mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-15 09:55:36 +00:00
f1ef09fde1
Pull namespace updates from Eric Biederman: "There is a lot here. A lot of these changes result in subtle user visible differences in kernel behavior. I don't expect anything will care but I will revert/fix things immediately if any regressions show up. From Seth Forshee there is a continuation of the work to make the vfs ready for unpriviled mounts. We had thought the previous changes prevented the creation of files outside of s_user_ns of a filesystem, but it turns we missed the O_CREAT path. Ooops. Pavel Tikhomirov and Oleg Nesterov worked together to fix a long standing bug in the implemenation of PR_SET_CHILD_SUBREAPER where only children that are forked after the prctl are considered and not children forked before the prctl. The only known user of this prctl systemd forks all children after the prctl. So no userspace regressions will occur. Holding earlier forked children to the same rules as later forked children creates a semantic that is sane enough to allow checkpoing of processes that use this feature. There is a long delayed change by Nikolay Borisov to limit inotify instances inside a user namespace. Michael Kerrisk extends the API for files used to maniuplate namespaces with two new trivial ioctls to allow discovery of the hierachy and properties of namespaces. Konstantin Khlebnikov with the help of Al Viro adds code that when a network namespace exits purges it's sysctl entries from the dcache. As in some circumstances this could use a lot of memory. Vivek Goyal fixed a bug with stacked filesystems where the permissions on the wrong inode were being checked. I continue previous work on ptracing across exec. Allowing a file to be setuid across exec while being ptraced if the tracer has enough credentials in the user namespace, and if the process has CAP_SETUID in it's own namespace. Proc files for setuid or otherwise undumpable executables are now owned by the root in the user namespace of their mm. Allowing debugging of setuid applications in containers to work better. A bug I introduced with permission checking and automount is now fixed. The big change is to mark the mounts that the kernel initiates as a result of an automount. This allows the permission checks in sget to be safely suppressed for this kind of mount. As the permission check happened when the original filesystem was mounted. Finally a special case in the mount namespace is removed preventing unbounded chains in the mount hash table, and making the semantics simpler which benefits CRIU. The vfs fix along with related work in ima and evm I believe makes us ready to finish developing and merge fully unprivileged mounts of the fuse filesystem. The cleanups of the mount namespace makes discussing how to fix the worst case complexity of umount. The stacked filesystem fixes pave the way for adding multiple mappings for the filesystem uids so that efficient and safer containers can be implemented" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc/sysctl: Don't grab i_lock under sysctl_lock. vfs: Use upper filesystem inode in bprm_fill_uid() proc/sysctl: prune stale dentries during unregistering mnt: Tuck mounts under others instead of creating shadow/side mounts. prctl: propagate has_child_subreaper flag to every descendant introduce the walk_process_tree() helper nsfs: Add an ioctl() to return owner UID of a userns fs: Better permission checking for submounts exit: fix the setns() && PR_SET_CHILD_SUBREAPER interaction vfs: open() with O_CREAT should not create inodes with unknown ids nsfs: Add an ioctl() to return the namespace type proc: Better ownership of files for non-dumpable tasks in user namespaces exec: Remove LSM_UNSAFE_PTRACE_CAP exec: Test the ptracer's saved cred to see if the tracee can gain caps exec: Don't reset euid and egid when the tracee has CAP_SETUID inotify: Convert to using per-namespace limits
397 lines
11 KiB
C
397 lines
11 KiB
C
/*
|
|
* debugfs.h - a tiny little debug file system
|
|
*
|
|
* Copyright (C) 2004 Greg Kroah-Hartman <greg@kroah.com>
|
|
* Copyright (C) 2004 IBM Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version
|
|
* 2 as published by the Free Software Foundation.
|
|
*
|
|
* debugfs is for people to use instead of /proc or /sys.
|
|
* See Documentation/DocBook/filesystems for more details.
|
|
*/
|
|
|
|
#ifndef _DEBUGFS_H_
|
|
#define _DEBUGFS_H_
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/seq_file.h>
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/compiler.h>
|
|
|
|
struct device;
|
|
struct file_operations;
|
|
struct srcu_struct;
|
|
|
|
struct debugfs_blob_wrapper {
|
|
void *data;
|
|
unsigned long size;
|
|
};
|
|
|
|
struct debugfs_reg32 {
|
|
char *name;
|
|
unsigned long offset;
|
|
};
|
|
|
|
struct debugfs_regset32 {
|
|
const struct debugfs_reg32 *regs;
|
|
int nregs;
|
|
void __iomem *base;
|
|
};
|
|
|
|
extern struct dentry *arch_debugfs_dir;
|
|
|
|
extern struct srcu_struct debugfs_srcu;
|
|
|
|
/**
|
|
* debugfs_real_fops - getter for the real file operation
|
|
* @filp: a pointer to a struct file
|
|
*
|
|
* Must only be called under the protection established by
|
|
* debugfs_use_file_start().
|
|
*/
|
|
static inline const struct file_operations *debugfs_real_fops(const struct file *filp)
|
|
__must_hold(&debugfs_srcu)
|
|
{
|
|
/*
|
|
* Neither the pointer to the struct file_operations, nor its
|
|
* contents ever change -- srcu_dereference() is not needed here.
|
|
*/
|
|
return filp->f_path.dentry->d_fsdata;
|
|
}
|
|
|
|
#define DEFINE_DEBUGFS_ATTRIBUTE(__fops, __get, __set, __fmt) \
|
|
static int __fops ## _open(struct inode *inode, struct file *file) \
|
|
{ \
|
|
__simple_attr_check_format(__fmt, 0ull); \
|
|
return simple_attr_open(inode, file, __get, __set, __fmt); \
|
|
} \
|
|
static const struct file_operations __fops = { \
|
|
.owner = THIS_MODULE, \
|
|
.open = __fops ## _open, \
|
|
.release = simple_attr_release, \
|
|
.read = debugfs_attr_read, \
|
|
.write = debugfs_attr_write, \
|
|
.llseek = generic_file_llseek, \
|
|
}
|
|
|
|
#if defined(CONFIG_DEBUG_FS)
|
|
|
|
struct dentry *debugfs_lookup(const char *name, struct dentry *parent);
|
|
|
|
struct dentry *debugfs_create_file(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops);
|
|
struct dentry *debugfs_create_file_unsafe(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops);
|
|
|
|
struct dentry *debugfs_create_file_size(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops,
|
|
loff_t file_size);
|
|
|
|
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent);
|
|
|
|
struct dentry *debugfs_create_symlink(const char *name, struct dentry *parent,
|
|
const char *dest);
|
|
|
|
typedef struct vfsmount *(*debugfs_automount_t)(struct dentry *, void *);
|
|
struct dentry *debugfs_create_automount(const char *name,
|
|
struct dentry *parent,
|
|
debugfs_automount_t f,
|
|
void *data);
|
|
|
|
void debugfs_remove(struct dentry *dentry);
|
|
void debugfs_remove_recursive(struct dentry *dentry);
|
|
|
|
int debugfs_use_file_start(const struct dentry *dentry, int *srcu_idx)
|
|
__acquires(&debugfs_srcu);
|
|
|
|
void debugfs_use_file_finish(int srcu_idx) __releases(&debugfs_srcu);
|
|
|
|
ssize_t debugfs_attr_read(struct file *file, char __user *buf,
|
|
size_t len, loff_t *ppos);
|
|
ssize_t debugfs_attr_write(struct file *file, const char __user *buf,
|
|
size_t len, loff_t *ppos);
|
|
|
|
struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry,
|
|
struct dentry *new_dir, const char *new_name);
|
|
|
|
struct dentry *debugfs_create_u8(const char *name, umode_t mode,
|
|
struct dentry *parent, u8 *value);
|
|
struct dentry *debugfs_create_u16(const char *name, umode_t mode,
|
|
struct dentry *parent, u16 *value);
|
|
struct dentry *debugfs_create_u32(const char *name, umode_t mode,
|
|
struct dentry *parent, u32 *value);
|
|
struct dentry *debugfs_create_u64(const char *name, umode_t mode,
|
|
struct dentry *parent, u64 *value);
|
|
struct dentry *debugfs_create_ulong(const char *name, umode_t mode,
|
|
struct dentry *parent, unsigned long *value);
|
|
struct dentry *debugfs_create_x8(const char *name, umode_t mode,
|
|
struct dentry *parent, u8 *value);
|
|
struct dentry *debugfs_create_x16(const char *name, umode_t mode,
|
|
struct dentry *parent, u16 *value);
|
|
struct dentry *debugfs_create_x32(const char *name, umode_t mode,
|
|
struct dentry *parent, u32 *value);
|
|
struct dentry *debugfs_create_x64(const char *name, umode_t mode,
|
|
struct dentry *parent, u64 *value);
|
|
struct dentry *debugfs_create_size_t(const char *name, umode_t mode,
|
|
struct dentry *parent, size_t *value);
|
|
struct dentry *debugfs_create_atomic_t(const char *name, umode_t mode,
|
|
struct dentry *parent, atomic_t *value);
|
|
struct dentry *debugfs_create_bool(const char *name, umode_t mode,
|
|
struct dentry *parent, bool *value);
|
|
|
|
struct dentry *debugfs_create_blob(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
struct debugfs_blob_wrapper *blob);
|
|
|
|
struct dentry *debugfs_create_regset32(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
struct debugfs_regset32 *regset);
|
|
|
|
void debugfs_print_regs32(struct seq_file *s, const struct debugfs_reg32 *regs,
|
|
int nregs, void __iomem *base, char *prefix);
|
|
|
|
struct dentry *debugfs_create_u32_array(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u32 *array, u32 elements);
|
|
|
|
struct dentry *debugfs_create_devm_seqfile(struct device *dev, const char *name,
|
|
struct dentry *parent,
|
|
int (*read_fn)(struct seq_file *s,
|
|
void *data));
|
|
|
|
bool debugfs_initialized(void);
|
|
|
|
ssize_t debugfs_read_file_bool(struct file *file, char __user *user_buf,
|
|
size_t count, loff_t *ppos);
|
|
|
|
ssize_t debugfs_write_file_bool(struct file *file, const char __user *user_buf,
|
|
size_t count, loff_t *ppos);
|
|
|
|
#else
|
|
|
|
#include <linux/err.h>
|
|
|
|
/*
|
|
* We do not return NULL from these functions if CONFIG_DEBUG_FS is not enabled
|
|
* so users have a chance to detect if there was a real error or not. We don't
|
|
* want to duplicate the design decision mistakes of procfs and devfs again.
|
|
*/
|
|
|
|
static inline struct dentry *debugfs_lookup(const char *name,
|
|
struct dentry *parent)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_file(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_file_size(const char *name, umode_t mode,
|
|
struct dentry *parent, void *data,
|
|
const struct file_operations *fops,
|
|
loff_t file_size)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_dir(const char *name,
|
|
struct dentry *parent)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_symlink(const char *name,
|
|
struct dentry *parent,
|
|
const char *dest)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_automount(const char *name,
|
|
struct dentry *parent,
|
|
struct vfsmount *(*f)(void *),
|
|
void *data)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline void debugfs_remove(struct dentry *dentry)
|
|
{ }
|
|
|
|
static inline void debugfs_remove_recursive(struct dentry *dentry)
|
|
{ }
|
|
|
|
static inline int debugfs_use_file_start(const struct dentry *dentry,
|
|
int *srcu_idx)
|
|
__acquires(&debugfs_srcu)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void debugfs_use_file_finish(int srcu_idx)
|
|
__releases(&debugfs_srcu)
|
|
{ }
|
|
|
|
static inline ssize_t debugfs_attr_read(struct file *file, char __user *buf,
|
|
size_t len, loff_t *ppos)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline ssize_t debugfs_attr_write(struct file *file,
|
|
const char __user *buf,
|
|
size_t len, loff_t *ppos)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry,
|
|
struct dentry *new_dir, char *new_name)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_u8(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u8 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_u16(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u16 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_u32(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u32 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_u64(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u64 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_x8(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u8 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_x16(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u16 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_x32(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u32 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_x64(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u64 *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_size_t(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
size_t *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_atomic_t(const char *name, umode_t mode,
|
|
struct dentry *parent, atomic_t *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_bool(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
bool *value)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_blob(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
struct debugfs_blob_wrapper *blob)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_regset32(const char *name,
|
|
umode_t mode, struct dentry *parent,
|
|
struct debugfs_regset32 *regset)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline void debugfs_print_regs32(struct seq_file *s, const struct debugfs_reg32 *regs,
|
|
int nregs, void __iomem *base, char *prefix)
|
|
{
|
|
}
|
|
|
|
static inline bool debugfs_initialized(void)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_u32_array(const char *name, umode_t mode,
|
|
struct dentry *parent,
|
|
u32 *array, u32 elements)
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline struct dentry *debugfs_create_devm_seqfile(struct device *dev,
|
|
const char *name,
|
|
struct dentry *parent,
|
|
int (*read_fn)(struct seq_file *s,
|
|
void *data))
|
|
{
|
|
return ERR_PTR(-ENODEV);
|
|
}
|
|
|
|
static inline ssize_t debugfs_read_file_bool(struct file *file,
|
|
char __user *user_buf,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline ssize_t debugfs_write_file_bool(struct file *file,
|
|
const char __user *user_buf,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
#endif
|
|
|
|
#endif
|