From patchwork Sat Jan 25 13:05:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 11351583 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 08C061398 for ; Sat, 25 Jan 2020 13:07:24 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 3D2A32071E for ; Sat, 25 Jan 2020 13:07:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3D2A32071E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17605-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 11495 invoked by uid 550); 25 Jan 2020 13:06:58 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11389 invoked from network); 25 Jan 2020 13:06:56 -0000 From: Alexey Gladkov To: LKML , Kernel Hardening , Linux API , Linux FS Devel , Linux Security Module Cc: Akinobu Mita , Alexander Viro , Alexey Dobriyan , Alexey Gladkov , Andrew Morton , Andy Lutomirski , Daniel Micay , Djalal Harouni , "Dmitry V . Levin" , "Eric W . Biederman" , Greg Kroah-Hartman , Ingo Molnar , "J . Bruce Fields" , Jeff Layton , Jonathan Corbet , Kees Cook , Linus Torvalds , Oleg Nesterov , Solar Designer , Stephen Rothwell Subject: [PATCH v7 03/11] proc: move /proc/{self|thread-self} dentries to proc_fs_info Date: Sat, 25 Jan 2020 14:05:33 +0100 Message-Id: <20200125130541.450409-4-gladkov.alexey@gmail.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200125130541.450409-1-gladkov.alexey@gmail.com> References: <20200125130541.450409-1-gladkov.alexey@gmail.com> MIME-Version: 1.0 This is a preparation patch that moves /proc/{self|thread-self} dentries to be stored inside procfs fs_info struct instead of making them per pid namespace. Since we want to support multiple procfs instances we need to make sure that these dentries are also per-superblock instead of per-pidns, unmounting a private procfs won't clash with other procfs mounts. Cc: Kees Cook Cc: Andy Lutomirski Signed-off-by: Djalal Harouni Signed-off-by: Alexey Gladkov --- fs/proc/base.c | 5 +++-- fs/proc/root.c | 8 ++++---- fs/proc/self.c | 4 ++-- fs/proc/thread_self.c | 6 +++--- include/linux/pid_namespace.h | 4 +--- include/linux/proc_fs.h | 2 ++ 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 672e71c52dbd..1eb366ad8b06 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3316,6 +3316,7 @@ static struct tgid_iter next_tgid(struct pid_namespace *ns, struct tgid_iter ite int proc_pid_readdir(struct file *file, struct dir_context *ctx) { struct tgid_iter iter; + struct proc_fs_info *fs_info = proc_sb_info(file_inode(file)->i_sb); struct pid_namespace *ns = proc_pid_ns(file_inode(file)); loff_t pos = ctx->pos; @@ -3323,13 +3324,13 @@ int proc_pid_readdir(struct file *file, struct dir_context *ctx) return 0; if (pos == TGID_OFFSET - 2) { - struct inode *inode = d_inode(ns->proc_self); + struct inode *inode = d_inode(fs_info->proc_self); if (!dir_emit(ctx, "self", 4, inode->i_ino, DT_LNK)) return 0; ctx->pos = pos = pos + 1; } if (pos == TGID_OFFSET - 1) { - struct inode *inode = d_inode(ns->proc_thread_self); + struct inode *inode = d_inode(fs_info->proc_thread_self); if (!dir_emit(ctx, "thread-self", 11, inode->i_ino, DT_LNK)) return 0; ctx->pos = pos = pos + 1; diff --git a/fs/proc/root.c b/fs/proc/root.c index d449f095f0f7..637e26cc795e 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c @@ -210,10 +210,10 @@ static void proc_kill_sb(struct super_block *sb) { struct proc_fs_info *fs_info = proc_sb_info(sb); - if (fs_info->pid_ns->proc_self) - dput(fs_info->pid_ns->proc_self); - if (fs_info->pid_ns->proc_thread_self) - dput(fs_info->pid_ns->proc_thread_self); + if (fs_info->proc_self) + dput(fs_info->proc_self); + if (fs_info->proc_thread_self) + dput(fs_info->proc_thread_self); kill_anon_super(sb); put_pid_ns(fs_info->pid_ns); kfree(fs_info); diff --git a/fs/proc/self.c b/fs/proc/self.c index 57c0a1047250..846fc2b7c8a8 100644 --- a/fs/proc/self.c +++ b/fs/proc/self.c @@ -36,7 +36,7 @@ static unsigned self_inum __ro_after_init; int proc_setup_self(struct super_block *s) { struct inode *root_inode = d_inode(s->s_root); - struct pid_namespace *ns = proc_pid_ns(root_inode); + struct proc_fs_info *fs_info = proc_sb_info(s); struct dentry *self; int ret = -ENOMEM; @@ -62,7 +62,7 @@ int proc_setup_self(struct super_block *s) if (ret) pr_err("proc_fill_super: can't allocate /proc/self\n"); else - ns->proc_self = self; + fs_info->proc_self = self; return ret; } diff --git a/fs/proc/thread_self.c b/fs/proc/thread_self.c index f61ae53533f5..2493cbbdfa6f 100644 --- a/fs/proc/thread_self.c +++ b/fs/proc/thread_self.c @@ -36,7 +36,7 @@ static unsigned thread_self_inum __ro_after_init; int proc_setup_thread_self(struct super_block *s) { struct inode *root_inode = d_inode(s->s_root); - struct pid_namespace *ns = proc_pid_ns(root_inode); + struct proc_fs_info *fs_info = proc_sb_info(s); struct dentry *thread_self; int ret = -ENOMEM; @@ -60,9 +60,9 @@ int proc_setup_thread_self(struct super_block *s) inode_unlock(root_inode); if (ret) - pr_err("proc_fill_super: can't allocate /proc/thread_self\n"); + pr_err("proc_fill_super: can't allocate /proc/thread-self\n"); else - ns->proc_thread_self = thread_self; + fs_info->proc_thread_self = thread_self; return ret; } diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 49538b172483..f91a8bf6e09e 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -31,9 +31,7 @@ struct pid_namespace { unsigned int level; struct pid_namespace *parent; #ifdef CONFIG_PROC_FS - struct vfsmount *proc_mnt; - struct dentry *proc_self; - struct dentry *proc_thread_self; + struct vfsmount *proc_mnt; /* Internal proc mounted during each new pidns */ #endif #ifdef CONFIG_BSD_PROCESS_ACCT struct fs_pin *bacct; diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 2d79489e55aa..59162988998e 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -14,6 +14,8 @@ struct seq_operations; struct proc_fs_info { struct pid_namespace *pid_ns; + struct dentry *proc_self; /* For /proc/self */ + struct dentry *proc_thread_self; /* For /proc/thread-self */ }; static inline struct proc_fs_info *proc_sb_info(struct super_block *sb)