1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * fs/anon_inodes.c 4 * 5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> 6 * 7 * Thanks to Arnd Bergmann for code review and suggestions. 8 * More changes for Thomas Gleixner suggestions. 9 * 10 */ 11 12 #include <linux/cred.h> 13 #include <linux/file.h> 14 #include <linux/poll.h> 15 #include <linux/sched.h> 16 #include <linux/init.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/module.h> 20 #include <linux/kernel.h> 21 #include <linux/magic.h> 22 #include <linux/anon_inodes.h> 23 #include <linux/pseudo_fs.h> 24 25 #include <linux/uaccess.h> 26 27 #include "internal.h" 28 29 static struct vfsmount *anon_inode_mnt __ro_after_init; 30 static struct inode *anon_inode_inode __ro_after_init; 31 32 /* 33 * User space expects anonymous inodes to have no file type in st_mode. 34 * 35 * In particular, 'lsof' has this legacy logic: 36 * 37 * type = s->st_mode & S_IFMT; 38 * switch (type) { 39 * ... 40 * case 0: 41 * if (!strcmp(p, "anon_inode")) 42 * Lf->ntype = Ntype = N_ANON_INODE; 43 * 44 * to detect our old anon_inode logic. 45 * 46 * Rather than mess with our internal sane inode data, just fix it 47 * up here in getattr() by masking off the format bits. 48 */ 49 int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, 50 struct kstat *stat, u32 request_mask, 51 unsigned int query_flags) 52 { 53 struct inode *inode = d_inode(path->dentry); 54 55 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 56 stat->mode &= ~S_IFMT; 57 return 0; 58 } 59 60 int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 61 struct iattr *attr) 62 { 63 return -EOPNOTSUPP; 64 } 65 66 static const struct inode_operations anon_inode_operations = { 67 .getattr = anon_inode_getattr, 68 .setattr = anon_inode_setattr, 69 }; 70 71 /* 72 * anon_inodefs_dname() is called from d_path(). 73 */ 74 static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen) 75 { 76 return dynamic_dname(buffer, buflen, "anon_inode:%s", 77 dentry->d_name.name); 78 } 79 80 static const struct dentry_operations anon_inodefs_dentry_operations = { 81 .d_dname = anon_inodefs_dname, 82 }; 83 84 static int anon_inodefs_init_fs_context(struct fs_context *fc) 85 { 86 struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); 87 if (!ctx) 88 return -ENOMEM; 89 fc->s_iflags |= SB_I_NOEXEC; 90 fc->s_iflags |= SB_I_NODEV; 91 ctx->dops = &anon_inodefs_dentry_operations; 92 return 0; 93 } 94 95 static struct file_system_type anon_inode_fs_type = { 96 .name = "anon_inodefs", 97 .init_fs_context = anon_inodefs_init_fs_context, 98 .kill_sb = kill_anon_super, 99 }; 100 101 /** 102 * anon_inode_make_secure_inode - allocate an anonymous inode with security context 103 * @sb: [in] Superblock to allocate from 104 * @name: [in] Name of the class of the newfile (e.g., "secretmem") 105 * @context_inode: 106 * [in] Optional parent inode for security inheritance 107 * 108 * The function ensures proper security initialization through the LSM hook 109 * security_inode_init_security_anon(). 110 * 111 * Return: Pointer to new inode on success, ERR_PTR on failure. 112 */ 113 struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name, 114 const struct inode *context_inode) 115 { 116 struct inode *inode; 117 int error; 118 119 inode = alloc_anon_inode(sb); 120 if (IS_ERR(inode)) 121 return inode; 122 inode->i_flags &= ~S_PRIVATE; 123 inode->i_op = &anon_inode_operations; 124 error = security_inode_init_security_anon(inode, &QSTR(name), 125 context_inode); 126 if (error) { 127 iput(inode); 128 return ERR_PTR(error); 129 } 130 return inode; 131 } 132 EXPORT_SYMBOL_FOR_MODULES(anon_inode_make_secure_inode, "kvm"); 133 134 static struct file *__anon_inode_getfile(const char *name, 135 const struct file_operations *fops, 136 void *priv, int flags, 137 const struct inode *context_inode, 138 bool make_inode) 139 { 140 struct inode *inode; 141 struct file *file; 142 143 if (fops->owner && !try_module_get(fops->owner)) 144 return ERR_PTR(-ENOENT); 145 146 if (make_inode) { 147 inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb, 148 name, context_inode); 149 if (IS_ERR(inode)) { 150 file = ERR_CAST(inode); 151 goto err; 152 } 153 } else { 154 inode = anon_inode_inode; 155 if (IS_ERR(inode)) { 156 file = ERR_PTR(-ENODEV); 157 goto err; 158 } 159 /* 160 * We know the anon_inode inode count is always 161 * greater than zero, so ihold() is safe. 162 */ 163 ihold(inode); 164 } 165 166 file = alloc_file_pseudo(inode, anon_inode_mnt, name, 167 flags & (O_ACCMODE | O_NONBLOCK), fops); 168 if (IS_ERR(file)) 169 goto err_iput; 170 171 file->f_mapping = inode->i_mapping; 172 173 file->private_data = priv; 174 175 return file; 176 177 err_iput: 178 iput(inode); 179 err: 180 module_put(fops->owner); 181 return file; 182 } 183 184 /** 185 * anon_inode_getfile - creates a new file instance by hooking it up to an 186 * anonymous inode, and a dentry that describe the "class" 187 * of the file 188 * 189 * @name: [in] name of the "class" of the new file 190 * @fops: [in] file operations for the new file 191 * @priv: [in] private data for the new file (will be file's private_data) 192 * @flags: [in] flags 193 * 194 * Creates a new file by hooking it on a single inode. This is useful for files 195 * that do not need to have a full-fledged inode in order to operate correctly. 196 * All the files created with anon_inode_getfile() will share a single inode, 197 * hence saving memory and avoiding code duplication for the file/inode/dentry 198 * setup. Returns the newly created file* or an error pointer. 199 */ 200 struct file *anon_inode_getfile(const char *name, 201 const struct file_operations *fops, 202 void *priv, int flags) 203 { 204 return __anon_inode_getfile(name, fops, priv, flags, NULL, false); 205 } 206 EXPORT_SYMBOL_GPL(anon_inode_getfile); 207 208 /** 209 * anon_inode_getfile_fmode - creates a new file instance by hooking it up to an 210 * anonymous inode, and a dentry that describe the "class" 211 * of the file 212 * 213 * @name: [in] name of the "class" of the new file 214 * @fops: [in] file operations for the new file 215 * @priv: [in] private data for the new file (will be file's private_data) 216 * @flags: [in] flags 217 * @f_mode: [in] fmode 218 * 219 * Creates a new file by hooking it on a single inode. This is useful for files 220 * that do not need to have a full-fledged inode in order to operate correctly. 221 * All the files created with anon_inode_getfile() will share a single inode, 222 * hence saving memory and avoiding code duplication for the file/inode/dentry 223 * setup. Allows setting the fmode. Returns the newly created file* or an error 224 * pointer. 225 */ 226 struct file *anon_inode_getfile_fmode(const char *name, 227 const struct file_operations *fops, 228 void *priv, int flags, fmode_t f_mode) 229 { 230 struct file *file; 231 232 file = __anon_inode_getfile(name, fops, priv, flags, NULL, false); 233 if (!IS_ERR(file)) 234 file->f_mode |= f_mode; 235 236 return file; 237 } 238 EXPORT_SYMBOL_GPL(anon_inode_getfile_fmode); 239 240 /** 241 * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new 242 * !S_PRIVATE anon inode rather than reuse the 243 * singleton anon inode and calls the 244 * inode_init_security_anon() LSM hook. 245 * 246 * @name: [in] name of the "class" of the new file 247 * @fops: [in] file operations for the new file 248 * @priv: [in] private data for the new file (will be file's private_data) 249 * @flags: [in] flags 250 * @context_inode: 251 * [in] the logical relationship with the new inode (optional) 252 * 253 * Create a new anonymous inode and file pair. This can be done for two 254 * reasons: 255 * 256 * - for the inode to have its own security context, so that LSMs can enforce 257 * policy on the inode's creation; 258 * 259 * - if the caller needs a unique inode, for example in order to customize 260 * the size returned by fstat() 261 * 262 * The LSM may use @context_inode in inode_init_security_anon(), but a 263 * reference to it is not held. 264 * 265 * Returns the newly created file* or an error pointer. 266 */ 267 struct file *anon_inode_create_getfile(const char *name, 268 const struct file_operations *fops, 269 void *priv, int flags, 270 const struct inode *context_inode) 271 { 272 return __anon_inode_getfile(name, fops, priv, flags, 273 context_inode, true); 274 } 275 EXPORT_SYMBOL_GPL(anon_inode_create_getfile); 276 277 static int __anon_inode_getfd(const char *name, 278 const struct file_operations *fops, 279 void *priv, int flags, 280 const struct inode *context_inode, 281 bool make_inode) 282 { 283 int error, fd; 284 struct file *file; 285 286 error = get_unused_fd_flags(flags); 287 if (error < 0) 288 return error; 289 fd = error; 290 291 file = __anon_inode_getfile(name, fops, priv, flags, context_inode, 292 make_inode); 293 if (IS_ERR(file)) { 294 error = PTR_ERR(file); 295 goto err_put_unused_fd; 296 } 297 fd_install(fd, file); 298 299 return fd; 300 301 err_put_unused_fd: 302 put_unused_fd(fd); 303 return error; 304 } 305 306 /** 307 * anon_inode_getfd - creates a new file instance by hooking it up to 308 * an anonymous inode and a dentry that describe 309 * the "class" of the file 310 * 311 * @name: [in] name of the "class" of the new file 312 * @fops: [in] file operations for the new file 313 * @priv: [in] private data for the new file (will be file's private_data) 314 * @flags: [in] flags 315 * 316 * Creates a new file by hooking it on a single inode. This is 317 * useful for files that do not need to have a full-fledged inode in 318 * order to operate correctly. All the files created with 319 * anon_inode_getfd() will use the same singleton inode, reducing 320 * memory use and avoiding code duplication for the file/inode/dentry 321 * setup. Returns a newly created file descriptor or an error code. 322 */ 323 int anon_inode_getfd(const char *name, const struct file_operations *fops, 324 void *priv, int flags) 325 { 326 return __anon_inode_getfd(name, fops, priv, flags, NULL, false); 327 } 328 EXPORT_SYMBOL_GPL(anon_inode_getfd); 329 330 /** 331 * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new 332 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls 333 * the inode_init_security_anon() LSM hook. 334 * 335 * @name: [in] name of the "class" of the new file 336 * @fops: [in] file operations for the new file 337 * @priv: [in] private data for the new file (will be file's private_data) 338 * @flags: [in] flags 339 * @context_inode: 340 * [in] the logical relationship with the new inode (optional) 341 * 342 * Create a new anonymous inode and file pair. This can be done for two 343 * reasons: 344 * 345 * - for the inode to have its own security context, so that LSMs can enforce 346 * policy on the inode's creation; 347 * 348 * - if the caller needs a unique inode, for example in order to customize 349 * the size returned by fstat() 350 * 351 * The LSM may use @context_inode in inode_init_security_anon(), but a 352 * reference to it is not held. 353 * 354 * Returns a newly created file descriptor or an error code. 355 */ 356 int anon_inode_create_getfd(const char *name, const struct file_operations *fops, 357 void *priv, int flags, 358 const struct inode *context_inode) 359 { 360 return __anon_inode_getfd(name, fops, priv, flags, context_inode, true); 361 } 362 363 364 static int __init anon_inode_init(void) 365 { 366 anon_inode_mnt = kern_mount(&anon_inode_fs_type); 367 if (IS_ERR(anon_inode_mnt)) 368 panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); 369 370 anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); 371 if (IS_ERR(anon_inode_inode)) 372 panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); 373 anon_inode_inode->i_op = &anon_inode_operations; 374 375 return 0; 376 } 377 378 fs_initcall(anon_inode_init); 379 380