77e40aae76
Pull namespace updates from Eric Biederman: "This is a bunch of small changes built against 3.16-rc6. The most significant change for users is the first patch which makes setns drmatically faster by removing unneded rcu handling. The next chunk of changes are so that "mount -o remount,.." will not allow the user namespace root to drop flags on a mount set by the system wide root. Aks this forces read-only mounts to stay read-only, no-dev mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to stay no exec and it prevents unprivileged users from messing with a mounts atime settings. I have included my test case as the last patch in this series so people performing backports can verify this change works correctly. The next change fixes a bug in NFS that was discovered while auditing nsproxy users for the first optimization. Today you can oops the kernel by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case yesterday when a build bot caught my typo. Given that no one to my knowledge bases anything on my tree fixing the typo in place seems more responsible that requiring a typo-fix to be backported as well. The last change is a small semantic cleanup introducing /proc/thread-self and pointing /proc/mounts and /proc/net at it. This prevents several kinds of problemantic corner cases. It is a user-visible change so it has a minute chance of causing regressions so the change to /proc/mounts and /proc/net are individual one line commits that can be trivially reverted. Unfortunately I lost and could not find the email of the original reporter so he is not credited. From at least one perspective this change to /proc/net is a refgression fix to allow pthread /proc/net uses that were broken by the introduction of the network namespace" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net proc: Implement /proc/thread-self to point at the directory of the current thread proc: Have net show up under /proc/<tgid>/task/<tid> NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes mnt: Add tests for unprivileged remount cases that have found to be faulty mnt: Change the default remount atime from relatime to the existing value mnt: Correct permission checks in do_remount mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount mnt: Only change user settable mount flags in remount namespaces: Use task_lock and not rcu to protect nsproxy
295 lines
7.7 KiB
C
295 lines
7.7 KiB
C
/* Internal procfs definitions
|
|
*
|
|
* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/proc_ns.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/binfmts.h>
|
|
|
|
struct ctl_table_header;
|
|
struct mempolicy;
|
|
|
|
/*
|
|
* This is not completely implemented yet. The idea is to
|
|
* create an in-memory tree (like the actual /proc filesystem
|
|
* tree) of these proc_dir_entries, so that we can dynamically
|
|
* add new files to /proc.
|
|
*
|
|
* The "next" pointer creates a linked list of one /proc directory,
|
|
* while parent/subdir create the directory structure (every
|
|
* /proc file has a parent, but "subdir" is NULL for all
|
|
* non-directory entries).
|
|
*/
|
|
struct proc_dir_entry {
|
|
unsigned int low_ino;
|
|
umode_t mode;
|
|
nlink_t nlink;
|
|
kuid_t uid;
|
|
kgid_t gid;
|
|
loff_t size;
|
|
const struct inode_operations *proc_iops;
|
|
const struct file_operations *proc_fops;
|
|
struct proc_dir_entry *next, *parent, *subdir;
|
|
void *data;
|
|
atomic_t count; /* use count */
|
|
atomic_t in_use; /* number of callers into module in progress; */
|
|
/* negative -> it's going away RSN */
|
|
struct completion *pde_unload_completion;
|
|
struct list_head pde_openers; /* who did ->open, but not ->release */
|
|
spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
|
|
u8 namelen;
|
|
char name[];
|
|
};
|
|
|
|
union proc_op {
|
|
int (*proc_get_link)(struct dentry *, struct path *);
|
|
int (*proc_show)(struct seq_file *m,
|
|
struct pid_namespace *ns, struct pid *pid,
|
|
struct task_struct *task);
|
|
};
|
|
|
|
struct proc_inode {
|
|
struct pid *pid;
|
|
int fd;
|
|
union proc_op op;
|
|
struct proc_dir_entry *pde;
|
|
struct ctl_table_header *sysctl;
|
|
struct ctl_table *sysctl_entry;
|
|
struct proc_ns ns;
|
|
struct inode vfs_inode;
|
|
};
|
|
|
|
/*
|
|
* General functions
|
|
*/
|
|
static inline struct proc_inode *PROC_I(const struct inode *inode)
|
|
{
|
|
return container_of(inode, struct proc_inode, vfs_inode);
|
|
}
|
|
|
|
static inline struct proc_dir_entry *PDE(const struct inode *inode)
|
|
{
|
|
return PROC_I(inode)->pde;
|
|
}
|
|
|
|
static inline void *__PDE_DATA(const struct inode *inode)
|
|
{
|
|
return PDE(inode)->data;
|
|
}
|
|
|
|
static inline struct pid *proc_pid(struct inode *inode)
|
|
{
|
|
return PROC_I(inode)->pid;
|
|
}
|
|
|
|
static inline struct task_struct *get_proc_task(struct inode *inode)
|
|
{
|
|
return get_pid_task(proc_pid(inode), PIDTYPE_PID);
|
|
}
|
|
|
|
static inline int task_dumpable(struct task_struct *task)
|
|
{
|
|
int dumpable = 0;
|
|
struct mm_struct *mm;
|
|
|
|
task_lock(task);
|
|
mm = task->mm;
|
|
if (mm)
|
|
dumpable = get_dumpable(mm);
|
|
task_unlock(task);
|
|
if (dumpable == SUID_DUMP_USER)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
static inline unsigned name_to_int(const struct qstr *qstr)
|
|
{
|
|
const char *name = qstr->name;
|
|
int len = qstr->len;
|
|
unsigned n = 0;
|
|
|
|
if (len > 1 && *name == '0')
|
|
goto out;
|
|
while (len-- > 0) {
|
|
unsigned c = *name++ - '0';
|
|
if (c > 9)
|
|
goto out;
|
|
if (n >= (~0U-9)/10)
|
|
goto out;
|
|
n *= 10;
|
|
n += c;
|
|
}
|
|
return n;
|
|
out:
|
|
return ~0U;
|
|
}
|
|
|
|
/*
|
|
* Offset of the first process in the /proc root directory..
|
|
*/
|
|
#define FIRST_PROCESS_ENTRY 256
|
|
|
|
/* Worst case buffer size needed for holding an integer. */
|
|
#define PROC_NUMBUF 13
|
|
|
|
/*
|
|
* array.c
|
|
*/
|
|
extern const struct file_operations proc_tid_children_operations;
|
|
|
|
extern int proc_tid_stat(struct seq_file *, struct pid_namespace *,
|
|
struct pid *, struct task_struct *);
|
|
extern int proc_tgid_stat(struct seq_file *, struct pid_namespace *,
|
|
struct pid *, struct task_struct *);
|
|
extern int proc_pid_status(struct seq_file *, struct pid_namespace *,
|
|
struct pid *, struct task_struct *);
|
|
extern int proc_pid_statm(struct seq_file *, struct pid_namespace *,
|
|
struct pid *, struct task_struct *);
|
|
|
|
/*
|
|
* base.c
|
|
*/
|
|
extern const struct dentry_operations pid_dentry_operations;
|
|
extern int pid_getattr(struct vfsmount *, struct dentry *, struct kstat *);
|
|
extern int proc_setattr(struct dentry *, struct iattr *);
|
|
extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *);
|
|
extern int pid_revalidate(struct dentry *, unsigned int);
|
|
extern int pid_delete_dentry(const struct dentry *);
|
|
extern int proc_pid_readdir(struct file *, struct dir_context *);
|
|
extern struct dentry *proc_pid_lookup(struct inode *, struct dentry *, unsigned int);
|
|
extern loff_t mem_lseek(struct file *, loff_t, int);
|
|
|
|
/* Lookups */
|
|
typedef int instantiate_t(struct inode *, struct dentry *,
|
|
struct task_struct *, const void *);
|
|
extern bool proc_fill_cache(struct file *, struct dir_context *, const char *, int,
|
|
instantiate_t, struct task_struct *, const void *);
|
|
|
|
/*
|
|
* generic.c
|
|
*/
|
|
extern struct dentry *proc_lookup(struct inode *, struct dentry *, unsigned int);
|
|
extern struct dentry *proc_lookup_de(struct proc_dir_entry *, struct inode *,
|
|
struct dentry *);
|
|
extern int proc_readdir(struct file *, struct dir_context *);
|
|
extern int proc_readdir_de(struct proc_dir_entry *, struct file *, struct dir_context *);
|
|
|
|
static inline struct proc_dir_entry *pde_get(struct proc_dir_entry *pde)
|
|
{
|
|
atomic_inc(&pde->count);
|
|
return pde;
|
|
}
|
|
extern void pde_put(struct proc_dir_entry *);
|
|
|
|
/*
|
|
* inode.c
|
|
*/
|
|
struct pde_opener {
|
|
struct file *file;
|
|
struct list_head lh;
|
|
int closing;
|
|
struct completion *c;
|
|
};
|
|
|
|
extern const struct inode_operations proc_pid_link_inode_operations;
|
|
|
|
extern void proc_init_inodecache(void);
|
|
extern struct inode *proc_get_inode(struct super_block *, struct proc_dir_entry *);
|
|
extern int proc_fill_super(struct super_block *);
|
|
extern void proc_entry_rundown(struct proc_dir_entry *);
|
|
|
|
/*
|
|
* proc_namespaces.c
|
|
*/
|
|
extern const struct inode_operations proc_ns_dir_inode_operations;
|
|
extern const struct file_operations proc_ns_dir_operations;
|
|
|
|
/*
|
|
* proc_net.c
|
|
*/
|
|
extern const struct file_operations proc_net_operations;
|
|
extern const struct inode_operations proc_net_inode_operations;
|
|
|
|
#ifdef CONFIG_NET
|
|
extern int proc_net_init(void);
|
|
#else
|
|
static inline int proc_net_init(void) { return 0; }
|
|
#endif
|
|
|
|
/*
|
|
* proc_self.c
|
|
*/
|
|
extern int proc_setup_self(struct super_block *);
|
|
|
|
/*
|
|
* proc_thread_self.c
|
|
*/
|
|
extern int proc_setup_thread_self(struct super_block *);
|
|
extern void proc_thread_self_init(void);
|
|
|
|
/*
|
|
* proc_sysctl.c
|
|
*/
|
|
#ifdef CONFIG_PROC_SYSCTL
|
|
extern int proc_sys_init(void);
|
|
extern void sysctl_head_put(struct ctl_table_header *);
|
|
#else
|
|
static inline void proc_sys_init(void) { }
|
|
static inline void sysctl_head_put(struct ctl_table_header *head) { }
|
|
#endif
|
|
|
|
/*
|
|
* proc_tty.c
|
|
*/
|
|
#ifdef CONFIG_TTY
|
|
extern void proc_tty_init(void);
|
|
#else
|
|
static inline void proc_tty_init(void) {}
|
|
#endif
|
|
|
|
/*
|
|
* root.c
|
|
*/
|
|
extern struct proc_dir_entry proc_root;
|
|
|
|
extern void proc_self_init(void);
|
|
extern int proc_remount(struct super_block *, int *, char *);
|
|
|
|
/*
|
|
* task_[no]mmu.c
|
|
*/
|
|
struct proc_maps_private {
|
|
struct pid *pid;
|
|
struct task_struct *task;
|
|
#ifdef CONFIG_MMU
|
|
struct vm_area_struct *tail_vma;
|
|
#endif
|
|
#ifdef CONFIG_NUMA
|
|
struct mempolicy *task_mempolicy;
|
|
#endif
|
|
};
|
|
|
|
extern const struct file_operations proc_pid_maps_operations;
|
|
extern const struct file_operations proc_tid_maps_operations;
|
|
extern const struct file_operations proc_pid_numa_maps_operations;
|
|
extern const struct file_operations proc_tid_numa_maps_operations;
|
|
extern const struct file_operations proc_pid_smaps_operations;
|
|
extern const struct file_operations proc_tid_smaps_operations;
|
|
extern const struct file_operations proc_clear_refs_operations;
|
|
extern const struct file_operations proc_pagemap_operations;
|
|
|
|
extern unsigned long task_vsize(struct mm_struct *);
|
|
extern unsigned long task_statm(struct mm_struct *,
|
|
unsigned long *, unsigned long *,
|
|
unsigned long *, unsigned long *);
|
|
extern void task_mem(struct seq_file *, struct mm_struct *);
|