fs/nsfs.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 #include <linux/mount.h>
   3 #include <linux/pseudo_fs.h>
   4 #include <linux/file.h>
   5 #include <linux/fs.h>
   6 #include <linux/proc_fs.h>
   7 #include <linux/proc_ns.h>
   8 #include <linux/magic.h>
   9 #include <linux/ktime.h>
  10 #include <linux/seq_file.h>
  11 #include <linux/user_namespace.h>
  12 #include <linux/nsfs.h>
  13 #include <linux/uaccess.h>
  14
  15 #include "internal.h"
  16
  17 static struct vfsmount *nsfs_mnt;
  18
  19 static long ns_ioctl(struct file *filp, unsigned int ioctl,
  20                         unsigned long arg);
  21 static const struct file_operations ns_file_operations = {
  22         .llseek         = no_llseek,
  23         .unlocked_ioctl = ns_ioctl,
  24         .compat_ioctl   = compat_ptr_ioctl,
  25 };
  26
  27 static char *ns_dname(struct dentry *dentry, char *buffer, int buflen)
  28 {
  29         struct inode *inode = d_inode(dentry);
  30         struct ns_common *ns = inode->i_private;
  31         const struct proc_ns_operations *ns_ops = ns->ops;
  32
  33         return dynamic_dname(buffer, buflen, "%s:[%lu]",
  34                 ns_ops->name, inode->i_ino);
  35 }
  36
  37 const struct dentry_operations ns_dentry_operations = {
  38         .d_delete       = always_delete_dentry,
  39         .d_dname        = ns_dname,
  40         .d_prune        = stashed_dentry_prune,
  41 };
  42
  43 static void nsfs_evict(struct inode *inode)
  44 {
  45         struct ns_common *ns = inode->i_private;
  46         clear_inode(inode);
  47         ns->ops->put(ns);
  48 }
  49
  50 int ns_get_path_cb(struct path *path, ns_get_path_helper_t *ns_get_cb,
  51                      void *private_data)
  52 {
  53         struct ns_common *ns;
  54
  55         ns = ns_get_cb(private_data);
  56         if (!ns)
  57                 return -ENOENT;
  58
  59         return path_from_stashed(&ns->stashed, nsfs_mnt, ns, path);
  60 }
  61
  62 struct ns_get_path_task_args {
  63         const struct proc_ns_operations *ns_ops;
  64         struct task_struct *task;
  65 };
  66
  67 static struct ns_common *ns_get_path_task(void *private_data)
  68 {
  69         struct ns_get_path_task_args *args = private_data;
  70
  71         return args->ns_ops->get(args->task);
  72 }
  73
  74 int ns_get_path(struct path *path, struct task_struct *task,
  75                   const struct proc_ns_operations *ns_ops)
  76 {
  77         struct ns_get_path_task_args args = {
  78                 .ns_ops = ns_ops,
  79                 .task   = task,
  80         };
  81
  82         return ns_get_path_cb(path, ns_get_path_task, &args);
  83 }
  84
  85 int open_related_ns(struct ns_common *ns,
  86                    struct ns_common *(*get_ns)(struct ns_common *ns))
  87 {
  88         struct path path = {};
  89         struct ns_common *relative;
  90         struct file *f;
  91         int err;
  92         int fd;
  93
  94         fd = get_unused_fd_flags(O_CLOEXEC);
  95         if (fd < 0)
  96                 return fd;
  97
  98         relative = get_ns(ns);
  99         if (IS_ERR(relative)) {
 100                 put_unused_fd(fd);
 101                 return PTR_ERR(relative);
 102         }
 103
 104         err = path_from_stashed(&relative->stashed, nsfs_mnt, relative, &path);
 105         if (err < 0) {
 106                 put_unused_fd(fd);
 107                 return err;
 108         }
 109
 110         f = dentry_open(&path, O_RDONLY, current_cred());
 111         path_put(&path);
 112         if (IS_ERR(f)) {
 113                 put_unused_fd(fd);
 114                 fd = PTR_ERR(f);
 115         } else
 116                 fd_install(fd, f);
 117
 118         return fd;
 119 }
 120 EXPORT_SYMBOL_GPL(open_related_ns);
 121
 122 static long ns_ioctl(struct file *filp, unsigned int ioctl,
 123                         unsigned long arg)
 124 {
 125         struct user_namespace *user_ns;
 126         struct ns_common *ns = get_proc_ns(file_inode(filp));
 127         uid_t __user *argp;
 128         uid_t uid;
 129
 130         switch (ioctl) {
 131         case NS_GET_USERNS:
 132                 return open_related_ns(ns, ns_get_owner);
 133         case NS_GET_PARENT:
 134                 if (!ns->ops->get_parent)
 135                         return -EINVAL;
 136                 return open_related_ns(ns, ns->ops->get_parent);
 137         case NS_GET_NSTYPE:
 138                 return ns->ops->type;
 139         case NS_GET_OWNER_UID:
 140                 if (ns->ops->type != CLONE_NEWUSER)
 141                         return -EINVAL;
 142                 user_ns = container_of(ns, struct user_namespace, ns);
 143                 argp = (uid_t __user *) arg;
 144                 uid = from_kuid_munged(current_user_ns(), user_ns->owner);
 145                 return put_user(uid, argp);
 146         default:
 147                 return -ENOTTY;
 148         }
 149 }
 150
 151 int ns_get_name(char *buf, size_t size, struct task_struct *task,
 152                         const struct proc_ns_operations *ns_ops)
 153 {
 154         struct ns_common *ns;
 155         int res = -ENOENT;
 156         const char *name;
 157         ns = ns_ops->get(task);
 158         if (ns) {
 159                 name = ns_ops->real_ns_name ? : ns_ops->name;
 160                 res = snprintf(buf, size, "%s:[%u]", name, ns->inum);
 161                 ns_ops->put(ns);
 162         }
 163         return res;
 164 }
 165
 166 bool proc_ns_file(const struct file *file)
 167 {
 168         return file->f_op == &ns_file_operations;
 169 }
 170
 171 /**
 172  * ns_match() - Returns true if current namespace matches dev/ino provided.
 173  * @ns: current namespace
 174  * @dev: dev_t from nsfs that will be matched against current nsfs
 175  * @ino: ino_t from nsfs that will be matched against current nsfs
 176  *
 177  * Return: true if dev and ino matches the current nsfs.
 178  */
 179 bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
 180 {
 181         return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
 182 }
 183
 184
 185 static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
 186 {
 187         struct inode *inode = d_inode(dentry);
 188         const struct ns_common *ns = inode->i_private;
 189         const struct proc_ns_operations *ns_ops = ns->ops;
 190
 191         seq_printf(seq, "%s:[%lu]", ns_ops->name, inode->i_ino);
 192         return 0;
 193 }
 194
 195 static const struct super_operations nsfs_ops = {
 196         .statfs = simple_statfs,
 197         .evict_inode = nsfs_evict,
 198         .show_path = nsfs_show_path,
 199 };
 200
 201 static int nsfs_init_inode(struct inode *inode, void *data)
 202 {
 203         struct ns_common *ns = data;
 204
 205         inode->i_private = data;
 206         inode->i_mode |= S_IRUGO;
 207         inode->i_fop = &ns_file_operations;
 208         inode->i_ino = ns->inum;
 209         return 0;
 210 }
 211
 212 static void nsfs_put_data(void *data)
 213 {
 214         struct ns_common *ns = data;
 215         ns->ops->put(ns);
 216 }
 217
 218 static const struct stashed_operations nsfs_stashed_ops = {
 219         .init_inode = nsfs_init_inode,
 220         .put_data = nsfs_put_data,
 221 };
 222
 223 static int nsfs_init_fs_context(struct fs_context *fc)
 224 {
 225         struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC);
 226         if (!ctx)
 227                 return -ENOMEM;
 228         ctx->ops = &nsfs_ops;
 229         ctx->dops = &ns_dentry_operations;
 230         fc->s_fs_info = (void *)&nsfs_stashed_ops;
 231         return 0;
 232 }
 233
 234 static struct file_system_type nsfs = {
 235         .name = "nsfs",
 236         .init_fs_context = nsfs_init_fs_context,
 237         .kill_sb = kill_anon_super,
 238 };
 239
 240 void __init nsfs_init(void)
 241 {
 242         nsfs_mnt = kern_mount(&nsfs);
 243         if (IS_ERR(nsfs_mnt))
 244                 panic("can't set nsfs up\n");
 245         nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
 246 }