fs/proc/proc_net.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *  linux/fs/proc/net.c
0004  *
0005  *  Copyright (C) 2007
0006  *
0007  *  Author: Eric Biederman <ebiederm@xmission.com>
0008  *
0009  *  proc net directory handling functions
0010  */
0011 #include <linux/errno.h>
0012 #include <linux/time.h>
0013 #include <linux/proc_fs.h>
0014 #include <linux/stat.h>
0015 #include <linux/slab.h>
0016 #include <linux/init.h>
0017 #include <linux/sched.h>
0018 #include <linux/sched/task.h>
0019 #include <linux/module.h>
0020 #include <linux/bitops.h>
0021 #include <linux/mount.h>
0022 #include <linux/nsproxy.h>
0023 #include <linux/uidgid.h>
0024 #include <net/net_namespace.h>
0025 #include <linux/seq_file.h>
0026
0027 #include "internal.h"
0028
0029 static inline struct net *PDE_NET(struct proc_dir_entry *pde)
0030 {
0031     return pde->parent->data;
0032 }
0033
0034 static struct net *get_proc_net(const struct inode *inode)
0035 {
0036     return maybe_get_net(PDE_NET(PDE(inode)));
0037 }
0038
0039 static int seq_open_net(struct inode *inode, struct file *file)
0040 {
0041     unsigned int state_size = PDE(inode)->state_size;
0042     struct seq_net_private *p;
0043     struct net *net;
0044
0045     WARN_ON_ONCE(state_size < sizeof(*p));
0046
0047     if (file->f_mode & FMODE_WRITE && !PDE(inode)->write)
0048         return -EACCES;
0049
0050     net = get_proc_net(inode);
0051     if (!net)
0052         return -ENXIO;
0053
0054     p = __seq_open_private(file, PDE(inode)->seq_ops, state_size);
0055     if (!p) {
0056         put_net(net);
0057         return -ENOMEM;
0058     }
0059 #ifdef CONFIG_NET_NS
0060     p->net = net;
0061     netns_tracker_alloc(net, &p->ns_tracker, GFP_KERNEL);
0062 #endif
0063     return 0;
0064 }
0065
0066 static void seq_file_net_put_net(struct seq_file *seq)
0067 {
0068 #ifdef CONFIG_NET_NS
0069     struct seq_net_private *priv = seq->private;
0070
0071     put_net_track(priv->net, &priv->ns_tracker);
0072 #else
0073     put_net(&init_net);
0074 #endif
0075 }
0076
0077 static int seq_release_net(struct inode *ino, struct file *f)
0078 {
0079     struct seq_file *seq = f->private_data;
0080
0081     seq_file_net_put_net(seq);
0082     seq_release_private(ino, f);
0083     return 0;
0084 }
0085
0086 static const struct proc_ops proc_net_seq_ops = {
0087     .proc_open  = seq_open_net,
0088     .proc_read  = seq_read,
0089     .proc_write = proc_simple_write,
0090     .proc_lseek = seq_lseek,
0091     .proc_release   = seq_release_net,
0092 };
0093
0094 int bpf_iter_init_seq_net(void *priv_data, struct bpf_iter_aux_info *aux)
0095 {
0096 #ifdef CONFIG_NET_NS
0097     struct seq_net_private *p = priv_data;
0098
0099     p->net = get_net_track(current->nsproxy->net_ns, &p->ns_tracker,
0100                    GFP_KERNEL);
0101 #endif
0102     return 0;
0103 }
0104
0105 void bpf_iter_fini_seq_net(void *priv_data)
0106 {
0107 #ifdef CONFIG_NET_NS
0108     struct seq_net_private *p = priv_data;
0109
0110     put_net_track(p->net, &p->ns_tracker);
0111 #endif
0112 }
0113
0114 struct proc_dir_entry *proc_create_net_data(const char *name, umode_t mode,
0115         struct proc_dir_entry *parent, const struct seq_operations *ops,
0116         unsigned int state_size, void *data)
0117 {
0118     struct proc_dir_entry *p;
0119
0120     p = proc_create_reg(name, mode, &parent, data);
0121     if (!p)
0122         return NULL;
0123     pde_force_lookup(p);
0124     p->proc_ops = &proc_net_seq_ops;
0125     p->seq_ops = ops;
0126     p->state_size = state_size;
0127     return proc_register(parent, p);
0128 }
0129 EXPORT_SYMBOL_GPL(proc_create_net_data);
0130
0131 /**
0132  * proc_create_net_data_write - Create a writable net_ns-specific proc file
0133  * @name: The name of the file.
0134  * @mode: The file's access mode.
0135  * @parent: The parent directory in which to create.
0136  * @ops: The seq_file ops with which to read the file.
0137  * @write: The write method with which to 'modify' the file.
0138  * @data: Data for retrieval by pde_data().
0139  *
0140  * Create a network namespaced proc file in the @parent directory with the
0141  * specified @name and @mode that allows reading of a file that displays a
0142  * series of elements and also provides for the file accepting writes that have
0143  * some arbitrary effect.
0144  *
0145  * The functions in the @ops table are used to iterate over items to be
0146  * presented and extract the readable content using the seq_file interface.
0147  *
0148  * The @write function is called with the data copied into a kernel space
0149  * scratch buffer and has a NUL appended for convenience.  The buffer may be
0150  * modified by the @write function.  @write should return 0 on success.
0151  *
0152  * The @data value is accessible from the @show and @write functions by calling
0153  * pde_data() on the file inode.  The network namespace must be accessed by
0154  * calling seq_file_net() on the seq_file struct.
0155  */
0156 struct proc_dir_entry *proc_create_net_data_write(const char *name, umode_t mode,
0157                           struct proc_dir_entry *parent,
0158                           const struct seq_operations *ops,
0159                           proc_write_t write,
0160                           unsigned int state_size, void *data)
0161 {
0162     struct proc_dir_entry *p;
0163
0164     p = proc_create_reg(name, mode, &parent, data);
0165     if (!p)
0166         return NULL;
0167     pde_force_lookup(p);
0168     p->proc_ops = &proc_net_seq_ops;
0169     p->seq_ops = ops;
0170     p->state_size = state_size;
0171     p->write = write;
0172     return proc_register(parent, p);
0173 }
0174 EXPORT_SYMBOL_GPL(proc_create_net_data_write);
0175
0176 static int single_open_net(struct inode *inode, struct file *file)
0177 {
0178     struct proc_dir_entry *de = PDE(inode);
0179     struct net *net;
0180     int err;
0181
0182     net = get_proc_net(inode);
0183     if (!net)
0184         return -ENXIO;
0185
0186     err = single_open(file, de->single_show, net);
0187     if (err)
0188         put_net(net);
0189     return err;
0190 }
0191
0192 static int single_release_net(struct inode *ino, struct file *f)
0193 {
0194     struct seq_file *seq = f->private_data;
0195     put_net(seq->private);
0196     return single_release(ino, f);
0197 }
0198
0199 static const struct proc_ops proc_net_single_ops = {
0200     .proc_open  = single_open_net,
0201     .proc_read  = seq_read,
0202     .proc_write = proc_simple_write,
0203     .proc_lseek = seq_lseek,
0204     .proc_release   = single_release_net,
0205 };
0206
0207 struct proc_dir_entry *proc_create_net_single(const char *name, umode_t mode,
0208         struct proc_dir_entry *parent,
0209         int (*show)(struct seq_file *, void *), void *data)
0210 {
0211     struct proc_dir_entry *p;
0212
0213     p = proc_create_reg(name, mode, &parent, data);
0214     if (!p)
0215         return NULL;
0216     pde_force_lookup(p);
0217     p->proc_ops = &proc_net_single_ops;
0218     p->single_show = show;
0219     return proc_register(parent, p);
0220 }
0221 EXPORT_SYMBOL_GPL(proc_create_net_single);
0222
0223 /**
0224  * proc_create_net_single_write - Create a writable net_ns-specific proc file
0225  * @name: The name of the file.
0226  * @mode: The file's access mode.
0227  * @parent: The parent directory in which to create.
0228  * @show: The seqfile show method with which to read the file.
0229  * @write: The write method with which to 'modify' the file.
0230  * @data: Data for retrieval by pde_data().
0231  *
0232  * Create a network-namespaced proc file in the @parent directory with the
0233  * specified @name and @mode that allows reading of a file that displays a
0234  * single element rather than a series and also provides for the file accepting
0235  * writes that have some arbitrary effect.
0236  *
0237  * The @show function is called to extract the readable content via the
0238  * seq_file interface.
0239  *
0240  * The @write function is called with the data copied into a kernel space
0241  * scratch buffer and has a NUL appended for convenience.  The buffer may be
0242  * modified by the @write function.  @write should return 0 on success.
0243  *
0244  * The @data value is accessible from the @show and @write functions by calling
0245  * pde_data() on the file inode.  The network namespace must be accessed by
0246  * calling seq_file_single_net() on the seq_file struct.
0247  */
0248 struct proc_dir_entry *proc_create_net_single_write(const char *name, umode_t mode,
0249                             struct proc_dir_entry *parent,
0250                             int (*show)(struct seq_file *, void *),
0251                             proc_write_t write,
0252                             void *data)
0253 {
0254     struct proc_dir_entry *p;
0255
0256     p = proc_create_reg(name, mode, &parent, data);
0257     if (!p)
0258         return NULL;
0259     pde_force_lookup(p);
0260     p->proc_ops = &proc_net_single_ops;
0261     p->single_show = show;
0262     p->write = write;
0263     return proc_register(parent, p);
0264 }
0265 EXPORT_SYMBOL_GPL(proc_create_net_single_write);
0266
0267 static struct net *get_proc_task_net(struct inode *dir)
0268 {
0269     struct task_struct *task;
0270     struct nsproxy *ns;
0271     struct net *net = NULL;
0272
0273     rcu_read_lock();
0274     task = pid_task(proc_pid(dir), PIDTYPE_PID);
0275     if (task != NULL) {
0276         task_lock(task);
0277         ns = task->nsproxy;
0278         if (ns != NULL)
0279             net = get_net(ns->net_ns);
0280         task_unlock(task);
0281     }
0282     rcu_read_unlock();
0283
0284     return net;
0285 }
0286
0287 static struct dentry *proc_tgid_net_lookup(struct inode *dir,
0288         struct dentry *dentry, unsigned int flags)
0289 {
0290     struct dentry *de;
0291     struct net *net;
0292
0293     de = ERR_PTR(-ENOENT);
0294     net = get_proc_task_net(dir);
0295     if (net != NULL) {
0296         de = proc_lookup_de(dir, dentry, net->proc_net);
0297         put_net(net);
0298     }
0299     return de;
0300 }
0301
0302 static int proc_tgid_net_getattr(struct user_namespace *mnt_userns,
0303                  const struct path *path, struct kstat *stat,
0304                  u32 request_mask, unsigned int query_flags)
0305 {
0306     struct inode *inode = d_inode(path->dentry);
0307     struct net *net;
0308
0309     net = get_proc_task_net(inode);
0310
0311     generic_fillattr(&init_user_ns, inode, stat);
0312
0313     if (net != NULL) {
0314         stat->nlink = net->proc_net->nlink;
0315         put_net(net);
0316     }
0317
0318     return 0;
0319 }
0320
0321 const struct inode_operations proc_net_inode_operations = {
0322     .lookup     = proc_tgid_net_lookup,
0323     .getattr    = proc_tgid_net_getattr,
0324 };
0325
0326 static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx)
0327 {
0328     int ret;
0329     struct net *net;
0330
0331     ret = -EINVAL;
0332     net = get_proc_task_net(file_inode(file));
0333     if (net != NULL) {
0334         ret = proc_readdir_de(file, ctx, net->proc_net);
0335         put_net(net);
0336     }
0337     return ret;
0338 }
0339
0340 const struct file_operations proc_net_operations = {
0341     .llseek     = generic_file_llseek,
0342     .read       = generic_read_dir,
0343     .iterate_shared = proc_tgid_net_readdir,
0344 };
0345
0346 static __net_init int proc_net_ns_init(struct net *net)
0347 {
0348     struct proc_dir_entry *netd, *net_statd;
0349     kuid_t uid;
0350     kgid_t gid;
0351     int err;
0352
0353     /*
0354      * This PDE acts only as an anchor for /proc/${pid}/net hierarchy.
0355      * Corresponding inode (PDE(inode) == net->proc_net) is never
0356      * instantiated therefore blanket zeroing is fine.
0357      * net->proc_net_stat inode is instantiated normally.
0358      */
0359     err = -ENOMEM;
0360     netd = kmem_cache_zalloc(proc_dir_entry_cache, GFP_KERNEL);
0361     if (!netd)
0362         goto out;
0363
0364     netd->subdir = RB_ROOT;
0365     netd->data = net;
0366     netd->nlink = 2;
0367     netd->namelen = 3;
0368     netd->parent = &proc_root;
0369     netd->name = netd->inline_name;
0370     memcpy(netd->name, "net", 4);
0371
0372     uid = make_kuid(net->user_ns, 0);
0373     if (!uid_valid(uid))
0374         uid = netd->uid;
0375
0376     gid = make_kgid(net->user_ns, 0);
0377     if (!gid_valid(gid))
0378         gid = netd->gid;
0379
0380     proc_set_user(netd, uid, gid);
0381
0382     /* Seed dentry revalidation for /proc/${pid}/net */
0383     pde_force_lookup(netd);
0384
0385     err = -EEXIST;
0386     net_statd = proc_net_mkdir(net, "stat", netd);
0387     if (!net_statd)
0388         goto free_net;
0389
0390     net->proc_net = netd;
0391     net->proc_net_stat = net_statd;
0392     return 0;
0393
0394 free_net:
0395     pde_free(netd);
0396 out:
0397     return err;
0398 }
0399
0400 static __net_exit void proc_net_ns_exit(struct net *net)
0401 {
0402     remove_proc_entry("stat", net->proc_net);
0403     pde_free(net->proc_net);
0404 }
0405
0406 static struct pernet_operations __net_initdata proc_net_ns_ops = {
0407     .init = proc_net_ns_init,
0408     .exit = proc_net_ns_exit,
0409 };
0410
0411 int __init proc_net_init(void)
0412 {
0413     proc_symlink("net", NULL, "self/net");
0414
0415     return register_pernet_subsys(&proc_net_ns_ops);
0416 }