x86, mm: Change cachemode exports to non-gpl

[deliverable/linux.git] / kernel / user_namespace.c

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6e80f4c1322bb97faef0216498defda1b23bcbaf..4109f8320684a81af4cd9d0c7262f83812c300f2 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -87,11 +87,12 @@ int create_user_ns(struct cred *new)
        if (!ns)
                return -ENOMEM;
 
-       ret = proc_alloc_inum(&ns->proc_inum);
+       ret = ns_alloc_inum(&ns->ns);
        if (ret) {
                kmem_cache_free(user_ns_cachep, ns);
                return ret;
        }
+       ns->ns.ops = &userns_operations;
 
        atomic_set(&ns->count, 1);
        /* Leave the new->user_ns reference with the new user namespace. */
@@ -142,7 +143,7 @@ void free_user_ns(struct user_namespace *ns)
 #ifdef CONFIG_PERSISTENT_KEYRINGS
                key_put(ns->persistent_keyring_register);
 #endif
-               proc_free_inum(ns->proc_inum);
+               ns_free_inum(&ns->ns);
                kmem_cache_free(user_ns_cachep, ns);
                ns = parent;
        } while (atomic_dec_and_test(&parent->count));
@@ -643,7 +644,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
        if (!page)
                goto out;
 
-       /* Only allow <= page size writes at the beginning of the file */
+       /* Only allow < page size writes at the beginning of the file */
        ret = -EINVAL;
        if ((*ppos != 0) || (count >= PAGE_SIZE))
                goto out;
@@ -826,6 +827,11 @@ static bool new_idmap_permitted(const struct file *file,
                        kuid_t uid = make_kuid(ns->parent, id);
                        if (uid_eq(uid, cred->euid))
                                return true;
+               } else if (cap_setid == CAP_SETGID) {
+                       kgid_t gid = make_kgid(ns->parent, id);
+                       if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&
+                           gid_eq(gid, cred->egid))
+                               return true;
                }
        }
 
@@ -938,7 +944,12 @@ bool userns_may_setgroups(const struct user_namespace *ns)
        return allowed;
 }
 
-static void *userns_get(struct task_struct *task)
+static inline struct user_namespace *to_user_ns(struct ns_common *ns)
+{
+       return container_of(ns, struct user_namespace, ns);
+}
+
+static struct ns_common *userns_get(struct task_struct *task)
 {
        struct user_namespace *user_ns;
 
@@ -946,17 +957,17 @@ static void *userns_get(struct task_struct *task)
        user_ns = get_user_ns(__task_cred(task)->user_ns);
        rcu_read_unlock();
 
-       return user_ns;
+       return user_ns ? &user_ns->ns : NULL;
 }
 
-static void userns_put(void *ns)
+static void userns_put(struct ns_common *ns)
 {
-       put_user_ns(ns);
+       put_user_ns(to_user_ns(ns));
 }
 
-static int userns_install(struct nsproxy *nsproxy, void *ns)
+static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)
 {
-       struct user_namespace *user_ns = ns;
+       struct user_namespace *user_ns = to_user_ns(ns);
        struct cred *cred;
 
        /* Don't allow gaining capabilities by reentering
@@ -985,19 +996,12 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
        return commit_creds(cred);
 }
 
-static unsigned int userns_inum(void *ns)
-{
-       struct user_namespace *user_ns = ns;
-       return user_ns->proc_inum;
-}
-
 const struct proc_ns_operations userns_operations = {
        .name           = "user",
        .type           = CLONE_NEWUSER,
        .get            = userns_get,
        .put            = userns_put,
        .install        = userns_install,
-       .inum           = userns_inum,
 };
 
 static __init int user_namespaces_init(void)