1 /* SPDX-License-Identifier: LGPL-2.1+ */
10 #ifndef FUSE_USE_VERSION
11 #define FUSE_USE_VERSION 30
14 #ifndef FUSE_USE_VERSION
15 #define FUSE_USE_VERSION 26
19 #define _FILE_OFFSET_BITS 64
27 #include <linux/magic.h>
28 #include <linux/sched.h>
37 #include <sys/epoll.h>
39 #include <sys/mount.h>
40 #include <sys/param.h>
41 #include <sys/socket.h>
42 #include <sys/syscall.h>
43 #include <sys/sysinfo.h>
49 #include "api_extensions.h"
51 #include "cgroup_fuse.h"
52 #include "cgroups/cgroup.h"
53 #include "cgroups/cgroup_utils.h"
54 #include "memory_utils.h"
55 #include "proc_cpuview.h"
56 #include "syscall_numbers.h"
59 static bool can_use_pidfd
;
60 static bool can_use_swap
;
61 static bool can_use_sys_cpu
;
62 static bool has_versioned_opts
;
64 static volatile sig_atomic_t reload_successful
;
66 bool liblxcfs_functional(void)
68 return reload_successful
!= 0;
71 bool liblxcfs_can_use_swap(void)
76 bool liblxcfs_can_use_sys_cpu(void)
78 return can_use_sys_cpu
;
81 bool liblxcfs_has_versioned_opts(void)
83 return has_versioned_opts
;
86 /* Define pivot_root() if missing from the C library */
87 #ifndef HAVE_PIVOT_ROOT
88 static int pivot_root(const char *new_root
, const char *put_old
)
90 return syscall(__NR_pivot_root
, new_root
, put_old
);
93 extern int pivot_root(const char *new_root
, const char *put_old
);
97 * A table caching which pid is init for a pid namespace.
98 * When looking up which pid is init for $qpid, we first
99 * 1. Stat /proc/$qpid/ns/pid.
100 * 2. Check whether the ino_t is in our store.
101 * a. if not, fork a child in qpid's ns to send us
102 * ucred.pid = 1, and read the initpid. Cache
103 * initpid and creation time for /proc/initpid
104 * in a new store entry.
105 * b. if so, verify that /proc/initpid still matches
106 * what we have saved. If not, clear the store
107 * entry and go back to a. If so, return the
110 struct pidns_init_store
{
111 ino_t ino
; /* inode number for /proc/$pid/ns/pid */
112 pid_t initpid
; /* the pid of nit in that ns */
114 int64_t ctime
; /* the time at which /proc/$initpid was created */
115 struct pidns_init_store
*next
;
119 /* lol - look at how they are allocated in the kernel */
120 #define PIDNS_HASH_SIZE 4096
121 #define HASH(x) ((x) % PIDNS_HASH_SIZE)
123 static struct pidns_init_store
*pidns_hash_table
[PIDNS_HASH_SIZE
];
124 static pthread_mutex_t pidns_store_mutex
= PTHREAD_MUTEX_INITIALIZER
;
126 static void mutex_lock(pthread_mutex_t
*l
)
130 ret
= pthread_mutex_lock(l
);
132 log_exit("%s - returned %d\n", strerror(ret
), ret
);
135 struct cgroup_ops
*cgroup_ops
;
137 static void mutex_unlock(pthread_mutex_t
*l
)
141 ret
= pthread_mutex_unlock(l
);
143 log_exit("%s - returned %d\n", strerror(ret
), ret
);
146 static inline void store_lock(void)
148 mutex_lock(&pidns_store_mutex
);
151 static inline void store_unlock(void)
153 mutex_unlock(&pidns_store_mutex
);
158 * <pid-as-str> = INTTYPE_TO_STRLEN(pid_t)
162 #define LXCFS_PROC_PID_LEN \
163 (STRLITERALLEN("/proc/") + INTTYPE_TO_STRLEN(uint64_t) + +1)
165 static int initpid_still_valid_pidfd(struct pidns_init_store
*entry
)
169 if (entry
->init_pidfd
< 0)
170 return ret_errno(ENOSYS
);
172 ret
= pidfd_send_signal(entry
->init_pidfd
, 0, NULL
, 0);
175 return ret_errno(ENOSYS
);
183 static int initpid_still_valid_stat(struct pidns_init_store
*entry
)
186 char path
[LXCFS_PROC_PID_LEN
];
188 snprintf(path
, sizeof(path
), "/proc/%d", entry
->initpid
);
189 if (stat(path
, &st
) || entry
->ctime
!= st
.st_ctime
)
195 /* Must be called under store_lock */
196 static bool initpid_still_valid(struct pidns_init_store
*entry
)
200 ret
= initpid_still_valid_pidfd(entry
);
202 ret
= initpid_still_valid_stat(entry
);
207 /* Must be called under store_lock */
208 static void remove_initpid(struct pidns_init_store
*entry
)
210 struct pidns_init_store
*it
;
213 lxcfs_debug("Removing cached entry for pid %d from init pid cache",
216 ino_hash
= HASH(entry
->ino
);
217 if (pidns_hash_table
[ino_hash
] == entry
) {
218 pidns_hash_table
[ino_hash
] = entry
->next
;
219 close_prot_errno_disarm(entry
->init_pidfd
);
224 it
= pidns_hash_table
[ino_hash
];
226 if (it
->next
== entry
) {
227 it
->next
= entry
->next
;
228 close_prot_errno_disarm(entry
->init_pidfd
);
237 /* Must be called under store_lock */
238 static void prune_initpid_store(void)
240 static int64_t last_prune
= 0;
241 int64_t now
, threshold
;
244 last_prune
= time(NULL
);
249 if (now
< (last_prune
+ PURGE_SECS
))
252 lxcfs_debug("Pruning init pid cache");
255 threshold
= now
- 2 * PURGE_SECS
;
257 for (int i
= 0; i
< PIDNS_HASH_SIZE
; i
++) {
258 for (struct pidns_init_store
*entry
= pidns_hash_table
[i
], *prev
= NULL
; entry
;) {
259 if (entry
->lastcheck
< threshold
) {
260 struct pidns_init_store
*cur
= entry
;
262 lxcfs_debug("Removed cache entry for pid %d to init pid cache", cur
->initpid
);
265 prev
->next
= entry
->next
;
267 pidns_hash_table
[i
] = entry
->next
;
269 close_prot_errno_disarm(cur
->init_pidfd
);
279 static void clear_initpid_store(void)
282 for (int i
= 0; i
< PIDNS_HASH_SIZE
; i
++) {
283 for (struct pidns_init_store
*entry
= pidns_hash_table
[i
]; entry
;) {
284 struct pidns_init_store
*cur
= entry
;
286 lxcfs_debug("Removed cache entry for pid %d to init pid cache", cur
->initpid
);
288 pidns_hash_table
[i
] = entry
->next
;
290 close_prot_errno_disarm(cur
->init_pidfd
);
297 /* Must be called under store_lock */
298 static void save_initpid(ino_t pidns_inode
, pid_t pid
)
300 __do_free
struct pidns_init_store
*entry
= NULL
;
301 __do_close
int pidfd
= -EBADF
;
302 const struct lxcfs_opts
*opts
= fuse_get_context()->private_data
;
303 char path
[LXCFS_PROC_PID_LEN
];
307 if (opts
&& opts
->use_pidfd
&& can_use_pidfd
) {
308 pidfd
= pidfd_open(pid
, 0);
313 snprintf(path
, sizeof(path
), "/proc/%d", pid
);
317 entry
= zalloc(sizeof(*entry
));
321 ino_hash
= HASH(pidns_inode
);
322 *entry
= (struct pidns_init_store
){
325 .ctime
= st
.st_ctime
,
326 .next
= pidns_hash_table
[ino_hash
],
327 .lastcheck
= time(NULL
),
328 .init_pidfd
= move_fd(pidfd
),
330 pidns_hash_table
[ino_hash
] = move_ptr(entry
);
332 lxcfs_debug("Added cache entry %d for pid %d to init pid cache", ino_hash
, pid
);
336 * Given the stat(2) info for a nsfd pid inode, lookup the init_pid_store
337 * entry for the inode number and creation time. Verify that the init pid
338 * is still valid. If not, remove it. Return the entry if valid, NULL
340 * Must be called under store_lock
342 static pid_t
lookup_verify_initpid(ino_t pidns_inode
)
344 struct pidns_init_store
*entry
= pidns_hash_table
[HASH(pidns_inode
)];
347 if (entry
->ino
== pidns_inode
) {
348 if (initpid_still_valid(entry
)) {
349 entry
->lastcheck
= time(NULL
);
350 return entry
->initpid
;
353 remove_initpid(entry
);
354 return ret_errno(ESRCH
);
359 return ret_errno(ESRCH
);
362 static bool send_creds_ok(int sock_fd
)
364 char v
= '1'; /* we are the child */
365 struct ucred cred
= {
371 return send_creds(sock_fd
, &cred
, v
, true) == SEND_CREDS_OK
;
374 __returns_twice pid_t
lxcfs_raw_clone(unsigned long flags
, int *pidfd
)
377 * These flags don't interest at all so we don't jump through any hoops
378 * of retrieving them and passing them to the kernel.
381 if ((flags
& (CLONE_VM
| CLONE_PARENT_SETTID
| CLONE_CHILD_SETTID
|
382 CLONE_CHILD_CLEARTID
| CLONE_SETTLS
)))
385 #if defined(__s390x__) || defined(__s390__) || defined(__CRIS__)
386 /* On s390/s390x and cris the order of the first and second arguments
387 * of the system call is reversed.
389 return syscall(__NR_clone
, NULL
, flags
| SIGCHLD
, pidfd
);
390 #elif defined(__sparc__) && defined(__arch64__)
393 * sparc64 always returns the other process id in %o0, and a
394 * boolean flag whether this is the child or the parent in %o1.
395 * Inline assembly is needed to get the flag returned in %o1.
397 register long g1
asm("g1") = __NR_clone
;
398 register long o0
asm("o0") = flags
| SIGCHLD
;
399 register long o1
asm("o1") = 0; /* is parent/child indicator */
400 register long o2
asm("o2") = (unsigned long)pidfd
;
401 long is_error
, retval
, in_child
;
405 #if defined(__arch64__)
406 "t 0x6d\n\t" /* 64-bit trap */
408 "t 0x10\n\t" /* 32-bit trap */
411 * catch errors: On sparc, the carry bit (csr) in the
412 * processor status register (psr) is used instead of a
416 : "=r"(g1
), "=r"(o0
), "=r"(o1
), "=r"(o2
) /* outputs */
417 : "r"(g1
), "r"(o0
), "r"(o1
), "r"(o2
) /* inputs */
418 : "%cc"); /* clobbers */
435 #elif defined(__ia64__)
436 /* On ia64 the stack and stack size are passed as separate arguments. */
437 return syscall(__NR_clone
, flags
| SIGCHLD
, NULL
, prctl_arg(0), pidfd
);
439 return syscall(__NR_clone
, flags
| SIGCHLD
, NULL
, pidfd
);
443 #define LXCFS_PROC_PID_NS_LEN \
444 (STRLITERALLEN("/proc/") + INTTYPE_TO_STRLEN(uint64_t) + \
445 STRLITERALLEN("/ns/pid") + 1)
448 * clone a task which switches to @task's namespace and writes '1'.
449 * over a unix sock so we can read the task's reaper's pid in our
452 * Note: glibc's fork() does not respect pidns, which can lead to failed
453 * assertions inside glibc (and thus failed forks) if the child's pid in
454 * the pidns and the parent pid outside are identical. Using clone prevents
457 static void write_task_init_pid_exit(int sock
, pid_t target
)
459 __do_close
int fd
= -EBADF
;
460 char path
[LXCFS_PROC_PID_NS_LEN
];
463 snprintf(path
, sizeof(path
), "/proc/%d/ns/pid", (int)target
);
464 fd
= open(path
, O_RDONLY
| O_CLOEXEC
);
466 log_exit("write_task_init_pid_exit open of ns/pid");
469 log_exit("Failed to setns to pid namespace of process %d", target
);
471 pid
= lxcfs_raw_clone(0, NULL
);
476 if (!send_creds_ok(sock
))
482 if (!wait_for_pid(pid
))
488 static pid_t
scm_init_pid(pid_t task
)
492 struct ucred cred
= {
500 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0)
509 write_task_init_pid_exit(sock
[0], task
);
513 if (!recv_creds(sock
[1], &cred
, &v
))
527 pid_t
lookup_initpid_in_store(pid_t pid
)
529 pid_t hashed_pid
= 0;
530 char path
[LXCFS_PROC_PID_NS_LEN
];
533 snprintf(path
, sizeof(path
), "/proc/%d/ns/pid", pid
);
535 return ret_errno(ESRCH
);
539 hashed_pid
= lookup_verify_initpid(st
.st_ino
);
540 if (hashed_pid
< 0) {
541 /* release the mutex as the following call is expensive */
544 hashed_pid
= scm_init_pid(pid
);
549 save_initpid(st
.st_ino
, hashed_pid
);
553 * Prune at the end in case we're pruning the value
554 * we were about to return.
556 prune_initpid_store();
563 * Functions needed to setup cgroups in the __constructor__.
566 static bool umount_if_mounted(void)
568 if (umount2(BASEDIR
, MNT_DETACH
) < 0 && errno
!= EINVAL
) {
569 lxcfs_error("Failed to unmount %s: %s.\n", BASEDIR
, strerror(errno
));
575 /* __typeof__ should be safe to use with all compilers. */
576 typedef __typeof__(((struct statfs
*)NULL
)->f_type
) fs_type_magic
;
577 static bool has_fs_type(const struct statfs
*fs
, fs_type_magic magic_val
)
579 return (fs
->f_type
== (fs_type_magic
)magic_val
);
583 * looking at fs/proc_namespace.c, it appears we can
584 * actually expect the rootfs entry to very specifically contain
585 * " - rootfs rootfs "
586 * IIUC, so long as we've chrooted so that rootfs is not our root,
587 * the rootfs entry should always be skipped in mountinfo contents.
589 static bool is_on_ramfs(void)
591 __do_free
char *line
= NULL
;
592 __do_free
void *fopen_cache
= NULL
;
593 __do_fclose
FILE *f
= NULL
;
596 f
= fopen_cached("/proc/self/mountinfo", "re", &fopen_cache
);
600 while (getline(&line
, &len
, f
) != -1) {
604 for (p
= line
, i
= 0; p
&& i
< 4; i
++)
605 p
= strchr(p
+ 1, ' ');
609 p2
= strchr(p
+ 1, ' ');
613 if (strcmp(p
+ 1, "/") == 0) {
614 /* This is '/'. Is it the ramfs? */
615 p
= strchr(p2
+ 1, '-');
616 if (p
&& strncmp(p
, "- rootfs rootfs ", 16) == 0)
624 static int pivot_enter()
626 __do_close
int oldroot
= -EBADF
, newroot
= -EBADF
;
628 oldroot
= open("/", O_DIRECTORY
| O_RDONLY
| O_CLOEXEC
);
630 return log_error_errno(-1, errno
,
631 "Failed to open old root for fchdir");
633 newroot
= open(ROOTDIR
, O_DIRECTORY
| O_RDONLY
| O_CLOEXEC
);
635 return log_error_errno(-1, errno
,
636 "Failed to open new root for fchdir");
638 /* change into new root fs */
639 if (fchdir(newroot
) < 0)
640 return log_error_errno(-1,
641 errno
, "Failed to change directory to new rootfs: %s",
644 /* pivot_root into our new root fs */
645 if (pivot_root(".", ".") < 0)
646 return log_error_errno(-1, errno
,
647 "pivot_root() syscall failed: %s",
651 * At this point the old-root is mounted on top of our new-root.
652 * To unmounted it we must not be chdir'd into it, so escape back
655 if (fchdir(oldroot
) < 0)
656 return log_error_errno(-1, errno
, "Failed to enter old root");
658 if (umount2(".", MNT_DETACH
) < 0)
659 return log_error_errno(-1, errno
, "Failed to detach old root");
661 if (fchdir(newroot
) < 0)
662 return log_error_errno(-1, errno
, "Failed to re-enter new root");
667 static int chroot_enter()
669 if (mount(ROOTDIR
, "/", NULL
, MS_REC
| MS_BIND
, NULL
)) {
670 lxcfs_error("Failed to recursively bind-mount %s into /.", ROOTDIR
);
674 if (chroot(".") < 0) {
675 lxcfs_error("Call to chroot() failed: %s.\n", strerror(errno
));
679 if (chdir("/") < 0) {
680 lxcfs_error("Failed to change directory: %s.\n", strerror(errno
));
687 static int permute_and_enter(void)
691 if (statfs("/", &sb
) < 0) {
692 lxcfs_error("%s\n", "Could not stat / mountpoint.");
696 /* has_fs_type() is not reliable. When the ramfs is a tmpfs it will
697 * likely report TMPFS_MAGIC. Hence, when it reports no we still check
698 * /proc/1/mountinfo. */
699 if (has_fs_type(&sb
, RAMFS_MAGIC
) || is_on_ramfs())
700 return chroot_enter();
702 if (pivot_enter() < 0) {
703 lxcfs_error("%s\n", "Could not perform pivot root.");
710 /* Prepare our new clean root. */
711 static int permute_prepare(void)
713 if (mkdir(ROOTDIR
, 0700) < 0 && errno
!= EEXIST
) {
714 lxcfs_error("%s\n", "Failed to create directory for new root.");
718 if (mount("/", ROOTDIR
, NULL
, MS_BIND
, 0) < 0) {
719 lxcfs_error("Failed to bind-mount / for new root: %s.\n", strerror(errno
));
723 if (mount(RUNTIME_PATH
, ROOTDIR RUNTIME_PATH
, NULL
, MS_BIND
, 0) < 0) {
724 lxcfs_error("Failed to bind-mount /run into new root: %s.\n", strerror(errno
));
728 if (mount(BASEDIR
, ROOTDIR BASEDIR
, NULL
, MS_REC
| MS_MOVE
, 0) < 0) {
729 printf("Failed to move " BASEDIR
" into new root: %s.\n", strerror(errno
));
736 /* Calls chroot() on ramfs, pivot_root() in all other cases. */
737 static bool permute_root(void)
739 /* Prepare new root. */
740 if (permute_prepare() < 0)
743 /* Pivot into new root. */
744 if (permute_and_enter() < 0)
750 static bool cgfs_prepare_mounts(void)
752 if (!mkdir_p(BASEDIR
, 0700)) {
753 lxcfs_error("%s\n", "Failed to create lxcfs cgroup mountpoint.");
757 if (!umount_if_mounted()) {
758 lxcfs_error("%s\n", "Failed to clean up old lxcfs cgroup mountpoint.");
762 if (unshare(CLONE_NEWNS
) < 0) {
763 lxcfs_error("Failed to unshare mount namespace: %s.\n", strerror(errno
));
767 cgroup_ops
->mntns_fd
= preserve_ns(getpid(), "mnt");
768 if (cgroup_ops
->mntns_fd
< 0) {
769 lxcfs_error("Failed to preserve mount namespace: %s.\n", strerror(errno
));
773 if (mount(NULL
, "/", NULL
, MS_REC
| MS_PRIVATE
, 0) < 0) {
774 lxcfs_error("Failed to remount / private: %s.\n", strerror(errno
));
778 if (mount("tmpfs", BASEDIR
, "tmpfs", 0, "size=100000,mode=700") < 0) {
779 lxcfs_error("%s\n", "Failed to mount tmpfs over lxcfs cgroup mountpoint.");
786 static bool cgfs_mount_hierarchies(void)
788 if (!mkdir_p(BASEDIR DEFAULT_CGROUP_MOUNTPOINT
, 0755))
791 if (!cgroup_ops
->mount(cgroup_ops
, BASEDIR
))
794 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++) {
795 __do_free
char *path
= must_make_path(BASEDIR
, (*h
)->mountpoint
, NULL
);
796 (*h
)->fd
= open(path
, O_DIRECTORY
| O_CLOEXEC
| O_NOFOLLOW
);
804 static bool cgfs_setup_controllers(void)
806 if (!cgfs_prepare_mounts())
809 if (!cgfs_mount_hierarchies())
810 return log_error_errno(false, errno
, "Failed to set up private lxcfs cgroup mounts");
818 static void sigusr2_toggle_virtualization(int signo
, siginfo_t
*info
, void *extra
)
822 if (reload_successful
) {
823 reload_successful
= 0;
825 /* write() is async signal safe */
826 ret
= write(STDERR_FILENO
,
827 "Switched into non-virtualization mode\n",
828 STRLITERALLEN("Switched into non-virtualization mode\n"));
830 goto please_compiler
;
832 reload_successful
= 1;
834 /* write() is async signal safe */
835 ret
= write(STDERR_FILENO
, "Switched into virtualization mode\n",
836 STRLITERALLEN("Switched into virtualization mode\n"));
838 goto please_compiler
;
843 * The write() syscall is a function whose return value needs to be
844 * checked. Otherwise the compiler will warn.Another one could be to
845 * use syscall(__NR_write, ...) directly but whatever.
850 static void __attribute__((constructor
)) lxcfs_init(void)
852 __do_close
int init_ns
= -EBADF
, root_fd
= -EBADF
,
857 lxcfs_info("Running constructor %s to reload liblxcfs", __func__
);
859 cgroup_ops
= cgroup_init();
861 lxcfs_info("Failed to initialize cgroup support");
865 /* Preserve initial namespace. */
867 init_ns
= preserve_ns(pid
, "mnt");
869 lxcfs_info("Failed to preserve initial mount namespace");
873 /* This function calls unshare(CLONE_NEWNS) our initial mount namespace
874 * to privately mount lxcfs cgroups. */
875 if (!cgfs_setup_controllers()) {
876 log_exit("Failed to setup private cgroup mounts for lxcfs");
880 if (setns(init_ns
, 0) < 0) {
881 log_exit("%s - Failed to switch back to initial mount namespace", strerror(errno
));
885 if (!init_cpuview()) {
886 log_exit("Failed to init CPU view");
890 lxcfs_info("mount namespace: %d", cgroup_ops
->mntns_fd
);
891 lxcfs_info("hierarchies:");
893 for (struct hierarchy
**h
= cgroup_ops
->hierarchies
; h
&& *h
; h
++, i
++) {
894 char **controller_list
= (*h
)->controllers
;
895 __do_free
char *controllers
= NULL
;
896 if (controller_list
&& *controller_list
)
897 controllers
= lxc_string_join(",", (const char **)controller_list
, false);
898 lxcfs_info(" %2d: fd: %3d: %s", i
, (*h
)->fd
, controllers
?: "");
901 pidfd
= pidfd_open(pid
, 0);
902 if (pidfd
>= 0 && pidfd_send_signal(pidfd
, 0, NULL
, 0) == 0) {
903 can_use_pidfd
= true;
904 lxcfs_info("Kernel supports pidfds");
907 can_use_swap
= cgroup_ops
->can_use_swap(cgroup_ops
);
909 lxcfs_info("Kernel supports swap accounting");
911 lxcfs_info("Kernel does not support swap accounting");
913 lxcfs_info("api_extensions:");
914 for (i
= 0; i
< nr_api_extensions
; i
++)
915 lxcfs_info("- %s", api_extensions
[i
]);
917 root_fd
= open("/", O_PATH
| O_CLOEXEC
);
919 lxcfs_info("%s - Failed to open root directory", strerror(errno
));
920 else if (fchdir(root_fd
) < 0)
921 lxcfs_info("%s - Failed to change to root directory", strerror(errno
));
923 if (install_signal_handler(SIGUSR2
, sigusr2_toggle_virtualization
)) {
924 lxcfs_info("%s - Failed to install SIGUSR2 signal handler", strerror(errno
));
928 reload_successful
= 1;
932 reload_successful
= 0;
933 lxcfs_info("Failed to run constructor %s to reload liblxcfs", __func__
);
936 static void __attribute__((destructor
)) lxcfs_exit(void)
938 lxcfs_info("Running destructor %s", __func__
);
940 clear_initpid_store();
942 cgroup_exit(cgroup_ops
);
945 void *lxcfs_fuse_init(struct fuse_conn_info
*conn
, struct fuse_config
*cfg
)
947 struct fuse_context
*fc
= fuse_get_context();
948 can_use_sys_cpu
= true;
949 has_versioned_opts
= true;
950 return fc
->private_data
;