1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * fs/anon_inodes.c |
4 | * |
5 | * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> |
6 | * |
7 | * Thanks to Arnd Bergmann for code review and suggestions. |
8 | * More changes for Thomas Gleixner suggestions. |
9 | * |
10 | */ |
11 | |
12 | #include <linux/cred.h> |
13 | #include <linux/file.h> |
14 | #include <linux/poll.h> |
15 | #include <linux/sched.h> |
16 | #include <linux/init.h> |
17 | #include <linux/fs.h> |
18 | #include <linux/mount.h> |
19 | #include <linux/module.h> |
20 | #include <linux/kernel.h> |
21 | #include <linux/magic.h> |
22 | #include <linux/anon_inodes.h> |
23 | #include <linux/pseudo_fs.h> |
24 | |
25 | #include <linux/uaccess.h> |
26 | |
27 | static struct vfsmount *anon_inode_mnt __ro_after_init; |
28 | static struct inode *anon_inode_inode __ro_after_init; |
29 | |
30 | /* |
31 | * anon_inodefs_dname() is called from d_path(). |
32 | */ |
33 | static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen) |
34 | { |
35 | return dynamic_dname(buffer, buflen, "anon_inode:%s" , |
36 | dentry->d_name.name); |
37 | } |
38 | |
39 | static const struct dentry_operations anon_inodefs_dentry_operations = { |
40 | .d_dname = anon_inodefs_dname, |
41 | }; |
42 | |
43 | static int anon_inodefs_init_fs_context(struct fs_context *fc) |
44 | { |
45 | struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); |
46 | if (!ctx) |
47 | return -ENOMEM; |
48 | ctx->dops = &anon_inodefs_dentry_operations; |
49 | return 0; |
50 | } |
51 | |
52 | static struct file_system_type anon_inode_fs_type = { |
53 | .name = "anon_inodefs" , |
54 | .init_fs_context = anon_inodefs_init_fs_context, |
55 | .kill_sb = kill_anon_super, |
56 | }; |
57 | |
58 | static struct inode *anon_inode_make_secure_inode( |
59 | const char *name, |
60 | const struct inode *context_inode) |
61 | { |
62 | struct inode *inode; |
63 | const struct qstr qname = QSTR_INIT(name, strlen(name)); |
64 | int error; |
65 | |
66 | inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); |
67 | if (IS_ERR(ptr: inode)) |
68 | return inode; |
69 | inode->i_flags &= ~S_PRIVATE; |
70 | error = security_inode_init_security_anon(inode, name: &qname, context_inode); |
71 | if (error) { |
72 | iput(inode); |
73 | return ERR_PTR(error); |
74 | } |
75 | return inode; |
76 | } |
77 | |
78 | static struct file *__anon_inode_getfile(const char *name, |
79 | const struct file_operations *fops, |
80 | void *priv, int flags, |
81 | const struct inode *context_inode, |
82 | bool secure) |
83 | { |
84 | struct inode *inode; |
85 | struct file *file; |
86 | |
87 | if (fops->owner && !try_module_get(module: fops->owner)) |
88 | return ERR_PTR(error: -ENOENT); |
89 | |
90 | if (secure) { |
91 | inode = anon_inode_make_secure_inode(name, context_inode); |
92 | if (IS_ERR(ptr: inode)) { |
93 | file = ERR_CAST(ptr: inode); |
94 | goto err; |
95 | } |
96 | } else { |
97 | inode = anon_inode_inode; |
98 | if (IS_ERR(ptr: inode)) { |
99 | file = ERR_PTR(error: -ENODEV); |
100 | goto err; |
101 | } |
102 | /* |
103 | * We know the anon_inode inode count is always |
104 | * greater than zero, so ihold() is safe. |
105 | */ |
106 | ihold(inode); |
107 | } |
108 | |
109 | file = alloc_file_pseudo(inode, anon_inode_mnt, name, |
110 | flags: flags & (O_ACCMODE | O_NONBLOCK), fops); |
111 | if (IS_ERR(ptr: file)) |
112 | goto err_iput; |
113 | |
114 | file->f_mapping = inode->i_mapping; |
115 | |
116 | file->private_data = priv; |
117 | |
118 | return file; |
119 | |
120 | err_iput: |
121 | iput(inode); |
122 | err: |
123 | module_put(module: fops->owner); |
124 | return file; |
125 | } |
126 | |
127 | /** |
128 | * anon_inode_getfile - creates a new file instance by hooking it up to an |
129 | * anonymous inode, and a dentry that describe the "class" |
130 | * of the file |
131 | * |
132 | * @name: [in] name of the "class" of the new file |
133 | * @fops: [in] file operations for the new file |
134 | * @priv: [in] private data for the new file (will be file's private_data) |
135 | * @flags: [in] flags |
136 | * |
137 | * Creates a new file by hooking it on a single inode. This is useful for files |
138 | * that do not need to have a full-fledged inode in order to operate correctly. |
139 | * All the files created with anon_inode_getfile() will share a single inode, |
140 | * hence saving memory and avoiding code duplication for the file/inode/dentry |
141 | * setup. Returns the newly created file* or an error pointer. |
142 | */ |
143 | struct file *anon_inode_getfile(const char *name, |
144 | const struct file_operations *fops, |
145 | void *priv, int flags) |
146 | { |
147 | return __anon_inode_getfile(name, fops, priv, flags, NULL, secure: false); |
148 | } |
149 | EXPORT_SYMBOL_GPL(anon_inode_getfile); |
150 | |
151 | /** |
152 | * anon_inode_getfile_secure - Like anon_inode_getfile(), but creates a new |
153 | * !S_PRIVATE anon inode rather than reuse the |
154 | * singleton anon inode and calls the |
155 | * inode_init_security_anon() LSM hook. This |
156 | * allows for both the inode to have its own |
157 | * security context and for the LSM to enforce |
158 | * policy on the inode's creation. |
159 | * |
160 | * @name: [in] name of the "class" of the new file |
161 | * @fops: [in] file operations for the new file |
162 | * @priv: [in] private data for the new file (will be file's private_data) |
163 | * @flags: [in] flags |
164 | * @context_inode: |
165 | * [in] the logical relationship with the new inode (optional) |
166 | * |
167 | * The LSM may use @context_inode in inode_init_security_anon(), but a |
168 | * reference to it is not held. Returns the newly created file* or an error |
169 | * pointer. See the anon_inode_getfile() documentation for more information. |
170 | */ |
171 | struct file *anon_inode_getfile_secure(const char *name, |
172 | const struct file_operations *fops, |
173 | void *priv, int flags, |
174 | const struct inode *context_inode) |
175 | { |
176 | return __anon_inode_getfile(name, fops, priv, flags, |
177 | context_inode, secure: true); |
178 | } |
179 | |
180 | static int __anon_inode_getfd(const char *name, |
181 | const struct file_operations *fops, |
182 | void *priv, int flags, |
183 | const struct inode *context_inode, |
184 | bool secure) |
185 | { |
186 | int error, fd; |
187 | struct file *file; |
188 | |
189 | error = get_unused_fd_flags(flags); |
190 | if (error < 0) |
191 | return error; |
192 | fd = error; |
193 | |
194 | file = __anon_inode_getfile(name, fops, priv, flags, context_inode, |
195 | secure); |
196 | if (IS_ERR(ptr: file)) { |
197 | error = PTR_ERR(ptr: file); |
198 | goto err_put_unused_fd; |
199 | } |
200 | fd_install(fd, file); |
201 | |
202 | return fd; |
203 | |
204 | err_put_unused_fd: |
205 | put_unused_fd(fd); |
206 | return error; |
207 | } |
208 | |
209 | /** |
210 | * anon_inode_getfd - creates a new file instance by hooking it up to |
211 | * an anonymous inode and a dentry that describe |
212 | * the "class" of the file |
213 | * |
214 | * @name: [in] name of the "class" of the new file |
215 | * @fops: [in] file operations for the new file |
216 | * @priv: [in] private data for the new file (will be file's private_data) |
217 | * @flags: [in] flags |
218 | * |
219 | * Creates a new file by hooking it on a single inode. This is |
220 | * useful for files that do not need to have a full-fledged inode in |
221 | * order to operate correctly. All the files created with |
222 | * anon_inode_getfd() will use the same singleton inode, reducing |
223 | * memory use and avoiding code duplication for the file/inode/dentry |
224 | * setup. Returns a newly created file descriptor or an error code. |
225 | */ |
226 | int anon_inode_getfd(const char *name, const struct file_operations *fops, |
227 | void *priv, int flags) |
228 | { |
229 | return __anon_inode_getfd(name, fops, priv, flags, NULL, secure: false); |
230 | } |
231 | EXPORT_SYMBOL_GPL(anon_inode_getfd); |
232 | |
233 | /** |
234 | * anon_inode_getfd_secure - Like anon_inode_getfd(), but creates a new |
235 | * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls |
236 | * the inode_init_security_anon() LSM hook. This allows the inode to have its |
237 | * own security context and for a LSM to reject creation of the inode. |
238 | * |
239 | * @name: [in] name of the "class" of the new file |
240 | * @fops: [in] file operations for the new file |
241 | * @priv: [in] private data for the new file (will be file's private_data) |
242 | * @flags: [in] flags |
243 | * @context_inode: |
244 | * [in] the logical relationship with the new inode (optional) |
245 | * |
246 | * The LSM may use @context_inode in inode_init_security_anon(), but a |
247 | * reference to it is not held. |
248 | */ |
249 | int anon_inode_getfd_secure(const char *name, const struct file_operations *fops, |
250 | void *priv, int flags, |
251 | const struct inode *context_inode) |
252 | { |
253 | return __anon_inode_getfd(name, fops, priv, flags, context_inode, secure: true); |
254 | } |
255 | EXPORT_SYMBOL_GPL(anon_inode_getfd_secure); |
256 | |
257 | static int __init anon_inode_init(void) |
258 | { |
259 | anon_inode_mnt = kern_mount(&anon_inode_fs_type); |
260 | if (IS_ERR(ptr: anon_inode_mnt)) |
261 | panic(fmt: "anon_inode_init() kernel mount failed (%ld)\n" , PTR_ERR(ptr: anon_inode_mnt)); |
262 | |
263 | anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); |
264 | if (IS_ERR(ptr: anon_inode_inode)) |
265 | panic(fmt: "anon_inode_init() inode allocation failed (%ld)\n" , PTR_ERR(ptr: anon_inode_inode)); |
266 | |
267 | return 0; |
268 | } |
269 | |
270 | fs_initcall(anon_inode_init); |
271 | |
272 | |