take the targets of /proc/*/ns/* symlinks to separate fs

New pseudo-filesystem: nsfs. Targets of /proc/*/ns/* live there now. It's not mountable (not even registered, so it's not in /proc/filesystems, etc.). Files on it *are* bindable - we explicitly permit that in do_loopback(). This stuff lives in fs/nsfs.c now; proc_ns_fget() moved there as well. get_proc_ns() is a macro now (it's simply returning ->i_private; would have been an inline, if not for header ordering headache). proc_ns_inode() is an ex-parrot. The interface used in procfs is ns_get_path(path, task, ops) and ns_get_name(buf, size, task, ops). Dentries and inodes are never hashed; a non-counting reference to dentry is stashed in ns_common (removed by ->d_prune()) and reused by ns_get_path() if present. See ns_get_path()/ns_prune_dentry/nsfs_evict() for details of that mechanism. As the result, proc_ns_follow_link() has stopped poking in nd->path.mnt; it does nd_jump_link() on a consistent <vfsmount,dentry> pair it gets from ns_get_path(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2014-11-01 10:57:28 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2014-12-10 21:30:20 -0500
commit: e149ed2b805fefdccf7ccdfc19eca22fdd4514ac (patch)
tree: 8c9cd88deff8c7309ca2acb8d4cb475aaca47b14
parent: f77c80142e1afe6d5c16975ca5d7d1fc324b16f9 (diff)
10 files changed, 208 insertions, 161 deletions
diff --git a/fs/Makefile b/fs/Makefile
index 34a1b9dea6dd..34393376eaa2 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -11,7 +11,7 @@ obj-y :=	open.o read_write.o file_table.o super.o \
                attr.o bad_inode.o file.o filesystems.o namespace.o \
                seq_file.o xattr.o libfs.o fs-writeback.o \
                pnode.o splice.o sync.o utimes.o \
-                stack.o fs_struct.o statfs.o fs_pin.o
+                stack.o fs_struct.o statfs.o fs_pin.o nsfs.o
 ifeq ($(CONFIG_BLOCK),y)
 obj-y +=        buffer.o block_dev.o direct-io.o mpage.o
diff --git a/fs/internal.h b/fs/internal.h
index 757ba2abf21e..e9a61fe67575 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -147,3 +147,8 @@ extern const struct file_operations pipefifo_fops;
 */
 extern void sb_pin_kill(struct super_block *sb);
 extern void mnt_pin_kill(struct mount *m);
+/*
+ * fs/nsfs.c
+ */
+extern struct dentry_operations ns_dentry_operations;
diff --git a/fs/namespace.c b/fs/namespace.c
index 9dfb4cac0c41..30df6e7dd807 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1569,8 +1569,8 @@ SYSCALL_DEFINE1(oldumount, char __user *, name)
 static bool is_mnt_ns_file(struct dentry *dentry)
 {
        /* Is this a proxy for a mount namespace? */
-        struct inode *inode = dentry->d_inode;
+        return dentry->d_op == &ns_dentry_operations &&
-        return proc_ns_inode(inode) && dentry->d_fsdata == &mntns_operations;
+               dentry->d_fsdata == &mntns_operations;
 }
 struct mnt_namespace *to_mnt_ns(struct ns_common *ns)
@@ -2016,7 +2016,10 @@ static int do_loopback(struct path *path, const char *old_name,
        if (IS_MNT_UNBINDABLE(old))
                goto out2;
-        if (!check_mnt(parent) || !check_mnt(old))
+        if (!check_mnt(parent))
+                goto out2;
+        if (!check_mnt(old) && old_path.dentry->d_op != &ns_dentry_operations)
                goto out2;
        if (!recurse && has_locked_children(old, old_path.dentry))
diff --git a/fs/nsfs.c b/fs/nsfs.c
new file mode 100644
index 000000000000..af1b24fa899d
--- /dev/null
+++ b/fs/nsfs.c
@@ -0,0 +1,161 @@
+#include <linux/mount.h>
+#include <linux/file.h>
+#include <linux/fs.h>
+#include <linux/proc_ns.h>
+#include <linux/magic.h>
+#include <linux/ktime.h>
+static struct vfsmount *nsfs_mnt;
+static const struct file_operations ns_file_operations = {
+        .llseek         = no_llseek,
+};
+static char *ns_dname(struct dentry *dentry, char *buffer, int buflen)
+{
+        struct inode *inode = dentry->d_inode;
+        const struct proc_ns_operations *ns_ops = dentry->d_fsdata;
+        return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]",
+                ns_ops->name, inode->i_ino);
+}
+static void ns_prune_dentry(struct dentry *dentry)
+{
+        struct inode *inode = dentry->d_inode;
+        if (inode) {
+                struct ns_common *ns = inode->i_private;
+                atomic_long_set(&ns->stashed, 0);
+        }
+}
+const struct dentry_operations ns_dentry_operations =
+{
+        .d_prune        = ns_prune_dentry,
+        .d_delete       = always_delete_dentry,
+        .d_dname        = ns_dname,
+};
+static void nsfs_evict(struct inode *inode)
+{
+        struct ns_common *ns = inode->i_private;
+        clear_inode(inode);
+        ns->ops->put(ns);
+}
+void *ns_get_path(struct path *path, struct task_struct *task,
+                        const struct proc_ns_operations *ns_ops)
+{
+        struct vfsmount *mnt = mntget(nsfs_mnt);
+        struct qstr qname = { .name = "", };
+        struct dentry *dentry;
+        struct inode *inode;
+        struct ns_common *ns;
+        unsigned long d;
+again:
+        ns = ns_ops->get(task);
+        if (!ns) {
+                mntput(mnt);
+                return ERR_PTR(-ENOENT);
+        }
+        rcu_read_lock();
+        d = atomic_long_read(&ns->stashed);
+        if (!d)
+                goto slow;
+        dentry = (struct dentry *)d;
+        if (!lockref_get_not_dead(&dentry->d_lockref))
+                goto slow;
+        rcu_read_unlock();
+        ns_ops->put(ns);
+got_it:
+        path->mnt = mnt;
+        path->dentry = dentry;
+        return NULL;
+slow:
+        rcu_read_unlock();
+        inode = new_inode_pseudo(mnt->mnt_sb);
+        if (!inode) {
+                ns_ops->put(ns);
+                mntput(mnt);
+                return ERR_PTR(-ENOMEM);
+        }
+        inode->i_ino = ns->inum;
+        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
+        inode->i_flags |= S_IMMUTABLE;
+        inode->i_mode = S_IFREG | S_IRUGO;
+        inode->i_fop = &ns_file_operations;
+        inode->i_private = ns;
+        dentry = d_alloc_pseudo(mnt->mnt_sb, &qname);
+        if (!dentry) {
+                iput(inode);
+                mntput(mnt);
+                return ERR_PTR(-ENOMEM);
+        }
+        d_instantiate(dentry, inode);
+        dentry->d_fsdata = (void *)ns_ops;
+        d = atomic_long_cmpxchg(&ns->stashed, 0, (unsigned long)dentry);
+        if (d) {
+                d_delete(dentry);       /* make sure ->d_prune() does nothing */
+                dput(dentry);
+                cpu_relax();
+                goto again;
+        }
+        goto got_it;
+}
+int ns_get_name(char *buf, size_t size, struct task_struct *task,
+                        const struct proc_ns_operations *ns_ops)
+{
+        struct ns_common *ns;
+        int res = -ENOENT;
+        ns = ns_ops->get(task);
+        if (ns) {
+                res = snprintf(buf, size, "%s:[%u]", ns_ops->name, ns->inum);
+                ns_ops->put(ns);
+        }
+        return res;
+}
+struct file *proc_ns_fget(int fd)
+{
+        struct file *file;
+        file = fget(fd);
+        if (!file)
+                return ERR_PTR(-EBADF);
+        if (file->f_op != &ns_file_operations)
+                goto out_invalid;
+        return file;
+out_invalid:
+        fput(file);
+        return ERR_PTR(-EINVAL);
+}
+static const struct super_operations nsfs_ops = {
+        .statfs = simple_statfs,
+        .evict_inode = nsfs_evict,
+};
+static struct dentry *nsfs_mount(struct file_system_type *fs_type,
+                        int flags, const char *dev_name, void *data)
+{
+        return mount_pseudo(fs_type, "nsfs:", &nsfs_ops,
+                        &ns_dentry_operations, NSFS_MAGIC);
+}
+static struct file_system_type nsfs = {
+        .name = "nsfs",
+        .mount = nsfs_mount,
+        .kill_sb = kill_anon_super,
+};
+void __init nsfs_init(void)
+{
+        nsfs_mnt = kern_mount(&nsfs);
+        if (IS_ERR(nsfs_mnt))
+                panic("can't set nsfs up\n");
+        nsfs_mnt->mnt_sb->s_flags &= ~MS_NOUSER;
+}
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index a212996e0987..57a9be9a6668 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -32,7 +32,6 @@ static void proc_evict_inode(struct inode *inode)
 {
        struct proc_dir_entry *de;
        struct ctl_table_header *head;
-        struct ns_common *ns;
        truncate_inode_pages_final(&inode->i_data);
        clear_inode(inode);
@@ -49,10 +48,6 @@ static void proc_evict_inode(struct inode *inode)
                RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL);
                sysctl_head_put(head);
        }
-        /* Release any associated namespace */
-        ns = PROC_I(inode)->ns.ns;
-        if (ns && ns->ops)
-                ns->ops->put(ns);
 }
 static struct kmem_cache * proc_inode_cachep;
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
index 18fc1cf899de..aaaac77abad0 100644
--- a/fs/proc/namespaces.c
+++ b/fs/proc/namespaces.c
@@ -1,10 +1,6 @@
 #include <linux/proc_fs.h>
 #include <linux/nsproxy.h>
-#include <linux/sched.h>
 #include <linux/ptrace.h>
-#include <linux/fs_struct.h>
-#include <linux/mount.h>
-#include <linux/path.h>
 #include <linux/namei.h>
 #include <linux/file.h>
 #include <linux/utsname.h>
@@ -34,139 +30,45 @@ static const struct proc_ns_operations *ns_entries[] = {
        &mntns_operations,
 };
-static const struct file_operations ns_file_operations = {
-        .llseek         = no_llseek,
-};
-static const struct inode_operations ns_inode_operations = {
-        .setattr        = proc_setattr,
-};
-static char *ns_dname(struct dentry *dentry, char *buffer, int buflen)
-{
-        struct inode *inode = dentry->d_inode;
-        const struct proc_ns_operations *ns_ops = dentry->d_fsdata;
-        return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]",
-                ns_ops->name, inode->i_ino);
-}
-const struct dentry_operations ns_dentry_operations =
-{
-        .d_delete       = always_delete_dentry,
-        .d_dname        = ns_dname,
-};
-static struct dentry *proc_ns_get_dentry(struct super_block *sb,
-        struct task_struct *task, const struct proc_ns_operations *ns_ops)
-{
-        struct dentry *dentry, *result;
-        struct inode *inode;
-        struct proc_inode *ei;
-        struct qstr qname = { .name = "", };
-        struct ns_common *ns;
-        ns = ns_ops->get(task);
-        if (!ns)
-                return ERR_PTR(-ENOENT);
-        dentry = d_alloc_pseudo(sb, &qname);
-        if (!dentry) {
-                ns_ops->put(ns);
-                return ERR_PTR(-ENOMEM);
-        }
-        dentry->d_fsdata = (void *)ns_ops;
-        inode = iget_locked(sb, ns->inum);
-        if (!inode) {
-                dput(dentry);
-                ns_ops->put(ns);
-                return ERR_PTR(-ENOMEM);
-        }
-        ei = PROC_I(inode);
-        if (inode->i_state & I_NEW) {
-                inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
-                inode->i_op = &ns_inode_operations;
-                inode->i_mode = S_IFREG | S_IRUGO;
-                inode->i_fop = &ns_file_operations;
-                ei->ns.ns_ops = ns_ops;
-                ei->ns.ns = ns;
-                unlock_new_inode(inode);
-        } else {
-                ns_ops->put(ns);
-        }
-        d_set_d_op(dentry, &ns_dentry_operations);
-        result = d_instantiate_unique(dentry, inode);
-        if (result) {
-                dput(dentry);
-                dentry = result;
-        }
-        return dentry;
-}
 static void *proc_ns_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
        struct inode *inode = dentry->d_inode;
-        struct super_block *sb = inode->i_sb;
+        const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops;
-        struct proc_inode *ei = PROC_I(inode);
        struct task_struct *task;
        struct path ns_path;
        void *error = ERR_PTR(-EACCES);
        task = get_proc_task(inode);
        if (!task)
-                goto out;
+                return error;
-        if (!ptrace_may_access(task, PTRACE_MODE_READ))
+        if (ptrace_may_access(task, PTRACE_MODE_READ)) {
-                goto out_put_task;
+                error = ns_get_path(&ns_path, task, ns_ops);
+                if (!error)
-        ns_path.dentry = proc_ns_get_dentry(sb, task, ei->ns.ns_ops);
+                        nd_jump_link(nd, &ns_path);
-        if (IS_ERR(ns_path.dentry)) {
-                error = ERR_CAST(ns_path.dentry);
-                goto out_put_task;
        }
-        ns_path.mnt = mntget(nd->path.mnt);
-        nd_jump_link(nd, &ns_path);
-        error = NULL;
-out_put_task:
        put_task_struct(task);
-out:
        return error;
 }
 static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int buflen)
 {
        struct inode *inode = dentry->d_inode;
-        struct proc_inode *ei = PROC_I(inode);
+        const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops;
-        const struct proc_ns_operations *ns_ops = ei->ns.ns_ops;
        struct task_struct *task;
-        struct ns_common *ns;
        char name[50];
        int res = -EACCES;
        task = get_proc_task(inode);
        if (!task)
-                goto out;
+                return res;
-        if (!ptrace_may_access(task, PTRACE_MODE_READ))
-                goto out_put_task;
-        res = -ENOENT;
+        if (ptrace_may_access(task, PTRACE_MODE_READ)) {
-        ns = ns_ops->get(task);
+                res = ns_get_name(name, sizeof(name), task, ns_ops);
-        if (!ns)
+                if (res >= 0)
-                goto out_put_task;
+                        res = readlink_copy(buffer, buflen, name);
+        }
-        snprintf(name, sizeof(name), "%s:[%u]", ns_ops->name, ns->inum);
-        res = readlink_copy(buffer, buflen, name);
-        ns_ops->put(ns);
-out_put_task:
        put_task_struct(task);
-out:
        return res;
 }
@@ -268,31 +170,3 @@ const struct inode_operations proc_ns_dir_inode_operations = {
        .getattr        = pid_getattr,
        .setattr        = proc_setattr,
 };
-struct file *proc_ns_fget(int fd)
-{
-        struct file *file;
-        file = fget(fd);
-        if (!file)
-                return ERR_PTR(-EBADF);
-        if (file->f_op != &ns_file_operations)
-                goto out_invalid;
-        return file;
-out_invalid:
-        fput(file);
-        return ERR_PTR(-EINVAL);
-}
-struct ns_common *get_proc_ns(struct inode *inode)
-{
-        return PROC_I(inode)->ns.ns;
-}
-bool proc_ns_inode(struct inode *inode)
-{
-        return inode->i_fop == &ns_file_operations;
-}
diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
index ce23cf4bbe69..85a5c8c16be9 100644
--- a/include/linux/ns_common.h
+++ b/include/linux/ns_common.h
@@ -4,6 +4,7 @@
 struct proc_ns_operations;
 struct ns_common {
+        atomic_long_t stashed;
        const struct proc_ns_operations *ops;
        unsigned int inum;
 };
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index 2837ff41cfe3..42dfc615dbf8 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -4,9 +4,11 @@
 #ifndef _LINUX_PROC_NS_H
 #define _LINUX_PROC_NS_H
+#include <linux/ns_common.h>
 struct pid_namespace;
 struct nsproxy;
-struct ns_common;
+struct path;
 struct proc_ns_operations {
        const char *name;
@@ -38,35 +40,38 @@ enum {
 extern int pid_ns_prepare_proc(struct pid_namespace *ns);
 extern void pid_ns_release_proc(struct pid_namespace *ns);
-extern struct file *proc_ns_fget(int fd);
-extern struct ns_common *get_proc_ns(struct inode *);
 extern int proc_alloc_inum(unsigned int *pino);
 extern void proc_free_inum(unsigned int inum);
-extern bool proc_ns_inode(struct inode *inode);
 #else /* CONFIG_PROC_FS */
 static inline int pid_ns_prepare_proc(struct pid_namespace *ns) { return 0; }
 static inline void pid_ns_release_proc(struct pid_namespace *ns) {}
-static inline struct file *proc_ns_fget(int fd)
-{
-        return ERR_PTR(-EINVAL);
-}
-static inline struct ns_common *get_proc_ns(struct inode *inode) { return NULL; }
 static inline int proc_alloc_inum(unsigned int *inum)
 {
        *inum = 1;
        return 0;
 }
 static inline void proc_free_inum(unsigned int inum) {}
-static inline bool proc_ns_inode(struct inode *inode) { return false; }
 #endif /* CONFIG_PROC_FS */
-#define ns_alloc_inum(ns) proc_alloc_inum(&(ns)->inum)
+static inline int ns_alloc_inum(struct ns_common *ns)
+{
+        atomic_long_set(&ns->stashed, 0);
+        return proc_alloc_inum(&ns->inum);
+}
 #define ns_free_inum(ns) proc_free_inum((ns)->inum)
+extern struct file *proc_ns_fget(int fd);
+#define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
+extern void *ns_get_path(struct path *path, struct task_struct *task,
+                        const struct proc_ns_operations *ns_ops);
+extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
+                        const struct proc_ns_operations *ns_ops);
+extern void nsfs_init(void);
 #endif /* _LINUX_PROC_NS_H */
diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h
index 77c60311a6c6..7d664ea85ebd 100644
--- a/include/uapi/linux/magic.h
+++ b/include/uapi/linux/magic.h
@@ -72,5 +72,6 @@
 #define MTD_INODE_FS_MAGIC      0x11307854
 #define ANON_INODE_FS_MAGIC     0x09041934
 #define BTRFS_TEST_MAGIC        0x73727279
+#define NSFS_MAGIC              0x6e736673
 #endif /* __LINUX_MAGIC_H__ */
diff --git a/init/main.c b/init/main.c
index 800a0daede7e..bcc75057ea87 100644
--- a/init/main.c
+++ b/init/main.c
@@ -78,6 +78,7 @@
 #include <linux/context_tracking.h>
 #include <linux/random.h>
 #include <linux/list.h>
+#include <linux/proc_ns.h>
 #include <asm/io.h>
 #include <asm/bugs.h>
@@ -660,6 +661,7 @@ asmlinkage __visible void __init start_kernel(void)
        /* rootfs populating might need page-writeback */
        page_writeback_init();
        proc_root_init();
+        nsfs_init();
        cgroup_init();
        cpuset_init();
        taskstats_init_early();
author	Al Viro <viro@zeniv.linux.org.uk>	2014-11-01 10:57:28 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2014-12-10 21:30:20 -0500
commit	e149ed2b805fefdccf7ccdfc19eca22fdd4514ac (patch)
tree	8c9cd88deff8c7309ca2acb8d4cb475aaca47b14
parent	f77c80142e1afe6d5c16975ca5d7d1fc324b16f9 (diff)

diff --git a/fs/Makefile b/fs/Makefile index 34a1b9dea6dd..34393376eaa2 100644 --- a/fs/Makefile +++ b/fs/Makefile
@@ -11,7 +11,7 @@ obj-y := open.o read_write.o file_table.o super.o \
11	attr.o bad_inode.o file.o filesystems.o namespace.o \	11	attr.o bad_inode.o file.o filesystems.o namespace.o \
12	seq_file.o xattr.o libfs.o fs-writeback.o \	12	seq_file.o xattr.o libfs.o fs-writeback.o \
13	pnode.o splice.o sync.o utimes.o \	13	pnode.o splice.o sync.o utimes.o \
14	stack.o fs_struct.o statfs.o fs_pin.o	14	stack.o fs_struct.o statfs.o fs_pin.o nsfs.o
15		15
16	ifeq ($(CONFIG_BLOCK),y)	16	ifeq ($(CONFIG_BLOCK),y)
17	obj-y += buffer.o block_dev.o direct-io.o mpage.o	17	obj-y += buffer.o block_dev.o direct-io.o mpage.o


diff --git a/fs/internal.h b/fs/internal.h index 757ba2abf21e..e9a61fe67575 100644 --- a/fs/internal.h +++ b/fs/internal.h
@@ -147,3 +147,8 @@ extern const struct file_operations pipefifo_fops;
147	*/	147	*/
148	extern void sb_pin_kill(struct super_block *sb);	148	extern void sb_pin_kill(struct super_block *sb);
149	extern void mnt_pin_kill(struct mount *m);	149	extern void mnt_pin_kill(struct mount *m);
		150
		151	/*
		152	* fs/nsfs.c
		153	*/
		154	extern struct dentry_operations ns_dentry_operations;


diff --git a/fs/namespace.c b/fs/namespace.c index 9dfb4cac0c41..30df6e7dd807 100644 --- a/fs/namespace.c +++ b/fs/namespace.c
@@ -1569,8 +1569,8 @@ SYSCALL_DEFINE1(oldumount, char __user *, name)
1569	static bool is_mnt_ns_file(struct dentry *dentry)	1569	static bool is_mnt_ns_file(struct dentry *dentry)
1570	{	1570	{
1571	/* Is this a proxy for a mount namespace? */	1571	/* Is this a proxy for a mount namespace? */
1572	struct inode *inode = dentry->d_inode;	1572	return dentry->d_op == &ns_dentry_operations &&
1573	return proc_ns_inode(inode) && dentry->d_fsdata == &mntns_operations;	1573	dentry->d_fsdata == &mntns_operations;
1574	}	1574	}
1575		1575
1576	struct mnt_namespace to_mnt_ns(struct ns_common ns)	1576	struct mnt_namespace to_mnt_ns(struct ns_common ns)
@@ -2016,7 +2016,10 @@ static int do_loopback(struct path path, const char old_name,
2016	if (IS_MNT_UNBINDABLE(old))	2016	if (IS_MNT_UNBINDABLE(old))
2017	goto out2;	2017	goto out2;
2018		2018
2019	if (!check_mnt(parent) \|\| !check_mnt(old))	2019	if (!check_mnt(parent))
		2020	goto out2;
		2021
		2022	if (!check_mnt(old) && old_path.dentry->d_op != &ns_dentry_operations)
2020	goto out2;	2023	goto out2;
2021		2024
2022	if (!recurse && has_locked_children(old, old_path.dentry))	2025	if (!recurse && has_locked_children(old, old_path.dentry))


diff --git a/fs/nsfs.c b/fs/nsfs.c new file mode 100644 index 000000000000..af1b24fa899d --- /dev/null +++ b/fs/nsfs.c
@@ -0,0 +1,161 @@
		1	#include <linux/mount.h>
		2	#include <linux/file.h>
		3	#include <linux/fs.h>
		4	#include <linux/proc_ns.h>
		5	#include <linux/magic.h>
		6	#include <linux/ktime.h>
		7
		8	static struct vfsmount *nsfs_mnt;
		9
		10	static const struct file_operations ns_file_operations = {
		11	.llseek = no_llseek,
		12	};
		13
		14	static char ns_dname(struct dentry dentry, char *buffer, int buflen)
		15	{
		16	struct inode *inode = dentry->d_inode;
		17	const struct proc_ns_operations *ns_ops = dentry->d_fsdata;
		18
		19	return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]",
		20	ns_ops->name, inode->i_ino);
		21	}
		22
		23	static void ns_prune_dentry(struct dentry *dentry)
		24	{
		25	struct inode *inode = dentry->d_inode;
		26	if (inode) {
		27	struct ns_common *ns = inode->i_private;
		28	atomic_long_set(&ns->stashed, 0);
		29	}
		30	}
		31
		32	const struct dentry_operations ns_dentry_operations =
		33	{
		34	.d_prune = ns_prune_dentry,
		35	.d_delete = always_delete_dentry,
		36	.d_dname = ns_dname,
		37	};
		38
		39	static void nsfs_evict(struct inode *inode)
		40	{
		41	struct ns_common *ns = inode->i_private;
		42	clear_inode(inode);
		43	ns->ops->put(ns);
		44	}
		45
		46	void ns_get_path(struct path path, struct task_struct *task,
		47	const struct proc_ns_operations *ns_ops)
		48	{
		49	struct vfsmount *mnt = mntget(nsfs_mnt);
		50	struct qstr qname = { .name = "", };
		51	struct dentry *dentry;
		52	struct inode *inode;
		53	struct ns_common *ns;
		54	unsigned long d;
		55
		56	again:
		57	ns = ns_ops->get(task);
		58	if (!ns) {
		59	mntput(mnt);
		60	return ERR_PTR(-ENOENT);
		61	}
		62	rcu_read_lock();
		63	d = atomic_long_read(&ns->stashed);
		64	if (!d)
		65	goto slow;
		66	dentry = (struct dentry *)d;
		67	if (!lockref_get_not_dead(&dentry->d_lockref))
		68	goto slow;
		69	rcu_read_unlock();
		70	ns_ops->put(ns);
		71	got_it:
		72	path->mnt = mnt;
		73	path->dentry = dentry;
		74	return NULL;
		75	slow:
		76	rcu_read_unlock();
		77	inode = new_inode_pseudo(mnt->mnt_sb);
		78	if (!inode) {
		79	ns_ops->put(ns);
		80	mntput(mnt);
		81	return ERR_PTR(-ENOMEM);
		82	}
		83	inode->i_ino = ns->inum;
		84	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
		85	inode->i_flags \|= S_IMMUTABLE;
		86	inode->i_mode = S_IFREG \| S_IRUGO;
		87	inode->i_fop = &ns_file_operations;
		88	inode->i_private = ns;
		89
		90	dentry = d_alloc_pseudo(mnt->mnt_sb, &qname);
		91	if (!dentry) {
		92	iput(inode);
		93	mntput(mnt);
		94	return ERR_PTR(-ENOMEM);
		95	}
		96	d_instantiate(dentry, inode);
		97	dentry->d_fsdata = (void *)ns_ops;
		98	d = atomic_long_cmpxchg(&ns->stashed, 0, (unsigned long)dentry);
		99	if (d) {
		100	d_delete(dentry); /* make sure ->d_prune() does nothing */
		101	dput(dentry);
		102	cpu_relax();
		103	goto again;
		104	}
		105	goto got_it;
		106	}
		107
		108	int ns_get_name(char buf, size_t size, struct task_struct task,
		109	const struct proc_ns_operations *ns_ops)
		110	{
		111	struct ns_common *ns;
		112	int res = -ENOENT;
		113	ns = ns_ops->get(task);
		114	if (ns) {
		115	res = snprintf(buf, size, "%s:[%u]", ns_ops->name, ns->inum);
		116	ns_ops->put(ns);
		117	}
		118	return res;
		119	}
		120
		121	struct file *proc_ns_fget(int fd)
		122	{
		123	struct file *file;
		124
		125	file = fget(fd);
		126	if (!file)
		127	return ERR_PTR(-EBADF);
		128
		129	if (file->f_op != &ns_file_operations)
		130	goto out_invalid;
		131
		132	return file;
		133
		134	out_invalid:
		135	fput(file);
		136	return ERR_PTR(-EINVAL);
		137	}
		138
		139	static const struct super_operations nsfs_ops = {
		140	.statfs = simple_statfs,
		141	.evict_inode = nsfs_evict,
		142	};
		143	static struct dentry nsfs_mount(struct file_system_type fs_type,
		144	int flags, const char dev_name, void data)
		145	{
		146	return mount_pseudo(fs_type, "nsfs:", &nsfs_ops,
		147	&ns_dentry_operations, NSFS_MAGIC);
		148	}
		149	static struct file_system_type nsfs = {
		150	.name = "nsfs",
		151	.mount = nsfs_mount,
		152	.kill_sb = kill_anon_super,
		153	};
		154
		155	void __init nsfs_init(void)
		156	{
		157	nsfs_mnt = kern_mount(&nsfs);
		158	if (IS_ERR(nsfs_mnt))
		159	panic("can't set nsfs up\n");
		160	nsfs_mnt->mnt_sb->s_flags &= ~MS_NOUSER;
		161	}


diff --git a/fs/proc/inode.c b/fs/proc/inode.c index a212996e0987..57a9be9a6668 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c
@@ -32,7 +32,6 @@ static void proc_evict_inode(struct inode *inode)
32	{	32	{
33	struct proc_dir_entry *de;	33	struct proc_dir_entry *de;
34	struct ctl_table_header *head;	34	struct ctl_table_header *head;
35	struct ns_common *ns;
36		35
37	truncate_inode_pages_final(&inode->i_data);	36	truncate_inode_pages_final(&inode->i_data);
38	clear_inode(inode);	37	clear_inode(inode);
@@ -49,10 +48,6 @@ static void proc_evict_inode(struct inode *inode)
49	RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL);	48	RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL);
50	sysctl_head_put(head);	49	sysctl_head_put(head);
51	}	50	}
52	/* Release any associated namespace */
53	ns = PROC_I(inode)->ns.ns;
54	if (ns && ns->ops)
55	ns->ops->put(ns);
56	}	51	}
57		52
58	static struct kmem_cache * proc_inode_cachep;	53	static struct kmem_cache * proc_inode_cachep;


diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c index 18fc1cf899de..aaaac77abad0 100644 --- a/fs/proc/namespaces.c +++ b/fs/proc/namespaces.c
@@ -1,10 +1,6 @@
1	#include <linux/proc_fs.h>	1	#include <linux/proc_fs.h>
2	#include <linux/nsproxy.h>	2	#include <linux/nsproxy.h>
3	#include <linux/sched.h>
4	#include <linux/ptrace.h>	3	#include <linux/ptrace.h>
5	#include <linux/fs_struct.h>
6	#include <linux/mount.h>
7	#include <linux/path.h>
8	#include <linux/namei.h>	4	#include <linux/namei.h>
9	#include <linux/file.h>	5	#include <linux/file.h>
10	#include <linux/utsname.h>	6	#include <linux/utsname.h>
@@ -34,139 +30,45 @@ static const struct proc_ns_operations *ns_entries[] = {
34	&mntns_operations,	30	&mntns_operations,
35	};	31	};
36		32
37	static const struct file_operations ns_file_operations = {
38	.llseek = no_llseek,
39	};
40
41	static const struct inode_operations ns_inode_operations = {
42	.setattr = proc_setattr,
43	};
44
45	static char ns_dname(struct dentry dentry, char *buffer, int buflen)
46	{
47	struct inode *inode = dentry->d_inode;
48	const struct proc_ns_operations *ns_ops = dentry->d_fsdata;
49
50	return dynamic_dname(dentry, buffer, buflen, "%s:[%lu]",
51	ns_ops->name, inode->i_ino);
52	}
53
54	const struct dentry_operations ns_dentry_operations =
55	{
56	.d_delete = always_delete_dentry,
57	.d_dname = ns_dname,
58	};
59
60	static struct dentry proc_ns_get_dentry(struct super_block sb,
61	struct task_struct task, const struct proc_ns_operations ns_ops)
62	{
63	struct dentry dentry, result;
64	struct inode *inode;
65	struct proc_inode *ei;
66	struct qstr qname = { .name = "", };
67	struct ns_common *ns;
68
69	ns = ns_ops->get(task);
70	if (!ns)
71	return ERR_PTR(-ENOENT);
72
73	dentry = d_alloc_pseudo(sb, &qname);
74	if (!dentry) {
75	ns_ops->put(ns);
76	return ERR_PTR(-ENOMEM);
77	}
78	dentry->d_fsdata = (void *)ns_ops;
79
80	inode = iget_locked(sb, ns->inum);
81	if (!inode) {
82	dput(dentry);
83	ns_ops->put(ns);
84	return ERR_PTR(-ENOMEM);
85	}
86
87	ei = PROC_I(inode);
88	if (inode->i_state & I_NEW) {
89	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
90	inode->i_op = &ns_inode_operations;
91	inode->i_mode = S_IFREG \| S_IRUGO;
92	inode->i_fop = &ns_file_operations;
93	ei->ns.ns_ops = ns_ops;
94	ei->ns.ns = ns;
95	unlock_new_inode(inode);
96	} else {
97	ns_ops->put(ns);
98	}
99
100	d_set_d_op(dentry, &ns_dentry_operations);
101	result = d_instantiate_unique(dentry, inode);
102	if (result) {
103	dput(dentry);
104	dentry = result;
105	}
106
107	return dentry;
108	}
109
110	static void proc_ns_follow_link(struct dentry dentry, struct nameidata *nd)	33	static void proc_ns_follow_link(struct dentry dentry, struct nameidata *nd)
111	{	34	{
112	struct inode *inode = dentry->d_inode;	35	struct inode *inode = dentry->d_inode;
113	struct super_block *sb = inode->i_sb;	36	const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops;
114	struct proc_inode *ei = PROC_I(inode);
115	struct task_struct *task;	37	struct task_struct *task;
116	struct path ns_path;	38	struct path ns_path;
117	void *error = ERR_PTR(-EACCES);	39	void *error = ERR_PTR(-EACCES);
118		40
119	task = get_proc_task(inode);	41	task = get_proc_task(inode);
120	if (!task)	42	if (!task)
121	goto out;	43	return error;
122		44
123	if (!ptrace_may_access(task, PTRACE_MODE_READ))	45	if (ptrace_may_access(task, PTRACE_MODE_READ)) {
124	goto out_put_task;	46	error = ns_get_path(&ns_path, task, ns_ops);
125		47	if (!error)
126	ns_path.dentry = proc_ns_get_dentry(sb, task, ei->ns.ns_ops);	48	nd_jump_link(nd, &ns_path);
127	if (IS_ERR(ns_path.dentry)) {
128	error = ERR_CAST(ns_path.dentry);
129	goto out_put_task;
130	}	49	}
131
132	ns_path.mnt = mntget(nd->path.mnt);
133	nd_jump_link(nd, &ns_path);
134	error = NULL;
135
136	out_put_task:
137	put_task_struct(task);	50	put_task_struct(task);
138	out:
139	return error;	51	return error;
140	}	52	}
141		53
142	static int proc_ns_readlink(struct dentry dentry, char __user buffer, int buflen)	54	static int proc_ns_readlink(struct dentry dentry, char __user buffer, int buflen)
143	{	55	{
144	struct inode *inode = dentry->d_inode;	56	struct inode *inode = dentry->d_inode;
145	struct proc_inode *ei = PROC_I(inode);	57	const struct proc_ns_operations *ns_ops = PROC_I(inode)->ns.ns_ops;
146	const struct proc_ns_operations *ns_ops = ei->ns.ns_ops;
147	struct task_struct *task;	58	struct task_struct *task;
148	struct ns_common *ns;
149	char name[50];	59	char name[50];
150	int res = -EACCES;	60	int res = -EACCES;
151		61
152	task = get_proc_task(inode);	62	task = get_proc_task(inode);
153	if (!task)	63	if (!task)
154	goto out;	64	return res;
155
156	if (!ptrace_may_access(task, PTRACE_MODE_READ))
157	goto out_put_task;
158		65
159	res = -ENOENT;	66	if (ptrace_may_access(task, PTRACE_MODE_READ)) {
160	ns = ns_ops->get(task);	67	res = ns_get_name(name, sizeof(name), task, ns_ops);
161	if (!ns)	68	if (res >= 0)
162	goto out_put_task;	69	res = readlink_copy(buffer, buflen, name);
163		70	}
164	snprintf(name, sizeof(name), "%s:[%u]", ns_ops->name, ns->inum);
165	res = readlink_copy(buffer, buflen, name);
166	ns_ops->put(ns);
167	out_put_task:
168	put_task_struct(task);	71	put_task_struct(task);
169	out:
170	return res;	72	return res;
171	}	73	}
172		74
@@ -268,31 +170,3 @@ const struct inode_operations proc_ns_dir_inode_operations = {
268	.getattr = pid_getattr,	170	.getattr = pid_getattr,
269	.setattr = proc_setattr,	171	.setattr = proc_setattr,
270	};	172	};
271
272	struct file *proc_ns_fget(int fd)
273	{
274	struct file *file;
275
276	file = fget(fd);
277	if (!file)
278	return ERR_PTR(-EBADF);
279
280	if (file->f_op != &ns_file_operations)
281	goto out_invalid;
282
283	return file;
284
285	out_invalid:
286	fput(file);
287	return ERR_PTR(-EINVAL);
288	}
289
290	struct ns_common get_proc_ns(struct inode inode)
291	{
292	return PROC_I(inode)->ns.ns;
293	}
294
295	bool proc_ns_inode(struct inode *inode)
296	{
297	return inode->i_fop == &ns_file_operations;
298	}


diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h index ce23cf4bbe69..85a5c8c16be9 100644 --- a/include/linux/ns_common.h +++ b/include/linux/ns_common.h
@@ -4,6 +4,7 @@
4	struct proc_ns_operations;	4	struct proc_ns_operations;
5		5
6	struct ns_common {	6	struct ns_common {
		7	atomic_long_t stashed;
7	const struct proc_ns_operations *ops;	8	const struct proc_ns_operations *ops;
8	unsigned int inum;	9	unsigned int inum;
9	};	10	};


diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h index 2837ff41cfe3..42dfc615dbf8 100644 --- a/include/linux/proc_ns.h +++ b/include/linux/proc_ns.h
@@ -4,9 +4,11 @@
4	#ifndef _LINUX_PROC_NS_H	4	#ifndef _LINUX_PROC_NS_H
5	#define _LINUX_PROC_NS_H	5	#define _LINUX_PROC_NS_H
6		6
		7	#include <linux/ns_common.h>
		8
7	struct pid_namespace;	9	struct pid_namespace;
8	struct nsproxy;	10	struct nsproxy;
9	struct ns_common;	11	struct path;
10		12
11	struct proc_ns_operations {	13	struct proc_ns_operations {
12	const char *name;	14	const char *name;
@@ -38,35 +40,38 @@ enum {
38		40
39	extern int pid_ns_prepare_proc(struct pid_namespace *ns);	41	extern int pid_ns_prepare_proc(struct pid_namespace *ns);
40	extern void pid_ns_release_proc(struct pid_namespace *ns);	42	extern void pid_ns_release_proc(struct pid_namespace *ns);
41	extern struct file *proc_ns_fget(int fd);
42	extern struct ns_common get_proc_ns(struct inode );
43	extern int proc_alloc_inum(unsigned int *pino);	43	extern int proc_alloc_inum(unsigned int *pino);
44	extern void proc_free_inum(unsigned int inum);	44	extern void proc_free_inum(unsigned int inum);
45	extern bool proc_ns_inode(struct inode *inode);
46		45
47	#else /* CONFIG_PROC_FS */	46	#else /* CONFIG_PROC_FS */
48		47
49	static inline int pid_ns_prepare_proc(struct pid_namespace *ns) { return 0; }	48	static inline int pid_ns_prepare_proc(struct pid_namespace *ns) { return 0; }
50	static inline void pid_ns_release_proc(struct pid_namespace *ns) {}	49	static inline void pid_ns_release_proc(struct pid_namespace *ns) {}
51		50
52	static inline struct file *proc_ns_fget(int fd)
53	{
54	return ERR_PTR(-EINVAL);
55	}
56
57	static inline struct ns_common get_proc_ns(struct inode inode) { return NULL; }
58
59	static inline int proc_alloc_inum(unsigned int *inum)	51	static inline int proc_alloc_inum(unsigned int *inum)
60	{	52	{
61	*inum = 1;	53	*inum = 1;
62	return 0;	54	return 0;
63	}	55	}
64	static inline void proc_free_inum(unsigned int inum) {}	56	static inline void proc_free_inum(unsigned int inum) {}
65	static inline bool proc_ns_inode(struct inode *inode) { return false; }
66		57
67	#endif /* CONFIG_PROC_FS */	58	#endif /* CONFIG_PROC_FS */
68		59
69	#define ns_alloc_inum(ns) proc_alloc_inum(&(ns)->inum)	60	static inline int ns_alloc_inum(struct ns_common *ns)
		61	{
		62	atomic_long_set(&ns->stashed, 0);
		63	return proc_alloc_inum(&ns->inum);
		64	}
		65
70	#define ns_free_inum(ns) proc_free_inum((ns)->inum)	66	#define ns_free_inum(ns) proc_free_inum((ns)->inum)
71		67
		68	extern struct file *proc_ns_fget(int fd);
		69	#define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
		70	extern void ns_get_path(struct path path, struct task_struct *task,
		71	const struct proc_ns_operations *ns_ops);
		72
		73	extern int ns_get_name(char buf, size_t size, struct task_struct task,
		74	const struct proc_ns_operations *ns_ops);
		75	extern void nsfs_init(void);
		76
72	#endif /* _LINUX_PROC_NS_H */	77	#endif /* _LINUX_PROC_NS_H */


diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h index 77c60311a6c6..7d664ea85ebd 100644 --- a/include/uapi/linux/magic.h +++ b/include/uapi/linux/magic.h
@@ -72,5 +72,6 @@
72	#define MTD_INODE_FS_MAGIC 0x11307854	72	#define MTD_INODE_FS_MAGIC 0x11307854
73	#define ANON_INODE_FS_MAGIC 0x09041934	73	#define ANON_INODE_FS_MAGIC 0x09041934
74	#define BTRFS_TEST_MAGIC 0x73727279	74	#define BTRFS_TEST_MAGIC 0x73727279
		75	#define NSFS_MAGIC 0x6e736673
75		76
76	#endif /* __LINUX_MAGIC_H__ */	77	#endif /* __LINUX_MAGIC_H__ */


diff --git a/init/main.c b/init/main.c index 800a0daede7e..bcc75057ea87 100644 --- a/init/main.c +++ b/init/main.c
@@ -78,6 +78,7 @@
78	#include <linux/context_tracking.h>	78	#include <linux/context_tracking.h>
79	#include <linux/random.h>	79	#include <linux/random.h>
80	#include <linux/list.h>	80	#include <linux/list.h>
		81	#include <linux/proc_ns.h>
81		82
82	#include <asm/io.h>	83	#include <asm/io.h>
83	#include <asm/bugs.h>	84	#include <asm/bugs.h>
@@ -660,6 +661,7 @@ asmlinkage __visible void __init start_kernel(void)
660	/* rootfs populating might need page-writeback */	661	/* rootfs populating might need page-writeback */
661	page_writeback_init();	662	page_writeback_init();
662	proc_root_init();	663	proc_root_init();
		664	nsfs_init();
663	cgroup_init();	665	cgroup_init();
664	cpuset_init();	666	cpuset_init();
665	taskstats_init_early();	667	taskstats_init_early();