1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * fs/anon_inodes.c
4 *
5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
6 *
7 * Thanks to Arnd Bergmann for code review and suggestions.
8 * More changes for Thomas Gleixner suggestions.
9 *
10 */
11
12 #include <linux/cred.h>
13 #include <linux/file.h>
14 #include <linux/poll.h>
15 #include <linux/sched.h>
16 #include <linux/init.h>
17 #include <linux/fs.h>
18 #include <linux/mount.h>
19 #include <linux/module.h>
20 #include <linux/kernel.h>
21 #include <linux/magic.h>
22 #include <linux/anon_inodes.h>
23 #include <linux/pseudo_fs.h>
24
25 #include <linux/uaccess.h>
26
27 #include "internal.h"
28
29 static struct vfsmount *anon_inode_mnt __ro_after_init;
30 static struct inode *anon_inode_inode __ro_after_init;
31
32 /*
33 * User space expects anonymous inodes to have no file type in st_mode.
34 *
35 * In particular, 'lsof' has this legacy logic:
36 *
37 * type = s->st_mode & S_IFMT;
38 * switch (type) {
39 * ...
40 * case 0:
41 * if (!strcmp(p, "anon_inode"))
42 * Lf->ntype = Ntype = N_ANON_INODE;
43 *
44 * to detect our old anon_inode logic.
45 *
46 * Rather than mess with our internal sane inode data, just fix it
47 * up here in getattr() by masking off the format bits.
48 */
anon_inode_getattr(struct mnt_idmap * idmap,const struct path * path,struct kstat * stat,u32 request_mask,unsigned int query_flags)49 int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path,
50 struct kstat *stat, u32 request_mask,
51 unsigned int query_flags)
52 {
53 struct inode *inode = d_inode(path->dentry);
54
55 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
56 stat->mode &= ~S_IFMT;
57 return 0;
58 }
59
anon_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr)60 int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
61 struct iattr *attr)
62 {
63 return -EOPNOTSUPP;
64 }
65
66 static const struct inode_operations anon_inode_operations = {
67 .getattr = anon_inode_getattr,
68 .setattr = anon_inode_setattr,
69 };
70
71 /*
72 * anon_inodefs_dname() is called from d_path().
73 */
anon_inodefs_dname(struct dentry * dentry,char * buffer,int buflen)74 static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen)
75 {
76 return dynamic_dname(buffer, buflen, "anon_inode:%s",
77 dentry->d_name.name);
78 }
79
80 static const struct dentry_operations anon_inodefs_dentry_operations = {
81 .d_dname = anon_inodefs_dname,
82 };
83
anon_inodefs_init_fs_context(struct fs_context * fc)84 static int anon_inodefs_init_fs_context(struct fs_context *fc)
85 {
86 struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);
87 if (!ctx)
88 return -ENOMEM;
89 fc->s_iflags |= SB_I_NOEXEC;
90 fc->s_iflags |= SB_I_NODEV;
91 ctx->dops = &anon_inodefs_dentry_operations;
92 return 0;
93 }
94
95 static struct file_system_type anon_inode_fs_type = {
96 .name = "anon_inodefs",
97 .init_fs_context = anon_inodefs_init_fs_context,
98 .kill_sb = kill_anon_super,
99 };
100
101 /**
102 * anon_inode_make_secure_inode - allocate an anonymous inode with security context
103 * @sb: [in] Superblock to allocate from
104 * @name: [in] Name of the class of the newfile (e.g., "secretmem")
105 * @context_inode:
106 * [in] Optional parent inode for security inheritance
107 *
108 * The function ensures proper security initialization through the LSM hook
109 * security_inode_init_security_anon().
110 *
111 * Return: Pointer to new inode on success, ERR_PTR on failure.
112 */
anon_inode_make_secure_inode(struct super_block * sb,const char * name,const struct inode * context_inode)113 struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name,
114 const struct inode *context_inode)
115 {
116 struct inode *inode;
117 int error;
118
119 inode = alloc_anon_inode(sb);
120 if (IS_ERR(inode))
121 return inode;
122 inode->i_flags &= ~S_PRIVATE;
123 inode->i_op = &anon_inode_operations;
124 error = security_inode_init_security_anon(inode, &QSTR(name),
125 context_inode);
126 if (error) {
127 iput(inode);
128 return ERR_PTR(error);
129 }
130 return inode;
131 }
132 EXPORT_SYMBOL_GPL_FOR_MODULES(anon_inode_make_secure_inode, "kvm");
133
__anon_inode_getfile(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode,bool make_inode)134 static struct file *__anon_inode_getfile(const char *name,
135 const struct file_operations *fops,
136 void *priv, int flags,
137 const struct inode *context_inode,
138 bool make_inode)
139 {
140 struct inode *inode;
141 struct file *file;
142
143 if (fops->owner && !try_module_get(fops->owner))
144 return ERR_PTR(-ENOENT);
145
146 if (make_inode) {
147 inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb,
148 name, context_inode);
149 if (IS_ERR(inode)) {
150 file = ERR_CAST(inode);
151 goto err;
152 }
153 } else {
154 inode = anon_inode_inode;
155 if (IS_ERR(inode)) {
156 file = ERR_PTR(-ENODEV);
157 goto err;
158 }
159 /*
160 * We know the anon_inode inode count is always
161 * greater than zero, so ihold() is safe.
162 */
163 ihold(inode);
164 }
165
166 file = alloc_file_pseudo(inode, anon_inode_mnt, name,
167 flags & (O_ACCMODE | O_NONBLOCK), fops);
168 if (IS_ERR(file))
169 goto err_iput;
170
171 file->f_mapping = inode->i_mapping;
172
173 file->private_data = priv;
174
175 return file;
176
177 err_iput:
178 iput(inode);
179 err:
180 module_put(fops->owner);
181 return file;
182 }
183
184 /**
185 * anon_inode_getfile - creates a new file instance by hooking it up to an
186 * anonymous inode, and a dentry that describe the "class"
187 * of the file
188 *
189 * @name: [in] name of the "class" of the new file
190 * @fops: [in] file operations for the new file
191 * @priv: [in] private data for the new file (will be file's private_data)
192 * @flags: [in] flags
193 *
194 * Creates a new file by hooking it on a single inode. This is useful for files
195 * that do not need to have a full-fledged inode in order to operate correctly.
196 * All the files created with anon_inode_getfile() will share a single inode,
197 * hence saving memory and avoiding code duplication for the file/inode/dentry
198 * setup. Returns the newly created file* or an error pointer.
199 */
anon_inode_getfile(const char * name,const struct file_operations * fops,void * priv,int flags)200 struct file *anon_inode_getfile(const char *name,
201 const struct file_operations *fops,
202 void *priv, int flags)
203 {
204 return __anon_inode_getfile(name, fops, priv, flags, NULL, false);
205 }
206 EXPORT_SYMBOL_GPL(anon_inode_getfile);
207
208 /**
209 * anon_inode_getfile_fmode - creates a new file instance by hooking it up to an
210 * anonymous inode, and a dentry that describe the "class"
211 * of the file
212 *
213 * @name: [in] name of the "class" of the new file
214 * @fops: [in] file operations for the new file
215 * @priv: [in] private data for the new file (will be file's private_data)
216 * @flags: [in] flags
217 * @f_mode: [in] fmode
218 *
219 * Creates a new file by hooking it on a single inode. This is useful for files
220 * that do not need to have a full-fledged inode in order to operate correctly.
221 * All the files created with anon_inode_getfile() will share a single inode,
222 * hence saving memory and avoiding code duplication for the file/inode/dentry
223 * setup. Allows setting the fmode. Returns the newly created file* or an error
224 * pointer.
225 */
anon_inode_getfile_fmode(const char * name,const struct file_operations * fops,void * priv,int flags,fmode_t f_mode)226 struct file *anon_inode_getfile_fmode(const char *name,
227 const struct file_operations *fops,
228 void *priv, int flags, fmode_t f_mode)
229 {
230 struct file *file;
231
232 file = __anon_inode_getfile(name, fops, priv, flags, NULL, false);
233 if (!IS_ERR(file))
234 file->f_mode |= f_mode;
235
236 return file;
237 }
238 EXPORT_SYMBOL_GPL(anon_inode_getfile_fmode);
239
240 /**
241 * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new
242 * !S_PRIVATE anon inode rather than reuse the
243 * singleton anon inode and calls the
244 * inode_init_security_anon() LSM hook.
245 *
246 * @name: [in] name of the "class" of the new file
247 * @fops: [in] file operations for the new file
248 * @priv: [in] private data for the new file (will be file's private_data)
249 * @flags: [in] flags
250 * @context_inode:
251 * [in] the logical relationship with the new inode (optional)
252 *
253 * Create a new anonymous inode and file pair. This can be done for two
254 * reasons:
255 *
256 * - for the inode to have its own security context, so that LSMs can enforce
257 * policy on the inode's creation;
258 *
259 * - if the caller needs a unique inode, for example in order to customize
260 * the size returned by fstat()
261 *
262 * The LSM may use @context_inode in inode_init_security_anon(), but a
263 * reference to it is not held.
264 *
265 * Returns the newly created file* or an error pointer.
266 */
anon_inode_create_getfile(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode)267 struct file *anon_inode_create_getfile(const char *name,
268 const struct file_operations *fops,
269 void *priv, int flags,
270 const struct inode *context_inode)
271 {
272 return __anon_inode_getfile(name, fops, priv, flags,
273 context_inode, true);
274 }
275 EXPORT_SYMBOL_GPL(anon_inode_create_getfile);
276
__anon_inode_getfd(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode,bool make_inode)277 static int __anon_inode_getfd(const char *name,
278 const struct file_operations *fops,
279 void *priv, int flags,
280 const struct inode *context_inode,
281 bool make_inode)
282 {
283 int error, fd;
284 struct file *file;
285
286 error = get_unused_fd_flags(flags);
287 if (error < 0)
288 return error;
289 fd = error;
290
291 file = __anon_inode_getfile(name, fops, priv, flags, context_inode,
292 make_inode);
293 if (IS_ERR(file)) {
294 error = PTR_ERR(file);
295 goto err_put_unused_fd;
296 }
297 fd_install(fd, file);
298
299 return fd;
300
301 err_put_unused_fd:
302 put_unused_fd(fd);
303 return error;
304 }
305
306 /**
307 * anon_inode_getfd - creates a new file instance by hooking it up to
308 * an anonymous inode and a dentry that describe
309 * the "class" of the file
310 *
311 * @name: [in] name of the "class" of the new file
312 * @fops: [in] file operations for the new file
313 * @priv: [in] private data for the new file (will be file's private_data)
314 * @flags: [in] flags
315 *
316 * Creates a new file by hooking it on a single inode. This is
317 * useful for files that do not need to have a full-fledged inode in
318 * order to operate correctly. All the files created with
319 * anon_inode_getfd() will use the same singleton inode, reducing
320 * memory use and avoiding code duplication for the file/inode/dentry
321 * setup. Returns a newly created file descriptor or an error code.
322 */
anon_inode_getfd(const char * name,const struct file_operations * fops,void * priv,int flags)323 int anon_inode_getfd(const char *name, const struct file_operations *fops,
324 void *priv, int flags)
325 {
326 return __anon_inode_getfd(name, fops, priv, flags, NULL, false);
327 }
328 EXPORT_SYMBOL_GPL(anon_inode_getfd);
329
330 /**
331 * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new
332 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls
333 * the inode_init_security_anon() LSM hook.
334 *
335 * @name: [in] name of the "class" of the new file
336 * @fops: [in] file operations for the new file
337 * @priv: [in] private data for the new file (will be file's private_data)
338 * @flags: [in] flags
339 * @context_inode:
340 * [in] the logical relationship with the new inode (optional)
341 *
342 * Create a new anonymous inode and file pair. This can be done for two
343 * reasons:
344 *
345 * - for the inode to have its own security context, so that LSMs can enforce
346 * policy on the inode's creation;
347 *
348 * - if the caller needs a unique inode, for example in order to customize
349 * the size returned by fstat()
350 *
351 * The LSM may use @context_inode in inode_init_security_anon(), but a
352 * reference to it is not held.
353 *
354 * Returns a newly created file descriptor or an error code.
355 */
anon_inode_create_getfd(const char * name,const struct file_operations * fops,void * priv,int flags,const struct inode * context_inode)356 int anon_inode_create_getfd(const char *name, const struct file_operations *fops,
357 void *priv, int flags,
358 const struct inode *context_inode)
359 {
360 return __anon_inode_getfd(name, fops, priv, flags, context_inode, true);
361 }
362
363
anon_inode_init(void)364 static int __init anon_inode_init(void)
365 {
366 anon_inode_mnt = kern_mount(&anon_inode_fs_type);
367 if (IS_ERR(anon_inode_mnt))
368 panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
369
370 anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
371 if (IS_ERR(anon_inode_inode))
372 panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
373 anon_inode_inode->i_op = &anon_inode_operations;
374
375 return 0;
376 }
377
378 fs_initcall(anon_inode_init);
379
380