search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fanotify: merge duplicate events on parent and child
[linux/fpc-iii.git] / fs / notify / fanotify / fanotify_user.c
blob0aa362b885507a01607a1cef802f9f620f07284d
1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/fanotify.h>
3 #include <linux/fcntl.h>
4 #include <linux/file.h>
5 #include <linux/fs.h>
6 #include <linux/anon_inodes.h>
7 #include <linux/fsnotify_backend.h>
8 #include <linux/init.h>
9 #include <linux/mount.h>
10 #include <linux/namei.h>
11 #include <linux/poll.h>
12 #include <linux/security.h>
13 #include <linux/syscalls.h>
14 #include <linux/slab.h>
15 #include <linux/types.h>
16 #include <linux/uaccess.h>
17 #include <linux/compat.h>
18 #include <linux/sched/signal.h>
19 #include <linux/memcontrol.h>
20 #include <linux/statfs.h>
21 #include <linux/exportfs.h>
22
23 #include <asm/ioctls.h>
24
25 #include "../../mount.h"
26 #include "../fdinfo.h"
27 #include "fanotify.h"
28
29 #define FANOTIFY_DEFAULT_MAX_EVENTS 16384
30 #define FANOTIFY_DEFAULT_MAX_MARKS 8192
31 #define FANOTIFY_DEFAULT_MAX_LISTENERS 128
32
33 /*
34 * All flags that may be specified in parameter event_f_flags of fanotify_init.
35 *
36 * Internal and external open flags are stored together in field f_flags of
37 * struct file. Only external open flags shall be allowed in event_f_flags.
38 * Internal flags like FMODE_NONOTIFY, FMODE_EXEC, FMODE_NOCMTIME shall be
39 * excluded.
40 */
41 #define FANOTIFY_INIT_ALL_EVENT_F_BITS ( \
42 O_ACCMODE | O_APPEND | O_NONBLOCK | \
43 __O_SYNC | O_DSYNC | O_CLOEXEC | \
44 O_LARGEFILE | O_NOATIME )
45
46 extern const struct fsnotify_ops fanotify_fsnotify_ops;
47
48 struct kmem_cache *fanotify_mark_cache __read_mostly;
49 struct kmem_cache *fanotify_event_cachep __read_mostly;
50 struct kmem_cache *fanotify_perm_event_cachep __read_mostly;
51
52 #define FANOTIFY_EVENT_ALIGN 4
53
54 static int fanotify_event_info_len(struct fanotify_event *event)
55 {
56 if (!fanotify_event_has_fid(event))
57 return 0;
58
59 return roundup(sizeof(struct fanotify_event_info_fid) +
60 sizeof(struct file_handle) + event->fh_len,
61 FANOTIFY_EVENT_ALIGN);
62 }
63
64 /*
65 * Get an fsnotify notification event if one exists and is small
66 * enough to fit in "count". Return an error pointer if the count
67 * is not large enough. When permission event is dequeued, its state is
68 * updated accordingly.
69 */
70 static struct fsnotify_event *get_one_event(struct fsnotify_group *group,
71 size_t count)
72 {
73 size_t event_size = FAN_EVENT_METADATA_LEN;
74 struct fsnotify_event *fsn_event = NULL;
75
76 pr_debug("%s: group=%p count=%zd\n", __func__, group, count);
77
78 spin_lock(&group->notification_lock);
79 if (fsnotify_notify_queue_is_empty(group))
80 goto out;
81
82 if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
83 event_size += fanotify_event_info_len(
84 FANOTIFY_E(fsnotify_peek_first_event(group)));
85 }
86
87 if (event_size > count) {
88 fsn_event = ERR_PTR(-EINVAL);
89 goto out;
90 }
91 fsn_event = fsnotify_remove_first_event(group);
92 if (fanotify_is_perm_event(FANOTIFY_E(fsn_event)->mask))
93 FANOTIFY_PE(fsn_event)->state = FAN_EVENT_REPORTED;
94 out:
95 spin_unlock(&group->notification_lock);
96 return fsn_event;
97 }
98
99 static int create_fd(struct fsnotify_group *group,
100 struct fanotify_event *event,
101 struct file **file)
102 {
103 int client_fd;
104 struct file *new_file;
105
106 pr_debug("%s: group=%p event=%p\n", __func__, group, event);
107
108 client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
109 if (client_fd < 0)
110 return client_fd;
111
112 /*
113 * we need a new file handle for the userspace program so it can read even if it was
114 * originally opened O_WRONLY.
115 */
116 /* it's possible this event was an overflow event. in that case dentry and mnt
117 * are NULL; That's fine, just don't call dentry open */
118 if (event->path.dentry && event->path.mnt)
119 new_file = dentry_open(&event->path,
120 group->fanotify_data.f_flags | FMODE_NONOTIFY,
121 current_cred());
122 else
123 new_file = ERR_PTR(-EOVERFLOW);
124 if (IS_ERR(new_file)) {
125 /*
126 * we still send an event even if we can't open the file. this
127 * can happen when say tasks are gone and we try to open their
128 * /proc files or we try to open a WRONLY file like in sysfs
129 * we just send the errno to userspace since there isn't much
130 * else we can do.
131 */
132 put_unused_fd(client_fd);
133 client_fd = PTR_ERR(new_file);
134 } else {
135 *file = new_file;
136 }
137
138 return client_fd;
139 }
140
141 /*
142 * Finish processing of permission event by setting it to ANSWERED state and
143 * drop group->notification_lock.
144 */
145 static void finish_permission_event(struct fsnotify_group *group,
146 struct fanotify_perm_event *event,
147 unsigned int response)
148 __releases(&group->notification_lock)
149 {
150 bool destroy = false;
151
152 assert_spin_locked(&group->notification_lock);
153 event->response = response;
154 if (event->state == FAN_EVENT_CANCELED)
155 destroy = true;
156 else
157 event->state = FAN_EVENT_ANSWERED;
158 spin_unlock(&group->notification_lock);
159 if (destroy)
160 fsnotify_destroy_event(group, &event->fae.fse);
161 }
162
163 static int process_access_response(struct fsnotify_group *group,
164 struct fanotify_response *response_struct)
165 {
166 struct fanotify_perm_event *event;
167 int fd = response_struct->fd;
168 int response = response_struct->response;
169
170 pr_debug("%s: group=%p fd=%d response=%d\n", __func__, group,
171 fd, response);
172 /*
173 * make sure the response is valid, if invalid we do nothing and either
174 * userspace can send a valid response or we will clean it up after the
175 * timeout
176 */
177 switch (response & ~FAN_AUDIT) {
178 case FAN_ALLOW:
179 case FAN_DENY:
180 break;
181 default:
182 return -EINVAL;
183 }
184
185 if (fd < 0)
186 return -EINVAL;
187
188 if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT))
189 return -EINVAL;
190
191 spin_lock(&group->notification_lock);
192 list_for_each_entry(event, &group->fanotify_data.access_list,
193 fae.fse.list) {
194 if (event->fd != fd)
195 continue;
196
197 list_del_init(&event->fae.fse.list);
198 finish_permission_event(group, event, response);
199 wake_up(&group->fanotify_data.access_waitq);
200 return 0;
201 }
202 spin_unlock(&group->notification_lock);
203
204 return -ENOENT;
205 }
206
207 static int copy_fid_to_user(struct fanotify_event *event, char __user *buf)
208 {
209 struct fanotify_event_info_fid info = { };
210 struct file_handle handle = { };
211 unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh;
212 size_t fh_len = event->fh_len;
213 size_t len = fanotify_event_info_len(event);
214
215 if (!len)
216 return 0;
217
218 if (WARN_ON_ONCE(len < sizeof(info) + sizeof(handle) + fh_len))
219 return -EFAULT;
220
221 /* Copy event info fid header followed by vaiable sized file handle */
222 info.hdr.info_type = FAN_EVENT_INFO_TYPE_FID;
223 info.hdr.len = len;
224 info.fsid = event->fid.fsid;
225 if (copy_to_user(buf, &info, sizeof(info)))
226 return -EFAULT;
227
228 buf += sizeof(info);
229 len -= sizeof(info);
230 handle.handle_type = event->fh_type;
231 handle.handle_bytes = fh_len;
232 if (copy_to_user(buf, &handle, sizeof(handle)))
233 return -EFAULT;
234
235 buf += sizeof(handle);
236 len -= sizeof(handle);
237 /*
238 * For an inline fh, copy through stack to exclude the copy from
239 * usercopy hardening protections.
240 */
241 fh = fanotify_event_fh(event);
242 if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
243 memcpy(bounce, fh, fh_len);
244 fh = bounce;
245 }
246 if (copy_to_user(buf, fh, fh_len))
247 return -EFAULT;
248
249 /* Pad with 0's */
250 buf += fh_len;
251 len -= fh_len;
252 WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
253 if (len > 0 && clear_user(buf, len))
254 return -EFAULT;
255
256 return 0;
257 }
258
259 static ssize_t copy_event_to_user(struct fsnotify_group *group,
260 struct fsnotify_event *fsn_event,
261 char __user *buf, size_t count)
262 {
263 struct fanotify_event_metadata metadata;
264 struct fanotify_event *event;
265 struct file *f = NULL;
266 int ret, fd = FAN_NOFD;
267
268 pr_debug("%s: group=%p event=%p\n", __func__, group, fsn_event);
269
270 event = container_of(fsn_event, struct fanotify_event, fse);
271 metadata.event_len = FAN_EVENT_METADATA_LEN;
272 metadata.metadata_len = FAN_EVENT_METADATA_LEN;
273 metadata.vers = FANOTIFY_METADATA_VERSION;
274 metadata.reserved = 0;
275 metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS;
276 metadata.pid = pid_vnr(event->pid);
277
278 if (fanotify_event_has_path(event)) {
279 fd = create_fd(group, event, &f);
280 if (fd < 0)
281 return fd;
282 } else if (fanotify_event_has_fid(event)) {
283 metadata.event_len += fanotify_event_info_len(event);
284 }
285 metadata.fd = fd;
286
287 ret = -EFAULT;
288 /*
289 * Sanity check copy size in case get_one_event() and
290 * fill_event_metadata() event_len sizes ever get out of sync.
291 */
292 if (WARN_ON_ONCE(metadata.event_len > count))
293 goto out_close_fd;
294
295 if (copy_to_user(buf, &metadata, FAN_EVENT_METADATA_LEN))
296 goto out_close_fd;
297
298 if (fanotify_is_perm_event(event->mask))
299 FANOTIFY_PE(fsn_event)->fd = fd;
300
301 if (fanotify_event_has_path(event)) {
302 fd_install(fd, f);
303 } else if (fanotify_event_has_fid(event)) {
304 ret = copy_fid_to_user(event, buf + FAN_EVENT_METADATA_LEN);
305 if (ret < 0)
306 return ret;
307 }
308
309 return metadata.event_len;
310
311 out_close_fd:
312 if (fd != FAN_NOFD) {
313 put_unused_fd(fd);
314 fput(f);
315 }
316 return ret;
317 }
318
319 /* intofiy userspace file descriptor functions */
320 static __poll_t fanotify_poll(struct file *file, poll_table *wait)
321 {
322 struct fsnotify_group *group = file->private_data;
323 __poll_t ret = 0;
324
325 poll_wait(file, &group->notification_waitq, wait);
326 spin_lock(&group->notification_lock);
327 if (!fsnotify_notify_queue_is_empty(group))
328 ret = EPOLLIN | EPOLLRDNORM;
329 spin_unlock(&group->notification_lock);
330
331 return ret;
332 }
333
334 static ssize_t fanotify_read(struct file *file, char __user *buf,
335 size_t count, loff_t *pos)
336 {
337 struct fsnotify_group *group;
338 struct fsnotify_event *kevent;
339 char __user *start;
340 int ret;
341 DEFINE_WAIT_FUNC(wait, woken_wake_function);
342
343 start = buf;
344 group = file->private_data;
345
346 pr_debug("%s: group=%p\n", __func__, group);
347
348 add_wait_queue(&group->notification_waitq, &wait);
349 while (1) {
350 kevent = get_one_event(group, count);
351 if (IS_ERR(kevent)) {
352 ret = PTR_ERR(kevent);
353 break;
354 }
355
356 if (!kevent) {
357 ret = -EAGAIN;
358 if (file->f_flags & O_NONBLOCK)
359 break;
360
361 ret = -ERESTARTSYS;
362 if (signal_pending(current))
363 break;
364
365 if (start != buf)
366 break;
367
368 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
369 continue;
370 }
371
372 ret = copy_event_to_user(group, kevent, buf, count);
373 if (unlikely(ret == -EOPENSTALE)) {
374 /*
375 * We cannot report events with stale fd so drop it.
376 * Setting ret to 0 will continue the event loop and
377 * do the right thing if there are no more events to
378 * read (i.e. return bytes read, -EAGAIN or wait).
379 */
380 ret = 0;
381 }
382
383 /*
384 * Permission events get queued to wait for response. Other
385 * events can be destroyed now.
386 */
387 if (!fanotify_is_perm_event(FANOTIFY_E(kevent)->mask)) {
388 fsnotify_destroy_event(group, kevent);
389 } else {
390 if (ret <= 0) {
391 spin_lock(&group->notification_lock);
392 finish_permission_event(group,
393 FANOTIFY_PE(kevent), FAN_DENY);
394 wake_up(&group->fanotify_data.access_waitq);
395 } else {
396 spin_lock(&group->notification_lock);
397 list_add_tail(&kevent->list,
398 &group->fanotify_data.access_list);
399 spin_unlock(&group->notification_lock);
400 }
401 }
402 if (ret < 0)
403 break;
404 buf += ret;
405 count -= ret;
406 }
407 remove_wait_queue(&group->notification_waitq, &wait);
408
409 if (start != buf && ret != -EFAULT)
410 ret = buf - start;
411 return ret;
412 }
413
414 static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
415 {
416 struct fanotify_response response = { .fd = -1, .response = -1 };
417 struct fsnotify_group *group;
418 int ret;
419
420 if (!IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
421 return -EINVAL;
422
423 group = file->private_data;
424
425 if (count > sizeof(response))
426 count = sizeof(response);
427
428 pr_debug("%s: group=%p count=%zu\n", __func__, group, count);
429
430 if (copy_from_user(&response, buf, count))
431 return -EFAULT;
432
433 ret = process_access_response(group, &response);
434 if (ret < 0)
435 count = ret;
436
437 return count;
438 }
439
440 static int fanotify_release(struct inode *ignored, struct file *file)
441 {
442 struct fsnotify_group *group = file->private_data;
443 struct fanotify_perm_event *event;
444 struct fsnotify_event *fsn_event;
445
446 /*
447 * Stop new events from arriving in the notification queue. since
448 * userspace cannot use fanotify fd anymore, no event can enter or
449 * leave access_list by now either.
450 */
451 fsnotify_group_stop_queueing(group);
452
453 /*
454 * Process all permission events on access_list and notification queue
455 * and simulate reply from userspace.
456 */
457 spin_lock(&group->notification_lock);
458 while (!list_empty(&group->fanotify_data.access_list)) {
459 event = list_first_entry(&group->fanotify_data.access_list,
460 struct fanotify_perm_event, fae.fse.list);
461 list_del_init(&event->fae.fse.list);
462 finish_permission_event(group, event, FAN_ALLOW);
463 spin_lock(&group->notification_lock);
464 }
465
466 /*
467 * Destroy all non-permission events. For permission events just
468 * dequeue them and set the response. They will be freed once the
469 * response is consumed and fanotify_get_response() returns.
470 */
471 while (!fsnotify_notify_queue_is_empty(group)) {
472 fsn_event = fsnotify_remove_first_event(group);
473 if (!(FANOTIFY_E(fsn_event)->mask & FANOTIFY_PERM_EVENTS)) {
474 spin_unlock(&group->notification_lock);
475 fsnotify_destroy_event(group, fsn_event);
476 } else {
477 finish_permission_event(group, FANOTIFY_PE(fsn_event),
478 FAN_ALLOW);
479 }
480 spin_lock(&group->notification_lock);
481 }
482 spin_unlock(&group->notification_lock);
483
484 /* Response for all permission events it set, wakeup waiters */
485 wake_up(&group->fanotify_data.access_waitq);
486
487 /* matches the fanotify_init->fsnotify_alloc_group */
488 fsnotify_destroy_group(group);
489
490 return 0;
491 }
492
493 static long fanotify_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
494 {
495 struct fsnotify_group *group;
496 struct fsnotify_event *fsn_event;
497 void __user *p;
498 int ret = -ENOTTY;
499 size_t send_len = 0;
500
501 group = file->private_data;
502
503 p = (void __user *) arg;
504
505 switch (cmd) {
506 case FIONREAD:
507 spin_lock(&group->notification_lock);
508 list_for_each_entry(fsn_event, &group->notification_list, list)
509 send_len += FAN_EVENT_METADATA_LEN;
510 spin_unlock(&group->notification_lock);
511 ret = put_user(send_len, (int __user *) p);
512 break;
513 }
514
515 return ret;
516 }
517
518 static const struct file_operations fanotify_fops = {
519 .show_fdinfo = fanotify_show_fdinfo,
520 .poll = fanotify_poll,
521 .read = fanotify_read,
522 .write = fanotify_write,
523 .fasync = NULL,
524 .release = fanotify_release,
525 .unlocked_ioctl = fanotify_ioctl,
526 .compat_ioctl = compat_ptr_ioctl,
527 .llseek = noop_llseek,
528 };
529
530 static int fanotify_find_path(int dfd, const char __user *filename,
531 struct path *path, unsigned int flags, __u64 mask,
532 unsigned int obj_type)
533 {
534 int ret;
535
536 pr_debug("%s: dfd=%d filename=%p flags=%x\n", __func__,
537 dfd, filename, flags);
538
539 if (filename == NULL) {
540 struct fd f = fdget(dfd);
541
542 ret = -EBADF;
543 if (!f.file)
544 goto out;
545
546 ret = -ENOTDIR;
547 if ((flags & FAN_MARK_ONLYDIR) &&
548 !(S_ISDIR(file_inode(f.file)->i_mode))) {
549 fdput(f);
550 goto out;
551 }
552
553 *path = f.file->f_path;
554 path_get(path);
555 fdput(f);
556 } else {
557 unsigned int lookup_flags = 0;
558
559 if (!(flags & FAN_MARK_DONT_FOLLOW))
560 lookup_flags |= LOOKUP_FOLLOW;
561 if (flags & FAN_MARK_ONLYDIR)
562 lookup_flags |= LOOKUP_DIRECTORY;
563
564 ret = user_path_at(dfd, filename, lookup_flags, path);
565 if (ret)
566 goto out;
567 }
568
569 /* you can only watch an inode if you have read permissions on it */
570 ret = inode_permission(path->dentry->d_inode, MAY_READ);
571 if (ret) {
572 path_put(path);
573 goto out;
574 }
575
576 ret = security_path_notify(path, mask, obj_type);
577 if (ret)
578 path_put(path);
579
580 out:
581 return ret;
582 }
583
584 static __u32 fanotify_mark_remove_from_mask(struct fsnotify_mark *fsn_mark,
585 __u32 mask,
586 unsigned int flags,
587 int *destroy)
588 {
589 __u32 oldmask = 0;
590
591 spin_lock(&fsn_mark->lock);
592 if (!(flags & FAN_MARK_IGNORED_MASK)) {
593 oldmask = fsn_mark->mask;
594 fsn_mark->mask &= ~mask;
595 } else {
596 fsn_mark->ignored_mask &= ~mask;
597 }
598 *destroy = !(fsn_mark->mask | fsn_mark->ignored_mask);
599 spin_unlock(&fsn_mark->lock);
600
601 return mask & oldmask;
602 }
603
604 static int fanotify_remove_mark(struct fsnotify_group *group,
605 fsnotify_connp_t *connp, __u32 mask,
606 unsigned int flags)
607 {
608 struct fsnotify_mark *fsn_mark = NULL;
609 __u32 removed;
610 int destroy_mark;
611
612 mutex_lock(&group->mark_mutex);
613 fsn_mark = fsnotify_find_mark(connp, group);
614 if (!fsn_mark) {
615 mutex_unlock(&group->mark_mutex);
616 return -ENOENT;
617 }
618
619 removed = fanotify_mark_remove_from_mask(fsn_mark, mask, flags,
620 &destroy_mark);
621 if (removed & fsnotify_conn_mask(fsn_mark->connector))
622 fsnotify_recalc_mask(fsn_mark->connector);
623 if (destroy_mark)
624 fsnotify_detach_mark(fsn_mark);
625 mutex_unlock(&group->mark_mutex);
626 if (destroy_mark)
627 fsnotify_free_mark(fsn_mark);
628
629 /* matches the fsnotify_find_mark() */
630 fsnotify_put_mark(fsn_mark);
631 return 0;
632 }
633
634 static int fanotify_remove_vfsmount_mark(struct fsnotify_group *group,
635 struct vfsmount *mnt, __u32 mask,
636 unsigned int flags)
637 {
638 return fanotify_remove_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
639 mask, flags);
640 }
641
642 static int fanotify_remove_sb_mark(struct fsnotify_group *group,
643 struct super_block *sb, __u32 mask,
644 unsigned int flags)
645 {
646 return fanotify_remove_mark(group, &sb->s_fsnotify_marks, mask, flags);
647 }
648
649 static int fanotify_remove_inode_mark(struct fsnotify_group *group,
650 struct inode *inode, __u32 mask,
651 unsigned int flags)
652 {
653 return fanotify_remove_mark(group, &inode->i_fsnotify_marks, mask,
654 flags);
655 }
656
657 static __u32 fanotify_mark_add_to_mask(struct fsnotify_mark *fsn_mark,
658 __u32 mask,
659 unsigned int flags)
660 {
661 __u32 oldmask = -1;
662
663 spin_lock(&fsn_mark->lock);
664 if (!(flags & FAN_MARK_IGNORED_MASK)) {
665 oldmask = fsn_mark->mask;
666 fsn_mark->mask |= mask;
667 } else {
668 fsn_mark->ignored_mask |= mask;
669 if (flags & FAN_MARK_IGNORED_SURV_MODIFY)
670 fsn_mark->flags |= FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY;
671 }
672 spin_unlock(&fsn_mark->lock);
673
674 return mask & ~oldmask;
675 }
676
677 static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
678 fsnotify_connp_t *connp,
679 unsigned int type,
680 __kernel_fsid_t *fsid)
681 {
682 struct fsnotify_mark *mark;
683 int ret;
684
685 if (atomic_read(&group->num_marks) > group->fanotify_data.max_marks)
686 return ERR_PTR(-ENOSPC);
687
688 mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL);
689 if (!mark)
690 return ERR_PTR(-ENOMEM);
691
692 fsnotify_init_mark(mark, group);
693 ret = fsnotify_add_mark_locked(mark, connp, type, 0, fsid);
694 if (ret) {
695 fsnotify_put_mark(mark);
696 return ERR_PTR(ret);
697 }
698
699 return mark;
700 }
701
702
703 static int fanotify_add_mark(struct fsnotify_group *group,
704 fsnotify_connp_t *connp, unsigned int type,
705 __u32 mask, unsigned int flags,
706 __kernel_fsid_t *fsid)
707 {
708 struct fsnotify_mark *fsn_mark;
709 __u32 added;
710
711 mutex_lock(&group->mark_mutex);
712 fsn_mark = fsnotify_find_mark(connp, group);
713 if (!fsn_mark) {
714 fsn_mark = fanotify_add_new_mark(group, connp, type, fsid);
715 if (IS_ERR(fsn_mark)) {
716 mutex_unlock(&group->mark_mutex);
717 return PTR_ERR(fsn_mark);
718 }
719 }
720 added = fanotify_mark_add_to_mask(fsn_mark, mask, flags);
721 if (added & ~fsnotify_conn_mask(fsn_mark->connector))
722 fsnotify_recalc_mask(fsn_mark->connector);
723 mutex_unlock(&group->mark_mutex);
724
725 fsnotify_put_mark(fsn_mark);
726 return 0;
727 }
728
729 static int fanotify_add_vfsmount_mark(struct fsnotify_group *group,
730 struct vfsmount *mnt, __u32 mask,
731 unsigned int flags, __kernel_fsid_t *fsid)
732 {
733 return fanotify_add_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
734 FSNOTIFY_OBJ_TYPE_VFSMOUNT, mask, flags, fsid);
735 }
736
737 static int fanotify_add_sb_mark(struct fsnotify_group *group,
738 struct super_block *sb, __u32 mask,
739 unsigned int flags, __kernel_fsid_t *fsid)
740 {
741 return fanotify_add_mark(group, &sb->s_fsnotify_marks,
742 FSNOTIFY_OBJ_TYPE_SB, mask, flags, fsid);
743 }
744
745 static int fanotify_add_inode_mark(struct fsnotify_group *group,
746 struct inode *inode, __u32 mask,
747 unsigned int flags, __kernel_fsid_t *fsid)
748 {
749 pr_debug("%s: group=%p inode=%p\n", __func__, group, inode);
750
751 /*
752 * If some other task has this inode open for write we should not add
753 * an ignored mark, unless that ignored mark is supposed to survive
754 * modification changes anyway.
755 */
756 if ((flags & FAN_MARK_IGNORED_MASK) &&
757 !(flags & FAN_MARK_IGNORED_SURV_MODIFY) &&
758 inode_is_open_for_write(inode))
759 return 0;
760
761 return fanotify_add_mark(group, &inode->i_fsnotify_marks,
762 FSNOTIFY_OBJ_TYPE_INODE, mask, flags, fsid);
763 }
764
765 /* fanotify syscalls */
766 SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
767 {
768 struct fsnotify_group *group;
769 int f_flags, fd;
770 struct user_struct *user;
771 struct fanotify_event *oevent;
772
773 pr_debug("%s: flags=%x event_f_flags=%x\n",
774 __func__, flags, event_f_flags);
775
776 if (!capable(CAP_SYS_ADMIN))
777 return -EPERM;
778
779 #ifdef CONFIG_AUDITSYSCALL
780 if (flags & ~(FANOTIFY_INIT_FLAGS | FAN_ENABLE_AUDIT))
781 #else
782 if (flags & ~FANOTIFY_INIT_FLAGS)
783 #endif
784 return -EINVAL;
785
786 if (event_f_flags & ~FANOTIFY_INIT_ALL_EVENT_F_BITS)
787 return -EINVAL;
788
789 switch (event_f_flags & O_ACCMODE) {
790 case O_RDONLY:
791 case O_RDWR:
792 case O_WRONLY:
793 break;
794 default:
795 return -EINVAL;
796 }
797
798 if ((flags & FAN_REPORT_FID) &&
799 (flags & FANOTIFY_CLASS_BITS) != FAN_CLASS_NOTIF)
800 return -EINVAL;
801
802 user = get_current_user();
803 if (atomic_read(&user->fanotify_listeners) > FANOTIFY_DEFAULT_MAX_LISTENERS) {
804 free_uid(user);
805 return -EMFILE;
806 }
807
808 f_flags = O_RDWR | FMODE_NONOTIFY;
809 if (flags & FAN_CLOEXEC)
810 f_flags |= O_CLOEXEC;
811 if (flags & FAN_NONBLOCK)
812 f_flags |= O_NONBLOCK;
813
814 /* fsnotify_alloc_group takes a ref. Dropped in fanotify_release */
815 group = fsnotify_alloc_group(&fanotify_fsnotify_ops);
816 if (IS_ERR(group)) {
817 free_uid(user);
818 return PTR_ERR(group);
819 }
820
821 group->fanotify_data.user = user;
822 group->fanotify_data.flags = flags;
823 atomic_inc(&user->fanotify_listeners);
824 group->memcg = get_mem_cgroup_from_mm(current->mm);
825
826 oevent = fanotify_alloc_event(group, NULL, FS_Q_OVERFLOW, NULL,
827 FSNOTIFY_EVENT_NONE, NULL);
828 if (unlikely(!oevent)) {
829 fd = -ENOMEM;
830 goto out_destroy_group;
831 }
832 group->overflow_event = &oevent->fse;
833
834 if (force_o_largefile())
835 event_f_flags |= O_LARGEFILE;
836 group->fanotify_data.f_flags = event_f_flags;
837 init_waitqueue_head(&group->fanotify_data.access_waitq);
838 INIT_LIST_HEAD(&group->fanotify_data.access_list);
839 switch (flags & FANOTIFY_CLASS_BITS) {
840 case FAN_CLASS_NOTIF:
841 group->priority = FS_PRIO_0;
842 break;
843 case FAN_CLASS_CONTENT:
844 group->priority = FS_PRIO_1;
845 break;
846 case FAN_CLASS_PRE_CONTENT:
847 group->priority = FS_PRIO_2;
848 break;
849 default:
850 fd = -EINVAL;
851 goto out_destroy_group;
852 }
853
854 if (flags & FAN_UNLIMITED_QUEUE) {
855 fd = -EPERM;
856 if (!capable(CAP_SYS_ADMIN))
857 goto out_destroy_group;
858 group->max_events = UINT_MAX;
859 } else {
860 group->max_events = FANOTIFY_DEFAULT_MAX_EVENTS;
861 }
862
863 if (flags & FAN_UNLIMITED_MARKS) {
864 fd = -EPERM;
865 if (!capable(CAP_SYS_ADMIN))
866 goto out_destroy_group;
867 group->fanotify_data.max_marks = UINT_MAX;
868 } else {
869 group->fanotify_data.max_marks = FANOTIFY_DEFAULT_MAX_MARKS;
870 }
871
872 if (flags & FAN_ENABLE_AUDIT) {
873 fd = -EPERM;
874 if (!capable(CAP_AUDIT_WRITE))
875 goto out_destroy_group;
876 }
877
878 fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
879 if (fd < 0)
880 goto out_destroy_group;
881
882 return fd;
883
884 out_destroy_group:
885 fsnotify_destroy_group(group);
886 return fd;
887 }
888
889 /* Check if filesystem can encode a unique fid */
890 static int fanotify_test_fid(struct path *path, __kernel_fsid_t *fsid)
891 {
892 __kernel_fsid_t root_fsid;
893 int err;
894
895 /*
896 * Make sure path is not in filesystem with zero fsid (e.g. tmpfs).
897 */
898 err = vfs_get_fsid(path->dentry, fsid);
899 if (err)
900 return err;
901
902 if (!fsid->val[0] && !fsid->val[1])
903 return -ENODEV;
904
905 /*
906 * Make sure path is not inside a filesystem subvolume (e.g. btrfs)
907 * which uses a different fsid than sb root.
908 */
909 err = vfs_get_fsid(path->dentry->d_sb->s_root, &root_fsid);
910 if (err)
911 return err;
912
913 if (root_fsid.val[0] != fsid->val[0] ||
914 root_fsid.val[1] != fsid->val[1])
915 return -EXDEV;
916
917 /*
918 * We need to make sure that the file system supports at least
919 * encoding a file handle so user can use name_to_handle_at() to
920 * compare fid returned with event to the file handle of watched
921 * objects. However, name_to_handle_at() requires that the
922 * filesystem also supports decoding file handles.
923 */
924 if (!path->dentry->d_sb->s_export_op ||
925 !path->dentry->d_sb->s_export_op->fh_to_dentry)
926 return -EOPNOTSUPP;
927
928 return 0;
929 }
930
931 static int fanotify_events_supported(struct path *path, __u64 mask)
932 {
933 /*
934 * Some filesystems such as 'proc' acquire unusual locks when opening
935 * files. For them fanotify permission events have high chances of
936 * deadlocking the system - open done when reporting fanotify event
937 * blocks on this "unusual" lock while another process holding the lock
938 * waits for fanotify permission event to be answered. Just disallow
939 * permission events for such filesystems.
940 */
941 if (mask & FANOTIFY_PERM_EVENTS &&
942 path->mnt->mnt_sb->s_type->fs_flags & FS_DISALLOW_NOTIFY_PERM)
943 return -EINVAL;
944 return 0;
945 }
946
947 static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
948 int dfd, const char __user *pathname)
949 {
950 struct inode *inode = NULL;
951 struct vfsmount *mnt = NULL;
952 struct fsnotify_group *group;
953 struct fd f;
954 struct path path;
955 __kernel_fsid_t __fsid, *fsid = NULL;
956 u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS;
957 unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
958 unsigned int obj_type;
959 int ret;
960
961 pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
962 __func__, fanotify_fd, flags, dfd, pathname, mask);
963
964 /* we only use the lower 32 bits as of right now. */
965 if (mask & ((__u64)0xffffffff << 32))
966 return -EINVAL;
967
968 if (flags & ~FANOTIFY_MARK_FLAGS)
969 return -EINVAL;
970
971 switch (mark_type) {
972 case FAN_MARK_INODE:
973 obj_type = FSNOTIFY_OBJ_TYPE_INODE;
974 break;
975 case FAN_MARK_MOUNT:
976 obj_type = FSNOTIFY_OBJ_TYPE_VFSMOUNT;
977 break;
978 case FAN_MARK_FILESYSTEM:
979 obj_type = FSNOTIFY_OBJ_TYPE_SB;
980 break;
981 default:
982 return -EINVAL;
983 }
984
985 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
986 case FAN_MARK_ADD: /* fallthrough */
987 case FAN_MARK_REMOVE:
988 if (!mask)
989 return -EINVAL;
990 break;
991 case FAN_MARK_FLUSH:
992 if (flags & ~(FANOTIFY_MARK_TYPE_BITS | FAN_MARK_FLUSH))
993 return -EINVAL;
994 break;
995 default:
996 return -EINVAL;
997 }
998
999 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
1000 valid_mask |= FANOTIFY_PERM_EVENTS;
1001
1002 if (mask & ~valid_mask)
1003 return -EINVAL;
1004
1005 f = fdget(fanotify_fd);
1006 if (unlikely(!f.file))
1007 return -EBADF;
1008
1009 /* verify that this is indeed an fanotify instance */
1010 ret = -EINVAL;
1011 if (unlikely(f.file->f_op != &fanotify_fops))
1012 goto fput_and_out;
1013 group = f.file->private_data;
1014
1015 /*
1016 * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF. These are not
1017 * allowed to set permissions events.
1018 */
1019 ret = -EINVAL;
1020 if (mask & FANOTIFY_PERM_EVENTS &&
1021 group->priority == FS_PRIO_0)
1022 goto fput_and_out;
1023
1024 /*
1025 * Events with data type inode do not carry enough information to report
1026 * event->fd, so we do not allow setting a mask for inode events unless
1027 * group supports reporting fid.
1028 * inode events are not supported on a mount mark, because they do not
1029 * carry enough information (i.e. path) to be filtered by mount point.
1030 */
1031 if (mask & FANOTIFY_INODE_EVENTS &&
1032 (!FAN_GROUP_FLAG(group, FAN_REPORT_FID) ||
1033 mark_type == FAN_MARK_MOUNT))
1034 goto fput_and_out;
1035
1036 if (flags & FAN_MARK_FLUSH) {
1037 ret = 0;
1038 if (mark_type == FAN_MARK_MOUNT)
1039 fsnotify_clear_vfsmount_marks_by_group(group);
1040 else if (mark_type == FAN_MARK_FILESYSTEM)
1041 fsnotify_clear_sb_marks_by_group(group);
1042 else
1043 fsnotify_clear_inode_marks_by_group(group);
1044 goto fput_and_out;
1045 }
1046
1047 ret = fanotify_find_path(dfd, pathname, &path, flags,
1048 (mask & ALL_FSNOTIFY_EVENTS), obj_type);
1049 if (ret)
1050 goto fput_and_out;
1051
1052 if (flags & FAN_MARK_ADD) {
1053 ret = fanotify_events_supported(&path, mask);
1054 if (ret)
1055 goto path_put_and_out;
1056 }
1057
1058 if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
1059 ret = fanotify_test_fid(&path, &__fsid);
1060 if (ret)
1061 goto path_put_and_out;
1062
1063 fsid = &__fsid;
1064 }
1065
1066 /* inode held in place by reference to path; group by fget on fd */
1067 if (mark_type == FAN_MARK_INODE)
1068 inode = path.dentry->d_inode;
1069 else
1070 mnt = path.mnt;
1071
1072 /* create/update an inode mark */
1073 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE)) {
1074 case FAN_MARK_ADD:
1075 if (mark_type == FAN_MARK_MOUNT)
1076 ret = fanotify_add_vfsmount_mark(group, mnt, mask,
1077 flags, fsid);
1078 else if (mark_type == FAN_MARK_FILESYSTEM)
1079 ret = fanotify_add_sb_mark(group, mnt->mnt_sb, mask,
1080 flags, fsid);
1081 else
1082 ret = fanotify_add_inode_mark(group, inode, mask,
1083 flags, fsid);
1084 break;
1085 case FAN_MARK_REMOVE:
1086 if (mark_type == FAN_MARK_MOUNT)
1087 ret = fanotify_remove_vfsmount_mark(group, mnt, mask,
1088 flags);
1089 else if (mark_type == FAN_MARK_FILESYSTEM)
1090 ret = fanotify_remove_sb_mark(group, mnt->mnt_sb, mask,
1091 flags);
1092 else
1093 ret = fanotify_remove_inode_mark(group, inode, mask,
1094 flags);
1095 break;
1096 default:
1097 ret = -EINVAL;
1098 }
1099
1100 path_put_and_out:
1101 path_put(&path);
1102 fput_and_out:
1103 fdput(f);
1104 return ret;
1105 }
1106
1107 SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags,
1108 __u64, mask, int, dfd,
1109 const char __user *, pathname)
1110 {
1111 return do_fanotify_mark(fanotify_fd, flags, mask, dfd, pathname);
1112 }
1113
1114 #ifdef CONFIG_COMPAT
1115 COMPAT_SYSCALL_DEFINE6(fanotify_mark,
1116 int, fanotify_fd, unsigned int, flags,
1117 __u32, mask0, __u32, mask1, int, dfd,
1118 const char __user *, pathname)
1119 {
1120 return do_fanotify_mark(fanotify_fd, flags,
1121 #ifdef __BIG_ENDIAN
1122 ((__u64)mask0 << 32) | mask1,
1123 #else
1124 ((__u64)mask1 << 32) | mask0,
1125 #endif
1126 dfd, pathname);
1127 }
1128 #endif
1129
1130 /*
1131 * fanotify_user_setup - Our initialization function. Note that we cannot return
1132 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
1133 * must result in panic().
1134 */
1135 static int __init fanotify_user_setup(void)
1136 {
1137 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 8);
1138 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9);
1139
1140 fanotify_mark_cache = KMEM_CACHE(fsnotify_mark,
1141 SLAB_PANIC|SLAB_ACCOUNT);
1142 fanotify_event_cachep = KMEM_CACHE(fanotify_event, SLAB_PANIC);
1143 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS)) {
1144 fanotify_perm_event_cachep =
1145 KMEM_CACHE(fanotify_perm_event, SLAB_PANIC);
1146 }
1147
1148 return 0;
1149 }
1150 device_initcall(fanotify_user_setup);
Linux with added FPC-III support