1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 28 #include <linux/uaccess.h> 29 30 #include "internal.h" 31 32 static void proc_evict_inode(struct inode *inode) 33 { 34 struct proc_dir_entry *de; 35 struct ctl_table_header *head; 36 struct proc_inode *ei = PROC_I(inode); 37 38 truncate_inode_pages_final(&inode->i_data); 39 clear_inode(inode); 40 41 /* Stop tracking associated processes */ 42 if (ei->pid) { 43 proc_pid_evict_inode(ei); 44 ei->pid = NULL; 45 } 46 47 /* Let go of any associated proc directory entry */ 48 de = ei->pde; 49 if (de) { 50 pde_put(de); 51 ei->pde = NULL; 52 } 53 54 head = ei->sysctl; 55 if (head) { 56 RCU_INIT_POINTER(ei->sysctl, NULL); 57 proc_sys_evict_inode(inode, head); 58 } 59 } 60 61 static struct kmem_cache *proc_inode_cachep __ro_after_init; 62 static struct kmem_cache *pde_opener_cache __ro_after_init; 63 64 static struct inode *proc_alloc_inode(struct super_block *sb) 65 { 66 struct proc_inode *ei; 67 68 ei = kmem_cache_alloc(proc_inode_cachep, GFP_KERNEL); 69 if (!ei) 70 return NULL; 71 ei->pid = NULL; 72 ei->fd = 0; 73 ei->op.proc_get_link = NULL; 74 ei->pde = NULL; 75 ei->sysctl = NULL; 76 ei->sysctl_entry = NULL; 77 INIT_HLIST_NODE(&ei->sibling_inodes); 78 ei->ns_ops = NULL; 79 return &ei->vfs_inode; 80 } 81 82 static void proc_free_inode(struct inode *inode) 83 { 84 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 85 } 86 87 static void init_once(void *foo) 88 { 89 struct proc_inode *ei = (struct proc_inode *) foo; 90 91 inode_init_once(&ei->vfs_inode); 92 } 93 94 void __init proc_init_kmemcache(void) 95 { 96 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 97 sizeof(struct proc_inode), 98 0, (SLAB_RECLAIM_ACCOUNT| 99 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 100 SLAB_PANIC), 101 init_once); 102 pde_opener_cache = 103 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 104 SLAB_ACCOUNT|SLAB_PANIC, NULL); 105 proc_dir_entry_cache = kmem_cache_create_usercopy( 106 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 107 offsetof(struct proc_dir_entry, inline_name), 108 SIZEOF_PDE_INLINE_NAME, NULL); 109 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 110 } 111 112 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 113 { 114 struct inode *inode; 115 struct proc_inode *ei; 116 struct hlist_node *node; 117 struct super_block *old_sb = NULL; 118 119 rcu_read_lock(); 120 for (;;) { 121 struct super_block *sb; 122 node = hlist_first_rcu(inodes); 123 if (!node) 124 break; 125 ei = hlist_entry(node, struct proc_inode, sibling_inodes); 126 spin_lock(lock); 127 hlist_del_init_rcu(&ei->sibling_inodes); 128 spin_unlock(lock); 129 130 inode = &ei->vfs_inode; 131 sb = inode->i_sb; 132 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 133 continue; 134 inode = igrab(inode); 135 rcu_read_unlock(); 136 if (sb != old_sb) { 137 if (old_sb) 138 deactivate_super(old_sb); 139 old_sb = sb; 140 } 141 if (unlikely(!inode)) { 142 rcu_read_lock(); 143 continue; 144 } 145 146 if (S_ISDIR(inode->i_mode)) { 147 struct dentry *dir = d_find_any_alias(inode); 148 if (dir) { 149 d_invalidate(dir); 150 dput(dir); 151 } 152 } else { 153 struct dentry *dentry; 154 while ((dentry = d_find_alias(inode))) { 155 d_invalidate(dentry); 156 dput(dentry); 157 } 158 } 159 iput(inode); 160 161 rcu_read_lock(); 162 } 163 rcu_read_unlock(); 164 if (old_sb) 165 deactivate_super(old_sb); 166 } 167 168 static int proc_show_options(struct seq_file *seq, struct dentry *root) 169 { 170 struct super_block *sb = root->d_sb; 171 struct pid_namespace *pid = sb->s_fs_info; 172 173 if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID)) 174 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid)); 175 if (pid->hide_pid != HIDEPID_OFF) 176 seq_printf(seq, ",hidepid=%u", pid->hide_pid); 177 178 return 0; 179 } 180 181 const struct super_operations proc_sops = { 182 .alloc_inode = proc_alloc_inode, 183 .free_inode = proc_free_inode, 184 .drop_inode = generic_delete_inode, 185 .evict_inode = proc_evict_inode, 186 .statfs = simple_statfs, 187 .show_options = proc_show_options, 188 }; 189 190 enum {BIAS = -1U<<31}; 191 192 static inline int use_pde(struct proc_dir_entry *pde) 193 { 194 return likely(atomic_inc_unless_negative(&pde->in_use)); 195 } 196 197 static void unuse_pde(struct proc_dir_entry *pde) 198 { 199 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 200 complete(pde->pde_unload_completion); 201 } 202 203 /* pde is locked on entry, unlocked on exit */ 204 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 205 __releases(&pde->pde_unload_lock) 206 { 207 /* 208 * close() (proc_reg_release()) can't delete an entry and proceed: 209 * ->release hook needs to be available at the right moment. 210 * 211 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 212 * "struct file" needs to be available at the right moment. 213 * 214 * Therefore, first process to enter this function does ->release() and 215 * signals its completion to the other process which does nothing. 216 */ 217 if (pdeo->closing) { 218 /* somebody else is doing that, just wait */ 219 DECLARE_COMPLETION_ONSTACK(c); 220 pdeo->c = &c; 221 spin_unlock(&pde->pde_unload_lock); 222 wait_for_completion(&c); 223 } else { 224 struct file *file; 225 struct completion *c; 226 227 pdeo->closing = true; 228 spin_unlock(&pde->pde_unload_lock); 229 file = pdeo->file; 230 pde->proc_ops->proc_release(file_inode(file), file); 231 spin_lock(&pde->pde_unload_lock); 232 /* After ->release. */ 233 list_del(&pdeo->lh); 234 c = pdeo->c; 235 spin_unlock(&pde->pde_unload_lock); 236 if (unlikely(c)) 237 complete(c); 238 kmem_cache_free(pde_opener_cache, pdeo); 239 } 240 } 241 242 void proc_entry_rundown(struct proc_dir_entry *de) 243 { 244 DECLARE_COMPLETION_ONSTACK(c); 245 /* Wait until all existing callers into module are done. */ 246 de->pde_unload_completion = &c; 247 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 248 wait_for_completion(&c); 249 250 /* ->pde_openers list can't grow from now on. */ 251 252 spin_lock(&de->pde_unload_lock); 253 while (!list_empty(&de->pde_openers)) { 254 struct pde_opener *pdeo; 255 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 256 close_pdeo(de, pdeo); 257 spin_lock(&de->pde_unload_lock); 258 } 259 spin_unlock(&de->pde_unload_lock); 260 } 261 262 static loff_t pde_lseek(struct proc_dir_entry *pde, struct file *file, loff_t offset, int whence) 263 { 264 typeof_member(struct proc_ops, proc_lseek) lseek; 265 266 lseek = pde->proc_ops->proc_lseek; 267 if (!lseek) 268 lseek = default_llseek; 269 return lseek(file, offset, whence); 270 } 271 272 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 273 { 274 struct proc_dir_entry *pde = PDE(file_inode(file)); 275 loff_t rv = -EINVAL; 276 277 if (pde_is_permanent(pde)) { 278 return pde_lseek(pde, file, offset, whence); 279 } else if (use_pde(pde)) { 280 rv = pde_lseek(pde, file, offset, whence); 281 unuse_pde(pde); 282 } 283 return rv; 284 } 285 286 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 287 { 288 typeof_member(struct proc_ops, proc_read) read; 289 290 read = pde->proc_ops->proc_read; 291 if (read) 292 return read(file, buf, count, ppos); 293 return -EIO; 294 } 295 296 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 297 { 298 struct proc_dir_entry *pde = PDE(file_inode(file)); 299 ssize_t rv = -EIO; 300 301 if (pde_is_permanent(pde)) { 302 return pde_read(pde, file, buf, count, ppos); 303 } else if (use_pde(pde)) { 304 rv = pde_read(pde, file, buf, count, ppos); 305 unuse_pde(pde); 306 } 307 return rv; 308 } 309 310 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 311 { 312 typeof_member(struct proc_ops, proc_write) write; 313 314 write = pde->proc_ops->proc_write; 315 if (write) 316 return write(file, buf, count, ppos); 317 return -EIO; 318 } 319 320 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 321 { 322 struct proc_dir_entry *pde = PDE(file_inode(file)); 323 ssize_t rv = -EIO; 324 325 if (pde_is_permanent(pde)) { 326 return pde_write(pde, file, buf, count, ppos); 327 } else if (use_pde(pde)) { 328 rv = pde_write(pde, file, buf, count, ppos); 329 unuse_pde(pde); 330 } 331 return rv; 332 } 333 334 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 335 { 336 typeof_member(struct proc_ops, proc_poll) poll; 337 338 poll = pde->proc_ops->proc_poll; 339 if (poll) 340 return poll(file, pts); 341 return DEFAULT_POLLMASK; 342 } 343 344 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 345 { 346 struct proc_dir_entry *pde = PDE(file_inode(file)); 347 __poll_t rv = DEFAULT_POLLMASK; 348 349 if (pde_is_permanent(pde)) { 350 return pde_poll(pde, file, pts); 351 } else if (use_pde(pde)) { 352 rv = pde_poll(pde, file, pts); 353 unuse_pde(pde); 354 } 355 return rv; 356 } 357 358 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 359 { 360 typeof_member(struct proc_ops, proc_ioctl) ioctl; 361 362 ioctl = pde->proc_ops->proc_ioctl; 363 if (ioctl) 364 return ioctl(file, cmd, arg); 365 return -ENOTTY; 366 } 367 368 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 369 { 370 struct proc_dir_entry *pde = PDE(file_inode(file)); 371 long rv = -ENOTTY; 372 373 if (pde_is_permanent(pde)) { 374 return pde_ioctl(pde, file, cmd, arg); 375 } else if (use_pde(pde)) { 376 rv = pde_ioctl(pde, file, cmd, arg); 377 unuse_pde(pde); 378 } 379 return rv; 380 } 381 382 #ifdef CONFIG_COMPAT 383 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 384 { 385 typeof_member(struct proc_ops, proc_compat_ioctl) compat_ioctl; 386 387 compat_ioctl = pde->proc_ops->proc_compat_ioctl; 388 if (compat_ioctl) 389 return compat_ioctl(file, cmd, arg); 390 return -ENOTTY; 391 } 392 393 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 394 { 395 struct proc_dir_entry *pde = PDE(file_inode(file)); 396 long rv = -ENOTTY; 397 if (pde_is_permanent(pde)) { 398 return pde_compat_ioctl(pde, file, cmd, arg); 399 } else if (use_pde(pde)) { 400 rv = pde_compat_ioctl(pde, file, cmd, arg); 401 unuse_pde(pde); 402 } 403 return rv; 404 } 405 #endif 406 407 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 408 { 409 typeof_member(struct proc_ops, proc_mmap) mmap; 410 411 mmap = pde->proc_ops->proc_mmap; 412 if (mmap) 413 return mmap(file, vma); 414 return -EIO; 415 } 416 417 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 418 { 419 struct proc_dir_entry *pde = PDE(file_inode(file)); 420 int rv = -EIO; 421 422 if (pde_is_permanent(pde)) { 423 return pde_mmap(pde, file, vma); 424 } else if (use_pde(pde)) { 425 rv = pde_mmap(pde, file, vma); 426 unuse_pde(pde); 427 } 428 return rv; 429 } 430 431 static unsigned long 432 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 433 unsigned long len, unsigned long pgoff, 434 unsigned long flags) 435 { 436 typeof_member(struct proc_ops, proc_get_unmapped_area) get_area; 437 438 get_area = pde->proc_ops->proc_get_unmapped_area; 439 #ifdef CONFIG_MMU 440 if (!get_area) 441 get_area = current->mm->get_unmapped_area; 442 #endif 443 if (get_area) 444 return get_area(file, orig_addr, len, pgoff, flags); 445 return orig_addr; 446 } 447 448 static unsigned long 449 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 450 unsigned long len, unsigned long pgoff, 451 unsigned long flags) 452 { 453 struct proc_dir_entry *pde = PDE(file_inode(file)); 454 unsigned long rv = -EIO; 455 456 if (pde_is_permanent(pde)) { 457 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 458 } else if (use_pde(pde)) { 459 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 460 unuse_pde(pde); 461 } 462 return rv; 463 } 464 465 static int proc_reg_open(struct inode *inode, struct file *file) 466 { 467 struct proc_dir_entry *pde = PDE(inode); 468 int rv = 0; 469 typeof_member(struct proc_ops, proc_open) open; 470 typeof_member(struct proc_ops, proc_release) release; 471 struct pde_opener *pdeo; 472 473 if (pde_is_permanent(pde)) { 474 open = pde->proc_ops->proc_open; 475 if (open) 476 rv = open(inode, file); 477 return rv; 478 } 479 480 /* 481 * Ensure that 482 * 1) PDE's ->release hook will be called no matter what 483 * either normally by close()/->release, or forcefully by 484 * rmmod/remove_proc_entry. 485 * 486 * 2) rmmod isn't blocked by opening file in /proc and sitting on 487 * the descriptor (including "rmmod foo </proc/foo" scenario). 488 * 489 * Save every "struct file" with custom ->release hook. 490 */ 491 if (!use_pde(pde)) 492 return -ENOENT; 493 494 release = pde->proc_ops->proc_release; 495 if (release) { 496 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 497 if (!pdeo) { 498 rv = -ENOMEM; 499 goto out_unuse; 500 } 501 } 502 503 open = pde->proc_ops->proc_open; 504 if (open) 505 rv = open(inode, file); 506 507 if (release) { 508 if (rv == 0) { 509 /* To know what to release. */ 510 pdeo->file = file; 511 pdeo->closing = false; 512 pdeo->c = NULL; 513 spin_lock(&pde->pde_unload_lock); 514 list_add(&pdeo->lh, &pde->pde_openers); 515 spin_unlock(&pde->pde_unload_lock); 516 } else 517 kmem_cache_free(pde_opener_cache, pdeo); 518 } 519 520 out_unuse: 521 unuse_pde(pde); 522 return rv; 523 } 524 525 static int proc_reg_release(struct inode *inode, struct file *file) 526 { 527 struct proc_dir_entry *pde = PDE(inode); 528 struct pde_opener *pdeo; 529 530 if (pde_is_permanent(pde)) { 531 typeof_member(struct proc_ops, proc_release) release; 532 533 release = pde->proc_ops->proc_release; 534 if (release) { 535 return release(inode, file); 536 } 537 return 0; 538 } 539 540 spin_lock(&pde->pde_unload_lock); 541 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 542 if (pdeo->file == file) { 543 close_pdeo(pde, pdeo); 544 return 0; 545 } 546 } 547 spin_unlock(&pde->pde_unload_lock); 548 return 0; 549 } 550 551 static const struct file_operations proc_reg_file_ops = { 552 .llseek = proc_reg_llseek, 553 .read = proc_reg_read, 554 .write = proc_reg_write, 555 .poll = proc_reg_poll, 556 .unlocked_ioctl = proc_reg_unlocked_ioctl, 557 #ifdef CONFIG_COMPAT 558 .compat_ioctl = proc_reg_compat_ioctl, 559 #endif 560 .mmap = proc_reg_mmap, 561 .get_unmapped_area = proc_reg_get_unmapped_area, 562 .open = proc_reg_open, 563 .release = proc_reg_release, 564 }; 565 566 #ifdef CONFIG_COMPAT 567 static const struct file_operations proc_reg_file_ops_no_compat = { 568 .llseek = proc_reg_llseek, 569 .read = proc_reg_read, 570 .write = proc_reg_write, 571 .poll = proc_reg_poll, 572 .unlocked_ioctl = proc_reg_unlocked_ioctl, 573 .mmap = proc_reg_mmap, 574 .get_unmapped_area = proc_reg_get_unmapped_area, 575 .open = proc_reg_open, 576 .release = proc_reg_release, 577 }; 578 #endif 579 580 static void proc_put_link(void *p) 581 { 582 unuse_pde(p); 583 } 584 585 static const char *proc_get_link(struct dentry *dentry, 586 struct inode *inode, 587 struct delayed_call *done) 588 { 589 struct proc_dir_entry *pde = PDE(inode); 590 if (!use_pde(pde)) 591 return ERR_PTR(-EINVAL); 592 set_delayed_call(done, proc_put_link, pde); 593 return pde->data; 594 } 595 596 const struct inode_operations proc_link_inode_operations = { 597 .get_link = proc_get_link, 598 }; 599 600 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 601 { 602 struct inode *inode = new_inode_pseudo(sb); 603 604 if (inode) { 605 inode->i_ino = de->low_ino; 606 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 607 PROC_I(inode)->pde = de; 608 609 if (is_empty_pde(de)) { 610 make_empty_dir_inode(inode); 611 return inode; 612 } 613 if (de->mode) { 614 inode->i_mode = de->mode; 615 inode->i_uid = de->uid; 616 inode->i_gid = de->gid; 617 } 618 if (de->size) 619 inode->i_size = de->size; 620 if (de->nlink) 621 set_nlink(inode, de->nlink); 622 623 if (S_ISREG(inode->i_mode)) { 624 inode->i_op = de->proc_iops; 625 inode->i_fop = &proc_reg_file_ops; 626 #ifdef CONFIG_COMPAT 627 if (!de->proc_ops->proc_compat_ioctl) { 628 inode->i_fop = &proc_reg_file_ops_no_compat; 629 } 630 #endif 631 } else if (S_ISDIR(inode->i_mode)) { 632 inode->i_op = de->proc_iops; 633 inode->i_fop = de->proc_dir_ops; 634 } else if (S_ISLNK(inode->i_mode)) { 635 inode->i_op = de->proc_iops; 636 inode->i_fop = NULL; 637 } else 638 BUG(); 639 } else 640 pde_put(de); 641 return inode; 642 } 643