mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-16 21:35:07 +00:00
0b6743bd60
With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. i_lru or i_sb_list to not corrupt related list traversals when making use of the rcu_head. For an unlucky structure layout of 'struct inode' we may end up with the following splat when running the ftrace selftests: [<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object]) [<...>] ------------[ cut here ]------------ [<...>] kernel BUG at lib/list_debug.c:54! [<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G N 6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65 [<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0 [<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f [<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283 [<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000 [<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001 [<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25 [<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d [<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000 [<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0 [<...>] RSI: __func__.47+0x4340/0x4400 [<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550] [<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550] [<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550] [<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object] [<...>] FS: 00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000 [<...>] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0 [<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [<...>] ASID: 0003 [<...>] Stack: [<...>] ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0 [<...>] ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f [<...>] 0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392 [<...>] Call Trace: [<...>] <TASK> [<...>] [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0 [<...>] [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48 [<...>] [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88 [<...>] [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90 [<...>] [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8 [<...>] [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8 [<...>] [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40 [<...>] [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48 [<...>] [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70 [<...>] [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78 [<...>] [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80 [<...>] [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8 [<...>] [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0 [<...>] [<ffffffff8294ad20>] ? do_one_tree+0x140/0x140 fffffe80416afcf8 [<...>] [<ffffffff82997349>] ? do_remount+0x329/0xa00 fffffe80416afd18 [<...>] [<ffffffff83ebf7a1>] ? security_sb_remount+0x81/0x1c0 fffffe80416afd38 [<...>] [<ffffffff82892096>] reconfigure_super+0x856/0x14e0 fffffe80416afd70 [<...>] [<ffffffff815d1327>] ? ns_capable_common+0xe7/0x2a0 fffffe80416afd90 [<...>] [<ffffffff82997436>] do_remount+0x416/0xa00 fffffe80416afdd0 [<...>] [<ffffffff829b2ba4>] path_mount+0x5c4/0x900 fffffe80416afe28 [<...>] [<ffffffff829b25e0>] ? finish_automount+0x13a0/0x13a0 fffffe80416afe60 [<...>] [<ffffffff82903812>] ? user_path_at_empty+0xb2/0x140 fffffe80416afe88 [<...>] [<ffffffff829b2ff5>] do_mount+0x115/0x1c0 fffffe80416afeb8 [<...>] [<ffffffff829b2ee0>] ? path_mount+0x900/0x900 fffffe80416afed8 [<...>] [<ffffffff8272461c>] ? __kasan_check_write+0x1c/0xa0 fffffe80416afee0 [<...>] [<ffffffff829b31cf>] __do_sys_mount+0x12f/0x280 fffffe80416aff30 [<...>] [<ffffffff829b36cd>] __x64_sys_mount+0xcd/0x2e0 fffffe80416aff70 [<...>] [<ffffffff819f8818>] ? syscall_trace_enter+0x218/0x380 fffffe80416aff88 [<...>] [<ffffffff8111655e>] x64_sys_call+0x5d5e/0x6720 fffffe80416affa8 [<...>] [<ffffffff8952756d>] do_syscall_64+0xcd/0x3c0 fffffe80416affb8 [<...>] [<ffffffff8100119b>] entry_SYSCALL_64_safe_stack+0x4c/0x87 fffffe80416affe8 [<...>] </TASK> [<...>] <PTREGS> [<...>] RIP: 0033:[<00006dcb382ff66a>] vm_area_struct[mount 2550 2550 file 6dcb38225000-6dcb3837e000 22 55(read|exec|mayread|mayexec)]+0x0/0xb8 [userland map] [<...>] Code: 48 8b 0d 29 18 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f6 17 0d 00 f7 d8 64 89 01 48 [<...>] RSP: 002b:0000763d68192558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [<...>] RAX: ffffffffffffffda RBX: 00006dcb38433264 RCX: 00006dcb382ff66a [<...>] RDX: 000017c3e0d11210 RSI: 000017c3e0d1a5a0 RDI: 000017c3e0d1ae70 [<...>] RBP: 000017c3e0d10fb0 R08: 000017c3e0d11260 R09: 00006dcb383d1be0 [<...>] R10: 000000000020002e R11: 0000000000000246 R12: 0000000000000000 [<...>] R13: 000017c3e0d1ae70 R14: 000017c3e0d11210 R15: 000017c3e0d10fb0 [<...>] RBX: vm_area_struct[mount 2550 2550 file 6dcb38433000-6dcb38434000 5b 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RCX: vm_area_struct[mount 2550 2550 file 6dcb38225000-6dcb3837e000 22 55(read|exec|mayread|mayexec)]+0x0/0xb8 [userland map] [<...>] RDX: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RSI: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RDI: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RBP: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] RSP: vm_area_struct[mount 2550 2550 anon 763d68173000-763d68195000 7ffffffdd 100133(read|write|mayread|maywrite|growsdown|account)]+0x0/0xb8 [userland map] [<...>] R08: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R09: vm_area_struct[mount 2550 2550 file 6dcb383d1000-6dcb383d3000 1cd 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R13: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R14: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] R15: vm_area_struct[mount 2550 2550 anon 17c3e0d0f000-17c3e0d31000 17c3e0d0f 100033(read|write|mayread|maywrite|account)]+0x0/0xb8 [userland map] [<...>] </PTREGS> [<...>] Modules linked in: [<...>] ---[ end trace 0000000000000000 ]--- The list debug message as well as RBX's symbolic value point out that the object in question was allocated from 'tracefs_inode_cache' and that the list's '->next' member is at offset 0. Dumping the layout of the relevant parts of 'struct tracefs_inode' gives the following: struct tracefs_inode { union { struct inode { struct list_head { struct list_head * next; /* 0 8 */ struct list_head * prev; /* 8 8 */ } i_lru; [...] } vfs_inode; struct callback_head { void (*func)(struct callback_head *); /* 0 8 */ struct callback_head * next; /* 8 8 */ } rcu; }; [...] }; Above shows that 'vfs_inode.i_lru' overlaps with 'rcu' which will destroy the 'i_lru' list as soon as the 'rcu' member gets used, e.g. in call_rcu() or later when calling the RCU callback. This will disturb concurrent list traversals as well as object reuse which assumes these list heads will keep their integrity. For reproduction, the following diff manually overlays 'i_lru' with 'rcu' as, otherwise, one would require some good portion of luck for gambling an unlucky RANDSTRUCT seed: --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -629,6 +629,7 @@ struct inode { umode_t i_mode; unsigned short i_opflags; kuid_t i_uid; + struct list_head i_lru; /* inode LRU list */ kgid_t i_gid; unsigned int i_flags; @@ -690,7 +691,6 @@ struct inode { u16 i_wb_frn_avg_time; u16 i_wb_frn_history; #endif - struct list_head i_lru; /* inode LRU list */ struct list_head i_sb_list; struct list_head i_wb_list; /* backing dev writeback list */ union { The tracefs inode does not need to supply its own RCU delayed destruction of its inode. The inode code itself offers both a "destroy_inode()" callback that gets called when the last reference of the inode is released, and the "free_inode()" which is called after a RCU synchronization period from the "destroy_inode()". The tracefs code can unlink the inode from its list in the destroy_inode() callback, and the simply free it from the free_inode() callback. This should provide the same protection. Link: https://lore.kernel.org/all/20240807115143.45927-3-minipli@grsecurity.net/ Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Ajay Kaher <ajay.kaher@broadcom.com> Cc: Ilkka =?utf-8?b?TmF1bGFww6TDpA==?= <digirigawa@gmail.com> Link: https://lore.kernel.org/20240807185402.61410544@gandalf.local.home Fixes: baa23a8d4360 ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Mathias Krause <minipli@grsecurity.net> Reported-by: Brad Spengler <spender@grsecurity.net> Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
822 lines
21 KiB
C
822 lines
21 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* inode.c - part of tracefs, a pseudo file system for activating tracing
|
|
*
|
|
* Based on debugfs by: Greg Kroah-Hartman <greg@kroah.com>
|
|
*
|
|
* Copyright (C) 2014 Red Hat Inc, author: Steven Rostedt <srostedt@redhat.com>
|
|
*
|
|
* tracefs is the file system that is used by the tracing infrastructure.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/fs_context.h>
|
|
#include <linux/fs_parser.h>
|
|
#include <linux/kobject.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/tracefs.h>
|
|
#include <linux/fsnotify.h>
|
|
#include <linux/security.h>
|
|
#include <linux/seq_file.h>
|
|
#include <linux/magic.h>
|
|
#include <linux/slab.h>
|
|
#include "internal.h"
|
|
|
|
#define TRACEFS_DEFAULT_MODE 0700
|
|
static struct kmem_cache *tracefs_inode_cachep __ro_after_init;
|
|
|
|
static struct vfsmount *tracefs_mount;
|
|
static int tracefs_mount_count;
|
|
static bool tracefs_registered;
|
|
|
|
/*
|
|
* Keep track of all tracefs_inodes in order to update their
|
|
* flags if necessary on a remount.
|
|
*/
|
|
static DEFINE_SPINLOCK(tracefs_inode_lock);
|
|
static LIST_HEAD(tracefs_inodes);
|
|
|
|
static struct inode *tracefs_alloc_inode(struct super_block *sb)
|
|
{
|
|
struct tracefs_inode *ti;
|
|
unsigned long flags;
|
|
|
|
ti = alloc_inode_sb(sb, tracefs_inode_cachep, GFP_KERNEL);
|
|
if (!ti)
|
|
return NULL;
|
|
|
|
spin_lock_irqsave(&tracefs_inode_lock, flags);
|
|
list_add_rcu(&ti->list, &tracefs_inodes);
|
|
spin_unlock_irqrestore(&tracefs_inode_lock, flags);
|
|
|
|
return &ti->vfs_inode;
|
|
}
|
|
|
|
static void tracefs_free_inode(struct inode *inode)
|
|
{
|
|
struct tracefs_inode *ti = get_tracefs(inode);
|
|
|
|
kmem_cache_free(tracefs_inode_cachep, ti);
|
|
}
|
|
|
|
static void tracefs_destroy_inode(struct inode *inode)
|
|
{
|
|
struct tracefs_inode *ti = get_tracefs(inode);
|
|
unsigned long flags;
|
|
|
|
spin_lock_irqsave(&tracefs_inode_lock, flags);
|
|
list_del_rcu(&ti->list);
|
|
spin_unlock_irqrestore(&tracefs_inode_lock, flags);
|
|
}
|
|
|
|
static ssize_t default_read_file(struct file *file, char __user *buf,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static ssize_t default_write_file(struct file *file, const char __user *buf,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
return count;
|
|
}
|
|
|
|
static const struct file_operations tracefs_file_operations = {
|
|
.read = default_read_file,
|
|
.write = default_write_file,
|
|
.open = simple_open,
|
|
.llseek = noop_llseek,
|
|
};
|
|
|
|
static struct tracefs_dir_ops {
|
|
int (*mkdir)(const char *name);
|
|
int (*rmdir)(const char *name);
|
|
} tracefs_ops __ro_after_init;
|
|
|
|
static char *get_dname(struct dentry *dentry)
|
|
{
|
|
const char *dname;
|
|
char *name;
|
|
int len = dentry->d_name.len;
|
|
|
|
dname = dentry->d_name.name;
|
|
name = kmalloc(len + 1, GFP_KERNEL);
|
|
if (!name)
|
|
return NULL;
|
|
memcpy(name, dname, len);
|
|
name[len] = 0;
|
|
return name;
|
|
}
|
|
|
|
static int tracefs_syscall_mkdir(struct mnt_idmap *idmap,
|
|
struct inode *inode, struct dentry *dentry,
|
|
umode_t mode)
|
|
{
|
|
struct tracefs_inode *ti;
|
|
char *name;
|
|
int ret;
|
|
|
|
name = get_dname(dentry);
|
|
if (!name)
|
|
return -ENOMEM;
|
|
|
|
/*
|
|
* This is a new directory that does not take the default of
|
|
* the rootfs. It becomes the default permissions for all the
|
|
* files and directories underneath it.
|
|
*/
|
|
ti = get_tracefs(inode);
|
|
ti->flags |= TRACEFS_INSTANCE_INODE;
|
|
ti->private = inode;
|
|
|
|
/*
|
|
* The mkdir call can call the generic functions that create
|
|
* the files within the tracefs system. It is up to the individual
|
|
* mkdir routine to handle races.
|
|
*/
|
|
inode_unlock(inode);
|
|
ret = tracefs_ops.mkdir(name);
|
|
inode_lock(inode);
|
|
|
|
kfree(name);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int tracefs_syscall_rmdir(struct inode *inode, struct dentry *dentry)
|
|
{
|
|
char *name;
|
|
int ret;
|
|
|
|
name = get_dname(dentry);
|
|
if (!name)
|
|
return -ENOMEM;
|
|
|
|
/*
|
|
* The rmdir call can call the generic functions that create
|
|
* the files within the tracefs system. It is up to the individual
|
|
* rmdir routine to handle races.
|
|
* This time we need to unlock not only the parent (inode) but
|
|
* also the directory that is being deleted.
|
|
*/
|
|
inode_unlock(inode);
|
|
inode_unlock(d_inode(dentry));
|
|
|
|
ret = tracefs_ops.rmdir(name);
|
|
|
|
inode_lock_nested(inode, I_MUTEX_PARENT);
|
|
inode_lock(d_inode(dentry));
|
|
|
|
kfree(name);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void set_tracefs_inode_owner(struct inode *inode)
|
|
{
|
|
struct tracefs_inode *ti = get_tracefs(inode);
|
|
struct inode *root_inode = ti->private;
|
|
kuid_t uid;
|
|
kgid_t gid;
|
|
|
|
uid = root_inode->i_uid;
|
|
gid = root_inode->i_gid;
|
|
|
|
/*
|
|
* If the root is not the mount point, then check the root's
|
|
* permissions. If it was never set, then default to the
|
|
* mount point.
|
|
*/
|
|
if (root_inode != d_inode(root_inode->i_sb->s_root)) {
|
|
struct tracefs_inode *rti;
|
|
|
|
rti = get_tracefs(root_inode);
|
|
root_inode = d_inode(root_inode->i_sb->s_root);
|
|
|
|
if (!(rti->flags & TRACEFS_UID_PERM_SET))
|
|
uid = root_inode->i_uid;
|
|
|
|
if (!(rti->flags & TRACEFS_GID_PERM_SET))
|
|
gid = root_inode->i_gid;
|
|
}
|
|
|
|
/*
|
|
* If this inode has never been referenced, then update
|
|
* the permissions to the superblock.
|
|
*/
|
|
if (!(ti->flags & TRACEFS_UID_PERM_SET))
|
|
inode->i_uid = uid;
|
|
|
|
if (!(ti->flags & TRACEFS_GID_PERM_SET))
|
|
inode->i_gid = gid;
|
|
}
|
|
|
|
static int tracefs_permission(struct mnt_idmap *idmap,
|
|
struct inode *inode, int mask)
|
|
{
|
|
set_tracefs_inode_owner(inode);
|
|
return generic_permission(idmap, inode, mask);
|
|
}
|
|
|
|
static int tracefs_getattr(struct mnt_idmap *idmap,
|
|
const struct path *path, struct kstat *stat,
|
|
u32 request_mask, unsigned int flags)
|
|
{
|
|
struct inode *inode = d_backing_inode(path->dentry);
|
|
|
|
set_tracefs_inode_owner(inode);
|
|
generic_fillattr(idmap, request_mask, inode, stat);
|
|
return 0;
|
|
}
|
|
|
|
static int tracefs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
|
struct iattr *attr)
|
|
{
|
|
unsigned int ia_valid = attr->ia_valid;
|
|
struct inode *inode = d_inode(dentry);
|
|
struct tracefs_inode *ti = get_tracefs(inode);
|
|
|
|
if (ia_valid & ATTR_UID)
|
|
ti->flags |= TRACEFS_UID_PERM_SET;
|
|
|
|
if (ia_valid & ATTR_GID)
|
|
ti->flags |= TRACEFS_GID_PERM_SET;
|
|
|
|
return simple_setattr(idmap, dentry, attr);
|
|
}
|
|
|
|
static const struct inode_operations tracefs_instance_dir_inode_operations = {
|
|
.lookup = simple_lookup,
|
|
.mkdir = tracefs_syscall_mkdir,
|
|
.rmdir = tracefs_syscall_rmdir,
|
|
.permission = tracefs_permission,
|
|
.getattr = tracefs_getattr,
|
|
.setattr = tracefs_setattr,
|
|
};
|
|
|
|
static const struct inode_operations tracefs_dir_inode_operations = {
|
|
.lookup = simple_lookup,
|
|
.permission = tracefs_permission,
|
|
.getattr = tracefs_getattr,
|
|
.setattr = tracefs_setattr,
|
|
};
|
|
|
|
static const struct inode_operations tracefs_file_inode_operations = {
|
|
.permission = tracefs_permission,
|
|
.getattr = tracefs_getattr,
|
|
.setattr = tracefs_setattr,
|
|
};
|
|
|
|
struct inode *tracefs_get_inode(struct super_block *sb)
|
|
{
|
|
struct inode *inode = new_inode(sb);
|
|
if (inode) {
|
|
inode->i_ino = get_next_ino();
|
|
simple_inode_init_ts(inode);
|
|
}
|
|
return inode;
|
|
}
|
|
|
|
struct tracefs_fs_info {
|
|
kuid_t uid;
|
|
kgid_t gid;
|
|
umode_t mode;
|
|
/* Opt_* bitfield. */
|
|
unsigned int opts;
|
|
};
|
|
|
|
enum {
|
|
Opt_uid,
|
|
Opt_gid,
|
|
Opt_mode,
|
|
};
|
|
|
|
static const struct fs_parameter_spec tracefs_param_specs[] = {
|
|
fsparam_gid ("gid", Opt_gid),
|
|
fsparam_u32oct ("mode", Opt_mode),
|
|
fsparam_uid ("uid", Opt_uid),
|
|
{}
|
|
};
|
|
|
|
static int tracefs_parse_param(struct fs_context *fc, struct fs_parameter *param)
|
|
{
|
|
struct tracefs_fs_info *opts = fc->s_fs_info;
|
|
struct fs_parse_result result;
|
|
int opt;
|
|
|
|
opt = fs_parse(fc, tracefs_param_specs, param, &result);
|
|
if (opt < 0)
|
|
return opt;
|
|
|
|
switch (opt) {
|
|
case Opt_uid:
|
|
opts->uid = result.uid;
|
|
break;
|
|
case Opt_gid:
|
|
opts->gid = result.gid;
|
|
break;
|
|
case Opt_mode:
|
|
opts->mode = result.uint_32 & S_IALLUGO;
|
|
break;
|
|
/*
|
|
* We might like to report bad mount options here;
|
|
* but traditionally tracefs has ignored all mount options
|
|
*/
|
|
}
|
|
|
|
opts->opts |= BIT(opt);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int tracefs_apply_options(struct super_block *sb, bool remount)
|
|
{
|
|
struct tracefs_fs_info *fsi = sb->s_fs_info;
|
|
struct inode *inode = d_inode(sb->s_root);
|
|
struct tracefs_inode *ti;
|
|
bool update_uid, update_gid;
|
|
umode_t tmp_mode;
|
|
|
|
/*
|
|
* On remount, only reset mode/uid/gid if they were provided as mount
|
|
* options.
|
|
*/
|
|
|
|
if (!remount || fsi->opts & BIT(Opt_mode)) {
|
|
tmp_mode = READ_ONCE(inode->i_mode) & ~S_IALLUGO;
|
|
tmp_mode |= fsi->mode;
|
|
WRITE_ONCE(inode->i_mode, tmp_mode);
|
|
}
|
|
|
|
if (!remount || fsi->opts & BIT(Opt_uid))
|
|
inode->i_uid = fsi->uid;
|
|
|
|
if (!remount || fsi->opts & BIT(Opt_gid))
|
|
inode->i_gid = fsi->gid;
|
|
|
|
if (remount && (fsi->opts & BIT(Opt_uid) || fsi->opts & BIT(Opt_gid))) {
|
|
|
|
update_uid = fsi->opts & BIT(Opt_uid);
|
|
update_gid = fsi->opts & BIT(Opt_gid);
|
|
|
|
rcu_read_lock();
|
|
list_for_each_entry_rcu(ti, &tracefs_inodes, list) {
|
|
if (update_uid) {
|
|
ti->flags &= ~TRACEFS_UID_PERM_SET;
|
|
ti->vfs_inode.i_uid = fsi->uid;
|
|
}
|
|
|
|
if (update_gid) {
|
|
ti->flags &= ~TRACEFS_GID_PERM_SET;
|
|
ti->vfs_inode.i_gid = fsi->gid;
|
|
}
|
|
|
|
/*
|
|
* Note, the above ti->vfs_inode updates are
|
|
* used in eventfs_remount() so they must come
|
|
* before calling it.
|
|
*/
|
|
if (ti->flags & TRACEFS_EVENT_INODE)
|
|
eventfs_remount(ti, update_uid, update_gid);
|
|
}
|
|
rcu_read_unlock();
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int tracefs_reconfigure(struct fs_context *fc)
|
|
{
|
|
struct super_block *sb = fc->root->d_sb;
|
|
struct tracefs_fs_info *sb_opts = sb->s_fs_info;
|
|
struct tracefs_fs_info *new_opts = fc->s_fs_info;
|
|
|
|
sync_filesystem(sb);
|
|
/* structure copy of new mount options to sb */
|
|
*sb_opts = *new_opts;
|
|
|
|
return tracefs_apply_options(sb, true);
|
|
}
|
|
|
|
static int tracefs_show_options(struct seq_file *m, struct dentry *root)
|
|
{
|
|
struct tracefs_fs_info *fsi = root->d_sb->s_fs_info;
|
|
|
|
if (!uid_eq(fsi->uid, GLOBAL_ROOT_UID))
|
|
seq_printf(m, ",uid=%u",
|
|
from_kuid_munged(&init_user_ns, fsi->uid));
|
|
if (!gid_eq(fsi->gid, GLOBAL_ROOT_GID))
|
|
seq_printf(m, ",gid=%u",
|
|
from_kgid_munged(&init_user_ns, fsi->gid));
|
|
if (fsi->mode != TRACEFS_DEFAULT_MODE)
|
|
seq_printf(m, ",mode=%o", fsi->mode);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int tracefs_drop_inode(struct inode *inode)
|
|
{
|
|
struct tracefs_inode *ti = get_tracefs(inode);
|
|
|
|
/*
|
|
* This inode is being freed and cannot be used for
|
|
* eventfs. Clear the flag so that it doesn't call into
|
|
* eventfs during the remount flag updates. The eventfs_inode
|
|
* gets freed after an RCU cycle, so the content will still
|
|
* be safe if the iteration is going on now.
|
|
*/
|
|
ti->flags &= ~TRACEFS_EVENT_INODE;
|
|
|
|
return 1;
|
|
}
|
|
|
|
static const struct super_operations tracefs_super_operations = {
|
|
.alloc_inode = tracefs_alloc_inode,
|
|
.free_inode = tracefs_free_inode,
|
|
.destroy_inode = tracefs_destroy_inode,
|
|
.drop_inode = tracefs_drop_inode,
|
|
.statfs = simple_statfs,
|
|
.show_options = tracefs_show_options,
|
|
};
|
|
|
|
/*
|
|
* It would be cleaner if eventfs had its own dentry ops.
|
|
*
|
|
* Note that d_revalidate is called potentially under RCU,
|
|
* so it can't take the eventfs mutex etc. It's fine - if
|
|
* we open a file just as it's marked dead, things will
|
|
* still work just fine, and just see the old stale case.
|
|
*/
|
|
static void tracefs_d_release(struct dentry *dentry)
|
|
{
|
|
if (dentry->d_fsdata)
|
|
eventfs_d_release(dentry);
|
|
}
|
|
|
|
static int tracefs_d_revalidate(struct dentry *dentry, unsigned int flags)
|
|
{
|
|
struct eventfs_inode *ei = dentry->d_fsdata;
|
|
|
|
return !(ei && ei->is_freed);
|
|
}
|
|
|
|
static const struct dentry_operations tracefs_dentry_operations = {
|
|
.d_revalidate = tracefs_d_revalidate,
|
|
.d_release = tracefs_d_release,
|
|
};
|
|
|
|
static int tracefs_fill_super(struct super_block *sb, struct fs_context *fc)
|
|
{
|
|
static const struct tree_descr trace_files[] = {{""}};
|
|
int err;
|
|
|
|
err = simple_fill_super(sb, TRACEFS_MAGIC, trace_files);
|
|
if (err)
|
|
return err;
|
|
|
|
sb->s_op = &tracefs_super_operations;
|
|
sb->s_d_op = &tracefs_dentry_operations;
|
|
|
|
tracefs_apply_options(sb, false);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int tracefs_get_tree(struct fs_context *fc)
|
|
{
|
|
return get_tree_single(fc, tracefs_fill_super);
|
|
}
|
|
|
|
static void tracefs_free_fc(struct fs_context *fc)
|
|
{
|
|
kfree(fc->s_fs_info);
|
|
}
|
|
|
|
static const struct fs_context_operations tracefs_context_ops = {
|
|
.free = tracefs_free_fc,
|
|
.parse_param = tracefs_parse_param,
|
|
.get_tree = tracefs_get_tree,
|
|
.reconfigure = tracefs_reconfigure,
|
|
};
|
|
|
|
static int tracefs_init_fs_context(struct fs_context *fc)
|
|
{
|
|
struct tracefs_fs_info *fsi;
|
|
|
|
fsi = kzalloc(sizeof(struct tracefs_fs_info), GFP_KERNEL);
|
|
if (!fsi)
|
|
return -ENOMEM;
|
|
|
|
fsi->mode = TRACEFS_DEFAULT_MODE;
|
|
|
|
fc->s_fs_info = fsi;
|
|
fc->ops = &tracefs_context_ops;
|
|
return 0;
|
|
}
|
|
|
|
static struct file_system_type trace_fs_type = {
|
|
.owner = THIS_MODULE,
|
|
.name = "tracefs",
|
|
.init_fs_context = tracefs_init_fs_context,
|
|
.parameters = tracefs_param_specs,
|
|
.kill_sb = kill_litter_super,
|
|
};
|
|
MODULE_ALIAS_FS("tracefs");
|
|
|
|
struct dentry *tracefs_start_creating(const char *name, struct dentry *parent)
|
|
{
|
|
struct dentry *dentry;
|
|
int error;
|
|
|
|
pr_debug("tracefs: creating file '%s'\n",name);
|
|
|
|
error = simple_pin_fs(&trace_fs_type, &tracefs_mount,
|
|
&tracefs_mount_count);
|
|
if (error)
|
|
return ERR_PTR(error);
|
|
|
|
/* If the parent is not specified, we create it in the root.
|
|
* We need the root dentry to do this, which is in the super
|
|
* block. A pointer to that is in the struct vfsmount that we
|
|
* have around.
|
|
*/
|
|
if (!parent)
|
|
parent = tracefs_mount->mnt_root;
|
|
|
|
inode_lock(d_inode(parent));
|
|
if (unlikely(IS_DEADDIR(d_inode(parent))))
|
|
dentry = ERR_PTR(-ENOENT);
|
|
else
|
|
dentry = lookup_one_len(name, parent, strlen(name));
|
|
if (!IS_ERR(dentry) && d_inode(dentry)) {
|
|
dput(dentry);
|
|
dentry = ERR_PTR(-EEXIST);
|
|
}
|
|
|
|
if (IS_ERR(dentry)) {
|
|
inode_unlock(d_inode(parent));
|
|
simple_release_fs(&tracefs_mount, &tracefs_mount_count);
|
|
}
|
|
|
|
return dentry;
|
|
}
|
|
|
|
struct dentry *tracefs_failed_creating(struct dentry *dentry)
|
|
{
|
|
inode_unlock(d_inode(dentry->d_parent));
|
|
dput(dentry);
|
|
simple_release_fs(&tracefs_mount, &tracefs_mount_count);
|
|
return NULL;
|
|
}
|
|
|
|
struct dentry *tracefs_end_creating(struct dentry *dentry)
|
|
{
|
|
inode_unlock(d_inode(dentry->d_parent));
|
|
return dentry;
|
|
}
|
|
|
|
/* Find the inode that this will use for default */
|
|
static struct inode *instance_inode(struct dentry *parent, struct inode *inode)
|
|
{
|
|
struct tracefs_inode *ti;
|
|
|
|
/* If parent is NULL then use root inode */
|
|
if (!parent)
|
|
return d_inode(inode->i_sb->s_root);
|
|
|
|
/* Find the inode that is flagged as an instance or the root inode */
|
|
while (!IS_ROOT(parent)) {
|
|
ti = get_tracefs(d_inode(parent));
|
|
if (ti->flags & TRACEFS_INSTANCE_INODE)
|
|
break;
|
|
parent = parent->d_parent;
|
|
}
|
|
|
|
return d_inode(parent);
|
|
}
|
|
|
|
/**
|
|
* tracefs_create_file - create a file in the tracefs filesystem
|
|
* @name: a pointer to a string containing the name of the file to create.
|
|
* @mode: the permission that the file should have.
|
|
* @parent: a pointer to the parent dentry for this file. This should be a
|
|
* directory dentry if set. If this parameter is NULL, then the
|
|
* file will be created in the root of the tracefs filesystem.
|
|
* @data: a pointer to something that the caller will want to get to later
|
|
* on. The inode.i_private pointer will point to this value on
|
|
* the open() call.
|
|
* @fops: a pointer to a struct file_operations that should be used for
|
|
* this file.
|
|
*
|
|
* This is the basic "create a file" function for tracefs. It allows for a
|
|
* wide range of flexibility in creating a file, or a directory (if you want
|
|
* to create a directory, the tracefs_create_dir() function is
|
|
* recommended to be used instead.)
|
|
*
|
|
* This function will return a pointer to a dentry if it succeeds. This
|
|
* pointer must be passed to the tracefs_remove() function when the file is
|
|
* to be removed (no automatic cleanup happens if your module is unloaded,
|
|
* you are responsible here.) If an error occurs, %NULL will be returned.
|
|
*
|
|
* If tracefs is not enabled in the kernel, the value -%ENODEV will be
|
|
* returned.
|
|
*/
|
|
struct dentry *tracefs_create_file(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops)
|
|
{
|
|
struct tracefs_inode *ti;
|
|
struct dentry *dentry;
|
|
struct inode *inode;
|
|
|
|
if (security_locked_down(LOCKDOWN_TRACEFS))
|
|
return NULL;
|
|
|
|
if (!(mode & S_IFMT))
|
|
mode |= S_IFREG;
|
|
BUG_ON(!S_ISREG(mode));
|
|
dentry = tracefs_start_creating(name, parent);
|
|
|
|
if (IS_ERR(dentry))
|
|
return NULL;
|
|
|
|
inode = tracefs_get_inode(dentry->d_sb);
|
|
if (unlikely(!inode))
|
|
return tracefs_failed_creating(dentry);
|
|
|
|
ti = get_tracefs(inode);
|
|
ti->private = instance_inode(parent, inode);
|
|
|
|
inode->i_mode = mode;
|
|
inode->i_op = &tracefs_file_inode_operations;
|
|
inode->i_fop = fops ? fops : &tracefs_file_operations;
|
|
inode->i_private = data;
|
|
inode->i_uid = d_inode(dentry->d_parent)->i_uid;
|
|
inode->i_gid = d_inode(dentry->d_parent)->i_gid;
|
|
d_instantiate(dentry, inode);
|
|
fsnotify_create(d_inode(dentry->d_parent), dentry);
|
|
return tracefs_end_creating(dentry);
|
|
}
|
|
|
|
static struct dentry *__create_dir(const char *name, struct dentry *parent,
|
|
const struct inode_operations *ops)
|
|
{
|
|
struct tracefs_inode *ti;
|
|
struct dentry *dentry = tracefs_start_creating(name, parent);
|
|
struct inode *inode;
|
|
|
|
if (IS_ERR(dentry))
|
|
return NULL;
|
|
|
|
inode = tracefs_get_inode(dentry->d_sb);
|
|
if (unlikely(!inode))
|
|
return tracefs_failed_creating(dentry);
|
|
|
|
/* Do not set bits for OTH */
|
|
inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP;
|
|
inode->i_op = ops;
|
|
inode->i_fop = &simple_dir_operations;
|
|
inode->i_uid = d_inode(dentry->d_parent)->i_uid;
|
|
inode->i_gid = d_inode(dentry->d_parent)->i_gid;
|
|
|
|
ti = get_tracefs(inode);
|
|
ti->private = instance_inode(parent, inode);
|
|
|
|
/* directory inodes start off with i_nlink == 2 (for "." entry) */
|
|
inc_nlink(inode);
|
|
d_instantiate(dentry, inode);
|
|
inc_nlink(d_inode(dentry->d_parent));
|
|
fsnotify_mkdir(d_inode(dentry->d_parent), dentry);
|
|
return tracefs_end_creating(dentry);
|
|
}
|
|
|
|
/**
|
|
* tracefs_create_dir - create a directory in the tracefs filesystem
|
|
* @name: a pointer to a string containing the name of the directory to
|
|
* create.
|
|
* @parent: a pointer to the parent dentry for this file. This should be a
|
|
* directory dentry if set. If this parameter is NULL, then the
|
|
* directory will be created in the root of the tracefs filesystem.
|
|
*
|
|
* This function creates a directory in tracefs with the given name.
|
|
*
|
|
* This function will return a pointer to a dentry if it succeeds. This
|
|
* pointer must be passed to the tracefs_remove() function when the file is
|
|
* to be removed. If an error occurs, %NULL will be returned.
|
|
*
|
|
* If tracing is not enabled in the kernel, the value -%ENODEV will be
|
|
* returned.
|
|
*/
|
|
struct dentry *tracefs_create_dir(const char *name, struct dentry *parent)
|
|
{
|
|
if (security_locked_down(LOCKDOWN_TRACEFS))
|
|
return NULL;
|
|
|
|
return __create_dir(name, parent, &tracefs_dir_inode_operations);
|
|
}
|
|
|
|
/**
|
|
* tracefs_create_instance_dir - create the tracing instances directory
|
|
* @name: The name of the instances directory to create
|
|
* @parent: The parent directory that the instances directory will exist
|
|
* @mkdir: The function to call when a mkdir is performed.
|
|
* @rmdir: The function to call when a rmdir is performed.
|
|
*
|
|
* Only one instances directory is allowed.
|
|
*
|
|
* The instances directory is special as it allows for mkdir and rmdir
|
|
* to be done by userspace. When a mkdir or rmdir is performed, the inode
|
|
* locks are released and the methods passed in (@mkdir and @rmdir) are
|
|
* called without locks and with the name of the directory being created
|
|
* within the instances directory.
|
|
*
|
|
* Returns the dentry of the instances directory.
|
|
*/
|
|
__init struct dentry *tracefs_create_instance_dir(const char *name,
|
|
struct dentry *parent,
|
|
int (*mkdir)(const char *name),
|
|
int (*rmdir)(const char *name))
|
|
{
|
|
struct dentry *dentry;
|
|
|
|
/* Only allow one instance of the instances directory. */
|
|
if (WARN_ON(tracefs_ops.mkdir || tracefs_ops.rmdir))
|
|
return NULL;
|
|
|
|
dentry = __create_dir(name, parent, &tracefs_instance_dir_inode_operations);
|
|
if (!dentry)
|
|
return NULL;
|
|
|
|
tracefs_ops.mkdir = mkdir;
|
|
tracefs_ops.rmdir = rmdir;
|
|
|
|
return dentry;
|
|
}
|
|
|
|
static void remove_one(struct dentry *victim)
|
|
{
|
|
simple_release_fs(&tracefs_mount, &tracefs_mount_count);
|
|
}
|
|
|
|
/**
|
|
* tracefs_remove - recursively removes a directory
|
|
* @dentry: a pointer to a the dentry of the directory to be removed.
|
|
*
|
|
* This function recursively removes a directory tree in tracefs that
|
|
* was previously created with a call to another tracefs function
|
|
* (like tracefs_create_file() or variants thereof.)
|
|
*/
|
|
void tracefs_remove(struct dentry *dentry)
|
|
{
|
|
if (IS_ERR_OR_NULL(dentry))
|
|
return;
|
|
|
|
simple_pin_fs(&trace_fs_type, &tracefs_mount, &tracefs_mount_count);
|
|
simple_recursive_removal(dentry, remove_one);
|
|
simple_release_fs(&tracefs_mount, &tracefs_mount_count);
|
|
}
|
|
|
|
/**
|
|
* tracefs_initialized - Tells whether tracefs has been registered
|
|
*/
|
|
bool tracefs_initialized(void)
|
|
{
|
|
return tracefs_registered;
|
|
}
|
|
|
|
static void init_once(void *foo)
|
|
{
|
|
struct tracefs_inode *ti = (struct tracefs_inode *) foo;
|
|
|
|
/* inode_init_once() calls memset() on the vfs_inode portion */
|
|
inode_init_once(&ti->vfs_inode);
|
|
|
|
/* Zero out the rest */
|
|
memset_after(ti, 0, vfs_inode);
|
|
}
|
|
|
|
static int __init tracefs_init(void)
|
|
{
|
|
int retval;
|
|
|
|
tracefs_inode_cachep = kmem_cache_create("tracefs_inode_cache",
|
|
sizeof(struct tracefs_inode),
|
|
0, (SLAB_RECLAIM_ACCOUNT|
|
|
SLAB_ACCOUNT),
|
|
init_once);
|
|
if (!tracefs_inode_cachep)
|
|
return -ENOMEM;
|
|
|
|
retval = sysfs_create_mount_point(kernel_kobj, "tracing");
|
|
if (retval)
|
|
return -EINVAL;
|
|
|
|
retval = register_filesystem(&trace_fs_type);
|
|
if (!retval)
|
|
tracefs_registered = true;
|
|
|
|
return retval;
|
|
}
|
|
core_initcall(tracefs_init);
|