1 /* 2 * AppArmor security module 3 * 4 * This file contains basic common functions used in AppArmor 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/mm.h> 16 #include <linux/slab.h> 17 #include <linux/string.h> 18 #include <linux/vmalloc.h> 19 20 #include "include/audit.h" 21 #include "include/apparmor.h" 22 23 24 /** 25 * aa_split_fqname - split a fqname into a profile and namespace name 26 * @fqname: a full qualified name in namespace profile format (NOT NULL) 27 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL) 28 * 29 * Returns: profile name or NULL if one is not specified 30 * 31 * Split a namespace name from a profile name (see policy.c for naming 32 * description). If a portion of the name is missing it returns NULL for 33 * that portion. 34 * 35 * NOTE: may modify the @fqname string. The pointers returned point 36 * into the @fqname string. 37 */ 38 char *aa_split_fqname(char *fqname, char **ns_name) 39 { 40 char *name = strim(fqname); 41 42 *ns_name = NULL; 43 if (name[0] == ':') { 44 char *split = strchr(&name[1], ':'); 45 *ns_name = skip_spaces(&name[1]); 46 if (split) { 47 /* overwrite ':' with \0 */ 48 *split = 0; 49 name = skip_spaces(split + 1); 50 } else 51 /* a ns name without a following profile is allowed */ 52 name = NULL; 53 } 54 if (name && *name == 0) 55 name = NULL; 56 57 return name; 58 } 59 60 /** 61 * aa_info_message - log a none profile related status message 62 * @str: message to log 63 */ 64 void aa_info_message(const char *str) 65 { 66 if (audit_enabled) { 67 struct common_audit_data sa; 68 COMMON_AUDIT_DATA_INIT(&sa, NONE); 69 sa.aad.info = str; 70 aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); 71 } 72 printk(KERN_INFO "AppArmor: %s\n", str); 73 } 74 75 /** 76 * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc 77 * @size: size of allocation 78 * 79 * Return: allocated buffer or NULL if failed 80 * 81 * It is possible that policy being loaded from the user is larger than 82 * what can be allocated by kmalloc, in those cases fall back to vmalloc. 83 */ 84 void *kvmalloc(size_t size) 85 { 86 void *buffer = NULL; 87 88 if (size == 0) 89 return NULL; 90 91 /* do not attempt kmalloc if we need more than 16 pages at once */ 92 if (size <= (16*PAGE_SIZE)) 93 buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN); 94 if (!buffer) { 95 /* see kvfree for why size must be at least work_struct size 96 * when allocated via vmalloc 97 */ 98 if (size < sizeof(struct work_struct)) 99 size = sizeof(struct work_struct); 100 buffer = vmalloc(size); 101 } 102 return buffer; 103 } 104 105 /** 106 * do_vfree - workqueue routine for freeing vmalloced memory 107 * @work: data to be freed 108 * 109 * The work_struct is overlaid to the data being freed, as at the point 110 * the work is scheduled the data is no longer valid, be its freeing 111 * needs to be delayed until safe. 112 */ 113 static void do_vfree(struct work_struct *work) 114 { 115 vfree(work); 116 } 117 118 /** 119 * kvfree - free an allocation do by kvmalloc 120 * @buffer: buffer to free (MAYBE_NULL) 121 * 122 * Free a buffer allocated by kvmalloc 123 */ 124 void kvfree(void *buffer) 125 { 126 if (is_vmalloc_addr(buffer)) { 127 /* Data is no longer valid so just use the allocated space 128 * as the work_struct 129 */ 130 struct work_struct *work = (struct work_struct *) buffer; 131 INIT_WORK(work, do_vfree); 132 schedule_work(work); 133 } else 134 kfree(buffer); 135 } 136