nstree.c source code [linux/kernel/nstree.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/ Copyright (c) 2025 Christian Brauner <brauner@kernel.org> /
3
4	#include <linux/nstree.h>
5	#include <linux/proc_ns.h>
6	#include <linux/rculist.h>
7	#include <linux/vfsdebug.h>
8	#include <linux/syscalls.h>
9	#include <linux/user_namespace.h>
10
11	static __cacheline_aligned_in_smp DEFINE_SEQLOCK(ns_tree_lock);
12
13	DEFINE_LOCK_GUARD_0(ns_tree_writer,
14	write_seqlock(&ns_tree_lock),
15	write_sequnlock(&ns_tree_lock))
16
17	DEFINE_LOCK_GUARD_0(ns_tree_locked_reader,
18	read_seqlock_excl(&ns_tree_lock),
19	read_sequnlock_excl(&ns_tree_lock))
20
21	static struct ns_tree_root ns_unified_root = { / protected by ns_tree_lock /
22	.ns_rb = RB_ROOT,
23	.ns_list_head = LIST_HEAD_INIT(ns_unified_root.ns_list_head),
24	};
25
26	struct ns_tree_root mnt_ns_tree = {
27	.ns_rb = RB_ROOT,
28	.ns_list_head = LIST_HEAD_INIT(mnt_ns_tree.ns_list_head),
29	};
30
31	struct ns_tree_root net_ns_tree = {
32	.ns_rb = RB_ROOT,
33	.ns_list_head = LIST_HEAD_INIT(net_ns_tree.ns_list_head),
34	};
35	EXPORT_SYMBOL_GPL(net_ns_tree);
36
37	struct ns_tree_root uts_ns_tree = {
38	.ns_rb = RB_ROOT,
39	.ns_list_head = LIST_HEAD_INIT(uts_ns_tree.ns_list_head),
40	};
41
42	struct ns_tree_root user_ns_tree = {
43	.ns_rb = RB_ROOT,
44	.ns_list_head = LIST_HEAD_INIT(user_ns_tree.ns_list_head),
45	};
46
47	struct ns_tree_root ipc_ns_tree = {
48	.ns_rb = RB_ROOT,
49	.ns_list_head = LIST_HEAD_INIT(ipc_ns_tree.ns_list_head),
50	};
51
52	struct ns_tree_root pid_ns_tree = {
53	.ns_rb = RB_ROOT,
54	.ns_list_head = LIST_HEAD_INIT(pid_ns_tree.ns_list_head),
55	};
56
57	struct ns_tree_root cgroup_ns_tree = {
58	.ns_rb = RB_ROOT,
59	.ns_list_head = LIST_HEAD_INIT(cgroup_ns_tree.ns_list_head),
60	};
61
62	struct ns_tree_root time_ns_tree = {
63	.ns_rb = RB_ROOT,
64	.ns_list_head = LIST_HEAD_INIT(time_ns_tree.ns_list_head),
65	};
66
67	/**
68	* ns_tree_node_init - Initialize a namespace tree node
69	* @node: The node to initialize
70	*
71	* Initializes both the rbtree node and list entry.
72	*/
73	void ns_tree_node_init(struct ns_tree_node *node)
74	{
75	RB_CLEAR_NODE(&node->ns_node);
76	INIT_LIST_HEAD(list: &node->ns_list_entry);
77	}
78
79	/**
80	* ns_tree_root_init - Initialize a namespace tree root
81	* @root: The root to initialize
82	*
83	* Initializes both the rbtree root and list head.
84	*/
85	void ns_tree_root_init(struct ns_tree_root *root)
86	{
87	root->ns_rb = RB_ROOT;
88	INIT_LIST_HEAD(list: &root->ns_list_head);
89	}
90
91	/**
92	* ns_tree_node_empty - Check if a namespace tree node is empty
93	* @node: The node to check
94	*
95	* Returns true if the node is not in any tree.
96	*/
97	bool ns_tree_node_empty(const struct ns_tree_node *node)
98	{
99	return RB_EMPTY_NODE(&node->ns_node);
100	}
101
102	/**
103	* ns_tree_node_add - Add a node to a namespace tree
104	* @node: The node to add
105	* @root: The tree root to add to
106	* @cmp: Comparison function for rbtree insertion
107	*
108	* Adds the node to both the rbtree and the list, maintaining sorted order.
109	* The list is maintained in the same order as the rbtree to enable efficient
110	* iteration.
111	*
112	* Returns: NULL if insertion succeeded, existing node if duplicate found
113	*/
114	struct rb_node ns_tree_node_add(struct* ns_tree_node *node,
115	struct ns_tree_root *root,
116	int (cmp)(struct* rb_node , const* struct rb_node *))
117	{
118	struct rb_node ret, prev;
119
120	/ Add to rbtree /
121	ret = rb_find_add_rcu(node: &node->ns_node, tree: &root->ns_rb, cmp);
122
123	/ Add to list in sorted order /
124	prev = rb_prev(&node->ns_node);
125	if (!prev) {
126	/ No previous node, add at head /
127	list_add_rcu(new: &node->ns_list_entry, head: &root->ns_list_head);
128	} else {
129	/ Add after previous node /
130	struct ns_tree_node *prev_node;
131	prev_node = rb_entry(prev, struct ns_tree_node, ns_node);
132	list_add_rcu(new: &node->ns_list_entry, head: &prev_node->ns_list_entry);
133	}
134
135	return ret;
136	}
137
138	/**
139	* ns_tree_node_del - Remove a node from a namespace tree
140	* @node: The node to remove
141	* @root: The tree root to remove from
142	*
143	* Removes the node from both the rbtree and the list atomically.
144	*/
145	void ns_tree_node_del(struct ns_tree_node node, struct* ns_tree_root *root)
146	{
147	rb_erase(&node->ns_node, &root->ns_rb);
148	RB_CLEAR_NODE(&node->ns_node);
149	list_bidir_del_rcu(entry: &node->ns_list_entry);
150	}
151
152	static inline struct ns_common node_to_ns(const* struct rb_node *node)
153	{
154	if (!node)
155	return NULL;
156	return rb_entry(node, struct ns_common, ns_tree_node.ns_node);
157	}
158
159	static inline struct ns_common node_to_ns_unified(const* struct rb_node *node)
160	{
161	if (!node)
162	return NULL;
163	return rb_entry(node, struct ns_common, ns_unified_node.ns_node);
164	}
165
166	static inline struct ns_common node_to_ns_owner(const* struct rb_node *node)
167	{
168	if (!node)
169	return NULL;
170	return rb_entry(node, struct ns_common, ns_owner_node.ns_node);
171	}
172
173	static int ns_id_cmp(u64 id_a, u64 id_b)
174	{
175	if (id_a < id_b)
176	return -`1`;
177	if (id_a > id_b)
178	return `1`;
179	return `0`;
180	}
181
182	static int ns_cmp(struct rb_node a, const* struct rb_node *b)
183	{
184	return ns_id_cmp(id_a: node_to_ns(node: a)->ns_id, id_b: node_to_ns(node: b)->ns_id);
185	}
186
187	static int ns_cmp_unified(struct rb_node a, const* struct rb_node *b)
188	{
189	return ns_id_cmp(id_a: node_to_ns_unified(node: a)->ns_id, id_b: node_to_ns_unified(node: b)->ns_id);
190	}
191
192	static int ns_cmp_owner(struct rb_node a, const* struct rb_node *b)
193	{
194	return ns_id_cmp(id_a: node_to_ns_owner(node: a)->ns_id, id_b: node_to_ns_owner(node: b)->ns_id);
195	}
196
197	void __ns_tree_add_raw(struct ns_common ns, struct* ns_tree_root *ns_tree)
198	{
199	struct rb_node *node;
200	const struct proc_ns_operations *ops = ns->ops;
201
202	VFS_WARN_ON_ONCE(!ns->ns_id);
203
204	guard(ns_tree_writer)();
205
206	/ Add to per-type tree and list /
207	node = ns_tree_node_add(node: &ns->ns_tree_node, root: ns_tree, cmp: ns_cmp);
208
209	/ Add to unified tree and list /
210	ns_tree_node_add(node: &ns->ns_unified_node, root: &ns_unified_root, cmp: ns_cmp_unified);
211
212	/ Add to owner's tree if applicable /
213	if (ops) {
214	struct user_namespace *user_ns;
215
216	VFS_WARN_ON_ONCE(!ops->owner);
217	user_ns = ops->owner(ns);
218	if (user_ns) {
219	struct ns_common *owner = &user_ns->ns;
220	VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER);
221
222	/ Insert into owner's tree and list /
223	ns_tree_node_add(node: &ns->ns_owner_node, root: &owner->ns_owner_root, cmp: ns_cmp_owner);
224	} else {
225	/ Only the initial user namespace doesn't have an owner. /
226	VFS_WARN_ON_ONCE(ns != to_ns_common(&init_user_ns));
227	}
228	}
229
230	VFS_WARN_ON_ONCE(node);
231	}
232
233	void __ns_tree_remove(struct ns_common ns, struct* ns_tree_root *ns_tree)
234	{
235	const struct proc_ns_operations *ops = ns->ops;
236	struct user_namespace *user_ns;
237
238	VFS_WARN_ON_ONCE(ns_tree_node_empty(&ns->ns_tree_node));
239	VFS_WARN_ON_ONCE(list_empty(&ns->ns_tree_node.ns_list_entry));
240
241	write_seqlock(sl: &ns_tree_lock);
242
243	/ Remove from per-type tree and list /
244	ns_tree_node_del(node: &ns->ns_tree_node, root: ns_tree);
245
246	/ Remove from unified tree and list /
247	ns_tree_node_del(node: &ns->ns_unified_node, root: &ns_unified_root);
248
249	/ Remove from owner's tree if applicable /
250	if (ops) {
251	user_ns = ops->owner(ns);
252	if (user_ns) {
253	struct ns_common *owner = &user_ns->ns;
254	ns_tree_node_del(node: &ns->ns_owner_node, root: &owner->ns_owner_root);
255	}
256	}
257
258	write_sequnlock(sl: &ns_tree_lock);
259	}
260	EXPORT_SYMBOL_GPL(__ns_tree_remove);
261
262	static int ns_find(const void key, const* struct rb_node *node)
263	{
264	const u64 ns_id = (u64 )key;
265	const struct ns_common *ns = node_to_ns(node);
266
267	if (ns_id < ns->ns_id)
268	return -`1`;
269	if (ns_id > ns->ns_id)
270	return `1`;
271	return `0`;
272	}
273
274	static int ns_find_unified(const void key, const* struct rb_node *node)
275	{
276	const u64 ns_id = (u64 )key;
277	const struct ns_common *ns = node_to_ns_unified(node);
278
279	if (ns_id < ns->ns_id)
280	return -`1`;
281	if (ns_id > ns->ns_id)
282	return `1`;
283	return `0`;
284	}
285
286	static struct ns_tree_root ns_tree_from_type(int* ns_type)
287	{
288	switch (ns_type) {
289	case CLONE_NEWCGROUP:
290	return &cgroup_ns_tree;
291	case CLONE_NEWIPC:
292	return &ipc_ns_tree;
293	case CLONE_NEWNS:
294	return &mnt_ns_tree;
295	case CLONE_NEWNET:
296	return &net_ns_tree;
297	case CLONE_NEWPID:
298	return &pid_ns_tree;
299	case CLONE_NEWUSER:
300	return &user_ns_tree;
301	case CLONE_NEWUTS:
302	return &uts_ns_tree;
303	case CLONE_NEWTIME:
304	return &time_ns_tree;
305	}
306
307	return NULL;
308	}
309
310	static struct ns_common *__ns_unified_tree_lookup_rcu(u64 ns_id)
311	{
312	struct rb_node *node;
313	unsigned int seq;
314
315	do {
316	seq = read_seqbegin(sl: &ns_tree_lock);
317	node = rb_find_rcu(key: &ns_id, tree: &ns_unified_root.ns_rb, cmp: ns_find_unified);
318	if (node)
319	break;
320	} while (read_seqretry(sl: &ns_tree_lock, start: seq));
321
322	return node_to_ns_unified(node);
323	}
324
325	static struct ns_common __ns_tree_lookup_rcu(u64 ns_id, int* ns_type)
326	{
327	struct ns_tree_root *ns_tree;
328	struct rb_node *node;
329	unsigned int seq;
330
331	ns_tree = ns_tree_from_type(ns_type);
332	if (!ns_tree)
333	return NULL;
334
335	do {
336	seq = read_seqbegin(sl: &ns_tree_lock);
337	node = rb_find_rcu(key: &ns_id, tree: &ns_tree->ns_rb, cmp: ns_find);
338	if (node)
339	break;
340	} while (read_seqretry(sl: &ns_tree_lock, start: seq));
341
342	return node_to_ns(node);
343	}
344
345	struct ns_common ns_tree_lookup_rcu(u64 ns_id, int* ns_type)
346	{
347	RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_lookup_rcu() usage");
348
349	if (ns_type)
350	return __ns_tree_lookup_rcu(ns_id, ns_type);
351
352	return __ns_unified_tree_lookup_rcu(ns_id);
353	}
354
355	/**
356	* __ns_tree_adjoined_rcu - find the next/previous namespace in the same
357	* tree
358	* @ns: namespace to start from
359	* @ns_tree: namespace tree to search in
360	* @previous: if true find the previous namespace, otherwise the next
361	*
362	* Find the next or previous namespace in the same tree as @ns. If
363	* there is no next/previous namespace, -ENOENT is returned.
364	*/
365	struct ns_common __ns_tree_adjoined_rcu(struct* ns_common *ns,
366	struct ns_tree_root *ns_tree, bool previous)
367	{
368	struct list_head *list;
369
370	RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "suspicious ns_tree_adjoined_rcu() usage");
371
372	if (previous)
373	list = rcu_dereference(list_bidir_prev_rcu(&ns->ns_tree_node.ns_list_entry));
374	else
375	list = rcu_dereference(list_next_rcu(&ns->ns_tree_node.ns_list_entry));
376	if (list_is_head(list, head: &ns_tree->ns_list_head))
377	return ERR_PTR(error: -ENOENT);
378
379	return list_entry_rcu(list, struct ns_common, ns_tree_node.ns_list_entry);
380	}
381
382	/**
383	* __ns_tree_gen_id - generate a new namespace id
384	* @ns: namespace to generate id for
385	* @id: if non-zero, this is the initial namespace and this is a fixed id
386	*
387	* Generates a new namespace id and assigns it to the namespace. All
388	* namespaces types share the same id space and thus can be compared
389	* directly. IOW, when two ids of two namespace are equal, they are
390	* identical.
391	*/
392	u64 __ns_tree_gen_id(struct ns_common *ns, u64 id)
393	{
394	static atomic64_t namespace_cookie = ATOMIC64_INIT(NS_LAST_INIT_ID + `1`);
395
396	if (id)
397	ns->ns_id = id;
398	else
399	ns->ns_id = atomic64_inc_return(v: &namespace_cookie);
400	return ns->ns_id;
401	}
402
403	struct klistns {
404	u64 __user *uns_ids;
405	u32 nr_ns_ids;
406	u64 last_ns_id;
407	u64 user_ns_id;
408	u32 ns_type;
409	struct user_namespace *user_ns;
410	bool userns_capable;
411	struct ns_common *first_ns;
412	};
413
414	static void __free_klistns_free(const struct klistns *kls)
415	{
416	if (kls->user_ns_id != LISTNS_CURRENT_USER)
417	put_user_ns(ns: kls->user_ns);
418	if (kls->first_ns && kls->first_ns->ops)
419	kls->first_ns->ops->put(kls->first_ns);
420	}
421
422	#define NS_ALL (PID_NS \| USER_NS \| MNT_NS \| UTS_NS \| IPC_NS \| NET_NS \| CGROUP_NS \| TIME_NS)
423
424	static int copy_ns_id_req(const struct ns_id_req __user *req,
425	struct ns_id_req *kreq)
426	{
427	int ret;
428	size_t usize;
429
430	BUILD_BUG_ON(sizeof(struct ns_id_req) != NS_ID_REQ_SIZE_VER0);
431
432	ret = get_user(usize, &req->size);
433	if (ret)
434	return -EFAULT;
435	if (unlikely(usize > PAGE_SIZE))
436	return -E2BIG;
437	if (unlikely(usize < NS_ID_REQ_SIZE_VER0))
438	return -EINVAL;
439	memset(kreq, `0`, sizeof(*kreq));
440	ret = copy_struct_from_user(dst: kreq, ksize: sizeof(*kreq), src: req, usize);
441	if (ret)
442	return ret;
443	if (kreq->spare != `0`)
444	return -EINVAL;
445	if (kreq->ns_type & ~NS_ALL)
446	return -EOPNOTSUPP;
447	return `0`;
448	}
449
450	static inline int prepare_klistns(struct klistns kls, struct* ns_id_req *kreq,
451	u64 __user *ns_ids, size_t nr_ns_ids)
452	{
453	kls->last_ns_id = kreq->ns_id;
454	kls->user_ns_id = kreq->user_ns_id;
455	kls->nr_ns_ids = nr_ns_ids;
456	kls->ns_type = kreq->ns_type;
457	kls->uns_ids = ns_ids;
458	return `0`;
459	}
460
461	/*
462	* Lookup a namespace owned by owner with id >= ns_id.
463	* Returns the namespace with the smallest id that is >= ns_id.
464	*/
465	static struct ns_common lookup_ns_owner_at(u64 ns_id, struct* ns_common *owner)
466	{
467	struct ns_common *ret = NULL;
468	struct rb_node *node;
469
470	VFS_WARN_ON_ONCE(owner->ns_type != CLONE_NEWUSER);
471
472	guard(ns_tree_locked_reader)();
473
474	node = owner->ns_owner_root.ns_rb.rb_node;
475	while (node) {
476	struct ns_common *ns;
477
478	ns = node_to_ns_owner(node);
479	if (ns_id <= ns->ns_id) {
480	ret = ns;
481	if (ns_id == ns->ns_id)
482	break;
483	node = node->rb_left;
484	} else {
485	node = node->rb_right;
486	}
487	}
488
489	if (ret)
490	ret = ns_get_unless_inactive(ns: ret);
491	return ret;
492	}
493
494	static struct ns_common lookup_ns_id(u64 mnt_ns_id, int* ns_type)
495	{
496	struct ns_common *ns;
497
498	guard(rcu)();
499	ns = ns_tree_lookup_rcu(ns_id: mnt_ns_id, ns_type);
500	if (!ns)
501	return NULL;
502
503	if (!ns_get_unless_inactive(ns))
504	return NULL;
505
506	return ns;
507	}
508
509	static inline bool __must_check ns_requested(const struct klistns *kls,
510	const struct ns_common *ns)
511	{
512	return !kls->ns_type \|\| (kls->ns_type & ns->ns_type);
513	}
514
515	static inline bool __must_check may_list_ns(const struct klistns *kls,
516	struct ns_common *ns)
517	{
518	if (kls->user_ns) {
519	if (kls->userns_capable)
520	return true;
521	} else {
522	struct ns_common *owner;
523	struct user_namespace *user_ns;
524
525	owner = ns_owner(ns);
526	if (owner)
527	user_ns = to_user_ns(ns: owner);
528	else
529	user_ns = &init_user_ns;
530	if (ns_capable_noaudit(ns: user_ns, CAP_SYS_ADMIN))
531	return true;
532	}
533
534	if (is_current_namespace(ns))
535	return true;
536
537	if (ns->ns_type != CLONE_NEWUSER)
538	return false;
539
540	if (ns_capable_noaudit(ns: to_user_ns(ns), CAP_SYS_ADMIN))
541	return true;
542
543	return false;
544	}
545
546	static inline void ns_put(struct ns_common *ns)
547	{
548	if (ns && ns->ops)
549	ns->ops->put(ns);
550	}
551
552	DEFINE_FREE(ns_put, struct ns_common *, if (!IS_ERR_OR_NULL(_T)) ns_put(_T))
553
554	static inline struct ns_common __must_check legitimize_ns(const* struct klistns *kls,
555	struct ns_common *candidate)
556	{
557	struct ns_common *ns __free(ns_put) = NULL;
558
559	if (!ns_requested(kls, ns: candidate))
560	return NULL;
561
562	ns = ns_get_unless_inactive(ns: candidate);
563	if (!ns)
564	return NULL;
565
566	if (!may_list_ns(kls, ns))
567	return NULL;
568
569	return no_free_ptr(ns);
570	}
571
572	static ssize_t do_listns_userns(struct klistns *kls)
573	{
574	u64 __user *ns_ids = kls->uns_ids;
575	size_t nr_ns_ids = kls->nr_ns_ids;
576	struct ns_common ns = NULL, first_ns = NULL, *prev = NULL;
577	const struct list_head *head;
578	ssize_t ret;
579
580	VFS_WARN_ON_ONCE(!kls->user_ns_id);
581
582	if (kls->user_ns_id == LISTNS_CURRENT_USER)
583	ns = to_ns_common(current_user_ns());
584	else if (kls->user_ns_id)
585	ns = lookup_ns_id(mnt_ns_id: kls->user_ns_id, CLONE_NEWUSER);
586	if (!ns)
587	return -EINVAL;
588	kls->user_ns = to_user_ns(ns);
589
590	/*
591	* Use the rbtree to find the first namespace we care about and
592	* then use it's list entry to iterate from there.
593	*/
594	if (kls->last_ns_id) {
595	kls->first_ns = lookup_ns_owner_at(ns_id: kls->last_ns_id + `1`, owner: ns);
596	if (!kls->first_ns)
597	return -ENOENT;
598	first_ns = kls->first_ns;
599	}
600
601	ret = `0`;
602	head = &to_ns_common(kls->user_ns)->ns_owner_root.ns_list_head;
603	kls->userns_capable = ns_capable_noaudit(ns: kls->user_ns, CAP_SYS_ADMIN);
604
605	rcu_read_lock();
606
607	if (!first_ns)
608	first_ns = list_entry_rcu(head->next, typeof(*first_ns), ns_owner_node.ns_list_entry);
609
610	ns = first_ns;
611	list_for_each_entry_from_rcu(ns, head, ns_owner_node.ns_list_entry) {
612	struct ns_common *valid;
613
614	if (!nr_ns_ids)
615	break;
616
617	valid = legitimize_ns(kls, candidate: ns);
618	if (!valid)
619	continue;
620
621	rcu_read_unlock();
622
623	ns_put(ns: prev);
624	prev = valid;
625
626	if (put_user(valid->ns_id, ns_ids + ret)) {
627	ns_put(ns: prev);
628	return -EFAULT;
629	}
630
631	nr_ns_ids--;
632	ret++;
633
634	rcu_read_lock();
635	}
636
637	rcu_read_unlock();
638	ns_put(ns: prev);
639	return ret;
640	}
641
642	/*
643	* Lookup a namespace with id >= ns_id in either the unified tree or a type-specific tree.
644	* Returns the namespace with the smallest id that is >= ns_id.
645	*/
646	static struct ns_common lookup_ns_id_at(u64 ns_id, int* ns_type)
647	{
648	struct ns_common *ret = NULL;
649	struct ns_tree_root *ns_tree = NULL;
650	struct rb_node *node;
651
652	if (ns_type) {
653	ns_tree = ns_tree_from_type(ns_type);
654	if (!ns_tree)
655	return NULL;
656	}
657
658	guard(ns_tree_locked_reader)();
659
660	if (ns_tree)
661	node = ns_tree->ns_rb.rb_node;
662	else
663	node = ns_unified_root.ns_rb.rb_node;
664
665	while (node) {
666	struct ns_common *ns;
667
668	if (ns_type)
669	ns = node_to_ns(node);
670	else
671	ns = node_to_ns_unified(node);
672
673	if (ns_id <= ns->ns_id) {
674	if (ns_type)
675	ret = node_to_ns(node);
676	else
677	ret = node_to_ns_unified(node);
678	if (ns_id == ns->ns_id)
679	break;
680	node = node->rb_left;
681	} else {
682	node = node->rb_right;
683	}
684	}
685
686	if (ret)
687	ret = ns_get_unless_inactive(ns: ret);
688	return ret;
689	}
690
691	static inline struct ns_common first_ns_common(const* struct list_head *head,
692	struct ns_tree_root *ns_tree)
693	{
694	if (ns_tree)
695	return list_entry_rcu(head->next, struct ns_common, ns_tree_node.ns_list_entry);
696	return list_entry_rcu(head->next, struct ns_common, ns_unified_node.ns_list_entry);
697	}
698
699	static inline struct ns_common next_ns_common(struct* ns_common *ns,
700	struct ns_tree_root *ns_tree)
701	{
702	if (ns_tree)
703	return list_entry_rcu(ns->ns_tree_node.ns_list_entry.next, struct ns_common, ns_tree_node.ns_list_entry);
704	return list_entry_rcu(ns->ns_unified_node.ns_list_entry.next, struct ns_common, ns_unified_node.ns_list_entry);
705	}
706
707	static inline bool ns_common_is_head(struct ns_common *ns,
708	const struct list_head *head,
709	struct ns_tree_root *ns_tree)
710	{
711	if (ns_tree)
712	return &ns->ns_tree_node.ns_list_entry == head;
713	return &ns->ns_unified_node.ns_list_entry == head;
714	}
715
716	static ssize_t do_listns(struct klistns *kls)
717	{
718	u64 __user *ns_ids = kls->uns_ids;
719	size_t nr_ns_ids = kls->nr_ns_ids;
720	struct ns_common ns, first_ns = NULL, *prev = NULL;
721	struct ns_tree_root *ns_tree = NULL;
722	const struct list_head *head;
723	u32 ns_type;
724	ssize_t ret;
725
726	if (hweight32(kls->ns_type) == `1`)
727	ns_type = kls->ns_type;
728	else
729	ns_type = `0`;
730
731	if (ns_type) {
732	ns_tree = ns_tree_from_type(ns_type);
733	if (!ns_tree)
734	return -EINVAL;
735	}
736
737	if (kls->last_ns_id) {
738	kls->first_ns = lookup_ns_id_at(ns_id: kls->last_ns_id + `1`, ns_type);
739	if (!kls->first_ns)
740	return -ENOENT;
741	first_ns = kls->first_ns;
742	}
743
744	ret = `0`;
745	if (ns_tree)
746	head = &ns_tree->ns_list_head;
747	else
748	head = &ns_unified_root.ns_list_head;
749
750	rcu_read_lock();
751
752	if (!first_ns)
753	first_ns = first_ns_common(head, ns_tree);
754
755	for (ns = first_ns; !ns_common_is_head(ns, head, ns_tree) && nr_ns_ids;
756	ns = next_ns_common(ns, ns_tree)) {
757	struct ns_common *valid;
758
759	valid = legitimize_ns(kls, candidate: ns);
760	if (!valid)
761	continue;
762
763	rcu_read_unlock();
764
765	ns_put(ns: prev);
766	prev = valid;
767
768	if (put_user(valid->ns_id, ns_ids + ret)) {
769	ns_put(ns: prev);
770	return -EFAULT;
771	}
772
773	nr_ns_ids--;
774	ret++;
775
776	rcu_read_lock();
777	}
778
779	rcu_read_unlock();
780	ns_put(ns: prev);
781	return ret;
782	}
783
784	SYSCALL_DEFINE4(listns, const struct ns_id_req __user *, req,
785	u64 __user , ns_ids, size_t, nr_ns_ids, unsigned* int, flags)
786	{
787	struct klistns klns __free(klistns_free) = {};
788	const size_t maxcount = `1000000`;
789	struct ns_id_req kreq;
790	ssize_t ret;
791
792	if (flags)
793	return -EINVAL;
794
795	if (unlikely(nr_ns_ids > maxcount))
796	return -EOVERFLOW;
797
798	if (!access_ok(ns_ids, nr_ns_ids * sizeof(*ns_ids)))
799	return -EFAULT;
800
801	ret = copy_ns_id_req(req, kreq: &kreq);
802	if (ret)
803	return ret;
804
805	ret = prepare_klistns(kls: &klns, kreq: &kreq, ns_ids, nr_ns_ids);
806	if (ret)
807	return ret;
808
809	if (kreq.user_ns_id)
810	return do_listns_userns(kls: &klns);
811
812	return do_listns(kls: &klns);
813	}
814

source code of linux/kernel/nstree.c