1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * umh - the kernel usermode helper 4 */ 5 #include <linux/module.h> 6 #include <linux/sched.h> 7 #include <linux/sched/task.h> 8 #include <linux/binfmts.h> 9 #include <linux/syscalls.h> 10 #include <linux/unistd.h> 11 #include <linux/kmod.h> 12 #include <linux/slab.h> 13 #include <linux/completion.h> 14 #include <linux/cred.h> 15 #include <linux/file.h> 16 #include <linux/fdtable.h> 17 #include <linux/workqueue.h> 18 #include <linux/security.h> 19 #include <linux/mount.h> 20 #include <linux/kernel.h> 21 #include <linux/init.h> 22 #include <linux/resource.h> 23 #include <linux/notifier.h> 24 #include <linux/suspend.h> 25 #include <linux/rwsem.h> 26 #include <linux/ptrace.h> 27 #include <linux/async.h> 28 #include <linux/uaccess.h> 29 #include <linux/shmem_fs.h> 30 #include <linux/pipe_fs_i.h> 31 32 #include <trace/events/module.h> 33 34 #define CAP_BSET (void *)1 35 #define CAP_PI (void *)2 36 37 static kernel_cap_t usermodehelper_bset = CAP_FULL_SET; 38 static kernel_cap_t usermodehelper_inheritable = CAP_FULL_SET; 39 static DEFINE_SPINLOCK(umh_sysctl_lock); 40 static DECLARE_RWSEM(umhelper_sem); 41 static LIST_HEAD(umh_list); 42 static DEFINE_MUTEX(umh_list_lock); 43 44 static void call_usermodehelper_freeinfo(struct subprocess_info *info) 45 { 46 if (info->cleanup) 47 (*info->cleanup)(info); 48 kfree(info); 49 } 50 51 static void umh_complete(struct subprocess_info *sub_info) 52 { 53 struct completion *comp = xchg(&sub_info->complete, NULL); 54 /* 55 * See call_usermodehelper_exec(). If xchg() returns NULL 56 * we own sub_info, the UMH_KILLABLE caller has gone away 57 * or the caller used UMH_NO_WAIT. 58 */ 59 if (comp) 60 complete(comp); 61 else 62 call_usermodehelper_freeinfo(sub_info); 63 } 64 65 /* 66 * This is the task which runs the usermode application 67 */ 68 static int call_usermodehelper_exec_async(void *data) 69 { 70 struct subprocess_info *sub_info = data; 71 struct cred *new; 72 int retval; 73 74 spin_lock_irq(¤t->sighand->siglock); 75 flush_signal_handlers(current, 1); 76 spin_unlock_irq(¤t->sighand->siglock); 77 78 /* 79 * Our parent (unbound workqueue) runs with elevated scheduling 80 * priority. Avoid propagating that into the userspace child. 81 */ 82 set_user_nice(current, 0); 83 84 retval = -ENOMEM; 85 new = prepare_kernel_cred(current); 86 if (!new) 87 goto out; 88 89 spin_lock(&umh_sysctl_lock); 90 new->cap_bset = cap_intersect(usermodehelper_bset, new->cap_bset); 91 new->cap_inheritable = cap_intersect(usermodehelper_inheritable, 92 new->cap_inheritable); 93 spin_unlock(&umh_sysctl_lock); 94 95 if (sub_info->init) { 96 retval = sub_info->init(sub_info, new); 97 if (retval) { 98 abort_creds(new); 99 goto out; 100 } 101 } 102 103 commit_creds(new); 104 105 if (sub_info->file) 106 retval = do_execve_file(sub_info->file, 107 sub_info->argv, sub_info->envp); 108 else 109 retval = do_execve(getname_kernel(sub_info->path), 110 (const char __user *const __user *)sub_info->argv, 111 (const char __user *const __user *)sub_info->envp); 112 out: 113 sub_info->retval = retval; 114 /* 115 * call_usermodehelper_exec_sync() will call umh_complete 116 * if UHM_WAIT_PROC. 117 */ 118 if (!(sub_info->wait & UMH_WAIT_PROC)) 119 umh_complete(sub_info); 120 if (!retval) 121 return 0; 122 do_exit(0); 123 } 124 125 /* Handles UMH_WAIT_PROC. */ 126 static void call_usermodehelper_exec_sync(struct subprocess_info *sub_info) 127 { 128 pid_t pid; 129 130 /* If SIGCLD is ignored kernel_wait4 won't populate the status. */ 131 kernel_sigaction(SIGCHLD, SIG_DFL); 132 pid = kernel_thread(call_usermodehelper_exec_async, sub_info, SIGCHLD); 133 if (pid < 0) { 134 sub_info->retval = pid; 135 } else { 136 int ret = -ECHILD; 137 /* 138 * Normally it is bogus to call wait4() from in-kernel because 139 * wait4() wants to write the exit code to a userspace address. 140 * But call_usermodehelper_exec_sync() always runs as kernel 141 * thread (workqueue) and put_user() to a kernel address works 142 * OK for kernel threads, due to their having an mm_segment_t 143 * which spans the entire address space. 144 * 145 * Thus the __user pointer cast is valid here. 146 */ 147 kernel_wait4(pid, (int __user *)&ret, 0, NULL); 148 149 /* 150 * If ret is 0, either call_usermodehelper_exec_async failed and 151 * the real error code is already in sub_info->retval or 152 * sub_info->retval is 0 anyway, so don't mess with it then. 153 */ 154 if (ret) 155 sub_info->retval = ret; 156 } 157 158 /* Restore default kernel sig handler */ 159 kernel_sigaction(SIGCHLD, SIG_IGN); 160 161 umh_complete(sub_info); 162 } 163 164 /* 165 * We need to create the usermodehelper kernel thread from a task that is affine 166 * to an optimized set of CPUs (or nohz housekeeping ones) such that they 167 * inherit a widest affinity irrespective of call_usermodehelper() callers with 168 * possibly reduced affinity (eg: per-cpu workqueues). We don't want 169 * usermodehelper targets to contend a busy CPU. 170 * 171 * Unbound workqueues provide such wide affinity and allow to block on 172 * UMH_WAIT_PROC requests without blocking pending request (up to some limit). 173 * 174 * Besides, workqueues provide the privilege level that caller might not have 175 * to perform the usermodehelper request. 176 * 177 */ 178 static void call_usermodehelper_exec_work(struct work_struct *work) 179 { 180 struct subprocess_info *sub_info = 181 container_of(work, struct subprocess_info, work); 182 183 if (sub_info->wait & UMH_WAIT_PROC) { 184 call_usermodehelper_exec_sync(sub_info); 185 } else { 186 pid_t pid; 187 /* 188 * Use CLONE_PARENT to reparent it to kthreadd; we do not 189 * want to pollute current->children, and we need a parent 190 * that always ignores SIGCHLD to ensure auto-reaping. 191 */ 192 pid = kernel_thread(call_usermodehelper_exec_async, sub_info, 193 CLONE_PARENT | SIGCHLD); 194 if (pid < 0) { 195 sub_info->retval = pid; 196 umh_complete(sub_info); 197 } 198 } 199 } 200 201 /* 202 * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY 203 * (used for preventing user land processes from being created after the user 204 * land has been frozen during a system-wide hibernation or suspend operation). 205 * Should always be manipulated under umhelper_sem acquired for write. 206 */ 207 static enum umh_disable_depth usermodehelper_disabled = UMH_DISABLED; 208 209 /* Number of helpers running */ 210 static atomic_t running_helpers = ATOMIC_INIT(0); 211 212 /* 213 * Wait queue head used by usermodehelper_disable() to wait for all running 214 * helpers to finish. 215 */ 216 static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq); 217 218 /* 219 * Used by usermodehelper_read_lock_wait() to wait for usermodehelper_disabled 220 * to become 'false'. 221 */ 222 static DECLARE_WAIT_QUEUE_HEAD(usermodehelper_disabled_waitq); 223 224 /* 225 * Time to wait for running_helpers to become zero before the setting of 226 * usermodehelper_disabled in usermodehelper_disable() fails 227 */ 228 #define RUNNING_HELPERS_TIMEOUT (5 * HZ) 229 230 int usermodehelper_read_trylock(void) 231 { 232 DEFINE_WAIT(wait); 233 int ret = 0; 234 235 down_read(&umhelper_sem); 236 for (;;) { 237 prepare_to_wait(&usermodehelper_disabled_waitq, &wait, 238 TASK_INTERRUPTIBLE); 239 if (!usermodehelper_disabled) 240 break; 241 242 if (usermodehelper_disabled == UMH_DISABLED) 243 ret = -EAGAIN; 244 245 up_read(&umhelper_sem); 246 247 if (ret) 248 break; 249 250 schedule(); 251 try_to_freeze(); 252 253 down_read(&umhelper_sem); 254 } 255 finish_wait(&usermodehelper_disabled_waitq, &wait); 256 return ret; 257 } 258 EXPORT_SYMBOL_GPL(usermodehelper_read_trylock); 259 260 long usermodehelper_read_lock_wait(long timeout) 261 { 262 DEFINE_WAIT(wait); 263 264 if (timeout < 0) 265 return -EINVAL; 266 267 down_read(&umhelper_sem); 268 for (;;) { 269 prepare_to_wait(&usermodehelper_disabled_waitq, &wait, 270 TASK_UNINTERRUPTIBLE); 271 if (!usermodehelper_disabled) 272 break; 273 274 up_read(&umhelper_sem); 275 276 timeout = schedule_timeout(timeout); 277 if (!timeout) 278 break; 279 280 down_read(&umhelper_sem); 281 } 282 finish_wait(&usermodehelper_disabled_waitq, &wait); 283 return timeout; 284 } 285 EXPORT_SYMBOL_GPL(usermodehelper_read_lock_wait); 286 287 void usermodehelper_read_unlock(void) 288 { 289 up_read(&umhelper_sem); 290 } 291 EXPORT_SYMBOL_GPL(usermodehelper_read_unlock); 292 293 /** 294 * __usermodehelper_set_disable_depth - Modify usermodehelper_disabled. 295 * @depth: New value to assign to usermodehelper_disabled. 296 * 297 * Change the value of usermodehelper_disabled (under umhelper_sem locked for 298 * writing) and wakeup tasks waiting for it to change. 299 */ 300 void __usermodehelper_set_disable_depth(enum umh_disable_depth depth) 301 { 302 down_write(&umhelper_sem); 303 usermodehelper_disabled = depth; 304 wake_up(&usermodehelper_disabled_waitq); 305 up_write(&umhelper_sem); 306 } 307 308 /** 309 * __usermodehelper_disable - Prevent new helpers from being started. 310 * @depth: New value to assign to usermodehelper_disabled. 311 * 312 * Set usermodehelper_disabled to @depth and wait for running helpers to exit. 313 */ 314 int __usermodehelper_disable(enum umh_disable_depth depth) 315 { 316 long retval; 317 318 if (!depth) 319 return -EINVAL; 320 321 down_write(&umhelper_sem); 322 usermodehelper_disabled = depth; 323 up_write(&umhelper_sem); 324 325 /* 326 * From now on call_usermodehelper_exec() won't start any new 327 * helpers, so it is sufficient if running_helpers turns out to 328 * be zero at one point (it may be increased later, but that 329 * doesn't matter). 330 */ 331 retval = wait_event_timeout(running_helpers_waitq, 332 atomic_read(&running_helpers) == 0, 333 RUNNING_HELPERS_TIMEOUT); 334 if (retval) 335 return 0; 336 337 __usermodehelper_set_disable_depth(UMH_ENABLED); 338 return -EAGAIN; 339 } 340 341 static void helper_lock(void) 342 { 343 atomic_inc(&running_helpers); 344 smp_mb__after_atomic(); 345 } 346 347 static void helper_unlock(void) 348 { 349 if (atomic_dec_and_test(&running_helpers)) 350 wake_up(&running_helpers_waitq); 351 } 352 353 /** 354 * call_usermodehelper_setup - prepare to call a usermode helper 355 * @path: path to usermode executable 356 * @argv: arg vector for process 357 * @envp: environment for process 358 * @gfp_mask: gfp mask for memory allocation 359 * @cleanup: a cleanup function 360 * @init: an init function 361 * @data: arbitrary context sensitive data 362 * 363 * Returns either %NULL on allocation failure, or a subprocess_info 364 * structure. This should be passed to call_usermodehelper_exec to 365 * exec the process and free the structure. 366 * 367 * The init function is used to customize the helper process prior to 368 * exec. A non-zero return code causes the process to error out, exit, 369 * and return the failure to the calling process 370 * 371 * The cleanup function is just before ethe subprocess_info is about to 372 * be freed. This can be used for freeing the argv and envp. The 373 * Function must be runnable in either a process context or the 374 * context in which call_usermodehelper_exec is called. 375 */ 376 struct subprocess_info *call_usermodehelper_setup(const char *path, char **argv, 377 char **envp, gfp_t gfp_mask, 378 int (*init)(struct subprocess_info *info, struct cred *new), 379 void (*cleanup)(struct subprocess_info *info), 380 void *data) 381 { 382 struct subprocess_info *sub_info; 383 sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask); 384 if (!sub_info) 385 goto out; 386 387 INIT_WORK(&sub_info->work, call_usermodehelper_exec_work); 388 389 #ifdef CONFIG_STATIC_USERMODEHELPER 390 sub_info->path = CONFIG_STATIC_USERMODEHELPER_PATH; 391 #else 392 sub_info->path = path; 393 #endif 394 sub_info->argv = argv; 395 sub_info->envp = envp; 396 397 sub_info->cleanup = cleanup; 398 sub_info->init = init; 399 sub_info->data = data; 400 out: 401 return sub_info; 402 } 403 EXPORT_SYMBOL(call_usermodehelper_setup); 404 405 struct subprocess_info *call_usermodehelper_setup_file(struct file *file, 406 int (*init)(struct subprocess_info *info, struct cred *new), 407 void (*cleanup)(struct subprocess_info *info), void *data) 408 { 409 struct subprocess_info *sub_info; 410 struct umh_info *info = data; 411 const char *cmdline = (info->cmdline) ? info->cmdline : "usermodehelper"; 412 413 sub_info = kzalloc(sizeof(struct subprocess_info), GFP_KERNEL); 414 if (!sub_info) 415 return NULL; 416 417 sub_info->argv = argv_split(GFP_KERNEL, cmdline, NULL); 418 if (!sub_info->argv) { 419 kfree(sub_info); 420 return NULL; 421 } 422 423 INIT_WORK(&sub_info->work, call_usermodehelper_exec_work); 424 sub_info->path = "none"; 425 sub_info->file = file; 426 sub_info->init = init; 427 sub_info->cleanup = cleanup; 428 sub_info->data = data; 429 return sub_info; 430 } 431 432 static int umh_pipe_setup(struct subprocess_info *info, struct cred *new) 433 { 434 struct umh_info *umh_info = info->data; 435 struct file *from_umh[2]; 436 struct file *to_umh[2]; 437 int err; 438 439 /* create pipe to send data to umh */ 440 err = create_pipe_files(to_umh, 0); 441 if (err) 442 return err; 443 err = replace_fd(0, to_umh[0], 0); 444 fput(to_umh[0]); 445 if (err < 0) { 446 fput(to_umh[1]); 447 return err; 448 } 449 450 /* create pipe to receive data from umh */ 451 err = create_pipe_files(from_umh, 0); 452 if (err) { 453 fput(to_umh[1]); 454 replace_fd(0, NULL, 0); 455 return err; 456 } 457 err = replace_fd(1, from_umh[1], 0); 458 fput(from_umh[1]); 459 if (err < 0) { 460 fput(to_umh[1]); 461 replace_fd(0, NULL, 0); 462 fput(from_umh[0]); 463 return err; 464 } 465 466 umh_info->pipe_to_umh = to_umh[1]; 467 umh_info->pipe_from_umh = from_umh[0]; 468 umh_info->pid = task_pid_nr(current); 469 current->flags |= PF_UMH; 470 return 0; 471 } 472 473 static void umh_clean_and_save_pid(struct subprocess_info *info) 474 { 475 struct umh_info *umh_info = info->data; 476 477 /* cleanup if umh_pipe_setup() was successful but exec failed */ 478 if (info->retval) { 479 fput(umh_info->pipe_to_umh); 480 fput(umh_info->pipe_from_umh); 481 } 482 483 argv_free(info->argv); 484 } 485 486 /** 487 * fork_usermode_blob - fork a blob of bytes as a usermode process 488 * @data: a blob of bytes that can be do_execv-ed as a file 489 * @len: length of the blob 490 * @info: information about usermode process (shouldn't be NULL) 491 * 492 * If info->cmdline is set it will be used as command line for the 493 * user process, else "usermodehelper" is used. 494 * 495 * Returns either negative error or zero which indicates success 496 * in executing a blob of bytes as a usermode process. In such 497 * case 'struct umh_info *info' is populated with two pipes 498 * and a pid of the process. The caller is responsible for health 499 * check of the user process, killing it via pid, and closing the 500 * pipes when user process is no longer needed. 501 */ 502 int fork_usermode_blob(void *data, size_t len, struct umh_info *info) 503 { 504 struct subprocess_info *sub_info; 505 struct file *file; 506 ssize_t written; 507 loff_t pos = 0; 508 int err; 509 510 file = shmem_kernel_file_setup("", len, 0); 511 if (IS_ERR(file)) 512 return PTR_ERR(file); 513 514 written = kernel_write(file, data, len, &pos); 515 if (written != len) { 516 err = written; 517 if (err >= 0) 518 err = -ENOMEM; 519 goto out; 520 } 521 522 err = -ENOMEM; 523 sub_info = call_usermodehelper_setup_file(file, umh_pipe_setup, 524 umh_clean_and_save_pid, info); 525 if (!sub_info) 526 goto out; 527 528 err = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); 529 if (!err) { 530 mutex_lock(&umh_list_lock); 531 list_add(&info->list, &umh_list); 532 mutex_unlock(&umh_list_lock); 533 } 534 out: 535 fput(file); 536 return err; 537 } 538 EXPORT_SYMBOL_GPL(fork_usermode_blob); 539 540 /** 541 * call_usermodehelper_exec - start a usermode application 542 * @sub_info: information about the subprocessa 543 * @wait: wait for the application to finish and return status. 544 * when UMH_NO_WAIT don't wait at all, but you get no useful error back 545 * when the program couldn't be exec'ed. This makes it safe to call 546 * from interrupt context. 547 * 548 * Runs a user-space application. The application is started 549 * asynchronously if wait is not set, and runs as a child of system workqueues. 550 * (ie. it runs with full root capabilities and optimized affinity). 551 * 552 * Note: successful return value does not guarantee the helper was called at 553 * all. You can't rely on sub_info->{init,cleanup} being called even for 554 * UMH_WAIT_* wait modes as STATIC_USERMODEHELPER_PATH="" turns all helpers 555 * into a successful no-op. 556 */ 557 int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait) 558 { 559 DECLARE_COMPLETION_ONSTACK(done); 560 int retval = 0; 561 562 if (!sub_info->path) { 563 call_usermodehelper_freeinfo(sub_info); 564 return -EINVAL; 565 } 566 helper_lock(); 567 if (usermodehelper_disabled) { 568 retval = -EBUSY; 569 goto out; 570 } 571 572 /* 573 * If there is no binary for us to call, then just return and get out of 574 * here. This allows us to set STATIC_USERMODEHELPER_PATH to "" and 575 * disable all call_usermodehelper() calls. 576 */ 577 if (strlen(sub_info->path) == 0) 578 goto out; 579 580 /* 581 * Set the completion pointer only if there is a waiter. 582 * This makes it possible to use umh_complete to free 583 * the data structure in case of UMH_NO_WAIT. 584 */ 585 sub_info->complete = (wait == UMH_NO_WAIT) ? NULL : &done; 586 sub_info->wait = wait; 587 588 queue_work(system_unbound_wq, &sub_info->work); 589 if (wait == UMH_NO_WAIT) /* task has freed sub_info */ 590 goto unlock; 591 592 if (wait & UMH_KILLABLE) { 593 retval = wait_for_completion_killable(&done); 594 if (!retval) 595 goto wait_done; 596 597 /* umh_complete() will see NULL and free sub_info */ 598 if (xchg(&sub_info->complete, NULL)) 599 goto unlock; 600 /* fallthrough, umh_complete() was already called */ 601 } 602 603 wait_for_completion(&done); 604 wait_done: 605 retval = sub_info->retval; 606 out: 607 call_usermodehelper_freeinfo(sub_info); 608 unlock: 609 helper_unlock(); 610 return retval; 611 } 612 EXPORT_SYMBOL(call_usermodehelper_exec); 613 614 /** 615 * call_usermodehelper() - prepare and start a usermode application 616 * @path: path to usermode executable 617 * @argv: arg vector for process 618 * @envp: environment for process 619 * @wait: wait for the application to finish and return status. 620 * when UMH_NO_WAIT don't wait at all, but you get no useful error back 621 * when the program couldn't be exec'ed. This makes it safe to call 622 * from interrupt context. 623 * 624 * This function is the equivalent to use call_usermodehelper_setup() and 625 * call_usermodehelper_exec(). 626 */ 627 int call_usermodehelper(const char *path, char **argv, char **envp, int wait) 628 { 629 struct subprocess_info *info; 630 gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; 631 632 info = call_usermodehelper_setup(path, argv, envp, gfp_mask, 633 NULL, NULL, NULL); 634 if (info == NULL) 635 return -ENOMEM; 636 637 return call_usermodehelper_exec(info, wait); 638 } 639 EXPORT_SYMBOL(call_usermodehelper); 640 641 static int proc_cap_handler(struct ctl_table *table, int write, 642 void *buffer, size_t *lenp, loff_t *ppos) 643 { 644 struct ctl_table t; 645 unsigned long cap_array[_KERNEL_CAPABILITY_U32S]; 646 kernel_cap_t new_cap; 647 int err, i; 648 649 if (write && (!capable(CAP_SETPCAP) || 650 !capable(CAP_SYS_MODULE))) 651 return -EPERM; 652 653 /* 654 * convert from the global kernel_cap_t to the ulong array to print to 655 * userspace if this is a read. 656 */ 657 spin_lock(&umh_sysctl_lock); 658 for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++) { 659 if (table->data == CAP_BSET) 660 cap_array[i] = usermodehelper_bset.cap[i]; 661 else if (table->data == CAP_PI) 662 cap_array[i] = usermodehelper_inheritable.cap[i]; 663 else 664 BUG(); 665 } 666 spin_unlock(&umh_sysctl_lock); 667 668 t = *table; 669 t.data = &cap_array; 670 671 /* 672 * actually read or write and array of ulongs from userspace. Remember 673 * these are least significant 32 bits first 674 */ 675 err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); 676 if (err < 0) 677 return err; 678 679 /* 680 * convert from the sysctl array of ulongs to the kernel_cap_t 681 * internal representation 682 */ 683 for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++) 684 new_cap.cap[i] = cap_array[i]; 685 686 /* 687 * Drop everything not in the new_cap (but don't add things) 688 */ 689 if (write) { 690 spin_lock(&umh_sysctl_lock); 691 if (table->data == CAP_BSET) 692 usermodehelper_bset = cap_intersect(usermodehelper_bset, new_cap); 693 if (table->data == CAP_PI) 694 usermodehelper_inheritable = cap_intersect(usermodehelper_inheritable, new_cap); 695 spin_unlock(&umh_sysctl_lock); 696 } 697 698 return 0; 699 } 700 701 void __exit_umh(struct task_struct *tsk) 702 { 703 struct umh_info *info; 704 pid_t pid = tsk->pid; 705 706 mutex_lock(&umh_list_lock); 707 list_for_each_entry(info, &umh_list, list) { 708 if (info->pid == pid) { 709 list_del(&info->list); 710 mutex_unlock(&umh_list_lock); 711 goto out; 712 } 713 } 714 mutex_unlock(&umh_list_lock); 715 return; 716 out: 717 if (info->cleanup) 718 info->cleanup(info); 719 } 720 721 struct ctl_table usermodehelper_table[] = { 722 { 723 .procname = "bset", 724 .data = CAP_BSET, 725 .maxlen = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long), 726 .mode = 0600, 727 .proc_handler = proc_cap_handler, 728 }, 729 { 730 .procname = "inheritable", 731 .data = CAP_PI, 732 .maxlen = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long), 733 .mode = 0600, 734 .proc_handler = proc_cap_handler, 735 }, 736 { } 737 }; 738