1 /* Linux namespaces(7) support.
3 Copyright (C) 2015 Free Software Foundation, Inc.
5 This file is part of GDB.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "common-defs.h"
21 #include "nat/linux-namespaces.h"
22 #include "filestuff.h"
24 #include <sys/syscall.h>
25 #include <sys/types.h>
27 #include <sys/socket.h>
32 /* See nat/linux-namespaces.h. */
33 int debug_linux_namespaces;
35 /* Handle systems without setns. */
39 setns (int fd, int nstype)
42 return syscall (__NR_setns, fd, nstype);
50 /* A Linux namespace. */
54 /* Filename of this namespace's entries in /proc/PID/ns. */
57 /* Nonzero if this object has been initialized. */
60 /* Nonzero if this namespace is supported on this system. */
63 /* ID of the namespace the calling process is in, used to
64 see if other processes share the namespace. The code in
65 this file assumes that the calling process never changes
70 /* Return the absolute filename of process PID's /proc/PID/ns
71 entry for namespace NS. The returned value persists until
72 this function is next called. */
75 linux_ns_filename (struct linux_ns *ns, int pid)
77 static char filename[PATH_MAX];
80 xsnprintf (filename, sizeof (filename), "/proc/%d/ns/%s", pid,
86 /* Return a representation of the caller's TYPE namespace, or
87 NULL if TYPE namespaces are not supported on this system. */
89 static struct linux_ns *
90 linux_ns_get_namespace (enum linux_ns_type type)
92 static struct linux_ns namespaces[NUM_LINUX_NS_TYPES] =
103 gdb_assert (type >= 0 && type < NUM_LINUX_NS_TYPES);
104 ns = &namespaces[type];
106 if (!ns->initialized)
110 if (stat (linux_ns_filename (ns, getpid ()), &sb) == 0)
120 return ns->supported ? ns : NULL;
123 /* See nat/linux-namespaces.h. */
126 linux_ns_same (pid_t pid, enum linux_ns_type type)
128 struct linux_ns *ns = linux_ns_get_namespace (type);
129 const char *filename;
132 /* If the kernel does not support TYPE namespaces then there's
133 effectively only one TYPE namespace that all processes on
138 /* Stat PID's TYPE namespace entry to get the namespace ID. This
139 might fail if the process died, or if we don't have the right
140 permissions (though we should be attached by this time so this
141 seems unlikely). In any event, we can't make any decisions and
143 filename = linux_ns_filename (ns, pid);
144 if (stat (filename, &sb) != 0)
145 perror_with_name (filename);
147 return sb.st_ino == ns->id;
150 /* We need to use setns(2) to handle filesystem access in mount
151 namespaces other than our own, but this isn't permitted for
152 multithreaded processes. GDB is multithreaded when compiled
153 with Guile support, and may become multithreaded if compiled
154 with Python support. We deal with this by spawning a single-
155 threaded helper process to access mount namespaces other than
158 The helper process is started the first time a call to setns
159 is required. The main process (GDB or gdbserver) communicates
160 with the helper via sockets, passing file descriptors where
161 necessary using SCM_RIGHTS. Once started the helper process
162 runs until the main process terminates; when this happens the
163 helper will receive socket errors, notice that its parent died,
164 and exit accordingly (see mnsh_maybe_mourn_peer).
166 The protocol is that the main process sends a request in a
167 single message, and the helper replies to every message it
168 receives with a single-message response. If the helper
169 receives a message it does not understand it will reply with
170 a MNSH_MSG_ERROR message. The main process checks all
171 responses it receives with gdb_assert, so if the main process
172 receives something unexpected (which includes MNSH_MSG_ERROR)
173 the main process will call internal_error.
175 For avoidance of doubt, if the helper process receives a
176 message it doesn't handle it will reply with MNSH_MSG_ERROR.
177 If the main process receives MNSH_MSG_ERROR at any time then
178 it will call internal_error. If internal_error causes the
179 main process to exit, the helper will notice this and also
180 exit. The helper will not exit until the main process
181 terminates, so if the user continues through internal_error
182 the helper will still be there awaiting requests from the
185 Messages in both directions have the following payload:
187 - TYPE (enum mnsh_msg_type, always sent) - the message type.
189 - INT2 (int, always sent, though not always used) - two
190 values whose meaning is message-type-dependent.
191 See enum mnsh_msg_type documentation below.
192 - FD (int, optional, sent using SCM_RIGHTS) - an open file
194 - BUF (unstructured data, optional) - some data with message-
195 type-dependent meaning.
197 Note that the helper process is the child of a call to fork,
198 so all code in the helper must be async-signal-safe. */
200 /* Mount namespace helper message types. */
204 /* A communication error occurred. Receipt of this message
205 by either end will cause an assertion failure in the main
209 /* Requests, sent from the main process to the helper. */
211 /* A request that the helper call setns. Arguments should
212 be passed in FD and INT1. Helper should respond with a
216 /* A request that the helper call open. Arguments should
217 be passed in BUF, INT1 and INT2. The filename (in BUF)
218 should include a terminating NUL character. The helper
219 should respond with a MNSH_RET_FD. */
222 /* A request that the helper call unlink. The single
223 argument (the filename) should be passed in BUF, and
224 should include a terminating NUL character. The helper
225 should respond with a MNSH_RET_INT. */
228 /* A request that the helper call readlink. The single
229 argument (the filename) should be passed in BUF, and
230 should include a terminating NUL character. The helper
231 should respond with a MNSH_RET_INTSTR. */
234 /* Responses, sent to the main process from the helper. */
236 /* Return an integer in INT1 and errno in INT2. */
239 /* Return a file descriptor in FD if one was opened or an
240 integer in INT1 otherwise. Return errno in INT2. */
243 /* Return an integer in INT1, errno in INT2, and optionally
248 /* Print a string representation of a message using debug_printf.
249 This function is not async-signal-safe so should never be
250 called from the helper. */
253 mnsh_debug_print_message (enum mnsh_msg_type type,
254 int fd, int int1, int int2,
255 const void *buf, int bufsiz)
257 gdb_byte *c = (gdb_byte *) buf;
258 gdb_byte *cl = c + bufsiz;
263 debug_printf ("ERROR");
267 debug_printf ("SETNS");
271 debug_printf ("OPEN");
274 case MNSH_REQ_UNLINK:
275 debug_printf ("UNLINK");
278 case MNSH_REQ_READLINK:
279 debug_printf ("READLINK");
283 debug_printf ("INT");
290 case MNSH_RET_INTSTR:
291 debug_printf ("INTSTR");
295 debug_printf ("unknown-packet-%d", type);
298 debug_printf (" %d %d %d \"", fd, int1, int2);
301 debug_printf (*c >= ' ' && *c <= '~' ? "%c" : "\\%o", *c);
306 /* Forward declaration. */
308 static void mnsh_maybe_mourn_peer (void);
310 /* Send a message. The argument SOCK is the file descriptor of the
311 sending socket, the other arguments are the payload to send.
312 Return the number of bytes sent on success. Return -1 on failure
313 and set errno appropriately. This function is called by both the
314 main process and the helper so must be async-signal-safe. */
317 mnsh_send_message (int sock, enum mnsh_msg_type type,
318 int fd, int int1, int int2,
319 const void *buf, int bufsiz)
323 char fdbuf[CMSG_SPACE (sizeof (fd))];
326 /* Build the basic TYPE, INT1, INT2 message. */
327 memset (&msg, 0, sizeof (msg));
330 iov[0].iov_base = &type;
331 iov[0].iov_len = sizeof (type);
332 iov[1].iov_base = &int1;
333 iov[1].iov_len = sizeof (int1);
334 iov[2].iov_base = &int2;
335 iov[2].iov_len = sizeof (int2);
339 /* Append BUF if supplied. */
340 if (buf != NULL && bufsiz > 0)
342 iov[3].iov_base = alloca (bufsiz);
343 memcpy (iov[3].iov_base, buf, bufsiz);
344 iov[3].iov_len = bufsiz;
349 /* Attach FD if supplied. */
352 struct cmsghdr *cmsg;
354 msg.msg_control = fdbuf;
355 msg.msg_controllen = sizeof (fdbuf);
357 cmsg = CMSG_FIRSTHDR (&msg);
358 cmsg->cmsg_level = SOL_SOCKET;
359 cmsg->cmsg_type = SCM_RIGHTS;
360 cmsg->cmsg_len = CMSG_LEN (sizeof (int));
362 memcpy (CMSG_DATA (cmsg), &fd, sizeof (int));
364 msg.msg_controllen = cmsg->cmsg_len;
367 /* Send the message. */
368 size = sendmsg (sock, &msg, 0);
371 mnsh_maybe_mourn_peer ();
373 if (debug_linux_namespaces)
375 debug_printf ("mnsh: send: ");
376 mnsh_debug_print_message (type, fd, int1, int2, buf, bufsiz);
377 debug_printf (" -> %s\n", pulongest (size));
383 /* Receive a message. The argument SOCK is the file descriptor of
384 the receiving socket, the other arguments point to storage for
385 the received payload. Returns the number of bytes stored into
386 BUF on success, which may be zero in the event no BUF was sent.
387 Return -1 on failure and set errno appropriately. This function
388 is called from both the main process and the helper and must be
389 async-signal-safe. */
392 mnsh_recv_message (int sock, enum mnsh_msg_type *type,
393 int *fd, int *int1, int *int2,
394 void *buf, int bufsiz)
398 char fdbuf[CMSG_SPACE (sizeof (*fd))];
399 struct cmsghdr *cmsg;
400 ssize_t size, fixed_size;
403 /* Build the message to receive data into. */
404 memset (&msg, 0, sizeof (msg));
407 iov[0].iov_base = type;
408 iov[0].iov_len = sizeof (*type);
409 iov[1].iov_base = int1;
410 iov[1].iov_len = sizeof (*int1);
411 iov[2].iov_base = int2;
412 iov[2].iov_len = sizeof (*int2);
413 iov[3].iov_base = buf;
414 iov[3].iov_len = bufsiz;
418 for (fixed_size = i = 0; i < msg.msg_iovlen - 1; i++)
419 fixed_size += iov[i].iov_len;
421 msg.msg_control = fdbuf;
422 msg.msg_controllen = sizeof (fdbuf);
424 /* Receive the message. */
425 size = recvmsg (sock, &msg, MSG_CMSG_CLOEXEC);
428 if (debug_linux_namespaces)
429 debug_printf ("namespace-helper: recv failed (%s)\n",
432 mnsh_maybe_mourn_peer ();
437 /* Check for truncation. */
438 if (size < fixed_size || (msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC)))
440 if (debug_linux_namespaces)
441 debug_printf ("namespace-helper: recv truncated (%s 0x%x)\n",
442 pulongest (size), msg.msg_flags);
444 mnsh_maybe_mourn_peer ();
450 /* Unpack the file descriptor if supplied. */
451 cmsg = CMSG_FIRSTHDR (&msg);
453 && cmsg->cmsg_len == CMSG_LEN (sizeof (int))
454 && cmsg->cmsg_level == SOL_SOCKET
455 && cmsg->cmsg_type == SCM_RIGHTS)
456 memcpy (fd, CMSG_DATA (cmsg), sizeof (int));
460 if (debug_linux_namespaces)
462 debug_printf ("mnsh: recv: ");
463 mnsh_debug_print_message (*type, *fd, *int1, *int2, buf,
468 /* Return the number of bytes of data in BUF. */
469 return size - fixed_size;
472 /* Shortcuts for returning results from the helper. */
474 #define mnsh_return_int(sock, result, error) \
475 mnsh_send_message (sock, MNSH_RET_INT, -1, result, error, NULL, 0)
477 #define mnsh_return_fd(sock, fd, error) \
478 mnsh_send_message (sock, MNSH_RET_FD, \
479 (fd) < 0 ? -1 : (fd), \
480 (fd) < 0 ? (fd) : 0, \
483 #define mnsh_return_intstr(sock, result, buf, bufsiz, error) \
484 mnsh_send_message (sock, MNSH_RET_INTSTR, -1, result, error, \
487 /* Handle a MNSH_REQ_SETNS message. Must be async-signal-safe. */
490 mnsh_handle_setns (int sock, int fd, int nstype)
492 int result = setns (fd, nstype);
494 return mnsh_return_int (sock, result, errno);
497 /* Handle a MNSH_REQ_OPEN message. Must be async-signal-safe. */
500 mnsh_handle_open (int sock, const char *filename,
501 int flags, mode_t mode)
503 int fd = gdb_open_cloexec (filename, flags, mode);
504 ssize_t result = mnsh_return_fd (sock, fd, errno);
512 /* Handle a MNSH_REQ_UNLINK message. Must be async-signal-safe. */
515 mnsh_handle_unlink (int sock, const char *filename)
517 int result = unlink (filename);
519 return mnsh_return_int (sock, result, errno);
522 /* Handle a MNSH_REQ_READLINK message. Must be async-signal-safe. */
525 mnsh_handle_readlink (int sock, const char *filename)
528 int len = readlink (filename, buf, sizeof (buf));
530 return mnsh_return_intstr (sock, len,
531 buf, len < 0 ? 0 : len,
535 /* The helper process. Never returns. Must be async-signal-safe. */
537 static void mnsh_main (int sock) ATTRIBUTE_NORETURN;
544 enum mnsh_msg_type type;
547 ssize_t size, response = -1;
549 size = mnsh_recv_message (sock, &type,
553 if (size >= 0 && size < sizeof (buf))
559 response = mnsh_handle_setns (sock, fd, int1);
563 if (size > 0 && buf[size - 1] == '\0')
564 response = mnsh_handle_open (sock, buf, int1, int2);
567 case MNSH_REQ_UNLINK:
568 if (size > 0 && buf[size - 1] == '\0')
569 response = mnsh_handle_unlink (sock, buf);
572 case MNSH_REQ_READLINK:
573 if (size > 0 && buf[size - 1] == '\0')
574 response = mnsh_handle_readlink (sock, buf);
578 break; /* Handled below. */
582 /* Close any file descriptors we were passed. */
586 /* Can't handle this message, bounce it back. */
592 mnsh_send_message (sock, MNSH_MSG_ERROR,
593 -1, int1, int2, buf, size);
598 /* The mount namespace helper process. */
605 /* Socket for communication. */
608 /* ID of the mount namespace the helper is currently in. */
612 /* In the helper process this is set to the PID of the process that
613 created the helper (i.e. GDB or gdbserver). In the main process
614 this is set to zero. Used by mnsh_maybe_mourn_peer. */
615 static int mnsh_creator_pid = 0;
617 /* Return an object representing the mount namespace helper process.
618 If no mount namespace helper process has been started then start
619 one. Return NULL if no mount namespace helper process could be
622 static struct linux_mnsh *
623 linux_mntns_get_helper (void)
625 static struct linux_mnsh *helper = NULL;
629 static struct linux_mnsh h;
631 pid_t helper_creator = getpid ();
634 ns = linux_ns_get_namespace (LINUX_NS_MNT);
638 if (gdb_socketpair_cloexec (AF_UNIX, SOCK_STREAM, 0, sv) < 0)
644 int saved_errno = errno;
658 mnsh_creator_pid = helper_creator;
660 /* Debug printing isn't async-signal-safe. */
661 debug_linux_namespaces = 0;
666 /* Parent process. */
670 helper->sock = sv[0];
671 helper->nsid = ns->id;
673 if (debug_linux_namespaces)
674 debug_printf ("Started mount namespace helper process %d\n",
681 /* Check whether the other process died and act accordingly. Called
682 whenever a socket error occurs, from both the main process and the
683 helper. Must be async-signal-safe when called from the helper. */
686 mnsh_maybe_mourn_peer (void)
688 if (mnsh_creator_pid != 0)
690 /* We're in the helper. Check if our current parent is the
691 process that started us. If it isn't, then our original
692 parent died and we've been reparented. Exit immediately
693 if that's the case. */
694 if (getppid () != mnsh_creator_pid)
699 /* We're in the main process. */
701 struct linux_mnsh *helper = linux_mntns_get_helper ();
707 /* We already mourned it. */
711 pid = waitpid (helper->pid, &status, WNOHANG);
714 /* The helper is still alive. */
720 warning (_("mount namespace helper vanished?"));
722 internal_warning (__FILE__, __LINE__,
723 _("unhandled error %d"), errno);
725 else if (pid == helper->pid)
727 if (WIFEXITED (status))
728 warning (_("mount namespace helper exited with status %d"),
729 WEXITSTATUS (status));
730 else if (WIFSIGNALED (status))
731 warning (_("mount namespace helper killed by signal %d"),
734 internal_warning (__FILE__, __LINE__,
735 _("unhandled status %d"), status);
738 internal_warning (__FILE__, __LINE__,
739 _("unknown pid %d"), pid);
741 /* Something unrecoverable happened. */
746 /* Shortcuts for sending messages to the helper. */
748 #define mnsh_send_setns(helper, fd, nstype) \
749 mnsh_send_message (helper->sock, MNSH_REQ_SETNS, fd, nstype, 0, \
752 #define mnsh_send_open(helper, filename, flags, mode) \
753 mnsh_send_message (helper->sock, MNSH_REQ_OPEN, -1, flags, mode, \
754 filename, strlen (filename) + 1)
756 #define mnsh_send_unlink(helper, filename) \
757 mnsh_send_message (helper->sock, MNSH_REQ_UNLINK, -1, 0, 0, \
758 filename, strlen (filename) + 1)
760 #define mnsh_send_readlink(helper, filename) \
761 mnsh_send_message (helper->sock, MNSH_REQ_READLINK, -1, 0, 0, \
762 filename, strlen (filename) + 1)
764 /* Receive a message from the helper. Issue an assertion failure if
765 the message isn't a correctly-formatted MNSH_RET_INT. Set RESULT
766 and ERROR and return 0 on success. Set errno and return -1 on
770 mnsh_recv_int (struct linux_mnsh *helper, int *result, int *error)
772 enum mnsh_msg_type type;
777 size = mnsh_recv_message (helper->sock, &type, &fd,
783 gdb_assert (type == MNSH_RET_INT);
784 gdb_assert (fd == -1);
785 gdb_assert (size == 0);
790 /* Receive a message from the helper. Issue an assertion failure if
791 the message isn't a correctly-formatted MNSH_RET_FD. Set FD and
792 ERROR and return 0 on success. Set errno and return -1 on
796 mnsh_recv_fd (struct linux_mnsh *helper, int *fd, int *error)
798 enum mnsh_msg_type type;
803 size = mnsh_recv_message (helper->sock, &type, fd,
809 gdb_assert (type == MNSH_RET_FD);
810 gdb_assert (size == 0);
814 gdb_assert (result < 0);
821 /* Receive a message from the helper. Issue an assertion failure if
822 the message isn't a correctly-formatted MNSH_RET_INTSTR. Set
823 RESULT and ERROR and optionally store data in BUF, then return
824 the number of bytes stored in BUF on success (this may be zero).
825 Set errno and return -1 on error. */
828 mnsh_recv_intstr (struct linux_mnsh *helper,
829 int *result, int *error,
830 void *buf, int bufsiz)
832 enum mnsh_msg_type type;
836 size = mnsh_recv_message (helper->sock, &type, &fd,
843 gdb_assert (type == MNSH_RET_INTSTR);
844 gdb_assert (fd == -1);
849 /* Return values for linux_mntns_access_fs. */
853 /* Something went wrong, errno is set. */
856 /* The main process is in the correct mount namespace.
857 The caller should access the filesystem directly. */
860 /* The helper is in the correct mount namespace.
861 The caller should access the filesystem via the helper. */
865 /* Return a value indicating how the caller should access the
866 mount namespace of process PID. */
868 static enum mnsh_fs_code
869 linux_mntns_access_fs (pid_t pid)
871 struct cleanup *old_chain;
874 struct linux_mnsh *helper;
878 if (pid == getpid ())
879 return MNSH_FS_DIRECT;
881 ns = linux_ns_get_namespace (LINUX_NS_MNT);
883 return MNSH_FS_DIRECT;
885 old_chain = make_cleanup (null_cleanup, NULL);
887 fd = gdb_open_cloexec (linux_ns_filename (ns, pid), O_RDONLY, 0);
891 old_chain = make_cleanup_close (fd);
893 if (fstat (fd, &sb) != 0)
896 if (sb.st_ino == ns->id)
898 do_cleanups (old_chain);
900 return MNSH_FS_DIRECT;
903 helper = linux_mntns_get_helper ();
907 if (sb.st_ino != helper->nsid)
911 size = mnsh_send_setns (helper, fd, 0);
915 if (mnsh_recv_int (helper, &result, &error) != 0)
920 /* ENOSYS indicates that an entire function is unsupported
921 (it's not appropriate for our versions of open/unlink/
922 readlink to sometimes return with ENOSYS depending on how
923 they're called) so we convert ENOSYS to ENOTSUP if setns
932 helper->nsid = sb.st_ino;
935 do_cleanups (old_chain);
937 return MNSH_FS_HELPER;
942 do_cleanups (old_chain);
945 return MNSH_FS_ERROR;
948 /* See nat/linux-namespaces.h. */
951 linux_mntns_open_cloexec (pid_t pid, const char *filename,
952 int flags, mode_t mode)
954 enum mnsh_fs_code access = linux_mntns_access_fs (pid);
955 struct linux_mnsh *helper;
959 if (access == MNSH_FS_ERROR)
962 if (access == MNSH_FS_DIRECT)
963 return gdb_open_cloexec (filename, flags, mode);
965 gdb_assert (access == MNSH_FS_HELPER);
967 helper = linux_mntns_get_helper ();
969 size = mnsh_send_open (helper, filename, flags, mode);
973 if (mnsh_recv_fd (helper, &fd, &error) != 0)
982 /* See nat/linux-namespaces.h. */
985 linux_mntns_unlink (pid_t pid, const char *filename)
987 enum mnsh_fs_code access = linux_mntns_access_fs (pid);
988 struct linux_mnsh *helper;
992 if (access == MNSH_FS_ERROR)
995 if (access == MNSH_FS_DIRECT)
996 return unlink (filename);
998 gdb_assert (access == MNSH_FS_HELPER);
1000 helper = linux_mntns_get_helper ();
1002 size = mnsh_send_unlink (helper, filename);
1006 if (mnsh_recv_int (helper, &ret, &error) != 0)
1015 /* See nat/linux-namespaces.h. */
1018 linux_mntns_readlink (pid_t pid, const char *filename,
1019 char *buf, size_t bufsiz)
1021 enum mnsh_fs_code access = linux_mntns_access_fs (pid);
1022 struct linux_mnsh *helper;
1026 if (access == MNSH_FS_ERROR)
1029 if (access == MNSH_FS_DIRECT)
1030 return readlink (filename, buf, bufsiz);
1032 gdb_assert (access == MNSH_FS_HELPER);
1034 helper = linux_mntns_get_helper ();
1036 size = mnsh_send_readlink (helper, filename);
1040 size = mnsh_recv_intstr (helper, &ret, &error, buf, bufsiz);
1048 gdb_assert (size == ret);