Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2b1e300a authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Herbert Xu
Browse files

[NETNS]: Fix /proc/net breakage 



Well I clearly goofed when I added the initial network namespace support
for /proc/net.  Currently things work but there are odd details visible to
user space, even when we have a single network namespace.

Since we do not cache proc_dir_entry dentries at the moment we can just
modify ->lookup to return a different directory inode depending on the
network namespace of the process looking at /proc/net, replacing the
current technique of using a magic and fragile follow_link method.

To accomplish that this patch:
- introduces a shadow_proc method to allow different dentries to
  be returned from proc_lookup.
- Removes the old /proc/net follow_link magic
- Fixes a weakness in our not caching of proc generic dentries.

As shadow_proc uses a task struct to decided which dentry to return we can
go back later and fix the proc generic caching without modifying any code
that uses the shadow_proc method.

Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent e03ba84a

fs/proc/generic.c

+11 −1
Original line number Diff line number Diff line
@@ -374,9 +374,16 @@ static int proc_delete_dentry(struct dentry * dentry) 
	return 1;

}



static int proc_revalidate_dentry(struct dentry *dentry, struct nameidata *nd)

{

	d_drop(dentry);

	return 0;

}



static struct dentry_operations proc_dentry_operations =

{

	.d_delete	= proc_delete_dentry,

	.d_revalidate	= proc_revalidate_dentry,

};



/*
@@ -397,8 +404,11 @@ struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry, struct nam 
			if (de->namelen != dentry->d_name.len)

				continue;

			if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {

				unsigned int ino = de->low_ino;

				unsigned int ino;



				if (de->shadow_proc)

					de = de->shadow_proc(current, de);

				ino = de->low_ino;

				de_get(de);

				spin_unlock(&proc_subdir_lock);

				error = -EINVAL;

fs/proc/proc_net.c

+5 −81
Original line number Diff line number Diff line
@@ -50,89 +50,14 @@ struct net *get_proc_net(const struct inode *inode) 
}

EXPORT_SYMBOL_GPL(get_proc_net);



static struct proc_dir_entry *proc_net_shadow;

static struct proc_dir_entry *shadow_pde;



static struct dentry *proc_net_shadow_dentry(struct dentry *parent,

static struct proc_dir_entry *proc_net_shadow(struct task_struct *task,

						struct proc_dir_entry *de)

{

	struct dentry *shadow = NULL;

	struct inode *inode;

	if (!de)

		goto out;

	de_get(de);

	inode = proc_get_inode(parent->d_inode->i_sb, de->low_ino, de);

	if (!inode)

		goto out_de_put;

	shadow = d_alloc_name(parent, de->name);

	if (!shadow)

		goto out_iput;

	shadow->d_op = parent->d_op; /* proc_dentry_operations */

	d_instantiate(shadow, inode);

out:

	return shadow;

out_iput:

	iput(inode);

out_de_put:

	de_put(de);

	goto out;

}



static void *proc_net_follow_link(struct dentry *parent, struct nameidata *nd)

{

	struct net *net = current->nsproxy->net_ns;

	struct dentry *shadow;

	shadow = proc_net_shadow_dentry(parent, net->proc_net);

	if (!shadow)

		return ERR_PTR(-ENOENT);



	dput(nd->dentry);

	/* My dentry count is 1 and that should be enough as the

	 * shadow dentry is thrown away immediately.

	 */

	nd->dentry = shadow;

	return NULL;

}



static struct dentry *proc_net_lookup(struct inode *dir, struct dentry *dentry,

				      struct nameidata *nd)

{

	struct net *net = current->nsproxy->net_ns;

	struct dentry *shadow;



	shadow = proc_net_shadow_dentry(nd->dentry, net->proc_net);

	if (!shadow)

		return ERR_PTR(-ENOENT);



	dput(nd->dentry);

	nd->dentry = shadow;



	return shadow->d_inode->i_op->lookup(shadow->d_inode, dentry, nd);

}



static int proc_net_setattr(struct dentry *dentry, struct iattr *iattr)

{

	struct net *net = current->nsproxy->net_ns;

	struct dentry *shadow;

	int ret;



	shadow = proc_net_shadow_dentry(dentry->d_parent, net->proc_net);

	if (!shadow)

		return -ENOENT;

	ret = shadow->d_inode->i_op->setattr(shadow, iattr);

	dput(shadow);

	return ret;

	return task->nsproxy->net_ns->proc_net;

}



static const struct file_operations proc_net_dir_operations = {

	.read			= generic_read_dir,

};



static struct inode_operations proc_net_dir_inode_operations = {

	.follow_link	= proc_net_follow_link,

	.lookup		= proc_net_lookup,

	.setattr	= proc_net_setattr,

};



static __net_init int proc_net_ns_init(struct net *net)

{

	struct proc_dir_entry *root, *netd, *net_statd;
@@ -185,9 +110,8 @@ static struct pernet_operations __net_initdata proc_net_ns_ops = { 


int __init proc_net_init(void)

{

	proc_net_shadow = proc_mkdir("net", NULL);

	proc_net_shadow->proc_iops = &proc_net_dir_inode_operations;

	proc_net_shadow->proc_fops = &proc_net_dir_operations;

	shadow_pde = proc_mkdir("net", NULL);

	shadow_pde->shadow_proc = proc_net_shadow;



	return register_pernet_subsys(&proc_net_ns_ops);

}

include/linux/proc_fs.h

+3 −0
Original line number Diff line number Diff line
@@ -48,6 +48,8 @@ typedef int (read_proc_t)(char *page, char **start, off_t off, 
typedef	int (write_proc_t)(struct file *file, const char __user *buffer,

			   unsigned long count, void *data);

typedef int (get_info_t)(char *, char **, off_t, int);

typedef struct proc_dir_entry *(shadow_proc_t)(struct task_struct *task,

						struct proc_dir_entry *pde);



struct proc_dir_entry {

	unsigned int low_ino;
@@ -79,6 +81,7 @@ struct proc_dir_entry { 
	int pde_users;	/* number of callers into module in progress */

	spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */

	struct completion *pde_unload_completion;

	shadow_proc_t *shadow_proc;

};



struct kcore_list {