162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci#include <linux/mount.h> 362306a36Sopenharmony_ci#include <linux/pseudo_fs.h> 462306a36Sopenharmony_ci#include <linux/file.h> 562306a36Sopenharmony_ci#include <linux/fs.h> 662306a36Sopenharmony_ci#include <linux/proc_fs.h> 762306a36Sopenharmony_ci#include <linux/proc_ns.h> 862306a36Sopenharmony_ci#include <linux/magic.h> 962306a36Sopenharmony_ci#include <linux/ktime.h> 1062306a36Sopenharmony_ci#include <linux/seq_file.h> 1162306a36Sopenharmony_ci#include <linux/user_namespace.h> 1262306a36Sopenharmony_ci#include <linux/nsfs.h> 1362306a36Sopenharmony_ci#include <linux/uaccess.h> 1462306a36Sopenharmony_ci 1562306a36Sopenharmony_ci#include "internal.h" 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_cistatic struct vfsmount *nsfs_mnt; 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_cistatic long ns_ioctl(struct file *filp, unsigned int ioctl, 2062306a36Sopenharmony_ci unsigned long arg); 2162306a36Sopenharmony_cistatic const struct file_operations ns_file_operations = { 2262306a36Sopenharmony_ci .llseek = no_llseek, 2362306a36Sopenharmony_ci .unlocked_ioctl = ns_ioctl, 2462306a36Sopenharmony_ci .compat_ioctl = compat_ptr_ioctl, 2562306a36Sopenharmony_ci}; 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_cistatic char *ns_dname(struct dentry *dentry, char *buffer, int buflen) 2862306a36Sopenharmony_ci{ 2962306a36Sopenharmony_ci struct inode *inode = d_inode(dentry); 3062306a36Sopenharmony_ci const struct proc_ns_operations *ns_ops = dentry->d_fsdata; 3162306a36Sopenharmony_ci 3262306a36Sopenharmony_ci return dynamic_dname(buffer, buflen, "%s:[%lu]", 3362306a36Sopenharmony_ci ns_ops->name, inode->i_ino); 3462306a36Sopenharmony_ci} 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_cistatic void ns_prune_dentry(struct dentry *dentry) 3762306a36Sopenharmony_ci{ 3862306a36Sopenharmony_ci struct inode *inode = d_inode(dentry); 3962306a36Sopenharmony_ci if (inode) { 4062306a36Sopenharmony_ci struct ns_common *ns = inode->i_private; 4162306a36Sopenharmony_ci atomic_long_set(&ns->stashed, 0); 4262306a36Sopenharmony_ci } 4362306a36Sopenharmony_ci} 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ciconst struct dentry_operations ns_dentry_operations = 4662306a36Sopenharmony_ci{ 4762306a36Sopenharmony_ci .d_prune = ns_prune_dentry, 4862306a36Sopenharmony_ci .d_delete = always_delete_dentry, 4962306a36Sopenharmony_ci .d_dname = ns_dname, 5062306a36Sopenharmony_ci}; 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_cistatic void nsfs_evict(struct inode *inode) 5362306a36Sopenharmony_ci{ 5462306a36Sopenharmony_ci struct ns_common *ns = inode->i_private; 5562306a36Sopenharmony_ci clear_inode(inode); 5662306a36Sopenharmony_ci ns->ops->put(ns); 5762306a36Sopenharmony_ci} 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_cistatic int __ns_get_path(struct path *path, struct ns_common *ns) 6062306a36Sopenharmony_ci{ 6162306a36Sopenharmony_ci struct vfsmount *mnt = nsfs_mnt; 6262306a36Sopenharmony_ci struct dentry *dentry; 6362306a36Sopenharmony_ci struct inode *inode; 6462306a36Sopenharmony_ci unsigned long d; 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_ci rcu_read_lock(); 6762306a36Sopenharmony_ci d = atomic_long_read(&ns->stashed); 6862306a36Sopenharmony_ci if (!d) 6962306a36Sopenharmony_ci goto slow; 7062306a36Sopenharmony_ci dentry = (struct dentry *)d; 7162306a36Sopenharmony_ci if (!lockref_get_not_dead(&dentry->d_lockref)) 7262306a36Sopenharmony_ci goto slow; 7362306a36Sopenharmony_ci rcu_read_unlock(); 7462306a36Sopenharmony_ci ns->ops->put(ns); 7562306a36Sopenharmony_cigot_it: 7662306a36Sopenharmony_ci path->mnt = mntget(mnt); 7762306a36Sopenharmony_ci path->dentry = dentry; 7862306a36Sopenharmony_ci return 0; 7962306a36Sopenharmony_cislow: 8062306a36Sopenharmony_ci rcu_read_unlock(); 8162306a36Sopenharmony_ci inode = new_inode_pseudo(mnt->mnt_sb); 8262306a36Sopenharmony_ci if (!inode) { 8362306a36Sopenharmony_ci ns->ops->put(ns); 8462306a36Sopenharmony_ci return -ENOMEM; 8562306a36Sopenharmony_ci } 8662306a36Sopenharmony_ci inode->i_ino = ns->inum; 8762306a36Sopenharmony_ci inode->i_mtime = inode->i_atime = inode_set_ctime_current(inode); 8862306a36Sopenharmony_ci inode->i_flags |= S_IMMUTABLE; 8962306a36Sopenharmony_ci inode->i_mode = S_IFREG | S_IRUGO; 9062306a36Sopenharmony_ci inode->i_fop = &ns_file_operations; 9162306a36Sopenharmony_ci inode->i_private = ns; 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci dentry = d_alloc_anon(mnt->mnt_sb); 9462306a36Sopenharmony_ci if (!dentry) { 9562306a36Sopenharmony_ci iput(inode); 9662306a36Sopenharmony_ci return -ENOMEM; 9762306a36Sopenharmony_ci } 9862306a36Sopenharmony_ci d_instantiate(dentry, inode); 9962306a36Sopenharmony_ci dentry->d_fsdata = (void *)ns->ops; 10062306a36Sopenharmony_ci d = atomic_long_cmpxchg(&ns->stashed, 0, (unsigned long)dentry); 10162306a36Sopenharmony_ci if (d) { 10262306a36Sopenharmony_ci d_delete(dentry); /* make sure ->d_prune() does nothing */ 10362306a36Sopenharmony_ci dput(dentry); 10462306a36Sopenharmony_ci cpu_relax(); 10562306a36Sopenharmony_ci return -EAGAIN; 10662306a36Sopenharmony_ci } 10762306a36Sopenharmony_ci goto got_it; 10862306a36Sopenharmony_ci} 10962306a36Sopenharmony_ci 11062306a36Sopenharmony_ciint ns_get_path_cb(struct path *path, ns_get_path_helper_t *ns_get_cb, 11162306a36Sopenharmony_ci void *private_data) 11262306a36Sopenharmony_ci{ 11362306a36Sopenharmony_ci int ret; 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci do { 11662306a36Sopenharmony_ci struct ns_common *ns = ns_get_cb(private_data); 11762306a36Sopenharmony_ci if (!ns) 11862306a36Sopenharmony_ci return -ENOENT; 11962306a36Sopenharmony_ci ret = __ns_get_path(path, ns); 12062306a36Sopenharmony_ci } while (ret == -EAGAIN); 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ci return ret; 12362306a36Sopenharmony_ci} 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_cistruct ns_get_path_task_args { 12662306a36Sopenharmony_ci const struct proc_ns_operations *ns_ops; 12762306a36Sopenharmony_ci struct task_struct *task; 12862306a36Sopenharmony_ci}; 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_cistatic struct ns_common *ns_get_path_task(void *private_data) 13162306a36Sopenharmony_ci{ 13262306a36Sopenharmony_ci struct ns_get_path_task_args *args = private_data; 13362306a36Sopenharmony_ci 13462306a36Sopenharmony_ci return args->ns_ops->get(args->task); 13562306a36Sopenharmony_ci} 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ciint ns_get_path(struct path *path, struct task_struct *task, 13862306a36Sopenharmony_ci const struct proc_ns_operations *ns_ops) 13962306a36Sopenharmony_ci{ 14062306a36Sopenharmony_ci struct ns_get_path_task_args args = { 14162306a36Sopenharmony_ci .ns_ops = ns_ops, 14262306a36Sopenharmony_ci .task = task, 14362306a36Sopenharmony_ci }; 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci return ns_get_path_cb(path, ns_get_path_task, &args); 14662306a36Sopenharmony_ci} 14762306a36Sopenharmony_ci 14862306a36Sopenharmony_ciint open_related_ns(struct ns_common *ns, 14962306a36Sopenharmony_ci struct ns_common *(*get_ns)(struct ns_common *ns)) 15062306a36Sopenharmony_ci{ 15162306a36Sopenharmony_ci struct path path = {}; 15262306a36Sopenharmony_ci struct file *f; 15362306a36Sopenharmony_ci int err; 15462306a36Sopenharmony_ci int fd; 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci fd = get_unused_fd_flags(O_CLOEXEC); 15762306a36Sopenharmony_ci if (fd < 0) 15862306a36Sopenharmony_ci return fd; 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci do { 16162306a36Sopenharmony_ci struct ns_common *relative; 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci relative = get_ns(ns); 16462306a36Sopenharmony_ci if (IS_ERR(relative)) { 16562306a36Sopenharmony_ci put_unused_fd(fd); 16662306a36Sopenharmony_ci return PTR_ERR(relative); 16762306a36Sopenharmony_ci } 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_ci err = __ns_get_path(&path, relative); 17062306a36Sopenharmony_ci } while (err == -EAGAIN); 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_ci if (err) { 17362306a36Sopenharmony_ci put_unused_fd(fd); 17462306a36Sopenharmony_ci return err; 17562306a36Sopenharmony_ci } 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ci f = dentry_open(&path, O_RDONLY, current_cred()); 17862306a36Sopenharmony_ci path_put(&path); 17962306a36Sopenharmony_ci if (IS_ERR(f)) { 18062306a36Sopenharmony_ci put_unused_fd(fd); 18162306a36Sopenharmony_ci fd = PTR_ERR(f); 18262306a36Sopenharmony_ci } else 18362306a36Sopenharmony_ci fd_install(fd, f); 18462306a36Sopenharmony_ci 18562306a36Sopenharmony_ci return fd; 18662306a36Sopenharmony_ci} 18762306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(open_related_ns); 18862306a36Sopenharmony_ci 18962306a36Sopenharmony_cistatic long ns_ioctl(struct file *filp, unsigned int ioctl, 19062306a36Sopenharmony_ci unsigned long arg) 19162306a36Sopenharmony_ci{ 19262306a36Sopenharmony_ci struct user_namespace *user_ns; 19362306a36Sopenharmony_ci struct ns_common *ns = get_proc_ns(file_inode(filp)); 19462306a36Sopenharmony_ci uid_t __user *argp; 19562306a36Sopenharmony_ci uid_t uid; 19662306a36Sopenharmony_ci 19762306a36Sopenharmony_ci switch (ioctl) { 19862306a36Sopenharmony_ci case NS_GET_USERNS: 19962306a36Sopenharmony_ci return open_related_ns(ns, ns_get_owner); 20062306a36Sopenharmony_ci case NS_GET_PARENT: 20162306a36Sopenharmony_ci if (!ns->ops->get_parent) 20262306a36Sopenharmony_ci return -EINVAL; 20362306a36Sopenharmony_ci return open_related_ns(ns, ns->ops->get_parent); 20462306a36Sopenharmony_ci case NS_GET_NSTYPE: 20562306a36Sopenharmony_ci return ns->ops->type; 20662306a36Sopenharmony_ci case NS_GET_OWNER_UID: 20762306a36Sopenharmony_ci if (ns->ops->type != CLONE_NEWUSER) 20862306a36Sopenharmony_ci return -EINVAL; 20962306a36Sopenharmony_ci user_ns = container_of(ns, struct user_namespace, ns); 21062306a36Sopenharmony_ci argp = (uid_t __user *) arg; 21162306a36Sopenharmony_ci uid = from_kuid_munged(current_user_ns(), user_ns->owner); 21262306a36Sopenharmony_ci return put_user(uid, argp); 21362306a36Sopenharmony_ci default: 21462306a36Sopenharmony_ci return -ENOTTY; 21562306a36Sopenharmony_ci } 21662306a36Sopenharmony_ci} 21762306a36Sopenharmony_ci 21862306a36Sopenharmony_ciint ns_get_name(char *buf, size_t size, struct task_struct *task, 21962306a36Sopenharmony_ci const struct proc_ns_operations *ns_ops) 22062306a36Sopenharmony_ci{ 22162306a36Sopenharmony_ci struct ns_common *ns; 22262306a36Sopenharmony_ci int res = -ENOENT; 22362306a36Sopenharmony_ci const char *name; 22462306a36Sopenharmony_ci ns = ns_ops->get(task); 22562306a36Sopenharmony_ci if (ns) { 22662306a36Sopenharmony_ci name = ns_ops->real_ns_name ? : ns_ops->name; 22762306a36Sopenharmony_ci res = snprintf(buf, size, "%s:[%u]", name, ns->inum); 22862306a36Sopenharmony_ci ns_ops->put(ns); 22962306a36Sopenharmony_ci } 23062306a36Sopenharmony_ci return res; 23162306a36Sopenharmony_ci} 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_cibool proc_ns_file(const struct file *file) 23462306a36Sopenharmony_ci{ 23562306a36Sopenharmony_ci return file->f_op == &ns_file_operations; 23662306a36Sopenharmony_ci} 23762306a36Sopenharmony_ci 23862306a36Sopenharmony_ci/** 23962306a36Sopenharmony_ci * ns_match() - Returns true if current namespace matches dev/ino provided. 24062306a36Sopenharmony_ci * @ns: current namespace 24162306a36Sopenharmony_ci * @dev: dev_t from nsfs that will be matched against current nsfs 24262306a36Sopenharmony_ci * @ino: ino_t from nsfs that will be matched against current nsfs 24362306a36Sopenharmony_ci * 24462306a36Sopenharmony_ci * Return: true if dev and ino matches the current nsfs. 24562306a36Sopenharmony_ci */ 24662306a36Sopenharmony_cibool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino) 24762306a36Sopenharmony_ci{ 24862306a36Sopenharmony_ci return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev); 24962306a36Sopenharmony_ci} 25062306a36Sopenharmony_ci 25162306a36Sopenharmony_ci 25262306a36Sopenharmony_cistatic int nsfs_show_path(struct seq_file *seq, struct dentry *dentry) 25362306a36Sopenharmony_ci{ 25462306a36Sopenharmony_ci struct inode *inode = d_inode(dentry); 25562306a36Sopenharmony_ci const struct proc_ns_operations *ns_ops = dentry->d_fsdata; 25662306a36Sopenharmony_ci 25762306a36Sopenharmony_ci seq_printf(seq, "%s:[%lu]", ns_ops->name, inode->i_ino); 25862306a36Sopenharmony_ci return 0; 25962306a36Sopenharmony_ci} 26062306a36Sopenharmony_ci 26162306a36Sopenharmony_cistatic const struct super_operations nsfs_ops = { 26262306a36Sopenharmony_ci .statfs = simple_statfs, 26362306a36Sopenharmony_ci .evict_inode = nsfs_evict, 26462306a36Sopenharmony_ci .show_path = nsfs_show_path, 26562306a36Sopenharmony_ci}; 26662306a36Sopenharmony_ci 26762306a36Sopenharmony_cistatic int nsfs_init_fs_context(struct fs_context *fc) 26862306a36Sopenharmony_ci{ 26962306a36Sopenharmony_ci struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC); 27062306a36Sopenharmony_ci if (!ctx) 27162306a36Sopenharmony_ci return -ENOMEM; 27262306a36Sopenharmony_ci ctx->ops = &nsfs_ops; 27362306a36Sopenharmony_ci ctx->dops = &ns_dentry_operations; 27462306a36Sopenharmony_ci return 0; 27562306a36Sopenharmony_ci} 27662306a36Sopenharmony_ci 27762306a36Sopenharmony_cistatic struct file_system_type nsfs = { 27862306a36Sopenharmony_ci .name = "nsfs", 27962306a36Sopenharmony_ci .init_fs_context = nsfs_init_fs_context, 28062306a36Sopenharmony_ci .kill_sb = kill_anon_super, 28162306a36Sopenharmony_ci}; 28262306a36Sopenharmony_ci 28362306a36Sopenharmony_civoid __init nsfs_init(void) 28462306a36Sopenharmony_ci{ 28562306a36Sopenharmony_ci nsfs_mnt = kern_mount(&nsfs); 28662306a36Sopenharmony_ci if (IS_ERR(nsfs_mnt)) 28762306a36Sopenharmony_ci panic("can't set nsfs up\n"); 28862306a36Sopenharmony_ci nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER; 28962306a36Sopenharmony_ci} 290