1#include <linux/proc_fs.h>
2#include <linux/nsproxy.h>
3#include <linux/sched.h>
4#include <linux/ptrace.h>
5#include <linux/fs_struct.h>
6#include <linux/mount.h>
7#include <linux/path.h>
8#include <linux/namei.h>
9#include <linux/file.h>
10#include <linux/utsname.h>
11#include <net/net_namespace.h>
12#include <linux/ipc_namespace.h>
13#include <linux/pid_namespace.h>
14#include <linux/user_namespace.h>
15#include "internal.h"
16
17
18static const struct proc_ns_operations *ns_entries[] = {
19#ifdef CONFIG_NET_NS
20 &netns_operations,
21#endif
22#ifdef CONFIG_UTS_NS
23 &utsns_operations,
24#endif
25#ifdef CONFIG_IPC_NS
26 &ipcns_operations,
27#endif
28#ifdef CONFIG_PID_NS
29 &pidns_operations,
30#endif
31#ifdef CONFIG_USER_NS
32 &userns_operations,
33#endif
34 &mntns_operations,
35};
36
37static const struct file_operations ns_file_operations = {
38 .llseek = no_llseek,
39};
40
41static const struct inode_operations ns_inode_operations = {
42 .setattr = proc_setattr,
43};
44
45static char *ns_dname(struct dentry *dentry, char *buffer, int buflen)
46{
47 struct inode *inode = dentry->d_inode;
48 const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops;
49
50 return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]",
51 ns_ops->name, inode->i_ino);
52}
53
54const struct dentry_operations ns_dentry_operations =
55{
56 .d_delete = always_delete_dentry,
57 .d_dname = ns_dname,
58};
59
60static struct dentry *proc_ns_get_dentry(struct super_block *sb,
61 struct task_struct *task, const struct proc_ns_operations *ns_ops)
62{
63 struct dentry *dentry, *result;
64 struct inode *inode;
65 struct proc_inode *ei;
66 struct qstr qname = { .name = "", };
67 void *ns;
68
69 ns = ns_ops->get(task);
70 if (!ns)
71 return ERR_PTR(-ENOENT);
72
73 dentry = d_alloc_pseudo(sb, &qname);
74 if (!dentry) {
75 ns_ops->put(ns);
76 return ERR_PTR(-ENOMEM);
77 }
78
79 inode = iget_locked(sb, ns_ops->inum(ns));
80 if (!inode) {
81 dput(dentry);
82 ns_ops->put(ns);
83 return ERR_PTR(-ENOMEM);
84 }
85
86 ei = PROC_I(inode);
87 if (inode->i_state & I_NEW) {
88 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
89 inode->i_op = &ns_inode_operations;
90 inode->i_mode = S_IFREG | S_IRUGO;
91 inode->i_fop = &ns_file_operations;
92 ei->ns.ns_ops = ns_ops;
93 ei->ns.ns = ns;
94 unlock_new_inode(inode);
95 } else {
96 ns_ops->put(ns);
97 }
98
99 d_set_d_op(dentry, &ns_dentry_operations);
100 result = d_instantiate_unique(dentry, inode);
101 if (result) {
102 dput(dentry);
103 dentry = result;
104 }
105
106 return dentry;
107}
108
109static void *proc_ns_follow_link(struct dentry *dentry, struct nameidata *nd)
110{
111 struct inode *inode = dentry->d_inode;
112 struct super_block *sb = inode->i_sb;
113 struct proc_inode *ei = PROC_I(inode);
114 struct task_struct *task;
115 struct path ns_path;
116 void *error = ERR_PTR(-EACCES);
117
118 task = get_proc_task(inode);
119 if (!task)
120 goto out;
121
122 if (!ptrace_may_access(task, PTRACE_MODE_READ))
123 goto out_put_task;
124
125 ns_path.dentry = proc_ns_get_dentry(sb, task, ei->ns.ns_ops);
126 if (IS_ERR(ns_path.dentry)) {
127 error = ERR_CAST(ns_path.dentry);
128 goto out_put_task;
129 }
130
131 ns_path.mnt = mntget(nd->path.mnt);
132 nd_jump_link(nd, &ns_path);
133 error = NULL;
134
135out_put_task:
136 put_task_struct(task);
137out:
138 return error;
139}
140
141static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int buflen)
142{
143 struct inode *inode = dentry->d_inode;
144 struct proc_inode *ei = PROC_I(inode);
145 const struct proc_ns_operations *ns_ops = ei->ns.ns_ops;
146 struct task_struct *task;
147 void *ns;
148 char name[50];
149 int res = -EACCES;
150
151 task = get_proc_task(inode);
152 if (!task)
153 goto out;
154
155 if (!ptrace_may_access(task, PTRACE_MODE_READ))
156 goto out_put_task;
157
158 res = -ENOENT;
159 ns = ns_ops->get(task);
160 if (!ns)
161 goto out_put_task;
162
163 snprintf(name, sizeof(name), "%s:[%u]", ns_ops->name, ns_ops->inum(ns));
164 res = readlink_copy(buffer, buflen, name);
165 ns_ops->put(ns);
166out_put_task:
167 put_task_struct(task);
168out:
169 return res;
170}
171
172static const struct inode_operations proc_ns_link_inode_operations = {
173 .readlink = proc_ns_readlink,
174 .follow_link = proc_ns_follow_link,
175 .setattr = proc_setattr,
176};
177
178static int proc_ns_instantiate(struct inode *dir,
179 struct dentry *dentry, struct task_struct *task, const void *ptr)
180{
181 const struct proc_ns_operations *ns_ops = ptr;
182 struct inode *inode;
183 struct proc_inode *ei;
184
185 inode = proc_pid_make_inode(dir->i_sb, task);
186 if (!inode)
187 goto out;
188
189 ei = PROC_I(inode);
190 inode->i_mode = S_IFLNK|S_IRWXUGO;
191 inode->i_op = &proc_ns_link_inode_operations;
192 ei->ns.ns_ops = ns_ops;
193
194 d_set_d_op(dentry, &pid_dentry_operations);
195 d_add(dentry, inode);
196
197 if (pid_revalidate(dentry, 0))
198 return 0;
199out:
200 return -ENOENT;
201}
202
203static int proc_ns_dir_readdir(struct file *file, struct dir_context *ctx)
204{
205 struct task_struct *task = get_proc_task(file_inode(file));
206 const struct proc_ns_operations **entry, **last;
207
208 if (!task)
209 return -ENOENT;
210
211 if (!dir_emit_dots(file, ctx))
212 goto out;
213 if (ctx->pos >= 2 + ARRAY_SIZE(ns_entries))
214 goto out;
215 entry = ns_entries + (ctx->pos - 2);
216 last = &ns_entries[ARRAY_SIZE(ns_entries) - 1];
217 while (entry <= last) {
218 const struct proc_ns_operations *ops = *entry;
219 if (!proc_fill_cache(file, ctx, ops->name, strlen(ops->name),
220 proc_ns_instantiate, task, ops))
221 break;
222 ctx->pos++;
223 entry++;
224 }
225out:
226 put_task_struct(task);
227 return 0;
228}
229
230const struct file_operations proc_ns_dir_operations = {
231 .read = generic_read_dir,
232 .iterate = proc_ns_dir_readdir,
233};
234
235static struct dentry *proc_ns_dir_lookup(struct inode *dir,
236 struct dentry *dentry, unsigned int flags)
237{
238 int error;
239 struct task_struct *task = get_proc_task(dir);
240 const struct proc_ns_operations **entry, **last;
241 unsigned int len = dentry->d_name.len;
242
243 error = -ENOENT;
244
245 if (!task)
246 goto out_no_task;
247
248 last = &ns_entries[ARRAY_SIZE(ns_entries)];
249 for (entry = ns_entries; entry < last; entry++) {
250 if (strlen((*entry)->name) != len)
251 continue;
252 if (!memcmp(dentry->d_name.name, (*entry)->name, len))
253 break;
254 }
255 if (entry == last)
256 goto out;
257
258 error = proc_ns_instantiate(dir, dentry, task, *entry);
259out:
260 put_task_struct(task);
261out_no_task:
262 return ERR_PTR(error);
263}
264
265const struct inode_operations proc_ns_dir_inode_operations = {
266 .lookup = proc_ns_dir_lookup,
267 .getattr = pid_getattr,
268 .setattr = proc_setattr,
269};
270
271struct file *proc_ns_fget(int fd)
272{
273 struct file *file;
274
275 file = fget(fd);
276 if (!file)
277 return ERR_PTR(-EBADF);
278
279 if (file->f_op != &ns_file_operations)
280 goto out_invalid;
281
282 return file;
283
284out_invalid:
285 fput(file);
286 return ERR_PTR(-EINVAL);
287}
288
289struct proc_ns *get_proc_ns(struct inode *inode)
290{
291 return &PROC_I(inode)->ns;
292}
293
294bool proc_ns_inode(struct inode *inode)
295{
296 return inode->i_fop == &ns_file_operations;
297}
298
