]>
Commit | Line | Data |
---|---|---|
6b4e306a EB |
1 | #include <linux/proc_fs.h> |
2 | #include <linux/nsproxy.h> | |
3 | #include <linux/sched.h> | |
4 | #include <linux/ptrace.h> | |
5 | #include <linux/fs_struct.h> | |
6 | #include <linux/mount.h> | |
7 | #include <linux/path.h> | |
8 | #include <linux/namei.h> | |
9 | #include <linux/file.h> | |
10 | #include <linux/utsname.h> | |
11 | #include <net/net_namespace.h> | |
6b4e306a EB |
12 | #include <linux/ipc_namespace.h> |
13 | #include <linux/pid_namespace.h> | |
cde1975b | 14 | #include <linux/user_namespace.h> |
6b4e306a EB |
15 | #include "internal.h" |
16 | ||
17 | ||
18 | static const struct proc_ns_operations *ns_entries[] = { | |
13b6f576 EB |
19 | #ifdef CONFIG_NET_NS |
20 | &netns_operations, | |
21 | #endif | |
34482e89 EB |
22 | #ifdef CONFIG_UTS_NS |
23 | &utsns_operations, | |
24 | #endif | |
a00eaf11 EB |
25 | #ifdef CONFIG_IPC_NS |
26 | &ipcns_operations, | |
27 | #endif | |
57e8391d EB |
28 | #ifdef CONFIG_PID_NS |
29 | &pidns_operations, | |
cde1975b EB |
30 | #endif |
31 | #ifdef CONFIG_USER_NS | |
32 | &userns_operations, | |
57e8391d | 33 | #endif |
8823c079 | 34 | &mntns_operations, |
6b4e306a EB |
35 | }; |
36 | ||
37 | static const struct file_operations ns_file_operations = { | |
38 | .llseek = no_llseek, | |
39 | }; | |
40 | ||
bf056bfa EB |
41 | static const struct inode_operations ns_inode_operations = { |
42 | .setattr = proc_setattr, | |
43 | }; | |
44 | ||
bf056bfa EB |
45 | static char *ns_dname(struct dentry *dentry, char *buffer, int buflen) |
46 | { | |
47 | struct inode *inode = dentry->d_inode; | |
0bb80f24 | 48 | const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops; |
bf056bfa EB |
49 | |
50 | return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]", | |
51 | ns_ops->name, inode->i_ino); | |
52 | } | |
53 | ||
54 | const struct dentry_operations ns_dentry_operations = | |
55 | { | |
b26d4cd3 | 56 | .d_delete = always_delete_dentry, |
bf056bfa EB |
57 | .d_dname = ns_dname, |
58 | }; | |
59 | ||
60 | static struct dentry *proc_ns_get_dentry(struct super_block *sb, | |
61 | struct task_struct *task, const struct proc_ns_operations *ns_ops) | |
62 | { | |
63 | struct dentry *dentry, *result; | |
64 | struct inode *inode; | |
65 | struct proc_inode *ei; | |
66 | struct qstr qname = { .name = "", }; | |
67 | void *ns; | |
68 | ||
69 | ns = ns_ops->get(task); | |
70 | if (!ns) | |
71 | return ERR_PTR(-ENOENT); | |
72 | ||
73 | dentry = d_alloc_pseudo(sb, &qname); | |
74 | if (!dentry) { | |
75 | ns_ops->put(ns); | |
76 | return ERR_PTR(-ENOMEM); | |
77 | } | |
78 | ||
98f842e6 | 79 | inode = iget_locked(sb, ns_ops->inum(ns)); |
bf056bfa EB |
80 | if (!inode) { |
81 | dput(dentry); | |
82 | ns_ops->put(ns); | |
83 | return ERR_PTR(-ENOMEM); | |
84 | } | |
85 | ||
86 | ei = PROC_I(inode); | |
98f842e6 EB |
87 | if (inode->i_state & I_NEW) { |
88 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | |
89 | inode->i_op = &ns_inode_operations; | |
90 | inode->i_mode = S_IFREG | S_IRUGO; | |
91 | inode->i_fop = &ns_file_operations; | |
0bb80f24 DH |
92 | ei->ns.ns_ops = ns_ops; |
93 | ei->ns.ns = ns; | |
98f842e6 EB |
94 | unlock_new_inode(inode); |
95 | } else { | |
96 | ns_ops->put(ns); | |
97 | } | |
bf056bfa EB |
98 | |
99 | d_set_d_op(dentry, &ns_dentry_operations); | |
100 | result = d_instantiate_unique(dentry, inode); | |
101 | if (result) { | |
102 | dput(dentry); | |
103 | dentry = result; | |
104 | } | |
105 | ||
106 | return dentry; | |
107 | } | |
108 | ||
109 | static void *proc_ns_follow_link(struct dentry *dentry, struct nameidata *nd) | |
110 | { | |
111 | struct inode *inode = dentry->d_inode; | |
112 | struct super_block *sb = inode->i_sb; | |
113 | struct proc_inode *ei = PROC_I(inode); | |
114 | struct task_struct *task; | |
db04dc67 | 115 | struct path ns_path; |
bf056bfa EB |
116 | void *error = ERR_PTR(-EACCES); |
117 | ||
118 | task = get_proc_task(inode); | |
119 | if (!task) | |
120 | goto out; | |
121 | ||
122 | if (!ptrace_may_access(task, PTRACE_MODE_READ)) | |
123 | goto out_put_task; | |
124 | ||
0bb80f24 | 125 | ns_path.dentry = proc_ns_get_dentry(sb, task, ei->ns.ns_ops); |
db04dc67 EB |
126 | if (IS_ERR(ns_path.dentry)) { |
127 | error = ERR_CAST(ns_path.dentry); | |
bf056bfa EB |
128 | goto out_put_task; |
129 | } | |
130 | ||
db04dc67 EB |
131 | ns_path.mnt = mntget(nd->path.mnt); |
132 | nd_jump_link(nd, &ns_path); | |
bf056bfa EB |
133 | error = NULL; |
134 | ||
135 | out_put_task: | |
136 | put_task_struct(task); | |
137 | out: | |
138 | return error; | |
139 | } | |
140 | ||
141 | static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int buflen) | |
142 | { | |
143 | struct inode *inode = dentry->d_inode; | |
144 | struct proc_inode *ei = PROC_I(inode); | |
0bb80f24 | 145 | const struct proc_ns_operations *ns_ops = ei->ns.ns_ops; |
bf056bfa EB |
146 | struct task_struct *task; |
147 | void *ns; | |
148 | char name[50]; | |
149 | int len = -EACCES; | |
150 | ||
151 | task = get_proc_task(inode); | |
152 | if (!task) | |
153 | goto out; | |
154 | ||
155 | if (!ptrace_may_access(task, PTRACE_MODE_READ)) | |
156 | goto out_put_task; | |
157 | ||
158 | len = -ENOENT; | |
159 | ns = ns_ops->get(task); | |
160 | if (!ns) | |
161 | goto out_put_task; | |
162 | ||
98f842e6 | 163 | snprintf(name, sizeof(name), "%s:[%u]", ns_ops->name, ns_ops->inum(ns)); |
bf056bfa EB |
164 | len = strlen(name); |
165 | ||
166 | if (len > buflen) | |
167 | len = buflen; | |
98f842e6 | 168 | if (copy_to_user(buffer, name, len)) |
bf056bfa EB |
169 | len = -EFAULT; |
170 | ||
171 | ns_ops->put(ns); | |
172 | out_put_task: | |
173 | put_task_struct(task); | |
174 | out: | |
175 | return len; | |
176 | } | |
177 | ||
178 | static const struct inode_operations proc_ns_link_inode_operations = { | |
179 | .readlink = proc_ns_readlink, | |
180 | .follow_link = proc_ns_follow_link, | |
181 | .setattr = proc_setattr, | |
182 | }; | |
183 | ||
c52a47ac | 184 | static int proc_ns_instantiate(struct inode *dir, |
6b4e306a EB |
185 | struct dentry *dentry, struct task_struct *task, const void *ptr) |
186 | { | |
187 | const struct proc_ns_operations *ns_ops = ptr; | |
188 | struct inode *inode; | |
189 | struct proc_inode *ei; | |
6b4e306a EB |
190 | |
191 | inode = proc_pid_make_inode(dir->i_sb, task); | |
192 | if (!inode) | |
193 | goto out; | |
194 | ||
195 | ei = PROC_I(inode); | |
bf056bfa EB |
196 | inode->i_mode = S_IFLNK|S_IRWXUGO; |
197 | inode->i_op = &proc_ns_link_inode_operations; | |
0bb80f24 | 198 | ei->ns.ns_ops = ns_ops; |
6b4e306a | 199 | |
1b26c9b3 | 200 | d_set_d_op(dentry, &pid_dentry_operations); |
6b4e306a EB |
201 | d_add(dentry, inode); |
202 | /* Close the race of the process dying before we return the dentry */ | |
0b728e19 | 203 | if (pid_revalidate(dentry, 0)) |
c52a47ac | 204 | return 0; |
6b4e306a | 205 | out: |
c52a47ac | 206 | return -ENOENT; |
6b4e306a EB |
207 | } |
208 | ||
f0c3b509 | 209 | static int proc_ns_dir_readdir(struct file *file, struct dir_context *ctx) |
6b4e306a | 210 | { |
f0c3b509 | 211 | struct task_struct *task = get_proc_task(file_inode(file)); |
6b4e306a | 212 | const struct proc_ns_operations **entry, **last; |
6b4e306a | 213 | |
6b4e306a | 214 | if (!task) |
f0c3b509 | 215 | return -ENOENT; |
6b4e306a | 216 | |
f0c3b509 AV |
217 | if (!dir_emit_dots(file, ctx)) |
218 | goto out; | |
219 | if (ctx->pos >= 2 + ARRAY_SIZE(ns_entries)) | |
220 | goto out; | |
221 | entry = ns_entries + (ctx->pos - 2); | |
222 | last = &ns_entries[ARRAY_SIZE(ns_entries) - 1]; | |
223 | while (entry <= last) { | |
224 | const struct proc_ns_operations *ops = *entry; | |
225 | if (!proc_fill_cache(file, ctx, ops->name, strlen(ops->name), | |
226 | proc_ns_instantiate, task, ops)) | |
227 | break; | |
228 | ctx->pos++; | |
229 | entry++; | |
230 | } | |
6b4e306a EB |
231 | out: |
232 | put_task_struct(task); | |
f0c3b509 | 233 | return 0; |
6b4e306a EB |
234 | } |
235 | ||
236 | const struct file_operations proc_ns_dir_operations = { | |
237 | .read = generic_read_dir, | |
f0c3b509 | 238 | .iterate = proc_ns_dir_readdir, |
6b4e306a EB |
239 | }; |
240 | ||
241 | static struct dentry *proc_ns_dir_lookup(struct inode *dir, | |
00cd8dd3 | 242 | struct dentry *dentry, unsigned int flags) |
6b4e306a | 243 | { |
c52a47ac | 244 | int error; |
6b4e306a EB |
245 | struct task_struct *task = get_proc_task(dir); |
246 | const struct proc_ns_operations **entry, **last; | |
247 | unsigned int len = dentry->d_name.len; | |
248 | ||
c52a47ac | 249 | error = -ENOENT; |
6b4e306a EB |
250 | |
251 | if (!task) | |
252 | goto out_no_task; | |
253 | ||
4c619aa0 AM |
254 | last = &ns_entries[ARRAY_SIZE(ns_entries)]; |
255 | for (entry = ns_entries; entry < last; entry++) { | |
6b4e306a EB |
256 | if (strlen((*entry)->name) != len) |
257 | continue; | |
258 | if (!memcmp(dentry->d_name.name, (*entry)->name, len)) | |
259 | break; | |
260 | } | |
4c619aa0 | 261 | if (entry == last) |
6b4e306a EB |
262 | goto out; |
263 | ||
264 | error = proc_ns_instantiate(dir, dentry, task, *entry); | |
265 | out: | |
266 | put_task_struct(task); | |
267 | out_no_task: | |
c52a47ac | 268 | return ERR_PTR(error); |
6b4e306a EB |
269 | } |
270 | ||
271 | const struct inode_operations proc_ns_dir_inode_operations = { | |
272 | .lookup = proc_ns_dir_lookup, | |
273 | .getattr = pid_getattr, | |
274 | .setattr = proc_setattr, | |
275 | }; | |
276 | ||
277 | struct file *proc_ns_fget(int fd) | |
278 | { | |
279 | struct file *file; | |
280 | ||
281 | file = fget(fd); | |
282 | if (!file) | |
283 | return ERR_PTR(-EBADF); | |
284 | ||
285 | if (file->f_op != &ns_file_operations) | |
286 | goto out_invalid; | |
287 | ||
288 | return file; | |
289 | ||
290 | out_invalid: | |
291 | fput(file); | |
292 | return ERR_PTR(-EINVAL); | |
293 | } | |
294 | ||
0bb80f24 DH |
295 | struct proc_ns *get_proc_ns(struct inode *inode) |
296 | { | |
297 | return &PROC_I(inode)->ns; | |
298 | } | |
299 | ||
8823c079 EB |
300 | bool proc_ns_inode(struct inode *inode) |
301 | { | |
302 | return inode->i_fop == &ns_file_operations; | |
303 | } |