forked from mirrors/linux
ce5a23c835
Following the pattern of io_uring, perf, skb, and bpf, iommfd will use user->locked_vm for accounting pinned pages. Ensure the value is included in the struct and export free_uid() as iommufd is modular. user->locked_vm is the good accounting to use for ulimit because it is per-user, and the security sandboxing of locked pages is not supposed to be per-process. Other places (vfio, vdpa and infiniband) have used mm->pinned_vm and/or mm->locked_vm for accounting pinned pages, but this is only per-process and inconsistent with the new FOLL_LONGTERM users in the kernel. Concurrent work is underway to try to put this in a cgroup, so everything can be consistent and the kernel can provide a FOLL_LONGTERM limit that actually provides security. Link: https://lore.kernel.org/r/7-v6-a196d26f289e+11787-iommufd_jgg@nvidia.com Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Yi Liu <yi.l.liu@intel.com> Tested-by: Lixiao Yang <lixiao.yang@intel.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
56 lines
1.5 KiB
C
56 lines
1.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_SCHED_USER_H
|
|
#define _LINUX_SCHED_USER_H
|
|
|
|
#include <linux/uidgid.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/percpu_counter.h>
|
|
#include <linux/refcount.h>
|
|
#include <linux/ratelimit.h>
|
|
|
|
/*
|
|
* Some day this will be a full-fledged user tracking system..
|
|
*/
|
|
struct user_struct {
|
|
refcount_t __count; /* reference count */
|
|
#ifdef CONFIG_EPOLL
|
|
struct percpu_counter epoll_watches; /* The number of file descriptors currently watched */
|
|
#endif
|
|
unsigned long unix_inflight; /* How many files in flight in unix sockets */
|
|
atomic_long_t pipe_bufs; /* how many pages are allocated in pipe buffers */
|
|
|
|
/* Hash table maintenance information */
|
|
struct hlist_node uidhash_node;
|
|
kuid_t uid;
|
|
|
|
#if defined(CONFIG_PERF_EVENTS) || defined(CONFIG_BPF_SYSCALL) || \
|
|
defined(CONFIG_NET) || defined(CONFIG_IO_URING) || \
|
|
defined(CONFIG_VFIO_PCI_ZDEV_KVM) || IS_ENABLED(CONFIG_IOMMUFD)
|
|
atomic_long_t locked_vm;
|
|
#endif
|
|
#ifdef CONFIG_WATCH_QUEUE
|
|
atomic_t nr_watches; /* The number of watches this user currently has */
|
|
#endif
|
|
|
|
/* Miscellaneous per-user rate limit */
|
|
struct ratelimit_state ratelimit;
|
|
};
|
|
|
|
extern int uids_sysfs_init(void);
|
|
|
|
extern struct user_struct *find_user(kuid_t);
|
|
|
|
extern struct user_struct root_user;
|
|
#define INIT_USER (&root_user)
|
|
|
|
|
|
/* per-UID process charging. */
|
|
extern struct user_struct * alloc_uid(kuid_t);
|
|
static inline struct user_struct *get_uid(struct user_struct *u)
|
|
{
|
|
refcount_inc(&u->__count);
|
|
return u;
|
|
}
|
|
extern void free_uid(struct user_struct *);
|
|
|
|
#endif /* _LINUX_SCHED_USER_H */
|