1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/fanotify.h>
3 #include <linux/fcntl.h>
4 #include <linux/file.h>
6 #include <linux/anon_inodes.h>
7 #include <linux/fsnotify_backend.h>
8 #include <linux/init.h>
9 #include <linux/mount.h>
10 #include <linux/namei.h>
11 #include <linux/poll.h>
12 #include <linux/security.h>
13 #include <linux/syscalls.h>
14 #include <linux/slab.h>
15 #include <linux/types.h>
16 #include <linux/uaccess.h>
17 #include <linux/compat.h>
18 #include <linux/sched/signal.h>
19 #include <linux/memcontrol.h>
20 #include <linux/statfs.h>
21 #include <linux/exportfs.h>
23 #include <asm/ioctls.h>
25 #include "../../mount.h"
26 #include "../fdinfo.h"
29 #define FANOTIFY_DEFAULT_MAX_EVENTS 16384
30 #define FANOTIFY_DEFAULT_MAX_MARKS 8192
31 #define FANOTIFY_DEFAULT_MAX_LISTENERS 128
34 * All flags that may be specified in parameter event_f_flags of fanotify_init.
36 * Internal and external open flags are stored together in field f_flags of
37 * struct file. Only external open flags shall be allowed in event_f_flags.
38 * Internal flags like FMODE_NONOTIFY, FMODE_EXEC, FMODE_NOCMTIME shall be
41 #define FANOTIFY_INIT_ALL_EVENT_F_BITS ( \
42 O_ACCMODE | O_APPEND | O_NONBLOCK | \
43 __O_SYNC | O_DSYNC | O_CLOEXEC | \
44 O_LARGEFILE | O_NOATIME )
46 extern const struct fsnotify_ops fanotify_fsnotify_ops;
48 struct kmem_cache *fanotify_mark_cache __read_mostly;
49 struct kmem_cache *fanotify_fid_event_cachep __read_mostly;
50 struct kmem_cache *fanotify_path_event_cachep __read_mostly;
51 struct kmem_cache *fanotify_perm_event_cachep __read_mostly;
53 #define FANOTIFY_EVENT_ALIGN 4
54 #define FANOTIFY_INFO_HDR_LEN \
55 (sizeof(struct fanotify_event_info_fid) + sizeof(struct file_handle))
57 static int fanotify_fid_info_len(int fh_len, int name_len)
59 int info_len = fh_len;
62 info_len += name_len + 1;
64 return roundup(FANOTIFY_INFO_HDR_LEN + info_len, FANOTIFY_EVENT_ALIGN);
67 static int fanotify_event_info_len(struct fanotify_event *event)
70 int fh_len = fanotify_event_object_fh_len(event);
73 info_len += fanotify_fid_info_len(fh_len, 0);
75 if (fanotify_event_name_len(event)) {
76 struct fanotify_name_event *fne = FANOTIFY_NE(event);
78 info_len += fanotify_fid_info_len(fne->dir_fh.len,
86 * Get an fanotify notification event if one exists and is small
87 * enough to fit in "count". Return an error pointer if the count
88 * is not large enough. When permission event is dequeued, its state is
89 * updated accordingly.
91 static struct fanotify_event *get_one_event(struct fsnotify_group *group,
94 size_t event_size = FAN_EVENT_METADATA_LEN;
95 struct fanotify_event *event = NULL;
97 pr_debug("%s: group=%p count=%zd\n", __func__, group, count);
99 spin_lock(&group->notification_lock);
100 if (fsnotify_notify_queue_is_empty(group))
103 if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
104 event_size += fanotify_event_info_len(
105 FANOTIFY_E(fsnotify_peek_first_event(group)));
108 if (event_size > count) {
109 event = ERR_PTR(-EINVAL);
112 event = FANOTIFY_E(fsnotify_remove_first_event(group));
113 if (fanotify_is_perm_event(event->mask))
114 FANOTIFY_PERM(event)->state = FAN_EVENT_REPORTED;
116 spin_unlock(&group->notification_lock);
120 static int create_fd(struct fsnotify_group *group, struct path *path,
124 struct file *new_file;
126 client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
131 * we need a new file handle for the userspace program so it can read even if it was
132 * originally opened O_WRONLY.
134 new_file = dentry_open(path,
135 group->fanotify_data.f_flags | FMODE_NONOTIFY,
137 if (IS_ERR(new_file)) {
139 * we still send an event even if we can't open the file. this
140 * can happen when say tasks are gone and we try to open their
141 * /proc files or we try to open a WRONLY file like in sysfs
142 * we just send the errno to userspace since there isn't much
145 put_unused_fd(client_fd);
146 client_fd = PTR_ERR(new_file);
155 * Finish processing of permission event by setting it to ANSWERED state and
156 * drop group->notification_lock.
158 static void finish_permission_event(struct fsnotify_group *group,
159 struct fanotify_perm_event *event,
160 unsigned int response)
161 __releases(&group->notification_lock)
163 bool destroy = false;
165 assert_spin_locked(&group->notification_lock);
166 event->response = response;
167 if (event->state == FAN_EVENT_CANCELED)
170 event->state = FAN_EVENT_ANSWERED;
171 spin_unlock(&group->notification_lock);
173 fsnotify_destroy_event(group, &event->fae.fse);
176 static int process_access_response(struct fsnotify_group *group,
177 struct fanotify_response *response_struct)
179 struct fanotify_perm_event *event;
180 int fd = response_struct->fd;
181 int response = response_struct->response;
183 pr_debug("%s: group=%p fd=%d response=%d\n", __func__, group,
186 * make sure the response is valid, if invalid we do nothing and either
187 * userspace can send a valid response or we will clean it up after the
190 switch (response & ~FAN_AUDIT) {
201 if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT))
204 spin_lock(&group->notification_lock);
205 list_for_each_entry(event, &group->fanotify_data.access_list,
210 list_del_init(&event->fae.fse.list);
211 finish_permission_event(group, event, response);
212 wake_up(&group->fanotify_data.access_waitq);
215 spin_unlock(&group->notification_lock);
220 static int copy_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
221 const char *name, size_t name_len,
222 char __user *buf, size_t count)
224 struct fanotify_event_info_fid info = { };
225 struct file_handle handle = { };
226 unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh_buf;
227 size_t fh_len = fh ? fh->len : 0;
228 size_t info_len = fanotify_fid_info_len(fh_len, name_len);
229 size_t len = info_len;
231 pr_debug("%s: fh_len=%zu name_len=%zu, info_len=%zu, count=%zu\n",
232 __func__, fh_len, name_len, info_len, count);
234 if (!fh_len || (name && !name_len))
237 if (WARN_ON_ONCE(len < sizeof(info) || len > count))
241 * Copy event info fid header followed by variable sized file handle
242 * and optionally followed by variable sized filename.
244 info.hdr.info_type = name_len ? FAN_EVENT_INFO_TYPE_DFID_NAME :
245 FAN_EVENT_INFO_TYPE_FID;
248 if (copy_to_user(buf, &info, sizeof(info)))
253 if (WARN_ON_ONCE(len < sizeof(handle)))
256 handle.handle_type = fh->type;
257 handle.handle_bytes = fh_len;
258 if (copy_to_user(buf, &handle, sizeof(handle)))
261 buf += sizeof(handle);
262 len -= sizeof(handle);
263 if (WARN_ON_ONCE(len < fh_len))
267 * For an inline fh and inline file name, copy through stack to exclude
268 * the copy from usercopy hardening protections.
270 fh_buf = fanotify_fh_buf(fh);
271 if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
272 memcpy(bounce, fh_buf, fh_len);
275 if (copy_to_user(buf, fh_buf, fh_len))
282 /* Copy the filename with terminating null */
284 if (WARN_ON_ONCE(len < name_len))
287 if (copy_to_user(buf, name, name_len))
295 WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
296 if (len > 0 && clear_user(buf, len))
302 static ssize_t copy_event_to_user(struct fsnotify_group *group,
303 struct fanotify_event *event,
304 char __user *buf, size_t count)
306 struct fanotify_event_metadata metadata;
307 struct path *path = fanotify_event_path(event);
308 struct file *f = NULL;
309 int ret, fd = FAN_NOFD;
311 pr_debug("%s: group=%p event=%p\n", __func__, group, event);
313 metadata.event_len = FAN_EVENT_METADATA_LEN +
314 fanotify_event_info_len(event);
315 metadata.metadata_len = FAN_EVENT_METADATA_LEN;
316 metadata.vers = FANOTIFY_METADATA_VERSION;
317 metadata.reserved = 0;
318 metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS;
319 metadata.pid = pid_vnr(event->pid);
321 if (path && path->mnt && path->dentry) {
322 fd = create_fd(group, path, &f);
330 * Sanity check copy size in case get_one_event() and
331 * fill_event_metadata() event_len sizes ever get out of sync.
333 if (WARN_ON_ONCE(metadata.event_len > count))
336 if (copy_to_user(buf, &metadata, FAN_EVENT_METADATA_LEN))
339 buf += FAN_EVENT_METADATA_LEN;
340 count -= FAN_EVENT_METADATA_LEN;
342 if (fanotify_is_perm_event(event->mask))
343 FANOTIFY_PERM(event)->fd = fd;
348 /* Event info records order is: dir fid + name, child fid */
349 if (fanotify_event_name_len(event)) {
350 struct fanotify_name_event *fne = FANOTIFY_NE(event);
352 ret = copy_info_to_user(fanotify_event_fsid(event),
353 fanotify_event_dir_fh(event),
354 fne->name, fne->name_len,
363 if (fanotify_event_object_fh_len(event)) {
364 ret = copy_info_to_user(fanotify_event_fsid(event),
365 fanotify_event_object_fh(event),
366 NULL, 0, buf, count);
374 return metadata.event_len;
377 if (fd != FAN_NOFD) {
384 /* intofiy userspace file descriptor functions */
385 static __poll_t fanotify_poll(struct file *file, poll_table *wait)
387 struct fsnotify_group *group = file->private_data;
390 poll_wait(file, &group->notification_waitq, wait);
391 spin_lock(&group->notification_lock);
392 if (!fsnotify_notify_queue_is_empty(group))
393 ret = EPOLLIN | EPOLLRDNORM;
394 spin_unlock(&group->notification_lock);
399 static ssize_t fanotify_read(struct file *file, char __user *buf,
400 size_t count, loff_t *pos)
402 struct fsnotify_group *group;
403 struct fanotify_event *event;
406 DEFINE_WAIT_FUNC(wait, woken_wake_function);
409 group = file->private_data;
411 pr_debug("%s: group=%p\n", __func__, group);
413 add_wait_queue(&group->notification_waitq, &wait);
415 event = get_one_event(group, count);
417 ret = PTR_ERR(event);
423 if (file->f_flags & O_NONBLOCK)
427 if (signal_pending(current))
433 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
437 ret = copy_event_to_user(group, event, buf, count);
438 if (unlikely(ret == -EOPENSTALE)) {
440 * We cannot report events with stale fd so drop it.
441 * Setting ret to 0 will continue the event loop and
442 * do the right thing if there are no more events to
443 * read (i.e. return bytes read, -EAGAIN or wait).
449 * Permission events get queued to wait for response. Other
450 * events can be destroyed now.
452 if (!fanotify_is_perm_event(event->mask)) {
453 fsnotify_destroy_event(group, &event->fse);
456 spin_lock(&group->notification_lock);
457 finish_permission_event(group,
458 FANOTIFY_PERM(event), FAN_DENY);
459 wake_up(&group->fanotify_data.access_waitq);
461 spin_lock(&group->notification_lock);
462 list_add_tail(&event->fse.list,
463 &group->fanotify_data.access_list);
464 spin_unlock(&group->notification_lock);
472 remove_wait_queue(&group->notification_waitq, &wait);
474 if (start != buf && ret != -EFAULT)
479 static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
481 struct fanotify_response response = { .fd = -1, .response = -1 };
482 struct fsnotify_group *group;
485 if (!IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
488 group = file->private_data;
490 if (count > sizeof(response))
491 count = sizeof(response);
493 pr_debug("%s: group=%p count=%zu\n", __func__, group, count);
495 if (copy_from_user(&response, buf, count))
498 ret = process_access_response(group, &response);
505 static int fanotify_release(struct inode *ignored, struct file *file)
507 struct fsnotify_group *group = file->private_data;
510 * Stop new events from arriving in the notification queue. since
511 * userspace cannot use fanotify fd anymore, no event can enter or
512 * leave access_list by now either.
514 fsnotify_group_stop_queueing(group);
517 * Process all permission events on access_list and notification queue
518 * and simulate reply from userspace.
520 spin_lock(&group->notification_lock);
521 while (!list_empty(&group->fanotify_data.access_list)) {
522 struct fanotify_perm_event *event;
524 event = list_first_entry(&group->fanotify_data.access_list,
525 struct fanotify_perm_event, fae.fse.list);
526 list_del_init(&event->fae.fse.list);
527 finish_permission_event(group, event, FAN_ALLOW);
528 spin_lock(&group->notification_lock);
532 * Destroy all non-permission events. For permission events just
533 * dequeue them and set the response. They will be freed once the
534 * response is consumed and fanotify_get_response() returns.
536 while (!fsnotify_notify_queue_is_empty(group)) {
537 struct fanotify_event *event;
539 event = FANOTIFY_E(fsnotify_remove_first_event(group));
540 if (!(event->mask & FANOTIFY_PERM_EVENTS)) {
541 spin_unlock(&group->notification_lock);
542 fsnotify_destroy_event(group, &event->fse);
544 finish_permission_event(group, FANOTIFY_PERM(event),
547 spin_lock(&group->notification_lock);
549 spin_unlock(&group->notification_lock);
551 /* Response for all permission events it set, wakeup waiters */
552 wake_up(&group->fanotify_data.access_waitq);
554 /* matches the fanotify_init->fsnotify_alloc_group */
555 fsnotify_destroy_group(group);
560 static long fanotify_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
562 struct fsnotify_group *group;
563 struct fsnotify_event *fsn_event;
568 group = file->private_data;
570 p = (void __user *) arg;
574 spin_lock(&group->notification_lock);
575 list_for_each_entry(fsn_event, &group->notification_list, list)
576 send_len += FAN_EVENT_METADATA_LEN;
577 spin_unlock(&group->notification_lock);
578 ret = put_user(send_len, (int __user *) p);
585 static const struct file_operations fanotify_fops = {
586 .show_fdinfo = fanotify_show_fdinfo,
587 .poll = fanotify_poll,
588 .read = fanotify_read,
589 .write = fanotify_write,
591 .release = fanotify_release,
592 .unlocked_ioctl = fanotify_ioctl,
593 .compat_ioctl = compat_ptr_ioctl,
594 .llseek = noop_llseek,
597 static int fanotify_find_path(int dfd, const char __user *filename,
598 struct path *path, unsigned int flags, __u64 mask,
599 unsigned int obj_type)
603 pr_debug("%s: dfd=%d filename=%p flags=%x\n", __func__,
604 dfd, filename, flags);
606 if (filename == NULL) {
607 struct fd f = fdget(dfd);
614 if ((flags & FAN_MARK_ONLYDIR) &&
615 !(S_ISDIR(file_inode(f.file)->i_mode))) {
620 *path = f.file->f_path;
624 unsigned int lookup_flags = 0;
626 if (!(flags & FAN_MARK_DONT_FOLLOW))
627 lookup_flags |= LOOKUP_FOLLOW;
628 if (flags & FAN_MARK_ONLYDIR)
629 lookup_flags |= LOOKUP_DIRECTORY;
631 ret = user_path_at(dfd, filename, lookup_flags, path);
636 /* you can only watch an inode if you have read permissions on it */
637 ret = inode_permission(path->dentry->d_inode, MAY_READ);
643 ret = security_path_notify(path, mask, obj_type);
651 static __u32 fanotify_mark_remove_from_mask(struct fsnotify_mark *fsn_mark,
658 spin_lock(&fsn_mark->lock);
659 if (!(flags & FAN_MARK_IGNORED_MASK)) {
660 oldmask = fsn_mark->mask;
661 fsn_mark->mask &= ~mask;
663 fsn_mark->ignored_mask &= ~mask;
665 *destroy = !(fsn_mark->mask | fsn_mark->ignored_mask);
666 spin_unlock(&fsn_mark->lock);
668 return mask & oldmask;
671 static int fanotify_remove_mark(struct fsnotify_group *group,
672 fsnotify_connp_t *connp, __u32 mask,
675 struct fsnotify_mark *fsn_mark = NULL;
679 mutex_lock(&group->mark_mutex);
680 fsn_mark = fsnotify_find_mark(connp, group);
682 mutex_unlock(&group->mark_mutex);
686 removed = fanotify_mark_remove_from_mask(fsn_mark, mask, flags,
688 if (removed & fsnotify_conn_mask(fsn_mark->connector))
689 fsnotify_recalc_mask(fsn_mark->connector);
691 fsnotify_detach_mark(fsn_mark);
692 mutex_unlock(&group->mark_mutex);
694 fsnotify_free_mark(fsn_mark);
696 /* matches the fsnotify_find_mark() */
697 fsnotify_put_mark(fsn_mark);
701 static int fanotify_remove_vfsmount_mark(struct fsnotify_group *group,
702 struct vfsmount *mnt, __u32 mask,
705 return fanotify_remove_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
709 static int fanotify_remove_sb_mark(struct fsnotify_group *group,
710 struct super_block *sb, __u32 mask,
713 return fanotify_remove_mark(group, &sb->s_fsnotify_marks, mask, flags);
716 static int fanotify_remove_inode_mark(struct fsnotify_group *group,
717 struct inode *inode, __u32 mask,
720 return fanotify_remove_mark(group, &inode->i_fsnotify_marks, mask,
724 static __u32 fanotify_mark_add_to_mask(struct fsnotify_mark *fsn_mark,
730 spin_lock(&fsn_mark->lock);
731 if (!(flags & FAN_MARK_IGNORED_MASK)) {
732 oldmask = fsn_mark->mask;
733 fsn_mark->mask |= mask;
735 fsn_mark->ignored_mask |= mask;
736 if (flags & FAN_MARK_IGNORED_SURV_MODIFY)
737 fsn_mark->flags |= FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY;
739 spin_unlock(&fsn_mark->lock);
741 return mask & ~oldmask;
744 static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
745 fsnotify_connp_t *connp,
747 __kernel_fsid_t *fsid)
749 struct fsnotify_mark *mark;
752 if (atomic_read(&group->num_marks) > group->fanotify_data.max_marks)
753 return ERR_PTR(-ENOSPC);
755 mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL);
757 return ERR_PTR(-ENOMEM);
759 fsnotify_init_mark(mark, group);
760 ret = fsnotify_add_mark_locked(mark, connp, type, 0, fsid);
762 fsnotify_put_mark(mark);
770 static int fanotify_add_mark(struct fsnotify_group *group,
771 fsnotify_connp_t *connp, unsigned int type,
772 __u32 mask, unsigned int flags,
773 __kernel_fsid_t *fsid)
775 struct fsnotify_mark *fsn_mark;
778 mutex_lock(&group->mark_mutex);
779 fsn_mark = fsnotify_find_mark(connp, group);
781 fsn_mark = fanotify_add_new_mark(group, connp, type, fsid);
782 if (IS_ERR(fsn_mark)) {
783 mutex_unlock(&group->mark_mutex);
784 return PTR_ERR(fsn_mark);
787 added = fanotify_mark_add_to_mask(fsn_mark, mask, flags);
788 if (added & ~fsnotify_conn_mask(fsn_mark->connector))
789 fsnotify_recalc_mask(fsn_mark->connector);
790 mutex_unlock(&group->mark_mutex);
792 fsnotify_put_mark(fsn_mark);
796 static int fanotify_add_vfsmount_mark(struct fsnotify_group *group,
797 struct vfsmount *mnt, __u32 mask,
798 unsigned int flags, __kernel_fsid_t *fsid)
800 return fanotify_add_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,
801 FSNOTIFY_OBJ_TYPE_VFSMOUNT, mask, flags, fsid);
804 static int fanotify_add_sb_mark(struct fsnotify_group *group,
805 struct super_block *sb, __u32 mask,
806 unsigned int flags, __kernel_fsid_t *fsid)
808 return fanotify_add_mark(group, &sb->s_fsnotify_marks,
809 FSNOTIFY_OBJ_TYPE_SB, mask, flags, fsid);
812 static int fanotify_add_inode_mark(struct fsnotify_group *group,
813 struct inode *inode, __u32 mask,
814 unsigned int flags, __kernel_fsid_t *fsid)
816 pr_debug("%s: group=%p inode=%p\n", __func__, group, inode);
819 * If some other task has this inode open for write we should not add
820 * an ignored mark, unless that ignored mark is supposed to survive
821 * modification changes anyway.
823 if ((flags & FAN_MARK_IGNORED_MASK) &&
824 !(flags & FAN_MARK_IGNORED_SURV_MODIFY) &&
825 inode_is_open_for_write(inode))
828 return fanotify_add_mark(group, &inode->i_fsnotify_marks,
829 FSNOTIFY_OBJ_TYPE_INODE, mask, flags, fsid);
832 /* fanotify syscalls */
833 SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
835 struct fsnotify_group *group;
837 struct user_struct *user;
838 struct fanotify_event *oevent;
840 pr_debug("%s: flags=%x event_f_flags=%x\n",
841 __func__, flags, event_f_flags);
843 if (!capable(CAP_SYS_ADMIN))
846 #ifdef CONFIG_AUDITSYSCALL
847 if (flags & ~(FANOTIFY_INIT_FLAGS | FAN_ENABLE_AUDIT))
849 if (flags & ~FANOTIFY_INIT_FLAGS)
853 if (event_f_flags & ~FANOTIFY_INIT_ALL_EVENT_F_BITS)
856 switch (event_f_flags & O_ACCMODE) {
865 if ((flags & FAN_REPORT_FID) &&
866 (flags & FANOTIFY_CLASS_BITS) != FAN_CLASS_NOTIF)
869 user = get_current_user();
870 if (atomic_read(&user->fanotify_listeners) > FANOTIFY_DEFAULT_MAX_LISTENERS) {
875 f_flags = O_RDWR | FMODE_NONOTIFY;
876 if (flags & FAN_CLOEXEC)
877 f_flags |= O_CLOEXEC;
878 if (flags & FAN_NONBLOCK)
879 f_flags |= O_NONBLOCK;
881 /* fsnotify_alloc_group takes a ref. Dropped in fanotify_release */
882 group = fsnotify_alloc_group(&fanotify_fsnotify_ops);
885 return PTR_ERR(group);
888 group->fanotify_data.user = user;
889 group->fanotify_data.flags = flags;
890 atomic_inc(&user->fanotify_listeners);
891 group->memcg = get_mem_cgroup_from_mm(current->mm);
893 oevent = fanotify_alloc_event(group, NULL, FS_Q_OVERFLOW, NULL,
894 FSNOTIFY_EVENT_NONE, NULL, NULL);
895 if (unlikely(!oevent)) {
897 goto out_destroy_group;
899 group->overflow_event = &oevent->fse;
901 if (force_o_largefile())
902 event_f_flags |= O_LARGEFILE;
903 group->fanotify_data.f_flags = event_f_flags;
904 init_waitqueue_head(&group->fanotify_data.access_waitq);
905 INIT_LIST_HEAD(&group->fanotify_data.access_list);
906 switch (flags & FANOTIFY_CLASS_BITS) {
907 case FAN_CLASS_NOTIF:
908 group->priority = FS_PRIO_0;
910 case FAN_CLASS_CONTENT:
911 group->priority = FS_PRIO_1;
913 case FAN_CLASS_PRE_CONTENT:
914 group->priority = FS_PRIO_2;
918 goto out_destroy_group;
921 if (flags & FAN_UNLIMITED_QUEUE) {
923 if (!capable(CAP_SYS_ADMIN))
924 goto out_destroy_group;
925 group->max_events = UINT_MAX;
927 group->max_events = FANOTIFY_DEFAULT_MAX_EVENTS;
930 if (flags & FAN_UNLIMITED_MARKS) {
932 if (!capable(CAP_SYS_ADMIN))
933 goto out_destroy_group;
934 group->fanotify_data.max_marks = UINT_MAX;
936 group->fanotify_data.max_marks = FANOTIFY_DEFAULT_MAX_MARKS;
939 if (flags & FAN_ENABLE_AUDIT) {
941 if (!capable(CAP_AUDIT_WRITE))
942 goto out_destroy_group;
945 fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
947 goto out_destroy_group;
952 fsnotify_destroy_group(group);
956 /* Check if filesystem can encode a unique fid */
957 static int fanotify_test_fid(struct path *path, __kernel_fsid_t *fsid)
959 __kernel_fsid_t root_fsid;
963 * Make sure path is not in filesystem with zero fsid (e.g. tmpfs).
965 err = vfs_get_fsid(path->dentry, fsid);
969 if (!fsid->val[0] && !fsid->val[1])
973 * Make sure path is not inside a filesystem subvolume (e.g. btrfs)
974 * which uses a different fsid than sb root.
976 err = vfs_get_fsid(path->dentry->d_sb->s_root, &root_fsid);
980 if (root_fsid.val[0] != fsid->val[0] ||
981 root_fsid.val[1] != fsid->val[1])
985 * We need to make sure that the file system supports at least
986 * encoding a file handle so user can use name_to_handle_at() to
987 * compare fid returned with event to the file handle of watched
988 * objects. However, name_to_handle_at() requires that the
989 * filesystem also supports decoding file handles.
991 if (!path->dentry->d_sb->s_export_op ||
992 !path->dentry->d_sb->s_export_op->fh_to_dentry)
998 static int fanotify_events_supported(struct path *path, __u64 mask)
1001 * Some filesystems such as 'proc' acquire unusual locks when opening
1002 * files. For them fanotify permission events have high chances of
1003 * deadlocking the system - open done when reporting fanotify event
1004 * blocks on this "unusual" lock while another process holding the lock
1005 * waits for fanotify permission event to be answered. Just disallow
1006 * permission events for such filesystems.
1008 if (mask & FANOTIFY_PERM_EVENTS &&
1009 path->mnt->mnt_sb->s_type->fs_flags & FS_DISALLOW_NOTIFY_PERM)
1014 static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
1015 int dfd, const char __user *pathname)
1017 struct inode *inode = NULL;
1018 struct vfsmount *mnt = NULL;
1019 struct fsnotify_group *group;
1022 __kernel_fsid_t __fsid, *fsid = NULL;
1023 u32 valid_mask = FANOTIFY_EVENTS | FANOTIFY_EVENT_FLAGS;
1024 unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
1025 unsigned int obj_type;
1028 pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n",
1029 __func__, fanotify_fd, flags, dfd, pathname, mask);
1031 /* we only use the lower 32 bits as of right now. */
1032 if (mask & ((__u64)0xffffffff << 32))
1035 if (flags & ~FANOTIFY_MARK_FLAGS)
1038 switch (mark_type) {
1039 case FAN_MARK_INODE:
1040 obj_type = FSNOTIFY_OBJ_TYPE_INODE;
1042 case FAN_MARK_MOUNT:
1043 obj_type = FSNOTIFY_OBJ_TYPE_VFSMOUNT;
1045 case FAN_MARK_FILESYSTEM:
1046 obj_type = FSNOTIFY_OBJ_TYPE_SB;
1052 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
1053 case FAN_MARK_ADD: /* fallthrough */
1054 case FAN_MARK_REMOVE:
1058 case FAN_MARK_FLUSH:
1059 if (flags & ~(FANOTIFY_MARK_TYPE_BITS | FAN_MARK_FLUSH))
1066 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS))
1067 valid_mask |= FANOTIFY_PERM_EVENTS;
1069 if (mask & ~valid_mask)
1072 f = fdget(fanotify_fd);
1073 if (unlikely(!f.file))
1076 /* verify that this is indeed an fanotify instance */
1078 if (unlikely(f.file->f_op != &fanotify_fops))
1080 group = f.file->private_data;
1083 * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF. These are not
1084 * allowed to set permissions events.
1087 if (mask & FANOTIFY_PERM_EVENTS &&
1088 group->priority == FS_PRIO_0)
1092 * Events with data type inode do not carry enough information to report
1093 * event->fd, so we do not allow setting a mask for inode events unless
1094 * group supports reporting fid.
1095 * inode events are not supported on a mount mark, because they do not
1096 * carry enough information (i.e. path) to be filtered by mount point.
1098 if (mask & FANOTIFY_INODE_EVENTS &&
1099 (!FAN_GROUP_FLAG(group, FAN_REPORT_FID) ||
1100 mark_type == FAN_MARK_MOUNT))
1103 if (flags & FAN_MARK_FLUSH) {
1105 if (mark_type == FAN_MARK_MOUNT)
1106 fsnotify_clear_vfsmount_marks_by_group(group);
1107 else if (mark_type == FAN_MARK_FILESYSTEM)
1108 fsnotify_clear_sb_marks_by_group(group);
1110 fsnotify_clear_inode_marks_by_group(group);
1114 ret = fanotify_find_path(dfd, pathname, &path, flags,
1115 (mask & ALL_FSNOTIFY_EVENTS), obj_type);
1119 if (flags & FAN_MARK_ADD) {
1120 ret = fanotify_events_supported(&path, mask);
1122 goto path_put_and_out;
1125 if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) {
1126 ret = fanotify_test_fid(&path, &__fsid);
1128 goto path_put_and_out;
1133 /* inode held in place by reference to path; group by fget on fd */
1134 if (mark_type == FAN_MARK_INODE)
1135 inode = path.dentry->d_inode;
1139 /* create/update an inode mark */
1140 switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE)) {
1142 if (mark_type == FAN_MARK_MOUNT)
1143 ret = fanotify_add_vfsmount_mark(group, mnt, mask,
1145 else if (mark_type == FAN_MARK_FILESYSTEM)
1146 ret = fanotify_add_sb_mark(group, mnt->mnt_sb, mask,
1149 ret = fanotify_add_inode_mark(group, inode, mask,
1152 case FAN_MARK_REMOVE:
1153 if (mark_type == FAN_MARK_MOUNT)
1154 ret = fanotify_remove_vfsmount_mark(group, mnt, mask,
1156 else if (mark_type == FAN_MARK_FILESYSTEM)
1157 ret = fanotify_remove_sb_mark(group, mnt->mnt_sb, mask,
1160 ret = fanotify_remove_inode_mark(group, inode, mask,
1174 SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags,
1175 __u64, mask, int, dfd,
1176 const char __user *, pathname)
1178 return do_fanotify_mark(fanotify_fd, flags, mask, dfd, pathname);
1181 #ifdef CONFIG_COMPAT
1182 COMPAT_SYSCALL_DEFINE6(fanotify_mark,
1183 int, fanotify_fd, unsigned int, flags,
1184 __u32, mask0, __u32, mask1, int, dfd,
1185 const char __user *, pathname)
1187 return do_fanotify_mark(fanotify_fd, flags,
1189 ((__u64)mask0 << 32) | mask1,
1191 ((__u64)mask1 << 32) | mask0,
1198 * fanotify_user_setup - Our initialization function. Note that we cannot return
1199 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
1200 * must result in panic().
1202 static int __init fanotify_user_setup(void)
1204 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 8);
1205 BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9);
1207 fanotify_mark_cache = KMEM_CACHE(fsnotify_mark,
1208 SLAB_PANIC|SLAB_ACCOUNT);
1209 fanotify_fid_event_cachep = KMEM_CACHE(fanotify_fid_event,
1211 fanotify_path_event_cachep = KMEM_CACHE(fanotify_path_event,
1213 if (IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS)) {
1214 fanotify_perm_event_cachep =
1215 KMEM_CACHE(fanotify_perm_event, SLAB_PANIC);
1220 device_initcall(fanotify_user_setup);
projects / linux-2.6-microblaze.git / blob