1/* 2 * AppArmor security module 3 * 4 * This file contains basic common functions used in AppArmor 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15#include <linux/mm.h> 16#include <linux/slab.h> 17#include <linux/string.h> 18#include <linux/vmalloc.h> 19 20#include "include/audit.h" 21#include "include/apparmor.h" 22 23 24/** 25 * aa_split_fqname - split a fqname into a profile and namespace name 26 * @fqname: a full qualified name in namespace profile format (NOT NULL) 27 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL) 28 * 29 * Returns: profile name or NULL if one is not specified 30 * 31 * Split a namespace name from a profile name (see policy.c for naming 32 * description). If a portion of the name is missing it returns NULL for 33 * that portion. 34 * 35 * NOTE: may modify the @fqname string. The pointers returned point 36 * into the @fqname string. 37 */ 38char *aa_split_fqname(char *fqname, char **ns_name) 39{ 40 char *name = strim(fqname); 41 42 *ns_name = NULL; 43 if (name[0] == ':') { 44 char *split = strchr(&name[1], ':'); 45 *ns_name = skip_spaces(&name[1]); 46 if (split) { 47 /* overwrite ':' with \0 */ 48 *split = 0; 49 name = skip_spaces(split + 1); 50 } else 51 /* a ns name without a following profile is allowed */ 52 name = NULL; 53 } 54 if (name && *name == 0) 55 name = NULL; 56 57 return name; 58} 59 60/** 61 * aa_info_message - log a none profile related status message 62 * @str: message to log 63 */ 64void aa_info_message(const char *str) 65{ 66 if (audit_enabled) { 67 struct common_audit_data sa; 68 struct apparmor_audit_data aad = {0,}; 69 sa.type = LSM_AUDIT_DATA_NONE; 70 sa.aad = &aad; 71 aad.info = str; 72 aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); 73 } 74 printk(KERN_INFO "AppArmor: %s\n", str); 75} 76 77/** 78 * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc 79 * @size: size of allocation 80 * 81 * Return: allocated buffer or NULL if failed 82 * 83 * It is possible that policy being loaded from the user is larger than 84 * what can be allocated by kmalloc, in those cases fall back to vmalloc. 85 */ 86void *kvmalloc(size_t size) 87{ 88 void *buffer = NULL; 89 90 if (size == 0) 91 return NULL; 92 93 /* do not attempt kmalloc if we need more than 16 pages at once */ 94 if (size <= (16*PAGE_SIZE)) 95 buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN); 96 if (!buffer) { 97 /* see kvfree for why size must be at least work_struct size 98 * when allocated via vmalloc 99 */ 100 if (size < sizeof(struct work_struct)) 101 size = sizeof(struct work_struct); 102 buffer = vmalloc(size); 103 } 104 return buffer; 105} 106 107/** 108 * do_vfree - workqueue routine for freeing vmalloced memory 109 * @work: data to be freed 110 * 111 * The work_struct is overlaid to the data being freed, as at the point 112 * the work is scheduled the data is no longer valid, be its freeing 113 * needs to be delayed until safe. 114 */ 115static void do_vfree(struct work_struct *work) 116{ 117 vfree(work); 118} 119 120/** 121 * kvfree - free an allocation do by kvmalloc 122 * @buffer: buffer to free (MAYBE_NULL) 123 * 124 * Free a buffer allocated by kvmalloc 125 */ 126void kvfree(void *buffer) 127{ 128 if (is_vmalloc_addr(buffer)) { 129 /* Data is no longer valid so just use the allocated space 130 * as the work_struct 131 */ 132 struct work_struct *work = (struct work_struct *) buffer; 133 INIT_WORK(work, do_vfree); 134 schedule_work(work); 135 } else 136 kfree(buffer); 137} 138