1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * fs/anon_inodes.c 4 * 5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> 6 * 7 * Thanks to Arnd Bergmann for code review and suggestions. 8 * More changes for Thomas Gleixner suggestions. 9 * 10 */ 11 12 #include <linux/cred.h> 13 #include <linux/file.h> 14 #include <linux/poll.h> 15 #include <linux/sched.h> 16 #include <linux/init.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/module.h> 20 #include <linux/kernel.h> 21 #include <linux/magic.h> 22 #include <linux/anon_inodes.h> 23 #include <linux/pseudo_fs.h> 24 25 #include <linux/uaccess.h> 26 27 #include "internal.h" 28 29 static struct vfsmount *anon_inode_mnt __ro_after_init; 30 static struct inode *anon_inode_inode __ro_after_init; 31 32 /* 33 * User space expects anonymous inodes to have no file type in st_mode. 34 * 35 * In particular, 'lsof' has this legacy logic: 36 * 37 * type = s->st_mode & S_IFMT; 38 * switch (type) { 39 * ... 40 * case 0: 41 * if (!strcmp(p, "anon_inode")) 42 * Lf->ntype = Ntype = N_ANON_INODE; 43 * 44 * to detect our old anon_inode logic. 45 * 46 * Rather than mess with our internal sane inode data, just fix it 47 * up here in getattr() by masking off the format bits. 48 */ 49 int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, 50 struct kstat *stat, u32 request_mask, 51 unsigned int query_flags) 52 { 53 struct inode *inode = d_inode(path->dentry); 54 55 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 56 stat->mode &= ~S_IFMT; 57 return 0; 58 } 59 60 int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 61 struct iattr *attr) 62 { 63 return -EOPNOTSUPP; 64 } 65 66 static const struct inode_operations anon_inode_operations = { 67 .getattr = anon_inode_getattr, 68 .setattr = anon_inode_setattr, 69 }; 70 71 /* 72 * anon_inodefs_dname() is called from d_path(). 73 */ 74 static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen) 75 { 76 return dynamic_dname(buffer, buflen, "anon_inode:%s", 77 dentry->d_name.name); 78 } 79 80 static const struct dentry_operations anon_inodefs_dentry_operations = { 81 .d_dname = anon_inodefs_dname, 82 }; 83 84 static int anon_inodefs_init_fs_context(struct fs_context *fc) 85 { 86 struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); 87 if (!ctx) 88 return -ENOMEM; 89 ctx->dops = &anon_inodefs_dentry_operations; 90 return 0; 91 } 92 93 static struct file_system_type anon_inode_fs_type = { 94 .name = "anon_inodefs", 95 .init_fs_context = anon_inodefs_init_fs_context, 96 .kill_sb = kill_anon_super, 97 }; 98 99 /** 100 * anon_inode_make_secure_inode - allocate an anonymous inode with security context 101 * @sb: [in] Superblock to allocate from 102 * @name: [in] Name of the class of the newfile (e.g., "secretmem") 103 * @context_inode: 104 * [in] Optional parent inode for security inheritance 105 * 106 * The function ensures proper security initialization through the LSM hook 107 * security_inode_init_security_anon(). 108 * 109 * Return: Pointer to new inode on success, ERR_PTR on failure. 110 */ 111 struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name, 112 const struct inode *context_inode) 113 { 114 struct inode *inode; 115 int error; 116 117 inode = alloc_anon_inode(sb); 118 if (IS_ERR(inode)) 119 return inode; 120 inode->i_flags &= ~S_PRIVATE; 121 inode->i_op = &anon_inode_operations; 122 error = security_inode_init_security_anon(inode, &QSTR(name), 123 context_inode); 124 if (error) { 125 iput(inode); 126 return ERR_PTR(error); 127 } 128 return inode; 129 } 130 EXPORT_SYMBOL_FOR_MODULES(anon_inode_make_secure_inode, "kvm"); 131 132 static struct file *__anon_inode_getfile(const char *name, 133 const struct file_operations *fops, 134 void *priv, int flags, 135 const struct inode *context_inode, 136 bool make_inode) 137 { 138 struct inode *inode; 139 struct file *file; 140 141 if (fops->owner && !try_module_get(fops->owner)) 142 return ERR_PTR(-ENOENT); 143 144 if (make_inode) { 145 inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb, 146 name, context_inode); 147 if (IS_ERR(inode)) { 148 file = ERR_CAST(inode); 149 goto err; 150 } 151 } else { 152 inode = anon_inode_inode; 153 if (IS_ERR(inode)) { 154 file = ERR_PTR(-ENODEV); 155 goto err; 156 } 157 /* 158 * We know the anon_inode inode count is always 159 * greater than zero, so ihold() is safe. 160 */ 161 ihold(inode); 162 } 163 164 file = alloc_file_pseudo(inode, anon_inode_mnt, name, 165 flags & (O_ACCMODE | O_NONBLOCK), fops); 166 if (IS_ERR(file)) 167 goto err_iput; 168 169 file->f_mapping = inode->i_mapping; 170 171 file->private_data = priv; 172 173 return file; 174 175 err_iput: 176 iput(inode); 177 err: 178 module_put(fops->owner); 179 return file; 180 } 181 182 /** 183 * anon_inode_getfile - creates a new file instance by hooking it up to an 184 * anonymous inode, and a dentry that describe the "class" 185 * of the file 186 * 187 * @name: [in] name of the "class" of the new file 188 * @fops: [in] file operations for the new file 189 * @priv: [in] private data for the new file (will be file's private_data) 190 * @flags: [in] flags 191 * 192 * Creates a new file by hooking it on a single inode. This is useful for files 193 * that do not need to have a full-fledged inode in order to operate correctly. 194 * All the files created with anon_inode_getfile() will share a single inode, 195 * hence saving memory and avoiding code duplication for the file/inode/dentry 196 * setup. Returns the newly created file* or an error pointer. 197 */ 198 struct file *anon_inode_getfile(const char *name, 199 const struct file_operations *fops, 200 void *priv, int flags) 201 { 202 return __anon_inode_getfile(name, fops, priv, flags, NULL, false); 203 } 204 EXPORT_SYMBOL_GPL(anon_inode_getfile); 205 206 /** 207 * anon_inode_getfile_fmode - creates a new file instance by hooking it up to an 208 * anonymous inode, and a dentry that describe the "class" 209 * of the file 210 * 211 * @name: [in] name of the "class" of the new file 212 * @fops: [in] file operations for the new file 213 * @priv: [in] private data for the new file (will be file's private_data) 214 * @flags: [in] flags 215 * @f_mode: [in] fmode 216 * 217 * Creates a new file by hooking it on a single inode. This is useful for files 218 * that do not need to have a full-fledged inode in order to operate correctly. 219 * All the files created with anon_inode_getfile() will share a single inode, 220 * hence saving memory and avoiding code duplication for the file/inode/dentry 221 * setup. Allows setting the fmode. Returns the newly created file* or an error 222 * pointer. 223 */ 224 struct file *anon_inode_getfile_fmode(const char *name, 225 const struct file_operations *fops, 226 void *priv, int flags, fmode_t f_mode) 227 { 228 struct file *file; 229 230 file = __anon_inode_getfile(name, fops, priv, flags, NULL, false); 231 if (!IS_ERR(file)) 232 file->f_mode |= f_mode; 233 234 return file; 235 } 236 EXPORT_SYMBOL_GPL(anon_inode_getfile_fmode); 237 238 /** 239 * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new 240 * !S_PRIVATE anon inode rather than reuse the 241 * singleton anon inode and calls the 242 * inode_init_security_anon() LSM hook. 243 * 244 * @name: [in] name of the "class" of the new file 245 * @fops: [in] file operations for the new file 246 * @priv: [in] private data for the new file (will be file's private_data) 247 * @flags: [in] flags 248 * @context_inode: 249 * [in] the logical relationship with the new inode (optional) 250 * 251 * Create a new anonymous inode and file pair. This can be done for two 252 * reasons: 253 * 254 * - for the inode to have its own security context, so that LSMs can enforce 255 * policy on the inode's creation; 256 * 257 * - if the caller needs a unique inode, for example in order to customize 258 * the size returned by fstat() 259 * 260 * The LSM may use @context_inode in inode_init_security_anon(), but a 261 * reference to it is not held. 262 * 263 * Returns the newly created file* or an error pointer. 264 */ 265 struct file *anon_inode_create_getfile(const char *name, 266 const struct file_operations *fops, 267 void *priv, int flags, 268 const struct inode *context_inode) 269 { 270 return __anon_inode_getfile(name, fops, priv, flags, 271 context_inode, true); 272 } 273 EXPORT_SYMBOL_GPL(anon_inode_create_getfile); 274 275 static int __anon_inode_getfd(const char *name, 276 const struct file_operations *fops, 277 void *priv, int flags, 278 const struct inode *context_inode, 279 bool make_inode) 280 { 281 return FD_ADD(flags, __anon_inode_getfile(name, fops, priv, flags, 282 context_inode, make_inode)); 283 } 284 285 /** 286 * anon_inode_getfd - creates a new file instance by hooking it up to 287 * an anonymous inode and a dentry that describe 288 * the "class" of the file 289 * 290 * @name: [in] name of the "class" of the new file 291 * @fops: [in] file operations for the new file 292 * @priv: [in] private data for the new file (will be file's private_data) 293 * @flags: [in] flags 294 * 295 * Creates a new file by hooking it on a single inode. This is 296 * useful for files that do not need to have a full-fledged inode in 297 * order to operate correctly. All the files created with 298 * anon_inode_getfd() will use the same singleton inode, reducing 299 * memory use and avoiding code duplication for the file/inode/dentry 300 * setup. Returns a newly created file descriptor or an error code. 301 */ 302 int anon_inode_getfd(const char *name, const struct file_operations *fops, 303 void *priv, int flags) 304 { 305 return __anon_inode_getfd(name, fops, priv, flags, NULL, false); 306 } 307 EXPORT_SYMBOL_GPL(anon_inode_getfd); 308 309 /** 310 * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new 311 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls 312 * the inode_init_security_anon() LSM hook. 313 * 314 * @name: [in] name of the "class" of the new file 315 * @fops: [in] file operations for the new file 316 * @priv: [in] private data for the new file (will be file's private_data) 317 * @flags: [in] flags 318 * @context_inode: 319 * [in] the logical relationship with the new inode (optional) 320 * 321 * Create a new anonymous inode and file pair. This can be done for two 322 * reasons: 323 * 324 * - for the inode to have its own security context, so that LSMs can enforce 325 * policy on the inode's creation; 326 * 327 * - if the caller needs a unique inode, for example in order to customize 328 * the size returned by fstat() 329 * 330 * The LSM may use @context_inode in inode_init_security_anon(), but a 331 * reference to it is not held. 332 * 333 * Returns a newly created file descriptor or an error code. 334 */ 335 int anon_inode_create_getfd(const char *name, const struct file_operations *fops, 336 void *priv, int flags, 337 const struct inode *context_inode) 338 { 339 return __anon_inode_getfd(name, fops, priv, flags, context_inode, true); 340 } 341 342 343 static int __init anon_inode_init(void) 344 { 345 anon_inode_mnt = kern_mount(&anon_inode_fs_type); 346 if (IS_ERR(anon_inode_mnt)) 347 panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); 348 349 anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); 350 if (IS_ERR(anon_inode_inode)) 351 panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); 352 anon_inode_inode->i_op = &anon_inode_operations; 353 354 return 0; 355 } 356 357 fs_initcall(anon_inode_init); 358 359