1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/time.h> 9 #include <linux/proc_fs.h> 10 #include <linux/kernel.h> 11 #include <linux/pid_namespace.h> 12 #include <linux/mm.h> 13 #include <linux/string.h> 14 #include <linux/stat.h> 15 #include <linux/completion.h> 16 #include <linux/poll.h> 17 #include <linux/printk.h> 18 #include <linux/file.h> 19 #include <linux/limits.h> 20 #include <linux/init.h> 21 #include <linux/module.h> 22 #include <linux/sysctl.h> 23 #include <linux/seq_file.h> 24 #include <linux/slab.h> 25 #include <linux/mount.h> 26 #include <linux/magic.h> 27 28 #include <linux/uaccess.h> 29 30 #include "internal.h" 31 proc_evict_inode(struct inode * inode)32 static void proc_evict_inode(struct inode *inode) 33 { 34 struct proc_dir_entry *de; 35 struct ctl_table_header *head; 36 37 truncate_inode_pages_final(&inode->i_data); 38 clear_inode(inode); 39 40 /* Stop tracking associated processes */ 41 put_pid(PROC_I(inode)->pid); 42 43 /* Let go of any associated proc directory entry */ 44 de = PDE(inode); 45 if (de) 46 pde_put(de); 47 48 head = PROC_I(inode)->sysctl; 49 if (head) { 50 RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL); 51 proc_sys_evict_inode(inode, head); 52 } 53 } 54 55 static struct kmem_cache * proc_inode_cachep; 56 proc_alloc_inode(struct super_block * sb)57 static struct inode *proc_alloc_inode(struct super_block *sb) 58 { 59 struct proc_inode *ei; 60 struct inode *inode; 61 62 ei = kmem_cache_alloc(proc_inode_cachep, GFP_KERNEL); 63 if (!ei) 64 return NULL; 65 ei->pid = NULL; 66 ei->fd = 0; 67 ei->op.proc_get_link = NULL; 68 ei->pde = NULL; 69 ei->sysctl = NULL; 70 ei->sysctl_entry = NULL; 71 ei->ns_ops = NULL; 72 inode = &ei->vfs_inode; 73 return inode; 74 } 75 proc_i_callback(struct rcu_head * head)76 static void proc_i_callback(struct rcu_head *head) 77 { 78 struct inode *inode = container_of(head, struct inode, i_rcu); 79 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 80 } 81 proc_destroy_inode(struct inode * inode)82 static void proc_destroy_inode(struct inode *inode) 83 { 84 call_rcu(&inode->i_rcu, proc_i_callback); 85 } 86 init_once(void * foo)87 static void init_once(void *foo) 88 { 89 struct proc_inode *ei = (struct proc_inode *) foo; 90 91 inode_init_once(&ei->vfs_inode); 92 } 93 proc_init_inodecache(void)94 void __init proc_init_inodecache(void) 95 { 96 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 97 sizeof(struct proc_inode), 98 0, (SLAB_RECLAIM_ACCOUNT| 99 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 100 SLAB_PANIC), 101 init_once); 102 } 103 proc_show_options(struct seq_file * seq,struct dentry * root)104 static int proc_show_options(struct seq_file *seq, struct dentry *root) 105 { 106 struct super_block *sb = root->d_sb; 107 struct pid_namespace *pid = sb->s_fs_info; 108 109 if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID)) 110 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid)); 111 if (pid->hide_pid != HIDEPID_OFF) 112 seq_printf(seq, ",hidepid=%u", pid->hide_pid); 113 114 return 0; 115 } 116 117 static const struct super_operations proc_sops = { 118 .alloc_inode = proc_alloc_inode, 119 .destroy_inode = proc_destroy_inode, 120 .drop_inode = generic_delete_inode, 121 .evict_inode = proc_evict_inode, 122 .statfs = simple_statfs, 123 .remount_fs = proc_remount, 124 .show_options = proc_show_options, 125 }; 126 127 enum {BIAS = -1U<<31}; 128 use_pde(struct proc_dir_entry * pde)129 static inline int use_pde(struct proc_dir_entry *pde) 130 { 131 return atomic_inc_unless_negative(&pde->in_use); 132 } 133 unuse_pde(struct proc_dir_entry * pde)134 static void unuse_pde(struct proc_dir_entry *pde) 135 { 136 if (atomic_dec_return(&pde->in_use) == BIAS) 137 complete(pde->pde_unload_completion); 138 } 139 140 /* pde is locked */ close_pdeo(struct proc_dir_entry * pde,struct pde_opener * pdeo)141 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 142 { 143 /* 144 * close() (proc_reg_release()) can't delete an entry and proceed: 145 * ->release hook needs to be available at the right moment. 146 * 147 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 148 * "struct file" needs to be available at the right moment. 149 * 150 * Therefore, first process to enter this function does ->release() and 151 * signals its completion to the other process which does nothing. 152 */ 153 if (pdeo->closing) { 154 /* somebody else is doing that, just wait */ 155 DECLARE_COMPLETION_ONSTACK(c); 156 pdeo->c = &c; 157 spin_unlock(&pde->pde_unload_lock); 158 wait_for_completion(&c); 159 spin_lock(&pde->pde_unload_lock); 160 } else { 161 struct file *file; 162 pdeo->closing = true; 163 spin_unlock(&pde->pde_unload_lock); 164 file = pdeo->file; 165 pde->proc_fops->release(file_inode(file), file); 166 spin_lock(&pde->pde_unload_lock); 167 /* After ->release. */ 168 list_del(&pdeo->lh); 169 if (pdeo->c) 170 complete(pdeo->c); 171 kfree(pdeo); 172 } 173 } 174 proc_entry_rundown(struct proc_dir_entry * de)175 void proc_entry_rundown(struct proc_dir_entry *de) 176 { 177 DECLARE_COMPLETION_ONSTACK(c); 178 /* Wait until all existing callers into module are done. */ 179 de->pde_unload_completion = &c; 180 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 181 wait_for_completion(&c); 182 183 /* ->pde_openers list can't grow from now on. */ 184 185 spin_lock(&de->pde_unload_lock); 186 while (!list_empty(&de->pde_openers)) { 187 struct pde_opener *pdeo; 188 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 189 close_pdeo(de, pdeo); 190 } 191 spin_unlock(&de->pde_unload_lock); 192 } 193 proc_reg_llseek(struct file * file,loff_t offset,int whence)194 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 195 { 196 struct proc_dir_entry *pde = PDE(file_inode(file)); 197 loff_t rv = -EINVAL; 198 if (use_pde(pde)) { 199 loff_t (*llseek)(struct file *, loff_t, int); 200 llseek = pde->proc_fops->llseek; 201 if (!llseek) 202 llseek = default_llseek; 203 rv = llseek(file, offset, whence); 204 unuse_pde(pde); 205 } 206 return rv; 207 } 208 proc_reg_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)209 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 210 { 211 ssize_t (*read)(struct file *, char __user *, size_t, loff_t *); 212 struct proc_dir_entry *pde = PDE(file_inode(file)); 213 ssize_t rv = -EIO; 214 if (use_pde(pde)) { 215 read = pde->proc_fops->read; 216 if (read) 217 rv = read(file, buf, count, ppos); 218 unuse_pde(pde); 219 } 220 return rv; 221 } 222 proc_reg_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)223 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 224 { 225 ssize_t (*write)(struct file *, const char __user *, size_t, loff_t *); 226 struct proc_dir_entry *pde = PDE(file_inode(file)); 227 ssize_t rv = -EIO; 228 if (use_pde(pde)) { 229 write = pde->proc_fops->write; 230 if (write) 231 rv = write(file, buf, count, ppos); 232 unuse_pde(pde); 233 } 234 return rv; 235 } 236 proc_reg_poll(struct file * file,struct poll_table_struct * pts)237 static unsigned int proc_reg_poll(struct file *file, struct poll_table_struct *pts) 238 { 239 struct proc_dir_entry *pde = PDE(file_inode(file)); 240 unsigned int rv = DEFAULT_POLLMASK; 241 unsigned int (*poll)(struct file *, struct poll_table_struct *); 242 if (use_pde(pde)) { 243 poll = pde->proc_fops->poll; 244 if (poll) 245 rv = poll(file, pts); 246 unuse_pde(pde); 247 } 248 return rv; 249 } 250 proc_reg_unlocked_ioctl(struct file * file,unsigned int cmd,unsigned long arg)251 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 252 { 253 struct proc_dir_entry *pde = PDE(file_inode(file)); 254 long rv = -ENOTTY; 255 long (*ioctl)(struct file *, unsigned int, unsigned long); 256 if (use_pde(pde)) { 257 ioctl = pde->proc_fops->unlocked_ioctl; 258 if (ioctl) 259 rv = ioctl(file, cmd, arg); 260 unuse_pde(pde); 261 } 262 return rv; 263 } 264 265 #ifdef CONFIG_COMPAT proc_reg_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)266 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 267 { 268 struct proc_dir_entry *pde = PDE(file_inode(file)); 269 long rv = -ENOTTY; 270 long (*compat_ioctl)(struct file *, unsigned int, unsigned long); 271 if (use_pde(pde)) { 272 compat_ioctl = pde->proc_fops->compat_ioctl; 273 if (compat_ioctl) 274 rv = compat_ioctl(file, cmd, arg); 275 unuse_pde(pde); 276 } 277 return rv; 278 } 279 #endif 280 proc_reg_mmap(struct file * file,struct vm_area_struct * vma)281 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 282 { 283 struct proc_dir_entry *pde = PDE(file_inode(file)); 284 int rv = -EIO; 285 int (*mmap)(struct file *, struct vm_area_struct *); 286 if (use_pde(pde)) { 287 mmap = pde->proc_fops->mmap; 288 if (mmap) 289 rv = mmap(file, vma); 290 unuse_pde(pde); 291 } 292 return rv; 293 } 294 295 static unsigned long proc_reg_get_unmapped_area(struct file * file,unsigned long orig_addr,unsigned long len,unsigned long pgoff,unsigned long flags)296 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 297 unsigned long len, unsigned long pgoff, 298 unsigned long flags) 299 { 300 struct proc_dir_entry *pde = PDE(file_inode(file)); 301 unsigned long rv = -EIO; 302 303 if (use_pde(pde)) { 304 typeof(proc_reg_get_unmapped_area) *get_area; 305 306 get_area = pde->proc_fops->get_unmapped_area; 307 #ifdef CONFIG_MMU 308 if (!get_area) 309 get_area = current->mm->get_unmapped_area; 310 #endif 311 312 if (get_area) 313 rv = get_area(file, orig_addr, len, pgoff, flags); 314 else 315 rv = orig_addr; 316 unuse_pde(pde); 317 } 318 return rv; 319 } 320 proc_reg_open(struct inode * inode,struct file * file)321 static int proc_reg_open(struct inode *inode, struct file *file) 322 { 323 struct proc_dir_entry *pde = PDE(inode); 324 int rv = 0; 325 int (*open)(struct inode *, struct file *); 326 int (*release)(struct inode *, struct file *); 327 struct pde_opener *pdeo; 328 329 /* 330 * Ensure that 331 * 1) PDE's ->release hook will be called no matter what 332 * either normally by close()/->release, or forcefully by 333 * rmmod/remove_proc_entry. 334 * 335 * 2) rmmod isn't blocked by opening file in /proc and sitting on 336 * the descriptor (including "rmmod foo </proc/foo" scenario). 337 * 338 * Save every "struct file" with custom ->release hook. 339 */ 340 pdeo = kmalloc(sizeof(struct pde_opener), GFP_KERNEL); 341 if (!pdeo) 342 return -ENOMEM; 343 344 if (!use_pde(pde)) { 345 kfree(pdeo); 346 return -ENOENT; 347 } 348 open = pde->proc_fops->open; 349 release = pde->proc_fops->release; 350 351 if (open) 352 rv = open(inode, file); 353 354 if (rv == 0 && release) { 355 /* To know what to release. */ 356 pdeo->file = file; 357 pdeo->closing = false; 358 pdeo->c = NULL; 359 spin_lock(&pde->pde_unload_lock); 360 list_add(&pdeo->lh, &pde->pde_openers); 361 spin_unlock(&pde->pde_unload_lock); 362 } else 363 kfree(pdeo); 364 365 unuse_pde(pde); 366 return rv; 367 } 368 proc_reg_release(struct inode * inode,struct file * file)369 static int proc_reg_release(struct inode *inode, struct file *file) 370 { 371 struct proc_dir_entry *pde = PDE(inode); 372 struct pde_opener *pdeo; 373 spin_lock(&pde->pde_unload_lock); 374 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 375 if (pdeo->file == file) { 376 close_pdeo(pde, pdeo); 377 break; 378 } 379 } 380 spin_unlock(&pde->pde_unload_lock); 381 return 0; 382 } 383 384 static const struct file_operations proc_reg_file_ops = { 385 .llseek = proc_reg_llseek, 386 .read = proc_reg_read, 387 .write = proc_reg_write, 388 .poll = proc_reg_poll, 389 .unlocked_ioctl = proc_reg_unlocked_ioctl, 390 #ifdef CONFIG_COMPAT 391 .compat_ioctl = proc_reg_compat_ioctl, 392 #endif 393 .mmap = proc_reg_mmap, 394 .get_unmapped_area = proc_reg_get_unmapped_area, 395 .open = proc_reg_open, 396 .release = proc_reg_release, 397 }; 398 399 #ifdef CONFIG_COMPAT 400 static const struct file_operations proc_reg_file_ops_no_compat = { 401 .llseek = proc_reg_llseek, 402 .read = proc_reg_read, 403 .write = proc_reg_write, 404 .poll = proc_reg_poll, 405 .unlocked_ioctl = proc_reg_unlocked_ioctl, 406 .mmap = proc_reg_mmap, 407 .get_unmapped_area = proc_reg_get_unmapped_area, 408 .open = proc_reg_open, 409 .release = proc_reg_release, 410 }; 411 #endif 412 proc_put_link(void * p)413 static void proc_put_link(void *p) 414 { 415 unuse_pde(p); 416 } 417 proc_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)418 static const char *proc_get_link(struct dentry *dentry, 419 struct inode *inode, 420 struct delayed_call *done) 421 { 422 struct proc_dir_entry *pde = PDE(inode); 423 if (unlikely(!use_pde(pde))) 424 return ERR_PTR(-EINVAL); 425 set_delayed_call(done, proc_put_link, pde); 426 return pde->data; 427 } 428 429 const struct inode_operations proc_link_inode_operations = { 430 .get_link = proc_get_link, 431 }; 432 proc_get_inode(struct super_block * sb,struct proc_dir_entry * de)433 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 434 { 435 struct inode *inode = new_inode_pseudo(sb); 436 437 if (inode) { 438 inode->i_ino = de->low_ino; 439 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 440 PROC_I(inode)->pde = de; 441 442 if (is_empty_pde(de)) { 443 make_empty_dir_inode(inode); 444 return inode; 445 } 446 if (de->mode) { 447 inode->i_mode = de->mode; 448 inode->i_uid = de->uid; 449 inode->i_gid = de->gid; 450 } 451 if (de->size) 452 inode->i_size = de->size; 453 if (de->nlink) 454 set_nlink(inode, de->nlink); 455 WARN_ON(!de->proc_iops); 456 inode->i_op = de->proc_iops; 457 if (de->proc_fops) { 458 if (S_ISREG(inode->i_mode)) { 459 #ifdef CONFIG_COMPAT 460 if (!de->proc_fops->compat_ioctl) 461 inode->i_fop = 462 &proc_reg_file_ops_no_compat; 463 else 464 #endif 465 inode->i_fop = &proc_reg_file_ops; 466 } else { 467 inode->i_fop = de->proc_fops; 468 } 469 } 470 } else 471 pde_put(de); 472 return inode; 473 } 474 proc_fill_super(struct super_block * s)475 int proc_fill_super(struct super_block *s) 476 { 477 struct inode *root_inode; 478 int ret; 479 480 s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NODEV; 481 s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC; 482 s->s_blocksize = 1024; 483 s->s_blocksize_bits = 10; 484 s->s_magic = PROC_SUPER_MAGIC; 485 s->s_op = &proc_sops; 486 s->s_time_gran = 1; 487 488 /* 489 * procfs isn't actually a stacking filesystem; however, there is 490 * too much magic going on inside it to permit stacking things on 491 * top of it 492 */ 493 s->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH; 494 495 pde_get(&proc_root); 496 root_inode = proc_get_inode(s, &proc_root); 497 if (!root_inode) { 498 pr_err("proc_fill_super: get root inode failed\n"); 499 return -ENOMEM; 500 } 501 502 s->s_root = d_make_root(root_inode); 503 if (!s->s_root) { 504 pr_err("proc_fill_super: allocate dentry failed\n"); 505 return -ENOMEM; 506 } 507 508 ret = proc_setup_self(s); 509 if (ret) { 510 return ret; 511 } 512 return proc_setup_thread_self(s); 513 } 514