1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 #include <linux/bug.h> 28 29 #include <linux/uaccess.h> 30 31 #include "internal.h" 32 33 static void proc_evict_inode(struct inode *inode) 34 { 35 struct proc_dir_entry *de; 36 struct ctl_table_header *head; 37 struct proc_inode *ei = PROC_I(inode); 38 39 truncate_inode_pages_final(&inode->i_data); 40 clear_inode(inode); 41 42 /* Stop tracking associated processes */ 43 if (ei->pid) { 44 proc_pid_evict_inode(ei); 45 ei->pid = NULL; 46 } 47 48 /* Let go of any associated proc directory entry */ 49 de = ei->pde; 50 if (de) { 51 pde_put(de); 52 ei->pde = NULL; 53 } 54 55 head = ei->sysctl; 56 if (head) { 57 RCU_INIT_POINTER(ei->sysctl, NULL); 58 proc_sys_evict_inode(inode, head); 59 } 60 } 61 62 static struct kmem_cache *proc_inode_cachep __ro_after_init; 63 static struct kmem_cache *pde_opener_cache __ro_after_init; 64 65 static struct inode *proc_alloc_inode(struct super_block *sb) 66 { 67 struct proc_inode *ei; 68 69 ei = kmem_cache_alloc(proc_inode_cachep, GFP_KERNEL); 70 if (!ei) 71 return NULL; 72 ei->pid = NULL; 73 ei->fd = 0; 74 ei->op.proc_get_link = NULL; 75 ei->pde = NULL; 76 ei->sysctl = NULL; 77 ei->sysctl_entry = NULL; 78 INIT_HLIST_NODE(&ei->sibling_inodes); 79 ei->ns_ops = NULL; 80 return &ei->vfs_inode; 81 } 82 83 static void proc_free_inode(struct inode *inode) 84 { 85 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 86 } 87 88 static void init_once(void *foo) 89 { 90 struct proc_inode *ei = (struct proc_inode *) foo; 91 92 inode_init_once(&ei->vfs_inode); 93 } 94 95 void __init proc_init_kmemcache(void) 96 { 97 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 98 sizeof(struct proc_inode), 99 0, (SLAB_RECLAIM_ACCOUNT| 100 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 101 SLAB_PANIC), 102 init_once); 103 pde_opener_cache = 104 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 105 SLAB_ACCOUNT|SLAB_PANIC, NULL); 106 proc_dir_entry_cache = kmem_cache_create_usercopy( 107 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 108 offsetof(struct proc_dir_entry, inline_name), 109 SIZEOF_PDE_INLINE_NAME, NULL); 110 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 111 } 112 113 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 114 { 115 struct inode *inode; 116 struct proc_inode *ei; 117 struct hlist_node *node; 118 struct super_block *old_sb = NULL; 119 120 rcu_read_lock(); 121 for (;;) { 122 struct super_block *sb; 123 node = hlist_first_rcu(inodes); 124 if (!node) 125 break; 126 ei = hlist_entry(node, struct proc_inode, sibling_inodes); 127 spin_lock(lock); 128 hlist_del_init_rcu(&ei->sibling_inodes); 129 spin_unlock(lock); 130 131 inode = &ei->vfs_inode; 132 sb = inode->i_sb; 133 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 134 continue; 135 inode = igrab(inode); 136 rcu_read_unlock(); 137 if (sb != old_sb) { 138 if (old_sb) 139 deactivate_super(old_sb); 140 old_sb = sb; 141 } 142 if (unlikely(!inode)) { 143 rcu_read_lock(); 144 continue; 145 } 146 147 if (S_ISDIR(inode->i_mode)) { 148 struct dentry *dir = d_find_any_alias(inode); 149 if (dir) { 150 d_invalidate(dir); 151 dput(dir); 152 } 153 } else { 154 struct dentry *dentry; 155 while ((dentry = d_find_alias(inode))) { 156 d_invalidate(dentry); 157 dput(dentry); 158 } 159 } 160 iput(inode); 161 162 rcu_read_lock(); 163 } 164 rcu_read_unlock(); 165 if (old_sb) 166 deactivate_super(old_sb); 167 } 168 169 static inline const char *hidepid2str(enum proc_hidepid v) 170 { 171 switch (v) { 172 case HIDEPID_OFF: return "off"; 173 case HIDEPID_NO_ACCESS: return "noaccess"; 174 case HIDEPID_INVISIBLE: return "invisible"; 175 case HIDEPID_NOT_PTRACEABLE: return "ptraceable"; 176 } 177 WARN_ONCE(1, "bad hide_pid value: %d\n", v); 178 return "unknown"; 179 } 180 181 static int proc_show_options(struct seq_file *seq, struct dentry *root) 182 { 183 struct proc_fs_info *fs_info = proc_sb_info(root->d_sb); 184 185 if (!gid_eq(fs_info->pid_gid, GLOBAL_ROOT_GID)) 186 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); 187 if (fs_info->hide_pid != HIDEPID_OFF) 188 seq_printf(seq, ",hidepid=%s", hidepid2str(fs_info->hide_pid)); 189 if (fs_info->pidonly != PROC_PIDONLY_OFF) 190 seq_printf(seq, ",subset=pid"); 191 192 return 0; 193 } 194 195 const struct super_operations proc_sops = { 196 .alloc_inode = proc_alloc_inode, 197 .free_inode = proc_free_inode, 198 .drop_inode = generic_delete_inode, 199 .evict_inode = proc_evict_inode, 200 .statfs = simple_statfs, 201 .show_options = proc_show_options, 202 }; 203 204 enum {BIAS = -1U<<31}; 205 206 static inline int use_pde(struct proc_dir_entry *pde) 207 { 208 return likely(atomic_inc_unless_negative(&pde->in_use)); 209 } 210 211 static void unuse_pde(struct proc_dir_entry *pde) 212 { 213 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 214 complete(pde->pde_unload_completion); 215 } 216 217 /* pde is locked on entry, unlocked on exit */ 218 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 219 __releases(&pde->pde_unload_lock) 220 { 221 /* 222 * close() (proc_reg_release()) can't delete an entry and proceed: 223 * ->release hook needs to be available at the right moment. 224 * 225 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 226 * "struct file" needs to be available at the right moment. 227 * 228 * Therefore, first process to enter this function does ->release() and 229 * signals its completion to the other process which does nothing. 230 */ 231 if (pdeo->closing) { 232 /* somebody else is doing that, just wait */ 233 DECLARE_COMPLETION_ONSTACK(c); 234 pdeo->c = &c; 235 spin_unlock(&pde->pde_unload_lock); 236 wait_for_completion(&c); 237 } else { 238 struct file *file; 239 struct completion *c; 240 241 pdeo->closing = true; 242 spin_unlock(&pde->pde_unload_lock); 243 file = pdeo->file; 244 pde->proc_ops->proc_release(file_inode(file), file); 245 spin_lock(&pde->pde_unload_lock); 246 /* After ->release. */ 247 list_del(&pdeo->lh); 248 c = pdeo->c; 249 spin_unlock(&pde->pde_unload_lock); 250 if (unlikely(c)) 251 complete(c); 252 kmem_cache_free(pde_opener_cache, pdeo); 253 } 254 } 255 256 void proc_entry_rundown(struct proc_dir_entry *de) 257 { 258 DECLARE_COMPLETION_ONSTACK(c); 259 /* Wait until all existing callers into module are done. */ 260 de->pde_unload_completion = &c; 261 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 262 wait_for_completion(&c); 263 264 /* ->pde_openers list can't grow from now on. */ 265 266 spin_lock(&de->pde_unload_lock); 267 while (!list_empty(&de->pde_openers)) { 268 struct pde_opener *pdeo; 269 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 270 close_pdeo(de, pdeo); 271 spin_lock(&de->pde_unload_lock); 272 } 273 spin_unlock(&de->pde_unload_lock); 274 } 275 276 static loff_t pde_lseek(struct proc_dir_entry *pde, struct file *file, loff_t offset, int whence) 277 { 278 typeof_member(struct proc_ops, proc_lseek) lseek; 279 280 lseek = pde->proc_ops->proc_lseek; 281 if (!lseek) 282 lseek = default_llseek; 283 return lseek(file, offset, whence); 284 } 285 286 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 287 { 288 struct proc_dir_entry *pde = PDE(file_inode(file)); 289 loff_t rv = -EINVAL; 290 291 if (pde_is_permanent(pde)) { 292 return pde_lseek(pde, file, offset, whence); 293 } else if (use_pde(pde)) { 294 rv = pde_lseek(pde, file, offset, whence); 295 unuse_pde(pde); 296 } 297 return rv; 298 } 299 300 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 301 { 302 typeof_member(struct proc_ops, proc_read) read; 303 304 read = pde->proc_ops->proc_read; 305 if (read) 306 return read(file, buf, count, ppos); 307 return -EIO; 308 } 309 310 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 311 { 312 struct proc_dir_entry *pde = PDE(file_inode(file)); 313 ssize_t rv = -EIO; 314 315 if (pde_is_permanent(pde)) { 316 return pde_read(pde, file, buf, count, ppos); 317 } else if (use_pde(pde)) { 318 rv = pde_read(pde, file, buf, count, ppos); 319 unuse_pde(pde); 320 } 321 return rv; 322 } 323 324 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 325 { 326 typeof_member(struct proc_ops, proc_write) write; 327 328 write = pde->proc_ops->proc_write; 329 if (write) 330 return write(file, buf, count, ppos); 331 return -EIO; 332 } 333 334 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 335 { 336 struct proc_dir_entry *pde = PDE(file_inode(file)); 337 ssize_t rv = -EIO; 338 339 if (pde_is_permanent(pde)) { 340 return pde_write(pde, file, buf, count, ppos); 341 } else if (use_pde(pde)) { 342 rv = pde_write(pde, file, buf, count, ppos); 343 unuse_pde(pde); 344 } 345 return rv; 346 } 347 348 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 349 { 350 typeof_member(struct proc_ops, proc_poll) poll; 351 352 poll = pde->proc_ops->proc_poll; 353 if (poll) 354 return poll(file, pts); 355 return DEFAULT_POLLMASK; 356 } 357 358 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 359 { 360 struct proc_dir_entry *pde = PDE(file_inode(file)); 361 __poll_t rv = DEFAULT_POLLMASK; 362 363 if (pde_is_permanent(pde)) { 364 return pde_poll(pde, file, pts); 365 } else if (use_pde(pde)) { 366 rv = pde_poll(pde, file, pts); 367 unuse_pde(pde); 368 } 369 return rv; 370 } 371 372 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 373 { 374 typeof_member(struct proc_ops, proc_ioctl) ioctl; 375 376 ioctl = pde->proc_ops->proc_ioctl; 377 if (ioctl) 378 return ioctl(file, cmd, arg); 379 return -ENOTTY; 380 } 381 382 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 383 { 384 struct proc_dir_entry *pde = PDE(file_inode(file)); 385 long rv = -ENOTTY; 386 387 if (pde_is_permanent(pde)) { 388 return pde_ioctl(pde, file, cmd, arg); 389 } else if (use_pde(pde)) { 390 rv = pde_ioctl(pde, file, cmd, arg); 391 unuse_pde(pde); 392 } 393 return rv; 394 } 395 396 #ifdef CONFIG_COMPAT 397 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 398 { 399 typeof_member(struct proc_ops, proc_compat_ioctl) compat_ioctl; 400 401 compat_ioctl = pde->proc_ops->proc_compat_ioctl; 402 if (compat_ioctl) 403 return compat_ioctl(file, cmd, arg); 404 return -ENOTTY; 405 } 406 407 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 408 { 409 struct proc_dir_entry *pde = PDE(file_inode(file)); 410 long rv = -ENOTTY; 411 if (pde_is_permanent(pde)) { 412 return pde_compat_ioctl(pde, file, cmd, arg); 413 } else if (use_pde(pde)) { 414 rv = pde_compat_ioctl(pde, file, cmd, arg); 415 unuse_pde(pde); 416 } 417 return rv; 418 } 419 #endif 420 421 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 422 { 423 typeof_member(struct proc_ops, proc_mmap) mmap; 424 425 mmap = pde->proc_ops->proc_mmap; 426 if (mmap) 427 return mmap(file, vma); 428 return -EIO; 429 } 430 431 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 432 { 433 struct proc_dir_entry *pde = PDE(file_inode(file)); 434 int rv = -EIO; 435 436 if (pde_is_permanent(pde)) { 437 return pde_mmap(pde, file, vma); 438 } else if (use_pde(pde)) { 439 rv = pde_mmap(pde, file, vma); 440 unuse_pde(pde); 441 } 442 return rv; 443 } 444 445 static unsigned long 446 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 447 unsigned long len, unsigned long pgoff, 448 unsigned long flags) 449 { 450 typeof_member(struct proc_ops, proc_get_unmapped_area) get_area; 451 452 get_area = pde->proc_ops->proc_get_unmapped_area; 453 #ifdef CONFIG_MMU 454 if (!get_area) 455 get_area = current->mm->get_unmapped_area; 456 #endif 457 if (get_area) 458 return get_area(file, orig_addr, len, pgoff, flags); 459 return orig_addr; 460 } 461 462 static unsigned long 463 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 464 unsigned long len, unsigned long pgoff, 465 unsigned long flags) 466 { 467 struct proc_dir_entry *pde = PDE(file_inode(file)); 468 unsigned long rv = -EIO; 469 470 if (pde_is_permanent(pde)) { 471 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 472 } else if (use_pde(pde)) { 473 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 474 unuse_pde(pde); 475 } 476 return rv; 477 } 478 479 static int proc_reg_open(struct inode *inode, struct file *file) 480 { 481 struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb); 482 struct proc_dir_entry *pde = PDE(inode); 483 int rv = 0; 484 typeof_member(struct proc_ops, proc_open) open; 485 typeof_member(struct proc_ops, proc_release) release; 486 struct pde_opener *pdeo; 487 488 if (pde_is_permanent(pde)) { 489 open = pde->proc_ops->proc_open; 490 if (open) 491 rv = open(inode, file); 492 return rv; 493 } 494 495 if (fs_info->pidonly == PROC_PIDONLY_ON) 496 return -ENOENT; 497 498 /* 499 * Ensure that 500 * 1) PDE's ->release hook will be called no matter what 501 * either normally by close()/->release, or forcefully by 502 * rmmod/remove_proc_entry. 503 * 504 * 2) rmmod isn't blocked by opening file in /proc and sitting on 505 * the descriptor (including "rmmod foo </proc/foo" scenario). 506 * 507 * Save every "struct file" with custom ->release hook. 508 */ 509 if (!use_pde(pde)) 510 return -ENOENT; 511 512 release = pde->proc_ops->proc_release; 513 if (release) { 514 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 515 if (!pdeo) { 516 rv = -ENOMEM; 517 goto out_unuse; 518 } 519 } 520 521 open = pde->proc_ops->proc_open; 522 if (open) 523 rv = open(inode, file); 524 525 if (release) { 526 if (rv == 0) { 527 /* To know what to release. */ 528 pdeo->file = file; 529 pdeo->closing = false; 530 pdeo->c = NULL; 531 spin_lock(&pde->pde_unload_lock); 532 list_add(&pdeo->lh, &pde->pde_openers); 533 spin_unlock(&pde->pde_unload_lock); 534 } else 535 kmem_cache_free(pde_opener_cache, pdeo); 536 } 537 538 out_unuse: 539 unuse_pde(pde); 540 return rv; 541 } 542 543 static int proc_reg_release(struct inode *inode, struct file *file) 544 { 545 struct proc_dir_entry *pde = PDE(inode); 546 struct pde_opener *pdeo; 547 548 if (pde_is_permanent(pde)) { 549 typeof_member(struct proc_ops, proc_release) release; 550 551 release = pde->proc_ops->proc_release; 552 if (release) { 553 return release(inode, file); 554 } 555 return 0; 556 } 557 558 spin_lock(&pde->pde_unload_lock); 559 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 560 if (pdeo->file == file) { 561 close_pdeo(pde, pdeo); 562 return 0; 563 } 564 } 565 spin_unlock(&pde->pde_unload_lock); 566 return 0; 567 } 568 569 static const struct file_operations proc_reg_file_ops = { 570 .llseek = proc_reg_llseek, 571 .read = proc_reg_read, 572 .write = proc_reg_write, 573 .poll = proc_reg_poll, 574 .unlocked_ioctl = proc_reg_unlocked_ioctl, 575 #ifdef CONFIG_COMPAT 576 .compat_ioctl = proc_reg_compat_ioctl, 577 #endif 578 .mmap = proc_reg_mmap, 579 .get_unmapped_area = proc_reg_get_unmapped_area, 580 .open = proc_reg_open, 581 .release = proc_reg_release, 582 }; 583 584 #ifdef CONFIG_COMPAT 585 static const struct file_operations proc_reg_file_ops_no_compat = { 586 .llseek = proc_reg_llseek, 587 .read = proc_reg_read, 588 .write = proc_reg_write, 589 .poll = proc_reg_poll, 590 .unlocked_ioctl = proc_reg_unlocked_ioctl, 591 .mmap = proc_reg_mmap, 592 .get_unmapped_area = proc_reg_get_unmapped_area, 593 .open = proc_reg_open, 594 .release = proc_reg_release, 595 }; 596 #endif 597 598 static void proc_put_link(void *p) 599 { 600 unuse_pde(p); 601 } 602 603 static const char *proc_get_link(struct dentry *dentry, 604 struct inode *inode, 605 struct delayed_call *done) 606 { 607 struct proc_dir_entry *pde = PDE(inode); 608 if (!use_pde(pde)) 609 return ERR_PTR(-EINVAL); 610 set_delayed_call(done, proc_put_link, pde); 611 return pde->data; 612 } 613 614 const struct inode_operations proc_link_inode_operations = { 615 .get_link = proc_get_link, 616 }; 617 618 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 619 { 620 struct inode *inode = new_inode(sb); 621 622 if (inode) { 623 inode->i_ino = de->low_ino; 624 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 625 PROC_I(inode)->pde = de; 626 627 if (is_empty_pde(de)) { 628 make_empty_dir_inode(inode); 629 return inode; 630 } 631 if (de->mode) { 632 inode->i_mode = de->mode; 633 inode->i_uid = de->uid; 634 inode->i_gid = de->gid; 635 } 636 if (de->size) 637 inode->i_size = de->size; 638 if (de->nlink) 639 set_nlink(inode, de->nlink); 640 641 if (S_ISREG(inode->i_mode)) { 642 inode->i_op = de->proc_iops; 643 inode->i_fop = &proc_reg_file_ops; 644 #ifdef CONFIG_COMPAT 645 if (!de->proc_ops->proc_compat_ioctl) { 646 inode->i_fop = &proc_reg_file_ops_no_compat; 647 } 648 #endif 649 } else if (S_ISDIR(inode->i_mode)) { 650 inode->i_op = de->proc_iops; 651 inode->i_fop = de->proc_dir_ops; 652 } else if (S_ISLNK(inode->i_mode)) { 653 inode->i_op = de->proc_iops; 654 inode->i_fop = NULL; 655 } else 656 BUG(); 657 } else 658 pde_put(de); 659 return inode; 660 } 661