1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 #include <linux/bug.h> 28 29 #include "internal.h" 30 31 static void proc_evict_inode(struct inode *inode) 32 { 33 struct ctl_table_header *head; 34 struct proc_inode *ei = PROC_I(inode); 35 36 truncate_inode_pages_final(&inode->i_data); 37 clear_inode(inode); 38 39 /* Stop tracking associated processes */ 40 if (ei->pid) 41 proc_pid_evict_inode(ei); 42 43 head = ei->sysctl; 44 if (head) { 45 RCU_INIT_POINTER(ei->sysctl, NULL); 46 proc_sys_evict_inode(inode, head); 47 } 48 } 49 50 static struct kmem_cache *proc_inode_cachep __ro_after_init; 51 static struct kmem_cache *pde_opener_cache __ro_after_init; 52 53 static struct inode *proc_alloc_inode(struct super_block *sb) 54 { 55 struct proc_inode *ei; 56 57 ei = alloc_inode_sb(sb, proc_inode_cachep, GFP_KERNEL); 58 if (!ei) 59 return NULL; 60 ei->pid = NULL; 61 ei->fd = 0; 62 ei->op.proc_get_link = NULL; 63 ei->pde = NULL; 64 ei->sysctl = NULL; 65 ei->sysctl_entry = NULL; 66 INIT_HLIST_NODE(&ei->sibling_inodes); 67 ei->ns_ops = NULL; 68 return &ei->vfs_inode; 69 } 70 71 static void proc_free_inode(struct inode *inode) 72 { 73 struct proc_inode *ei = PROC_I(inode); 74 75 if (ei->pid) 76 put_pid(ei->pid); 77 /* Let go of any associated proc directory entry */ 78 if (ei->pde) 79 pde_put(ei->pde); 80 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 81 } 82 83 static void init_once(void *foo) 84 { 85 struct proc_inode *ei = (struct proc_inode *) foo; 86 87 inode_init_once(&ei->vfs_inode); 88 } 89 90 void __init proc_init_kmemcache(void) 91 { 92 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 93 sizeof(struct proc_inode), 94 0, (SLAB_RECLAIM_ACCOUNT| 95 SLAB_ACCOUNT| 96 SLAB_PANIC), 97 init_once); 98 pde_opener_cache = 99 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 100 SLAB_ACCOUNT|SLAB_PANIC, NULL); 101 proc_dir_entry_cache = kmem_cache_create_usercopy( 102 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 103 offsetof(struct proc_dir_entry, inline_name), 104 SIZEOF_PDE_INLINE_NAME, NULL); 105 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 106 } 107 108 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 109 { 110 struct hlist_node *node; 111 struct super_block *old_sb = NULL; 112 113 rcu_read_lock(); 114 while ((node = hlist_first_rcu(inodes))) { 115 struct proc_inode *ei = hlist_entry(node, struct proc_inode, sibling_inodes); 116 struct super_block *sb; 117 struct inode *inode; 118 119 spin_lock(lock); 120 hlist_del_init_rcu(&ei->sibling_inodes); 121 spin_unlock(lock); 122 123 inode = &ei->vfs_inode; 124 sb = inode->i_sb; 125 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 126 continue; 127 inode = igrab(inode); 128 rcu_read_unlock(); 129 if (sb != old_sb) { 130 if (old_sb) 131 deactivate_super(old_sb); 132 old_sb = sb; 133 } 134 if (unlikely(!inode)) { 135 rcu_read_lock(); 136 continue; 137 } 138 139 if (S_ISDIR(inode->i_mode)) { 140 struct dentry *dir = d_find_any_alias(inode); 141 if (dir) { 142 d_invalidate(dir); 143 dput(dir); 144 } 145 } else { 146 struct dentry *dentry; 147 while ((dentry = d_find_alias(inode))) { 148 d_invalidate(dentry); 149 dput(dentry); 150 } 151 } 152 iput(inode); 153 154 rcu_read_lock(); 155 } 156 rcu_read_unlock(); 157 if (old_sb) 158 deactivate_super(old_sb); 159 } 160 161 static inline const char *hidepid2str(enum proc_hidepid v) 162 { 163 switch (v) { 164 case HIDEPID_OFF: return "off"; 165 case HIDEPID_NO_ACCESS: return "noaccess"; 166 case HIDEPID_INVISIBLE: return "invisible"; 167 case HIDEPID_NOT_PTRACEABLE: return "ptraceable"; 168 } 169 WARN_ONCE(1, "bad hide_pid value: %d\n", v); 170 return "unknown"; 171 } 172 173 static int proc_show_options(struct seq_file *seq, struct dentry *root) 174 { 175 struct proc_fs_info *fs_info = proc_sb_info(root->d_sb); 176 177 if (!gid_eq(fs_info->pid_gid, GLOBAL_ROOT_GID)) 178 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); 179 if (fs_info->hide_pid != HIDEPID_OFF) 180 seq_printf(seq, ",hidepid=%s", hidepid2str(fs_info->hide_pid)); 181 if (fs_info->pidonly != PROC_PIDONLY_OFF) 182 seq_printf(seq, ",subset=pid"); 183 184 return 0; 185 } 186 187 const struct super_operations proc_sops = { 188 .alloc_inode = proc_alloc_inode, 189 .free_inode = proc_free_inode, 190 .drop_inode = generic_delete_inode, 191 .evict_inode = proc_evict_inode, 192 .statfs = simple_statfs, 193 .show_options = proc_show_options, 194 }; 195 196 enum {BIAS = -1U<<31}; 197 198 static inline int use_pde(struct proc_dir_entry *pde) 199 { 200 return likely(atomic_inc_unless_negative(&pde->in_use)); 201 } 202 203 static void unuse_pde(struct proc_dir_entry *pde) 204 { 205 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 206 complete(pde->pde_unload_completion); 207 } 208 209 /* 210 * At most 2 contexts can enter this function: the one doing the last 211 * close on the descriptor and whoever is deleting PDE itself. 212 * 213 * First to enter calls ->proc_release hook and signals its completion 214 * to the second one which waits and then does nothing. 215 * 216 * PDE is locked on entry, unlocked on exit. 217 */ 218 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 219 __releases(&pde->pde_unload_lock) 220 { 221 /* 222 * close() (proc_reg_release()) can't delete an entry and proceed: 223 * ->release hook needs to be available at the right moment. 224 * 225 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 226 * "struct file" needs to be available at the right moment. 227 */ 228 if (pdeo->closing) { 229 /* somebody else is doing that, just wait */ 230 DECLARE_COMPLETION_ONSTACK(c); 231 pdeo->c = &c; 232 spin_unlock(&pde->pde_unload_lock); 233 wait_for_completion(&c); 234 } else { 235 struct file *file; 236 struct completion *c; 237 238 pdeo->closing = true; 239 spin_unlock(&pde->pde_unload_lock); 240 241 file = pdeo->file; 242 pde->proc_ops->proc_release(file_inode(file), file); 243 244 spin_lock(&pde->pde_unload_lock); 245 /* Strictly after ->proc_release, see above. */ 246 list_del(&pdeo->lh); 247 c = pdeo->c; 248 spin_unlock(&pde->pde_unload_lock); 249 if (unlikely(c)) 250 complete(c); 251 kmem_cache_free(pde_opener_cache, pdeo); 252 } 253 } 254 255 void proc_entry_rundown(struct proc_dir_entry *de) 256 { 257 DECLARE_COMPLETION_ONSTACK(c); 258 /* Wait until all existing callers into module are done. */ 259 de->pde_unload_completion = &c; 260 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 261 wait_for_completion(&c); 262 263 /* ->pde_openers list can't grow from now on. */ 264 265 spin_lock(&de->pde_unload_lock); 266 while (!list_empty(&de->pde_openers)) { 267 struct pde_opener *pdeo; 268 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 269 close_pdeo(de, pdeo); 270 spin_lock(&de->pde_unload_lock); 271 } 272 spin_unlock(&de->pde_unload_lock); 273 } 274 275 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 276 { 277 struct proc_dir_entry *pde = PDE(file_inode(file)); 278 loff_t rv = -EINVAL; 279 280 if (pde_is_permanent(pde)) { 281 return pde->proc_ops->proc_lseek(file, offset, whence); 282 } else if (use_pde(pde)) { 283 rv = pde->proc_ops->proc_lseek(file, offset, whence); 284 unuse_pde(pde); 285 } 286 return rv; 287 } 288 289 static ssize_t proc_reg_read_iter(struct kiocb *iocb, struct iov_iter *iter) 290 { 291 struct proc_dir_entry *pde = PDE(file_inode(iocb->ki_filp)); 292 ssize_t ret; 293 294 if (pde_is_permanent(pde)) 295 return pde->proc_ops->proc_read_iter(iocb, iter); 296 297 if (!use_pde(pde)) 298 return -EIO; 299 ret = pde->proc_ops->proc_read_iter(iocb, iter); 300 unuse_pde(pde); 301 return ret; 302 } 303 304 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 305 { 306 __auto_type read = pde->proc_ops->proc_read; 307 if (read) 308 return read(file, buf, count, ppos); 309 return -EIO; 310 } 311 312 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 313 { 314 struct proc_dir_entry *pde = PDE(file_inode(file)); 315 ssize_t rv = -EIO; 316 317 if (pde_is_permanent(pde)) { 318 return pde_read(pde, file, buf, count, ppos); 319 } else if (use_pde(pde)) { 320 rv = pde_read(pde, file, buf, count, ppos); 321 unuse_pde(pde); 322 } 323 return rv; 324 } 325 326 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 327 { 328 __auto_type write = pde->proc_ops->proc_write; 329 if (write) 330 return write(file, buf, count, ppos); 331 return -EIO; 332 } 333 334 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 335 { 336 struct proc_dir_entry *pde = PDE(file_inode(file)); 337 ssize_t rv = -EIO; 338 339 if (pde_is_permanent(pde)) { 340 return pde_write(pde, file, buf, count, ppos); 341 } else if (use_pde(pde)) { 342 rv = pde_write(pde, file, buf, count, ppos); 343 unuse_pde(pde); 344 } 345 return rv; 346 } 347 348 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 349 { 350 __auto_type poll = pde->proc_ops->proc_poll; 351 if (poll) 352 return poll(file, pts); 353 return DEFAULT_POLLMASK; 354 } 355 356 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 357 { 358 struct proc_dir_entry *pde = PDE(file_inode(file)); 359 __poll_t rv = DEFAULT_POLLMASK; 360 361 if (pde_is_permanent(pde)) { 362 return pde_poll(pde, file, pts); 363 } else if (use_pde(pde)) { 364 rv = pde_poll(pde, file, pts); 365 unuse_pde(pde); 366 } 367 return rv; 368 } 369 370 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 371 { 372 __auto_type ioctl = pde->proc_ops->proc_ioctl; 373 if (ioctl) 374 return ioctl(file, cmd, arg); 375 return -ENOTTY; 376 } 377 378 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 379 { 380 struct proc_dir_entry *pde = PDE(file_inode(file)); 381 long rv = -ENOTTY; 382 383 if (pde_is_permanent(pde)) { 384 return pde_ioctl(pde, file, cmd, arg); 385 } else if (use_pde(pde)) { 386 rv = pde_ioctl(pde, file, cmd, arg); 387 unuse_pde(pde); 388 } 389 return rv; 390 } 391 392 #ifdef CONFIG_COMPAT 393 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 394 { 395 __auto_type compat_ioctl = pde->proc_ops->proc_compat_ioctl; 396 if (compat_ioctl) 397 return compat_ioctl(file, cmd, arg); 398 return -ENOTTY; 399 } 400 401 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 402 { 403 struct proc_dir_entry *pde = PDE(file_inode(file)); 404 long rv = -ENOTTY; 405 if (pde_is_permanent(pde)) { 406 return pde_compat_ioctl(pde, file, cmd, arg); 407 } else if (use_pde(pde)) { 408 rv = pde_compat_ioctl(pde, file, cmd, arg); 409 unuse_pde(pde); 410 } 411 return rv; 412 } 413 #endif 414 415 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 416 { 417 __auto_type mmap = pde->proc_ops->proc_mmap; 418 if (mmap) 419 return mmap(file, vma); 420 return -EIO; 421 } 422 423 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 424 { 425 struct proc_dir_entry *pde = PDE(file_inode(file)); 426 int rv = -EIO; 427 428 if (pde_is_permanent(pde)) { 429 return pde_mmap(pde, file, vma); 430 } else if (use_pde(pde)) { 431 rv = pde_mmap(pde, file, vma); 432 unuse_pde(pde); 433 } 434 return rv; 435 } 436 437 static unsigned long 438 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 439 unsigned long len, unsigned long pgoff, 440 unsigned long flags) 441 { 442 if (pde->proc_ops->proc_get_unmapped_area) 443 return pde->proc_ops->proc_get_unmapped_area(file, orig_addr, len, pgoff, flags); 444 445 #ifdef CONFIG_MMU 446 return mm_get_unmapped_area(current->mm, file, orig_addr, len, pgoff, flags); 447 #endif 448 449 return orig_addr; 450 } 451 452 static unsigned long 453 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 454 unsigned long len, unsigned long pgoff, 455 unsigned long flags) 456 { 457 struct proc_dir_entry *pde = PDE(file_inode(file)); 458 unsigned long rv = -EIO; 459 460 if (pde_is_permanent(pde)) { 461 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 462 } else if (use_pde(pde)) { 463 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 464 unuse_pde(pde); 465 } 466 return rv; 467 } 468 469 static int proc_reg_open(struct inode *inode, struct file *file) 470 { 471 struct proc_dir_entry *pde = PDE(inode); 472 int rv = 0; 473 typeof_member(struct proc_ops, proc_open) open; 474 struct pde_opener *pdeo; 475 476 if (!pde->proc_ops->proc_lseek) 477 file->f_mode &= ~FMODE_LSEEK; 478 479 if (pde_is_permanent(pde)) { 480 open = pde->proc_ops->proc_open; 481 if (open) 482 rv = open(inode, file); 483 return rv; 484 } 485 486 /* 487 * Ensure that 488 * 1) PDE's ->release hook will be called no matter what 489 * either normally by close()/->release, or forcefully by 490 * rmmod/remove_proc_entry. 491 * 492 * 2) rmmod isn't blocked by opening file in /proc and sitting on 493 * the descriptor (including "rmmod foo </proc/foo" scenario). 494 * 495 * Save every "struct file" with custom ->release hook. 496 */ 497 if (!use_pde(pde)) 498 return -ENOENT; 499 500 __auto_type release = pde->proc_ops->proc_release; 501 if (release) { 502 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 503 if (!pdeo) { 504 rv = -ENOMEM; 505 goto out_unuse; 506 } 507 } 508 509 open = pde->proc_ops->proc_open; 510 if (open) 511 rv = open(inode, file); 512 513 if (release) { 514 if (rv == 0) { 515 /* To know what to release. */ 516 pdeo->file = file; 517 pdeo->closing = false; 518 pdeo->c = NULL; 519 spin_lock(&pde->pde_unload_lock); 520 list_add(&pdeo->lh, &pde->pde_openers); 521 spin_unlock(&pde->pde_unload_lock); 522 } else 523 kmem_cache_free(pde_opener_cache, pdeo); 524 } 525 526 out_unuse: 527 unuse_pde(pde); 528 return rv; 529 } 530 531 static int proc_reg_release(struct inode *inode, struct file *file) 532 { 533 struct proc_dir_entry *pde = PDE(inode); 534 struct pde_opener *pdeo; 535 536 if (pde_is_permanent(pde)) { 537 __auto_type release = pde->proc_ops->proc_release; 538 if (release) { 539 return release(inode, file); 540 } 541 return 0; 542 } 543 544 spin_lock(&pde->pde_unload_lock); 545 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 546 if (pdeo->file == file) { 547 close_pdeo(pde, pdeo); 548 return 0; 549 } 550 } 551 spin_unlock(&pde->pde_unload_lock); 552 return 0; 553 } 554 555 static const struct file_operations proc_reg_file_ops = { 556 .llseek = proc_reg_llseek, 557 .read = proc_reg_read, 558 .write = proc_reg_write, 559 .poll = proc_reg_poll, 560 .unlocked_ioctl = proc_reg_unlocked_ioctl, 561 .mmap = proc_reg_mmap, 562 .get_unmapped_area = proc_reg_get_unmapped_area, 563 .open = proc_reg_open, 564 .release = proc_reg_release, 565 }; 566 567 static const struct file_operations proc_iter_file_ops = { 568 .llseek = proc_reg_llseek, 569 .read_iter = proc_reg_read_iter, 570 .write = proc_reg_write, 571 .splice_read = copy_splice_read, 572 .poll = proc_reg_poll, 573 .unlocked_ioctl = proc_reg_unlocked_ioctl, 574 .mmap = proc_reg_mmap, 575 .get_unmapped_area = proc_reg_get_unmapped_area, 576 .open = proc_reg_open, 577 .release = proc_reg_release, 578 }; 579 580 #ifdef CONFIG_COMPAT 581 static const struct file_operations proc_reg_file_ops_compat = { 582 .llseek = proc_reg_llseek, 583 .read = proc_reg_read, 584 .write = proc_reg_write, 585 .poll = proc_reg_poll, 586 .unlocked_ioctl = proc_reg_unlocked_ioctl, 587 .compat_ioctl = proc_reg_compat_ioctl, 588 .mmap = proc_reg_mmap, 589 .get_unmapped_area = proc_reg_get_unmapped_area, 590 .open = proc_reg_open, 591 .release = proc_reg_release, 592 }; 593 594 static const struct file_operations proc_iter_file_ops_compat = { 595 .llseek = proc_reg_llseek, 596 .read_iter = proc_reg_read_iter, 597 .splice_read = copy_splice_read, 598 .write = proc_reg_write, 599 .poll = proc_reg_poll, 600 .unlocked_ioctl = proc_reg_unlocked_ioctl, 601 .compat_ioctl = proc_reg_compat_ioctl, 602 .mmap = proc_reg_mmap, 603 .get_unmapped_area = proc_reg_get_unmapped_area, 604 .open = proc_reg_open, 605 .release = proc_reg_release, 606 }; 607 #endif 608 609 static void proc_put_link(void *p) 610 { 611 unuse_pde(p); 612 } 613 614 static const char *proc_get_link(struct dentry *dentry, 615 struct inode *inode, 616 struct delayed_call *done) 617 { 618 struct proc_dir_entry *pde = PDE(inode); 619 if (!use_pde(pde)) 620 return ERR_PTR(-EINVAL); 621 set_delayed_call(done, proc_put_link, pde); 622 return pde->data; 623 } 624 625 const struct inode_operations proc_link_inode_operations = { 626 .get_link = proc_get_link, 627 }; 628 629 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 630 { 631 struct inode *inode = new_inode(sb); 632 633 if (!inode) { 634 pde_put(de); 635 return NULL; 636 } 637 638 inode->i_private = de->data; 639 inode->i_ino = de->low_ino; 640 simple_inode_init_ts(inode); 641 PROC_I(inode)->pde = de; 642 if (is_empty_pde(de)) { 643 make_empty_dir_inode(inode); 644 return inode; 645 } 646 647 if (de->mode) { 648 inode->i_mode = de->mode; 649 inode->i_uid = de->uid; 650 inode->i_gid = de->gid; 651 } 652 if (de->size) 653 inode->i_size = de->size; 654 if (de->nlink) 655 set_nlink(inode, de->nlink); 656 657 if (S_ISREG(inode->i_mode)) { 658 inode->i_op = de->proc_iops; 659 if (de->proc_ops->proc_read_iter) 660 inode->i_fop = &proc_iter_file_ops; 661 else 662 inode->i_fop = &proc_reg_file_ops; 663 #ifdef CONFIG_COMPAT 664 if (de->proc_ops->proc_compat_ioctl) { 665 if (de->proc_ops->proc_read_iter) 666 inode->i_fop = &proc_iter_file_ops_compat; 667 else 668 inode->i_fop = &proc_reg_file_ops_compat; 669 } 670 #endif 671 } else if (S_ISDIR(inode->i_mode)) { 672 inode->i_op = de->proc_iops; 673 inode->i_fop = de->proc_dir_ops; 674 } else if (S_ISLNK(inode->i_mode)) { 675 inode->i_op = de->proc_iops; 676 inode->i_fop = NULL; 677 } else { 678 BUG(); 679 } 680 return inode; 681 } 682