1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the extensible bitmap type. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 /* 8 * Updated: Hewlett-Packard <paul@paul-moore.com> 9 * 10 * Added support to import/export the NetLabel category bitmap 11 * 12 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 13 */ 14 /* 15 * Updated: KaiGai Kohei <kaigai@ak.jp.nec.com> 16 * Applied standard bit operations to improve bitmap scanning. 17 */ 18 19 #include <linux/kernel.h> 20 #include <linux/slab.h> 21 #include <linux/errno.h> 22 #include <linux/jhash.h> 23 #include <net/netlabel.h> 24 #include "ebitmap.h" 25 #include "policydb.h" 26 27 #define BITS_PER_U64 (sizeof(u64) * 8) 28 29 static struct kmem_cache *ebitmap_node_cachep __ro_after_init; 30 31 int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2) 32 { 33 const struct ebitmap_node *n1, *n2; 34 35 if (e1->highbit != e2->highbit) 36 return 0; 37 38 n1 = e1->node; 39 n2 = e2->node; 40 while (n1 && n2 && 41 (n1->startbit == n2->startbit) && 42 !memcmp(n1->maps, n2->maps, EBITMAP_SIZE / 8)) { 43 n1 = n1->next; 44 n2 = n2->next; 45 } 46 47 if (n1 || n2) 48 return 0; 49 50 return 1; 51 } 52 53 int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src) 54 { 55 struct ebitmap_node *new, *prev; 56 const struct ebitmap_node *n; 57 58 ebitmap_init(dst); 59 n = src->node; 60 prev = NULL; 61 while (n) { 62 new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); 63 if (!new) { 64 ebitmap_destroy(dst); 65 return -ENOMEM; 66 } 67 new->startbit = n->startbit; 68 memcpy(new->maps, n->maps, EBITMAP_SIZE / 8); 69 new->next = NULL; 70 if (prev) 71 prev->next = new; 72 else 73 dst->node = new; 74 prev = new; 75 n = n->next; 76 } 77 78 dst->highbit = src->highbit; 79 return 0; 80 } 81 82 int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2) 83 { 84 struct ebitmap_node *n; 85 int bit, rc; 86 87 ebitmap_init(dst); 88 89 ebitmap_for_each_positive_bit(e1, n, bit) { 90 if (ebitmap_get_bit(e2, bit)) { 91 rc = ebitmap_set_bit(dst, bit, 1); 92 if (rc < 0) 93 return rc; 94 } 95 } 96 return 0; 97 } 98 99 100 #ifdef CONFIG_NETLABEL 101 /** 102 * ebitmap_netlbl_export - Export an ebitmap into a NetLabel category bitmap 103 * @ebmap: the ebitmap to export 104 * @catmap: the NetLabel category bitmap 105 * 106 * Description: 107 * Export a SELinux extensibile bitmap into a NetLabel category bitmap. 108 * Returns zero on success, negative values on error. 109 * 110 */ 111 int ebitmap_netlbl_export(struct ebitmap *ebmap, 112 struct netlbl_lsm_catmap **catmap) 113 { 114 struct ebitmap_node *e_iter = ebmap->node; 115 unsigned long e_map; 116 u32 offset; 117 unsigned int iter; 118 int rc; 119 120 if (e_iter == NULL) { 121 *catmap = NULL; 122 return 0; 123 } 124 125 if (*catmap != NULL) 126 netlbl_catmap_free(*catmap); 127 *catmap = NULL; 128 129 while (e_iter) { 130 offset = e_iter->startbit; 131 for (iter = 0; iter < EBITMAP_UNIT_NUMS; iter++) { 132 e_map = e_iter->maps[iter]; 133 if (e_map != 0) { 134 rc = netlbl_catmap_setlong(catmap, 135 offset, 136 e_map, 137 GFP_ATOMIC); 138 if (rc != 0) 139 goto netlbl_export_failure; 140 } 141 offset += EBITMAP_UNIT_SIZE; 142 } 143 e_iter = e_iter->next; 144 } 145 146 return 0; 147 148 netlbl_export_failure: 149 netlbl_catmap_free(*catmap); 150 return -ENOMEM; 151 } 152 153 /** 154 * ebitmap_netlbl_import - Import a NetLabel category bitmap into an ebitmap 155 * @ebmap: the ebitmap to import 156 * @catmap: the NetLabel category bitmap 157 * 158 * Description: 159 * Import a NetLabel category bitmap into a SELinux extensibile bitmap. 160 * Returns zero on success, negative values on error. 161 * 162 */ 163 int ebitmap_netlbl_import(struct ebitmap *ebmap, 164 struct netlbl_lsm_catmap *catmap) 165 { 166 int rc; 167 struct ebitmap_node *e_iter = NULL; 168 struct ebitmap_node *e_prev = NULL; 169 u32 offset = 0, idx; 170 unsigned long bitmap; 171 172 for (;;) { 173 rc = netlbl_catmap_getlong(catmap, &offset, &bitmap); 174 if (rc < 0) 175 goto netlbl_import_failure; 176 if (offset == (u32)-1) 177 return 0; 178 179 /* don't waste ebitmap space if the netlabel bitmap is empty */ 180 if (bitmap == 0) { 181 offset += EBITMAP_UNIT_SIZE; 182 continue; 183 } 184 185 if (e_iter == NULL || 186 offset >= e_iter->startbit + EBITMAP_SIZE) { 187 e_prev = e_iter; 188 e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); 189 if (e_iter == NULL) 190 goto netlbl_import_failure; 191 e_iter->startbit = offset - (offset % EBITMAP_SIZE); 192 if (e_prev == NULL) 193 ebmap->node = e_iter; 194 else 195 e_prev->next = e_iter; 196 ebmap->highbit = e_iter->startbit + EBITMAP_SIZE; 197 } 198 199 /* offset will always be aligned to an unsigned long */ 200 idx = EBITMAP_NODE_INDEX(e_iter, offset); 201 e_iter->maps[idx] = bitmap; 202 203 /* next */ 204 offset += EBITMAP_UNIT_SIZE; 205 } 206 207 /* NOTE: we should never reach this return */ 208 return 0; 209 210 netlbl_import_failure: 211 ebitmap_destroy(ebmap); 212 return -ENOMEM; 213 } 214 #endif /* CONFIG_NETLABEL */ 215 216 /* 217 * Check to see if all the bits set in e2 are also set in e1. Optionally, 218 * if last_e2bit is non-zero, the highest set bit in e2 cannot exceed 219 * last_e2bit. 220 */ 221 int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit) 222 { 223 const struct ebitmap_node *n1, *n2; 224 int i; 225 226 if (e1->highbit < e2->highbit) 227 return 0; 228 229 n1 = e1->node; 230 n2 = e2->node; 231 232 while (n1 && n2 && (n1->startbit <= n2->startbit)) { 233 if (n1->startbit < n2->startbit) { 234 n1 = n1->next; 235 continue; 236 } 237 for (i = EBITMAP_UNIT_NUMS - 1; (i >= 0) && !n2->maps[i]; ) 238 i--; /* Skip trailing NULL map entries */ 239 if (last_e2bit && (i >= 0)) { 240 u32 lastsetbit = n2->startbit + i * EBITMAP_UNIT_SIZE + 241 __fls(n2->maps[i]); 242 if (lastsetbit > last_e2bit) 243 return 0; 244 } 245 246 while (i >= 0) { 247 if ((n1->maps[i] & n2->maps[i]) != n2->maps[i]) 248 return 0; 249 i--; 250 } 251 252 n1 = n1->next; 253 n2 = n2->next; 254 } 255 256 if (n2) 257 return 0; 258 259 return 1; 260 } 261 262 int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) 263 { 264 const struct ebitmap_node *n; 265 266 if (e->highbit < bit) 267 return 0; 268 269 n = e->node; 270 while (n && (n->startbit <= bit)) { 271 if ((n->startbit + EBITMAP_SIZE) > bit) 272 return ebitmap_node_get_bit(n, bit); 273 n = n->next; 274 } 275 276 return 0; 277 } 278 279 int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) 280 { 281 struct ebitmap_node *n, *prev, *new; 282 283 prev = NULL; 284 n = e->node; 285 while (n && n->startbit <= bit) { 286 if ((n->startbit + EBITMAP_SIZE) > bit) { 287 if (value) { 288 ebitmap_node_set_bit(n, bit); 289 } else { 290 unsigned int s; 291 292 ebitmap_node_clr_bit(n, bit); 293 294 s = find_first_bit(n->maps, EBITMAP_SIZE); 295 if (s < EBITMAP_SIZE) 296 return 0; 297 298 /* drop this node from the bitmap */ 299 if (!n->next) { 300 /* 301 * this was the highest map 302 * within the bitmap 303 */ 304 if (prev) 305 e->highbit = prev->startbit 306 + EBITMAP_SIZE; 307 else 308 e->highbit = 0; 309 } 310 if (prev) 311 prev->next = n->next; 312 else 313 e->node = n->next; 314 kmem_cache_free(ebitmap_node_cachep, n); 315 } 316 return 0; 317 } 318 prev = n; 319 n = n->next; 320 } 321 322 if (!value) 323 return 0; 324 325 new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); 326 if (!new) 327 return -ENOMEM; 328 329 new->startbit = bit - (bit % EBITMAP_SIZE); 330 ebitmap_node_set_bit(new, bit); 331 332 if (!n) 333 /* this node will be the highest map within the bitmap */ 334 e->highbit = new->startbit + EBITMAP_SIZE; 335 336 if (prev) { 337 new->next = prev->next; 338 prev->next = new; 339 } else { 340 new->next = e->node; 341 e->node = new; 342 } 343 344 return 0; 345 } 346 347 void ebitmap_destroy(struct ebitmap *e) 348 { 349 struct ebitmap_node *n, *temp; 350 351 if (!e) 352 return; 353 354 n = e->node; 355 while (n) { 356 temp = n; 357 n = n->next; 358 kmem_cache_free(ebitmap_node_cachep, temp); 359 } 360 361 e->highbit = 0; 362 e->node = NULL; 363 } 364 365 int ebitmap_read(struct ebitmap *e, void *fp) 366 { 367 struct ebitmap_node *n = NULL; 368 u32 mapunit, count, startbit, index; 369 __le32 ebitmap_start; 370 u64 map; 371 __le64 mapbits; 372 __le32 buf[3]; 373 int rc, i; 374 375 ebitmap_init(e); 376 377 rc = next_entry(buf, fp, sizeof buf); 378 if (rc < 0) 379 goto out; 380 381 mapunit = le32_to_cpu(buf[0]); 382 e->highbit = le32_to_cpu(buf[1]); 383 count = le32_to_cpu(buf[2]); 384 385 if (mapunit != BITS_PER_U64) { 386 pr_err("SELinux: ebitmap: map size %u does not " 387 "match my size %zd (high bit was %d)\n", 388 mapunit, BITS_PER_U64, e->highbit); 389 goto bad; 390 } 391 392 /* round up e->highbit */ 393 e->highbit += EBITMAP_SIZE - 1; 394 e->highbit -= (e->highbit % EBITMAP_SIZE); 395 396 if (!e->highbit) { 397 e->node = NULL; 398 goto ok; 399 } 400 401 if (e->highbit && !count) 402 goto bad; 403 404 for (i = 0; i < count; i++) { 405 rc = next_entry(&ebitmap_start, fp, sizeof(u32)); 406 if (rc < 0) { 407 pr_err("SELinux: ebitmap: truncated map\n"); 408 goto bad; 409 } 410 startbit = le32_to_cpu(ebitmap_start); 411 412 if (startbit & (mapunit - 1)) { 413 pr_err("SELinux: ebitmap start bit (%d) is " 414 "not a multiple of the map unit size (%u)\n", 415 startbit, mapunit); 416 goto bad; 417 } 418 if (startbit > e->highbit - mapunit) { 419 pr_err("SELinux: ebitmap start bit (%d) is " 420 "beyond the end of the bitmap (%u)\n", 421 startbit, (e->highbit - mapunit)); 422 goto bad; 423 } 424 425 if (!n || startbit >= n->startbit + EBITMAP_SIZE) { 426 struct ebitmap_node *tmp; 427 tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL); 428 if (!tmp) { 429 pr_err("SELinux: ebitmap: out of memory\n"); 430 rc = -ENOMEM; 431 goto bad; 432 } 433 /* round down */ 434 tmp->startbit = startbit - (startbit % EBITMAP_SIZE); 435 if (n) 436 n->next = tmp; 437 else 438 e->node = tmp; 439 n = tmp; 440 } else if (startbit <= n->startbit) { 441 pr_err("SELinux: ebitmap: start bit %d" 442 " comes after start bit %d\n", 443 startbit, n->startbit); 444 goto bad; 445 } 446 447 rc = next_entry(&mapbits, fp, sizeof(u64)); 448 if (rc < 0) { 449 pr_err("SELinux: ebitmap: truncated map\n"); 450 goto bad; 451 } 452 map = le64_to_cpu(mapbits); 453 454 index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE; 455 while (map) { 456 n->maps[index++] = map & (-1UL); 457 map = EBITMAP_SHIFT_UNIT_SIZE(map); 458 } 459 } 460 ok: 461 rc = 0; 462 out: 463 return rc; 464 bad: 465 if (!rc) 466 rc = -EINVAL; 467 ebitmap_destroy(e); 468 goto out; 469 } 470 471 int ebitmap_write(const struct ebitmap *e, void *fp) 472 { 473 struct ebitmap_node *n; 474 u32 count; 475 __le32 buf[3]; 476 u64 map; 477 int bit, last_bit, last_startbit, rc; 478 479 buf[0] = cpu_to_le32(BITS_PER_U64); 480 481 count = 0; 482 last_bit = 0; 483 last_startbit = -1; 484 ebitmap_for_each_positive_bit(e, n, bit) { 485 if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { 486 count++; 487 last_startbit = rounddown(bit, BITS_PER_U64); 488 } 489 last_bit = roundup(bit + 1, BITS_PER_U64); 490 } 491 buf[1] = cpu_to_le32(last_bit); 492 buf[2] = cpu_to_le32(count); 493 494 rc = put_entry(buf, sizeof(u32), 3, fp); 495 if (rc) 496 return rc; 497 498 map = 0; 499 last_startbit = INT_MIN; 500 ebitmap_for_each_positive_bit(e, n, bit) { 501 if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { 502 __le64 buf64[1]; 503 504 /* this is the very first bit */ 505 if (!map) { 506 last_startbit = rounddown(bit, BITS_PER_U64); 507 map = (u64)1 << (bit - last_startbit); 508 continue; 509 } 510 511 /* write the last node */ 512 buf[0] = cpu_to_le32(last_startbit); 513 rc = put_entry(buf, sizeof(u32), 1, fp); 514 if (rc) 515 return rc; 516 517 buf64[0] = cpu_to_le64(map); 518 rc = put_entry(buf64, sizeof(u64), 1, fp); 519 if (rc) 520 return rc; 521 522 /* set up for the next node */ 523 map = 0; 524 last_startbit = rounddown(bit, BITS_PER_U64); 525 } 526 map |= (u64)1 << (bit - last_startbit); 527 } 528 /* write the last node */ 529 if (map) { 530 __le64 buf64[1]; 531 532 /* write the last node */ 533 buf[0] = cpu_to_le32(last_startbit); 534 rc = put_entry(buf, sizeof(u32), 1, fp); 535 if (rc) 536 return rc; 537 538 buf64[0] = cpu_to_le64(map); 539 rc = put_entry(buf64, sizeof(u64), 1, fp); 540 if (rc) 541 return rc; 542 } 543 return 0; 544 } 545 546 u32 ebitmap_hash(const struct ebitmap *e, u32 hash) 547 { 548 struct ebitmap_node *node; 549 550 /* need to change hash even if ebitmap is empty */ 551 hash = jhash_1word(e->highbit, hash); 552 for (node = e->node; node; node = node->next) { 553 hash = jhash_1word(node->startbit, hash); 554 hash = jhash(node->maps, sizeof(node->maps), hash); 555 } 556 return hash; 557 } 558 559 void __init ebitmap_cache_init(void) 560 { 561 ebitmap_node_cachep = kmem_cache_create("ebitmap_node", 562 sizeof(struct ebitmap_node), 563 0, SLAB_PANIC, NULL); 564 } 565