This source file includes following definitions.
- css_to_devcgroup
- task_devcgroup
- dev_exceptions_copy
- dev_exception_add
- dev_exception_rm
- __dev_exception_clean
- dev_exception_clean
- is_devcg_online
- devcgroup_online
- devcgroup_offline
- devcgroup_css_alloc
- devcgroup_css_free
- set_access
- type_to_char
- set_majmin
- devcgroup_seq_show
- match_exception
- match_exception_partial
- verify_new_ex
- parent_has_perm
- parent_allows_removal
- may_allow_all
- revalidate_active_exceptions
- propagate_exception
- devcgroup_update_access
- devcgroup_access_write
- __devcgroup_check_permission
1
2
3
4
5
6
7
8 #include <linux/device_cgroup.h>
9 #include <linux/cgroup.h>
10 #include <linux/ctype.h>
11 #include <linux/list.h>
12 #include <linux/uaccess.h>
13 #include <linux/seq_file.h>
14 #include <linux/slab.h>
15 #include <linux/rcupdate.h>
16 #include <linux/mutex.h>
17
18 static DEFINE_MUTEX(devcgroup_mutex);
19
20 enum devcg_behavior {
21 DEVCG_DEFAULT_NONE,
22 DEVCG_DEFAULT_ALLOW,
23 DEVCG_DEFAULT_DENY,
24 };
25
26
27
28
29
30
31
32 struct dev_exception_item {
33 u32 major, minor;
34 short type;
35 short access;
36 struct list_head list;
37 struct rcu_head rcu;
38 };
39
40 struct dev_cgroup {
41 struct cgroup_subsys_state css;
42 struct list_head exceptions;
43 enum devcg_behavior behavior;
44 };
45
46 static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
47 {
48 return s ? container_of(s, struct dev_cgroup, css) : NULL;
49 }
50
51 static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
52 {
53 return css_to_devcgroup(task_css(task, devices_cgrp_id));
54 }
55
56
57
58
59 static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig)
60 {
61 struct dev_exception_item *ex, *tmp, *new;
62
63 lockdep_assert_held(&devcgroup_mutex);
64
65 list_for_each_entry(ex, orig, list) {
66 new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
67 if (!new)
68 goto free_and_exit;
69 list_add_tail(&new->list, dest);
70 }
71
72 return 0;
73
74 free_and_exit:
75 list_for_each_entry_safe(ex, tmp, dest, list) {
76 list_del(&ex->list);
77 kfree(ex);
78 }
79 return -ENOMEM;
80 }
81
82
83
84
85 static int dev_exception_add(struct dev_cgroup *dev_cgroup,
86 struct dev_exception_item *ex)
87 {
88 struct dev_exception_item *excopy, *walk;
89
90 lockdep_assert_held(&devcgroup_mutex);
91
92 excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
93 if (!excopy)
94 return -ENOMEM;
95
96 list_for_each_entry(walk, &dev_cgroup->exceptions, list) {
97 if (walk->type != ex->type)
98 continue;
99 if (walk->major != ex->major)
100 continue;
101 if (walk->minor != ex->minor)
102 continue;
103
104 walk->access |= ex->access;
105 kfree(excopy);
106 excopy = NULL;
107 }
108
109 if (excopy != NULL)
110 list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions);
111 return 0;
112 }
113
114
115
116
117 static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
118 struct dev_exception_item *ex)
119 {
120 struct dev_exception_item *walk, *tmp;
121
122 lockdep_assert_held(&devcgroup_mutex);
123
124 list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) {
125 if (walk->type != ex->type)
126 continue;
127 if (walk->major != ex->major)
128 continue;
129 if (walk->minor != ex->minor)
130 continue;
131
132 walk->access &= ~ex->access;
133 if (!walk->access) {
134 list_del_rcu(&walk->list);
135 kfree_rcu(walk, rcu);
136 }
137 }
138 }
139
140 static void __dev_exception_clean(struct dev_cgroup *dev_cgroup)
141 {
142 struct dev_exception_item *ex, *tmp;
143
144 list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
145 list_del_rcu(&ex->list);
146 kfree_rcu(ex, rcu);
147 }
148 }
149
150
151
152
153
154
155
156 static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
157 {
158 lockdep_assert_held(&devcgroup_mutex);
159
160 __dev_exception_clean(dev_cgroup);
161 }
162
163 static inline bool is_devcg_online(const struct dev_cgroup *devcg)
164 {
165 return (devcg->behavior != DEVCG_DEFAULT_NONE);
166 }
167
168
169
170
171
172
173
174 static int devcgroup_online(struct cgroup_subsys_state *css)
175 {
176 struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
177 struct dev_cgroup *parent_dev_cgroup = css_to_devcgroup(css->parent);
178 int ret = 0;
179
180 mutex_lock(&devcgroup_mutex);
181
182 if (parent_dev_cgroup == NULL)
183 dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
184 else {
185 ret = dev_exceptions_copy(&dev_cgroup->exceptions,
186 &parent_dev_cgroup->exceptions);
187 if (!ret)
188 dev_cgroup->behavior = parent_dev_cgroup->behavior;
189 }
190 mutex_unlock(&devcgroup_mutex);
191
192 return ret;
193 }
194
195 static void devcgroup_offline(struct cgroup_subsys_state *css)
196 {
197 struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
198
199 mutex_lock(&devcgroup_mutex);
200 dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
201 mutex_unlock(&devcgroup_mutex);
202 }
203
204
205
206
207 static struct cgroup_subsys_state *
208 devcgroup_css_alloc(struct cgroup_subsys_state *parent_css)
209 {
210 struct dev_cgroup *dev_cgroup;
211
212 dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
213 if (!dev_cgroup)
214 return ERR_PTR(-ENOMEM);
215 INIT_LIST_HEAD(&dev_cgroup->exceptions);
216 dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
217
218 return &dev_cgroup->css;
219 }
220
221 static void devcgroup_css_free(struct cgroup_subsys_state *css)
222 {
223 struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
224
225 __dev_exception_clean(dev_cgroup);
226 kfree(dev_cgroup);
227 }
228
229 #define DEVCG_ALLOW 1
230 #define DEVCG_DENY 2
231 #define DEVCG_LIST 3
232
233 #define MAJMINLEN 13
234 #define ACCLEN 4
235
236 static void set_access(char *acc, short access)
237 {
238 int idx = 0;
239 memset(acc, 0, ACCLEN);
240 if (access & DEVCG_ACC_READ)
241 acc[idx++] = 'r';
242 if (access & DEVCG_ACC_WRITE)
243 acc[idx++] = 'w';
244 if (access & DEVCG_ACC_MKNOD)
245 acc[idx++] = 'm';
246 }
247
248 static char type_to_char(short type)
249 {
250 if (type == DEVCG_DEV_ALL)
251 return 'a';
252 if (type == DEVCG_DEV_CHAR)
253 return 'c';
254 if (type == DEVCG_DEV_BLOCK)
255 return 'b';
256 return 'X';
257 }
258
259 static void set_majmin(char *str, unsigned m)
260 {
261 if (m == ~0)
262 strcpy(str, "*");
263 else
264 sprintf(str, "%u", m);
265 }
266
267 static int devcgroup_seq_show(struct seq_file *m, void *v)
268 {
269 struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
270 struct dev_exception_item *ex;
271 char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
272
273 rcu_read_lock();
274
275
276
277
278
279
280 if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
281 set_access(acc, DEVCG_ACC_MASK);
282 set_majmin(maj, ~0);
283 set_majmin(min, ~0);
284 seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
285 maj, min, acc);
286 } else {
287 list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
288 set_access(acc, ex->access);
289 set_majmin(maj, ex->major);
290 set_majmin(min, ex->minor);
291 seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
292 maj, min, acc);
293 }
294 }
295 rcu_read_unlock();
296
297 return 0;
298 }
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313 static bool match_exception(struct list_head *exceptions, short type,
314 u32 major, u32 minor, short access)
315 {
316 struct dev_exception_item *ex;
317
318 list_for_each_entry_rcu(ex, exceptions, list) {
319 if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
320 continue;
321 if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
322 continue;
323 if (ex->major != ~0 && ex->major != major)
324 continue;
325 if (ex->minor != ~0 && ex->minor != minor)
326 continue;
327
328 if (access & (~ex->access))
329 continue;
330 return true;
331 }
332 return false;
333 }
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350 static bool match_exception_partial(struct list_head *exceptions, short type,
351 u32 major, u32 minor, short access)
352 {
353 struct dev_exception_item *ex;
354
355 list_for_each_entry_rcu(ex, exceptions, list) {
356 if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
357 continue;
358 if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
359 continue;
360
361
362
363
364 if (ex->major != ~0 && major != ~0 && ex->major != major)
365 continue;
366 if (ex->minor != ~0 && minor != ~0 && ex->minor != minor)
367 continue;
368
369
370
371
372
373 if (!(access & ex->access))
374 continue;
375 return true;
376 }
377 return false;
378 }
379
380
381
382
383
384
385
386
387
388
389 static bool verify_new_ex(struct dev_cgroup *dev_cgroup,
390 struct dev_exception_item *refex,
391 enum devcg_behavior behavior)
392 {
393 bool match = false;
394
395 RCU_LOCKDEP_WARN(!rcu_read_lock_held() &&
396 !lockdep_is_held(&devcgroup_mutex),
397 "device_cgroup:verify_new_ex called without proper synchronization");
398
399 if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
400 if (behavior == DEVCG_DEFAULT_ALLOW) {
401
402
403
404
405 return true;
406 } else {
407
408
409
410
411
412 match = match_exception_partial(&dev_cgroup->exceptions,
413 refex->type,
414 refex->major,
415 refex->minor,
416 refex->access);
417
418 if (match)
419 return false;
420 return true;
421 }
422 } else {
423
424
425
426
427
428
429 match = match_exception(&dev_cgroup->exceptions, refex->type,
430 refex->major, refex->minor,
431 refex->access);
432
433 if (match)
434
435 return true;
436 else
437 return false;
438 }
439 return false;
440 }
441
442
443
444
445
446
447 static int parent_has_perm(struct dev_cgroup *childcg,
448 struct dev_exception_item *ex)
449 {
450 struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent);
451
452 if (!parent)
453 return 1;
454 return verify_new_ex(parent, ex, childcg->behavior);
455 }
456
457
458
459
460
461
462
463
464
465
466
467
468 static bool parent_allows_removal(struct dev_cgroup *childcg,
469 struct dev_exception_item *ex)
470 {
471 struct dev_cgroup *parent = css_to_devcgroup(childcg->css.parent);
472
473 if (!parent)
474 return true;
475
476
477 if (childcg->behavior == DEVCG_DEFAULT_DENY)
478 return true;
479
480
481
482
483
484 return !match_exception_partial(&parent->exceptions, ex->type,
485 ex->major, ex->minor, ex->access);
486 }
487
488
489
490
491
492
493
494 static inline int may_allow_all(struct dev_cgroup *parent)
495 {
496 if (!parent)
497 return 1;
498 return parent->behavior == DEVCG_DEFAULT_ALLOW;
499 }
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514 static void revalidate_active_exceptions(struct dev_cgroup *devcg)
515 {
516 struct dev_exception_item *ex;
517 struct list_head *this, *tmp;
518
519 list_for_each_safe(this, tmp, &devcg->exceptions) {
520 ex = container_of(this, struct dev_exception_item, list);
521 if (!parent_has_perm(devcg, ex))
522 dev_exception_rm(devcg, ex);
523 }
524 }
525
526
527
528
529
530
531
532
533 static int propagate_exception(struct dev_cgroup *devcg_root,
534 struct dev_exception_item *ex)
535 {
536 struct cgroup_subsys_state *pos;
537 int rc = 0;
538
539 rcu_read_lock();
540
541 css_for_each_descendant_pre(pos, &devcg_root->css) {
542 struct dev_cgroup *devcg = css_to_devcgroup(pos);
543
544
545
546
547
548
549
550 if (pos == &devcg_root->css || !is_devcg_online(devcg))
551 continue;
552
553 rcu_read_unlock();
554
555
556
557
558
559 if (devcg_root->behavior == DEVCG_DEFAULT_ALLOW &&
560 devcg->behavior == DEVCG_DEFAULT_ALLOW) {
561 rc = dev_exception_add(devcg, ex);
562 if (rc)
563 return rc;
564 } else {
565
566
567
568
569
570
571 dev_exception_rm(devcg, ex);
572 }
573 revalidate_active_exceptions(devcg);
574
575 rcu_read_lock();
576 }
577
578 rcu_read_unlock();
579 return rc;
580 }
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595 static int devcgroup_update_access(struct dev_cgroup *devcgroup,
596 int filetype, char *buffer)
597 {
598 const char *b;
599 char temp[12];
600 int count, rc = 0;
601 struct dev_exception_item ex;
602 struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent);
603
604 if (!capable(CAP_SYS_ADMIN))
605 return -EPERM;
606
607 memset(&ex, 0, sizeof(ex));
608 b = buffer;
609
610 switch (*b) {
611 case 'a':
612 switch (filetype) {
613 case DEVCG_ALLOW:
614 if (css_has_online_children(&devcgroup->css))
615 return -EINVAL;
616
617 if (!may_allow_all(parent))
618 return -EPERM;
619 dev_exception_clean(devcgroup);
620 devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
621 if (!parent)
622 break;
623
624 rc = dev_exceptions_copy(&devcgroup->exceptions,
625 &parent->exceptions);
626 if (rc)
627 return rc;
628 break;
629 case DEVCG_DENY:
630 if (css_has_online_children(&devcgroup->css))
631 return -EINVAL;
632
633 dev_exception_clean(devcgroup);
634 devcgroup->behavior = DEVCG_DEFAULT_DENY;
635 break;
636 default:
637 return -EINVAL;
638 }
639 return 0;
640 case 'b':
641 ex.type = DEVCG_DEV_BLOCK;
642 break;
643 case 'c':
644 ex.type = DEVCG_DEV_CHAR;
645 break;
646 default:
647 return -EINVAL;
648 }
649 b++;
650 if (!isspace(*b))
651 return -EINVAL;
652 b++;
653 if (*b == '*') {
654 ex.major = ~0;
655 b++;
656 } else if (isdigit(*b)) {
657 memset(temp, 0, sizeof(temp));
658 for (count = 0; count < sizeof(temp) - 1; count++) {
659 temp[count] = *b;
660 b++;
661 if (!isdigit(*b))
662 break;
663 }
664 rc = kstrtou32(temp, 10, &ex.major);
665 if (rc)
666 return -EINVAL;
667 } else {
668 return -EINVAL;
669 }
670 if (*b != ':')
671 return -EINVAL;
672 b++;
673
674
675 if (*b == '*') {
676 ex.minor = ~0;
677 b++;
678 } else if (isdigit(*b)) {
679 memset(temp, 0, sizeof(temp));
680 for (count = 0; count < sizeof(temp) - 1; count++) {
681 temp[count] = *b;
682 b++;
683 if (!isdigit(*b))
684 break;
685 }
686 rc = kstrtou32(temp, 10, &ex.minor);
687 if (rc)
688 return -EINVAL;
689 } else {
690 return -EINVAL;
691 }
692 if (!isspace(*b))
693 return -EINVAL;
694 for (b++, count = 0; count < 3; count++, b++) {
695 switch (*b) {
696 case 'r':
697 ex.access |= DEVCG_ACC_READ;
698 break;
699 case 'w':
700 ex.access |= DEVCG_ACC_WRITE;
701 break;
702 case 'm':
703 ex.access |= DEVCG_ACC_MKNOD;
704 break;
705 case '\n':
706 case '\0':
707 count = 3;
708 break;
709 default:
710 return -EINVAL;
711 }
712 }
713
714 switch (filetype) {
715 case DEVCG_ALLOW:
716
717
718
719
720
721 if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
722
723 if (!parent_allows_removal(devcgroup, &ex))
724 return -EPERM;
725 dev_exception_rm(devcgroup, &ex);
726 break;
727 }
728
729 if (!parent_has_perm(devcgroup, &ex))
730 return -EPERM;
731 rc = dev_exception_add(devcgroup, &ex);
732 break;
733 case DEVCG_DENY:
734
735
736
737
738
739 if (devcgroup->behavior == DEVCG_DEFAULT_DENY)
740 dev_exception_rm(devcgroup, &ex);
741 else
742 rc = dev_exception_add(devcgroup, &ex);
743
744 if (rc)
745 break;
746
747 rc = propagate_exception(devcgroup, &ex);
748 break;
749 default:
750 rc = -EINVAL;
751 }
752 return rc;
753 }
754
755 static ssize_t devcgroup_access_write(struct kernfs_open_file *of,
756 char *buf, size_t nbytes, loff_t off)
757 {
758 int retval;
759
760 mutex_lock(&devcgroup_mutex);
761 retval = devcgroup_update_access(css_to_devcgroup(of_css(of)),
762 of_cft(of)->private, strstrip(buf));
763 mutex_unlock(&devcgroup_mutex);
764 return retval ?: nbytes;
765 }
766
767 static struct cftype dev_cgroup_files[] = {
768 {
769 .name = "allow",
770 .write = devcgroup_access_write,
771 .private = DEVCG_ALLOW,
772 },
773 {
774 .name = "deny",
775 .write = devcgroup_access_write,
776 .private = DEVCG_DENY,
777 },
778 {
779 .name = "list",
780 .seq_show = devcgroup_seq_show,
781 .private = DEVCG_LIST,
782 },
783 { }
784 };
785
786 struct cgroup_subsys devices_cgrp_subsys = {
787 .css_alloc = devcgroup_css_alloc,
788 .css_free = devcgroup_css_free,
789 .css_online = devcgroup_online,
790 .css_offline = devcgroup_offline,
791 .legacy_cftypes = dev_cgroup_files,
792 };
793
794
795
796
797
798
799
800
801
802
803
804 int __devcgroup_check_permission(short type, u32 major, u32 minor,
805 short access)
806 {
807 struct dev_cgroup *dev_cgroup;
808 bool rc;
809
810 rcu_read_lock();
811 dev_cgroup = task_devcgroup(current);
812 if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW)
813
814 rc = !match_exception_partial(&dev_cgroup->exceptions,
815 type, major, minor, access);
816 else
817
818 rc = match_exception(&dev_cgroup->exceptions, type, major,
819 minor, access);
820 rcu_read_unlock();
821
822 if (!rc)
823 return -EPERM;
824
825 return 0;
826 }