android_kernel_google_msm/include/linux/user_namespace.h
Serge E. Hallyn 626ac545c1 user namespace: fix copy_user_ns return value
When a CONFIG_USER_NS=n and a user tries to unshare some namespace other
than the user namespace, the dummy copy_user_ns returns NULL rather than
the old_ns.

This value then gets assigned to task->nsproxy->user_ns, so that a
subsequent setuid, which uses task->nsproxy->user_ns, causes a NULL
pointer deref.

Fix this by returning old_ns.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19 14:05:08 -07:00

61 lines
1.2 KiB
C

#ifndef _LINUX_USER_NAMESPACE_H
#define _LINUX_USER_NAMESPACE_H
#include <linux/kref.h>
#include <linux/nsproxy.h>
#include <linux/sched.h>
#include <linux/err.h>
#define UIDHASH_BITS (CONFIG_BASE_SMALL ? 3 : 8)
#define UIDHASH_SZ (1 << UIDHASH_BITS)
struct user_namespace {
struct kref kref;
struct list_head uidhash_table[UIDHASH_SZ];
struct user_struct *root_user;
};
extern struct user_namespace init_user_ns;
#ifdef CONFIG_USER_NS
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
if (ns)
kref_get(&ns->kref);
return ns;
}
extern struct user_namespace *copy_user_ns(int flags,
struct user_namespace *old_ns);
extern void free_user_ns(struct kref *kref);
static inline void put_user_ns(struct user_namespace *ns)
{
if (ns)
kref_put(&ns->kref, free_user_ns);
}
#else
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
return &init_user_ns;
}
static inline struct user_namespace *copy_user_ns(int flags,
struct user_namespace *old_ns)
{
if (flags & CLONE_NEWUSER)
return ERR_PTR(-EINVAL);
return old_ns;
}
static inline void put_user_ns(struct user_namespace *ns)
{
}
#endif
#endif /* _LINUX_USER_H */