[linux-2.6-block.git] / fs / nsfs.c

// SPDX-License-Identifier: GPL-2.0
#include <linux/mount.h>
#include <linux/pseudo_fs.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <linux/proc_ns.h>
#include <linux/magic.h>
#include <linux/ktime.h>
#include <linux/seq_file.h>
#include <linux/user_namespace.h>
#include <linux/nsfs.h>
#include <linux/uaccess.h>

#include "internal.h"

static struct vfsmount *nsfs_mnt;

static long ns_ioctl(struct file *filp, unsigned int ioctl,
			unsigned long arg);
static const struct file_operations ns_file_operations = {
	.llseek		= no_llseek,
	.unlocked_ioctl = ns_ioctl,
	.compat_ioctl   = compat_ptr_ioctl,
};

static char *ns_dname(struct dentry *dentry, char *buffer, int buflen)
{
	struct inode *inode = d_inode(dentry);
	struct ns_common *ns = inode->i_private;
	const struct proc_ns_operations *ns_ops = ns->ops;

	return dynamic_dname(buffer, buflen, "%s:[%lu]",
		ns_ops->name, inode->i_ino);
}

const struct dentry_operations ns_dentry_operations = {
	.d_delete	= always_delete_dentry,
	.d_dname	= ns_dname,
	.d_prune	= stashed_dentry_prune,
};

static void nsfs_evict(struct inode *inode)
{
	struct ns_common *ns = inode->i_private;
	clear_inode(inode);
	ns->ops->put(ns);
}

int ns_get_path_cb(struct path *path, ns_get_path_helper_t *ns_get_cb,
		     void *private_data)
{
	struct ns_common *ns;

	ns = ns_get_cb(private_data);
	if (!ns)
		return -ENOENT;

	return path_from_stashed(&ns->stashed, nsfs_mnt, ns, path);
}

struct ns_get_path_task_args {
	const struct proc_ns_operations *ns_ops;
	struct task_struct *task;
};

static struct ns_common *ns_get_path_task(void *private_data)
{
	struct ns_get_path_task_args *args = private_data;

	return args->ns_ops->get(args->task);
}

int ns_get_path(struct path *path, struct task_struct *task,
		  const struct proc_ns_operations *ns_ops)
{
	struct ns_get_path_task_args args = {
		.ns_ops	= ns_ops,
		.task	= task,
	};

	return ns_get_path_cb(path, ns_get_path_task, &args);
}

int open_related_ns(struct ns_common *ns,
		   struct ns_common *(*get_ns)(struct ns_common *ns))
{
	struct path path = {};
	struct ns_common *relative;
	struct file *f;
	int err;
	int fd;

	fd = get_unused_fd_flags(O_CLOEXEC);
	if (fd < 0)
		return fd;

	relative = get_ns(ns);
	if (IS_ERR(relative)) {
		put_unused_fd(fd);
		return PTR_ERR(relative);
	}

	err = path_from_stashed(&relative->stashed, nsfs_mnt, relative, &path);
	if (err < 0) {
		put_unused_fd(fd);
		return err;
	}

	f = dentry_open(&path, O_RDONLY, current_cred());
	path_put(&path);
	if (IS_ERR(f)) {
		put_unused_fd(fd);
		fd = PTR_ERR(f);
	} else
		fd_install(fd, f);

	return fd;
}
EXPORT_SYMBOL_GPL(open_related_ns);

static long ns_ioctl(struct file *filp, unsigned int ioctl,
			unsigned long arg)
{
	struct user_namespace *user_ns;
	struct ns_common *ns = get_proc_ns(file_inode(filp));
	uid_t __user *argp;
	uid_t uid;

	switch (ioctl) {
	case NS_GET_USERNS:
		return open_related_ns(ns, ns_get_owner);
	case NS_GET_PARENT:
		if (!ns->ops->get_parent)
			return -EINVAL;
		return open_related_ns(ns, ns->ops->get_parent);
	case NS_GET_NSTYPE:
		return ns->ops->type;
	case NS_GET_OWNER_UID:
		if (ns->ops->type != CLONE_NEWUSER)
			return -EINVAL;
		user_ns = container_of(ns, struct user_namespace, ns);
		argp = (uid_t __user *) arg;
		uid = from_kuid_munged(current_user_ns(), user_ns->owner);
		return put_user(uid, argp);
	default:
		return -ENOTTY;
	}
}

int ns_get_name(char *buf, size_t size, struct task_struct *task,
			const struct proc_ns_operations *ns_ops)
{
	struct ns_common *ns;
	int res = -ENOENT;
	const char *name;
	ns = ns_ops->get(task);
	if (ns) {
		name = ns_ops->real_ns_name ? : ns_ops->name;
		res = snprintf(buf, size, "%s:[%u]", name, ns->inum);
		ns_ops->put(ns);
	}
	return res;
}

bool proc_ns_file(const struct file *file)
{
	return file->f_op == &ns_file_operations;
}

/**
 * ns_match() - Returns true if current namespace matches dev/ino provided.
 * @ns: current namespace
 * @dev: dev_t from nsfs that will be matched against current nsfs
 * @ino: ino_t from nsfs that will be matched against current nsfs
 *
 * Return: true if dev and ino matches the current nsfs.
 */
bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
{
	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
}


static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
{
	struct inode *inode = d_inode(dentry);
	const struct ns_common *ns = inode->i_private;
	const struct proc_ns_operations *ns_ops = ns->ops;

	seq_printf(seq, "%s:[%lu]", ns_ops->name, inode->i_ino);
	return 0;
}

static const struct super_operations nsfs_ops = {
	.statfs = simple_statfs,
	.evict_inode = nsfs_evict,
	.show_path = nsfs_show_path,
};

static int nsfs_init_inode(struct inode *inode, void *data)
{
	struct ns_common *ns = data;

	inode->i_private = data;
	inode->i_mode |= S_IRUGO;
	inode->i_fop = &ns_file_operations;
	inode->i_ino = ns->inum;
	return 0;
}

static void nsfs_put_data(void *data)
{
	struct ns_common *ns = data;
	ns->ops->put(ns);
}

static const struct stashed_operations nsfs_stashed_ops = {
	.init_inode = nsfs_init_inode,
	.put_data = nsfs_put_data,
};

static int nsfs_init_fs_context(struct fs_context *fc)
{
	struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC);
	if (!ctx)
		return -ENOMEM;
	ctx->ops = &nsfs_ops;
	ctx->dops = &ns_dentry_operations;
	fc->s_fs_info = (void *)&nsfs_stashed_ops;
	return 0;
}

static struct file_system_type nsfs = {
	.name = "nsfs",
	.init_fs_context = nsfs_init_fs_context,
	.kill_sb = kill_anon_super,
};

void __init nsfs_init(void)
{
	nsfs_mnt = kern_mount(&nsfs);
	if (IS_ERR(nsfs_mnt))
		panic("can't set nsfs up\n");
	nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
}
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
e149ed2b	2	#include <linux/mount.h>
059b20d9	3	#include <linux/pseudo_fs.h>
e149ed2b AV	4	#include <linux/file.h>
e149ed2b AV	5	#include <linux/fs.h>
7bebd69e	6	#include <linux/proc_fs.h>
e149ed2b AV	7	#include <linux/proc_ns.h>
	8	#include <linux/magic.h>
	9	#include <linux/ktime.h>
75509fd8	10	#include <linux/seq_file.h>
6786741d AV	11	#include <linux/user_namespace.h>
6786741d AV	12	#include <linux/nsfs.h>
d95fa3c7	13	#include <linux/uaccess.h>
e149ed2b	14
7bebd69e EB	15	#include "internal.h"
7bebd69e EB	16
e149ed2b AV	17	static struct vfsmount *nsfs_mnt;
e149ed2b AV	18
6786741d AV	19	static long ns_ioctl(struct file *filp, unsigned int ioctl,
6786741d AV	20	unsigned long arg);
e149ed2b AV	21	static const struct file_operations ns_file_operations = {
e149ed2b AV	22	.llseek = no_llseek,
6786741d	23	.unlocked_ioctl = ns_ioctl,
1cb925c0	24	.compat_ioctl = compat_ptr_ioctl,
e149ed2b AV	25	};
	26
	27	static char ns_dname(struct dentry dentry, char *buffer, int buflen)
	28	{
75c3cfa8	29	struct inode *inode = d_inode(dentry);
1fa08aec CB	30	struct ns_common *ns = inode->i_private;
1fa08aec CB	31	const struct proc_ns_operations *ns_ops = ns->ops;
e149ed2b	32
0f60d288	33	return dynamic_dname(buffer, buflen, "%s:[%lu]",
e149ed2b AV	34	ns_ops->name, inode->i_ino);
	35	}
	36
2558e3b2	37	const struct dentry_operations ns_dentry_operations = {
e149ed2b AV	38	.d_delete = always_delete_dentry,
e149ed2b AV	39	.d_dname = ns_dname,
2558e3b2	40	.d_prune = stashed_dentry_prune,
e149ed2b AV	41	};
	42
	43	static void nsfs_evict(struct inode *inode)
	44	{
	45	struct ns_common *ns = inode->i_private;
	46	clear_inode(inode);
	47	ns->ops->put(ns);
	48	}
	49
ce623f89	50	int ns_get_path_cb(struct path path, ns_get_path_helper_t ns_get_cb,
cdab6ba8	51	void *private_data)
6786741d	52	{
159a0d9f CB	53	struct ns_common *ns;
	54
	55	ns = ns_get_cb(private_data);
	56	if (!ns)
	57	return -ENOENT;
e9c5263c	58
9d9539db	59	return path_from_stashed(&ns->stashed, nsfs_mnt, ns, path);
6786741d AV	60	}
6786741d AV	61
cdab6ba8 JK	62	struct ns_get_path_task_args {
	63	const struct proc_ns_operations *ns_ops;
	64	struct task_struct *task;
	65	};
	66
	67	static struct ns_common ns_get_path_task(void private_data)
	68	{
	69	struct ns_get_path_task_args *args = private_data;
	70
	71	return args->ns_ops->get(args->task);
	72	}
	73
ce623f89	74	int ns_get_path(struct path path, struct task_struct task,
cdab6ba8 JK	75	const struct proc_ns_operations *ns_ops)
	76	{
	77	struct ns_get_path_task_args args = {
	78	.ns_ops = ns_ops,
	79	.task = task,
	80	};
	81
	82	return ns_get_path_cb(path, ns_get_path_task, &args);
	83	}
	84
c62cce2c	85	int open_related_ns(struct ns_common *ns,
6786741d AV	86	struct ns_common (get_ns)(struct ns_common *ns))
	87	{
	88	struct path path = {};
159a0d9f	89	struct ns_common *relative;
6786741d	90	struct file *f;
ce623f89	91	int err;
6786741d AV	92	int fd;
	93
	94	fd = get_unused_fd_flags(O_CLOEXEC);
	95	if (fd < 0)
	96	return fd;
	97
159a0d9f CB	98	relative = get_ns(ns);
	99	if (IS_ERR(relative)) {
	100	put_unused_fd(fd);
	101	return PTR_ERR(relative);
	102	}
357ab5b5	103
9d9539db	104	err = path_from_stashed(&relative->stashed, nsfs_mnt, relative, &path);
1fa08aec	105	if (err < 0) {
6786741d	106	put_unused_fd(fd);
ce623f89	107	return err;
6786741d AV	108	}
	109
	110	f = dentry_open(&path, O_RDONLY, current_cred());
	111	path_put(&path);
	112	if (IS_ERR(f)) {
	113	put_unused_fd(fd);
	114	fd = PTR_ERR(f);
	115	} else
	116	fd_install(fd, f);
	117
	118	return fd;
	119	}
24dce080	120	EXPORT_SYMBOL_GPL(open_related_ns);
6786741d AV	121
	122	static long ns_ioctl(struct file *filp, unsigned int ioctl,
	123	unsigned long arg)
	124	{
d95fa3c7	125	struct user_namespace *user_ns;
6786741d	126	struct ns_common *ns = get_proc_ns(file_inode(filp));
d95fa3c7 MK	127	uid_t __user *argp;
d95fa3c7 MK	128	uid_t uid;
6786741d AV	129
	130	switch (ioctl) {
	131	case NS_GET_USERNS:
	132	return open_related_ns(ns, ns_get_owner);
a7306ed8 AV	133	case NS_GET_PARENT:
	134	if (!ns->ops->get_parent)
	135	return -EINVAL;
	136	return open_related_ns(ns, ns->ops->get_parent);
e5ff5ce6 MK	137	case NS_GET_NSTYPE:
e5ff5ce6 MK	138	return ns->ops->type;
d95fa3c7 MK	139	case NS_GET_OWNER_UID:
	140	if (ns->ops->type != CLONE_NEWUSER)
	141	return -EINVAL;
	142	user_ns = container_of(ns, struct user_namespace, ns);
	143	argp = (uid_t __user *) arg;
	144	uid = from_kuid_munged(current_user_ns(), user_ns->owner);
	145	return put_user(uid, argp);
6786741d AV	146	default:
	147	return -ENOTTY;
	148	}
	149	}
	150
e149ed2b AV	151	int ns_get_name(char buf, size_t size, struct task_struct task,
	152	const struct proc_ns_operations *ns_ops)
	153	{
	154	struct ns_common *ns;
	155	int res = -ENOENT;
25b14e92	156	const char *name;
e149ed2b AV	157	ns = ns_ops->get(task);
e149ed2b AV	158	if (ns) {
25b14e92 KT	159	name = ns_ops->real_ns_name ? : ns_ops->name;
25b14e92 KT	160	res = snprintf(buf, size, "%s:[%u]", name, ns->inum);
e149ed2b AV	161	ns_ops->put(ns);
	162	}
	163	return res;
	164	}
	165
303cc571 CB	166	bool proc_ns_file(const struct file *file)
	167	{
	168	return file->f_op == &ns_file_operations;
	169	}
	170
1e2328e7 CN	171	/**
1e2328e7 CN	172	* ns_match() - Returns true if current namespace matches dev/ino provided.
39ecb653	173	* @ns: current namespace
1e2328e7 CN	174	* @dev: dev_t from nsfs that will be matched against current nsfs
	175	* @ino: ino_t from nsfs that will be matched against current nsfs
	176	*
	177	* Return: true if dev and ino matches the current nsfs.
	178	*/
	179	bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
	180	{
	181	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
	182	}
	183
	184
75509fd8 EB	185	static int nsfs_show_path(struct seq_file seq, struct dentry dentry)
	186	{
	187	struct inode *inode = d_inode(dentry);
1fa08aec CB	188	const struct ns_common *ns = inode->i_private;
1fa08aec CB	189	const struct proc_ns_operations *ns_ops = ns->ops;
75509fd8	190
6798a8ca JP	191	seq_printf(seq, "%s:[%lu]", ns_ops->name, inode->i_ino);
6798a8ca JP	192	return 0;
75509fd8 EB	193	}
75509fd8 EB	194
e149ed2b AV	195	static const struct super_operations nsfs_ops = {
	196	.statfs = simple_statfs,
	197	.evict_inode = nsfs_evict,
75509fd8	198	.show_path = nsfs_show_path,
e149ed2b	199	};
059b20d9	200
9d9539db	201	static int nsfs_init_inode(struct inode inode, void data)
e9c5263c	202	{
9d9539db CB	203	struct ns_common *ns = data;
9d9539db CB	204
e9c5263c CB	205	inode->i_private = data;
	206	inode->i_mode \|= S_IRUGO;
	207	inode->i_fop = &ns_file_operations;
9d9539db CB	208	inode->i_ino = ns->inum;
9d9539db CB	209	return 0;
e9c5263c CB	210	}
	211
	212	static void nsfs_put_data(void *data)
	213	{
	214	struct ns_common *ns = data;
	215	ns->ops->put(ns);
	216	}
	217
	218	static const struct stashed_operations nsfs_stashed_ops = {
	219	.init_inode = nsfs_init_inode,
	220	.put_data = nsfs_put_data,
	221	};
	222
059b20d9	223	static int nsfs_init_fs_context(struct fs_context *fc)
e149ed2b	224	{
059b20d9 DH	225	struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC);
	226	if (!ctx)
	227	return -ENOMEM;
	228	ctx->ops = &nsfs_ops;
	229	ctx->dops = &ns_dentry_operations;
e9c5263c	230	fc->s_fs_info = (void *)&nsfs_stashed_ops;
059b20d9	231	return 0;
e149ed2b	232	}
059b20d9	233
e149ed2b AV	234	static struct file_system_type nsfs = {
e149ed2b AV	235	.name = "nsfs",
059b20d9	236	.init_fs_context = nsfs_init_fs_context,
e149ed2b AV	237	.kill_sb = kill_anon_super,
	238	};
	239
	240	void __init nsfs_init(void)
	241	{
	242	nsfs_mnt = kern_mount(&nsfs);
	243	if (IS_ERR(nsfs_mnt))
	244	panic("can't set nsfs up\n");
1751e8a6	245	nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
e149ed2b	246	}