28 				struct user_namespace *ns, int cap_setid,
32 static struct ucounts *inc_user_namespaces(struct user_namespace *ns, kuid_t uid)  in inc_user_namespaces()  argument
34 	return inc_ucount(ns, uid, UCOUNT_USER_NAMESPACES);  in inc_user_namespaces()
71 	struct user_namespace *ns, *parent_ns = new->user_ns;  in create_user_ns()  local
105 	ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);  in create_user_ns()
106 	if (!ns)  in create_user_ns()
109 	ret = ns_alloc_inum(&ns->ns);  in create_user_ns()
112 	ns->ns.ops = &userns_operations;  in create_user_ns()
114 	atomic_set(&ns->count, 1);  in create_user_ns()
116 	ns->parent = parent_ns;  in create_user_ns()
117 	ns->level = parent_ns->level + 1;  in create_user_ns()
118 	ns->owner = owner;  in create_user_ns()
119 	ns->group = group;  in create_user_ns()
120 	INIT_WORK(&ns->work, free_user_ns);  in create_user_ns()
122 		ns->ucount_max[i] = INT_MAX;  in create_user_ns()
124 	ns->ucounts = ucounts;  in create_user_ns()
128 	ns->flags = parent_ns->flags;  in create_user_ns()
132 	INIT_LIST_HEAD(&ns->keyring_name_list);  in create_user_ns()
133 	init_rwsem(&ns->keyring_sem);  in create_user_ns()
136 	if (!setup_userns_sysctls(ns))  in create_user_ns()
139 	set_cred_user_ns(new, ns);  in create_user_ns()
143 	key_put(ns->persistent_keyring_register);  in create_user_ns()
145 	ns_free_inum(&ns->ns);  in create_user_ns()
147 	kmem_cache_free(user_ns_cachep, ns);  in create_user_ns()
176 	struct user_namespace *parent, *ns =  in free_user_ns()  local
180 		struct ucounts *ucounts = ns->ucounts;  in free_user_ns()
181 		parent = ns->parent;  in free_user_ns()
182 		if (ns->gid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) {  in free_user_ns()
183 			kfree(ns->gid_map.forward);  in free_user_ns()
184 			kfree(ns->gid_map.reverse);  in free_user_ns()
186 		if (ns->uid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) {  in free_user_ns()
187 			kfree(ns->uid_map.forward);  in free_user_ns()
188 			kfree(ns->uid_map.reverse);  in free_user_ns()
190 		if (ns->projid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) {  in free_user_ns()
191 			kfree(ns->projid_map.forward);  in free_user_ns()
192 			kfree(ns->projid_map.reverse);  in free_user_ns()
194 		retire_userns_sysctls(ns);  in free_user_ns()
195 		key_free_user_ns(ns);  in free_user_ns()
196 		ns_free_inum(&ns->ns);  in free_user_ns()
197 		kmem_cache_free(user_ns_cachep, ns);  in free_user_ns()
199 		ns = parent;  in free_user_ns()
203 void __put_user_ns(struct user_namespace *ns)  in __put_user_ns()  argument
205 	schedule_work(&ns->work);  in __put_user_ns()
375  *	@ns:  User namespace that the uid is in
386 kuid_t make_kuid(struct user_namespace *ns, uid_t uid)  in make_kuid()  argument
389 	return KUIDT_INIT(map_id_down(&ns->uid_map, uid));  in make_kuid()
443  *	@ns:  User namespace that the gid is in
454 kgid_t make_kgid(struct user_namespace *ns, gid_t gid)  in make_kgid()  argument
457 	return KGIDT_INIT(map_id_down(&ns->gid_map, gid));  in make_kgid()
510  *	@ns:  User namespace that the projid is in
521 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)  in make_kprojid()  argument
524 	return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));  in make_kprojid()
579 	struct user_namespace *ns = seq->private;  in uid_m_show()  local
585 	if ((lower_ns == ns) && lower_ns->parent)  in uid_m_show()
600 	struct user_namespace *ns = seq->private;  in gid_m_show()  local
606 	if ((lower_ns == ns) && lower_ns->parent)  in gid_m_show()
621 	struct user_namespace *ns = seq->private;  in projid_m_show()  local
627 	if ((lower_ns == ns) && lower_ns->parent)  in projid_m_show()
658 	struct user_namespace *ns = seq->private;  in uid_m_start()  local
660 	return m_start(seq, ppos, &ns->uid_map);  in uid_m_start()
665 	struct user_namespace *ns = seq->private;  in gid_m_start()  local
667 	return m_start(seq, ppos, &ns->gid_map);  in gid_m_start()
672 	struct user_namespace *ns = seq->private;  in projid_m_start()  local
674 	return m_start(seq, ppos, &ns->projid_map);  in projid_m_start()
851 	struct user_namespace *ns = seq->private;  in map_write()  local
898 	if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))  in map_write()
968 	if (!new_idmap_permitted(file, ns, cap_setid, &new_map))  in map_write()
1036 	struct user_namespace *ns = seq->private;  in proc_uid_map_write()  local
1039 	if (!ns->parent)  in proc_uid_map_write()
1042 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_uid_map_write()
1046 			 &ns->uid_map, &ns->parent->uid_map);  in proc_uid_map_write()
1053 	struct user_namespace *ns = seq->private;  in proc_gid_map_write()  local
1056 	if (!ns->parent)  in proc_gid_map_write()
1059 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_gid_map_write()
1063 			 &ns->gid_map, &ns->parent->gid_map);  in proc_gid_map_write()
1070 	struct user_namespace *ns = seq->private;  in proc_projid_map_write()  local
1073 	if (!ns->parent)  in proc_projid_map_write()
1076 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_projid_map_write()
1081 			 &ns->projid_map, &ns->parent->projid_map);  in proc_projid_map_write()
1085 				struct user_namespace *ns, int cap_setid,  in new_idmap_permitted()  argument
1093 	    uid_eq(ns->owner, cred->euid)) {  in new_idmap_permitted()
1096 			kuid_t uid = make_kuid(ns->parent, id);  in new_idmap_permitted()
1100 			kgid_t gid = make_kgid(ns->parent, id);  in new_idmap_permitted()
1101 			if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&  in new_idmap_permitted()
1115 	if (ns_capable(ns->parent, cap_setid) &&  in new_idmap_permitted()
1116 	    file_ns_capable(file, ns->parent, cap_setid))  in new_idmap_permitted()
1124 	struct user_namespace *ns = seq->private;  in proc_setgroups_show()  local
1125 	unsigned long userns_flags = READ_ONCE(ns->flags);  in proc_setgroups_show()
1137 	struct user_namespace *ns = seq->private;  in proc_setgroups_write()  local
1178 		if (!(ns->flags & USERNS_SETGROUPS_ALLOWED))  in proc_setgroups_write()
1184 		if (ns->gid_map.nr_extents != 0)  in proc_setgroups_write()
1186 		ns->flags &= ~USERNS_SETGROUPS_ALLOWED;  in proc_setgroups_write()
1200 bool userns_may_setgroups(const struct user_namespace *ns)  in userns_may_setgroups()  argument
1208 	allowed = ns->gid_map.nr_extents != 0;  in userns_may_setgroups()
1210 	allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED);  in userns_may_setgroups()
1223 	const struct user_namespace *ns;  in in_userns()  local
1224 	for (ns = child; ns->level > ancestor->level; ns = ns->parent)  in in_userns()
1226 	return (ns == ancestor);  in in_userns()
1235 static inline struct user_namespace *to_user_ns(struct ns_common *ns)  in to_user_ns()  argument
1237 	return container_of(ns, struct user_namespace, ns);  in to_user_ns()
1248 	return user_ns ? &user_ns->ns : NULL;  in userns_get()
1251 static void userns_put(struct ns_common *ns)  in userns_put()  argument
1253 	put_user_ns(to_user_ns(ns));  in userns_put()
1256 static int userns_install(struct nsset *nsset, struct ns_common *ns)  in userns_install()  argument
1258 	struct user_namespace *user_ns = to_user_ns(ns);  in userns_install()
1287 struct ns_common *ns_get_owner(struct ns_common *ns)  in ns_get_owner()  argument
1293 	owner = p = ns->ops->owner(ns);  in ns_get_owner()
1302 	return &get_user_ns(owner)->ns;  in ns_get_owner()
1305 static struct user_namespace *userns_owner(struct ns_common *ns)  in userns_owner()  argument
1307 	return to_user_ns(ns)->parent;  in userns_owner()