This source file includes following definitions.
- tomoyo_memory_free
- tomoyo_struct_used_by_io_buffer
- tomoyo_name_used_by_io_buffer
- tomoyo_del_transition_control
- tomoyo_del_aggregator
- tomoyo_del_manager
- tomoyo_del_acl
- tomoyo_del_domain
- tomoyo_del_condition
- tomoyo_del_name
- tomoyo_del_path_group
- tomoyo_del_group
- tomoyo_del_address_group
- tomoyo_del_number_group
- tomoyo_try_to_gc
- tomoyo_collect_member
- tomoyo_collect_acl
- tomoyo_collect_entry
- tomoyo_gc_thread
- tomoyo_notify_gc
1
2
3
4
5
6
7
8 #include "common.h"
9 #include <linux/kthread.h>
10 #include <linux/slab.h>
11
12
13
14
15
16
17
18
19
20
21 static inline void tomoyo_memory_free(void *ptr)
22 {
23 tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= ksize(ptr);
24 kfree(ptr);
25 }
26
27
28 static LIST_HEAD(tomoyo_io_buffer_list);
29
30 static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
31
32
33
34
35
36
37
38
39
40 static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element)
41 {
42 struct tomoyo_io_buffer *head;
43 bool in_use = false;
44
45 spin_lock(&tomoyo_io_buffer_list_lock);
46 list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
47 head->users++;
48 spin_unlock(&tomoyo_io_buffer_list_lock);
49 mutex_lock(&head->io_sem);
50 if (head->r.domain == element || head->r.group == element ||
51 head->r.acl == element || &head->w.domain->list == element)
52 in_use = true;
53 mutex_unlock(&head->io_sem);
54 spin_lock(&tomoyo_io_buffer_list_lock);
55 head->users--;
56 if (in_use)
57 break;
58 }
59 spin_unlock(&tomoyo_io_buffer_list_lock);
60 return in_use;
61 }
62
63
64
65
66
67
68
69
70
71 static bool tomoyo_name_used_by_io_buffer(const char *string)
72 {
73 struct tomoyo_io_buffer *head;
74 const size_t size = strlen(string) + 1;
75 bool in_use = false;
76
77 spin_lock(&tomoyo_io_buffer_list_lock);
78 list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
79 int i;
80
81 head->users++;
82 spin_unlock(&tomoyo_io_buffer_list_lock);
83 mutex_lock(&head->io_sem);
84 for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) {
85 const char *w = head->r.w[i];
86
87 if (w < string || w > string + size)
88 continue;
89 in_use = true;
90 break;
91 }
92 mutex_unlock(&head->io_sem);
93 spin_lock(&tomoyo_io_buffer_list_lock);
94 head->users--;
95 if (in_use)
96 break;
97 }
98 spin_unlock(&tomoyo_io_buffer_list_lock);
99 return in_use;
100 }
101
102
103
104
105
106
107
108
109 static inline void tomoyo_del_transition_control(struct list_head *element)
110 {
111 struct tomoyo_transition_control *ptr =
112 container_of(element, typeof(*ptr), head.list);
113
114 tomoyo_put_name(ptr->domainname);
115 tomoyo_put_name(ptr->program);
116 }
117
118
119
120
121
122
123
124
125 static inline void tomoyo_del_aggregator(struct list_head *element)
126 {
127 struct tomoyo_aggregator *ptr =
128 container_of(element, typeof(*ptr), head.list);
129
130 tomoyo_put_name(ptr->original_name);
131 tomoyo_put_name(ptr->aggregated_name);
132 }
133
134
135
136
137
138
139
140
141 static inline void tomoyo_del_manager(struct list_head *element)
142 {
143 struct tomoyo_manager *ptr =
144 container_of(element, typeof(*ptr), head.list);
145
146 tomoyo_put_name(ptr->manager);
147 }
148
149
150
151
152
153
154
155
156 static void tomoyo_del_acl(struct list_head *element)
157 {
158 struct tomoyo_acl_info *acl =
159 container_of(element, typeof(*acl), list);
160
161 tomoyo_put_condition(acl->cond);
162 switch (acl->type) {
163 case TOMOYO_TYPE_PATH_ACL:
164 {
165 struct tomoyo_path_acl *entry
166 = container_of(acl, typeof(*entry), head);
167 tomoyo_put_name_union(&entry->name);
168 }
169 break;
170 case TOMOYO_TYPE_PATH2_ACL:
171 {
172 struct tomoyo_path2_acl *entry
173 = container_of(acl, typeof(*entry), head);
174 tomoyo_put_name_union(&entry->name1);
175 tomoyo_put_name_union(&entry->name2);
176 }
177 break;
178 case TOMOYO_TYPE_PATH_NUMBER_ACL:
179 {
180 struct tomoyo_path_number_acl *entry
181 = container_of(acl, typeof(*entry), head);
182 tomoyo_put_name_union(&entry->name);
183 tomoyo_put_number_union(&entry->number);
184 }
185 break;
186 case TOMOYO_TYPE_MKDEV_ACL:
187 {
188 struct tomoyo_mkdev_acl *entry
189 = container_of(acl, typeof(*entry), head);
190 tomoyo_put_name_union(&entry->name);
191 tomoyo_put_number_union(&entry->mode);
192 tomoyo_put_number_union(&entry->major);
193 tomoyo_put_number_union(&entry->minor);
194 }
195 break;
196 case TOMOYO_TYPE_MOUNT_ACL:
197 {
198 struct tomoyo_mount_acl *entry
199 = container_of(acl, typeof(*entry), head);
200 tomoyo_put_name_union(&entry->dev_name);
201 tomoyo_put_name_union(&entry->dir_name);
202 tomoyo_put_name_union(&entry->fs_type);
203 tomoyo_put_number_union(&entry->flags);
204 }
205 break;
206 case TOMOYO_TYPE_ENV_ACL:
207 {
208 struct tomoyo_env_acl *entry =
209 container_of(acl, typeof(*entry), head);
210
211 tomoyo_put_name(entry->env);
212 }
213 break;
214 case TOMOYO_TYPE_INET_ACL:
215 {
216 struct tomoyo_inet_acl *entry =
217 container_of(acl, typeof(*entry), head);
218
219 tomoyo_put_group(entry->address.group);
220 tomoyo_put_number_union(&entry->port);
221 }
222 break;
223 case TOMOYO_TYPE_UNIX_ACL:
224 {
225 struct tomoyo_unix_acl *entry =
226 container_of(acl, typeof(*entry), head);
227
228 tomoyo_put_name_union(&entry->name);
229 }
230 break;
231 case TOMOYO_TYPE_MANUAL_TASK_ACL:
232 {
233 struct tomoyo_task_acl *entry =
234 container_of(acl, typeof(*entry), head);
235
236 tomoyo_put_name(entry->domainname);
237 }
238 break;
239 }
240 }
241
242
243
244
245
246
247
248
249
250
251 static inline void tomoyo_del_domain(struct list_head *element)
252 {
253 struct tomoyo_domain_info *domain =
254 container_of(element, typeof(*domain), list);
255 struct tomoyo_acl_info *acl;
256 struct tomoyo_acl_info *tmp;
257
258
259
260
261
262
263 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
264 tomoyo_del_acl(&acl->list);
265 tomoyo_memory_free(acl);
266 }
267 tomoyo_put_name(domain->domainname);
268 }
269
270
271
272
273
274
275
276
277 void tomoyo_del_condition(struct list_head *element)
278 {
279 struct tomoyo_condition *cond = container_of(element, typeof(*cond),
280 head.list);
281 const u16 condc = cond->condc;
282 const u16 numbers_count = cond->numbers_count;
283 const u16 names_count = cond->names_count;
284 const u16 argc = cond->argc;
285 const u16 envc = cond->envc;
286 unsigned int i;
287 const struct tomoyo_condition_element *condp
288 = (const struct tomoyo_condition_element *) (cond + 1);
289 struct tomoyo_number_union *numbers_p
290 = (struct tomoyo_number_union *) (condp + condc);
291 struct tomoyo_name_union *names_p
292 = (struct tomoyo_name_union *) (numbers_p + numbers_count);
293 const struct tomoyo_argv *argv
294 = (const struct tomoyo_argv *) (names_p + names_count);
295 const struct tomoyo_envp *envp
296 = (const struct tomoyo_envp *) (argv + argc);
297
298 for (i = 0; i < numbers_count; i++)
299 tomoyo_put_number_union(numbers_p++);
300 for (i = 0; i < names_count; i++)
301 tomoyo_put_name_union(names_p++);
302 for (i = 0; i < argc; argv++, i++)
303 tomoyo_put_name(argv->value);
304 for (i = 0; i < envc; envp++, i++) {
305 tomoyo_put_name(envp->name);
306 tomoyo_put_name(envp->value);
307 }
308 }
309
310
311
312
313
314
315
316
317 static inline void tomoyo_del_name(struct list_head *element)
318 {
319
320 }
321
322
323
324
325
326
327
328
329 static inline void tomoyo_del_path_group(struct list_head *element)
330 {
331 struct tomoyo_path_group *member =
332 container_of(element, typeof(*member), head.list);
333
334 tomoyo_put_name(member->member_name);
335 }
336
337
338
339
340
341
342
343
344 static inline void tomoyo_del_group(struct list_head *element)
345 {
346 struct tomoyo_group *group =
347 container_of(element, typeof(*group), head.list);
348
349 tomoyo_put_name(group->group_name);
350 }
351
352
353
354
355
356
357
358
359 static inline void tomoyo_del_address_group(struct list_head *element)
360 {
361
362 }
363
364
365
366
367
368
369
370
371 static inline void tomoyo_del_number_group(struct list_head *element)
372 {
373
374 }
375
376
377
378
379
380
381
382
383
384
385
386 static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
387 struct list_head *element)
388 {
389
390
391
392
393
394
395 __list_del_entry(element);
396 mutex_unlock(&tomoyo_policy_lock);
397 synchronize_srcu(&tomoyo_ss);
398
399
400
401
402
403
404
405 if (tomoyo_struct_used_by_io_buffer(element))
406 goto reinject;
407 switch (type) {
408 case TOMOYO_ID_TRANSITION_CONTROL:
409 tomoyo_del_transition_control(element);
410 break;
411 case TOMOYO_ID_MANAGER:
412 tomoyo_del_manager(element);
413 break;
414 case TOMOYO_ID_AGGREGATOR:
415 tomoyo_del_aggregator(element);
416 break;
417 case TOMOYO_ID_GROUP:
418 tomoyo_del_group(element);
419 break;
420 case TOMOYO_ID_PATH_GROUP:
421 tomoyo_del_path_group(element);
422 break;
423 case TOMOYO_ID_ADDRESS_GROUP:
424 tomoyo_del_address_group(element);
425 break;
426 case TOMOYO_ID_NUMBER_GROUP:
427 tomoyo_del_number_group(element);
428 break;
429 case TOMOYO_ID_CONDITION:
430 tomoyo_del_condition(element);
431 break;
432 case TOMOYO_ID_NAME:
433
434
435
436
437 if (tomoyo_name_used_by_io_buffer
438 (container_of(element, typeof(struct tomoyo_name),
439 head.list)->entry.name))
440 goto reinject;
441 tomoyo_del_name(element);
442 break;
443 case TOMOYO_ID_ACL:
444 tomoyo_del_acl(element);
445 break;
446 case TOMOYO_ID_DOMAIN:
447
448
449
450
451 if (atomic_read(&container_of
452 (element, typeof(struct tomoyo_domain_info),
453 list)->users))
454 goto reinject;
455 break;
456 case TOMOYO_MAX_POLICY:
457 break;
458 }
459 mutex_lock(&tomoyo_policy_lock);
460 if (type == TOMOYO_ID_DOMAIN)
461 tomoyo_del_domain(element);
462 tomoyo_memory_free(element);
463 return;
464 reinject:
465
466
467
468
469
470
471
472
473 mutex_lock(&tomoyo_policy_lock);
474 list_add_rcu(element, element->prev);
475 }
476
477
478
479
480
481
482
483
484
485 static void tomoyo_collect_member(const enum tomoyo_policy_id id,
486 struct list_head *member_list)
487 {
488 struct tomoyo_acl_head *member;
489 struct tomoyo_acl_head *tmp;
490
491 list_for_each_entry_safe(member, tmp, member_list, list) {
492 if (!member->is_deleted)
493 continue;
494 member->is_deleted = TOMOYO_GC_IN_PROGRESS;
495 tomoyo_try_to_gc(id, &member->list);
496 }
497 }
498
499
500
501
502
503
504
505
506 static void tomoyo_collect_acl(struct list_head *list)
507 {
508 struct tomoyo_acl_info *acl;
509 struct tomoyo_acl_info *tmp;
510
511 list_for_each_entry_safe(acl, tmp, list, list) {
512 if (!acl->is_deleted)
513 continue;
514 acl->is_deleted = TOMOYO_GC_IN_PROGRESS;
515 tomoyo_try_to_gc(TOMOYO_ID_ACL, &acl->list);
516 }
517 }
518
519
520
521
522
523
524 static void tomoyo_collect_entry(void)
525 {
526 int i;
527 enum tomoyo_policy_id id;
528 struct tomoyo_policy_namespace *ns;
529
530 mutex_lock(&tomoyo_policy_lock);
531 {
532 struct tomoyo_domain_info *domain;
533 struct tomoyo_domain_info *tmp;
534
535 list_for_each_entry_safe(domain, tmp, &tomoyo_domain_list,
536 list) {
537 tomoyo_collect_acl(&domain->acl_info_list);
538 if (!domain->is_deleted || atomic_read(&domain->users))
539 continue;
540 tomoyo_try_to_gc(TOMOYO_ID_DOMAIN, &domain->list);
541 }
542 }
543 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
544 for (id = 0; id < TOMOYO_MAX_POLICY; id++)
545 tomoyo_collect_member(id, &ns->policy_list[id]);
546 for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
547 tomoyo_collect_acl(&ns->acl_group[i]);
548 }
549 {
550 struct tomoyo_shared_acl_head *ptr;
551 struct tomoyo_shared_acl_head *tmp;
552
553 list_for_each_entry_safe(ptr, tmp, &tomoyo_condition_list,
554 list) {
555 if (atomic_read(&ptr->users) > 0)
556 continue;
557 atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
558 tomoyo_try_to_gc(TOMOYO_ID_CONDITION, &ptr->list);
559 }
560 }
561 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
562 for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
563 struct list_head *list = &ns->group_list[i];
564 struct tomoyo_group *group;
565 struct tomoyo_group *tmp;
566
567 switch (i) {
568 case 0:
569 id = TOMOYO_ID_PATH_GROUP;
570 break;
571 case 1:
572 id = TOMOYO_ID_NUMBER_GROUP;
573 break;
574 default:
575 id = TOMOYO_ID_ADDRESS_GROUP;
576 break;
577 }
578 list_for_each_entry_safe(group, tmp, list, head.list) {
579 tomoyo_collect_member(id, &group->member_list);
580 if (!list_empty(&group->member_list) ||
581 atomic_read(&group->head.users) > 0)
582 continue;
583 atomic_set(&group->head.users,
584 TOMOYO_GC_IN_PROGRESS);
585 tomoyo_try_to_gc(TOMOYO_ID_GROUP,
586 &group->head.list);
587 }
588 }
589 }
590 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
591 struct list_head *list = &tomoyo_name_list[i];
592 struct tomoyo_shared_acl_head *ptr;
593 struct tomoyo_shared_acl_head *tmp;
594
595 list_for_each_entry_safe(ptr, tmp, list, list) {
596 if (atomic_read(&ptr->users) > 0)
597 continue;
598 atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
599 tomoyo_try_to_gc(TOMOYO_ID_NAME, &ptr->list);
600 }
601 }
602 mutex_unlock(&tomoyo_policy_lock);
603 }
604
605
606
607
608
609
610
611
612 static int tomoyo_gc_thread(void *unused)
613 {
614
615 static DEFINE_MUTEX(tomoyo_gc_mutex);
616
617 if (!mutex_trylock(&tomoyo_gc_mutex))
618 goto out;
619 tomoyo_collect_entry();
620 {
621 struct tomoyo_io_buffer *head;
622 struct tomoyo_io_buffer *tmp;
623
624 spin_lock(&tomoyo_io_buffer_list_lock);
625 list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list,
626 list) {
627 if (head->users)
628 continue;
629 list_del(&head->list);
630 kfree(head->read_buf);
631 kfree(head->write_buf);
632 kfree(head);
633 }
634 spin_unlock(&tomoyo_io_buffer_list_lock);
635 }
636 mutex_unlock(&tomoyo_gc_mutex);
637 out:
638
639 return 0;
640 }
641
642
643
644
645
646
647
648
649
650 void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register)
651 {
652 bool is_write = false;
653
654 spin_lock(&tomoyo_io_buffer_list_lock);
655 if (is_register) {
656 head->users = 1;
657 list_add(&head->list, &tomoyo_io_buffer_list);
658 } else {
659 is_write = head->write_buf != NULL;
660 if (!--head->users) {
661 list_del(&head->list);
662 kfree(head->read_buf);
663 kfree(head->write_buf);
664 kfree(head);
665 }
666 }
667 spin_unlock(&tomoyo_io_buffer_list_lock);
668 if (is_write)
669 kthread_run(tomoyo_gc_thread, NULL, "GC for TOMOYO");
670 }