Thomas Gleixner | 457c899 | 2019-05-19 13:08:55 +0100 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0-only |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 2 | /* |
| 3 | * fs/anon_inodes.c |
| 4 | * |
| 5 | * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> |
| 6 | * |
| 7 | * Thanks to Arnd Bergmann for code review and suggestions. |
| 8 | * More changes for Thomas Gleixner suggestions. |
| 9 | * |
| 10 | */ |
| 11 | |
Alexey Dobriyan | a99bbaf | 2009-10-04 16:11:37 +0400 | [diff] [blame] | 12 | #include <linux/cred.h> |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 13 | #include <linux/file.h> |
| 14 | #include <linux/poll.h> |
Alexey Dobriyan | a99bbaf | 2009-10-04 16:11:37 +0400 | [diff] [blame] | 15 | #include <linux/sched.h> |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 16 | #include <linux/init.h> |
| 17 | #include <linux/fs.h> |
| 18 | #include <linux/mount.h> |
| 19 | #include <linux/module.h> |
| 20 | #include <linux/kernel.h> |
| 21 | #include <linux/magic.h> |
| 22 | #include <linux/anon_inodes.h> |
David Howells | 33cada4 | 2019-03-25 16:38:23 +0000 | [diff] [blame] | 23 | #include <linux/pseudo_fs.h> |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 24 | |
Linus Torvalds | 7c0f6ba | 2016-12-24 11:46:01 -0800 | [diff] [blame] | 25 | #include <linux/uaccess.h> |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 26 | |
| 27 | static struct vfsmount *anon_inode_mnt __read_mostly; |
| 28 | static struct inode *anon_inode_inode; |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 29 | |
Nick Piggin | b9aff02 | 2009-11-20 14:28:35 -0800 | [diff] [blame] | 30 | /* |
| 31 | * anon_inodefs_dname() is called from d_path(). |
| 32 | */ |
| 33 | static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen) |
| 34 | { |
| 35 | return dynamic_dname(dentry, buffer, buflen, "anon_inode:%s", |
| 36 | dentry->d_name.name); |
| 37 | } |
| 38 | |
Al Viro | c74a1cb | 2011-01-12 16:59:34 -0500 | [diff] [blame] | 39 | static const struct dentry_operations anon_inodefs_dentry_operations = { |
| 40 | .d_dname = anon_inodefs_dname, |
| 41 | }; |
| 42 | |
David Howells | 33cada4 | 2019-03-25 16:38:23 +0000 | [diff] [blame] | 43 | static int anon_inodefs_init_fs_context(struct fs_context *fc) |
Al Viro | ca7068c | 2012-03-17 02:52:29 -0400 | [diff] [blame] | 44 | { |
David Howells | 33cada4 | 2019-03-25 16:38:23 +0000 | [diff] [blame] | 45 | struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); |
| 46 | if (!ctx) |
| 47 | return -ENOMEM; |
| 48 | ctx->dops = &anon_inodefs_dentry_operations; |
| 49 | return 0; |
Al Viro | ca7068c | 2012-03-17 02:52:29 -0400 | [diff] [blame] | 50 | } |
| 51 | |
| 52 | static struct file_system_type anon_inode_fs_type = { |
| 53 | .name = "anon_inodefs", |
David Howells | 33cada4 | 2019-03-25 16:38:23 +0000 | [diff] [blame] | 54 | .init_fs_context = anon_inodefs_init_fs_context, |
Al Viro | ca7068c | 2012-03-17 02:52:29 -0400 | [diff] [blame] | 55 | .kill_sb = kill_anon_super, |
| 56 | }; |
| 57 | |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 58 | static struct inode *anon_inode_make_secure_inode( |
| 59 | const char *name, |
| 60 | const struct inode *context_inode) |
| 61 | { |
| 62 | struct inode *inode; |
| 63 | const struct qstr qname = QSTR_INIT(name, strlen(name)); |
| 64 | int error; |
| 65 | |
| 66 | inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); |
| 67 | if (IS_ERR(inode)) |
| 68 | return inode; |
| 69 | inode->i_flags &= ~S_PRIVATE; |
| 70 | error = security_inode_init_security_anon(inode, &qname, context_inode); |
| 71 | if (error) { |
| 72 | iput(inode); |
| 73 | return ERR_PTR(error); |
| 74 | } |
| 75 | return inode; |
| 76 | } |
| 77 | |
| 78 | static struct file *__anon_inode_getfile(const char *name, |
| 79 | const struct file_operations *fops, |
| 80 | void *priv, int flags, |
| 81 | const struct inode *context_inode, |
| 82 | bool secure) |
| 83 | { |
| 84 | struct inode *inode; |
| 85 | struct file *file; |
| 86 | |
| 87 | if (fops->owner && !try_module_get(fops->owner)) |
| 88 | return ERR_PTR(-ENOENT); |
| 89 | |
| 90 | if (secure) { |
| 91 | inode = anon_inode_make_secure_inode(name, context_inode); |
| 92 | if (IS_ERR(inode)) { |
| 93 | file = ERR_CAST(inode); |
| 94 | goto err; |
| 95 | } |
| 96 | } else { |
| 97 | inode = anon_inode_inode; |
| 98 | if (IS_ERR(inode)) { |
| 99 | file = ERR_PTR(-ENODEV); |
| 100 | goto err; |
| 101 | } |
| 102 | /* |
| 103 | * We know the anon_inode inode count is always |
| 104 | * greater than zero, so ihold() is safe. |
| 105 | */ |
| 106 | ihold(inode); |
| 107 | } |
| 108 | |
| 109 | file = alloc_file_pseudo(inode, anon_inode_mnt, name, |
| 110 | flags & (O_ACCMODE | O_NONBLOCK), fops); |
| 111 | if (IS_ERR(file)) |
| 112 | goto err_iput; |
| 113 | |
| 114 | file->f_mapping = inode->i_mapping; |
| 115 | |
| 116 | file->private_data = priv; |
| 117 | |
| 118 | return file; |
| 119 | |
| 120 | err_iput: |
| 121 | iput(inode); |
| 122 | err: |
| 123 | module_put(fops->owner); |
| 124 | return file; |
| 125 | } |
| 126 | |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 127 | /** |
Namhyung Kim | c0d8768 | 2010-12-10 12:11:50 +0900 | [diff] [blame] | 128 | * anon_inode_getfile - creates a new file instance by hooking it up to an |
| 129 | * anonymous inode, and a dentry that describe the "class" |
| 130 | * of the file |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 131 | * |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 132 | * @name: [in] name of the "class" of the new file |
Ulrich Drepper | 7d9dbca | 2008-07-23 21:29:22 -0700 | [diff] [blame] | 133 | * @fops: [in] file operations for the new file |
| 134 | * @priv: [in] private data for the new file (will be file's private_data) |
| 135 | * @flags: [in] flags |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 136 | * |
| 137 | * Creates a new file by hooking it on a single inode. This is useful for files |
| 138 | * that do not need to have a full-fledged inode in order to operate correctly. |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 139 | * All the files created with anon_inode_getfile() will share a single inode, |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 140 | * hence saving memory and avoiding code duplication for the file/inode/dentry |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 141 | * setup. Returns the newly created file* or an error pointer. |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 142 | */ |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 143 | struct file *anon_inode_getfile(const char *name, |
| 144 | const struct file_operations *fops, |
| 145 | void *priv, int flags) |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 146 | { |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 147 | return __anon_inode_getfile(name, fops, priv, flags, NULL, false); |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 148 | } |
| 149 | EXPORT_SYMBOL_GPL(anon_inode_getfile); |
| 150 | |
Paul Moore | 3a862ca | 2021-02-01 19:22:44 -0500 | [diff] [blame^] | 151 | /** |
| 152 | * anon_inode_getfile_secure - Like anon_inode_getfile(), but creates a new |
| 153 | * !S_PRIVATE anon inode rather than reuse the |
| 154 | * singleton anon inode and calls the |
| 155 | * inode_init_security_anon() LSM hook. This |
| 156 | * allows for both the inode to have its own |
| 157 | * security context and for the LSM to enforce |
| 158 | * policy on the inode's creation. |
| 159 | * |
| 160 | * @name: [in] name of the "class" of the new file |
| 161 | * @fops: [in] file operations for the new file |
| 162 | * @priv: [in] private data for the new file (will be file's private_data) |
| 163 | * @flags: [in] flags |
| 164 | * @context_inode: |
| 165 | * [in] the logical relationship with the new inode (optional) |
| 166 | * |
| 167 | * The LSM may use @context_inode in inode_init_security_anon(), but a |
| 168 | * reference to it is not held. Returns the newly created file* or an error |
| 169 | * pointer. See the anon_inode_getfile() documentation for more information. |
| 170 | */ |
| 171 | struct file *anon_inode_getfile_secure(const char *name, |
| 172 | const struct file_operations *fops, |
| 173 | void *priv, int flags, |
| 174 | const struct inode *context_inode) |
| 175 | { |
| 176 | return __anon_inode_getfile(name, fops, priv, flags, |
| 177 | context_inode, true); |
| 178 | } |
| 179 | |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 180 | static int __anon_inode_getfd(const char *name, |
| 181 | const struct file_operations *fops, |
| 182 | void *priv, int flags, |
| 183 | const struct inode *context_inode, |
| 184 | bool secure) |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 185 | { |
| 186 | int error, fd; |
| 187 | struct file *file; |
| 188 | |
| 189 | error = get_unused_fd_flags(flags); |
| 190 | if (error < 0) |
| 191 | return error; |
| 192 | fd = error; |
| 193 | |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 194 | file = __anon_inode_getfile(name, fops, priv, flags, context_inode, |
| 195 | secure); |
Davide Libenzi | 562787a | 2009-09-22 16:43:57 -0700 | [diff] [blame] | 196 | if (IS_ERR(file)) { |
| 197 | error = PTR_ERR(file); |
| 198 | goto err_put_unused_fd; |
| 199 | } |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 200 | fd_install(fd, file); |
| 201 | |
Al Viro | 2030a42 | 2008-02-23 06:46:49 -0500 | [diff] [blame] | 202 | return fd; |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 203 | |
| 204 | err_put_unused_fd: |
| 205 | put_unused_fd(fd); |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 206 | return error; |
| 207 | } |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 208 | |
| 209 | /** |
| 210 | * anon_inode_getfd - creates a new file instance by hooking it up to |
| 211 | * an anonymous inode and a dentry that describe |
| 212 | * the "class" of the file |
| 213 | * |
| 214 | * @name: [in] name of the "class" of the new file |
| 215 | * @fops: [in] file operations for the new file |
| 216 | * @priv: [in] private data for the new file (will be file's private_data) |
| 217 | * @flags: [in] flags |
| 218 | * |
| 219 | * Creates a new file by hooking it on a single inode. This is |
| 220 | * useful for files that do not need to have a full-fledged inode in |
| 221 | * order to operate correctly. All the files created with |
| 222 | * anon_inode_getfd() will use the same singleton inode, reducing |
| 223 | * memory use and avoiding code duplication for the file/inode/dentry |
| 224 | * setup. Returns a newly created file descriptor or an error code. |
| 225 | */ |
| 226 | int anon_inode_getfd(const char *name, const struct file_operations *fops, |
| 227 | void *priv, int flags) |
| 228 | { |
| 229 | return __anon_inode_getfd(name, fops, priv, flags, NULL, false); |
| 230 | } |
Avi Kivity | d6d2816 | 2007-06-28 08:38:16 -0400 | [diff] [blame] | 231 | EXPORT_SYMBOL_GPL(anon_inode_getfd); |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 232 | |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 233 | /** |
Lukas Bulwahn | 365982a | 2021-01-15 13:03:42 +0100 | [diff] [blame] | 234 | * anon_inode_getfd_secure - Like anon_inode_getfd(), but creates a new |
| 235 | * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls |
| 236 | * the inode_init_security_anon() LSM hook. This allows the inode to have its |
| 237 | * own security context and for a LSM to reject creation of the inode. |
| 238 | * |
| 239 | * @name: [in] name of the "class" of the new file |
| 240 | * @fops: [in] file operations for the new file |
| 241 | * @priv: [in] private data for the new file (will be file's private_data) |
| 242 | * @flags: [in] flags |
| 243 | * @context_inode: |
| 244 | * [in] the logical relationship with the new inode (optional) |
| 245 | * |
| 246 | * The LSM may use @context_inode in inode_init_security_anon(), but a |
| 247 | * reference to it is not held. |
Daniel Colascione | e7e832c | 2021-01-08 14:22:21 -0800 | [diff] [blame] | 248 | */ |
| 249 | int anon_inode_getfd_secure(const char *name, const struct file_operations *fops, |
| 250 | void *priv, int flags, |
| 251 | const struct inode *context_inode) |
| 252 | { |
| 253 | return __anon_inode_getfd(name, fops, priv, flags, context_inode, true); |
| 254 | } |
| 255 | EXPORT_SYMBOL_GPL(anon_inode_getfd_secure); |
| 256 | |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 257 | static int __init anon_inode_init(void) |
| 258 | { |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 259 | anon_inode_mnt = kern_mount(&anon_inode_fs_type); |
Jan Kara | 75c5a52 | 2014-03-26 06:20:14 +0100 | [diff] [blame] | 260 | if (IS_ERR(anon_inode_mnt)) |
| 261 | panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 262 | |
Jan Kara | 75c5a52 | 2014-03-26 06:20:14 +0100 | [diff] [blame] | 263 | anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); |
| 264 | if (IS_ERR(anon_inode_inode)) |
| 265 | panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); |
| 266 | |
| 267 | return 0; |
Davide Libenzi | 5dc8bf8 | 2007-05-10 22:23:11 -0700 | [diff] [blame] | 268 | } |
| 269 | |
| 270 | fs_initcall(anon_inode_init); |
| 271 | |