1 #include "audit.h" 2 #include <linux/inotify.h> 3 #include <linux/namei.h> 4 #include <linux/mount.h> 5 #include <linux/kthread.h> 6 7 struct audit_tree; 8 struct audit_chunk; 9 10 struct audit_tree { 11 atomic_t count; 12 int goner; 13 struct audit_chunk *root; 14 struct list_head chunks; 15 struct list_head rules; 16 struct list_head list; 17 struct list_head same_root; 18 struct rcu_head head; 19 char pathname[]; 20 }; 21 22 struct audit_chunk { 23 struct list_head hash; 24 struct inotify_watch watch; 25 struct list_head trees; /* with root here */ 26 int dead; 27 int count; 28 atomic_long_t refs; 29 struct rcu_head head; 30 struct node { 31 struct list_head list; 32 struct audit_tree *owner; 33 unsigned index; /* index; upper bit indicates 'will prune' */ 34 } owners[]; 35 }; 36 37 static LIST_HEAD(tree_list); 38 static LIST_HEAD(prune_list); 39 40 /* 41 * One struct chunk is attached to each inode of interest. 42 * We replace struct chunk on tagging/untagging. 43 * Rules have pointer to struct audit_tree. 44 * Rules have struct list_head rlist forming a list of rules over 45 * the same tree. 46 * References to struct chunk are collected at audit_inode{,_child}() 47 * time and used in AUDIT_TREE rule matching. 48 * These references are dropped at the same time we are calling 49 * audit_free_names(), etc. 50 * 51 * Cyclic lists galore: 52 * tree.chunks anchors chunk.owners[].list hash_lock 53 * tree.rules anchors rule.rlist audit_filter_mutex 54 * chunk.trees anchors tree.same_root hash_lock 55 * chunk.hash is a hash with middle bits of watch.inode as 56 * a hash function. RCU, hash_lock 57 * 58 * tree is refcounted; one reference for "some rules on rules_list refer to 59 * it", one for each chunk with pointer to it. 60 * 61 * chunk is refcounted by embedded inotify_watch + .refs (non-zero refcount 62 * of watch contributes 1 to .refs). 63 * 64 * node.index allows to get from node.list to containing chunk. 65 * MSB of that sucker is stolen to mark taggings that we might have to 66 * revert - several operations have very unpleasant cleanup logics and 67 * that makes a difference. Some. 68 */ 69 70 static struct inotify_handle *rtree_ih; 71 72 static struct audit_tree *alloc_tree(const char *s) 73 { 74 struct audit_tree *tree; 75 76 tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL); 77 if (tree) { 78 atomic_set(&tree->count, 1); 79 tree->goner = 0; 80 INIT_LIST_HEAD(&tree->chunks); 81 INIT_LIST_HEAD(&tree->rules); 82 INIT_LIST_HEAD(&tree->list); 83 INIT_LIST_HEAD(&tree->same_root); 84 tree->root = NULL; 85 strcpy(tree->pathname, s); 86 } 87 return tree; 88 } 89 90 static inline void get_tree(struct audit_tree *tree) 91 { 92 atomic_inc(&tree->count); 93 } 94 95 static void __put_tree(struct rcu_head *rcu) 96 { 97 struct audit_tree *tree = container_of(rcu, struct audit_tree, head); 98 kfree(tree); 99 } 100 101 static inline void put_tree(struct audit_tree *tree) 102 { 103 if (atomic_dec_and_test(&tree->count)) 104 call_rcu(&tree->head, __put_tree); 105 } 106 107 /* to avoid bringing the entire thing in audit.h */ 108 const char *audit_tree_path(struct audit_tree *tree) 109 { 110 return tree->pathname; 111 } 112 113 static struct audit_chunk *alloc_chunk(int count) 114 { 115 struct audit_chunk *chunk; 116 size_t size; 117 int i; 118 119 size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node); 120 chunk = kzalloc(size, GFP_KERNEL); 121 if (!chunk) 122 return NULL; 123 124 INIT_LIST_HEAD(&chunk->hash); 125 INIT_LIST_HEAD(&chunk->trees); 126 chunk->count = count; 127 atomic_long_set(&chunk->refs, 1); 128 for (i = 0; i < count; i++) { 129 INIT_LIST_HEAD(&chunk->owners[i].list); 130 chunk->owners[i].index = i; 131 } 132 inotify_init_watch(&chunk->watch); 133 return chunk; 134 } 135 136 static void free_chunk(struct audit_chunk *chunk) 137 { 138 int i; 139 140 for (i = 0; i < chunk->count; i++) { 141 if (chunk->owners[i].owner) 142 put_tree(chunk->owners[i].owner); 143 } 144 kfree(chunk); 145 } 146 147 void audit_put_chunk(struct audit_chunk *chunk) 148 { 149 if (atomic_long_dec_and_test(&chunk->refs)) 150 free_chunk(chunk); 151 } 152 153 static void __put_chunk(struct rcu_head *rcu) 154 { 155 struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head); 156 audit_put_chunk(chunk); 157 } 158 159 enum {HASH_SIZE = 128}; 160 static struct list_head chunk_hash_heads[HASH_SIZE]; 161 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(hash_lock); 162 163 static inline struct list_head *chunk_hash(const struct inode *inode) 164 { 165 unsigned long n = (unsigned long)inode / L1_CACHE_BYTES; 166 return chunk_hash_heads + n % HASH_SIZE; 167 } 168 169 /* hash_lock is held by caller */ 170 static void insert_hash(struct audit_chunk *chunk) 171 { 172 struct list_head *list = chunk_hash(chunk->watch.inode); 173 list_add_rcu(&chunk->hash, list); 174 } 175 176 /* called under rcu_read_lock */ 177 struct audit_chunk *audit_tree_lookup(const struct inode *inode) 178 { 179 struct list_head *list = chunk_hash(inode); 180 struct audit_chunk *p; 181 182 list_for_each_entry_rcu(p, list, hash) { 183 if (p->watch.inode == inode) { 184 atomic_long_inc(&p->refs); 185 return p; 186 } 187 } 188 return NULL; 189 } 190 191 int audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree) 192 { 193 int n; 194 for (n = 0; n < chunk->count; n++) 195 if (chunk->owners[n].owner == tree) 196 return 1; 197 return 0; 198 } 199 200 /* tagging and untagging inodes with trees */ 201 202 static struct audit_chunk *find_chunk(struct node *p) 203 { 204 int index = p->index & ~(1U<<31); 205 p -= index; 206 return container_of(p, struct audit_chunk, owners[0]); 207 } 208 209 static void untag_chunk(struct node *p) 210 { 211 struct audit_chunk *chunk = find_chunk(p); 212 struct audit_chunk *new; 213 struct audit_tree *owner; 214 int size = chunk->count - 1; 215 int i, j; 216 217 if (!pin_inotify_watch(&chunk->watch)) { 218 /* 219 * Filesystem is shutting down; all watches are getting 220 * evicted, just take it off the node list for this 221 * tree and let the eviction logics take care of the 222 * rest. 223 */ 224 owner = p->owner; 225 if (owner->root == chunk) { 226 list_del_init(&owner->same_root); 227 owner->root = NULL; 228 } 229 list_del_init(&p->list); 230 p->owner = NULL; 231 put_tree(owner); 232 return; 233 } 234 235 spin_unlock(&hash_lock); 236 237 /* 238 * pin_inotify_watch() succeeded, so the watch won't go away 239 * from under us. 240 */ 241 mutex_lock(&chunk->watch.inode->inotify_mutex); 242 if (chunk->dead) { 243 mutex_unlock(&chunk->watch.inode->inotify_mutex); 244 goto out; 245 } 246 247 owner = p->owner; 248 249 if (!size) { 250 chunk->dead = 1; 251 spin_lock(&hash_lock); 252 list_del_init(&chunk->trees); 253 if (owner->root == chunk) 254 owner->root = NULL; 255 list_del_init(&p->list); 256 list_del_rcu(&chunk->hash); 257 spin_unlock(&hash_lock); 258 inotify_evict_watch(&chunk->watch); 259 mutex_unlock(&chunk->watch.inode->inotify_mutex); 260 put_inotify_watch(&chunk->watch); 261 goto out; 262 } 263 264 new = alloc_chunk(size); 265 if (!new) 266 goto Fallback; 267 if (inotify_clone_watch(&chunk->watch, &new->watch) < 0) { 268 free_chunk(new); 269 goto Fallback; 270 } 271 272 chunk->dead = 1; 273 spin_lock(&hash_lock); 274 list_replace_init(&chunk->trees, &new->trees); 275 if (owner->root == chunk) { 276 list_del_init(&owner->same_root); 277 owner->root = NULL; 278 } 279 280 for (i = j = 0; i < size; i++, j++) { 281 struct audit_tree *s; 282 if (&chunk->owners[j] == p) { 283 list_del_init(&p->list); 284 i--; 285 continue; 286 } 287 s = chunk->owners[j].owner; 288 new->owners[i].owner = s; 289 new->owners[i].index = chunk->owners[j].index - j + i; 290 if (!s) /* result of earlier fallback */ 291 continue; 292 get_tree(s); 293 list_replace_init(&chunk->owners[i].list, &new->owners[j].list); 294 } 295 296 list_replace_rcu(&chunk->hash, &new->hash); 297 list_for_each_entry(owner, &new->trees, same_root) 298 owner->root = new; 299 spin_unlock(&hash_lock); 300 inotify_evict_watch(&chunk->watch); 301 mutex_unlock(&chunk->watch.inode->inotify_mutex); 302 put_inotify_watch(&chunk->watch); 303 goto out; 304 305 Fallback: 306 // do the best we can 307 spin_lock(&hash_lock); 308 if (owner->root == chunk) { 309 list_del_init(&owner->same_root); 310 owner->root = NULL; 311 } 312 list_del_init(&p->list); 313 p->owner = NULL; 314 put_tree(owner); 315 spin_unlock(&hash_lock); 316 mutex_unlock(&chunk->watch.inode->inotify_mutex); 317 out: 318 unpin_inotify_watch(&chunk->watch); 319 spin_lock(&hash_lock); 320 } 321 322 static int create_chunk(struct inode *inode, struct audit_tree *tree) 323 { 324 struct audit_chunk *chunk = alloc_chunk(1); 325 if (!chunk) 326 return -ENOMEM; 327 328 if (inotify_add_watch(rtree_ih, &chunk->watch, inode, IN_IGNORED | IN_DELETE_SELF) < 0) { 329 free_chunk(chunk); 330 return -ENOSPC; 331 } 332 333 mutex_lock(&inode->inotify_mutex); 334 spin_lock(&hash_lock); 335 if (tree->goner) { 336 spin_unlock(&hash_lock); 337 chunk->dead = 1; 338 inotify_evict_watch(&chunk->watch); 339 mutex_unlock(&inode->inotify_mutex); 340 put_inotify_watch(&chunk->watch); 341 return 0; 342 } 343 chunk->owners[0].index = (1U << 31); 344 chunk->owners[0].owner = tree; 345 get_tree(tree); 346 list_add(&chunk->owners[0].list, &tree->chunks); 347 if (!tree->root) { 348 tree->root = chunk; 349 list_add(&tree->same_root, &chunk->trees); 350 } 351 insert_hash(chunk); 352 spin_unlock(&hash_lock); 353 mutex_unlock(&inode->inotify_mutex); 354 return 0; 355 } 356 357 /* the first tagged inode becomes root of tree */ 358 static int tag_chunk(struct inode *inode, struct audit_tree *tree) 359 { 360 struct inotify_watch *watch; 361 struct audit_tree *owner; 362 struct audit_chunk *chunk, *old; 363 struct node *p; 364 int n; 365 366 if (inotify_find_watch(rtree_ih, inode, &watch) < 0) 367 return create_chunk(inode, tree); 368 369 old = container_of(watch, struct audit_chunk, watch); 370 371 /* are we already there? */ 372 spin_lock(&hash_lock); 373 for (n = 0; n < old->count; n++) { 374 if (old->owners[n].owner == tree) { 375 spin_unlock(&hash_lock); 376 put_inotify_watch(watch); 377 return 0; 378 } 379 } 380 spin_unlock(&hash_lock); 381 382 chunk = alloc_chunk(old->count + 1); 383 if (!chunk) 384 return -ENOMEM; 385 386 mutex_lock(&inode->inotify_mutex); 387 if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) { 388 mutex_unlock(&inode->inotify_mutex); 389 put_inotify_watch(&old->watch); 390 free_chunk(chunk); 391 return -ENOSPC; 392 } 393 spin_lock(&hash_lock); 394 if (tree->goner) { 395 spin_unlock(&hash_lock); 396 chunk->dead = 1; 397 inotify_evict_watch(&chunk->watch); 398 mutex_unlock(&inode->inotify_mutex); 399 put_inotify_watch(&old->watch); 400 put_inotify_watch(&chunk->watch); 401 return 0; 402 } 403 list_replace_init(&old->trees, &chunk->trees); 404 for (n = 0, p = chunk->owners; n < old->count; n++, p++) { 405 struct audit_tree *s = old->owners[n].owner; 406 p->owner = s; 407 p->index = old->owners[n].index; 408 if (!s) /* result of fallback in untag */ 409 continue; 410 get_tree(s); 411 list_replace_init(&old->owners[n].list, &p->list); 412 } 413 p->index = (chunk->count - 1) | (1U<<31); 414 p->owner = tree; 415 get_tree(tree); 416 list_add(&p->list, &tree->chunks); 417 list_replace_rcu(&old->hash, &chunk->hash); 418 list_for_each_entry(owner, &chunk->trees, same_root) 419 owner->root = chunk; 420 old->dead = 1; 421 if (!tree->root) { 422 tree->root = chunk; 423 list_add(&tree->same_root, &chunk->trees); 424 } 425 spin_unlock(&hash_lock); 426 inotify_evict_watch(&old->watch); 427 mutex_unlock(&inode->inotify_mutex); 428 put_inotify_watch(&old->watch); 429 return 0; 430 } 431 432 static void kill_rules(struct audit_tree *tree) 433 { 434 struct audit_krule *rule, *next; 435 struct audit_entry *entry; 436 struct audit_buffer *ab; 437 438 list_for_each_entry_safe(rule, next, &tree->rules, rlist) { 439 entry = container_of(rule, struct audit_entry, rule); 440 441 list_del_init(&rule->rlist); 442 if (rule->tree) { 443 /* not a half-baked one */ 444 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 445 audit_log_format(ab, "op="); 446 audit_log_string(ab, "remove rule"); 447 audit_log_format(ab, " dir="); 448 audit_log_untrustedstring(ab, rule->tree->pathname); 449 audit_log_key(ab, rule->filterkey); 450 audit_log_format(ab, " list=%d res=1", rule->listnr); 451 audit_log_end(ab); 452 rule->tree = NULL; 453 list_del_rcu(&entry->list); 454 list_del(&entry->rule.list); 455 call_rcu(&entry->rcu, audit_free_rule_rcu); 456 } 457 } 458 } 459 460 /* 461 * finish killing struct audit_tree 462 */ 463 static void prune_one(struct audit_tree *victim) 464 { 465 spin_lock(&hash_lock); 466 while (!list_empty(&victim->chunks)) { 467 struct node *p; 468 469 p = list_entry(victim->chunks.next, struct node, list); 470 471 untag_chunk(p); 472 } 473 spin_unlock(&hash_lock); 474 put_tree(victim); 475 } 476 477 /* trim the uncommitted chunks from tree */ 478 479 static void trim_marked(struct audit_tree *tree) 480 { 481 struct list_head *p, *q; 482 spin_lock(&hash_lock); 483 if (tree->goner) { 484 spin_unlock(&hash_lock); 485 return; 486 } 487 /* reorder */ 488 for (p = tree->chunks.next; p != &tree->chunks; p = q) { 489 struct node *node = list_entry(p, struct node, list); 490 q = p->next; 491 if (node->index & (1U<<31)) { 492 list_del_init(p); 493 list_add(p, &tree->chunks); 494 } 495 } 496 497 while (!list_empty(&tree->chunks)) { 498 struct node *node; 499 500 node = list_entry(tree->chunks.next, struct node, list); 501 502 /* have we run out of marked? */ 503 if (!(node->index & (1U<<31))) 504 break; 505 506 untag_chunk(node); 507 } 508 if (!tree->root && !tree->goner) { 509 tree->goner = 1; 510 spin_unlock(&hash_lock); 511 mutex_lock(&audit_filter_mutex); 512 kill_rules(tree); 513 list_del_init(&tree->list); 514 mutex_unlock(&audit_filter_mutex); 515 prune_one(tree); 516 } else { 517 spin_unlock(&hash_lock); 518 } 519 } 520 521 static void audit_schedule_prune(void); 522 523 /* called with audit_filter_mutex */ 524 int audit_remove_tree_rule(struct audit_krule *rule) 525 { 526 struct audit_tree *tree; 527 tree = rule->tree; 528 if (tree) { 529 spin_lock(&hash_lock); 530 list_del_init(&rule->rlist); 531 if (list_empty(&tree->rules) && !tree->goner) { 532 tree->root = NULL; 533 list_del_init(&tree->same_root); 534 tree->goner = 1; 535 list_move(&tree->list, &prune_list); 536 rule->tree = NULL; 537 spin_unlock(&hash_lock); 538 audit_schedule_prune(); 539 return 1; 540 } 541 rule->tree = NULL; 542 spin_unlock(&hash_lock); 543 return 1; 544 } 545 return 0; 546 } 547 548 void audit_trim_trees(void) 549 { 550 struct list_head cursor; 551 552 mutex_lock(&audit_filter_mutex); 553 list_add(&cursor, &tree_list); 554 while (cursor.next != &tree_list) { 555 struct audit_tree *tree; 556 struct path path; 557 struct vfsmount *root_mnt; 558 struct node *node; 559 struct list_head list; 560 int err; 561 562 tree = container_of(cursor.next, struct audit_tree, list); 563 get_tree(tree); 564 list_del(&cursor); 565 list_add(&cursor, &tree->list); 566 mutex_unlock(&audit_filter_mutex); 567 568 err = kern_path(tree->pathname, 0, &path); 569 if (err) 570 goto skip_it; 571 572 root_mnt = collect_mounts(&path); 573 path_put(&path); 574 if (!root_mnt) 575 goto skip_it; 576 577 list_add_tail(&list, &root_mnt->mnt_list); 578 spin_lock(&hash_lock); 579 list_for_each_entry(node, &tree->chunks, list) { 580 struct audit_chunk *chunk = find_chunk(node); 581 struct inode *inode = chunk->watch.inode; 582 struct vfsmount *mnt; 583 node->index |= 1U<<31; 584 list_for_each_entry(mnt, &list, mnt_list) { 585 if (mnt->mnt_root->d_inode == inode) { 586 node->index &= ~(1U<<31); 587 break; 588 } 589 } 590 } 591 spin_unlock(&hash_lock); 592 trim_marked(tree); 593 put_tree(tree); 594 list_del_init(&list); 595 drop_collected_mounts(root_mnt); 596 skip_it: 597 mutex_lock(&audit_filter_mutex); 598 } 599 list_del(&cursor); 600 mutex_unlock(&audit_filter_mutex); 601 } 602 603 static int is_under(struct vfsmount *mnt, struct dentry *dentry, 604 struct path *path) 605 { 606 if (mnt != path->mnt) { 607 for (;;) { 608 if (mnt->mnt_parent == mnt) 609 return 0; 610 if (mnt->mnt_parent == path->mnt) 611 break; 612 mnt = mnt->mnt_parent; 613 } 614 dentry = mnt->mnt_mountpoint; 615 } 616 return is_subdir(dentry, path->dentry); 617 } 618 619 int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) 620 { 621 622 if (pathname[0] != '/' || 623 rule->listnr != AUDIT_FILTER_EXIT || 624 op != Audit_equal || 625 rule->inode_f || rule->watch || rule->tree) 626 return -EINVAL; 627 rule->tree = alloc_tree(pathname); 628 if (!rule->tree) 629 return -ENOMEM; 630 return 0; 631 } 632 633 void audit_put_tree(struct audit_tree *tree) 634 { 635 put_tree(tree); 636 } 637 638 /* called with audit_filter_mutex */ 639 int audit_add_tree_rule(struct audit_krule *rule) 640 { 641 struct audit_tree *seed = rule->tree, *tree; 642 struct path path; 643 struct vfsmount *mnt, *p; 644 struct list_head list; 645 int err; 646 647 list_for_each_entry(tree, &tree_list, list) { 648 if (!strcmp(seed->pathname, tree->pathname)) { 649 put_tree(seed); 650 rule->tree = tree; 651 list_add(&rule->rlist, &tree->rules); 652 return 0; 653 } 654 } 655 tree = seed; 656 list_add(&tree->list, &tree_list); 657 list_add(&rule->rlist, &tree->rules); 658 /* do not set rule->tree yet */ 659 mutex_unlock(&audit_filter_mutex); 660 661 err = kern_path(tree->pathname, 0, &path); 662 if (err) 663 goto Err; 664 mnt = collect_mounts(&path); 665 path_put(&path); 666 if (!mnt) { 667 err = -ENOMEM; 668 goto Err; 669 } 670 list_add_tail(&list, &mnt->mnt_list); 671 672 get_tree(tree); 673 list_for_each_entry(p, &list, mnt_list) { 674 err = tag_chunk(p->mnt_root->d_inode, tree); 675 if (err) 676 break; 677 } 678 679 list_del(&list); 680 drop_collected_mounts(mnt); 681 682 if (!err) { 683 struct node *node; 684 spin_lock(&hash_lock); 685 list_for_each_entry(node, &tree->chunks, list) 686 node->index &= ~(1U<<31); 687 spin_unlock(&hash_lock); 688 } else { 689 trim_marked(tree); 690 goto Err; 691 } 692 693 mutex_lock(&audit_filter_mutex); 694 if (list_empty(&rule->rlist)) { 695 put_tree(tree); 696 return -ENOENT; 697 } 698 rule->tree = tree; 699 put_tree(tree); 700 701 return 0; 702 Err: 703 mutex_lock(&audit_filter_mutex); 704 list_del_init(&tree->list); 705 list_del_init(&tree->rules); 706 put_tree(tree); 707 return err; 708 } 709 710 int audit_tag_tree(char *old, char *new) 711 { 712 struct list_head cursor, barrier; 713 int failed = 0; 714 struct path path; 715 struct vfsmount *tagged; 716 struct list_head list; 717 struct vfsmount *mnt; 718 struct dentry *dentry; 719 int err; 720 721 err = kern_path(new, 0, &path); 722 if (err) 723 return err; 724 tagged = collect_mounts(&path); 725 path_put(&path); 726 if (!tagged) 727 return -ENOMEM; 728 729 err = kern_path(old, 0, &path); 730 if (err) { 731 drop_collected_mounts(tagged); 732 return err; 733 } 734 mnt = mntget(path.mnt); 735 dentry = dget(path.dentry); 736 path_put(&path); 737 738 list_add_tail(&list, &tagged->mnt_list); 739 740 mutex_lock(&audit_filter_mutex); 741 list_add(&barrier, &tree_list); 742 list_add(&cursor, &barrier); 743 744 while (cursor.next != &tree_list) { 745 struct audit_tree *tree; 746 struct vfsmount *p; 747 748 tree = container_of(cursor.next, struct audit_tree, list); 749 get_tree(tree); 750 list_del(&cursor); 751 list_add(&cursor, &tree->list); 752 mutex_unlock(&audit_filter_mutex); 753 754 err = kern_path(tree->pathname, 0, &path); 755 if (err) { 756 put_tree(tree); 757 mutex_lock(&audit_filter_mutex); 758 continue; 759 } 760 761 spin_lock(&vfsmount_lock); 762 if (!is_under(mnt, dentry, &path)) { 763 spin_unlock(&vfsmount_lock); 764 path_put(&path); 765 put_tree(tree); 766 mutex_lock(&audit_filter_mutex); 767 continue; 768 } 769 spin_unlock(&vfsmount_lock); 770 path_put(&path); 771 772 list_for_each_entry(p, &list, mnt_list) { 773 failed = tag_chunk(p->mnt_root->d_inode, tree); 774 if (failed) 775 break; 776 } 777 778 if (failed) { 779 put_tree(tree); 780 mutex_lock(&audit_filter_mutex); 781 break; 782 } 783 784 mutex_lock(&audit_filter_mutex); 785 spin_lock(&hash_lock); 786 if (!tree->goner) { 787 list_del(&tree->list); 788 list_add(&tree->list, &tree_list); 789 } 790 spin_unlock(&hash_lock); 791 put_tree(tree); 792 } 793 794 while (barrier.prev != &tree_list) { 795 struct audit_tree *tree; 796 797 tree = container_of(barrier.prev, struct audit_tree, list); 798 get_tree(tree); 799 list_del(&tree->list); 800 list_add(&tree->list, &barrier); 801 mutex_unlock(&audit_filter_mutex); 802 803 if (!failed) { 804 struct node *node; 805 spin_lock(&hash_lock); 806 list_for_each_entry(node, &tree->chunks, list) 807 node->index &= ~(1U<<31); 808 spin_unlock(&hash_lock); 809 } else { 810 trim_marked(tree); 811 } 812 813 put_tree(tree); 814 mutex_lock(&audit_filter_mutex); 815 } 816 list_del(&barrier); 817 list_del(&cursor); 818 list_del(&list); 819 mutex_unlock(&audit_filter_mutex); 820 dput(dentry); 821 mntput(mnt); 822 drop_collected_mounts(tagged); 823 return failed; 824 } 825 826 /* 827 * That gets run when evict_chunk() ends up needing to kill audit_tree. 828 * Runs from a separate thread. 829 */ 830 static int prune_tree_thread(void *unused) 831 { 832 mutex_lock(&audit_cmd_mutex); 833 mutex_lock(&audit_filter_mutex); 834 835 while (!list_empty(&prune_list)) { 836 struct audit_tree *victim; 837 838 victim = list_entry(prune_list.next, struct audit_tree, list); 839 list_del_init(&victim->list); 840 841 mutex_unlock(&audit_filter_mutex); 842 843 prune_one(victim); 844 845 mutex_lock(&audit_filter_mutex); 846 } 847 848 mutex_unlock(&audit_filter_mutex); 849 mutex_unlock(&audit_cmd_mutex); 850 return 0; 851 } 852 853 static void audit_schedule_prune(void) 854 { 855 kthread_run(prune_tree_thread, NULL, "audit_prune_tree"); 856 } 857 858 /* 859 * ... and that one is done if evict_chunk() decides to delay until the end 860 * of syscall. Runs synchronously. 861 */ 862 void audit_kill_trees(struct list_head *list) 863 { 864 mutex_lock(&audit_cmd_mutex); 865 mutex_lock(&audit_filter_mutex); 866 867 while (!list_empty(list)) { 868 struct audit_tree *victim; 869 870 victim = list_entry(list->next, struct audit_tree, list); 871 kill_rules(victim); 872 list_del_init(&victim->list); 873 874 mutex_unlock(&audit_filter_mutex); 875 876 prune_one(victim); 877 878 mutex_lock(&audit_filter_mutex); 879 } 880 881 mutex_unlock(&audit_filter_mutex); 882 mutex_unlock(&audit_cmd_mutex); 883 } 884 885 /* 886 * Here comes the stuff asynchronous to auditctl operations 887 */ 888 889 /* inode->inotify_mutex is locked */ 890 static void evict_chunk(struct audit_chunk *chunk) 891 { 892 struct audit_tree *owner; 893 struct list_head *postponed = audit_killed_trees(); 894 int need_prune = 0; 895 int n; 896 897 if (chunk->dead) 898 return; 899 900 chunk->dead = 1; 901 mutex_lock(&audit_filter_mutex); 902 spin_lock(&hash_lock); 903 while (!list_empty(&chunk->trees)) { 904 owner = list_entry(chunk->trees.next, 905 struct audit_tree, same_root); 906 owner->goner = 1; 907 owner->root = NULL; 908 list_del_init(&owner->same_root); 909 spin_unlock(&hash_lock); 910 if (!postponed) { 911 kill_rules(owner); 912 list_move(&owner->list, &prune_list); 913 need_prune = 1; 914 } else { 915 list_move(&owner->list, postponed); 916 } 917 spin_lock(&hash_lock); 918 } 919 list_del_rcu(&chunk->hash); 920 for (n = 0; n < chunk->count; n++) 921 list_del_init(&chunk->owners[n].list); 922 spin_unlock(&hash_lock); 923 if (need_prune) 924 audit_schedule_prune(); 925 mutex_unlock(&audit_filter_mutex); 926 } 927 928 static void handle_event(struct inotify_watch *watch, u32 wd, u32 mask, 929 u32 cookie, const char *dname, struct inode *inode) 930 { 931 struct audit_chunk *chunk = container_of(watch, struct audit_chunk, watch); 932 933 if (mask & IN_IGNORED) { 934 evict_chunk(chunk); 935 put_inotify_watch(watch); 936 } 937 } 938 939 static void destroy_watch(struct inotify_watch *watch) 940 { 941 struct audit_chunk *chunk = container_of(watch, struct audit_chunk, watch); 942 call_rcu(&chunk->head, __put_chunk); 943 } 944 945 static const struct inotify_operations rtree_inotify_ops = { 946 .handle_event = handle_event, 947 .destroy_watch = destroy_watch, 948 }; 949 950 static int __init audit_tree_init(void) 951 { 952 int i; 953 954 rtree_ih = inotify_init(&rtree_inotify_ops); 955 if (IS_ERR(rtree_ih)) 956 audit_panic("cannot initialize inotify handle for rectree watches"); 957 958 for (i = 0; i < HASH_SIZE; i++) 959 INIT_LIST_HEAD(&chunk_hash_heads[i]); 960 961 return 0; 962 } 963 __initcall(audit_tree_init); 964