linux/kernel/audit_tree.c
<<
>>
Prefs 
   1// SPDX-License-Identifier: GPL-2.0
   2#include "audit.h"
   3#include <linux/fsnotify_backend.h>
   4#include <linux/namei.h>
   5#include <linux/mount.h>
   6#include <linux/kthread.h>
   7#include <linux/refcount.h>
   8#include <linux/slab.h>
   9
  10struct audit_tree;
  11struct audit_chunk;
  12
  13struct audit_tree {
  14        refcount_t count;
  15        int goner;
  16        struct audit_chunk *root;
  17        struct list_head chunks;
  18        struct list_head rules;
  19        struct list_head list;
  20        struct list_head same_root;
  21        struct rcu_head head;
  22        char pathname[];
  23};
  24
  25struct audit_chunk {
  26        struct list_head hash;
  27        struct fsnotify_mark mark;
  28        struct list_head trees;         /* with root here */
  29        int dead;
  30        int count;
  31        atomic_long_t refs;
  32        struct rcu_head head;
  33        struct node {
  34                struct list_head list;
  35                struct audit_tree *owner;
  36                unsigned index;         /* index; upper bit indicates 'will prune' */
  37        } owners[];
  38};
  39
  40static LIST_HEAD(tree_list);
  41static LIST_HEAD(prune_list);
  42static struct task_struct *prune_thread;
  43
  44/*
  45 * One struct chunk is attached to each inode of interest.
  46 * We replace struct chunk on tagging/untagging.
  47 * Rules have pointer to struct audit_tree.
  48 * Rules have struct list_head rlist forming a list of rules over
  49 * the same tree.
  50 * References to struct chunk are collected at audit_inode{,_child}()
  51 * time and used in AUDIT_TREE rule matching.
  52 * These references are dropped at the same time we are calling
  53 * audit_free_names(), etc.
  54 *
  55 * Cyclic lists galore:
  56 * tree.chunks anchors chunk.owners[].list                      hash_lock
  57 * tree.rules anchors rule.rlist                                audit_filter_mutex
  58 * chunk.trees anchors tree.same_root                           hash_lock
  59 * chunk.hash is a hash with middle bits of watch.inode as
  60 * a hash function.                                             RCU, hash_lock
  61 *
  62 * tree is refcounted; one reference for "some rules on rules_list refer to
  63 * it", one for each chunk with pointer to it.
  64 *
  65 * chunk is refcounted by embedded fsnotify_mark + .refs (non-zero refcount
  66 * of watch contributes 1 to .refs).
  67 *
  68 * node.index allows to get from node.list to containing chunk.
  69 * MSB of that sucker is stolen to mark taggings that we might have to
  70 * revert - several operations have very unpleasant cleanup logics and
  71 * that makes a difference.  Some.
  72 */
  73
  74static struct fsnotify_group *audit_tree_group;
  75
  76static struct audit_tree *alloc_tree(const char *s)
  77{
  78        struct audit_tree *tree;
  79
  80        tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL);
  81        if (tree) {
  82                refcount_set(&tree->count, 1);
  83                tree->goner = 0;
  84                INIT_LIST_HEAD(&tree->chunks);
  85                INIT_LIST_HEAD(&tree->rules);
  86                INIT_LIST_HEAD(&tree->list);
  87                INIT_LIST_HEAD(&tree->same_root);
  88                tree->root = NULL;
  89                strcpy(tree->pathname, s);
  90        }
  91        return tree;
  92}
  93
  94static inline void get_tree(struct audit_tree *tree)
  95{
  96        refcount_inc(&tree->count);
  97}
  98
  99static inline void put_tree(struct audit_tree *tree)
 100{
 101        if (refcount_dec_and_test(&tree->count))
 102                kfree_rcu(tree, head);
 103}
 104
 105/* to avoid bringing the entire thing in audit.h */
 106const char *audit_tree_path(struct audit_tree *tree)
 107{
 108        return tree->pathname;
 109}
 110
 111static void free_chunk(struct audit_chunk *chunk)
 112{
 113        int i;
 114
 115        for (i = 0; i < chunk->count; i++) {
 116                if (chunk->owners[i].owner)
 117                        put_tree(chunk->owners[i].owner);
 118        }
 119        kfree(chunk);
 120}
 121
 122void audit_put_chunk(struct audit_chunk *chunk)
 123{
 124        if (atomic_long_dec_and_test(&chunk->refs))
 125                free_chunk(chunk);
 126}
 127
 128static void __put_chunk(struct rcu_head *rcu)
 129{
 130        struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head);
 131        audit_put_chunk(chunk);
 132}
 133
 134static void audit_tree_destroy_watch(struct fsnotify_mark *entry)
 135{
 136        struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
 137        call_rcu(&chunk->head, __put_chunk);
 138}
 139
 140static struct audit_chunk *alloc_chunk(int count)
 141{
 142        struct audit_chunk *chunk;
 143        size_t size;
 144        int i;
 145
 146        size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node);
 147        chunk = kzalloc(size, GFP_KERNEL);
 148        if (!chunk)
 149                return NULL;
 150
 151        INIT_LIST_HEAD(&chunk->hash);
 152        INIT_LIST_HEAD(&chunk->trees);
 153        chunk->count = count;
 154        atomic_long_set(&chunk->refs, 1);
 155        for (i = 0; i < count; i++) {
 156                INIT_LIST_HEAD(&chunk->owners[i].list);
 157                chunk->owners[i].index = i;
 158        }
 159        fsnotify_init_mark(&chunk->mark, audit_tree_group);
 160        chunk->mark.mask = FS_IN_IGNORED;
 161        return chunk;
 162}
 163
 164enum {HASH_SIZE = 128};
 165static struct list_head chunk_hash_heads[HASH_SIZE];
 166static __cacheline_aligned_in_smp DEFINE_SPINLOCK(hash_lock);
 167
 168/* Function to return search key in our hash from inode. */
 169static unsigned long inode_to_key(const struct inode *inode)
 170{
 171        /* Use address pointed to by connector->obj as the key */
 172        return (unsigned long)&inode->i_fsnotify_marks;
 173}
 174
 175/*
 176 * Function to return search key in our hash from chunk. Key 0 is special and
 177 * should never be present in the hash.
 178 */
 179static unsigned long chunk_to_key(struct audit_chunk *chunk)
 180{
 181        /*
 182         * We have a reference to the mark so it should be attached to a
 183         * connector.
 184         */
 185        if (WARN_ON_ONCE(!chunk->mark.connector))
 186                return 0;
 187        return (unsigned long)chunk->mark.connector->obj;
 188}
 189
 190static inline struct list_head *chunk_hash(unsigned long key)
 191{
 192        unsigned long n = key / L1_CACHE_BYTES;
 193        return chunk_hash_heads + n % HASH_SIZE;
 194}
 195
 196/* hash_lock & entry->lock is held by caller */
 197static void insert_hash(struct audit_chunk *chunk)
 198{
 199        unsigned long key = chunk_to_key(chunk);
 200        struct list_head *list;
 201
 202        if (!(chunk->mark.flags & FSNOTIFY_MARK_FLAG_ATTACHED))
 203                return;
 204        list = chunk_hash(key);
 205        list_add_rcu(&chunk->hash, list);
 206}
 207
 208/* called under rcu_read_lock */
 209struct audit_chunk *audit_tree_lookup(const struct inode *inode)
 210{
 211        unsigned long key = inode_to_key(inode);
 212        struct list_head *list = chunk_hash(key);
 213        struct audit_chunk *p;
 214
 215        list_for_each_entry_rcu(p, list, hash) {
 216                if (chunk_to_key(p) == key) {
 217                        atomic_long_inc(&p->refs);
 218                        return p;
 219                }
 220        }
 221        return NULL;
 222}
 223
 224bool audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree)
 225{
 226        int n;
 227        for (n = 0; n < chunk->count; n++)
 228                if (chunk->owners[n].owner == tree)
 229                        return true;
 230        return false;
 231}
 232
 233/* tagging and untagging inodes with trees */
 234
 235static struct audit_chunk *find_chunk(struct node *p)
 236{
 237        int index = p->index & ~(1U<<31);
 238        p -= index;
 239        return container_of(p, struct audit_chunk, owners[0]);
 240}
 241
 242static void untag_chunk(struct node *p)
 243{
 244        struct audit_chunk *chunk = find_chunk(p);
 245        struct fsnotify_mark *entry = &chunk->mark;
 246        struct audit_chunk *new = NULL;
 247        struct audit_tree *owner;
 248        int size = chunk->count - 1;
 249        int i, j;
 250
 251        fsnotify_get_mark(entry);
 252
 253        spin_unlock(&hash_lock);
 254
 255        if (size)
 256                new = alloc_chunk(size);
 257
 258        mutex_lock(&entry->group->mark_mutex);
 259        spin_lock(&entry->lock);
 260        /*
 261         * mark_mutex protects mark from getting detached and thus also from
 262         * mark->connector->obj getting NULL.
 263         */
 264        if (chunk->dead || !(entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
 265                spin_unlock(&entry->lock);
 266                mutex_unlock(&entry->group->mark_mutex);
 267                if (new)
 268                        fsnotify_put_mark(&new->mark);
 269                goto out;
 270        }
 271
 272        owner = p->owner;
 273
 274        if (!size) {
 275                chunk->dead = 1;
 276                spin_lock(&hash_lock);
 277                list_del_init(&chunk->trees);
 278                if (owner->root == chunk)
 279                        owner->root = NULL;
 280                list_del_init(&p->list);
 281                list_del_rcu(&chunk->hash);
 282                spin_unlock(&hash_lock);
 283                spin_unlock(&entry->lock);
 284                mutex_unlock(&entry->group->mark_mutex);
 285                fsnotify_destroy_mark(entry, audit_tree_group);
 286                goto out;
 287        }
 288
 289        if (!new)
 290                goto Fallback;
 291
 292        if (fsnotify_add_mark_locked(&new->mark, entry->connector->obj,
 293                                     FSNOTIFY_OBJ_TYPE_INODE, 1)) {
 294                fsnotify_put_mark(&new->mark);
 295                goto Fallback;
 296        }
 297
 298        chunk->dead = 1;
 299        spin_lock(&hash_lock);
 300        list_replace_init(&chunk->trees, &new->trees);
 301        if (owner->root == chunk) {
 302                list_del_init(&owner->same_root);
 303                owner->root = NULL;
 304        }
 305
 306        for (i = j = 0; j <= size; i++, j++) {
 307                struct audit_tree *s;
 308                if (&chunk->owners[j] == p) {
 309                        list_del_init(&p->list);
 310                        i--;
 311                        continue;
 312                }
 313                s = chunk->owners[j].owner;
 314                new->owners[i].owner = s;
 315                new->owners[i].index = chunk->owners[j].index - j + i;
 316                if (!s) /* result of earlier fallback */
 317                        continue;
 318                get_tree(s);
 319                list_replace_init(&chunk->owners[j].list, &new->owners[i].list);
 320        }
 321
 322        list_replace_rcu(&chunk->hash, &new->hash);
 323        list_for_each_entry(owner, &new->trees, same_root)
 324                owner->root = new;
 325        spin_unlock(&hash_lock);
 326        spin_unlock(&entry->lock);
 327        mutex_unlock(&entry->group->mark_mutex);
 328        fsnotify_destroy_mark(entry, audit_tree_group);
 329        fsnotify_put_mark(&new->mark);  /* drop initial reference */
 330        goto out;
 331
 332Fallback:
 333        // do the best we can
 334        spin_lock(&hash_lock);
 335        if (owner->root == chunk) {
 336                list_del_init(&owner->same_root);
 337                owner->root = NULL;
 338        }
 339        list_del_init(&p->list);
 340        p->owner = NULL;
 341        put_tree(owner);
 342        spin_unlock(&hash_lock);
 343        spin_unlock(&entry->lock);
 344        mutex_unlock(&entry->group->mark_mutex);
 345out:
 346        fsnotify_put_mark(entry);
 347        spin_lock(&hash_lock);
 348}
 349
 350static int create_chunk(struct inode *inode, struct audit_tree *tree)
 351{
 352        struct fsnotify_mark *entry;
 353        struct audit_chunk *chunk = alloc_chunk(1);
 354        if (!chunk)
 355                return -ENOMEM;
 356
 357        entry = &chunk->mark;
 358        if (fsnotify_add_inode_mark(entry, inode, 0)) {
 359                fsnotify_put_mark(entry);
 360                return -ENOSPC;
 361        }
 362
 363        spin_lock(&entry->lock);
 364        spin_lock(&hash_lock);
 365        if (tree->goner) {
 366                spin_unlock(&hash_lock);
 367                chunk->dead = 1;
 368                spin_unlock(&entry->lock);
 369                fsnotify_destroy_mark(entry, audit_tree_group);
 370                fsnotify_put_mark(entry);
 371                return 0;
 372        }
 373        chunk->owners[0].index = (1U << 31);
 374        chunk->owners[0].owner = tree;
 375        get_tree(tree);
 376        list_add(&chunk->owners[0].list, &tree->chunks);
 377        if (!tree->root) {
 378                tree->root = chunk;
 379                list_add(&tree->same_root, &chunk->trees);
 380        }
 381        insert_hash(chunk);
 382        spin_unlock(&hash_lock);
 383        spin_unlock(&entry->lock);
 384        fsnotify_put_mark(entry);       /* drop initial reference */
 385        return 0;
 386}
 387
 388/* the first tagged inode becomes root of tree */
 389static int tag_chunk(struct inode *inode, struct audit_tree *tree)
 390{
 391        struct fsnotify_mark *old_entry, *chunk_entry;
 392        struct audit_tree *owner;
 393        struct audit_chunk *chunk, *old;
 394        struct node *p;
 395        int n;
 396
 397        old_entry = fsnotify_find_mark(&inode->i_fsnotify_marks,
 398                                       audit_tree_group);
 399        if (!old_entry)
 400                return create_chunk(inode, tree);
 401
 402        old = container_of(old_entry, struct audit_chunk, mark);
 403
 404        /* are we already there? */
 405        spin_lock(&hash_lock);
 406        for (n = 0; n < old->count; n++) {
 407                if (old->owners[n].owner == tree) {
 408                        spin_unlock(&hash_lock);
 409                        fsnotify_put_mark(old_entry);
 410                        return 0;
 411                }
 412        }
 413        spin_unlock(&hash_lock);
 414
 415        chunk = alloc_chunk(old->count + 1);
 416        if (!chunk) {
 417                fsnotify_put_mark(old_entry);
 418                return -ENOMEM;
 419        }
 420
 421        chunk_entry = &chunk->mark;
 422
 423        mutex_lock(&old_entry->group->mark_mutex);
 424        spin_lock(&old_entry->lock);
 425        /*
 426         * mark_mutex protects mark from getting detached and thus also from
 427         * mark->connector->obj getting NULL.
 428         */
 429        if (!(old_entry->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) {
 430                /* old_entry is being shot, lets just lie */
 431                spin_unlock(&old_entry->lock);
 432                mutex_unlock(&old_entry->group->mark_mutex);
 433                fsnotify_put_mark(old_entry);
 434                fsnotify_put_mark(&chunk->mark);
 435                return -ENOENT;
 436        }
 437
 438        if (fsnotify_add_mark_locked(chunk_entry, old_entry->connector->obj,
 439                                     FSNOTIFY_OBJ_TYPE_INODE, 1)) {
 440                spin_unlock(&old_entry->lock);
 441                mutex_unlock(&old_entry->group->mark_mutex);
 442                fsnotify_put_mark(chunk_entry);
 443                fsnotify_put_mark(old_entry);
 444                return -ENOSPC;
 445        }
 446
 447        /* even though we hold old_entry->lock, this is safe since chunk_entry->lock could NEVER have been grabbed before */
 448        spin_lock(&chunk_entry->lock);
 449        spin_lock(&hash_lock);
 450
 451        /* we now hold old_entry->lock, chunk_entry->lock, and hash_lock */
 452        if (tree->goner) {
 453                spin_unlock(&hash_lock);
 454                chunk->dead = 1;
 455                spin_unlock(&chunk_entry->lock);
 456                spin_unlock(&old_entry->lock);
 457                mutex_unlock(&old_entry->group->mark_mutex);
 458
 459                fsnotify_destroy_mark(chunk_entry, audit_tree_group);
 460
 461                fsnotify_put_mark(chunk_entry);
 462                fsnotify_put_mark(old_entry);
 463                return 0;
 464        }
 465        list_replace_init(&old->trees, &chunk->trees);
 466        for (n = 0, p = chunk->owners; n < old->count; n++, p++) {
 467                struct audit_tree *s = old->owners[n].owner;
 468                p->owner = s;
 469                p->index = old->owners[n].index;
 470                if (!s) /* result of fallback in untag */
 471                        continue;
 472                get_tree(s);
 473                list_replace_init(&old->owners[n].list, &p->list);
 474        }
 475        p->index = (chunk->count - 1) | (1U<<31);
 476        p->owner = tree;
 477        get_tree(tree);
 478        list_add(&p->list, &tree->chunks);
 479        list_replace_rcu(&old->hash, &chunk->hash);
 480        list_for_each_entry(owner, &chunk->trees, same_root)
 481                owner->root = chunk;
 482        old->dead = 1;
 483        if (!tree->root) {
 484                tree->root = chunk;
 485                list_add(&tree->same_root, &chunk->trees);
 486        }
 487        spin_unlock(&hash_lock);
 488        spin_unlock(&chunk_entry->lock);
 489        spin_unlock(&old_entry->lock);
 490        mutex_unlock(&old_entry->group->mark_mutex);
 491        fsnotify_destroy_mark(old_entry, audit_tree_group);
 492        fsnotify_put_mark(chunk_entry); /* drop initial reference */
 493        fsnotify_put_mark(old_entry); /* pair to fsnotify_find mark_entry */
 494        return 0;
 495}
 496
 497static void audit_tree_log_remove_rule(struct audit_krule *rule)
 498{
 499        struct audit_buffer *ab;
 500
 501        if (!audit_enabled)
 502                return;
 503        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
 504        if (unlikely(!ab))
 505                return;
 506        audit_log_format(ab, "op=remove_rule");
 507        audit_log_format(ab, " dir=");
 508        audit_log_untrustedstring(ab, rule->tree->pathname);
 509        audit_log_key(ab, rule->filterkey);
 510        audit_log_format(ab, " list=%d res=1", rule->listnr);
 511        audit_log_end(ab);
 512}
 513
 514static void kill_rules(struct audit_tree *tree)
 515{
 516        struct audit_krule *rule, *next;
 517        struct audit_entry *entry;
 518
 519        list_for_each_entry_safe(rule, next, &tree->rules, rlist) {
 520                entry = container_of(rule, struct audit_entry, rule);
 521
 522                list_del_init(&rule->rlist);
 523                if (rule->tree) {
 524                        /* not a half-baked one */
 525                        audit_tree_log_remove_rule(rule);
 526                        if (entry->rule.exe)
 527                                audit_remove_mark(entry->rule.exe);
 528                        rule->tree = NULL;
 529                        list_del_rcu(&entry->list);
 530                        list_del(&entry->rule.list);
 531                        call_rcu(&entry->rcu, audit_free_rule_rcu);
 532                }
 533        }
 534}
 535
 536/*
 537 * finish killing struct audit_tree
 538 */
 539static void prune_one(struct audit_tree *victim)
 540{
 541        spin_lock(&hash_lock);
 542        while (!list_empty(&victim->chunks)) {
 543                struct node *p;
 544
 545                p = list_entry(victim->chunks.next, struct node, list);
 546
 547                untag_chunk(p);
 548        }
 549        spin_unlock(&hash_lock);
 550        put_tree(victim);
 551}
 552
 553/* trim the uncommitted chunks from tree */
 554
 555static void trim_marked(struct audit_tree *tree)
 556{
 557        struct list_head *p, *q;
 558        spin_lock(&hash_lock);
 559        if (tree->goner) {
 560                spin_unlock(&hash_lock);
 561                return;
 562        }
 563        /* reorder */
 564        for (p = tree->chunks.next; p != &tree->chunks; p = q) {
 565                struct node *node = list_entry(p, struct node, list);
 566                q = p->next;
 567                if (node->index & (1U<<31)) {
 568                        list_del_init(p);
 569                        list_add(p, &tree->chunks);
 570                }
 571        }
 572
 573        while (!list_empty(&tree->chunks)) {
 574                struct node *node;
 575
 576                node = list_entry(tree->chunks.next, struct node, list);
 577
 578                /* have we run out of marked? */
 579                if (!(node->index & (1U<<31)))
 580                        break;
 581
 582                untag_chunk(node);
 583        }
 584        if (!tree->root && !tree->goner) {
 585                tree->goner = 1;
 586                spin_unlock(&hash_lock);
 587                mutex_lock(&audit_filter_mutex);
 588                kill_rules(tree);
 589                list_del_init(&tree->list);
 590                mutex_unlock(&audit_filter_mutex);
 591                prune_one(tree);
 592        } else {
 593                spin_unlock(&hash_lock);
 594        }
 595}
 596
 597static void audit_schedule_prune(void);
 598
 599/* called with audit_filter_mutex */
 600int audit_remove_tree_rule(struct audit_krule *rule)
 601{
 602        struct audit_tree *tree;
 603        tree = rule->tree;
 604        if (tree) {
 605                spin_lock(&hash_lock);
 606                list_del_init(&rule->rlist);
 607                if (list_empty(&tree->rules) && !tree->goner) {
 608                        tree->root = NULL;
 609                        list_del_init(&tree->same_root);
 610                        tree->goner = 1;
 611                        list_move(&tree->list, &prune_list);
 612                        rule->tree = NULL;
 613                        spin_unlock(&hash_lock);
 614                        audit_schedule_prune();
 615                        return 1;
 616                }
 617                rule->tree = NULL;
 618                spin_unlock(&hash_lock);
 619                return 1;
 620        }
 621        return 0;
 622}
 623
 624static int compare_root(struct vfsmount *mnt, void *arg)
 625{
 626        return inode_to_key(d_backing_inode(mnt->mnt_root)) ==
 627               (unsigned long)arg;
 628}
 629
 630void audit_trim_trees(void)
 631{
 632        struct list_head cursor;
 633
 634        mutex_lock(&audit_filter_mutex);
 635        list_add(&cursor, &tree_list);
 636        while (cursor.next != &tree_list) {
 637                struct audit_tree *tree;
 638                struct path path;
 639                struct vfsmount *root_mnt;
 640                struct node *node;
 641                int err;
 642
 643                tree = container_of(cursor.next, struct audit_tree, list);
 644                get_tree(tree);
 645                list_del(&cursor);
 646                list_add(&cursor, &tree->list);
 647                mutex_unlock(&audit_filter_mutex);
 648
 649                err = kern_path(tree->pathname, 0, &path);
 650                if (err)
 651                        goto skip_it;
 652
 653                root_mnt = collect_mounts(&path);
 654                path_put(&path);
 655                if (IS_ERR(root_mnt))
 656                        goto skip_it;
 657
 658                spin_lock(&hash_lock);
 659                list_for_each_entry(node, &tree->chunks, list) {
 660                        struct audit_chunk *chunk = find_chunk(node);
 661                        /* this could be NULL if the watch is dying else where... */
 662                        node->index |= 1U<<31;
 663                        if (iterate_mounts(compare_root,
 664                                           (void *)chunk_to_key(chunk),
 665                                           root_mnt))
 666                                node->index &= ~(1U<<31);
 667                }
 668                spin_unlock(&hash_lock);
 669                trim_marked(tree);
 670                drop_collected_mounts(root_mnt);
 671skip_it:
 672                put_tree(tree);
 673                mutex_lock(&audit_filter_mutex);
 674        }
 675        list_del(&cursor);
 676        mutex_unlock(&audit_filter_mutex);
 677}
 678
 679int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op)
 680{
 681
 682        if (pathname[0] != '/' ||
 683            rule->listnr != AUDIT_FILTER_EXIT ||
 684            op != Audit_equal ||
 685            rule->inode_f || rule->watch || rule->tree)
 686                return -EINVAL;
 687        rule->tree = alloc_tree(pathname);
 688        if (!rule->tree)
 689                return -ENOMEM;
 690        return 0;
 691}
 692
 693void audit_put_tree(struct audit_tree *tree)
 694{
 695        put_tree(tree);
 696}
 697
 698static int tag_mount(struct vfsmount *mnt, void *arg)
 699{
 700        return tag_chunk(d_backing_inode(mnt->mnt_root), arg);
 701}
 702
 703/*
 704 * That gets run when evict_chunk() ends up needing to kill audit_tree.
 705 * Runs from a separate thread.
 706 */
 707static int prune_tree_thread(void *unused)
 708{
 709        for (;;) {
 710                if (list_empty(&prune_list)) {
 711                        set_current_state(TASK_INTERRUPTIBLE);
 712                        schedule();
 713                }
 714
 715                audit_ctl_lock();
 716                mutex_lock(&audit_filter_mutex);
 717
 718                while (!list_empty(&prune_list)) {
 719                        struct audit_tree *victim;
 720
 721                        victim = list_entry(prune_list.next,
 722                                        struct audit_tree, list);
 723                        list_del_init(&victim->list);
 724
 725                        mutex_unlock(&audit_filter_mutex);
 726
 727                        prune_one(victim);
 728
 729                        mutex_lock(&audit_filter_mutex);
 730                }
 731
 732                mutex_unlock(&audit_filter_mutex);
 733                audit_ctl_unlock();
 734        }
 735        return 0;
 736}
 737
 738static int audit_launch_prune(void)
 739{
 740        if (prune_thread)
 741                return 0;
 742        prune_thread = kthread_run(prune_tree_thread, NULL,
 743                                "audit_prune_tree");
 744        if (IS_ERR(prune_thread)) {
 745                pr_err("cannot start thread audit_prune_tree");
 746                prune_thread = NULL;
 747                return -ENOMEM;
 748        }
 749        return 0;
 750}
 751
 752/* called with audit_filter_mutex */
 753int audit_add_tree_rule(struct audit_krule *rule)
 754{
 755        struct audit_tree *seed = rule->tree, *tree;
 756        struct path path;
 757        struct vfsmount *mnt;
 758        int err;
 759
 760        rule->tree = NULL;
 761        list_for_each_entry(tree, &tree_list, list) {
 762                if (!strcmp(seed->pathname, tree->pathname)) {
 763                        put_tree(seed);
 764                        rule->tree = tree;
 765                        list_add(&rule->rlist, &tree->rules);
 766                        return 0;
 767                }
 768        }
 769        tree = seed;
 770        list_add(&tree->list, &tree_list);
 771        list_add(&rule->rlist, &tree->rules);
 772        /* do not set rule->tree yet */
 773        mutex_unlock(&audit_filter_mutex);
 774
 775        if (unlikely(!prune_thread)) {
 776                err = audit_launch_prune();
 777                if (err)
 778                        goto Err;
 779        }
 780
 781        err = kern_path(tree->pathname, 0, &path);
 782        if (err)
 783                goto Err;
 784        mnt = collect_mounts(&path);
 785        path_put(&path);
 786        if (IS_ERR(mnt)) {
 787                err = PTR_ERR(mnt);
 788                goto Err;
 789        }
 790
 791        get_tree(tree);
 792        err = iterate_mounts(tag_mount, tree, mnt);
 793        drop_collected_mounts(mnt);
 794
 795        if (!err) {
 796                struct node *node;
 797                spin_lock(&hash_lock);
 798                list_for_each_entry(node, &tree->chunks, list)
 799                        node->index &= ~(1U<<31);
 800                spin_unlock(&hash_lock);
 801        } else {
 802                trim_marked(tree);
 803                goto Err;
 804        }
 805
 806        mutex_lock(&audit_filter_mutex);
 807        if (list_empty(&rule->rlist)) {
 808                put_tree(tree);
 809                return -ENOENT;
 810        }
 811        rule->tree = tree;
 812        put_tree(tree);
 813
 814        return 0;
 815Err:
 816        mutex_lock(&audit_filter_mutex);
 817        list_del_init(&tree->list);
 818        list_del_init(&tree->rules);
 819        put_tree(tree);
 820        return err;
 821}
 822
 823int audit_tag_tree(char *old, char *new)
 824{
 825        struct list_head cursor, barrier;
 826        int failed = 0;
 827        struct path path1, path2;
 828        struct vfsmount *tagged;
 829        int err;
 830
 831        err = kern_path(new, 0, &path2);
 832        if (err)
 833                return err;
 834        tagged = collect_mounts(&path2);
 835        path_put(&path2);
 836        if (IS_ERR(tagged))
 837                return PTR_ERR(tagged);
 838
 839        err = kern_path(old, 0, &path1);
 840        if (err) {
 841                drop_collected_mounts(tagged);
 842                return err;
 843        }
 844
 845        mutex_lock(&audit_filter_mutex);
 846        list_add(&barrier, &tree_list);
 847        list_add(&cursor, &barrier);
 848
 849        while (cursor.next != &tree_list) {
 850                struct audit_tree *tree;
 851                int good_one = 0;
 852
 853                tree = container_of(cursor.next, struct audit_tree, list);
 854                get_tree(tree);
 855                list_del(&cursor);
 856                list_add(&cursor, &tree->list);
 857                mutex_unlock(&audit_filter_mutex);
 858
 859                err = kern_path(tree->pathname, 0, &path2);
 860                if (!err) {
 861                        good_one = path_is_under(&path1, &path2);
 862                        path_put(&path2);
 863                }
 864
 865                if (!good_one) {
 866                        put_tree(tree);
 867                        mutex_lock(&audit_filter_mutex);
 868                        continue;
 869                }
 870
 871                failed = iterate_mounts(tag_mount, tree, tagged);
 872                if (failed) {
 873                        put_tree(tree);
 874                        mutex_lock(&audit_filter_mutex);
 875                        break;
 876                }
 877
 878                mutex_lock(&audit_filter_mutex);
 879                spin_lock(&hash_lock);
 880                if (!tree->goner) {
 881                        list_del(&tree->list);
 882                        list_add(&tree->list, &tree_list);
 883                }
 884                spin_unlock(&hash_lock);
 885                put_tree(tree);
 886        }
 887
 888        while (barrier.prev != &tree_list) {
 889                struct audit_tree *tree;
 890
 891                tree = container_of(barrier.prev, struct audit_tree, list);
 892                get_tree(tree);
 893                list_del(&tree->list);
 894                list_add(&tree->list, &barrier);
 895                mutex_unlock(&audit_filter_mutex);
 896
 897                if (!failed) {
 898                        struct node *node;
 899                        spin_lock(&hash_lock);
 900                        list_for_each_entry(node, &tree->chunks, list)
 901                                node->index &= ~(1U<<31);
 902                        spin_unlock(&hash_lock);
 903                } else {
 904                        trim_marked(tree);
 905                }
 906
 907                put_tree(tree);
 908                mutex_lock(&audit_filter_mutex);
 909        }
 910        list_del(&barrier);
 911        list_del(&cursor);
 912        mutex_unlock(&audit_filter_mutex);
 913        path_put(&path1);
 914        drop_collected_mounts(tagged);
 915        return failed;
 916}
 917
 918
 919static void audit_schedule_prune(void)
 920{
 921        wake_up_process(prune_thread);
 922}
 923
 924/*
 925 * ... and that one is done if evict_chunk() decides to delay until the end
 926 * of syscall.  Runs synchronously.
 927 */
 928void audit_kill_trees(struct list_head *list)
 929{
 930        audit_ctl_lock();
 931        mutex_lock(&audit_filter_mutex);
 932
 933        while (!list_empty(list)) {
 934                struct audit_tree *victim;
 935
 936                victim = list_entry(list->next, struct audit_tree, list);
 937                kill_rules(victim);
 938                list_del_init(&victim->list);
 939
 940                mutex_unlock(&audit_filter_mutex);
 941
 942                prune_one(victim);
 943
 944                mutex_lock(&audit_filter_mutex);
 945        }
 946
 947        mutex_unlock(&audit_filter_mutex);
 948        audit_ctl_unlock();
 949}
 950
 951/*
 952 *  Here comes the stuff asynchronous to auditctl operations
 953 */
 954
 955static void evict_chunk(struct audit_chunk *chunk)
 956{
 957        struct audit_tree *owner;
 958        struct list_head *postponed = audit_killed_trees();
 959        int need_prune = 0;
 960        int n;
 961
 962        if (chunk->dead)
 963                return;
 964
 965        chunk->dead = 1;
 966        mutex_lock(&audit_filter_mutex);
 967        spin_lock(&hash_lock);
 968        while (!list_empty(&chunk->trees)) {
 969                owner = list_entry(chunk->trees.next,
 970                                   struct audit_tree, same_root);
 971                owner->goner = 1;
 972                owner->root = NULL;
 973                list_del_init(&owner->same_root);
 974                spin_unlock(&hash_lock);
 975                if (!postponed) {
 976                        kill_rules(owner);
 977                        list_move(&owner->list, &prune_list);
 978                        need_prune = 1;
 979                } else {
 980                        list_move(&owner->list, postponed);
 981                }
 982                spin_lock(&hash_lock);
 983        }
 984        list_del_rcu(&chunk->hash);
 985        for (n = 0; n < chunk->count; n++)
 986                list_del_init(&chunk->owners[n].list);
 987        spin_unlock(&hash_lock);
 988        mutex_unlock(&audit_filter_mutex);
 989        if (need_prune)
 990                audit_schedule_prune();
 991}
 992
 993static int audit_tree_handle_event(struct fsnotify_group *group,
 994                                   struct inode *to_tell,
 995                                   u32 mask, const void *data, int data_type,
 996                                   const unsigned char *file_name, u32 cookie,
 997                                   struct fsnotify_iter_info *iter_info)
 998{
 999        return 0;
1000}

1001
1002static void audit_tree_freeing_mark(struct fsnotify_mark *entry, struct fsnotify_group *group)
1003{
1004        struct audit_chunk *chunk = container_of(entry, struct audit_chunk, mark);
1005
1006        evict_chunk(chunk);
1007
1008        /*
1009         * We are guaranteed to have at least one reference to the mark from
1010         * either the inode or the caller of fsnotify_destroy_mark().
1011         */
1012        BUG_ON(refcount_read(&entry->refcnt) < 1);
1013}
1014
1015static const struct fsnotify_ops audit_tree_ops = {
1016        .handle_event = audit_tree_handle_event,
1017        .freeing_mark = audit_tree_freeing_mark,
1018        .free_mark = audit_tree_destroy_watch,
1019};
1020
1021static int __init audit_tree_init(void)
1022{
1023        int i;
1024
1025        audit_tree_group = fsnotify_alloc_group(&audit_tree_ops);
1026        if (IS_ERR(audit_tree_group))
1027                audit_panic("cannot initialize fsnotify group for rectree watches");
1028
1029        for (i = 0; i < HASH_SIZE; i++)
1030                INIT_LIST_HEAD(&chunk_hash_heads[i]);
1031
1032        return 0;
1033}
1034__initcall(audit_tree_init);
1035
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.