anon_inodes.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * fs/anon_inodes.c
  4. *
  5. * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
  6. *
  7. * Thanks to Arnd Bergmann for code review and suggestions.
  8. * More changes for Thomas Gleixner suggestions.
  9. *
  10. */
  11. #include <linux/cred.h>
  12. #include <linux/file.h>
  13. #include <linux/poll.h>
  14. #include <linux/sched.h>
  15. #include <linux/init.h>
  16. #include <linux/fs.h>
  17. #include <linux/mount.h>
  18. #include <linux/module.h>
  19. #include <linux/kernel.h>
  20. #include <linux/magic.h>
  21. #include <linux/anon_inodes.h>
  22. #include <linux/pseudo_fs.h>
  23. #include <linux/uaccess.h>
  24. #include "internal.h"
  25. static struct vfsmount *anon_inode_mnt __ro_after_init;
  26. static struct inode *anon_inode_inode __ro_after_init;
  27. /*
  28. * User space expects anonymous inodes to have no file type in st_mode.
  29. *
  30. * In particular, 'lsof' has this legacy logic:
  31. *
  32. * type = s->st_mode & S_IFMT;
  33. * switch (type) {
  34. * ...
  35. * case 0:
  36. * if (!strcmp(p, "anon_inode"))
  37. * Lf->ntype = Ntype = N_ANON_INODE;
  38. *
  39. * to detect our old anon_inode logic.
  40. *
  41. * Rather than mess with our internal sane inode data, just fix it
  42. * up here in getattr() by masking off the format bits.
  43. */
  44. int anon_inode_getattr(struct mnt_idmap *idmap, const struct path *path,
  45. struct kstat *stat, u32 request_mask,
  46. unsigned int query_flags)
  47. {
  48. struct inode *inode = d_inode(path->dentry);
  49. generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
  50. stat->mode &= ~S_IFMT;
  51. return 0;
  52. }
  53. int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
  54. struct iattr *attr)
  55. {
  56. return -EOPNOTSUPP;
  57. }
  58. static const struct inode_operations anon_inode_operations = {
  59. .getattr = anon_inode_getattr,
  60. .setattr = anon_inode_setattr,
  61. };
  62. /*
  63. * anon_inodefs_dname() is called from d_path().
  64. */
  65. static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen)
  66. {
  67. return dynamic_dname(buffer, buflen, "anon_inode:%s",
  68. dentry->d_name.name);
  69. }
  70. static const struct dentry_operations anon_inodefs_dentry_operations = {
  71. .d_dname = anon_inodefs_dname,
  72. };
  73. static int anon_inodefs_init_fs_context(struct fs_context *fc)
  74. {
  75. struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);
  76. if (!ctx)
  77. return -ENOMEM;
  78. fc->s_iflags |= SB_I_NOEXEC;
  79. fc->s_iflags |= SB_I_NODEV;
  80. ctx->dops = &anon_inodefs_dentry_operations;
  81. return 0;
  82. }
  83. static struct file_system_type anon_inode_fs_type = {
  84. .name = "anon_inodefs",
  85. .init_fs_context = anon_inodefs_init_fs_context,
  86. .kill_sb = kill_anon_super,
  87. };
  88. /**
  89. * anon_inode_make_secure_inode - allocate an anonymous inode with security context
  90. * @sb: [in] Superblock to allocate from
  91. * @name: [in] Name of the class of the newfile (e.g., "secretmem")
  92. * @context_inode:
  93. * [in] Optional parent inode for security inheritance
  94. *
  95. * The function ensures proper security initialization through the LSM hook
  96. * security_inode_init_security_anon().
  97. *
  98. * Return: Pointer to new inode on success, ERR_PTR on failure.
  99. */
  100. struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name,
  101. const struct inode *context_inode)
  102. {
  103. struct inode *inode;
  104. int error;
  105. inode = alloc_anon_inode(sb);
  106. if (IS_ERR(inode))
  107. return inode;
  108. inode->i_flags &= ~S_PRIVATE;
  109. inode->i_op = &anon_inode_operations;
  110. error = security_inode_init_security_anon(inode, &QSTR(name),
  111. context_inode);
  112. if (error) {
  113. iput(inode);
  114. return ERR_PTR(error);
  115. }
  116. return inode;
  117. }
  118. EXPORT_SYMBOL_FOR_MODULES(anon_inode_make_secure_inode, "kvm");
  119. static struct file *__anon_inode_getfile(const char *name,
  120. const struct file_operations *fops,
  121. void *priv, int flags,
  122. const struct inode *context_inode,
  123. bool make_inode)
  124. {
  125. struct inode *inode;
  126. struct file *file;
  127. if (fops->owner && !try_module_get(fops->owner))
  128. return ERR_PTR(-ENOENT);
  129. if (make_inode) {
  130. inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb,
  131. name, context_inode);
  132. if (IS_ERR(inode)) {
  133. file = ERR_CAST(inode);
  134. goto err;
  135. }
  136. } else {
  137. inode = anon_inode_inode;
  138. if (IS_ERR(inode)) {
  139. file = ERR_PTR(-ENODEV);
  140. goto err;
  141. }
  142. /*
  143. * We know the anon_inode inode count is always
  144. * greater than zero, so ihold() is safe.
  145. */
  146. ihold(inode);
  147. }
  148. file = alloc_file_pseudo(inode, anon_inode_mnt, name,
  149. flags & (O_ACCMODE | O_NONBLOCK), fops);
  150. if (IS_ERR(file))
  151. goto err_iput;
  152. file->f_mapping = inode->i_mapping;
  153. file->private_data = priv;
  154. return file;
  155. err_iput:
  156. iput(inode);
  157. err:
  158. module_put(fops->owner);
  159. return file;
  160. }
  161. /**
  162. * anon_inode_getfile - creates a new file instance by hooking it up to an
  163. * anonymous inode, and a dentry that describe the "class"
  164. * of the file
  165. *
  166. * @name: [in] name of the "class" of the new file
  167. * @fops: [in] file operations for the new file
  168. * @priv: [in] private data for the new file (will be file's private_data)
  169. * @flags: [in] flags
  170. *
  171. * Creates a new file by hooking it on a single inode. This is useful for files
  172. * that do not need to have a full-fledged inode in order to operate correctly.
  173. * All the files created with anon_inode_getfile() will share a single inode,
  174. * hence saving memory and avoiding code duplication for the file/inode/dentry
  175. * setup. Returns the newly created file* or an error pointer.
  176. */
  177. struct file *anon_inode_getfile(const char *name,
  178. const struct file_operations *fops,
  179. void *priv, int flags)
  180. {
  181. return __anon_inode_getfile(name, fops, priv, flags, NULL, false);
  182. }
  183. EXPORT_SYMBOL_GPL(anon_inode_getfile);
  184. /**
  185. * anon_inode_getfile_fmode - creates a new file instance by hooking it up to an
  186. * anonymous inode, and a dentry that describe the "class"
  187. * of the file
  188. *
  189. * @name: [in] name of the "class" of the new file
  190. * @fops: [in] file operations for the new file
  191. * @priv: [in] private data for the new file (will be file's private_data)
  192. * @flags: [in] flags
  193. * @f_mode: [in] fmode
  194. *
  195. * Creates a new file by hooking it on a single inode. This is useful for files
  196. * that do not need to have a full-fledged inode in order to operate correctly.
  197. * All the files created with anon_inode_getfile() will share a single inode,
  198. * hence saving memory and avoiding code duplication for the file/inode/dentry
  199. * setup. Allows setting the fmode. Returns the newly created file* or an error
  200. * pointer.
  201. */
  202. struct file *anon_inode_getfile_fmode(const char *name,
  203. const struct file_operations *fops,
  204. void *priv, int flags, fmode_t f_mode)
  205. {
  206. struct file *file;
  207. file = __anon_inode_getfile(name, fops, priv, flags, NULL, false);
  208. if (!IS_ERR(file))
  209. file->f_mode |= f_mode;
  210. return file;
  211. }
  212. EXPORT_SYMBOL_GPL(anon_inode_getfile_fmode);
  213. /**
  214. * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new
  215. * !S_PRIVATE anon inode rather than reuse the
  216. * singleton anon inode and calls the
  217. * inode_init_security_anon() LSM hook.
  218. *
  219. * @name: [in] name of the "class" of the new file
  220. * @fops: [in] file operations for the new file
  221. * @priv: [in] private data for the new file (will be file's private_data)
  222. * @flags: [in] flags
  223. * @context_inode:
  224. * [in] the logical relationship with the new inode (optional)
  225. *
  226. * Create a new anonymous inode and file pair. This can be done for two
  227. * reasons:
  228. *
  229. * - for the inode to have its own security context, so that LSMs can enforce
  230. * policy on the inode's creation;
  231. *
  232. * - if the caller needs a unique inode, for example in order to customize
  233. * the size returned by fstat()
  234. *
  235. * The LSM may use @context_inode in inode_init_security_anon(), but a
  236. * reference to it is not held.
  237. *
  238. * Returns the newly created file* or an error pointer.
  239. */
  240. struct file *anon_inode_create_getfile(const char *name,
  241. const struct file_operations *fops,
  242. void *priv, int flags,
  243. const struct inode *context_inode)
  244. {
  245. return __anon_inode_getfile(name, fops, priv, flags,
  246. context_inode, true);
  247. }
  248. EXPORT_SYMBOL_GPL(anon_inode_create_getfile);
  249. static int __anon_inode_getfd(const char *name,
  250. const struct file_operations *fops,
  251. void *priv, int flags,
  252. const struct inode *context_inode,
  253. bool make_inode)
  254. {
  255. return FD_ADD(flags, __anon_inode_getfile(name, fops, priv, flags,
  256. context_inode, make_inode));
  257. }
  258. /**
  259. * anon_inode_getfd - creates a new file instance by hooking it up to
  260. * an anonymous inode and a dentry that describe
  261. * the "class" of the file
  262. *
  263. * @name: [in] name of the "class" of the new file
  264. * @fops: [in] file operations for the new file
  265. * @priv: [in] private data for the new file (will be file's private_data)
  266. * @flags: [in] flags
  267. *
  268. * Creates a new file by hooking it on a single inode. This is
  269. * useful for files that do not need to have a full-fledged inode in
  270. * order to operate correctly. All the files created with
  271. * anon_inode_getfd() will use the same singleton inode, reducing
  272. * memory use and avoiding code duplication for the file/inode/dentry
  273. * setup. Returns a newly created file descriptor or an error code.
  274. */
  275. int anon_inode_getfd(const char *name, const struct file_operations *fops,
  276. void *priv, int flags)
  277. {
  278. return __anon_inode_getfd(name, fops, priv, flags, NULL, false);
  279. }
  280. EXPORT_SYMBOL_GPL(anon_inode_getfd);
  281. /**
  282. * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new
  283. * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls
  284. * the inode_init_security_anon() LSM hook.
  285. *
  286. * @name: [in] name of the "class" of the new file
  287. * @fops: [in] file operations for the new file
  288. * @priv: [in] private data for the new file (will be file's private_data)
  289. * @flags: [in] flags
  290. * @context_inode:
  291. * [in] the logical relationship with the new inode (optional)
  292. *
  293. * Create a new anonymous inode and file pair. This can be done for two
  294. * reasons:
  295. *
  296. * - for the inode to have its own security context, so that LSMs can enforce
  297. * policy on the inode's creation;
  298. *
  299. * - if the caller needs a unique inode, for example in order to customize
  300. * the size returned by fstat()
  301. *
  302. * The LSM may use @context_inode in inode_init_security_anon(), but a
  303. * reference to it is not held.
  304. *
  305. * Returns a newly created file descriptor or an error code.
  306. */
  307. int anon_inode_create_getfd(const char *name, const struct file_operations *fops,
  308. void *priv, int flags,
  309. const struct inode *context_inode)
  310. {
  311. return __anon_inode_getfd(name, fops, priv, flags, context_inode, true);
  312. }
  313. static int __init anon_inode_init(void)
  314. {
  315. anon_inode_mnt = kern_mount(&anon_inode_fs_type);
  316. if (IS_ERR(anon_inode_mnt))
  317. panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
  318. anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
  319. if (IS_ERR(anon_inode_inode))
  320. panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
  321. anon_inode_inode->i_op = &anon_inode_operations;
  322. return 0;
  323. }
  324. fs_initcall(anon_inode_init);