1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/proc/net.c 4 * 5 * Copyright (C) 2007 6 * 7 * Author: Eric Biederman <ebiederm@xmission.com> 8 * 9 * proc net directory handling functions 10 */ 11 #include <linux/errno.h> 12 #include <linux/time.h> 13 #include <linux/proc_fs.h> 14 #include <linux/stat.h> 15 #include <linux/slab.h> 16 #include <linux/init.h> 17 #include <linux/sched.h> 18 #include <linux/sched/task.h> 19 #include <linux/module.h> 20 #include <linux/bitops.h> 21 #include <linux/mount.h> 22 #include <linux/nsproxy.h> 23 #include <linux/uidgid.h> 24 #include <net/net_namespace.h> 25 #include <linux/seq_file.h> 26 27 #include "internal.h" 28 29 static inline struct net *PDE_NET(struct proc_dir_entry *pde) 30 { 31 return pde->parent->data; 32 } 33 34 static struct net *get_proc_net(const struct inode *inode) 35 { 36 return maybe_get_net(PDE_NET(PDE(inode))); 37 } 38 39 static int seq_open_net(struct inode *inode, struct file *file) 40 { 41 unsigned int state_size = PDE(inode)->state_size; 42 struct seq_net_private *p; 43 struct net *net; 44 45 WARN_ON_ONCE(state_size < sizeof(*p)); 46 47 if (file->f_mode & FMODE_WRITE && !PDE(inode)->write) 48 return -EACCES; 49 50 net = get_proc_net(inode); 51 if (!net) 52 return -ENXIO; 53 54 p = __seq_open_private(file, PDE(inode)->seq_ops, state_size); 55 if (!p) { 56 put_net(net); 57 return -ENOMEM; 58 } 59 #ifdef CONFIG_NET_NS 60 p->net = net; 61 netns_tracker_alloc(net, &p->ns_tracker, GFP_KERNEL); 62 #endif 63 return 0; 64 } 65 66 static void seq_file_net_put_net(struct seq_file *seq) 67 { 68 #ifdef CONFIG_NET_NS 69 struct seq_net_private *priv = seq->private; 70 71 put_net_track(priv->net, &priv->ns_tracker); 72 #else 73 put_net(&init_net); 74 #endif 75 } 76 77 static int seq_release_net(struct inode *ino, struct file *f) 78 { 79 struct seq_file *seq = f->private_data; 80 81 seq_file_net_put_net(seq); 82 seq_release_private(ino, f); 83 return 0; 84 } 85 86 static const struct proc_ops proc_net_seq_ops = { 87 .proc_open = seq_open_net, 88 .proc_read = seq_read, 89 .proc_write = proc_simple_write, 90 .proc_lseek = seq_lseek, 91 .proc_release = seq_release_net, 92 }; 93 94 int bpf_iter_init_seq_net(void *priv_data, struct bpf_iter_aux_info *aux) 95 { 96 #ifdef CONFIG_NET_NS 97 struct seq_net_private *p = priv_data; 98 99 p->net = get_net_track(current->nsproxy->net_ns, &p->ns_tracker, 100 GFP_KERNEL); 101 #endif 102 return 0; 103 } 104 105 void bpf_iter_fini_seq_net(void *priv_data) 106 { 107 #ifdef CONFIG_NET_NS 108 struct seq_net_private *p = priv_data; 109 110 put_net_track(p->net, &p->ns_tracker); 111 #endif 112 } 113 114 struct proc_dir_entry *proc_create_net_data(const char *name, umode_t mode, 115 struct proc_dir_entry *parent, const struct seq_operations *ops, 116 unsigned int state_size, void *data) 117 { 118 struct proc_dir_entry *p; 119 120 p = proc_create_reg(name, mode, &parent, data); 121 if (!p) 122 return NULL; 123 pde_force_lookup(p); 124 p->proc_ops = &proc_net_seq_ops; 125 p->seq_ops = ops; 126 p->state_size = state_size; 127 return proc_register(parent, p); 128 } 129 EXPORT_SYMBOL_GPL(proc_create_net_data); 130 131 /** 132 * proc_create_net_data_write - Create a writable net_ns-specific proc file 133 * @name: The name of the file. 134 * @mode: The file's access mode. 135 * @parent: The parent directory in which to create. 136 * @ops: The seq_file ops with which to read the file. 137 * @write: The write method with which to 'modify' the file. 138 * @data: Data for retrieval by pde_data(). 139 * 140 * Create a network namespaced proc file in the @parent directory with the 141 * specified @name and @mode that allows reading of a file that displays a 142 * series of elements and also provides for the file accepting writes that have 143 * some arbitrary effect. 144 * 145 * The functions in the @ops table are used to iterate over items to be 146 * presented and extract the readable content using the seq_file interface. 147 * 148 * The @write function is called with the data copied into a kernel space 149 * scratch buffer and has a NUL appended for convenience. The buffer may be 150 * modified by the @write function. @write should return 0 on success. 151 * 152 * The @data value is accessible from the @show and @write functions by calling 153 * pde_data() on the file inode. The network namespace must be accessed by 154 * calling seq_file_net() on the seq_file struct. 155 */ 156 struct proc_dir_entry *proc_create_net_data_write(const char *name, umode_t mode, 157 struct proc_dir_entry *parent, 158 const struct seq_operations *ops, 159 proc_write_t write, 160 unsigned int state_size, void *data) 161 { 162 struct proc_dir_entry *p; 163 164 p = proc_create_reg(name, mode, &parent, data); 165 if (!p) 166 return NULL; 167 pde_force_lookup(p); 168 p->proc_ops = &proc_net_seq_ops; 169 p->seq_ops = ops; 170 p->state_size = state_size; 171 p->write = write; 172 return proc_register(parent, p); 173 } 174 EXPORT_SYMBOL_GPL(proc_create_net_data_write); 175 176 static int single_open_net(struct inode *inode, struct file *file) 177 { 178 struct proc_dir_entry *de = PDE(inode); 179 struct net *net; 180 int err; 181 182 net = get_proc_net(inode); 183 if (!net) 184 return -ENXIO; 185 186 err = single_open(file, de->single_show, net); 187 if (err) 188 put_net(net); 189 return err; 190 } 191 192 static int single_release_net(struct inode *ino, struct file *f) 193 { 194 struct seq_file *seq = f->private_data; 195 put_net(seq->private); 196 return single_release(ino, f); 197 } 198 199 static const struct proc_ops proc_net_single_ops = { 200 .proc_open = single_open_net, 201 .proc_read = seq_read, 202 .proc_write = proc_simple_write, 203 .proc_lseek = seq_lseek, 204 .proc_release = single_release_net, 205 }; 206 207 struct proc_dir_entry *proc_create_net_single(const char *name, umode_t mode, 208 struct proc_dir_entry *parent, 209 int (*show)(struct seq_file *, void *), void *data) 210 { 211 struct proc_dir_entry *p; 212 213 p = proc_create_reg(name, mode, &parent, data); 214 if (!p) 215 return NULL; 216 pde_force_lookup(p); 217 p->proc_ops = &proc_net_single_ops; 218 p->single_show = show; 219 return proc_register(parent, p); 220 } 221 EXPORT_SYMBOL_GPL(proc_create_net_single); 222 223 /** 224 * proc_create_net_single_write - Create a writable net_ns-specific proc file 225 * @name: The name of the file. 226 * @mode: The file's access mode. 227 * @parent: The parent directory in which to create. 228 * @show: The seqfile show method with which to read the file. 229 * @write: The write method with which to 'modify' the file. 230 * @data: Data for retrieval by pde_data(). 231 * 232 * Create a network-namespaced proc file in the @parent directory with the 233 * specified @name and @mode that allows reading of a file that displays a 234 * single element rather than a series and also provides for the file accepting 235 * writes that have some arbitrary effect. 236 * 237 * The @show function is called to extract the readable content via the 238 * seq_file interface. 239 * 240 * The @write function is called with the data copied into a kernel space 241 * scratch buffer and has a NUL appended for convenience. The buffer may be 242 * modified by the @write function. @write should return 0 on success. 243 * 244 * The @data value is accessible from the @show and @write functions by calling 245 * pde_data() on the file inode. The network namespace must be accessed by 246 * calling seq_file_single_net() on the seq_file struct. 247 */ 248 struct proc_dir_entry *proc_create_net_single_write(const char *name, umode_t mode, 249 struct proc_dir_entry *parent, 250 int (*show)(struct seq_file *, void *), 251 proc_write_t write, 252 void *data) 253 { 254 struct proc_dir_entry *p; 255 256 p = proc_create_reg(name, mode, &parent, data); 257 if (!p) 258 return NULL; 259 pde_force_lookup(p); 260 p->proc_ops = &proc_net_single_ops; 261 p->single_show = show; 262 p->write = write; 263 return proc_register(parent, p); 264 } 265 EXPORT_SYMBOL_GPL(proc_create_net_single_write); 266 267 static struct net *get_proc_task_net(struct inode *dir) 268 { 269 struct task_struct *task; 270 struct nsproxy *ns; 271 struct net *net = NULL; 272 273 rcu_read_lock(); 274 task = pid_task(proc_pid(dir), PIDTYPE_PID); 275 if (task != NULL) { 276 task_lock(task); 277 ns = task->nsproxy; 278 if (ns != NULL) 279 net = get_net(ns->net_ns); 280 task_unlock(task); 281 } 282 rcu_read_unlock(); 283 284 return net; 285 } 286 287 static struct dentry *proc_tgid_net_lookup(struct inode *dir, 288 struct dentry *dentry, unsigned int flags) 289 { 290 struct dentry *de; 291 struct net *net; 292 293 de = ERR_PTR(-ENOENT); 294 net = get_proc_task_net(dir); 295 if (net != NULL) { 296 de = proc_lookup_de(dir, dentry, net->proc_net); 297 put_net(net); 298 } 299 return de; 300 } 301 302 static int proc_tgid_net_getattr(struct mnt_idmap *idmap, 303 const struct path *path, struct kstat *stat, 304 u32 request_mask, unsigned int query_flags) 305 { 306 struct inode *inode = d_inode(path->dentry); 307 struct net *net; 308 309 net = get_proc_task_net(inode); 310 311 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); 312 313 if (net != NULL) { 314 stat->nlink = net->proc_net->nlink; 315 put_net(net); 316 } 317 318 return 0; 319 } 320 321 const struct inode_operations proc_net_inode_operations = { 322 .lookup = proc_tgid_net_lookup, 323 .getattr = proc_tgid_net_getattr, 324 .setattr = proc_setattr, 325 }; 326 327 static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx) 328 { 329 int ret; 330 struct net *net; 331 332 ret = -EINVAL; 333 net = get_proc_task_net(file_inode(file)); 334 if (net != NULL) { 335 ret = proc_readdir_de(file, ctx, net->proc_net); 336 put_net(net); 337 } 338 return ret; 339 } 340 341 const struct file_operations proc_net_operations = { 342 .llseek = generic_file_llseek, 343 .read = generic_read_dir, 344 .iterate_shared = proc_tgid_net_readdir, 345 }; 346 347 static __net_init int proc_net_ns_init(struct net *net) 348 { 349 struct proc_dir_entry *netd, *net_statd; 350 kuid_t uid; 351 kgid_t gid; 352 int err; 353 354 /* 355 * This PDE acts only as an anchor for /proc/${pid}/net hierarchy. 356 * Corresponding inode (PDE(inode) == net->proc_net) is never 357 * instantiated therefore blanket zeroing is fine. 358 * net->proc_net_stat inode is instantiated normally. 359 */ 360 err = -ENOMEM; 361 netd = kmem_cache_zalloc(proc_dir_entry_cache, GFP_KERNEL); 362 if (!netd) 363 goto out; 364 365 netd->subdir = RB_ROOT; 366 netd->data = net; 367 netd->nlink = 2; 368 netd->namelen = 3; 369 netd->parent = &proc_root; 370 netd->name = netd->inline_name; 371 memcpy(netd->name, "net", 4); 372 373 uid = make_kuid(net->user_ns, 0); 374 if (!uid_valid(uid)) 375 uid = netd->uid; 376 377 gid = make_kgid(net->user_ns, 0); 378 if (!gid_valid(gid)) 379 gid = netd->gid; 380 381 proc_set_user(netd, uid, gid); 382 383 /* Seed dentry revalidation for /proc/${pid}/net */ 384 pde_force_lookup(netd); 385 386 err = -EEXIST; 387 net_statd = proc_net_mkdir(net, "stat", netd); 388 if (!net_statd) 389 goto free_net; 390 391 net->proc_net = netd; 392 net->proc_net_stat = net_statd; 393 return 0; 394 395 free_net: 396 pde_free(netd); 397 out: 398 return err; 399 } 400 401 static __net_exit void proc_net_ns_exit(struct net *net) 402 { 403 remove_proc_entry("stat", net->proc_net); 404 pde_free(net->proc_net); 405 } 406 407 static struct pernet_operations __net_initdata proc_net_ns_ops = { 408 .init = proc_net_ns_init, 409 .exit = proc_net_ns_exit, 410 }; 411 412 int __init proc_net_init(void) 413 { 414 proc_symlink("net", NULL, "self/net"); 415 416 return register_pernet_subsys(&proc_net_ns_ops); 417 } 418