1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 #include <linux/bug.h> 28 29 #include "internal.h" 30 31 static void proc_evict_inode(struct inode *inode) 32 { 33 struct proc_dir_entry *de; 34 struct ctl_table_header *head; 35 struct proc_inode *ei = PROC_I(inode); 36 37 truncate_inode_pages_final(&inode->i_data); 38 clear_inode(inode); 39 40 /* Stop tracking associated processes */ 41 if (ei->pid) { 42 proc_pid_evict_inode(ei); 43 ei->pid = NULL; 44 } 45 46 /* Let go of any associated proc directory entry */ 47 de = ei->pde; 48 if (de) { 49 pde_put(de); 50 ei->pde = NULL; 51 } 52 53 head = ei->sysctl; 54 if (head) { 55 RCU_INIT_POINTER(ei->sysctl, NULL); 56 proc_sys_evict_inode(inode, head); 57 } 58 } 59 60 static struct kmem_cache *proc_inode_cachep __ro_after_init; 61 static struct kmem_cache *pde_opener_cache __ro_after_init; 62 63 static struct inode *proc_alloc_inode(struct super_block *sb) 64 { 65 struct proc_inode *ei; 66 67 ei = alloc_inode_sb(sb, proc_inode_cachep, GFP_KERNEL); 68 if (!ei) 69 return NULL; 70 ei->pid = NULL; 71 ei->fd = 0; 72 ei->op.proc_get_link = NULL; 73 ei->pde = NULL; 74 ei->sysctl = NULL; 75 ei->sysctl_entry = NULL; 76 INIT_HLIST_NODE(&ei->sibling_inodes); 77 ei->ns_ops = NULL; 78 return &ei->vfs_inode; 79 } 80 81 static void proc_free_inode(struct inode *inode) 82 { 83 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 84 } 85 86 static void init_once(void *foo) 87 { 88 struct proc_inode *ei = (struct proc_inode *) foo; 89 90 inode_init_once(&ei->vfs_inode); 91 } 92 93 void __init proc_init_kmemcache(void) 94 { 95 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 96 sizeof(struct proc_inode), 97 0, (SLAB_RECLAIM_ACCOUNT| 98 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 99 SLAB_PANIC), 100 init_once); 101 pde_opener_cache = 102 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 103 SLAB_ACCOUNT|SLAB_PANIC, NULL); 104 proc_dir_entry_cache = kmem_cache_create_usercopy( 105 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 106 offsetof(struct proc_dir_entry, inline_name), 107 SIZEOF_PDE_INLINE_NAME, NULL); 108 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 109 } 110 111 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 112 { 113 struct hlist_node *node; 114 struct super_block *old_sb = NULL; 115 116 rcu_read_lock(); 117 while ((node = hlist_first_rcu(inodes))) { 118 struct proc_inode *ei = hlist_entry(node, struct proc_inode, sibling_inodes); 119 struct super_block *sb; 120 struct inode *inode; 121 122 spin_lock(lock); 123 hlist_del_init_rcu(&ei->sibling_inodes); 124 spin_unlock(lock); 125 126 inode = &ei->vfs_inode; 127 sb = inode->i_sb; 128 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 129 continue; 130 inode = igrab(inode); 131 rcu_read_unlock(); 132 if (sb != old_sb) { 133 if (old_sb) 134 deactivate_super(old_sb); 135 old_sb = sb; 136 } 137 if (unlikely(!inode)) { 138 rcu_read_lock(); 139 continue; 140 } 141 142 if (S_ISDIR(inode->i_mode)) { 143 struct dentry *dir = d_find_any_alias(inode); 144 if (dir) { 145 d_invalidate(dir); 146 dput(dir); 147 } 148 } else { 149 struct dentry *dentry; 150 while ((dentry = d_find_alias(inode))) { 151 d_invalidate(dentry); 152 dput(dentry); 153 } 154 } 155 iput(inode); 156 157 rcu_read_lock(); 158 } 159 rcu_read_unlock(); 160 if (old_sb) 161 deactivate_super(old_sb); 162 } 163 164 static inline const char *hidepid2str(enum proc_hidepid v) 165 { 166 switch (v) { 167 case HIDEPID_OFF: return "off"; 168 case HIDEPID_NO_ACCESS: return "noaccess"; 169 case HIDEPID_INVISIBLE: return "invisible"; 170 case HIDEPID_NOT_PTRACEABLE: return "ptraceable"; 171 } 172 WARN_ONCE(1, "bad hide_pid value: %d\n", v); 173 return "unknown"; 174 } 175 176 static int proc_show_options(struct seq_file *seq, struct dentry *root) 177 { 178 struct proc_fs_info *fs_info = proc_sb_info(root->d_sb); 179 180 if (!gid_eq(fs_info->pid_gid, GLOBAL_ROOT_GID)) 181 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); 182 if (fs_info->hide_pid != HIDEPID_OFF) 183 seq_printf(seq, ",hidepid=%s", hidepid2str(fs_info->hide_pid)); 184 if (fs_info->pidonly != PROC_PIDONLY_OFF) 185 seq_printf(seq, ",subset=pid"); 186 187 return 0; 188 } 189 190 const struct super_operations proc_sops = { 191 .alloc_inode = proc_alloc_inode, 192 .free_inode = proc_free_inode, 193 .drop_inode = generic_delete_inode, 194 .evict_inode = proc_evict_inode, 195 .statfs = simple_statfs, 196 .show_options = proc_show_options, 197 }; 198 199 enum {BIAS = -1U<<31}; 200 201 static inline int use_pde(struct proc_dir_entry *pde) 202 { 203 return likely(atomic_inc_unless_negative(&pde->in_use)); 204 } 205 206 static void unuse_pde(struct proc_dir_entry *pde) 207 { 208 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 209 complete(pde->pde_unload_completion); 210 } 211 212 /* 213 * At most 2 contexts can enter this function: the one doing the last 214 * close on the descriptor and whoever is deleting PDE itself. 215 * 216 * First to enter calls ->proc_release hook and signals its completion 217 * to the second one which waits and then does nothing. 218 * 219 * PDE is locked on entry, unlocked on exit. 220 */ 221 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 222 __releases(&pde->pde_unload_lock) 223 { 224 /* 225 * close() (proc_reg_release()) can't delete an entry and proceed: 226 * ->release hook needs to be available at the right moment. 227 * 228 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 229 * "struct file" needs to be available at the right moment. 230 */ 231 if (pdeo->closing) { 232 /* somebody else is doing that, just wait */ 233 DECLARE_COMPLETION_ONSTACK(c); 234 pdeo->c = &c; 235 spin_unlock(&pde->pde_unload_lock); 236 wait_for_completion(&c); 237 } else { 238 struct file *file; 239 struct completion *c; 240 241 pdeo->closing = true; 242 spin_unlock(&pde->pde_unload_lock); 243 244 file = pdeo->file; 245 pde->proc_ops->proc_release(file_inode(file), file); 246 247 spin_lock(&pde->pde_unload_lock); 248 /* Strictly after ->proc_release, see above. */ 249 list_del(&pdeo->lh); 250 c = pdeo->c; 251 spin_unlock(&pde->pde_unload_lock); 252 if (unlikely(c)) 253 complete(c); 254 kmem_cache_free(pde_opener_cache, pdeo); 255 } 256 } 257 258 void proc_entry_rundown(struct proc_dir_entry *de) 259 { 260 DECLARE_COMPLETION_ONSTACK(c); 261 /* Wait until all existing callers into module are done. */ 262 de->pde_unload_completion = &c; 263 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 264 wait_for_completion(&c); 265 266 /* ->pde_openers list can't grow from now on. */ 267 268 spin_lock(&de->pde_unload_lock); 269 while (!list_empty(&de->pde_openers)) { 270 struct pde_opener *pdeo; 271 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 272 close_pdeo(de, pdeo); 273 spin_lock(&de->pde_unload_lock); 274 } 275 spin_unlock(&de->pde_unload_lock); 276 } 277 278 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 279 { 280 struct proc_dir_entry *pde = PDE(file_inode(file)); 281 loff_t rv = -EINVAL; 282 283 if (pde_is_permanent(pde)) { 284 return pde->proc_ops->proc_lseek(file, offset, whence); 285 } else if (use_pde(pde)) { 286 rv = pde->proc_ops->proc_lseek(file, offset, whence); 287 unuse_pde(pde); 288 } 289 return rv; 290 } 291 292 static ssize_t proc_reg_read_iter(struct kiocb *iocb, struct iov_iter *iter) 293 { 294 struct proc_dir_entry *pde = PDE(file_inode(iocb->ki_filp)); 295 ssize_t ret; 296 297 if (pde_is_permanent(pde)) 298 return pde->proc_ops->proc_read_iter(iocb, iter); 299 300 if (!use_pde(pde)) 301 return -EIO; 302 ret = pde->proc_ops->proc_read_iter(iocb, iter); 303 unuse_pde(pde); 304 return ret; 305 } 306 307 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 308 { 309 typeof_member(struct proc_ops, proc_read) read; 310 311 read = pde->proc_ops->proc_read; 312 if (read) 313 return read(file, buf, count, ppos); 314 return -EIO; 315 } 316 317 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 318 { 319 struct proc_dir_entry *pde = PDE(file_inode(file)); 320 ssize_t rv = -EIO; 321 322 if (pde_is_permanent(pde)) { 323 return pde_read(pde, file, buf, count, ppos); 324 } else if (use_pde(pde)) { 325 rv = pde_read(pde, file, buf, count, ppos); 326 unuse_pde(pde); 327 } 328 return rv; 329 } 330 331 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 332 { 333 typeof_member(struct proc_ops, proc_write) write; 334 335 write = pde->proc_ops->proc_write; 336 if (write) 337 return write(file, buf, count, ppos); 338 return -EIO; 339 } 340 341 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 342 { 343 struct proc_dir_entry *pde = PDE(file_inode(file)); 344 ssize_t rv = -EIO; 345 346 if (pde_is_permanent(pde)) { 347 return pde_write(pde, file, buf, count, ppos); 348 } else if (use_pde(pde)) { 349 rv = pde_write(pde, file, buf, count, ppos); 350 unuse_pde(pde); 351 } 352 return rv; 353 } 354 355 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 356 { 357 typeof_member(struct proc_ops, proc_poll) poll; 358 359 poll = pde->proc_ops->proc_poll; 360 if (poll) 361 return poll(file, pts); 362 return DEFAULT_POLLMASK; 363 } 364 365 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 366 { 367 struct proc_dir_entry *pde = PDE(file_inode(file)); 368 __poll_t rv = DEFAULT_POLLMASK; 369 370 if (pde_is_permanent(pde)) { 371 return pde_poll(pde, file, pts); 372 } else if (use_pde(pde)) { 373 rv = pde_poll(pde, file, pts); 374 unuse_pde(pde); 375 } 376 return rv; 377 } 378 379 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 380 { 381 typeof_member(struct proc_ops, proc_ioctl) ioctl; 382 383 ioctl = pde->proc_ops->proc_ioctl; 384 if (ioctl) 385 return ioctl(file, cmd, arg); 386 return -ENOTTY; 387 } 388 389 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 390 { 391 struct proc_dir_entry *pde = PDE(file_inode(file)); 392 long rv = -ENOTTY; 393 394 if (pde_is_permanent(pde)) { 395 return pde_ioctl(pde, file, cmd, arg); 396 } else if (use_pde(pde)) { 397 rv = pde_ioctl(pde, file, cmd, arg); 398 unuse_pde(pde); 399 } 400 return rv; 401 } 402 403 #ifdef CONFIG_COMPAT 404 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 405 { 406 typeof_member(struct proc_ops, proc_compat_ioctl) compat_ioctl; 407 408 compat_ioctl = pde->proc_ops->proc_compat_ioctl; 409 if (compat_ioctl) 410 return compat_ioctl(file, cmd, arg); 411 return -ENOTTY; 412 } 413 414 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 415 { 416 struct proc_dir_entry *pde = PDE(file_inode(file)); 417 long rv = -ENOTTY; 418 if (pde_is_permanent(pde)) { 419 return pde_compat_ioctl(pde, file, cmd, arg); 420 } else if (use_pde(pde)) { 421 rv = pde_compat_ioctl(pde, file, cmd, arg); 422 unuse_pde(pde); 423 } 424 return rv; 425 } 426 #endif 427 428 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 429 { 430 typeof_member(struct proc_ops, proc_mmap) mmap; 431 432 mmap = pde->proc_ops->proc_mmap; 433 if (mmap) 434 return mmap(file, vma); 435 return -EIO; 436 } 437 438 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 439 { 440 struct proc_dir_entry *pde = PDE(file_inode(file)); 441 int rv = -EIO; 442 443 if (pde_is_permanent(pde)) { 444 return pde_mmap(pde, file, vma); 445 } else if (use_pde(pde)) { 446 rv = pde_mmap(pde, file, vma); 447 unuse_pde(pde); 448 } 449 return rv; 450 } 451 452 static unsigned long 453 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 454 unsigned long len, unsigned long pgoff, 455 unsigned long flags) 456 { 457 typeof_member(struct proc_ops, proc_get_unmapped_area) get_area; 458 459 get_area = pde->proc_ops->proc_get_unmapped_area; 460 #ifdef CONFIG_MMU 461 if (!get_area) 462 get_area = current->mm->get_unmapped_area; 463 #endif 464 if (get_area) 465 return get_area(file, orig_addr, len, pgoff, flags); 466 return orig_addr; 467 } 468 469 static unsigned long 470 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 471 unsigned long len, unsigned long pgoff, 472 unsigned long flags) 473 { 474 struct proc_dir_entry *pde = PDE(file_inode(file)); 475 unsigned long rv = -EIO; 476 477 if (pde_is_permanent(pde)) { 478 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 479 } else if (use_pde(pde)) { 480 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 481 unuse_pde(pde); 482 } 483 return rv; 484 } 485 486 static int proc_reg_open(struct inode *inode, struct file *file) 487 { 488 struct proc_dir_entry *pde = PDE(inode); 489 int rv = 0; 490 typeof_member(struct proc_ops, proc_open) open; 491 typeof_member(struct proc_ops, proc_release) release; 492 struct pde_opener *pdeo; 493 494 if (!pde->proc_ops->proc_lseek) 495 file->f_mode &= ~FMODE_LSEEK; 496 497 if (pde_is_permanent(pde)) { 498 open = pde->proc_ops->proc_open; 499 if (open) 500 rv = open(inode, file); 501 return rv; 502 } 503 504 /* 505 * Ensure that 506 * 1) PDE's ->release hook will be called no matter what 507 * either normally by close()/->release, or forcefully by 508 * rmmod/remove_proc_entry. 509 * 510 * 2) rmmod isn't blocked by opening file in /proc and sitting on 511 * the descriptor (including "rmmod foo </proc/foo" scenario). 512 * 513 * Save every "struct file" with custom ->release hook. 514 */ 515 if (!use_pde(pde)) 516 return -ENOENT; 517 518 release = pde->proc_ops->proc_release; 519 if (release) { 520 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 521 if (!pdeo) { 522 rv = -ENOMEM; 523 goto out_unuse; 524 } 525 } 526 527 open = pde->proc_ops->proc_open; 528 if (open) 529 rv = open(inode, file); 530 531 if (release) { 532 if (rv == 0) { 533 /* To know what to release. */ 534 pdeo->file = file; 535 pdeo->closing = false; 536 pdeo->c = NULL; 537 spin_lock(&pde->pde_unload_lock); 538 list_add(&pdeo->lh, &pde->pde_openers); 539 spin_unlock(&pde->pde_unload_lock); 540 } else 541 kmem_cache_free(pde_opener_cache, pdeo); 542 } 543 544 out_unuse: 545 unuse_pde(pde); 546 return rv; 547 } 548 549 static int proc_reg_release(struct inode *inode, struct file *file) 550 { 551 struct proc_dir_entry *pde = PDE(inode); 552 struct pde_opener *pdeo; 553 554 if (pde_is_permanent(pde)) { 555 typeof_member(struct proc_ops, proc_release) release; 556 557 release = pde->proc_ops->proc_release; 558 if (release) { 559 return release(inode, file); 560 } 561 return 0; 562 } 563 564 spin_lock(&pde->pde_unload_lock); 565 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 566 if (pdeo->file == file) { 567 close_pdeo(pde, pdeo); 568 return 0; 569 } 570 } 571 spin_unlock(&pde->pde_unload_lock); 572 return 0; 573 } 574 575 static const struct file_operations proc_reg_file_ops = { 576 .llseek = proc_reg_llseek, 577 .read = proc_reg_read, 578 .write = proc_reg_write, 579 .poll = proc_reg_poll, 580 .unlocked_ioctl = proc_reg_unlocked_ioctl, 581 .mmap = proc_reg_mmap, 582 .get_unmapped_area = proc_reg_get_unmapped_area, 583 .open = proc_reg_open, 584 .release = proc_reg_release, 585 }; 586 587 static const struct file_operations proc_iter_file_ops = { 588 .llseek = proc_reg_llseek, 589 .read_iter = proc_reg_read_iter, 590 .write = proc_reg_write, 591 .splice_read = copy_splice_read, 592 .poll = proc_reg_poll, 593 .unlocked_ioctl = proc_reg_unlocked_ioctl, 594 .mmap = proc_reg_mmap, 595 .get_unmapped_area = proc_reg_get_unmapped_area, 596 .open = proc_reg_open, 597 .release = proc_reg_release, 598 }; 599 600 #ifdef CONFIG_COMPAT 601 static const struct file_operations proc_reg_file_ops_compat = { 602 .llseek = proc_reg_llseek, 603 .read = proc_reg_read, 604 .write = proc_reg_write, 605 .poll = proc_reg_poll, 606 .unlocked_ioctl = proc_reg_unlocked_ioctl, 607 .compat_ioctl = proc_reg_compat_ioctl, 608 .mmap = proc_reg_mmap, 609 .get_unmapped_area = proc_reg_get_unmapped_area, 610 .open = proc_reg_open, 611 .release = proc_reg_release, 612 }; 613 614 static const struct file_operations proc_iter_file_ops_compat = { 615 .llseek = proc_reg_llseek, 616 .read_iter = proc_reg_read_iter, 617 .splice_read = copy_splice_read, 618 .write = proc_reg_write, 619 .poll = proc_reg_poll, 620 .unlocked_ioctl = proc_reg_unlocked_ioctl, 621 .compat_ioctl = proc_reg_compat_ioctl, 622 .mmap = proc_reg_mmap, 623 .get_unmapped_area = proc_reg_get_unmapped_area, 624 .open = proc_reg_open, 625 .release = proc_reg_release, 626 }; 627 #endif 628 629 static void proc_put_link(void *p) 630 { 631 unuse_pde(p); 632 } 633 634 static const char *proc_get_link(struct dentry *dentry, 635 struct inode *inode, 636 struct delayed_call *done) 637 { 638 struct proc_dir_entry *pde = PDE(inode); 639 if (!use_pde(pde)) 640 return ERR_PTR(-EINVAL); 641 set_delayed_call(done, proc_put_link, pde); 642 return pde->data; 643 } 644 645 const struct inode_operations proc_link_inode_operations = { 646 .get_link = proc_get_link, 647 }; 648 649 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 650 { 651 struct inode *inode = new_inode(sb); 652 653 if (!inode) { 654 pde_put(de); 655 return NULL; 656 } 657 658 inode->i_private = de->data; 659 inode->i_ino = de->low_ino; 660 simple_inode_init_ts(inode); 661 PROC_I(inode)->pde = de; 662 if (is_empty_pde(de)) { 663 make_empty_dir_inode(inode); 664 return inode; 665 } 666 667 if (de->mode) { 668 inode->i_mode = de->mode; 669 inode->i_uid = de->uid; 670 inode->i_gid = de->gid; 671 } 672 if (de->size) 673 inode->i_size = de->size; 674 if (de->nlink) 675 set_nlink(inode, de->nlink); 676 677 if (S_ISREG(inode->i_mode)) { 678 inode->i_op = de->proc_iops; 679 if (de->proc_ops->proc_read_iter) 680 inode->i_fop = &proc_iter_file_ops; 681 else 682 inode->i_fop = &proc_reg_file_ops; 683 #ifdef CONFIG_COMPAT 684 if (de->proc_ops->proc_compat_ioctl) { 685 if (de->proc_ops->proc_read_iter) 686 inode->i_fop = &proc_iter_file_ops_compat; 687 else 688 inode->i_fop = &proc_reg_file_ops_compat; 689 } 690 #endif 691 } else if (S_ISDIR(inode->i_mode)) { 692 inode->i_op = de->proc_iops; 693 inode->i_fop = de->proc_dir_ops; 694 } else if (S_ISLNK(inode->i_mode)) { 695 inode->i_op = de->proc_iops; 696 inode->i_fop = NULL; 697 } else { 698 BUG(); 699 } 700 return inode; 701 } 702