1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * fs/anon_inodes.c 4 * 5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> 6 * 7 * Thanks to Arnd Bergmann for code review and suggestions. 8 * More changes for Thomas Gleixner suggestions. 9 * 10 */ 11 12 #include <linux/cred.h> 13 #include <linux/file.h> 14 #include <linux/poll.h> 15 #include <linux/sched.h> 16 #include <linux/init.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/module.h> 20 #include <linux/kernel.h> 21 #include <linux/magic.h> 22 #include <linux/anon_inodes.h> 23 #include <linux/pseudo_fs.h> 24 25 #include <linux/uaccess.h> 26 27 #include "internal.h" 28 29 static struct vfsmount *anon_inode_mnt __ro_after_init; 30 static struct inode *anon_inode_inode __ro_after_init; 31 32 /* 33 * User space expects anonymous inodes to have no file type in st_mode. 34 * 35 * In particular, 'lsof' has this legacy logic: 36 * 37 * type = s->st_mode & S_IFMT; 38 * switch (type) { 39 * ... 40 * case 0: 41 * if (!strcmp(p, "anon_inode")) 42 * Lf->ntype = Ntype = N_ANON_INODE; 43 * 44 * to detect our old anon_inode logic. 45 * 46 * Rather than mess with our internal sane inode data, just fix it 47 * up here in getattr() by masking off the format bits. 48 */ 49 int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path, 50 struct kstat *stat, u32 request_mask, 51 unsigned int query_flags) 52 { 53 struct inode *inode = d_inode(path->dentry); 54 55 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 56 stat->mode &= ~S_IFMT; 57 return 0; 58 } 59 60 int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 61 struct iattr *attr) 62 { 63 return -EOPNOTSUPP; 64 } 65 66 static const struct inode_operations anon_inode_operations = { 67 .getattr = anon_inode_getattr, 68 .setattr = anon_inode_setattr, 69 }; 70 71 /* 72 * anon_inodefs_dname() is called from d_path(). 73 */ 74 static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen) 75 { 76 return dynamic_dname(buffer, buflen, "anon_inode:%s", 77 dentry->d_name.name); 78 } 79 80 static const struct dentry_operations anon_inodefs_dentry_operations = { 81 .d_dname = anon_inodefs_dname, 82 }; 83 84 static int anon_inodefs_init_fs_context(struct fs_context *fc) 85 { 86 struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); 87 if (!ctx) 88 return -ENOMEM; 89 fc->s_iflags |= SB_I_NOEXEC; 90 fc->s_iflags |= SB_I_NODEV; 91 ctx->dops = &anon_inodefs_dentry_operations; 92 return 0; 93 } 94 95 static struct file_system_type anon_inode_fs_type = { 96 .name = "anon_inodefs", 97 .init_fs_context = anon_inodefs_init_fs_context, 98 .kill_sb = kill_anon_super, 99 }; 100 101 static struct inode *anon_inode_make_secure_inode( 102 const char *name, 103 const struct inode *context_inode) 104 { 105 struct inode *inode; 106 int error; 107 108 inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); 109 if (IS_ERR(inode)) 110 return inode; 111 inode->i_flags &= ~S_PRIVATE; 112 inode->i_op = &anon_inode_operations; 113 error = security_inode_init_security_anon(inode, &QSTR(name), 114 context_inode); 115 if (error) { 116 iput(inode); 117 return ERR_PTR(error); 118 } 119 return inode; 120 } 121 122 static struct file *__anon_inode_getfile(const char *name, 123 const struct file_operations *fops, 124 void *priv, int flags, 125 const struct inode *context_inode, 126 bool make_inode) 127 { 128 struct inode *inode; 129 struct file *file; 130 131 if (fops->owner && !try_module_get(fops->owner)) 132 return ERR_PTR(-ENOENT); 133 134 if (make_inode) { 135 inode = anon_inode_make_secure_inode(name, context_inode); 136 if (IS_ERR(inode)) { 137 file = ERR_CAST(inode); 138 goto err; 139 } 140 } else { 141 inode = anon_inode_inode; 142 if (IS_ERR(inode)) { 143 file = ERR_PTR(-ENODEV); 144 goto err; 145 } 146 /* 147 * We know the anon_inode inode count is always 148 * greater than zero, so ihold() is safe. 149 */ 150 ihold(inode); 151 } 152 153 file = alloc_file_pseudo(inode, anon_inode_mnt, name, 154 flags & (O_ACCMODE | O_NONBLOCK), fops); 155 if (IS_ERR(file)) 156 goto err_iput; 157 158 file->f_mapping = inode->i_mapping; 159 160 file->private_data = priv; 161 162 return file; 163 164 err_iput: 165 iput(inode); 166 err: 167 module_put(fops->owner); 168 return file; 169 } 170 171 /** 172 * anon_inode_getfile - creates a new file instance by hooking it up to an 173 * anonymous inode, and a dentry that describe the "class" 174 * of the file 175 * 176 * @name: [in] name of the "class" of the new file 177 * @fops: [in] file operations for the new file 178 * @priv: [in] private data for the new file (will be file's private_data) 179 * @flags: [in] flags 180 * 181 * Creates a new file by hooking it on a single inode. This is useful for files 182 * that do not need to have a full-fledged inode in order to operate correctly. 183 * All the files created with anon_inode_getfile() will share a single inode, 184 * hence saving memory and avoiding code duplication for the file/inode/dentry 185 * setup. Returns the newly created file* or an error pointer. 186 */ 187 struct file *anon_inode_getfile(const char *name, 188 const struct file_operations *fops, 189 void *priv, int flags) 190 { 191 return __anon_inode_getfile(name, fops, priv, flags, NULL, false); 192 } 193 EXPORT_SYMBOL_GPL(anon_inode_getfile); 194 195 /** 196 * anon_inode_getfile_fmode - creates a new file instance by hooking it up to an 197 * anonymous inode, and a dentry that describe the "class" 198 * of the file 199 * 200 * @name: [in] name of the "class" of the new file 201 * @fops: [in] file operations for the new file 202 * @priv: [in] private data for the new file (will be file's private_data) 203 * @flags: [in] flags 204 * @f_mode: [in] fmode 205 * 206 * Creates a new file by hooking it on a single inode. This is useful for files 207 * that do not need to have a full-fledged inode in order to operate correctly. 208 * All the files created with anon_inode_getfile() will share a single inode, 209 * hence saving memory and avoiding code duplication for the file/inode/dentry 210 * setup. Allows setting the fmode. Returns the newly created file* or an error 211 * pointer. 212 */ 213 struct file *anon_inode_getfile_fmode(const char *name, 214 const struct file_operations *fops, 215 void *priv, int flags, fmode_t f_mode) 216 { 217 struct file *file; 218 219 file = __anon_inode_getfile(name, fops, priv, flags, NULL, false); 220 if (!IS_ERR(file)) 221 file->f_mode |= f_mode; 222 223 return file; 224 } 225 EXPORT_SYMBOL_GPL(anon_inode_getfile_fmode); 226 227 /** 228 * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new 229 * !S_PRIVATE anon inode rather than reuse the 230 * singleton anon inode and calls the 231 * inode_init_security_anon() LSM hook. 232 * 233 * @name: [in] name of the "class" of the new file 234 * @fops: [in] file operations for the new file 235 * @priv: [in] private data for the new file (will be file's private_data) 236 * @flags: [in] flags 237 * @context_inode: 238 * [in] the logical relationship with the new inode (optional) 239 * 240 * Create a new anonymous inode and file pair. This can be done for two 241 * reasons: 242 * 243 * - for the inode to have its own security context, so that LSMs can enforce 244 * policy on the inode's creation; 245 * 246 * - if the caller needs a unique inode, for example in order to customize 247 * the size returned by fstat() 248 * 249 * The LSM may use @context_inode in inode_init_security_anon(), but a 250 * reference to it is not held. 251 * 252 * Returns the newly created file* or an error pointer. 253 */ 254 struct file *anon_inode_create_getfile(const char *name, 255 const struct file_operations *fops, 256 void *priv, int flags, 257 const struct inode *context_inode) 258 { 259 return __anon_inode_getfile(name, fops, priv, flags, 260 context_inode, true); 261 } 262 EXPORT_SYMBOL_GPL(anon_inode_create_getfile); 263 264 static int __anon_inode_getfd(const char *name, 265 const struct file_operations *fops, 266 void *priv, int flags, 267 const struct inode *context_inode, 268 bool make_inode) 269 { 270 int error, fd; 271 struct file *file; 272 273 error = get_unused_fd_flags(flags); 274 if (error < 0) 275 return error; 276 fd = error; 277 278 file = __anon_inode_getfile(name, fops, priv, flags, context_inode, 279 make_inode); 280 if (IS_ERR(file)) { 281 error = PTR_ERR(file); 282 goto err_put_unused_fd; 283 } 284 fd_install(fd, file); 285 286 return fd; 287 288 err_put_unused_fd: 289 put_unused_fd(fd); 290 return error; 291 } 292 293 /** 294 * anon_inode_getfd - creates a new file instance by hooking it up to 295 * an anonymous inode and a dentry that describe 296 * the "class" of the file 297 * 298 * @name: [in] name of the "class" of the new file 299 * @fops: [in] file operations for the new file 300 * @priv: [in] private data for the new file (will be file's private_data) 301 * @flags: [in] flags 302 * 303 * Creates a new file by hooking it on a single inode. This is 304 * useful for files that do not need to have a full-fledged inode in 305 * order to operate correctly. All the files created with 306 * anon_inode_getfd() will use the same singleton inode, reducing 307 * memory use and avoiding code duplication for the file/inode/dentry 308 * setup. Returns a newly created file descriptor or an error code. 309 */ 310 int anon_inode_getfd(const char *name, const struct file_operations *fops, 311 void *priv, int flags) 312 { 313 return __anon_inode_getfd(name, fops, priv, flags, NULL, false); 314 } 315 EXPORT_SYMBOL_GPL(anon_inode_getfd); 316 317 /** 318 * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new 319 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls 320 * the inode_init_security_anon() LSM hook. 321 * 322 * @name: [in] name of the "class" of the new file 323 * @fops: [in] file operations for the new file 324 * @priv: [in] private data for the new file (will be file's private_data) 325 * @flags: [in] flags 326 * @context_inode: 327 * [in] the logical relationship with the new inode (optional) 328 * 329 * Create a new anonymous inode and file pair. This can be done for two 330 * reasons: 331 * 332 * - for the inode to have its own security context, so that LSMs can enforce 333 * policy on the inode's creation; 334 * 335 * - if the caller needs a unique inode, for example in order to customize 336 * the size returned by fstat() 337 * 338 * The LSM may use @context_inode in inode_init_security_anon(), but a 339 * reference to it is not held. 340 * 341 * Returns a newly created file descriptor or an error code. 342 */ 343 int anon_inode_create_getfd(const char *name, const struct file_operations *fops, 344 void *priv, int flags, 345 const struct inode *context_inode) 346 { 347 return __anon_inode_getfd(name, fops, priv, flags, context_inode, true); 348 } 349 350 351 static int __init anon_inode_init(void) 352 { 353 anon_inode_mnt = kern_mount(&anon_inode_fs_type); 354 if (IS_ERR(anon_inode_mnt)) 355 panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); 356 357 anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); 358 if (IS_ERR(anon_inode_inode)) 359 panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); 360 anon_inode_inode->i_op = &anon_inode_operations; 361 362 return 0; 363 } 364 365 fs_initcall(anon_inode_init); 366 367