1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/fanotify.h>
3 #include <linux/fcntl.h>
4 #include <linux/fdtable.h>
5 #include <linux/file.h>
7 #include <linux/anon_inodes.h>
8 #include <linux/fsnotify_backend.h>
9 #include <linux/init.h>
10 #include <linux/mount.h>
11 #include <linux/namei.h>
12 #include <linux/poll.h>
13 #include <linux/security.h>
14 #include <linux/syscalls.h>
15 #include <linux/slab.h>
16 #include <linux/types.h>
17 #include <linux/uaccess.h>
18 #include <linux/compat.h>
19 #include <linux/sched/signal.h>
20 #include <linux/memcontrol.h>
21 #include <linux/statfs.h>
22 #include <linux/exportfs.h>
24 #include <asm/ioctls.h>
26 #include "../../mount.h"
27 #include "../fdinfo.h"
30 #define FANOTIFY_DEFAULT_MAX_EVENTS 16384
31 #define FANOTIFY_OLD_DEFAULT_MAX_MARKS 8192
32 #define FANOTIFY_DEFAULT_MAX_GROUPS 128
33 #define FANOTIFY_DEFAULT_FEE_POOL_SIZE 32
36 * Legacy fanotify marks limits (8192) is per group and we introduced a tunable
37 * limit of marks per user, similar to inotify. Effectively, the legacy limit
38 * of fanotify marks per user is <max marks per group> * <max groups per user>.
39 * This default limit (1M) also happens to match the increased limit of inotify
40 * max_user_watches since v5.10.
42 #define FANOTIFY_DEFAULT_MAX_USER_MARKS \
43 (FANOTIFY_OLD_DEFAULT_MAX_MARKS * FANOTIFY_DEFAULT_MAX_GROUPS)
46 * Most of the memory cost of adding an inode mark is pinning the marked inode.
47 * The size of the filesystem inode struct is not uniform across filesystems,
48 * so double the size of a VFS inode is used as a conservative approximation.
50 #define INODE_MARK_COST (2 * sizeof(struct inode))
52 /* configurable via /proc/sys/fs/fanotify/ */
53 static int fanotify_max_queued_events __read_mostly;
57 #include <linux/sysctl.h>
59 static long ft_zero = 0;
60 static long ft_int_max = INT_MAX;
62 static struct ctl_table fanotify_table[] = {
64 .procname = "max_user_groups",
65 .data = &init_user_ns.ucount_max[UCOUNT_FANOTIFY_GROUPS],
66 .maxlen = sizeof(long),
68 .proc_handler = proc_doulongvec_minmax,
70 .extra2 = &ft_int_max,
73 .procname = "max_user_marks",
74 .data = &init_user_ns.ucount_max[UCOUNT_FANOTIFY_MARKS],
75 .maxlen = sizeof(long),
77 .proc_handler = proc_doulongvec_minmax,
79 .extra2 = &ft_int_max,
82 .procname = "max_queued_events",
83 .data = &fanotify_max_queued_events,
84 .maxlen = sizeof(int),
86 .proc_handler = proc_dointvec_minmax,
92 static void __init fanotify_sysctls_init(void)
94 register_sysctl("fs/fanotify", fanotify_table);
97 #define fanotify_sysctls_init() do { } while (0)
98 #endif /* CONFIG_SYSCTL */
101 * All flags that may be specified in parameter event_f_flags of fanotify_init.
103 * Internal and external open flags are stored together in field f_flags of
104 * struct file. Only external open flags shall be allowed in event_f_flags.
105 * Internal flags like FMODE_NONOTIFY, FMODE_EXEC, FMODE_NOCMTIME shall be
108 #define FANOTIFY_INIT_ALL_EVENT_F_BITS ( \
109 O_ACCMODE | O_APPEND | O_NONBLOCK | \
110 __O_SYNC | O_DSYNC | O_CLOEXEC | \
111 O_LARGEFILE | O_NOATIME )
113 extern const struct fsnotify_ops fanotify_fsnotify_ops;
115 struct kmem_cache *fanotify_mark_cache __read_mostly;
116 struct kmem_cache *fanotify_fid_event_cachep __read_mostly;
117 struct kmem_cache *fanotify_path_event_cachep __read_mostly;
118 struct kmem_cache *fanotify_perm_event_cachep __read_mostly;
120 #define FANOTIFY_EVENT_ALIGN 4
121 #define FANOTIFY_FID_INFO_HDR_LEN \
122 (sizeof(struct fanotify_event_info_fid) + sizeof(struct file_handle))
123 #define FANOTIFY_PIDFD_INFO_HDR_LEN \
124 sizeof(struct fanotify_event_info_pidfd)
125 #define FANOTIFY_ERROR_INFO_LEN \
126 (sizeof(struct fanotify_event_info_error))
128 static int fanotify_fid_info_len(int fh_len, int name_len)
130 int info_len = fh_len;
133 info_len += name_len + 1;
135 return roundup(FANOTIFY_FID_INFO_HDR_LEN + info_len,
136 FANOTIFY_EVENT_ALIGN);
139 /* FAN_RENAME may have one or two dir+name info records */
140 static int fanotify_dir_name_info_len(struct fanotify_event *event)
142 struct fanotify_info *info = fanotify_event_info(event);
143 int dir_fh_len = fanotify_event_dir_fh_len(event);
144 int dir2_fh_len = fanotify_event_dir2_fh_len(event);
148 info_len += fanotify_fid_info_len(dir_fh_len,
151 info_len += fanotify_fid_info_len(dir2_fh_len,
157 static size_t fanotify_event_len(unsigned int info_mode,
158 struct fanotify_event *event)
160 size_t event_len = FAN_EVENT_METADATA_LEN;
167 if (fanotify_is_error_event(event->mask))
168 event_len += FANOTIFY_ERROR_INFO_LEN;
170 if (fanotify_event_has_any_dir_fh(event)) {
171 event_len += fanotify_dir_name_info_len(event);
172 } else if ((info_mode & FAN_REPORT_NAME) &&
173 (event->mask & FAN_ONDIR)) {
175 * With group flag FAN_REPORT_NAME, if name was not recorded in
176 * event on a directory, we will report the name ".".
181 if (info_mode & FAN_REPORT_PIDFD)
182 event_len += FANOTIFY_PIDFD_INFO_HDR_LEN;
184 if (fanotify_event_has_object_fh(event)) {
185 fh_len = fanotify_event_object_fh_len(event);
186 event_len += fanotify_fid_info_len(fh_len, dot_len);
193 * Remove an hashed event from merge hash table.
195 static void fanotify_unhash_event(struct fsnotify_group *group,
196 struct fanotify_event *event)
198 assert_spin_locked(&group->notification_lock);
200 pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,
201 group, event, fanotify_event_hash_bucket(group, event));
203 if (WARN_ON_ONCE(hlist_unhashed(&event->merge_list)))
206 hlist_del_init(&event->merge_list);
210 * Get an fanotify notification event if one exists and is small
211 * enough to fit in "count". Return an error pointer if the count
212 * is not large enough. When permission event is dequeued, its state is
213 * updated accordingly.
215 static struct fanotify_event *get_one_event(struct fsnotify_group *group,
219 struct fanotify_event *event = NULL;
220 struct fsnotify_event *fsn_event;
221 unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES);
223 pr_debug("%s: group=%p count=%zd\n", __func__, group, count);
225 spin_lock(&group->notification_lock);
226 fsn_event = fsnotify_peek_first_event(group);
230 event = FANOTIFY_E(fsn_event);
231 event_size = fanotify_event_len(info_mode, event);
233 if (event_size > count) {
234 event = ERR_PTR(-EINVAL);
239 * Held the notification_lock the whole time, so this is the
240 * same event we peeked above.
242 fsnotify_remove_first_event(group);
243 if (fanotify_is_perm_event(event->mask))
244 FANOTIFY_PERM(event)->state = FAN_EVENT_REPORTED;
245 if (fanotify_is_hashed_event(event->mask))
246 fanotify_unhash_event(group, event);
248 spin_unlock(&group->notification_lock);
252 static int create_fd(struct fsnotify_group *group, struct path *path,
256 struct file *new_file;
258 client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
263 * we need a new file handle for the userspace program so it can read even if it was
264 * originally opened O_WRONLY.
266 new_file = dentry_open(path,
267 group->fanotify_data.f_flags | FMODE_NONOTIFY,
269 if (IS_ERR(new_file)) {
271 * we still send an event even if we can't open the file. this
272 * can happen when say tasks are gone and we try to open their
273 * /proc files or we try to open a WRONLY file like in sysfs
274 * we just send the errno to userspace since there isn't much
277 put_unused_fd(client_fd);
278 client_fd = PTR_ERR(new_file);
287 * Finish processing of permission event by setting it to ANSWERED state and
288 * drop group->notification_lock.
290 static void finish_permission_event(struct fsnotify_group *group,
291 struct fanotify_perm_event *event,
292 unsigned int response)
293 __releases(&group->notification_lock)
295 bool destroy = false;
297 assert_spin_locked(&group->notification_lock);
298 event->response = response;
299 if (event->state == FAN_EVENT_CANCELED)
302 event->state = FAN_EVENT_ANSWERED;
303 spin_unlock(&group->notification_lock);
305 fsnotify_destroy_event(group, &event->fae.fse);
308 static int process_access_response(struct fsnotify_group *group,
309 struct fanotify_response *response_struct)
311 struct fanotify_perm_event *event;
312 int fd = response_struct->fd;
313 int response = response_struct->response;
315 pr_debug("%s: group=%p fd=%d response=%d\n", __func__, group,
318 * make sure the response is valid, if invalid we do nothing and either
319 * userspace can send a valid response or we will clean it up after the
322 switch (response & ~FAN_AUDIT) {
333 if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT))
336 spin_lock(&group->notification_lock);
337 list_for_each_entry(event, &group->fanotify_data.access_list,
342 list_del_init(&event->fae.fse.list);
343 finish_permission_event(group, event, response);
344 wake_up(&group->fanotify_data.access_waitq);
347 spin_unlock(&group->notification_lock);
352 static size_t copy_error_info_to_user(struct fanotify_event *event,
353 char __user *buf, int count)
355 struct fanotify_event_info_error info = { };
356 struct fanotify_error_event *fee = FANOTIFY_EE(event);
358 info.hdr.info_type = FAN_EVENT_INFO_TYPE_ERROR;
359 info.hdr.len = FANOTIFY_ERROR_INFO_LEN;
361 if (WARN_ON(count < info.hdr.len))
364 info.error = fee->error;
365 info.error_count = fee->err_count;
367 if (copy_to_user(buf, &info, sizeof(info)))
373 static int copy_fid_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
374 int info_type, const char *name,
376 char __user *buf, size_t count)
378 struct fanotify_event_info_fid info = { };
379 struct file_handle handle = { };
380 unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh_buf;
381 size_t fh_len = fh ? fh->len : 0;
382 size_t info_len = fanotify_fid_info_len(fh_len, name_len);
383 size_t len = info_len;
385 pr_debug("%s: fh_len=%zu name_len=%zu, info_len=%zu, count=%zu\n",
386 __func__, fh_len, name_len, info_len, count);
388 if (WARN_ON_ONCE(len < sizeof(info) || len > count))
392 * Copy event info fid header followed by variable sized file handle
393 * and optionally followed by variable sized filename.
396 case FAN_EVENT_INFO_TYPE_FID:
397 case FAN_EVENT_INFO_TYPE_DFID:
398 if (WARN_ON_ONCE(name_len))
401 case FAN_EVENT_INFO_TYPE_DFID_NAME:
402 case FAN_EVENT_INFO_TYPE_OLD_DFID_NAME:
403 case FAN_EVENT_INFO_TYPE_NEW_DFID_NAME:
404 if (WARN_ON_ONCE(!name || !name_len))
411 info.hdr.info_type = info_type;
414 if (copy_to_user(buf, &info, sizeof(info)))
419 if (WARN_ON_ONCE(len < sizeof(handle)))
422 handle.handle_type = fh->type;
423 handle.handle_bytes = fh_len;
425 /* Mangle handle_type for bad file_handle */
427 handle.handle_type = FILEID_INVALID;
429 if (copy_to_user(buf, &handle, sizeof(handle)))
432 buf += sizeof(handle);
433 len -= sizeof(handle);
434 if (WARN_ON_ONCE(len < fh_len))
438 * For an inline fh and inline file name, copy through stack to exclude
439 * the copy from usercopy hardening protections.
441 fh_buf = fanotify_fh_buf(fh);
442 if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
443 memcpy(bounce, fh_buf, fh_len);
446 if (copy_to_user(buf, fh_buf, fh_len))
453 /* Copy the filename with terminating null */
455 if (WARN_ON_ONCE(len < name_len))
458 if (copy_to_user(buf, name, name_len))
466 WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
467 if (len > 0 && clear_user(buf, len))
473 static int copy_pidfd_info_to_user(int pidfd,
477 struct fanotify_event_info_pidfd info = { };
478 size_t info_len = FANOTIFY_PIDFD_INFO_HDR_LEN;
480 if (WARN_ON_ONCE(info_len > count))
483 info.hdr.info_type = FAN_EVENT_INFO_TYPE_PIDFD;
484 info.hdr.len = info_len;
487 if (copy_to_user(buf, &info, info_len))
493 static int copy_info_records_to_user(struct fanotify_event *event,
494 struct fanotify_info *info,
495 unsigned int info_mode, int pidfd,
496 char __user *buf, size_t count)
498 int ret, total_bytes = 0, info_type = 0;
499 unsigned int fid_mode = info_mode & FANOTIFY_FID_BITS;
500 unsigned int pidfd_mode = info_mode & FAN_REPORT_PIDFD;
503 * Event info records order is as follows:
505 * 2. (optional) new dir fid + new name
506 * 3. (optional) child fid
508 if (fanotify_event_has_dir_fh(event)) {
509 info_type = info->name_len ? FAN_EVENT_INFO_TYPE_DFID_NAME :
510 FAN_EVENT_INFO_TYPE_DFID;
512 /* FAN_RENAME uses special info types */
513 if (event->mask & FAN_RENAME)
514 info_type = FAN_EVENT_INFO_TYPE_OLD_DFID_NAME;
516 ret = copy_fid_info_to_user(fanotify_event_fsid(event),
517 fanotify_info_dir_fh(info),
519 fanotify_info_name(info),
520 info->name_len, buf, count);
529 /* New dir fid+name may be reported in addition to old dir fid+name */
530 if (fanotify_event_has_dir2_fh(event)) {
531 info_type = FAN_EVENT_INFO_TYPE_NEW_DFID_NAME;
532 ret = copy_fid_info_to_user(fanotify_event_fsid(event),
533 fanotify_info_dir2_fh(info),
535 fanotify_info_name2(info),
536 info->name2_len, buf, count);
545 if (fanotify_event_has_object_fh(event)) {
546 const char *dot = NULL;
549 if (fid_mode == FAN_REPORT_FID || info_type) {
551 * With only group flag FAN_REPORT_FID only type FID is
552 * reported. Second info record type is always FID.
554 info_type = FAN_EVENT_INFO_TYPE_FID;
555 } else if ((fid_mode & FAN_REPORT_NAME) &&
556 (event->mask & FAN_ONDIR)) {
558 * With group flag FAN_REPORT_NAME, if name was not
559 * recorded in an event on a directory, report the name
560 * "." with info type DFID_NAME.
562 info_type = FAN_EVENT_INFO_TYPE_DFID_NAME;
565 } else if ((event->mask & ALL_FSNOTIFY_DIRENT_EVENTS) ||
566 (event->mask & FAN_ONDIR)) {
568 * With group flag FAN_REPORT_DIR_FID, a single info
569 * record has type DFID for directory entry modification
570 * event and for event on a directory.
572 info_type = FAN_EVENT_INFO_TYPE_DFID;
575 * With group flags FAN_REPORT_DIR_FID|FAN_REPORT_FID,
576 * a single info record has type FID for event on a
577 * non-directory, when there is no directory to report.
578 * For example, on FAN_DELETE_SELF event.
580 info_type = FAN_EVENT_INFO_TYPE_FID;
583 ret = copy_fid_info_to_user(fanotify_event_fsid(event),
584 fanotify_event_object_fh(event),
585 info_type, dot, dot_len,
596 ret = copy_pidfd_info_to_user(pidfd, buf, count);
605 if (fanotify_is_error_event(event->mask)) {
606 ret = copy_error_info_to_user(event, buf, count);
617 static ssize_t copy_event_to_user(struct fsnotify_group *group,
618 struct fanotify_event *event,
619 char __user *buf, size_t count)
621 struct fanotify_event_metadata metadata;
622 struct path *path = fanotify_event_path(event);
623 struct fanotify_info *info = fanotify_event_info(event);
624 unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES);
625 unsigned int pidfd_mode = info_mode & FAN_REPORT_PIDFD;
626 struct file *f = NULL;
627 int ret, pidfd = FAN_NOPIDFD, fd = FAN_NOFD;
629 pr_debug("%s: group=%p event=%p\n", __func__, group, event);
631 metadata.event_len = fanotify_event_len(info_mode, event);
632 metadata.metadata_len = FAN_EVENT_METADATA_LEN;
633 metadata.vers = FANOTIFY_METADATA_VERSION;
634 metadata.reserved = 0;
635 metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS;
636 metadata.pid = pid_vnr(event->pid);
638 * For an unprivileged listener, event->pid can be used to identify the
639 * events generated by the listener process itself, without disclosing
640 * the pids of other processes.
642 if (FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) &&
643 task_tgid(current) != event->pid)
647 * For now, fid mode is required for an unprivileged listener and
648 * fid mode does not report fd in events. Keep this check anyway
649 * for safety in case fid mode requirement is relaxed in the future
650 * to allow unprivileged listener to get events with no fd and no fid.
652 if (!FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) &&
653 path && path->mnt && path->dentry) {
654 fd = create_fd(group, path, &f);
662 * Complain if the FAN_REPORT_PIDFD and FAN_REPORT_TID mutual
663 * exclusion is ever lifted. At the time of incoporating pidfd
664 * support within fanotify, the pidfd API only supported the
665 * creation of pidfds for thread-group leaders.
667 WARN_ON_ONCE(FAN_GROUP_FLAG(group, FAN_REPORT_TID));
670 * The PIDTYPE_TGID check for an event->pid is performed
671 * preemptively in an attempt to catch out cases where the event
672 * listener reads events after the event generating process has
673 * already terminated. Report FAN_NOPIDFD to the event listener
674 * in those cases, with all other pidfd creation errors being
675 * reported as FAN_EPIDFD.
677 if (metadata.pid == 0 ||
678 !pid_has_task(event->pid, PIDTYPE_TGID)) {
681 pidfd = pidfd_create(event->pid, 0);
689 * Sanity check copy size in case get_one_event() and
690 * event_len sizes ever get out of sync.
692 if (WARN_ON_ONCE(metadata.event_len > count))
695 if (copy_to_user(buf, &metadata, FAN_EVENT_METADATA_LEN))
698 buf += FAN_EVENT_METADATA_LEN;
699 count -= FAN_EVENT_METADATA_LEN;
701 if (fanotify_is_perm_event(event->mask))
702 FANOTIFY_PERM(event)->fd = fd;
705 ret = copy_info_records_to_user(event, info, info_mode, pidfd,
714 return metadata.event_len;
717 if (fd != FAN_NOFD) {
728 /* intofiy userspace file descriptor functions */
729 static __poll_t fanotify_poll(struct file *file, poll_table *wait)
731 struct fsnotify_group *group = file->private_data;
734 poll_wait(file, &group->notification_waitq, wait);
735 spin_lock(&group->notification_lock);
736 if (!fsnotify_notify_queue_is_empty(group))
737 ret = EPOLLIN | EPOLLRDNORM;
738 spin_unlock(&group->notification_lock);
743 static ssize_t fanotify_read(struct file *file, char __user *buf,
744 size_t count, loff_t *pos)
746 struct fsnotify_group *group;
747 struct fanotify_event *event;
750 DEFINE_WAIT_FUNC(wait, woken_wake_function);
753 group = file->private_data;
755 pr_debug("%s: group=%p\n", __func__, group);
757 add_wait_queue(&group->notification_waitq, &wait);
760 * User can supply arbitrarily large buffer. Avoid softlockups
761 * in case there are lots of available events.
764 event = get_one_event(group, count);
766 ret = PTR_ERR(event);
772 if (file->f_flags & O_NONBLOCK)
776 if (signal_pending(current))
782 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
786 ret = copy_event_to_user(group, event, buf, count);
787 if (unlikely(ret == -EOPENSTALE)) {
789 * We cannot report events with stale fd so drop it.
790 * Setting ret to 0 will continue the event loop and
791 * do the right thing if there are no more events to
792 * read (i.e. return bytes read, -EAGAIN or wait).
798 * Permission events get queued to wait for response. Other
799 * events can be destroyed now.
801 if (!fanotify_is_perm_event(event->mask)) {
802 fsnotify_destroy_event(group, &event->fse);
805 spin_lock(&group->notification_lock);
806 finish_permission_event(group,
807 FANOTIFY_PERM(event), FAN_DENY);
808 wake_up(&group->fanotify_data.access_waitq);
810 spin_lock(&group->notification_lock);
811 list_add_tail(&event->fse.list,
812 &group->fanotify_data.access_list);
813 spin_unlock(&group->notification_lock);
821 remove_wait_queue(&group->notification_waitq, &wait);
823 if (start != buf && ret != -EFAULT)
828 static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
830 struct fanotify_response response = { .fd = -1, .response = -1 };
831 struct fsnotify_group *group;
834 if (!IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
837 group = file->private_data;
839 if (count < sizeof(response))
842 count = sizeof(response);
844 pr_debug("%s: group=%p count=%zu\n", __func__, group, count);
846 if (copy_from_user(&response, buf, count))
849 ret = process_access_response(group, &response);
856 static int fanotify_release(struct inode *ignored, struct file *file)
858 struct fsnotify_group *group = file->private_data;
859 struct fsnotify_event *fsn_event;
862 * Stop new events from arriving in the notification queue. since
863 * userspace cannot use fanotify fd anymore, no event can enter or
864 * leave access_list by now either.
866 fsnotify_group_stop_queueing(group);
869 * Process all permission events on access_list and notification queue
870 * and simulate reply from userspace.
872 spin_lock(&group->notification_lock);
873 while (!list_empty(&group->fanotify_data.access_list)) {
874 struct fanotify_perm_event *event;
876 event = list_first_entry(&group->fanotify_data.access_list,
877 struct fanotify_perm_event, fae.fse.list);
878 list_del_init(&event->fae.fse.list);
879 finish_permission_event(group, event, FAN_ALLOW);
880 spin_lock(&group->notification_lock);
884 * Destroy all non-permission events. For permission events just
885 * dequeue them and set the response. They will be freed once the
886 * response is consumed and fanotify_get_response() returns.
888 while ((fsn_event = fsnotify_remove_first_event(group))) {
889 struct fanotify_event *event = FANOTIFY_E(fsn_event);
891 if (!(event->mask & FANOTIFY_PERM_EVENTS)) {
892 spin_unlock(&group->notification_lock);
893 fsnotify_destroy_event(group, fsn_event);
895 finish_permission_event(group, FANOTIFY_PERM(event),
898 spin_lock(&group->notification_lock);
900 spin_unlock(&group->notification_lock);
902 /* Response for all permission events it set, wakeup waiters */
903 wake_up(&group->fanotify_data.access_waitq);
905 /* matches the fanotify_init->fsnotify_alloc_group */
906 fsnotify_destroy_group(group);
911 static long fanotify_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
913 struct fsnotify_group *group;
914 struct fsnotify_event *fsn_event;
919 group = file->private_data;
921 p = (void __user *) arg;
925 spin_lock(&group->notification_lock);
926 list_for_each_entry(fsn_event, &group->notification_list, list)
927 send_len += FAN_EVENT_METADATA_LEN;
928 spin_unlock(&group->notification_lock);
929 ret = put_user(send_len, (int __user *) p);
936 static const struct file_operations fanotify_fops = {
937 .show_fdinfo = fanotify_show_fdinfo,
938 .poll = fanotify_poll,
939 .read = fanotify_read,
940 .write = fanotify_write,
942 .release = fanotify_release,
943 .unlocked_ioctl = fanotify_ioctl,
944 .compat_ioctl = compat_ptr_ioctl,
945 .llseek = noop_llseek,
948 static int fanotify_find_path(int dfd, const char __user *filename,
949 struct path *path, unsigned int flags, __u64 mask,
950 unsigned int obj_type)
954 pr_debug("%s: dfd=%d filename=%p flags=%x\n", __func__,
955 dfd, filename, flags);
957 if (filename == NULL) {
958 struct fd f = fdget(dfd);
965 if ((flags & FAN_MARK_ONLYDIR) &&
966 !(S_ISDIR(file_inode(f.file)->i_mode))) {
971 *path = f.file->f_path;
975 unsigned int lookup_flags = 0;
977 if (!(flags & FAN_MARK_DONT_FOLLOW))
978 lookup_flags |= LOOKUP_FOLLOW;
979 if (flags & FAN_MARK_ONLYDIR)
980 lookup_flags |= LOOKUP_DIRECTORY;
982 ret = user_path_at(dfd, filename, lookup_flags, path);
987 /* you can only watch an inode if you have read permissions on it */
988 ret = path_permission(path, MAY_READ);
994 ret = security_path_notify(path, mask, obj_type);
1002 static __u32 fanotify_mark_remove_from_mask(struct fsnotify_mark *fsn_mark,
1003 __u32 mask, unsigned int flags,
1004 __u32 umask, int *destroy)
1008 /* umask bits cannot be removed by user */
1010 spin_lock(&fsn_mark->lock);
1011 if (!(flags & FAN_MARK_IGNORED_MASK)) {
1012 oldmask = fsn_mark->mask;
1013 fsn_mark->mask &= ~mask;
1015 fsn_mark->ignored_mask &= ~mask;
1018 * We need to keep the mark around even if remaining mask cannot
1019 * result in any events (e.g. mask == FAN_ONDIR) to support incremenal
1020 * changes to the mask.
1021 * Destroy mark when only umask bits remain.
1023 *destroy = !((fsn_mark->mask | fsn_mark->ignored_mask) & ~umask);
1024 spin_unlock(&fsn_mark->lock);
1026 return mask & oldmask;
1029 static int fanotify_remove_mark(struct fsnotify_group *group,
1030 fsnotify_connp_t *connp, __u32 mask,
1031 unsigned int flags, __u32 umask)
1033 struct fsnotify_mark *fsn_mark = NULL;
1037 mutex_lock(&group->mark_mutex);
1038 fsn_mark = fsnotify_find_mark(connp, group);
1040 mutex_unlock(&group->mark_mutex);
1044 removed = fanotify_mark_remove_from_mask(fsn_mark, mask, flags,
1045 umask, &destroy_mark);
1046 if (removed & fsnotify_conn_mask(fsn_mark->connector))
1047 fsnotify_recalc_mask(fsn_mark->connector);
1049 fsnotify_detach_mark(fsn_mark);
1050 mutex_unlock(&group->mark_mutex);
1052 fsnotify_free_mark(fsn_mark);
1054 /* matches the fsnotify_find_mark() */
1055 fsnotify_put_mark(fsn_mark);
1059 static int fanotify_remove_vfsmount_mark(struct fsnotify_group *group,
1060 struct vfsmount *mnt, __u32 mask,
1061 unsigned int flags, __u32 umask)
1063 return fanotify_remove_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
1064 mask, flags, umask);
1067 static int fanotify_remove_sb_mark(struct fsnotify_group *group,
1068 struct super_block *sb, __u32 mask,
1069 unsigned int flags, __u32 umask)
1071 return fanotify_remove_mark(group, &sb->s_fsnotify_marks, mask,
1075 static int fanotify_remove_inode_mark(struct fsnotify_group *group,
1076 struct inode *inode, __u32 mask,
1077 unsigned int flags, __u32 umask)
1079 return fanotify_remove_mark(group, &inode->i_fsnotify_marks, mask,
1083 static __u32 fanotify_mark_add_to_mask(struct fsnotify_mark *fsn_mark,
1089 spin_lock(&fsn_mark->lock);
1090 if (!(flags & FAN_MARK_IGNORED_MASK)) {
1091 oldmask = fsn_mark->mask;
1092 fsn_mark->mask |= mask;
1094 fsn_mark->ignored_mask |= mask;
1095 if (flags & FAN_MARK_IGNORED_SURV_MODIFY)
1096 fsn_mark->flags |= FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY;
1098 spin_unlock(&fsn_mark->lock);
1100 return mask & ~oldmask;
1103 static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
1104 fsnotify_connp_t *connp,
1105 unsigned int obj_type,
1106 __kernel_fsid_t *fsid)
1108 struct ucounts *ucounts = group->fanotify_data.ucounts;
1109 struct fsnotify_mark *mark;
1113 * Enforce per user marks limits per user in all containing user ns.
1114 * A group with FAN_UNLIMITED_MARKS does not contribute to mark count
1115 * in the limited groups account.
1117 if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS) &&
1118 !inc_ucount(ucounts->ns, ucounts->uid, UCOUNT_FANOTIFY_MARKS))
1119 return ERR_PTR(-ENOSPC);
1121 mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL);
1124 goto out_dec_ucounts;
1127 fsnotify_init_mark(mark, group);
1128 ret = fsnotify_add_mark_locked(mark, connp, obj_type, 0, fsid);
1130 fsnotify_put_mark(mark);
1131 goto out_dec_ucounts;
1137 if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS))
1138 dec_ucount(ucounts, UCOUNT_FANOTIFY_MARKS);
1139 return ERR_PTR(ret);
1142 static int fanotify_group_init_error_pool(struct fsnotify_group *group)
1144 if (mempool_initialized(&group->fanotify_data.error_events_pool))
1147 return mempool_init_kmalloc_pool(&group->fanotify_data.error_events_pool,
1148 FANOTIFY_DEFAULT_FEE_POOL_SIZE,
1149 sizeof(struct fanotify_error_event));
1152 static int fanotify_add_mark(struct fsnotify_group *group,
1153 fsnotify_connp_t *connp, unsigned int obj_type,
1154 __u32 mask, unsigned int flags,
1155 __kernel_fsid_t *fsid)
1157 struct fsnotify_mark *fsn_mark;
1161 mutex_lock(&group->mark_mutex);
1162 fsn_mark = fsnotify_find_mark(connp, group);
1164 fsn_mark = fanotify_add_new_mark(group, connp, obj_type, fsid);
1165 if (IS_ERR(fsn_mark)) {
1166 mutex_unlock(&group->mark_mutex);
1167 return PTR_ERR(fsn_mark);
1172 * Error events are pre-allocated per group, only if strictly
1173 * needed (i.e. FAN_FS_ERROR was requested).
1175 if (!(flags & FAN_MARK_IGNORED_MASK) && (mask & FAN_FS_ERROR)) {
1176 ret = fanotify_group_init_error_pool(group);
1181 added = fanotify_mark_add_to_mask(fsn_mark, mask, flags);
1182 if (added & ~fsnotify_conn_mask(fsn_mark->connector))
1183 fsnotify_recalc_mask(fsn_mark->connector);
1186 mutex_unlock(&group->mark_mutex);
1188 fsnotify_put_mark(fsn_mark);
1192 static int fanotify_add_vfsmount_mark(struct fsnotify_group *group,
1193 struct vfsmount *mnt, __u32 mask,
1194 unsigned int flags, __kernel_fsid_t *fsid)
1196 return fanotify_add_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
1197 FSNOTIFY_OBJ_TYPE_VFSMOUNT, mask, flags, fsid);
1200 static int fanotify_add_sb_mark(struct fsnotify_group *group,
1201 struct super_block *sb, __u32 mask,
1202 unsigned int flags, __kernel_fsid_t *fsid)
1204 return fanotify_add_mark(group, &sb->s_fsnotify_marks,
1205 FSNOTIFY_OBJ_TYPE_SB, mask, flags, fsid);
1208 static int fanotify_add_inode_mark(struct fsnotify_group *group,
1209 struct inode *inode, __u32 mask,
1210 unsigned int flags, __kernel_fsid_t *fsid)
1212 pr_debug("%s: group=%p inode=%p\n", __func__, group, inode);
1215 * If some other task has this inode open for write we should not add
1216 * an ignored mark, unless that ignored mark is supposed to survive
1217 * modification changes anyway.
1219 if ((flags & FAN_MARK_IGNORED_MASK) &&
1220 !(flags & FAN_MARK_IGNORED_SURV_MODIFY) &&
1221 inode_is_open_for_write(inode))
1224 return fanotify_add_mark(group, &inode->i_fsnotify_marks,
1225 FSNOTIFY_OBJ_TYPE_INODE, mask, flags, fsid);
1228 static struct fsnotify_event *fanotify_alloc_overflow_event(void)
1230 struct fanotify_event *oevent;
1232 oevent = kmalloc(sizeof(*oevent), GFP_KERNEL_ACCOUNT);
1236 fanotify_init_event(oevent, 0, FS_Q_OVERFLOW);
1237 oevent->type = FANOTIFY_EVENT_TYPE_OVERFLOW;
1239 return &oevent->fse;
1242 static struct hlist_head *fanotify_alloc_merge_hash(void)
1244 struct hlist_head *hash;
1246 hash = kmalloc(sizeof(struct hlist_head) << FANOTIFY_HTABLE_BITS,
1247 GFP_KERNEL_ACCOUNT);
1251 __hash_init(hash, FANOTIFY_HTABLE_SIZE);
1256 /* fanotify syscalls */
1257 SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
1259 struct fsnotify_group *group;
1261 unsigned int fid_mode = flags & FANOTIFY_FID_BITS;
1262 unsigned int class = flags & FANOTIFY_CLASS_BITS;
1263 unsigned int internal_flags = 0;
1265 pr_debug("%s: flags=%x event_f_flags=%x\n",
1266 __func__, flags, event_f_flags);
1268 if (!capable(CAP_SYS_ADMIN)) {
1270 * An unprivileged user can setup an fanotify group with
1271 * limited functionality - an unprivileged group is limited to
1272 * notification events with file handles and it cannot use
1273 * unlimited queue/marks.
1275 if ((flags & FANOTIFY_ADMIN_INIT_FLAGS) || !fid_mode)
1279 * Setting the internal flag FANOTIFY_UNPRIV on the group
1280 * prevents setting mount/filesystem marks on this group and
1281 * prevents reporting pid and open fd in events.
1283 internal_flags |= FANOTIFY_UNPRIV;
1286 #ifdef CONFIG_AUDITSYSCALL
1287 if (flags & ~(FANOTIFY_INIT_FLAGS | FAN_ENABLE_AUDIT))
1289 if (flags & ~FANOTIFY_INIT_FLAGS)
1294 * A pidfd can only be returned for a thread-group leader; thus
1295 * FAN_REPORT_PIDFD and FAN_REPORT_TID need to remain mutually
1298 if ((flags & FAN_REPORT_PIDFD) && (flags & FAN_REPORT_TID))
1301 if (event_f_flags & ~FANOTIFY_INIT_ALL_EVENT_F_BITS)
1304 switch (event_f_flags & O_ACCMODE) {
1313 if (fid_mode && class != FAN_CLASS_NOTIF)
1317 * Child name is reported with parent fid so requires dir fid.
1318 * We can report both child fid and dir fid with or without name.
1320 if ((fid_mode & FAN_REPORT_NAME) && !(fid_mode & FAN_REPORT_DIR_FID))
1324 * FAN_REPORT_TARGET_FID requires FAN_REPORT_NAME and FAN_REPORT_FID
1325 * and is used as an indication to report both dir and child fid on all
1328 if ((fid_mode & FAN_REPORT_TARGET_FID) &&
1329 (!(fid_mode & FAN_REPORT_NAME) || !(fid_mode & FAN_REPORT_FID)))
1332 f_flags = O_RDWR | FMODE_NONOTIFY;
1333 if (flags & FAN_CLOEXEC)
1334 f_flags |= O_CLOEXEC;
1335 if (flags & FAN_NONBLOCK)
1336 f_flags |= O_NONBLOCK;
1338 /* fsnotify_alloc_group takes a ref. Dropped in fanotify_release */
1339 group = fsnotify_alloc_user_group(&fanotify_fsnotify_ops);
1340 if (IS_ERR(group)) {
1341 return PTR_ERR(group);
1344 /* Enforce groups limits per user in all containing user ns */
1345 group->fanotify_data.ucounts = inc_ucount(current_user_ns(),
1347 UCOUNT_FANOTIFY_GROUPS);
1348 if (!group->fanotify_data.ucounts) {
1350 goto out_destroy_group;
1353 group->fanotify_data.flags = flags | internal_flags;
1354 group->memcg = get_mem_cgroup_from_mm(current->mm);
1356 group->fanotify_data.merge_hash = fanotify_alloc_merge_hash();
1357 if (!group->fanotify_data.merge_hash) {
1359 goto out_destroy_group;
1362 group->overflow_event = fanotify_alloc_overflow_event();
1363 if (unlikely(!group->overflow_event)) {
1365 goto out_destroy_group;
1368 if (force_o_largefile())
1369 event_f_flags |= O_LARGEFILE;
1370 group->fanotify_data.f_flags = event_f_flags;
1371 init_waitqueue_head(&group->fanotify_data.access_waitq);
1372 INIT_LIST_HEAD(&group->fanotify_data.access_list);
1374 case FAN_CLASS_NOTIF:
1375 group->priority = FS_PRIO_0;
1377 case FAN_CLASS_CONTENT:
1378 group->priority = FS_PRIO_1;
1380 case FAN_CLASS_PRE_CONTENT:
1381 group->priority = FS_PRIO_2;
1385 goto out_destroy_group;
1388 if (flags & FAN_UNLIMITED_QUEUE) {
1390 if (!capable(CAP_SYS_ADMIN))
1391 goto out_destroy_group;
1392 group->max_events = UINT_MAX;
1394 group->max_events = fanotify_max_queued_events;
1397 if (flags & FAN_UNLIMITED_MARKS) {
1399 if (!capable(CAP_SYS_ADMIN))
1400 goto out_destroy_group;
1403 if (flags & FAN_ENABLE_AUDIT) {
1405 if (!capable(CAP_AUDIT_WRITE))
1406 goto out_destroy_group;
1409 fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
1411 goto out_destroy_group;
1416 fsnotify_destroy_group(group);
1420 static int fanotify_test_fsid(struct dentry *dentry, __kernel_fsid_t *fsid)
1422 __kernel_fsid_t root_fsid;
1426 * Make sure dentry is not of a filesystem with zero fsid (e.g. fuse).
1428 err = vfs_get_fsid(dentry, fsid);
1432 if (!fsid->val[0] && !fsid->val[1])
1436 * Make sure dentry is not of a filesystem subvolume (e.g. btrfs)
1437 * which uses a different fsid than sb root.
1439 err = vfs_get_fsid(dentry->d_sb->s_root, &root_fsid);
1443 if (root_fsid.val[0] != fsid->val[0] ||
1444 root_fsid.val[1] != fsid->val[1])
1450 /* Check if filesystem can encode a unique fid */
1451 static int fanotify_test_fid(struct dentry *dentry)
1454 * We need to make sure that the file system supports at least
1455 * encoding a file handle so user can use name_to_handle_at() to
1456 * compare fid returned with event to the file handle of watched
1457 * objects. However, name_to_handle_at() requires that the
1458 * filesystem also supports decoding file handles.
1460 if (!dentry->d_sb->s_export_op ||
1461 !dentry->d_sb->s_export_op->fh_to_dentry)
1467 static int fanotify_events_supported(struct path *path, __u64 mask)
1470 * Some filesystems such as 'proc' acquire unusual locks when opening
1471 * files. For them fanotify permission events have high chances of
1472 * deadlocking the system - open done when reporting fanotify event
1473 * blocks on this "unusual" lock while another process holding the lock
1474 * waits for fanotify permission event to be answered. Just disallow
1475 * permission events for such filesystems.
1477 if (mask & FANOTIFY_PERM_EVENTS &&
1478 path->mnt->mnt_sb->s_type->fs_flags & FS_DISALLOW_NOTIFY_PERM)
1483 static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
1484 int dfd, const char __user *pathname)
1486 struct inode *inode = NULL;
1487 struct vfsmount *mnt = NULL;
1488 struct fsnotify_group *group;
1491 __kernel_fsid_t __fsid, *fsid = NULL;
1492 u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS;
1493 unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
1494 bool ignored = flags & FAN_MARK_IGNORED_MASK;
1495 unsigned int obj_type, fid_mode;
1499 pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
1500 __func__, fanotify_fd, flags, dfd, pathname, mask);
1502 /* we only use the lower 32 bits as of right now. */
1503 if (upper_32_bits(mask))
1506 if (flags & ~FANOTIFY_MARK_FLAGS)
1509 switch (mark_type) {
1510 case FAN_MARK_INODE:
1511 obj_type = FSNOTIFY_OBJ_TYPE_INODE;
1513 case FAN_MARK_MOUNT:
1514 obj_type = FSNOTIFY_OBJ_TYPE_VFSMOUNT;
1516 case FAN_MARK_FILESYSTEM:
1517 obj_type = FSNOTIFY_OBJ_TYPE_SB;
1523 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
1525 case FAN_MARK_REMOVE:
1529 case FAN_MARK_FLUSH:
1530 if (flags & ~(FANOTIFY_MARK_TYPE_BITS | FAN_MARK_FLUSH))
1537 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
1538 valid_mask |= FANOTIFY_PERM_EVENTS;
1540 if (mask & ~valid_mask)
1543 /* Event flags (ONDIR, ON_CHILD) are meaningless in ignored mask */
1545 mask &= ~FANOTIFY_EVENT_FLAGS;
1547 f = fdget(fanotify_fd);
1548 if (unlikely(!f.file))
1551 /* verify that this is indeed an fanotify instance */
1553 if (unlikely(f.file->f_op != &fanotify_fops))
1555 group = f.file->private_data;
1558 * An unprivileged user is not allowed to setup mount nor filesystem
1559 * marks. This also includes setting up such marks by a group that
1560 * was initialized by an unprivileged user.
1563 if ((!capable(CAP_SYS_ADMIN) ||
1564 FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV)) &&
1565 mark_type != FAN_MARK_INODE)
1569 * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF. These are not
1570 * allowed to set permissions events.
1573 if (mask & FANOTIFY_PERM_EVENTS &&
1574 group->priority == FS_PRIO_0)
1577 if (mask & FAN_FS_ERROR &&
1578 mark_type != FAN_MARK_FILESYSTEM)
1582 * Events that do not carry enough information to report
1583 * event->fd require a group that supports reporting fid. Those
1584 * events are not supported on a mount mark, because they do not
1585 * carry enough information (i.e. path) to be filtered by mount
1588 fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);
1589 if (mask & ~(FANOTIFY_FD_EVENTS|FANOTIFY_EVENT_FLAGS) &&
1590 (!fid_mode || mark_type == FAN_MARK_MOUNT))
1594 * FAN_RENAME uses special info type records to report the old and
1595 * new parent+name. Reporting only old and new parent id is less
1596 * useful and was not implemented.
1598 if (mask & FAN_RENAME && !(fid_mode & FAN_REPORT_NAME))
1601 if (flags & FAN_MARK_FLUSH) {
1603 if (mark_type == FAN_MARK_MOUNT)
1604 fsnotify_clear_vfsmount_marks_by_group(group);
1605 else if (mark_type == FAN_MARK_FILESYSTEM)
1606 fsnotify_clear_sb_marks_by_group(group);
1608 fsnotify_clear_inode_marks_by_group(group);
1612 ret = fanotify_find_path(dfd, pathname, &path, flags,
1613 (mask & ALL_FSNOTIFY_EVENTS), obj_type);
1617 if (flags & FAN_MARK_ADD) {
1618 ret = fanotify_events_supported(&path, mask);
1620 goto path_put_and_out;
1624 ret = fanotify_test_fsid(path.dentry, &__fsid);
1626 goto path_put_and_out;
1628 ret = fanotify_test_fid(path.dentry);
1630 goto path_put_and_out;
1635 /* inode held in place by reference to path; group by fget on fd */
1636 if (mark_type == FAN_MARK_INODE)
1637 inode = path.dentry->d_inode;
1641 /* Mask out FAN_EVENT_ON_CHILD flag for sb/mount/non-dir marks */
1642 if (mnt || !S_ISDIR(inode->i_mode)) {
1643 mask &= ~FAN_EVENT_ON_CHILD;
1644 umask = FAN_EVENT_ON_CHILD;
1646 * If group needs to report parent fid, register for getting
1647 * events with parent/name info for non-directory.
1649 if ((fid_mode & FAN_REPORT_DIR_FID) &&
1650 (flags & FAN_MARK_ADD) && !ignored)
1651 mask |= FAN_EVENT_ON_CHILD;
1654 /* create/update an inode mark */
1655 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE)) {
1657 if (mark_type == FAN_MARK_MOUNT)
1658 ret = fanotify_add_vfsmount_mark(group, mnt, mask,
1660 else if (mark_type == FAN_MARK_FILESYSTEM)
1661 ret = fanotify_add_sb_mark(group, mnt->mnt_sb, mask,
1664 ret = fanotify_add_inode_mark(group, inode, mask,
1667 case FAN_MARK_REMOVE:
1668 if (mark_type == FAN_MARK_MOUNT)
1669 ret = fanotify_remove_vfsmount_mark(group, mnt, mask,
1671 else if (mark_type == FAN_MARK_FILESYSTEM)
1672 ret = fanotify_remove_sb_mark(group, mnt->mnt_sb, mask,
1675 ret = fanotify_remove_inode_mark(group, inode, mask,
1689 #ifndef CONFIG_ARCH_SPLIT_ARG64
1690 SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags,
1691 __u64, mask, int, dfd,
1692 const char __user *, pathname)
1694 return do_fanotify_mark(fanotify_fd, flags, mask, dfd, pathname);
1698 #if defined(CONFIG_ARCH_SPLIT_ARG64) || defined(CONFIG_COMPAT)
1699 SYSCALL32_DEFINE6(fanotify_mark,
1700 int, fanotify_fd, unsigned int, flags,
1701 SC_ARG64(mask), int, dfd,
1702 const char __user *, pathname)
1704 return do_fanotify_mark(fanotify_fd, flags, SC_VAL64(__u64, mask),
1710 * fanotify_user_setup - Our initialization function. Note that we cannot return
1711 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
1712 * must result in panic().
1714 static int __init fanotify_user_setup(void)
1721 * Allow up to 1% of addressable memory to be accounted for per user
1722 * marks limited to the range [8192, 1048576]. mount and sb marks are
1723 * a lot cheaper than inode marks, but there is no reason for a user
1724 * to have many of those, so calculate by the cost of inode marks.
1726 max_marks = (((si.totalram - si.totalhigh) / 100) << PAGE_SHIFT) /
1728 max_marks = clamp(max_marks, FANOTIFY_OLD_DEFAULT_MAX_MARKS,
1729 FANOTIFY_DEFAULT_MAX_USER_MARKS);
1731 BUILD_BUG_ON(FANOTIFY_INIT_FLAGS & FANOTIFY_INTERNAL_GROUP_FLAGS);
1732 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 12);
1733 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9);
1735 fanotify_mark_cache = KMEM_CACHE(fsnotify_mark,
1736 SLAB_PANIC|SLAB_ACCOUNT);
1737 fanotify_fid_event_cachep = KMEM_CACHE(fanotify_fid_event,
1739 fanotify_path_event_cachep = KMEM_CACHE(fanotify_path_event,
1741 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS)) {
1742 fanotify_perm_event_cachep =
1743 KMEM_CACHE(fanotify_perm_event, SLAB_PANIC);
1746 fanotify_max_queued_events = FANOTIFY_DEFAULT_MAX_EVENTS;
1747 init_user_ns.ucount_max[UCOUNT_FANOTIFY_GROUPS] =
1748 FANOTIFY_DEFAULT_MAX_GROUPS;
1749 init_user_ns.ucount_max[UCOUNT_FANOTIFY_MARKS] = max_marks;
1750 fanotify_sysctls_init();
1754 device_initcall(fanotify_user_setup);
projects / linux-2.6-microblaze.git / blob