1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/base.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * 7 * proc base directory handling functions 8 * 9 * 1999, Al Viro. Rewritten. Now it covers the whole per-process part. 10 * Instead of using magical inumbers to determine the kind of object 11 * we allocate and fill in-core inodes upon lookup. They don't even 12 * go into icache. We cache the reference to task_struct upon lookup too. 13 * Eventually it should become a filesystem in its own. We don't use the 14 * rest of procfs anymore. 15 * 16 * 17 * Changelog: 18 * 17-Jan-2005 19 * Allan Bezerra 20 * Bruna Moreira <bruna.moreira@indt.org.br> 21 * Edjard Mota <edjard.mota@indt.org.br> 22 * Ilias Biris <ilias.biris@indt.org.br> 23 * Mauricio Lin <mauricio.lin@indt.org.br> 24 * 25 * Embedded Linux Lab - 10LE Instituto Nokia de Tecnologia - INdT 26 * 27 * A new process specific entry (smaps) included in /proc. It shows the 28 * size of rss for each memory area. The maps entry lacks information 29 * about physical memory size (rss) for each mapped file, i.e., 30 * rss information for executables and library files. 31 * This additional information is useful for any tools that need to know 32 * about physical memory consumption for a process specific library. 33 * 34 * Changelog: 35 * 21-Feb-2005 36 * Embedded Linux Lab - 10LE Instituto Nokia de Tecnologia - INdT 37 * Pud inclusion in the page table walking. 38 * 39 * ChangeLog: 40 * 10-Mar-2005 41 * 10LE Instituto Nokia de Tecnologia - INdT: 42 * A better way to walks through the page table as suggested by Hugh Dickins. 43 * 44 * Simo Piiroinen <simo.piiroinen@nokia.com>: 45 * Smaps information related to shared, private, clean and dirty pages. 46 * 47 * Paul Mundt <paul.mundt@nokia.com>: 48 * Overall revision about smaps. 49 */ 50 51 #include <linux/uaccess.h> 52 53 #include <linux/errno.h> 54 #include <linux/time.h> 55 #include <linux/proc_fs.h> 56 #include <linux/stat.h> 57 #include <linux/task_io_accounting_ops.h> 58 #include <linux/init.h> 59 #include <linux/capability.h> 60 #include <linux/file.h> 61 #include <linux/fdtable.h> 62 #include <linux/generic-radix-tree.h> 63 #include <linux/string.h> 64 #include <linux/seq_file.h> 65 #include <linux/namei.h> 66 #include <linux/mnt_namespace.h> 67 #include <linux/mm.h> 68 #include <linux/swap.h> 69 #include <linux/rcupdate.h> 70 #include <linux/kallsyms.h> 71 #include <linux/stacktrace.h> 72 #include <linux/resource.h> 73 #include <linux/module.h> 74 #include <linux/mount.h> 75 #include <linux/security.h> 76 #include <linux/ptrace.h> 77 #include <linux/printk.h> 78 #include <linux/cache.h> 79 #include <linux/cgroup.h> 80 #include <linux/cpuset.h> 81 #include <linux/audit.h> 82 #include <linux/poll.h> 83 #include <linux/nsproxy.h> 84 #include <linux/oom.h> 85 #include <linux/elf.h> 86 #include <linux/pid_namespace.h> 87 #include <linux/user_namespace.h> 88 #include <linux/fs_struct.h> 89 #include <linux/slab.h> 90 #include <linux/sched/autogroup.h> 91 #include <linux/sched/mm.h> 92 #include <linux/sched/coredump.h> 93 #include <linux/sched/debug.h> 94 #include <linux/sched/stat.h> 95 #include <linux/posix-timers.h> 96 #include <linux/time_namespace.h> 97 #include <linux/resctrl.h> 98 #include <linux/cn_proc.h> 99 #include <linux/ksm.h> 100 #include <uapi/linux/lsm.h> 101 #include <trace/events/oom.h> 102 #include "internal.h" 103 #include "fd.h" 104 105 #include "../../lib/kstrtox.h" 106 107 /* NOTE: 108 * Implementing inode permission operations in /proc is almost 109 * certainly an error. Permission checks need to happen during 110 * each system call not at open time. The reason is that most of 111 * what we wish to check for permissions in /proc varies at runtime. 112 * 113 * The classic example of a problem is opening file descriptors 114 * in /proc for a task before it execs a suid executable. 115 */ 116 117 static u8 nlink_tid __ro_after_init; 118 static u8 nlink_tgid __ro_after_init; 119 120 struct pid_entry { 121 const char *name; 122 unsigned int len; 123 umode_t mode; 124 const struct inode_operations *iop; 125 const struct file_operations *fop; 126 union proc_op op; 127 }; 128 129 #define NOD(NAME, MODE, IOP, FOP, OP) { \ 130 .name = (NAME), \ 131 .len = sizeof(NAME) - 1, \ 132 .mode = MODE, \ 133 .iop = IOP, \ 134 .fop = FOP, \ 135 .op = OP, \ 136 } 137 138 #define DIR(NAME, MODE, iops, fops) \ 139 NOD(NAME, (S_IFDIR|(MODE)), &iops, &fops, {} ) 140 #define LNK(NAME, get_link) \ 141 NOD(NAME, (S_IFLNK|S_IRWXUGO), \ 142 &proc_pid_link_inode_operations, NULL, \ 143 { .proc_get_link = get_link } ) 144 #define REG(NAME, MODE, fops) \ 145 NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {}) 146 #define ONE(NAME, MODE, show) \ 147 NOD(NAME, (S_IFREG|(MODE)), \ 148 NULL, &proc_single_file_operations, \ 149 { .proc_show = show } ) 150 #define ATTR(LSMID, NAME, MODE) \ 151 NOD(NAME, (S_IFREG|(MODE)), \ 152 NULL, &proc_pid_attr_operations, \ 153 { .lsmid = LSMID }) 154 155 /* 156 * Count the number of hardlinks for the pid_entry table, excluding the . 157 * and .. links. 158 */ 159 static unsigned int __init pid_entry_nlink(const struct pid_entry *entries, 160 unsigned int n) 161 { 162 unsigned int i; 163 unsigned int count; 164 165 count = 2; 166 for (i = 0; i < n; ++i) { 167 if (S_ISDIR(entries[i].mode)) 168 ++count; 169 } 170 171 return count; 172 } 173 174 static int get_task_root(struct task_struct *task, struct path *root) 175 { 176 int result = -ENOENT; 177 178 task_lock(task); 179 if (task->fs) { 180 get_fs_root(task->fs, root); 181 result = 0; 182 } 183 task_unlock(task); 184 return result; 185 } 186 187 static int proc_cwd_link(struct dentry *dentry, struct path *path) 188 { 189 struct task_struct *task = get_proc_task(d_inode(dentry)); 190 int result = -ENOENT; 191 192 if (task) { 193 task_lock(task); 194 if (task->fs) { 195 get_fs_pwd(task->fs, path); 196 result = 0; 197 } 198 task_unlock(task); 199 put_task_struct(task); 200 } 201 return result; 202 } 203 204 static int proc_root_link(struct dentry *dentry, struct path *path) 205 { 206 struct task_struct *task = get_proc_task(d_inode(dentry)); 207 int result = -ENOENT; 208 209 if (task) { 210 result = get_task_root(task, path); 211 put_task_struct(task); 212 } 213 return result; 214 } 215 216 /* 217 * If the user used setproctitle(), we just get the string from 218 * user space at arg_start, and limit it to a maximum of one page. 219 */ 220 static ssize_t get_mm_proctitle(struct mm_struct *mm, char __user *buf, 221 size_t count, unsigned long pos, 222 unsigned long arg_start) 223 { 224 char *page; 225 int ret, got; 226 227 if (pos >= PAGE_SIZE) 228 return 0; 229 230 page = (char *)__get_free_page(GFP_KERNEL); 231 if (!page) 232 return -ENOMEM; 233 234 ret = 0; 235 got = access_remote_vm(mm, arg_start, page, PAGE_SIZE, FOLL_ANON); 236 if (got > 0) { 237 int len = strnlen(page, got); 238 239 /* Include the NUL character if it was found */ 240 if (len < got) 241 len++; 242 243 if (len > pos) { 244 len -= pos; 245 if (len > count) 246 len = count; 247 len -= copy_to_user(buf, page+pos, len); 248 if (!len) 249 len = -EFAULT; 250 ret = len; 251 } 252 } 253 free_page((unsigned long)page); 254 return ret; 255 } 256 257 static ssize_t get_mm_cmdline(struct mm_struct *mm, char __user *buf, 258 size_t count, loff_t *ppos) 259 { 260 unsigned long arg_start, arg_end, env_start, env_end; 261 unsigned long pos, len; 262 char *page, c; 263 264 /* Check if process spawned far enough to have cmdline. */ 265 if (!mm->env_end) 266 return 0; 267 268 spin_lock(&mm->arg_lock); 269 arg_start = mm->arg_start; 270 arg_end = mm->arg_end; 271 env_start = mm->env_start; 272 env_end = mm->env_end; 273 spin_unlock(&mm->arg_lock); 274 275 if (arg_start >= arg_end) 276 return 0; 277 278 /* 279 * We allow setproctitle() to overwrite the argument 280 * strings, and overflow past the original end. But 281 * only when it overflows into the environment area. 282 */ 283 if (env_start != arg_end || env_end < env_start) 284 env_start = env_end = arg_end; 285 len = env_end - arg_start; 286 287 /* We're not going to care if "*ppos" has high bits set */ 288 pos = *ppos; 289 if (pos >= len) 290 return 0; 291 if (count > len - pos) 292 count = len - pos; 293 if (!count) 294 return 0; 295 296 /* 297 * Magical special case: if the argv[] end byte is not 298 * zero, the user has overwritten it with setproctitle(3). 299 * 300 * Possible future enhancement: do this only once when 301 * pos is 0, and set a flag in the 'struct file'. 302 */ 303 if (access_remote_vm(mm, arg_end-1, &c, 1, FOLL_ANON) == 1 && c) 304 return get_mm_proctitle(mm, buf, count, pos, arg_start); 305 306 /* 307 * For the non-setproctitle() case we limit things strictly 308 * to the [arg_start, arg_end[ range. 309 */ 310 pos += arg_start; 311 if (pos < arg_start || pos >= arg_end) 312 return 0; 313 if (count > arg_end - pos) 314 count = arg_end - pos; 315 316 page = (char *)__get_free_page(GFP_KERNEL); 317 if (!page) 318 return -ENOMEM; 319 320 len = 0; 321 while (count) { 322 int got; 323 size_t size = min_t(size_t, PAGE_SIZE, count); 324 325 got = access_remote_vm(mm, pos, page, size, FOLL_ANON); 326 if (got <= 0) 327 break; 328 got -= copy_to_user(buf, page, got); 329 if (unlikely(!got)) { 330 if (!len) 331 len = -EFAULT; 332 break; 333 } 334 pos += got; 335 buf += got; 336 len += got; 337 count -= got; 338 } 339 340 free_page((unsigned long)page); 341 return len; 342 } 343 344 static ssize_t get_task_cmdline(struct task_struct *tsk, char __user *buf, 345 size_t count, loff_t *pos) 346 { 347 struct mm_struct *mm; 348 ssize_t ret; 349 350 mm = get_task_mm(tsk); 351 if (!mm) 352 return 0; 353 354 ret = get_mm_cmdline(mm, buf, count, pos); 355 mmput(mm); 356 return ret; 357 } 358 359 static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, 360 size_t count, loff_t *pos) 361 { 362 struct task_struct *tsk; 363 ssize_t ret; 364 365 BUG_ON(*pos < 0); 366 367 tsk = get_proc_task(file_inode(file)); 368 if (!tsk) 369 return -ESRCH; 370 ret = get_task_cmdline(tsk, buf, count, pos); 371 put_task_struct(tsk); 372 if (ret > 0) 373 *pos += ret; 374 return ret; 375 } 376 377 static const struct file_operations proc_pid_cmdline_ops = { 378 .read = proc_pid_cmdline_read, 379 .llseek = generic_file_llseek, 380 }; 381 382 #ifdef CONFIG_KALLSYMS 383 /* 384 * Provides a wchan file via kallsyms in a proper one-value-per-file format. 385 * Returns the resolved symbol. If that fails, simply return the address. 386 */ 387 static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, 388 struct pid *pid, struct task_struct *task) 389 { 390 unsigned long wchan; 391 char symname[KSYM_NAME_LEN]; 392 393 if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) 394 goto print0; 395 396 wchan = get_wchan(task); 397 if (wchan && !lookup_symbol_name(wchan, symname)) { 398 seq_puts(m, symname); 399 return 0; 400 } 401 402 print0: 403 seq_putc(m, '0'); 404 return 0; 405 } 406 #endif /* CONFIG_KALLSYMS */ 407 408 static int lock_trace(struct task_struct *task) 409 { 410 int err = down_read_killable(&task->signal->exec_update_lock); 411 if (err) 412 return err; 413 if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) { 414 up_read(&task->signal->exec_update_lock); 415 return -EPERM; 416 } 417 return 0; 418 } 419 420 static void unlock_trace(struct task_struct *task) 421 { 422 up_read(&task->signal->exec_update_lock); 423 } 424 425 #ifdef CONFIG_STACKTRACE 426 427 #define MAX_STACK_TRACE_DEPTH 64 428 429 static int proc_pid_stack(struct seq_file *m, struct pid_namespace *ns, 430 struct pid *pid, struct task_struct *task) 431 { 432 unsigned long *entries; 433 int err; 434 435 /* 436 * The ability to racily run the kernel stack unwinder on a running task 437 * and then observe the unwinder output is scary; while it is useful for 438 * debugging kernel issues, it can also allow an attacker to leak kernel 439 * stack contents. 440 * Doing this in a manner that is at least safe from races would require 441 * some work to ensure that the remote task can not be scheduled; and 442 * even then, this would still expose the unwinder as local attack 443 * surface. 444 * Therefore, this interface is restricted to root. 445 */ 446 if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) 447 return -EACCES; 448 449 entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), 450 GFP_KERNEL); 451 if (!entries) 452 return -ENOMEM; 453 454 err = lock_trace(task); 455 if (!err) { 456 unsigned int i, nr_entries; 457 458 nr_entries = stack_trace_save_tsk(task, entries, 459 MAX_STACK_TRACE_DEPTH, 0); 460 461 for (i = 0; i < nr_entries; i++) { 462 seq_printf(m, "[<0>] %pB\n", (void *)entries[i]); 463 } 464 465 unlock_trace(task); 466 } 467 kfree(entries); 468 469 return err; 470 } 471 #endif 472 473 #ifdef CONFIG_SCHED_INFO 474 /* 475 * Provides /proc/PID/schedstat 476 */ 477 static int proc_pid_schedstat(struct seq_file *m, struct pid_namespace *ns, 478 struct pid *pid, struct task_struct *task) 479 { 480 if (unlikely(!sched_info_on())) 481 seq_puts(m, "0 0 0\n"); 482 else 483 seq_printf(m, "%llu %llu %lu\n", 484 (unsigned long long)task->se.sum_exec_runtime, 485 (unsigned long long)task->sched_info.run_delay, 486 task->sched_info.pcount); 487 488 return 0; 489 } 490 #endif 491 492 #ifdef CONFIG_LATENCYTOP 493 static int lstats_show_proc(struct seq_file *m, void *v) 494 { 495 int i; 496 struct inode *inode = m->private; 497 struct task_struct *task = get_proc_task(inode); 498 499 if (!task) 500 return -ESRCH; 501 seq_puts(m, "Latency Top version : v0.1\n"); 502 for (i = 0; i < LT_SAVECOUNT; i++) { 503 struct latency_record *lr = &task->latency_record[i]; 504 if (lr->backtrace[0]) { 505 int q; 506 seq_printf(m, "%i %li %li", 507 lr->count, lr->time, lr->max); 508 for (q = 0; q < LT_BACKTRACEDEPTH; q++) { 509 unsigned long bt = lr->backtrace[q]; 510 511 if (!bt) 512 break; 513 seq_printf(m, " %ps", (void *)bt); 514 } 515 seq_putc(m, '\n'); 516 } 517 518 } 519 put_task_struct(task); 520 return 0; 521 } 522 523 static int lstats_open(struct inode *inode, struct file *file) 524 { 525 return single_open(file, lstats_show_proc, inode); 526 } 527 528 static ssize_t lstats_write(struct file *file, const char __user *buf, 529 size_t count, loff_t *offs) 530 { 531 struct task_struct *task = get_proc_task(file_inode(file)); 532 533 if (!task) 534 return -ESRCH; 535 clear_tsk_latency_tracing(task); 536 put_task_struct(task); 537 538 return count; 539 } 540 541 static const struct file_operations proc_lstats_operations = { 542 .open = lstats_open, 543 .read = seq_read, 544 .write = lstats_write, 545 .llseek = seq_lseek, 546 .release = single_release, 547 }; 548 549 #endif 550 551 static int proc_oom_score(struct seq_file *m, struct pid_namespace *ns, 552 struct pid *pid, struct task_struct *task) 553 { 554 unsigned long totalpages = totalram_pages() + total_swap_pages; 555 unsigned long points = 0; 556 long badness; 557 558 badness = oom_badness(task, totalpages); 559 /* 560 * Special case OOM_SCORE_ADJ_MIN for all others scale the 561 * badness value into [0, 2000] range which we have been 562 * exporting for a long time so userspace might depend on it. 563 */ 564 if (badness != LONG_MIN) 565 points = (1000 + badness * 1000 / (long)totalpages) * 2 / 3; 566 567 seq_printf(m, "%lu\n", points); 568 569 return 0; 570 } 571 572 struct limit_names { 573 const char *name; 574 const char *unit; 575 }; 576 577 static const struct limit_names lnames[RLIM_NLIMITS] = { 578 [RLIMIT_CPU] = {"Max cpu time", "seconds"}, 579 [RLIMIT_FSIZE] = {"Max file size", "bytes"}, 580 [RLIMIT_DATA] = {"Max data size", "bytes"}, 581 [RLIMIT_STACK] = {"Max stack size", "bytes"}, 582 [RLIMIT_CORE] = {"Max core file size", "bytes"}, 583 [RLIMIT_RSS] = {"Max resident set", "bytes"}, 584 [RLIMIT_NPROC] = {"Max processes", "processes"}, 585 [RLIMIT_NOFILE] = {"Max open files", "files"}, 586 [RLIMIT_MEMLOCK] = {"Max locked memory", "bytes"}, 587 [RLIMIT_AS] = {"Max address space", "bytes"}, 588 [RLIMIT_LOCKS] = {"Max file locks", "locks"}, 589 [RLIMIT_SIGPENDING] = {"Max pending signals", "signals"}, 590 [RLIMIT_MSGQUEUE] = {"Max msgqueue size", "bytes"}, 591 [RLIMIT_NICE] = {"Max nice priority", NULL}, 592 [RLIMIT_RTPRIO] = {"Max realtime priority", NULL}, 593 [RLIMIT_RTTIME] = {"Max realtime timeout", "us"}, 594 }; 595 596 /* Display limits for a process */ 597 static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, 598 struct pid *pid, struct task_struct *task) 599 { 600 unsigned int i; 601 unsigned long flags; 602 603 struct rlimit rlim[RLIM_NLIMITS]; 604 605 if (!lock_task_sighand(task, &flags)) 606 return 0; 607 memcpy(rlim, task->signal->rlim, sizeof(struct rlimit) * RLIM_NLIMITS); 608 unlock_task_sighand(task, &flags); 609 610 /* 611 * print the file header 612 */ 613 seq_puts(m, "Limit " 614 "Soft Limit " 615 "Hard Limit " 616 "Units \n"); 617 618 for (i = 0; i < RLIM_NLIMITS; i++) { 619 if (rlim[i].rlim_cur == RLIM_INFINITY) 620 seq_printf(m, "%-25s %-20s ", 621 lnames[i].name, "unlimited"); 622 else 623 seq_printf(m, "%-25s %-20lu ", 624 lnames[i].name, rlim[i].rlim_cur); 625 626 if (rlim[i].rlim_max == RLIM_INFINITY) 627 seq_printf(m, "%-20s ", "unlimited"); 628 else 629 seq_printf(m, "%-20lu ", rlim[i].rlim_max); 630 631 if (lnames[i].unit) 632 seq_printf(m, "%-10s\n", lnames[i].unit); 633 else 634 seq_putc(m, '\n'); 635 } 636 637 return 0; 638 } 639 640 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 641 static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, 642 struct pid *pid, struct task_struct *task) 643 { 644 struct syscall_info info; 645 u64 *args = &info.data.args[0]; 646 int res; 647 648 res = lock_trace(task); 649 if (res) 650 return res; 651 652 if (task_current_syscall(task, &info)) 653 seq_puts(m, "running\n"); 654 else if (info.data.nr < 0) 655 seq_printf(m, "%d 0x%llx 0x%llx\n", 656 info.data.nr, info.sp, info.data.instruction_pointer); 657 else 658 seq_printf(m, 659 "%d 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx\n", 660 info.data.nr, 661 args[0], args[1], args[2], args[3], args[4], args[5], 662 info.sp, info.data.instruction_pointer); 663 unlock_trace(task); 664 665 return 0; 666 } 667 #endif /* CONFIG_HAVE_ARCH_TRACEHOOK */ 668 669 /************************************************************************/ 670 /* Here the fs part begins */ 671 /************************************************************************/ 672 673 /* permission checks */ 674 static bool proc_fd_access_allowed(struct inode *inode) 675 { 676 struct task_struct *task; 677 bool allowed = false; 678 /* Allow access to a task's file descriptors if it is us or we 679 * may use ptrace attach to the process and find out that 680 * information. 681 */ 682 task = get_proc_task(inode); 683 if (task) { 684 allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); 685 put_task_struct(task); 686 } 687 return allowed; 688 } 689 690 int proc_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 691 struct iattr *attr) 692 { 693 int error; 694 struct inode *inode = d_inode(dentry); 695 696 if (attr->ia_valid & ATTR_MODE) 697 return -EPERM; 698 699 error = setattr_prepare(&nop_mnt_idmap, dentry, attr); 700 if (error) 701 return error; 702 703 setattr_copy(&nop_mnt_idmap, inode, attr); 704 return 0; 705 } 706 707 /* 708 * May current process learn task's sched/cmdline info (for hide_pid_min=1) 709 * or euid/egid (for hide_pid_min=2)? 710 */ 711 static bool has_pid_permissions(struct proc_fs_info *fs_info, 712 struct task_struct *task, 713 enum proc_hidepid hide_pid_min) 714 { 715 /* 716 * If 'hidpid' mount option is set force a ptrace check, 717 * we indicate that we are using a filesystem syscall 718 * by passing PTRACE_MODE_READ_FSCREDS 719 */ 720 if (fs_info->hide_pid == HIDEPID_NOT_PTRACEABLE) 721 return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); 722 723 if (fs_info->hide_pid < hide_pid_min) 724 return true; 725 if (in_group_p(fs_info->pid_gid)) 726 return true; 727 return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); 728 } 729 730 731 static int proc_pid_permission(struct mnt_idmap *idmap, 732 struct inode *inode, int mask) 733 { 734 struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb); 735 struct task_struct *task; 736 bool has_perms; 737 738 task = get_proc_task(inode); 739 if (!task) 740 return -ESRCH; 741 has_perms = has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS); 742 put_task_struct(task); 743 744 if (!has_perms) { 745 if (fs_info->hide_pid == HIDEPID_INVISIBLE) { 746 /* 747 * Let's make getdents(), stat(), and open() 748 * consistent with each other. If a process 749 * may not stat() a file, it shouldn't be seen 750 * in procfs at all. 751 */ 752 return -ENOENT; 753 } 754 755 return -EPERM; 756 } 757 return generic_permission(&nop_mnt_idmap, inode, mask); 758 } 759 760 761 762 static const struct inode_operations proc_def_inode_operations = { 763 .setattr = proc_setattr, 764 }; 765 766 static int proc_single_show(struct seq_file *m, void *v) 767 { 768 struct inode *inode = m->private; 769 struct pid_namespace *ns = proc_pid_ns(inode->i_sb); 770 struct pid *pid = proc_pid(inode); 771 struct task_struct *task; 772 int ret; 773 774 task = get_pid_task(pid, PIDTYPE_PID); 775 if (!task) 776 return -ESRCH; 777 778 ret = PROC_I(inode)->op.proc_show(m, ns, pid, task); 779 780 put_task_struct(task); 781 return ret; 782 } 783 784 static int proc_single_open(struct inode *inode, struct file *filp) 785 { 786 return single_open(filp, proc_single_show, inode); 787 } 788 789 static const struct file_operations proc_single_file_operations = { 790 .open = proc_single_open, 791 .read = seq_read, 792 .llseek = seq_lseek, 793 .release = single_release, 794 }; 795 796 797 struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) 798 { 799 struct task_struct *task = get_proc_task(inode); 800 struct mm_struct *mm = ERR_PTR(-ESRCH); 801 802 if (task) { 803 mm = mm_access(task, mode | PTRACE_MODE_FSCREDS); 804 put_task_struct(task); 805 806 if (!IS_ERR_OR_NULL(mm)) { 807 /* ensure this mm_struct can't be freed */ 808 mmgrab(mm); 809 /* but do not pin its memory */ 810 mmput(mm); 811 } 812 } 813 814 return mm; 815 } 816 817 static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) 818 { 819 struct mm_struct *mm = proc_mem_open(inode, mode); 820 821 if (IS_ERR(mm)) 822 return PTR_ERR(mm); 823 824 file->private_data = mm; 825 return 0; 826 } 827 828 static int mem_open(struct inode *inode, struct file *file) 829 { 830 int ret = __mem_open(inode, file, PTRACE_MODE_ATTACH); 831 832 /* OK to pass negative loff_t, we can catch out-of-range */ 833 file->f_mode |= FMODE_UNSIGNED_OFFSET; 834 835 return ret; 836 } 837 838 static ssize_t mem_rw(struct file *file, char __user *buf, 839 size_t count, loff_t *ppos, int write) 840 { 841 struct mm_struct *mm = file->private_data; 842 unsigned long addr = *ppos; 843 ssize_t copied; 844 char *page; 845 unsigned int flags; 846 847 if (!mm) 848 return 0; 849 850 page = (char *)__get_free_page(GFP_KERNEL); 851 if (!page) 852 return -ENOMEM; 853 854 copied = 0; 855 if (!mmget_not_zero(mm)) 856 goto free; 857 858 flags = FOLL_FORCE | (write ? FOLL_WRITE : 0); 859 860 while (count > 0) { 861 size_t this_len = min_t(size_t, count, PAGE_SIZE); 862 863 if (write && copy_from_user(page, buf, this_len)) { 864 copied = -EFAULT; 865 break; 866 } 867 868 this_len = access_remote_vm(mm, addr, page, this_len, flags); 869 if (!this_len) { 870 if (!copied) 871 copied = -EIO; 872 break; 873 } 874 875 if (!write && copy_to_user(buf, page, this_len)) { 876 copied = -EFAULT; 877 break; 878 } 879 880 buf += this_len; 881 addr += this_len; 882 copied += this_len; 883 count -= this_len; 884 } 885 *ppos = addr; 886 887 mmput(mm); 888 free: 889 free_page((unsigned long) page); 890 return copied; 891 } 892 893 static ssize_t mem_read(struct file *file, char __user *buf, 894 size_t count, loff_t *ppos) 895 { 896 return mem_rw(file, buf, count, ppos, 0); 897 } 898 899 static ssize_t mem_write(struct file *file, const char __user *buf, 900 size_t count, loff_t *ppos) 901 { 902 return mem_rw(file, (char __user*)buf, count, ppos, 1); 903 } 904 905 loff_t mem_lseek(struct file *file, loff_t offset, int orig) 906 { 907 switch (orig) { 908 case 0: 909 file->f_pos = offset; 910 break; 911 case 1: 912 file->f_pos += offset; 913 break; 914 default: 915 return -EINVAL; 916 } 917 force_successful_syscall_return(); 918 return file->f_pos; 919 } 920 921 static int mem_release(struct inode *inode, struct file *file) 922 { 923 struct mm_struct *mm = file->private_data; 924 if (mm) 925 mmdrop(mm); 926 return 0; 927 } 928 929 static const struct file_operations proc_mem_operations = { 930 .llseek = mem_lseek, 931 .read = mem_read, 932 .write = mem_write, 933 .open = mem_open, 934 .release = mem_release, 935 }; 936 937 static int environ_open(struct inode *inode, struct file *file) 938 { 939 return __mem_open(inode, file, PTRACE_MODE_READ); 940 } 941 942 static ssize_t environ_read(struct file *file, char __user *buf, 943 size_t count, loff_t *ppos) 944 { 945 char *page; 946 unsigned long src = *ppos; 947 int ret = 0; 948 struct mm_struct *mm = file->private_data; 949 unsigned long env_start, env_end; 950 951 /* Ensure the process spawned far enough to have an environment. */ 952 if (!mm || !mm->env_end) 953 return 0; 954 955 page = (char *)__get_free_page(GFP_KERNEL); 956 if (!page) 957 return -ENOMEM; 958 959 ret = 0; 960 if (!mmget_not_zero(mm)) 961 goto free; 962 963 spin_lock(&mm->arg_lock); 964 env_start = mm->env_start; 965 env_end = mm->env_end; 966 spin_unlock(&mm->arg_lock); 967 968 while (count > 0) { 969 size_t this_len, max_len; 970 int retval; 971 972 if (src >= (env_end - env_start)) 973 break; 974 975 this_len = env_end - (env_start + src); 976 977 max_len = min_t(size_t, PAGE_SIZE, count); 978 this_len = min(max_len, this_len); 979 980 retval = access_remote_vm(mm, (env_start + src), page, this_len, FOLL_ANON); 981 982 if (retval <= 0) { 983 ret = retval; 984 break; 985 } 986 987 if (copy_to_user(buf, page, retval)) { 988 ret = -EFAULT; 989 break; 990 } 991 992 ret += retval; 993 src += retval; 994 buf += retval; 995 count -= retval; 996 } 997 *ppos = src; 998 mmput(mm); 999 1000 free: 1001 free_page((unsigned long) page); 1002 return ret; 1003 } 1004 1005 static const struct file_operations proc_environ_operations = { 1006 .open = environ_open, 1007 .read = environ_read, 1008 .llseek = generic_file_llseek, 1009 .release = mem_release, 1010 }; 1011 1012 static int auxv_open(struct inode *inode, struct file *file) 1013 { 1014 return __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS); 1015 } 1016 1017 static ssize_t auxv_read(struct file *file, char __user *buf, 1018 size_t count, loff_t *ppos) 1019 { 1020 struct mm_struct *mm = file->private_data; 1021 unsigned int nwords = 0; 1022 1023 if (!mm) 1024 return 0; 1025 do { 1026 nwords += 2; 1027 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ 1028 return simple_read_from_buffer(buf, count, ppos, mm->saved_auxv, 1029 nwords * sizeof(mm->saved_auxv[0])); 1030 } 1031 1032 static const struct file_operations proc_auxv_operations = { 1033 .open = auxv_open, 1034 .read = auxv_read, 1035 .llseek = generic_file_llseek, 1036 .release = mem_release, 1037 }; 1038 1039 static ssize_t oom_adj_read(struct file *file, char __user *buf, size_t count, 1040 loff_t *ppos) 1041 { 1042 struct task_struct *task = get_proc_task(file_inode(file)); 1043 char buffer[PROC_NUMBUF]; 1044 int oom_adj = OOM_ADJUST_MIN; 1045 size_t len; 1046 1047 if (!task) 1048 return -ESRCH; 1049 if (task->signal->oom_score_adj == OOM_SCORE_ADJ_MAX) 1050 oom_adj = OOM_ADJUST_MAX; 1051 else 1052 oom_adj = (task->signal->oom_score_adj * -OOM_DISABLE) / 1053 OOM_SCORE_ADJ_MAX; 1054 put_task_struct(task); 1055 if (oom_adj > OOM_ADJUST_MAX) 1056 oom_adj = OOM_ADJUST_MAX; 1057 len = snprintf(buffer, sizeof(buffer), "%d\n", oom_adj); 1058 return simple_read_from_buffer(buf, count, ppos, buffer, len); 1059 } 1060 1061 static int __set_oom_adj(struct file *file, int oom_adj, bool legacy) 1062 { 1063 struct mm_struct *mm = NULL; 1064 struct task_struct *task; 1065 int err = 0; 1066 1067 task = get_proc_task(file_inode(file)); 1068 if (!task) 1069 return -ESRCH; 1070 1071 mutex_lock(&oom_adj_mutex); 1072 if (legacy) { 1073 if (oom_adj < task->signal->oom_score_adj && 1074 !capable(CAP_SYS_RESOURCE)) { 1075 err = -EACCES; 1076 goto err_unlock; 1077 } 1078 /* 1079 * /proc/pid/oom_adj is provided for legacy purposes, ask users to use 1080 * /proc/pid/oom_score_adj instead. 1081 */ 1082 pr_warn_once("%s (%d): /proc/%d/oom_adj is deprecated, please use /proc/%d/oom_score_adj instead.\n", 1083 current->comm, task_pid_nr(current), task_pid_nr(task), 1084 task_pid_nr(task)); 1085 } else { 1086 if ((short)oom_adj < task->signal->oom_score_adj_min && 1087 !capable(CAP_SYS_RESOURCE)) { 1088 err = -EACCES; 1089 goto err_unlock; 1090 } 1091 } 1092 1093 /* 1094 * Make sure we will check other processes sharing the mm if this is 1095 * not vfrok which wants its own oom_score_adj. 1096 * pin the mm so it doesn't go away and get reused after task_unlock 1097 */ 1098 if (!task->vfork_done) { 1099 struct task_struct *p = find_lock_task_mm(task); 1100 1101 if (p) { 1102 if (test_bit(MMF_MULTIPROCESS, &p->mm->flags)) { 1103 mm = p->mm; 1104 mmgrab(mm); 1105 } 1106 task_unlock(p); 1107 } 1108 } 1109 1110 task->signal->oom_score_adj = oom_adj; 1111 if (!legacy && has_capability_noaudit(current, CAP_SYS_RESOURCE)) 1112 task->signal->oom_score_adj_min = (short)oom_adj; 1113 trace_oom_score_adj_update(task); 1114 1115 if (mm) { 1116 struct task_struct *p; 1117 1118 rcu_read_lock(); 1119 for_each_process(p) { 1120 if (same_thread_group(task, p)) 1121 continue; 1122 1123 /* do not touch kernel threads or the global init */ 1124 if (p->flags & PF_KTHREAD || is_global_init(p)) 1125 continue; 1126 1127 task_lock(p); 1128 if (!p->vfork_done && process_shares_mm(p, mm)) { 1129 p->signal->oom_score_adj = oom_adj; 1130 if (!legacy && has_capability_noaudit(current, CAP_SYS_RESOURCE)) 1131 p->signal->oom_score_adj_min = (short)oom_adj; 1132 } 1133 task_unlock(p); 1134 } 1135 rcu_read_unlock(); 1136 mmdrop(mm); 1137 } 1138 err_unlock: 1139 mutex_unlock(&oom_adj_mutex); 1140 put_task_struct(task); 1141 return err; 1142 } 1143 1144 /* 1145 * /proc/pid/oom_adj exists solely for backwards compatibility with previous 1146 * kernels. The effective policy is defined by oom_score_adj, which has a 1147 * different scale: oom_adj grew exponentially and oom_score_adj grows linearly. 1148 * Values written to oom_adj are simply mapped linearly to oom_score_adj. 1149 * Processes that become oom disabled via oom_adj will still be oom disabled 1150 * with this implementation. 1151 * 1152 * oom_adj cannot be removed since existing userspace binaries use it. 1153 */ 1154 static ssize_t oom_adj_write(struct file *file, const char __user *buf, 1155 size_t count, loff_t *ppos) 1156 { 1157 char buffer[PROC_NUMBUF] = {}; 1158 int oom_adj; 1159 int err; 1160 1161 if (count > sizeof(buffer) - 1) 1162 count = sizeof(buffer) - 1; 1163 if (copy_from_user(buffer, buf, count)) { 1164 err = -EFAULT; 1165 goto out; 1166 } 1167 1168 err = kstrtoint(strstrip(buffer), 0, &oom_adj); 1169 if (err) 1170 goto out; 1171 if ((oom_adj < OOM_ADJUST_MIN || oom_adj > OOM_ADJUST_MAX) && 1172 oom_adj != OOM_DISABLE) { 1173 err = -EINVAL; 1174 goto out; 1175 } 1176 1177 /* 1178 * Scale /proc/pid/oom_score_adj appropriately ensuring that a maximum 1179 * value is always attainable. 1180 */ 1181 if (oom_adj == OOM_ADJUST_MAX) 1182 oom_adj = OOM_SCORE_ADJ_MAX; 1183 else 1184 oom_adj = (oom_adj * OOM_SCORE_ADJ_MAX) / -OOM_DISABLE; 1185 1186 err = __set_oom_adj(file, oom_adj, true); 1187 out: 1188 return err < 0 ? err : count; 1189 } 1190 1191 static const struct file_operations proc_oom_adj_operations = { 1192 .read = oom_adj_read, 1193 .write = oom_adj_write, 1194 .llseek = generic_file_llseek, 1195 }; 1196 1197 static ssize_t oom_score_adj_read(struct file *file, char __user *buf, 1198 size_t count, loff_t *ppos) 1199 { 1200 struct task_struct *task = get_proc_task(file_inode(file)); 1201 char buffer[PROC_NUMBUF]; 1202 short oom_score_adj = OOM_SCORE_ADJ_MIN; 1203 size_t len; 1204 1205 if (!task) 1206 return -ESRCH; 1207 oom_score_adj = task->signal->oom_score_adj; 1208 put_task_struct(task); 1209 len = snprintf(buffer, sizeof(buffer), "%hd\n", oom_score_adj); 1210 return simple_read_from_buffer(buf, count, ppos, buffer, len); 1211 } 1212 1213 static ssize_t oom_score_adj_write(struct file *file, const char __user *buf, 1214 size_t count, loff_t *ppos) 1215 { 1216 char buffer[PROC_NUMBUF] = {}; 1217 int oom_score_adj; 1218 int err; 1219 1220 if (count > sizeof(buffer) - 1) 1221 count = sizeof(buffer) - 1; 1222 if (copy_from_user(buffer, buf, count)) { 1223 err = -EFAULT; 1224 goto out; 1225 } 1226 1227 err = kstrtoint(strstrip(buffer), 0, &oom_score_adj); 1228 if (err) 1229 goto out; 1230 if (oom_score_adj < OOM_SCORE_ADJ_MIN || 1231 oom_score_adj > OOM_SCORE_ADJ_MAX) { 1232 err = -EINVAL; 1233 goto out; 1234 } 1235 1236 err = __set_oom_adj(file, oom_score_adj, false); 1237 out: 1238 return err < 0 ? err : count; 1239 } 1240 1241 static const struct file_operations proc_oom_score_adj_operations = { 1242 .read = oom_score_adj_read, 1243 .write = oom_score_adj_write, 1244 .llseek = default_llseek, 1245 }; 1246 1247 #ifdef CONFIG_AUDIT 1248 #define TMPBUFLEN 11 1249 static ssize_t proc_loginuid_read(struct file * file, char __user * buf, 1250 size_t count, loff_t *ppos) 1251 { 1252 struct inode * inode = file_inode(file); 1253 struct task_struct *task = get_proc_task(inode); 1254 ssize_t length; 1255 char tmpbuf[TMPBUFLEN]; 1256 1257 if (!task) 1258 return -ESRCH; 1259 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1260 from_kuid(file->f_cred->user_ns, 1261 audit_get_loginuid(task))); 1262 put_task_struct(task); 1263 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1264 } 1265 1266 static ssize_t proc_loginuid_write(struct file * file, const char __user * buf, 1267 size_t count, loff_t *ppos) 1268 { 1269 struct inode * inode = file_inode(file); 1270 uid_t loginuid; 1271 kuid_t kloginuid; 1272 int rv; 1273 1274 /* Don't let kthreads write their own loginuid */ 1275 if (current->flags & PF_KTHREAD) 1276 return -EPERM; 1277 1278 rcu_read_lock(); 1279 if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) { 1280 rcu_read_unlock(); 1281 return -EPERM; 1282 } 1283 rcu_read_unlock(); 1284 1285 if (*ppos != 0) { 1286 /* No partial writes. */ 1287 return -EINVAL; 1288 } 1289 1290 rv = kstrtou32_from_user(buf, count, 10, &loginuid); 1291 if (rv < 0) 1292 return rv; 1293 1294 /* is userspace tring to explicitly UNSET the loginuid? */ 1295 if (loginuid == AUDIT_UID_UNSET) { 1296 kloginuid = INVALID_UID; 1297 } else { 1298 kloginuid = make_kuid(file->f_cred->user_ns, loginuid); 1299 if (!uid_valid(kloginuid)) 1300 return -EINVAL; 1301 } 1302 1303 rv = audit_set_loginuid(kloginuid); 1304 if (rv < 0) 1305 return rv; 1306 return count; 1307 } 1308 1309 static const struct file_operations proc_loginuid_operations = { 1310 .read = proc_loginuid_read, 1311 .write = proc_loginuid_write, 1312 .llseek = generic_file_llseek, 1313 }; 1314 1315 static ssize_t proc_sessionid_read(struct file * file, char __user * buf, 1316 size_t count, loff_t *ppos) 1317 { 1318 struct inode * inode = file_inode(file); 1319 struct task_struct *task = get_proc_task(inode); 1320 ssize_t length; 1321 char tmpbuf[TMPBUFLEN]; 1322 1323 if (!task) 1324 return -ESRCH; 1325 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1326 audit_get_sessionid(task)); 1327 put_task_struct(task); 1328 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1329 } 1330 1331 static const struct file_operations proc_sessionid_operations = { 1332 .read = proc_sessionid_read, 1333 .llseek = generic_file_llseek, 1334 }; 1335 #endif 1336 1337 #ifdef CONFIG_FAULT_INJECTION 1338 static ssize_t proc_fault_inject_read(struct file * file, char __user * buf, 1339 size_t count, loff_t *ppos) 1340 { 1341 struct task_struct *task = get_proc_task(file_inode(file)); 1342 char buffer[PROC_NUMBUF]; 1343 size_t len; 1344 int make_it_fail; 1345 1346 if (!task) 1347 return -ESRCH; 1348 make_it_fail = task->make_it_fail; 1349 put_task_struct(task); 1350 1351 len = snprintf(buffer, sizeof(buffer), "%i\n", make_it_fail); 1352 1353 return simple_read_from_buffer(buf, count, ppos, buffer, len); 1354 } 1355 1356 static ssize_t proc_fault_inject_write(struct file * file, 1357 const char __user * buf, size_t count, loff_t *ppos) 1358 { 1359 struct task_struct *task; 1360 char buffer[PROC_NUMBUF] = {}; 1361 int make_it_fail; 1362 int rv; 1363 1364 if (!capable(CAP_SYS_RESOURCE)) 1365 return -EPERM; 1366 1367 if (count > sizeof(buffer) - 1) 1368 count = sizeof(buffer) - 1; 1369 if (copy_from_user(buffer, buf, count)) 1370 return -EFAULT; 1371 rv = kstrtoint(strstrip(buffer), 0, &make_it_fail); 1372 if (rv < 0) 1373 return rv; 1374 if (make_it_fail < 0 || make_it_fail > 1) 1375 return -EINVAL; 1376 1377 task = get_proc_task(file_inode(file)); 1378 if (!task) 1379 return -ESRCH; 1380 task->make_it_fail = make_it_fail; 1381 put_task_struct(task); 1382 1383 return count; 1384 } 1385 1386 static const struct file_operations proc_fault_inject_operations = { 1387 .read = proc_fault_inject_read, 1388 .write = proc_fault_inject_write, 1389 .llseek = generic_file_llseek, 1390 }; 1391 1392 static ssize_t proc_fail_nth_write(struct file *file, const char __user *buf, 1393 size_t count, loff_t *ppos) 1394 { 1395 struct task_struct *task; 1396 int err; 1397 unsigned int n; 1398 1399 err = kstrtouint_from_user(buf, count, 0, &n); 1400 if (err) 1401 return err; 1402 1403 task = get_proc_task(file_inode(file)); 1404 if (!task) 1405 return -ESRCH; 1406 task->fail_nth = n; 1407 put_task_struct(task); 1408 1409 return count; 1410 } 1411 1412 static ssize_t proc_fail_nth_read(struct file *file, char __user *buf, 1413 size_t count, loff_t *ppos) 1414 { 1415 struct task_struct *task; 1416 char numbuf[PROC_NUMBUF]; 1417 ssize_t len; 1418 1419 task = get_proc_task(file_inode(file)); 1420 if (!task) 1421 return -ESRCH; 1422 len = snprintf(numbuf, sizeof(numbuf), "%u\n", task->fail_nth); 1423 put_task_struct(task); 1424 return simple_read_from_buffer(buf, count, ppos, numbuf, len); 1425 } 1426 1427 static const struct file_operations proc_fail_nth_operations = { 1428 .read = proc_fail_nth_read, 1429 .write = proc_fail_nth_write, 1430 }; 1431 #endif 1432 1433 1434 #ifdef CONFIG_SCHED_DEBUG 1435 /* 1436 * Print out various scheduling related per-task fields: 1437 */ 1438 static int sched_show(struct seq_file *m, void *v) 1439 { 1440 struct inode *inode = m->private; 1441 struct pid_namespace *ns = proc_pid_ns(inode->i_sb); 1442 struct task_struct *p; 1443 1444 p = get_proc_task(inode); 1445 if (!p) 1446 return -ESRCH; 1447 proc_sched_show_task(p, ns, m); 1448 1449 put_task_struct(p); 1450 1451 return 0; 1452 } 1453 1454 static ssize_t 1455 sched_write(struct file *file, const char __user *buf, 1456 size_t count, loff_t *offset) 1457 { 1458 struct inode *inode = file_inode(file); 1459 struct task_struct *p; 1460 1461 p = get_proc_task(inode); 1462 if (!p) 1463 return -ESRCH; 1464 proc_sched_set_task(p); 1465 1466 put_task_struct(p); 1467 1468 return count; 1469 } 1470 1471 static int sched_open(struct inode *inode, struct file *filp) 1472 { 1473 return single_open(filp, sched_show, inode); 1474 } 1475 1476 static const struct file_operations proc_pid_sched_operations = { 1477 .open = sched_open, 1478 .read = seq_read, 1479 .write = sched_write, 1480 .llseek = seq_lseek, 1481 .release = single_release, 1482 }; 1483 1484 #endif 1485 1486 #ifdef CONFIG_SCHED_AUTOGROUP 1487 /* 1488 * Print out autogroup related information: 1489 */ 1490 static int sched_autogroup_show(struct seq_file *m, void *v) 1491 { 1492 struct inode *inode = m->private; 1493 struct task_struct *p; 1494 1495 p = get_proc_task(inode); 1496 if (!p) 1497 return -ESRCH; 1498 proc_sched_autogroup_show_task(p, m); 1499 1500 put_task_struct(p); 1501 1502 return 0; 1503 } 1504 1505 static ssize_t 1506 sched_autogroup_write(struct file *file, const char __user *buf, 1507 size_t count, loff_t *offset) 1508 { 1509 struct inode *inode = file_inode(file); 1510 struct task_struct *p; 1511 char buffer[PROC_NUMBUF] = {}; 1512 int nice; 1513 int err; 1514 1515 if (count > sizeof(buffer) - 1) 1516 count = sizeof(buffer) - 1; 1517 if (copy_from_user(buffer, buf, count)) 1518 return -EFAULT; 1519 1520 err = kstrtoint(strstrip(buffer), 0, &nice); 1521 if (err < 0) 1522 return err; 1523 1524 p = get_proc_task(inode); 1525 if (!p) 1526 return -ESRCH; 1527 1528 err = proc_sched_autogroup_set_nice(p, nice); 1529 if (err) 1530 count = err; 1531 1532 put_task_struct(p); 1533 1534 return count; 1535 } 1536 1537 static int sched_autogroup_open(struct inode *inode, struct file *filp) 1538 { 1539 int ret; 1540 1541 ret = single_open(filp, sched_autogroup_show, NULL); 1542 if (!ret) { 1543 struct seq_file *m = filp->private_data; 1544 1545 m->private = inode; 1546 } 1547 return ret; 1548 } 1549 1550 static const struct file_operations proc_pid_sched_autogroup_operations = { 1551 .open = sched_autogroup_open, 1552 .read = seq_read, 1553 .write = sched_autogroup_write, 1554 .llseek = seq_lseek, 1555 .release = single_release, 1556 }; 1557 1558 #endif /* CONFIG_SCHED_AUTOGROUP */ 1559 1560 #ifdef CONFIG_TIME_NS 1561 static int timens_offsets_show(struct seq_file *m, void *v) 1562 { 1563 struct task_struct *p; 1564 1565 p = get_proc_task(file_inode(m->file)); 1566 if (!p) 1567 return -ESRCH; 1568 proc_timens_show_offsets(p, m); 1569 1570 put_task_struct(p); 1571 1572 return 0; 1573 } 1574 1575 static ssize_t timens_offsets_write(struct file *file, const char __user *buf, 1576 size_t count, loff_t *ppos) 1577 { 1578 struct inode *inode = file_inode(file); 1579 struct proc_timens_offset offsets[2]; 1580 char *kbuf = NULL, *pos, *next_line; 1581 struct task_struct *p; 1582 int ret, noffsets; 1583 1584 /* Only allow < page size writes at the beginning of the file */ 1585 if ((*ppos != 0) || (count >= PAGE_SIZE)) 1586 return -EINVAL; 1587 1588 /* Slurp in the user data */ 1589 kbuf = memdup_user_nul(buf, count); 1590 if (IS_ERR(kbuf)) 1591 return PTR_ERR(kbuf); 1592 1593 /* Parse the user data */ 1594 ret = -EINVAL; 1595 noffsets = 0; 1596 for (pos = kbuf; pos; pos = next_line) { 1597 struct proc_timens_offset *off = &offsets[noffsets]; 1598 char clock[10]; 1599 int err; 1600 1601 /* Find the end of line and ensure we don't look past it */ 1602 next_line = strchr(pos, '\n'); 1603 if (next_line) { 1604 *next_line = '\0'; 1605 next_line++; 1606 if (*next_line == '\0') 1607 next_line = NULL; 1608 } 1609 1610 err = sscanf(pos, "%9s %lld %lu", clock, 1611 &off->val.tv_sec, &off->val.tv_nsec); 1612 if (err != 3 || off->val.tv_nsec >= NSEC_PER_SEC) 1613 goto out; 1614 1615 clock[sizeof(clock) - 1] = 0; 1616 if (strcmp(clock, "monotonic") == 0 || 1617 strcmp(clock, __stringify(CLOCK_MONOTONIC)) == 0) 1618 off->clockid = CLOCK_MONOTONIC; 1619 else if (strcmp(clock, "boottime") == 0 || 1620 strcmp(clock, __stringify(CLOCK_BOOTTIME)) == 0) 1621 off->clockid = CLOCK_BOOTTIME; 1622 else 1623 goto out; 1624 1625 noffsets++; 1626 if (noffsets == ARRAY_SIZE(offsets)) { 1627 if (next_line) 1628 count = next_line - kbuf; 1629 break; 1630 } 1631 } 1632 1633 ret = -ESRCH; 1634 p = get_proc_task(inode); 1635 if (!p) 1636 goto out; 1637 ret = proc_timens_set_offset(file, p, offsets, noffsets); 1638 put_task_struct(p); 1639 if (ret) 1640 goto out; 1641 1642 ret = count; 1643 out: 1644 kfree(kbuf); 1645 return ret; 1646 } 1647 1648 static int timens_offsets_open(struct inode *inode, struct file *filp) 1649 { 1650 return single_open(filp, timens_offsets_show, inode); 1651 } 1652 1653 static const struct file_operations proc_timens_offsets_operations = { 1654 .open = timens_offsets_open, 1655 .read = seq_read, 1656 .write = timens_offsets_write, 1657 .llseek = seq_lseek, 1658 .release = single_release, 1659 }; 1660 #endif /* CONFIG_TIME_NS */ 1661 1662 static ssize_t comm_write(struct file *file, const char __user *buf, 1663 size_t count, loff_t *offset) 1664 { 1665 struct inode *inode = file_inode(file); 1666 struct task_struct *p; 1667 char buffer[TASK_COMM_LEN] = {}; 1668 const size_t maxlen = sizeof(buffer) - 1; 1669 1670 if (copy_from_user(buffer, buf, count > maxlen ? maxlen : count)) 1671 return -EFAULT; 1672 1673 p = get_proc_task(inode); 1674 if (!p) 1675 return -ESRCH; 1676 1677 if (same_thread_group(current, p)) { 1678 set_task_comm(p, buffer); 1679 proc_comm_connector(p); 1680 } 1681 else 1682 count = -EINVAL; 1683 1684 put_task_struct(p); 1685 1686 return count; 1687 } 1688 1689 static int comm_show(struct seq_file *m, void *v) 1690 { 1691 struct inode *inode = m->private; 1692 struct task_struct *p; 1693 1694 p = get_proc_task(inode); 1695 if (!p) 1696 return -ESRCH; 1697 1698 proc_task_name(m, p, false); 1699 seq_putc(m, '\n'); 1700 1701 put_task_struct(p); 1702 1703 return 0; 1704 } 1705 1706 static int comm_open(struct inode *inode, struct file *filp) 1707 { 1708 return single_open(filp, comm_show, inode); 1709 } 1710 1711 static const struct file_operations proc_pid_set_comm_operations = { 1712 .open = comm_open, 1713 .read = seq_read, 1714 .write = comm_write, 1715 .llseek = seq_lseek, 1716 .release = single_release, 1717 }; 1718 1719 static int proc_exe_link(struct dentry *dentry, struct path *exe_path) 1720 { 1721 struct task_struct *task; 1722 struct file *exe_file; 1723 1724 task = get_proc_task(d_inode(dentry)); 1725 if (!task) 1726 return -ENOENT; 1727 exe_file = get_task_exe_file(task); 1728 put_task_struct(task); 1729 if (exe_file) { 1730 *exe_path = exe_file->f_path; 1731 path_get(&exe_file->f_path); 1732 fput(exe_file); 1733 return 0; 1734 } else 1735 return -ENOENT; 1736 } 1737 1738 static const char *proc_pid_get_link(struct dentry *dentry, 1739 struct inode *inode, 1740 struct delayed_call *done) 1741 { 1742 struct path path; 1743 int error = -EACCES; 1744 1745 if (!dentry) 1746 return ERR_PTR(-ECHILD); 1747 1748 /* Are we allowed to snoop on the tasks file descriptors? */ 1749 if (!proc_fd_access_allowed(inode)) 1750 goto out; 1751 1752 error = PROC_I(inode)->op.proc_get_link(dentry, &path); 1753 if (error) 1754 goto out; 1755 1756 error = nd_jump_link(&path); 1757 out: 1758 return ERR_PTR(error); 1759 } 1760 1761 static int do_proc_readlink(const struct path *path, char __user *buffer, int buflen) 1762 { 1763 char *tmp = kmalloc(PATH_MAX, GFP_KERNEL); 1764 char *pathname; 1765 int len; 1766 1767 if (!tmp) 1768 return -ENOMEM; 1769 1770 pathname = d_path(path, tmp, PATH_MAX); 1771 len = PTR_ERR(pathname); 1772 if (IS_ERR(pathname)) 1773 goto out; 1774 len = tmp + PATH_MAX - 1 - pathname; 1775 1776 if (len > buflen) 1777 len = buflen; 1778 if (copy_to_user(buffer, pathname, len)) 1779 len = -EFAULT; 1780 out: 1781 kfree(tmp); 1782 return len; 1783 } 1784 1785 static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int buflen) 1786 { 1787 int error = -EACCES; 1788 struct inode *inode = d_inode(dentry); 1789 struct path path; 1790 1791 /* Are we allowed to snoop on the tasks file descriptors? */ 1792 if (!proc_fd_access_allowed(inode)) 1793 goto out; 1794 1795 error = PROC_I(inode)->op.proc_get_link(dentry, &path); 1796 if (error) 1797 goto out; 1798 1799 error = do_proc_readlink(&path, buffer, buflen); 1800 path_put(&path); 1801 out: 1802 return error; 1803 } 1804 1805 const struct inode_operations proc_pid_link_inode_operations = { 1806 .readlink = proc_pid_readlink, 1807 .get_link = proc_pid_get_link, 1808 .setattr = proc_setattr, 1809 }; 1810 1811 1812 /* building an inode */ 1813 1814 void task_dump_owner(struct task_struct *task, umode_t mode, 1815 kuid_t *ruid, kgid_t *rgid) 1816 { 1817 /* Depending on the state of dumpable compute who should own a 1818 * proc file for a task. 1819 */ 1820 const struct cred *cred; 1821 kuid_t uid; 1822 kgid_t gid; 1823 1824 if (unlikely(task->flags & PF_KTHREAD)) { 1825 *ruid = GLOBAL_ROOT_UID; 1826 *rgid = GLOBAL_ROOT_GID; 1827 return; 1828 } 1829 1830 /* Default to the tasks effective ownership */ 1831 rcu_read_lock(); 1832 cred = __task_cred(task); 1833 uid = cred->euid; 1834 gid = cred->egid; 1835 rcu_read_unlock(); 1836 1837 /* 1838 * Before the /proc/pid/status file was created the only way to read 1839 * the effective uid of a /process was to stat /proc/pid. Reading 1840 * /proc/pid/status is slow enough that procps and other packages 1841 * kept stating /proc/pid. To keep the rules in /proc simple I have 1842 * made this apply to all per process world readable and executable 1843 * directories. 1844 */ 1845 if (mode != (S_IFDIR|S_IRUGO|S_IXUGO)) { 1846 struct mm_struct *mm; 1847 task_lock(task); 1848 mm = task->mm; 1849 /* Make non-dumpable tasks owned by some root */ 1850 if (mm) { 1851 if (get_dumpable(mm) != SUID_DUMP_USER) { 1852 struct user_namespace *user_ns = mm->user_ns; 1853 1854 uid = make_kuid(user_ns, 0); 1855 if (!uid_valid(uid)) 1856 uid = GLOBAL_ROOT_UID; 1857 1858 gid = make_kgid(user_ns, 0); 1859 if (!gid_valid(gid)) 1860 gid = GLOBAL_ROOT_GID; 1861 } 1862 } else { 1863 uid = GLOBAL_ROOT_UID; 1864 gid = GLOBAL_ROOT_GID; 1865 } 1866 task_unlock(task); 1867 } 1868 *ruid = uid; 1869 *rgid = gid; 1870 } 1871 1872 void proc_pid_evict_inode(struct proc_inode *ei) 1873 { 1874 struct pid *pid = ei->pid; 1875 1876 if (S_ISDIR(ei->vfs_inode.i_mode)) { 1877 spin_lock(&pid->lock); 1878 hlist_del_init_rcu(&ei->sibling_inodes); 1879 spin_unlock(&pid->lock); 1880 } 1881 } 1882 1883 struct inode *proc_pid_make_inode(struct super_block *sb, 1884 struct task_struct *task, umode_t mode) 1885 { 1886 struct inode * inode; 1887 struct proc_inode *ei; 1888 struct pid *pid; 1889 1890 /* We need a new inode */ 1891 1892 inode = new_inode(sb); 1893 if (!inode) 1894 goto out; 1895 1896 /* Common stuff */ 1897 ei = PROC_I(inode); 1898 inode->i_mode = mode; 1899 inode->i_ino = get_next_ino(); 1900 simple_inode_init_ts(inode); 1901 inode->i_op = &proc_def_inode_operations; 1902 1903 /* 1904 * grab the reference to task. 1905 */ 1906 pid = get_task_pid(task, PIDTYPE_PID); 1907 if (!pid) 1908 goto out_unlock; 1909 1910 /* Let the pid remember us for quick removal */ 1911 ei->pid = pid; 1912 1913 task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid); 1914 security_task_to_inode(task, inode); 1915 1916 out: 1917 return inode; 1918 1919 out_unlock: 1920 iput(inode); 1921 return NULL; 1922 } 1923 1924 /* 1925 * Generating an inode and adding it into @pid->inodes, so that task will 1926 * invalidate inode's dentry before being released. 1927 * 1928 * This helper is used for creating dir-type entries under '/proc' and 1929 * '/proc/<tgid>/task'. Other entries(eg. fd, stat) under '/proc/<tgid>' 1930 * can be released by invalidating '/proc/<tgid>' dentry. 1931 * In theory, dentries under '/proc/<tgid>/task' can also be released by 1932 * invalidating '/proc/<tgid>' dentry, we reserve it to handle single 1933 * thread exiting situation: Any one of threads should invalidate its 1934 * '/proc/<tgid>/task/<pid>' dentry before released. 1935 */ 1936 static struct inode *proc_pid_make_base_inode(struct super_block *sb, 1937 struct task_struct *task, umode_t mode) 1938 { 1939 struct inode *inode; 1940 struct proc_inode *ei; 1941 struct pid *pid; 1942 1943 inode = proc_pid_make_inode(sb, task, mode); 1944 if (!inode) 1945 return NULL; 1946 1947 /* Let proc_flush_pid find this directory inode */ 1948 ei = PROC_I(inode); 1949 pid = ei->pid; 1950 spin_lock(&pid->lock); 1951 hlist_add_head_rcu(&ei->sibling_inodes, &pid->inodes); 1952 spin_unlock(&pid->lock); 1953 1954 return inode; 1955 } 1956 1957 int pid_getattr(struct mnt_idmap *idmap, const struct path *path, 1958 struct kstat *stat, u32 request_mask, unsigned int query_flags) 1959 { 1960 struct inode *inode = d_inode(path->dentry); 1961 struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb); 1962 struct task_struct *task; 1963 1964 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 1965 1966 stat->uid = GLOBAL_ROOT_UID; 1967 stat->gid = GLOBAL_ROOT_GID; 1968 rcu_read_lock(); 1969 task = pid_task(proc_pid(inode), PIDTYPE_PID); 1970 if (task) { 1971 if (!has_pid_permissions(fs_info, task, HIDEPID_INVISIBLE)) { 1972 rcu_read_unlock(); 1973 /* 1974 * This doesn't prevent learning whether PID exists, 1975 * it only makes getattr() consistent with readdir(). 1976 */ 1977 return -ENOENT; 1978 } 1979 task_dump_owner(task, inode->i_mode, &stat->uid, &stat->gid); 1980 } 1981 rcu_read_unlock(); 1982 return 0; 1983 } 1984 1985 /* dentry stuff */ 1986 1987 /* 1988 * Set <pid>/... inode ownership (can change due to setuid(), etc.) 1989 */ 1990 void pid_update_inode(struct task_struct *task, struct inode *inode) 1991 { 1992 task_dump_owner(task, inode->i_mode, &inode->i_uid, &inode->i_gid); 1993 1994 inode->i_mode &= ~(S_ISUID | S_ISGID); 1995 security_task_to_inode(task, inode); 1996 } 1997 1998 /* 1999 * Rewrite the inode's ownerships here because the owning task may have 2000 * performed a setuid(), etc. 2001 * 2002 */ 2003 static int pid_revalidate(struct dentry *dentry, unsigned int flags) 2004 { 2005 struct inode *inode; 2006 struct task_struct *task; 2007 int ret = 0; 2008 2009 rcu_read_lock(); 2010 inode = d_inode_rcu(dentry); 2011 if (!inode) 2012 goto out; 2013 task = pid_task(proc_pid(inode), PIDTYPE_PID); 2014 2015 if (task) { 2016 pid_update_inode(task, inode); 2017 ret = 1; 2018 } 2019 out: 2020 rcu_read_unlock(); 2021 return ret; 2022 } 2023 2024 static inline bool proc_inode_is_dead(struct inode *inode) 2025 { 2026 return !proc_pid(inode)->tasks[PIDTYPE_PID].first; 2027 } 2028 2029 int pid_delete_dentry(const struct dentry *dentry) 2030 { 2031 /* Is the task we represent dead? 2032 * If so, then don't put the dentry on the lru list, 2033 * kill it immediately. 2034 */ 2035 return proc_inode_is_dead(d_inode(dentry)); 2036 } 2037 2038 const struct dentry_operations pid_dentry_operations = 2039 { 2040 .d_revalidate = pid_revalidate, 2041 .d_delete = pid_delete_dentry, 2042 }; 2043 2044 /* Lookups */ 2045 2046 /* 2047 * Fill a directory entry. 2048 * 2049 * If possible create the dcache entry and derive our inode number and 2050 * file type from dcache entry. 2051 * 2052 * Since all of the proc inode numbers are dynamically generated, the inode 2053 * numbers do not exist until the inode is cache. This means creating 2054 * the dcache entry in readdir is necessary to keep the inode numbers 2055 * reported by readdir in sync with the inode numbers reported 2056 * by stat. 2057 */ 2058 bool proc_fill_cache(struct file *file, struct dir_context *ctx, 2059 const char *name, unsigned int len, 2060 instantiate_t instantiate, struct task_struct *task, const void *ptr) 2061 { 2062 struct dentry *child, *dir = file->f_path.dentry; 2063 struct qstr qname = QSTR_INIT(name, len); 2064 struct inode *inode; 2065 unsigned type = DT_UNKNOWN; 2066 ino_t ino = 1; 2067 2068 child = d_hash_and_lookup(dir, &qname); 2069 if (!child) { 2070 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq); 2071 child = d_alloc_parallel(dir, &qname, &wq); 2072 if (IS_ERR(child)) 2073 goto end_instantiate; 2074 if (d_in_lookup(child)) { 2075 struct dentry *res; 2076 res = instantiate(child, task, ptr); 2077 d_lookup_done(child); 2078 if (unlikely(res)) { 2079 dput(child); 2080 child = res; 2081 if (IS_ERR(child)) 2082 goto end_instantiate; 2083 } 2084 } 2085 } 2086 inode = d_inode(child); 2087 ino = inode->i_ino; 2088 type = inode->i_mode >> 12; 2089 dput(child); 2090 end_instantiate: 2091 return dir_emit(ctx, name, len, ino, type); 2092 } 2093 2094 /* 2095 * dname_to_vma_addr - maps a dentry name into two unsigned longs 2096 * which represent vma start and end addresses. 2097 */ 2098 static int dname_to_vma_addr(struct dentry *dentry, 2099 unsigned long *start, unsigned long *end) 2100 { 2101 const char *str = dentry->d_name.name; 2102 unsigned long long sval, eval; 2103 unsigned int len; 2104 2105 if (str[0] == '0' && str[1] != '-') 2106 return -EINVAL; 2107 len = _parse_integer(str, 16, &sval); 2108 if (len & KSTRTOX_OVERFLOW) 2109 return -EINVAL; 2110 if (sval != (unsigned long)sval) 2111 return -EINVAL; 2112 str += len; 2113 2114 if (*str != '-') 2115 return -EINVAL; 2116 str++; 2117 2118 if (str[0] == '0' && str[1]) 2119 return -EINVAL; 2120 len = _parse_integer(str, 16, &eval); 2121 if (len & KSTRTOX_OVERFLOW) 2122 return -EINVAL; 2123 if (eval != (unsigned long)eval) 2124 return -EINVAL; 2125 str += len; 2126 2127 if (*str != '\0') 2128 return -EINVAL; 2129 2130 *start = sval; 2131 *end = eval; 2132 2133 return 0; 2134 } 2135 2136 static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags) 2137 { 2138 unsigned long vm_start, vm_end; 2139 bool exact_vma_exists = false; 2140 struct mm_struct *mm = NULL; 2141 struct task_struct *task; 2142 struct inode *inode; 2143 int status = 0; 2144 2145 if (flags & LOOKUP_RCU) 2146 return -ECHILD; 2147 2148 inode = d_inode(dentry); 2149 task = get_proc_task(inode); 2150 if (!task) 2151 goto out_notask; 2152 2153 mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); 2154 if (IS_ERR_OR_NULL(mm)) 2155 goto out; 2156 2157 if (!dname_to_vma_addr(dentry, &vm_start, &vm_end)) { 2158 status = mmap_read_lock_killable(mm); 2159 if (!status) { 2160 exact_vma_exists = !!find_exact_vma(mm, vm_start, 2161 vm_end); 2162 mmap_read_unlock(mm); 2163 } 2164 } 2165 2166 mmput(mm); 2167 2168 if (exact_vma_exists) { 2169 task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid); 2170 2171 security_task_to_inode(task, inode); 2172 status = 1; 2173 } 2174 2175 out: 2176 put_task_struct(task); 2177 2178 out_notask: 2179 return status; 2180 } 2181 2182 static const struct dentry_operations tid_map_files_dentry_operations = { 2183 .d_revalidate = map_files_d_revalidate, 2184 .d_delete = pid_delete_dentry, 2185 }; 2186 2187 static int map_files_get_link(struct dentry *dentry, struct path *path) 2188 { 2189 unsigned long vm_start, vm_end; 2190 struct vm_area_struct *vma; 2191 struct task_struct *task; 2192 struct mm_struct *mm; 2193 int rc; 2194 2195 rc = -ENOENT; 2196 task = get_proc_task(d_inode(dentry)); 2197 if (!task) 2198 goto out; 2199 2200 mm = get_task_mm(task); 2201 put_task_struct(task); 2202 if (!mm) 2203 goto out; 2204 2205 rc = dname_to_vma_addr(dentry, &vm_start, &vm_end); 2206 if (rc) 2207 goto out_mmput; 2208 2209 rc = mmap_read_lock_killable(mm); 2210 if (rc) 2211 goto out_mmput; 2212 2213 rc = -ENOENT; 2214 vma = find_exact_vma(mm, vm_start, vm_end); 2215 if (vma && vma->vm_file) { 2216 *path = *file_user_path(vma->vm_file); 2217 path_get(path); 2218 rc = 0; 2219 } 2220 mmap_read_unlock(mm); 2221 2222 out_mmput: 2223 mmput(mm); 2224 out: 2225 return rc; 2226 } 2227 2228 struct map_files_info { 2229 unsigned long start; 2230 unsigned long end; 2231 fmode_t mode; 2232 }; 2233 2234 /* 2235 * Only allow CAP_SYS_ADMIN and CAP_CHECKPOINT_RESTORE to follow the links, due 2236 * to concerns about how the symlinks may be used to bypass permissions on 2237 * ancestor directories in the path to the file in question. 2238 */ 2239 static const char * 2240 proc_map_files_get_link(struct dentry *dentry, 2241 struct inode *inode, 2242 struct delayed_call *done) 2243 { 2244 if (!checkpoint_restore_ns_capable(&init_user_ns)) 2245 return ERR_PTR(-EPERM); 2246 2247 return proc_pid_get_link(dentry, inode, done); 2248 } 2249 2250 /* 2251 * Identical to proc_pid_link_inode_operations except for get_link() 2252 */ 2253 static const struct inode_operations proc_map_files_link_inode_operations = { 2254 .readlink = proc_pid_readlink, 2255 .get_link = proc_map_files_get_link, 2256 .setattr = proc_setattr, 2257 }; 2258 2259 static struct dentry * 2260 proc_map_files_instantiate(struct dentry *dentry, 2261 struct task_struct *task, const void *ptr) 2262 { 2263 fmode_t mode = (fmode_t)(unsigned long)ptr; 2264 struct proc_inode *ei; 2265 struct inode *inode; 2266 2267 inode = proc_pid_make_inode(dentry->d_sb, task, S_IFLNK | 2268 ((mode & FMODE_READ ) ? S_IRUSR : 0) | 2269 ((mode & FMODE_WRITE) ? S_IWUSR : 0)); 2270 if (!inode) 2271 return ERR_PTR(-ENOENT); 2272 2273 ei = PROC_I(inode); 2274 ei->op.proc_get_link = map_files_get_link; 2275 2276 inode->i_op = &proc_map_files_link_inode_operations; 2277 inode->i_size = 64; 2278 2279 d_set_d_op(dentry, &tid_map_files_dentry_operations); 2280 return d_splice_alias(inode, dentry); 2281 } 2282 2283 static struct dentry *proc_map_files_lookup(struct inode *dir, 2284 struct dentry *dentry, unsigned int flags) 2285 { 2286 unsigned long vm_start, vm_end; 2287 struct vm_area_struct *vma; 2288 struct task_struct *task; 2289 struct dentry *result; 2290 struct mm_struct *mm; 2291 2292 result = ERR_PTR(-ENOENT); 2293 task = get_proc_task(dir); 2294 if (!task) 2295 goto out; 2296 2297 result = ERR_PTR(-EACCES); 2298 if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) 2299 goto out_put_task; 2300 2301 result = ERR_PTR(-ENOENT); 2302 if (dname_to_vma_addr(dentry, &vm_start, &vm_end)) 2303 goto out_put_task; 2304 2305 mm = get_task_mm(task); 2306 if (!mm) 2307 goto out_put_task; 2308 2309 result = ERR_PTR(-EINTR); 2310 if (mmap_read_lock_killable(mm)) 2311 goto out_put_mm; 2312 2313 result = ERR_PTR(-ENOENT); 2314 vma = find_exact_vma(mm, vm_start, vm_end); 2315 if (!vma) 2316 goto out_no_vma; 2317 2318 if (vma->vm_file) 2319 result = proc_map_files_instantiate(dentry, task, 2320 (void *)(unsigned long)vma->vm_file->f_mode); 2321 2322 out_no_vma: 2323 mmap_read_unlock(mm); 2324 out_put_mm: 2325 mmput(mm); 2326 out_put_task: 2327 put_task_struct(task); 2328 out: 2329 return result; 2330 } 2331 2332 static const struct inode_operations proc_map_files_inode_operations = { 2333 .lookup = proc_map_files_lookup, 2334 .permission = proc_fd_permission, 2335 .setattr = proc_setattr, 2336 }; 2337 2338 static int 2339 proc_map_files_readdir(struct file *file, struct dir_context *ctx) 2340 { 2341 struct vm_area_struct *vma; 2342 struct task_struct *task; 2343 struct mm_struct *mm; 2344 unsigned long nr_files, pos, i; 2345 GENRADIX(struct map_files_info) fa; 2346 struct map_files_info *p; 2347 int ret; 2348 struct vma_iterator vmi; 2349 2350 genradix_init(&fa); 2351 2352 ret = -ENOENT; 2353 task = get_proc_task(file_inode(file)); 2354 if (!task) 2355 goto out; 2356 2357 ret = -EACCES; 2358 if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) 2359 goto out_put_task; 2360 2361 ret = 0; 2362 if (!dir_emit_dots(file, ctx)) 2363 goto out_put_task; 2364 2365 mm = get_task_mm(task); 2366 if (!mm) 2367 goto out_put_task; 2368 2369 ret = mmap_read_lock_killable(mm); 2370 if (ret) { 2371 mmput(mm); 2372 goto out_put_task; 2373 } 2374 2375 nr_files = 0; 2376 2377 /* 2378 * We need two passes here: 2379 * 2380 * 1) Collect vmas of mapped files with mmap_lock taken 2381 * 2) Release mmap_lock and instantiate entries 2382 * 2383 * otherwise we get lockdep complained, since filldir() 2384 * routine might require mmap_lock taken in might_fault(). 2385 */ 2386 2387 pos = 2; 2388 vma_iter_init(&vmi, mm, 0); 2389 for_each_vma(vmi, vma) { 2390 if (!vma->vm_file) 2391 continue; 2392 if (++pos <= ctx->pos) 2393 continue; 2394 2395 p = genradix_ptr_alloc(&fa, nr_files++, GFP_KERNEL); 2396 if (!p) { 2397 ret = -ENOMEM; 2398 mmap_read_unlock(mm); 2399 mmput(mm); 2400 goto out_put_task; 2401 } 2402 2403 p->start = vma->vm_start; 2404 p->end = vma->vm_end; 2405 p->mode = vma->vm_file->f_mode; 2406 } 2407 mmap_read_unlock(mm); 2408 mmput(mm); 2409 2410 for (i = 0; i < nr_files; i++) { 2411 char buf[4 * sizeof(long) + 2]; /* max: %lx-%lx\0 */ 2412 unsigned int len; 2413 2414 p = genradix_ptr(&fa, i); 2415 len = snprintf(buf, sizeof(buf), "%lx-%lx", p->start, p->end); 2416 if (!proc_fill_cache(file, ctx, 2417 buf, len, 2418 proc_map_files_instantiate, 2419 task, 2420 (void *)(unsigned long)p->mode)) 2421 break; 2422 ctx->pos++; 2423 } 2424 2425 out_put_task: 2426 put_task_struct(task); 2427 out: 2428 genradix_free(&fa); 2429 return ret; 2430 } 2431 2432 static const struct file_operations proc_map_files_operations = { 2433 .read = generic_read_dir, 2434 .iterate_shared = proc_map_files_readdir, 2435 .llseek = generic_file_llseek, 2436 }; 2437 2438 #if defined(CONFIG_CHECKPOINT_RESTORE) && defined(CONFIG_POSIX_TIMERS) 2439 struct timers_private { 2440 struct pid *pid; 2441 struct task_struct *task; 2442 struct sighand_struct *sighand; 2443 struct pid_namespace *ns; 2444 unsigned long flags; 2445 }; 2446 2447 static void *timers_start(struct seq_file *m, loff_t *pos) 2448 { 2449 struct timers_private *tp = m->private; 2450 2451 tp->task = get_pid_task(tp->pid, PIDTYPE_PID); 2452 if (!tp->task) 2453 return ERR_PTR(-ESRCH); 2454 2455 tp->sighand = lock_task_sighand(tp->task, &tp->flags); 2456 if (!tp->sighand) 2457 return ERR_PTR(-ESRCH); 2458 2459 return seq_list_start(&tp->task->signal->posix_timers, *pos); 2460 } 2461 2462 static void *timers_next(struct seq_file *m, void *v, loff_t *pos) 2463 { 2464 struct timers_private *tp = m->private; 2465 return seq_list_next(v, &tp->task->signal->posix_timers, pos); 2466 } 2467 2468 static void timers_stop(struct seq_file *m, void *v) 2469 { 2470 struct timers_private *tp = m->private; 2471 2472 if (tp->sighand) { 2473 unlock_task_sighand(tp->task, &tp->flags); 2474 tp->sighand = NULL; 2475 } 2476 2477 if (tp->task) { 2478 put_task_struct(tp->task); 2479 tp->task = NULL; 2480 } 2481 } 2482 2483 static int show_timer(struct seq_file *m, void *v) 2484 { 2485 struct k_itimer *timer; 2486 struct timers_private *tp = m->private; 2487 int notify; 2488 static const char * const nstr[] = { 2489 [SIGEV_SIGNAL] = "signal", 2490 [SIGEV_NONE] = "none", 2491 [SIGEV_THREAD] = "thread", 2492 }; 2493 2494 timer = list_entry((struct list_head *)v, struct k_itimer, list); 2495 notify = timer->it_sigev_notify; 2496 2497 seq_printf(m, "ID: %d\n", timer->it_id); 2498 seq_printf(m, "signal: %d/%px\n", 2499 timer->sigq->info.si_signo, 2500 timer->sigq->info.si_value.sival_ptr); 2501 seq_printf(m, "notify: %s/%s.%d\n", 2502 nstr[notify & ~SIGEV_THREAD_ID], 2503 (notify & SIGEV_THREAD_ID) ? "tid" : "pid", 2504 pid_nr_ns(timer->it_pid, tp->ns)); 2505 seq_printf(m, "ClockID: %d\n", timer->it_clock); 2506 2507 return 0; 2508 } 2509 2510 static const struct seq_operations proc_timers_seq_ops = { 2511 .start = timers_start, 2512 .next = timers_next, 2513 .stop = timers_stop, 2514 .show = show_timer, 2515 }; 2516 2517 static int proc_timers_open(struct inode *inode, struct file *file) 2518 { 2519 struct timers_private *tp; 2520 2521 tp = __seq_open_private(file, &proc_timers_seq_ops, 2522 sizeof(struct timers_private)); 2523 if (!tp) 2524 return -ENOMEM; 2525 2526 tp->pid = proc_pid(inode); 2527 tp->ns = proc_pid_ns(inode->i_sb); 2528 return 0; 2529 } 2530 2531 static const struct file_operations proc_timers_operations = { 2532 .open = proc_timers_open, 2533 .read = seq_read, 2534 .llseek = seq_lseek, 2535 .release = seq_release_private, 2536 }; 2537 #endif 2538 2539 static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, 2540 size_t count, loff_t *offset) 2541 { 2542 struct inode *inode = file_inode(file); 2543 struct task_struct *p; 2544 u64 slack_ns; 2545 int err; 2546 2547 err = kstrtoull_from_user(buf, count, 10, &slack_ns); 2548 if (err < 0) 2549 return err; 2550 2551 p = get_proc_task(inode); 2552 if (!p) 2553 return -ESRCH; 2554 2555 if (p != current) { 2556 rcu_read_lock(); 2557 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { 2558 rcu_read_unlock(); 2559 count = -EPERM; 2560 goto out; 2561 } 2562 rcu_read_unlock(); 2563 2564 err = security_task_setscheduler(p); 2565 if (err) { 2566 count = err; 2567 goto out; 2568 } 2569 } 2570 2571 task_lock(p); 2572 if (slack_ns == 0) 2573 p->timer_slack_ns = p->default_timer_slack_ns; 2574 else 2575 p->timer_slack_ns = slack_ns; 2576 task_unlock(p); 2577 2578 out: 2579 put_task_struct(p); 2580 2581 return count; 2582 } 2583 2584 static int timerslack_ns_show(struct seq_file *m, void *v) 2585 { 2586 struct inode *inode = m->private; 2587 struct task_struct *p; 2588 int err = 0; 2589 2590 p = get_proc_task(inode); 2591 if (!p) 2592 return -ESRCH; 2593 2594 if (p != current) { 2595 rcu_read_lock(); 2596 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { 2597 rcu_read_unlock(); 2598 err = -EPERM; 2599 goto out; 2600 } 2601 rcu_read_unlock(); 2602 2603 err = security_task_getscheduler(p); 2604 if (err) 2605 goto out; 2606 } 2607 2608 task_lock(p); 2609 seq_printf(m, "%llu\n", p->timer_slack_ns); 2610 task_unlock(p); 2611 2612 out: 2613 put_task_struct(p); 2614 2615 return err; 2616 } 2617 2618 static int timerslack_ns_open(struct inode *inode, struct file *filp) 2619 { 2620 return single_open(filp, timerslack_ns_show, inode); 2621 } 2622 2623 static const struct file_operations proc_pid_set_timerslack_ns_operations = { 2624 .open = timerslack_ns_open, 2625 .read = seq_read, 2626 .write = timerslack_ns_write, 2627 .llseek = seq_lseek, 2628 .release = single_release, 2629 }; 2630 2631 static struct dentry *proc_pident_instantiate(struct dentry *dentry, 2632 struct task_struct *task, const void *ptr) 2633 { 2634 const struct pid_entry *p = ptr; 2635 struct inode *inode; 2636 struct proc_inode *ei; 2637 2638 inode = proc_pid_make_inode(dentry->d_sb, task, p->mode); 2639 if (!inode) 2640 return ERR_PTR(-ENOENT); 2641 2642 ei = PROC_I(inode); 2643 if (S_ISDIR(inode->i_mode)) 2644 set_nlink(inode, 2); /* Use getattr to fix if necessary */ 2645 if (p->iop) 2646 inode->i_op = p->iop; 2647 if (p->fop) 2648 inode->i_fop = p->fop; 2649 ei->op = p->op; 2650 pid_update_inode(task, inode); 2651 d_set_d_op(dentry, &pid_dentry_operations); 2652 return d_splice_alias(inode, dentry); 2653 } 2654 2655 static struct dentry *proc_pident_lookup(struct inode *dir, 2656 struct dentry *dentry, 2657 const struct pid_entry *p, 2658 const struct pid_entry *end) 2659 { 2660 struct task_struct *task = get_proc_task(dir); 2661 struct dentry *res = ERR_PTR(-ENOENT); 2662 2663 if (!task) 2664 goto out_no_task; 2665 2666 /* 2667 * Yes, it does not scale. And it should not. Don't add 2668 * new entries into /proc/<tgid>/ without very good reasons. 2669 */ 2670 for (; p < end; p++) { 2671 if (p->len != dentry->d_name.len) 2672 continue; 2673 if (!memcmp(dentry->d_name.name, p->name, p->len)) { 2674 res = proc_pident_instantiate(dentry, task, p); 2675 break; 2676 } 2677 } 2678 put_task_struct(task); 2679 out_no_task: 2680 return res; 2681 } 2682 2683 static int proc_pident_readdir(struct file *file, struct dir_context *ctx, 2684 const struct pid_entry *ents, unsigned int nents) 2685 { 2686 struct task_struct *task = get_proc_task(file_inode(file)); 2687 const struct pid_entry *p; 2688 2689 if (!task) 2690 return -ENOENT; 2691 2692 if (!dir_emit_dots(file, ctx)) 2693 goto out; 2694 2695 if (ctx->pos >= nents + 2) 2696 goto out; 2697 2698 for (p = ents + (ctx->pos - 2); p < ents + nents; p++) { 2699 if (!proc_fill_cache(file, ctx, p->name, p->len, 2700 proc_pident_instantiate, task, p)) 2701 break; 2702 ctx->pos++; 2703 } 2704 out: 2705 put_task_struct(task); 2706 return 0; 2707 } 2708 2709 #ifdef CONFIG_SECURITY 2710 static int proc_pid_attr_open(struct inode *inode, struct file *file) 2711 { 2712 file->private_data = NULL; 2713 __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS); 2714 return 0; 2715 } 2716 2717 static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, 2718 size_t count, loff_t *ppos) 2719 { 2720 struct inode * inode = file_inode(file); 2721 char *p = NULL; 2722 ssize_t length; 2723 struct task_struct *task = get_proc_task(inode); 2724 2725 if (!task) 2726 return -ESRCH; 2727 2728 length = security_getprocattr(task, PROC_I(inode)->op.lsmid, 2729 file->f_path.dentry->d_name.name, 2730 &p); 2731 put_task_struct(task); 2732 if (length > 0) 2733 length = simple_read_from_buffer(buf, count, ppos, p, length); 2734 kfree(p); 2735 return length; 2736 } 2737 2738 static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, 2739 size_t count, loff_t *ppos) 2740 { 2741 struct inode * inode = file_inode(file); 2742 struct task_struct *task; 2743 void *page; 2744 int rv; 2745 2746 /* A task may only write when it was the opener. */ 2747 if (file->private_data != current->mm) 2748 return -EPERM; 2749 2750 rcu_read_lock(); 2751 task = pid_task(proc_pid(inode), PIDTYPE_PID); 2752 if (!task) { 2753 rcu_read_unlock(); 2754 return -ESRCH; 2755 } 2756 /* A task may only write its own attributes. */ 2757 if (current != task) { 2758 rcu_read_unlock(); 2759 return -EACCES; 2760 } 2761 /* Prevent changes to overridden credentials. */ 2762 if (current_cred() != current_real_cred()) { 2763 rcu_read_unlock(); 2764 return -EBUSY; 2765 } 2766 rcu_read_unlock(); 2767 2768 if (count > PAGE_SIZE) 2769 count = PAGE_SIZE; 2770 2771 /* No partial writes. */ 2772 if (*ppos != 0) 2773 return -EINVAL; 2774 2775 page = memdup_user(buf, count); 2776 if (IS_ERR(page)) { 2777 rv = PTR_ERR(page); 2778 goto out; 2779 } 2780 2781 /* Guard against adverse ptrace interaction */ 2782 rv = mutex_lock_interruptible(¤t->signal->cred_guard_mutex); 2783 if (rv < 0) 2784 goto out_free; 2785 2786 rv = security_setprocattr(PROC_I(inode)->op.lsmid, 2787 file->f_path.dentry->d_name.name, page, 2788 count); 2789 mutex_unlock(¤t->signal->cred_guard_mutex); 2790 out_free: 2791 kfree(page); 2792 out: 2793 return rv; 2794 } 2795 2796 static const struct file_operations proc_pid_attr_operations = { 2797 .open = proc_pid_attr_open, 2798 .read = proc_pid_attr_read, 2799 .write = proc_pid_attr_write, 2800 .llseek = generic_file_llseek, 2801 .release = mem_release, 2802 }; 2803 2804 #define LSM_DIR_OPS(LSM) \ 2805 static int proc_##LSM##_attr_dir_iterate(struct file *filp, \ 2806 struct dir_context *ctx) \ 2807 { \ 2808 return proc_pident_readdir(filp, ctx, \ 2809 LSM##_attr_dir_stuff, \ 2810 ARRAY_SIZE(LSM##_attr_dir_stuff)); \ 2811 } \ 2812 \ 2813 static const struct file_operations proc_##LSM##_attr_dir_ops = { \ 2814 .read = generic_read_dir, \ 2815 .iterate_shared = proc_##LSM##_attr_dir_iterate, \ 2816 .llseek = default_llseek, \ 2817 }; \ 2818 \ 2819 static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \ 2820 struct dentry *dentry, unsigned int flags) \ 2821 { \ 2822 return proc_pident_lookup(dir, dentry, \ 2823 LSM##_attr_dir_stuff, \ 2824 LSM##_attr_dir_stuff + ARRAY_SIZE(LSM##_attr_dir_stuff)); \ 2825 } \ 2826 \ 2827 static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ 2828 .lookup = proc_##LSM##_attr_dir_lookup, \ 2829 .getattr = pid_getattr, \ 2830 .setattr = proc_setattr, \ 2831 } 2832 2833 #ifdef CONFIG_SECURITY_SMACK 2834 static const struct pid_entry smack_attr_dir_stuff[] = { 2835 ATTR(LSM_ID_SMACK, "current", 0666), 2836 }; 2837 LSM_DIR_OPS(smack); 2838 #endif 2839 2840 #ifdef CONFIG_SECURITY_APPARMOR 2841 static const struct pid_entry apparmor_attr_dir_stuff[] = { 2842 ATTR(LSM_ID_APPARMOR, "current", 0666), 2843 ATTR(LSM_ID_APPARMOR, "prev", 0444), 2844 ATTR(LSM_ID_APPARMOR, "exec", 0666), 2845 }; 2846 LSM_DIR_OPS(apparmor); 2847 #endif 2848 2849 static const struct pid_entry attr_dir_stuff[] = { 2850 ATTR(LSM_ID_UNDEF, "current", 0666), 2851 ATTR(LSM_ID_UNDEF, "prev", 0444), 2852 ATTR(LSM_ID_UNDEF, "exec", 0666), 2853 ATTR(LSM_ID_UNDEF, "fscreate", 0666), 2854 ATTR(LSM_ID_UNDEF, "keycreate", 0666), 2855 ATTR(LSM_ID_UNDEF, "sockcreate", 0666), 2856 #ifdef CONFIG_SECURITY_SMACK 2857 DIR("smack", 0555, 2858 proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), 2859 #endif 2860 #ifdef CONFIG_SECURITY_APPARMOR 2861 DIR("apparmor", 0555, 2862 proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops), 2863 #endif 2864 }; 2865 2866 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx) 2867 { 2868 return proc_pident_readdir(file, ctx, 2869 attr_dir_stuff, ARRAY_SIZE(attr_dir_stuff)); 2870 } 2871 2872 static const struct file_operations proc_attr_dir_operations = { 2873 .read = generic_read_dir, 2874 .iterate_shared = proc_attr_dir_readdir, 2875 .llseek = generic_file_llseek, 2876 }; 2877 2878 static struct dentry *proc_attr_dir_lookup(struct inode *dir, 2879 struct dentry *dentry, unsigned int flags) 2880 { 2881 return proc_pident_lookup(dir, dentry, 2882 attr_dir_stuff, 2883 attr_dir_stuff + ARRAY_SIZE(attr_dir_stuff)); 2884 } 2885 2886 static const struct inode_operations proc_attr_dir_inode_operations = { 2887 .lookup = proc_attr_dir_lookup, 2888 .getattr = pid_getattr, 2889 .setattr = proc_setattr, 2890 }; 2891 2892 #endif 2893 2894 #ifdef CONFIG_ELF_CORE 2895 static ssize_t proc_coredump_filter_read(struct file *file, char __user *buf, 2896 size_t count, loff_t *ppos) 2897 { 2898 struct task_struct *task = get_proc_task(file_inode(file)); 2899 struct mm_struct *mm; 2900 char buffer[PROC_NUMBUF]; 2901 size_t len; 2902 int ret; 2903 2904 if (!task) 2905 return -ESRCH; 2906 2907 ret = 0; 2908 mm = get_task_mm(task); 2909 if (mm) { 2910 len = snprintf(buffer, sizeof(buffer), "%08lx\n", 2911 ((mm->flags & MMF_DUMP_FILTER_MASK) >> 2912 MMF_DUMP_FILTER_SHIFT)); 2913 mmput(mm); 2914 ret = simple_read_from_buffer(buf, count, ppos, buffer, len); 2915 } 2916 2917 put_task_struct(task); 2918 2919 return ret; 2920 } 2921 2922 static ssize_t proc_coredump_filter_write(struct file *file, 2923 const char __user *buf, 2924 size_t count, 2925 loff_t *ppos) 2926 { 2927 struct task_struct *task; 2928 struct mm_struct *mm; 2929 unsigned int val; 2930 int ret; 2931 int i; 2932 unsigned long mask; 2933 2934 ret = kstrtouint_from_user(buf, count, 0, &val); 2935 if (ret < 0) 2936 return ret; 2937 2938 ret = -ESRCH; 2939 task = get_proc_task(file_inode(file)); 2940 if (!task) 2941 goto out_no_task; 2942 2943 mm = get_task_mm(task); 2944 if (!mm) 2945 goto out_no_mm; 2946 ret = 0; 2947 2948 for (i = 0, mask = 1; i < MMF_DUMP_FILTER_BITS; i++, mask <<= 1) { 2949 if (val & mask) 2950 set_bit(i + MMF_DUMP_FILTER_SHIFT, &mm->flags); 2951 else 2952 clear_bit(i + MMF_DUMP_FILTER_SHIFT, &mm->flags); 2953 } 2954 2955 mmput(mm); 2956 out_no_mm: 2957 put_task_struct(task); 2958 out_no_task: 2959 if (ret < 0) 2960 return ret; 2961 return count; 2962 } 2963 2964 static const struct file_operations proc_coredump_filter_operations = { 2965 .read = proc_coredump_filter_read, 2966 .write = proc_coredump_filter_write, 2967 .llseek = generic_file_llseek, 2968 }; 2969 #endif 2970 2971 #ifdef CONFIG_TASK_IO_ACCOUNTING 2972 static int do_io_accounting(struct task_struct *task, struct seq_file *m, int whole) 2973 { 2974 struct task_io_accounting acct; 2975 int result; 2976 2977 result = down_read_killable(&task->signal->exec_update_lock); 2978 if (result) 2979 return result; 2980 2981 if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { 2982 result = -EACCES; 2983 goto out_unlock; 2984 } 2985 2986 if (whole) { 2987 struct signal_struct *sig = task->signal; 2988 struct task_struct *t; 2989 unsigned int seq = 1; 2990 unsigned long flags; 2991 2992 rcu_read_lock(); 2993 do { 2994 seq++; /* 2 on the 1st/lockless path, otherwise odd */ 2995 flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); 2996 2997 acct = sig->ioac; 2998 __for_each_thread(sig, t) 2999 task_io_accounting_add(&acct, &t->ioac); 3000 3001 } while (need_seqretry(&sig->stats_lock, seq)); 3002 done_seqretry_irqrestore(&sig->stats_lock, seq, flags); 3003 rcu_read_unlock(); 3004 } else { 3005 acct = task->ioac; 3006 } 3007 3008 seq_printf(m, 3009 "rchar: %llu\n" 3010 "wchar: %llu\n" 3011 "syscr: %llu\n" 3012 "syscw: %llu\n" 3013 "read_bytes: %llu\n" 3014 "write_bytes: %llu\n" 3015 "cancelled_write_bytes: %llu\n", 3016 (unsigned long long)acct.rchar, 3017 (unsigned long long)acct.wchar, 3018 (unsigned long long)acct.syscr, 3019 (unsigned long long)acct.syscw, 3020 (unsigned long long)acct.read_bytes, 3021 (unsigned long long)acct.write_bytes, 3022 (unsigned long long)acct.cancelled_write_bytes); 3023 result = 0; 3024 3025 out_unlock: 3026 up_read(&task->signal->exec_update_lock); 3027 return result; 3028 } 3029 3030 static int proc_tid_io_accounting(struct seq_file *m, struct pid_namespace *ns, 3031 struct pid *pid, struct task_struct *task) 3032 { 3033 return do_io_accounting(task, m, 0); 3034 } 3035 3036 static int proc_tgid_io_accounting(struct seq_file *m, struct pid_namespace *ns, 3037 struct pid *pid, struct task_struct *task) 3038 { 3039 return do_io_accounting(task, m, 1); 3040 } 3041 #endif /* CONFIG_TASK_IO_ACCOUNTING */ 3042 3043 #ifdef CONFIG_USER_NS 3044 static int proc_id_map_open(struct inode *inode, struct file *file, 3045 const struct seq_operations *seq_ops) 3046 { 3047 struct user_namespace *ns = NULL; 3048 struct task_struct *task; 3049 struct seq_file *seq; 3050 int ret = -EINVAL; 3051 3052 task = get_proc_task(inode); 3053 if (task) { 3054 rcu_read_lock(); 3055 ns = get_user_ns(task_cred_xxx(task, user_ns)); 3056 rcu_read_unlock(); 3057 put_task_struct(task); 3058 } 3059 if (!ns) 3060 goto err; 3061 3062 ret = seq_open(file, seq_ops); 3063 if (ret) 3064 goto err_put_ns; 3065 3066 seq = file->private_data; 3067 seq->private = ns; 3068 3069 return 0; 3070 err_put_ns: 3071 put_user_ns(ns); 3072 err: 3073 return ret; 3074 } 3075 3076 static int proc_id_map_release(struct inode *inode, struct file *file) 3077 { 3078 struct seq_file *seq = file->private_data; 3079 struct user_namespace *ns = seq->private; 3080 put_user_ns(ns); 3081 return seq_release(inode, file); 3082 } 3083 3084 static int proc_uid_map_open(struct inode *inode, struct file *file) 3085 { 3086 return proc_id_map_open(inode, file, &proc_uid_seq_operations); 3087 } 3088 3089 static int proc_gid_map_open(struct inode *inode, struct file *file) 3090 { 3091 return proc_id_map_open(inode, file, &proc_gid_seq_operations); 3092 } 3093 3094 static int proc_projid_map_open(struct inode *inode, struct file *file) 3095 { 3096 return proc_id_map_open(inode, file, &proc_projid_seq_operations); 3097 } 3098 3099 static const struct file_operations proc_uid_map_operations = { 3100 .open = proc_uid_map_open, 3101 .write = proc_uid_map_write, 3102 .read = seq_read, 3103 .llseek = seq_lseek, 3104 .release = proc_id_map_release, 3105 }; 3106 3107 static const struct file_operations proc_gid_map_operations = { 3108 .open = proc_gid_map_open, 3109 .write = proc_gid_map_write, 3110 .read = seq_read, 3111 .llseek = seq_lseek, 3112 .release = proc_id_map_release, 3113 }; 3114 3115 static const struct file_operations proc_projid_map_operations = { 3116 .open = proc_projid_map_open, 3117 .write = proc_projid_map_write, 3118 .read = seq_read, 3119 .llseek = seq_lseek, 3120 .release = proc_id_map_release, 3121 }; 3122 3123 static int proc_setgroups_open(struct inode *inode, struct file *file) 3124 { 3125 struct user_namespace *ns = NULL; 3126 struct task_struct *task; 3127 int ret; 3128 3129 ret = -ESRCH; 3130 task = get_proc_task(inode); 3131 if (task) { 3132 rcu_read_lock(); 3133 ns = get_user_ns(task_cred_xxx(task, user_ns)); 3134 rcu_read_unlock(); 3135 put_task_struct(task); 3136 } 3137 if (!ns) 3138 goto err; 3139 3140 if (file->f_mode & FMODE_WRITE) { 3141 ret = -EACCES; 3142 if (!ns_capable(ns, CAP_SYS_ADMIN)) 3143 goto err_put_ns; 3144 } 3145 3146 ret = single_open(file, &proc_setgroups_show, ns); 3147 if (ret) 3148 goto err_put_ns; 3149 3150 return 0; 3151 err_put_ns: 3152 put_user_ns(ns); 3153 err: 3154 return ret; 3155 } 3156 3157 static int proc_setgroups_release(struct inode *inode, struct file *file) 3158 { 3159 struct seq_file *seq = file->private_data; 3160 struct user_namespace *ns = seq->private; 3161 int ret = single_release(inode, file); 3162 put_user_ns(ns); 3163 return ret; 3164 } 3165 3166 static const struct file_operations proc_setgroups_operations = { 3167 .open = proc_setgroups_open, 3168 .write = proc_setgroups_write, 3169 .read = seq_read, 3170 .llseek = seq_lseek, 3171 .release = proc_setgroups_release, 3172 }; 3173 #endif /* CONFIG_USER_NS */ 3174 3175 static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, 3176 struct pid *pid, struct task_struct *task) 3177 { 3178 int err = lock_trace(task); 3179 if (!err) { 3180 seq_printf(m, "%08x\n", task->personality); 3181 unlock_trace(task); 3182 } 3183 return err; 3184 } 3185 3186 #ifdef CONFIG_LIVEPATCH 3187 static int proc_pid_patch_state(struct seq_file *m, struct pid_namespace *ns, 3188 struct pid *pid, struct task_struct *task) 3189 { 3190 seq_printf(m, "%d\n", task->patch_state); 3191 return 0; 3192 } 3193 #endif /* CONFIG_LIVEPATCH */ 3194 3195 #ifdef CONFIG_KSM 3196 static int proc_pid_ksm_merging_pages(struct seq_file *m, struct pid_namespace *ns, 3197 struct pid *pid, struct task_struct *task) 3198 { 3199 struct mm_struct *mm; 3200 3201 mm = get_task_mm(task); 3202 if (mm) { 3203 seq_printf(m, "%lu\n", mm->ksm_merging_pages); 3204 mmput(mm); 3205 } 3206 3207 return 0; 3208 } 3209 static int proc_pid_ksm_stat(struct seq_file *m, struct pid_namespace *ns, 3210 struct pid *pid, struct task_struct *task) 3211 { 3212 struct mm_struct *mm; 3213 3214 mm = get_task_mm(task); 3215 if (mm) { 3216 seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items); 3217 seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm)); 3218 seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages); 3219 seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm)); 3220 mmput(mm); 3221 } 3222 3223 return 0; 3224 } 3225 #endif /* CONFIG_KSM */ 3226 3227 #ifdef CONFIG_STACKLEAK_METRICS 3228 static int proc_stack_depth(struct seq_file *m, struct pid_namespace *ns, 3229 struct pid *pid, struct task_struct *task) 3230 { 3231 unsigned long prev_depth = THREAD_SIZE - 3232 (task->prev_lowest_stack & (THREAD_SIZE - 1)); 3233 unsigned long depth = THREAD_SIZE - 3234 (task->lowest_stack & (THREAD_SIZE - 1)); 3235 3236 seq_printf(m, "previous stack depth: %lu\nstack depth: %lu\n", 3237 prev_depth, depth); 3238 return 0; 3239 } 3240 #endif /* CONFIG_STACKLEAK_METRICS */ 3241 3242 /* 3243 * Thread groups 3244 */ 3245 static const struct file_operations proc_task_operations; 3246 static const struct inode_operations proc_task_inode_operations; 3247 3248 static const struct pid_entry tgid_base_stuff[] = { 3249 DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations), 3250 DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), 3251 DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations), 3252 DIR("fdinfo", S_IRUGO|S_IXUGO, proc_fdinfo_inode_operations, proc_fdinfo_operations), 3253 DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations), 3254 #ifdef CONFIG_NET 3255 DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations), 3256 #endif 3257 REG("environ", S_IRUSR, proc_environ_operations), 3258 REG("auxv", S_IRUSR, proc_auxv_operations), 3259 ONE("status", S_IRUGO, proc_pid_status), 3260 ONE("personality", S_IRUSR, proc_pid_personality), 3261 ONE("limits", S_IRUGO, proc_pid_limits), 3262 #ifdef CONFIG_SCHED_DEBUG 3263 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), 3264 #endif 3265 #ifdef CONFIG_SCHED_AUTOGROUP 3266 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), 3267 #endif 3268 #ifdef CONFIG_TIME_NS 3269 REG("timens_offsets", S_IRUGO|S_IWUSR, proc_timens_offsets_operations), 3270 #endif 3271 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), 3272 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 3273 ONE("syscall", S_IRUSR, proc_pid_syscall), 3274 #endif 3275 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), 3276 ONE("stat", S_IRUGO, proc_tgid_stat), 3277 ONE("statm", S_IRUGO, proc_pid_statm), 3278 REG("maps", S_IRUGO, proc_pid_maps_operations), 3279 #ifdef CONFIG_NUMA 3280 REG("numa_maps", S_IRUGO, proc_pid_numa_maps_operations), 3281 #endif 3282 REG("mem", S_IRUSR|S_IWUSR, proc_mem_operations), 3283 LNK("cwd", proc_cwd_link), 3284 LNK("root", proc_root_link), 3285 LNK("exe", proc_exe_link), 3286 REG("mounts", S_IRUGO, proc_mounts_operations), 3287 REG("mountinfo", S_IRUGO, proc_mountinfo_operations), 3288 REG("mountstats", S_IRUSR, proc_mountstats_operations), 3289 #ifdef CONFIG_PROC_PAGE_MONITOR 3290 REG("clear_refs", S_IWUSR, proc_clear_refs_operations), 3291 REG("smaps", S_IRUGO, proc_pid_smaps_operations), 3292 REG("smaps_rollup", S_IRUGO, proc_pid_smaps_rollup_operations), 3293 REG("pagemap", S_IRUSR, proc_pagemap_operations), 3294 #endif 3295 #ifdef CONFIG_SECURITY 3296 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), 3297 #endif 3298 #ifdef CONFIG_KALLSYMS 3299 ONE("wchan", S_IRUGO, proc_pid_wchan), 3300 #endif 3301 #ifdef CONFIG_STACKTRACE 3302 ONE("stack", S_IRUSR, proc_pid_stack), 3303 #endif 3304 #ifdef CONFIG_SCHED_INFO 3305 ONE("schedstat", S_IRUGO, proc_pid_schedstat), 3306 #endif 3307 #ifdef CONFIG_LATENCYTOP 3308 REG("latency", S_IRUGO, proc_lstats_operations), 3309 #endif 3310 #ifdef CONFIG_PROC_PID_CPUSET 3311 ONE("cpuset", S_IRUGO, proc_cpuset_show), 3312 #endif 3313 #ifdef CONFIG_CGROUPS 3314 ONE("cgroup", S_IRUGO, proc_cgroup_show), 3315 #endif 3316 #ifdef CONFIG_PROC_CPU_RESCTRL 3317 ONE("cpu_resctrl_groups", S_IRUGO, proc_resctrl_show), 3318 #endif 3319 ONE("oom_score", S_IRUGO, proc_oom_score), 3320 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations), 3321 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations), 3322 #ifdef CONFIG_AUDIT 3323 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations), 3324 REG("sessionid", S_IRUGO, proc_sessionid_operations), 3325 #endif 3326 #ifdef CONFIG_FAULT_INJECTION 3327 REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations), 3328 REG("fail-nth", 0644, proc_fail_nth_operations), 3329 #endif 3330 #ifdef CONFIG_ELF_CORE 3331 REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations), 3332 #endif 3333 #ifdef CONFIG_TASK_IO_ACCOUNTING 3334 ONE("io", S_IRUSR, proc_tgid_io_accounting), 3335 #endif 3336 #ifdef CONFIG_USER_NS 3337 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), 3338 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), 3339 REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), 3340 REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), 3341 #endif 3342 #if defined(CONFIG_CHECKPOINT_RESTORE) && defined(CONFIG_POSIX_TIMERS) 3343 REG("timers", S_IRUGO, proc_timers_operations), 3344 #endif 3345 REG("timerslack_ns", S_IRUGO|S_IWUGO, proc_pid_set_timerslack_ns_operations), 3346 #ifdef CONFIG_LIVEPATCH 3347 ONE("patch_state", S_IRUSR, proc_pid_patch_state), 3348 #endif 3349 #ifdef CONFIG_STACKLEAK_METRICS 3350 ONE("stack_depth", S_IRUGO, proc_stack_depth), 3351 #endif 3352 #ifdef CONFIG_PROC_PID_ARCH_STATUS 3353 ONE("arch_status", S_IRUGO, proc_pid_arch_status), 3354 #endif 3355 #ifdef CONFIG_SECCOMP_CACHE_DEBUG 3356 ONE("seccomp_cache", S_IRUSR, proc_pid_seccomp_cache), 3357 #endif 3358 #ifdef CONFIG_KSM 3359 ONE("ksm_merging_pages", S_IRUSR, proc_pid_ksm_merging_pages), 3360 ONE("ksm_stat", S_IRUSR, proc_pid_ksm_stat), 3361 #endif 3362 }; 3363 3364 static int proc_tgid_base_readdir(struct file *file, struct dir_context *ctx) 3365 { 3366 return proc_pident_readdir(file, ctx, 3367 tgid_base_stuff, ARRAY_SIZE(tgid_base_stuff)); 3368 } 3369 3370 static const struct file_operations proc_tgid_base_operations = { 3371 .read = generic_read_dir, 3372 .iterate_shared = proc_tgid_base_readdir, 3373 .llseek = generic_file_llseek, 3374 }; 3375 3376 struct pid *tgid_pidfd_to_pid(const struct file *file) 3377 { 3378 if (file->f_op != &proc_tgid_base_operations) 3379 return ERR_PTR(-EBADF); 3380 3381 return proc_pid(file_inode(file)); 3382 } 3383 3384 static struct dentry *proc_tgid_base_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) 3385 { 3386 return proc_pident_lookup(dir, dentry, 3387 tgid_base_stuff, 3388 tgid_base_stuff + ARRAY_SIZE(tgid_base_stuff)); 3389 } 3390 3391 static const struct inode_operations proc_tgid_base_inode_operations = { 3392 .lookup = proc_tgid_base_lookup, 3393 .getattr = pid_getattr, 3394 .setattr = proc_setattr, 3395 .permission = proc_pid_permission, 3396 }; 3397 3398 /** 3399 * proc_flush_pid - Remove dcache entries for @pid from the /proc dcache. 3400 * @pid: pid that should be flushed. 3401 * 3402 * This function walks a list of inodes (that belong to any proc 3403 * filesystem) that are attached to the pid and flushes them from 3404 * the dentry cache. 3405 * 3406 * It is safe and reasonable to cache /proc entries for a task until 3407 * that task exits. After that they just clog up the dcache with 3408 * useless entries, possibly causing useful dcache entries to be 3409 * flushed instead. This routine is provided to flush those useless 3410 * dcache entries when a process is reaped. 3411 * 3412 * NOTE: This routine is just an optimization so it does not guarantee 3413 * that no dcache entries will exist after a process is reaped 3414 * it just makes it very unlikely that any will persist. 3415 */ 3416 3417 void proc_flush_pid(struct pid *pid) 3418 { 3419 proc_invalidate_siblings_dcache(&pid->inodes, &pid->lock); 3420 } 3421 3422 static struct dentry *proc_pid_instantiate(struct dentry * dentry, 3423 struct task_struct *task, const void *ptr) 3424 { 3425 struct inode *inode; 3426 3427 inode = proc_pid_make_base_inode(dentry->d_sb, task, 3428 S_IFDIR | S_IRUGO | S_IXUGO); 3429 if (!inode) 3430 return ERR_PTR(-ENOENT); 3431 3432 inode->i_op = &proc_tgid_base_inode_operations; 3433 inode->i_fop = &proc_tgid_base_operations; 3434 inode->i_flags|=S_IMMUTABLE; 3435 3436 set_nlink(inode, nlink_tgid); 3437 pid_update_inode(task, inode); 3438 3439 d_set_d_op(dentry, &pid_dentry_operations); 3440 return d_splice_alias(inode, dentry); 3441 } 3442 3443 struct dentry *proc_pid_lookup(struct dentry *dentry, unsigned int flags) 3444 { 3445 struct task_struct *task; 3446 unsigned tgid; 3447 struct proc_fs_info *fs_info; 3448 struct pid_namespace *ns; 3449 struct dentry *result = ERR_PTR(-ENOENT); 3450 3451 tgid = name_to_int(&dentry->d_name); 3452 if (tgid == ~0U) 3453 goto out; 3454 3455 fs_info = proc_sb_info(dentry->d_sb); 3456 ns = fs_info->pid_ns; 3457 rcu_read_lock(); 3458 task = find_task_by_pid_ns(tgid, ns); 3459 if (task) 3460 get_task_struct(task); 3461 rcu_read_unlock(); 3462 if (!task) 3463 goto out; 3464 3465 /* Limit procfs to only ptraceable tasks */ 3466 if (fs_info->hide_pid == HIDEPID_NOT_PTRACEABLE) { 3467 if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS)) 3468 goto out_put_task; 3469 } 3470 3471 result = proc_pid_instantiate(dentry, task, NULL); 3472 out_put_task: 3473 put_task_struct(task); 3474 out: 3475 return result; 3476 } 3477 3478 /* 3479 * Find the first task with tgid >= tgid 3480 * 3481 */ 3482 struct tgid_iter { 3483 unsigned int tgid; 3484 struct task_struct *task; 3485 }; 3486 static struct tgid_iter next_tgid(struct pid_namespace *ns, struct tgid_iter iter) 3487 { 3488 struct pid *pid; 3489 3490 if (iter.task) 3491 put_task_struct(iter.task); 3492 rcu_read_lock(); 3493 retry: 3494 iter.task = NULL; 3495 pid = find_ge_pid(iter.tgid, ns); 3496 if (pid) { 3497 iter.tgid = pid_nr_ns(pid, ns); 3498 iter.task = pid_task(pid, PIDTYPE_TGID); 3499 if (!iter.task) { 3500 iter.tgid += 1; 3501 goto retry; 3502 } 3503 get_task_struct(iter.task); 3504 } 3505 rcu_read_unlock(); 3506 return iter; 3507 } 3508 3509 #define TGID_OFFSET (FIRST_PROCESS_ENTRY + 2) 3510 3511 /* for the /proc/ directory itself, after non-process stuff has been done */ 3512 int proc_pid_readdir(struct file *file, struct dir_context *ctx) 3513 { 3514 struct tgid_iter iter; 3515 struct proc_fs_info *fs_info = proc_sb_info(file_inode(file)->i_sb); 3516 struct pid_namespace *ns = proc_pid_ns(file_inode(file)->i_sb); 3517 loff_t pos = ctx->pos; 3518 3519 if (pos >= PID_MAX_LIMIT + TGID_OFFSET) 3520 return 0; 3521 3522 if (pos == TGID_OFFSET - 2) { 3523 struct inode *inode = d_inode(fs_info->proc_self); 3524 if (!dir_emit(ctx, "self", 4, inode->i_ino, DT_LNK)) 3525 return 0; 3526 ctx->pos = pos = pos + 1; 3527 } 3528 if (pos == TGID_OFFSET - 1) { 3529 struct inode *inode = d_inode(fs_info->proc_thread_self); 3530 if (!dir_emit(ctx, "thread-self", 11, inode->i_ino, DT_LNK)) 3531 return 0; 3532 ctx->pos = pos = pos + 1; 3533 } 3534 iter.tgid = pos - TGID_OFFSET; 3535 iter.task = NULL; 3536 for (iter = next_tgid(ns, iter); 3537 iter.task; 3538 iter.tgid += 1, iter = next_tgid(ns, iter)) { 3539 char name[10 + 1]; 3540 unsigned int len; 3541 3542 cond_resched(); 3543 if (!has_pid_permissions(fs_info, iter.task, HIDEPID_INVISIBLE)) 3544 continue; 3545 3546 len = snprintf(name, sizeof(name), "%u", iter.tgid); 3547 ctx->pos = iter.tgid + TGID_OFFSET; 3548 if (!proc_fill_cache(file, ctx, name, len, 3549 proc_pid_instantiate, iter.task, NULL)) { 3550 put_task_struct(iter.task); 3551 return 0; 3552 } 3553 } 3554 ctx->pos = PID_MAX_LIMIT + TGID_OFFSET; 3555 return 0; 3556 } 3557 3558 /* 3559 * proc_tid_comm_permission is a special permission function exclusively 3560 * used for the node /proc/<pid>/task/<tid>/comm. 3561 * It bypasses generic permission checks in the case where a task of the same 3562 * task group attempts to access the node. 3563 * The rationale behind this is that glibc and bionic access this node for 3564 * cross thread naming (pthread_set/getname_np(!self)). However, if 3565 * PR_SET_DUMPABLE gets set to 0 this node among others becomes uid=0 gid=0, 3566 * which locks out the cross thread naming implementation. 3567 * This function makes sure that the node is always accessible for members of 3568 * same thread group. 3569 */ 3570 static int proc_tid_comm_permission(struct mnt_idmap *idmap, 3571 struct inode *inode, int mask) 3572 { 3573 bool is_same_tgroup; 3574 struct task_struct *task; 3575 3576 task = get_proc_task(inode); 3577 if (!task) 3578 return -ESRCH; 3579 is_same_tgroup = same_thread_group(current, task); 3580 put_task_struct(task); 3581 3582 if (likely(is_same_tgroup && !(mask & MAY_EXEC))) { 3583 /* This file (/proc/<pid>/task/<tid>/comm) can always be 3584 * read or written by the members of the corresponding 3585 * thread group. 3586 */ 3587 return 0; 3588 } 3589 3590 return generic_permission(&nop_mnt_idmap, inode, mask); 3591 } 3592 3593 static const struct inode_operations proc_tid_comm_inode_operations = { 3594 .setattr = proc_setattr, 3595 .permission = proc_tid_comm_permission, 3596 }; 3597 3598 /* 3599 * Tasks 3600 */ 3601 static const struct pid_entry tid_base_stuff[] = { 3602 DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), 3603 DIR("fdinfo", S_IRUGO|S_IXUGO, proc_fdinfo_inode_operations, proc_fdinfo_operations), 3604 DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations), 3605 #ifdef CONFIG_NET 3606 DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations), 3607 #endif 3608 REG("environ", S_IRUSR, proc_environ_operations), 3609 REG("auxv", S_IRUSR, proc_auxv_operations), 3610 ONE("status", S_IRUGO, proc_pid_status), 3611 ONE("personality", S_IRUSR, proc_pid_personality), 3612 ONE("limits", S_IRUGO, proc_pid_limits), 3613 #ifdef CONFIG_SCHED_DEBUG 3614 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), 3615 #endif 3616 NOD("comm", S_IFREG|S_IRUGO|S_IWUSR, 3617 &proc_tid_comm_inode_operations, 3618 &proc_pid_set_comm_operations, {}), 3619 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 3620 ONE("syscall", S_IRUSR, proc_pid_syscall), 3621 #endif 3622 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), 3623 ONE("stat", S_IRUGO, proc_tid_stat), 3624 ONE("statm", S_IRUGO, proc_pid_statm), 3625 REG("maps", S_IRUGO, proc_pid_maps_operations), 3626 #ifdef CONFIG_PROC_CHILDREN 3627 REG("children", S_IRUGO, proc_tid_children_operations), 3628 #endif 3629 #ifdef CONFIG_NUMA 3630 REG("numa_maps", S_IRUGO, proc_pid_numa_maps_operations), 3631 #endif 3632 REG("mem", S_IRUSR|S_IWUSR, proc_mem_operations), 3633 LNK("cwd", proc_cwd_link), 3634 LNK("root", proc_root_link), 3635 LNK("exe", proc_exe_link), 3636 REG("mounts", S_IRUGO, proc_mounts_operations), 3637 REG("mountinfo", S_IRUGO, proc_mountinfo_operations), 3638 #ifdef CONFIG_PROC_PAGE_MONITOR 3639 REG("clear_refs", S_IWUSR, proc_clear_refs_operations), 3640 REG("smaps", S_IRUGO, proc_pid_smaps_operations), 3641 REG("smaps_rollup", S_IRUGO, proc_pid_smaps_rollup_operations), 3642 REG("pagemap", S_IRUSR, proc_pagemap_operations), 3643 #endif 3644 #ifdef CONFIG_SECURITY 3645 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), 3646 #endif 3647 #ifdef CONFIG_KALLSYMS 3648 ONE("wchan", S_IRUGO, proc_pid_wchan), 3649 #endif 3650 #ifdef CONFIG_STACKTRACE 3651 ONE("stack", S_IRUSR, proc_pid_stack), 3652 #endif 3653 #ifdef CONFIG_SCHED_INFO 3654 ONE("schedstat", S_IRUGO, proc_pid_schedstat), 3655 #endif 3656 #ifdef CONFIG_LATENCYTOP 3657 REG("latency", S_IRUGO, proc_lstats_operations), 3658 #endif 3659 #ifdef CONFIG_PROC_PID_CPUSET 3660 ONE("cpuset", S_IRUGO, proc_cpuset_show), 3661 #endif 3662 #ifdef CONFIG_CGROUPS 3663 ONE("cgroup", S_IRUGO, proc_cgroup_show), 3664 #endif 3665 #ifdef CONFIG_PROC_CPU_RESCTRL 3666 ONE("cpu_resctrl_groups", S_IRUGO, proc_resctrl_show), 3667 #endif 3668 ONE("oom_score", S_IRUGO, proc_oom_score), 3669 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations), 3670 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations), 3671 #ifdef CONFIG_AUDIT 3672 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations), 3673 REG("sessionid", S_IRUGO, proc_sessionid_operations), 3674 #endif 3675 #ifdef CONFIG_FAULT_INJECTION 3676 REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations), 3677 REG("fail-nth", 0644, proc_fail_nth_operations), 3678 #endif 3679 #ifdef CONFIG_TASK_IO_ACCOUNTING 3680 ONE("io", S_IRUSR, proc_tid_io_accounting), 3681 #endif 3682 #ifdef CONFIG_USER_NS 3683 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), 3684 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), 3685 REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), 3686 REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), 3687 #endif 3688 #ifdef CONFIG_LIVEPATCH 3689 ONE("patch_state", S_IRUSR, proc_pid_patch_state), 3690 #endif 3691 #ifdef CONFIG_PROC_PID_ARCH_STATUS 3692 ONE("arch_status", S_IRUGO, proc_pid_arch_status), 3693 #endif 3694 #ifdef CONFIG_SECCOMP_CACHE_DEBUG 3695 ONE("seccomp_cache", S_IRUSR, proc_pid_seccomp_cache), 3696 #endif 3697 #ifdef CONFIG_KSM 3698 ONE("ksm_merging_pages", S_IRUSR, proc_pid_ksm_merging_pages), 3699 ONE("ksm_stat", S_IRUSR, proc_pid_ksm_stat), 3700 #endif 3701 }; 3702 3703 static int proc_tid_base_readdir(struct file *file, struct dir_context *ctx) 3704 { 3705 return proc_pident_readdir(file, ctx, 3706 tid_base_stuff, ARRAY_SIZE(tid_base_stuff)); 3707 } 3708 3709 static struct dentry *proc_tid_base_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) 3710 { 3711 return proc_pident_lookup(dir, dentry, 3712 tid_base_stuff, 3713 tid_base_stuff + ARRAY_SIZE(tid_base_stuff)); 3714 } 3715 3716 static const struct file_operations proc_tid_base_operations = { 3717 .read = generic_read_dir, 3718 .iterate_shared = proc_tid_base_readdir, 3719 .llseek = generic_file_llseek, 3720 }; 3721 3722 static const struct inode_operations proc_tid_base_inode_operations = { 3723 .lookup = proc_tid_base_lookup, 3724 .getattr = pid_getattr, 3725 .setattr = proc_setattr, 3726 }; 3727 3728 static struct dentry *proc_task_instantiate(struct dentry *dentry, 3729 struct task_struct *task, const void *ptr) 3730 { 3731 struct inode *inode; 3732 inode = proc_pid_make_base_inode(dentry->d_sb, task, 3733 S_IFDIR | S_IRUGO | S_IXUGO); 3734 if (!inode) 3735 return ERR_PTR(-ENOENT); 3736 3737 inode->i_op = &proc_tid_base_inode_operations; 3738 inode->i_fop = &proc_tid_base_operations; 3739 inode->i_flags |= S_IMMUTABLE; 3740 3741 set_nlink(inode, nlink_tid); 3742 pid_update_inode(task, inode); 3743 3744 d_set_d_op(dentry, &pid_dentry_operations); 3745 return d_splice_alias(inode, dentry); 3746 } 3747 3748 static struct dentry *proc_task_lookup(struct inode *dir, struct dentry * dentry, unsigned int flags) 3749 { 3750 struct task_struct *task; 3751 struct task_struct *leader = get_proc_task(dir); 3752 unsigned tid; 3753 struct proc_fs_info *fs_info; 3754 struct pid_namespace *ns; 3755 struct dentry *result = ERR_PTR(-ENOENT); 3756 3757 if (!leader) 3758 goto out_no_task; 3759 3760 tid = name_to_int(&dentry->d_name); 3761 if (tid == ~0U) 3762 goto out; 3763 3764 fs_info = proc_sb_info(dentry->d_sb); 3765 ns = fs_info->pid_ns; 3766 rcu_read_lock(); 3767 task = find_task_by_pid_ns(tid, ns); 3768 if (task) 3769 get_task_struct(task); 3770 rcu_read_unlock(); 3771 if (!task) 3772 goto out; 3773 if (!same_thread_group(leader, task)) 3774 goto out_drop_task; 3775 3776 result = proc_task_instantiate(dentry, task, NULL); 3777 out_drop_task: 3778 put_task_struct(task); 3779 out: 3780 put_task_struct(leader); 3781 out_no_task: 3782 return result; 3783 } 3784 3785 /* 3786 * Find the first tid of a thread group to return to user space. 3787 * 3788 * Usually this is just the thread group leader, but if the users 3789 * buffer was too small or there was a seek into the middle of the 3790 * directory we have more work todo. 3791 * 3792 * In the case of a short read we start with find_task_by_pid. 3793 * 3794 * In the case of a seek we start with the leader and walk nr 3795 * threads past it. 3796 */ 3797 static struct task_struct *first_tid(struct pid *pid, int tid, loff_t f_pos, 3798 struct pid_namespace *ns) 3799 { 3800 struct task_struct *pos, *task; 3801 unsigned long nr = f_pos; 3802 3803 if (nr != f_pos) /* 32bit overflow? */ 3804 return NULL; 3805 3806 rcu_read_lock(); 3807 task = pid_task(pid, PIDTYPE_PID); 3808 if (!task) 3809 goto fail; 3810 3811 /* Attempt to start with the tid of a thread */ 3812 if (tid && nr) { 3813 pos = find_task_by_pid_ns(tid, ns); 3814 if (pos && same_thread_group(pos, task)) 3815 goto found; 3816 } 3817 3818 /* If nr exceeds the number of threads there is nothing todo */ 3819 if (nr >= get_nr_threads(task)) 3820 goto fail; 3821 3822 /* If we haven't found our starting place yet start 3823 * with the leader and walk nr threads forward. 3824 */ 3825 for_each_thread(task, pos) { 3826 if (!nr--) 3827 goto found; 3828 } 3829 fail: 3830 pos = NULL; 3831 goto out; 3832 found: 3833 get_task_struct(pos); 3834 out: 3835 rcu_read_unlock(); 3836 return pos; 3837 } 3838 3839 /* 3840 * Find the next thread in the thread list. 3841 * Return NULL if there is an error or no next thread. 3842 * 3843 * The reference to the input task_struct is released. 3844 */ 3845 static struct task_struct *next_tid(struct task_struct *start) 3846 { 3847 struct task_struct *pos = NULL; 3848 rcu_read_lock(); 3849 if (pid_alive(start)) { 3850 pos = __next_thread(start); 3851 if (pos) 3852 get_task_struct(pos); 3853 } 3854 rcu_read_unlock(); 3855 put_task_struct(start); 3856 return pos; 3857 } 3858 3859 /* for the /proc/TGID/task/ directories */ 3860 static int proc_task_readdir(struct file *file, struct dir_context *ctx) 3861 { 3862 struct inode *inode = file_inode(file); 3863 struct task_struct *task; 3864 struct pid_namespace *ns; 3865 int tid; 3866 3867 if (proc_inode_is_dead(inode)) 3868 return -ENOENT; 3869 3870 if (!dir_emit_dots(file, ctx)) 3871 return 0; 3872 3873 /* f_version caches the tgid value that the last readdir call couldn't 3874 * return. lseek aka telldir automagically resets f_version to 0. 3875 */ 3876 ns = proc_pid_ns(inode->i_sb); 3877 tid = (int)file->f_version; 3878 file->f_version = 0; 3879 for (task = first_tid(proc_pid(inode), tid, ctx->pos - 2, ns); 3880 task; 3881 task = next_tid(task), ctx->pos++) { 3882 char name[10 + 1]; 3883 unsigned int len; 3884 3885 tid = task_pid_nr_ns(task, ns); 3886 if (!tid) 3887 continue; /* The task has just exited. */ 3888 len = snprintf(name, sizeof(name), "%u", tid); 3889 if (!proc_fill_cache(file, ctx, name, len, 3890 proc_task_instantiate, task, NULL)) { 3891 /* returning this tgid failed, save it as the first 3892 * pid for the next readir call */ 3893 file->f_version = (u64)tid; 3894 put_task_struct(task); 3895 break; 3896 } 3897 } 3898 3899 return 0; 3900 } 3901 3902 static int proc_task_getattr(struct mnt_idmap *idmap, 3903 const struct path *path, struct kstat *stat, 3904 u32 request_mask, unsigned int query_flags) 3905 { 3906 struct inode *inode = d_inode(path->dentry); 3907 struct task_struct *p = get_proc_task(inode); 3908 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 3909 3910 if (p) { 3911 stat->nlink += get_nr_threads(p); 3912 put_task_struct(p); 3913 } 3914 3915 return 0; 3916 } 3917 3918 static const struct inode_operations proc_task_inode_operations = { 3919 .lookup = proc_task_lookup, 3920 .getattr = proc_task_getattr, 3921 .setattr = proc_setattr, 3922 .permission = proc_pid_permission, 3923 }; 3924 3925 static const struct file_operations proc_task_operations = { 3926 .read = generic_read_dir, 3927 .iterate_shared = proc_task_readdir, 3928 .llseek = generic_file_llseek, 3929 }; 3930 3931 void __init set_proc_pid_nlink(void) 3932 { 3933 nlink_tid = pid_entry_nlink(tid_base_stuff, ARRAY_SIZE(tid_base_stuff)); 3934 nlink_tgid = pid_entry_nlink(tgid_base_stuff, ARRAY_SIZE(tgid_base_stuff)); 3935 } 3936