search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 6.14-rc1
[linux-stable.git] / fs / proc / proc_net.c
blob52f0b75cbce2caa3b010b18f8fcc18d995ea2b0e
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/fs/proc/net.c
4 *
5 * Copyright (C) 2007
6 *
7 * Author: Eric Biederman <ebiederm@xmission.com>
8 *
9 * proc net directory handling functions
10 */
11 #include <linux/errno.h>
12 #include <linux/time.h>
13 #include <linux/proc_fs.h>
14 #include <linux/stat.h>
15 #include <linux/slab.h>
16 #include <linux/init.h>
17 #include <linux/sched.h>
18 #include <linux/sched/task.h>
19 #include <linux/module.h>
20 #include <linux/bitops.h>
21 #include <linux/mount.h>
22 #include <linux/nsproxy.h>
23 #include <linux/uidgid.h>
24 #include <net/net_namespace.h>
25 #include <linux/seq_file.h>
26
27 #include "internal.h"
28
29 static inline struct net *PDE_NET(struct proc_dir_entry *pde)
30 {
31 return pde->parent->data;
32 }
33
34 static struct net *get_proc_net(const struct inode *inode)
35 {
36 return maybe_get_net(PDE_NET(PDE(inode)));
37 }
38
39 static int seq_open_net(struct inode *inode, struct file *file)
40 {
41 unsigned int state_size = PDE(inode)->state_size;
42 struct seq_net_private *p;
43 struct net *net;
44
45 WARN_ON_ONCE(state_size < sizeof(*p));
46
47 if (file->f_mode & FMODE_WRITE && !PDE(inode)->write)
48 return -EACCES;
49
50 net = get_proc_net(inode);
51 if (!net)
52 return -ENXIO;
53
54 p = __seq_open_private(file, PDE(inode)->seq_ops, state_size);
55 if (!p) {
56 put_net(net);
57 return -ENOMEM;
58 }
59 #ifdef CONFIG_NET_NS
60 p->net = net;
61 netns_tracker_alloc(net, &p->ns_tracker, GFP_KERNEL);
62 #endif
63 return 0;
64 }
65
66 static void seq_file_net_put_net(struct seq_file *seq)
67 {
68 #ifdef CONFIG_NET_NS
69 struct seq_net_private *priv = seq->private;
70
71 put_net_track(priv->net, &priv->ns_tracker);
72 #else
73 put_net(&init_net);
74 #endif
75 }
76
77 static int seq_release_net(struct inode *ino, struct file *f)
78 {
79 struct seq_file *seq = f->private_data;
80
81 seq_file_net_put_net(seq);
82 seq_release_private(ino, f);
83 return 0;
84 }
85
86 static const struct proc_ops proc_net_seq_ops = {
87 .proc_open = seq_open_net,
88 .proc_read = seq_read,
89 .proc_write = proc_simple_write,
90 .proc_lseek = seq_lseek,
91 .proc_release = seq_release_net,
92 };
93
94 int bpf_iter_init_seq_net(void *priv_data, struct bpf_iter_aux_info *aux)
95 {
96 #ifdef CONFIG_NET_NS
97 struct seq_net_private *p = priv_data;
98
99 p->net = get_net_track(current->nsproxy->net_ns, &p->ns_tracker,
100 GFP_KERNEL);
101 #endif
102 return 0;
103 }
104
105 void bpf_iter_fini_seq_net(void *priv_data)
106 {
107 #ifdef CONFIG_NET_NS
108 struct seq_net_private *p = priv_data;
109
110 put_net_track(p->net, &p->ns_tracker);
111 #endif
112 }
113
114 struct proc_dir_entry *proc_create_net_data(const char *name, umode_t mode,
115 struct proc_dir_entry *parent, const struct seq_operations *ops,
116 unsigned int state_size, void *data)
117 {
118 struct proc_dir_entry *p;
119
120 p = proc_create_reg(name, mode, &parent, data);
121 if (!p)
122 return NULL;
123 pde_force_lookup(p);
124 p->proc_ops = &proc_net_seq_ops;
125 p->seq_ops = ops;
126 p->state_size = state_size;
127 return proc_register(parent, p);
128 }
129 EXPORT_SYMBOL_GPL(proc_create_net_data);
130
131 /**
132 * proc_create_net_data_write - Create a writable net_ns-specific proc file
133 * @name: The name of the file.
134 * @mode: The file's access mode.
135 * @parent: The parent directory in which to create.
136 * @ops: The seq_file ops with which to read the file.
137 * @write: The write method with which to 'modify' the file.
138 * @state_size: The size of the per-file private state to allocate.
139 * @data: Data for retrieval by pde_data().
140 *
141 * Create a network namespaced proc file in the @parent directory with the
142 * specified @name and @mode that allows reading of a file that displays a
143 * series of elements and also provides for the file accepting writes that have
144 * some arbitrary effect.
145 *
146 * The functions in the @ops table are used to iterate over items to be
147 * presented and extract the readable content using the seq_file interface.
148 *
149 * The @write function is called with the data copied into a kernel space
150 * scratch buffer and has a NUL appended for convenience. The buffer may be
151 * modified by the @write function. @write should return 0 on success.
152 *
153 * The @data value is accessible from the @show and @write functions by calling
154 * pde_data() on the file inode. The network namespace must be accessed by
155 * calling seq_file_net() on the seq_file struct.
156 */
157 struct proc_dir_entry *proc_create_net_data_write(const char *name, umode_t mode,
158 struct proc_dir_entry *parent,
159 const struct seq_operations *ops,
160 proc_write_t write,
161 unsigned int state_size, void *data)
162 {
163 struct proc_dir_entry *p;
164
165 p = proc_create_reg(name, mode, &parent, data);
166 if (!p)
167 return NULL;
168 pde_force_lookup(p);
169 p->proc_ops = &proc_net_seq_ops;
170 p->seq_ops = ops;
171 p->state_size = state_size;
172 p->write = write;
173 return proc_register(parent, p);
174 }
175 EXPORT_SYMBOL_GPL(proc_create_net_data_write);
176
177 static int single_open_net(struct inode *inode, struct file *file)
178 {
179 struct proc_dir_entry *de = PDE(inode);
180 struct net *net;
181 int err;
182
183 net = get_proc_net(inode);
184 if (!net)
185 return -ENXIO;
186
187 err = single_open(file, de->single_show, net);
188 if (err)
189 put_net(net);
190 return err;
191 }
192
193 static int single_release_net(struct inode *ino, struct file *f)
194 {
195 struct seq_file *seq = f->private_data;
196 put_net(seq->private);
197 return single_release(ino, f);
198 }
199
200 static const struct proc_ops proc_net_single_ops = {
201 .proc_open = single_open_net,
202 .proc_read = seq_read,
203 .proc_write = proc_simple_write,
204 .proc_lseek = seq_lseek,
205 .proc_release = single_release_net,
206 };
207
208 struct proc_dir_entry *proc_create_net_single(const char *name, umode_t mode,
209 struct proc_dir_entry *parent,
210 int (*show)(struct seq_file *, void *), void *data)
211 {
212 struct proc_dir_entry *p;
213
214 p = proc_create_reg(name, mode, &parent, data);
215 if (!p)
216 return NULL;
217 pde_force_lookup(p);
218 p->proc_ops = &proc_net_single_ops;
219 p->single_show = show;
220 return proc_register(parent, p);
221 }
222 EXPORT_SYMBOL_GPL(proc_create_net_single);
223
224 /**
225 * proc_create_net_single_write - Create a writable net_ns-specific proc file
226 * @name: The name of the file.
227 * @mode: The file's access mode.
228 * @parent: The parent directory in which to create.
229 * @show: The seqfile show method with which to read the file.
230 * @write: The write method with which to 'modify' the file.
231 * @data: Data for retrieval by pde_data().
232 *
233 * Create a network-namespaced proc file in the @parent directory with the
234 * specified @name and @mode that allows reading of a file that displays a
235 * single element rather than a series and also provides for the file accepting
236 * writes that have some arbitrary effect.
237 *
238 * The @show function is called to extract the readable content via the
239 * seq_file interface.
240 *
241 * The @write function is called with the data copied into a kernel space
242 * scratch buffer and has a NUL appended for convenience. The buffer may be
243 * modified by the @write function. @write should return 0 on success.
244 *
245 * The @data value is accessible from the @show and @write functions by calling
246 * pde_data() on the file inode. The network namespace must be accessed by
247 * calling seq_file_single_net() on the seq_file struct.
248 */
249 struct proc_dir_entry *proc_create_net_single_write(const char *name, umode_t mode,
250 struct proc_dir_entry *parent,
251 int (*show)(struct seq_file *, void *),
252 proc_write_t write,
253 void *data)
254 {
255 struct proc_dir_entry *p;
256
257 p = proc_create_reg(name, mode, &parent, data);
258 if (!p)
259 return NULL;
260 pde_force_lookup(p);
261 p->proc_ops = &proc_net_single_ops;
262 p->single_show = show;
263 p->write = write;
264 return proc_register(parent, p);
265 }
266 EXPORT_SYMBOL_GPL(proc_create_net_single_write);
267
268 static struct net *get_proc_task_net(struct inode *dir)
269 {
270 struct task_struct *task;
271 struct nsproxy *ns;
272 struct net *net = NULL;
273
274 rcu_read_lock();
275 task = pid_task(proc_pid(dir), PIDTYPE_PID);
276 if (task != NULL) {
277 task_lock(task);
278 ns = task->nsproxy;
279 if (ns != NULL)
280 net = get_net(ns->net_ns);
281 task_unlock(task);
282 }
283 rcu_read_unlock();
284
285 return net;
286 }
287
288 static struct dentry *proc_tgid_net_lookup(struct inode *dir,
289 struct dentry *dentry, unsigned int flags)
290 {
291 struct dentry *de;
292 struct net *net;
293
294 de = ERR_PTR(-ENOENT);
295 net = get_proc_task_net(dir);
296 if (net != NULL) {
297 de = proc_lookup_de(dir, dentry, net->proc_net);
298 put_net(net);
299 }
300 return de;
301 }
302
303 static int proc_tgid_net_getattr(struct mnt_idmap *idmap,
304 const struct path *path, struct kstat *stat,
305 u32 request_mask, unsigned int query_flags)
306 {
307 struct inode *inode = d_inode(path->dentry);
308 struct net *net;
309
310 net = get_proc_task_net(inode);
311
312 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
313
314 if (net != NULL) {
315 stat->nlink = net->proc_net->nlink;
316 put_net(net);
317 }
318
319 return 0;
320 }
321
322 const struct inode_operations proc_net_inode_operations = {
323 .lookup = proc_tgid_net_lookup,
324 .getattr = proc_tgid_net_getattr,
325 .setattr = proc_setattr,
326 };
327
328 static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx)
329 {
330 int ret;
331 struct net *net;
332
333 ret = -EINVAL;
334 net = get_proc_task_net(file_inode(file));
335 if (net != NULL) {
336 ret = proc_readdir_de(file, ctx, net->proc_net);
337 put_net(net);
338 }
339 return ret;
340 }
341
342 const struct file_operations proc_net_operations = {
343 .llseek = generic_file_llseek,
344 .read = generic_read_dir,
345 .iterate_shared = proc_tgid_net_readdir,
346 };
347
348 static __net_init int proc_net_ns_init(struct net *net)
349 {
350 struct proc_dir_entry *netd, *net_statd;
351 kuid_t uid;
352 kgid_t gid;
353 int err;
354
355 /*
356 * This PDE acts only as an anchor for /proc/${pid}/net hierarchy.
357 * Corresponding inode (PDE(inode) == net->proc_net) is never
358 * instantiated therefore blanket zeroing is fine.
359 * net->proc_net_stat inode is instantiated normally.
360 */
361 err = -ENOMEM;
362 netd = kmem_cache_zalloc(proc_dir_entry_cache, GFP_KERNEL);
363 if (!netd)
364 goto out;
365
366 netd->subdir = RB_ROOT;
367 netd->data = net;
368 netd->nlink = 2;
369 netd->namelen = 3;
370 netd->parent = &proc_root;
371 netd->name = netd->inline_name;
372 memcpy(netd->name, "net", 4);
373
374 uid = make_kuid(net->user_ns, 0);
375 if (!uid_valid(uid))
376 uid = netd->uid;
377
378 gid = make_kgid(net->user_ns, 0);
379 if (!gid_valid(gid))
380 gid = netd->gid;
381
382 proc_set_user(netd, uid, gid);
383
384 /* Seed dentry revalidation for /proc/${pid}/net */
385 pde_force_lookup(netd);
386
387 err = -EEXIST;
388 net_statd = proc_net_mkdir(net, "stat", netd);
389 if (!net_statd)
390 goto free_net;
391
392 net->proc_net = netd;
393 net->proc_net_stat = net_statd;
394 return 0;
395
396 free_net:
397 pde_free(netd);
398 out:
399 return err;
400 }
401
402 static __net_exit void proc_net_ns_exit(struct net *net)
403 {
404 remove_proc_entry("stat", net->proc_net);
405 pde_free(net->proc_net);
406 }
407
408 static struct pernet_operations __net_initdata proc_net_ns_ops = {
409 .init = proc_net_ns_init,
410 .exit = proc_net_ns_exit,
411 };
412
413 int __init proc_net_init(void)
414 {
415 proc_symlink("net", NULL, "self/net");
416
417 return register_pernet_subsys(&proc_net_ns_ops);
418 }
Linux kernel stable tree