fs/notify/fanotify/fanotify.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 #include <linux/fanotify.h>
   3 #include <linux/fdtable.h>
   4 #include <linux/fsnotify_backend.h>
   5 #include <linux/init.h>
   6 #include <linux/jiffies.h>
   7 #include <linux/kernel.h> /* UINT_MAX */
   8 #include <linux/mount.h>
   9 #include <linux/sched.h>
  10 #include <linux/sched/user.h>
  11 #include <linux/types.h>
  12 #include <linux/wait.h>
  13 #include <linux/audit.h>
  14
  15 #include "fanotify.h"
  16
  17 static bool should_merge(struct fsnotify_event *old_fsn,
  18                          struct fsnotify_event *new_fsn)
  19 {
  20         struct fanotify_event_info *old, *new;
  21
  22         pr_debug("%s: old=%p new=%p\n", __func__, old_fsn, new_fsn);
  23         old = FANOTIFY_E(old_fsn);
  24         new = FANOTIFY_E(new_fsn);
  25
  26         if (old_fsn->inode == new_fsn->inode && old->tgid == new->tgid &&
  27             old->path.mnt == new->path.mnt &&
  28             old->path.dentry == new->path.dentry)
  29                 return true;
  30         return false;
  31 }
  32
  33 /* and the list better be locked by something too! */
  34 static int fanotify_merge(struct list_head *list, struct fsnotify_event *event)
  35 {
  36         struct fsnotify_event *test_event;
  37
  38         pr_debug("%s: list=%p event=%p\n", __func__, list, event);
  39
  40         /*
  41          * Don't merge a permission event with any other event so that we know
  42          * the event structure we have created in fanotify_handle_event() is the
  43          * one we should check for permission response.
  44          */
  45         if (fanotify_is_perm_event(event->mask))
  46                 return 0;
  47
  48         list_for_each_entry_reverse(test_event, list, list) {
  49                 if (should_merge(test_event, event)) {
  50                         test_event->mask |= event->mask;
  51                         return 1;
  52                 }
  53         }
  54
  55         return 0;
  56 }
  57
  58 static int fanotify_get_response(struct fsnotify_group *group,
  59                                  struct fanotify_perm_event_info *event,
  60                                  struct fsnotify_iter_info *iter_info)
  61 {
  62         int ret;
  63
  64         pr_debug("%s: group=%p event=%p\n", __func__, group, event);
  65
  66         wait_event(group->fanotify_data.access_waitq, event->response);
  67
  68         /* userspace responded, convert to something usable */
  69         switch (event->response & ~FAN_AUDIT) {
  70         case FAN_ALLOW:
  71                 ret = 0;
  72                 break;
  73         case FAN_DENY:
  74         default:
  75                 ret = -EPERM;
  76         }
  77
  78         /* Check if the response should be audited */
  79         if (event->response & FAN_AUDIT)
  80                 audit_fanotify(event->response & ~FAN_AUDIT);
  81
  82         event->response = 0;
  83
  84         pr_debug("%s: group=%p event=%p about to return ret=%d\n", __func__,
  85                  group, event, ret);
  86
  87         return ret;
  88 }
  89
  90 static bool fanotify_should_send_event(struct fsnotify_iter_info *iter_info,
  91                                        u32 event_mask, const void *data,
  92                                        int data_type)
  93 {
  94         __u32 marks_mask = 0, marks_ignored_mask = 0;
  95         const struct path *path = data;
  96         struct fsnotify_mark *mark;
  97         int type;
  98
  99         pr_debug("%s: report_mask=%x mask=%x data=%p data_type=%d\n",
 100                  __func__, iter_info->report_mask, event_mask, data, data_type);
 101
 102         /* if we don't have enough info to send an event to userspace say no */
 103         if (data_type != FSNOTIFY_EVENT_PATH)
 104                 return false;
 105
 106         /* sorry, fanotify only gives a damn about files and dirs */
 107         if (!d_is_reg(path->dentry) &&
 108             !d_can_lookup(path->dentry))
 109                 return false;
 110
 111         fsnotify_foreach_obj_type(type) {
 112                 if (!fsnotify_iter_should_report_type(iter_info, type))
 113                         continue;
 114                 mark = iter_info->marks[type];
 115                 /*
 116                  * if the event is for a child and this inode doesn't care about
 117                  * events on the child, don't send it!
 118                  */
 119                 if (type == FSNOTIFY_OBJ_TYPE_INODE &&
 120                     (event_mask & FS_EVENT_ON_CHILD) &&
 121                     !(mark->mask & FS_EVENT_ON_CHILD))
 122                         continue;
 123
 124                 marks_mask |= mark->mask;
 125                 marks_ignored_mask |= mark->ignored_mask;
 126         }
 127
 128         if (d_is_dir(path->dentry) &&
 129             !(marks_mask & FS_ISDIR & ~marks_ignored_mask))
 130                 return false;
 131
 132         if (event_mask & FAN_ALL_OUTGOING_EVENTS & marks_mask &
 133                                  ~marks_ignored_mask)
 134                 return true;
 135
 136         return false;
 137 }
 138
 139 struct fanotify_event_info *fanotify_alloc_event(struct fsnotify_group *group,
 140                                                  struct inode *inode, u32 mask,
 141                                                  const struct path *path)
 142 {
 143         struct fanotify_event_info *event;
 144         gfp_t gfp = GFP_KERNEL;
 145
 146         /*
 147          * For queues with unlimited length lost events are not expected and
 148          * can possibly have security implications. Avoid losing events when
 149          * memory is short.
 150          */
 151         if (group->max_events == UINT_MAX)
 152                 gfp |= __GFP_NOFAIL;
 153
 154         if (fanotify_is_perm_event(mask)) {
 155                 struct fanotify_perm_event_info *pevent;
 156
 157                 pevent = kmem_cache_alloc(fanotify_perm_event_cachep, gfp);
 158                 if (!pevent)
 159                         return NULL;
 160                 event = &pevent->fae;
 161                 pevent->response = 0;
 162                 goto init;
 163         }
 164         event = kmem_cache_alloc(fanotify_event_cachep, gfp);
 165         if (!event)
 166                 return NULL;
 167 init: __maybe_unused
 168         fsnotify_init_event(&event->fse, inode, mask);
 169         event->tgid = get_pid(task_tgid(current));
 170         if (path) {
 171                 event->path = *path;
 172                 path_get(&event->path);
 173         } else {
 174                 event->path.mnt = NULL;
 175                 event->path.dentry = NULL;
 176         }
 177         return event;
 178 }
 179
 180 static int fanotify_handle_event(struct fsnotify_group *group,
 181                                  struct inode *inode,
 182                                  u32 mask, const void *data, int data_type,
 183                                  const unsigned char *file_name, u32 cookie,
 184                                  struct fsnotify_iter_info *iter_info)
 185 {
 186         int ret = 0;
 187         struct fanotify_event_info *event;
 188         struct fsnotify_event *fsn_event;
 189
 190         BUILD_BUG_ON(FAN_ACCESS != FS_ACCESS);
 191         BUILD_BUG_ON(FAN_MODIFY != FS_MODIFY);
 192         BUILD_BUG_ON(FAN_CLOSE_NOWRITE != FS_CLOSE_NOWRITE);
 193         BUILD_BUG_ON(FAN_CLOSE_WRITE != FS_CLOSE_WRITE);
 194         BUILD_BUG_ON(FAN_OPEN != FS_OPEN);
 195         BUILD_BUG_ON(FAN_EVENT_ON_CHILD != FS_EVENT_ON_CHILD);
 196         BUILD_BUG_ON(FAN_Q_OVERFLOW != FS_Q_OVERFLOW);
 197         BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM);
 198         BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM);
 199         BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR);
 200
 201         if (!fanotify_should_send_event(iter_info, mask, data, data_type))
 202                 return 0;
 203
 204         pr_debug("%s: group=%p inode=%p mask=%x\n", __func__, group, inode,
 205                  mask);
 206
 207         if (fanotify_is_perm_event(mask)) {
 208                 /*
 209                  * fsnotify_prepare_user_wait() fails if we race with mark
 210                  * deletion.  Just let the operation pass in that case.
 211                  */
 212                 if (!fsnotify_prepare_user_wait(iter_info))
 213                         return 0;
 214         }
 215
 216         event = fanotify_alloc_event(group, inode, mask, data);
 217         ret = -ENOMEM;
 218         if (unlikely(!event)) {
 219                 /*
 220                  * We don't queue overflow events for permission events as
 221                  * there the access is denied and so no event is in fact lost.
 222                  */
 223                 if (!fanotify_is_perm_event(mask))
 224                         fsnotify_queue_overflow(group);
 225                 goto finish;
 226         }
 227
 228         fsn_event = &event->fse;
 229         ret = fsnotify_add_event(group, fsn_event, fanotify_merge);
 230         if (ret) {
 231                 /* Permission events shouldn't be merged */
 232                 BUG_ON(ret == 1 && mask & FAN_ALL_PERM_EVENTS);
 233                 /* Our event wasn't used in the end. Free it. */
 234                 fsnotify_destroy_event(group, fsn_event);
 235
 236                 ret = 0;
 237         } else if (fanotify_is_perm_event(mask)) {
 238                 ret = fanotify_get_response(group, FANOTIFY_PE(fsn_event),
 239                                             iter_info);
 240                 fsnotify_destroy_event(group, fsn_event);
 241         }
 242 finish:
 243         if (fanotify_is_perm_event(mask))
 244                 fsnotify_finish_user_wait(iter_info);
 245
 246         return ret;
 247 }
 248
 249 static void fanotify_free_group_priv(struct fsnotify_group *group)
 250 {
 251         struct user_struct *user;
 252
 253         user = group->fanotify_data.user;
 254         atomic_dec(&user->fanotify_listeners);
 255         free_uid(user);
 256 }
 257
 258 static void fanotify_free_event(struct fsnotify_event *fsn_event)
 259 {
 260         struct fanotify_event_info *event;
 261
 262         event = FANOTIFY_E(fsn_event);
 263         path_put(&event->path);
 264         put_pid(event->tgid);
 265         if (fanotify_is_perm_event(fsn_event->mask)) {
 266                 kmem_cache_free(fanotify_perm_event_cachep,
 267                                 FANOTIFY_PE(fsn_event));
 268                 return;
 269         }
 270         kmem_cache_free(fanotify_event_cachep, event);
 271 }
 272
 273 static void fanotify_free_mark(struct fsnotify_mark *fsn_mark)
 274 {
 275         kmem_cache_free(fanotify_mark_cache, fsn_mark);
 276 }
 277
 278 const struct fsnotify_ops fanotify_fsnotify_ops = {
 279         .handle_event = fanotify_handle_event,
 280         .free_group_priv = fanotify_free_group_priv,
 281         .free_event = fanotify_free_event,
 282         .free_mark = fanotify_free_mark,
 283 };