diff options
Diffstat (limited to 'kernel/user_namespace.c')
-rw-r--r-- | kernel/user_namespace.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 1e34de2fbd60..44a555ac6104 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <linux/fs_struct.h> | 24 | #include <linux/fs_struct.h> |
25 | 25 | ||
26 | static struct kmem_cache *user_ns_cachep __read_mostly; | 26 | static struct kmem_cache *user_ns_cachep __read_mostly; |
27 | static DEFINE_MUTEX(userns_state_mutex); | ||
27 | 28 | ||
28 | static bool new_idmap_permitted(const struct file *file, | 29 | static bool new_idmap_permitted(const struct file *file, |
29 | struct user_namespace *ns, int cap_setid, | 30 | struct user_namespace *ns, int cap_setid, |
@@ -583,9 +584,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map, | |||
583 | return false; | 584 | return false; |
584 | } | 585 | } |
585 | 586 | ||
586 | |||
587 | static DEFINE_MUTEX(id_map_mutex); | ||
588 | |||
589 | static ssize_t map_write(struct file *file, const char __user *buf, | 587 | static ssize_t map_write(struct file *file, const char __user *buf, |
590 | size_t count, loff_t *ppos, | 588 | size_t count, loff_t *ppos, |
591 | int cap_setid, | 589 | int cap_setid, |
@@ -602,7 +600,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | |||
602 | ssize_t ret = -EINVAL; | 600 | ssize_t ret = -EINVAL; |
603 | 601 | ||
604 | /* | 602 | /* |
605 | * The id_map_mutex serializes all writes to any given map. | 603 | * The userns_state_mutex serializes all writes to any given map. |
606 | * | 604 | * |
607 | * Any map is only ever written once. | 605 | * Any map is only ever written once. |
608 | * | 606 | * |
@@ -620,7 +618,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | |||
620 | * order and smp_rmb() is guaranteed that we don't have crazy | 618 | * order and smp_rmb() is guaranteed that we don't have crazy |
621 | * architectures returning stale data. | 619 | * architectures returning stale data. |
622 | */ | 620 | */ |
623 | mutex_lock(&id_map_mutex); | 621 | mutex_lock(&userns_state_mutex); |
624 | 622 | ||
625 | ret = -EPERM; | 623 | ret = -EPERM; |
626 | /* Only allow one successful write to the map */ | 624 | /* Only allow one successful write to the map */ |
@@ -750,7 +748,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | |||
750 | *ppos = count; | 748 | *ppos = count; |
751 | ret = count; | 749 | ret = count; |
752 | out: | 750 | out: |
753 | mutex_unlock(&id_map_mutex); | 751 | mutex_unlock(&userns_state_mutex); |
754 | if (page) | 752 | if (page) |
755 | free_page(page); | 753 | free_page(page); |
756 | return ret; | 754 | return ret; |
@@ -845,12 +843,12 @@ bool userns_may_setgroups(const struct user_namespace *ns) | |||
845 | { | 843 | { |
846 | bool allowed; | 844 | bool allowed; |
847 | 845 | ||
848 | mutex_lock(&id_map_mutex); | 846 | mutex_lock(&userns_state_mutex); |
849 | /* It is not safe to use setgroups until a gid mapping in | 847 | /* It is not safe to use setgroups until a gid mapping in |
850 | * the user namespace has been established. | 848 | * the user namespace has been established. |
851 | */ | 849 | */ |
852 | allowed = ns->gid_map.nr_extents != 0; | 850 | allowed = ns->gid_map.nr_extents != 0; |
853 | mutex_unlock(&id_map_mutex); | 851 | mutex_unlock(&userns_state_mutex); |
854 | 852 | ||
855 | return allowed; | 853 | return allowed; |
856 | } | 854 | } |