1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 #include <linux/bug.h> 28 29 #include "internal.h" 30 31 static void proc_evict_inode(struct inode *inode) 32 { 33 struct proc_dir_entry *de; 34 struct ctl_table_header *head; 35 struct proc_inode *ei = PROC_I(inode); 36 37 truncate_inode_pages_final(&inode->i_data); 38 clear_inode(inode); 39 40 /* Stop tracking associated processes */ 41 if (ei->pid) { 42 proc_pid_evict_inode(ei); 43 ei->pid = NULL; 44 } 45 46 /* Let go of any associated proc directory entry */ 47 de = ei->pde; 48 if (de) { 49 pde_put(de); 50 ei->pde = NULL; 51 } 52 53 head = ei->sysctl; 54 if (head) { 55 RCU_INIT_POINTER(ei->sysctl, NULL); 56 proc_sys_evict_inode(inode, head); 57 } 58 } 59 60 static struct kmem_cache *proc_inode_cachep __ro_after_init; 61 static struct kmem_cache *pde_opener_cache __ro_after_init; 62 63 static struct inode *proc_alloc_inode(struct super_block *sb) 64 { 65 struct proc_inode *ei; 66 67 ei = alloc_inode_sb(sb, proc_inode_cachep, GFP_KERNEL); 68 if (!ei) 69 return NULL; 70 ei->pid = NULL; 71 ei->fd = 0; 72 ei->op.proc_get_link = NULL; 73 ei->pde = NULL; 74 ei->sysctl = NULL; 75 ei->sysctl_entry = NULL; 76 INIT_HLIST_NODE(&ei->sibling_inodes); 77 ei->ns_ops = NULL; 78 return &ei->vfs_inode; 79 } 80 81 static void proc_free_inode(struct inode *inode) 82 { 83 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 84 } 85 86 static void init_once(void *foo) 87 { 88 struct proc_inode *ei = (struct proc_inode *) foo; 89 90 inode_init_once(&ei->vfs_inode); 91 } 92 93 void __init proc_init_kmemcache(void) 94 { 95 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 96 sizeof(struct proc_inode), 97 0, (SLAB_RECLAIM_ACCOUNT| 98 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 99 SLAB_PANIC), 100 init_once); 101 pde_opener_cache = 102 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 103 SLAB_ACCOUNT|SLAB_PANIC, NULL); 104 proc_dir_entry_cache = kmem_cache_create_usercopy( 105 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 106 offsetof(struct proc_dir_entry, inline_name), 107 SIZEOF_PDE_INLINE_NAME, NULL); 108 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 109 } 110 111 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 112 { 113 struct inode *inode; 114 struct proc_inode *ei; 115 struct hlist_node *node; 116 struct super_block *old_sb = NULL; 117 118 rcu_read_lock(); 119 for (;;) { 120 struct super_block *sb; 121 node = hlist_first_rcu(inodes); 122 if (!node) 123 break; 124 ei = hlist_entry(node, struct proc_inode, sibling_inodes); 125 spin_lock(lock); 126 hlist_del_init_rcu(&ei->sibling_inodes); 127 spin_unlock(lock); 128 129 inode = &ei->vfs_inode; 130 sb = inode->i_sb; 131 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 132 continue; 133 inode = igrab(inode); 134 rcu_read_unlock(); 135 if (sb != old_sb) { 136 if (old_sb) 137 deactivate_super(old_sb); 138 old_sb = sb; 139 } 140 if (unlikely(!inode)) { 141 rcu_read_lock(); 142 continue; 143 } 144 145 if (S_ISDIR(inode->i_mode)) { 146 struct dentry *dir = d_find_any_alias(inode); 147 if (dir) { 148 d_invalidate(dir); 149 dput(dir); 150 } 151 } else { 152 struct dentry *dentry; 153 while ((dentry = d_find_alias(inode))) { 154 d_invalidate(dentry); 155 dput(dentry); 156 } 157 } 158 iput(inode); 159 160 rcu_read_lock(); 161 } 162 rcu_read_unlock(); 163 if (old_sb) 164 deactivate_super(old_sb); 165 } 166 167 static inline const char *hidepid2str(enum proc_hidepid v) 168 { 169 switch (v) { 170 case HIDEPID_OFF: return "off"; 171 case HIDEPID_NO_ACCESS: return "noaccess"; 172 case HIDEPID_INVISIBLE: return "invisible"; 173 case HIDEPID_NOT_PTRACEABLE: return "ptraceable"; 174 } 175 WARN_ONCE(1, "bad hide_pid value: %d\n", v); 176 return "unknown"; 177 } 178 179 static int proc_show_options(struct seq_file *seq, struct dentry *root) 180 { 181 struct proc_fs_info *fs_info = proc_sb_info(root->d_sb); 182 183 if (!gid_eq(fs_info->pid_gid, GLOBAL_ROOT_GID)) 184 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); 185 if (fs_info->hide_pid != HIDEPID_OFF) 186 seq_printf(seq, ",hidepid=%s", hidepid2str(fs_info->hide_pid)); 187 if (fs_info->pidonly != PROC_PIDONLY_OFF) 188 seq_printf(seq, ",subset=pid"); 189 190 return 0; 191 } 192 193 const struct super_operations proc_sops = { 194 .alloc_inode = proc_alloc_inode, 195 .free_inode = proc_free_inode, 196 .drop_inode = generic_delete_inode, 197 .evict_inode = proc_evict_inode, 198 .statfs = simple_statfs, 199 .show_options = proc_show_options, 200 }; 201 202 enum {BIAS = -1U<<31}; 203 204 static inline int use_pde(struct proc_dir_entry *pde) 205 { 206 return likely(atomic_inc_unless_negative(&pde->in_use)); 207 } 208 209 static void unuse_pde(struct proc_dir_entry *pde) 210 { 211 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 212 complete(pde->pde_unload_completion); 213 } 214 215 /* 216 * At most 2 contexts can enter this function: the one doing the last 217 * close on the descriptor and whoever is deleting PDE itself. 218 * 219 * First to enter calls ->proc_release hook and signals its completion 220 * to the second one which waits and then does nothing. 221 * 222 * PDE is locked on entry, unlocked on exit. 223 */ 224 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 225 __releases(&pde->pde_unload_lock) 226 { 227 /* 228 * close() (proc_reg_release()) can't delete an entry and proceed: 229 * ->release hook needs to be available at the right moment. 230 * 231 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 232 * "struct file" needs to be available at the right moment. 233 */ 234 if (pdeo->closing) { 235 /* somebody else is doing that, just wait */ 236 DECLARE_COMPLETION_ONSTACK(c); 237 pdeo->c = &c; 238 spin_unlock(&pde->pde_unload_lock); 239 wait_for_completion(&c); 240 } else { 241 struct file *file; 242 struct completion *c; 243 244 pdeo->closing = true; 245 spin_unlock(&pde->pde_unload_lock); 246 247 file = pdeo->file; 248 pde->proc_ops->proc_release(file_inode(file), file); 249 250 spin_lock(&pde->pde_unload_lock); 251 /* Strictly after ->proc_release, see above. */ 252 list_del(&pdeo->lh); 253 c = pdeo->c; 254 spin_unlock(&pde->pde_unload_lock); 255 if (unlikely(c)) 256 complete(c); 257 kmem_cache_free(pde_opener_cache, pdeo); 258 } 259 } 260 261 void proc_entry_rundown(struct proc_dir_entry *de) 262 { 263 DECLARE_COMPLETION_ONSTACK(c); 264 /* Wait until all existing callers into module are done. */ 265 de->pde_unload_completion = &c; 266 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 267 wait_for_completion(&c); 268 269 /* ->pde_openers list can't grow from now on. */ 270 271 spin_lock(&de->pde_unload_lock); 272 while (!list_empty(&de->pde_openers)) { 273 struct pde_opener *pdeo; 274 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 275 close_pdeo(de, pdeo); 276 spin_lock(&de->pde_unload_lock); 277 } 278 spin_unlock(&de->pde_unload_lock); 279 } 280 281 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 282 { 283 struct proc_dir_entry *pde = PDE(file_inode(file)); 284 loff_t rv = -EINVAL; 285 286 if (pde_is_permanent(pde)) { 287 return pde->proc_ops->proc_lseek(file, offset, whence); 288 } else if (use_pde(pde)) { 289 rv = pde->proc_ops->proc_lseek(file, offset, whence); 290 unuse_pde(pde); 291 } 292 return rv; 293 } 294 295 static ssize_t proc_reg_read_iter(struct kiocb *iocb, struct iov_iter *iter) 296 { 297 struct proc_dir_entry *pde = PDE(file_inode(iocb->ki_filp)); 298 ssize_t ret; 299 300 if (pde_is_permanent(pde)) 301 return pde->proc_ops->proc_read_iter(iocb, iter); 302 303 if (!use_pde(pde)) 304 return -EIO; 305 ret = pde->proc_ops->proc_read_iter(iocb, iter); 306 unuse_pde(pde); 307 return ret; 308 } 309 310 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 311 { 312 typeof_member(struct proc_ops, proc_read) read; 313 314 read = pde->proc_ops->proc_read; 315 if (read) 316 return read(file, buf, count, ppos); 317 return -EIO; 318 } 319 320 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 321 { 322 struct proc_dir_entry *pde = PDE(file_inode(file)); 323 ssize_t rv = -EIO; 324 325 if (pde_is_permanent(pde)) { 326 return pde_read(pde, file, buf, count, ppos); 327 } else if (use_pde(pde)) { 328 rv = pde_read(pde, file, buf, count, ppos); 329 unuse_pde(pde); 330 } 331 return rv; 332 } 333 334 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 335 { 336 typeof_member(struct proc_ops, proc_write) write; 337 338 write = pde->proc_ops->proc_write; 339 if (write) 340 return write(file, buf, count, ppos); 341 return -EIO; 342 } 343 344 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 345 { 346 struct proc_dir_entry *pde = PDE(file_inode(file)); 347 ssize_t rv = -EIO; 348 349 if (pde_is_permanent(pde)) { 350 return pde_write(pde, file, buf, count, ppos); 351 } else if (use_pde(pde)) { 352 rv = pde_write(pde, file, buf, count, ppos); 353 unuse_pde(pde); 354 } 355 return rv; 356 } 357 358 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 359 { 360 typeof_member(struct proc_ops, proc_poll) poll; 361 362 poll = pde->proc_ops->proc_poll; 363 if (poll) 364 return poll(file, pts); 365 return DEFAULT_POLLMASK; 366 } 367 368 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 369 { 370 struct proc_dir_entry *pde = PDE(file_inode(file)); 371 __poll_t rv = DEFAULT_POLLMASK; 372 373 if (pde_is_permanent(pde)) { 374 return pde_poll(pde, file, pts); 375 } else if (use_pde(pde)) { 376 rv = pde_poll(pde, file, pts); 377 unuse_pde(pde); 378 } 379 return rv; 380 } 381 382 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 383 { 384 typeof_member(struct proc_ops, proc_ioctl) ioctl; 385 386 ioctl = pde->proc_ops->proc_ioctl; 387 if (ioctl) 388 return ioctl(file, cmd, arg); 389 return -ENOTTY; 390 } 391 392 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 393 { 394 struct proc_dir_entry *pde = PDE(file_inode(file)); 395 long rv = -ENOTTY; 396 397 if (pde_is_permanent(pde)) { 398 return pde_ioctl(pde, file, cmd, arg); 399 } else if (use_pde(pde)) { 400 rv = pde_ioctl(pde, file, cmd, arg); 401 unuse_pde(pde); 402 } 403 return rv; 404 } 405 406 #ifdef CONFIG_COMPAT 407 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 408 { 409 typeof_member(struct proc_ops, proc_compat_ioctl) compat_ioctl; 410 411 compat_ioctl = pde->proc_ops->proc_compat_ioctl; 412 if (compat_ioctl) 413 return compat_ioctl(file, cmd, arg); 414 return -ENOTTY; 415 } 416 417 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 418 { 419 struct proc_dir_entry *pde = PDE(file_inode(file)); 420 long rv = -ENOTTY; 421 if (pde_is_permanent(pde)) { 422 return pde_compat_ioctl(pde, file, cmd, arg); 423 } else if (use_pde(pde)) { 424 rv = pde_compat_ioctl(pde, file, cmd, arg); 425 unuse_pde(pde); 426 } 427 return rv; 428 } 429 #endif 430 431 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 432 { 433 typeof_member(struct proc_ops, proc_mmap) mmap; 434 435 mmap = pde->proc_ops->proc_mmap; 436 if (mmap) 437 return mmap(file, vma); 438 return -EIO; 439 } 440 441 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 442 { 443 struct proc_dir_entry *pde = PDE(file_inode(file)); 444 int rv = -EIO; 445 446 if (pde_is_permanent(pde)) { 447 return pde_mmap(pde, file, vma); 448 } else if (use_pde(pde)) { 449 rv = pde_mmap(pde, file, vma); 450 unuse_pde(pde); 451 } 452 return rv; 453 } 454 455 static unsigned long 456 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 457 unsigned long len, unsigned long pgoff, 458 unsigned long flags) 459 { 460 typeof_member(struct proc_ops, proc_get_unmapped_area) get_area; 461 462 get_area = pde->proc_ops->proc_get_unmapped_area; 463 #ifdef CONFIG_MMU 464 if (!get_area) 465 get_area = current->mm->get_unmapped_area; 466 #endif 467 if (get_area) 468 return get_area(file, orig_addr, len, pgoff, flags); 469 return orig_addr; 470 } 471 472 static unsigned long 473 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 474 unsigned long len, unsigned long pgoff, 475 unsigned long flags) 476 { 477 struct proc_dir_entry *pde = PDE(file_inode(file)); 478 unsigned long rv = -EIO; 479 480 if (pde_is_permanent(pde)) { 481 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 482 } else if (use_pde(pde)) { 483 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 484 unuse_pde(pde); 485 } 486 return rv; 487 } 488 489 static int proc_reg_open(struct inode *inode, struct file *file) 490 { 491 struct proc_dir_entry *pde = PDE(inode); 492 int rv = 0; 493 typeof_member(struct proc_ops, proc_open) open; 494 typeof_member(struct proc_ops, proc_release) release; 495 struct pde_opener *pdeo; 496 497 if (!pde->proc_ops->proc_lseek) 498 file->f_mode &= ~FMODE_LSEEK; 499 500 if (pde_is_permanent(pde)) { 501 open = pde->proc_ops->proc_open; 502 if (open) 503 rv = open(inode, file); 504 return rv; 505 } 506 507 /* 508 * Ensure that 509 * 1) PDE's ->release hook will be called no matter what 510 * either normally by close()/->release, or forcefully by 511 * rmmod/remove_proc_entry. 512 * 513 * 2) rmmod isn't blocked by opening file in /proc and sitting on 514 * the descriptor (including "rmmod foo </proc/foo" scenario). 515 * 516 * Save every "struct file" with custom ->release hook. 517 */ 518 if (!use_pde(pde)) 519 return -ENOENT; 520 521 release = pde->proc_ops->proc_release; 522 if (release) { 523 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 524 if (!pdeo) { 525 rv = -ENOMEM; 526 goto out_unuse; 527 } 528 } 529 530 open = pde->proc_ops->proc_open; 531 if (open) 532 rv = open(inode, file); 533 534 if (release) { 535 if (rv == 0) { 536 /* To know what to release. */ 537 pdeo->file = file; 538 pdeo->closing = false; 539 pdeo->c = NULL; 540 spin_lock(&pde->pde_unload_lock); 541 list_add(&pdeo->lh, &pde->pde_openers); 542 spin_unlock(&pde->pde_unload_lock); 543 } else 544 kmem_cache_free(pde_opener_cache, pdeo); 545 } 546 547 out_unuse: 548 unuse_pde(pde); 549 return rv; 550 } 551 552 static int proc_reg_release(struct inode *inode, struct file *file) 553 { 554 struct proc_dir_entry *pde = PDE(inode); 555 struct pde_opener *pdeo; 556 557 if (pde_is_permanent(pde)) { 558 typeof_member(struct proc_ops, proc_release) release; 559 560 release = pde->proc_ops->proc_release; 561 if (release) { 562 return release(inode, file); 563 } 564 return 0; 565 } 566 567 spin_lock(&pde->pde_unload_lock); 568 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 569 if (pdeo->file == file) { 570 close_pdeo(pde, pdeo); 571 return 0; 572 } 573 } 574 spin_unlock(&pde->pde_unload_lock); 575 return 0; 576 } 577 578 static const struct file_operations proc_reg_file_ops = { 579 .llseek = proc_reg_llseek, 580 .read = proc_reg_read, 581 .write = proc_reg_write, 582 .poll = proc_reg_poll, 583 .unlocked_ioctl = proc_reg_unlocked_ioctl, 584 .mmap = proc_reg_mmap, 585 .get_unmapped_area = proc_reg_get_unmapped_area, 586 .open = proc_reg_open, 587 .release = proc_reg_release, 588 }; 589 590 static const struct file_operations proc_iter_file_ops = { 591 .llseek = proc_reg_llseek, 592 .read_iter = proc_reg_read_iter, 593 .write = proc_reg_write, 594 .splice_read = copy_splice_read, 595 .poll = proc_reg_poll, 596 .unlocked_ioctl = proc_reg_unlocked_ioctl, 597 .mmap = proc_reg_mmap, 598 .get_unmapped_area = proc_reg_get_unmapped_area, 599 .open = proc_reg_open, 600 .release = proc_reg_release, 601 }; 602 603 #ifdef CONFIG_COMPAT 604 static const struct file_operations proc_reg_file_ops_compat = { 605 .llseek = proc_reg_llseek, 606 .read = proc_reg_read, 607 .write = proc_reg_write, 608 .poll = proc_reg_poll, 609 .unlocked_ioctl = proc_reg_unlocked_ioctl, 610 .compat_ioctl = proc_reg_compat_ioctl, 611 .mmap = proc_reg_mmap, 612 .get_unmapped_area = proc_reg_get_unmapped_area, 613 .open = proc_reg_open, 614 .release = proc_reg_release, 615 }; 616 617 static const struct file_operations proc_iter_file_ops_compat = { 618 .llseek = proc_reg_llseek, 619 .read_iter = proc_reg_read_iter, 620 .splice_read = copy_splice_read, 621 .write = proc_reg_write, 622 .poll = proc_reg_poll, 623 .unlocked_ioctl = proc_reg_unlocked_ioctl, 624 .compat_ioctl = proc_reg_compat_ioctl, 625 .mmap = proc_reg_mmap, 626 .get_unmapped_area = proc_reg_get_unmapped_area, 627 .open = proc_reg_open, 628 .release = proc_reg_release, 629 }; 630 #endif 631 632 static void proc_put_link(void *p) 633 { 634 unuse_pde(p); 635 } 636 637 static const char *proc_get_link(struct dentry *dentry, 638 struct inode *inode, 639 struct delayed_call *done) 640 { 641 struct proc_dir_entry *pde = PDE(inode); 642 if (!use_pde(pde)) 643 return ERR_PTR(-EINVAL); 644 set_delayed_call(done, proc_put_link, pde); 645 return pde->data; 646 } 647 648 const struct inode_operations proc_link_inode_operations = { 649 .get_link = proc_get_link, 650 }; 651 652 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 653 { 654 struct inode *inode = new_inode(sb); 655 656 if (!inode) { 657 pde_put(de); 658 return NULL; 659 } 660 661 inode->i_private = de->data; 662 inode->i_ino = de->low_ino; 663 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 664 PROC_I(inode)->pde = de; 665 if (is_empty_pde(de)) { 666 make_empty_dir_inode(inode); 667 return inode; 668 } 669 670 if (de->mode) { 671 inode->i_mode = de->mode; 672 inode->i_uid = de->uid; 673 inode->i_gid = de->gid; 674 } 675 if (de->size) 676 inode->i_size = de->size; 677 if (de->nlink) 678 set_nlink(inode, de->nlink); 679 680 if (S_ISREG(inode->i_mode)) { 681 inode->i_op = de->proc_iops; 682 if (de->proc_ops->proc_read_iter) 683 inode->i_fop = &proc_iter_file_ops; 684 else 685 inode->i_fop = &proc_reg_file_ops; 686 #ifdef CONFIG_COMPAT 687 if (de->proc_ops->proc_compat_ioctl) { 688 if (de->proc_ops->proc_read_iter) 689 inode->i_fop = &proc_iter_file_ops_compat; 690 else 691 inode->i_fop = &proc_reg_file_ops_compat; 692 } 693 #endif 694 } else if (S_ISDIR(inode->i_mode)) { 695 inode->i_op = de->proc_iops; 696 inode->i_fop = de->proc_dir_ops; 697 } else if (S_ISLNK(inode->i_mode)) { 698 inode->i_op = de->proc_iops; 699 inode->i_fop = NULL; 700 } else { 701 BUG(); 702 } 703 return inode; 704 } 705