| 85 | |
| 86 | extern struct pid_namespace *copy_pid_ns(u64 flags, |
| 87 | struct user_namespace *user_ns, struct pid_namespace *ns); |
| 88 | extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); |
| 89 | extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd); |
| 90 | extern void put_pid_ns(struct pid_namespace *ns); |
| 91 | |
| 92 | extern bool pidns_is_ancestor(struct pid_namespace *child, |
| 93 | struct pid_namespace *ancestor); |
| 94 | |
| 95 | #else /* !CONFIG_PID_NS */ |
| 96 | #include <linux/err.h> |
| 97 | |
| 98 | static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns) |
| 99 | { |
| 100 | return ns; |
| 101 | } |
| 102 | |
| 103 | static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns) |
| 104 | { |
| 105 | return 0; |
| 106 | } |
| 107 | |
| 108 | static inline struct pid_namespace *copy_pid_ns(u64 flags, |
| 109 | struct user_namespace *user_ns, struct pid_namespace *ns) |
| 110 | { |
| 111 | if (flags & CLONE_NEWPID) |
| 112 | ns = ERR_PTR(-EINVAL); |
| 113 | return ns; |
| 114 | } |
| 115 | |
| 116 | static inline void put_pid_ns(struct pid_namespace *ns) |
| 117 | { |
| 118 | } |
| 119 | |
| 120 | static inline void zap_pid_ns_processes(struct pid_namespace *ns) |
| 121 | { |
| 122 | BUG(); |
| 123 | } |
| 124 | |
| 125 | static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd) |
| 126 | { |
| 127 | return 0; |
| 128 | } |
| 129 | |
| 130 | static inline bool pidns_is_ancestor(struct pid_namespace *child, |
| 131 | struct pid_namespace *ancestor) |
| 132 | { |
| 133 | return false; |
| 134 | } |
| 135 | #endif /* CONFIG_PID_NS */ |
| 136 | |
| 137 | extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk); |
| 138 | void pidhash_init(void); |
| 139 | void pid_idr_init(void); |
| 140 | int register_pidns_sysctls(struct pid_namespace *pidns); |
| 141 | void unregister_pidns_sysctls(struct pid_namespace *pidns); |
| 142 | |
| 143 | static inline bool task_is_in_init_pid_ns(struct task_struct *tsk) |
| 144 | { |
| 145 | return task_active_pid_ns(tsk) == &init_pid_ns; |
| 146 | } |
| 147 | |
| 148 | #endif /* _LINUX_PID_NS_H */ |
| 149 |
Generated while processing Linux/arch/x86/entry/syscall_32.c
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.