1 // SPDX-License-Identifier: GPL-2.0 2 #include "audit.h" 3 #include <linux/fsnotify_backend.h> 4 #include <linux/namei.h> 5 #include <linux/mount.h> 6 #include <linux/kthread.h> 7 #include <linux/refcount.h> 8 #include <linux/slab.h> 9 10 struct audit_tree; 11 struct audit_chunk; 12 13 struct audit_tree { 14 refcount_t count; 15 int goner; 16 struct audit_chunk *root; 17 struct list_head chunks; 18 struct list_head rules; 19 struct list_head list; 20 struct list_head same_root; 21 struct rcu_head head; 22 char pathname[]; 23 }; 24 25 struct audit_chunk { 26 struct list_head hash; 27 struct fsnotify_mark mark; 28 struct list_head trees; /* with root here */ 29 int dead; 30 int count; 31 atomic_long_t refs; 32 struct rcu_head head; 33 struct node { 34 struct list_head list; 35 struct audit_tree *owner; 36 unsigned index; /* index; upper bit indicates 'will prune' */ 37 } owners[]; 38 }; 39 40 static LIST_HEAD(tree_list); 41 static LIST_HEAD(prune_list); 42 static struct task_struct *prune_thread; 43 44 /* 45 * One struct chunk is attached to each inode of interest. 46 * We replace struct chunk on tagging/untagging. 47 * Rules have pointer to struct audit_tree. 48 * Rules have struct list_head rlist forming a list of rules over 49 * the same tree. 50 * References to struct chunk are collected at audit_inode{,_child}() 51 * time and used in AUDIT_TREE rule matching. 52 * These references are dropped at the same time we are calling 53 * audit_free_names(), etc. 54 * 55 * Cyclic lists galore: 56 * tree.chunks anchors chunk.owners[].list hash_lock 57 * tree.rules anchors rule.rlist audit_filter_mutex 58 * chunk.trees anchors tree.same_root hash_lock 59 * chunk.hash is a hash with middle bits of watch.inode as 60 * a hash function. RCU, hash_lock 61 * 62 * tree is refcounted; one reference for "some rules on rules_list refer to 63 * it", one for each chunk with pointer to it. 64 * 65 * chunk is refcounted by embedded fsnotify_mark + .refs (non-zero refcount 66 * of watch contributes 1 to .refs). 67 * 68 * node.index allows to get from node.list to containing chunk. 69 * MSB of that sucker is stolen to mark taggings that we might have to 70 * revert - several operations have very unpleasant cleanup logics and 71 * that makes a difference. Some. 72 */ 73 74 static struct fsnotify_group *audit_tree_group; 75 76 static struct audit_tree *alloc_tree(const char *s) 77 { 78 struct audit_tree *tree; 79 80 tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL); 81 if (tree) { 82 refcount_set(&tree->count, 1); 83 tree->goner = 0; 84 INIT_LIST_HEAD(&tree->chunks); 85 INIT_LIST_HEAD(&tree->rules); 86 INIT_LIST_HEAD(&tree->list); 87 INIT_LIST_HEAD(&tree->same_root); 88 tree->root = NULL; 89 strcpy(tree->pathname, s); 90 } 91 return tree; 92 } 93 94 static inline void get_tree(struct audit_tree *tree) 95 { 96 refcount_inc(&tree->count); 97 } 98 99 static inline void put_tree(struct audit_tree *tree) 100 { 101 if (refcount_dec_and_test(&tree->count)) 102 kfree_rcu(tree, head); 103 } 104 105 /* to avoid bringing the entire thing in audit.h */ 106 const char *audit_tree_path(struct audit_tree *tree) 107 { 108 return tree->pathname; 109 } 110 111 static void free_chunk(struct audit_chunk *chunk) 112 { 113 int i; 114 115 for (i = 0; i < chunk->count; i++) { 116 if (chunk->owners[i].owner) 117 put_tree(chunk->owners[i].owner); 118 } 119 kfree(chunk); 120 } 121 122 void audit_put_chunk(struct audit_chunk *chunk) 123 { 124 if (atomic_long_dec_and_test(&chunk->refs)) 125 free_chunk(chunk); 126 } 127 128 static void __put_chunk(struct rcu_head *rcu) 129 { 130 struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head); 131 audit_put_chunk(chunk); 132 } 133 134 static void audit_tree_destroy_watch(struct fsnotify_mark *entry) 135 { 136 struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark); 137 call_rcu(&chunk->head, __put_chunk); 138 } 139 140 static struct audit_chunk *alloc_chunk(int count) 141 { 142 struct audit_chunk *chunk; 143 size_t size; 144 int i; 145 146 size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node); 147 chunk = kzalloc(size, GFP_KERNEL); 148 if (!chunk) 149 return NULL; 150 151 INIT_LIST_HEAD(&chunk->hash); 152 INIT_LIST_HEAD(&chunk->trees); 153 chunk->count = count; 154 atomic_long_set(&chunk->refs, 1); 155 for (i = 0; i < count; i++) { 156 INIT_LIST_HEAD(&chunk->owners[i].list); 157 chunk->owners[i].index = i; 158 } 159 fsnotify_init_mark(&chunk->mark, audit_tree_group); 160 chunk->mark.mask = FS_IN_IGNORED; 161 return chunk; 162 } 163 164 enum {HASH_SIZE = 128}; 165 static struct list_head chunk_hash_heads[HASH_SIZE]; 166 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(hash_lock); 167 168 /* Function to return search key in our hash from inode. */ 169 static unsigned long inode_to_key(const struct inode *inode) 170 { 171 /* Use address pointed to by connector->obj as the key */ 172 return (unsigned long)&inode->i_fsnotify_marks; 173 } 174 175 /* 176 * Function to return search key in our hash from chunk. Key 0 is special and 177 * should never be present in the hash. 178 */ 179 static unsigned long chunk_to_key(struct audit_chunk *chunk) 180 { 181 /* 182 * We have a reference to the mark so it should be attached to a 183 * connector. 184 */ 185 if (WARN_ON_ONCE(!chunk->mark.connector)) 186 return 0; 187 return (unsigned long)chunk->mark.connector->obj; 188 } 189 190 static inline struct list_head *chunk_hash(unsigned long key) 191 { 192 unsigned long n = key / L1_CACHE_BYTES; 193 return chunk_hash_heads + n % HASH_SIZE; 194 } 195 196 /* hash_lock & entry->lock is held by caller */ 197 static void insert_hash(struct audit_chunk *chunk) 198 { 199 unsigned long key = chunk_to_key(chunk); 200 struct list_head *list; 201 202 if (!(chunk->mark.flags & FSNOTIFY_MARK_FLAG_ATTACHED)) 203 return; 204 list = chunk_hash(key); 205 list_add_rcu(&chunk->hash, list); 206 } 207 208 /* called under rcu_read_lock */ 209 struct audit_chunk *audit_tree_lookup(const struct inode *inode) 210 { 211 unsigned long key = inode_to_key(inode); 212 struct list_head *list = chunk_hash(key); 213 struct audit_chunk *p; 214 215 list_for_each_entry_rcu(p, list, hash) { 216 if (chunk_to_key(p) == key) { 217 atomic_long_inc(&p->refs); 218 return p; 219 } 220 } 221 return NULL; 222 } 223 224 bool audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree) 225 { 226 int n; 227 for (n = 0; n < chunk->count; n++) 228 if (chunk->owners[n].owner == tree) 229 return true; 230 return false; 231 } 232 233 /* tagging and untagging inodes with trees */ 234 235 static struct audit_chunk *find_chunk(struct node *p) 236 { 237 int index = p->index & ~(1U<<31); 238 p -= index; 239 return container_of(p, struct audit_chunk, owners[0]); 240 } 241 242 static void untag_chunk(struct node *p) 243 { 244 struct audit_chunk *chunk = find_chunk(p); 245 struct fsnotify_mark *entry = &chunk->mark; 246 struct audit_chunk *new = NULL; 247 struct audit_tree *owner; 248 int size = chunk->count - 1; 249 int i, j; 250 251 fsnotify_get_mark(entry); 252 253 spin_unlock(&hash_lock); 254 255 if (size) 256 new = alloc_chunk(size); 257 258 mutex_lock(&entry->group->mark_mutex); 259 spin_lock(&entry->lock); 260 /* 261 * mark_mutex protects mark from getting detached and thus also from 262 * mark->connector->obj getting NULL. 263 */ 264 if (chunk->dead || !(entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) { 265 spin_unlock(&entry->lock); 266 mutex_unlock(&entry->group->mark_mutex); 267 if (new) 268 fsnotify_put_mark(&new->mark); 269 goto out; 270 } 271 272 owner = p->owner; 273 274 if (!size) { 275 chunk->dead = 1; 276 spin_lock(&hash_lock); 277 list_del_init(&chunk->trees); 278 if (owner->root == chunk) 279 owner->root = NULL; 280 list_del_init(&p->list); 281 list_del_rcu(&chunk->hash); 282 spin_unlock(&hash_lock); 283 spin_unlock(&entry->lock); 284 mutex_unlock(&entry->group->mark_mutex); 285 fsnotify_destroy_mark(entry, audit_tree_group); 286 goto out; 287 } 288 289 if (!new) 290 goto Fallback; 291 292 if (fsnotify_add_mark_locked(&new->mark, entry->connector->obj, 293 FSNOTIFY_OBJ_TYPE_INODE, 1)) { 294 fsnotify_put_mark(&new->mark); 295 goto Fallback; 296 } 297 298 chunk->dead = 1; 299 spin_lock(&hash_lock); 300 list_replace_init(&chunk->trees, &new->trees); 301 if (owner->root == chunk) { 302 list_del_init(&owner->same_root); 303 owner->root = NULL; 304 } 305 306 for (i = j = 0; j <= size; i++, j++) { 307 struct audit_tree *s; 308 if (&chunk->owners[j] == p) { 309 list_del_init(&p->list); 310 i--; 311 continue; 312 } 313 s = chunk->owners[j].owner; 314 new->owners[i].owner = s; 315 new->owners[i].index = chunk->owners[j].index - j + i; 316 if (!s) /* result of earlier fallback */ 317 continue; 318 get_tree(s); 319 list_replace_init(&chunk->owners[j].list, &new->owners[i].list); 320 } 321 322 list_replace_rcu(&chunk->hash, &new->hash); 323 list_for_each_entry(owner, &new->trees, same_root) 324 owner->root = new; 325 spin_unlock(&hash_lock); 326 spin_unlock(&entry->lock); 327 mutex_unlock(&entry->group->mark_mutex); 328 fsnotify_destroy_mark(entry, audit_tree_group); 329 fsnotify_put_mark(&new->mark); /* drop initial reference */ 330 goto out; 331 332 Fallback: 333 // do the best we can 334 spin_lock(&hash_lock); 335 if (owner->root == chunk) { 336 list_del_init(&owner->same_root); 337 owner->root = NULL; 338 } 339 list_del_init(&p->list); 340 p->owner = NULL; 341 put_tree(owner); 342 spin_unlock(&hash_lock); 343 spin_unlock(&entry->lock); 344 mutex_unlock(&entry->group->mark_mutex); 345 out: 346 fsnotify_put_mark(entry); 347 spin_lock(&hash_lock); 348 } 349 350 static int create_chunk(struct inode *inode, struct audit_tree *tree) 351 { 352 struct fsnotify_mark *entry; 353 struct audit_chunk *chunk = alloc_chunk(1); 354 if (!chunk) 355 return -ENOMEM; 356 357 entry = &chunk->mark; 358 if (fsnotify_add_inode_mark(entry, inode, 0)) { 359 fsnotify_put_mark(entry); 360 return -ENOSPC; 361 } 362 363 spin_lock(&entry->lock); 364 spin_lock(&hash_lock); 365 if (tree->goner) { 366 spin_unlock(&hash_lock); 367 chunk->dead = 1; 368 spin_unlock(&entry->lock); 369 fsnotify_destroy_mark(entry, audit_tree_group); 370 fsnotify_put_mark(entry); 371 return 0; 372 } 373 chunk->owners[0].index = (1U << 31); 374 chunk->owners[0].owner = tree; 375 get_tree(tree); 376 list_add(&chunk->owners[0].list, &tree->chunks); 377 if (!tree->root) { 378 tree->root = chunk; 379 list_add(&tree->same_root, &chunk->trees); 380 } 381 insert_hash(chunk); 382 spin_unlock(&hash_lock); 383 spin_unlock(&entry->lock); 384 fsnotify_put_mark(entry); /* drop initial reference */ 385 return 0; 386 } 387 388 /* the first tagged inode becomes root of tree */ 389 static int tag_chunk(struct inode *inode, struct audit_tree *tree) 390 { 391 struct fsnotify_mark *old_entry, *chunk_entry; 392 struct audit_tree *owner; 393 struct audit_chunk *chunk, *old; 394 struct node *p; 395 int n; 396 397 old_entry = fsnotify_find_mark(&inode->i_fsnotify_marks, 398 audit_tree_group); 399 if (!old_entry) 400 return create_chunk(inode, tree); 401 402 old = container_of(old_entry, struct audit_chunk, mark); 403 404 /* are we already there? */ 405 spin_lock(&hash_lock); 406 for (n = 0; n < old->count; n++) { 407 if (old->owners[n].owner == tree) { 408 spin_unlock(&hash_lock); 409 fsnotify_put_mark(old_entry); 410 return 0; 411 } 412 } 413 spin_unlock(&hash_lock); 414 415 chunk = alloc_chunk(old->count + 1); 416 if (!chunk) { 417 fsnotify_put_mark(old_entry); 418 return -ENOMEM; 419 } 420 421 chunk_entry = &chunk->mark; 422 423 mutex_lock(&old_entry->group->mark_mutex); 424 spin_lock(&old_entry->lock); 425 /* 426 * mark_mutex protects mark from getting detached and thus also from 427 * mark->connector->obj getting NULL. 428 */ 429 if (!(old_entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) { 430 /* old_entry is being shot, lets just lie */ 431 spin_unlock(&old_entry->lock); 432 mutex_unlock(&old_entry->group->mark_mutex); 433 fsnotify_put_mark(old_entry); 434 fsnotify_put_mark(&chunk->mark); 435 return -ENOENT; 436 } 437 438 if (fsnotify_add_mark_locked(chunk_entry, old_entry->connector->obj, 439 FSNOTIFY_OBJ_TYPE_INODE, 1)) { 440 spin_unlock(&old_entry->lock); 441 mutex_unlock(&old_entry->group->mark_mutex); 442 fsnotify_put_mark(chunk_entry); 443 fsnotify_put_mark(old_entry); 444 return -ENOSPC; 445 } 446 447 /* even though we hold old_entry->lock, this is safe since chunk_entry->lock could NEVER have been grabbed before */ 448 spin_lock(&chunk_entry->lock); 449 spin_lock(&hash_lock); 450 451 /* we now hold old_entry->lock, chunk_entry->lock, and hash_lock */ 452 if (tree->goner) { 453 spin_unlock(&hash_lock); 454 chunk->dead = 1; 455 spin_unlock(&chunk_entry->lock); 456 spin_unlock(&old_entry->lock); 457 mutex_unlock(&old_entry->group->mark_mutex); 458 459 fsnotify_destroy_mark(chunk_entry, audit_tree_group); 460 461 fsnotify_put_mark(chunk_entry); 462 fsnotify_put_mark(old_entry); 463 return 0; 464 } 465 list_replace_init(&old->trees, &chunk->trees); 466 for (n = 0, p = chunk->owners; n < old->count; n++, p++) { 467 struct audit_tree *s = old->owners[n].owner; 468 p->owner = s; 469 p->index = old->owners[n].index; 470 if (!s) /* result of fallback in untag */ 471 continue; 472 get_tree(s); 473 list_replace_init(&old->owners[n].list, &p->list); 474 } 475 p->index = (chunk->count - 1) | (1U<<31); 476 p->owner = tree; 477 get_tree(tree); 478 list_add(&p->list, &tree->chunks); 479 list_replace_rcu(&old->hash, &chunk->hash); 480 list_for_each_entry(owner, &chunk->trees, same_root) 481 owner->root = chunk; 482 old->dead = 1; 483 if (!tree->root) { 484 tree->root = chunk; 485 list_add(&tree->same_root, &chunk->trees); 486 } 487 spin_unlock(&hash_lock); 488 spin_unlock(&chunk_entry->lock); 489 spin_unlock(&old_entry->lock); 490 mutex_unlock(&old_entry->group->mark_mutex); 491 fsnotify_destroy_mark(old_entry, audit_tree_group); 492 fsnotify_put_mark(chunk_entry); /* drop initial reference */ 493 fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */ 494 return 0; 495 } 496 497 static void audit_tree_log_remove_rule(struct audit_krule *rule) 498 { 499 struct audit_buffer *ab; 500 501 if (!audit_enabled) 502 return; 503 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 504 if (unlikely(!ab)) 505 return; 506 audit_log_format(ab, "op=remove_rule"); 507 audit_log_format(ab, " dir="); 508 audit_log_untrustedstring(ab, rule->tree->pathname); 509 audit_log_key(ab, rule->filterkey); 510 audit_log_format(ab, " list=%d res=1", rule->listnr); 511 audit_log_end(ab); 512 } 513 514 static void kill_rules(struct audit_tree *tree) 515 { 516 struct audit_krule *rule, *next; 517 struct audit_entry *entry; 518 519 list_for_each_entry_safe(rule, next, &tree->rules, rlist) { 520 entry = container_of(rule, struct audit_entry, rule); 521 522 list_del_init(&rule->rlist); 523 if (rule->tree) { 524 /* not a half-baked one */ 525 audit_tree_log_remove_rule(rule); 526 if (entry->rule.exe) 527 audit_remove_mark(entry->rule.exe); 528 rule->tree = NULL; 529 list_del_rcu(&entry->list); 530 list_del(&entry->rule.list); 531 call_rcu(&entry->rcu, audit_free_rule_rcu); 532 } 533 } 534 } 535 536 /* 537 * finish killing struct audit_tree 538 */ 539 static void prune_one(struct audit_tree *victim) 540 { 541 spin_lock(&hash_lock); 542 while (!list_empty(&victim->chunks)) { 543 struct node *p; 544 545 p = list_entry(victim->chunks.next, struct node, list); 546 547 untag_chunk(p); 548 } 549 spin_unlock(&hash_lock); 550 put_tree(victim); 551 } 552 553 /* trim the uncommitted chunks from tree */ 554 555 static void trim_marked(struct audit_tree *tree) 556 { 557 struct list_head *p, *q; 558 spin_lock(&hash_lock); 559 if (tree->goner) { 560 spin_unlock(&hash_lock); 561 return; 562 } 563 /* reorder */ 564 for (p = tree->chunks.next; p != &tree->chunks; p = q) { 565 struct node *node = list_entry(p, struct node, list); 566 q = p->next; 567 if (node->index & (1U<<31)) { 568 list_del_init(p); 569 list_add(p, &tree->chunks); 570 } 571 } 572 573 while (!list_empty(&tree->chunks)) { 574 struct node *node; 575 576 node = list_entry(tree->chunks.next, struct node, list); 577 578 /* have we run out of marked? */ 579 if (!(node->index & (1U<<31))) 580 break; 581 582 untag_chunk(node); 583 } 584 if (!tree->root && !tree->goner) { 585 tree->goner = 1; 586 spin_unlock(&hash_lock); 587 mutex_lock(&audit_filter_mutex); 588 kill_rules(tree); 589 list_del_init(&tree->list); 590 mutex_unlock(&audit_filter_mutex); 591 prune_one(tree); 592 } else { 593 spin_unlock(&hash_lock); 594 } 595 } 596 597 static void audit_schedule_prune(void); 598 599 /* called with audit_filter_mutex */ 600 int audit_remove_tree_rule(struct audit_krule *rule) 601 { 602 struct audit_tree *tree; 603 tree = rule->tree; 604 if (tree) { 605 spin_lock(&hash_lock); 606 list_del_init(&rule->rlist); 607 if (list_empty(&tree->rules) && !tree->goner) { 608 tree->root = NULL; 609 list_del_init(&tree->same_root); 610 tree->goner = 1; 611 list_move(&tree->list, &prune_list); 612 rule->tree = NULL; 613 spin_unlock(&hash_lock); 614 audit_schedule_prune(); 615 return 1; 616 } 617 rule->tree = NULL; 618 spin_unlock(&hash_lock); 619 return 1; 620 } 621 return 0; 622 } 623 624 static int compare_root(struct vfsmount *mnt, void *arg) 625 { 626 return inode_to_key(d_backing_inode(mnt->mnt_root)) == 627 (unsigned long)arg; 628 } 629 630 void audit_trim_trees(void) 631 { 632 struct list_head cursor; 633 634 mutex_lock(&audit_filter_mutex); 635 list_add(&cursor, &tree_list); 636 while (cursor.next != &tree_list) { 637 struct audit_tree *tree; 638 struct path path; 639 struct vfsmount *root_mnt; 640 struct node *node; 641 int err; 642 643 tree = container_of(cursor.next, struct audit_tree, list); 644 get_tree(tree); 645 list_del(&cursor); 646 list_add(&cursor, &tree->list); 647 mutex_unlock(&audit_filter_mutex); 648 649 err = kern_path(tree->pathname, 0, &path); 650 if (err) 651 goto skip_it; 652 653 root_mnt = collect_mounts(&path); 654 path_put(&path); 655 if (IS_ERR(root_mnt)) 656 goto skip_it; 657 658 spin_lock(&hash_lock); 659 list_for_each_entry(node, &tree->chunks, list) { 660 struct audit_chunk *chunk = find_chunk(node); 661 /* this could be NULL if the watch is dying else where... */ 662 node->index |= 1U<<31; 663 if (iterate_mounts(compare_root, 664 (void *)chunk_to_key(chunk), 665 root_mnt)) 666 node->index &= ~(1U<<31); 667 } 668 spin_unlock(&hash_lock); 669 trim_marked(tree); 670 drop_collected_mounts(root_mnt); 671 skip_it: 672 put_tree(tree); 673 mutex_lock(&audit_filter_mutex); 674 } 675 list_del(&cursor); 676 mutex_unlock(&audit_filter_mutex); 677 } 678 679 int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) 680 { 681 682 if (pathname[0] != '/' || 683 rule->listnr != AUDIT_FILTER_EXIT || 684 op != Audit_equal || 685 rule->inode_f || rule->watch || rule->tree) 686 return -EINVAL; 687 rule->tree = alloc_tree(pathname); 688 if (!rule->tree) 689 return -ENOMEM; 690 return 0; 691 } 692 693 void audit_put_tree(struct audit_tree *tree) 694 { 695 put_tree(tree); 696 } 697 698 static int tag_mount(struct vfsmount *mnt, void *arg) 699 { 700 return tag_chunk(d_backing_inode(mnt->mnt_root), arg); 701 } 702 703 /* 704 * That gets run when evict_chunk() ends up needing to kill audit_tree. 705 * Runs from a separate thread. 706 */ 707 static int prune_tree_thread(void *unused) 708 { 709 for (;;) { 710 if (list_empty(&prune_list)) { 711 set_current_state(TASK_INTERRUPTIBLE); 712 schedule(); 713 } 714 715 audit_ctl_lock(); 716 mutex_lock(&audit_filter_mutex); 717 718 while (!list_empty(&prune_list)) { 719 struct audit_tree *victim; 720 721 victim = list_entry(prune_list.next, 722 struct audit_tree, list); 723 list_del_init(&victim->list); 724 725 mutex_unlock(&audit_filter_mutex); 726 727 prune_one(victim); 728 729 mutex_lock(&audit_filter_mutex); 730 } 731 732 mutex_unlock(&audit_filter_mutex); 733 audit_ctl_unlock(); 734 } 735 return 0; 736 } 737 738 static int audit_launch_prune(void) 739 { 740 if (prune_thread) 741 return 0; 742 prune_thread = kthread_run(prune_tree_thread, NULL, 743 "audit_prune_tree"); 744 if (IS_ERR(prune_thread)) { 745 pr_err("cannot start thread audit_prune_tree"); 746 prune_thread = NULL; 747 return -ENOMEM; 748 } 749 return 0; 750 } 751 752 /* called with audit_filter_mutex */ 753 int audit_add_tree_rule(struct audit_krule *rule) 754 { 755 struct audit_tree *seed = rule->tree, *tree; 756 struct path path; 757 struct vfsmount *mnt; 758 int err; 759 760 rule->tree = NULL; 761 list_for_each_entry(tree, &tree_list, list) { 762 if (!strcmp(seed->pathname, tree->pathname)) { 763 put_tree(seed); 764 rule->tree = tree; 765 list_add(&rule->rlist, &tree->rules); 766 return 0; 767 } 768 } 769 tree = seed; 770 list_add(&tree->list, &tree_list); 771 list_add(&rule->rlist, &tree->rules); 772 /* do not set rule->tree yet */ 773 mutex_unlock(&audit_filter_mutex); 774 775 if (unlikely(!prune_thread)) { 776 err = audit_launch_prune(); 777 if (err) 778 goto Err; 779 } 780 781 err = kern_path(tree->pathname, 0, &path); 782 if (err) 783 goto Err; 784 mnt = collect_mounts(&path); 785 path_put(&path); 786 if (IS_ERR(mnt)) { 787 err = PTR_ERR(mnt); 788 goto Err; 789 } 790 791 get_tree(tree); 792 err = iterate_mounts(tag_mount, tree, mnt); 793 drop_collected_mounts(mnt); 794 795 if (!err) { 796 struct node *node; 797 spin_lock(&hash_lock); 798 list_for_each_entry(node, &tree->chunks, list) 799 node->index &= ~(1U<<31); 800 spin_unlock(&hash_lock); 801 } else { 802 trim_marked(tree); 803 goto Err; 804 } 805 806 mutex_lock(&audit_filter_mutex); 807 if (list_empty(&rule->rlist)) { 808 put_tree(tree); 809 return -ENOENT; 810 } 811 rule->tree = tree; 812 put_tree(tree); 813 814 return 0; 815 Err: 816 mutex_lock(&audit_filter_mutex); 817 list_del_init(&tree->list); 818 list_del_init(&tree->rules); 819 put_tree(tree); 820 return err; 821 } 822 823 int audit_tag_tree(char *old, char *new) 824 { 825 struct list_head cursor, barrier; 826 int failed = 0; 827 struct path path1, path2; 828 struct vfsmount *tagged; 829 int err; 830 831 err = kern_path(new, 0, &path2); 832 if (err) 833 return err; 834 tagged = collect_mounts(&path2); 835 path_put(&path2); 836 if (IS_ERR(tagged)) 837 return PTR_ERR(tagged); 838 839 err = kern_path(old, 0, &path1); 840 if (err) { 841 drop_collected_mounts(tagged); 842 return err; 843 } 844 845 mutex_lock(&audit_filter_mutex); 846 list_add(&barrier, &tree_list); 847 list_add(&cursor, &barrier); 848 849 while (cursor.next != &tree_list) { 850 struct audit_tree *tree; 851 int good_one = 0; 852 853 tree = container_of(cursor.next, struct audit_tree, list); 854 get_tree(tree); 855 list_del(&cursor); 856 list_add(&cursor, &tree->list); 857 mutex_unlock(&audit_filter_mutex); 858 859 err = kern_path(tree->pathname, 0, &path2); 860 if (!err) { 861 good_one = path_is_under(&path1, &path2); 862 path_put(&path2); 863 } 864 865 if (!good_one) { 866 put_tree(tree); 867 mutex_lock(&audit_filter_mutex); 868 continue; 869 } 870 871 failed = iterate_mounts(tag_mount, tree, tagged); 872 if (failed) { 873 put_tree(tree); 874 mutex_lock(&audit_filter_mutex); 875 break; 876 } 877 878 mutex_lock(&audit_filter_mutex); 879 spin_lock(&hash_lock); 880 if (!tree->goner) { 881 list_del(&tree->list); 882 list_add(&tree->list, &tree_list); 883 } 884 spin_unlock(&hash_lock); 885 put_tree(tree); 886 } 887 888 while (barrier.prev != &tree_list) { 889 struct audit_tree *tree; 890 891 tree = container_of(barrier.prev, struct audit_tree, list); 892 get_tree(tree); 893 list_del(&tree->list); 894 list_add(&tree->list, &barrier); 895 mutex_unlock(&audit_filter_mutex); 896 897 if (!failed) { 898 struct node *node; 899 spin_lock(&hash_lock); 900 list_for_each_entry(node, &tree->chunks, list) 901 node->index &= ~(1U<<31); 902 spin_unlock(&hash_lock); 903 } else { 904 trim_marked(tree); 905 } 906 907 put_tree(tree); 908 mutex_lock(&audit_filter_mutex); 909 } 910 list_del(&barrier); 911 list_del(&cursor); 912 mutex_unlock(&audit_filter_mutex); 913 path_put(&path1); 914 drop_collected_mounts(tagged); 915 return failed; 916 } 917 918 919 static void audit_schedule_prune(void) 920 { 921 wake_up_process(prune_thread); 922 } 923 924 /* 925 * ... and that one is done if evict_chunk() decides to delay until the end 926 * of syscall. Runs synchronously. 927 */ 928 void audit_kill_trees(struct list_head *list) 929 { 930 audit_ctl_lock(); 931 mutex_lock(&audit_filter_mutex); 932 933 while (!list_empty(list)) { 934 struct audit_tree *victim; 935 936 victim = list_entry(list->next, struct audit_tree, list); 937 kill_rules(victim); 938 list_del_init(&victim->list); 939 940 mutex_unlock(&audit_filter_mutex); 941 942 prune_one(victim); 943 944 mutex_lock(&audit_filter_mutex); 945 } 946 947 mutex_unlock(&audit_filter_mutex); 948 audit_ctl_unlock(); 949 } 950 951 /* 952 * Here comes the stuff asynchronous to auditctl operations 953 */ 954 955 static void evict_chunk(struct audit_chunk *chunk) 956 { 957 struct audit_tree *owner; 958 struct list_head *postponed = audit_killed_trees(); 959 int need_prune = 0; 960 int n; 961 962 if (chunk->dead) 963 return; 964 965 chunk->dead = 1; 966 mutex_lock(&audit_filter_mutex); 967 spin_lock(&hash_lock); 968 while (!list_empty(&chunk->trees)) { 969 owner = list_entry(chunk->trees.next, 970 struct audit_tree, same_root); 971 owner->goner = 1; 972 owner->root = NULL; 973 list_del_init(&owner->same_root); 974 spin_unlock(&hash_lock); 975 if (!postponed) { 976 kill_rules(owner); 977 list_move(&owner->list, &prune_list); 978 need_prune = 1; 979 } else { 980 list_move(&owner->list, postponed); 981 } 982 spin_lock(&hash_lock); 983 } 984 list_del_rcu(&chunk->hash); 985 for (n = 0; n < chunk->count; n++) 986 list_del_init(&chunk->owners[n].list); 987 spin_unlock(&hash_lock); 988 mutex_unlock(&audit_filter_mutex); 989 if (need_prune) 990 audit_schedule_prune(); 991 } 992 993 static int audit_tree_handle_event(struct fsnotify_group *group, 994 struct inode *to_tell, 995 u32 mask, const void *data, int data_type, 996 const unsigned char *file_name, u32 cookie, 997 struct fsnotify_iter_info *iter_info) 998 { 999 return 0; 1000 } 1001 1002 static void audit_tree_freeing_mark(struct fsnotify_mark *entry, struct fsnotify_group *group) 1003 { 1004 struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark); 1005 1006 evict_chunk(chunk); 1007 1008 /* 1009 * We are guaranteed to have at least one reference to the mark from 1010 * either the inode or the caller of fsnotify_destroy_mark(). 1011 */ 1012 BUG_ON(refcount_read(&entry->refcnt) < 1); 1013 } 1014 1015 static const struct fsnotify_ops audit_tree_ops = { 1016 .handle_event = audit_tree_handle_event, 1017 .freeing_mark = audit_tree_freeing_mark, 1018 .free_mark = audit_tree_destroy_watch, 1019 }; 1020 1021 static int __init audit_tree_init(void) 1022 { 1023 int i; 1024 1025 audit_tree_group = fsnotify_alloc_group(&audit_tree_ops); 1026 if (IS_ERR(audit_tree_group)) 1027 audit_panic("cannot initialize fsnotify group for rectree watches"); 1028 1029 for (i = 0; i < HASH_SIZE; i++) 1030 INIT_LIST_HEAD(&chunk_hash_heads[i]); 1031 1032 return 0; 1033 } 1034 __initcall(audit_tree_init); 1035