aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2008-03-07 14:08:40 -0500
committerDavid S. Miller <davem@davemloft.net>2008-03-07 14:08:40 -0500
commite9720acd728a46cb40daa52c99a979f7c4ff195c (patch)
tree01380f601384cf93f30dedb64afe80359fecb807 /fs
parent1ff82fe0024e8070c38346b8abc1ff09612dea4c (diff)
[NET]: Make /proc/net a symlink on /proc/self/net (v3)
Current /proc/net is done with so called "shadows", but current implementation is broken and has little chances to get fixed. The problem is that dentries subtree of /proc/net directory has fancy revalidation rules to make processes living in different net namespaces see different entries in /proc/net subtree, but currently, tasks see in the /proc/net subdir the contents of any other namespace, depending on who opened the file first. The proposed fix is to turn /proc/net into a symlink, which points to /proc/self/net, which in turn shows what previously was in /proc/net - the network-related info, from the net namespace the appropriate task lives in. # ls -l /proc/net lrwxrwxrwx 1 root root 8 Mar 5 15:17 /proc/net -> self/net In other words - this behaves like /proc/mounts, but unlike "mounts", "net" is not a file, but a directory. Changes from v2: * Fixed discrepancy of /proc/net nlink count and selinux labeling screwup pointed out by Stephen. To get the correct nlink count the ->getattr callback for /proc/net is overridden to read one from the net->proc_net entry. To make selinux still work the net->proc_net entry is initialized properly, i.e. with the "net" name and the proc_net parent. Selinux fixes are Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Changes from v1: * Fixed a task_struct leak in get_proc_task_net, pointed out by Paul. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs')
-rw-r--r--fs/proc/base.c1
-rw-r--r--fs/proc/generic.c26
-rw-r--r--fs/proc/internal.h7
-rw-r--r--fs/proc/proc_net.c117
4 files changed, 114 insertions, 37 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 96ee899d6502..cc43cf0c1fa5 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2274,6 +2274,7 @@ static const struct pid_entry tgid_base_stuff[] = {
2274 DIR("task", S_IRUGO|S_IXUGO, task), 2274 DIR("task", S_IRUGO|S_IXUGO, task),
2275 DIR("fd", S_IRUSR|S_IXUSR, fd), 2275 DIR("fd", S_IRUSR|S_IXUSR, fd),
2276 DIR("fdinfo", S_IRUSR|S_IXUSR, fdinfo), 2276 DIR("fdinfo", S_IRUSR|S_IXUSR, fdinfo),
2277 DIR("net", S_IRUGO|S_IXUSR, net),
2277 REG("environ", S_IRUSR, environ), 2278 REG("environ", S_IRUSR, environ),
2278 INF("auxv", S_IRUSR, pid_auxv), 2279 INF("auxv", S_IRUSR, pid_auxv),
2279 ONE("status", S_IRUGO, pid_status), 2280 ONE("status", S_IRUGO, pid_status),
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 68971e66cd41..a36ad3c75cf4 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -377,15 +377,14 @@ static struct dentry_operations proc_dentry_operations =
377 * Don't create negative dentries here, return -ENOENT by hand 377 * Don't create negative dentries here, return -ENOENT by hand
378 * instead. 378 * instead.
379 */ 379 */
380struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry, struct nameidata *nd) 380struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *dir,
381 struct dentry *dentry)
381{ 382{
382 struct inode *inode = NULL; 383 struct inode *inode = NULL;
383 struct proc_dir_entry * de;
384 int error = -ENOENT; 384 int error = -ENOENT;
385 385
386 lock_kernel(); 386 lock_kernel();
387 spin_lock(&proc_subdir_lock); 387 spin_lock(&proc_subdir_lock);
388 de = PDE(dir);
389 if (de) { 388 if (de) {
390 for (de = de->subdir; de ; de = de->next) { 389 for (de = de->subdir; de ; de = de->next) {
391 if (de->namelen != dentry->d_name.len) 390 if (de->namelen != dentry->d_name.len)
@@ -393,8 +392,6 @@ struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry, struct nam
393 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) { 392 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
394 unsigned int ino; 393 unsigned int ino;
395 394
396 if (de->shadow_proc)
397 de = de->shadow_proc(current, de);
398 ino = de->low_ino; 395 ino = de->low_ino;
399 de_get(de); 396 de_get(de);
400 spin_unlock(&proc_subdir_lock); 397 spin_unlock(&proc_subdir_lock);
@@ -417,6 +414,12 @@ out_unlock:
417 return ERR_PTR(error); 414 return ERR_PTR(error);
418} 415}
419 416
417struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
418 struct nameidata *nd)
419{
420 return proc_lookup_de(PDE(dir), dir, dentry);
421}
422
420/* 423/*
421 * This returns non-zero if at EOF, so that the /proc 424 * This returns non-zero if at EOF, so that the /proc
422 * root directory can use this and check if it should 425 * root directory can use this and check if it should
@@ -426,10 +429,9 @@ out_unlock:
426 * value of the readdir() call, as long as it's non-negative 429 * value of the readdir() call, as long as it's non-negative
427 * for success.. 430 * for success..
428 */ 431 */
429int proc_readdir(struct file * filp, 432int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,
430 void * dirent, filldir_t filldir) 433 filldir_t filldir)
431{ 434{
432 struct proc_dir_entry * de;
433 unsigned int ino; 435 unsigned int ino;
434 int i; 436 int i;
435 struct inode *inode = filp->f_path.dentry->d_inode; 437 struct inode *inode = filp->f_path.dentry->d_inode;
@@ -438,7 +440,6 @@ int proc_readdir(struct file * filp,
438 lock_kernel(); 440 lock_kernel();
439 441
440 ino = inode->i_ino; 442 ino = inode->i_ino;
441 de = PDE(inode);
442 if (!de) { 443 if (!de) {
443 ret = -EINVAL; 444 ret = -EINVAL;
444 goto out; 445 goto out;
@@ -499,6 +500,13 @@ out: unlock_kernel();
499 return ret; 500 return ret;
500} 501}
501 502
503int proc_readdir(struct file *filp, void *dirent, filldir_t filldir)
504{
505 struct inode *inode = filp->f_path.dentry->d_inode;
506
507 return proc_readdir_de(PDE(inode), filp, dirent, filldir);
508}
509
502/* 510/*
503 * These are the generic /proc directory operations. They 511 * These are the generic /proc directory operations. They
504 * use the in-memory "struct proc_dir_entry" tree to parse 512 * use the in-memory "struct proc_dir_entry" tree to parse
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 1c81c8f1aeed..bc72f5c8c47d 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -64,6 +64,8 @@ extern const struct file_operations proc_numa_maps_operations;
64extern const struct file_operations proc_smaps_operations; 64extern const struct file_operations proc_smaps_operations;
65extern const struct file_operations proc_clear_refs_operations; 65extern const struct file_operations proc_clear_refs_operations;
66extern const struct file_operations proc_pagemap_operations; 66extern const struct file_operations proc_pagemap_operations;
67extern const struct file_operations proc_net_operations;
68extern const struct inode_operations proc_net_inode_operations;
67 69
68void free_proc_entry(struct proc_dir_entry *de); 70void free_proc_entry(struct proc_dir_entry *de);
69 71
@@ -83,3 +85,8 @@ static inline int proc_fd(struct inode *inode)
83{ 85{
84 return PROC_I(inode)->fd; 86 return PROC_I(inode)->fd;
85} 87}
88
89struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *ino,
90 struct dentry *dentry);
91int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,
92 filldir_t filldir);
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index 14e9b5aaf863..4caa5f774fb7 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -63,6 +63,82 @@ int seq_release_net(struct inode *ino, struct file *f)
63} 63}
64EXPORT_SYMBOL_GPL(seq_release_net); 64EXPORT_SYMBOL_GPL(seq_release_net);
65 65
66static struct net *get_proc_task_net(struct inode *dir)
67{
68 struct task_struct *task;
69 struct nsproxy *ns;
70 struct net *net = NULL;
71
72 rcu_read_lock();
73 task = pid_task(proc_pid(dir), PIDTYPE_PID);
74 if (task != NULL) {
75 ns = task_nsproxy(task);
76 if (ns != NULL)
77 net = get_net(ns->net_ns);
78 }
79 rcu_read_unlock();
80
81 return net;
82}
83
84static struct dentry *proc_tgid_net_lookup(struct inode *dir,
85 struct dentry *dentry, struct nameidata *nd)
86{
87 struct dentry *de;
88 struct net *net;
89
90 de = ERR_PTR(-ENOENT);
91 net = get_proc_task_net(dir);
92 if (net != NULL) {
93 de = proc_lookup_de(net->proc_net, dir, dentry);
94 put_net(net);
95 }
96 return de;
97}
98
99static int proc_tgid_net_getattr(struct vfsmount *mnt, struct dentry *dentry,
100 struct kstat *stat)
101{
102 struct inode *inode = dentry->d_inode;
103 struct net *net;
104
105 net = get_proc_task_net(inode);
106
107 generic_fillattr(inode, stat);
108
109 if (net != NULL) {
110 stat->nlink = net->proc_net->nlink;
111 put_net(net);
112 }
113
114 return 0;
115}
116
117const struct inode_operations proc_net_inode_operations = {
118 .lookup = proc_tgid_net_lookup,
119 .getattr = proc_tgid_net_getattr,
120};
121
122static int proc_tgid_net_readdir(struct file *filp, void *dirent,
123 filldir_t filldir)
124{
125 int ret;
126 struct net *net;
127
128 ret = -EINVAL;
129 net = get_proc_task_net(filp->f_path.dentry->d_inode);
130 if (net != NULL) {
131 ret = proc_readdir_de(net->proc_net, filp, dirent, filldir);
132 put_net(net);
133 }
134 return ret;
135}
136
137const struct file_operations proc_net_operations = {
138 .read = generic_read_dir,
139 .readdir = proc_tgid_net_readdir,
140};
141
66 142
67struct proc_dir_entry *proc_net_fops_create(struct net *net, 143struct proc_dir_entry *proc_net_fops_create(struct net *net,
68 const char *name, mode_t mode, const struct file_operations *fops) 144 const char *name, mode_t mode, const struct file_operations *fops)
@@ -83,14 +159,6 @@ struct net *get_proc_net(const struct inode *inode)
83} 159}
84EXPORT_SYMBOL_GPL(get_proc_net); 160EXPORT_SYMBOL_GPL(get_proc_net);
85 161
86static struct proc_dir_entry *shadow_pde;
87
88static struct proc_dir_entry *proc_net_shadow(struct task_struct *task,
89 struct proc_dir_entry *de)
90{
91 return task->nsproxy->net_ns->proc_net;
92}
93
94struct proc_dir_entry *proc_net_mkdir(struct net *net, const char *name, 162struct proc_dir_entry *proc_net_mkdir(struct net *net, const char *name,
95 struct proc_dir_entry *parent) 163 struct proc_dir_entry *parent)
96{ 164{
@@ -104,45 +172,39 @@ EXPORT_SYMBOL_GPL(proc_net_mkdir);
104 172
105static __net_init int proc_net_ns_init(struct net *net) 173static __net_init int proc_net_ns_init(struct net *net)
106{ 174{
107 struct proc_dir_entry *root, *netd, *net_statd; 175 struct proc_dir_entry *netd, *net_statd;
108 int err; 176 int err;
109 177
110 err = -ENOMEM; 178 err = -ENOMEM;
111 root = kzalloc(sizeof(*root), GFP_KERNEL); 179 netd = kzalloc(sizeof(*netd), GFP_KERNEL);
112 if (!root) 180 if (!netd)
113 goto out; 181 goto out;
114 182
115 err = -EEXIST; 183 netd->data = net;
116 netd = proc_net_mkdir(net, "net", root); 184 netd->nlink = 2;
117 if (!netd) 185 netd->name = "net";
118 goto free_root; 186 netd->namelen = 3;
187 netd->parent = &proc_root;
119 188
120 err = -EEXIST; 189 err = -EEXIST;
121 net_statd = proc_net_mkdir(net, "stat", netd); 190 net_statd = proc_net_mkdir(net, "stat", netd);
122 if (!net_statd) 191 if (!net_statd)
123 goto free_net; 192 goto free_net;
124 193
125 root->data = net;
126
127 net->proc_net_root = root;
128 net->proc_net = netd; 194 net->proc_net = netd;
129 net->proc_net_stat = net_statd; 195 net->proc_net_stat = net_statd;
130 err = 0; 196 return 0;
131 197
198free_net:
199 kfree(netd);
132out: 200out:
133 return err; 201 return err;
134free_net:
135 remove_proc_entry("net", root);
136free_root:
137 kfree(root);
138 goto out;
139} 202}
140 203
141static __net_exit void proc_net_ns_exit(struct net *net) 204static __net_exit void proc_net_ns_exit(struct net *net)
142{ 205{
143 remove_proc_entry("stat", net->proc_net); 206 remove_proc_entry("stat", net->proc_net);
144 remove_proc_entry("net", net->proc_net_root); 207 kfree(net->proc_net);
145 kfree(net->proc_net_root);
146} 208}
147 209
148static struct pernet_operations __net_initdata proc_net_ns_ops = { 210static struct pernet_operations __net_initdata proc_net_ns_ops = {
@@ -152,8 +214,7 @@ static struct pernet_operations __net_initdata proc_net_ns_ops = {
152 214
153int __init proc_net_init(void) 215int __init proc_net_init(void)
154{ 216{
155 shadow_pde = proc_mkdir("net", NULL); 217 proc_symlink("net", NULL, "self/net");
156 shadow_pde->shadow_proc = proc_net_shadow;
157 218
158 return register_pernet_subsys(&proc_net_ns_ops); 219 return register_pernet_subsys(&proc_net_ns_ops);
159} 220}