1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 2 3 #include <linux/workqueue.h> 4 #include <linux/rtnetlink.h> 5 #include <linux/cache.h> 6 #include <linux/slab.h> 7 #include <linux/list.h> 8 #include <linux/delay.h> 9 #include <linux/sched.h> 10 #include <linux/idr.h> 11 #include <linux/rculist.h> 12 #include <linux/nsproxy.h> 13 #include <linux/fs.h> 14 #include <linux/proc_ns.h> 15 #include <linux/file.h> 16 #include <linux/export.h> 17 #include <linux/user_namespace.h> 18 #include <linux/net_namespace.h> 19 #include <net/sock.h> 20 #include <net/netlink.h> 21 #include <net/net_namespace.h> 22 #include <net/netns/generic.h> 23 24 /* 25 * Our network namespace constructor/destructor lists 26 */ 27 28 static LIST_HEAD(pernet_list); 29 static struct list_head *first_device = &pernet_list; 30 DEFINE_MUTEX(net_mutex); 31 static DEFINE_SPINLOCK(nsid_lock); 32 33 LIST_HEAD(net_namespace_list); 34 EXPORT_SYMBOL_GPL(net_namespace_list); 35 36 struct net init_net = { 37 .dev_base_head = LIST_HEAD_INIT(init_net.dev_base_head), 38 }; 39 EXPORT_SYMBOL(init_net); 40 41 #define INITIAL_NET_GEN_PTRS 13 /* +1 for len +2 for rcu_head */ 42 43 static unsigned int max_gen_ptrs = INITIAL_NET_GEN_PTRS; 44 45 static struct net_generic *net_alloc_generic(void) 46 { 47 struct net_generic *ng; 48 size_t generic_size = offsetof(struct net_generic, ptr[max_gen_ptrs]); 49 50 ng = kzalloc(generic_size, GFP_KERNEL); 51 if (ng) 52 ng->len = max_gen_ptrs; 53 54 return ng; 55 } 56 57 static int net_assign_generic(struct net *net, int id, void *data) 58 { 59 struct net_generic *ng, *old_ng; 60 61 BUG_ON(!mutex_is_locked(&net_mutex)); 62 BUG_ON(id == 0); 63 64 old_ng = rcu_dereference_protected(net->gen, 65 lockdep_is_held(&net_mutex)); 66 ng = old_ng; 67 if (old_ng->len >= id) 68 goto assign; 69 70 ng = net_alloc_generic(); 71 if (ng == NULL) 72 return -ENOMEM; 73 74 /* 75 * Some synchronisation notes: 76 * 77 * The net_generic explores the net->gen array inside rcu 78 * read section. Besides once set the net->gen->ptr[x] 79 * pointer never changes (see rules in netns/generic.h). 80 * 81 * That said, we simply duplicate this array and schedule 82 * the old copy for kfree after a grace period. 83 */ 84 85 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len * sizeof(void*)); 86 87 rcu_assign_pointer(net->gen, ng); 88 kfree_rcu(old_ng, rcu); 89 assign: 90 ng->ptr[id - 1] = data; 91 return 0; 92 } 93 94 static int ops_init(const struct pernet_operations *ops, struct net *net) 95 { 96 int err = -ENOMEM; 97 void *data = NULL; 98 99 if (ops->id && ops->size) { 100 data = kzalloc(ops->size, GFP_KERNEL); 101 if (!data) 102 goto out; 103 104 err = net_assign_generic(net, *ops->id, data); 105 if (err) 106 goto cleanup; 107 } 108 err = 0; 109 if (ops->init) 110 err = ops->init(net); 111 if (!err) 112 return 0; 113 114 cleanup: 115 kfree(data); 116 117 out: 118 return err; 119 } 120 121 static void ops_free(const struct pernet_operations *ops, struct net *net) 122 { 123 if (ops->id && ops->size) { 124 int id = *ops->id; 125 kfree(net_generic(net, id)); 126 } 127 } 128 129 static void ops_exit_list(const struct pernet_operations *ops, 130 struct list_head *net_exit_list) 131 { 132 struct net *net; 133 if (ops->exit) { 134 list_for_each_entry(net, net_exit_list, exit_list) 135 ops->exit(net); 136 } 137 if (ops->exit_batch) 138 ops->exit_batch(net_exit_list); 139 } 140 141 static void ops_free_list(const struct pernet_operations *ops, 142 struct list_head *net_exit_list) 143 { 144 struct net *net; 145 if (ops->size && ops->id) { 146 list_for_each_entry(net, net_exit_list, exit_list) 147 ops_free(ops, net); 148 } 149 } 150 151 /* should be called with nsid_lock held */ 152 static int alloc_netid(struct net *net, struct net *peer, int reqid) 153 { 154 int min = 0, max = 0; 155 156 if (reqid >= 0) { 157 min = reqid; 158 max = reqid + 1; 159 } 160 161 return idr_alloc(&net->netns_ids, peer, min, max, GFP_ATOMIC); 162 } 163 164 /* This function is used by idr_for_each(). If net is equal to peer, the 165 * function returns the id so that idr_for_each() stops. Because we cannot 166 * returns the id 0 (idr_for_each() will not stop), we return the magic value 167 * NET_ID_ZERO (-1) for it. 168 */ 169 #define NET_ID_ZERO -1 170 static int net_eq_idr(int id, void *net, void *peer) 171 { 172 if (net_eq(net, peer)) 173 return id ? : NET_ID_ZERO; 174 return 0; 175 } 176 177 /* Should be called with nsid_lock held. If a new id is assigned, the bool alloc 178 * is set to true, thus the caller knows that the new id must be notified via 179 * rtnl. 180 */ 181 static int __peernet2id_alloc(struct net *net, struct net *peer, bool *alloc) 182 { 183 int id = idr_for_each(&net->netns_ids, net_eq_idr, peer); 184 bool alloc_it = *alloc; 185 186 *alloc = false; 187 188 /* Magic value for id 0. */ 189 if (id == NET_ID_ZERO) 190 return 0; 191 if (id > 0) 192 return id; 193 194 if (alloc_it) { 195 id = alloc_netid(net, peer, -1); 196 *alloc = true; 197 return id >= 0 ? id : NETNSA_NSID_NOT_ASSIGNED; 198 } 199 200 return NETNSA_NSID_NOT_ASSIGNED; 201 } 202 203 /* should be called with nsid_lock held */ 204 static int __peernet2id(struct net *net, struct net *peer) 205 { 206 bool no = false; 207 208 return __peernet2id_alloc(net, peer, &no); 209 } 210 211 static void rtnl_net_notifyid(struct net *net, int cmd, int id); 212 /* This function returns the id of a peer netns. If no id is assigned, one will 213 * be allocated and returned. 214 */ 215 int peernet2id_alloc(struct net *net, struct net *peer) 216 { 217 unsigned long flags; 218 bool alloc; 219 int id; 220 221 spin_lock_irqsave(&nsid_lock, flags); 222 alloc = atomic_read(&peer->count) == 0 ? false : true; 223 id = __peernet2id_alloc(net, peer, &alloc); 224 spin_unlock_irqrestore(&nsid_lock, flags); 225 if (alloc && id >= 0) 226 rtnl_net_notifyid(net, RTM_NEWNSID, id); 227 return id; 228 } 229 EXPORT_SYMBOL(peernet2id_alloc); 230 231 /* This function returns, if assigned, the id of a peer netns. */ 232 static int peernet2id(struct net *net, struct net *peer) 233 { 234 unsigned long flags; 235 int id; 236 237 spin_lock_irqsave(&nsid_lock, flags); 238 id = __peernet2id(net, peer); 239 spin_unlock_irqrestore(&nsid_lock, flags); 240 return id; 241 } 242 243 struct net *get_net_ns_by_id(struct net *net, int id) 244 { 245 unsigned long flags; 246 struct net *peer; 247 248 if (id < 0) 249 return NULL; 250 251 rcu_read_lock(); 252 spin_lock_irqsave(&nsid_lock, flags); 253 peer = idr_find(&net->netns_ids, id); 254 if (peer) 255 get_net(peer); 256 spin_unlock_irqrestore(&nsid_lock, flags); 257 rcu_read_unlock(); 258 259 return peer; 260 } 261 262 /* 263 * setup_net runs the initializers for the network namespace object. 264 */ 265 static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) 266 { 267 /* Must be called with net_mutex held */ 268 const struct pernet_operations *ops, *saved_ops; 269 int error = 0; 270 LIST_HEAD(net_exit_list); 271 272 atomic_set(&net->count, 1); 273 atomic_set(&net->passive, 1); 274 net->dev_base_seq = 1; 275 net->user_ns = user_ns; 276 idr_init(&net->netns_ids); 277 278 list_for_each_entry(ops, &pernet_list, list) { 279 error = ops_init(ops, net); 280 if (error < 0) 281 goto out_undo; 282 } 283 out: 284 return error; 285 286 out_undo: 287 /* Walk through the list backwards calling the exit functions 288 * for the pernet modules whose init functions did not fail. 289 */ 290 list_add(&net->exit_list, &net_exit_list); 291 saved_ops = ops; 292 list_for_each_entry_continue_reverse(ops, &pernet_list, list) 293 ops_exit_list(ops, &net_exit_list); 294 295 ops = saved_ops; 296 list_for_each_entry_continue_reverse(ops, &pernet_list, list) 297 ops_free_list(ops, &net_exit_list); 298 299 rcu_barrier(); 300 goto out; 301 } 302 303 304 #ifdef CONFIG_NET_NS 305 static struct kmem_cache *net_cachep; 306 static struct workqueue_struct *netns_wq; 307 308 static struct net *net_alloc(void) 309 { 310 struct net *net = NULL; 311 struct net_generic *ng; 312 313 ng = net_alloc_generic(); 314 if (!ng) 315 goto out; 316 317 net = kmem_cache_zalloc(net_cachep, GFP_KERNEL); 318 if (!net) 319 goto out_free; 320 321 rcu_assign_pointer(net->gen, ng); 322 out: 323 return net; 324 325 out_free: 326 kfree(ng); 327 goto out; 328 } 329 330 static void net_free(struct net *net) 331 { 332 kfree(rcu_access_pointer(net->gen)); 333 kmem_cache_free(net_cachep, net); 334 } 335 336 void net_drop_ns(void *p) 337 { 338 struct net *ns = p; 339 if (ns && atomic_dec_and_test(&ns->passive)) 340 net_free(ns); 341 } 342 343 struct net *copy_net_ns(unsigned long flags, 344 struct user_namespace *user_ns, struct net *old_net) 345 { 346 struct net *net; 347 int rv; 348 349 if (!(flags & CLONE_NEWNET)) 350 return get_net(old_net); 351 352 net = net_alloc(); 353 if (!net) 354 return ERR_PTR(-ENOMEM); 355 356 get_user_ns(user_ns); 357 358 mutex_lock(&net_mutex); 359 rv = setup_net(net, user_ns); 360 if (rv == 0) { 361 rtnl_lock(); 362 list_add_tail_rcu(&net->list, &net_namespace_list); 363 rtnl_unlock(); 364 } 365 mutex_unlock(&net_mutex); 366 if (rv < 0) { 367 put_user_ns(user_ns); 368 net_drop_ns(net); 369 return ERR_PTR(rv); 370 } 371 return net; 372 } 373 374 static DEFINE_SPINLOCK(cleanup_list_lock); 375 static LIST_HEAD(cleanup_list); /* Must hold cleanup_list_lock to touch */ 376 377 static void cleanup_net(struct work_struct *work) 378 { 379 const struct pernet_operations *ops; 380 struct net *net, *tmp; 381 struct list_head net_kill_list; 382 LIST_HEAD(net_exit_list); 383 384 /* Atomically snapshot the list of namespaces to cleanup */ 385 spin_lock_irq(&cleanup_list_lock); 386 list_replace_init(&cleanup_list, &net_kill_list); 387 spin_unlock_irq(&cleanup_list_lock); 388 389 mutex_lock(&net_mutex); 390 391 /* Don't let anyone else find us. */ 392 rtnl_lock(); 393 list_for_each_entry(net, &net_kill_list, cleanup_list) { 394 list_del_rcu(&net->list); 395 list_add_tail(&net->exit_list, &net_exit_list); 396 for_each_net(tmp) { 397 int id; 398 399 spin_lock_irq(&nsid_lock); 400 id = __peernet2id(tmp, net); 401 if (id >= 0) 402 idr_remove(&tmp->netns_ids, id); 403 spin_unlock_irq(&nsid_lock); 404 if (id >= 0) 405 rtnl_net_notifyid(tmp, RTM_DELNSID, id); 406 } 407 spin_lock_irq(&nsid_lock); 408 idr_destroy(&net->netns_ids); 409 spin_unlock_irq(&nsid_lock); 410 411 } 412 rtnl_unlock(); 413 414 /* 415 * Another CPU might be rcu-iterating the list, wait for it. 416 * This needs to be before calling the exit() notifiers, so 417 * the rcu_barrier() below isn't sufficient alone. 418 */ 419 synchronize_rcu(); 420 421 /* Run all of the network namespace exit methods */ 422 list_for_each_entry_reverse(ops, &pernet_list, list) 423 ops_exit_list(ops, &net_exit_list); 424 425 /* Free the net generic variables */ 426 list_for_each_entry_reverse(ops, &pernet_list, list) 427 ops_free_list(ops, &net_exit_list); 428 429 mutex_unlock(&net_mutex); 430 431 /* Ensure there are no outstanding rcu callbacks using this 432 * network namespace. 433 */ 434 rcu_barrier(); 435 436 /* Finally it is safe to free my network namespace structure */ 437 list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) { 438 list_del_init(&net->exit_list); 439 put_user_ns(net->user_ns); 440 net_drop_ns(net); 441 } 442 } 443 static DECLARE_WORK(net_cleanup_work, cleanup_net); 444 445 void __put_net(struct net *net) 446 { 447 /* Cleanup the network namespace in process context */ 448 unsigned long flags; 449 450 spin_lock_irqsave(&cleanup_list_lock, flags); 451 list_add(&net->cleanup_list, &cleanup_list); 452 spin_unlock_irqrestore(&cleanup_list_lock, flags); 453 454 queue_work(netns_wq, &net_cleanup_work); 455 } 456 EXPORT_SYMBOL_GPL(__put_net); 457 458 struct net *get_net_ns_by_fd(int fd) 459 { 460 struct file *file; 461 struct ns_common *ns; 462 struct net *net; 463 464 file = proc_ns_fget(fd); 465 if (IS_ERR(file)) 466 return ERR_CAST(file); 467 468 ns = get_proc_ns(file_inode(file)); 469 if (ns->ops == &netns_operations) 470 net = get_net(container_of(ns, struct net, ns)); 471 else 472 net = ERR_PTR(-EINVAL); 473 474 fput(file); 475 return net; 476 } 477 478 #else 479 struct net *get_net_ns_by_fd(int fd) 480 { 481 return ERR_PTR(-EINVAL); 482 } 483 #endif 484 EXPORT_SYMBOL_GPL(get_net_ns_by_fd); 485 486 struct net *get_net_ns_by_pid(pid_t pid) 487 { 488 struct task_struct *tsk; 489 struct net *net; 490 491 /* Lookup the network namespace */ 492 net = ERR_PTR(-ESRCH); 493 rcu_read_lock(); 494 tsk = find_task_by_vpid(pid); 495 if (tsk) { 496 struct nsproxy *nsproxy; 497 task_lock(tsk); 498 nsproxy = tsk->nsproxy; 499 if (nsproxy) 500 net = get_net(nsproxy->net_ns); 501 task_unlock(tsk); 502 } 503 rcu_read_unlock(); 504 return net; 505 } 506 EXPORT_SYMBOL_GPL(get_net_ns_by_pid); 507 508 static __net_init int net_ns_net_init(struct net *net) 509 { 510 #ifdef CONFIG_NET_NS 511 net->ns.ops = &netns_operations; 512 #endif 513 return ns_alloc_inum(&net->ns); 514 } 515 516 static __net_exit void net_ns_net_exit(struct net *net) 517 { 518 ns_free_inum(&net->ns); 519 } 520 521 static struct pernet_operations __net_initdata net_ns_ops = { 522 .init = net_ns_net_init, 523 .exit = net_ns_net_exit, 524 }; 525 526 static struct nla_policy rtnl_net_policy[NETNSA_MAX + 1] = { 527 [NETNSA_NONE] = { .type = NLA_UNSPEC }, 528 [NETNSA_NSID] = { .type = NLA_S32 }, 529 [NETNSA_PID] = { .type = NLA_U32 }, 530 [NETNSA_FD] = { .type = NLA_U32 }, 531 }; 532 533 static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh) 534 { 535 struct net *net = sock_net(skb->sk); 536 struct nlattr *tb[NETNSA_MAX + 1]; 537 unsigned long flags; 538 struct net *peer; 539 int nsid, err; 540 541 err = nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, 542 rtnl_net_policy); 543 if (err < 0) 544 return err; 545 if (!tb[NETNSA_NSID]) 546 return -EINVAL; 547 nsid = nla_get_s32(tb[NETNSA_NSID]); 548 549 if (tb[NETNSA_PID]) 550 peer = get_net_ns_by_pid(nla_get_u32(tb[NETNSA_PID])); 551 else if (tb[NETNSA_FD]) 552 peer = get_net_ns_by_fd(nla_get_u32(tb[NETNSA_FD])); 553 else 554 return -EINVAL; 555 if (IS_ERR(peer)) 556 return PTR_ERR(peer); 557 558 spin_lock_irqsave(&nsid_lock, flags); 559 if (__peernet2id(net, peer) >= 0) { 560 err = -EEXIST; 561 goto out; 562 } 563 564 err = alloc_netid(net, peer, nsid); 565 spin_unlock_irqrestore(&nsid_lock, flags); 566 if (err >= 0) { 567 rtnl_net_notifyid(net, RTM_NEWNSID, err); 568 err = 0; 569 } 570 out: 571 put_net(peer); 572 return err; 573 } 574 575 static int rtnl_net_get_size(void) 576 { 577 return NLMSG_ALIGN(sizeof(struct rtgenmsg)) 578 + nla_total_size(sizeof(s32)) /* NETNSA_NSID */ 579 ; 580 } 581 582 static int rtnl_net_fill(struct sk_buff *skb, u32 portid, u32 seq, int flags, 583 int cmd, struct net *net, int nsid) 584 { 585 struct nlmsghdr *nlh; 586 struct rtgenmsg *rth; 587 588 nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rth), flags); 589 if (!nlh) 590 return -EMSGSIZE; 591 592 rth = nlmsg_data(nlh); 593 rth->rtgen_family = AF_UNSPEC; 594 595 if (nla_put_s32(skb, NETNSA_NSID, nsid)) 596 goto nla_put_failure; 597 598 nlmsg_end(skb, nlh); 599 return 0; 600 601 nla_put_failure: 602 nlmsg_cancel(skb, nlh); 603 return -EMSGSIZE; 604 } 605 606 static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh) 607 { 608 struct net *net = sock_net(skb->sk); 609 struct nlattr *tb[NETNSA_MAX + 1]; 610 struct sk_buff *msg; 611 struct net *peer; 612 int err, id; 613 614 err = nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, 615 rtnl_net_policy); 616 if (err < 0) 617 return err; 618 if (tb[NETNSA_PID]) 619 peer = get_net_ns_by_pid(nla_get_u32(tb[NETNSA_PID])); 620 else if (tb[NETNSA_FD]) 621 peer = get_net_ns_by_fd(nla_get_u32(tb[NETNSA_FD])); 622 else 623 return -EINVAL; 624 625 if (IS_ERR(peer)) 626 return PTR_ERR(peer); 627 628 msg = nlmsg_new(rtnl_net_get_size(), GFP_KERNEL); 629 if (!msg) { 630 err = -ENOMEM; 631 goto out; 632 } 633 634 id = peernet2id(net, peer); 635 err = rtnl_net_fill(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, 636 RTM_GETNSID, net, id); 637 if (err < 0) 638 goto err_out; 639 640 err = rtnl_unicast(msg, net, NETLINK_CB(skb).portid); 641 goto out; 642 643 err_out: 644 nlmsg_free(msg); 645 out: 646 put_net(peer); 647 return err; 648 } 649 650 struct rtnl_net_dump_cb { 651 struct net *net; 652 struct sk_buff *skb; 653 struct netlink_callback *cb; 654 int idx; 655 int s_idx; 656 }; 657 658 static int rtnl_net_dumpid_one(int id, void *peer, void *data) 659 { 660 struct rtnl_net_dump_cb *net_cb = (struct rtnl_net_dump_cb *)data; 661 int ret; 662 663 if (net_cb->idx < net_cb->s_idx) 664 goto cont; 665 666 ret = rtnl_net_fill(net_cb->skb, NETLINK_CB(net_cb->cb->skb).portid, 667 net_cb->cb->nlh->nlmsg_seq, NLM_F_MULTI, 668 RTM_NEWNSID, net_cb->net, id); 669 if (ret < 0) 670 return ret; 671 672 cont: 673 net_cb->idx++; 674 return 0; 675 } 676 677 static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb) 678 { 679 struct net *net = sock_net(skb->sk); 680 struct rtnl_net_dump_cb net_cb = { 681 .net = net, 682 .skb = skb, 683 .cb = cb, 684 .idx = 0, 685 .s_idx = cb->args[0], 686 }; 687 unsigned long flags; 688 689 spin_lock_irqsave(&nsid_lock, flags); 690 idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb); 691 spin_unlock_irqrestore(&nsid_lock, flags); 692 693 cb->args[0] = net_cb.idx; 694 return skb->len; 695 } 696 697 static void rtnl_net_notifyid(struct net *net, int cmd, int id) 698 { 699 struct sk_buff *msg; 700 int err = -ENOMEM; 701 702 msg = nlmsg_new(rtnl_net_get_size(), GFP_KERNEL); 703 if (!msg) 704 goto out; 705 706 err = rtnl_net_fill(msg, 0, 0, 0, cmd, net, id); 707 if (err < 0) 708 goto err_out; 709 710 rtnl_notify(msg, net, 0, RTNLGRP_NSID, NULL, 0); 711 return; 712 713 err_out: 714 nlmsg_free(msg); 715 out: 716 rtnl_set_sk_err(net, RTNLGRP_NSID, err); 717 } 718 719 static int __init net_ns_init(void) 720 { 721 struct net_generic *ng; 722 723 #ifdef CONFIG_NET_NS 724 net_cachep = kmem_cache_create("net_namespace", sizeof(struct net), 725 SMP_CACHE_BYTES, 726 SLAB_PANIC, NULL); 727 728 /* Create workqueue for cleanup */ 729 netns_wq = create_singlethread_workqueue("netns"); 730 if (!netns_wq) 731 panic("Could not create netns workq"); 732 #endif 733 734 ng = net_alloc_generic(); 735 if (!ng) 736 panic("Could not allocate generic netns"); 737 738 rcu_assign_pointer(init_net.gen, ng); 739 740 mutex_lock(&net_mutex); 741 if (setup_net(&init_net, &init_user_ns)) 742 panic("Could not setup the initial network namespace"); 743 744 rtnl_lock(); 745 list_add_tail_rcu(&init_net.list, &net_namespace_list); 746 rtnl_unlock(); 747 748 mutex_unlock(&net_mutex); 749 750 register_pernet_subsys(&net_ns_ops); 751 752 rtnl_register(PF_UNSPEC, RTM_NEWNSID, rtnl_net_newid, NULL, NULL); 753 rtnl_register(PF_UNSPEC, RTM_GETNSID, rtnl_net_getid, rtnl_net_dumpid, 754 NULL); 755 756 return 0; 757 } 758 759 pure_initcall(net_ns_init); 760 761 #ifdef CONFIG_NET_NS 762 static int __register_pernet_operations(struct list_head *list, 763 struct pernet_operations *ops) 764 { 765 struct net *net; 766 int error; 767 LIST_HEAD(net_exit_list); 768 769 list_add_tail(&ops->list, list); 770 if (ops->init || (ops->id && ops->size)) { 771 for_each_net(net) { 772 error = ops_init(ops, net); 773 if (error) 774 goto out_undo; 775 list_add_tail(&net->exit_list, &net_exit_list); 776 } 777 } 778 return 0; 779 780 out_undo: 781 /* If I have an error cleanup all namespaces I initialized */ 782 list_del(&ops->list); 783 ops_exit_list(ops, &net_exit_list); 784 ops_free_list(ops, &net_exit_list); 785 return error; 786 } 787 788 static void __unregister_pernet_operations(struct pernet_operations *ops) 789 { 790 struct net *net; 791 LIST_HEAD(net_exit_list); 792 793 list_del(&ops->list); 794 for_each_net(net) 795 list_add_tail(&net->exit_list, &net_exit_list); 796 ops_exit_list(ops, &net_exit_list); 797 ops_free_list(ops, &net_exit_list); 798 } 799 800 #else 801 802 static int __register_pernet_operations(struct list_head *list, 803 struct pernet_operations *ops) 804 { 805 return ops_init(ops, &init_net); 806 } 807 808 static void __unregister_pernet_operations(struct pernet_operations *ops) 809 { 810 LIST_HEAD(net_exit_list); 811 list_add(&init_net.exit_list, &net_exit_list); 812 ops_exit_list(ops, &net_exit_list); 813 ops_free_list(ops, &net_exit_list); 814 } 815 816 #endif /* CONFIG_NET_NS */ 817 818 static DEFINE_IDA(net_generic_ids); 819 820 static int register_pernet_operations(struct list_head *list, 821 struct pernet_operations *ops) 822 { 823 int error; 824 825 if (ops->id) { 826 again: 827 error = ida_get_new_above(&net_generic_ids, 1, ops->id); 828 if (error < 0) { 829 if (error == -EAGAIN) { 830 ida_pre_get(&net_generic_ids, GFP_KERNEL); 831 goto again; 832 } 833 return error; 834 } 835 max_gen_ptrs = max_t(unsigned int, max_gen_ptrs, *ops->id); 836 } 837 error = __register_pernet_operations(list, ops); 838 if (error) { 839 rcu_barrier(); 840 if (ops->id) 841 ida_remove(&net_generic_ids, *ops->id); 842 } 843 844 return error; 845 } 846 847 static void unregister_pernet_operations(struct pernet_operations *ops) 848 { 849 850 __unregister_pernet_operations(ops); 851 rcu_barrier(); 852 if (ops->id) 853 ida_remove(&net_generic_ids, *ops->id); 854 } 855 856 /** 857 * register_pernet_subsys - register a network namespace subsystem 858 * @ops: pernet operations structure for the subsystem 859 * 860 * Register a subsystem which has init and exit functions 861 * that are called when network namespaces are created and 862 * destroyed respectively. 863 * 864 * When registered all network namespace init functions are 865 * called for every existing network namespace. Allowing kernel 866 * modules to have a race free view of the set of network namespaces. 867 * 868 * When a new network namespace is created all of the init 869 * methods are called in the order in which they were registered. 870 * 871 * When a network namespace is destroyed all of the exit methods 872 * are called in the reverse of the order with which they were 873 * registered. 874 */ 875 int register_pernet_subsys(struct pernet_operations *ops) 876 { 877 int error; 878 mutex_lock(&net_mutex); 879 error = register_pernet_operations(first_device, ops); 880 mutex_unlock(&net_mutex); 881 return error; 882 } 883 EXPORT_SYMBOL_GPL(register_pernet_subsys); 884 885 /** 886 * unregister_pernet_subsys - unregister a network namespace subsystem 887 * @ops: pernet operations structure to manipulate 888 * 889 * Remove the pernet operations structure from the list to be 890 * used when network namespaces are created or destroyed. In 891 * addition run the exit method for all existing network 892 * namespaces. 893 */ 894 void unregister_pernet_subsys(struct pernet_operations *ops) 895 { 896 mutex_lock(&net_mutex); 897 unregister_pernet_operations(ops); 898 mutex_unlock(&net_mutex); 899 } 900 EXPORT_SYMBOL_GPL(unregister_pernet_subsys); 901 902 /** 903 * register_pernet_device - register a network namespace device 904 * @ops: pernet operations structure for the subsystem 905 * 906 * Register a device which has init and exit functions 907 * that are called when network namespaces are created and 908 * destroyed respectively. 909 * 910 * When registered all network namespace init functions are 911 * called for every existing network namespace. Allowing kernel 912 * modules to have a race free view of the set of network namespaces. 913 * 914 * When a new network namespace is created all of the init 915 * methods are called in the order in which they were registered. 916 * 917 * When a network namespace is destroyed all of the exit methods 918 * are called in the reverse of the order with which they were 919 * registered. 920 */ 921 int register_pernet_device(struct pernet_operations *ops) 922 { 923 int error; 924 mutex_lock(&net_mutex); 925 error = register_pernet_operations(&pernet_list, ops); 926 if (!error && (first_device == &pernet_list)) 927 first_device = &ops->list; 928 mutex_unlock(&net_mutex); 929 return error; 930 } 931 EXPORT_SYMBOL_GPL(register_pernet_device); 932 933 /** 934 * unregister_pernet_device - unregister a network namespace netdevice 935 * @ops: pernet operations structure to manipulate 936 * 937 * Remove the pernet operations structure from the list to be 938 * used when network namespaces are created or destroyed. In 939 * addition run the exit method for all existing network 940 * namespaces. 941 */ 942 void unregister_pernet_device(struct pernet_operations *ops) 943 { 944 mutex_lock(&net_mutex); 945 if (&ops->list == first_device) 946 first_device = first_device->next; 947 unregister_pernet_operations(ops); 948 mutex_unlock(&net_mutex); 949 } 950 EXPORT_SYMBOL_GPL(unregister_pernet_device); 951 952 #ifdef CONFIG_NET_NS 953 static struct ns_common *netns_get(struct task_struct *task) 954 { 955 struct net *net = NULL; 956 struct nsproxy *nsproxy; 957 958 task_lock(task); 959 nsproxy = task->nsproxy; 960 if (nsproxy) 961 net = get_net(nsproxy->net_ns); 962 task_unlock(task); 963 964 return net ? &net->ns : NULL; 965 } 966 967 static inline struct net *to_net_ns(struct ns_common *ns) 968 { 969 return container_of(ns, struct net, ns); 970 } 971 972 static void netns_put(struct ns_common *ns) 973 { 974 put_net(to_net_ns(ns)); 975 } 976 977 static int netns_install(struct nsproxy *nsproxy, struct ns_common *ns) 978 { 979 struct net *net = to_net_ns(ns); 980 981 if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || 982 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) 983 return -EPERM; 984 985 put_net(nsproxy->net_ns); 986 nsproxy->net_ns = get_net(net); 987 return 0; 988 } 989 990 const struct proc_ns_operations netns_operations = { 991 .name = "net", 992 .type = CLONE_NEWNET, 993 .get = netns_get, 994 .put = netns_put, 995 .install = netns_install, 996 }; 997 #endif 998