1 // SPDX-License-Identifier: GPL-2.0-only
3  * Generic pidhash and scalable, time-bounded PID allocator
5  * (C) 2002-2003 Nadia Yvette Chambers, IBM
7  * (C) 2002-2004 Ingo Molnar, Red Hat
9  * pid-structures are backing objects for tasks sharing a given ID to chain
11  * parking tasks using given ID's on a list.
13  * The hash is always changed with the tasklist_lock write-acquired,
15  * read-acquired, so there's no additional SMP locking needed here.
17  * We have a list of bitmap pages, which bitmaps represent the PID space.
18  * Allocating and freeing PIDs is completely lockless. The worst-case
58 		.ns		= &init_pid_ns,
70  * PID-map pages start out as NULL, they get allocated upon
76 	.ns.count = REFCOUNT_INIT(2),
82 	.ns.inum = PROC_PID_INIT_INO,
84 	.ns.ops = &pidns_operations,
96  * If we don't disable interrupts there is a nasty deadlock between
97  * detach_pid()->free_pid() and another cpu that does
101  * After we clean up the tasklist_lock and know there are no
102  * irq handlers that take it we can leave the interrupts enabled.
110 	struct pid_namespace *ns;  in put_pid()  local
115 	ns = pid->numbers[pid->level].ns;  in put_pid()
116 	if (refcount_dec_and_test(&pid->count)) {  in put_pid()
117 		kmem_cache_free(ns->pid_cachep, pid);  in put_pid()
118 		put_pid_ns(ns);  in put_pid()
131 	/* We can be called with write_lock_irq(&tasklist_lock) held */  in free_pid()
136 	for (i = 0; i <= pid->level; i++) {  in free_pid()
137 		struct upid *upid = pid->numbers + i;  in free_pid()
138 		struct pid_namespace *ns = upid->ns;  in free_pid()  local
139 		switch (--ns->pid_allocated) {  in free_pid()
146 			wake_up_process(ns->child_reaper);  in free_pid()
150 			WARN_ON(ns->child_reaper);  in free_pid()
151 			ns->pid_allocated = 0;  in free_pid()
155 		idr_remove(&ns->idr, upid->nr);  in free_pid()
159 	call_rcu(&pid->rcu, delayed_put_pid);  in free_pid()
162 struct pid *alloc_pid(struct pid_namespace *ns, pid_t *set_tid,  in alloc_pid()  argument
170 	int retval = -ENOMEM;  in alloc_pid()
178 	 * never be greater than the current ns->level + 1.  in alloc_pid()
180 	if (set_tid_size > ns->level + 1)  in alloc_pid()
181 		return ERR_PTR(-EINVAL);  in alloc_pid()
183 	pid = kmem_cache_alloc(ns->pid_cachep, GFP_KERNEL);  in alloc_pid()
187 	tmp = ns;  in alloc_pid()
188 	pid->level = ns->level;  in alloc_pid()
190 	for (i = ns->level; i >= 0; i--) {  in alloc_pid()
194 			tid = set_tid[ns->level - i];  in alloc_pid()
196 			retval = -EINVAL;  in alloc_pid()
203 			if (tid != 1 && !tmp->child_reaper)  in alloc_pid()
205 			retval = -EPERM;  in alloc_pid()
206 			if (!checkpoint_restore_ns_capable(tmp->user_ns))  in alloc_pid()
208 			set_tid_size--;  in alloc_pid()
215 			nr = idr_alloc(&tmp->idr, NULL, tid,  in alloc_pid()
221 			if (nr == -ENOSPC)  in alloc_pid()
222 				nr = -EEXIST;  in alloc_pid()
229 			if (idr_get_cursor(&tmp->idr) > RESERVED_PIDS)  in alloc_pid()
236 			nr = idr_alloc_cyclic(&tmp->idr, NULL, pid_min,  in alloc_pid()
243 			retval = (nr == -ENOSPC) ? -EAGAIN : nr;  in alloc_pid()
247 		pid->numbers[i].nr = nr;  in alloc_pid()
248 		pid->numbers[i].ns = tmp;  in alloc_pid()
249 		tmp = tmp->parent;  in alloc_pid()
256 	 * is what we have exposed to userspace for a long time and it is  in alloc_pid()
257 	 * documented behavior for pid namespaces. So we can't easily  in alloc_pid()
260 	retval = -ENOMEM;  in alloc_pid()
262 	get_pid_ns(ns);  in alloc_pid()
263 	refcount_set(&pid->count, 1);  in alloc_pid()
264 	spin_lock_init(&pid->lock);  in alloc_pid()
266 		INIT_HLIST_HEAD(&pid->tasks[type]);  in alloc_pid()
268 	init_waitqueue_head(&pid->wait_pidfd);  in alloc_pid()
269 	INIT_HLIST_HEAD(&pid->inodes);  in alloc_pid()
271 	upid = pid->numbers + ns->level;  in alloc_pid()
273 	if (!(ns->pid_allocated & PIDNS_ADDING))  in alloc_pid()
275 	for ( ; upid >= pid->numbers; --upid) {  in alloc_pid()
277 		idr_replace(&upid->ns->idr, pid, upid->nr);  in alloc_pid()
278 		upid->ns->pid_allocated++;  in alloc_pid()
286 	put_pid_ns(ns);  in alloc_pid()
290 	while (++i <= ns->level) {  in alloc_pid()
291 		upid = pid->numbers + i;  in alloc_pid()
292 		idr_remove(&upid->ns->idr, upid->nr);  in alloc_pid()
295 	/* On failure to allocate the first pid, reset the state */  in alloc_pid()
296 	if (ns->pid_allocated == PIDNS_ADDING)  in alloc_pid()
297 		idr_set_cursor(&ns->idr, 0);  in alloc_pid()
301 	kmem_cache_free(ns->pid_cachep, pid);  in alloc_pid()
305 void disable_pid_allocation(struct pid_namespace *ns)  in disable_pid_allocation()  argument
308 	ns->pid_allocated &= ~PIDNS_ADDING;  in disable_pid_allocation()
312 struct pid *find_pid_ns(int nr, struct pid_namespace *ns)  in find_pid_ns()  argument
314 	return idr_find(&ns->idr, nr);  in find_pid_ns()
327 		&task->thread_pid :  in task_pid_ptr()
328 		&task->signal->pids[type];  in task_pid_ptr()
332  * attach_pid() must be called with the tasklist_lock write-held.
337 	hlist_add_head_rcu(&task->pid_links[type], &pid->tasks[type]);  in attach_pid()
349 	hlist_del_rcu(&task->pid_links[type]);  in __change_pid()
352 	for (tmp = PIDTYPE_MAX; --tmp >= 0; )  in __change_pid()
373 	struct pid *pid1 = left->thread_pid;  in exchange_tids()
374 	struct pid *pid2 = right->thread_pid;  in exchange_tids()
375 	struct hlist_head *head1 = &pid1->tasks[PIDTYPE_PID];  in exchange_tids()
376 	struct hlist_head *head2 = &pid2->tasks[PIDTYPE_PID];  in exchange_tids()
382 	rcu_assign_pointer(left->thread_pid, pid2);  in exchange_tids()
383 	rcu_assign_pointer(right->thread_pid, pid1);  in exchange_tids()
386 	WRITE_ONCE(left->pid, pid_nr(pid2));  in exchange_tids()
387 	WRITE_ONCE(right->pid, pid_nr(pid1));  in exchange_tids()
395 		new->thread_pid = old->thread_pid;  in transfer_pid()
396 	hlist_replace_rcu(&old->pid_links[type], &new->pid_links[type]);  in transfer_pid()
404 		first = rcu_dereference_check(hlist_first_rcu(&pid->tasks[type]),  in pid_task()
416 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)  in find_task_by_pid_ns()  argument
420 	return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);  in find_task_by_pid_ns()
475 pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)  in pid_nr_ns()  argument
480 	if (pid && ns->level <= pid->level) {  in pid_nr_ns()
481 		upid = &pid->numbers[ns->level];  in pid_nr_ns()
482 		if (upid->ns == ns)  in pid_nr_ns()
483 			nr = upid->nr;  in pid_nr_ns()
496 			struct pid_namespace *ns)  in __task_pid_nr_ns()  argument
501 	if (!ns)  in __task_pid_nr_ns()
502 		ns = task_active_pid_ns(current);  in __task_pid_nr_ns()
503 	nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);  in __task_pid_nr_ns()
521 struct pid *find_ge_pid(int nr, struct pid_namespace *ns)  in find_ge_pid()  argument
523 	return idr_get_next(&ns->idr, &nr);  in find_ge_pid()
534 		return ERR_PTR(-EBADF);  in pidfd_get_pid()
539 		*flags = f.file->f_flags;  in pidfd_get_pid()
547  * pidfd_get_task() - Get the task associated with a pidfd
552  * Return the task associated with @pidfd. The function takes a reference on
555  * Currently, the process identified by @pidfd is always a thread-group leader.
560  * Return: On success, the task_struct associated with the pidfd.
561  *	   On error, a negative errno number will be returned.
576 		return ERR_PTR(-ESRCH);  in pidfd_get_task()
583  * pidfd_create() - Create a new pid file descriptor.
595  * Return: On success, a cloexec pidfd is returned.
596  *         On error, a negative errno number will be returned.
612  * sys_pidfd_open() - Open new pid file descriptor.
619  * @pid must be a thread-group leader. This restriction currently exists
624  * Return: On success, a cloexec pidfd is returned.
625  *         On error, a negative errno number will be returned.
633 		return -EINVAL;  in SYSCALL_DEFINE2()
636 		return -EINVAL;  in SYSCALL_DEFINE2()
640 		return -ESRCH;  in SYSCALL_DEFINE2()
653 	/* bump default and minimum pid_max based on number of cpus */  in pid_idr_init()
674 	ret = down_read_killable(&task->signal->exec_update_lock);  in __pidfd_fget()
681 		file = ERR_PTR(-EPERM);  in __pidfd_fget()
683 	up_read(&task->signal->exec_update_lock);  in __pidfd_fget()
685 	return file ?: ERR_PTR(-EBADF);  in __pidfd_fget()
696 		return -ESRCH;  in pidfd_getfd()
710  * sys_pidfd_getfd() - Get a file descriptor from another process
714  * @flags:	flags on how to get the fd (reserved)
717  * based on the pidfd, and file descriptor number. It requires that
722  * Return: On success, a cloexec file descriptor is returned.
723  *         On error, a negative errno number will be returned.
732 	/* flags is currently unused - make sure it's unset */  in SYSCALL_DEFINE3()
734 		return -EINVAL;  in SYSCALL_DEFINE3()
738 		return -EBADF;  in SYSCALL_DEFINE3()