xref: /linux-6.15/include/linux/pid_namespace.h (revision f0ada00a) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_PID_NS_H
3 #define _LINUX_PID_NS_H
4 
5 #include <linux/sched.h>
6 #include <linux/bug.h>
7 #include <linux/mm.h>
8 #include <linux/workqueue.h>
9 #include <linux/threads.h>
10 #include <linux/nsproxy.h>
11 #include <linux/ns_common.h>
12 #include <linux/idr.h>
13 
14 /* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */
15 #define MAX_PID_NS_LEVEL 32
16 
17 struct fs_pin;
18 
19 #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
20 /* modes for vm.memfd_noexec sysctl */
21 #define MEMFD_NOEXEC_SCOPE_EXEC			0 /* MFD_EXEC implied if unset */
22 #define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL		1 /* MFD_NOEXEC_SEAL implied if unset */
23 #define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED	2 /* same as 1, except MFD_EXEC rejected */
24 #endif
25 
26 struct pid_namespace {
27 	struct idr idr;
28 	struct rcu_head rcu;
29 	unsigned int pid_allocated;
30 	struct task_struct *child_reaper;
31 	struct kmem_cache *pid_cachep;
32 	unsigned int level;
33 	int pid_max;
34 	struct pid_namespace *parent;
35 #ifdef CONFIG_BSD_PROCESS_ACCT
36 	struct fs_pin *bacct;
37 #endif
38 	struct user_namespace *user_ns;
39 	struct ucounts *ucounts;
40 	int reboot;	/* group exit code if this pidns was rebooted */
41 	struct ns_common ns;
42 	struct work_struct	work;
43 #ifdef CONFIG_SYSCTL
44 	struct ctl_table_set	set;
45 	struct ctl_table_header *sysctls;
46 #if defined(CONFIG_MEMFD_CREATE)
47 	int memfd_noexec_scope;
48 #endif
49 #endif
50 } __randomize_layout;
51 
52 extern struct pid_namespace init_pid_ns;
53 
54 #define PIDNS_ADDING (1U << 31)
55 
56 #ifdef CONFIG_PID_NS
57 static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
58 {
59 	if (ns != &init_pid_ns)
60 		refcount_inc(&ns->ns.count);
61 	return ns;
62 }
63 
64 #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
65 static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
66 {
67 	int scope = MEMFD_NOEXEC_SCOPE_EXEC;
68 
69 	for (; ns; ns = ns->parent)
70 		scope = max(scope, READ_ONCE(ns->memfd_noexec_scope));
71 
72 	return scope;
73 }
74 #else
75 static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
76 {
77 	return 0;
78 }
79 #endif
80 
81 extern struct pid_namespace *copy_pid_ns(unsigned long flags,
82 	struct user_namespace *user_ns, struct pid_namespace *ns);
83 extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
84 extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
85 extern void put_pid_ns(struct pid_namespace *ns);
86 
87 #else /* !CONFIG_PID_NS */
88 #include <linux/err.h>
89 
90 static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
91 {
92 	return ns;
93 }
94 
95 static inline int pidns_memfd_noexec_scope(struct pid_namespace *ns)
96 {
97 	return 0;
98 }
99 
100 static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
101 	struct user_namespace *user_ns, struct pid_namespace *ns)
102 {
103 	if (flags & CLONE_NEWPID)
104 		ns = ERR_PTR(-EINVAL);
105 	return ns;
106 }
107 
108 static inline void put_pid_ns(struct pid_namespace *ns)
109 {
110 }
111 
112 static inline void zap_pid_ns_processes(struct pid_namespace *ns)
113 {
114 	BUG();
115 }
116 
117 static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd)
118 {
119 	return 0;
120 }
121 #endif /* CONFIG_PID_NS */
122 
123 extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk);
124 void pidhash_init(void);
125 void pid_idr_init(void);
126 int register_pidns_sysctls(struct pid_namespace *pidns);
127 void unregister_pidns_sysctls(struct pid_namespace *pidns);
128 
129 static inline bool task_is_in_init_pid_ns(struct task_struct *tsk)
130 {
131 	return task_active_pid_ns(tsk) == &init_pid_ns;
132 }
133 
134 #endif /* _LINUX_PID_NS_H */
135