linux/fs/notify/fanotify/fanotify_user.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2#include <linux/fanotify.h>
   3#include <linux/fcntl.h>
   4#include <linux/file.h>
   5#include <linux/fs.h>
   6#include <linux/anon_inodes.h>
   7#include <linux/fsnotify_backend.h>
   8#include <linux/init.h>
   9#include <linux/mount.h>
  10#include <linux/namei.h>
  11#include <linux/poll.h>
  12#include <linux/security.h>
  13#include <linux/syscalls.h>
  14#include <linux/slab.h>
  15#include <linux/types.h>
  16#include <linux/uaccess.h>
  17#include <linux/compat.h>
  18#include <linux/sched/signal.h>
  19#include <linux/memcontrol.h>
  20#include <linux/statfs.h>
  21#include <linux/exportfs.h>
  22
  23#include <asm/ioctls.h>
  24
  25#include "../../mount.h"
  26#include "../fdinfo.h"
  27#include "fanotify.h"
  28
  29#define FANOTIFY_DEFAULT_MAX_EVENTS     16384
  30#define FANOTIFY_DEFAULT_MAX_MARKS      8192
  31#define FANOTIFY_DEFAULT_MAX_LISTENERS  128
  32
  33/*
  34 * All flags that may be specified in parameter event_f_flags of fanotify_init.
  35 *
  36 * Internal and external open flags are stored together in field f_flags of
  37 * struct file. Only external open flags shall be allowed in event_f_flags.
  38 * Internal flags like FMODE_NONOTIFY, FMODE_EXEC, FMODE_NOCMTIME shall be
  39 * excluded.
  40 */
  41#define FANOTIFY_INIT_ALL_EVENT_F_BITS                          ( \
  42                O_ACCMODE       | O_APPEND      | O_NONBLOCK    | \
  43                __O_SYNC        | O_DSYNC       | O_CLOEXEC     | \
  44                O_LARGEFILE     | O_NOATIME     )
  45
  46extern const struct fsnotify_ops fanotify_fsnotify_ops;
  47
  48struct kmem_cache *fanotify_mark_cache __read_mostly;
  49struct kmem_cache *fanotify_event_cachep __read_mostly;
  50struct kmem_cache *fanotify_perm_event_cachep __read_mostly;
  51
  52#define FANOTIFY_EVENT_ALIGN 4
  53
  54static int fanotify_event_info_len(struct fanotify_event *event)
  55{
  56        if (!fanotify_event_has_fid(event))
  57                return 0;
  58
  59        return roundup(sizeof(struct fanotify_event_info_fid) +
  60                       sizeof(struct file_handle) + event->fh_len,
  61                       FANOTIFY_EVENT_ALIGN);
  62}
  63
  64/*
  65 * Get an fsnotify notification event if one exists and is small
  66 * enough to fit in "count". Return an error pointer if the count
  67 * is not large enough. When permission event is dequeued, its state is
  68 * updated accordingly.
  69 */
  70static struct fsnotify_event *get_one_event(struct fsnotify_group *group,
  71                                            size_t count)
  72{
  73        size_t event_size = FAN_EVENT_METADATA_LEN;
  74        struct fsnotify_event *fsn_event = NULL;
  75
  76        pr_debug("%s: group=%p count=%zd\n", __func__, group, count);
  77
  78        spin_lock(&group->notification_lock);
  79        if (fsnotify_notify_queue_is_empty(group))
  80                goto out;
  81
  82        if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
  83                event_size += fanotify_event_info_len(
  84                        FANOTIFY_E(fsnotify_peek_first_event(group)));
  85        }
  86
  87        if (event_size > count) {
  88                fsn_event = ERR_PTR(-EINVAL);
  89                goto out;
  90        }
  91        fsn_event = fsnotify_remove_first_event(group);
  92        if (fanotify_is_perm_event(FANOTIFY_E(fsn_event)->mask))
  93                FANOTIFY_PE(fsn_event)->state = FAN_EVENT_REPORTED;
  94out:
  95        spin_unlock(&group->notification_lock);
  96        return fsn_event;
  97}
  98
  99static int create_fd(struct fsnotify_group *group,
 100                     struct fanotify_event *event,
 101                     struct file **file)
 102{
 103        int client_fd;
 104        struct file *new_file;
 105
 106        pr_debug("%s: group=%p event=%p\n", __func__, group, event);
 107
 108        client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
 109        if (client_fd < 0)
 110                return client_fd;
 111
 112        /*
 113         * we need a new file handle for the userspace program so it can read even if it was
 114         * originally opened O_WRONLY.
 115         */
 116        /* it's possible this event was an overflow event.  in that case dentry and mnt
 117         * are NULL;  That's fine, just don't call dentry open */
 118        if (event->path.dentry && event->path.mnt)
 119                new_file = dentry_open(&event->path,
 120                                       group->fanotify_data.f_flags | FMODE_NONOTIFY,
 121                                       current_cred());
 122        else
 123                new_file = ERR_PTR(-EOVERFLOW);
 124        if (IS_ERR(new_file)) {
 125                /*
 126                 * we still send an event even if we can't open the file.  this
 127                 * can happen when say tasks are gone and we try to open their
 128                 * /proc files or we try to open a WRONLY file like in sysfs
 129                 * we just send the errno to userspace since there isn't much
 130                 * else we can do.
 131                 */
 132                put_unused_fd(client_fd);
 133                client_fd = PTR_ERR(new_file);
 134        } else {
 135                *file = new_file;
 136        }
 137
 138        return client_fd;
 139}
 140
 141/*
 142 * Finish processing of permission event by setting it to ANSWERED state and
 143 * drop group->notification_lock.
 144 */
 145static void finish_permission_event(struct fsnotify_group *group,
 146                                    struct fanotify_perm_event *event,
 147                                    unsigned int response)
 148                                    __releases(&group->notification_lock)
 149{
 150        bool destroy = false;
 151
 152        assert_spin_locked(&group->notification_lock);
 153        event->response = response;
 154        if (event->state == FAN_EVENT_CANCELED)
 155                destroy = true;
 156        else
 157                event->state = FAN_EVENT_ANSWERED;
 158        spin_unlock(&group->notification_lock);
 159        if (destroy)
 160                fsnotify_destroy_event(group, &event->fae.fse);
 161}
 162
 163static int process_access_response(struct fsnotify_group *group,
 164                                   struct fanotify_response *response_struct)
 165{
 166        struct fanotify_perm_event *event;
 167        int fd = response_struct->fd;
 168        int response = response_struct->response;
 169
 170        pr_debug("%s: group=%p fd=%d response=%d\n", __func__, group,
 171                 fd, response);
 172        /*
 173         * make sure the response is valid, if invalid we do nothing and either
 174         * userspace can send a valid response or we will clean it up after the
 175         * timeout
 176         */
 177        switch (response & ~FAN_AUDIT) {
 178        case FAN_ALLOW:
 179        case FAN_DENY:
 180                break;
 181        default:
 182                return -EINVAL;
 183        }
 184
 185        if (fd < 0)
 186                return -EINVAL;
 187
 188        if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT))
 189                return -EINVAL;
 190
 191        spin_lock(&group->notification_lock);
 192        list_for_each_entry(event, &group->fanotify_data.access_list,
 193                            fae.fse.list) {
 194                if (event->fd != fd)
 195                        continue;
 196
 197                list_del_init(&event->fae.fse.list);
 198                finish_permission_event(group, event, response);
 199                wake_up(&group->fanotify_data.access_waitq);
 200                return 0;
 201        }
 202        spin_unlock(&group->notification_lock);
 203
 204        return -ENOENT;
 205}
 206
 207static int copy_fid_to_user(struct fanotify_event *event, char __user *buf)
 208{
 209        struct fanotify_event_info_fid info = { };
 210        struct file_handle handle = { };
 211        unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh;
 212        size_t fh_len = event->fh_len;
 213        size_t len = fanotify_event_info_len(event);
 214
 215        if (!len)
 216                return 0;
 217
 218        if (WARN_ON_ONCE(len < sizeof(info) + sizeof(handle) + fh_len))
 219                return -EFAULT;
 220
 221        /* Copy event info fid header followed by vaiable sized file handle */
 222        info.hdr.info_type = FAN_EVENT_INFO_TYPE_FID;
 223        info.hdr.len = len;
 224        info.fsid = event->fid.fsid;
 225        if (copy_to_user(buf, &info, sizeof(info)))
 226                return -EFAULT;
 227
 228        buf += sizeof(info);
 229        len -= sizeof(info);
 230        handle.handle_type = event->fh_type;
 231        handle.handle_bytes = fh_len;
 232        if (copy_to_user(buf, &handle, sizeof(handle)))
 233                return -EFAULT;
 234
 235        buf += sizeof(handle);
 236        len -= sizeof(handle);
 237        /*
 238         * For an inline fh, copy through stack to exclude the copy from
 239         * usercopy hardening protections.
 240         */
 241        fh = fanotify_event_fh(event);
 242        if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
 243                memcpy(bounce, fh, fh_len);
 244                fh = bounce;
 245        }
 246        if (copy_to_user(buf, fh, fh_len))
 247                return -EFAULT;
 248
 249        /* Pad with 0's */
 250        buf += fh_len;
 251        len -= fh_len;
 252        WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
 253        if (len > 0 && clear_user(buf, len))
 254                return -EFAULT;
 255
 256        return 0;
 257}
 258
 259static ssize_t copy_event_to_user(struct fsnotify_group *group,
 260                                  struct fsnotify_event *fsn_event,
 261                                  char __user *buf, size_t count)
 262{
 263        struct fanotify_event_metadata metadata;
 264        struct fanotify_event *event;
 265        struct file *f = NULL;
 266        int ret, fd = FAN_NOFD;
 267
 268        pr_debug("%s: group=%p event=%p\n", __func__, group, fsn_event);
 269
 270        event = container_of(fsn_event, struct fanotify_event, fse);
 271        metadata.event_len = FAN_EVENT_METADATA_LEN;
 272        metadata.metadata_len = FAN_EVENT_METADATA_LEN;
 273        metadata.vers = FANOTIFY_METADATA_VERSION;
 274        metadata.reserved = 0;
 275        metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS;
 276        metadata.pid = pid_vnr(event->pid);
 277
 278        if (fanotify_event_has_path(event)) {
 279                fd = create_fd(group, event, &f);
 280                if (fd < 0)
 281                        return fd;
 282        } else if (fanotify_event_has_fid(event)) {
 283                metadata.event_len += fanotify_event_info_len(event);
 284        }
 285        metadata.fd = fd;
 286
 287        ret = -EFAULT;
 288        /*
 289         * Sanity check copy size in case get_one_event() and
 290         * fill_event_metadata() event_len sizes ever get out of sync.
 291         */
 292        if (WARN_ON_ONCE(metadata.event_len > count))
 293                goto out_close_fd;
 294
 295        if (copy_to_user(buf, &metadata, FAN_EVENT_METADATA_LEN))
 296                goto out_close_fd;
 297
 298        if (fanotify_is_perm_event(event->mask))
 299                FANOTIFY_PE(fsn_event)->fd = fd;
 300
 301        if (fanotify_event_has_path(event)) {
 302                fd_install(fd, f);
 303        } else if (fanotify_event_has_fid(event)) {
 304                ret = copy_fid_to_user(event, buf + FAN_EVENT_METADATA_LEN);
 305                if (ret < 0)
 306                        return ret;
 307        }
 308
 309        return metadata.event_len;
 310
 311out_close_fd:
 312        if (fd != FAN_NOFD) {
 313                put_unused_fd(fd);
 314                fput(f);
 315        }
 316        return ret;
 317}
 318
 319/* intofiy userspace file descriptor functions */
 320static __poll_t fanotify_poll(struct file *file, poll_table *wait)
 321{
 322        struct fsnotify_group *group = file->private_data;
 323        __poll_t ret = 0;
 324
 325        poll_wait(file, &group->notification_waitq, wait);
 326        spin_lock(&group->notification_lock);
 327        if (!fsnotify_notify_queue_is_empty(group))
 328                ret = EPOLLIN | EPOLLRDNORM;
 329        spin_unlock(&group->notification_lock);
 330
 331        return ret;
 332}
 333
 334static ssize_t fanotify_read(struct file *file, char __user *buf,
 335                             size_t count, loff_t *pos)
 336{
 337        struct fsnotify_group *group;
 338        struct fsnotify_event *kevent;
 339        char __user *start;
 340        int ret;
 341        DEFINE_WAIT_FUNC(wait, woken_wake_function);
 342
 343        start = buf;
 344        group = file->private_data;
 345
 346        pr_debug("%s: group=%p\n", __func__, group);
 347
 348        add_wait_queue(&group->notification_waitq, &wait);
 349        while (1) {
 350                kevent = get_one_event(group, count);
 351                if (IS_ERR(kevent)) {
 352                        ret = PTR_ERR(kevent);
 353                        break;
 354                }
 355
 356                if (!kevent) {
 357                        ret = -EAGAIN;
 358                        if (file->f_flags & O_NONBLOCK)
 359                                break;
 360
 361                        ret = -ERESTARTSYS;
 362                        if (signal_pending(current))
 363                                break;
 364
 365                        if (start != buf)
 366                                break;
 367
 368                        wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
 369                        continue;
 370                }
 371
 372                ret = copy_event_to_user(group, kevent, buf, count);
 373                if (unlikely(ret == -EOPENSTALE)) {
 374                        /*
 375                         * We cannot report events with stale fd so drop it.
 376                         * Setting ret to 0 will continue the event loop and
 377                         * do the right thing if there are no more events to
 378                         * read (i.e. return bytes read, -EAGAIN or wait).
 379                         */
 380                        ret = 0;
 381                }
 382
 383                /*
 384                 * Permission events get queued to wait for response.  Other
 385                 * events can be destroyed now.
 386                 */
 387                if (!fanotify_is_perm_event(FANOTIFY_E(kevent)->mask)) {
 388                        fsnotify_destroy_event(group, kevent);
 389                } else {
 390                        if (ret <= 0) {
 391                                spin_lock(&group->notification_lock);
 392                                finish_permission_event(group,
 393                                        FANOTIFY_PE(kevent), FAN_DENY);
 394                                wake_up(&group->fanotify_data.access_waitq);
 395                        } else {
 396                                spin_lock(&group->notification_lock);
 397                                list_add_tail(&kevent->list,
 398                                        &group->fanotify_data.access_list);
 399                                spin_unlock(&group->notification_lock);
 400                        }
 401                }
 402                if (ret < 0)
 403                        break;
 404                buf += ret;
 405                count -= ret;
 406        }
 407        remove_wait_queue(&group->notification_waitq, &wait);
 408
 409        if (start != buf && ret != -EFAULT)
 410                ret = buf - start;
 411        return ret;
 412}
 413
 414static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
 415{
 416        struct fanotify_response response = { .fd = -1, .response = -1 };
 417        struct fsnotify_group *group;
 418        int ret;
 419
 420        if (!IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
 421                return -EINVAL;
 422
 423        group = file->private_data;
 424
 425        if (count > sizeof(response))
 426                count = sizeof(response);
 427
 428        pr_debug("%s: group=%p count=%zu\n", __func__, group, count);
 429
 430        if (copy_from_user(&response, buf, count))
 431                return -EFAULT;
 432
 433        ret = process_access_response(group, &response);
 434        if (ret < 0)
 435                count = ret;
 436
 437        return count;
 438}
 439
 440static int fanotify_release(struct inode *ignored, struct file *file)
 441{
 442        struct fsnotify_group *group = file->private_data;
 443        struct fanotify_perm_event *event;
 444        struct fsnotify_event *fsn_event;
 445
 446        /*
 447         * Stop new events from arriving in the notification queue. since
 448         * userspace cannot use fanotify fd anymore, no event can enter or
 449         * leave access_list by now either.
 450         */
 451        fsnotify_group_stop_queueing(group);
 452
 453        /*
 454         * Process all permission events on access_list and notification queue
 455         * and simulate reply from userspace.
 456         */
 457        spin_lock(&group->notification_lock);
 458        while (!list_empty(&group->fanotify_data.access_list)) {
 459                event = list_first_entry(&group->fanotify_data.access_list,
 460                                struct fanotify_perm_event, fae.fse.list);
 461                list_del_init(&event->fae.fse.list);
 462                finish_permission_event(group, event, FAN_ALLOW);
 463                spin_lock(&group->notification_lock);
 464        }
 465
 466        /*
 467         * Destroy all non-permission events. For permission events just
 468         * dequeue them and set the response. They will be freed once the
 469         * response is consumed and fanotify_get_response() returns.
 470         */
 471        while (!fsnotify_notify_queue_is_empty(group)) {
 472                fsn_event = fsnotify_remove_first_event(group);
 473                if (!(FANOTIFY_E(fsn_event)->mask & FANOTIFY_PERM_EVENTS)) {
 474                        spin_unlock(&group->notification_lock);
 475                        fsnotify_destroy_event(group, fsn_event);
 476                } else {
 477                        finish_permission_event(group, FANOTIFY_PE(fsn_event),
 478                                                FAN_ALLOW);
 479                }
 480                spin_lock(&group->notification_lock);
 481        }
 482        spin_unlock(&group->notification_lock);
 483
 484        /* Response for all permission events it set, wakeup waiters */
 485        wake_up(&group->fanotify_data.access_waitq);
 486
 487        /* matches the fanotify_init->fsnotify_alloc_group */
 488        fsnotify_destroy_group(group);
 489
 490        return 0;
 491}
 492
 493static long fanotify_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 494{
 495        struct fsnotify_group *group;
 496        struct fsnotify_event *fsn_event;
 497        void __user *p;
 498        int ret = -ENOTTY;
 499        size_t send_len = 0;
 500
 501        group = file->private_data;
 502
 503        p = (void __user *) arg;
 504
 505        switch (cmd) {
 506        case FIONREAD:
 507                spin_lock(&group->notification_lock);
 508                list_for_each_entry(fsn_event, &group->notification_list, list)
 509                        send_len += FAN_EVENT_METADATA_LEN;
 510                spin_unlock(&group->notification_lock);
 511                ret = put_user(send_len, (int __user *) p);
 512                break;
 513        }
 514
 515        return ret;
 516}
 517
 518static const struct file_operations fanotify_fops = {
 519        .show_fdinfo    = fanotify_show_fdinfo,
 520        .poll           = fanotify_poll,
 521        .read           = fanotify_read,
 522        .write          = fanotify_write,
 523        .fasync         = NULL,
 524        .release        = fanotify_release,
 525        .unlocked_ioctl = fanotify_ioctl,
 526        .compat_ioctl   = fanotify_ioctl,
 527        .llseek         = noop_llseek,
 528};
 529
 530static int fanotify_find_path(int dfd, const char __user *filename,
 531                              struct path *path, unsigned int flags, __u64 mask,
 532                              unsigned int obj_type)
 533{
 534        int ret;
 535
 536        pr_debug("%s: dfd=%d filename=%p flags=%x\n", __func__,
 537                 dfd, filename, flags);
 538
 539        if (filename == NULL) {
 540                struct fd f = fdget(dfd);
 541
 542                ret = -EBADF;
 543                if (!f.file)
 544                        goto out;
 545
 546                ret = -ENOTDIR;
 547                if ((flags & FAN_MARK_ONLYDIR) &&
 548                    !(S_ISDIR(file_inode(f.file)->i_mode))) {
 549                        fdput(f);
 550                        goto out;
 551                }
 552
 553                *path = f.file->f_path;
 554                path_get(path);
 555                fdput(f);
 556        } else {
 557                unsigned int lookup_flags = 0;
 558
 559                if (!(flags & FAN_MARK_DONT_FOLLOW))
 560                        lookup_flags |= LOOKUP_FOLLOW;
 561                if (flags & FAN_MARK_ONLYDIR)
 562                        lookup_flags |= LOOKUP_DIRECTORY;
 563
 564                ret = user_path_at(dfd, filename, lookup_flags, path);
 565                if (ret)
 566                        goto out;
 567        }
 568
 569        /* you can only watch an inode if you have read permissions on it */
 570        ret = inode_permission(path->dentry->d_inode, MAY_READ);
 571        if (ret) {
 572                path_put(path);
 573                goto out;
 574        }
 575
 576        ret = security_path_notify(path, mask, obj_type);
 577        if (ret)
 578                path_put(path);
 579
 580out:
 581        return ret;
 582}
 583
 584static __u32 fanotify_mark_remove_from_mask(struct fsnotify_mark *fsn_mark,
 585                                            __u32 mask,
 586                                            unsigned int flags,
 587                                            int *destroy)
 588{
 589        __u32 oldmask = 0;
 590
 591        spin_lock(&fsn_mark->lock);
 592        if (!(flags & FAN_MARK_IGNORED_MASK)) {
 593                oldmask = fsn_mark->mask;
 594                fsn_mark->mask &= ~mask;
 595        } else {
 596                fsn_mark->ignored_mask &= ~mask;
 597        }
 598        *destroy = !(fsn_mark->mask | fsn_mark->ignored_mask);
 599        spin_unlock(&fsn_mark->lock);
 600
 601        return mask & oldmask;
 602}
 603
 604static int fanotify_remove_mark(struct fsnotify_group *group,
 605                                fsnotify_connp_t *connp, __u32 mask,
 606                                unsigned int flags)
 607{
 608        struct fsnotify_mark *fsn_mark = NULL;
 609        __u32 removed;
 610        int destroy_mark;
 611
 612        mutex_lock(&group->mark_mutex);
 613        fsn_mark = fsnotify_find_mark(connp, group);
 614        if (!fsn_mark) {
 615                mutex_unlock(&group->mark_mutex);
 616                return -ENOENT;
 617        }
 618
 619        removed = fanotify_mark_remove_from_mask(fsn_mark, mask, flags,
 620                                                 &destroy_mark);
 621        if (removed & fsnotify_conn_mask(fsn_mark->connector))
 622                fsnotify_recalc_mask(fsn_mark->connector);
 623        if (destroy_mark)
 624                fsnotify_detach_mark(fsn_mark);
 625        mutex_unlock(&group->mark_mutex);
 626        if (destroy_mark)
 627                fsnotify_free_mark(fsn_mark);
 628
 629        /* matches the fsnotify_find_mark() */
 630        fsnotify_put_mark(fsn_mark);
 631        return 0;
 632}
 633
 634static int fanotify_remove_vfsmount_mark(struct fsnotify_group *group,
 635                                         struct vfsmount *mnt, __u32 mask,
 636                                         unsigned int flags)
 637{
 638        return fanotify_remove_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
 639                                    mask, flags);
 640}
 641
 642static int fanotify_remove_sb_mark(struct fsnotify_group *group,
 643                                      struct super_block *sb, __u32 mask,
 644                                      unsigned int flags)
 645{
 646        return fanotify_remove_mark(group, &sb->s_fsnotify_marks, mask, flags);
 647}
 648
 649static int fanotify_remove_inode_mark(struct fsnotify_group *group,
 650                                      struct inode *inode, __u32 mask,
 651                                      unsigned int flags)
 652{
 653        return fanotify_remove_mark(group, &inode->i_fsnotify_marks, mask,
 654                                    flags);
 655}
 656
 657static __u32 fanotify_mark_add_to_mask(struct fsnotify_mark *fsn_mark,
 658                                       __u32 mask,
 659                                       unsigned int flags)
 660{
 661        __u32 oldmask = -1;
 662
 663        spin_lock(&fsn_mark->lock);
 664        if (!(flags & FAN_MARK_IGNORED_MASK)) {
 665                oldmask = fsn_mark->mask;
 666                fsn_mark->mask |= mask;
 667        } else {
 668                fsn_mark->ignored_mask |= mask;
 669                if (flags & FAN_MARK_IGNORED_SURV_MODIFY)
 670                        fsn_mark->flags |= FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY;
 671        }
 672        spin_unlock(&fsn_mark->lock);
 673
 674        return mask & ~oldmask;
 675}
 676
 677static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
 678                                                   fsnotify_connp_t *connp,
 679                                                   unsigned int type,
 680                                                   __kernel_fsid_t *fsid)
 681{
 682        struct fsnotify_mark *mark;
 683        int ret;
 684
 685        if (atomic_read(&group->num_marks) > group->fanotify_data.max_marks)
 686                return ERR_PTR(-ENOSPC);
 687
 688        mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL);
 689        if (!mark)
 690                return ERR_PTR(-ENOMEM);
 691
 692        fsnotify_init_mark(mark, group);
 693        ret = fsnotify_add_mark_locked(mark, connp, type, 0, fsid);
 694        if (ret) {
 695                fsnotify_put_mark(mark);
 696                return ERR_PTR(ret);
 697        }
 698
 699        return mark;
 700}
 701
 702
 703static int fanotify_add_mark(struct fsnotify_group *group,
 704                             fsnotify_connp_t *connp, unsigned int type,
 705                             __u32 mask, unsigned int flags,
 706                             __kernel_fsid_t *fsid)
 707{
 708        struct fsnotify_mark *fsn_mark;
 709        __u32 added;
 710
 711        mutex_lock(&group->mark_mutex);
 712        fsn_mark = fsnotify_find_mark(connp, group);
 713        if (!fsn_mark) {
 714                fsn_mark = fanotify_add_new_mark(group, connp, type, fsid);
 715                if (IS_ERR(fsn_mark)) {
 716                        mutex_unlock(&group->mark_mutex);
 717                        return PTR_ERR(fsn_mark);
 718                }
 719        }
 720        added = fanotify_mark_add_to_mask(fsn_mark, mask, flags);
 721        if (added & ~fsnotify_conn_mask(fsn_mark->connector))
 722                fsnotify_recalc_mask(fsn_mark->connector);
 723        mutex_unlock(&group->mark_mutex);
 724
 725        fsnotify_put_mark(fsn_mark);
 726        return 0;
 727}
 728
 729static int fanotify_add_vfsmount_mark(struct fsnotify_group *group,
 730                                      struct vfsmount *mnt, __u32 mask,
 731                                      unsigned int flags, __kernel_fsid_t *fsid)
 732{
 733        return fanotify_add_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
 734                                 FSNOTIFY_OBJ_TYPE_VFSMOUNT, mask, flags, fsid);
 735}
 736
 737static int fanotify_add_sb_mark(struct fsnotify_group *group,
 738                                struct super_block *sb, __u32 mask,
 739                                unsigned int flags, __kernel_fsid_t *fsid)
 740{
 741        return fanotify_add_mark(group, &sb->s_fsnotify_marks,
 742                                 FSNOTIFY_OBJ_TYPE_SB, mask, flags, fsid);
 743}
 744
 745static int fanotify_add_inode_mark(struct fsnotify_group *group,
 746                                   struct inode *inode, __u32 mask,
 747                                   unsigned int flags, __kernel_fsid_t *fsid)
 748{
 749        pr_debug("%s: group=%p inode=%p\n", __func__, group, inode);
 750
 751        /*
 752         * If some other task has this inode open for write we should not add
 753         * an ignored mark, unless that ignored mark is supposed to survive
 754         * modification changes anyway.
 755         */
 756        if ((flags & FAN_MARK_IGNORED_MASK) &&
 757            !(flags & FAN_MARK_IGNORED_SURV_MODIFY) &&
 758            inode_is_open_for_write(inode))
 759                return 0;
 760
 761        return fanotify_add_mark(group, &inode->i_fsnotify_marks,
 762                                 FSNOTIFY_OBJ_TYPE_INODE, mask, flags, fsid);
 763}
 764
 765/* fanotify syscalls */
 766SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
 767{
 768        struct fsnotify_group *group;
 769        int f_flags, fd;
 770        struct user_struct *user;
 771        struct fanotify_event *oevent;
 772
 773        pr_debug("%s: flags=%x event_f_flags=%x\n",
 774                 __func__, flags, event_f_flags);
 775
 776        if (!capable(CAP_SYS_ADMIN))
 777                return -EPERM;
 778
 779#ifdef CONFIG_AUDITSYSCALL
 780        if (flags & ~(FANOTIFY_INIT_FLAGS | FAN_ENABLE_AUDIT))
 781#else
 782        if (flags & ~FANOTIFY_INIT_FLAGS)
 783#endif
 784                return -EINVAL;
 785
 786        if (event_f_flags & ~FANOTIFY_INIT_ALL_EVENT_F_BITS)
 787                return -EINVAL;
 788
 789        switch (event_f_flags & O_ACCMODE) {
 790        case O_RDONLY:
 791        case O_RDWR:
 792        case O_WRONLY:
 793                break;
 794        default:
 795                return -EINVAL;
 796        }
 797
 798        if ((flags & FAN_REPORT_FID) &&
 799            (flags & FANOTIFY_CLASS_BITS) != FAN_CLASS_NOTIF)
 800                return -EINVAL;
 801
 802        user = get_current_user();
 803        if (atomic_read(&user->fanotify_listeners) > FANOTIFY_DEFAULT_MAX_LISTENERS) {
 804                free_uid(user);
 805                return -EMFILE;
 806        }
 807
 808        f_flags = O_RDWR | FMODE_NONOTIFY;
 809        if (flags & FAN_CLOEXEC)
 810                f_flags |= O_CLOEXEC;
 811        if (flags & FAN_NONBLOCK)
 812                f_flags |= O_NONBLOCK;
 813
 814        /* fsnotify_alloc_group takes a ref.  Dropped in fanotify_release */
 815        group = fsnotify_alloc_group(&fanotify_fsnotify_ops);
 816        if (IS_ERR(group)) {
 817                free_uid(user);
 818                return PTR_ERR(group);
 819        }
 820
 821        group->fanotify_data.user = user;
 822        group->fanotify_data.flags = flags;
 823        atomic_inc(&user->fanotify_listeners);
 824        group->memcg = get_mem_cgroup_from_mm(current->mm);
 825
 826        oevent = fanotify_alloc_event(group, NULL, FS_Q_OVERFLOW, NULL,
 827                                      FSNOTIFY_EVENT_NONE, NULL);
 828        if (unlikely(!oevent)) {
 829                fd = -ENOMEM;
 830                goto out_destroy_group;
 831        }
 832        group->overflow_event = &oevent->fse;
 833
 834        if (force_o_largefile())
 835                event_f_flags |= O_LARGEFILE;
 836        group->fanotify_data.f_flags = event_f_flags;
 837        init_waitqueue_head(&group->fanotify_data.access_waitq);
 838        INIT_LIST_HEAD(&group->fanotify_data.access_list);
 839        switch (flags & FANOTIFY_CLASS_BITS) {
 840        case FAN_CLASS_NOTIF:
 841                group->priority = FS_PRIO_0;
 842                break;
 843        case FAN_CLASS_CONTENT:
 844                group->priority = FS_PRIO_1;
 845                break;
 846        case FAN_CLASS_PRE_CONTENT:
 847                group->priority = FS_PRIO_2;
 848                break;
 849        default:
 850                fd = -EINVAL;
 851                goto out_destroy_group;
 852        }
 853
 854        if (flags & FAN_UNLIMITED_QUEUE) {
 855                fd = -EPERM;
 856                if (!capable(CAP_SYS_ADMIN))
 857                        goto out_destroy_group;
 858                group->max_events = UINT_MAX;
 859        } else {
 860                group->max_events = FANOTIFY_DEFAULT_MAX_EVENTS;
 861        }
 862
 863        if (flags & FAN_UNLIMITED_MARKS) {
 864                fd = -EPERM;
 865                if (!capable(CAP_SYS_ADMIN))
 866                        goto out_destroy_group;
 867                group->fanotify_data.max_marks = UINT_MAX;
 868        } else {
 869                group->fanotify_data.max_marks = FANOTIFY_DEFAULT_MAX_MARKS;
 870        }
 871
 872        if (flags & FAN_ENABLE_AUDIT) {
 873                fd = -EPERM;
 874                if (!capable(CAP_AUDIT_WRITE))
 875                        goto out_destroy_group;
 876        }
 877
 878        fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
 879        if (fd < 0)
 880                goto out_destroy_group;
 881
 882        return fd;
 883
 884out_destroy_group:
 885        fsnotify_destroy_group(group);
 886        return fd;
 887}
 888
 889/* Check if filesystem can encode a unique fid */
 890static int fanotify_test_fid(struct path *path, __kernel_fsid_t *fsid)
 891{
 892        __kernel_fsid_t root_fsid;
 893        int err;
 894
 895        /*
 896         * Make sure path is not in filesystem with zero fsid (e.g. tmpfs).
 897         */
 898        err = vfs_get_fsid(path->dentry, fsid);
 899        if (err)
 900                return err;
 901
 902        if (!fsid->val[0] && !fsid->val[1])
 903                return -ENODEV;
 904
 905        /*
 906         * Make sure path is not inside a filesystem subvolume (e.g. btrfs)
 907         * which uses a different fsid than sb root.
 908         */
 909        err = vfs_get_fsid(path->dentry->d_sb->s_root, &root_fsid);
 910        if (err)
 911                return err;
 912
 913        if (root_fsid.val[0] != fsid->val[0] ||
 914            root_fsid.val[1] != fsid->val[1])
 915                return -EXDEV;
 916
 917        /*
 918         * We need to make sure that the file system supports at least
 919         * encoding a file handle so user can use name_to_handle_at() to
 920         * compare fid returned with event to the file handle of watched
 921         * objects. However, name_to_handle_at() requires that the
 922         * filesystem also supports decoding file handles.
 923         */
 924        if (!path->dentry->d_sb->s_export_op ||
 925            !path->dentry->d_sb->s_export_op->fh_to_dentry)
 926                return -EOPNOTSUPP;
 927
 928        return 0;
 929}
 930
 931static int fanotify_events_supported(struct path *path, __u64 mask)
 932{
 933        /*
 934         * Some filesystems such as 'proc' acquire unusual locks when opening
 935         * files. For them fanotify permission events have high chances of
 936         * deadlocking the system - open done when reporting fanotify event
 937         * blocks on this "unusual" lock while another process holding the lock
 938         * waits for fanotify permission event to be answered. Just disallow
 939         * permission events for such filesystems.
 940         */
 941        if (mask & FANOTIFY_PERM_EVENTS &&
 942            path->mnt->mnt_sb->s_type->fs_flags & FS_DISALLOW_NOTIFY_PERM)
 943                return -EINVAL;
 944        return 0;
 945}
 946
 947static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
 948                            int dfd, const char  __user *pathname)
 949{
 950        struct inode *inode = NULL;
 951        struct vfsmount *mnt = NULL;
 952        struct fsnotify_group *group;
 953        struct fd f;
 954        struct path path;
 955        __kernel_fsid_t __fsid, *fsid = NULL;
 956        u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS;
 957        unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
 958        unsigned int obj_type;
 959        int ret;
 960
 961        pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
 962                 __func__, fanotify_fd, flags, dfd, pathname, mask);
 963
 964        /* we only use the lower 32 bits as of right now. */
 965        if (mask & ((__u64)0xffffffff << 32))
 966                return -EINVAL;
 967
 968        if (flags & ~FANOTIFY_MARK_FLAGS)
 969                return -EINVAL;
 970
 971        switch (mark_type) {
 972        case FAN_MARK_INODE:
 973                obj_type = FSNOTIFY_OBJ_TYPE_INODE;
 974                break;
 975        case FAN_MARK_MOUNT:
 976                obj_type = FSNOTIFY_OBJ_TYPE_VFSMOUNT;
 977                break;
 978        case FAN_MARK_FILESYSTEM:
 979                obj_type = FSNOTIFY_OBJ_TYPE_SB;
 980                break;
 981        default:
 982                return -EINVAL;
 983        }
 984
 985        switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
 986        case FAN_MARK_ADD:              /* fallthrough */
 987        case FAN_MARK_REMOVE:
 988                if (!mask)
 989                        return -EINVAL;
 990                break;
 991        case FAN_MARK_FLUSH:
 992                if (flags & ~(FANOTIFY_MARK_TYPE_BITS | FAN_MARK_FLUSH))
 993                        return -EINVAL;
 994                break;
 995        default:
 996                return -EINVAL;
 997        }
 998
 999        if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
1000                valid_mask |= FANOTIFY_PERM_EVENTS;
1001
1002        if (mask & ~valid_mask)
1003                return -EINVAL;
1004
1005        f = fdget(fanotify_fd);
1006        if (unlikely(!f.file))
1007                return -EBADF;
1008
1009        /* verify that this is indeed an fanotify instance */
1010        ret = -EINVAL;
1011        if (unlikely(f.file->f_op != &fanotify_fops))
1012                goto fput_and_out;
1013        group = f.file->private_data;
1014
1015        /*
1016         * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF.  These are not
1017         * allowed to set permissions events.
1018         */
1019        ret = -EINVAL;
1020        if (mask & FANOTIFY_PERM_EVENTS &&
1021            group->priority == FS_PRIO_0)
1022                goto fput_and_out;
1023
1024        /*
1025         * Events with data type inode do not carry enough information to report
1026         * event->fd, so we do not allow setting a mask for inode events unless
1027         * group supports reporting fid.
1028         * inode events are not supported on a mount mark, because they do not
1029         * carry enough information (i.e. path) to be filtered by mount point.
1030         */
1031        if (mask & FANOTIFY_INODE_EVENTS &&
1032            (!FAN_GROUP_FLAG(group, FAN_REPORT_FID) ||
1033             mark_type == FAN_MARK_MOUNT))
1034                goto fput_and_out;
1035
1036        if (flags & FAN_MARK_FLUSH) {
1037                ret = 0;
1038                if (mark_type == FAN_MARK_MOUNT)
1039                        fsnotify_clear_vfsmount_marks_by_group(group);
1040                else if (mark_type == FAN_MARK_FILESYSTEM)
1041                        fsnotify_clear_sb_marks_by_group(group);
1042                else
1043                        fsnotify_clear_inode_marks_by_group(group);
1044                goto fput_and_out;
1045        }
1046
1047        ret = fanotify_find_path(dfd, pathname, &path, flags,
1048                        (mask & ALL_FSNOTIFY_EVENTS), obj_type);
1049        if (ret)
1050                goto fput_and_out;
1051
1052        if (flags & FAN_MARK_ADD) {
1053                ret = fanotify_events_supported(&path, mask);
1054                if (ret)
1055                        goto path_put_and_out;
1056        }
1057
1058        if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
1059                ret = fanotify_test_fid(&path, &__fsid);
1060                if (ret)
1061                        goto path_put_and_out;
1062
1063                fsid = &__fsid;
1064        }
1065
1066        /* inode held in place by reference to path; group by fget on fd */
1067        if (mark_type == FAN_MARK_INODE)
1068                inode = path.dentry->d_inode;
1069        else
1070                mnt = path.mnt;
1071
1072        /* create/update an inode mark */
1073        switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE)) {
1074        case FAN_MARK_ADD:
1075                if (mark_type == FAN_MARK_MOUNT)
1076                        ret = fanotify_add_vfsmount_mark(group, mnt, mask,
1077                                                         flags, fsid);
1078                else if (mark_type == FAN_MARK_FILESYSTEM)
1079                        ret = fanotify_add_sb_mark(group, mnt->mnt_sb, mask,
1080                                                   flags, fsid);
1081                else
1082                        ret = fanotify_add_inode_mark(group, inode, mask,
1083                                                      flags, fsid);
1084                break;
1085        case FAN_MARK_REMOVE:
1086                if (mark_type == FAN_MARK_MOUNT)
1087                        ret = fanotify_remove_vfsmount_mark(group, mnt, mask,
1088                                                            flags);
1089                else if (mark_type == FAN_MARK_FILESYSTEM)
1090                        ret = fanotify_remove_sb_mark(group, mnt->mnt_sb, mask,
1091                                                      flags);
1092                else
1093                        ret = fanotify_remove_inode_mark(group, inode, mask,
1094                                                         flags);
1095                break;
1096        default:
1097                ret = -EINVAL;
1098        }
1099
1100path_put_and_out:
1101        path_put(&path);
1102fput_and_out:
1103        fdput(f);
1104        return ret;
1105}
1106
1107SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags,
1108                              __u64, mask, int, dfd,
1109                              const char  __user *, pathname)
1110{
1111        return do_fanotify_mark(fanotify_fd, flags, mask, dfd, pathname);
1112}
1113
1114#ifdef CONFIG_COMPAT
1115COMPAT_SYSCALL_DEFINE6(fanotify_mark,
1116                                int, fanotify_fd, unsigned int, flags,
1117                                __u32, mask0, __u32, mask1, int, dfd,
1118                                const char  __user *, pathname)
1119{
1120        return do_fanotify_mark(fanotify_fd, flags,
1121#ifdef __BIG_ENDIAN
1122                                ((__u64)mask0 << 32) | mask1,
1123#else
1124                                ((__u64)mask1 << 32) | mask0,
1125#endif
1126                                 dfd, pathname);
1127}
1128#endif
1129
1130/*
1131 * fanotify_user_setup - Our initialization function.  Note that we cannot return
1132 * error because we have compiled-in VFS hooks.  So an (unlikely) failure here
1133 * must result in panic().
1134 */
1135static int __init fanotify_user_setup(void)
1136{
1137        BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 8);
1138        BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9);
1139
1140        fanotify_mark_cache = KMEM_CACHE(fsnotify_mark,
1141                                         SLAB_PANIC|SLAB_ACCOUNT);
1142        fanotify_event_cachep = KMEM_CACHE(fanotify_event, SLAB_PANIC);
1143        if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS)) {
1144                fanotify_perm_event_cachep =
1145                        KMEM_CACHE(fanotify_perm_event, SLAB_PANIC);
1146        }
1147
1148        return 0;
1149}
1150device_initcall(fanotify_user_setup);
1151