1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/proc/net.c 4 * 5 * Copyright (C) 2007 6 * 7 * Author: Eric Biederman <ebiederm@xmission.com> 8 * 9 * proc net directory handling functions 10 */ 11 #include <linux/errno.h> 12 #include <linux/time.h> 13 #include <linux/proc_fs.h> 14 #include <linux/stat.h> 15 #include <linux/slab.h> 16 #include <linux/init.h> 17 #include <linux/sched.h> 18 #include <linux/sched/task.h> 19 #include <linux/module.h> 20 #include <linux/bitops.h> 21 #include <linux/mount.h> 22 #include <linux/nsproxy.h> 23 #include <linux/uidgid.h> 24 #include <net/net_namespace.h> 25 #include <linux/seq_file.h> 26 27 #include "internal.h" 28 29 static inline struct net *PDE_NET(struct proc_dir_entry *pde) 30 { 31 return pde->parent->data; 32 } 33 34 static struct net *get_proc_net(const struct inode *inode) 35 { 36 return maybe_get_net(PDE_NET(PDE(inode))); 37 } 38 39 static int seq_open_net(struct inode *inode, struct file *file) 40 { 41 unsigned int state_size = PDE(inode)->state_size; 42 struct seq_net_private *p; 43 struct net *net; 44 45 WARN_ON_ONCE(state_size < sizeof(*p)); 46 47 if (file->f_mode & FMODE_WRITE && !PDE(inode)->write) 48 return -EACCES; 49 50 net = get_proc_net(inode); 51 if (!net) 52 return -ENXIO; 53 54 p = __seq_open_private(file, PDE(inode)->seq_ops, state_size); 55 if (!p) { 56 put_net(net); 57 return -ENOMEM; 58 } 59 #ifdef CONFIG_NET_NS 60 p->net = net; 61 netns_tracker_alloc(net, &p->ns_tracker, GFP_KERNEL); 62 #endif 63 return 0; 64 } 65 66 static void seq_file_net_put_net(struct seq_file *seq) 67 { 68 #ifdef CONFIG_NET_NS 69 struct seq_net_private *priv = seq->private; 70 71 put_net_track(priv->net, &priv->ns_tracker); 72 #else 73 put_net(&init_net); 74 #endif 75 } 76 77 static int seq_release_net(struct inode *ino, struct file *f) 78 { 79 struct seq_file *seq = f->private_data; 80 81 seq_file_net_put_net(seq); 82 seq_release_private(ino, f); 83 return 0; 84 } 85 86 static const struct proc_ops proc_net_seq_ops = { 87 .proc_open = seq_open_net, 88 .proc_read = seq_read, 89 .proc_write = proc_simple_write, 90 .proc_lseek = seq_lseek, 91 .proc_release = seq_release_net, 92 }; 93 94 int bpf_iter_init_seq_net(void *priv_data, struct bpf_iter_aux_info *aux) 95 { 96 #ifdef CONFIG_NET_NS 97 struct seq_net_private *p = priv_data; 98 99 p->net = get_net_track(current->nsproxy->net_ns, &p->ns_tracker, 100 GFP_KERNEL); 101 #endif 102 return 0; 103 } 104 105 void bpf_iter_fini_seq_net(void *priv_data) 106 { 107 #ifdef CONFIG_NET_NS 108 struct seq_net_private *p = priv_data; 109 110 put_net_track(p->net, &p->ns_tracker); 111 #endif 112 } 113 114 struct proc_dir_entry *proc_create_net_data(const char *name, umode_t mode, 115 struct proc_dir_entry *parent, const struct seq_operations *ops, 116 unsigned int state_size, void *data) 117 { 118 struct proc_dir_entry *p; 119 120 p = proc_create_reg(name, mode, &parent, data); 121 if (!p) 122 return NULL; 123 pde_force_lookup(p); 124 p->proc_ops = &proc_net_seq_ops; 125 p->seq_ops = ops; 126 p->state_size = state_size; 127 return proc_register(parent, p); 128 } 129 EXPORT_SYMBOL_GPL(proc_create_net_data); 130 131 /** 132 * proc_create_net_data_write - Create a writable net_ns-specific proc file 133 * @name: The name of the file. 134 * @mode: The file's access mode. 135 * @parent: The parent directory in which to create. 136 * @ops: The seq_file ops with which to read the file. 137 * @write: The write method with which to 'modify' the file. 138 * @data: Data for retrieval by pde_data(). 139 * 140 * Create a network namespaced proc file in the @parent directory with the 141 * specified @name and @mode that allows reading of a file that displays a 142 * series of elements and also provides for the file accepting writes that have 143 * some arbitrary effect. 144 * 145 * The functions in the @ops table are used to iterate over items to be 146 * presented and extract the readable content using the seq_file interface. 147 * 148 * The @write function is called with the data copied into a kernel space 149 * scratch buffer and has a NUL appended for convenience. The buffer may be 150 * modified by the @write function. @write should return 0 on success. 151 * 152 * The @data value is accessible from the @show and @write functions by calling 153 * pde_data() on the file inode. The network namespace must be accessed by 154 * calling seq_file_net() on the seq_file struct. 155 */ 156 struct proc_dir_entry *proc_create_net_data_write(const char *name, umode_t mode, 157 struct proc_dir_entry *parent, 158 const struct seq_operations *ops, 159 proc_write_t write, 160 unsigned int state_size, void *data) 161 { 162 struct proc_dir_entry *p; 163 164 p = proc_create_reg(name, mode, &parent, data); 165 if (!p) 166 return NULL; 167 pde_force_lookup(p); 168 p->proc_ops = &proc_net_seq_ops; 169 p->seq_ops = ops; 170 p->state_size = state_size; 171 p->write = write; 172 return proc_register(parent, p); 173 } 174 EXPORT_SYMBOL_GPL(proc_create_net_data_write); 175 176 static int single_open_net(struct inode *inode, struct file *file) 177 { 178 struct proc_dir_entry *de = PDE(inode); 179 struct net *net; 180 int err; 181 182 net = get_proc_net(inode); 183 if (!net) 184 return -ENXIO; 185 186 err = single_open(file, de->single_show, net); 187 if (err) 188 put_net(net); 189 return err; 190 } 191 192 static int single_release_net(struct inode *ino, struct file *f) 193 { 194 struct seq_file *seq = f->private_data; 195 put_net(seq->private); 196 return single_release(ino, f); 197 } 198 199 static const struct proc_ops proc_net_single_ops = { 200 .proc_open = single_open_net, 201 .proc_read = seq_read, 202 .proc_write = proc_simple_write, 203 .proc_lseek = seq_lseek, 204 .proc_release = single_release_net, 205 }; 206 207 struct proc_dir_entry *proc_create_net_single(const char *name, umode_t mode, 208 struct proc_dir_entry *parent, 209 int (*show)(struct seq_file *, void *), void *data) 210 { 211 struct proc_dir_entry *p; 212 213 p = proc_create_reg(name, mode, &parent, data); 214 if (!p) 215 return NULL; 216 pde_force_lookup(p); 217 p->proc_ops = &proc_net_single_ops; 218 p->single_show = show; 219 return proc_register(parent, p); 220 } 221 EXPORT_SYMBOL_GPL(proc_create_net_single); 222 223 /** 224 * proc_create_net_single_write - Create a writable net_ns-specific proc file 225 * @name: The name of the file. 226 * @mode: The file's access mode. 227 * @parent: The parent directory in which to create. 228 * @show: The seqfile show method with which to read the file. 229 * @write: The write method with which to 'modify' the file. 230 * @data: Data for retrieval by pde_data(). 231 * 232 * Create a network-namespaced proc file in the @parent directory with the 233 * specified @name and @mode that allows reading of a file that displays a 234 * single element rather than a series and also provides for the file accepting 235 * writes that have some arbitrary effect. 236 * 237 * The @show function is called to extract the readable content via the 238 * seq_file interface. 239 * 240 * The @write function is called with the data copied into a kernel space 241 * scratch buffer and has a NUL appended for convenience. The buffer may be 242 * modified by the @write function. @write should return 0 on success. 243 * 244 * The @data value is accessible from the @show and @write functions by calling 245 * pde_data() on the file inode. The network namespace must be accessed by 246 * calling seq_file_single_net() on the seq_file struct. 247 */ 248 struct proc_dir_entry *proc_create_net_single_write(const char *name, umode_t mode, 249 struct proc_dir_entry *parent, 250 int (*show)(struct seq_file *, void *), 251 proc_write_t write, 252 void *data) 253 { 254 struct proc_dir_entry *p; 255 256 p = proc_create_reg(name, mode, &parent, data); 257 if (!p) 258 return NULL; 259 pde_force_lookup(p); 260 p->proc_ops = &proc_net_single_ops; 261 p->single_show = show; 262 p->write = write; 263 return proc_register(parent, p); 264 } 265 EXPORT_SYMBOL_GPL(proc_create_net_single_write); 266 267 static struct net *get_proc_task_net(struct inode *dir) 268 { 269 struct task_struct *task; 270 struct nsproxy *ns; 271 struct net *net = NULL; 272 273 rcu_read_lock(); 274 task = pid_task(proc_pid(dir), PIDTYPE_PID); 275 if (task != NULL) { 276 task_lock(task); 277 ns = task->nsproxy; 278 if (ns != NULL) 279 net = get_net(ns->net_ns); 280 task_unlock(task); 281 } 282 rcu_read_unlock(); 283 284 return net; 285 } 286 287 static struct dentry *proc_tgid_net_lookup(struct inode *dir, 288 struct dentry *dentry, unsigned int flags) 289 { 290 struct dentry *de; 291 struct net *net; 292 293 de = ERR_PTR(-ENOENT); 294 net = get_proc_task_net(dir); 295 if (net != NULL) { 296 de = proc_lookup_de(dir, dentry, net->proc_net); 297 put_net(net); 298 } 299 return de; 300 } 301 302 static int proc_tgid_net_getattr(struct mnt_idmap *idmap, 303 const struct path *path, struct kstat *stat, 304 u32 request_mask, unsigned int query_flags) 305 { 306 struct inode *inode = d_inode(path->dentry); 307 struct net *net; 308 309 net = get_proc_task_net(inode); 310 311 generic_fillattr(&nop_mnt_idmap, inode, stat); 312 313 if (net != NULL) { 314 stat->nlink = net->proc_net->nlink; 315 put_net(net); 316 } 317 318 return 0; 319 } 320 321 const struct inode_operations proc_net_inode_operations = { 322 .lookup = proc_tgid_net_lookup, 323 .getattr = proc_tgid_net_getattr, 324 }; 325 326 static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx) 327 { 328 int ret; 329 struct net *net; 330 331 ret = -EINVAL; 332 net = get_proc_task_net(file_inode(file)); 333 if (net != NULL) { 334 ret = proc_readdir_de(file, ctx, net->proc_net); 335 put_net(net); 336 } 337 return ret; 338 } 339 340 const struct file_operations proc_net_operations = { 341 .llseek = generic_file_llseek, 342 .read = generic_read_dir, 343 .iterate_shared = proc_tgid_net_readdir, 344 }; 345 346 static __net_init int proc_net_ns_init(struct net *net) 347 { 348 struct proc_dir_entry *netd, *net_statd; 349 kuid_t uid; 350 kgid_t gid; 351 int err; 352 353 /* 354 * This PDE acts only as an anchor for /proc/${pid}/net hierarchy. 355 * Corresponding inode (PDE(inode) == net->proc_net) is never 356 * instantiated therefore blanket zeroing is fine. 357 * net->proc_net_stat inode is instantiated normally. 358 */ 359 err = -ENOMEM; 360 netd = kmem_cache_zalloc(proc_dir_entry_cache, GFP_KERNEL); 361 if (!netd) 362 goto out; 363 364 netd->subdir = RB_ROOT; 365 netd->data = net; 366 netd->nlink = 2; 367 netd->namelen = 3; 368 netd->parent = &proc_root; 369 netd->name = netd->inline_name; 370 memcpy(netd->name, "net", 4); 371 372 uid = make_kuid(net->user_ns, 0); 373 if (!uid_valid(uid)) 374 uid = netd->uid; 375 376 gid = make_kgid(net->user_ns, 0); 377 if (!gid_valid(gid)) 378 gid = netd->gid; 379 380 proc_set_user(netd, uid, gid); 381 382 /* Seed dentry revalidation for /proc/${pid}/net */ 383 pde_force_lookup(netd); 384 385 err = -EEXIST; 386 net_statd = proc_net_mkdir(net, "stat", netd); 387 if (!net_statd) 388 goto free_net; 389 390 net->proc_net = netd; 391 net->proc_net_stat = net_statd; 392 return 0; 393 394 free_net: 395 pde_free(netd); 396 out: 397 return err; 398 } 399 400 static __net_exit void proc_net_ns_exit(struct net *net) 401 { 402 remove_proc_entry("stat", net->proc_net); 403 pde_free(net->proc_net); 404 } 405 406 static struct pernet_operations __net_initdata proc_net_ns_ops = { 407 .init = proc_net_ns_init, 408 .exit = proc_net_ns_exit, 409 }; 410 411 int __init proc_net_init(void) 412 { 413 proc_symlink("net", NULL, "self/net"); 414 415 return register_pernet_subsys(&proc_net_ns_ops); 416 } 417