1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/proc/inode.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/cache.h> 9 #include <linux/time.h> 10 #include <linux/proc_fs.h> 11 #include <linux/kernel.h> 12 #include <linux/pid_namespace.h> 13 #include <linux/mm.h> 14 #include <linux/string.h> 15 #include <linux/stat.h> 16 #include <linux/completion.h> 17 #include <linux/poll.h> 18 #include <linux/printk.h> 19 #include <linux/file.h> 20 #include <linux/limits.h> 21 #include <linux/init.h> 22 #include <linux/module.h> 23 #include <linux/sysctl.h> 24 #include <linux/seq_file.h> 25 #include <linux/slab.h> 26 #include <linux/mount.h> 27 #include <linux/bug.h> 28 29 #include "internal.h" 30 31 static void proc_evict_inode(struct inode *inode) 32 { 33 struct proc_dir_entry *de; 34 struct ctl_table_header *head; 35 struct proc_inode *ei = PROC_I(inode); 36 37 truncate_inode_pages_final(&inode->i_data); 38 clear_inode(inode); 39 40 /* Stop tracking associated processes */ 41 if (ei->pid) { 42 proc_pid_evict_inode(ei); 43 ei->pid = NULL; 44 } 45 46 /* Let go of any associated proc directory entry */ 47 de = ei->pde; 48 if (de) { 49 pde_put(de); 50 ei->pde = NULL; 51 } 52 53 head = ei->sysctl; 54 if (head) { 55 RCU_INIT_POINTER(ei->sysctl, NULL); 56 proc_sys_evict_inode(inode, head); 57 } 58 } 59 60 static struct kmem_cache *proc_inode_cachep __ro_after_init; 61 static struct kmem_cache *pde_opener_cache __ro_after_init; 62 63 static struct inode *proc_alloc_inode(struct super_block *sb) 64 { 65 struct proc_inode *ei; 66 67 ei = alloc_inode_sb(sb, proc_inode_cachep, GFP_KERNEL); 68 if (!ei) 69 return NULL; 70 ei->pid = NULL; 71 ei->fd = 0; 72 ei->op.proc_get_link = NULL; 73 ei->pde = NULL; 74 ei->sysctl = NULL; 75 ei->sysctl_entry = NULL; 76 INIT_HLIST_NODE(&ei->sibling_inodes); 77 ei->ns_ops = NULL; 78 return &ei->vfs_inode; 79 } 80 81 static void proc_free_inode(struct inode *inode) 82 { 83 kmem_cache_free(proc_inode_cachep, PROC_I(inode)); 84 } 85 86 static void init_once(void *foo) 87 { 88 struct proc_inode *ei = (struct proc_inode *) foo; 89 90 inode_init_once(&ei->vfs_inode); 91 } 92 93 void __init proc_init_kmemcache(void) 94 { 95 proc_inode_cachep = kmem_cache_create("proc_inode_cache", 96 sizeof(struct proc_inode), 97 0, (SLAB_RECLAIM_ACCOUNT| 98 SLAB_MEM_SPREAD|SLAB_ACCOUNT| 99 SLAB_PANIC), 100 init_once); 101 pde_opener_cache = 102 kmem_cache_create("pde_opener", sizeof(struct pde_opener), 0, 103 SLAB_ACCOUNT|SLAB_PANIC, NULL); 104 proc_dir_entry_cache = kmem_cache_create_usercopy( 105 "proc_dir_entry", SIZEOF_PDE, 0, SLAB_PANIC, 106 offsetof(struct proc_dir_entry, inline_name), 107 SIZEOF_PDE_INLINE_NAME, NULL); 108 BUILD_BUG_ON(sizeof(struct proc_dir_entry) >= SIZEOF_PDE); 109 } 110 111 void proc_invalidate_siblings_dcache(struct hlist_head *inodes, spinlock_t *lock) 112 { 113 struct inode *inode; 114 struct proc_inode *ei; 115 struct hlist_node *node; 116 struct super_block *old_sb = NULL; 117 118 rcu_read_lock(); 119 for (;;) { 120 struct super_block *sb; 121 node = hlist_first_rcu(inodes); 122 if (!node) 123 break; 124 ei = hlist_entry(node, struct proc_inode, sibling_inodes); 125 spin_lock(lock); 126 hlist_del_init_rcu(&ei->sibling_inodes); 127 spin_unlock(lock); 128 129 inode = &ei->vfs_inode; 130 sb = inode->i_sb; 131 if ((sb != old_sb) && !atomic_inc_not_zero(&sb->s_active)) 132 continue; 133 inode = igrab(inode); 134 rcu_read_unlock(); 135 if (sb != old_sb) { 136 if (old_sb) 137 deactivate_super(old_sb); 138 old_sb = sb; 139 } 140 if (unlikely(!inode)) { 141 rcu_read_lock(); 142 continue; 143 } 144 145 if (S_ISDIR(inode->i_mode)) { 146 struct dentry *dir = d_find_any_alias(inode); 147 if (dir) { 148 d_invalidate(dir); 149 dput(dir); 150 } 151 } else { 152 struct dentry *dentry; 153 while ((dentry = d_find_alias(inode))) { 154 d_invalidate(dentry); 155 dput(dentry); 156 } 157 } 158 iput(inode); 159 160 rcu_read_lock(); 161 } 162 rcu_read_unlock(); 163 if (old_sb) 164 deactivate_super(old_sb); 165 } 166 167 static inline const char *hidepid2str(enum proc_hidepid v) 168 { 169 switch (v) { 170 case HIDEPID_OFF: return "off"; 171 case HIDEPID_NO_ACCESS: return "noaccess"; 172 case HIDEPID_INVISIBLE: return "invisible"; 173 case HIDEPID_NOT_PTRACEABLE: return "ptraceable"; 174 } 175 WARN_ONCE(1, "bad hide_pid value: %d\n", v); 176 return "unknown"; 177 } 178 179 static int proc_show_options(struct seq_file *seq, struct dentry *root) 180 { 181 struct proc_fs_info *fs_info = proc_sb_info(root->d_sb); 182 183 if (!gid_eq(fs_info->pid_gid, GLOBAL_ROOT_GID)) 184 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); 185 if (fs_info->hide_pid != HIDEPID_OFF) 186 seq_printf(seq, ",hidepid=%s", hidepid2str(fs_info->hide_pid)); 187 if (fs_info->pidonly != PROC_PIDONLY_OFF) 188 seq_printf(seq, ",subset=pid"); 189 190 return 0; 191 } 192 193 const struct super_operations proc_sops = { 194 .alloc_inode = proc_alloc_inode, 195 .free_inode = proc_free_inode, 196 .drop_inode = generic_delete_inode, 197 .evict_inode = proc_evict_inode, 198 .statfs = simple_statfs, 199 .show_options = proc_show_options, 200 }; 201 202 enum {BIAS = -1U<<31}; 203 204 static inline int use_pde(struct proc_dir_entry *pde) 205 { 206 return likely(atomic_inc_unless_negative(&pde->in_use)); 207 } 208 209 static void unuse_pde(struct proc_dir_entry *pde) 210 { 211 if (unlikely(atomic_dec_return(&pde->in_use) == BIAS)) 212 complete(pde->pde_unload_completion); 213 } 214 215 /* pde is locked on entry, unlocked on exit */ 216 static void close_pdeo(struct proc_dir_entry *pde, struct pde_opener *pdeo) 217 __releases(&pde->pde_unload_lock) 218 { 219 /* 220 * close() (proc_reg_release()) can't delete an entry and proceed: 221 * ->release hook needs to be available at the right moment. 222 * 223 * rmmod (remove_proc_entry() et al) can't delete an entry and proceed: 224 * "struct file" needs to be available at the right moment. 225 * 226 * Therefore, first process to enter this function does ->release() and 227 * signals its completion to the other process which does nothing. 228 */ 229 if (pdeo->closing) { 230 /* somebody else is doing that, just wait */ 231 DECLARE_COMPLETION_ONSTACK(c); 232 pdeo->c = &c; 233 spin_unlock(&pde->pde_unload_lock); 234 wait_for_completion(&c); 235 } else { 236 struct file *file; 237 struct completion *c; 238 239 pdeo->closing = true; 240 spin_unlock(&pde->pde_unload_lock); 241 file = pdeo->file; 242 pde->proc_ops->proc_release(file_inode(file), file); 243 spin_lock(&pde->pde_unload_lock); 244 /* After ->release. */ 245 list_del(&pdeo->lh); 246 c = pdeo->c; 247 spin_unlock(&pde->pde_unload_lock); 248 if (unlikely(c)) 249 complete(c); 250 kmem_cache_free(pde_opener_cache, pdeo); 251 } 252 } 253 254 void proc_entry_rundown(struct proc_dir_entry *de) 255 { 256 DECLARE_COMPLETION_ONSTACK(c); 257 /* Wait until all existing callers into module are done. */ 258 de->pde_unload_completion = &c; 259 if (atomic_add_return(BIAS, &de->in_use) != BIAS) 260 wait_for_completion(&c); 261 262 /* ->pde_openers list can't grow from now on. */ 263 264 spin_lock(&de->pde_unload_lock); 265 while (!list_empty(&de->pde_openers)) { 266 struct pde_opener *pdeo; 267 pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); 268 close_pdeo(de, pdeo); 269 spin_lock(&de->pde_unload_lock); 270 } 271 spin_unlock(&de->pde_unload_lock); 272 } 273 274 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) 275 { 276 struct proc_dir_entry *pde = PDE(file_inode(file)); 277 loff_t rv = -EINVAL; 278 279 if (pde_is_permanent(pde)) { 280 return pde->proc_ops->proc_lseek(file, offset, whence); 281 } else if (use_pde(pde)) { 282 rv = pde->proc_ops->proc_lseek(file, offset, whence); 283 unuse_pde(pde); 284 } 285 return rv; 286 } 287 288 static ssize_t proc_reg_read_iter(struct kiocb *iocb, struct iov_iter *iter) 289 { 290 struct proc_dir_entry *pde = PDE(file_inode(iocb->ki_filp)); 291 ssize_t ret; 292 293 if (pde_is_permanent(pde)) 294 return pde->proc_ops->proc_read_iter(iocb, iter); 295 296 if (!use_pde(pde)) 297 return -EIO; 298 ret = pde->proc_ops->proc_read_iter(iocb, iter); 299 unuse_pde(pde); 300 return ret; 301 } 302 303 static ssize_t pde_read(struct proc_dir_entry *pde, struct file *file, char __user *buf, size_t count, loff_t *ppos) 304 { 305 typeof_member(struct proc_ops, proc_read) read; 306 307 read = pde->proc_ops->proc_read; 308 if (read) 309 return read(file, buf, count, ppos); 310 return -EIO; 311 } 312 313 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) 314 { 315 struct proc_dir_entry *pde = PDE(file_inode(file)); 316 ssize_t rv = -EIO; 317 318 if (pde_is_permanent(pde)) { 319 return pde_read(pde, file, buf, count, ppos); 320 } else if (use_pde(pde)) { 321 rv = pde_read(pde, file, buf, count, ppos); 322 unuse_pde(pde); 323 } 324 return rv; 325 } 326 327 static ssize_t pde_write(struct proc_dir_entry *pde, struct file *file, const char __user *buf, size_t count, loff_t *ppos) 328 { 329 typeof_member(struct proc_ops, proc_write) write; 330 331 write = pde->proc_ops->proc_write; 332 if (write) 333 return write(file, buf, count, ppos); 334 return -EIO; 335 } 336 337 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) 338 { 339 struct proc_dir_entry *pde = PDE(file_inode(file)); 340 ssize_t rv = -EIO; 341 342 if (pde_is_permanent(pde)) { 343 return pde_write(pde, file, buf, count, ppos); 344 } else if (use_pde(pde)) { 345 rv = pde_write(pde, file, buf, count, ppos); 346 unuse_pde(pde); 347 } 348 return rv; 349 } 350 351 static __poll_t pde_poll(struct proc_dir_entry *pde, struct file *file, struct poll_table_struct *pts) 352 { 353 typeof_member(struct proc_ops, proc_poll) poll; 354 355 poll = pde->proc_ops->proc_poll; 356 if (poll) 357 return poll(file, pts); 358 return DEFAULT_POLLMASK; 359 } 360 361 static __poll_t proc_reg_poll(struct file *file, struct poll_table_struct *pts) 362 { 363 struct proc_dir_entry *pde = PDE(file_inode(file)); 364 __poll_t rv = DEFAULT_POLLMASK; 365 366 if (pde_is_permanent(pde)) { 367 return pde_poll(pde, file, pts); 368 } else if (use_pde(pde)) { 369 rv = pde_poll(pde, file, pts); 370 unuse_pde(pde); 371 } 372 return rv; 373 } 374 375 static long pde_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 376 { 377 typeof_member(struct proc_ops, proc_ioctl) ioctl; 378 379 ioctl = pde->proc_ops->proc_ioctl; 380 if (ioctl) 381 return ioctl(file, cmd, arg); 382 return -ENOTTY; 383 } 384 385 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 386 { 387 struct proc_dir_entry *pde = PDE(file_inode(file)); 388 long rv = -ENOTTY; 389 390 if (pde_is_permanent(pde)) { 391 return pde_ioctl(pde, file, cmd, arg); 392 } else if (use_pde(pde)) { 393 rv = pde_ioctl(pde, file, cmd, arg); 394 unuse_pde(pde); 395 } 396 return rv; 397 } 398 399 #ifdef CONFIG_COMPAT 400 static long pde_compat_ioctl(struct proc_dir_entry *pde, struct file *file, unsigned int cmd, unsigned long arg) 401 { 402 typeof_member(struct proc_ops, proc_compat_ioctl) compat_ioctl; 403 404 compat_ioctl = pde->proc_ops->proc_compat_ioctl; 405 if (compat_ioctl) 406 return compat_ioctl(file, cmd, arg); 407 return -ENOTTY; 408 } 409 410 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 411 { 412 struct proc_dir_entry *pde = PDE(file_inode(file)); 413 long rv = -ENOTTY; 414 if (pde_is_permanent(pde)) { 415 return pde_compat_ioctl(pde, file, cmd, arg); 416 } else if (use_pde(pde)) { 417 rv = pde_compat_ioctl(pde, file, cmd, arg); 418 unuse_pde(pde); 419 } 420 return rv; 421 } 422 #endif 423 424 static int pde_mmap(struct proc_dir_entry *pde, struct file *file, struct vm_area_struct *vma) 425 { 426 typeof_member(struct proc_ops, proc_mmap) mmap; 427 428 mmap = pde->proc_ops->proc_mmap; 429 if (mmap) 430 return mmap(file, vma); 431 return -EIO; 432 } 433 434 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) 435 { 436 struct proc_dir_entry *pde = PDE(file_inode(file)); 437 int rv = -EIO; 438 439 if (pde_is_permanent(pde)) { 440 return pde_mmap(pde, file, vma); 441 } else if (use_pde(pde)) { 442 rv = pde_mmap(pde, file, vma); 443 unuse_pde(pde); 444 } 445 return rv; 446 } 447 448 static unsigned long 449 pde_get_unmapped_area(struct proc_dir_entry *pde, struct file *file, unsigned long orig_addr, 450 unsigned long len, unsigned long pgoff, 451 unsigned long flags) 452 { 453 typeof_member(struct proc_ops, proc_get_unmapped_area) get_area; 454 455 get_area = pde->proc_ops->proc_get_unmapped_area; 456 #ifdef CONFIG_MMU 457 if (!get_area) 458 get_area = current->mm->get_unmapped_area; 459 #endif 460 if (get_area) 461 return get_area(file, orig_addr, len, pgoff, flags); 462 return orig_addr; 463 } 464 465 static unsigned long 466 proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, 467 unsigned long len, unsigned long pgoff, 468 unsigned long flags) 469 { 470 struct proc_dir_entry *pde = PDE(file_inode(file)); 471 unsigned long rv = -EIO; 472 473 if (pde_is_permanent(pde)) { 474 return pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 475 } else if (use_pde(pde)) { 476 rv = pde_get_unmapped_area(pde, file, orig_addr, len, pgoff, flags); 477 unuse_pde(pde); 478 } 479 return rv; 480 } 481 482 static int proc_reg_open(struct inode *inode, struct file *file) 483 { 484 struct proc_dir_entry *pde = PDE(inode); 485 int rv = 0; 486 typeof_member(struct proc_ops, proc_open) open; 487 typeof_member(struct proc_ops, proc_release) release; 488 struct pde_opener *pdeo; 489 490 if (pde_is_permanent(pde)) { 491 open = pde->proc_ops->proc_open; 492 if (open) 493 rv = open(inode, file); 494 return rv; 495 } 496 497 /* 498 * Ensure that 499 * 1) PDE's ->release hook will be called no matter what 500 * either normally by close()/->release, or forcefully by 501 * rmmod/remove_proc_entry. 502 * 503 * 2) rmmod isn't blocked by opening file in /proc and sitting on 504 * the descriptor (including "rmmod foo </proc/foo" scenario). 505 * 506 * Save every "struct file" with custom ->release hook. 507 */ 508 if (!use_pde(pde)) 509 return -ENOENT; 510 511 release = pde->proc_ops->proc_release; 512 if (release) { 513 pdeo = kmem_cache_alloc(pde_opener_cache, GFP_KERNEL); 514 if (!pdeo) { 515 rv = -ENOMEM; 516 goto out_unuse; 517 } 518 } 519 520 open = pde->proc_ops->proc_open; 521 if (open) 522 rv = open(inode, file); 523 524 if (release) { 525 if (rv == 0) { 526 /* To know what to release. */ 527 pdeo->file = file; 528 pdeo->closing = false; 529 pdeo->c = NULL; 530 spin_lock(&pde->pde_unload_lock); 531 list_add(&pdeo->lh, &pde->pde_openers); 532 spin_unlock(&pde->pde_unload_lock); 533 } else 534 kmem_cache_free(pde_opener_cache, pdeo); 535 } 536 537 out_unuse: 538 unuse_pde(pde); 539 return rv; 540 } 541 542 static int proc_reg_release(struct inode *inode, struct file *file) 543 { 544 struct proc_dir_entry *pde = PDE(inode); 545 struct pde_opener *pdeo; 546 547 if (pde_is_permanent(pde)) { 548 typeof_member(struct proc_ops, proc_release) release; 549 550 release = pde->proc_ops->proc_release; 551 if (release) { 552 return release(inode, file); 553 } 554 return 0; 555 } 556 557 spin_lock(&pde->pde_unload_lock); 558 list_for_each_entry(pdeo, &pde->pde_openers, lh) { 559 if (pdeo->file == file) { 560 close_pdeo(pde, pdeo); 561 return 0; 562 } 563 } 564 spin_unlock(&pde->pde_unload_lock); 565 return 0; 566 } 567 568 static const struct file_operations proc_reg_file_ops = { 569 .llseek = proc_reg_llseek, 570 .read = proc_reg_read, 571 .write = proc_reg_write, 572 .poll = proc_reg_poll, 573 .unlocked_ioctl = proc_reg_unlocked_ioctl, 574 .mmap = proc_reg_mmap, 575 .get_unmapped_area = proc_reg_get_unmapped_area, 576 .open = proc_reg_open, 577 .release = proc_reg_release, 578 }; 579 580 static const struct file_operations proc_iter_file_ops = { 581 .llseek = proc_reg_llseek, 582 .read_iter = proc_reg_read_iter, 583 .write = proc_reg_write, 584 .splice_read = generic_file_splice_read, 585 .poll = proc_reg_poll, 586 .unlocked_ioctl = proc_reg_unlocked_ioctl, 587 .mmap = proc_reg_mmap, 588 .get_unmapped_area = proc_reg_get_unmapped_area, 589 .open = proc_reg_open, 590 .release = proc_reg_release, 591 }; 592 593 #ifdef CONFIG_COMPAT 594 static const struct file_operations proc_reg_file_ops_compat = { 595 .llseek = proc_reg_llseek, 596 .read = proc_reg_read, 597 .write = proc_reg_write, 598 .poll = proc_reg_poll, 599 .unlocked_ioctl = proc_reg_unlocked_ioctl, 600 .compat_ioctl = proc_reg_compat_ioctl, 601 .mmap = proc_reg_mmap, 602 .get_unmapped_area = proc_reg_get_unmapped_area, 603 .open = proc_reg_open, 604 .release = proc_reg_release, 605 }; 606 607 static const struct file_operations proc_iter_file_ops_compat = { 608 .llseek = proc_reg_llseek, 609 .read_iter = proc_reg_read_iter, 610 .splice_read = generic_file_splice_read, 611 .write = proc_reg_write, 612 .poll = proc_reg_poll, 613 .unlocked_ioctl = proc_reg_unlocked_ioctl, 614 .compat_ioctl = proc_reg_compat_ioctl, 615 .mmap = proc_reg_mmap, 616 .get_unmapped_area = proc_reg_get_unmapped_area, 617 .open = proc_reg_open, 618 .release = proc_reg_release, 619 }; 620 #endif 621 622 static void proc_put_link(void *p) 623 { 624 unuse_pde(p); 625 } 626 627 static const char *proc_get_link(struct dentry *dentry, 628 struct inode *inode, 629 struct delayed_call *done) 630 { 631 struct proc_dir_entry *pde = PDE(inode); 632 if (!use_pde(pde)) 633 return ERR_PTR(-EINVAL); 634 set_delayed_call(done, proc_put_link, pde); 635 return pde->data; 636 } 637 638 const struct inode_operations proc_link_inode_operations = { 639 .get_link = proc_get_link, 640 }; 641 642 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) 643 { 644 struct inode *inode = new_inode(sb); 645 646 if (!inode) { 647 pde_put(de); 648 return NULL; 649 } 650 651 inode->i_private = de->data; 652 inode->i_ino = de->low_ino; 653 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 654 PROC_I(inode)->pde = de; 655 if (is_empty_pde(de)) { 656 make_empty_dir_inode(inode); 657 return inode; 658 } 659 660 if (de->mode) { 661 inode->i_mode = de->mode; 662 inode->i_uid = de->uid; 663 inode->i_gid = de->gid; 664 } 665 if (de->size) 666 inode->i_size = de->size; 667 if (de->nlink) 668 set_nlink(inode, de->nlink); 669 670 if (S_ISREG(inode->i_mode)) { 671 inode->i_op = de->proc_iops; 672 if (de->proc_ops->proc_read_iter) 673 inode->i_fop = &proc_iter_file_ops; 674 else 675 inode->i_fop = &proc_reg_file_ops; 676 #ifdef CONFIG_COMPAT 677 if (de->proc_ops->proc_compat_ioctl) { 678 if (de->proc_ops->proc_read_iter) 679 inode->i_fop = &proc_iter_file_ops_compat; 680 else 681 inode->i_fop = &proc_reg_file_ops_compat; 682 } 683 #endif 684 } else if (S_ISDIR(inode->i_mode)) { 685 inode->i_op = de->proc_iops; 686 inode->i_fop = de->proc_dir_ops; 687 } else if (S_ISLNK(inode->i_mode)) { 688 inode->i_op = de->proc_iops; 689 inode->i_fop = NULL; 690 } else { 691 BUG(); 692 } 693 return inode; 694 } 695