1 files changed, 25 insertions, 71 deletions

diff --git a/kernel/user.c b/kernel/user.c
index cec2224bc9f5..477b6660f447 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -16,12 +16,13 @@
 #include <linux/interrupt.h>
 #include <linux/module.h>
 #include <linux/user_namespace.h>
+#include "cred-internals.h"
 
 struct user_namespace init_user_ns = {
         .kref = {
-                .refcount       = ATOMIC_INIT(2),
+                .refcount       = ATOMIC_INIT(1),
         },
-        .root_user = &root_user,
+        .creator = &root_user,
 };
 EXPORT_SYMBOL_GPL(init_user_ns);
 
@@ -47,12 +48,14 @@ static struct kmem_cache *uid_cachep;
  */
 static DEFINE_SPINLOCK(uidhash_lock);
 
+/* root_user.__count is 2, 1 for init task cred, 1 for init_user_ns->creator */
 struct user_struct root_user = {
-        .__count        = ATOMIC_INIT(1),
+        .__count        = ATOMIC_INIT(2),
         .processes      = ATOMIC_INIT(1),
         .files          = ATOMIC_INIT(0),
         .sigpending     = ATOMIC_INIT(0),
         .locked_shm     = 0,
+        .user_ns        = &init_user_ns,
 #ifdef CONFIG_USER_SCHED
         .tg             = &init_task_group,
 #endif
@@ -106,16 +109,10 @@ static int sched_create_user(struct user_struct *up)
         return rc;
 }
 
-static void sched_switch_user(struct task_struct *p)
-{
-        sched_move_task(p);
-}
-
 #else   /* CONFIG_USER_SCHED */
 
 static void sched_destroy_user(struct user_struct *up) { }
 static int sched_create_user(struct user_struct *up) { return 0; }
-static void sched_switch_user(struct task_struct *p) { }
 
 #endif  /* CONFIG_USER_SCHED */
 
@@ -244,13 +241,21 @@ static struct kobj_type uids_ktype = {
         .release = uids_release,
 };
 
-/* create /sys/kernel/uids/<uid>/cpu_share file for this user */
+/*
+ * Create /sys/kernel/uids/<uid>/cpu_share file for this user
+ * We do not create this file for users in a user namespace (until
+ * sysfs tagging is implemented).
+ *
+ * See Documentation/scheduler/sched-design-CFS.txt for ramifications.
+ */
 static int uids_user_create(struct user_struct *up)
 {
         struct kobject *kobj = &up->kobj;
         int error;
 
         memset(kobj, 0, sizeof(struct kobject));
+        if (up->user_ns != &init_user_ns)
+                return 0;
         kobj->kset = uids_kset;
         error = kobject_init_and_add(kobj, &uids_ktype, NULL, "%d", up->uid);
         if (error) {
@@ -286,6 +291,8 @@ static void remove_user_sysfs_dir(struct work_struct *w)
         unsigned long flags;
         int remove_user = 0;
 
+        if (up->user_ns != &init_user_ns)
+                return;
         /* Make uid_hash_remove() + sysfs_remove_file() + kobject_del()
          * atomic.
          */
@@ -321,12 +328,13 @@ done:
  * IRQ state (as stored in flags) is restored and uidhash_lock released
  * upon function exit.
  */
-static inline void free_user(struct user_struct *up, unsigned long flags)
+static void free_user(struct user_struct *up, unsigned long flags)
 {
         /* restore back the count */
         atomic_inc(&up->__count);
         spin_unlock_irqrestore(&uidhash_lock, flags);
 
+        put_user_ns(up->user_ns);
         INIT_WORK(&up->work, remove_user_sysfs_dir);
         schedule_work(&up->work);
 }
@@ -342,13 +350,14 @@ static inline void uids_mutex_unlock(void) { }
  * IRQ state (as stored in flags) is restored and uidhash_lock released
  * upon function exit.
  */
-static inline void free_user(struct user_struct *up, unsigned long flags)
+static void free_user(struct user_struct *up, unsigned long flags)
 {
         uid_hash_remove(up);
         spin_unlock_irqrestore(&uidhash_lock, flags);
         sched_destroy_user(up);
         key_put(up->uid_keyring);
         key_put(up->session_keyring);
+        put_user_ns(up->user_ns);
         kmem_cache_free(uid_cachep, up);
 }
 
@@ -364,7 +373,7 @@ struct user_struct *find_user(uid_t uid)
 {
         struct user_struct *ret;
         unsigned long flags;
-        struct user_namespace *ns = current->nsproxy->user_ns;
+        struct user_namespace *ns = current_user_ns();
 
         spin_lock_irqsave(&uidhash_lock, flags);
         ret = uid_hash_find(uid, uidhashentry(ns, uid));
@@ -411,6 +420,8 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid)
                 if (sched_create_user(new) < 0)
                         goto out_free_user;
 
+                new->user_ns = get_user_ns(ns);
+
                 if (uids_user_create(new))
                         goto out_destoy_sched;
 
@@ -434,7 +445,6 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid)
                         up = new;
                 }
                 spin_unlock_irq(&uidhash_lock);
-
         }
 
         uids_mutex_unlock();
@@ -443,6 +453,7 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid)
 
 out_destoy_sched:
         sched_destroy_user(new);
+        put_user_ns(new->user_ns);
 out_free_user:
         kmem_cache_free(uid_cachep, new);
 out_unlock:
@@ -450,63 +461,6 @@ out_unlock:
         return NULL;
 }
 
-void switch_uid(struct user_struct *new_user)
-{
-        struct user_struct *old_user;
-
-        /* What if a process setreuid()'s and this brings the
-         * new uid over his NPROC rlimit?  We can check this now
-         * cheaply with the new uid cache, so if it matters
-         * we should be checking for it.  -DaveM
-         */
-        old_user = current->user;
-        atomic_inc(&new_user->processes);
-        atomic_dec(&old_user->processes);
-        switch_uid_keyring(new_user);
-        current->user = new_user;
-        sched_switch_user(current);
-
-        /*
-         * We need to synchronize with __sigqueue_alloc()
-         * doing a get_uid(p->user).. If that saw the old
-         * user value, we need to wait until it has exited
-         * its critical region before we can free the old
-         * structure.
-         */
-        smp_mb();
-        spin_unlock_wait(&current->sighand->siglock);
-
-        free_uid(old_user);
-        suid_keys(current);
-}
-
-#ifdef CONFIG_USER_NS
-void release_uids(struct user_namespace *ns)
-{
-        int i;
-        unsigned long flags;
-        struct hlist_head *head;
-        struct hlist_node *nd;
-
-        spin_lock_irqsave(&uidhash_lock, flags);
-        /*
-         * collapse the chains so that the user_struct-s will
-         * be still alive, but not in hashes. subsequent free_uid()
-         * will free them.
-         */
-        for (i = 0; i < UIDHASH_SZ; i++) {
-                head = ns->uidhash_table + i;
-                while (!hlist_empty(head)) {
-                        nd = head->first;
-                        hlist_del_init(nd);
-                }
-        }
-        spin_unlock_irqrestore(&uidhash_lock, flags);
-
-        free_uid(ns->root_user);
-}
-#endif
-
 static int __init uid_cache_init(void)
 {
         int n;