watch_queue: Free the page array when watch_queue is dismantled

[mirror_ubuntu-jammy-kernel.git] / kernel / user_namespace.c

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6b2e3ca7ee993a7b0ff4fa44a6450770661106dc..628e5fce04ba58ecc7ae9627f72278e7e61ea33b 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -21,6 +21,12 @@
 #include <linux/bsearch.h>
 #include <linux/sort.h>
 
+/*
+ * sysctl determining whether unprivileged users may unshare a new
+ * userns.  Allowed by default
+ */
+int unprivileged_userns_clone = 1;
+
 static struct kmem_cache *user_ns_cachep __read_mostly;
 static DEFINE_MUTEX(userns_state_mutex);
 
@@ -58,6 +64,18 @@ static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
        cred->user_ns = user_ns;
 }
 
+static unsigned long enforced_nproc_rlimit(void)
+{
+       unsigned long limit = RLIM_INFINITY;
+
+       /* Is RLIMIT_NPROC currently enforced? */
+       if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) ||
+           (current_user_ns() != &init_user_ns))
+               limit = rlimit(RLIMIT_NPROC);
+
+       return limit;
+}
+
 /*
  * Create a new user namespace, deriving the creator from the user in the
  * passed credentials, and replacing that user with the new root user for the
@@ -122,7 +140,7 @@ int create_user_ns(struct cred *new)
        for (i = 0; i < MAX_PER_NAMESPACE_UCOUNTS; i++) {
                ns->ucount_max[i] = INT_MAX;
        }
-       set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC));
+       set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_NPROC, enforced_nproc_rlimit());
        set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_MSGQUEUE, rlimit(RLIMIT_MSGQUEUE));
        set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_SIGPENDING, rlimit(RLIMIT_SIGPENDING));
        set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_MEMLOCK, rlimit(RLIMIT_MEMLOCK));