| blob | 292e7e7ffc83c9c0bda6e66a6b83b83c3e4024a2 |
1 /* Linux namespaces(7) support.
3 Copyright (C) 2015-2024 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
23 #include <fcntl.h>
24 #include <sys/syscall.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <sys/socket.h>
29 #include <signal.h>
30 #include <sched.h>
33 /* See nat/linux-namespaces.h. */
36 /* Handle systems without fork. */
40 {
41 #ifdef HAVE_FORK
43 #else
46 #endif
47 }
49 /* Handle systems without setns. */
53 {
54 #ifdef HAVE_SETNS
56 #elif defined __NR_setns
58 #else
61 #endif
62 }
64 /* Handle systems without MSG_CMSG_CLOEXEC. */
66 #ifndef MSG_CMSG_CLOEXEC
67 #define MSG_CMSG_CLOEXEC 0
68 #endif
70 /* A Linux namespace. */
72 struct linux_ns
73 {
74 /* Filename of this namespace's entries in /proc/PID/ns. */
77 /* Nonzero if this object has been initialized. */
80 /* Nonzero if this namespace is supported on this system. */
83 /* ID of the namespace the calling process is in, used to
84 see if other processes share the namespace. The code in
85 this file assumes that the calling process never changes
86 namespace. */
87 ino_t id;
88 };
90 /* Return the absolute filename of process PID's /proc/PID/ns
91 entry for namespace NS. The returned value persists until
92 this function is next called. */
96 {
104 }
106 /* Return a representation of the caller's TYPE namespace, or
107 NULL if TYPE namespaces are not supported on this system. */
111 {
113 {
120 };
127 {
131 {
135 }
138 }
141 }
143 /* See nat/linux-namespaces.h. */
145 int
147 {
152 /* If the kernel does not support TYPE namespaces then there's
153 effectively only one TYPE namespace that all processes on
154 the system share. */
158 /* Stat PID's TYPE namespace entry to get the namespace ID. This
159 might fail if the process died, or if we don't have the right
160 permissions (though we should be attached by this time so this
161 seems unlikely). In any event, we can't make any decisions and
162 must throw. */
168 }
170 /* We need to use setns(2) to handle filesystem access in mount
171 namespaces other than our own, but this isn't permitted for
172 multithreaded processes. GDB is multithreaded when compiled
173 with Guile support, and may become multithreaded if compiled
174 with Python support. We deal with this by spawning a single-
175 threaded helper process to access mount namespaces other than
176 our own.
178 The helper process is started the first time a call to setns
179 is required. The main process (GDB or gdbserver) communicates
180 with the helper via sockets, passing file descriptors where
181 necessary using SCM_RIGHTS. Once started the helper process
182 runs until the main process terminates; when this happens the
183 helper will receive socket errors, notice that its parent died,
184 and exit accordingly (see mnsh_maybe_mourn_peer).
186 The protocol is that the main process sends a request in a
187 single message, and the helper replies to every message it
188 receives with a single-message response. If the helper
189 receives a message it does not understand it will reply with
190 a MNSH_MSG_ERROR message. The main process checks all
191 responses it receives with gdb_assert, so if the main process
192 receives something unexpected (which includes MNSH_MSG_ERROR)
193 the main process will call internal_error.
195 For avoidance of doubt, if the helper process receives a
196 message it doesn't handle it will reply with MNSH_MSG_ERROR.
197 If the main process receives MNSH_MSG_ERROR at any time then
198 it will call internal_error. If internal_error causes the
199 main process to exit, the helper will notice this and also
200 exit. The helper will not exit until the main process
201 terminates, so if the user continues through internal_error
202 the helper will still be there awaiting requests from the
203 main process.
205 Messages in both directions have the following payload:
207 - TYPE (enum mnsh_msg_type, always sent) - the message type.
208 - INT1 and
209 - INT2 (int, always sent, though not always used) - two
210 values whose meaning is message-type-dependent.
211 See enum mnsh_msg_type documentation below.
212 - FD (int, optional, sent using SCM_RIGHTS) - an open file
213 descriptor.
214 - BUF (unstructured data, optional) - some data with message-
215 type-dependent meaning.
217 Note that the helper process is the child of a call to fork,
218 so all code in the helper must be async-signal-safe. */
220 /* Mount namespace helper message types. */
222 enum mnsh_msg_type
223 {
224 /* A communication error occurred. Receipt of this message
225 by either end will cause an assertion failure in the main
226 process. */
227 MNSH_MSG_ERROR,
229 /* Requests, sent from the main process to the helper. */
231 /* A request that the helper call setns. Arguments should
232 be passed in FD and INT1. Helper should respond with a
233 MNSH_RET_INT. */
234 MNSH_REQ_SETNS,
236 /* A request that the helper call open. Arguments should
237 be passed in BUF, INT1 and INT2. The filename (in BUF)
238 should include a terminating NUL character. The helper
239 should respond with a MNSH_RET_FD. */
240 MNSH_REQ_OPEN,
242 /* A request that the helper call unlink. The single
243 argument (the filename) should be passed in BUF, and
244 should include a terminating NUL character. The helper
245 should respond with a MNSH_RET_INT. */
246 MNSH_REQ_UNLINK,
248 /* A request that the helper call readlink. The single
249 argument (the filename) should be passed in BUF, and
250 should include a terminating NUL character. The helper
251 should respond with a MNSH_RET_INTSTR. */
252 MNSH_REQ_READLINK,
254 /* Responses, sent to the main process from the helper. */
256 /* Return an integer in INT1 and errno in INT2. */
257 MNSH_RET_INT,
259 /* Return a file descriptor in FD if one was opened or an
260 integer in INT1 otherwise. Return errno in INT2. */
261 MNSH_RET_FD,
263 /* Return an integer in INT1, errno in INT2, and optionally
264 some data in BUF. */
265 MNSH_RET_INTSTR,
266 };
268 /* Print a string representation of a message using debug_printf.
269 This function is not async-signal-safe so should never be
270 called from the helper. */
272 static void
276 {
281 {
316 }
324 }
326 /* Forward declaration. */
330 /* Send a message. The argument SOCK is the file descriptor of the
331 sending socket, the other arguments are the payload to send.
332 Return the number of bytes sent on success. Return -1 on failure
333 and set errno appropriately. This function is called by both the
334 main process and the helper so must be async-signal-safe. */
336 static ssize_t
340 {
344 ssize_t size;
346 /* Build the basic TYPE, INT1, INT2 message. */
359 /* Append BUF if supplied. */
361 {
367 }
369 /* Attach FD if supplied. */
371 {
385 }
387 /* Send the message. */
394 {
398 }
401 }
403 /* Receive a message. The argument SOCK is the file descriptor of
404 the receiving socket, the other arguments point to storage for
405 the received payload. Returns the number of bytes stored into
406 BUF on success, which may be zero in the event no BUF was sent.
407 Return -1 on failure and set errno appropriately. This function
408 is called from both the main process and the helper and must be
409 async-signal-safe. */
411 static ssize_t
415 {
423 /* Build the message to receive data into. */
444 /* Receive the message. */
447 {
455 }
457 /* Check for truncation. */
459 {
468 }
470 /* Unpack the file descriptor if supplied. */
477 else
481 {
486 }
488 /* Return the number of bytes of data in BUF. */
490 }
492 /* Shortcuts for returning results from the helper. */
494 #define mnsh_return_int(sock, result, error) \
495 mnsh_send_message (sock, MNSH_RET_INT, -1, result, error, NULL, 0)
497 #define mnsh_return_fd(sock, fd, error) \
498 mnsh_send_message (sock, MNSH_RET_FD, \
499 (fd) < 0 ? -1 : (fd), \
500 (fd) < 0 ? (fd) : 0, \
501 error, NULL, 0)
503 #define mnsh_return_intstr(sock, result, buf, bufsiz, error) \
504 mnsh_send_message (sock, MNSH_RET_INTSTR, -1, result, error, \
505 buf, bufsiz)
507 /* Handle a MNSH_REQ_SETNS message. Must be async-signal-safe. */
509 static ssize_t
511 {
515 }
517 /* Handle a MNSH_REQ_OPEN message. Must be async-signal-safe. */
519 static ssize_t
522 {
525 }
527 /* Handle a MNSH_REQ_UNLINK message. Must be async-signal-safe. */
529 static ssize_t
531 {
535 }
537 /* Handle a MNSH_REQ_READLINK message. Must be async-signal-safe. */
539 static ssize_t
541 {
547 errno);
548 }
550 /* The helper process. Never returns. Must be async-signal-safe. */
554 static void
556 {
558 {
569 {
571 {
594 }
595 }
597 /* Close any file descriptors we were passed. */
601 /* Can't handle this message, bounce it back. */
603 {
609 }
610 }
611 }
613 /* The mount namespace helper process. */
615 struct linux_mnsh
616 {
617 /* PID of helper. */
618 pid_t pid;
620 /* Socket for communication. */
623 /* ID of the mount namespace the helper is currently in. */
624 ino_t nsid;
625 };
627 /* In the helper process this is set to the PID of the process that
628 created the helper (i.e. GDB or gdbserver). In the main process
629 this is set to zero. Used by mnsh_maybe_mourn_peer. */
632 /* Return an object representing the mount namespace helper process.
633 If no mount namespace helper process has been started then start
634 one. Return NULL if no mount namespace helper process could be
635 started. */
639 {
643 {
658 {
666 }
669 {
670 /* Child process. */
675 /* Debug printing isn't async-signal-safe. */
679 }
681 /* Parent process. */
691 }
694 }
696 /* Check whether the other process died and act accordingly. Called
697 whenever a socket error occurs, from both the main process and the
698 helper. Must be async-signal-safe when called from the helper. */
700 static void
702 {
704 {
705 /* We're in the helper. Check if our current parent is the
706 process that started us. If it isn't, then our original
707 parent died and we've been reparented. Exit immediately
708 if that's the case. */
711 }
712 else
713 {
714 /* We're in the main process. */
718 pid_t pid;
721 {
722 /* We already mourned it. */
724 }
728 {
729 /* The helper is still alive. */
731 }
733 {
736 else
738 }
740 {
747 else
749 }
750 else
753 /* Something unrecoverable happened. */
755 }
756 }
758 /* Shortcuts for sending messages to the helper. */
760 #define mnsh_send_setns(helper, fd, nstype) \
761 mnsh_send_message (helper->sock, MNSH_REQ_SETNS, fd, nstype, 0, \
762 NULL, 0)
764 #define mnsh_send_open(helper, filename, flags, mode) \
765 mnsh_send_message (helper->sock, MNSH_REQ_OPEN, -1, flags, mode, \
766 filename, strlen (filename) + 1)
768 #define mnsh_send_unlink(helper, filename) \
769 mnsh_send_message (helper->sock, MNSH_REQ_UNLINK, -1, 0, 0, \
770 filename, strlen (filename) + 1)
772 #define mnsh_send_readlink(helper, filename) \
773 mnsh_send_message (helper->sock, MNSH_REQ_READLINK, -1, 0, 0, \
774 filename, strlen (filename) + 1)
776 /* Receive a message from the helper. Issue an assertion failure if
777 the message isn't a correctly-formatted MNSH_RET_INT. Set RESULT
778 and ERROR and return 0 on success. Set errno and return -1 on
779 failure. */
781 static int
783 {
786 ssize_t size;
800 }
802 /* Receive a message from the helper. Issue an assertion failure if
803 the message isn't a correctly-formatted MNSH_RET_FD. Set FD and
804 ERROR and return 0 on success. Set errno and return -1 on
805 failure. */
807 static int
809 {
812 ssize_t size;
825 {
828 }
831 }
833 /* Receive a message from the helper. Issue an assertion failure if
834 the message isn't a correctly-formatted MNSH_RET_INTSTR. Set
835 RESULT and ERROR and optionally store data in BUF, then return
836 the number of bytes stored in BUF on success (this may be zero).
837 Set errno and return -1 on error. */
839 static ssize_t
843 {
845 ssize_t size;
859 }
861 /* Return values for linux_mntns_access_fs. */
863 enum mnsh_fs_code
864 {
865 /* Something went wrong, errno is set. */
868 /* The main process is in the correct mount namespace.
869 The caller should access the filesystem directly. */
870 MNSH_FS_DIRECT,
872 /* The helper is in the correct mount namespace.
873 The caller should access the filesystem via the helper. */
874 MNSH_FS_HELPER
875 };
877 /* Return a value indicating how the caller should access the
878 mount namespace of process PID. */
880 static enum mnsh_fs_code
882 {
886 ssize_t size;
900 SCOPE_EXIT
901 {
905 };
918 {
929 {
930 /* ENOSYS indicates that an entire function is unsupported
931 (it's not appropriate for our versions of open/unlink/
932 readlink to sometimes return with ENOSYS depending on how
933 they're called) so we convert ENOSYS to ENOTSUP if setns
934 fails. */
940 }
943 }
946 }
948 /* See nat/linux-namespaces.h. */
950 int
953 {
957 ssize_t size;
980 }
982 /* See nat/linux-namespaces.h. */
984 int
986 {
990 ssize_t size;
1013 }
1015 /* See nat/linux-namespaces.h. */
1017 ssize_t
1020 {
1024 ssize_t size;
1043 {
1046 }
1047 else
1051 }