1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/proc/net.c 4 * 5 * Copyright (C) 2007 6 * 7 * Author: Eric Biederman <ebiederm@xmission.com> 8 * 9 * proc net directory handling functions 10 */ 11 12 #include <linux/uaccess.h> 13 14 #include <linux/errno.h> 15 #include <linux/time.h> 16 #include <linux/proc_fs.h> 17 #include <linux/stat.h> 18 #include <linux/slab.h> 19 #include <linux/init.h> 20 #include <linux/sched.h> 21 #include <linux/sched/task.h> 22 #include <linux/module.h> 23 #include <linux/bitops.h> 24 #include <linux/mount.h> 25 #include <linux/nsproxy.h> 26 #include <linux/uidgid.h> 27 #include <net/net_namespace.h> 28 #include <linux/seq_file.h> 29 30 #include "internal.h" 31 32 static inline struct net *PDE_NET(struct proc_dir_entry *pde) 33 { 34 return pde->parent->data; 35 } 36 37 static struct net *get_proc_net(const struct inode *inode) 38 { 39 return maybe_get_net(PDE_NET(PDE(inode))); 40 } 41 42 static int proc_net_d_revalidate(struct dentry *dentry, unsigned int flags) 43 { 44 return 0; 45 } 46 47 static const struct dentry_operations proc_net_dentry_ops = { 48 .d_revalidate = proc_net_d_revalidate, 49 .d_delete = always_delete_dentry, 50 }; 51 52 static void pde_force_lookup(struct proc_dir_entry *pde) 53 { 54 /* /proc/net/ entries can be changed under us by setns(CLONE_NEWNET) */ 55 pde->proc_dops = &proc_net_dentry_ops; 56 } 57 58 static int seq_open_net(struct inode *inode, struct file *file) 59 { 60 unsigned int state_size = PDE(inode)->state_size; 61 struct seq_net_private *p; 62 struct net *net; 63 64 WARN_ON_ONCE(state_size < sizeof(*p)); 65 66 if (file->f_mode & FMODE_WRITE && !PDE(inode)->write) 67 return -EACCES; 68 69 net = get_proc_net(inode); 70 if (!net) 71 return -ENXIO; 72 73 p = __seq_open_private(file, PDE(inode)->seq_ops, state_size); 74 if (!p) { 75 put_net(net); 76 return -ENOMEM; 77 } 78 #ifdef CONFIG_NET_NS 79 p->net = net; 80 #endif 81 return 0; 82 } 83 84 static int seq_release_net(struct inode *ino, struct file *f) 85 { 86 struct seq_file *seq = f->private_data; 87 88 put_net(seq_file_net(seq)); 89 seq_release_private(ino, f); 90 return 0; 91 } 92 93 static const struct proc_ops proc_net_seq_ops = { 94 .proc_open = seq_open_net, 95 .proc_read = seq_read, 96 .proc_write = proc_simple_write, 97 .proc_lseek = seq_lseek, 98 .proc_release = seq_release_net, 99 }; 100 101 int bpf_iter_init_seq_net(void *priv_data, struct bpf_iter_aux_info *aux) 102 { 103 #ifdef CONFIG_NET_NS 104 struct seq_net_private *p = priv_data; 105 106 p->net = get_net(current->nsproxy->net_ns); 107 #endif 108 return 0; 109 } 110 111 void bpf_iter_fini_seq_net(void *priv_data) 112 { 113 #ifdef CONFIG_NET_NS 114 struct seq_net_private *p = priv_data; 115 116 put_net(p->net); 117 #endif 118 } 119 120 struct proc_dir_entry *proc_create_net_data(const char *name, umode_t mode, 121 struct proc_dir_entry *parent, const struct seq_operations *ops, 122 unsigned int state_size, void *data) 123 { 124 struct proc_dir_entry *p; 125 126 p = proc_create_reg(name, mode, &parent, data); 127 if (!p) 128 return NULL; 129 pde_force_lookup(p); 130 p->proc_ops = &proc_net_seq_ops; 131 p->seq_ops = ops; 132 p->state_size = state_size; 133 return proc_register(parent, p); 134 } 135 EXPORT_SYMBOL_GPL(proc_create_net_data); 136 137 /** 138 * proc_create_net_data_write - Create a writable net_ns-specific proc file 139 * @name: The name of the file. 140 * @mode: The file's access mode. 141 * @parent: The parent directory in which to create. 142 * @ops: The seq_file ops with which to read the file. 143 * @write: The write method which which to 'modify' the file. 144 * @data: Data for retrieval by PDE_DATA(). 145 * 146 * Create a network namespaced proc file in the @parent directory with the 147 * specified @name and @mode that allows reading of a file that displays a 148 * series of elements and also provides for the file accepting writes that have 149 * some arbitrary effect. 150 * 151 * The functions in the @ops table are used to iterate over items to be 152 * presented and extract the readable content using the seq_file interface. 153 * 154 * The @write function is called with the data copied into a kernel space 155 * scratch buffer and has a NUL appended for convenience. The buffer may be 156 * modified by the @write function. @write should return 0 on success. 157 * 158 * The @data value is accessible from the @show and @write functions by calling 159 * PDE_DATA() on the file inode. The network namespace must be accessed by 160 * calling seq_file_net() on the seq_file struct. 161 */ 162 struct proc_dir_entry *proc_create_net_data_write(const char *name, umode_t mode, 163 struct proc_dir_entry *parent, 164 const struct seq_operations *ops, 165 proc_write_t write, 166 unsigned int state_size, void *data) 167 { 168 struct proc_dir_entry *p; 169 170 p = proc_create_reg(name, mode, &parent, data); 171 if (!p) 172 return NULL; 173 pde_force_lookup(p); 174 p->proc_ops = &proc_net_seq_ops; 175 p->seq_ops = ops; 176 p->state_size = state_size; 177 p->write = write; 178 return proc_register(parent, p); 179 } 180 EXPORT_SYMBOL_GPL(proc_create_net_data_write); 181 182 static int single_open_net(struct inode *inode, struct file *file) 183 { 184 struct proc_dir_entry *de = PDE(inode); 185 struct net *net; 186 int err; 187 188 net = get_proc_net(inode); 189 if (!net) 190 return -ENXIO; 191 192 err = single_open(file, de->single_show, net); 193 if (err) 194 put_net(net); 195 return err; 196 } 197 198 static int single_release_net(struct inode *ino, struct file *f) 199 { 200 struct seq_file *seq = f->private_data; 201 put_net(seq->private); 202 return single_release(ino, f); 203 } 204 205 static const struct proc_ops proc_net_single_ops = { 206 .proc_open = single_open_net, 207 .proc_read = seq_read, 208 .proc_write = proc_simple_write, 209 .proc_lseek = seq_lseek, 210 .proc_release = single_release_net, 211 }; 212 213 struct proc_dir_entry *proc_create_net_single(const char *name, umode_t mode, 214 struct proc_dir_entry *parent, 215 int (*show)(struct seq_file *, void *), void *data) 216 { 217 struct proc_dir_entry *p; 218 219 p = proc_create_reg(name, mode, &parent, data); 220 if (!p) 221 return NULL; 222 pde_force_lookup(p); 223 p->proc_ops = &proc_net_single_ops; 224 p->single_show = show; 225 return proc_register(parent, p); 226 } 227 EXPORT_SYMBOL_GPL(proc_create_net_single); 228 229 /** 230 * proc_create_net_single_write - Create a writable net_ns-specific proc file 231 * @name: The name of the file. 232 * @mode: The file's access mode. 233 * @parent: The parent directory in which to create. 234 * @show: The seqfile show method with which to read the file. 235 * @write: The write method which which to 'modify' the file. 236 * @data: Data for retrieval by PDE_DATA(). 237 * 238 * Create a network-namespaced proc file in the @parent directory with the 239 * specified @name and @mode that allows reading of a file that displays a 240 * single element rather than a series and also provides for the file accepting 241 * writes that have some arbitrary effect. 242 * 243 * The @show function is called to extract the readable content via the 244 * seq_file interface. 245 * 246 * The @write function is called with the data copied into a kernel space 247 * scratch buffer and has a NUL appended for convenience. The buffer may be 248 * modified by the @write function. @write should return 0 on success. 249 * 250 * The @data value is accessible from the @show and @write functions by calling 251 * PDE_DATA() on the file inode. The network namespace must be accessed by 252 * calling seq_file_single_net() on the seq_file struct. 253 */ 254 struct proc_dir_entry *proc_create_net_single_write(const char *name, umode_t mode, 255 struct proc_dir_entry *parent, 256 int (*show)(struct seq_file *, void *), 257 proc_write_t write, 258 void *data) 259 { 260 struct proc_dir_entry *p; 261 262 p = proc_create_reg(name, mode, &parent, data); 263 if (!p) 264 return NULL; 265 pde_force_lookup(p); 266 p->proc_ops = &proc_net_single_ops; 267 p->single_show = show; 268 p->write = write; 269 return proc_register(parent, p); 270 } 271 EXPORT_SYMBOL_GPL(proc_create_net_single_write); 272 273 static struct net *get_proc_task_net(struct inode *dir) 274 { 275 struct task_struct *task; 276 struct nsproxy *ns; 277 struct net *net = NULL; 278 279 rcu_read_lock(); 280 task = pid_task(proc_pid(dir), PIDTYPE_PID); 281 if (task != NULL) { 282 task_lock(task); 283 ns = task->nsproxy; 284 if (ns != NULL) 285 net = get_net(ns->net_ns); 286 task_unlock(task); 287 } 288 rcu_read_unlock(); 289 290 return net; 291 } 292 293 static struct dentry *proc_tgid_net_lookup(struct inode *dir, 294 struct dentry *dentry, unsigned int flags) 295 { 296 struct dentry *de; 297 struct net *net; 298 299 de = ERR_PTR(-ENOENT); 300 net = get_proc_task_net(dir); 301 if (net != NULL) { 302 de = proc_lookup_de(dir, dentry, net->proc_net); 303 put_net(net); 304 } 305 return de; 306 } 307 308 static int proc_tgid_net_getattr(const struct path *path, struct kstat *stat, 309 u32 request_mask, unsigned int query_flags) 310 { 311 struct inode *inode = d_inode(path->dentry); 312 struct net *net; 313 314 net = get_proc_task_net(inode); 315 316 generic_fillattr(inode, stat); 317 318 if (net != NULL) { 319 stat->nlink = net->proc_net->nlink; 320 put_net(net); 321 } 322 323 return 0; 324 } 325 326 const struct inode_operations proc_net_inode_operations = { 327 .lookup = proc_tgid_net_lookup, 328 .getattr = proc_tgid_net_getattr, 329 }; 330 331 static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx) 332 { 333 int ret; 334 struct net *net; 335 336 ret = -EINVAL; 337 net = get_proc_task_net(file_inode(file)); 338 if (net != NULL) { 339 ret = proc_readdir_de(file, ctx, net->proc_net); 340 put_net(net); 341 } 342 return ret; 343 } 344 345 const struct file_operations proc_net_operations = { 346 .llseek = generic_file_llseek, 347 .read = generic_read_dir, 348 .iterate_shared = proc_tgid_net_readdir, 349 }; 350 351 static __net_init int proc_net_ns_init(struct net *net) 352 { 353 struct proc_dir_entry *netd, *net_statd; 354 kuid_t uid; 355 kgid_t gid; 356 int err; 357 358 err = -ENOMEM; 359 netd = kmem_cache_zalloc(proc_dir_entry_cache, GFP_KERNEL); 360 if (!netd) 361 goto out; 362 363 netd->subdir = RB_ROOT; 364 netd->data = net; 365 netd->nlink = 2; 366 netd->namelen = 3; 367 netd->parent = &proc_root; 368 netd->name = netd->inline_name; 369 memcpy(netd->name, "net", 4); 370 371 uid = make_kuid(net->user_ns, 0); 372 if (!uid_valid(uid)) 373 uid = netd->uid; 374 375 gid = make_kgid(net->user_ns, 0); 376 if (!gid_valid(gid)) 377 gid = netd->gid; 378 379 proc_set_user(netd, uid, gid); 380 381 err = -EEXIST; 382 net_statd = proc_net_mkdir(net, "stat", netd); 383 if (!net_statd) 384 goto free_net; 385 386 net->proc_net = netd; 387 net->proc_net_stat = net_statd; 388 return 0; 389 390 free_net: 391 pde_free(netd); 392 out: 393 return err; 394 } 395 396 static __net_exit void proc_net_ns_exit(struct net *net) 397 { 398 remove_proc_entry("stat", net->proc_net); 399 pde_free(net->proc_net); 400 } 401 402 static struct pernet_operations __net_initdata proc_net_ns_ops = { 403 .init = proc_net_ns_init, 404 .exit = proc_net_ns_exit, 405 }; 406 407 int __init proc_net_init(void) 408 { 409 proc_symlink("net", NULL, "self/net"); 410 411 return register_pernet_subsys(&proc_net_ns_ops); 412 } 413