1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 *  fs/anon_inodes.c
4 *
5 *  Copyright (C) 2007  Davide Libenzi <davidel@xmailserver.org>
6 *
7 *  Thanks to Arnd Bergmann for code review and suggestions.
8 *  More changes for Thomas Gleixner suggestions.
9 *
10 */
11
12#include <linux/cred.h>
13#include <linux/file.h>
14#include <linux/poll.h>
15#include <linux/sched.h>
16#include <linux/init.h>
17#include <linux/fs.h>
18#include <linux/mount.h>
19#include <linux/module.h>
20#include <linux/kernel.h>
21#include <linux/magic.h>
22#include <linux/anon_inodes.h>
23#include <linux/pseudo_fs.h>
24
25#include <linux/uaccess.h>
26
27static struct vfsmount *anon_inode_mnt __ro_after_init;
28static struct inode *anon_inode_inode __ro_after_init;
29
30/*
31 * anon_inodefs_dname() is called from d_path().
32 */
33static char *anon_inodefs_dname(struct dentry *dentry, char *buffer, int buflen)
34{
35	return dynamic_dname(buffer, buflen, "anon_inode:%s",
36				dentry->d_name.name);
37}
38
39static const struct dentry_operations anon_inodefs_dentry_operations = {
40	.d_dname	= anon_inodefs_dname,
41};
42
43static int anon_inodefs_init_fs_context(struct fs_context *fc)
44{
45	struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC);
46	if (!ctx)
47		return -ENOMEM;
48	ctx->dops = &anon_inodefs_dentry_operations;
49	return 0;
50}
51
52static struct file_system_type anon_inode_fs_type = {
53	.name		= "anon_inodefs",
54	.init_fs_context = anon_inodefs_init_fs_context,
55	.kill_sb	= kill_anon_super,
56};
57
58static struct inode *anon_inode_make_secure_inode(
59	const char *name,
60	const struct inode *context_inode)
61{
62	struct inode *inode;
63	const struct qstr qname = QSTR_INIT(name, strlen(name));
64	int error;
65
66	inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
67	if (IS_ERR(inode))
68		return inode;
69	inode->i_flags &= ~S_PRIVATE;
70	error =	security_inode_init_security_anon(inode, &qname, context_inode);
71	if (error) {
72		iput(inode);
73		return ERR_PTR(error);
74	}
75	return inode;
76}
77
78static struct file *__anon_inode_getfile(const char *name,
79					 const struct file_operations *fops,
80					 void *priv, int flags,
81					 const struct inode *context_inode,
82					 bool make_inode)
83{
84	struct inode *inode;
85	struct file *file;
86
87	if (fops->owner && !try_module_get(fops->owner))
88		return ERR_PTR(-ENOENT);
89
90	if (make_inode) {
91		inode =	anon_inode_make_secure_inode(name, context_inode);
92		if (IS_ERR(inode)) {
93			file = ERR_CAST(inode);
94			goto err;
95		}
96	} else {
97		inode =	anon_inode_inode;
98		if (IS_ERR(inode)) {
99			file = ERR_PTR(-ENODEV);
100			goto err;
101		}
102		/*
103		 * We know the anon_inode inode count is always
104		 * greater than zero, so ihold() is safe.
105		 */
106		ihold(inode);
107	}
108
109	file = alloc_file_pseudo(inode, anon_inode_mnt, name,
110				 flags & (O_ACCMODE | O_NONBLOCK), fops);
111	if (IS_ERR(file))
112		goto err_iput;
113
114	file->f_mapping = inode->i_mapping;
115
116	file->private_data = priv;
117
118	return file;
119
120err_iput:
121	iput(inode);
122err:
123	module_put(fops->owner);
124	return file;
125}
126
127/**
128 * anon_inode_getfile - creates a new file instance by hooking it up to an
129 *                      anonymous inode, and a dentry that describe the "class"
130 *                      of the file
131 *
132 * @name:    [in]    name of the "class" of the new file
133 * @fops:    [in]    file operations for the new file
134 * @priv:    [in]    private data for the new file (will be file's private_data)
135 * @flags:   [in]    flags
136 *
137 * Creates a new file by hooking it on a single inode. This is useful for files
138 * that do not need to have a full-fledged inode in order to operate correctly.
139 * All the files created with anon_inode_getfile() will share a single inode,
140 * hence saving memory and avoiding code duplication for the file/inode/dentry
141 * setup.  Returns the newly created file* or an error pointer.
142 */
143struct file *anon_inode_getfile(const char *name,
144				const struct file_operations *fops,
145				void *priv, int flags)
146{
147	return __anon_inode_getfile(name, fops, priv, flags, NULL, false);
148}
149EXPORT_SYMBOL_GPL(anon_inode_getfile);
150
151/**
152 * anon_inode_create_getfile - Like anon_inode_getfile(), but creates a new
153 *                             !S_PRIVATE anon inode rather than reuse the
154 *                             singleton anon inode and calls the
155 *                             inode_init_security_anon() LSM hook.
156 *
157 * @name:    [in]    name of the "class" of the new file
158 * @fops:    [in]    file operations for the new file
159 * @priv:    [in]    private data for the new file (will be file's private_data)
160 * @flags:   [in]    flags
161 * @context_inode:
162 *           [in]    the logical relationship with the new inode (optional)
163 *
164 * Create a new anonymous inode and file pair.  This can be done for two
165 * reasons:
166 *
167 * - for the inode to have its own security context, so that LSMs can enforce
168 *   policy on the inode's creation;
169 *
170 * - if the caller needs a unique inode, for example in order to customize
171 *   the size returned by fstat()
172 *
173 * The LSM may use @context_inode in inode_init_security_anon(), but a
174 * reference to it is not held.
175 *
176 * Returns the newly created file* or an error pointer.
177 */
178struct file *anon_inode_create_getfile(const char *name,
179				       const struct file_operations *fops,
180				       void *priv, int flags,
181				       const struct inode *context_inode)
182{
183	return __anon_inode_getfile(name, fops, priv, flags,
184				    context_inode, true);
185}
186EXPORT_SYMBOL_GPL(anon_inode_create_getfile);
187
188static int __anon_inode_getfd(const char *name,
189			      const struct file_operations *fops,
190			      void *priv, int flags,
191			      const struct inode *context_inode,
192			      bool make_inode)
193{
194	int error, fd;
195	struct file *file;
196
197	error = get_unused_fd_flags(flags);
198	if (error < 0)
199		return error;
200	fd = error;
201
202	file = __anon_inode_getfile(name, fops, priv, flags, context_inode,
203				    make_inode);
204	if (IS_ERR(file)) {
205		error = PTR_ERR(file);
206		goto err_put_unused_fd;
207	}
208	fd_install(fd, file);
209
210	return fd;
211
212err_put_unused_fd:
213	put_unused_fd(fd);
214	return error;
215}
216
217/**
218 * anon_inode_getfd - creates a new file instance by hooking it up to
219 *                    an anonymous inode and a dentry that describe
220 *                    the "class" of the file
221 *
222 * @name:    [in]    name of the "class" of the new file
223 * @fops:    [in]    file operations for the new file
224 * @priv:    [in]    private data for the new file (will be file's private_data)
225 * @flags:   [in]    flags
226 *
227 * Creates a new file by hooking it on a single inode. This is
228 * useful for files that do not need to have a full-fledged inode in
229 * order to operate correctly.  All the files created with
230 * anon_inode_getfd() will use the same singleton inode, reducing
231 * memory use and avoiding code duplication for the file/inode/dentry
232 * setup.  Returns a newly created file descriptor or an error code.
233 */
234int anon_inode_getfd(const char *name, const struct file_operations *fops,
235		     void *priv, int flags)
236{
237	return __anon_inode_getfd(name, fops, priv, flags, NULL, false);
238}
239EXPORT_SYMBOL_GPL(anon_inode_getfd);
240
241/**
242 * anon_inode_create_getfd - Like anon_inode_getfd(), but creates a new
243 * !S_PRIVATE anon inode rather than reuse the singleton anon inode, and calls
244 * the inode_init_security_anon() LSM hook.
245 *
246 * @name:    [in]    name of the "class" of the new file
247 * @fops:    [in]    file operations for the new file
248 * @priv:    [in]    private data for the new file (will be file's private_data)
249 * @flags:   [in]    flags
250 * @context_inode:
251 *           [in]    the logical relationship with the new inode (optional)
252 *
253 * Create a new anonymous inode and file pair.  This can be done for two
254 * reasons:
255 *
256 * - for the inode to have its own security context, so that LSMs can enforce
257 *   policy on the inode's creation;
258 *
259 * - if the caller needs a unique inode, for example in order to customize
260 *   the size returned by fstat()
261 *
262 * The LSM may use @context_inode in inode_init_security_anon(), but a
263 * reference to it is not held.
264 *
265 * Returns a newly created file descriptor or an error code.
266 */
267int anon_inode_create_getfd(const char *name, const struct file_operations *fops,
268			    void *priv, int flags,
269			    const struct inode *context_inode)
270{
271	return __anon_inode_getfd(name, fops, priv, flags, context_inode, true);
272}
273
274static int __init anon_inode_init(void)
275{
276	anon_inode_mnt = kern_mount(&anon_inode_fs_type);
277	if (IS_ERR(anon_inode_mnt))
278		panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
279
280	anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
281	if (IS_ERR(anon_inode_inode))
282		panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
283
284	return 0;
285}
286
287fs_initcall(anon_inode_init);
288
289