1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * fs/anon_inodes.c
4 *
5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
6 *
7 * Thanks to Arnd Bergmann for code review and suggestions.
8 * More changes for Thomas Gleixner suggestions.
9 *
10 */
11
12 #include <linux/cred.h>
13 #include <linux/file.h>
14 #include <linux/poll.h>
15 #include <linux/sched.h>
16 #include <linux/init.h>
17 #include <linux/fs.h>
18 #include <linux/mount.h>
19 #include <linux/module.h>
20 #include <linux/kernel.h>
21 #include <linux/magic.h>
22 #include <linux/anon_inodes.h>
23 #include <linux/pseudo_fs.h>
24
25 #include <linux/uaccess.h>
26
27 static struct vfsmount *anon_inode_mnt __read_mostly;
28 static struct inode *anon_inode_inode;
29
30 /*
31 * anon_inodefs_dname() is called from d_path().
32 */
anon_inodefs_dname(struct dentry * dentry,char * buffer,int buflen)33 static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen)
34 {
35 return dynamic_dname(buffer, buflen, "anon_inode:%s",
36 dentry->d_name.name);
37 }
38
39 static const struct dentry_operations anon_inodefs_dentry_operations = {
40 .d_dname = anon_inodefs_dname,
41 };
42
anon_inodefs_init_fs_context(struct fs_context * fc)43 static int anon_inodefs_init_fs_context(struct fs_context *fc)
44 {
45 struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);
46 if (!ctx)
47 return -ENOMEM;
48 ctx->dops = &anon_inodefs_dentry_operations;
49 return 0;
50 }
51
52 static struct file_system_type anon_inode_fs_type = {
53 .name = "anon_inodefs",
54 .init_fs_context = anon_inodefs_init_fs_context,
55 .kill_sb = kill_anon_super,
56 };
57
58 /**
59 * anon_inode_make_secure_inode - allocate an anonymous inode with security context
60 * @sb: [in] Superblock to allocate from
61 * @name: [in] Name of the class of the newfile (e.g., "secretmem")
62 * @context_inode:
63 * [in] Optional parent inode for security inheritance
64 *
65 * The function ensures proper security initialization through the LSM hook
66 * security_inode_init_security_anon().
67 *
68 * Return: Pointer to new inode on success, ERR_PTR on failure.
69 */
anon_inode_make_secure_inode(struct super_block * sb,const char * name,const struct inode * context_inode)70 struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name,
71 const struct inode *context_inode)
72 {
73 struct inode *inode;
74 const struct qstr qname = QSTR_INIT(name, strlen(name));
75 int error;
76
77 inode = alloc_anon_inode(sb);
78 if (IS_ERR(inode))
79 return inode;
80 inode->i_flags &= ~S_PRIVATE;
81 error = security_inode_init_security_anon(inode, &qname, context_inode);
82 if (error) {
83 iput(inode);
84 return ERR_PTR(error);
85 }
86 return inode;
87 }
88 EXPORT_SYMBOL_GPL_FOR_MODULES(anon_inode_make_secure_inode, "kvm");
89
__anon_inode_getfile(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode,bool secure)90 static struct file *__anon_inode_getfile(const char *name,
91 const struct file_operations *fops,
92 void *priv, int flags,
93 const struct inode *context_inode,
94 bool secure)
95 {
96 struct inode *inode;
97 struct file *file;
98
99 if (fops->owner && !try_module_get(fops->owner))
100 return ERR_PTR(-ENOENT);
101
102 if (secure) {
103 inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb,
104 name, context_inode);
105 if (IS_ERR(inode)) {
106 file = ERR_CAST(inode);
107 goto err;
108 }
109 } else {
110 inode = anon_inode_inode;
111 if (IS_ERR(inode)) {
112 file = ERR_PTR(-ENODEV);
113 goto err;
114 }
115 /*
116 * We know the anon_inode inode count is always
117 * greater than zero, so ihold() is safe.
118 */
119 ihold(inode);
120 }
121
122 file = alloc_file_pseudo(inode, anon_inode_mnt, name,
123 flags & (O_ACCMODE | O_NONBLOCK), fops);
124 if (IS_ERR(file))
125 goto err_iput;
126
127 file->f_mapping = inode->i_mapping;
128
129 file->private_data = priv;
130
131 return file;
132
133 err_iput:
134 iput(inode);
135 err:
136 module_put(fops->owner);
137 return file;
138 }
139
140 /**
141 * anon_inode_getfile - creates a new file instance by hooking it up to an
142 * anonymous inode, and a dentry that describe the "class"
143 * of the file
144 *
145 * @name: [in] name of the "class" of the new file
146 * @fops: [in] file operations for the new file
147 * @priv: [in] private data for the new file (will be file's private_data)
148 * @flags: [in] flags
149 *
150 * Creates a new file by hooking it on a single inode. This is useful for files
151 * that do not need to have a full-fledged inode in order to operate correctly.
152 * All the files created with anon_inode_getfile() will share a single inode,
153 * hence saving memory and avoiding code duplication for the file/inode/dentry
154 * setup. Returns the newly created file* or an error pointer.
155 */
anon_inode_getfile(const char * name,const struct file_operations * fops,void * priv,int flags)156 struct file *anon_inode_getfile(const char *name,
157 const struct file_operations *fops,
158 void *priv, int flags)
159 {
160 return __anon_inode_getfile(name, fops, priv, flags, NULL, false);
161 }
162 EXPORT_SYMBOL_GPL(anon_inode_getfile);
163
164 /**
165 * anon_inode_getfile_secure - Like anon_inode_getfile(), but creates a new
166 * !S_PRIVATE anon inode rather than reuse the
167 * singleton anon inode and calls the
168 * inode_init_security_anon() LSM hook. This
169 * allows for both the inode to have its own
170 * security context and for the LSM to enforce
171 * policy on the inode's creation.
172 *
173 * @name: [in] name of the "class" of the new file
174 * @fops: [in] file operations for the new file
175 * @priv: [in] private data for the new file (will be file's private_data)
176 * @flags: [in] flags
177 * @context_inode:
178 * [in] the logical relationship with the new inode (optional)
179 *
180 * The LSM may use @context_inode in inode_init_security_anon(), but a
181 * reference to it is not held. Returns the newly created file* or an error
182 * pointer. See the anon_inode_getfile() documentation for more information.
183 */
anon_inode_getfile_secure(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode)184 struct file *anon_inode_getfile_secure(const char *name,
185 const struct file_operations *fops,
186 void *priv, int flags,
187 const struct inode *context_inode)
188 {
189 return __anon_inode_getfile(name, fops, priv, flags,
190 context_inode, true);
191 }
192
__anon_inode_getfd(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode,bool secure)193 static int __anon_inode_getfd(const char *name,
194 const struct file_operations *fops,
195 void *priv, int flags,
196 const struct inode *context_inode,
197 bool secure)
198 {
199 int error, fd;
200 struct file *file;
201
202 error = get_unused_fd_flags(flags);
203 if (error < 0)
204 return error;
205 fd = error;
206
207 file = __anon_inode_getfile(name, fops, priv, flags, context_inode,
208 secure);
209 if (IS_ERR(file)) {
210 error = PTR_ERR(file);
211 goto err_put_unused_fd;
212 }
213 fd_install(fd, file);
214
215 return fd;
216
217 err_put_unused_fd:
218 put_unused_fd(fd);
219 return error;
220 }
221
222 /**
223 * anon_inode_getfd - creates a new file instance by hooking it up to
224 * an anonymous inode and a dentry that describe
225 * the "class" of the file
226 *
227 * @name: [in] name of the "class" of the new file
228 * @fops: [in] file operations for the new file
229 * @priv: [in] private data for the new file (will be file's private_data)
230 * @flags: [in] flags
231 *
232 * Creates a new file by hooking it on a single inode. This is
233 * useful for files that do not need to have a full-fledged inode in
234 * order to operate correctly. All the files created with
235 * anon_inode_getfd() will use the same singleton inode, reducing
236 * memory use and avoiding code duplication for the file/inode/dentry
237 * setup. Returns a newly created file descriptor or an error code.
238 */
anon_inode_getfd(const char * name,const struct file_operations * fops,void * priv,int flags)239 int anon_inode_getfd(const char *name, const struct file_operations *fops,
240 void *priv, int flags)
241 {
242 return __anon_inode_getfd(name, fops, priv, flags, NULL, false);
243 }
244 EXPORT_SYMBOL_GPL(anon_inode_getfd);
245
246 /**
247 * anon_inode_getfd_secure - Like anon_inode_getfd(), but creates a new
248 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls
249 * the inode_init_security_anon() LSM hook. This allows the inode to have its
250 * own security context and for a LSM to reject creation of the inode.
251 *
252 * @name: [in] name of the "class" of the new file
253 * @fops: [in] file operations for the new file
254 * @priv: [in] private data for the new file (will be file's private_data)
255 * @flags: [in] flags
256 * @context_inode:
257 * [in] the logical relationship with the new inode (optional)
258 *
259 * The LSM may use @context_inode in inode_init_security_anon(), but a
260 * reference to it is not held.
261 */
anon_inode_getfd_secure(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode)262 int anon_inode_getfd_secure(const char *name, const struct file_operations *fops,
263 void *priv, int flags,
264 const struct inode *context_inode)
265 {
266 return __anon_inode_getfd(name, fops, priv, flags, context_inode, true);
267 }
268 EXPORT_SYMBOL_GPL(anon_inode_getfd_secure);
269
anon_inode_init(void)270 static int __init anon_inode_init(void)
271 {
272 anon_inode_mnt = kern_mount(&anon_inode_fs_type);
273 if (IS_ERR(anon_inode_mnt))
274 panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
275
276 anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
277 if (IS_ERR(anon_inode_inode))
278 panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
279
280 return 0;
281 }
282
283 fs_initcall(anon_inode_init);
284
285