Avoid reading past buffer when calling GETACL
[zen-stable.git] / fs / dcookies.c
blobdda0dc702d1b8da82cbe360bba1ffd9f2c6ced46
1 /*
2 * dcookies.c
4 * Copyright 2002 John Levon <levon@movementarian.org>
6 * Persistent cookie-path mappings. These are used by
7 * profilers to convert a per-task EIP value into something
8 * non-transitory that can be processed at a later date.
9 * This is done by locking the dentry/vfsmnt pair in the
10 * kernel until released by the tasks needing the persistent
11 * objects. The tag is simply an unsigned long that refers
12 * to the pair and can be looked up from userspace.
15 #include <linux/syscalls.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/list.h>
19 #include <linux/mount.h>
20 #include <linux/capability.h>
21 #include <linux/dcache.h>
22 #include <linux/mm.h>
23 #include <linux/err.h>
24 #include <linux/errno.h>
25 #include <linux/dcookies.h>
26 #include <linux/mutex.h>
27 #include <linux/path.h>
28 #include <asm/uaccess.h>
30 /* The dcookies are allocated from a kmem_cache and
31 * hashed onto a small number of lists. None of the
32 * code here is particularly performance critical
34 struct dcookie_struct {
35 struct path path;
36 struct list_head hash_list;
39 static LIST_HEAD(dcookie_users);
40 static DEFINE_MUTEX(dcookie_mutex);
41 static struct kmem_cache *dcookie_cache __read_mostly;
42 static struct list_head *dcookie_hashtable __read_mostly;
43 static size_t hash_size __read_mostly;
45 static inline int is_live(void)
47 return !(list_empty(&dcookie_users));
51 /* The dentry is locked, its address will do for the cookie */
52 static inline unsigned long dcookie_value(struct dcookie_struct * dcs)
54 return (unsigned long)dcs->path.dentry;
58 static size_t dcookie_hash(unsigned long dcookie)
60 return (dcookie >> L1_CACHE_SHIFT) & (hash_size - 1);
64 static struct dcookie_struct * find_dcookie(unsigned long dcookie)
66 struct dcookie_struct *found = NULL;
67 struct dcookie_struct * dcs;
68 struct list_head * pos;
69 struct list_head * list;
71 list = dcookie_hashtable + dcookie_hash(dcookie);
73 list_for_each(pos, list) {
74 dcs = list_entry(pos, struct dcookie_struct, hash_list);
75 if (dcookie_value(dcs) == dcookie) {
76 found = dcs;
77 break;
81 return found;
85 static void hash_dcookie(struct dcookie_struct * dcs)
87 struct list_head * list = dcookie_hashtable + dcookie_hash(dcookie_value(dcs));
88 list_add(&dcs->hash_list, list);
92 static struct dcookie_struct *alloc_dcookie(struct path *path)
94 struct dcookie_struct *dcs = kmem_cache_alloc(dcookie_cache,
95 GFP_KERNEL);
96 struct dentry *d;
97 if (!dcs)
98 return NULL;
100 d = path->dentry;
101 spin_lock(&d->d_lock);
102 d->d_flags |= DCACHE_COOKIE;
103 spin_unlock(&d->d_lock);
105 dcs->path = *path;
106 path_get(path);
107 hash_dcookie(dcs);
108 return dcs;
112 /* This is the main kernel-side routine that retrieves the cookie
113 * value for a dentry/vfsmnt pair.
115 int get_dcookie(struct path *path, unsigned long *cookie)
117 int err = 0;
118 struct dcookie_struct * dcs;
120 mutex_lock(&dcookie_mutex);
122 if (!is_live()) {
123 err = -EINVAL;
124 goto out;
127 if (path->dentry->d_flags & DCACHE_COOKIE) {
128 dcs = find_dcookie((unsigned long)path->dentry);
129 } else {
130 dcs = alloc_dcookie(path);
131 if (!dcs) {
132 err = -ENOMEM;
133 goto out;
137 *cookie = dcookie_value(dcs);
139 out:
140 mutex_unlock(&dcookie_mutex);
141 return err;
145 /* And here is where the userspace process can look up the cookie value
146 * to retrieve the path.
148 SYSCALL_DEFINE(lookup_dcookie)(u64 cookie64, char __user * buf, size_t len)
150 unsigned long cookie = (unsigned long)cookie64;
151 int err = -EINVAL;
152 char * kbuf;
153 char * path;
154 size_t pathlen;
155 struct dcookie_struct * dcs;
157 /* we could leak path information to users
158 * without dir read permission without this
160 if (!capable(CAP_SYS_ADMIN))
161 return -EPERM;
163 mutex_lock(&dcookie_mutex);
165 if (!is_live()) {
166 err = -EINVAL;
167 goto out;
170 if (!(dcs = find_dcookie(cookie)))
171 goto out;
173 err = -ENOMEM;
174 kbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
175 if (!kbuf)
176 goto out;
178 /* FIXME: (deleted) ? */
179 path = d_path(&dcs->path, kbuf, PAGE_SIZE);
181 mutex_unlock(&dcookie_mutex);
183 if (IS_ERR(path)) {
184 err = PTR_ERR(path);
185 goto out_free;
188 err = -ERANGE;
190 pathlen = kbuf + PAGE_SIZE - path;
191 if (pathlen <= len) {
192 err = pathlen;
193 if (copy_to_user(buf, path, pathlen))
194 err = -EFAULT;
197 out_free:
198 kfree(kbuf);
199 return err;
200 out:
201 mutex_unlock(&dcookie_mutex);
202 return err;
204 #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
205 asmlinkage long SyS_lookup_dcookie(u64 cookie64, long buf, long len)
207 return SYSC_lookup_dcookie(cookie64, (char __user *) buf, (size_t) len);
209 SYSCALL_ALIAS(sys_lookup_dcookie, SyS_lookup_dcookie);
210 #endif
212 static int dcookie_init(void)
214 struct list_head * d;
215 unsigned int i, hash_bits;
216 int err = -ENOMEM;
218 dcookie_cache = kmem_cache_create("dcookie_cache",
219 sizeof(struct dcookie_struct),
220 0, 0, NULL);
222 if (!dcookie_cache)
223 goto out;
225 dcookie_hashtable = kmalloc(PAGE_SIZE, GFP_KERNEL);
226 if (!dcookie_hashtable)
227 goto out_kmem;
229 err = 0;
232 * Find the power-of-two list-heads that can fit into the allocation..
233 * We don't guarantee that "sizeof(struct list_head)" is necessarily
234 * a power-of-two.
236 hash_size = PAGE_SIZE / sizeof(struct list_head);
237 hash_bits = 0;
238 do {
239 hash_bits++;
240 } while ((hash_size >> hash_bits) != 0);
241 hash_bits--;
244 * Re-calculate the actual number of entries and the mask
245 * from the number of bits we can fit.
247 hash_size = 1UL << hash_bits;
249 /* And initialize the newly allocated array */
250 d = dcookie_hashtable;
251 i = hash_size;
252 do {
253 INIT_LIST_HEAD(d);
254 d++;
255 i--;
256 } while (i);
258 out:
259 return err;
260 out_kmem:
261 kmem_cache_destroy(dcookie_cache);
262 goto out;
266 static void free_dcookie(struct dcookie_struct * dcs)
268 struct dentry *d = dcs->path.dentry;
270 spin_lock(&d->d_lock);
271 d->d_flags &= ~DCACHE_COOKIE;
272 spin_unlock(&d->d_lock);
274 path_put(&dcs->path);
275 kmem_cache_free(dcookie_cache, dcs);
279 static void dcookie_exit(void)
281 struct list_head * list;
282 struct list_head * pos;
283 struct list_head * pos2;
284 struct dcookie_struct * dcs;
285 size_t i;
287 for (i = 0; i < hash_size; ++i) {
288 list = dcookie_hashtable + i;
289 list_for_each_safe(pos, pos2, list) {
290 dcs = list_entry(pos, struct dcookie_struct, hash_list);
291 list_del(&dcs->hash_list);
292 free_dcookie(dcs);
296 kfree(dcookie_hashtable);
297 kmem_cache_destroy(dcookie_cache);
301 struct dcookie_user {
302 struct list_head next;
305 struct dcookie_user * dcookie_register(void)
307 struct dcookie_user * user;
309 mutex_lock(&dcookie_mutex);
311 user = kmalloc(sizeof(struct dcookie_user), GFP_KERNEL);
312 if (!user)
313 goto out;
315 if (!is_live() && dcookie_init())
316 goto out_free;
318 list_add(&user->next, &dcookie_users);
320 out:
321 mutex_unlock(&dcookie_mutex);
322 return user;
323 out_free:
324 kfree(user);
325 user = NULL;
326 goto out;
330 void dcookie_unregister(struct dcookie_user * user)
332 mutex_lock(&dcookie_mutex);
334 list_del(&user->next);
335 kfree(user);
337 if (!is_live())
338 dcookie_exit();
340 mutex_unlock(&dcookie_mutex);
343 EXPORT_SYMBOL_GPL(dcookie_register);
344 EXPORT_SYMBOL_GPL(dcookie_unregister);
345 EXPORT_SYMBOL_GPL(get_dcookie);