fanotify.c source code [linux/fs/notify/fanotify/fanotify.c]

1	// SPDX-License-Identifier: GPL-2.0
2	#include <linux/fanotify.h>
3	#include <linux/fsnotify_backend.h>
4	#include <linux/init.h>
5	#include <linux/jiffies.h>
6	#include <linux/kernel.h> /* UINT_MAX */
7	#include <linux/mount.h>
8	#include <linux/sched.h>
9	#include <linux/sched/user.h>
10	#include <linux/sched/signal.h>
11	#include <linux/types.h>
12	#include <linux/wait.h>
13	#include <linux/audit.h>
14	#include <linux/sched/mm.h>
15	#include <linux/statfs.h>
16	#include <linux/stringhash.h>
17
18	#include "fanotify.h"
19
20	static bool fanotify_path_equal(const struct path p1, const* struct path *p2)
21	{
22	return p1->mnt == p2->mnt && p1->dentry == p2->dentry;
23	}
24
25	static unsigned int fanotify_hash_path(const struct path *path)
26	{
27	return hash_ptr(ptr: path->dentry, FANOTIFY_EVENT_HASH_BITS) ^
28	hash_ptr(ptr: path->mnt, FANOTIFY_EVENT_HASH_BITS);
29	}
30
31	static unsigned int fanotify_hash_fsid(__kernel_fsid_t *fsid)
32	{
33	return hash_32(val: fsid->val[`0`], FANOTIFY_EVENT_HASH_BITS) ^
34	hash_32(val: fsid->val[`1`], FANOTIFY_EVENT_HASH_BITS);
35	}
36
37	static bool fanotify_fh_equal(struct fanotify_fh *fh1,
38	struct fanotify_fh *fh2)
39	{
40	if (fh1->type != fh2->type \|\| fh1->len != fh2->len)
41	return false;
42
43	return !fh1->len \|\|
44	!memcmp(p: fanotify_fh_buf(fh: fh1), q: fanotify_fh_buf(fh: fh2), size: fh1->len);
45	}
46
47	static unsigned int fanotify_hash_fh(struct fanotify_fh *fh)
48	{
49	long salt = (long)fh->type \| (long)fh->len << `8`;
50
51	/*
52	* full_name_hash() works long by long, so it handles fh buf optimally.
53	*/
54	return full_name_hash(salt: (void *)salt, fanotify_fh_buf(fh), fh->len);
55	}
56
57	static bool fanotify_fid_event_equal(struct fanotify_fid_event *ffe1,
58	struct fanotify_fid_event *ffe2)
59	{
60	/ Do not merge fid events without object fh /
61	if (!ffe1->object_fh.len)
62	return false;
63
64	return fanotify_fsid_equal(fsid1: &ffe1->fsid, fsid2: &ffe2->fsid) &&
65	fanotify_fh_equal(fh1: &ffe1->object_fh, fh2: &ffe2->object_fh);
66	}
67
68	static bool fanotify_info_equal(struct fanotify_info *info1,
69	struct fanotify_info *info2)
70	{
71	if (info1->dir_fh_totlen != info2->dir_fh_totlen \|\|
72	info1->dir2_fh_totlen != info2->dir2_fh_totlen \|\|
73	info1->file_fh_totlen != info2->file_fh_totlen \|\|
74	info1->name_len != info2->name_len \|\|
75	info1->name2_len != info2->name2_len)
76	return false;
77
78	if (info1->dir_fh_totlen &&
79	!fanotify_fh_equal(fh1: fanotify_info_dir_fh(info: info1),
80	fh2: fanotify_info_dir_fh(info: info2)))
81	return false;
82
83	if (info1->dir2_fh_totlen &&
84	!fanotify_fh_equal(fh1: fanotify_info_dir2_fh(info: info1),
85	fh2: fanotify_info_dir2_fh(info: info2)))
86	return false;
87
88	if (info1->file_fh_totlen &&
89	!fanotify_fh_equal(fh1: fanotify_info_file_fh(info: info1),
90	fh2: fanotify_info_file_fh(info: info2)))
91	return false;
92
93	if (info1->name_len &&
94	memcmp(p: fanotify_info_name(info: info1), q: fanotify_info_name(info: info2),
95	size: info1->name_len))
96	return false;
97
98	return !info1->name2_len \|\|
99	!memcmp(p: fanotify_info_name2(info: info1), q: fanotify_info_name2(info: info2),
100	size: info1->name2_len);
101	}
102
103	static bool fanotify_name_event_equal(struct fanotify_name_event *fne1,
104	struct fanotify_name_event *fne2)
105	{
106	struct fanotify_info *info1 = &fne1->info;
107	struct fanotify_info *info2 = &fne2->info;
108
109	/ Do not merge name events without dir fh /
110	if (!info1->dir_fh_totlen)
111	return false;
112
113	if (!fanotify_fsid_equal(fsid1: &fne1->fsid, fsid2: &fne2->fsid))
114	return false;
115
116	return fanotify_info_equal(info1, info2);
117	}
118
119	static bool fanotify_error_event_equal(struct fanotify_error_event *fee1,
120	struct fanotify_error_event *fee2)
121	{
122	/ Error events against the same file system are always merged. /
123	if (!fanotify_fsid_equal(fsid1: &fee1->fsid, fsid2: &fee2->fsid))
124	return false;
125
126	return true;
127	}
128
129	static bool fanotify_should_merge(struct fanotify_event *old,
130	struct fanotify_event *new)
131	{
132	pr_debug("%s: old=%p new=%p\n", __func__, old, new);
133
134	if (old->hash != new->hash \|\|
135	old->type != new->type \|\| old->pid != new->pid)
136	return false;
137
138	/*
139	* We want to merge many dirent events in the same dir (i.e.
140	* creates/unlinks/renames), but we do not want to merge dirent
141	* events referring to subdirs with dirent events referring to
142	* non subdirs, otherwise, user won't be able to tell from a
143	* mask FAN_CREATE\|FAN_DELETE\|FAN_ONDIR if it describes mkdir+
144	* unlink pair or rmdir+create pair of events.
145	*/
146	if ((old->mask & FS_ISDIR) != (new->mask & FS_ISDIR))
147	return false;
148
149	/*
150	* FAN_RENAME event is reported with special info record types,
151	* so we cannot merge it with other events.
152	*/
153	if ((old->mask & FAN_RENAME) != (new->mask & FAN_RENAME))
154	return false;
155
156	switch (old->type) {
157	case FANOTIFY_EVENT_TYPE_PATH:
158	return fanotify_path_equal(p1: fanotify_event_path(event: old),
159	p2: fanotify_event_path(event: new));
160	case FANOTIFY_EVENT_TYPE_FID:
161	return fanotify_fid_event_equal(ffe1: FANOTIFY_FE(event: old),
162	ffe2: FANOTIFY_FE(event: new));
163	case FANOTIFY_EVENT_TYPE_FID_NAME:
164	return fanotify_name_event_equal(fne1: FANOTIFY_NE(event: old),
165	fne2: FANOTIFY_NE(event: new));
166	case FANOTIFY_EVENT_TYPE_FS_ERROR:
167	return fanotify_error_event_equal(fee1: FANOTIFY_EE(event: old),
168	fee2: FANOTIFY_EE(event: new));
169	case FANOTIFY_EVENT_TYPE_MNT:
170	return false;
171	default:
172	WARN_ON_ONCE(`1`);
173	}
174
175	return false;
176	}
177
178	/ Limit event merges to limit CPU overhead per event /
179	#define FANOTIFY_MAX_MERGE_EVENTS 128
180
181	/ and the list better be locked by something too! /
182	static int fanotify_merge(struct fsnotify_group *group,
183	struct fsnotify_event *event)
184	{
185	struct fanotify_event old, new = FANOTIFY_E(fse: event);
186	unsigned int bucket = fanotify_event_hash_bucket(group, event: new);
187	struct hlist_head *hlist = &group->fanotify_data.merge_hash[bucket];
188	int i = `0`;
189
190	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,
191	group, event, bucket);
192
193	/*
194	* Don't merge a permission event with any other event so that we know
195	* the event structure we have created in fanotify_handle_event() is the
196	* one we should check for permission response.
197	*/
198	if (fanotify_is_perm_event(mask: new->mask))
199	return `0`;
200
201	hlist_for_each_entry(old, hlist, merge_list) {
202	if (++i > FANOTIFY_MAX_MERGE_EVENTS)
203	break;
204	if (fanotify_should_merge(old, new)) {
205	old->mask \|= new->mask;
206
207	if (fanotify_is_error_event(mask: old->mask))
208	FANOTIFY_EE(event: old)->err_count++;
209
210	return `1`;
211	}
212	}
213
214	return `0`;
215	}
216
217	/*
218	* Wait for response to permission event. The function also takes care of
219	* freeing the permission event (or offloads that in case the wait is canceled
220	* by a signal). The function returns 0 in case access got allowed by userspace,
221	* -EPERM in case userspace disallowed the access, and -ERESTARTSYS in case
222	* the wait got interrupted by a signal.
223	*/
224	static int fanotify_get_response(struct fsnotify_group *group,
225	struct fanotify_perm_event *event,
226	struct fsnotify_iter_info *iter_info)
227	{
228	int ret, errno;
229
230	pr_debug("%s: group=%p event=%p\n", __func__, group, event);
231
232	ret = wait_event_state(group->fanotify_data.access_waitq,
233	event->state == FAN_EVENT_ANSWERED,
234	(TASK_KILLABLE\|TASK_FREEZABLE));
235
236	/ Signal pending? /
237	if (ret < `0`) {
238	spin_lock(lock: &group->notification_lock);
239	/ Event reported to userspace and no answer yet? /
240	if (event->state == FAN_EVENT_REPORTED) {
241	/ Event will get freed once userspace answers to it /
242	event->state = FAN_EVENT_CANCELED;
243	spin_unlock(lock: &group->notification_lock);
244	return ret;
245	}
246	/ Event not yet reported? Just remove it. /
247	if (event->state == FAN_EVENT_INIT) {
248	fsnotify_remove_queued_event(group, event: &event->fae.fse);
249	/ Permission events are not supposed to be hashed /
250	WARN_ON_ONCE(!hlist_unhashed(&event->fae.merge_list));
251	}
252	/*
253	* Event may be also answered in case signal delivery raced
254	* with wakeup. In that case we have nothing to do besides
255	* freeing the event and reporting error.
256	*/
257	spin_unlock(lock: &group->notification_lock);
258	goto out;
259	}
260
261	/ userspace responded, convert to something usable /
262	switch (event->response & FANOTIFY_RESPONSE_ACCESS) {
263	case FAN_ALLOW:
264	ret = `0`;
265	break;
266	case FAN_DENY:
267	/ Check custom errno from pre-content events /
268	errno = fanotify_get_response_errno(res: event->response);
269	if (errno) {
270	ret = -errno;
271	break;
272	}
273	fallthrough;
274	default:
275	ret = -EPERM;
276	}
277
278	/ Check if the response should be audited /
279	if (event->response & FAN_AUDIT) {
280	u32 response = event->response &
281	(FANOTIFY_RESPONSE_ACCESS \| FANOTIFY_RESPONSE_FLAGS);
282	audit_fanotify(response: response & ~FAN_AUDIT, friar: &event->audit_rule);
283	}
284
285	pr_debug("%s: group=%p event=%p about to return ret=%d\n", __func__,
286	group, event, ret);
287	out:
288	fsnotify_destroy_event(group, event: &event->fae.fse);
289
290	return ret;
291	}
292
293	/*
294	* This function returns a mask for an event that only contains the flags
295	* that have been specifically requested by the user. Flags that may have
296	* been included within the event mask, but have not been explicitly
297	* requested by the user, will not be present in the returned mask.
298	*/
299	static u32 fanotify_group_event_mask(struct fsnotify_group *group,
300	struct fsnotify_iter_info *iter_info,
301	u32 *match_mask, u32 event_mask,
302	const void data, int* data_type,
303	struct inode *dir)
304	{
305	__u32 marks_mask = `0`, marks_ignore_mask = `0`;
306	__u32 test_mask, user_mask = FANOTIFY_OUTGOING_EVENTS \|
307	FANOTIFY_EVENT_FLAGS;
308	const struct path *path = fsnotify_data_path(data, data_type);
309	unsigned int fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);
310	struct fsnotify_mark *mark;
311	bool ondir = event_mask & FAN_ONDIR;
312	int type;
313
314	pr_debug("%s: report_mask=%x mask=%x data=%p data_type=%d\n",
315	__func__, iter_info->report_mask, event_mask, data, data_type);
316
317	if (FAN_GROUP_FLAG(group, FAN_REPORT_MNT)) {
318	if (data_type != FSNOTIFY_EVENT_MNT)
319	return `0`;
320	} else if (!fid_mode) {
321	/ Do we have path to open a file descriptor? /
322	if (!path)
323	return `0`;
324	/ Path type events are only relevant for files and dirs /
325	if (!d_is_reg(dentry: path->dentry) && !d_can_lookup(dentry: path->dentry))
326	return `0`;
327	} else if (!(fid_mode & FAN_REPORT_FID)) {
328	/ Do we have a directory inode to report? /
329	if (!dir && !ondir)
330	return `0`;
331	}
332
333	fsnotify_foreach_iter_mark_type(iter_info, mark, type) {
334	/*
335	* Apply ignore mask depending on event flags in ignore mask.
336	*/
337	marks_ignore_mask \|=
338	fsnotify_effective_ignore_mask(mark, is_dir: ondir, iter_type: type);
339
340	/*
341	* Send the event depending on event flags in mark mask.
342	*/
343	if (!fsnotify_mask_applicable(mask: mark->mask, is_dir: ondir, iter_type: type))
344	continue;
345
346	marks_mask \|= mark->mask;
347
348	/ Record the mark types of this group that matched the event /
349	*match_mask \|= `1U` << type;
350	}
351
352	test_mask = event_mask & marks_mask & ~marks_ignore_mask;
353
354	/*
355	* For dirent modification events (create/delete/move) that do not carry
356	* the child entry name information, we report FAN_ONDIR for mkdir/rmdir
357	* so user can differentiate them from creat/unlink.
358	*
359	* For backward compatibility and consistency, do not report FAN_ONDIR
360	* to user in legacy fanotify mode (reporting fd) and report FAN_ONDIR
361	* to user in fid mode for all event types.
362	*
363	* We never report FAN_EVENT_ON_CHILD to user, but we do pass it in to
364	* fanotify_alloc_event() when group is reporting fid as indication
365	* that event happened on child.
366	*/
367	if (fid_mode) {
368	/ Do not report event flags without any event /
369	if (!(test_mask & ~FANOTIFY_EVENT_FLAGS))
370	return `0`;
371	} else {
372	user_mask &= ~FANOTIFY_EVENT_FLAGS;
373	}
374
375	return test_mask & user_mask;
376	}
377
378	/*
379	* Check size needed to encode fanotify_fh.
380	*
381	* Return size of encoded fh without fanotify_fh header.
382	* Return 0 on failure to encode.
383	*/
384	static int fanotify_encode_fh_len(struct inode *inode)
385	{
386	int dwords = `0`;
387	int fh_len;
388
389	if (!inode)
390	return `0`;
391
392	exportfs_encode_fid(inode, NULL, max_len: &dwords);
393	fh_len = dwords << `2`;
394
395	/*
396	* struct fanotify_error_event might be preallocated and is
397	* limited to MAX_HANDLE_SZ. This should never happen, but
398	* safeguard by forcing an invalid file handle.
399	*/
400	if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ))
401	return `0`;
402
403	return fh_len;
404	}
405
406	/*
407	* Encode fanotify_fh.
408	*
409	* Return total size of encoded fh including fanotify_fh header.
410	* Return 0 on failure to encode.
411	*/
412	static int fanotify_encode_fh(struct fanotify_fh fh, struct* inode *inode,
413	unsigned int fh_len, unsigned int *hash,
414	gfp_t gfp)
415	{
416	int dwords, type = `0`;
417	char *ext_buf = NULL;
418	void *buf = fh + `1`;
419	int err;
420
421	fh->type = FILEID_ROOT;
422	fh->len = `0`;
423	fh->flags = `0`;
424
425	/*
426	* Invalid FHs are used by FAN_FS_ERROR for errors not
427	* linked to any inode. The f_handle won't be reported
428	* back to userspace.
429	*/
430	if (!inode)
431	goto out;
432
433	/*
434	* !gpf means preallocated variable size fh, but fh_len could
435	* be zero in that case if encoding fh len failed.
436	*/
437	err = -ENOENT;
438	if (fh_len < `4` \|\| WARN_ON_ONCE(fh_len % `4`) \|\| fh_len > MAX_HANDLE_SZ)
439	goto out_err;
440
441	/ No external buffer in a variable size allocated fh /
442	if (gfp && fh_len > FANOTIFY_INLINE_FH_LEN) {
443	/ Treat failure to allocate fh as failure to encode fh /
444	err = -ENOMEM;
445	ext_buf = kmalloc(fh_len, gfp);
446	if (!ext_buf)
447	goto out_err;
448
449	*fanotify_fh_ext_buf_ptr(fh) = ext_buf;
450	buf = ext_buf;
451	fh->flags \|= FANOTIFY_FH_FLAG_EXT_BUF;
452	}
453
454	dwords = fh_len >> `2`;
455	type = exportfs_encode_fid(inode, fid: buf, max_len: &dwords);
456	err = -EINVAL;
457	/*
458	* Unlike file_handle, type and len of struct fanotify_fh are u8.
459	* Traditionally, filesystem return handle_type < 0xff, but there
460	* is no enforecement for that in vfs.
461	*/
462	BUILD_BUG_ON(MAX_HANDLE_SZ > `0xff` \|\| FILEID_INVALID > `0xff`);
463	if (type <= `0` \|\| type >= FILEID_INVALID \|\| fh_len != dwords << `2`)
464	goto out_err;
465
466	fh->type = type;
467	fh->len = fh_len;
468
469	out:
470	/*
471	* Mix fh into event merge key. Hash might be NULL in case of
472	* unhashed FID events (i.e. FAN_FS_ERROR).
473	*/
474	if (hash)
475	*hash ^= fanotify_hash_fh(fh);
476
477	return FANOTIFY_FH_HDR_LEN + fh_len;
478
479	out_err:
480	pr_warn_ratelimited("fanotify: failed to encode fid (type=%d, len=%d, err=%i)\n",
481	type, fh_len, err);
482	kfree(objp: ext_buf);
483	*fanotify_fh_ext_buf_ptr(fh) = NULL;
484	/ Report the event without a file identifier on encode error /
485	fh->type = FILEID_INVALID;
486	fh->len = `0`;
487	return `0`;
488	}
489
490	/*
491	* FAN_REPORT_FID is ambiguous in that it reports the fid of the child for
492	* some events and the fid of the parent for create/delete/move events.
493	*
494	* With the FAN_REPORT_TARGET_FID flag, the fid of the child is reported
495	* also in create/delete/move events in addition to the fid of the parent
496	* and the name of the child.
497	*/
498	static inline bool fanotify_report_child_fid(unsigned int fid_mode, u32 mask)
499	{
500	if (mask & ALL_FSNOTIFY_DIRENT_EVENTS)
501	return (fid_mode & FAN_REPORT_TARGET_FID);
502
503	return (fid_mode & FAN_REPORT_FID) && !(mask & FAN_ONDIR);
504	}
505
506	/*
507	* The inode to use as identifier when reporting fid depends on the event
508	* and the group flags.
509	*
510	* With the group flag FAN_REPORT_TARGET_FID, always report the child fid.
511	*
512	* Without the group flag FAN_REPORT_TARGET_FID, report the modified directory
513	* fid on dirent events and the child fid otherwise.
514	*
515	* For example:
516	* FS_ATTRIB reports the child fid even if reported on a watched parent.
517	* FS_CREATE reports the modified dir fid without FAN_REPORT_TARGET_FID.
518	* and reports the created child fid with FAN_REPORT_TARGET_FID.
519	*/
520	static struct inode fanotify_fid_inode(u32 event_mask, const* void *data,
521	int data_type, struct inode *dir,
522	unsigned int fid_mode)
523	{
524	if ((event_mask & ALL_FSNOTIFY_DIRENT_EVENTS) &&
525	!(fid_mode & FAN_REPORT_TARGET_FID))
526	return dir;
527
528	return fsnotify_data_inode(data, data_type);
529	}
530
531	/*
532	* The inode to use as identifier when reporting dir fid depends on the event.
533	* Report the modified directory inode on dirent modification events.
534	* Report the "victim" inode if "victim" is a directory.
535	* Report the parent inode if "victim" is not a directory and event is
536	* reported to parent.
537	* Otherwise, do not report dir fid.
538	*/
539	static struct inode fanotify_dfid_inode(u32 event_mask, const* void *data,
540	int data_type, struct inode *dir)
541	{
542	struct inode *inode = fsnotify_data_inode(data, data_type);
543
544	if (event_mask & ALL_FSNOTIFY_DIRENT_EVENTS)
545	return dir;
546
547	if (inode && S_ISDIR(inode->i_mode))
548	return inode;
549
550	return dir;
551	}
552
553	static struct fanotify_event fanotify_alloc_path_event(const* struct path *path,
554	unsigned int *hash,
555	gfp_t gfp)
556	{
557	struct fanotify_path_event *pevent;
558
559	pevent = kmem_cache_alloc(fanotify_path_event_cachep, gfp);
560	if (!pevent)
561	return NULL;
562
563	pevent->fae.type = FANOTIFY_EVENT_TYPE_PATH;
564	pevent->path = *path;
565	*hash ^= fanotify_hash_path(path);
566	path_get(path);
567
568	return &pevent->fae;
569	}
570
571	static struct fanotify_event *fanotify_alloc_mnt_event(u64 mnt_id, gfp_t gfp)
572	{
573	struct fanotify_mnt_event *pevent;
574
575	pevent = kmem_cache_alloc(fanotify_mnt_event_cachep, gfp);
576	if (!pevent)
577	return NULL;
578
579	pevent->fae.type = FANOTIFY_EVENT_TYPE_MNT;
580	pevent->mnt_id = mnt_id;
581
582	return &pevent->fae;
583	}
584
585	static struct fanotify_event fanotify_alloc_perm_event(const* void *data,
586	int data_type,
587	gfp_t gfp)
588	{
589	const struct path *path = fsnotify_data_path(data, data_type);
590	const struct file_range *range =
591	fsnotify_data_file_range(data, data_type);
592	struct fanotify_perm_event *pevent;
593
594	pevent = kmem_cache_alloc(fanotify_perm_event_cachep, gfp);
595	if (!pevent)
596	return NULL;
597
598	pevent->fae.type = FANOTIFY_EVENT_TYPE_PATH_PERM;
599	pevent->response = `0`;
600	pevent->hdr.type = FAN_RESPONSE_INFO_NONE;
601	pevent->hdr.pad = `0`;
602	pevent->hdr.len = `0`;
603	pevent->state = FAN_EVENT_INIT;
604	pevent->path = *path;
605	/ NULL ppos means no range info /
606	pevent->ppos = range ? &range->pos : NULL;
607	pevent->count = range ? range->count : `0`;
608	path_get(path);
609
610	return &pevent->fae;
611	}
612
613	static struct fanotify_event fanotify_alloc_fid_event(struct* inode *id,
614	__kernel_fsid_t *fsid,
615	unsigned int *hash,
616	gfp_t gfp)
617	{
618	struct fanotify_fid_event *ffe;
619
620	ffe = kmem_cache_alloc(fanotify_fid_event_cachep, gfp);
621	if (!ffe)
622	return NULL;
623
624	ffe->fae.type = FANOTIFY_EVENT_TYPE_FID;
625	ffe->fsid = *fsid;
626	*hash ^= fanotify_hash_fsid(fsid);
627	fanotify_encode_fh(fh: &ffe->object_fh, inode: id, fh_len: fanotify_encode_fh_len(inode: id),
628	hash, gfp);
629
630	return &ffe->fae;
631	}
632
633	static struct fanotify_event fanotify_alloc_name_event(struct* inode *dir,
634	__kernel_fsid_t *fsid,
635	const struct qstr *name,
636	struct inode *child,
637	struct dentry *moved,
638	unsigned int *hash,
639	gfp_t gfp)
640	{
641	struct fanotify_name_event *fne;
642	struct fanotify_info *info;
643	struct fanotify_fh dfh, ffh;
644	struct inode *dir2 = moved ? d_inode(dentry: moved->d_parent) : NULL;
645	const struct qstr *name2 = moved ? &moved->d_name : NULL;
646	unsigned int dir_fh_len = fanotify_encode_fh_len(inode: dir);
647	unsigned int dir2_fh_len = fanotify_encode_fh_len(inode: dir2);
648	unsigned int child_fh_len = fanotify_encode_fh_len(inode: child);
649	unsigned long name_len = name ? name->len : `0`;
650	unsigned long name2_len = name2 ? name2->len : `0`;
651	unsigned int len, size;
652
653	/ Reserve terminating null byte even for empty name /
654	size = sizeof(*fne) + name_len + name2_len + `2`;
655	if (dir_fh_len)
656	size += FANOTIFY_FH_HDR_LEN + dir_fh_len;
657	if (dir2_fh_len)
658	size += FANOTIFY_FH_HDR_LEN + dir2_fh_len;
659	if (child_fh_len)
660	size += FANOTIFY_FH_HDR_LEN + child_fh_len;
661	fne = kmalloc(size, gfp);
662	if (!fne)
663	return NULL;
664
665	fne->fae.type = FANOTIFY_EVENT_TYPE_FID_NAME;
666	fne->fsid = *fsid;
667	*hash ^= fanotify_hash_fsid(fsid);
668	info = &fne->info;
669	fanotify_info_init(info);
670	if (dir_fh_len) {
671	dfh = fanotify_info_dir_fh(info);
672	len = fanotify_encode_fh(fh: dfh, inode: dir, fh_len: dir_fh_len, hash, gfp: `0`);
673	fanotify_info_set_dir_fh(info, totlen: len);
674	}
675	if (dir2_fh_len) {
676	dfh = fanotify_info_dir2_fh(info);
677	len = fanotify_encode_fh(fh: dfh, inode: dir2, fh_len: dir2_fh_len, hash, gfp: `0`);
678	fanotify_info_set_dir2_fh(info, totlen: len);
679	}
680	if (child_fh_len) {
681	ffh = fanotify_info_file_fh(info);
682	len = fanotify_encode_fh(fh: ffh, inode: child, fh_len: child_fh_len, hash, gfp: `0`);
683	fanotify_info_set_file_fh(info, totlen: len);
684	}
685	if (name_len) {
686	fanotify_info_copy_name(info, name);
687	hash ^= full_name_hash(salt: (void* *)name_len, name->name, name_len);
688	}
689	if (name2_len) {
690	fanotify_info_copy_name2(info, name: name2);
691	hash ^= full_name_hash(salt: (void* *)name2_len, name2->name,
692	name2_len);
693	}
694
695	pr_debug("%s: size=%u dir_fh_len=%u child_fh_len=%u name_len=%u name='%.*s'\n",
696	__func__, size, dir_fh_len, child_fh_len,
697	info->name_len, info->name_len, fanotify_info_name(info));
698
699	if (dir2_fh_len) {
700	pr_debug("%s: dir2_fh_len=%u name2_len=%u name2='%.*s'\n",
701	__func__, dir2_fh_len, info->name2_len,
702	info->name2_len, fanotify_info_name2(info));
703	}
704
705	return &fne->fae;
706	}
707
708	static struct fanotify_event *fanotify_alloc_error_event(
709	struct fsnotify_group *group,
710	__kernel_fsid_t *fsid,
711	const void data, int* data_type,
712	unsigned int *hash)
713	{
714	struct fs_error_report *report =
715	fsnotify_data_error_report(data, data_type);
716	struct inode *inode;
717	struct fanotify_error_event *fee;
718	int fh_len;
719
720	if (WARN_ON_ONCE(!report))
721	return NULL;
722
723	fee = mempool_alloc(&group->fanotify_data.error_events_pool, GFP_NOFS);
724	if (!fee)
725	return NULL;
726
727	fee->fae.type = FANOTIFY_EVENT_TYPE_FS_ERROR;
728	fee->error = report->error;
729	fee->err_count = `1`;
730	fee->fsid = *fsid;
731
732	inode = report->inode;
733	fh_len = fanotify_encode_fh_len(inode);
734
735	/ Bad fh_len. Fallback to using an invalid fh. Should never happen. /
736	if (!fh_len && inode)
737	inode = NULL;
738
739	fanotify_encode_fh(fh: &fee->object_fh, inode, fh_len, NULL, gfp: `0`);
740
741	*hash ^= fanotify_hash_fsid(fsid);
742
743	return &fee->fae;
744	}
745
746	static struct fanotify_event *fanotify_alloc_event(
747	struct fsnotify_group *group,
748	u32 mask, const void data, int* data_type,
749	struct inode dir, const* struct qstr *file_name,
750	__kernel_fsid_t *fsid, u32 match_mask)
751	{
752	struct fanotify_event *event = NULL;
753	gfp_t gfp = GFP_KERNEL_ACCOUNT;
754	unsigned int fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);
755	struct inode *id = fanotify_fid_inode(event_mask: mask, data, data_type, dir,
756	fid_mode);
757	struct inode *dirid = fanotify_dfid_inode(event_mask: mask, data, data_type, dir);
758	const struct path *path = fsnotify_data_path(data, data_type);
759	u64 mnt_id = fsnotify_data_mnt_id(data, data_type);
760	struct mem_cgroup *old_memcg;
761	struct dentry *moved = NULL;
762	struct inode *child = NULL;
763	bool name_event = false;
764	unsigned int hash = `0`;
765	bool ondir = mask & FAN_ONDIR;
766	struct pid *pid;
767
768	if ((fid_mode & FAN_REPORT_DIR_FID) && dirid) {
769	/*
770	* For certain events and group flags, report the child fid
771	* in addition to reporting the parent fid and maybe child name.
772	*/
773	if (fanotify_report_child_fid(fid_mode, mask) && id != dirid)
774	child = id;
775
776	id = dirid;
777
778	/*
779	* We record file name only in a group with FAN_REPORT_NAME
780	* and when we have a directory inode to report.
781	*
782	* For directory entry modification event, we record the fid of
783	* the directory and the name of the modified entry.
784	*
785	* For event on non-directory that is reported to parent, we
786	* record the fid of the parent and the name of the child.
787	*
788	* Even if not reporting name, we need a variable length
789	* fanotify_name_event if reporting both parent and child fids.
790	*/
791	if (!(fid_mode & FAN_REPORT_NAME)) {
792	name_event = !!child;
793	file_name = NULL;
794	} else if ((mask & ALL_FSNOTIFY_DIRENT_EVENTS) \|\| !ondir) {
795	name_event = true;
796	}
797
798	/*
799	* In the special case of FAN_RENAME event, use the match_mask
800	* to determine if we need to report only the old parent+name,
801	* only the new parent+name or both.
802	* 'dirid' and 'file_name' are the old parent+name and
803	* 'moved' has the new parent+name.
804	*/
805	if (mask & FAN_RENAME) {
806	bool report_old, report_new;
807
808	if (WARN_ON_ONCE(!match_mask))
809	return NULL;
810
811	/ Report both old and new parent+name if sb watching /
812	report_old = report_new =
813	match_mask & (`1U` << FSNOTIFY_ITER_TYPE_SB);
814	report_old \|=
815	match_mask & (`1U` << FSNOTIFY_ITER_TYPE_INODE);
816	report_new \|=
817	match_mask & (`1U` << FSNOTIFY_ITER_TYPE_INODE2);
818
819	if (!report_old) {
820	/ Do not report old parent+name /
821	dirid = NULL;
822	file_name = NULL;
823	}
824	if (report_new) {
825	/ Report new parent+name /
826	moved = fsnotify_data_dentry(data, data_type);
827	}
828	}
829	}
830
831	/*
832	* For queues with unlimited length lost events are not expected and
833	* can possibly have security implications. Avoid losing events when
834	* memory is short. For the limited size queues, avoid OOM killer in the
835	* target monitoring memcg as it may have security repercussion.
836	*/
837	if (group->max_events == UINT_MAX)
838	gfp \|= __GFP_NOFAIL;
839	else
840	gfp \|= __GFP_RETRY_MAYFAIL;
841
842	/ Whoever is interested in the event, pays for the allocation. /
843	old_memcg = set_active_memcg(group->memcg);
844
845	if (fanotify_is_perm_event(mask)) {
846	event = fanotify_alloc_perm_event(data, data_type, gfp);
847	} else if (fanotify_is_error_event(mask)) {
848	event = fanotify_alloc_error_event(group, fsid, data,
849	data_type, hash: &hash);
850	} else if (name_event && (file_name \|\| moved \|\| child)) {
851	event = fanotify_alloc_name_event(dir: dirid, fsid, name: file_name, child,
852	moved, hash: &hash, gfp);
853	} else if (fid_mode) {
854	event = fanotify_alloc_fid_event(id, fsid, hash: &hash, gfp);
855	} else if (path) {
856	event = fanotify_alloc_path_event(path, hash: &hash, gfp);
857	} else if (mnt_id) {
858	event = fanotify_alloc_mnt_event(mnt_id, gfp);
859	} else {
860	WARN_ON_ONCE(`1`);
861	}
862
863	if (!event)
864	goto out;
865
866	if (FAN_GROUP_FLAG(group, FAN_REPORT_TID))
867	pid = get_pid(pid: task_pid(current));
868	else
869	pid = get_pid(pid: task_tgid(current));
870
871	/ Mix event info, FAN_ONDIR flag and pid into event merge key /
872	hash ^= hash_long((unsigned long)pid \| ondir, FANOTIFY_EVENT_HASH_BITS);
873	fanotify_init_event(event, hash, mask);
874	event->pid = pid;
875
876	out:
877	set_active_memcg(old_memcg);
878	return event;
879	}
880
881	/*
882	* Get cached fsid of the filesystem containing the object from any mark.
883	* All marks are supposed to have the same fsid, but we do not verify that here.
884	*/
885	static __kernel_fsid_t fanotify_get_fsid(struct fsnotify_iter_info *iter_info)
886	{
887	struct fsnotify_mark *mark;
888	int type;
889	__kernel_fsid_t fsid = {};
890
891	fsnotify_foreach_iter_mark_type(iter_info, mark, type) {
892	if (!(mark->flags & FSNOTIFY_MARK_FLAG_HAS_FSID))
893	continue;
894	fsid = FANOTIFY_MARK(mark)->fsid;
895	if (!(mark->flags & FSNOTIFY_MARK_FLAG_WEAK_FSID) &&
896	WARN_ON_ONCE(!fsid.val[`0`] && !fsid.val[`1`]))
897	continue;
898	return fsid;
899	}
900
901	return fsid;
902	}
903
904	/*
905	* Add an event to hash table for faster merge.
906	*/
907	static void fanotify_insert_event(struct fsnotify_group *group,
908	struct fsnotify_event *fsn_event)
909	{
910	struct fanotify_event *event = FANOTIFY_E(fse: fsn_event);
911	unsigned int bucket = fanotify_event_hash_bucket(group, event);
912	struct hlist_head *hlist = &group->fanotify_data.merge_hash[bucket];
913
914	assert_spin_locked(&group->notification_lock);
915
916	if (!fanotify_is_hashed_event(mask: event->mask))
917	return;
918
919	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,
920	group, event, bucket);
921
922	hlist_add_head(n: &event->merge_list, h: hlist);
923	}
924
925	static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
926	const void data, int* data_type,
927	struct inode *dir,
928	const struct qstr *file_name, u32 cookie,
929	struct fsnotify_iter_info *iter_info)
930	{
931	int ret = `0`;
932	struct fanotify_event *event;
933	struct fsnotify_event *fsn_event;
934	__kernel_fsid_t fsid = {};
935	u32 match_mask = `0`;
936
937	BUILD_BUG_ON(FAN_ACCESS != FS_ACCESS);
938	BUILD_BUG_ON(FAN_MODIFY != FS_MODIFY);
939	BUILD_BUG_ON(FAN_ATTRIB != FS_ATTRIB);
940	BUILD_BUG_ON(FAN_CLOSE_NOWRITE != FS_CLOSE_NOWRITE);
941	BUILD_BUG_ON(FAN_CLOSE_WRITE != FS_CLOSE_WRITE);
942	BUILD_BUG_ON(FAN_OPEN != FS_OPEN);
943	BUILD_BUG_ON(FAN_MOVED_TO != FS_MOVED_TO);
944	BUILD_BUG_ON(FAN_MOVED_FROM != FS_MOVED_FROM);
945	BUILD_BUG_ON(FAN_CREATE != FS_CREATE);
946	BUILD_BUG_ON(FAN_DELETE != FS_DELETE);
947	BUILD_BUG_ON(FAN_DELETE_SELF != FS_DELETE_SELF);
948	BUILD_BUG_ON(FAN_MOVE_SELF != FS_MOVE_SELF);
949	BUILD_BUG_ON(FAN_EVENT_ON_CHILD != FS_EVENT_ON_CHILD);
950	BUILD_BUG_ON(FAN_Q_OVERFLOW != FS_Q_OVERFLOW);
951	BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM);
952	BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM);
953	BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR);
954	BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC);
955	BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM);
956	BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR);
957	BUILD_BUG_ON(FAN_RENAME != FS_RENAME);
958	BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS);
959
960	BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != `24`);
961
962	mask = fanotify_group_event_mask(group, iter_info, match_mask: &match_mask,
963	event_mask: mask, data, data_type, dir);
964	if (!mask)
965	return `0`;
966
967	pr_debug("%s: group=%p mask=%x report_mask=%x\n", __func__,
968	group, mask, match_mask);
969
970	if (fanotify_is_perm_event(mask)) {
971	/*
972	* fsnotify_prepare_user_wait() fails if we race with mark
973	* deletion. Just let the operation pass in that case.
974	*/
975	if (!fsnotify_prepare_user_wait(iter_info))
976	return `0`;
977	}
978
979	if (FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS))
980	fsid = fanotify_get_fsid(iter_info);
981
982	event = fanotify_alloc_event(group, mask, data, data_type, dir,
983	file_name, fsid: &fsid, match_mask);
984	ret = -ENOMEM;
985	if (unlikely(!event)) {
986	/*
987	* We don't queue overflow events for permission events as
988	* there the access is denied and so no event is in fact lost.
989	*/
990	if (!fanotify_is_perm_event(mask))
991	fsnotify_queue_overflow(group);
992	goto finish;
993	}
994
995	fsn_event = &event->fse;
996	ret = fsnotify_insert_event(group, event: fsn_event, merge: fanotify_merge,
997	insert: fanotify_insert_event);
998	if (ret) {
999	/ Permission events shouldn't be merged /
1000	BUG_ON(ret == `1` && mask & FANOTIFY_PERM_EVENTS);
1001	/ Our event wasn't used in the end. Free it. /
1002	fsnotify_destroy_event(group, event: fsn_event);
1003
1004	ret = `0`;
1005	} else if (fanotify_is_perm_event(mask)) {
1006	ret = fanotify_get_response(group, event: FANOTIFY_PERM(event),
1007	iter_info);
1008	}
1009	finish:
1010	if (fanotify_is_perm_event(mask))
1011	fsnotify_finish_user_wait(iter_info);
1012
1013	return ret;
1014	}
1015
1016	static void fanotify_free_group_priv(struct fsnotify_group *group)
1017	{
1018	put_user_ns(ns: group->user_ns);
1019	kfree(objp: group->fanotify_data.merge_hash);
1020	if (group->fanotify_data.ucounts)
1021	dec_ucount(ucounts: group->fanotify_data.ucounts,
1022	type: UCOUNT_FANOTIFY_GROUPS);
1023
1024	if (mempool_initialized(pool: &group->fanotify_data.error_events_pool))
1025	mempool_exit(pool: &group->fanotify_data.error_events_pool);
1026	}
1027
1028	static void fanotify_free_path_event(struct fanotify_event *event)
1029	{
1030	path_put(fanotify_event_path(event));
1031	kmem_cache_free(s: fanotify_path_event_cachep, objp: FANOTIFY_PE(event));
1032	}
1033
1034	static void fanotify_free_perm_event(struct fanotify_event *event)
1035	{
1036	path_put(fanotify_event_path(event));
1037	kmem_cache_free(s: fanotify_perm_event_cachep, objp: FANOTIFY_PERM(event));
1038	}
1039
1040	static void fanotify_free_fid_event(struct fanotify_event *event)
1041	{
1042	struct fanotify_fid_event *ffe = FANOTIFY_FE(event);
1043
1044	if (fanotify_fh_has_ext_buf(fh: &ffe->object_fh))
1045	kfree(objp: fanotify_fh_ext_buf(fh: &ffe->object_fh));
1046	kmem_cache_free(s: fanotify_fid_event_cachep, objp: ffe);
1047	}
1048
1049	static void fanotify_free_name_event(struct fanotify_event *event)
1050	{
1051	kfree(objp: FANOTIFY_NE(event));
1052	}
1053
1054	static void fanotify_free_error_event(struct fsnotify_group *group,
1055	struct fanotify_event *event)
1056	{
1057	struct fanotify_error_event *fee = FANOTIFY_EE(event);
1058
1059	mempool_free(element: fee, pool: &group->fanotify_data.error_events_pool);
1060	}
1061
1062	static void fanotify_free_mnt_event(struct fanotify_event *event)
1063	{
1064	kmem_cache_free(s: fanotify_mnt_event_cachep, objp: FANOTIFY_ME(event));
1065	}
1066
1067	static void fanotify_free_event(struct fsnotify_group *group,
1068	struct fsnotify_event *fsn_event)
1069	{
1070	struct fanotify_event *event;
1071
1072	event = FANOTIFY_E(fse: fsn_event);
1073	put_pid(pid: event->pid);
1074	switch (event->type) {
1075	case FANOTIFY_EVENT_TYPE_PATH:
1076	fanotify_free_path_event(event);
1077	break;
1078	case FANOTIFY_EVENT_TYPE_PATH_PERM:
1079	fanotify_free_perm_event(event);
1080	break;
1081	case FANOTIFY_EVENT_TYPE_FID:
1082	fanotify_free_fid_event(event);
1083	break;
1084	case FANOTIFY_EVENT_TYPE_FID_NAME:
1085	fanotify_free_name_event(event);
1086	break;
1087	case FANOTIFY_EVENT_TYPE_OVERFLOW:
1088	kfree(objp: event);
1089	break;
1090	case FANOTIFY_EVENT_TYPE_FS_ERROR:
1091	fanotify_free_error_event(group, event);
1092	break;
1093	case FANOTIFY_EVENT_TYPE_MNT:
1094	fanotify_free_mnt_event(event);
1095	break;
1096	default:
1097	WARN_ON_ONCE(`1`);
1098	}
1099	}
1100
1101	static void fanotify_freeing_mark(struct fsnotify_mark *mark,
1102	struct fsnotify_group *group)
1103	{
1104	if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS))
1105	dec_ucount(ucounts: group->fanotify_data.ucounts, type: UCOUNT_FANOTIFY_MARKS);
1106	}
1107
1108	static void fanotify_free_mark(struct fsnotify_mark *fsn_mark)
1109	{
1110	kmem_cache_free(s: fanotify_mark_cache, objp: FANOTIFY_MARK(mark: fsn_mark));
1111	}
1112
1113	const struct fsnotify_ops fanotify_fsnotify_ops = {
1114	.handle_event = fanotify_handle_event,
1115	.free_group_priv = fanotify_free_group_priv,
1116	.free_event = fanotify_free_event,
1117	.freeing_mark = fanotify_freeing_mark,
1118	.free_mark = fanotify_free_mark,
1119	};
1120

source code of linux/fs/notify/fanotify/fanotify.c