1 /*
2  *  linux/fs/proc/inode.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6 
7 #include <linux/time.h>
8 #include <linux/proc_fs.h>
9 #include <linux/kernel.h>
10 #include <linux/mm.h>
11 #include <linux/string.h>
12 #include <linux/stat.h>
13 #include <linux/completion.h>
14 #include <linux/poll.h>
15 #include <linux/file.h>
16 #include <linux/limits.h>
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/sysctl.h>
20 #include <linux/slab.h>
21 
22 #include <asm/system.h>
23 #include <asm/uaccess.h>
24 
25 #include "internal.h"
26 
proc_evict_inode(struct inode * inode)27 static void proc_evict_inode(struct inode *inode)
28 {
29 	struct proc_dir_entry *de;
30 	struct ctl_table_header *head;
31 
32 	truncate_inode_pages(&inode->i_data, 0);
33 	end_writeback(inode);
34 
35 	/* Stop tracking associated processes */
36 	put_pid(PROC_I(inode)->pid);
37 
38 	/* Let go of any associated proc directory entry */
39 	de = PROC_I(inode)->pde;
40 	if (de)
41 		pde_put(de);
42 	head = PROC_I(inode)->sysctl;
43 	if (head) {
44 		rcu_assign_pointer(PROC_I(inode)->sysctl, NULL);
45 		sysctl_head_put(head);
46 	}
47 }
48 
49 static struct kmem_cache * proc_inode_cachep;
50 
proc_alloc_inode(struct super_block * sb)51 static struct inode *proc_alloc_inode(struct super_block *sb)
52 {
53 	struct proc_inode *ei;
54 	struct inode *inode;
55 
56 	ei = (struct proc_inode *)kmem_cache_alloc(proc_inode_cachep, GFP_KERNEL);
57 	if (!ei)
58 		return NULL;
59 	ei->pid = NULL;
60 	ei->fd = 0;
61 	ei->op.proc_get_link = NULL;
62 	ei->pde = NULL;
63 	ei->sysctl = NULL;
64 	ei->sysctl_entry = NULL;
65 	inode = &ei->vfs_inode;
66 	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
67 	return inode;
68 }
69 
proc_i_callback(struct rcu_head * head)70 static void proc_i_callback(struct rcu_head *head)
71 {
72 	struct inode *inode = container_of(head, struct inode, i_rcu);
73 	INIT_LIST_HEAD(&inode->i_dentry);
74 	kmem_cache_free(proc_inode_cachep, PROC_I(inode));
75 }
76 
proc_destroy_inode(struct inode * inode)77 static void proc_destroy_inode(struct inode *inode)
78 {
79 	call_rcu(&inode->i_rcu, proc_i_callback);
80 }
81 
init_once(void * foo)82 static void init_once(void *foo)
83 {
84 	struct proc_inode *ei = (struct proc_inode *) foo;
85 
86 	inode_init_once(&ei->vfs_inode);
87 }
88 
proc_init_inodecache(void)89 void __init proc_init_inodecache(void)
90 {
91 	proc_inode_cachep = kmem_cache_create("proc_inode_cache",
92 					     sizeof(struct proc_inode),
93 					     0, (SLAB_RECLAIM_ACCOUNT|
94 						SLAB_MEM_SPREAD|SLAB_PANIC),
95 					     init_once);
96 }
97 
98 static const struct super_operations proc_sops = {
99 	.alloc_inode	= proc_alloc_inode,
100 	.destroy_inode	= proc_destroy_inode,
101 	.drop_inode	= generic_delete_inode,
102 	.evict_inode	= proc_evict_inode,
103 	.statfs		= simple_statfs,
104 };
105 
__pde_users_dec(struct proc_dir_entry * pde)106 static void __pde_users_dec(struct proc_dir_entry *pde)
107 {
108 	pde->pde_users--;
109 	if (pde->pde_unload_completion && pde->pde_users == 0)
110 		complete(pde->pde_unload_completion);
111 }
112 
pde_users_dec(struct proc_dir_entry * pde)113 void pde_users_dec(struct proc_dir_entry *pde)
114 {
115 	spin_lock(&pde->pde_unload_lock);
116 	__pde_users_dec(pde);
117 	spin_unlock(&pde->pde_unload_lock);
118 }
119 
proc_reg_llseek(struct file * file,loff_t offset,int whence)120 static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence)
121 {
122 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
123 	loff_t rv = -EINVAL;
124 	loff_t (*llseek)(struct file *, loff_t, int);
125 
126 	spin_lock(&pde->pde_unload_lock);
127 	/*
128 	 * remove_proc_entry() is going to delete PDE (as part of module
129 	 * cleanup sequence). No new callers into module allowed.
130 	 */
131 	if (!pde->proc_fops) {
132 		spin_unlock(&pde->pde_unload_lock);
133 		return rv;
134 	}
135 	/*
136 	 * Bump refcount so that remove_proc_entry will wail for ->llseek to
137 	 * complete.
138 	 */
139 	pde->pde_users++;
140 	/*
141 	 * Save function pointer under lock, to protect against ->proc_fops
142 	 * NULL'ifying right after ->pde_unload_lock is dropped.
143 	 */
144 	llseek = pde->proc_fops->llseek;
145 	spin_unlock(&pde->pde_unload_lock);
146 
147 	if (!llseek)
148 		llseek = default_llseek;
149 	rv = llseek(file, offset, whence);
150 
151 	pde_users_dec(pde);
152 	return rv;
153 }
154 
proc_reg_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)155 static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
156 {
157 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
158 	ssize_t rv = -EIO;
159 	ssize_t (*read)(struct file *, char __user *, size_t, loff_t *);
160 
161 	spin_lock(&pde->pde_unload_lock);
162 	if (!pde->proc_fops) {
163 		spin_unlock(&pde->pde_unload_lock);
164 		return rv;
165 	}
166 	pde->pde_users++;
167 	read = pde->proc_fops->read;
168 	spin_unlock(&pde->pde_unload_lock);
169 
170 	if (read)
171 		rv = read(file, buf, count, ppos);
172 
173 	pde_users_dec(pde);
174 	return rv;
175 }
176 
proc_reg_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)177 static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
178 {
179 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
180 	ssize_t rv = -EIO;
181 	ssize_t (*write)(struct file *, const char __user *, size_t, loff_t *);
182 
183 	spin_lock(&pde->pde_unload_lock);
184 	if (!pde->proc_fops) {
185 		spin_unlock(&pde->pde_unload_lock);
186 		return rv;
187 	}
188 	pde->pde_users++;
189 	write = pde->proc_fops->write;
190 	spin_unlock(&pde->pde_unload_lock);
191 
192 	if (write)
193 		rv = write(file, buf, count, ppos);
194 
195 	pde_users_dec(pde);
196 	return rv;
197 }
198 
proc_reg_poll(struct file * file,struct poll_table_struct * pts)199 static unsigned int proc_reg_poll(struct file *file, struct poll_table_struct *pts)
200 {
201 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
202 	unsigned int rv = DEFAULT_POLLMASK;
203 	unsigned int (*poll)(struct file *, struct poll_table_struct *);
204 
205 	spin_lock(&pde->pde_unload_lock);
206 	if (!pde->proc_fops) {
207 		spin_unlock(&pde->pde_unload_lock);
208 		return rv;
209 	}
210 	pde->pde_users++;
211 	poll = pde->proc_fops->poll;
212 	spin_unlock(&pde->pde_unload_lock);
213 
214 	if (poll)
215 		rv = poll(file, pts);
216 
217 	pde_users_dec(pde);
218 	return rv;
219 }
220 
proc_reg_unlocked_ioctl(struct file * file,unsigned int cmd,unsigned long arg)221 static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
222 {
223 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
224 	long rv = -ENOTTY;
225 	long (*ioctl)(struct file *, unsigned int, unsigned long);
226 
227 	spin_lock(&pde->pde_unload_lock);
228 	if (!pde->proc_fops) {
229 		spin_unlock(&pde->pde_unload_lock);
230 		return rv;
231 	}
232 	pde->pde_users++;
233 	ioctl = pde->proc_fops->unlocked_ioctl;
234 	spin_unlock(&pde->pde_unload_lock);
235 
236 	if (ioctl)
237 		rv = ioctl(file, cmd, arg);
238 
239 	pde_users_dec(pde);
240 	return rv;
241 }
242 
243 #ifdef CONFIG_COMPAT
proc_reg_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)244 static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
245 {
246 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
247 	long rv = -ENOTTY;
248 	long (*compat_ioctl)(struct file *, unsigned int, unsigned long);
249 
250 	spin_lock(&pde->pde_unload_lock);
251 	if (!pde->proc_fops) {
252 		spin_unlock(&pde->pde_unload_lock);
253 		return rv;
254 	}
255 	pde->pde_users++;
256 	compat_ioctl = pde->proc_fops->compat_ioctl;
257 	spin_unlock(&pde->pde_unload_lock);
258 
259 	if (compat_ioctl)
260 		rv = compat_ioctl(file, cmd, arg);
261 
262 	pde_users_dec(pde);
263 	return rv;
264 }
265 #endif
266 
proc_reg_mmap(struct file * file,struct vm_area_struct * vma)267 static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma)
268 {
269 	struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
270 	int rv = -EIO;
271 	int (*mmap)(struct file *, struct vm_area_struct *);
272 
273 	spin_lock(&pde->pde_unload_lock);
274 	if (!pde->proc_fops) {
275 		spin_unlock(&pde->pde_unload_lock);
276 		return rv;
277 	}
278 	pde->pde_users++;
279 	mmap = pde->proc_fops->mmap;
280 	spin_unlock(&pde->pde_unload_lock);
281 
282 	if (mmap)
283 		rv = mmap(file, vma);
284 
285 	pde_users_dec(pde);
286 	return rv;
287 }
288 
proc_reg_open(struct inode * inode,struct file * file)289 static int proc_reg_open(struct inode *inode, struct file *file)
290 {
291 	struct proc_dir_entry *pde = PDE(inode);
292 	int rv = 0;
293 	int (*open)(struct inode *, struct file *);
294 	int (*release)(struct inode *, struct file *);
295 	struct pde_opener *pdeo;
296 
297 	/*
298 	 * What for, you ask? Well, we can have open, rmmod, remove_proc_entry
299 	 * sequence. ->release won't be called because ->proc_fops will be
300 	 * cleared. Depending on complexity of ->release, consequences vary.
301 	 *
302 	 * We can't wait for mercy when close will be done for real, it's
303 	 * deadlockable: rmmod foo </proc/foo . So, we're going to do ->release
304 	 * by hand in remove_proc_entry(). For this, save opener's credentials
305 	 * for later.
306 	 */
307 	pdeo = kmalloc(sizeof(struct pde_opener), GFP_KERNEL);
308 	if (!pdeo)
309 		return -ENOMEM;
310 
311 	spin_lock(&pde->pde_unload_lock);
312 	if (!pde->proc_fops) {
313 		spin_unlock(&pde->pde_unload_lock);
314 		kfree(pdeo);
315 		return -EINVAL;
316 	}
317 	pde->pde_users++;
318 	open = pde->proc_fops->open;
319 	release = pde->proc_fops->release;
320 	spin_unlock(&pde->pde_unload_lock);
321 
322 	if (open)
323 		rv = open(inode, file);
324 
325 	spin_lock(&pde->pde_unload_lock);
326 	if (rv == 0 && release) {
327 		/* To know what to release. */
328 		pdeo->inode = inode;
329 		pdeo->file = file;
330 		/* Strictly for "too late" ->release in proc_reg_release(). */
331 		pdeo->release = release;
332 		list_add(&pdeo->lh, &pde->pde_openers);
333 	} else
334 		kfree(pdeo);
335 	__pde_users_dec(pde);
336 	spin_unlock(&pde->pde_unload_lock);
337 	return rv;
338 }
339 
find_pde_opener(struct proc_dir_entry * pde,struct inode * inode,struct file * file)340 static struct pde_opener *find_pde_opener(struct proc_dir_entry *pde,
341 					struct inode *inode, struct file *file)
342 {
343 	struct pde_opener *pdeo;
344 
345 	list_for_each_entry(pdeo, &pde->pde_openers, lh) {
346 		if (pdeo->inode == inode && pdeo->file == file)
347 			return pdeo;
348 	}
349 	return NULL;
350 }
351 
proc_reg_release(struct inode * inode,struct file * file)352 static int proc_reg_release(struct inode *inode, struct file *file)
353 {
354 	struct proc_dir_entry *pde = PDE(inode);
355 	int rv = 0;
356 	int (*release)(struct inode *, struct file *);
357 	struct pde_opener *pdeo;
358 
359 	spin_lock(&pde->pde_unload_lock);
360 	pdeo = find_pde_opener(pde, inode, file);
361 	if (!pde->proc_fops) {
362 		/*
363 		 * Can't simply exit, __fput() will think that everything is OK,
364 		 * and move on to freeing struct file. remove_proc_entry() will
365 		 * find slacker in opener's list and will try to do non-trivial
366 		 * things with struct file. Therefore, remove opener from list.
367 		 *
368 		 * But if opener is removed from list, who will ->release it?
369 		 */
370 		if (pdeo) {
371 			list_del(&pdeo->lh);
372 			spin_unlock(&pde->pde_unload_lock);
373 			rv = pdeo->release(inode, file);
374 			kfree(pdeo);
375 		} else
376 			spin_unlock(&pde->pde_unload_lock);
377 		return rv;
378 	}
379 	pde->pde_users++;
380 	release = pde->proc_fops->release;
381 	if (pdeo) {
382 		list_del(&pdeo->lh);
383 		kfree(pdeo);
384 	}
385 	spin_unlock(&pde->pde_unload_lock);
386 
387 	if (release)
388 		rv = release(inode, file);
389 
390 	pde_users_dec(pde);
391 	return rv;
392 }
393 
394 static const struct file_operations proc_reg_file_ops = {
395 	.llseek		= proc_reg_llseek,
396 	.read		= proc_reg_read,
397 	.write		= proc_reg_write,
398 	.poll		= proc_reg_poll,
399 	.unlocked_ioctl	= proc_reg_unlocked_ioctl,
400 #ifdef CONFIG_COMPAT
401 	.compat_ioctl	= proc_reg_compat_ioctl,
402 #endif
403 	.mmap		= proc_reg_mmap,
404 	.open		= proc_reg_open,
405 	.release	= proc_reg_release,
406 };
407 
408 #ifdef CONFIG_COMPAT
409 static const struct file_operations proc_reg_file_ops_no_compat = {
410 	.llseek		= proc_reg_llseek,
411 	.read		= proc_reg_read,
412 	.write		= proc_reg_write,
413 	.poll		= proc_reg_poll,
414 	.unlocked_ioctl	= proc_reg_unlocked_ioctl,
415 	.mmap		= proc_reg_mmap,
416 	.open		= proc_reg_open,
417 	.release	= proc_reg_release,
418 };
419 #endif
420 
proc_get_inode(struct super_block * sb,struct proc_dir_entry * de)421 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
422 {
423 	struct inode * inode;
424 
425 	inode = iget_locked(sb, de->low_ino);
426 	if (!inode)
427 		return NULL;
428 	if (inode->i_state & I_NEW) {
429 		inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
430 		PROC_I(inode)->fd = 0;
431 		PROC_I(inode)->pde = de;
432 
433 		if (de->mode) {
434 			inode->i_mode = de->mode;
435 			inode->i_uid = de->uid;
436 			inode->i_gid = de->gid;
437 		}
438 		if (de->size)
439 			inode->i_size = de->size;
440 		if (de->nlink)
441 			inode->i_nlink = de->nlink;
442 		if (de->proc_iops)
443 			inode->i_op = de->proc_iops;
444 		if (de->proc_fops) {
445 			if (S_ISREG(inode->i_mode)) {
446 #ifdef CONFIG_COMPAT
447 				if (!de->proc_fops->compat_ioctl)
448 					inode->i_fop =
449 						&proc_reg_file_ops_no_compat;
450 				else
451 #endif
452 					inode->i_fop = &proc_reg_file_ops;
453 			} else {
454 				inode->i_fop = de->proc_fops;
455 			}
456 		}
457 		unlock_new_inode(inode);
458 	} else
459 	       pde_put(de);
460 	return inode;
461 }
462 
proc_fill_super(struct super_block * s)463 int proc_fill_super(struct super_block *s)
464 {
465 	struct inode * root_inode;
466 
467 	s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC;
468 	s->s_blocksize = 1024;
469 	s->s_blocksize_bits = 10;
470 	s->s_magic = PROC_SUPER_MAGIC;
471 	s->s_op = &proc_sops;
472 	s->s_time_gran = 1;
473 
474 	pde_get(&proc_root);
475 	root_inode = proc_get_inode(s, &proc_root);
476 	if (!root_inode)
477 		goto out_no_root;
478 	root_inode->i_uid = 0;
479 	root_inode->i_gid = 0;
480 	s->s_root = d_alloc_root(root_inode);
481 	if (!s->s_root)
482 		goto out_no_root;
483 	return 0;
484 
485 out_no_root:
486 	printk("proc_read_super: get root inode failed\n");
487 	iput(root_inode);
488 	pde_put(&proc_root);
489 	return -ENOMEM;
490 }
491