LXR linux/security/tomoyo/gc.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * security/tomoyo/gc.c
   4 *
   5 * Copyright (C) 2005-2011  NTT DATA CORPORATION
   6 */
   7
   8#include "common.h"
   9#include <linux/kthread.h>
  10#include <linux/slab.h>
  11
  12/**
  13 * tomoyo_memory_free - Free memory for elements.
  14 *
  15 * @ptr:  Pointer to allocated memory.
  16 *
  17 * Returns nothing.
  18 *
  19 * Caller holds tomoyo_policy_lock mutex.
  20 */
  21static inline void tomoyo_memory_free(void *ptr)
  22{
  23        tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= ksize(ptr);
  24        kfree(ptr);
  25}
  26
  27/* The list for "struct tomoyo_io_buffer". */
  28static LIST_HEAD(tomoyo_io_buffer_list);
  29/* Lock for protecting tomoyo_io_buffer_list. */
  30static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
  31
  32/**
  33 * tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not.
  34 *
  35 * @element: Pointer to "struct list_head".
  36 *
  37 * Returns true if @element is used by /sys/kernel/security/tomoyo/ users,
  38 * false otherwise.
  39 */
  40static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element)
  41{
  42        struct tomoyo_io_buffer *head;
  43        bool in_use = false;
  44
  45        spin_lock(&tomoyo_io_buffer_list_lock);
  46        list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
  47                head->users++;
  48                spin_unlock(&tomoyo_io_buffer_list_lock);
  49                mutex_lock(&head->io_sem);
  50                if (head->r.domain == element || head->r.group == element ||
  51                    head->r.acl == element || &head->w.domain->list == element)
  52                        in_use = true;
  53                mutex_unlock(&head->io_sem);
  54                spin_lock(&tomoyo_io_buffer_list_lock);
  55                head->users--;
  56                if (in_use)
  57                        break;
  58        }
  59        spin_unlock(&tomoyo_io_buffer_list_lock);
  60        return in_use;
  61}
  62
  63/**
  64 * tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not.
  65 *
  66 * @string: String to check.
  67 *
  68 * Returns true if @string is used by /sys/kernel/security/tomoyo/ users,
  69 * false otherwise.
  70 */
  71static bool tomoyo_name_used_by_io_buffer(const char *string)
  72{
  73        struct tomoyo_io_buffer *head;
  74        const size_t size = strlen(string) + 1;
  75        bool in_use = false;
  76
  77        spin_lock(&tomoyo_io_buffer_list_lock);
  78        list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
  79                int i;
  80
  81                head->users++;
  82                spin_unlock(&tomoyo_io_buffer_list_lock);
  83                mutex_lock(&head->io_sem);
  84                for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) {
  85                        const char *w = head->r.w[i];
  86
  87                        if (w < string || w > string + size)
  88                                continue;
  89                        in_use = true;
  90                        break;
  91                }
  92                mutex_unlock(&head->io_sem);
  93                spin_lock(&tomoyo_io_buffer_list_lock);
  94                head->users--;
  95                if (in_use)
  96                        break;
  97        }
  98        spin_unlock(&tomoyo_io_buffer_list_lock);
  99        return in_use;
 100}
 101
 102/**
 103 * tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control".
 104 *
 105 * @element: Pointer to "struct list_head".
 106 *
 107 * Returns nothing.
 108 */
 109static inline void tomoyo_del_transition_control(struct list_head *element)
 110{
 111        struct tomoyo_transition_control *ptr =
 112                container_of(element, typeof(*ptr), head.list);
 113
 114        tomoyo_put_name(ptr->domainname);
 115        tomoyo_put_name(ptr->program);
 116}
 117
 118/**
 119 * tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator".
 120 *
 121 * @element: Pointer to "struct list_head".
 122 *
 123 * Returns nothing.
 124 */
 125static inline void tomoyo_del_aggregator(struct list_head *element)
 126{
 127        struct tomoyo_aggregator *ptr =
 128                container_of(element, typeof(*ptr), head.list);
 129
 130        tomoyo_put_name(ptr->original_name);
 131        tomoyo_put_name(ptr->aggregated_name);
 132}
 133
 134/**
 135 * tomoyo_del_manager - Delete members in "struct tomoyo_manager".
 136 *
 137 * @element: Pointer to "struct list_head".
 138 *
 139 * Returns nothing.
 140 */
 141static inline void tomoyo_del_manager(struct list_head *element)
 142{
 143        struct tomoyo_manager *ptr =
 144                container_of(element, typeof(*ptr), head.list);
 145
 146        tomoyo_put_name(ptr->manager);
 147}
 148
 149/**
 150 * tomoyo_del_acl - Delete members in "struct tomoyo_acl_info".
 151 *
 152 * @element: Pointer to "struct list_head".
 153 *
 154 * Returns nothing.
 155 */
 156static void tomoyo_del_acl(struct list_head *element)
 157{
 158        struct tomoyo_acl_info *acl =
 159                container_of(element, typeof(*acl), list);
 160
 161        tomoyo_put_condition(acl->cond);
 162        switch (acl->type) {
 163        case TOMOYO_TYPE_PATH_ACL:
 164                {
 165                        struct tomoyo_path_acl *entry
 166                                = container_of(acl, typeof(*entry), head);
 167                        tomoyo_put_name_union(&entry->name);
 168                }
 169                break;
 170        case TOMOYO_TYPE_PATH2_ACL:
 171                {
 172                        struct tomoyo_path2_acl *entry
 173                                = container_of(acl, typeof(*entry), head);
 174                        tomoyo_put_name_union(&entry->name1);
 175                        tomoyo_put_name_union(&entry->name2);
 176                }
 177                break;
 178        case TOMOYO_TYPE_PATH_NUMBER_ACL:
 179                {
 180                        struct tomoyo_path_number_acl *entry
 181                                = container_of(acl, typeof(*entry), head);
 182                        tomoyo_put_name_union(&entry->name);
 183                        tomoyo_put_number_union(&entry->number);
 184                }
 185                break;
 186        case TOMOYO_TYPE_MKDEV_ACL:
 187                {
 188                        struct tomoyo_mkdev_acl *entry
 189                                = container_of(acl, typeof(*entry), head);
 190                        tomoyo_put_name_union(&entry->name);
 191                        tomoyo_put_number_union(&entry->mode);
 192                        tomoyo_put_number_union(&entry->major);
 193                        tomoyo_put_number_union(&entry->minor);
 194                }
 195                break;
 196        case TOMOYO_TYPE_MOUNT_ACL:
 197                {
 198                        struct tomoyo_mount_acl *entry
 199                                = container_of(acl, typeof(*entry), head);
 200                        tomoyo_put_name_union(&entry->dev_name);
 201                        tomoyo_put_name_union(&entry->dir_name);
 202                        tomoyo_put_name_union(&entry->fs_type);
 203                        tomoyo_put_number_union(&entry->flags);
 204                }
 205                break;
 206        case TOMOYO_TYPE_ENV_ACL:
 207                {
 208                        struct tomoyo_env_acl *entry =
 209                                container_of(acl, typeof(*entry), head);
 210
 211                        tomoyo_put_name(entry->env);
 212                }
 213                break;
 214        case TOMOYO_TYPE_INET_ACL:
 215                {
 216                        struct tomoyo_inet_acl *entry =
 217                                container_of(acl, typeof(*entry), head);
 218
 219                        tomoyo_put_group(entry->address.group);
 220                        tomoyo_put_number_union(&entry->port);
 221                }
 222                break;
 223        case TOMOYO_TYPE_UNIX_ACL:
 224                {
 225                        struct tomoyo_unix_acl *entry =
 226                                container_of(acl, typeof(*entry), head);
 227
 228                        tomoyo_put_name_union(&entry->name);
 229                }
 230                break;
 231        case TOMOYO_TYPE_MANUAL_TASK_ACL:
 232                {
 233                        struct tomoyo_task_acl *entry =
 234                                container_of(acl, typeof(*entry), head);
 235
 236                        tomoyo_put_name(entry->domainname);
 237                }
 238                break;
 239        }
 240}
 241
 242/**
 243 * tomoyo_del_domain - Delete members in "struct tomoyo_domain_info".
 244 *
 245 * @element: Pointer to "struct list_head".
 246 *
 247 * Returns nothing.
 248 *
 249 * Caller holds tomoyo_policy_lock mutex.
 250 */
 251static inline void tomoyo_del_domain(struct list_head *element)
 252{
 253        struct tomoyo_domain_info *domain =
 254                container_of(element, typeof(*domain), list);
 255        struct tomoyo_acl_info *acl;
 256        struct tomoyo_acl_info *tmp;
 257
 258        /*
 259         * Since this domain is referenced from neither
 260         * "struct tomoyo_io_buffer" nor "struct cred"->security, we can delete
 261         * elements without checking for is_deleted flag.
 262         */
 263        list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
 264                tomoyo_del_acl(&acl->list);
 265                tomoyo_memory_free(acl);
 266        }
 267        tomoyo_put_name(domain->domainname);
 268}
 269
 270/**
 271 * tomoyo_del_condition - Delete members in "struct tomoyo_condition".
 272 *
 273 * @element: Pointer to "struct list_head".
 274 *
 275 * Returns nothing.
 276 */
 277void tomoyo_del_condition(struct list_head *element)
 278{
 279        struct tomoyo_condition *cond = container_of(element, typeof(*cond),
 280                                                     head.list);
 281        const u16 condc = cond->condc;
 282        const u16 numbers_count = cond->numbers_count;
 283        const u16 names_count = cond->names_count;
 284        const u16 argc = cond->argc;
 285        const u16 envc = cond->envc;
 286        unsigned int i;
 287        const struct tomoyo_condition_element *condp
 288                = (const struct tomoyo_condition_element *) (cond + 1);
 289        struct tomoyo_number_union *numbers_p
 290                = (struct tomoyo_number_union *) (condp + condc);
 291        struct tomoyo_name_union *names_p
 292                = (struct tomoyo_name_union *) (numbers_p + numbers_count);
 293        const struct tomoyo_argv *argv
 294                = (const struct tomoyo_argv *) (names_p + names_count);
 295        const struct tomoyo_envp *envp
 296                = (const struct tomoyo_envp *) (argv + argc);
 297
 298        for (i = 0; i < numbers_count; i++)
 299                tomoyo_put_number_union(numbers_p++);
 300        for (i = 0; i < names_count; i++)
 301                tomoyo_put_name_union(names_p++);
 302        for (i = 0; i < argc; argv++, i++)
 303                tomoyo_put_name(argv->value);
 304        for (i = 0; i < envc; envp++, i++) {
 305                tomoyo_put_name(envp->name);
 306                tomoyo_put_name(envp->value);
 307        }
 308}
 309
 310/**
 311 * tomoyo_del_name - Delete members in "struct tomoyo_name".
 312 *
 313 * @element: Pointer to "struct list_head".
 314 *
 315 * Returns nothing.
 316 */
 317static inline void tomoyo_del_name(struct list_head *element)
 318{
 319        /* Nothing to do. */
 320}
 321
 322/**
 323 * tomoyo_del_path_group - Delete members in "struct tomoyo_path_group".
 324 *
 325 * @element: Pointer to "struct list_head".
 326 *
 327 * Returns nothing.
 328 */
 329static inline void tomoyo_del_path_group(struct list_head *element)
 330{
 331        struct tomoyo_path_group *member =
 332                container_of(element, typeof(*member), head.list);
 333
 334        tomoyo_put_name(member->member_name);
 335}
 336
 337/**
 338 * tomoyo_del_group - Delete "struct tomoyo_group".
 339 *
 340 * @element: Pointer to "struct list_head".
 341 *
 342 * Returns nothing.
 343 */
 344static inline void tomoyo_del_group(struct list_head *element)
 345{
 346        struct tomoyo_group *group =
 347                container_of(element, typeof(*group), head.list);
 348
 349        tomoyo_put_name(group->group_name);
 350}
 351
 352/**
 353 * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
 354 *
 355 * @element: Pointer to "struct list_head".
 356 *
 357 * Returns nothing.
 358 */
 359static inline void tomoyo_del_address_group(struct list_head *element)
 360{
 361        /* Nothing to do. */
 362}
 363
 364/**
 365 * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
 366 *
 367 * @element: Pointer to "struct list_head".
 368 *
 369 * Returns nothing.
 370 */
 371static inline void tomoyo_del_number_group(struct list_head *element)
 372{
 373        /* Nothing to do. */
 374}
 375
 376/**
 377 * tomoyo_try_to_gc - Try to kfree() an entry.
 378 *
 379 * @type:    One of values in "enum tomoyo_policy_id".
 380 * @element: Pointer to "struct list_head".
 381 *
 382 * Returns nothing.
 383 *
 384 * Caller holds tomoyo_policy_lock mutex.
 385 */
 386static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
 387                             struct list_head *element)
 388{
 389        /*
 390         * __list_del_entry() guarantees that the list element became no longer
 391         * reachable from the list which the element was originally on (e.g.
 392         * tomoyo_domain_list). Also, synchronize_srcu() guarantees that the
 393         * list element became no longer referenced by syscall users.
 394         */
 395        __list_del_entry(element);
 396        mutex_unlock(&tomoyo_policy_lock);
 397        synchronize_srcu(&tomoyo_ss);
 398        /*
 399         * However, there are two users which may still be using the list
 400         * element. We need to defer until both users forget this element.
 401         *
 402         * Don't kfree() until "struct tomoyo_io_buffer"->r.{domain,group,acl}
 403         * and "struct tomoyo_io_buffer"->w.domain forget this element.
 404         */
 405        if (tomoyo_struct_used_by_io_buffer(element))
 406                goto reinject;
 407        switch (type) {
 408        case TOMOYO_ID_TRANSITION_CONTROL:
 409                tomoyo_del_transition_control(element);
 410                break;
 411        case TOMOYO_ID_MANAGER:
 412                tomoyo_del_manager(element);
 413                break;
 414        case TOMOYO_ID_AGGREGATOR:
 415                tomoyo_del_aggregator(element);
 416                break;
 417        case TOMOYO_ID_GROUP:
 418                tomoyo_del_group(element);
 419                break;
 420        case TOMOYO_ID_PATH_GROUP:
 421                tomoyo_del_path_group(element);
 422                break;
 423        case TOMOYO_ID_ADDRESS_GROUP:
 424                tomoyo_del_address_group(element);
 425                break;
 426        case TOMOYO_ID_NUMBER_GROUP:
 427                tomoyo_del_number_group(element);
 428                break;
 429        case TOMOYO_ID_CONDITION:
 430                tomoyo_del_condition(element);
 431                break;
 432        case TOMOYO_ID_NAME:
 433                /*
 434                 * Don't kfree() until all "struct tomoyo_io_buffer"->r.w[]
 435                 * forget this element.
 436                 */
 437                if (tomoyo_name_used_by_io_buffer
 438                    (container_of(element, typeof(struct tomoyo_name),
 439                                  head.list)->entry.name))
 440                        goto reinject;
 441                tomoyo_del_name(element);
 442                break;
 443        case TOMOYO_ID_ACL:
 444                tomoyo_del_acl(element);
 445                break;
 446        case TOMOYO_ID_DOMAIN:
 447                /*
 448                 * Don't kfree() until all "struct cred"->security forget this
 449                 * element.
 450                 */
 451                if (atomic_read(&container_of
 452                                (element, typeof(struct tomoyo_domain_info),
 453                                 list)->users))
 454                        goto reinject;
 455                break;
 456        case TOMOYO_MAX_POLICY:
 457                break;
 458        }
 459        mutex_lock(&tomoyo_policy_lock);
 460        if (type == TOMOYO_ID_DOMAIN)
 461                tomoyo_del_domain(element);
 462        tomoyo_memory_free(element);
 463        return;
 464reinject:
 465        /*
 466         * We can safely reinject this element here because
 467         * (1) Appending list elements and removing list elements are protected
 468         *     by tomoyo_policy_lock mutex.
 469         * (2) Only this function removes list elements and this function is
 470         *     exclusively executed by tomoyo_gc_mutex mutex.
 471         * are true.
 472         */
 473        mutex_lock(&tomoyo_policy_lock);
 474        list_add_rcu(element, element->prev);
 475}
 476
 477/**
 478 * tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head".
 479 *
 480 * @id:          One of values in "enum tomoyo_policy_id".
 481 * @member_list: Pointer to "struct list_head".
 482 *
 483 * Returns nothing.
 484 */
 485static void tomoyo_collect_member(const enum tomoyo_policy_id id,
 486                                  struct list_head *member_list)
 487{
 488        struct tomoyo_acl_head *member;
 489        struct tomoyo_acl_head *tmp;
 490
 491        list_for_each_entry_safe(member, tmp, member_list, list) {
 492                if (!member->is_deleted)
 493                        continue;
 494                member->is_deleted = TOMOYO_GC_IN_PROGRESS;
 495                tomoyo_try_to_gc(id, &member->list);
 496        }
 497}
 498
 499/**
 500 * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info".
 501 *
 502 * @list: Pointer to "struct list_head".
 503 *
 504 * Returns nothing.
 505 */
 506static void tomoyo_collect_acl(struct list_head *list)
 507{
 508        struct tomoyo_acl_info *acl;
 509        struct tomoyo_acl_info *tmp;
 510
 511        list_for_each_entry_safe(acl, tmp, list, list) {
 512                if (!acl->is_deleted)
 513                        continue;
 514                acl->is_deleted = TOMOYO_GC_IN_PROGRESS;
 515                tomoyo_try_to_gc(TOMOYO_ID_ACL, &acl->list);
 516        }
 517}
 518
 519/**
 520 * tomoyo_collect_entry - Try to kfree() deleted elements.
 521 *
 522 * Returns nothing.
 523 */
 524static void tomoyo_collect_entry(void)
 525{
 526        int i;
 527        enum tomoyo_policy_id id;
 528        struct tomoyo_policy_namespace *ns;
 529
 530        mutex_lock(&tomoyo_policy_lock);
 531        {
 532                struct tomoyo_domain_info *domain;
 533                struct tomoyo_domain_info *tmp;
 534
 535                list_for_each_entry_safe(domain, tmp, &tomoyo_domain_list,
 536                                         list) {
 537                        tomoyo_collect_acl(&domain->acl_info_list);
 538                        if (!domain->is_deleted || atomic_read(&domain->users))
 539                                continue;
 540                        tomoyo_try_to_gc(TOMOYO_ID_DOMAIN, &domain->list);
 541                }
 542        }
 543        list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
 544                for (id = 0; id < TOMOYO_MAX_POLICY; id++)
 545                        tomoyo_collect_member(id, &ns->policy_list[id]);
 546                for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
 547                        tomoyo_collect_acl(&ns->acl_group[i]);
 548        }
 549        {
 550                struct tomoyo_shared_acl_head *ptr;
 551                struct tomoyo_shared_acl_head *tmp;
 552
 553                list_for_each_entry_safe(ptr, tmp, &tomoyo_condition_list,
 554                                         list) {
 555                        if (atomic_read(&ptr->users) > 0)
 556                                continue;
 557                        atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
 558                        tomoyo_try_to_gc(TOMOYO_ID_CONDITION, &ptr->list);
 559                }
 560        }
 561        list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
 562                for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
 563                        struct list_head *list = &ns->group_list[i];
 564                        struct tomoyo_group *group;
 565                        struct tomoyo_group *tmp;
 566
 567                        switch (i) {
 568                        case 0:
 569                                id = TOMOYO_ID_PATH_GROUP;
 570                                break;
 571                        case 1:
 572                                id = TOMOYO_ID_NUMBER_GROUP;
 573                                break;
 574                        default:
 575                                id = TOMOYO_ID_ADDRESS_GROUP;
 576                                break;
 577                        }
 578                        list_for_each_entry_safe(group, tmp, list, head.list) {
 579                                tomoyo_collect_member(id, &group->member_list);
 580                                if (!list_empty(&group->member_list) ||
 581                                    atomic_read(&group->head.users) > 0)
 582                                        continue;
 583                                atomic_set(&group->head.users,
 584                                           TOMOYO_GC_IN_PROGRESS);
 585                                tomoyo_try_to_gc(TOMOYO_ID_GROUP,
 586                                                 &group->head.list);
 587                        }
 588                }
 589        }
 590        for (i = 0; i < TOMOYO_MAX_HASH; i++) {
 591                struct list_head *list = &tomoyo_name_list[i];
 592                struct tomoyo_shared_acl_head *ptr;
 593                struct tomoyo_shared_acl_head *tmp;
 594
 595                list_for_each_entry_safe(ptr, tmp, list, list) {
 596                        if (atomic_read(&ptr->users) > 0)
 597                                continue;
 598                        atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
 599                        tomoyo_try_to_gc(TOMOYO_ID_NAME, &ptr->list);
 600                }
 601        }
 602        mutex_unlock(&tomoyo_policy_lock);
 603}
 604
 605/**
 606 * tomoyo_gc_thread - Garbage collector thread function.
 607 *
 608 * @unused: Unused.
 609 *
 610 * Returns 0.
 611 */
 612static int tomoyo_gc_thread(void *unused)
 613{
 614        /* Garbage collector thread is exclusive. */
 615        static DEFINE_MUTEX(tomoyo_gc_mutex);
 616
 617        if (!mutex_trylock(&tomoyo_gc_mutex))
 618                goto out;
 619        tomoyo_collect_entry();
 620        {
 621                struct tomoyo_io_buffer *head;
 622                struct tomoyo_io_buffer *tmp;
 623
 624                spin_lock(&tomoyo_io_buffer_list_lock);
 625                list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list,
 626                                         list) {
 627                        if (head->users)
 628                                continue;
 629                        list_del(&head->list);
 630                        kfree(head->read_buf);
 631                        kfree(head->write_buf);
 632                        kfree(head);
 633                }
 634                spin_unlock(&tomoyo_io_buffer_list_lock);
 635        }
 636        mutex_unlock(&tomoyo_gc_mutex);
 637out:
 638        /* This acts as do_exit(0). */
 639        return 0;
 640}
 641
 642/**
 643 * tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users.
 644 *
 645 * @head:        Pointer to "struct tomoyo_io_buffer".
 646 * @is_register: True if register, false if unregister.
 647 *
 648 * Returns nothing.
 649 */
 650void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register)
 651{
 652        bool is_write = false;
 653
 654        spin_lock(&tomoyo_io_buffer_list_lock);
 655        if (is_register) {
 656                head->users = 1;
 657                list_add(&head->list, &tomoyo_io_buffer_list);
 658        } else {
 659                is_write = head->write_buf != NULL;
 660                if (!--head->users) {
 661                        list_del(&head->list);
 662                        kfree(head->read_buf);
 663                        kfree(head->write_buf);
 664                        kfree(head);
 665                }
 666        }
 667        spin_unlock(&tomoyo_io_buffer_list_lock);
 668        if (is_write)
 669                kthread_run(tomoyo_gc_thread, NULL, "GC for TOMOYO");
 670}
 671