| #include <linux/fcntl.h> |
| #include <linux/file.h> |
| #include <linux/fs.h> |
| #include <linux/anon_inodes.h> |
| #include <linux/fsnotify_backend.h> |
| #include <linux/init.h> |
| #include <linux/mount.h> |
| #include <linux/namei.h> |
| #include <linux/poll.h> |
| #include <linux/security.h> |
| #include <linux/syscalls.h> |
| #include <linux/types.h> |
| #include <linux/uaccess.h> |
| |
| #include <asm/ioctls.h> |
| |
| #include "fanotify.h" |
| |
| static struct kmem_cache *fanotify_mark_cache __read_mostly; |
| |
| /* |
| * Get an fsnotify notification event if one exists and is small |
| * enough to fit in "count". Return an error pointer if the count |
| * is not large enough. |
| * |
| * Called with the group->notification_mutex held. |
| */ |
| static struct fsnotify_event *get_one_event(struct fsnotify_group *group, |
| size_t count) |
| { |
| BUG_ON(!mutex_is_locked(&group->notification_mutex)); |
| |
| pr_debug("%s: group=%p count=%zd\n", __func__, group, count); |
| |
| if (fsnotify_notify_queue_is_empty(group)) |
| return NULL; |
| |
| if (FAN_EVENT_METADATA_LEN > count) |
| return ERR_PTR(-EINVAL); |
| |
| /* held the notification_mutex the whole time, so this is the |
| * same event we peeked above */ |
| return fsnotify_remove_notify_event(group); |
| } |
| |
| static int create_and_fill_fd(struct fsnotify_group *group, |
| struct fanotify_event_metadata *metadata, |
| struct fsnotify_event *event) |
| { |
| int client_fd; |
| struct dentry *dentry; |
| struct vfsmount *mnt; |
| struct file *new_file; |
| |
| pr_debug("%s: group=%p metadata=%p event=%p\n", __func__, group, |
| metadata, event); |
| |
| client_fd = get_unused_fd(); |
| if (client_fd < 0) |
| return client_fd; |
| |
| if (event->data_type != FSNOTIFY_EVENT_PATH) { |
| WARN_ON(1); |
| put_unused_fd(client_fd); |
| return -EINVAL; |
| } |
| |
| /* |
| * we need a new file handle for the userspace program so it can read even if it was |
| * originally opened O_WRONLY. |
| */ |
| dentry = dget(event->path.dentry); |
| mnt = mntget(event->path.mnt); |
| /* it's possible this event was an overflow event. in that case dentry and mnt |
| * are NULL; That's fine, just don't call dentry open */ |
| if (dentry && mnt) |
| new_file = dentry_open(dentry, mnt, |
| O_RDONLY | O_LARGEFILE | FMODE_NONOTIFY, |
| current_cred()); |
| else |
| new_file = ERR_PTR(-EOVERFLOW); |
| if (IS_ERR(new_file)) { |
| /* |
| * we still send an event even if we can't open the file. this |
| * can happen when say tasks are gone and we try to open their |
| * /proc files or we try to open a WRONLY file like in sysfs |
| * we just send the errno to userspace since there isn't much |
| * else we can do. |
| */ |
| put_unused_fd(client_fd); |
| client_fd = PTR_ERR(new_file); |
| } else { |
| fd_install(client_fd, new_file); |
| } |
| |
| metadata->fd = client_fd; |
| |
| return 0; |
| } |
| |
| static ssize_t fill_event_metadata(struct fsnotify_group *group, |
| struct fanotify_event_metadata *metadata, |
| struct fsnotify_event *event) |
| { |
| pr_debug("%s: group=%p metadata=%p event=%p\n", __func__, |
| group, metadata, event); |
| |
| metadata->event_len = FAN_EVENT_METADATA_LEN; |
| metadata->vers = FANOTIFY_METADATA_VERSION; |
| metadata->mask = fanotify_outgoing_mask(event->mask); |
| |
| return create_and_fill_fd(group, metadata, event); |
| |
| } |
| |
| static ssize_t copy_event_to_user(struct fsnotify_group *group, |
| struct fsnotify_event *event, |
| char __user *buf) |
| { |
| struct fanotify_event_metadata fanotify_event_metadata; |
| int ret; |
| |
| pr_debug("%s: group=%p event=%p\n", __func__, group, event); |
| |
| ret = fill_event_metadata(group, &fanotify_event_metadata, event); |
| if (ret) |
| return ret; |
| |
| if (copy_to_user(buf, &fanotify_event_metadata, FAN_EVENT_METADATA_LEN)) |
| return -EFAULT; |
| |
| return FAN_EVENT_METADATA_LEN; |
| } |
| |
| /* intofiy userspace file descriptor functions */ |
| static unsigned int fanotify_poll(struct file *file, poll_table *wait) |
| { |
| struct fsnotify_group *group = file->private_data; |
| int ret = 0; |
| |
| poll_wait(file, &group->notification_waitq, wait); |
| mutex_lock(&group->notification_mutex); |
| if (!fsnotify_notify_queue_is_empty(group)) |
| ret = POLLIN | POLLRDNORM; |
| mutex_unlock(&group->notification_mutex); |
| |
| return ret; |
| } |
| |
| static ssize_t fanotify_read(struct file *file, char __user *buf, |
| size_t count, loff_t *pos) |
| { |
| struct fsnotify_group *group; |
| struct fsnotify_event *kevent; |
| char __user *start; |
| int ret; |
| DEFINE_WAIT(wait); |
| |
| start = buf; |
| group = file->private_data; |
| |
| pr_debug("%s: group=%p\n", __func__, group); |
| |
| while (1) { |
| prepare_to_wait(&group->notification_waitq, &wait, TASK_INTERRUPTIBLE); |
| |
| mutex_lock(&group->notification_mutex); |
| kevent = get_one_event(group, count); |
| mutex_unlock(&group->notification_mutex); |
| |
| if (kevent) { |
| ret = PTR_ERR(kevent); |
| if (IS_ERR(kevent)) |
| break; |
| ret = copy_event_to_user(group, kevent, buf); |
| fsnotify_put_event(kevent); |
| if (ret < 0) |
| break; |
| buf += ret; |
| count -= ret; |
| continue; |
| } |
| |
| ret = -EAGAIN; |
| if (file->f_flags & O_NONBLOCK) |
| break; |
| ret = -EINTR; |
| if (signal_pending(current)) |
| break; |
| |
| if (start != buf) |
| break; |
| |
| schedule(); |
| } |
| |
| finish_wait(&group->notification_waitq, &wait); |
| if (start != buf && ret != -EFAULT) |
| ret = buf - start; |
| return ret; |
| } |
| |
| static int fanotify_release(struct inode *ignored, struct file *file) |
| { |
| struct fsnotify_group *group = file->private_data; |
| |
| pr_debug("%s: file=%p group=%p\n", __func__, file, group); |
| |
| /* matches the fanotify_init->fsnotify_alloc_group */ |
| fsnotify_put_group(group); |
| |
| return 0; |
| } |
| |
| static long fanotify_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
| { |
| struct fsnotify_group *group; |
| struct fsnotify_event_holder *holder; |
| void __user *p; |
| int ret = -ENOTTY; |
| size_t send_len = 0; |
| |
| group = file->private_data; |
| |
| p = (void __user *) arg; |
| |
| switch (cmd) { |
| case FIONREAD: |
| mutex_lock(&group->notification_mutex); |
| list_for_each_entry(holder, &group->notification_list, event_list) |
| send_len += FAN_EVENT_METADATA_LEN; |
| mutex_unlock(&group->notification_mutex); |
| ret = put_user(send_len, (int __user *) p); |
| break; |
| } |
| |
| return ret; |
| } |
| |
| static const struct file_operations fanotify_fops = { |
| .poll = fanotify_poll, |
| .read = fanotify_read, |
| .fasync = NULL, |
| .release = fanotify_release, |
| .unlocked_ioctl = fanotify_ioctl, |
| .compat_ioctl = fanotify_ioctl, |
| }; |
| |
| static void fanotify_free_mark(struct fsnotify_mark *fsn_mark) |
| { |
| kmem_cache_free(fanotify_mark_cache, fsn_mark); |
| } |
| |
| static int fanotify_find_path(int dfd, const char __user *filename, |
| struct path *path, unsigned int flags) |
| { |
| int ret; |
| |
| pr_debug("%s: dfd=%d filename=%p flags=%x\n", __func__, |
| dfd, filename, flags); |
| |
| if (filename == NULL) { |
| struct file *file; |
| int fput_needed; |
| |
| ret = -EBADF; |
| file = fget_light(dfd, &fput_needed); |
| if (!file) |
| goto out; |
| |
| ret = -ENOTDIR; |
| if ((flags & FAN_MARK_ONLYDIR) && |
| !(S_ISDIR(file->f_path.dentry->d_inode->i_mode))) { |
| fput_light(file, fput_needed); |
| goto out; |
| } |
| |
| *path = file->f_path; |
| path_get(path); |
| fput_light(file, fput_needed); |
| } else { |
| unsigned int lookup_flags = 0; |
| |
| if (!(flags & FAN_MARK_DONT_FOLLOW)) |
| lookup_flags |= LOOKUP_FOLLOW; |
| if (flags & FAN_MARK_ONLYDIR) |
| lookup_flags |= LOOKUP_DIRECTORY; |
| |
| ret = user_path_at(dfd, filename, lookup_flags, path); |
| if (ret) |
| goto out; |
| } |
| |
| /* you can only watch an inode if you have read permissions on it */ |
| ret = inode_permission(path->dentry->d_inode, MAY_READ); |
| if (ret) |
| path_put(path); |
| out: |
| return ret; |
| } |
| |
| static int fanotify_remove_mark(struct fsnotify_group *group, |
| struct inode *inode, |
| __u32 mask) |
| { |
| struct fsnotify_mark *fsn_mark; |
| __u32 new_mask; |
| |
| pr_debug("%s: group=%p inode=%p mask=%x\n", __func__, |
| group, inode, mask); |
| |
| fsn_mark = fsnotify_find_mark(group, inode); |
| if (!fsn_mark) |
| return -ENOENT; |
| |
| spin_lock(&fsn_mark->lock); |
| fsn_mark->mask &= ~mask; |
| new_mask = fsn_mark->mask; |
| spin_unlock(&fsn_mark->lock); |
| |
| if (!new_mask) |
| fsnotify_destroy_mark(fsn_mark); |
| else |
| fsnotify_recalc_inode_mask(inode); |
| |
| fsnotify_recalc_group_mask(group); |
| |
| /* matches the fsnotify_find_mark() */ |
| fsnotify_put_mark(fsn_mark); |
| |
| return 0; |
| } |
| |
| static int fanotify_add_mark(struct fsnotify_group *group, |
| struct inode *inode, |
| __u32 mask) |
| { |
| struct fsnotify_mark *fsn_mark; |
| __u32 old_mask, new_mask; |
| int ret; |
| |
| pr_debug("%s: group=%p inode=%p mask=%x\n", __func__, |
| group, inode, mask); |
| |
| fsn_mark = fsnotify_find_mark(group, inode); |
| if (!fsn_mark) { |
| struct fsnotify_mark *new_fsn_mark; |
| |
| ret = -ENOMEM; |
| new_fsn_mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL); |
| if (!new_fsn_mark) |
| goto out; |
| |
| fsnotify_init_mark(new_fsn_mark, fanotify_free_mark); |
| ret = fsnotify_add_mark(new_fsn_mark, group, inode, 0); |
| if (ret) { |
| fanotify_free_mark(new_fsn_mark); |
| goto out; |
| } |
| |
| fsn_mark = new_fsn_mark; |
| } |
| |
| ret = 0; |
| |
| spin_lock(&fsn_mark->lock); |
| old_mask = fsn_mark->mask; |
| fsn_mark->mask |= mask; |
| new_mask = fsn_mark->mask; |
| spin_unlock(&fsn_mark->lock); |
| |
| /* we made changes to a mask, update the group mask and the inode mask |
| * so things happen quickly. */ |
| if (old_mask != new_mask) { |
| /* more bits in old than in new? */ |
| int dropped = (old_mask & ~new_mask); |
| /* more bits in this mark than the inode's mask? */ |
| int do_inode = (new_mask & ~inode->i_fsnotify_mask); |
| /* more bits in this mark than the group? */ |
| int do_group = (new_mask & ~group->mask); |
| |
| /* update the inode with this new mark */ |
| if (dropped || do_inode) |
| fsnotify_recalc_inode_mask(inode); |
| |
| /* update the group mask with the new mask */ |
| if (dropped || do_group) |
| fsnotify_recalc_group_mask(group); |
| } |
| |
| /* match the init or the find.... */ |
| fsnotify_put_mark(fsn_mark); |
| out: |
| return ret; |
| } |
| |
| static int fanotify_update_mark(struct fsnotify_group *group, |
| struct inode *inode, int flags, |
| __u32 mask) |
| { |
| pr_debug("%s: group=%p inode=%p flags=%x mask=%x\n", __func__, |
| group, inode, flags, mask); |
| |
| if (flags & FAN_MARK_ADD) |
| fanotify_add_mark(group, inode, mask); |
| else if (flags & FAN_MARK_REMOVE) |
| fanotify_remove_mark(group, inode, mask); |
| else |
| BUG(); |
| |
| return 0; |
| } |
| |
| static bool fanotify_mark_validate_input(int flags, |
| __u32 mask) |
| { |
| pr_debug("%s: flags=%x mask=%x\n", __func__, flags, mask); |
| |
| /* are flags valid of this operation? */ |
| if (!fanotify_mark_flags_valid(flags)) |
| return false; |
| /* is the mask valid? */ |
| if (!fanotify_mask_valid(mask)) |
| return false; |
| return true; |
| } |
| |
| /* fanotify syscalls */ |
| SYSCALL_DEFINE3(fanotify_init, unsigned int, flags, unsigned int, event_f_flags, |
| unsigned int, priority) |
| { |
| struct fsnotify_group *group; |
| int f_flags, fd; |
| |
| pr_debug("%s: flags=%d event_f_flags=%d priority=%d\n", |
| __func__, flags, event_f_flags, priority); |
| |
| if (event_f_flags) |
| return -EINVAL; |
| if (priority) |
| return -EINVAL; |
| |
| if (!capable(CAP_SYS_ADMIN)) |
| return -EACCES; |
| |
| if (flags & ~FAN_ALL_INIT_FLAGS) |
| return -EINVAL; |
| |
| f_flags = (O_RDONLY | FMODE_NONOTIFY); |
| if (flags & FAN_CLOEXEC) |
| f_flags |= O_CLOEXEC; |
| if (flags & FAN_NONBLOCK) |
| f_flags |= O_NONBLOCK; |
| |
| /* fsnotify_alloc_group takes a ref. Dropped in fanotify_release */ |
| group = fsnotify_alloc_group(&fanotify_fsnotify_ops); |
| if (IS_ERR(group)) |
| return PTR_ERR(group); |
| |
| fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags); |
| if (fd < 0) |
| goto out_put_group; |
| |
| return fd; |
| |
| out_put_group: |
| fsnotify_put_group(group); |
| return fd; |
| } |
| |
| SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags, |
| __u64, mask, int, dfd, const char __user *, pathname) |
| { |
| struct inode *inode; |
| struct fsnotify_group *group; |
| struct file *filp; |
| struct path path; |
| int ret, fput_needed; |
| |
| pr_debug("%s: fanotify_fd=%d flags=%x dfd=%d pathname=%p mask=%llx\n", |
| __func__, fanotify_fd, flags, dfd, pathname, mask); |
| |
| /* we only use the lower 32 bits as of right now. */ |
| if (mask & ((__u64)0xffffffff << 32)) |
| return -EINVAL; |
| |
| if (!fanotify_mark_validate_input(flags, mask)) |
| return -EINVAL; |
| |
| filp = fget_light(fanotify_fd, &fput_needed); |
| if (unlikely(!filp)) |
| return -EBADF; |
| |
| /* verify that this is indeed an fanotify instance */ |
| ret = -EINVAL; |
| if (unlikely(filp->f_op != &fanotify_fops)) |
| goto fput_and_out; |
| |
| ret = fanotify_find_path(dfd, pathname, &path, flags); |
| if (ret) |
| goto fput_and_out; |
| |
| /* inode held in place by reference to path; group by fget on fd */ |
| inode = path.dentry->d_inode; |
| group = filp->private_data; |
| |
| /* create/update an inode mark */ |
| ret = fanotify_update_mark(group, inode, flags, mask); |
| |
| path_put(&path); |
| fput_and_out: |
| fput_light(filp, fput_needed); |
| return ret; |
| } |
| |
| /* |
| * fanotify_user_setup - Our initialization function. Note that we cannnot return |
| * error because we have compiled-in VFS hooks. So an (unlikely) failure here |
| * must result in panic(). |
| */ |
| static int __init fanotify_user_setup(void) |
| { |
| fanotify_mark_cache = KMEM_CACHE(fsnotify_mark, SLAB_PANIC); |
| |
| return 0; |
| } |
| device_initcall(fanotify_user_setup); |