Lines Matching +full:group +full:- +full:default
1 // SPDX-License-Identifier: GPL-2.0
35 * Legacy fanotify marks limits (8192) is per group and we introduced a tunable
37 * of fanotify marks per user is <max marks per group> * <max groups per user>.
38 * This default limit (1M) also happens to match the increased limit of inotify
119 struct fsnotify_group *group; in perm_group_watchdog() local
128 list_for_each_entry(group, &perm_group_list, in perm_group_watchdog()
134 if (list_empty(&group->fanotify_data.access_list)) in perm_group_watchdog()
137 spin_lock(&group->notification_lock); in perm_group_watchdog()
138 list_for_each_entry(event, &group->fanotify_data.access_list, in perm_group_watchdog()
140 if (likely(event->watchdog_cnt == 0)) { in perm_group_watchdog()
141 event->watchdog_cnt = 1; in perm_group_watchdog()
142 } else if (event->watchdog_cnt == 1) { in perm_group_watchdog()
144 event->watchdog_cnt = 2; in perm_group_watchdog()
147 if (event->recv_pid == failed_pid) in perm_group_watchdog()
150 failed_pid = event->recv_pid; in perm_group_watchdog()
152 task = find_task_by_pid_ns(event->recv_pid, in perm_group_watchdog()
156 event->recv_pid, in perm_group_watchdog()
157 task ? task->comm : NULL, in perm_group_watchdog()
162 spin_unlock(&group->notification_lock); in perm_group_watchdog()
167 static void fanotify_perm_watchdog_group_remove(struct fsnotify_group *group) in fanotify_perm_watchdog_group_remove() argument
169 if (!list_empty(&group->fanotify_data.perm_grp_list)) { in fanotify_perm_watchdog_group_remove()
170 /* Perm event watchdog can no longer scan this group. */ in fanotify_perm_watchdog_group_remove()
172 list_del_init(&group->fanotify_data.perm_grp_list); in fanotify_perm_watchdog_group_remove()
177 static void fanotify_perm_watchdog_group_add(struct fsnotify_group *group) in fanotify_perm_watchdog_group_add() argument
183 if (list_empty(&group->fanotify_data.perm_grp_list)) { in fanotify_perm_watchdog_group_add()
187 list_add_tail(&group->fanotify_data.perm_grp_list, &perm_group_list); in fanotify_perm_watchdog_group_add()
245 info->name_len); in fanotify_dir_name_info_len()
248 info->name2_len); in fanotify_dir_name_info_len()
260 if (fanotify_is_error_event(event->mask)) in fanotify_event_len()
266 (event->mask & FAN_ONDIR)) { in fanotify_event_len()
268 * With group flag FAN_REPORT_NAME, if name was not recorded in in fanotify_event_len()
278 if (fanotify_is_mnt_event(event->mask)) in fanotify_event_len()
293 static void fanotify_unhash_event(struct fsnotify_group *group, in fanotify_unhash_event() argument
296 assert_spin_locked(&group->notification_lock); in fanotify_unhash_event()
298 pr_debug("%s: group=%p event=%p bucket=%u\n", __func__, in fanotify_unhash_event()
299 group, event, fanotify_event_hash_bucket(group, event)); in fanotify_unhash_event()
301 if (WARN_ON_ONCE(hlist_unhashed(&event->merge_list))) in fanotify_unhash_event()
304 hlist_del_init(&event->merge_list); in fanotify_unhash_event()
313 static struct fanotify_event *get_one_event(struct fsnotify_group *group, in get_one_event() argument
319 unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES); in get_one_event()
321 pr_debug("%s: group=%p count=%zd\n", __func__, group, count); in get_one_event()
323 spin_lock(&group->notification_lock); in get_one_event()
324 fsn_event = fsnotify_peek_first_event(group); in get_one_event()
332 event = ERR_PTR(-EINVAL); in get_one_event()
340 fsnotify_remove_first_event(group); in get_one_event()
341 if (fanotify_is_perm_event(event->mask)) in get_one_event()
342 FANOTIFY_PERM(event)->state = FAN_EVENT_REPORTED; in get_one_event()
343 if (fanotify_is_hashed_event(event->mask)) in get_one_event()
344 fanotify_unhash_event(group, event); in get_one_event()
346 spin_unlock(&group->notification_lock); in get_one_event()
350 static int create_fd(struct fsnotify_group *group, const struct path *path, in create_fd() argument
356 client_fd = get_unused_fd_flags(group->fanotify_data.f_flags); in create_fd()
364 new_file = dentry_open_nonotify(path, group->fanotify_data.f_flags, in create_fd()
381 return -EINVAL; in process_access_response_info()
384 return -EFAULT; in process_access_response_info()
386 if (friar->hdr.type != FAN_RESPONSE_INFO_AUDIT_RULE) in process_access_response_info()
387 return -EINVAL; in process_access_response_info()
388 if (friar->hdr.pad != 0) in process_access_response_info()
389 return -EINVAL; in process_access_response_info()
390 if (friar->hdr.len != sizeof(*friar)) in process_access_response_info()
391 return -EINVAL; in process_access_response_info()
398 * drop group->notification_lock.
400 static void finish_permission_event(struct fsnotify_group *group, in finish_permission_event() argument
403 __releases(&group->notification_lock) in finish_permission_event()
407 assert_spin_locked(&group->notification_lock); in finish_permission_event()
408 event->response = response & ~FAN_INFO; in finish_permission_event()
410 memcpy(&event->audit_rule, friar, sizeof(*friar)); in finish_permission_event()
412 if (event->state == FAN_EVENT_CANCELED) in finish_permission_event()
415 event->state = FAN_EVENT_ANSWERED; in finish_permission_event()
416 spin_unlock(&group->notification_lock); in finish_permission_event()
418 fsnotify_destroy_event(group, &event->fae.fse); in finish_permission_event()
421 static int process_access_response(struct fsnotify_group *group, in process_access_response() argument
427 int fd = response_struct->fd; in process_access_response()
428 u32 response = response_struct->response; in process_access_response()
433 pr_debug("%s: group=%p fd=%d response=%x errno=%d buf=%p size=%zu\n", in process_access_response()
434 __func__, group, fd, response, errno, info, info_len); in process_access_response()
441 return -EINVAL; in process_access_response()
446 return -EINVAL; in process_access_response()
449 /* Custom errno is supported only for pre-content groups */ in process_access_response()
450 if (errno && group->priority != FSNOTIFY_PRIO_PRE_CONTENT) in process_access_response()
451 return -EINVAL; in process_access_response()
467 default: in process_access_response()
468 return -EINVAL; in process_access_response()
471 default: in process_access_response()
472 return -EINVAL; in process_access_response()
475 if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT)) in process_access_response()
476 return -EINVAL; in process_access_response()
489 return -EINVAL; in process_access_response()
491 spin_lock(&group->notification_lock); in process_access_response()
492 list_for_each_entry(event, &group->fanotify_data.access_list, in process_access_response()
494 if (event->fd != fd) in process_access_response()
497 list_del_init(&event->fae.fse.list); in process_access_response()
498 finish_permission_event(group, event, response, &friar); in process_access_response()
499 wake_up(&group->fanotify_data.access_waitq); in process_access_response()
502 spin_unlock(&group->notification_lock); in process_access_response()
504 return -ENOENT; in process_access_response()
516 return -EFAULT; in copy_mnt_info_to_user()
518 info.mnt_id = FANOTIFY_ME(event)->mnt_id; in copy_mnt_info_to_user()
521 return -EFAULT; in copy_mnt_info_to_user()
536 return -EFAULT; in copy_error_info_to_user()
538 info.error = fee->error; in copy_error_info_to_user()
539 info.error_count = fee->err_count; in copy_error_info_to_user()
542 return -EFAULT; in copy_error_info_to_user()
555 size_t fh_len = fh ? fh->len : 0; in copy_fid_info_to_user()
563 return -EFAULT; in copy_fid_info_to_user()
573 return -EFAULT; in copy_fid_info_to_user()
579 return -EFAULT; in copy_fid_info_to_user()
581 default: in copy_fid_info_to_user()
582 return -EFAULT; in copy_fid_info_to_user()
589 return -EFAULT; in copy_fid_info_to_user()
592 len -= sizeof(info); in copy_fid_info_to_user()
594 return -EFAULT; in copy_fid_info_to_user()
596 handle.handle_type = fh->type; in copy_fid_info_to_user()
604 return -EFAULT; in copy_fid_info_to_user()
607 len -= sizeof(handle); in copy_fid_info_to_user()
609 return -EFAULT; in copy_fid_info_to_user()
621 return -EFAULT; in copy_fid_info_to_user()
624 len -= fh_len; in copy_fid_info_to_user()
630 return -EFAULT; in copy_fid_info_to_user()
633 return -EFAULT; in copy_fid_info_to_user()
636 len -= name_len; in copy_fid_info_to_user()
642 return -EFAULT; in copy_fid_info_to_user()
655 return -EFAULT; in copy_pidfd_info_to_user()
662 return -EFAULT; in copy_pidfd_info_to_user()
675 return -EFAULT; in copy_range_info_to_user()
677 if (WARN_ON_ONCE(!pevent->ppos)) in copy_range_info_to_user()
678 return -EINVAL; in copy_range_info_to_user()
682 info.offset = *(pevent->ppos); in copy_range_info_to_user()
683 info.count = pevent->count; in copy_range_info_to_user()
686 return -EFAULT; in copy_range_info_to_user()
707 info_type = info->name_len ? FAN_EVENT_INFO_TYPE_DFID_NAME : in copy_info_records_to_user()
711 if (event->mask & FAN_RENAME) in copy_info_records_to_user()
718 info->name_len, buf, count); in copy_info_records_to_user()
723 count -= ret; in copy_info_records_to_user()
734 info->name2_len, buf, count); in copy_info_records_to_user()
739 count -= ret; in copy_info_records_to_user()
749 * With only group flag FAN_REPORT_FID only type FID is in copy_info_records_to_user()
754 (event->mask & FAN_ONDIR)) { in copy_info_records_to_user()
756 * With group flag FAN_REPORT_NAME, if name was not in copy_info_records_to_user()
763 } else if ((event->mask & ALL_FSNOTIFY_DIRENT_EVENTS) || in copy_info_records_to_user()
764 (event->mask & FAN_ONDIR)) { in copy_info_records_to_user()
766 * With group flag FAN_REPORT_DIR_FID, a single info in copy_info_records_to_user()
773 * With group flags FAN_REPORT_DIR_FID|FAN_REPORT_FID, in copy_info_records_to_user()
775 * non-directory, when there is no directory to report. in copy_info_records_to_user()
789 count -= ret; in copy_info_records_to_user()
799 count -= ret; in copy_info_records_to_user()
803 if (fanotify_is_error_event(event->mask)) { in copy_info_records_to_user()
808 count -= ret; in copy_info_records_to_user()
817 count -= ret; in copy_info_records_to_user()
821 if (fanotify_is_mnt_event(event->mask)) { in copy_info_records_to_user()
826 count -= ret; in copy_info_records_to_user()
833 static ssize_t copy_event_to_user(struct fsnotify_group *group, in copy_event_to_user() argument
840 unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES); in copy_event_to_user()
843 int ret, pidfd = -ESRCH, fd = -EBADF; in copy_event_to_user()
845 pr_debug("%s: group=%p event=%p\n", __func__, group, event); in copy_event_to_user()
851 metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS; in copy_event_to_user()
852 metadata.pid = pid_vnr(event->pid); in copy_event_to_user()
854 * For an unprivileged listener, event->pid can be used to identify the in copy_event_to_user()
858 if (FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) && in copy_event_to_user()
859 task_tgid(current) != event->pid) in copy_event_to_user()
868 if (!FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) && in copy_event_to_user()
869 path && path->mnt && path->dentry) { in copy_event_to_user()
870 fd = create_fd(group, path, &f); in copy_event_to_user()
878 * For a group with FAN_REPORT_FD_ERROR, we will send the in copy_event_to_user()
886 path->dentry, fd); in copy_event_to_user()
887 if (!FAN_GROUP_FLAG(group, FAN_REPORT_FD_ERROR)) { in copy_event_to_user()
894 if (fd == -EOPENSTALE) in copy_event_to_user()
900 if (FAN_GROUP_FLAG(group, FAN_REPORT_FD_ERROR)) in copy_event_to_user()
910 * creation of pidfds for thread-group leaders. in copy_event_to_user()
912 WARN_ON_ONCE(FAN_GROUP_FLAG(group, FAN_REPORT_TID)); in copy_event_to_user()
915 * The PIDTYPE_TGID check for an event->pid is performed in copy_event_to_user()
919 * report either -ESRCH or FAN_NOPIDFD to the event listener in in copy_event_to_user()
923 if (metadata.pid && pid_has_task(event->pid, PIDTYPE_TGID)) in copy_event_to_user()
924 pidfd = pidfd_prepare(event->pid, 0, &pidfd_file); in copy_event_to_user()
926 if (!FAN_GROUP_FLAG(group, FAN_REPORT_FD_ERROR) && pidfd < 0) in copy_event_to_user()
927 pidfd = pidfd == -ESRCH ? FAN_NOPIDFD : FAN_EPIDFD; in copy_event_to_user()
930 ret = -EFAULT; in copy_event_to_user()
942 count -= FAN_EVENT_METADATA_LEN; in copy_event_to_user()
955 if (fanotify_is_perm_event(event->mask)) in copy_event_to_user()
956 FANOTIFY_PERM(event)->fd = fd; in copy_event_to_user()
977 struct fsnotify_group *group = file->private_data; in fanotify_poll() local
980 poll_wait(file, &group->notification_waitq, wait); in fanotify_poll()
981 spin_lock(&group->notification_lock); in fanotify_poll()
982 if (!fsnotify_notify_queue_is_empty(group)) in fanotify_poll()
984 spin_unlock(&group->notification_lock); in fanotify_poll()
992 struct fsnotify_group *group; in fanotify_read() local
999 group = file->private_data; in fanotify_read()
1001 pr_debug("%s: group=%p\n", __func__, group); in fanotify_read()
1003 add_wait_queue(&group->notification_waitq, &wait); in fanotify_read()
1010 event = get_one_event(group, count); in fanotify_read()
1017 ret = -EAGAIN; in fanotify_read()
1018 if (file->f_flags & O_NONBLOCK) in fanotify_read()
1021 ret = -ERESTARTSYS; in fanotify_read()
1032 ret = copy_event_to_user(group, event, buf, count); in fanotify_read()
1038 if (!fanotify_is_perm_event(event->mask)) { in fanotify_read()
1039 fsnotify_destroy_event(group, &event->fse); in fanotify_read()
1041 if (ret <= 0 || FANOTIFY_PERM(event)->fd < 0) { in fanotify_read()
1042 spin_lock(&group->notification_lock); in fanotify_read()
1043 finish_permission_event(group, in fanotify_read()
1045 wake_up(&group->fanotify_data.access_waitq); in fanotify_read()
1047 spin_lock(&group->notification_lock); in fanotify_read()
1048 list_add_tail(&event->fse.list, in fanotify_read()
1049 &group->fanotify_data.access_list); in fanotify_read()
1050 FANOTIFY_PERM(event)->recv_pid = current->pid; in fanotify_read()
1051 spin_unlock(&group->notification_lock); in fanotify_read()
1057 count -= ret; in fanotify_read()
1059 remove_wait_queue(&group->notification_waitq, &wait); in fanotify_read()
1061 if (start != buf && ret != -EFAULT) in fanotify_read()
1062 ret = buf - start; in fanotify_read()
1069 struct fsnotify_group *group; in fanotify_write() local
1075 return -EINVAL; in fanotify_write()
1077 group = file->private_data; in fanotify_write()
1079 pr_debug("%s: group=%p count=%zu\n", __func__, group, count); in fanotify_write()
1082 return -EINVAL; in fanotify_write()
1085 return -EFAULT; in fanotify_write()
1087 info_len = count - sizeof(response); in fanotify_write()
1089 ret = process_access_response(group, &response, info_buf, info_len); in fanotify_write()
1100 struct fsnotify_group *group = file->private_data; in fanotify_release() local
1108 fsnotify_group_stop_queueing(group); in fanotify_release()
1110 fanotify_perm_watchdog_group_remove(group); in fanotify_release()
1116 spin_lock(&group->notification_lock); in fanotify_release()
1117 while (!list_empty(&group->fanotify_data.access_list)) { in fanotify_release()
1120 event = list_first_entry(&group->fanotify_data.access_list, in fanotify_release()
1122 list_del_init(&event->fae.fse.list); in fanotify_release()
1123 finish_permission_event(group, event, FAN_ALLOW, NULL); in fanotify_release()
1124 spin_lock(&group->notification_lock); in fanotify_release()
1128 * Destroy all non-permission events. For permission events just in fanotify_release()
1132 while ((fsn_event = fsnotify_remove_first_event(group))) { in fanotify_release()
1135 if (!(event->mask & FANOTIFY_PERM_EVENTS)) { in fanotify_release()
1136 spin_unlock(&group->notification_lock); in fanotify_release()
1137 fsnotify_destroy_event(group, fsn_event); in fanotify_release()
1139 finish_permission_event(group, FANOTIFY_PERM(event), in fanotify_release()
1142 spin_lock(&group->notification_lock); in fanotify_release()
1144 spin_unlock(&group->notification_lock); in fanotify_release()
1147 wake_up(&group->fanotify_data.access_waitq); in fanotify_release()
1149 /* matches the fanotify_init->fsnotify_alloc_group */ in fanotify_release()
1150 fsnotify_destroy_group(group); in fanotify_release()
1157 struct fsnotify_group *group; in fanotify_ioctl() local
1160 int ret = -ENOTTY; in fanotify_ioctl()
1163 group = file->private_data; in fanotify_ioctl()
1169 spin_lock(&group->notification_lock); in fanotify_ioctl()
1170 list_for_each_entry(fsn_event, &group->notification_list, list) in fanotify_ioctl()
1172 spin_unlock(&group->notification_lock); in fanotify_ioctl()
1205 return -EBADF; in fanotify_find_path()
1208 !(S_ISDIR(file_inode(fd_file(f))->i_mode))) in fanotify_find_path()
1209 return -ENOTDIR; in fanotify_find_path()
1211 *path = fd_file(f)->f_path; in fanotify_find_path()
1249 spin_lock(&fsn_mark->lock); in fanotify_mark_remove_from_mask()
1252 fsn_mark->mask &= ~mask; in fanotify_mark_remove_from_mask()
1254 fsn_mark->ignore_mask &= ~mask; in fanotify_mark_remove_from_mask()
1263 *destroy = !((fsn_mark->mask | fsn_mark->ignore_mask) & ~umask); in fanotify_mark_remove_from_mask()
1264 spin_unlock(&fsn_mark->lock); in fanotify_mark_remove_from_mask()
1269 static int fanotify_remove_mark(struct fsnotify_group *group, in fanotify_remove_mark() argument
1277 fsnotify_group_lock(group); in fanotify_remove_mark()
1278 fsn_mark = fsnotify_find_mark(obj, obj_type, group); in fanotify_remove_mark()
1280 fsnotify_group_unlock(group); in fanotify_remove_mark()
1281 return -ENOENT; in fanotify_remove_mark()
1286 if (removed & fsnotify_conn_mask(fsn_mark->connector)) in fanotify_remove_mark()
1287 fsnotify_recalc_mask(fsn_mark->connector); in fanotify_remove_mark()
1290 fsnotify_group_unlock(group); in fanotify_remove_mark()
1313 fsn_mark->flags |= FSNOTIFY_MARK_FLAG_HAS_IGNORE_FLAGS; in fanotify_mark_update_flags()
1321 !(fsn_mark->flags & FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY)) { in fanotify_mark_update_flags()
1322 fsn_mark->flags |= FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY; in fanotify_mark_update_flags()
1323 if (!(fsn_mark->mask & FS_MODIFY)) in fanotify_mark_update_flags()
1327 if (fsn_mark->connector->type != FSNOTIFY_OBJ_TYPE_INODE || in fanotify_mark_update_flags()
1328 want_iref == !(fsn_mark->flags & FSNOTIFY_MARK_FLAG_NO_IREF)) in fanotify_mark_update_flags()
1336 fsn_mark->flags &= ~FSNOTIFY_MARK_FLAG_NO_IREF; in fanotify_mark_update_flags()
1346 spin_lock(&fsn_mark->lock); in fanotify_mark_add_to_mask()
1348 fsn_mark->mask |= mask; in fanotify_mark_add_to_mask()
1350 fsn_mark->ignore_mask |= mask; in fanotify_mark_add_to_mask()
1353 ~fsnotify_conn_mask(fsn_mark->connector); in fanotify_mark_add_to_mask()
1356 spin_unlock(&fsn_mark->lock); in fanotify_mark_add_to_mask()
1367 static int fanotify_set_mark_fsid(struct fsnotify_group *group, in fanotify_set_mark_fsid() argument
1375 FANOTIFY_MARK(mark)->fsid = fsid->id; in fanotify_set_mark_fsid()
1376 mark->flags |= FSNOTIFY_MARK_FLAG_HAS_FSID; in fanotify_set_mark_fsid()
1377 if (fsid->weak) in fanotify_set_mark_fsid()
1378 mark->flags |= FSNOTIFY_MARK_FLAG_WEAK_FSID; in fanotify_set_mark_fsid()
1380 /* First mark added will determine if group is single or multi fsid */ in fanotify_set_mark_fsid()
1381 if (list_empty(&group->marks_list)) in fanotify_set_mark_fsid()
1385 list_for_each_entry(old, &group->marks_list, g_list) { in fanotify_set_mark_fsid()
1386 conn = READ_ONCE(old->connector); in fanotify_set_mark_fsid()
1399 if ((mark->flags ^ old->flags) & FSNOTIFY_MARK_FLAG_WEAK_FSID) in fanotify_set_mark_fsid()
1400 return -EXDEV; in fanotify_set_mark_fsid()
1403 if (!fsid->weak) in fanotify_set_mark_fsid()
1407 if (old_sb != fsid->sb) in fanotify_set_mark_fsid()
1408 return -EXDEV; in fanotify_set_mark_fsid()
1410 /* Do not allow mixing marks from different btrfs sub-volumes */ in fanotify_set_mark_fsid()
1411 if (!fanotify_fsid_equal(&FANOTIFY_MARK(old)->fsid, in fanotify_set_mark_fsid()
1412 &FANOTIFY_MARK(mark)->fsid)) in fanotify_set_mark_fsid()
1413 return -EXDEV; in fanotify_set_mark_fsid()
1418 static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group, in fanotify_add_new_mark() argument
1424 struct ucounts *ucounts = group->fanotify_data.ucounts; in fanotify_add_new_mark()
1431 * A group with FAN_UNLIMITED_MARKS does not contribute to mark count in fanotify_add_new_mark()
1435 if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS) && in fanotify_add_new_mark()
1436 !inc_ucount(ucounts->ns, ucounts->uid, UCOUNT_FANOTIFY_MARKS)) in fanotify_add_new_mark()
1437 return ERR_PTR(-ENOSPC); in fanotify_add_new_mark()
1441 ret = -ENOMEM; in fanotify_add_new_mark()
1445 mark = &fan_mark->fsn_mark; in fanotify_add_new_mark()
1446 fsnotify_init_mark(mark, group); in fanotify_add_new_mark()
1448 mark->flags |= FSNOTIFY_MARK_FLAG_NO_IREF; in fanotify_add_new_mark()
1452 ret = fanotify_set_mark_fsid(group, mark, fsid); in fanotify_add_new_mark()
1456 fan_mark->fsid.val[0] = fan_mark->fsid.val[1] = 0; in fanotify_add_new_mark()
1468 if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS)) in fanotify_add_new_mark()
1473 static int fanotify_group_init_error_pool(struct fsnotify_group *group) in fanotify_group_init_error_pool() argument
1475 if (mempool_initialized(&group->fanotify_data.error_events_pool)) in fanotify_group_init_error_pool()
1478 return mempool_init_kmalloc_pool(&group->fanotify_data.error_events_pool, in fanotify_group_init_error_pool()
1490 !(fsn_mark->flags & FSNOTIFY_MARK_FLAG_NO_IREF)) in fanotify_may_update_existing_mark()
1491 return -EEXIST; in fanotify_may_update_existing_mark()
1497 fsn_mark->flags & FSNOTIFY_MARK_FLAG_HAS_IGNORE_FLAGS) in fanotify_may_update_existing_mark()
1498 return -EEXIST; in fanotify_may_update_existing_mark()
1508 fsn_mark->flags & FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY) in fanotify_may_update_existing_mark()
1509 return -EEXIST; in fanotify_may_update_existing_mark()
1511 /* For now pre-content events are not generated for directories */ in fanotify_may_update_existing_mark()
1512 mask |= fsn_mark->mask; in fanotify_may_update_existing_mark()
1514 return -EEXIST; in fanotify_may_update_existing_mark()
1519 static int fanotify_add_mark(struct fsnotify_group *group, in fanotify_add_mark() argument
1528 fsnotify_group_lock(group); in fanotify_add_mark()
1529 fsn_mark = fsnotify_find_mark(obj, obj_type, group); in fanotify_add_mark()
1531 fsn_mark = fanotify_add_new_mark(group, obj, obj_type, in fanotify_add_mark()
1534 fsnotify_group_unlock(group); in fanotify_add_mark()
1547 * Error events are pre-allocated per group, only if strictly in fanotify_add_mark()
1552 ret = fanotify_group_init_error_pool(group); in fanotify_add_mark()
1559 fsnotify_recalc_mask(fsn_mark->connector); in fanotify_add_mark()
1562 fsnotify_group_unlock(group); in fanotify_add_mark()
1567 fanotify_perm_watchdog_group_add(group); in fanotify_add_mark()
1581 oevent->type = FANOTIFY_EVENT_TYPE_OVERFLOW; in fanotify_alloc_overflow_event()
1583 return &oevent->fse; in fanotify_alloc_overflow_event()
1604 struct fsnotify_group *group; in SYSCALL_DEFINE2() local
1616 * An unprivileged user can setup an fanotify group with in SYSCALL_DEFINE2()
1617 * limited functionality - an unprivileged group is limited to in SYSCALL_DEFINE2()
1623 return -EPERM; in SYSCALL_DEFINE2()
1626 * Setting the internal flag FANOTIFY_UNPRIV on the group in SYSCALL_DEFINE2()
1627 * prevents setting mount/filesystem marks on this group and in SYSCALL_DEFINE2()
1638 return -EINVAL; in SYSCALL_DEFINE2()
1641 * A pidfd can only be returned for a thread-group leader; thus in SYSCALL_DEFINE2()
1646 return -EINVAL; in SYSCALL_DEFINE2()
1651 return -EINVAL; in SYSCALL_DEFINE2()
1653 return -EINVAL; in SYSCALL_DEFINE2()
1657 return -EINVAL; in SYSCALL_DEFINE2()
1664 default: in SYSCALL_DEFINE2()
1665 return -EINVAL; in SYSCALL_DEFINE2()
1669 return -EINVAL; in SYSCALL_DEFINE2()
1676 return -EINVAL; in SYSCALL_DEFINE2()
1685 return -EINVAL; in SYSCALL_DEFINE2()
1694 group = fsnotify_alloc_group(&fanotify_fsnotify_ops, in SYSCALL_DEFINE2()
1696 if (IS_ERR(group)) { in SYSCALL_DEFINE2()
1697 return PTR_ERR(group); in SYSCALL_DEFINE2()
1701 group->fanotify_data.ucounts = inc_ucount(user_ns, current_euid(), in SYSCALL_DEFINE2()
1703 if (!group->fanotify_data.ucounts) { in SYSCALL_DEFINE2()
1704 fd = -EMFILE; in SYSCALL_DEFINE2()
1708 group->fanotify_data.flags = flags | internal_flags; in SYSCALL_DEFINE2()
1709 group->memcg = get_mem_cgroup_from_mm(current->mm); in SYSCALL_DEFINE2()
1710 group->user_ns = get_user_ns(user_ns); in SYSCALL_DEFINE2()
1712 group->fanotify_data.merge_hash = fanotify_alloc_merge_hash(); in SYSCALL_DEFINE2()
1713 if (!group->fanotify_data.merge_hash) { in SYSCALL_DEFINE2()
1714 fd = -ENOMEM; in SYSCALL_DEFINE2()
1718 group->overflow_event = fanotify_alloc_overflow_event(); in SYSCALL_DEFINE2()
1719 if (unlikely(!group->overflow_event)) { in SYSCALL_DEFINE2()
1720 fd = -ENOMEM; in SYSCALL_DEFINE2()
1726 group->fanotify_data.f_flags = event_f_flags; in SYSCALL_DEFINE2()
1727 init_waitqueue_head(&group->fanotify_data.access_waitq); in SYSCALL_DEFINE2()
1728 INIT_LIST_HEAD(&group->fanotify_data.access_list); in SYSCALL_DEFINE2()
1729 INIT_LIST_HEAD(&group->fanotify_data.perm_grp_list); in SYSCALL_DEFINE2()
1732 group->priority = FSNOTIFY_PRIO_NORMAL; in SYSCALL_DEFINE2()
1735 group->priority = FSNOTIFY_PRIO_CONTENT; in SYSCALL_DEFINE2()
1738 group->priority = FSNOTIFY_PRIO_PRE_CONTENT; in SYSCALL_DEFINE2()
1740 default: in SYSCALL_DEFINE2()
1741 fd = -EINVAL; in SYSCALL_DEFINE2()
1747 group->max_events = UINT_MAX; in SYSCALL_DEFINE2()
1749 group->max_events = fanotify_max_queued_events; in SYSCALL_DEFINE2()
1753 fd = -EPERM; in SYSCALL_DEFINE2()
1762 file = anon_inode_getfile_fmode("[fanotify]", &fanotify_fops, group, in SYSCALL_DEFINE2()
1773 fsnotify_destroy_group(group); in SYSCALL_DEFINE2()
1787 err = vfs_get_fsid(dentry, &fsid->id); in fanotify_test_fsid()
1791 fsid->sb = dentry->d_sb; in fanotify_test_fsid()
1792 if (!fsid->id.val[0] && !fsid->id.val[1]) { in fanotify_test_fsid()
1793 err = -ENODEV; in fanotify_test_fsid()
1801 err = vfs_get_fsid(dentry->d_sb->s_root, &root_fsid); in fanotify_test_fsid()
1805 if (!fanotify_fsid_equal(&root_fsid, &fsid->id)) { in fanotify_test_fsid()
1806 err = -EXDEV; in fanotify_test_fsid()
1810 fsid->weak = false; in fanotify_test_fsid()
1815 fsid->weak = true; in fanotify_test_fsid()
1823 const struct export_operations *nop = dentry->d_sb->s_export_op; in fanotify_test_fid()
1831 return -EOPNOTSUPP; in fanotify_test_fid()
1839 return -EOPNOTSUPP; in fanotify_test_fid()
1844 static int fanotify_events_supported(struct fsnotify_group *group, in fanotify_events_supported() argument
1849 bool is_dir = d_is_dir(path->dentry); in fanotify_events_supported()
1850 /* Strict validation of events in non-dir inode mask with v5.17+ APIs */ in fanotify_events_supported()
1851 bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) || in fanotify_events_supported()
1856 * Filesystems need to opt-into pre-content evnets (a.k.a HSM) in fanotify_events_supported()
1860 if (!(path->mnt->mnt_sb->s_iflags & SB_I_ALLOW_HSM)) in fanotify_events_supported()
1861 return -EOPNOTSUPP; in fanotify_events_supported()
1862 if (!is_dir && !d_is_reg(path->dentry)) in fanotify_events_supported()
1863 return -EINVAL; in fanotify_events_supported()
1869 * deadlocking the system - open done when reporting fanotify event in fanotify_events_supported()
1875 path->mnt->mnt_sb->s_type->fs_flags & FS_DISALLOW_NOTIFY_PERM) in fanotify_events_supported()
1876 return -EINVAL; in fanotify_events_supported()
1889 path->mnt->mnt_sb->s_flags & SB_NOUSER) in fanotify_events_supported()
1890 return -EINVAL; in fanotify_events_supported()
1894 * flags FAN_ONDIR and FAN_EVENT_ON_CHILD in mask of non-dir inode, in fanotify_events_supported()
1899 return -ENOTDIR; in fanotify_events_supported()
1908 struct fsnotify_group *group; in do_fanotify_mark() local
1927 return -EINVAL; in do_fanotify_mark()
1930 return -EINVAL; in do_fanotify_mark()
1945 default: in do_fanotify_mark()
1946 return -EINVAL; in do_fanotify_mark()
1953 return -EINVAL; in do_fanotify_mark()
1957 return -EINVAL; in do_fanotify_mark()
1959 default: in do_fanotify_mark()
1960 return -EINVAL; in do_fanotify_mark()
1967 return -EINVAL; in do_fanotify_mark()
1972 return -EINVAL; in do_fanotify_mark()
1985 return -EBADF; in do_fanotify_mark()
1988 if (unlikely(fd_file(f)->f_op != &fanotify_fops)) in do_fanotify_mark()
1989 return -EINVAL; in do_fanotify_mark()
1990 group = fd_file(f)->private_data; in do_fanotify_mark()
1993 if (FAN_GROUP_FLAG(group, FAN_REPORT_MNT)) { in do_fanotify_mark()
1995 return -EINVAL; in do_fanotify_mark()
1997 return -EINVAL; in do_fanotify_mark()
2000 return -EINVAL; in do_fanotify_mark()
2002 return -EINVAL; in do_fanotify_mark()
2007 * capable in the user ns where the group was created. in do_fanotify_mark()
2009 if (!ns_capable(group->user_ns, CAP_SYS_ADMIN) && in do_fanotify_mark()
2011 return -EPERM; in do_fanotify_mark()
2015 * Pre-content permission events are not allowed for FAN_CLASS_CONTENT. in do_fanotify_mark()
2018 group->priority == FSNOTIFY_PRIO_NORMAL) in do_fanotify_mark()
2019 return -EINVAL; in do_fanotify_mark()
2021 group->priority == FSNOTIFY_PRIO_CONTENT) in do_fanotify_mark()
2022 return -EINVAL; in do_fanotify_mark()
2026 return -EINVAL; in do_fanotify_mark()
2034 return -EINVAL; in do_fanotify_mark()
2038 * event->fd require a group that supports reporting fid. Those in do_fanotify_mark()
2043 fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS); in do_fanotify_mark()
2046 return -EINVAL; in do_fanotify_mark()
2054 return -EINVAL; in do_fanotify_mark()
2056 /* Pre-content events are not currently generated for directories. */ in do_fanotify_mark()
2058 return -EINVAL; in do_fanotify_mark()
2061 fsnotify_clear_marks_by_group(group, obj_type); in do_fanotify_mark()
2071 ret = fanotify_events_supported(group, &path, mask, flags); in do_fanotify_mark()
2089 * In addition to being capable in the user ns where group was created, in do_fanotify_mark()
2095 inode = path.dentry->d_inode; in do_fanotify_mark()
2098 user_ns = path.mnt->mnt_sb->s_user_ns; in do_fanotify_mark()
2101 user_ns = path.mnt->mnt_sb->s_user_ns; in do_fanotify_mark()
2102 obj = path.mnt->mnt_sb; in do_fanotify_mark()
2104 ret = -EINVAL; in do_fanotify_mark()
2108 user_ns = mntns->user_ns; in do_fanotify_mark()
2112 ret = -EPERM; in do_fanotify_mark()
2116 ret = -EINVAL; in do_fanotify_mark()
2127 ret = !inode ? -EINVAL : -EISDIR; in do_fanotify_mark()
2130 (!inode || S_ISDIR(inode->i_mode))) in do_fanotify_mark()
2138 /* Mask out FAN_EVENT_ON_CHILD flag for sb/mount/non-dir marks */ in do_fanotify_mark()
2139 if (!inode || !S_ISDIR(inode->i_mode)) { in do_fanotify_mark()
2143 * If group needs to report parent fid, register for getting in do_fanotify_mark()
2144 * events with parent/name info for non-directory. in do_fanotify_mark()
2154 ret = fanotify_add_mark(group, obj, obj_type, mask, flags, in do_fanotify_mark()
2158 ret = fanotify_remove_mark(group, obj, obj_type, mask, flags, in do_fanotify_mark()
2161 default: in do_fanotify_mark()
2162 ret = -EINVAL; in do_fanotify_mark()
2191 * fanotify_user_setup - Our initialization function. Note that we cannot return
2192 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
2207 max_marks = (((si.totalram - si.totalhigh) / 100) << PAGE_SHIFT) / in fanotify_user_setup()