fd22d5412a
p_trespass(struct proc *p1, struct proc *p2) which returns zero or an errno depending on the legality of p1 trespassing on p2. Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one extra signal related check. Replace procfs.h:CHECKIO() macros with calls to p_trespass(). Only show command lines to process which can trespass on the target process.
1032 lines
24 KiB
C
1032 lines
24 KiB
C
/*
|
|
* Copyright (c) 1993, 1995 Jan-Simon Pendry
|
|
* Copyright (c) 1993, 1995
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* This code is derived from software contributed to Berkeley by
|
|
* Jan-Simon Pendry.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
/*
|
|
* procfs vnode interface
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/time.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/lock.h>
|
|
#include <sys/fcntl.h>
|
|
#include <sys/proc.h>
|
|
#include <sys/signalvar.h>
|
|
#include <sys/vnode.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/namei.h>
|
|
#include <sys/dirent.h>
|
|
#include <machine/reg.h>
|
|
#include <vm/vm_zone.h>
|
|
#include <miscfs/procfs/procfs.h>
|
|
#include <sys/pioctl.h>
|
|
|
|
static int procfs_abortop __P((struct vop_abortop_args *));
|
|
static int procfs_access __P((struct vop_access_args *));
|
|
static int procfs_badop __P((void));
|
|
static int procfs_bmap __P((struct vop_bmap_args *));
|
|
static int procfs_close __P((struct vop_close_args *));
|
|
static int procfs_getattr __P((struct vop_getattr_args *));
|
|
static int procfs_inactive __P((struct vop_inactive_args *));
|
|
static int procfs_ioctl __P((struct vop_ioctl_args *));
|
|
static int procfs_lookup __P((struct vop_lookup_args *));
|
|
static int procfs_open __P((struct vop_open_args *));
|
|
static int procfs_print __P((struct vop_print_args *));
|
|
static int procfs_readdir __P((struct vop_readdir_args *));
|
|
static int procfs_readlink __P((struct vop_readlink_args *));
|
|
static int procfs_reclaim __P((struct vop_reclaim_args *));
|
|
static int procfs_setattr __P((struct vop_setattr_args *));
|
|
|
|
/*
|
|
* This is a list of the valid names in the
|
|
* process-specific sub-directories. It is
|
|
* used in procfs_lookup and procfs_readdir
|
|
*/
|
|
static struct proc_target {
|
|
u_char pt_type;
|
|
u_char pt_namlen;
|
|
char *pt_name;
|
|
pfstype pt_pfstype;
|
|
int (*pt_valid) __P((struct proc *p));
|
|
} proc_targets[] = {
|
|
#define N(s) sizeof(s)-1, s
|
|
/* name type validp */
|
|
{ DT_DIR, N("."), Pproc, NULL },
|
|
{ DT_DIR, N(".."), Proot, NULL },
|
|
{ DT_REG, N("mem"), Pmem, NULL },
|
|
{ DT_REG, N("regs"), Pregs, procfs_validregs },
|
|
{ DT_REG, N("fpregs"), Pfpregs, procfs_validfpregs },
|
|
{ DT_REG, N("dbregs"), Pdbregs, procfs_validdbregs },
|
|
{ DT_REG, N("ctl"), Pctl, NULL },
|
|
{ DT_REG, N("status"), Pstatus, NULL },
|
|
{ DT_REG, N("note"), Pnote, NULL },
|
|
{ DT_REG, N("notepg"), Pnotepg, NULL },
|
|
{ DT_REG, N("map"), Pmap, procfs_validmap },
|
|
{ DT_REG, N("etype"), Ptype, procfs_validtype },
|
|
{ DT_REG, N("cmdline"), Pcmdline, NULL },
|
|
{ DT_REG, N("rlimit"), Prlimit, NULL },
|
|
#undef N
|
|
};
|
|
static const int nproc_targets = sizeof(proc_targets) / sizeof(proc_targets[0]);
|
|
|
|
static pid_t atopid __P((const char *, u_int));
|
|
|
|
/*
|
|
* set things up for doing i/o on
|
|
* the pfsnode (vp). (vp) is locked
|
|
* on entry, and should be left locked
|
|
* on exit.
|
|
*
|
|
* for procfs we don't need to do anything
|
|
* in particular for i/o. all that is done
|
|
* is to support exclusive open on process
|
|
* memory images.
|
|
*/
|
|
static int
|
|
procfs_open(ap)
|
|
struct vop_open_args /* {
|
|
struct vnode *a_vp;
|
|
int a_mode;
|
|
struct ucred *a_cred;
|
|
struct proc *a_p;
|
|
} */ *ap;
|
|
{
|
|
struct pfsnode *pfs = VTOPFS(ap->a_vp);
|
|
struct proc *p1, *p2;
|
|
|
|
p2 = PFIND(pfs->pfs_pid);
|
|
if (p2 == NULL)
|
|
return (ENOENT);
|
|
if (pfs->pfs_pid && !PRISON_CHECK(ap->a_p, p2))
|
|
return (ENOENT);
|
|
|
|
switch (pfs->pfs_type) {
|
|
case Pmem:
|
|
if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) ||
|
|
((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)))
|
|
return (EBUSY);
|
|
|
|
p1 = ap->a_p;
|
|
if (p_trespass(p1, p2) &&
|
|
!procfs_kmemaccess(p1))
|
|
return (EPERM);
|
|
|
|
if (ap->a_mode & FWRITE)
|
|
pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
|
|
|
|
return (0);
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* close the pfsnode (vp) after doing i/o.
|
|
* (vp) is not locked on entry or exit.
|
|
*
|
|
* nothing to do for procfs other than undo
|
|
* any exclusive open flag (see _open above).
|
|
*/
|
|
static int
|
|
procfs_close(ap)
|
|
struct vop_close_args /* {
|
|
struct vnode *a_vp;
|
|
int a_fflag;
|
|
struct ucred *a_cred;
|
|
struct proc *a_p;
|
|
} */ *ap;
|
|
{
|
|
struct pfsnode *pfs = VTOPFS(ap->a_vp);
|
|
struct proc *p;
|
|
|
|
switch (pfs->pfs_type) {
|
|
case Pmem:
|
|
if ((ap->a_fflag & FWRITE) && (pfs->pfs_flags & O_EXCL))
|
|
pfs->pfs_flags &= ~(FWRITE|O_EXCL);
|
|
/*
|
|
* This rather complicated-looking code is trying to
|
|
* determine if this was the last close on this particular
|
|
* vnode. While one would expect v_usecount to be 1 at
|
|
* that point, it seems that (according to John Dyson)
|
|
* the VM system will bump up the usecount. So: if the
|
|
* usecount is 2, and VOBJBUF is set, then this is really
|
|
* the last close. Otherwise, if the usecount is < 2
|
|
* then it is definitely the last close.
|
|
* If this is the last close, then it checks to see if
|
|
* the target process has PF_LINGER set in p_pfsflags,
|
|
* if this is *not* the case, then the process' stop flags
|
|
* are cleared, and the process is woken up. This is
|
|
* to help prevent the case where a process has been
|
|
* told to stop on an event, but then the requesting process
|
|
* has gone away or forgotten about it.
|
|
*/
|
|
if ((ap->a_vp->v_usecount < 2)
|
|
&& (p = pfind(pfs->pfs_pid))
|
|
&& !(p->p_pfsflags & PF_LINGER)) {
|
|
p->p_stops = 0;
|
|
p->p_step = 0;
|
|
wakeup(&p->p_step);
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* do an ioctl operation on a pfsnode (vp).
|
|
* (vp) is not locked on entry or exit.
|
|
*/
|
|
static int
|
|
procfs_ioctl(ap)
|
|
struct vop_ioctl_args *ap;
|
|
{
|
|
struct pfsnode *pfs = VTOPFS(ap->a_vp);
|
|
struct proc *procp, *p;
|
|
int error;
|
|
int signo;
|
|
struct procfs_status *psp;
|
|
unsigned char flags;
|
|
|
|
p = ap->a_p;
|
|
procp = pfind(pfs->pfs_pid);
|
|
if (procp == NULL) {
|
|
return ENOTTY;
|
|
}
|
|
|
|
if (p_trespass(p, procp))
|
|
return EPERM;
|
|
|
|
switch (ap->a_command) {
|
|
case PIOCBIS:
|
|
procp->p_stops |= *(unsigned int*)ap->a_data;
|
|
break;
|
|
case PIOCBIC:
|
|
procp->p_stops &= ~*(unsigned int*)ap->a_data;
|
|
break;
|
|
case PIOCSFL:
|
|
/*
|
|
* NFLAGS is "non-suser_xxx flags" -- currently, only
|
|
* PFS_ISUGID ("ignore set u/g id");
|
|
*/
|
|
#define NFLAGS (PF_ISUGID)
|
|
flags = (unsigned char)*(unsigned int*)ap->a_data;
|
|
if (flags & NFLAGS && (error = suser(p)))
|
|
return error;
|
|
procp->p_pfsflags = flags;
|
|
break;
|
|
case PIOCGFL:
|
|
*(unsigned int*)ap->a_data = (unsigned int)procp->p_pfsflags;
|
|
case PIOCSTATUS:
|
|
psp = (struct procfs_status *)ap->a_data;
|
|
psp->state = (procp->p_step == 0);
|
|
psp->flags = procp->p_pfsflags;
|
|
psp->events = procp->p_stops;
|
|
if (procp->p_step) {
|
|
psp->why = procp->p_stype;
|
|
psp->val = procp->p_xstat;
|
|
} else {
|
|
psp->why = psp->val = 0; /* Not defined values */
|
|
}
|
|
break;
|
|
case PIOCWAIT:
|
|
psp = (struct procfs_status *)ap->a_data;
|
|
if (procp->p_step == 0) {
|
|
error = tsleep(&procp->p_stype, PWAIT | PCATCH, "piocwait", 0);
|
|
if (error)
|
|
return error;
|
|
}
|
|
psp->state = 1; /* It stopped */
|
|
psp->flags = procp->p_pfsflags;
|
|
psp->events = procp->p_stops;
|
|
psp->why = procp->p_stype; /* why it stopped */
|
|
psp->val = procp->p_xstat; /* any extra info */
|
|
break;
|
|
case PIOCCONT: /* Restart a proc */
|
|
if (procp->p_step == 0)
|
|
return EINVAL; /* Can only start a stopped process */
|
|
if ((signo = *(int*)ap->a_data) != 0) {
|
|
if (signo >= NSIG || signo <= 0)
|
|
return EINVAL;
|
|
psignal(procp, signo);
|
|
}
|
|
procp->p_step = 0;
|
|
wakeup(&procp->p_step);
|
|
break;
|
|
default:
|
|
return (ENOTTY);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* do block mapping for pfsnode (vp).
|
|
* since we don't use the buffer cache
|
|
* for procfs this function should never
|
|
* be called. in any case, it's not clear
|
|
* what part of the kernel ever makes use
|
|
* of this function. for sanity, this is the
|
|
* usual no-op bmap, although returning
|
|
* (EIO) would be a reasonable alternative.
|
|
*/
|
|
static int
|
|
procfs_bmap(ap)
|
|
struct vop_bmap_args /* {
|
|
struct vnode *a_vp;
|
|
daddr_t a_bn;
|
|
struct vnode **a_vpp;
|
|
daddr_t *a_bnp;
|
|
int *a_runp;
|
|
} */ *ap;
|
|
{
|
|
|
|
if (ap->a_vpp != NULL)
|
|
*ap->a_vpp = ap->a_vp;
|
|
if (ap->a_bnp != NULL)
|
|
*ap->a_bnp = ap->a_bn;
|
|
if (ap->a_runp != NULL)
|
|
*ap->a_runp = 0;
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* procfs_inactive is called when the pfsnode
|
|
* is vrele'd and the reference count goes
|
|
* to zero. (vp) will be on the vnode free
|
|
* list, so to get it back vget() must be
|
|
* used.
|
|
*
|
|
* (vp) is locked on entry, but must be unlocked on exit.
|
|
*/
|
|
static int
|
|
procfs_inactive(ap)
|
|
struct vop_inactive_args /* {
|
|
struct vnode *a_vp;
|
|
} */ *ap;
|
|
{
|
|
struct vnode *vp = ap->a_vp;
|
|
|
|
VOP_UNLOCK(vp, 0, ap->a_p);
|
|
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* _reclaim is called when getnewvnode()
|
|
* wants to make use of an entry on the vnode
|
|
* free list. at this time the filesystem needs
|
|
* to free any private data and remove the node
|
|
* from any private lists.
|
|
*/
|
|
static int
|
|
procfs_reclaim(ap)
|
|
struct vop_reclaim_args /* {
|
|
struct vnode *a_vp;
|
|
} */ *ap;
|
|
{
|
|
|
|
return (procfs_freevp(ap->a_vp));
|
|
}
|
|
|
|
/*
|
|
* _print is used for debugging.
|
|
* just print a readable description
|
|
* of (vp).
|
|
*/
|
|
static int
|
|
procfs_print(ap)
|
|
struct vop_print_args /* {
|
|
struct vnode *a_vp;
|
|
} */ *ap;
|
|
{
|
|
struct pfsnode *pfs = VTOPFS(ap->a_vp);
|
|
|
|
printf("tag VT_PROCFS, type %d, pid %ld, mode %x, flags %lx\n",
|
|
pfs->pfs_type, (long)pfs->pfs_pid, pfs->pfs_mode, pfs->pfs_flags);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* _abortop is called when operations such as
|
|
* rename and create fail. this entry is responsible
|
|
* for undoing any side-effects caused by the lookup.
|
|
* this will always include freeing the pathname buffer.
|
|
*/
|
|
static int
|
|
procfs_abortop(ap)
|
|
struct vop_abortop_args /* {
|
|
struct vnode *a_dvp;
|
|
struct componentname *a_cnp;
|
|
} */ *ap;
|
|
{
|
|
|
|
if ((ap->a_cnp->cn_flags & (HASBUF | SAVESTART)) == HASBUF)
|
|
zfree(namei_zone, ap->a_cnp->cn_pnbuf);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* generic entry point for unsupported operations
|
|
*/
|
|
static int
|
|
procfs_badop()
|
|
{
|
|
|
|
return (EIO);
|
|
}
|
|
|
|
/*
|
|
* Invent attributes for pfsnode (vp) and store
|
|
* them in (vap).
|
|
* Directories lengths are returned as zero since
|
|
* any real length would require the genuine size
|
|
* to be computed, and nothing cares anyway.
|
|
*
|
|
* this is relatively minimal for procfs.
|
|
*/
|
|
static int
|
|
procfs_getattr(ap)
|
|
struct vop_getattr_args /* {
|
|
struct vnode *a_vp;
|
|
struct vattr *a_vap;
|
|
struct ucred *a_cred;
|
|
struct proc *a_p;
|
|
} */ *ap;
|
|
{
|
|
struct pfsnode *pfs = VTOPFS(ap->a_vp);
|
|
struct vattr *vap = ap->a_vap;
|
|
struct proc *procp;
|
|
int error;
|
|
|
|
/*
|
|
* First make sure that the process and its credentials
|
|
* still exist.
|
|
*/
|
|
switch (pfs->pfs_type) {
|
|
case Proot:
|
|
case Pcurproc:
|
|
procp = 0;
|
|
break;
|
|
|
|
default:
|
|
procp = PFIND(pfs->pfs_pid);
|
|
if (procp == 0 || procp->p_cred == NULL ||
|
|
procp->p_ucred == NULL)
|
|
return (ENOENT);
|
|
}
|
|
|
|
error = 0;
|
|
|
|
/* start by zeroing out the attributes */
|
|
VATTR_NULL(vap);
|
|
|
|
/* next do all the common fields */
|
|
vap->va_type = ap->a_vp->v_type;
|
|
vap->va_mode = pfs->pfs_mode;
|
|
vap->va_fileid = pfs->pfs_fileno;
|
|
vap->va_flags = 0;
|
|
vap->va_blocksize = PAGE_SIZE;
|
|
vap->va_bytes = vap->va_size = 0;
|
|
vap->va_fsid = ap->a_vp->v_mount->mnt_stat.f_fsid.val[0];
|
|
|
|
/*
|
|
* Make all times be current TOD.
|
|
* It would be possible to get the process start
|
|
* time from the p_stat structure, but there's
|
|
* no "file creation" time stamp anyway, and the
|
|
* p_stat structure is not addressible if u. gets
|
|
* swapped out for that process.
|
|
*/
|
|
nanotime(&vap->va_ctime);
|
|
vap->va_atime = vap->va_mtime = vap->va_ctime;
|
|
|
|
/*
|
|
* If the process has exercised some setuid or setgid
|
|
* privilege, then rip away read/write permission so
|
|
* that only root can gain access.
|
|
*/
|
|
switch (pfs->pfs_type) {
|
|
case Pctl:
|
|
case Pregs:
|
|
case Pfpregs:
|
|
case Pdbregs:
|
|
if (procp->p_flag & P_SUGID)
|
|
vap->va_mode &= ~((VREAD|VWRITE)|
|
|
((VREAD|VWRITE)>>3)|
|
|
((VREAD|VWRITE)>>6));
|
|
break;
|
|
case Pmem:
|
|
/* Retain group kmem readablity. */
|
|
if (procp->p_flag & P_SUGID)
|
|
vap->va_mode &= ~(VREAD|VWRITE);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* now do the object specific fields
|
|
*
|
|
* The size could be set from struct reg, but it's hardly
|
|
* worth the trouble, and it puts some (potentially) machine
|
|
* dependent data into this machine-independent code. If it
|
|
* becomes important then this function should break out into
|
|
* a per-file stat function in the corresponding .c file.
|
|
*/
|
|
|
|
vap->va_nlink = 1;
|
|
if (procp) {
|
|
vap->va_uid = procp->p_ucred->cr_uid;
|
|
vap->va_gid = procp->p_ucred->cr_gid;
|
|
}
|
|
|
|
switch (pfs->pfs_type) {
|
|
case Proot:
|
|
/*
|
|
* Set nlink to 1 to tell fts(3) we don't actually know.
|
|
*/
|
|
vap->va_nlink = 1;
|
|
vap->va_uid = 0;
|
|
vap->va_gid = 0;
|
|
vap->va_size = vap->va_bytes = DEV_BSIZE;
|
|
break;
|
|
|
|
case Pcurproc: {
|
|
char buf[16]; /* should be enough */
|
|
vap->va_uid = 0;
|
|
vap->va_gid = 0;
|
|
vap->va_size = vap->va_bytes =
|
|
snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid);
|
|
break;
|
|
}
|
|
|
|
case Pproc:
|
|
vap->va_nlink = nproc_targets;
|
|
vap->va_size = vap->va_bytes = DEV_BSIZE;
|
|
break;
|
|
|
|
case Pfile:
|
|
error = EOPNOTSUPP;
|
|
break;
|
|
|
|
case Pmem:
|
|
/*
|
|
* If we denied owner access earlier, then we have to
|
|
* change the owner to root - otherwise 'ps' and friends
|
|
* will break even though they are setgid kmem. *SIGH*
|
|
*/
|
|
if (procp->p_flag & P_SUGID)
|
|
vap->va_uid = 0;
|
|
else
|
|
vap->va_uid = procp->p_ucred->cr_uid;
|
|
vap->va_gid = KMEM_GROUP;
|
|
break;
|
|
|
|
case Pregs:
|
|
vap->va_bytes = vap->va_size = sizeof(struct reg);
|
|
break;
|
|
|
|
case Pfpregs:
|
|
vap->va_bytes = vap->va_size = sizeof(struct fpreg);
|
|
break;
|
|
|
|
case Pdbregs:
|
|
vap->va_bytes = vap->va_size = sizeof(struct dbreg);
|
|
break;
|
|
|
|
case Ptype:
|
|
case Pmap:
|
|
case Pctl:
|
|
case Pstatus:
|
|
case Pnote:
|
|
case Pnotepg:
|
|
case Pcmdline:
|
|
case Prlimit:
|
|
break;
|
|
|
|
default:
|
|
panic("procfs_getattr");
|
|
}
|
|
|
|
return (error);
|
|
}
|
|
|
|
static int
|
|
procfs_setattr(ap)
|
|
struct vop_setattr_args /* {
|
|
struct vnode *a_vp;
|
|
struct vattr *a_vap;
|
|
struct ucred *a_cred;
|
|
struct proc *a_p;
|
|
} */ *ap;
|
|
{
|
|
|
|
if (ap->a_vap->va_flags != VNOVAL)
|
|
return (EOPNOTSUPP);
|
|
|
|
/*
|
|
* just fake out attribute setting
|
|
* it's not good to generate an error
|
|
* return, otherwise things like creat()
|
|
* will fail when they try to set the
|
|
* file length to 0. worse, this means
|
|
* that echo $note > /proc/$pid/note will fail.
|
|
*/
|
|
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* implement access checking.
|
|
*
|
|
* something very similar to this code is duplicated
|
|
* throughout the 4bsd kernel and should be moved
|
|
* into kern/vfs_subr.c sometime.
|
|
*
|
|
* actually, the check for super-user is slightly
|
|
* broken since it will allow read access to write-only
|
|
* objects. this doesn't cause any particular trouble
|
|
* but does mean that the i/o entry points need to check
|
|
* that the operation really does make sense.
|
|
*/
|
|
static int
|
|
procfs_access(ap)
|
|
struct vop_access_args /* {
|
|
struct vnode *a_vp;
|
|
int a_mode;
|
|
struct ucred *a_cred;
|
|
struct proc *a_p;
|
|
} */ *ap;
|
|
{
|
|
struct vattr *vap;
|
|
struct vattr vattr;
|
|
int error;
|
|
|
|
/*
|
|
* If you're the super-user,
|
|
* you always get access.
|
|
*/
|
|
if (ap->a_cred->cr_uid == 0)
|
|
return (0);
|
|
|
|
vap = &vattr;
|
|
error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
|
|
if (error)
|
|
return (error);
|
|
|
|
/*
|
|
* Access check is based on only one of owner, group, public.
|
|
* If not owner, then check group. If not a member of the
|
|
* group, then check public access.
|
|
*/
|
|
if (ap->a_cred->cr_uid != vap->va_uid) {
|
|
gid_t *gp;
|
|
int i;
|
|
|
|
ap->a_mode >>= 3;
|
|
gp = ap->a_cred->cr_groups;
|
|
for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++)
|
|
if (vap->va_gid == *gp)
|
|
goto found;
|
|
ap->a_mode >>= 3;
|
|
found:
|
|
;
|
|
}
|
|
|
|
if ((vap->va_mode & ap->a_mode) == ap->a_mode)
|
|
return (0);
|
|
|
|
return (EACCES);
|
|
}
|
|
|
|
/*
|
|
* lookup. this is incredibly complicated in the
|
|
* general case, however for most pseudo-filesystems
|
|
* very little needs to be done.
|
|
*
|
|
* unless you want to get a migraine, just make sure your
|
|
* filesystem doesn't do any locking of its own. otherwise
|
|
* read and inwardly digest ufs_lookup().
|
|
*/
|
|
static int
|
|
procfs_lookup(ap)
|
|
struct vop_lookup_args /* {
|
|
struct vnode * a_dvp;
|
|
struct vnode ** a_vpp;
|
|
struct componentname * a_cnp;
|
|
} */ *ap;
|
|
{
|
|
struct componentname *cnp = ap->a_cnp;
|
|
struct vnode **vpp = ap->a_vpp;
|
|
struct vnode *dvp = ap->a_dvp;
|
|
char *pname = cnp->cn_nameptr;
|
|
struct proc *curp = cnp->cn_proc;
|
|
struct proc_target *pt;
|
|
struct vnode *fvp;
|
|
pid_t pid;
|
|
struct pfsnode *pfs;
|
|
struct proc *p;
|
|
int i;
|
|
|
|
*vpp = NULL;
|
|
|
|
if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
|
|
return (EROFS);
|
|
|
|
if (cnp->cn_namelen == 1 && *pname == '.') {
|
|
*vpp = dvp;
|
|
VREF(dvp);
|
|
/* vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, curp); */
|
|
return (0);
|
|
}
|
|
|
|
pfs = VTOPFS(dvp);
|
|
switch (pfs->pfs_type) {
|
|
case Proot:
|
|
if (cnp->cn_flags & ISDOTDOT)
|
|
return (EIO);
|
|
|
|
if (CNEQ(cnp, "curproc", 7))
|
|
return (procfs_allocvp(dvp->v_mount, vpp, 0, Pcurproc));
|
|
|
|
pid = atopid(pname, cnp->cn_namelen);
|
|
if (pid == NO_PID)
|
|
break;
|
|
|
|
p = PFIND(pid);
|
|
if (p == 0)
|
|
break;
|
|
|
|
return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc));
|
|
|
|
case Pproc:
|
|
if (cnp->cn_flags & ISDOTDOT)
|
|
return (procfs_root(dvp->v_mount, vpp));
|
|
|
|
p = PFIND(pfs->pfs_pid);
|
|
if (p == 0)
|
|
break;
|
|
|
|
for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) {
|
|
if (cnp->cn_namelen == pt->pt_namlen &&
|
|
bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 &&
|
|
(pt->pt_valid == NULL || (*pt->pt_valid)(p)))
|
|
goto found;
|
|
}
|
|
break;
|
|
|
|
found:
|
|
if (pt->pt_pfstype == Pfile) {
|
|
fvp = procfs_findtextvp(p);
|
|
/* We already checked that it exists. */
|
|
VREF(fvp);
|
|
vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY, curp);
|
|
*vpp = fvp;
|
|
return (0);
|
|
}
|
|
|
|
return (procfs_allocvp(dvp->v_mount, vpp, pfs->pfs_pid,
|
|
pt->pt_pfstype));
|
|
|
|
default:
|
|
return (ENOTDIR);
|
|
}
|
|
|
|
return (cnp->cn_nameiop == LOOKUP ? ENOENT : EROFS);
|
|
}
|
|
|
|
/*
|
|
* Does this process have a text file?
|
|
*/
|
|
int
|
|
procfs_validfile(p)
|
|
struct proc *p;
|
|
{
|
|
|
|
return (procfs_findtextvp(p) != NULLVP);
|
|
}
|
|
|
|
/*
|
|
* readdir() returns directory entries from pfsnode (vp).
|
|
*
|
|
* We generate just one directory entry at a time, as it would probably
|
|
* not pay off to buffer several entries locally to save uiomove calls.
|
|
*/
|
|
static int
|
|
procfs_readdir(ap)
|
|
struct vop_readdir_args /* {
|
|
struct vnode *a_vp;
|
|
struct uio *a_uio;
|
|
struct ucred *a_cred;
|
|
int *a_eofflag;
|
|
int *a_ncookies;
|
|
u_long **a_cookies;
|
|
} */ *ap;
|
|
{
|
|
struct uio *uio = ap->a_uio;
|
|
struct dirent d;
|
|
struct dirent *dp = &d;
|
|
struct pfsnode *pfs;
|
|
int count, error, i, off;
|
|
static u_int delen;
|
|
|
|
if (!delen) {
|
|
|
|
d.d_namlen = PROCFS_NAMELEN;
|
|
delen = GENERIC_DIRSIZ(&d);
|
|
}
|
|
|
|
pfs = VTOPFS(ap->a_vp);
|
|
|
|
off = (int)uio->uio_offset;
|
|
if (off != uio->uio_offset || off < 0 ||
|
|
off % delen != 0 || uio->uio_resid < delen)
|
|
return (EINVAL);
|
|
|
|
error = 0;
|
|
count = 0;
|
|
i = off / delen;
|
|
|
|
switch (pfs->pfs_type) {
|
|
/*
|
|
* this is for the process-specific sub-directories.
|
|
* all that is needed to is copy out all the entries
|
|
* from the procent[] table (top of this file).
|
|
*/
|
|
case Pproc: {
|
|
struct proc *p;
|
|
struct proc_target *pt;
|
|
|
|
p = PFIND(pfs->pfs_pid);
|
|
if (p == NULL)
|
|
break;
|
|
if (!PRISON_CHECK(curproc, p))
|
|
break;
|
|
|
|
for (pt = &proc_targets[i];
|
|
uio->uio_resid >= delen && i < nproc_targets; pt++, i++) {
|
|
if (pt->pt_valid && (*pt->pt_valid)(p) == 0)
|
|
continue;
|
|
|
|
dp->d_reclen = delen;
|
|
dp->d_fileno = PROCFS_FILENO(pfs->pfs_pid, pt->pt_pfstype);
|
|
dp->d_namlen = pt->pt_namlen;
|
|
bcopy(pt->pt_name, dp->d_name, pt->pt_namlen + 1);
|
|
dp->d_type = pt->pt_type;
|
|
|
|
if ((error = uiomove((caddr_t)dp, delen, uio)) != 0)
|
|
break;
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* this is for the root of the procfs filesystem
|
|
* what is needed is a special entry for "curproc"
|
|
* followed by an entry for each process on allproc
|
|
#ifdef PROCFS_ZOMBIE
|
|
* and zombproc.
|
|
#endif
|
|
*/
|
|
|
|
case Proot: {
|
|
#ifdef PROCFS_ZOMBIE
|
|
int doingzomb = 0;
|
|
#endif
|
|
int pcnt = 0;
|
|
volatile struct proc *p = allproc.lh_first;
|
|
|
|
for (; p && uio->uio_resid >= delen; i++, pcnt++) {
|
|
bzero((char *) dp, delen);
|
|
dp->d_reclen = delen;
|
|
|
|
switch (i) {
|
|
case 0: /* `.' */
|
|
case 1: /* `..' */
|
|
dp->d_fileno = PROCFS_FILENO(0, Proot);
|
|
dp->d_namlen = i + 1;
|
|
bcopy("..", dp->d_name, dp->d_namlen);
|
|
dp->d_name[i + 1] = '\0';
|
|
dp->d_type = DT_DIR;
|
|
break;
|
|
|
|
case 2:
|
|
dp->d_fileno = PROCFS_FILENO(0, Pcurproc);
|
|
dp->d_namlen = 7;
|
|
bcopy("curproc", dp->d_name, 8);
|
|
dp->d_type = DT_LNK;
|
|
break;
|
|
|
|
default:
|
|
while (pcnt < i) {
|
|
p = p->p_list.le_next;
|
|
if (!p)
|
|
goto done;
|
|
if (!PRISON_CHECK(curproc, p))
|
|
continue;
|
|
pcnt++;
|
|
}
|
|
while (!PRISON_CHECK(curproc, p)) {
|
|
p = p->p_list.le_next;
|
|
if (!p)
|
|
goto done;
|
|
}
|
|
dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc);
|
|
dp->d_namlen = sprintf(dp->d_name, "%ld",
|
|
(long)p->p_pid);
|
|
dp->d_type = DT_REG;
|
|
p = p->p_list.le_next;
|
|
break;
|
|
}
|
|
|
|
if ((error = uiomove((caddr_t)dp, delen, uio)) != 0)
|
|
break;
|
|
}
|
|
done:
|
|
|
|
#ifdef PROCFS_ZOMBIE
|
|
if (p == 0 && doingzomb == 0) {
|
|
doingzomb = 1;
|
|
p = zombproc.lh_first;
|
|
goto again;
|
|
}
|
|
#endif
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
error = ENOTDIR;
|
|
break;
|
|
}
|
|
|
|
uio->uio_offset = i * delen;
|
|
|
|
return (error);
|
|
}
|
|
|
|
/*
|
|
* readlink reads the link of `curproc'
|
|
*/
|
|
static int
|
|
procfs_readlink(ap)
|
|
struct vop_readlink_args *ap;
|
|
{
|
|
char buf[16]; /* should be enough */
|
|
int len;
|
|
|
|
if (VTOPFS(ap->a_vp)->pfs_fileno != PROCFS_FILENO(0, Pcurproc))
|
|
return (EINVAL);
|
|
|
|
len = snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid);
|
|
|
|
return (uiomove((caddr_t)buf, len, ap->a_uio));
|
|
}
|
|
|
|
/*
|
|
* convert decimal ascii to pid_t
|
|
*/
|
|
static pid_t
|
|
atopid(b, len)
|
|
const char *b;
|
|
u_int len;
|
|
{
|
|
pid_t p = 0;
|
|
|
|
while (len--) {
|
|
char c = *b++;
|
|
if (c < '0' || c > '9')
|
|
return (NO_PID);
|
|
p = 10 * p + (c - '0');
|
|
if (p > PID_MAX)
|
|
return (NO_PID);
|
|
}
|
|
|
|
return (p);
|
|
}
|
|
|
|
/*
|
|
* procfs vnode operations.
|
|
*/
|
|
vop_t **procfs_vnodeop_p;
|
|
static struct vnodeopv_entry_desc procfs_vnodeop_entries[] = {
|
|
{ &vop_default_desc, (vop_t *) vop_defaultop },
|
|
{ &vop_abortop_desc, (vop_t *) procfs_abortop },
|
|
{ &vop_access_desc, (vop_t *) procfs_access },
|
|
{ &vop_advlock_desc, (vop_t *) procfs_badop },
|
|
{ &vop_bmap_desc, (vop_t *) procfs_bmap },
|
|
{ &vop_close_desc, (vop_t *) procfs_close },
|
|
{ &vop_create_desc, (vop_t *) procfs_badop },
|
|
{ &vop_getattr_desc, (vop_t *) procfs_getattr },
|
|
{ &vop_inactive_desc, (vop_t *) procfs_inactive },
|
|
{ &vop_link_desc, (vop_t *) procfs_badop },
|
|
{ &vop_lookup_desc, (vop_t *) procfs_lookup },
|
|
{ &vop_mkdir_desc, (vop_t *) procfs_badop },
|
|
{ &vop_mknod_desc, (vop_t *) procfs_badop },
|
|
{ &vop_open_desc, (vop_t *) procfs_open },
|
|
{ &vop_pathconf_desc, (vop_t *) vop_stdpathconf },
|
|
{ &vop_print_desc, (vop_t *) procfs_print },
|
|
{ &vop_read_desc, (vop_t *) procfs_rw },
|
|
{ &vop_readdir_desc, (vop_t *) procfs_readdir },
|
|
{ &vop_readlink_desc, (vop_t *) procfs_readlink },
|
|
{ &vop_reclaim_desc, (vop_t *) procfs_reclaim },
|
|
{ &vop_remove_desc, (vop_t *) procfs_badop },
|
|
{ &vop_rename_desc, (vop_t *) procfs_badop },
|
|
{ &vop_rmdir_desc, (vop_t *) procfs_badop },
|
|
{ &vop_setattr_desc, (vop_t *) procfs_setattr },
|
|
{ &vop_symlink_desc, (vop_t *) procfs_badop },
|
|
{ &vop_write_desc, (vop_t *) procfs_rw },
|
|
{ &vop_ioctl_desc, (vop_t *) procfs_ioctl },
|
|
{ NULL, NULL }
|
|
};
|
|
static struct vnodeopv_desc procfs_vnodeop_opv_desc =
|
|
{ &procfs_vnodeop_p, procfs_vnodeop_entries };
|
|
|
|
VNODEOP_SET(procfs_vnodeop_opv_desc);
|