]>
Commit | Line | Data |
---|---|---|
847b173e TH |
1 | /* |
2 | * security/tomoyo/gc.c | |
3 | * | |
0f2a55d5 | 4 | * Copyright (C) 2005-2011 NTT DATA CORPORATION |
847b173e TH |
5 | */ |
6 | ||
7 | #include "common.h" | |
8 | #include <linux/kthread.h> | |
5a0e3ad6 | 9 | #include <linux/slab.h> |
847b173e | 10 | |
2e503bbb TH |
11 | /* The list for "struct tomoyo_io_buffer". */ |
12 | static LIST_HEAD(tomoyo_io_buffer_list); | |
13 | /* Lock for protecting tomoyo_io_buffer_list. */ | |
14 | static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock); | |
15 | ||
16 | /* Size of an element. */ | |
17 | static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = { | |
18 | [TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group), | |
059d84db | 19 | [TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group), |
2e503bbb TH |
20 | [TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group), |
21 | [TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group), | |
22 | [TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator), | |
23 | [TOMOYO_ID_TRANSITION_CONTROL] = | |
24 | sizeof(struct tomoyo_transition_control), | |
25 | [TOMOYO_ID_MANAGER] = sizeof(struct tomoyo_manager), | |
2066a361 | 26 | /* [TOMOYO_ID_CONDITION] = "struct tomoyo_condition"->size, */ |
2e503bbb TH |
27 | /* [TOMOYO_ID_NAME] = "struct tomoyo_name"->size, */ |
28 | /* [TOMOYO_ID_ACL] = | |
29 | tomoyo_acl_size["struct tomoyo_acl_info"->type], */ | |
30 | [TOMOYO_ID_DOMAIN] = sizeof(struct tomoyo_domain_info), | |
31 | }; | |
32 | ||
33 | /* Size of a domain ACL element. */ | |
34 | static const u8 tomoyo_acl_size[] = { | |
35 | [TOMOYO_TYPE_PATH_ACL] = sizeof(struct tomoyo_path_acl), | |
36 | [TOMOYO_TYPE_PATH2_ACL] = sizeof(struct tomoyo_path2_acl), | |
37 | [TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl), | |
38 | [TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl), | |
39 | [TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl), | |
059d84db TH |
40 | [TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl), |
41 | [TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl), | |
d58e0da8 | 42 | [TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl), |
2e503bbb TH |
43 | }; |
44 | ||
45 | /** | |
46 | * tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not. | |
47 | * | |
48 | * @element: Pointer to "struct list_head". | |
49 | * | |
50 | * Returns true if @element is used by /sys/kernel/security/tomoyo/ users, | |
51 | * false otherwise. | |
52 | */ | |
53 | static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element) | |
54 | { | |
55 | struct tomoyo_io_buffer *head; | |
56 | bool in_use = false; | |
57 | ||
58 | spin_lock(&tomoyo_io_buffer_list_lock); | |
59 | list_for_each_entry(head, &tomoyo_io_buffer_list, list) { | |
60 | head->users++; | |
61 | spin_unlock(&tomoyo_io_buffer_list_lock); | |
62 | if (mutex_lock_interruptible(&head->io_sem)) { | |
63 | in_use = true; | |
64 | goto out; | |
65 | } | |
66 | if (head->r.domain == element || head->r.group == element || | |
67 | head->r.acl == element || &head->w.domain->list == element) | |
68 | in_use = true; | |
69 | mutex_unlock(&head->io_sem); | |
70 | out: | |
71 | spin_lock(&tomoyo_io_buffer_list_lock); | |
72 | head->users--; | |
73 | if (in_use) | |
74 | break; | |
75 | } | |
76 | spin_unlock(&tomoyo_io_buffer_list_lock); | |
77 | return in_use; | |
78 | } | |
79 | ||
80 | /** | |
81 | * tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not. | |
82 | * | |
83 | * @string: String to check. | |
84 | * @size: Memory allocated for @string . | |
85 | * | |
86 | * Returns true if @string is used by /sys/kernel/security/tomoyo/ users, | |
87 | * false otherwise. | |
88 | */ | |
89 | static bool tomoyo_name_used_by_io_buffer(const char *string, | |
90 | const size_t size) | |
91 | { | |
92 | struct tomoyo_io_buffer *head; | |
93 | bool in_use = false; | |
94 | ||
95 | spin_lock(&tomoyo_io_buffer_list_lock); | |
96 | list_for_each_entry(head, &tomoyo_io_buffer_list, list) { | |
97 | int i; | |
98 | head->users++; | |
99 | spin_unlock(&tomoyo_io_buffer_list_lock); | |
100 | if (mutex_lock_interruptible(&head->io_sem)) { | |
101 | in_use = true; | |
102 | goto out; | |
103 | } | |
104 | for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) { | |
105 | const char *w = head->r.w[i]; | |
106 | if (w < string || w > string + size) | |
107 | continue; | |
108 | in_use = true; | |
109 | break; | |
110 | } | |
111 | mutex_unlock(&head->io_sem); | |
112 | out: | |
113 | spin_lock(&tomoyo_io_buffer_list_lock); | |
114 | head->users--; | |
115 | if (in_use) | |
116 | break; | |
117 | } | |
118 | spin_unlock(&tomoyo_io_buffer_list_lock); | |
119 | return in_use; | |
120 | } | |
121 | ||
122 | /* Structure for garbage collection. */ | |
e2bf6907 | 123 | struct tomoyo_gc { |
847b173e | 124 | struct list_head list; |
0df7e8b8 | 125 | enum tomoyo_policy_id type; |
2e503bbb | 126 | size_t size; |
e79acf0e | 127 | struct list_head *element; |
847b173e | 128 | }; |
2e503bbb TH |
129 | /* List of entries to be deleted. */ |
130 | static LIST_HEAD(tomoyo_gc_list); | |
131 | /* Length of tomoyo_gc_list. */ | |
132 | static int tomoyo_gc_list_len; | |
847b173e | 133 | |
0df7e8b8 TH |
134 | /** |
135 | * tomoyo_add_to_gc - Add an entry to to be deleted list. | |
136 | * | |
137 | * @type: One of values in "enum tomoyo_policy_id". | |
138 | * @element: Pointer to "struct list_head". | |
139 | * | |
140 | * Returns true on success, false otherwise. | |
141 | * | |
142 | * Caller holds tomoyo_policy_lock mutex. | |
143 | * | |
144 | * Adding an entry needs kmalloc(). Thus, if we try to add thousands of | |
145 | * entries at once, it will take too long time. Thus, do not add more than 128 | |
146 | * entries per a scan. But to be able to handle worst case where all entries | |
147 | * are in-use, we accept one more entry per a scan. | |
148 | * | |
149 | * If we use singly linked list using "struct list_head"->prev (which is | |
150 | * LIST_POISON2), we can avoid kmalloc(). | |
151 | */ | |
e79acf0e | 152 | static bool tomoyo_add_to_gc(const int type, struct list_head *element) |
847b173e | 153 | { |
e2bf6907 | 154 | struct tomoyo_gc *entry = kzalloc(sizeof(*entry), GFP_ATOMIC); |
847b173e TH |
155 | if (!entry) |
156 | return false; | |
157 | entry->type = type; | |
2e503bbb TH |
158 | if (type == TOMOYO_ID_ACL) |
159 | entry->size = tomoyo_acl_size[ | |
160 | container_of(element, | |
161 | typeof(struct tomoyo_acl_info), | |
162 | list)->type]; | |
163 | else if (type == TOMOYO_ID_NAME) | |
164 | entry->size = strlen(container_of(element, | |
165 | typeof(struct tomoyo_name), | |
166 | head.list)->entry.name) + 1; | |
2066a361 TH |
167 | else if (type == TOMOYO_ID_CONDITION) |
168 | entry->size = | |
169 | container_of(element, typeof(struct tomoyo_condition), | |
170 | head.list)->size; | |
2e503bbb TH |
171 | else |
172 | entry->size = tomoyo_element_size[type]; | |
847b173e | 173 | entry->element = element; |
2e503bbb | 174 | list_add(&entry->list, &tomoyo_gc_list); |
e79acf0e | 175 | list_del_rcu(element); |
2e503bbb TH |
176 | return tomoyo_gc_list_len++ < 128; |
177 | } | |
178 | ||
179 | /** | |
180 | * tomoyo_element_linked_by_gc - Validate next element of an entry. | |
181 | * | |
182 | * @element: Pointer to an element. | |
183 | * @size: Size of @element in byte. | |
184 | * | |
185 | * Returns true if @element is linked by other elements in the garbage | |
186 | * collector's queue, false otherwise. | |
187 | */ | |
188 | static bool tomoyo_element_linked_by_gc(const u8 *element, const size_t size) | |
189 | { | |
190 | struct tomoyo_gc *p; | |
191 | list_for_each_entry(p, &tomoyo_gc_list, list) { | |
192 | const u8 *ptr = (const u8 *) p->element->next; | |
193 | if (ptr < element || element + size < ptr) | |
194 | continue; | |
195 | return true; | |
196 | } | |
197 | return false; | |
847b173e TH |
198 | } |
199 | ||
0df7e8b8 TH |
200 | /** |
201 | * tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control". | |
202 | * | |
203 | * @element: Pointer to "struct list_head". | |
204 | * | |
205 | * Returns nothing. | |
206 | */ | |
5448ec4f | 207 | static void tomoyo_del_transition_control(struct list_head *element) |
847b173e | 208 | { |
5448ec4f | 209 | struct tomoyo_transition_control *ptr = |
e79acf0e | 210 | container_of(element, typeof(*ptr), head.list); |
847b173e TH |
211 | tomoyo_put_name(ptr->domainname); |
212 | tomoyo_put_name(ptr->program); | |
213 | } | |
214 | ||
0df7e8b8 TH |
215 | /** |
216 | * tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator". | |
217 | * | |
218 | * @element: Pointer to "struct list_head". | |
219 | * | |
220 | * Returns nothing. | |
221 | */ | |
e79acf0e | 222 | static void tomoyo_del_aggregator(struct list_head *element) |
1084307c | 223 | { |
e2bf6907 | 224 | struct tomoyo_aggregator *ptr = |
e79acf0e | 225 | container_of(element, typeof(*ptr), head.list); |
1084307c TH |
226 | tomoyo_put_name(ptr->original_name); |
227 | tomoyo_put_name(ptr->aggregated_name); | |
228 | } | |
229 | ||
0df7e8b8 TH |
230 | /** |
231 | * tomoyo_del_manager - Delete members in "struct tomoyo_manager". | |
232 | * | |
233 | * @element: Pointer to "struct list_head". | |
234 | * | |
235 | * Returns nothing. | |
236 | */ | |
e79acf0e | 237 | static void tomoyo_del_manager(struct list_head *element) |
847b173e | 238 | { |
e2bf6907 | 239 | struct tomoyo_manager *ptr = |
e79acf0e | 240 | container_of(element, typeof(*ptr), head.list); |
847b173e TH |
241 | tomoyo_put_name(ptr->manager); |
242 | } | |
243 | ||
0df7e8b8 TH |
244 | /** |
245 | * tomoyo_del_acl - Delete members in "struct tomoyo_acl_info". | |
246 | * | |
247 | * @element: Pointer to "struct list_head". | |
248 | * | |
249 | * Returns nothing. | |
250 | */ | |
e79acf0e | 251 | static void tomoyo_del_acl(struct list_head *element) |
847b173e | 252 | { |
e79acf0e TH |
253 | struct tomoyo_acl_info *acl = |
254 | container_of(element, typeof(*acl), list); | |
2066a361 | 255 | tomoyo_put_condition(acl->cond); |
847b173e | 256 | switch (acl->type) { |
7ef61233 | 257 | case TOMOYO_TYPE_PATH_ACL: |
847b173e | 258 | { |
7ef61233 | 259 | struct tomoyo_path_acl *entry |
847b173e | 260 | = container_of(acl, typeof(*entry), head); |
7762fbff | 261 | tomoyo_put_name_union(&entry->name); |
847b173e TH |
262 | } |
263 | break; | |
7ef61233 | 264 | case TOMOYO_TYPE_PATH2_ACL: |
847b173e | 265 | { |
7ef61233 | 266 | struct tomoyo_path2_acl *entry |
847b173e | 267 | = container_of(acl, typeof(*entry), head); |
7762fbff TH |
268 | tomoyo_put_name_union(&entry->name1); |
269 | tomoyo_put_name_union(&entry->name2); | |
847b173e TH |
270 | } |
271 | break; | |
a1f9bb6a TH |
272 | case TOMOYO_TYPE_PATH_NUMBER_ACL: |
273 | { | |
274 | struct tomoyo_path_number_acl *entry | |
275 | = container_of(acl, typeof(*entry), head); | |
276 | tomoyo_put_name_union(&entry->name); | |
277 | tomoyo_put_number_union(&entry->number); | |
278 | } | |
279 | break; | |
75093152 | 280 | case TOMOYO_TYPE_MKDEV_ACL: |
a1f9bb6a | 281 | { |
75093152 | 282 | struct tomoyo_mkdev_acl *entry |
a1f9bb6a TH |
283 | = container_of(acl, typeof(*entry), head); |
284 | tomoyo_put_name_union(&entry->name); | |
285 | tomoyo_put_number_union(&entry->mode); | |
286 | tomoyo_put_number_union(&entry->major); | |
287 | tomoyo_put_number_union(&entry->minor); | |
288 | } | |
289 | break; | |
2106ccd9 TH |
290 | case TOMOYO_TYPE_MOUNT_ACL: |
291 | { | |
292 | struct tomoyo_mount_acl *entry | |
293 | = container_of(acl, typeof(*entry), head); | |
294 | tomoyo_put_name_union(&entry->dev_name); | |
295 | tomoyo_put_name_union(&entry->dir_name); | |
296 | tomoyo_put_name_union(&entry->fs_type); | |
297 | tomoyo_put_number_union(&entry->flags); | |
298 | } | |
299 | break; | |
d58e0da8 TH |
300 | case TOMOYO_TYPE_ENV_ACL: |
301 | { | |
302 | struct tomoyo_env_acl *entry = | |
303 | container_of(acl, typeof(*entry), head); | |
304 | ||
305 | tomoyo_put_name(entry->env); | |
306 | } | |
307 | break; | |
059d84db TH |
308 | case TOMOYO_TYPE_INET_ACL: |
309 | { | |
310 | struct tomoyo_inet_acl *entry = | |
311 | container_of(acl, typeof(*entry), head); | |
312 | ||
313 | tomoyo_put_group(entry->address.group); | |
314 | tomoyo_put_number_union(&entry->port); | |
315 | } | |
316 | break; | |
317 | case TOMOYO_TYPE_UNIX_ACL: | |
318 | { | |
319 | struct tomoyo_unix_acl *entry = | |
320 | container_of(acl, typeof(*entry), head); | |
321 | ||
322 | tomoyo_put_name_union(&entry->name); | |
323 | } | |
324 | break; | |
847b173e TH |
325 | } |
326 | } | |
327 | ||
2e503bbb TH |
328 | /** |
329 | * tomoyo_del_domain - Delete members in "struct tomoyo_domain_info". | |
330 | * | |
331 | * @element: Pointer to "struct list_head". | |
332 | * | |
333 | * Returns true if deleted, false otherwise. | |
334 | */ | |
e79acf0e | 335 | static bool tomoyo_del_domain(struct list_head *element) |
847b173e | 336 | { |
e79acf0e TH |
337 | struct tomoyo_domain_info *domain = |
338 | container_of(element, typeof(*domain), list); | |
847b173e TH |
339 | struct tomoyo_acl_info *acl; |
340 | struct tomoyo_acl_info *tmp; | |
341 | /* | |
342 | * Since we don't protect whole execve() operation using SRCU, | |
343 | * we need to recheck domain->users at this point. | |
344 | * | |
345 | * (1) Reader starts SRCU section upon execve(). | |
346 | * (2) Reader traverses tomoyo_domain_list and finds this domain. | |
347 | * (3) Writer marks this domain as deleted. | |
348 | * (4) Garbage collector removes this domain from tomoyo_domain_list | |
349 | * because this domain is marked as deleted and used by nobody. | |
350 | * (5) Reader saves reference to this domain into | |
351 | * "struct linux_binprm"->cred->security . | |
352 | * (6) Reader finishes SRCU section, although execve() operation has | |
353 | * not finished yet. | |
354 | * (7) Garbage collector waits for SRCU synchronization. | |
355 | * (8) Garbage collector kfree() this domain because this domain is | |
356 | * used by nobody. | |
357 | * (9) Reader finishes execve() operation and restores this domain from | |
358 | * "struct linux_binprm"->cred->security. | |
359 | * | |
360 | * By updating domain->users at (5), we can solve this race problem | |
361 | * by rechecking domain->users at (8). | |
362 | */ | |
363 | if (atomic_read(&domain->users)) | |
364 | return false; | |
365 | list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) { | |
e79acf0e | 366 | tomoyo_del_acl(&acl->list); |
847b173e TH |
367 | tomoyo_memory_free(acl); |
368 | } | |
369 | tomoyo_put_name(domain->domainname); | |
370 | return true; | |
371 | } | |
372 | ||
2066a361 TH |
373 | /** |
374 | * tomoyo_del_condition - Delete members in "struct tomoyo_condition". | |
375 | * | |
376 | * @element: Pointer to "struct list_head". | |
377 | * | |
378 | * Returns nothing. | |
379 | */ | |
380 | void tomoyo_del_condition(struct list_head *element) | |
381 | { | |
382 | struct tomoyo_condition *cond = container_of(element, typeof(*cond), | |
383 | head.list); | |
384 | const u16 condc = cond->condc; | |
385 | const u16 numbers_count = cond->numbers_count; | |
2ca9bf45 | 386 | const u16 names_count = cond->names_count; |
5b636857 TH |
387 | const u16 argc = cond->argc; |
388 | const u16 envc = cond->envc; | |
2066a361 TH |
389 | unsigned int i; |
390 | const struct tomoyo_condition_element *condp | |
391 | = (const struct tomoyo_condition_element *) (cond + 1); | |
392 | struct tomoyo_number_union *numbers_p | |
393 | = (struct tomoyo_number_union *) (condp + condc); | |
2ca9bf45 TH |
394 | struct tomoyo_name_union *names_p |
395 | = (struct tomoyo_name_union *) (numbers_p + numbers_count); | |
5b636857 TH |
396 | const struct tomoyo_argv *argv |
397 | = (const struct tomoyo_argv *) (names_p + names_count); | |
398 | const struct tomoyo_envp *envp | |
399 | = (const struct tomoyo_envp *) (argv + argc); | |
2066a361 TH |
400 | for (i = 0; i < numbers_count; i++) |
401 | tomoyo_put_number_union(numbers_p++); | |
2ca9bf45 TH |
402 | for (i = 0; i < names_count; i++) |
403 | tomoyo_put_name_union(names_p++); | |
5b636857 TH |
404 | for (i = 0; i < argc; argv++, i++) |
405 | tomoyo_put_name(argv->value); | |
406 | for (i = 0; i < envc; envp++, i++) { | |
407 | tomoyo_put_name(envp->name); | |
408 | tomoyo_put_name(envp->value); | |
409 | } | |
2066a361 | 410 | } |
847b173e | 411 | |
0df7e8b8 TH |
412 | /** |
413 | * tomoyo_del_name - Delete members in "struct tomoyo_name". | |
414 | * | |
415 | * @element: Pointer to "struct list_head". | |
416 | * | |
417 | * Returns nothing. | |
418 | */ | |
e79acf0e | 419 | static void tomoyo_del_name(struct list_head *element) |
847b173e | 420 | { |
e2bf6907 | 421 | const struct tomoyo_name *ptr = |
0df7e8b8 | 422 | container_of(element, typeof(*ptr), head.list); |
847b173e TH |
423 | } |
424 | ||
0df7e8b8 TH |
425 | /** |
426 | * tomoyo_del_path_group - Delete members in "struct tomoyo_path_group". | |
427 | * | |
428 | * @element: Pointer to "struct list_head". | |
429 | * | |
430 | * Returns nothing. | |
431 | */ | |
a98aa4de | 432 | static void tomoyo_del_path_group(struct list_head *element) |
7762fbff | 433 | { |
a98aa4de | 434 | struct tomoyo_path_group *member = |
e79acf0e | 435 | container_of(element, typeof(*member), head.list); |
7762fbff TH |
436 | tomoyo_put_name(member->member_name); |
437 | } | |
438 | ||
0df7e8b8 TH |
439 | /** |
440 | * tomoyo_del_group - Delete "struct tomoyo_group". | |
441 | * | |
442 | * @element: Pointer to "struct list_head". | |
443 | * | |
444 | * Returns nothing. | |
445 | */ | |
a98aa4de | 446 | static void tomoyo_del_group(struct list_head *element) |
7762fbff | 447 | { |
a98aa4de | 448 | struct tomoyo_group *group = |
0df7e8b8 | 449 | container_of(element, typeof(*group), head.list); |
7762fbff TH |
450 | tomoyo_put_name(group->group_name); |
451 | } | |
452 | ||
059d84db TH |
453 | /** |
454 | * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group". | |
455 | * | |
456 | * @element: Pointer to "struct list_head". | |
457 | * | |
458 | * Returns nothing. | |
459 | */ | |
460 | static inline void tomoyo_del_address_group(struct list_head *element) | |
461 | { | |
462 | /* Nothing to do. */ | |
463 | } | |
464 | ||
0df7e8b8 TH |
465 | /** |
466 | * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group". | |
467 | * | |
468 | * @element: Pointer to "struct list_head". | |
469 | * | |
470 | * Returns nothing. | |
471 | */ | |
e79acf0e | 472 | static void tomoyo_del_number_group(struct list_head *element) |
4c3e9e2d | 473 | { |
a98aa4de TH |
474 | struct tomoyo_number_group *member = |
475 | container_of(element, typeof(*member), head.list); | |
4c3e9e2d TH |
476 | } |
477 | ||
0df7e8b8 TH |
478 | /** |
479 | * tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head". | |
480 | * | |
481 | * @id: One of values in "enum tomoyo_policy_id". | |
482 | * @member_list: Pointer to "struct list_head". | |
483 | * | |
484 | * Returns true if some elements are deleted, false otherwise. | |
485 | */ | |
486 | static bool tomoyo_collect_member(const enum tomoyo_policy_id id, | |
487 | struct list_head *member_list) | |
d2f8b234 TH |
488 | { |
489 | struct tomoyo_acl_head *member; | |
490 | list_for_each_entry(member, member_list, list) { | |
491 | if (!member->is_deleted) | |
492 | continue; | |
493 | if (!tomoyo_add_to_gc(id, &member->list)) | |
494 | return false; | |
d2f8b234 | 495 | } |
0f2a55d5 | 496 | return true; |
d2f8b234 TH |
497 | } |
498 | ||
32997144 TH |
499 | /** |
500 | * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info". | |
501 | * | |
502 | * @list: Pointer to "struct list_head". | |
503 | * | |
504 | * Returns true if some elements are deleted, false otherwise. | |
505 | */ | |
506 | static bool tomoyo_collect_acl(struct list_head *list) | |
d2f8b234 TH |
507 | { |
508 | struct tomoyo_acl_info *acl; | |
32997144 | 509 | list_for_each_entry(acl, list, list) { |
d2f8b234 TH |
510 | if (!acl->is_deleted) |
511 | continue; | |
512 | if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list)) | |
513 | return false; | |
d2f8b234 TH |
514 | } |
515 | return true; | |
516 | } | |
517 | ||
0df7e8b8 TH |
518 | /** |
519 | * tomoyo_collect_entry - Scan lists for deleted elements. | |
520 | * | |
521 | * Returns nothing. | |
522 | */ | |
847b173e TH |
523 | static void tomoyo_collect_entry(void) |
524 | { | |
d2f8b234 | 525 | int i; |
bd03a3e4 TH |
526 | enum tomoyo_policy_id id; |
527 | struct tomoyo_policy_namespace *ns; | |
528 | int idx; | |
29282381 TH |
529 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
530 | return; | |
bd03a3e4 | 531 | idx = tomoyo_read_lock(); |
847b173e TH |
532 | { |
533 | struct tomoyo_domain_info *domain; | |
534 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { | |
32997144 | 535 | if (!tomoyo_collect_acl(&domain->acl_info_list)) |
d2f8b234 | 536 | goto unlock; |
847b173e TH |
537 | if (!domain->is_deleted || atomic_read(&domain->users)) |
538 | continue; | |
539 | /* | |
540 | * Nobody is referring this domain. But somebody may | |
541 | * refer this domain after successful execve(). | |
542 | * We recheck domain->users after SRCU synchronization. | |
543 | */ | |
e79acf0e | 544 | if (!tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, &domain->list)) |
d2f8b234 | 545 | goto unlock; |
847b173e TH |
546 | } |
547 | } | |
bd03a3e4 TH |
548 | list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) { |
549 | for (id = 0; id < TOMOYO_MAX_POLICY; id++) | |
550 | if (!tomoyo_collect_member(id, &ns->policy_list[id])) | |
d2f8b234 | 551 | goto unlock; |
bd03a3e4 TH |
552 | for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) |
553 | if (!tomoyo_collect_acl(&ns->acl_group[i])) | |
554 | goto unlock; | |
555 | for (i = 0; i < TOMOYO_MAX_GROUP; i++) { | |
556 | struct list_head *list = &ns->group_list[i]; | |
557 | struct tomoyo_group *group; | |
558 | switch (i) { | |
559 | case 0: | |
560 | id = TOMOYO_ID_PATH_GROUP; | |
561 | break; | |
059d84db | 562 | case 1: |
bd03a3e4 TH |
563 | id = TOMOYO_ID_NUMBER_GROUP; |
564 | break; | |
059d84db TH |
565 | default: |
566 | id = TOMOYO_ID_ADDRESS_GROUP; | |
567 | break; | |
bd03a3e4 TH |
568 | } |
569 | list_for_each_entry(group, list, head.list) { | |
570 | if (!tomoyo_collect_member | |
571 | (id, &group->member_list)) | |
572 | goto unlock; | |
573 | if (!list_empty(&group->member_list) || | |
574 | atomic_read(&group->head.users)) | |
575 | continue; | |
576 | if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, | |
577 | &group->head.list)) | |
578 | goto unlock; | |
579 | } | |
847b173e TH |
580 | } |
581 | } | |
2066a361 TH |
582 | id = TOMOYO_ID_CONDITION; |
583 | for (i = 0; i < TOMOYO_MAX_HASH + 1; i++) { | |
584 | struct list_head *list = !i ? | |
585 | &tomoyo_condition_list : &tomoyo_name_list[i - 1]; | |
bd03a3e4 TH |
586 | struct tomoyo_shared_acl_head *ptr; |
587 | list_for_each_entry(ptr, list, list) { | |
588 | if (atomic_read(&ptr->users)) | |
4c3e9e2d | 589 | continue; |
2066a361 | 590 | if (!tomoyo_add_to_gc(id, &ptr->list)) |
d2f8b234 | 591 | goto unlock; |
4c3e9e2d | 592 | } |
2066a361 | 593 | id = TOMOYO_ID_NAME; |
4c3e9e2d | 594 | } |
bd03a3e4 TH |
595 | unlock: |
596 | tomoyo_read_unlock(idx); | |
29282381 | 597 | mutex_unlock(&tomoyo_policy_lock); |
847b173e TH |
598 | } |
599 | ||
2e503bbb TH |
600 | /** |
601 | * tomoyo_kfree_entry - Delete entries in tomoyo_gc_list. | |
602 | * | |
603 | * Returns true if some entries were kfree()d, false otherwise. | |
604 | */ | |
605 | static bool tomoyo_kfree_entry(void) | |
847b173e | 606 | { |
e2bf6907 TH |
607 | struct tomoyo_gc *p; |
608 | struct tomoyo_gc *tmp; | |
2e503bbb | 609 | bool result = false; |
847b173e | 610 | |
2e503bbb | 611 | list_for_each_entry_safe(p, tmp, &tomoyo_gc_list, list) { |
e79acf0e | 612 | struct list_head *element = p->element; |
2e503bbb TH |
613 | |
614 | /* | |
615 | * list_del_rcu() in tomoyo_add_to_gc() guarantees that the | |
616 | * list element became no longer reachable from the list which | |
617 | * the element was originally on (e.g. tomoyo_domain_list). | |
618 | * Also, synchronize_srcu() in tomoyo_gc_thread() guarantees | |
619 | * that the list element became no longer referenced by syscall | |
620 | * users. | |
621 | * | |
622 | * However, there are three users which may still be using the | |
623 | * list element. We need to defer until all of these users | |
624 | * forget the list element. | |
625 | * | |
626 | * Firstly, defer until "struct tomoyo_io_buffer"->r.{domain, | |
627 | * group,acl} and "struct tomoyo_io_buffer"->w.domain forget | |
628 | * the list element. | |
629 | */ | |
630 | if (tomoyo_struct_used_by_io_buffer(element)) | |
631 | continue; | |
632 | /* | |
633 | * Secondly, defer until all other elements in the | |
634 | * tomoyo_gc_list list forget the list element. | |
635 | */ | |
636 | if (tomoyo_element_linked_by_gc((const u8 *) element, p->size)) | |
637 | continue; | |
847b173e | 638 | switch (p->type) { |
5448ec4f TH |
639 | case TOMOYO_ID_TRANSITION_CONTROL: |
640 | tomoyo_del_transition_control(element); | |
847b173e | 641 | break; |
1084307c | 642 | case TOMOYO_ID_AGGREGATOR: |
e79acf0e | 643 | tomoyo_del_aggregator(element); |
1084307c | 644 | break; |
847b173e | 645 | case TOMOYO_ID_MANAGER: |
e79acf0e | 646 | tomoyo_del_manager(element); |
847b173e | 647 | break; |
2066a361 TH |
648 | case TOMOYO_ID_CONDITION: |
649 | tomoyo_del_condition(element); | |
650 | break; | |
847b173e | 651 | case TOMOYO_ID_NAME: |
2e503bbb TH |
652 | /* |
653 | * Thirdly, defer until all "struct tomoyo_io_buffer" | |
654 | * ->r.w[] forget the list element. | |
655 | */ | |
656 | if (tomoyo_name_used_by_io_buffer( | |
657 | container_of(element, typeof(struct tomoyo_name), | |
658 | head.list)->entry.name, p->size)) | |
659 | continue; | |
e79acf0e | 660 | tomoyo_del_name(element); |
847b173e TH |
661 | break; |
662 | case TOMOYO_ID_ACL: | |
e79acf0e | 663 | tomoyo_del_acl(element); |
847b173e TH |
664 | break; |
665 | case TOMOYO_ID_DOMAIN: | |
e79acf0e | 666 | if (!tomoyo_del_domain(element)) |
847b173e TH |
667 | continue; |
668 | break; | |
7762fbff | 669 | case TOMOYO_ID_PATH_GROUP: |
e79acf0e | 670 | tomoyo_del_path_group(element); |
7762fbff | 671 | break; |
059d84db TH |
672 | case TOMOYO_ID_ADDRESS_GROUP: |
673 | tomoyo_del_address_group(element); | |
674 | break; | |
a98aa4de TH |
675 | case TOMOYO_ID_GROUP: |
676 | tomoyo_del_group(element); | |
4c3e9e2d TH |
677 | break; |
678 | case TOMOYO_ID_NUMBER_GROUP: | |
e79acf0e | 679 | tomoyo_del_number_group(element); |
847b173e | 680 | break; |
0df7e8b8 TH |
681 | case TOMOYO_MAX_POLICY: |
682 | break; | |
847b173e | 683 | } |
e79acf0e | 684 | tomoyo_memory_free(element); |
847b173e TH |
685 | list_del(&p->list); |
686 | kfree(p); | |
2e503bbb TH |
687 | tomoyo_gc_list_len--; |
688 | result = true; | |
847b173e | 689 | } |
2e503bbb | 690 | return result; |
847b173e TH |
691 | } |
692 | ||
0df7e8b8 TH |
693 | /** |
694 | * tomoyo_gc_thread - Garbage collector thread function. | |
695 | * | |
696 | * @unused: Unused. | |
697 | * | |
698 | * In case OOM-killer choose this thread for termination, we create this thread | |
699 | * as a short live thread whenever /sys/kernel/security/tomoyo/ interface was | |
700 | * close()d. | |
701 | * | |
702 | * Returns 0. | |
703 | */ | |
847b173e TH |
704 | static int tomoyo_gc_thread(void *unused) |
705 | { | |
2e503bbb TH |
706 | /* Garbage collector thread is exclusive. */ |
707 | static DEFINE_MUTEX(tomoyo_gc_mutex); | |
708 | if (!mutex_trylock(&tomoyo_gc_mutex)) | |
709 | goto out; | |
09f464bf | 710 | |
2e503bbb TH |
711 | do { |
712 | tomoyo_collect_entry(); | |
713 | if (list_empty(&tomoyo_gc_list)) | |
714 | break; | |
715 | synchronize_srcu(&tomoyo_ss); | |
716 | } while (tomoyo_kfree_entry()); | |
717 | { | |
718 | struct tomoyo_io_buffer *head; | |
719 | struct tomoyo_io_buffer *tmp; | |
720 | ||
721 | spin_lock(&tomoyo_io_buffer_list_lock); | |
722 | list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list, | |
723 | list) { | |
724 | if (head->users) | |
725 | continue; | |
726 | list_del(&head->list); | |
727 | kfree(head->read_buf); | |
728 | kfree(head->write_buf); | |
729 | kfree(head); | |
847b173e | 730 | } |
2e503bbb | 731 | spin_unlock(&tomoyo_io_buffer_list_lock); |
847b173e | 732 | } |
2e503bbb TH |
733 | mutex_unlock(&tomoyo_gc_mutex); |
734 | out: | |
735 | /* This acts as do_exit(0). */ | |
736 | return 0; | |
847b173e TH |
737 | } |
738 | ||
2e503bbb TH |
739 | /** |
740 | * tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users. | |
741 | * | |
742 | * @head: Pointer to "struct tomoyo_io_buffer". | |
743 | * @is_register: True if register, false if unregister. | |
744 | * | |
745 | * Returns nothing. | |
746 | */ | |
747 | void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register) | |
847b173e | 748 | { |
2e503bbb TH |
749 | bool is_write = false; |
750 | ||
751 | spin_lock(&tomoyo_io_buffer_list_lock); | |
752 | if (is_register) { | |
753 | head->users = 1; | |
754 | list_add(&head->list, &tomoyo_io_buffer_list); | |
755 | } else { | |
756 | is_write = head->write_buf != NULL; | |
757 | if (!--head->users) { | |
758 | list_del(&head->list); | |
759 | kfree(head->read_buf); | |
760 | kfree(head->write_buf); | |
761 | kfree(head); | |
762 | } | |
763 | } | |
764 | spin_unlock(&tomoyo_io_buffer_list_lock); | |
765 | if (is_write) { | |
766 | struct task_struct *task = kthread_create(tomoyo_gc_thread, | |
767 | NULL, | |
768 | "GC for TOMOYO"); | |
769 | if (!IS_ERR(task)) | |
770 | wake_up_process(task); | |
771 | } | |
847b173e | 772 | } |