aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/user_namespace.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/user_namespace.c')
-rw-r--r--kernel/user_namespace.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 1e34de2fbd60..44a555ac6104 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,6 +24,7 @@
24#include <linux/fs_struct.h> 24#include <linux/fs_struct.h>
25 25
26static struct kmem_cache *user_ns_cachep __read_mostly; 26static struct kmem_cache *user_ns_cachep __read_mostly;
27static DEFINE_MUTEX(userns_state_mutex);
27 28
28static bool new_idmap_permitted(const struct file *file, 29static bool new_idmap_permitted(const struct file *file,
29 struct user_namespace *ns, int cap_setid, 30 struct user_namespace *ns, int cap_setid,
@@ -583,9 +584,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map,
583 return false; 584 return false;
584} 585}
585 586
586
587static DEFINE_MUTEX(id_map_mutex);
588
589static ssize_t map_write(struct file *file, const char __user *buf, 587static ssize_t map_write(struct file *file, const char __user *buf,
590 size_t count, loff_t *ppos, 588 size_t count, loff_t *ppos,
591 int cap_setid, 589 int cap_setid,
@@ -602,7 +600,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
602 ssize_t ret = -EINVAL; 600 ssize_t ret = -EINVAL;
603 601
604 /* 602 /*
605 * The id_map_mutex serializes all writes to any given map. 603 * The userns_state_mutex serializes all writes to any given map.
606 * 604 *
607 * Any map is only ever written once. 605 * Any map is only ever written once.
608 * 606 *
@@ -620,7 +618,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
620 * order and smp_rmb() is guaranteed that we don't have crazy 618 * order and smp_rmb() is guaranteed that we don't have crazy
621 * architectures returning stale data. 619 * architectures returning stale data.
622 */ 620 */
623 mutex_lock(&id_map_mutex); 621 mutex_lock(&userns_state_mutex);
624 622
625 ret = -EPERM; 623 ret = -EPERM;
626 /* Only allow one successful write to the map */ 624 /* Only allow one successful write to the map */
@@ -750,7 +748,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
750 *ppos = count; 748 *ppos = count;
751 ret = count; 749 ret = count;
752out: 750out:
753 mutex_unlock(&id_map_mutex); 751 mutex_unlock(&userns_state_mutex);
754 if (page) 752 if (page)
755 free_page(page); 753 free_page(page);
756 return ret; 754 return ret;
@@ -845,12 +843,12 @@ bool userns_may_setgroups(const struct user_namespace *ns)
845{ 843{
846 bool allowed; 844 bool allowed;
847 845
848 mutex_lock(&id_map_mutex); 846 mutex_lock(&userns_state_mutex);
849 /* It is not safe to use setgroups until a gid mapping in 847 /* It is not safe to use setgroups until a gid mapping in
850 * the user namespace has been established. 848 * the user namespace has been established.
851 */ 849 */
852 allowed = ns->gid_map.nr_extents != 0; 850 allowed = ns->gid_map.nr_extents != 0;
853 mutex_unlock(&id_map_mutex); 851 mutex_unlock(&userns_state_mutex);
854 852
855 return allowed; 853 return allowed;
856} 854}