1b2441318SGreg Kroah-Hartman // SPDX-License-Identifier: GPL-2.0 23f07c014SIngo Molnar #include <linux/sched/signal.h> 3faf60af1SCyrill Gorcunov #include <linux/errno.h> 4faf60af1SCyrill Gorcunov #include <linux/dcache.h> 5faf60af1SCyrill Gorcunov #include <linux/path.h> 6faf60af1SCyrill Gorcunov #include <linux/fdtable.h> 7faf60af1SCyrill Gorcunov #include <linux/namei.h> 8faf60af1SCyrill Gorcunov #include <linux/pid.h> 97bc3fa01SKalesh Singh #include <linux/ptrace.h> 10faf60af1SCyrill Gorcunov #include <linux/security.h> 11ddd3e077SCyrill Gorcunov #include <linux/file.h> 12ddd3e077SCyrill Gorcunov #include <linux/seq_file.h> 136c8c9031SAndrey Vagin #include <linux/fs.h> 14faf60af1SCyrill Gorcunov 15faf60af1SCyrill Gorcunov #include <linux/proc_fs.h> 16faf60af1SCyrill Gorcunov 1749d063cbSAndrey Vagin #include "../mount.h" 18faf60af1SCyrill Gorcunov #include "internal.h" 19faf60af1SCyrill Gorcunov #include "fd.h" 20faf60af1SCyrill Gorcunov 21ddd3e077SCyrill Gorcunov static int seq_show(struct seq_file *m, void *v) 22faf60af1SCyrill Gorcunov { 23faf60af1SCyrill Gorcunov struct files_struct *files = NULL; 24ddd3e077SCyrill Gorcunov int f_flags = 0, ret = -ENOENT; 25ddd3e077SCyrill Gorcunov struct file *file = NULL; 26ddd3e077SCyrill Gorcunov struct task_struct *task; 27faf60af1SCyrill Gorcunov 28ddd3e077SCyrill Gorcunov task = get_proc_task(m->private); 29ddd3e077SCyrill Gorcunov if (!task) 30ddd3e077SCyrill Gorcunov return -ENOENT; 31ddd3e077SCyrill Gorcunov 32775e0656SEric W. Biederman task_lock(task); 33775e0656SEric W. Biederman files = task->files; 34faf60af1SCyrill Gorcunov if (files) { 35771187d6SAlexey Dobriyan unsigned int fd = proc_fd(m->private); 36ddd3e077SCyrill Gorcunov 37faf60af1SCyrill Gorcunov spin_lock(&files->file_lock); 38120ce2b0SEric W. Biederman file = files_lookup_fd_locked(files, fd); 39faf60af1SCyrill Gorcunov if (file) { 40ddd3e077SCyrill Gorcunov struct fdtable *fdt = files_fdtable(files); 41faf60af1SCyrill Gorcunov 42c6f3d811SAl Viro f_flags = file->f_flags; 43faf60af1SCyrill Gorcunov if (close_on_exec(fd, fdt)) 44faf60af1SCyrill Gorcunov f_flags |= O_CLOEXEC; 45faf60af1SCyrill Gorcunov 46ddd3e077SCyrill Gorcunov get_file(file); 47ddd3e077SCyrill Gorcunov ret = 0; 48faf60af1SCyrill Gorcunov } 49faf60af1SCyrill Gorcunov spin_unlock(&files->file_lock); 50faf60af1SCyrill Gorcunov } 51775e0656SEric W. Biederman task_unlock(task); 52775e0656SEric W. Biederman put_task_struct(task); 53ddd3e077SCyrill Gorcunov 546c8c9031SAndrey Vagin if (ret) 556c8c9031SAndrey Vagin return ret; 566c8c9031SAndrey Vagin 573845f256SKalesh Singh seq_printf(m, "pos:\t%lli\nflags:\t0%o\nmnt_id:\t%i\nino:\t%lu\n", 5849d063cbSAndrey Vagin (long long)file->f_pos, f_flags, 593845f256SKalesh Singh real_mount(file->f_path.mnt)->mnt_id, 603845f256SKalesh Singh file_inode(file)->i_ino); 616c8c9031SAndrey Vagin 62775e0656SEric W. Biederman /* show_fd_locks() never deferences files so a stale value is safe */ 636c8c9031SAndrey Vagin show_fd_locks(m, file, files); 646c8c9031SAndrey Vagin if (seq_has_overflowed(m)) 656c8c9031SAndrey Vagin goto out; 666c8c9031SAndrey Vagin 6755985dd7SCyrill Gorcunov if (file->f_op->show_fdinfo) 68a3816ab0SJoe Perches file->f_op->show_fdinfo(m, file); 69faf60af1SCyrill Gorcunov 706c8c9031SAndrey Vagin out: 716c8c9031SAndrey Vagin fput(file); 726c8c9031SAndrey Vagin return 0; 73ddd3e077SCyrill Gorcunov } 74ddd3e077SCyrill Gorcunov 75*1927e498SKalesh Singh static int proc_fdinfo_access_allowed(struct inode *inode) 76ddd3e077SCyrill Gorcunov { 777bc3fa01SKalesh Singh bool allowed = false; 787bc3fa01SKalesh Singh struct task_struct *task = get_proc_task(inode); 797bc3fa01SKalesh Singh 807bc3fa01SKalesh Singh if (!task) 817bc3fa01SKalesh Singh return -ESRCH; 827bc3fa01SKalesh Singh 837bc3fa01SKalesh Singh allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); 847bc3fa01SKalesh Singh put_task_struct(task); 857bc3fa01SKalesh Singh 867bc3fa01SKalesh Singh if (!allowed) 877bc3fa01SKalesh Singh return -EACCES; 887bc3fa01SKalesh Singh 89*1927e498SKalesh Singh return 0; 90*1927e498SKalesh Singh } 91*1927e498SKalesh Singh 92*1927e498SKalesh Singh static int seq_fdinfo_open(struct inode *inode, struct file *file) 93*1927e498SKalesh Singh { 94*1927e498SKalesh Singh int ret = proc_fdinfo_access_allowed(inode); 95*1927e498SKalesh Singh 96*1927e498SKalesh Singh if (ret) 97*1927e498SKalesh Singh return ret; 98*1927e498SKalesh Singh 99ddd3e077SCyrill Gorcunov return single_open(file, seq_show, inode); 100ddd3e077SCyrill Gorcunov } 101ddd3e077SCyrill Gorcunov 102ddd3e077SCyrill Gorcunov static const struct file_operations proc_fdinfo_file_operations = { 103ddd3e077SCyrill Gorcunov .open = seq_fdinfo_open, 104ddd3e077SCyrill Gorcunov .read = seq_read, 105ddd3e077SCyrill Gorcunov .llseek = seq_lseek, 106ddd3e077SCyrill Gorcunov .release = single_release, 107ddd3e077SCyrill Gorcunov }; 108ddd3e077SCyrill Gorcunov 1091ae9bd8bSAl Viro static bool tid_fd_mode(struct task_struct *task, unsigned fd, fmode_t *mode) 1101ae9bd8bSAl Viro { 1111ae9bd8bSAl Viro struct file *file; 1121ae9bd8bSAl Viro 1131ae9bd8bSAl Viro rcu_read_lock(); 11464eb661fSEric W. Biederman file = task_lookup_fd_rcu(task, fd); 1151ae9bd8bSAl Viro if (file) 1161ae9bd8bSAl Viro *mode = file->f_mode; 1171ae9bd8bSAl Viro rcu_read_unlock(); 1181ae9bd8bSAl Viro return !!file; 1191ae9bd8bSAl Viro } 1201ae9bd8bSAl Viro 12198836386SAl Viro static void tid_fd_update_inode(struct task_struct *task, struct inode *inode, 12298836386SAl Viro fmode_t f_mode) 123faf60af1SCyrill Gorcunov { 12468eb94f1SEric W. Biederman task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid); 125faf60af1SCyrill Gorcunov 126faf60af1SCyrill Gorcunov if (S_ISLNK(inode->i_mode)) { 127faf60af1SCyrill Gorcunov unsigned i_mode = S_IFLNK; 128faf60af1SCyrill Gorcunov if (f_mode & FMODE_READ) 129faf60af1SCyrill Gorcunov i_mode |= S_IRUSR | S_IXUSR; 130faf60af1SCyrill Gorcunov if (f_mode & FMODE_WRITE) 131faf60af1SCyrill Gorcunov i_mode |= S_IWUSR | S_IXUSR; 132faf60af1SCyrill Gorcunov inode->i_mode = i_mode; 133faf60af1SCyrill Gorcunov } 134faf60af1SCyrill Gorcunov security_task_to_inode(task, inode); 13598836386SAl Viro } 13698836386SAl Viro 13798836386SAl Viro static int tid_fd_revalidate(struct dentry *dentry, unsigned int flags) 13898836386SAl Viro { 13998836386SAl Viro struct task_struct *task; 14098836386SAl Viro struct inode *inode; 14198836386SAl Viro unsigned int fd; 14298836386SAl Viro 14398836386SAl Viro if (flags & LOOKUP_RCU) 14498836386SAl Viro return -ECHILD; 14598836386SAl Viro 14698836386SAl Viro inode = d_inode(dentry); 14798836386SAl Viro task = get_proc_task(inode); 14898836386SAl Viro fd = proc_fd(inode); 14998836386SAl Viro 15098836386SAl Viro if (task) { 15198836386SAl Viro fmode_t f_mode; 15298836386SAl Viro if (tid_fd_mode(task, fd, &f_mode)) { 15398836386SAl Viro tid_fd_update_inode(task, inode, f_mode); 154faf60af1SCyrill Gorcunov put_task_struct(task); 155faf60af1SCyrill Gorcunov return 1; 156faf60af1SCyrill Gorcunov } 157faf60af1SCyrill Gorcunov put_task_struct(task); 158faf60af1SCyrill Gorcunov } 159faf60af1SCyrill Gorcunov return 0; 160faf60af1SCyrill Gorcunov } 161faf60af1SCyrill Gorcunov 162faf60af1SCyrill Gorcunov static const struct dentry_operations tid_fd_dentry_operations = { 163faf60af1SCyrill Gorcunov .d_revalidate = tid_fd_revalidate, 164faf60af1SCyrill Gorcunov .d_delete = pid_delete_dentry, 165faf60af1SCyrill Gorcunov }; 166faf60af1SCyrill Gorcunov 167faf60af1SCyrill Gorcunov static int proc_fd_link(struct dentry *dentry, struct path *path) 168faf60af1SCyrill Gorcunov { 169ddd3e077SCyrill Gorcunov struct task_struct *task; 170ddd3e077SCyrill Gorcunov int ret = -ENOENT; 171ddd3e077SCyrill Gorcunov 1722b0143b5SDavid Howells task = get_proc_task(d_inode(dentry)); 173ddd3e077SCyrill Gorcunov if (task) { 174771187d6SAlexey Dobriyan unsigned int fd = proc_fd(d_inode(dentry)); 175ddd3e077SCyrill Gorcunov struct file *fd_file; 176ddd3e077SCyrill Gorcunov 177439be326SEric W. Biederman fd_file = fget_task(task, fd); 178ddd3e077SCyrill Gorcunov if (fd_file) { 179ddd3e077SCyrill Gorcunov *path = fd_file->f_path; 180ddd3e077SCyrill Gorcunov path_get(&fd_file->f_path); 181ddd3e077SCyrill Gorcunov ret = 0; 182439be326SEric W. Biederman fput(fd_file); 183ddd3e077SCyrill Gorcunov } 184439be326SEric W. Biederman put_task_struct(task); 185ddd3e077SCyrill Gorcunov } 186ddd3e077SCyrill Gorcunov 187ddd3e077SCyrill Gorcunov return ret; 188faf60af1SCyrill Gorcunov } 189faf60af1SCyrill Gorcunov 19098836386SAl Viro struct fd_data { 19198836386SAl Viro fmode_t mode; 19298836386SAl Viro unsigned fd; 19398836386SAl Viro }; 19498836386SAl Viro 1950168b9e3SAl Viro static struct dentry *proc_fd_instantiate(struct dentry *dentry, 196faf60af1SCyrill Gorcunov struct task_struct *task, const void *ptr) 197faf60af1SCyrill Gorcunov { 19898836386SAl Viro const struct fd_data *data = ptr; 199faf60af1SCyrill Gorcunov struct proc_inode *ei; 200faf60af1SCyrill Gorcunov struct inode *inode; 201faf60af1SCyrill Gorcunov 2020168b9e3SAl Viro inode = proc_pid_make_inode(dentry->d_sb, task, S_IFLNK); 203faf60af1SCyrill Gorcunov if (!inode) 2040168b9e3SAl Viro return ERR_PTR(-ENOENT); 205faf60af1SCyrill Gorcunov 206faf60af1SCyrill Gorcunov ei = PROC_I(inode); 20798836386SAl Viro ei->fd = data->fd; 208faf60af1SCyrill Gorcunov 209faf60af1SCyrill Gorcunov inode->i_op = &proc_pid_link_inode_operations; 210faf60af1SCyrill Gorcunov inode->i_size = 64; 211faf60af1SCyrill Gorcunov 212faf60af1SCyrill Gorcunov ei->op.proc_get_link = proc_fd_link; 21398836386SAl Viro tid_fd_update_inode(task, inode, data->mode); 214faf60af1SCyrill Gorcunov 215faf60af1SCyrill Gorcunov d_set_d_op(dentry, &tid_fd_dentry_operations); 2160168b9e3SAl Viro return d_splice_alias(inode, dentry); 217faf60af1SCyrill Gorcunov } 218faf60af1SCyrill Gorcunov 219faf60af1SCyrill Gorcunov static struct dentry *proc_lookupfd_common(struct inode *dir, 220faf60af1SCyrill Gorcunov struct dentry *dentry, 221faf60af1SCyrill Gorcunov instantiate_t instantiate) 222faf60af1SCyrill Gorcunov { 223faf60af1SCyrill Gorcunov struct task_struct *task = get_proc_task(dir); 22498836386SAl Viro struct fd_data data = {.fd = name_to_int(&dentry->d_name)}; 2250168b9e3SAl Viro struct dentry *result = ERR_PTR(-ENOENT); 226faf60af1SCyrill Gorcunov 227faf60af1SCyrill Gorcunov if (!task) 228faf60af1SCyrill Gorcunov goto out_no_task; 22998836386SAl Viro if (data.fd == ~0U) 230faf60af1SCyrill Gorcunov goto out; 23198836386SAl Viro if (!tid_fd_mode(task, data.fd, &data.mode)) 2321ae9bd8bSAl Viro goto out; 233faf60af1SCyrill Gorcunov 2340168b9e3SAl Viro result = instantiate(dentry, task, &data); 235faf60af1SCyrill Gorcunov out: 236faf60af1SCyrill Gorcunov put_task_struct(task); 237faf60af1SCyrill Gorcunov out_no_task: 2380168b9e3SAl Viro return result; 239faf60af1SCyrill Gorcunov } 240faf60af1SCyrill Gorcunov 241f0c3b509SAl Viro static int proc_readfd_common(struct file *file, struct dir_context *ctx, 242f0c3b509SAl Viro instantiate_t instantiate) 243faf60af1SCyrill Gorcunov { 244f0c3b509SAl Viro struct task_struct *p = get_proc_task(file_inode(file)); 245f0c3b509SAl Viro unsigned int fd; 246faf60af1SCyrill Gorcunov 247faf60af1SCyrill Gorcunov if (!p) 248f0c3b509SAl Viro return -ENOENT; 249faf60af1SCyrill Gorcunov 250f0c3b509SAl Viro if (!dir_emit_dots(file, ctx)) 251faf60af1SCyrill Gorcunov goto out; 252f0c3b509SAl Viro 253faf60af1SCyrill Gorcunov rcu_read_lock(); 2545b17b618SEric W. Biederman for (fd = ctx->pos - 2;; fd++) { 25598836386SAl Viro struct file *f; 25698836386SAl Viro struct fd_data data; 257e3912ac3SAlexey Dobriyan char name[10 + 1]; 258a4ef3895SAlexey Dobriyan unsigned int len; 259faf60af1SCyrill Gorcunov 2605b17b618SEric W. Biederman f = task_lookup_next_fd_rcu(p, &fd); 2615b17b618SEric W. Biederman ctx->pos = fd + 2LL; 26298836386SAl Viro if (!f) 2635b17b618SEric W. Biederman break; 26498836386SAl Viro data.mode = f->f_mode; 265faf60af1SCyrill Gorcunov rcu_read_unlock(); 26698836386SAl Viro data.fd = fd; 267faf60af1SCyrill Gorcunov 268771187d6SAlexey Dobriyan len = snprintf(name, sizeof(name), "%u", fd); 269f0c3b509SAl Viro if (!proc_fill_cache(file, ctx, 270faf60af1SCyrill Gorcunov name, len, instantiate, p, 27198836386SAl Viro &data)) 2725b17b618SEric W. Biederman goto out; 2733cc4a84eSEric Dumazet cond_resched(); 274faf60af1SCyrill Gorcunov rcu_read_lock(); 275faf60af1SCyrill Gorcunov } 276faf60af1SCyrill Gorcunov rcu_read_unlock(); 277faf60af1SCyrill Gorcunov out: 278faf60af1SCyrill Gorcunov put_task_struct(p); 279f0c3b509SAl Viro return 0; 280faf60af1SCyrill Gorcunov } 281faf60af1SCyrill Gorcunov 282f0c3b509SAl Viro static int proc_readfd(struct file *file, struct dir_context *ctx) 283faf60af1SCyrill Gorcunov { 284f0c3b509SAl Viro return proc_readfd_common(file, ctx, proc_fd_instantiate); 285faf60af1SCyrill Gorcunov } 286faf60af1SCyrill Gorcunov 287faf60af1SCyrill Gorcunov const struct file_operations proc_fd_operations = { 288faf60af1SCyrill Gorcunov .read = generic_read_dir, 289f50752eaSAl Viro .iterate_shared = proc_readfd, 290f50752eaSAl Viro .llseek = generic_file_llseek, 291faf60af1SCyrill Gorcunov }; 292faf60af1SCyrill Gorcunov 293faf60af1SCyrill Gorcunov static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry, 294faf60af1SCyrill Gorcunov unsigned int flags) 295faf60af1SCyrill Gorcunov { 296faf60af1SCyrill Gorcunov return proc_lookupfd_common(dir, dentry, proc_fd_instantiate); 297faf60af1SCyrill Gorcunov } 298faf60af1SCyrill Gorcunov 299faf60af1SCyrill Gorcunov /* 300faf60af1SCyrill Gorcunov * /proc/pid/fd needs a special permission handler so that a process can still 301faf60af1SCyrill Gorcunov * access /proc/self/fd after it has executed a setuid(). 302faf60af1SCyrill Gorcunov */ 303549c7297SChristian Brauner int proc_fd_permission(struct user_namespace *mnt_userns, 304549c7297SChristian Brauner struct inode *inode, int mask) 305faf60af1SCyrill Gorcunov { 30654708d28SOleg Nesterov struct task_struct *p; 30754708d28SOleg Nesterov int rv; 30854708d28SOleg Nesterov 30947291baaSChristian Brauner rv = generic_permission(&init_user_ns, inode, mask); 310faf60af1SCyrill Gorcunov if (rv == 0) 31154708d28SOleg Nesterov return rv; 31254708d28SOleg Nesterov 31354708d28SOleg Nesterov rcu_read_lock(); 31454708d28SOleg Nesterov p = pid_task(proc_pid(inode), PIDTYPE_PID); 31554708d28SOleg Nesterov if (p && same_thread_group(p, current)) 316faf60af1SCyrill Gorcunov rv = 0; 31754708d28SOleg Nesterov rcu_read_unlock(); 31854708d28SOleg Nesterov 319faf60af1SCyrill Gorcunov return rv; 320faf60af1SCyrill Gorcunov } 321faf60af1SCyrill Gorcunov 322faf60af1SCyrill Gorcunov const struct inode_operations proc_fd_inode_operations = { 323faf60af1SCyrill Gorcunov .lookup = proc_lookupfd, 324faf60af1SCyrill Gorcunov .permission = proc_fd_permission, 325faf60af1SCyrill Gorcunov .setattr = proc_setattr, 326faf60af1SCyrill Gorcunov }; 327faf60af1SCyrill Gorcunov 3280168b9e3SAl Viro static struct dentry *proc_fdinfo_instantiate(struct dentry *dentry, 329faf60af1SCyrill Gorcunov struct task_struct *task, const void *ptr) 330faf60af1SCyrill Gorcunov { 33198836386SAl Viro const struct fd_data *data = ptr; 332faf60af1SCyrill Gorcunov struct proc_inode *ei; 333faf60af1SCyrill Gorcunov struct inode *inode; 334faf60af1SCyrill Gorcunov 3357bc3fa01SKalesh Singh inode = proc_pid_make_inode(dentry->d_sb, task, S_IFREG | S_IRUGO); 336faf60af1SCyrill Gorcunov if (!inode) 3370168b9e3SAl Viro return ERR_PTR(-ENOENT); 338faf60af1SCyrill Gorcunov 339faf60af1SCyrill Gorcunov ei = PROC_I(inode); 34098836386SAl Viro ei->fd = data->fd; 341faf60af1SCyrill Gorcunov 342faf60af1SCyrill Gorcunov inode->i_fop = &proc_fdinfo_file_operations; 34398836386SAl Viro tid_fd_update_inode(task, inode, 0); 344faf60af1SCyrill Gorcunov 345faf60af1SCyrill Gorcunov d_set_d_op(dentry, &tid_fd_dentry_operations); 3460168b9e3SAl Viro return d_splice_alias(inode, dentry); 347faf60af1SCyrill Gorcunov } 348faf60af1SCyrill Gorcunov 349faf60af1SCyrill Gorcunov static struct dentry * 350faf60af1SCyrill Gorcunov proc_lookupfdinfo(struct inode *dir, struct dentry *dentry, unsigned int flags) 351faf60af1SCyrill Gorcunov { 352faf60af1SCyrill Gorcunov return proc_lookupfd_common(dir, dentry, proc_fdinfo_instantiate); 353faf60af1SCyrill Gorcunov } 354faf60af1SCyrill Gorcunov 355f0c3b509SAl Viro static int proc_readfdinfo(struct file *file, struct dir_context *ctx) 356faf60af1SCyrill Gorcunov { 357f0c3b509SAl Viro return proc_readfd_common(file, ctx, 358faf60af1SCyrill Gorcunov proc_fdinfo_instantiate); 359faf60af1SCyrill Gorcunov } 360faf60af1SCyrill Gorcunov 361*1927e498SKalesh Singh static int proc_open_fdinfo(struct inode *inode, struct file *file) 362*1927e498SKalesh Singh { 363*1927e498SKalesh Singh int ret = proc_fdinfo_access_allowed(inode); 364*1927e498SKalesh Singh 365*1927e498SKalesh Singh if (ret) 366*1927e498SKalesh Singh return ret; 367*1927e498SKalesh Singh 368*1927e498SKalesh Singh return 0; 369*1927e498SKalesh Singh } 370*1927e498SKalesh Singh 371faf60af1SCyrill Gorcunov const struct inode_operations proc_fdinfo_inode_operations = { 372faf60af1SCyrill Gorcunov .lookup = proc_lookupfdinfo, 373faf60af1SCyrill Gorcunov .setattr = proc_setattr, 374faf60af1SCyrill Gorcunov }; 375faf60af1SCyrill Gorcunov 376faf60af1SCyrill Gorcunov const struct file_operations proc_fdinfo_operations = { 377*1927e498SKalesh Singh .open = proc_open_fdinfo, 378faf60af1SCyrill Gorcunov .read = generic_read_dir, 379f50752eaSAl Viro .iterate_shared = proc_readfdinfo, 380f50752eaSAl Viro .llseek = generic_file_llseek, 381faf60af1SCyrill Gorcunov }; 382