1/* 2 * security/tomoyo/gc.c 3 * 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 5 */ 6 7#include "common.h" 8#include <linux/kthread.h> 9#include <linux/slab.h> 10 11/** 12 * tomoyo_memory_free - Free memory for elements. 13 * 14 * @ptr: Pointer to allocated memory. 15 * 16 * Returns nothing. 17 * 18 * Caller holds tomoyo_policy_lock mutex. 19 */ 20static inline void tomoyo_memory_free(void *ptr) 21{ 22 tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= ksize(ptr); 23 kfree(ptr); 24} 25 26/* The list for "struct tomoyo_io_buffer". */ 27static LIST_HEAD(tomoyo_io_buffer_list); 28/* Lock for protecting tomoyo_io_buffer_list. */ 29static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock); 30 31/** 32 * tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not. 33 * 34 * @element: Pointer to "struct list_head". 35 * 36 * Returns true if @element is used by /sys/kernel/security/tomoyo/ users, 37 * false otherwise. 38 */ 39static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element) 40{ 41 struct tomoyo_io_buffer *head; 42 bool in_use = false; 43 44 spin_lock(&tomoyo_io_buffer_list_lock); 45 list_for_each_entry(head, &tomoyo_io_buffer_list, list) { 46 head->users++; 47 spin_unlock(&tomoyo_io_buffer_list_lock); 48 mutex_lock(&head->io_sem); 49 if (head->r.domain == element || head->r.group == element || 50 head->r.acl == element || &head->w.domain->list == element) 51 in_use = true; 52 mutex_unlock(&head->io_sem); 53 spin_lock(&tomoyo_io_buffer_list_lock); 54 head->users--; 55 if (in_use) 56 break; 57 } 58 spin_unlock(&tomoyo_io_buffer_list_lock); 59 return in_use; 60} 61 62/** 63 * tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not. 64 * 65 * @string: String to check. 66 * 67 * Returns true if @string is used by /sys/kernel/security/tomoyo/ users, 68 * false otherwise. 69 */ 70static bool tomoyo_name_used_by_io_buffer(const char *string) 71{ 72 struct tomoyo_io_buffer *head; 73 const size_t size = strlen(string) + 1; 74 bool in_use = false; 75 76 spin_lock(&tomoyo_io_buffer_list_lock); 77 list_for_each_entry(head, &tomoyo_io_buffer_list, list) { 78 int i; 79 head->users++; 80 spin_unlock(&tomoyo_io_buffer_list_lock); 81 mutex_lock(&head->io_sem); 82 for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) { 83 const char *w = head->r.w[i]; 84 if (w < string || w > string + size) 85 continue; 86 in_use = true; 87 break; 88 } 89 mutex_unlock(&head->io_sem); 90 spin_lock(&tomoyo_io_buffer_list_lock); 91 head->users--; 92 if (in_use) 93 break; 94 } 95 spin_unlock(&tomoyo_io_buffer_list_lock); 96 return in_use; 97} 98 99/** 100 * tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control". 101 * 102 * @element: Pointer to "struct list_head". 103 * 104 * Returns nothing. 105 */ 106static inline void tomoyo_del_transition_control(struct list_head *element) 107{ 108 struct tomoyo_transition_control *ptr = 109 container_of(element, typeof(*ptr), head.list); 110 tomoyo_put_name(ptr->domainname); 111 tomoyo_put_name(ptr->program); 112} 113 114/** 115 * tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator". 116 * 117 * @element: Pointer to "struct list_head". 118 * 119 * Returns nothing. 120 */ 121static inline void tomoyo_del_aggregator(struct list_head *element) 122{ 123 struct tomoyo_aggregator *ptr = 124 container_of(element, typeof(*ptr), head.list); 125 tomoyo_put_name(ptr->original_name); 126 tomoyo_put_name(ptr->aggregated_name); 127} 128 129/** 130 * tomoyo_del_manager - Delete members in "struct tomoyo_manager". 131 * 132 * @element: Pointer to "struct list_head". 133 * 134 * Returns nothing. 135 */ 136static inline void tomoyo_del_manager(struct list_head *element) 137{ 138 struct tomoyo_manager *ptr = 139 container_of(element, typeof(*ptr), head.list); 140 tomoyo_put_name(ptr->manager); 141} 142 143/** 144 * tomoyo_del_acl - Delete members in "struct tomoyo_acl_info". 145 * 146 * @element: Pointer to "struct list_head". 147 * 148 * Returns nothing. 149 */ 150static void tomoyo_del_acl(struct list_head *element) 151{ 152 struct tomoyo_acl_info *acl = 153 container_of(element, typeof(*acl), list); 154 tomoyo_put_condition(acl->cond); 155 switch (acl->type) { 156 case TOMOYO_TYPE_PATH_ACL: 157 { 158 struct tomoyo_path_acl *entry 159 = container_of(acl, typeof(*entry), head); 160 tomoyo_put_name_union(&entry->name); 161 } 162 break; 163 case TOMOYO_TYPE_PATH2_ACL: 164 { 165 struct tomoyo_path2_acl *entry 166 = container_of(acl, typeof(*entry), head); 167 tomoyo_put_name_union(&entry->name1); 168 tomoyo_put_name_union(&entry->name2); 169 } 170 break; 171 case TOMOYO_TYPE_PATH_NUMBER_ACL: 172 { 173 struct tomoyo_path_number_acl *entry 174 = container_of(acl, typeof(*entry), head); 175 tomoyo_put_name_union(&entry->name); 176 tomoyo_put_number_union(&entry->number); 177 } 178 break; 179 case TOMOYO_TYPE_MKDEV_ACL: 180 { 181 struct tomoyo_mkdev_acl *entry 182 = container_of(acl, typeof(*entry), head); 183 tomoyo_put_name_union(&entry->name); 184 tomoyo_put_number_union(&entry->mode); 185 tomoyo_put_number_union(&entry->major); 186 tomoyo_put_number_union(&entry->minor); 187 } 188 break; 189 case TOMOYO_TYPE_MOUNT_ACL: 190 { 191 struct tomoyo_mount_acl *entry 192 = container_of(acl, typeof(*entry), head); 193 tomoyo_put_name_union(&entry->dev_name); 194 tomoyo_put_name_union(&entry->dir_name); 195 tomoyo_put_name_union(&entry->fs_type); 196 tomoyo_put_number_union(&entry->flags); 197 } 198 break; 199 case TOMOYO_TYPE_ENV_ACL: 200 { 201 struct tomoyo_env_acl *entry = 202 container_of(acl, typeof(*entry), head); 203 204 tomoyo_put_name(entry->env); 205 } 206 break; 207 case TOMOYO_TYPE_INET_ACL: 208 { 209 struct tomoyo_inet_acl *entry = 210 container_of(acl, typeof(*entry), head); 211 212 tomoyo_put_group(entry->address.group); 213 tomoyo_put_number_union(&entry->port); 214 } 215 break; 216 case TOMOYO_TYPE_UNIX_ACL: 217 { 218 struct tomoyo_unix_acl *entry = 219 container_of(acl, typeof(*entry), head); 220 221 tomoyo_put_name_union(&entry->name); 222 } 223 break; 224 case TOMOYO_TYPE_MANUAL_TASK_ACL: 225 { 226 struct tomoyo_task_acl *entry = 227 container_of(acl, typeof(*entry), head); 228 tomoyo_put_name(entry->domainname); 229 } 230 break; 231 } 232} 233 234/** 235 * tomoyo_del_domain - Delete members in "struct tomoyo_domain_info". 236 * 237 * @element: Pointer to "struct list_head". 238 * 239 * Returns nothing. 240 * 241 * Caller holds tomoyo_policy_lock mutex. 242 */ 243static inline void tomoyo_del_domain(struct list_head *element) 244{ 245 struct tomoyo_domain_info *domain = 246 container_of(element, typeof(*domain), list); 247 struct tomoyo_acl_info *acl; 248 struct tomoyo_acl_info *tmp; 249 /* 250 * Since this domain is referenced from neither 251 * "struct tomoyo_io_buffer" nor "struct cred"->security, we can delete 252 * elements without checking for is_deleted flag. 253 */ 254 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) { 255 tomoyo_del_acl(&acl->list); 256 tomoyo_memory_free(acl); 257 } 258 tomoyo_put_name(domain->domainname); 259} 260 261/** 262 * tomoyo_del_condition - Delete members in "struct tomoyo_condition". 263 * 264 * @element: Pointer to "struct list_head". 265 * 266 * Returns nothing. 267 */ 268void tomoyo_del_condition(struct list_head *element) 269{ 270 struct tomoyo_condition *cond = container_of(element, typeof(*cond), 271 head.list); 272 const u16 condc = cond->condc; 273 const u16 numbers_count = cond->numbers_count; 274 const u16 names_count = cond->names_count; 275 const u16 argc = cond->argc; 276 const u16 envc = cond->envc; 277 unsigned int i; 278 const struct tomoyo_condition_element *condp 279 = (const struct tomoyo_condition_element *) (cond + 1); 280 struct tomoyo_number_union *numbers_p 281 = (struct tomoyo_number_union *) (condp + condc); 282 struct tomoyo_name_union *names_p 283 = (struct tomoyo_name_union *) (numbers_p + numbers_count); 284 const struct tomoyo_argv *argv 285 = (const struct tomoyo_argv *) (names_p + names_count); 286 const struct tomoyo_envp *envp 287 = (const struct tomoyo_envp *) (argv + argc); 288 for (i = 0; i < numbers_count; i++) 289 tomoyo_put_number_union(numbers_p++); 290 for (i = 0; i < names_count; i++) 291 tomoyo_put_name_union(names_p++); 292 for (i = 0; i < argc; argv++, i++) 293 tomoyo_put_name(argv->value); 294 for (i = 0; i < envc; envp++, i++) { 295 tomoyo_put_name(envp->name); 296 tomoyo_put_name(envp->value); 297 } 298} 299 300/** 301 * tomoyo_del_name - Delete members in "struct tomoyo_name". 302 * 303 * @element: Pointer to "struct list_head". 304 * 305 * Returns nothing. 306 */ 307static inline void tomoyo_del_name(struct list_head *element) 308{ 309 /* Nothing to do. */ 310} 311 312/** 313 * tomoyo_del_path_group - Delete members in "struct tomoyo_path_group". 314 * 315 * @element: Pointer to "struct list_head". 316 * 317 * Returns nothing. 318 */ 319static inline void tomoyo_del_path_group(struct list_head *element) 320{ 321 struct tomoyo_path_group *member = 322 container_of(element, typeof(*member), head.list); 323 tomoyo_put_name(member->member_name); 324} 325 326/** 327 * tomoyo_del_group - Delete "struct tomoyo_group". 328 * 329 * @element: Pointer to "struct list_head". 330 * 331 * Returns nothing. 332 */ 333static inline void tomoyo_del_group(struct list_head *element) 334{ 335 struct tomoyo_group *group = 336 container_of(element, typeof(*group), head.list); 337 tomoyo_put_name(group->group_name); 338} 339 340/** 341 * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group". 342 * 343 * @element: Pointer to "struct list_head". 344 * 345 * Returns nothing. 346 */ 347static inline void tomoyo_del_address_group(struct list_head *element) 348{ 349 /* Nothing to do. */ 350} 351 352/** 353 * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group". 354 * 355 * @element: Pointer to "struct list_head". 356 * 357 * Returns nothing. 358 */ 359static inline void tomoyo_del_number_group(struct list_head *element) 360{ 361 /* Nothing to do. */ 362} 363 364/** 365 * tomoyo_try_to_gc - Try to kfree() an entry. 366 * 367 * @type: One of values in "enum tomoyo_policy_id". 368 * @element: Pointer to "struct list_head". 369 * 370 * Returns nothing. 371 * 372 * Caller holds tomoyo_policy_lock mutex. 373 */ 374static void tomoyo_try_to_gc(const enum tomoyo_policy_id type, 375 struct list_head *element) 376{ 377 /* 378 * __list_del_entry() guarantees that the list element became no longer 379 * reachable from the list which the element was originally on (e.g. 380 * tomoyo_domain_list). Also, synchronize_srcu() guarantees that the 381 * list element became no longer referenced by syscall users. 382 */ 383 __list_del_entry(element); 384 mutex_unlock(&tomoyo_policy_lock); 385 synchronize_srcu(&tomoyo_ss); 386 /* 387 * However, there are two users which may still be using the list 388 * element. We need to defer until both users forget this element. 389 * 390 * Don't kfree() until "struct tomoyo_io_buffer"->r.{domain,group,acl} 391 * and "struct tomoyo_io_buffer"->w.domain forget this element. 392 */ 393 if (tomoyo_struct_used_by_io_buffer(element)) 394 goto reinject; 395 switch (type) { 396 case TOMOYO_ID_TRANSITION_CONTROL: 397 tomoyo_del_transition_control(element); 398 break; 399 case TOMOYO_ID_MANAGER: 400 tomoyo_del_manager(element); 401 break; 402 case TOMOYO_ID_AGGREGATOR: 403 tomoyo_del_aggregator(element); 404 break; 405 case TOMOYO_ID_GROUP: 406 tomoyo_del_group(element); 407 break; 408 case TOMOYO_ID_PATH_GROUP: 409 tomoyo_del_path_group(element); 410 break; 411 case TOMOYO_ID_ADDRESS_GROUP: 412 tomoyo_del_address_group(element); 413 break; 414 case TOMOYO_ID_NUMBER_GROUP: 415 tomoyo_del_number_group(element); 416 break; 417 case TOMOYO_ID_CONDITION: 418 tomoyo_del_condition(element); 419 break; 420 case TOMOYO_ID_NAME: 421 /* 422 * Don't kfree() until all "struct tomoyo_io_buffer"->r.w[] 423 * forget this element. 424 */ 425 if (tomoyo_name_used_by_io_buffer 426 (container_of(element, typeof(struct tomoyo_name), 427 head.list)->entry.name)) 428 goto reinject; 429 tomoyo_del_name(element); 430 break; 431 case TOMOYO_ID_ACL: 432 tomoyo_del_acl(element); 433 break; 434 case TOMOYO_ID_DOMAIN: 435 /* 436 * Don't kfree() until all "struct cred"->security forget this 437 * element. 438 */ 439 if (atomic_read(&container_of 440 (element, typeof(struct tomoyo_domain_info), 441 list)->users)) 442 goto reinject; 443 break; 444 case TOMOYO_MAX_POLICY: 445 break; 446 } 447 mutex_lock(&tomoyo_policy_lock); 448 if (type == TOMOYO_ID_DOMAIN) 449 tomoyo_del_domain(element); 450 tomoyo_memory_free(element); 451 return; 452reinject: 453 /* 454 * We can safely reinject this element here bacause 455 * (1) Appending list elements and removing list elements are protected 456 * by tomoyo_policy_lock mutex. 457 * (2) Only this function removes list elements and this function is 458 * exclusively executed by tomoyo_gc_mutex mutex. 459 * are true. 460 */ 461 mutex_lock(&tomoyo_policy_lock); 462 list_add_rcu(element, element->prev); 463} 464 465/** 466 * tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head". 467 * 468 * @id: One of values in "enum tomoyo_policy_id". 469 * @member_list: Pointer to "struct list_head". 470 * 471 * Returns nothing. 472 */ 473static void tomoyo_collect_member(const enum tomoyo_policy_id id, 474 struct list_head *member_list) 475{ 476 struct tomoyo_acl_head *member; 477 struct tomoyo_acl_head *tmp; 478 list_for_each_entry_safe(member, tmp, member_list, list) { 479 if (!member->is_deleted) 480 continue; 481 member->is_deleted = TOMOYO_GC_IN_PROGRESS; 482 tomoyo_try_to_gc(id, &member->list); 483 } 484} 485 486/** 487 * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info". 488 * 489 * @list: Pointer to "struct list_head". 490 * 491 * Returns nothing. 492 */ 493static void tomoyo_collect_acl(struct list_head *list) 494{ 495 struct tomoyo_acl_info *acl; 496 struct tomoyo_acl_info *tmp; 497 list_for_each_entry_safe(acl, tmp, list, list) { 498 if (!acl->is_deleted) 499 continue; 500 acl->is_deleted = TOMOYO_GC_IN_PROGRESS; 501 tomoyo_try_to_gc(TOMOYO_ID_ACL, &acl->list); 502 } 503} 504 505/** 506 * tomoyo_collect_entry - Try to kfree() deleted elements. 507 * 508 * Returns nothing. 509 */ 510static void tomoyo_collect_entry(void) 511{ 512 int i; 513 enum tomoyo_policy_id id; 514 struct tomoyo_policy_namespace *ns; 515 mutex_lock(&tomoyo_policy_lock); 516 { 517 struct tomoyo_domain_info *domain; 518 struct tomoyo_domain_info *tmp; 519 list_for_each_entry_safe(domain, tmp, &tomoyo_domain_list, 520 list) { 521 tomoyo_collect_acl(&domain->acl_info_list); 522 if (!domain->is_deleted || atomic_read(&domain->users)) 523 continue; 524 tomoyo_try_to_gc(TOMOYO_ID_DOMAIN, &domain->list); 525 } 526 } 527 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 528 for (id = 0; id < TOMOYO_MAX_POLICY; id++) 529 tomoyo_collect_member(id, &ns->policy_list[id]); 530 for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) 531 tomoyo_collect_acl(&ns->acl_group[i]); 532 } 533 { 534 struct tomoyo_shared_acl_head *ptr; 535 struct tomoyo_shared_acl_head *tmp; 536 list_for_each_entry_safe(ptr, tmp, &tomoyo_condition_list, 537 list) { 538 if (atomic_read(&ptr->users) > 0) 539 continue; 540 atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS); 541 tomoyo_try_to_gc(TOMOYO_ID_CONDITION, &ptr->list); 542 } 543 } 544 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 545 for (i = 0; i < TOMOYO_MAX_GROUP; i++) { 546 struct list_head *list = &ns->group_list[i]; 547 struct tomoyo_group *group; 548 struct tomoyo_group *tmp; 549 switch (i) { 550 case 0: 551 id = TOMOYO_ID_PATH_GROUP; 552 break; 553 case 1: 554 id = TOMOYO_ID_NUMBER_GROUP; 555 break; 556 default: 557 id = TOMOYO_ID_ADDRESS_GROUP; 558 break; 559 } 560 list_for_each_entry_safe(group, tmp, list, head.list) { 561 tomoyo_collect_member(id, &group->member_list); 562 if (!list_empty(&group->member_list) || 563 atomic_read(&group->head.users) > 0) 564 continue; 565 atomic_set(&group->head.users, 566 TOMOYO_GC_IN_PROGRESS); 567 tomoyo_try_to_gc(TOMOYO_ID_GROUP, 568 &group->head.list); 569 } 570 } 571 } 572 for (i = 0; i < TOMOYO_MAX_HASH; i++) { 573 struct list_head *list = &tomoyo_name_list[i]; 574 struct tomoyo_shared_acl_head *ptr; 575 struct tomoyo_shared_acl_head *tmp; 576 list_for_each_entry_safe(ptr, tmp, list, list) { 577 if (atomic_read(&ptr->users) > 0) 578 continue; 579 atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS); 580 tomoyo_try_to_gc(TOMOYO_ID_NAME, &ptr->list); 581 } 582 } 583 mutex_unlock(&tomoyo_policy_lock); 584} 585 586/** 587 * tomoyo_gc_thread - Garbage collector thread function. 588 * 589 * @unused: Unused. 590 * 591 * Returns 0. 592 */ 593static int tomoyo_gc_thread(void *unused) 594{ 595 /* Garbage collector thread is exclusive. */ 596 static DEFINE_MUTEX(tomoyo_gc_mutex); 597 if (!mutex_trylock(&tomoyo_gc_mutex)) 598 goto out; 599 tomoyo_collect_entry(); 600 { 601 struct tomoyo_io_buffer *head; 602 struct tomoyo_io_buffer *tmp; 603 604 spin_lock(&tomoyo_io_buffer_list_lock); 605 list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list, 606 list) { 607 if (head->users) 608 continue; 609 list_del(&head->list); 610 kfree(head->read_buf); 611 kfree(head->write_buf); 612 kfree(head); 613 } 614 spin_unlock(&tomoyo_io_buffer_list_lock); 615 } 616 mutex_unlock(&tomoyo_gc_mutex); 617out: 618 /* This acts as do_exit(0). */ 619 return 0; 620} 621 622/** 623 * tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users. 624 * 625 * @head: Pointer to "struct tomoyo_io_buffer". 626 * @is_register: True if register, false if unregister. 627 * 628 * Returns nothing. 629 */ 630void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register) 631{ 632 bool is_write = false; 633 634 spin_lock(&tomoyo_io_buffer_list_lock); 635 if (is_register) { 636 head->users = 1; 637 list_add(&head->list, &tomoyo_io_buffer_list); 638 } else { 639 is_write = head->write_buf != NULL; 640 if (!--head->users) { 641 list_del(&head->list); 642 kfree(head->read_buf); 643 kfree(head->write_buf); 644 kfree(head); 645 } 646 } 647 spin_unlock(&tomoyo_io_buffer_list_lock); 648 if (is_write) { 649 struct task_struct *task = kthread_create(tomoyo_gc_thread, 650 NULL, 651 "GC for TOMOYO"); 652 if (!IS_ERR(task)) 653 wake_up_process(task); 654 } 655} 656