From b69181b871d9fbf8816f03090ef7076cfe1af2c7 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:27 +0200 Subject: proc: proc_readfd() -> proc_fd_iterate() Give the method to iterate through the fd directory a better name. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-1-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/fd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/proc') diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 586bbc84ca04..7868333a46e7 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -312,14 +312,14 @@ static int proc_readfd_count(struct inode *inode, loff_t *count) return 0; } -static int proc_readfd(struct file *file, struct dir_context *ctx) +static int proc_fd_iterate(struct file *file, struct dir_context *ctx) { return proc_readfd_common(file, ctx, proc_fd_instantiate); } const struct file_operations proc_fd_operations = { .read = generic_read_dir, - .iterate_shared = proc_readfd, + .iterate_shared = proc_fd_iterate, .llseek = generic_file_llseek, }; -- cgit v1.2.3-58-ga151 From 55d4860db2a0ae54367401aa09b8fad38f237bfa Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:28 +0200 Subject: proc: proc_readfdinfo() -> proc_fdinfo_iterate() Give the method to iterate through the fdinfo directory a better name. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-2-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/fd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/proc') diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 7868333a46e7..105d6ce5b268 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -407,7 +407,7 @@ proc_lookupfdinfo(struct inode *dir, struct dentry *dentry, unsigned int flags) return proc_lookupfd_common(dir, dentry, proc_fdinfo_instantiate); } -static int proc_readfdinfo(struct file *file, struct dir_context *ctx) +static int proc_fdinfo_iterate(struct file *file, struct dir_context *ctx) { return proc_readfd_common(file, ctx, proc_fdinfo_instantiate); @@ -421,6 +421,6 @@ const struct inode_operations proc_fdinfo_inode_operations = { const struct file_operations proc_fdinfo_operations = { .read = generic_read_dir, - .iterate_shared = proc_readfdinfo, + .iterate_shared = proc_fdinfo_iterate, .llseek = generic_file_llseek, }; -- cgit v1.2.3-58-ga151 From 32a0a965b8a5b7b505babae2ee10c513ede376d8 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:29 +0200 Subject: proc: add proc_splice_unmountable() Add a tiny procfs helper to splice a dentry that cannot be mounted upon. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-3-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/internal.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'fs/proc') diff --git a/fs/proc/internal.h b/fs/proc/internal.h index a8a8576d8592..9e3f25e4c188 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -349,3 +349,16 @@ static inline void pde_force_lookup(struct proc_dir_entry *pde) /* /proc/net/ entries can be changed under us by setns(CLONE_NEWNET) */ pde->proc_dops = &proc_net_dentry_ops; } + +/* + * Add a new procfs dentry that can't serve as a mountpoint. That should + * encompass anything that is ephemeral and can just disappear while the + * process is still around. + */ +static inline struct dentry *proc_splice_unmountable(struct inode *inode, + struct dentry *dentry, const struct dentry_operations *d_ops) +{ + d_set_d_op(dentry, d_ops); + dont_mount(dentry); + return d_splice_alias(inode, dentry); +} -- cgit v1.2.3-58-ga151 From 3836b31c3e717fcaa2b63c69e4bcf8ff7b82e6e4 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:30 +0200 Subject: proc: block mounting on top of /proc//map_files/* Entries under /proc//map_files/* are ephemeral and may go away before the process dies. As such allowing them to be used as mount points creates the ability to leak mounts that linger until the process dies with no ability to unmount them until then. Don't allow using them as mountpoints. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-4-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/proc') diff --git a/fs/proc/base.c b/fs/proc/base.c index 72a1acd03675..fce3d377b826 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2276,8 +2276,8 @@ proc_map_files_instantiate(struct dentry *dentry, inode->i_op = &proc_map_files_link_inode_operations; inode->i_size = 64; - d_set_d_op(dentry, &tid_map_files_dentry_operations); - return d_splice_alias(inode, dentry); + return proc_splice_unmountable(inode, dentry, + &tid_map_files_dentry_operations); } static struct dentry *proc_map_files_lookup(struct inode *dir, -- cgit v1.2.3-58-ga151 From 74ce208089f468db26eddcc5ea58e50f5bbbc291 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:31 +0200 Subject: proc: block mounting on top of /proc//fd/* Entries under /proc//fd/* are ephemeral and may go away before the process dies. As such allowing them to be used as mount points creates the ability to leak mounts that linger until the process dies with no ability to unmount them until then. Don't allow using them as mountpoints. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-5-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/fd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/proc') diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 105d6ce5b268..671a45884304 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -220,8 +220,8 @@ static struct dentry *proc_fd_instantiate(struct dentry *dentry, ei->op.proc_get_link = proc_fd_link; tid_fd_update_inode(task, inode, data->mode); - d_set_d_op(dentry, &tid_fd_dentry_operations); - return d_splice_alias(inode, dentry); + return proc_splice_unmountable(inode, dentry, + &tid_fd_dentry_operations); } static struct dentry *proc_lookupfd_common(struct inode *dir, -- cgit v1.2.3-58-ga151 From cf71eaa1ad18d6f6e130cda708300b587176f16f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 Aug 2024 18:02:32 +0200 Subject: proc: block mounting on top of /proc//fdinfo/* Entries under /proc//fdinfo/* are ephemeral and may go away before the process dies. As such allowing them to be used as mount points creates the ability to leak mounts that linger until the process dies with no ability to unmount them until then. Don't allow using them as mountpoints. Link: https://lore.kernel.org/r/20240806-work-procfs-v1-6-fb04e1d09f0c@kernel.org Reviewed-by: Josef Bacik Signed-off-by: Christian Brauner --- fs/proc/fd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/proc') diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 671a45884304..623780449c48 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -397,8 +397,8 @@ static struct dentry *proc_fdinfo_instantiate(struct dentry *dentry, inode->i_fop = &proc_fdinfo_file_operations; tid_fd_update_inode(task, inode, 0); - d_set_d_op(dentry, &tid_fd_dentry_operations); - return d_splice_alias(inode, dentry); + return proc_splice_unmountable(inode, dentry, + &tid_fd_dentry_operations); } static struct dentry * -- cgit v1.2.3-58-ga151