From c43a25abba97c7d87131e71db6be24b24d7791a5 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:21 -0400 Subject: audit: reverse arguments to audit_inode_child Most of the callers get called with an inode and dentry in the reverse order. The compiler then has to reshuffle the arg registers and/or stack in order to pass them on to audit_inode_child. Reverse those arguments for a micro-optimization. Reported-by: Eric Paris Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- include/linux/audit.h | 18 +++++++++--------- include/linux/fsnotify.h | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 2c83e5f7edb1..8c66fc248c75 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -464,8 +464,8 @@ extern void __audit_syscall_exit(int ret_success, long ret_value); extern void __audit_getname(const char *name); extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry); -extern void __audit_inode_child(const struct dentry *dentry, - const struct inode *parent); +extern void __audit_inode_child(const struct inode *parent, + const struct dentry *dentry); extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); @@ -504,10 +504,10 @@ static inline void audit_inode(const char *name, const struct dentry *dentry) { if (unlikely(!audit_dummy_context())) __audit_inode(name, dentry); } -static inline void audit_inode_child(const struct dentry *dentry, - const struct inode *parent) { +static inline void audit_inode_child(const struct inode *parent, + const struct dentry *dentry) { if (unlikely(!audit_dummy_context())) - __audit_inode_child(dentry, parent); + __audit_inode_child(parent, dentry); } void audit_core_dumps(long signr); @@ -657,13 +657,13 @@ static inline void audit_putname(const char *name) { } static inline void __audit_inode(const char *name, const struct dentry *dentry) { } -static inline void __audit_inode_child(const struct dentry *dentry, - const struct inode *parent) +static inline void __audit_inode_child(const struct inode *parent, + const struct dentry *dentry) { } static inline void audit_inode(const char *name, const struct dentry *dentry) { } -static inline void audit_inode_child(const struct dentry *dentry, - const struct inode *parent) +static inline void audit_inode_child(const struct inode *parent, + const struct dentry *dentry) { } static inline void audit_core_dumps(long signr) { } diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index a6dfe6944564..9c284714977d 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -109,7 +109,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, if (source) fsnotify(source, FS_MOVE_SELF, moved->d_inode, FSNOTIFY_EVENT_INODE, NULL, 0); - audit_inode_child(moved, new_dir); + audit_inode_child(new_dir, moved); } /* @@ -155,7 +155,7 @@ static inline void fsnotify_inoderemove(struct inode *inode) */ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) { - audit_inode_child(dentry, inode); + audit_inode_child(inode, dentry); fsnotify(inode, FS_CREATE, dentry->d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } @@ -168,7 +168,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) static inline void fsnotify_link(struct inode *dir, struct inode *inode, struct dentry *new_dentry) { fsnotify_link_count(inode); - audit_inode_child(new_dentry, dir); + audit_inode_child(dir, new_dentry); fsnotify(dir, FS_CREATE, inode, FSNOTIFY_EVENT_INODE, new_dentry->d_name.name, 0); } @@ -181,7 +181,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) __u32 mask = (FS_CREATE | FS_ISDIR); struct inode *d_inode = dentry->d_inode; - audit_inode_child(dentry, inode); + audit_inode_child(inode, dentry); fsnotify(inode, mask, d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } -- cgit v1.2.3-59-g8ed1b From 78e2e802a8519031e5858595070b39713e26340d Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:22 -0400 Subject: audit: add a new "type" field to audit_names struct For now, we just have two possibilities: UNKNOWN: for a new audit_names record that we don't know anything about yet NORMAL: for everything else In later patches, we'll add other types so we can distinguish and update records created under different circumstances. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- include/linux/audit.h | 5 +++++ kernel/auditsc.c | 15 ++++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 8c66fc248c75..26408934ef2d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -452,6 +452,11 @@ struct audit_field { extern int __init audit_register_class(int class, unsigned *list); extern int audit_classify_syscall(int abi, unsigned syscall); extern int audit_classify_arch(int arch); + +/* audit_names->type values */ +#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ +#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ + #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ /* Public API */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 40743af02d8f..19b232f86d70 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -120,6 +120,7 @@ struct audit_names { struct audit_cap_data fcap; unsigned int fcap_ver; int name_len; /* number of name's characters to log */ + unsigned char type; /* record type */ bool name_put; /* call __putname() for this name */ /* * This was an allocated audit_names and not from the array of @@ -1995,7 +1996,8 @@ retry: #endif } -static struct audit_names *audit_alloc_name(struct audit_context *context) +static struct audit_names *audit_alloc_name(struct audit_context *context, + unsigned char type) { struct audit_names *aname; @@ -2010,6 +2012,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context) } aname->ino = (unsigned long)-1; + aname->type = type; list_add_tail(&aname->list, &context->names_list); context->name_count++; @@ -2040,7 +2043,7 @@ void __audit_getname(const char *name) return; } - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); if (!n) return; @@ -2157,12 +2160,13 @@ void __audit_inode(const char *name, const struct dentry *dentry) out_alloc: /* unable to find the name from a previous getname() */ - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; out: handle_path(dentry); audit_copy_inode(n, dentry, inode); + n->type = AUDIT_TYPE_NORMAL; } /** @@ -2219,6 +2223,7 @@ void __audit_inode_child(const struct inode *parent, audit_copy_inode(n, dentry, inode); else n->ino = (unsigned long)-1; + n->type = AUDIT_TYPE_NORMAL; found_child = n->name; goto add_names; } @@ -2226,14 +2231,14 @@ void __audit_inode_child(const struct inode *parent, add_names: if (!found_parent) { - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; audit_copy_inode(n, NULL, parent); } if (!found_child) { - n = audit_alloc_name(context); + n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; -- cgit v1.2.3-59-g8ed1b From bfcec7087458812f575d9022b2d151641f34ee84 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:23 -0400 Subject: audit: set the name_len in audit_inode for parent lookups Currently, this gets set mostly by happenstance when we call into audit_inode_child. While that might be a little more efficient, it seems wrong. If the syscall ends up failing before audit_inode_child ever gets called, then you'll have an audit_names record that shows the full path but has the parent inode info attached. Fix this by passing in a parent flag when we call audit_inode that gets set to the value of LOOKUP_PARENT. We can then fix up the pathname for the audit entry correctly from the get-go. While we're at it, clean up the no-op macro for audit_inode in the !CONFIG_AUDITSYSCALL case. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/namei.c | 14 +++++++------- fs/open.c | 4 ++-- fs/xattr.c | 8 ++++---- include/linux/audit.h | 15 ++++++++++----- ipc/mqueue.c | 8 ++++---- kernel/audit.h | 1 + kernel/auditfilter.c | 30 ++++++++++++++++++++++++++++++ kernel/auditsc.c | 41 +++++++++++++++++++++++++++++------------ 8 files changed, 87 insertions(+), 34 deletions(-) (limited to 'include') diff --git a/fs/namei.c b/fs/namei.c index a7ad35c66807..6a92d988573f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1973,7 +1973,7 @@ static int do_path_lookup(int dfd, const char *name, retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) - audit_inode(name, nd->path.dentry); + audit_inode(name, nd->path.dentry, flags & LOOKUP_PARENT); return retval; } @@ -2648,7 +2648,7 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; - audit_inode(pathname, nd->path.dentry); + audit_inode(pathname, nd->path.dentry, 0); if (open_flag & O_CREAT) { error = -EISDIR; goto out; @@ -2658,7 +2658,7 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; - audit_inode(pathname, dir); + audit_inode(pathname, dir, 0); goto finish_open; } @@ -2687,7 +2687,7 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; - audit_inode(pathname, dir); + audit_inode(pathname, dir, 0); error = -EISDIR; /* trailing slashes? */ if (nd->last.name[nd->last.len]) @@ -2717,7 +2717,7 @@ retry_lookup: !S_ISREG(file->f_path.dentry->d_inode->i_mode)) will_truncate = false; - audit_inode(pathname, file->f_path.dentry); + audit_inode(pathname, file->f_path.dentry, 0); goto opened; } @@ -2734,7 +2734,7 @@ retry_lookup: * create/update audit record if it already exists. */ if (path->dentry->d_inode) - audit_inode(pathname, path->dentry); + audit_inode(pathname, path->dentry, 0); /* * If atomic_open() acquired write access it is dropped now due to @@ -2799,7 +2799,7 @@ finish_lookup: error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !nd->inode->i_op->lookup) goto out; - audit_inode(pathname, nd->path.dentry); + audit_inode(pathname, nd->path.dentry, 0); finish_open: if (!S_ISREG(nd->inode->i_mode)) will_truncate = false; diff --git a/fs/open.c b/fs/open.c index 44da0feeca2c..a015437e1535 100644 --- a/fs/open.c +++ b/fs/open.c @@ -478,7 +478,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) file = fget(fd); if (file) { - audit_inode(NULL, file->f_path.dentry); + audit_inode(NULL, file->f_path.dentry, 0); err = chmod_common(&file->f_path, mode); fput(file); } @@ -588,7 +588,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) error = mnt_want_write_file(f.file); if (error) goto out_fput; - audit_inode(NULL, f.file->f_path.dentry); + audit_inode(NULL, f.file->f_path.dentry, 0); error = chown_common(&f.file->f_path, user, group); mnt_drop_write_file(f.file); out_fput: diff --git a/fs/xattr.c b/fs/xattr.c index 1780f062dbaf..e164dddb8e96 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -412,7 +412,7 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, if (!f.file) return error; dentry = f.file->f_path.dentry; - audit_inode(NULL, dentry); + audit_inode(NULL, dentry, 0); error = mnt_want_write_file(f.file); if (!error) { error = setxattr(dentry, name, value, size, flags); @@ -507,7 +507,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, if (!f.file) return error; - audit_inode(NULL, f.file->f_path.dentry); + audit_inode(NULL, f.file->f_path.dentry, 0); error = getxattr(f.file->f_path.dentry, name, value, size); fdput(f); return error; @@ -586,7 +586,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) if (!f.file) return error; - audit_inode(NULL, f.file->f_path.dentry); + audit_inode(NULL, f.file->f_path.dentry, 0); error = listxattr(f.file->f_path.dentry, list, size); fdput(f); return error; @@ -655,7 +655,7 @@ SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) if (!f.file) return error; dentry = f.file->f_path.dentry; - audit_inode(NULL, dentry); + audit_inode(NULL, dentry, 0); error = mnt_want_write_file(f.file); if (!error) { error = removexattr(dentry, name); diff --git a/include/linux/audit.h b/include/linux/audit.h index 26408934ef2d..b11f517dce04 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -456,6 +456,7 @@ extern int audit_classify_arch(int arch); /* audit_names->type values */ #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ +#define AUDIT_TYPE_PARENT 2 /* a parent audit record */ #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ @@ -468,7 +469,8 @@ extern void __audit_syscall_entry(int arch, extern void __audit_syscall_exit(int ret_success, long ret_value); extern void __audit_getname(const char *name); extern void audit_putname(const char *name); -extern void __audit_inode(const char *name, const struct dentry *dentry); +extern void __audit_inode(const char *name, const struct dentry *dentry, + unsigned int parent); extern void __audit_inode_child(const struct inode *parent, const struct dentry *dentry); extern void __audit_seccomp(unsigned long syscall, long signr, int code); @@ -505,9 +507,10 @@ static inline void audit_getname(const char *name) if (unlikely(!audit_dummy_context())) __audit_getname(name); } -static inline void audit_inode(const char *name, const struct dentry *dentry) { +static inline void audit_inode(const char *name, const struct dentry *dentry, + unsigned int parent) { if (unlikely(!audit_dummy_context())) - __audit_inode(name, dentry); + __audit_inode(name, dentry, parent); } static inline void audit_inode_child(const struct inode *parent, const struct dentry *dentry) { @@ -660,12 +663,14 @@ static inline void audit_getname(const char *name) { } static inline void audit_putname(const char *name) { } -static inline void __audit_inode(const char *name, const struct dentry *dentry) +static inline void __audit_inode(const char *name, const struct dentry *dentry, + unsigned int parent) { } static inline void __audit_inode_child(const struct inode *parent, const struct dentry *dentry) { } -static inline void audit_inode(const char *name, const struct dentry *dentry) +static inline void audit_inode(const char *name, const struct dentry *dentry, + unsigned int parent) { } static inline void audit_inode_child(const struct inode *parent, const struct dentry *dentry) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 6b97e2466fad..9553ed006042 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -804,7 +804,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, if (oflag & O_CREAT) { if (path.dentry->d_inode) { /* entry already exists */ - audit_inode(name, path.dentry); + audit_inode(name, path.dentry, 0); if (oflag & O_EXCL) { error = -EEXIST; goto out; @@ -824,7 +824,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, error = -ENOENT; goto out; } - audit_inode(name, path.dentry); + audit_inode(name, path.dentry, 0); filp = do_open(&path, oflag); } @@ -978,7 +978,7 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, goto out_fput; } info = MQUEUE_I(inode); - audit_inode(NULL, f.file->f_path.dentry); + audit_inode(NULL, f.file->f_path.dentry, 0); if (unlikely(!(f.file->f_mode & FMODE_WRITE))) { ret = -EBADF; @@ -1094,7 +1094,7 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, goto out_fput; } info = MQUEUE_I(inode); - audit_inode(NULL, f.file->f_path.dentry); + audit_inode(NULL, f.file->f_path.dentry, 0); if (unlikely(!(f.file->f_mode & FMODE_READ))) { ret = -EBADF; diff --git a/kernel/audit.h b/kernel/audit.h index 9eb3d79482b6..163b9a5d9441 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -78,6 +78,7 @@ extern int audit_match_class(int class, unsigned syscall); extern int audit_comparator(const u32 left, const u32 op, const u32 right); extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right); extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right); +extern int parent_len(const char *path); extern int audit_compare_dname_path(const char *dname, const char *path, int *dirlen); extern struct sk_buff * audit_make_reply(int pid, int seq, int type, diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index c4bcdbaf4d4d..71bb13598df3 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1298,6 +1298,36 @@ int audit_gid_comparator(kgid_t left, u32 op, kgid_t right) } } +/** + * parent_len - find the length of the parent portion of a pathname + * @path: pathname of which to determine length + */ +int parent_len(const char *path) +{ + int plen; + const char *p; + + plen = strlen(path); + + if (plen == 0) + return plen; + + /* disregard trailing slashes */ + p = path + plen - 1; + while ((*p == '/') && (p > path)) + p--; + + /* walk backward until we find the next slash or hit beginning */ + while ((*p != '/') && (p > path)) + p--; + + /* did we find a slash? Then increment to include it in path */ + if (*p == '/') + p++; + + return p - path; +} + /* Compare given dentry name with last component in given path, * return of 0 indicates a match. */ int audit_compare_dname_path(const char *dname, const char *path, diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 19b232f86d70..b87b28947acc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2135,13 +2135,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dent } /** - * audit_inode - store the inode and device from a lookup + * __audit_inode - store the inode and device from a lookup * @name: name being audited * @dentry: dentry being audited - * - * Called from fs/namei.c:path_lookup(). + * @parent: does this dentry represent the parent? */ -void __audit_inode(const char *name, const struct dentry *dentry) +void __audit_inode(const char *name, const struct dentry *dentry, + unsigned int parent) { struct audit_context *context = current->audit_context; const struct inode *inode = dentry->d_inode; @@ -2154,19 +2154,38 @@ void __audit_inode(const char *name, const struct dentry *dentry) goto out_alloc; list_for_each_entry_reverse(n, &context->names_list, list) { - if (n->name == name) - goto out; + /* does the name pointer match? */ + if (n->name != name) + continue; + + /* match the correct record type */ + if (parent) { + if (n->type == AUDIT_TYPE_PARENT || + n->type == AUDIT_TYPE_UNKNOWN) + goto out; + } else { + if (n->type != AUDIT_TYPE_PARENT) + goto out; + } } out_alloc: - /* unable to find the name from a previous getname() */ + /* unable to find the name from a previous getname(). Allocate a new + * anonymous entry. + */ n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); if (!n) return; out: + if (parent) { + n->name_len = n->name ? parent_len(n->name) : AUDIT_NAME_FULL; + n->type = AUDIT_TYPE_PARENT; + } else { + n->name_len = AUDIT_NAME_FULL; + n->type = AUDIT_TYPE_NORMAL; + } handle_path(dentry); audit_copy_inode(n, dentry, inode); - n->type = AUDIT_TYPE_NORMAL; } /** @@ -2190,7 +2209,6 @@ void __audit_inode_child(const struct inode *parent, const struct inode *inode = dentry->d_inode; const char *dname = dentry->d_name.name; struct audit_names *n; - int dirlen = 0; if (!context->in_syscall) return; @@ -2204,8 +2222,7 @@ void __audit_inode_child(const struct inode *parent, continue; if (n->ino == parent->i_ino && - !audit_compare_dname_path(dname, n->name, &dirlen)) { - n->name_len = dirlen; /* update parent data in place */ + !audit_compare_dname_path(dname, n->name, NULL)) { found_parent = n->name; goto add_names; } @@ -2218,7 +2235,7 @@ void __audit_inode_child(const struct inode *parent, /* strcmp() is the more likely scenario */ if (!strcmp(dname, n->name) || - !audit_compare_dname_path(dname, n->name, &dirlen)) { + !audit_compare_dname_path(dname, n->name, NULL)) { if (inode) audit_copy_inode(n, dentry, inode); else -- cgit v1.2.3-59-g8ed1b From 4fa6b5ecbf092c6ee752ece8a55d71f663d23254 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:25 -0400 Subject: audit: overhaul __audit_inode_child to accomodate retrying In order to accomodate retrying path-based syscalls, we need to add a new "type" argument to audit_inode_child. This will tell us whether we're looking for a child entry that represents a create or a delete. If we find a parent, don't automatically assume that we need to create a new entry. Instead, use the information we have to try to find an existing entry first. Update it if one is found and create a new one if not. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/btrfs/ioctl.c | 2 +- fs/namei.c | 2 +- include/linux/audit.h | 16 +++++++++----- include/linux/fsnotify.h | 8 +++---- kernel/auditsc.c | 57 +++++++++++++++++++++++++----------------------- 5 files changed, 47 insertions(+), 38 deletions(-) (limited to 'include') diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 49f4d59ac2c7..61168805f175 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -638,7 +638,7 @@ static int btrfs_may_delete(struct inode *dir,struct dentry *victim,int isdir) return -ENOENT; BUG_ON(victim->d_parent->d_inode != dir); - audit_inode_child(dir, victim); + audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE); error = inode_permission(dir, MAY_WRITE | MAY_EXEC); if (error) diff --git a/fs/namei.c b/fs/namei.c index 6a92d988573f..ca14d8432d3d 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2176,7 +2176,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) return -ENOENT; BUG_ON(victim->d_parent->d_inode != dir); - audit_inode_child(dir, victim); + audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE); error = inode_permission(dir, MAY_WRITE | MAY_EXEC); if (error) diff --git a/include/linux/audit.h b/include/linux/audit.h index b11f517dce04..3df643d1ac5b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -457,6 +457,8 @@ extern int audit_classify_arch(int arch); #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ +#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ +#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ @@ -472,7 +474,8 @@ extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent); extern void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry); + const struct dentry *dentry, + const unsigned char type); extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); @@ -513,9 +516,10 @@ static inline void audit_inode(const char *name, const struct dentry *dentry, __audit_inode(name, dentry, parent); } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) { + const struct dentry *dentry, + const unsigned char type) { if (unlikely(!audit_dummy_context())) - __audit_inode_child(parent, dentry); + __audit_inode_child(parent, dentry, type); } void audit_core_dumps(long signr); @@ -667,13 +671,15 @@ static inline void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_core_dumps(long signr) { } diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 9c284714977d..0fbfb4646d1b 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -109,7 +109,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, if (source) fsnotify(source, FS_MOVE_SELF, moved->d_inode, FSNOTIFY_EVENT_INODE, NULL, 0); - audit_inode_child(new_dir, moved); + audit_inode_child(new_dir, moved, AUDIT_TYPE_CHILD_CREATE); } /* @@ -155,7 +155,7 @@ static inline void fsnotify_inoderemove(struct inode *inode) */ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) { - audit_inode_child(inode, dentry); + audit_inode_child(inode, dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(inode, FS_CREATE, dentry->d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } @@ -168,7 +168,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) static inline void fsnotify_link(struct inode *dir, struct inode *inode, struct dentry *new_dentry) { fsnotify_link_count(inode); - audit_inode_child(dir, new_dentry); + audit_inode_child(dir, new_dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(dir, FS_CREATE, inode, FSNOTIFY_EVENT_INODE, new_dentry->d_name.name, 0); } @@ -181,7 +181,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) __u32 mask = (FS_CREATE | FS_ISDIR); struct inode *d_inode = dentry->d_inode; - audit_inode_child(inode, dentry); + audit_inode_child(inode, dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(inode, mask, d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0160a68b4d7f..d147585e9ef3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2189,6 +2189,7 @@ out: * __audit_inode_child - collect inode info for created/removed objects * @parent: inode of dentry parent * @dentry: dentry being audited + * @type: AUDIT_TYPE_* value that we're looking for * * For syscalls that create or remove filesystem objects, audit_inode * can only collect information for the filesystem object's parent. @@ -2199,13 +2200,13 @@ out: * unsuccessful attempts. */ void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { struct audit_context *context = current->audit_context; - const char *found_parent = NULL, *found_child = NULL; const struct inode *inode = dentry->d_inode; const char *dname = dentry->d_name.name; - struct audit_names *n; + struct audit_names *n, *found_parent = NULL, *found_child = NULL; if (!context->in_syscall) return; @@ -2213,63 +2214,65 @@ void __audit_inode_child(const struct inode *parent, if (inode) handle_one(inode); - /* parent is more likely, look for it first */ + /* look for a parent entry first */ list_for_each_entry(n, &context->names_list, list) { - if (!n->name) + if (!n->name || n->type != AUDIT_TYPE_PARENT) continue; if (n->ino == parent->i_ino && !audit_compare_dname_path(dname, n->name, n->name_len)) { - found_parent = n->name; - goto add_names; + found_parent = n; + break; } } - /* no matching parent, look for matching child */ + /* is there a matching child entry? */ list_for_each_entry(n, &context->names_list, list) { - if (!n->name) + /* can only match entries that have a name */ + if (!n->name || n->type != type) + continue; + + /* if we found a parent, make sure this one is a child of it */ + if (found_parent && (n->name != found_parent->name)) continue; - /* strcmp() is the more likely scenario */ if (!strcmp(dname, n->name) || !audit_compare_dname_path(dname, n->name, + found_parent ? + found_parent->name_len : AUDIT_NAME_FULL)) { - if (inode) - audit_copy_inode(n, dentry, inode); - else - n->ino = (unsigned long)-1; - n->type = AUDIT_TYPE_NORMAL; - found_child = n->name; - goto add_names; + found_child = n; + break; } } -add_names: if (!found_parent) { - n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); + /* create a new, "anonymous" parent record */ + n = audit_alloc_name(context, AUDIT_TYPE_PARENT); if (!n) return; audit_copy_inode(n, NULL, parent); } if (!found_child) { - n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); - if (!n) + found_child = audit_alloc_name(context, type); + if (!found_child) return; /* Re-use the name belonging to the slot for a matching parent * directory. All names for this context are relinquished in * audit_free_names() */ if (found_parent) { - n->name = found_parent; - n->name_len = AUDIT_NAME_FULL; + found_child->name = found_parent->name; + found_child->name_len = AUDIT_NAME_FULL; /* don't call __putname() */ - n->name_put = false; + found_child->name_put = false; } - - if (inode) - audit_copy_inode(n, dentry, inode); } + if (inode) + audit_copy_inode(found_child, dentry, inode); + else + found_child->ino = (unsigned long)-1; } EXPORT_SYMBOL_GPL(__audit_inode_child); -- cgit v1.2.3-59-g8ed1b From a608ca21f58ee44df5a71ba140e98498f3ebc2cd Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:26 -0400 Subject: vfs: allocate page instead of names_cache buffer in mount_block_root First, it's incorrect to call putname() after __getname_gfp() since the bare __getname_gfp() call skips the auditing code, while putname() doesn't. mount_block_root allocates a PATH_MAX buffer via __getname_gfp, and then calls get_fs_names to fill the buffer. That function can call get_filesystem_list which assumes that that buffer is a full page in size. On arches where PAGE_SIZE != 4k, then this could potentially overrun. In practice, it's hard to imagine the list of filesystem names even approaching 4k, but it's best to be safe. Just allocate a page for this purpose instead. With this, we can also remove the __getname_gfp() definition since there are no more callers. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- include/linux/fs.h | 3 +-- init/do_mounts.c | 7 ++++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/linux/fs.h b/include/linux/fs.h index 8ef2fc9f1f08..b44b4ca82164 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2228,8 +2228,7 @@ extern void __init vfs_caches_init(unsigned long); extern struct kmem_cache *names_cachep; -#define __getname_gfp(gfp) kmem_cache_alloc(names_cachep, (gfp)) -#define __getname() __getname_gfp(GFP_KERNEL) +#define __getname() kmem_cache_alloc(names_cachep, GFP_KERNEL) #define __putname(name) kmem_cache_free(names_cachep, (void *)(name)) #ifndef CONFIG_AUDITSYSCALL #define putname(name) __putname(name) diff --git a/init/do_mounts.c b/init/do_mounts.c index d3f0aeed2d39..f8a66424360d 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -353,8 +353,9 @@ static int __init do_mount_root(char *name, char *fs, int flags, void *data) void __init mount_block_root(char *name, int flags) { - char *fs_names = __getname_gfp(GFP_KERNEL - | __GFP_NOTRACK_FALSE_POSITIVE); + struct page *page = alloc_page(GFP_KERNEL | + __GFP_NOTRACK_FALSE_POSITIVE); + char *fs_names = page_address(page); char *p; #ifdef CONFIG_BLOCK char b[BDEVNAME_SIZE]; @@ -406,7 +407,7 @@ retry: #endif panic("VFS: Unable to mount root fs on %s", b); out: - putname(fs_names); + put_page(page); } #ifdef CONFIG_ROOT_NFS -- cgit v1.2.3-59-g8ed1b From 91a27b2a756784714e924e5e854b919273082d26 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:28 -0400 Subject: vfs: define struct filename and have getname() return it getname() is intended to copy pathname strings from userspace into a kernel buffer. The result is just a string in kernel space. It would however be quite helpful to be able to attach some ancillary info to the string. For instance, we could attach some audit-related info to reduce the amount of audit-related processing needed. When auditing is enabled, we could also call getname() on the string more than once and not need to recopy it from userspace. This patchset converts the getname()/putname() interfaces to return a struct instead of a string. For now, the struct just tracks the string in kernel space and the original userland pointer for it. Later, we'll add other information to the struct as it becomes convenient. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- arch/alpha/kernel/osf_sys.c | 16 ++--- arch/arm64/kernel/sys.c | 4 +- arch/arm64/kernel/sys_compat.c | 6 +- arch/avr32/kernel/process.c | 4 +- arch/blackfin/kernel/process.c | 4 +- arch/cris/arch-v10/kernel/process.c | 4 +- arch/cris/arch-v32/kernel/process.c | 4 +- arch/h8300/kernel/process.c | 4 +- arch/hexagon/kernel/syscall.c | 4 +- arch/ia64/kernel/process.c | 4 +- arch/m32r/kernel/process.c | 4 +- arch/microblaze/kernel/sys_microblaze.c | 4 +- arch/mips/kernel/linux32.c | 4 +- arch/mips/kernel/syscall.c | 4 +- arch/openrisc/kernel/process.c | 4 +- arch/parisc/hpux/fs.c | 4 +- arch/parisc/kernel/process.c | 4 +- arch/parisc/kernel/sys_parisc32.c | 4 +- arch/score/kernel/sys_score.c | 4 +- arch/sh/kernel/process_32.c | 4 +- arch/sh/kernel/process_64.c | 4 +- arch/sparc/kernel/process_32.c | 4 +- arch/sparc/kernel/process_64.c | 4 +- arch/sparc/kernel/sys_sparc32.c | 4 +- arch/tile/kernel/process.c | 8 +-- arch/unicore32/kernel/sys.c | 4 +- arch/xtensa/kernel/process.c | 4 +- fs/compat.c | 12 ++-- fs/exec.c | 13 ++-- fs/filesystems.c | 4 +- fs/namei.c | 108 ++++++++++++++++++++------------ fs/namespace.c | 4 +- fs/open.c | 4 +- fs/quota/quota.c | 4 +- include/linux/audit.h | 12 ++-- include/linux/fs.h | 14 ++++- ipc/mqueue.c | 13 ++-- kernel/acct.c | 4 +- kernel/auditsc.c | 64 ++++++++++--------- mm/swapfile.c | 11 ++-- 40 files changed, 218 insertions(+), 175 deletions(-) (limited to 'include') diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c index 63e77e3944ce..9eb090582cf1 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c @@ -449,7 +449,7 @@ osf_ufs_mount(char *dirname, struct ufs_args __user *args, int flags) { int retval; struct cdfs_args tmp; - char *devname; + struct filename *devname; retval = -EFAULT; if (copy_from_user(&tmp, args, sizeof(tmp))) @@ -458,7 +458,7 @@ osf_ufs_mount(char *dirname, struct ufs_args __user *args, int flags) retval = PTR_ERR(devname); if (IS_ERR(devname)) goto out; - retval = do_mount(devname, dirname, "ext2", flags, NULL); + retval = do_mount(devname->name, dirname, "ext2", flags, NULL); putname(devname); out: return retval; @@ -469,7 +469,7 @@ osf_cdfs_mount(char *dirname, struct cdfs_args __user *args, int flags) { int retval; struct cdfs_args tmp; - char *devname; + struct filename *devname; retval = -EFAULT; if (copy_from_user(&tmp, args, sizeof(tmp))) @@ -478,7 +478,7 @@ osf_cdfs_mount(char *dirname, struct cdfs_args __user *args, int flags) retval = PTR_ERR(devname); if (IS_ERR(devname)) goto out; - retval = do_mount(devname, dirname, "iso9660", flags, NULL); + retval = do_mount(devname->name, dirname, "iso9660", flags, NULL); putname(devname); out: return retval; @@ -499,7 +499,7 @@ SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, const char __user *, path, int, flag, void __user *, data) { int retval; - char *name; + struct filename *name; name = getname(path); retval = PTR_ERR(name); @@ -507,13 +507,13 @@ SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, const char __user *, path, goto out; switch (typenr) { case 1: - retval = osf_ufs_mount(name, data, flag); + retval = osf_ufs_mount(name->name, data, flag); break; case 6: - retval = osf_cdfs_mount(name, data, flag); + retval = osf_cdfs_mount(name->name, data, flag); break; case 9: - retval = osf_procfs_mount(name, data, flag); + retval = osf_procfs_mount(name->name, data, flag); break; default: retval = -EINVAL; diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c index 905fcfb0ddd0..b120df37de35 100644 --- a/arch/arm64/kernel/sys.c +++ b/arch/arm64/kernel/sys.c @@ -50,13 +50,13 @@ asmlinkage long sys_execve(const char __user *filenamei, struct pt_regs *regs) { long error; - char * filename; + struct filename *filename; filename = getname(filenamei); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: return error; diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c index 93f10e27dc79..e521087cb0c4 100644 --- a/arch/arm64/kernel/sys_compat.c +++ b/arch/arm64/kernel/sys_compat.c @@ -56,14 +56,14 @@ asmlinkage int compat_sys_execve(const char __user *filenamei, struct pt_regs *regs) { int error; - char * filename; + struct filename *filename; filename = getname(filenamei); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = compat_do_execve(filename, compat_ptr(argv), compat_ptr(envp), - regs); + error = compat_do_execve(filename->name, compat_ptr(argv), + compat_ptr(envp), regs); putname(filename); out: return error; diff --git a/arch/avr32/kernel/process.c b/arch/avr32/kernel/process.c index 92c5af98a6f7..1bb0a8abd79b 100644 --- a/arch/avr32/kernel/process.c +++ b/arch/avr32/kernel/process.c @@ -388,14 +388,14 @@ asmlinkage int sys_execve(const char __user *ufilename, struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname(ufilename); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, uargv, uenvp, regs); + error = do_execve(filename->name, uargv, uenvp, regs); putname(filename); out: diff --git a/arch/blackfin/kernel/process.c b/arch/blackfin/kernel/process.c index 62bcea7dcc6d..bb1cc721fcf7 100644 --- a/arch/blackfin/kernel/process.c +++ b/arch/blackfin/kernel/process.c @@ -213,14 +213,14 @@ asmlinkage int sys_execve(const char __user *name, const char __user *const __user *envp) { int error; - char *filename; + struct filename *filename; struct pt_regs *regs = (struct pt_regs *)((&name) + 6); filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) return error; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); return error; } diff --git a/arch/cris/arch-v10/kernel/process.c b/arch/cris/arch-v10/kernel/process.c index bee8df43c201..15ac7150371f 100644 --- a/arch/cris/arch-v10/kernel/process.c +++ b/arch/cris/arch-v10/kernel/process.c @@ -212,14 +212,14 @@ asmlinkage int sys_execve(const char *fname, struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname(fname); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: return error; diff --git a/arch/cris/arch-v32/kernel/process.c b/arch/cris/arch-v32/kernel/process.c index 0570e8ce603d..4e9992246359 100644 --- a/arch/cris/arch-v32/kernel/process.c +++ b/arch/cris/arch-v32/kernel/process.c @@ -224,7 +224,7 @@ sys_execve(const char *fname, struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname(fname); error = PTR_ERR(filename); @@ -232,7 +232,7 @@ sys_execve(const char *fname, if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: return error; diff --git a/arch/h8300/kernel/process.c b/arch/h8300/kernel/process.c index f153ed1a4c08..e8dc1393a13a 100644 --- a/arch/h8300/kernel/process.c +++ b/arch/h8300/kernel/process.c @@ -217,14 +217,14 @@ asmlinkage int sys_execve(const char *name, int dummy, ...) { int error; - char * filename; + struct filename *filename; struct pt_regs *regs = (struct pt_regs *) ((unsigned char *)&dummy-4); filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) return error; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); return error; } diff --git a/arch/hexagon/kernel/syscall.c b/arch/hexagon/kernel/syscall.c index 553cd60ee659..25a9bfe3445d 100644 --- a/arch/hexagon/kernel/syscall.c +++ b/arch/hexagon/kernel/syscall.c @@ -40,7 +40,7 @@ asmlinkage int sys_execve(char __user *ufilename, const char __user *const __user *envp) { struct pt_regs *pregs = current_thread_info()->regs; - char *filename; + struct filename *filename; int retval; filename = getname(ufilename); @@ -48,7 +48,7 @@ asmlinkage int sys_execve(char __user *ufilename, if (IS_ERR(filename)) return retval; - retval = do_execve(filename, argv, envp, pregs); + retval = do_execve(filename->name, argv, envp, pregs); putname(filename); return retval; diff --git a/arch/ia64/kernel/process.c b/arch/ia64/kernel/process.c index ee31fe9b310e..35e106f2ed13 100644 --- a/arch/ia64/kernel/process.c +++ b/arch/ia64/kernel/process.c @@ -614,14 +614,14 @@ sys_execve (const char __user *filename, const char __user *const __user *envp, struct pt_regs *regs) { - char *fname; + struct filename *fname; int error; fname = getname(filename); error = PTR_ERR(fname); if (IS_ERR(fname)) goto out; - error = do_execve(fname, argv, envp, regs); + error = do_execve(fname->name, argv, envp, regs); putname(fname); out: return error; diff --git a/arch/m32r/kernel/process.c b/arch/m32r/kernel/process.c index 384e63f3a4c4..e7366276ef30 100644 --- a/arch/m32r/kernel/process.c +++ b/arch/m32r/kernel/process.c @@ -296,14 +296,14 @@ asmlinkage int sys_execve(const char __user *ufilename, unsigned long r6, struct pt_regs regs) { int error; - char *filename; + struct filename *filename; filename = getname(ufilename); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, uargv, uenvp, ®s); + error = do_execve(filename->name, uargv, uenvp, ®s); putname(filename); out: return error; diff --git a/arch/microblaze/kernel/sys_microblaze.c b/arch/microblaze/kernel/sys_microblaze.c index e5b154f24f85..404c0f24bd41 100644 --- a/arch/microblaze/kernel/sys_microblaze.c +++ b/arch/microblaze/kernel/sys_microblaze.c @@ -54,13 +54,13 @@ asmlinkage long microblaze_execve(const char __user *filenamei, struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname(filenamei); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: return error; diff --git a/arch/mips/kernel/linux32.c b/arch/mips/kernel/linux32.c index 922a554cd108..3a21acedf882 100644 --- a/arch/mips/kernel/linux32.c +++ b/arch/mips/kernel/linux32.c @@ -83,13 +83,13 @@ out: asmlinkage int sys32_execve(nabi_no_regargs struct pt_regs regs) { int error; - char * filename; + struct filename *filename; filename = getname(compat_ptr(regs.regs[4])); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = compat_do_execve(filename, compat_ptr(regs.regs[5]), + error = compat_do_execve(filename->name, compat_ptr(regs.regs[5]), compat_ptr(regs.regs[6]), ®s); putname(filename); diff --git a/arch/mips/kernel/syscall.c b/arch/mips/kernel/syscall.c index b08220c82113..2bd561bc05ae 100644 --- a/arch/mips/kernel/syscall.c +++ b/arch/mips/kernel/syscall.c @@ -133,13 +133,13 @@ _sys_clone(nabi_no_regargs struct pt_regs regs) asmlinkage int sys_execve(nabi_no_regargs struct pt_regs regs) { int error; - char * filename; + struct filename *filename; filename = getname((const char __user *) (long)regs.regs[4]); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *) (long)regs.regs[5], (const char __user *const __user *) (long)regs.regs[6], ®s); diff --git a/arch/openrisc/kernel/process.c b/arch/openrisc/kernel/process.c index 55210f37d1a3..c35f3ab1a8d3 100644 --- a/arch/openrisc/kernel/process.c +++ b/arch/openrisc/kernel/process.c @@ -271,7 +271,7 @@ asmlinkage long _sys_execve(const char __user *name, struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname(name); error = PTR_ERR(filename); @@ -279,7 +279,7 @@ asmlinkage long _sys_execve(const char __user *name, if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c index 6785de7bd2a0..a0760b87fd4e 100644 --- a/arch/parisc/hpux/fs.c +++ b/arch/parisc/hpux/fs.c @@ -34,14 +34,14 @@ int hpux_execve(struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname((const char __user *) regs->gr[26]); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *) regs->gr[25], (const char __user *const __user *) regs->gr[24], regs); diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c index 8c6b6b6561f0..cbc37216bf90 100644 --- a/arch/parisc/kernel/process.c +++ b/arch/parisc/kernel/process.c @@ -342,13 +342,13 @@ unsigned long thread_saved_pc(struct task_struct *t) asmlinkage int sys_execve(struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname((const char __user *) regs->gr[26]); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *) regs->gr[25], (const char __user *const __user *) regs->gr[24], regs); diff --git a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c index dc9a62462323..bf5b93a885d3 100644 --- a/arch/parisc/kernel/sys_parisc32.c +++ b/arch/parisc/kernel/sys_parisc32.c @@ -60,14 +60,14 @@ asmlinkage int sys32_execve(struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; DBG(("sys32_execve(%p) r26 = 0x%lx\n", regs, regs->gr[26])); filename = getname((const char __user *) regs->gr[26]); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = compat_do_execve(filename, compat_ptr(regs->gr[25]), + error = compat_do_execve(filename->name, compat_ptr(regs->gr[25]), compat_ptr(regs->gr[24]), regs); putname(filename); out: diff --git a/arch/score/kernel/sys_score.c b/arch/score/kernel/sys_score.c index 21e867974066..d45cf00a3351 100644 --- a/arch/score/kernel/sys_score.c +++ b/arch/score/kernel/sys_score.c @@ -92,14 +92,14 @@ asmlinkage long score_execve(struct pt_regs *regs) { int error; - char *filename; + struct filename *filename; filename = getname((char __user*)regs->regs[4]); error = PTR_ERR(filename); if (IS_ERR(filename)) return error; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *)regs->regs[5], (const char __user *const __user *)regs->regs[6], regs); diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c index 59521e8a164d..ba7345f37bc9 100644 --- a/arch/sh/kernel/process_32.c +++ b/arch/sh/kernel/process_32.c @@ -298,14 +298,14 @@ asmlinkage int sys_execve(const char __user *ufilename, { struct pt_regs *regs = RELOC_HIDE(&__regs, 0); int error; - char *filename; + struct filename *filename; filename = getname(ufilename); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, uargv, uenvp, regs); + error = do_execve(filename->name, uargv, uenvp, regs); putname(filename); out: return error; diff --git a/arch/sh/kernel/process_64.c b/arch/sh/kernel/process_64.c index 602545b12a86..98a709f0c3c4 100644 --- a/arch/sh/kernel/process_64.c +++ b/arch/sh/kernel/process_64.c @@ -491,14 +491,14 @@ asmlinkage int sys_execve(const char *ufilename, char **uargv, struct pt_regs *pregs) { int error; - char *filename; + struct filename *filename; filename = getname((char __user *)ufilename); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *)uargv, (const char __user *const __user *)uenvp, pregs); diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c index 14006d8aca28..487bffb36f5e 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c @@ -482,7 +482,7 @@ int dump_fpu (struct pt_regs * regs, elf_fpregset_t * fpregs) asmlinkage int sparc_execve(struct pt_regs *regs) { int error, base = 0; - char *filename; + struct filename *filename; /* Check for indirect call. */ if(regs->u_regs[UREG_G1] == 0) @@ -492,7 +492,7 @@ asmlinkage int sparc_execve(struct pt_regs *regs) error = PTR_ERR(filename); if(IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *) regs->u_regs[base + UREG_I1], (const char __user *const __user *) diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c index aff0c72fac09..fcaa59421126 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -722,7 +722,7 @@ EXPORT_SYMBOL(dump_fpu); asmlinkage int sparc_execve(struct pt_regs *regs) { int error, base = 0; - char *filename; + struct filename *filename; /* User register window flush is done by entry.S */ @@ -734,7 +734,7 @@ asmlinkage int sparc_execve(struct pt_regs *regs) error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, + error = do_execve(filename->name, (const char __user *const __user *) regs->u_regs[base + UREG_I1], (const char __user *const __user *) diff --git a/arch/sparc/kernel/sys_sparc32.c b/arch/sparc/kernel/sys_sparc32.c index d862499eb01c..c3239811a1b5 100644 --- a/arch/sparc/kernel/sys_sparc32.c +++ b/arch/sparc/kernel/sys_sparc32.c @@ -403,7 +403,7 @@ asmlinkage long compat_sys_rt_sigaction(int sig, asmlinkage long sparc32_execve(struct pt_regs *regs) { int error, base = 0; - char *filename; + struct filename *filename; /* User register window flush is done by entry.S */ @@ -416,7 +416,7 @@ asmlinkage long sparc32_execve(struct pt_regs *regs) if (IS_ERR(filename)) goto out; - error = compat_do_execve(filename, + error = compat_do_execve(filename->name, compat_ptr(regs->u_regs[base + UREG_I1]), compat_ptr(regs->u_regs[base + UREG_I2]), regs); diff --git a/arch/tile/kernel/process.c b/arch/tile/kernel/process.c index 6be799150501..622560030a58 100644 --- a/arch/tile/kernel/process.c +++ b/arch/tile/kernel/process.c @@ -594,13 +594,13 @@ SYSCALL_DEFINE4(execve, const char __user *, path, struct pt_regs *, regs) { long error; - char *filename; + struct filename *filename; filename = getname(path); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); if (error == 0) single_step_execve(); @@ -615,13 +615,13 @@ long compat_sys_execve(const char __user *path, struct pt_regs *regs) { long error; - char *filename; + struct filename *filename; filename = getname(path); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = compat_do_execve(filename, argv, envp, regs); + error = compat_do_execve(filename->name, argv, envp, regs); putname(filename); if (error == 0) single_step_execve(); diff --git a/arch/unicore32/kernel/sys.c b/arch/unicore32/kernel/sys.c index 5fd9af773e15..fabdee96110b 100644 --- a/arch/unicore32/kernel/sys.c +++ b/arch/unicore32/kernel/sys.c @@ -51,13 +51,13 @@ asmlinkage long __sys_execve(const char __user *filename, struct pt_regs *regs) { int error; - char *fn; + struct filename *fn; fn = getname(filename); error = PTR_ERR(fn); if (IS_ERR(fn)) goto out; - error = do_execve(fn, argv, envp, regs); + error = do_execve(fn->name, argv, envp, regs); putname(fn); out: return error; diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index bc44311aa18c..bc020825cce5 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -328,13 +328,13 @@ long xtensa_execve(const char __user *name, struct pt_regs *regs) { long error; - char * filename; + struct filename *filename; filename = getname(name); error = PTR_ERR(filename); if (IS_ERR(filename)) goto out; - error = do_execve(filename, argv, envp, regs); + error = do_execve(filename->name, argv, envp, regs); putname(filename); out: return error; diff --git a/fs/compat.c b/fs/compat.c index b7a24d0ca30d..015e1e1f87c6 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -776,16 +776,16 @@ asmlinkage long compat_sys_mount(const char __user * dev_name, char *kernel_type; unsigned long data_page; char *kernel_dev; - char *dir_page; + struct filename *dir; int retval; retval = copy_mount_string(type, &kernel_type); if (retval < 0) goto out; - dir_page = getname(dir_name); - retval = PTR_ERR(dir_page); - if (IS_ERR(dir_page)) + dir = getname(dir_name); + retval = PTR_ERR(dir); + if (IS_ERR(dir)) goto out1; retval = copy_mount_string(dev_name, &kernel_dev); @@ -807,7 +807,7 @@ asmlinkage long compat_sys_mount(const char __user * dev_name, } } - retval = do_mount(kernel_dev, dir_page, kernel_type, + retval = do_mount(kernel_dev, dir->name, kernel_type, flags, (void*)data_page); out4: @@ -815,7 +815,7 @@ asmlinkage long compat_sys_mount(const char __user * dev_name, out3: kfree(kernel_dev); out2: - putname(dir_page); + putname(dir); out1: kfree(kernel_type); out: diff --git a/fs/exec.c b/fs/exec.c index ca434534ae9a..4e591e20e108 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -105,7 +105,7 @@ static inline void put_binfmt(struct linux_binfmt * fmt) SYSCALL_DEFINE1(uselib, const char __user *, library) { struct file *file; - char *tmp = getname(library); + struct filename *tmp = getname(library); int error = PTR_ERR(tmp); static const struct open_flags uselib_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, @@ -116,7 +116,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) if (IS_ERR(tmp)) goto out; - file = do_filp_open(AT_FDCWD, tmp, &uselib_flags, LOOKUP_FOLLOW); + file = do_filp_open(AT_FDCWD, tmp->name, &uselib_flags, LOOKUP_FOLLOW); putname(tmp); error = PTR_ERR(file); if (IS_ERR(file)) @@ -1664,10 +1664,10 @@ SYSCALL_DEFINE3(execve, const char __user *const __user *, argv, const char __user *const __user *, envp) { - const char *path = getname(filename); + struct filename *path = getname(filename); int error = PTR_ERR(path); if (!IS_ERR(path)) { - error = do_execve(path, argv, envp, current_pt_regs()); + error = do_execve(path->name, argv, envp, current_pt_regs()); putname(path); } return error; @@ -1677,10 +1677,11 @@ asmlinkage long compat_sys_execve(const char __user * filename, const compat_uptr_t __user * argv, const compat_uptr_t __user * envp) { - const char *path = getname(filename); + struct filename *path = getname(filename); int error = PTR_ERR(path); if (!IS_ERR(path)) { - error = compat_do_execve(path, argv, envp, current_pt_regs()); + error = compat_do_execve(path->name, argv, envp, + current_pt_regs()); putname(path); } return error; diff --git a/fs/filesystems.c b/fs/filesystems.c index 96f24286667a..da165f6adcbf 100644 --- a/fs/filesystems.c +++ b/fs/filesystems.c @@ -124,7 +124,7 @@ EXPORT_SYMBOL(unregister_filesystem); static int fs_index(const char __user * __name) { struct file_system_type * tmp; - char * name; + struct filename *name; int err, index; name = getname(__name); @@ -135,7 +135,7 @@ static int fs_index(const char __user * __name) err = -EINVAL; read_lock(&file_systems_lock); for (tmp=file_systems, index=0 ; tmp ; tmp=tmp->next, index++) { - if (strcmp(tmp->name,name) == 0) { + if (strcmp(tmp->name, name->name) == 0) { err = index; break; } diff --git a/fs/namei.c b/fs/namei.c index 9cc0fce7fc91..ec638d27642f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -117,18 +117,37 @@ * POSIX.1 2.4: an empty pathname is invalid (ENOENT). * PATH_MAX includes the nul terminator --RR. */ -static char *getname_flags(const char __user *filename, int flags, int *empty) +void final_putname(struct filename *name) { - char *result = __getname(), *err; + __putname(name->name); + kfree(name); +} + +static struct filename * +getname_flags(const char __user *filename, int flags, int *empty) +{ + struct filename *result, *err; + char *kname; int len; + /* FIXME: create dedicated slabcache? */ + result = kzalloc(sizeof(*result), GFP_KERNEL); if (unlikely(!result)) return ERR_PTR(-ENOMEM); - len = strncpy_from_user(result, filename, PATH_MAX); - err = ERR_PTR(len); - if (unlikely(len < 0)) + kname = __getname(); + if (unlikely(!kname)) { + err = ERR_PTR(-ENOMEM); + goto error_free_name; + } + + result->name = kname; + result->uptr = filename; + len = strncpy_from_user(kname, filename, PATH_MAX); + if (unlikely(len < 0)) { + err = ERR_PTR(len); goto error; + } /* The empty path is special. */ if (unlikely(!len)) { @@ -146,22 +165,25 @@ static char *getname_flags(const char __user *filename, int flags, int *empty) } error: - __putname(result); + __putname(kname); +error_free_name: + kfree(result); return err; } -char *getname(const char __user * filename) +struct filename * +getname(const char __user * filename) { return getname_flags(filename, 0, NULL); } +EXPORT_SYMBOL(getname); #ifdef CONFIG_AUDITSYSCALL -void putname(const char *name) +void putname(struct filename *name) { if (unlikely(!audit_dummy_context())) - audit_putname(name); - else - __putname(name); + return audit_putname(name); + final_putname(name); } #endif @@ -2093,13 +2115,13 @@ int user_path_at_empty(int dfd, const char __user *name, unsigned flags, struct path *path, int *empty) { struct nameidata nd; - char *tmp = getname_flags(name, flags, empty); + struct filename *tmp = getname_flags(name, flags, empty); int err = PTR_ERR(tmp); if (!IS_ERR(tmp)) { BUG_ON(flags & LOOKUP_PARENT); - err = do_path_lookup(dfd, tmp, flags, &nd); + err = do_path_lookup(dfd, tmp->name, flags, &nd); putname(tmp); if (!err) *path = nd.path; @@ -2113,22 +2135,22 @@ int user_path_at(int dfd, const char __user *name, unsigned flags, return user_path_at_empty(dfd, name, flags, path, NULL); } -static int user_path_parent(int dfd, const char __user *path, - struct nameidata *nd, char **name) +static struct filename * +user_path_parent(int dfd, const char __user *path, struct nameidata *nd) { - char *s = getname(path); + struct filename *s = getname(path); int error; if (IS_ERR(s)) - return PTR_ERR(s); + return s; - error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd); - if (error) + error = do_path_lookup(dfd, s->name, LOOKUP_PARENT, nd); + if (error) { putname(s); - else - *name = s; + return ERR_PTR(error); + } - return error; + return s; } /* @@ -3039,11 +3061,11 @@ EXPORT_SYMBOL(done_path_create); struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir) { - char *tmp = getname(pathname); + struct filename *tmp = getname(pathname); struct dentry *res; if (IS_ERR(tmp)) return ERR_CAST(tmp); - res = kern_path_create(dfd, tmp, path, is_dir); + res = kern_path_create(dfd, tmp->name, path, is_dir); putname(tmp); return res; } @@ -3248,13 +3270,13 @@ out: static long do_rmdir(int dfd, const char __user *pathname) { int error = 0; - char * name; + struct filename *name; struct dentry *dentry; struct nameidata nd; - error = user_path_parent(dfd, pathname, &nd, &name); - if (error) - return error; + name = user_path_parent(dfd, pathname, &nd); + if (IS_ERR(name)) + return PTR_ERR(name); switch(nd.last_type) { case LAST_DOTDOT: @@ -3343,14 +3365,14 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry) static long do_unlinkat(int dfd, const char __user *pathname) { int error; - char *name; + struct filename *name; struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; - error = user_path_parent(dfd, pathname, &nd, &name); - if (error) - return error; + name = user_path_parent(dfd, pathname, &nd); + if (IS_ERR(name)) + return PTR_ERR(name); error = -EISDIR; if (nd.last_type != LAST_NORM) @@ -3434,7 +3456,7 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, int, newdfd, const char __user *, newname) { int error; - char *from; + struct filename *from; struct dentry *dentry; struct path path; @@ -3447,9 +3469,9 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, if (IS_ERR(dentry)) goto out_putname; - error = security_path_symlink(&path, dentry, from); + error = security_path_symlink(&path, dentry, from->name); if (!error) - error = vfs_symlink(path.dentry->d_inode, dentry, from); + error = vfs_symlink(path.dentry->d_inode, dentry, from->name); done_path_create(&path, dentry); out_putname: putname(from); @@ -3729,17 +3751,21 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, struct dentry *old_dentry, *new_dentry; struct dentry *trap; struct nameidata oldnd, newnd; - char *from; - char *to; + struct filename *from; + struct filename *to; int error; - error = user_path_parent(olddfd, oldname, &oldnd, &from); - if (error) + from = user_path_parent(olddfd, oldname, &oldnd); + if (IS_ERR(from)) { + error = PTR_ERR(from); goto exit; + } - error = user_path_parent(newdfd, newname, &newnd, &to); - if (error) + to = user_path_parent(newdfd, newname, &newnd); + if (IS_ERR(to)) { + error = PTR_ERR(to); goto exit1; + } error = -EXDEV; if (oldnd.path.mnt != newnd.path.mnt) diff --git a/fs/namespace.c b/fs/namespace.c index fc33207e28ad..24960626bb6b 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2408,7 +2408,7 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, { int ret; char *kernel_type; - char *kernel_dir; + struct filename *kernel_dir; char *kernel_dev; unsigned long data_page; @@ -2430,7 +2430,7 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, if (ret < 0) goto out_data; - ret = do_mount(kernel_dev, kernel_dir, kernel_type, flags, + ret = do_mount(kernel_dev, kernel_dir->name, kernel_type, flags, (void *) data_page); free_page(data_page); diff --git a/fs/open.c b/fs/open.c index a015437e1535..81dd92ac10ff 100644 --- a/fs/open.c +++ b/fs/open.c @@ -895,13 +895,13 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) { struct open_flags op; int lookup = build_open_flags(flags, mode, &op); - char *tmp = getname(filename); + struct filename *tmp = getname(filename); int fd = PTR_ERR(tmp); if (!IS_ERR(tmp)) { fd = get_unused_fd_flags(flags); if (fd >= 0) { - struct file *f = do_filp_open(dfd, tmp, &op, lookup); + struct file *f = do_filp_open(dfd, tmp->name, &op, lookup); if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); diff --git a/fs/quota/quota.c b/fs/quota/quota.c index ff0135d6bc51..af1661f7a54f 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -331,11 +331,11 @@ static struct super_block *quotactl_block(const char __user *special, int cmd) #ifdef CONFIG_BLOCK struct block_device *bdev; struct super_block *sb; - char *tmp = getname(special); + struct filename *tmp = getname(special); if (IS_ERR(tmp)) return ERR_CAST(tmp); - bdev = lookup_bdev(tmp); + bdev = lookup_bdev(tmp->name); putname(tmp); if (IS_ERR(bdev)) return ERR_CAST(bdev); diff --git a/include/linux/audit.h b/include/linux/audit.h index 3df643d1ac5b..94d29164803f 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -460,6 +460,8 @@ extern int audit_classify_arch(int arch); #define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ #define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ +struct filename; + #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ /* Public API */ @@ -469,8 +471,8 @@ extern void __audit_syscall_entry(int arch, int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); -extern void __audit_getname(const char *name); -extern void audit_putname(const char *name); +extern void __audit_getname(struct filename *name); +extern void audit_putname(struct filename *name); extern void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent); extern void __audit_inode_child(const struct inode *parent, @@ -505,7 +507,7 @@ static inline void audit_syscall_exit(void *pt_regs) __audit_syscall_exit(success, return_code); } } -static inline void audit_getname(const char *name) +static inline void audit_getname(struct filename *name) { if (unlikely(!audit_dummy_context())) __audit_getname(name); @@ -663,9 +665,9 @@ static inline int audit_dummy_context(void) { return 1; } -static inline void audit_getname(const char *name) +static inline void audit_getname(struct filename *name) { } -static inline void audit_putname(const char *name) +static inline void audit_putname(struct filename *name) { } static inline void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) diff --git a/include/linux/fs.h b/include/linux/fs.h index b44b4ca82164..6c93b46f46dc 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2196,6 +2196,10 @@ static inline int break_lease(struct inode *inode, unsigned int mode) #endif /* CONFIG_FILE_LOCKING */ /* fs/open.c */ +struct filename { + const char *name; /* pointer to actual string */ + const __user char *uptr; /* original userland pointer */ +}; extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, struct file *filp); @@ -2208,7 +2212,9 @@ extern struct file *file_open_root(struct dentry *, struct vfsmount *, const char *, int); extern struct file * dentry_open(const struct path *, int, const struct cred *); extern int filp_close(struct file *, fl_owner_t id); -extern char * getname(const char __user *); + +extern struct filename *getname(const char __user *); + enum { FILE_CREATED = 1, FILE_OPENED = 2 @@ -2228,12 +2234,14 @@ extern void __init vfs_caches_init(unsigned long); extern struct kmem_cache *names_cachep; +extern void final_putname(struct filename *name); + #define __getname() kmem_cache_alloc(names_cachep, GFP_KERNEL) #define __putname(name) kmem_cache_free(names_cachep, (void *)(name)) #ifndef CONFIG_AUDITSYSCALL -#define putname(name) __putname(name) +#define putname(name) final_putname(name) #else -extern void putname(const char *name); +extern void putname(struct filename *name); #endif #ifdef CONFIG_BLOCK diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 9553ed006042..6c5d9dcc9030 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -772,7 +772,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, { struct path path; struct file *filp; - char *name; + struct filename *name; struct mq_attr attr; int fd, error; struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns; @@ -795,7 +795,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, ro = mnt_want_write(mnt); /* we'll drop it in any case */ error = 0; mutex_lock(&root->d_inode->i_mutex); - path.dentry = lookup_one_len(name, root, strlen(name)); + path.dentry = lookup_one_len(name->name, root, strlen(name->name)); if (IS_ERR(path.dentry)) { error = PTR_ERR(path.dentry); goto out_putfd; @@ -804,7 +804,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, if (oflag & O_CREAT) { if (path.dentry->d_inode) { /* entry already exists */ - audit_inode(name, path.dentry, 0); + audit_inode(name->name, path.dentry, 0); if (oflag & O_EXCL) { error = -EEXIST; goto out; @@ -824,7 +824,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, error = -ENOENT; goto out; } - audit_inode(name, path.dentry, 0); + audit_inode(name->name, path.dentry, 0); filp = do_open(&path, oflag); } @@ -849,7 +849,7 @@ out_putname: SYSCALL_DEFINE1(mq_unlink, const char __user *, u_name) { int err; - char *name; + struct filename *name; struct dentry *dentry; struct inode *inode = NULL; struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns; @@ -863,7 +863,8 @@ SYSCALL_DEFINE1(mq_unlink, const char __user *, u_name) if (err) goto out_name; mutex_lock_nested(&mnt->mnt_root->d_inode->i_mutex, I_MUTEX_PARENT); - dentry = lookup_one_len(name, mnt->mnt_root, strlen(name)); + dentry = lookup_one_len(name->name, mnt->mnt_root, + strlen(name->name)); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); goto out_unlock; diff --git a/kernel/acct.c b/kernel/acct.c index 5be01017d30f..08354195eecc 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -260,10 +260,10 @@ SYSCALL_DEFINE1(acct, const char __user *, name) return -EPERM; if (name) { - char *tmp = getname(name); + struct filename *tmp = getname(name); if (IS_ERR(tmp)) return (PTR_ERR(tmp)); - error = acct_on(tmp); + error = acct_on(tmp->name); putname(tmp); } else { struct bsd_acct_struct *acct; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d147585e9ef3..d4d82319eed5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -103,28 +103,29 @@ struct audit_cap_data { * we don't let putname() free it (instead we free all of the saved * pointers at syscall exit time). * - * Further, in fs/namei.c:path_lookup() we store the inode and device. */ + * Further, in fs/namei.c:path_lookup() we store the inode and device. + */ struct audit_names { - struct list_head list; /* audit_context->names_list */ - const char *name; - unsigned long ino; - dev_t dev; - umode_t mode; - kuid_t uid; - kgid_t gid; - dev_t rdev; - u32 osid; - struct audit_cap_data fcap; - unsigned int fcap_ver; - int name_len; /* number of name's characters to log */ - unsigned char type; /* record type */ - bool name_put; /* call __putname() for this name */ + struct list_head list; /* audit_context->names_list */ + struct filename *name; + unsigned long ino; + dev_t dev; + umode_t mode; + kuid_t uid; + kgid_t gid; + dev_t rdev; + u32 osid; + struct audit_cap_data fcap; + unsigned int fcap_ver; + int name_len; /* number of name's characters to log */ + unsigned char type; /* record type */ + bool name_put; /* call __putname() for this name */ /* * This was an allocated audit_names and not from the array of * names allocated in the task audit context. Thus this name * should be freed on syscall exit */ - bool should_free; + bool should_free; }; struct audit_aux_data { @@ -996,7 +997,7 @@ static inline void audit_free_names(struct audit_context *context) context->ino_count); list_for_each_entry(n, &context->names_list, list) { printk(KERN_ERR "names[%d] = %p = %s\n", i, - n->name, n->name ?: "(null)"); + n->name, n->name->name ?: "(null)"); } dump_stack(); return; @@ -1553,7 +1554,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, case AUDIT_NAME_FULL: /* log the full path */ audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, n->name); + audit_log_untrustedstring(ab, n->name->name); break; case 0: /* name was specified as a relative path and the @@ -1563,7 +1564,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, default: /* log the name's directory component */ audit_log_format(ab, " name="); - audit_log_n_untrustedstring(ab, n->name, + audit_log_n_untrustedstring(ab, n->name->name, n->name_len); } } else @@ -2026,7 +2027,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context, * Add a name to the list of audit names for this context. * Called from fs/namei.c:getname(). */ -void __audit_getname(const char *name) +void __audit_getname(struct filename *name) { struct audit_context *context = current->audit_context; struct audit_names *n; @@ -2040,6 +2041,11 @@ void __audit_getname(const char *name) return; } +#if AUDIT_DEBUG + /* The filename _must_ have a populated ->name */ + BUG_ON(!name->name); +#endif + n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); if (!n) return; @@ -2059,7 +2065,7 @@ void __audit_getname(const char *name) * then we delay the putname until syscall exit. * Called from include/linux/fs.h:putname(). */ -void audit_putname(const char *name) +void audit_putname(struct filename *name) { struct audit_context *context = current->audit_context; @@ -2074,7 +2080,7 @@ void audit_putname(const char *name) list_for_each_entry(n, &context->names_list, list) printk(KERN_ERR "name[%d] = %p = %s\n", i, - n->name, n->name ?: "(null)"); + n->name, n->name->name ?: "(null)"); } #endif __putname(name); @@ -2088,8 +2094,8 @@ void audit_putname(const char *name) " put_count=%d\n", __FILE__, __LINE__, context->serial, context->major, - context->in_syscall, name, context->name_count, - context->put_count); + context->in_syscall, name->name, + context->name_count, context->put_count); dump_stack(); } } @@ -2152,7 +2158,7 @@ void __audit_inode(const char *name, const struct dentry *dentry, list_for_each_entry_reverse(n, &context->names_list, list) { /* does the name pointer match? */ - if (n->name != name) + if (!n->name || n->name->name != name) continue; /* match the correct record type */ @@ -2175,7 +2181,7 @@ out_alloc: return; out: if (parent) { - n->name_len = n->name ? parent_len(n->name) : AUDIT_NAME_FULL; + n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL; n->type = AUDIT_TYPE_PARENT; } else { n->name_len = AUDIT_NAME_FULL; @@ -2220,7 +2226,7 @@ void __audit_inode_child(const struct inode *parent, continue; if (n->ino == parent->i_ino && - !audit_compare_dname_path(dname, n->name, n->name_len)) { + !audit_compare_dname_path(dname, n->name->name, n->name_len)) { found_parent = n; break; } @@ -2236,8 +2242,8 @@ void __audit_inode_child(const struct inode *parent, if (found_parent && (n->name != found_parent->name)) continue; - if (!strcmp(dname, n->name) || - !audit_compare_dname_path(dname, n->name, + if (!strcmp(dname, n->name->name) || + !audit_compare_dname_path(dname, n->name->name, found_parent ? found_parent->name_len : AUDIT_NAME_FULL)) { diff --git a/mm/swapfile.c b/mm/swapfile.c index 14e254c768fc..90d2ed591de9 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1483,7 +1483,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) struct file *swap_file, *victim; struct address_space *mapping; struct inode *inode; - char *pathname; + struct filename *pathname; int oom_score_adj; int i, type, prev; int err; @@ -1498,8 +1498,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) if (IS_ERR(pathname)) goto out; - victim = filp_open(pathname, O_RDWR|O_LARGEFILE, 0); - putname(pathname); + victim = filp_open(pathname->name, O_RDWR|O_LARGEFILE, 0); err = PTR_ERR(victim); if (IS_ERR(victim)) goto out; @@ -1936,7 +1935,7 @@ static int setup_swap_map_and_extents(struct swap_info_struct *p, SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) { struct swap_info_struct *p; - char *name; + struct filename *name; struct file *swap_file = NULL; struct address_space *mapping; int i; @@ -1967,7 +1966,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) name = NULL; goto bad_swap; } - swap_file = filp_open(name, O_RDWR|O_LARGEFILE, 0); + swap_file = filp_open(name->name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(swap_file)) { error = PTR_ERR(swap_file); swap_file = NULL; @@ -2053,7 +2052,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) printk(KERN_INFO "Adding %uk swap on %s. " "Priority:%d extents:%d across:%lluk %s%s%s\n", - p->pages<<(PAGE_SHIFT-10), name, p->prio, + p->pages<<(PAGE_SHIFT-10), name->name, p->prio, nr_extents, (unsigned long long)span<<(PAGE_SHIFT-10), (p->flags & SWP_SOLIDSTATE) ? "SS" : "", (p->flags & SWP_DISCARDABLE) ? "D" : "", -- cgit v1.2.3-59-g8ed1b From 7ac86265dc8f665cc49d6e60a125e608cd2fca14 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:28 -0400 Subject: audit: allow audit code to satisfy getname requests from its names_list Currently, if we call getname() on a userland string more than once, we'll get multiple copies of the string and multiple audit_names records. Add a function that will allow the audit_names code to satisfy getname requests using info from the audit_names list, avoiding a new allocation and audit_names records. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/namei.c | 4 ++++ include/linux/audit.h | 11 +++++++++++ kernel/auditsc.c | 23 +++++++++++++++++++++++ 3 files changed, 38 insertions(+) (limited to 'include') diff --git a/fs/namei.c b/fs/namei.c index ec638d27642f..5dbc3f836934 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -130,6 +130,10 @@ getname_flags(const char __user *filename, int flags, int *empty) char *kname; int len; + result = audit_reusename(filename); + if (result) + return result; + /* FIXME: create dedicated slabcache? */ result = kzalloc(sizeof(*result), GFP_KERNEL); if (unlikely(!result)) diff --git a/include/linux/audit.h b/include/linux/audit.h index 94d29164803f..d5d7952ab7d8 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -471,6 +471,7 @@ extern void __audit_syscall_entry(int arch, int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); +extern struct filename *__audit_reusename(const __user char *uptr); extern void __audit_getname(struct filename *name); extern void audit_putname(struct filename *name); extern void __audit_inode(const char *name, const struct dentry *dentry, @@ -507,6 +508,12 @@ static inline void audit_syscall_exit(void *pt_regs) __audit_syscall_exit(success, return_code); } } +static inline struct filename *audit_reusename(const __user char *name) +{ + if (unlikely(!audit_dummy_context())) + return __audit_reusename(name); + return NULL; +} static inline void audit_getname(struct filename *name) { if (unlikely(!audit_dummy_context())) @@ -665,6 +672,10 @@ static inline int audit_dummy_context(void) { return 1; } +static inline struct filename *audit_reusename(const __user char *name) +{ + return NULL; +} static inline void audit_getname(struct filename *name) { } static inline void audit_putname(struct filename *name) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d4d82319eed5..521163a5d65f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2020,6 +2020,29 @@ static struct audit_names *audit_alloc_name(struct audit_context *context, return aname; } +/** + * audit_reusename - fill out filename with info from existing entry + * @uptr: userland ptr to pathname + * + * Search the audit_names list for the current audit context. If there is an + * existing entry with a matching "uptr" then return the filename + * associated with that audit_name. If not, return NULL. + */ +struct filename * +__audit_reusename(const __user char *uptr) +{ + struct audit_context *context = current->audit_context; + struct audit_names *n; + + list_for_each_entry(n, &context->names_list, list) { + if (!n->name) + continue; + if (n->name->uptr == uptr) + return n->name; + } + return NULL; +} + /** * audit_getname - add a name to the list * @name: name to add -- cgit v1.2.3-59-g8ed1b From 669abf4e5539c8aa48bf28c965be05c0a7b58a27 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 16:43:10 -0400 Subject: vfs: make path_openat take a struct filename pointer ...and fix up the callers. For do_file_open_root, just declare a struct filename on the stack and fill out the .name field. For do_filp_open, make it also take a struct filename pointer, and fix up its callers to call it appropriately. For filp_open, add a variant that takes a struct filename pointer and turn filp_open into a wrapper around it. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/exec.c | 5 +++-- fs/internal.h | 4 ++-- fs/namei.c | 18 ++++++++++-------- fs/open.c | 25 +++++++++++++++++++++---- include/linux/fs.h | 1 + kernel/acct.c | 6 +++--- mm/swapfile.c | 4 ++-- 7 files changed, 42 insertions(+), 21 deletions(-) (limited to 'include') diff --git a/fs/exec.c b/fs/exec.c index 4e591e20e108..8b9011b67041 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -116,7 +116,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) if (IS_ERR(tmp)) goto out; - file = do_filp_open(AT_FDCWD, tmp->name, &uselib_flags, LOOKUP_FOLLOW); + file = do_filp_open(AT_FDCWD, tmp, &uselib_flags, LOOKUP_FOLLOW); putname(tmp); error = PTR_ERR(file); if (IS_ERR(file)) @@ -751,13 +751,14 @@ struct file *open_exec(const char *name) { struct file *file; int err; + struct filename tmp = { .name = name }; static const struct open_flags open_exec_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, .acc_mode = MAY_EXEC | MAY_OPEN, .intent = LOOKUP_OPEN }; - file = do_filp_open(AT_FDCWD, name, &open_exec_flags, LOOKUP_FOLLOW); + file = do_filp_open(AT_FDCWD, &tmp, &open_exec_flags, LOOKUP_FOLLOW); if (IS_ERR(file)) goto out; diff --git a/fs/internal.h b/fs/internal.h index 371bcc4b1697..916b7cbf3e3e 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -97,8 +97,8 @@ struct open_flags { int acc_mode; int intent; }; -extern struct file *do_filp_open(int dfd, const char *pathname, - const struct open_flags *op, int lookup_flags); +extern struct file *do_filp_open(int dfd, struct filename *pathname, + const struct open_flags *op, int flags); extern struct file *do_file_open_root(struct dentry *, struct vfsmount *, const char *, const struct open_flags *, int lookup_flags); diff --git a/fs/namei.c b/fs/namei.c index 8c14353fb750..6bbd8fdfb1f5 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2662,7 +2662,7 @@ out_dput: */ static int do_last(struct nameidata *nd, struct path *path, struct file *file, const struct open_flags *op, - int *opened, const char *pathname) + int *opened, struct filename *name) { struct dentry *dir = nd->path.dentry; int open_flag = op->open_flag; @@ -2674,6 +2674,7 @@ static int do_last(struct nameidata *nd, struct path *path, struct path save_parent = { .dentry = NULL, .mnt = NULL }; bool retried = false; int error; + const char *pathname = name->name; nd->flags &= ~LOOKUP_PARENT; nd->flags |= op->intent; @@ -2908,7 +2909,7 @@ stale_open: goto retry_lookup; } -static struct file *path_openat(int dfd, const char *pathname, +static struct file *path_openat(int dfd, struct filename *pathname, struct nameidata *nd, const struct open_flags *op, int flags) { struct file *base = NULL; @@ -2923,12 +2924,12 @@ static struct file *path_openat(int dfd, const char *pathname, file->f_flags = op->open_flag; - error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base); + error = path_init(dfd, pathname->name, flags | LOOKUP_PARENT, nd, &base); if (unlikely(error)) goto out; current->total_link_count = 0; - error = link_path_walk(pathname, nd); + error = link_path_walk(pathname->name, nd); if (unlikely(error)) goto out; @@ -2974,7 +2975,7 @@ out: return file; } -struct file *do_filp_open(int dfd, const char *pathname, +struct file *do_filp_open(int dfd, struct filename *pathname, const struct open_flags *op, int flags) { struct nameidata nd; @@ -2993,6 +2994,7 @@ struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt, { struct nameidata nd; struct file *file; + struct filename filename = { .name = name }; nd.root.mnt = mnt; nd.root.dentry = dentry; @@ -3002,11 +3004,11 @@ struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt, if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN) return ERR_PTR(-ELOOP); - file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU); + file = path_openat(-1, &filename, &nd, op, flags | LOOKUP_RCU); if (unlikely(file == ERR_PTR(-ECHILD))) - file = path_openat(-1, name, &nd, op, flags); + file = path_openat(-1, &filename, &nd, op, flags); if (unlikely(file == ERR_PTR(-ESTALE))) - file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL); + file = path_openat(-1, &filename, &nd, op, flags | LOOKUP_REVAL); return file; } diff --git a/fs/open.c b/fs/open.c index 81dd92ac10ff..59071f55bf7f 100644 --- a/fs/open.c +++ b/fs/open.c @@ -858,6 +858,24 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o return lookup_flags; } +/** + * file_open_name - open file and return file pointer + * + * @name: struct filename containing path to open + * @flags: open flags as per the open(2) second argument + * @mode: mode for the new file if O_CREAT is set, else ignored + * + * This is the helper to open a file from kernelspace if you really + * have to. But in generally you should not do this, so please move + * along, nothing to see here.. + */ +struct file *file_open_name(struct filename *name, int flags, umode_t mode) +{ + struct open_flags op; + int lookup = build_open_flags(flags, mode, &op); + return do_filp_open(AT_FDCWD, name, &op, lookup); +} + /** * filp_open - open file and return file pointer * @@ -871,9 +889,8 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o */ struct file *filp_open(const char *filename, int flags, umode_t mode) { - struct open_flags op; - int lookup = build_open_flags(flags, mode, &op); - return do_filp_open(AT_FDCWD, filename, &op, lookup); + struct filename name = {.name = filename}; + return file_open_name(&name, flags, mode); } EXPORT_SYMBOL(filp_open); @@ -901,7 +918,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) if (!IS_ERR(tmp)) { fd = get_unused_fd_flags(flags); if (fd >= 0) { - struct file *f = do_filp_open(dfd, tmp->name, &op, lookup); + struct file *f = do_filp_open(dfd, tmp, &op, lookup); if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); diff --git a/include/linux/fs.h b/include/linux/fs.h index 6c93b46f46dc..b6b10e7f0ac0 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2207,6 +2207,7 @@ extern int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len); extern long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode); +extern struct file *file_open_name(struct filename *, int, umode_t); extern struct file *filp_open(const char *, int, umode_t); extern struct file *file_open_root(struct dentry *, struct vfsmount *, const char *, int); diff --git a/kernel/acct.c b/kernel/acct.c index 08354195eecc..051e071a06e7 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -193,7 +193,7 @@ static void acct_file_reopen(struct bsd_acct_struct *acct, struct file *file, } } -static int acct_on(const char *name) +static int acct_on(struct filename *pathname) { struct file *file; struct vfsmount *mnt; @@ -201,7 +201,7 @@ static int acct_on(const char *name) struct bsd_acct_struct *acct = NULL; /* Difference from BSD - they don't do O_APPEND */ - file = filp_open(name, O_WRONLY|O_APPEND|O_LARGEFILE, 0); + file = file_open_name(pathname, O_WRONLY|O_APPEND|O_LARGEFILE, 0); if (IS_ERR(file)) return PTR_ERR(file); @@ -263,7 +263,7 @@ SYSCALL_DEFINE1(acct, const char __user *, name) struct filename *tmp = getname(name); if (IS_ERR(tmp)) return (PTR_ERR(tmp)); - error = acct_on(tmp->name); + error = acct_on(tmp); putname(tmp); } else { struct bsd_acct_struct *acct; diff --git a/mm/swapfile.c b/mm/swapfile.c index 90d2ed591de9..71cd288b2001 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1498,7 +1498,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) if (IS_ERR(pathname)) goto out; - victim = filp_open(pathname->name, O_RDWR|O_LARGEFILE, 0); + victim = file_open_name(pathname, O_RDWR|O_LARGEFILE, 0); err = PTR_ERR(victim); if (IS_ERR(victim)) goto out; @@ -1966,7 +1966,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) name = NULL; goto bad_swap; } - swap_file = filp_open(name->name, O_RDWR|O_LARGEFILE, 0); + swap_file = file_open_name(name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(swap_file)) { error = PTR_ERR(swap_file); swap_file = NULL; -- cgit v1.2.3-59-g8ed1b From adb5c2473d3f91526c79db972aafb20a56d3fbb3 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 16:43:13 -0400 Subject: audit: make audit_inode take struct filename Keep a pointer to the audit_names "slot" in struct filename. Have all of the audit_inode callers pass a struct filename ponter to audit_inode instead of a string pointer. If the aname field is already populated, then we can skip walking the list altogether and just use it directly. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/namei.c | 16 +++++++--------- include/linux/audit.h | 10 ++++++---- include/linux/fs.h | 6 ++++-- ipc/mqueue.c | 4 ++-- kernel/auditsc.c | 25 +++++++++++++++++++++++-- 5 files changed, 42 insertions(+), 19 deletions(-) (limited to 'include') diff --git a/fs/namei.c b/fs/namei.c index 6bbd8fdfb1f5..80b162b142f9 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1999,8 +1999,7 @@ static int filename_lookup(int dfd, struct filename *name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) - audit_inode(name->name, nd->path.dentry, - flags & LOOKUP_PARENT); + audit_inode(name, nd->path.dentry, flags & LOOKUP_PARENT); return retval; } @@ -2674,7 +2673,6 @@ static int do_last(struct nameidata *nd, struct path *path, struct path save_parent = { .dentry = NULL, .mnt = NULL }; bool retried = false; int error; - const char *pathname = name->name; nd->flags &= ~LOOKUP_PARENT; nd->flags |= op->intent; @@ -2690,7 +2688,7 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; - audit_inode(pathname, nd->path.dentry, 0); + audit_inode(name, nd->path.dentry, 0); if (open_flag & O_CREAT) { error = -EISDIR; goto out; @@ -2700,7 +2698,7 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; - audit_inode(pathname, dir, 0); + audit_inode(name, dir, 0); goto finish_open; } @@ -2729,7 +2727,7 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; - audit_inode(pathname, dir, 0); + audit_inode(name, dir, 0); error = -EISDIR; /* trailing slashes? */ if (nd->last.name[nd->last.len]) @@ -2759,7 +2757,7 @@ retry_lookup: !S_ISREG(file->f_path.dentry->d_inode->i_mode)) will_truncate = false; - audit_inode(pathname, file->f_path.dentry, 0); + audit_inode(name, file->f_path.dentry, 0); goto opened; } @@ -2776,7 +2774,7 @@ retry_lookup: * create/update audit record if it already exists. */ if (path->dentry->d_inode) - audit_inode(pathname, path->dentry, 0); + audit_inode(name, path->dentry, 0); /* * If atomic_open() acquired write access it is dropped now due to @@ -2841,7 +2839,7 @@ finish_lookup: error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !nd->inode->i_op->lookup) goto out; - audit_inode(pathname, nd->path.dentry, 0); + audit_inode(name, nd->path.dentry, 0); finish_open: if (!S_ISREG(nd->inode->i_mode)) will_truncate = false; diff --git a/include/linux/audit.h b/include/linux/audit.h index d5d7952ab7d8..e5884f950b4b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -474,7 +474,7 @@ extern void __audit_syscall_exit(int ret_success, long ret_value); extern struct filename *__audit_reusename(const __user char *uptr); extern void __audit_getname(struct filename *name); extern void audit_putname(struct filename *name); -extern void __audit_inode(const char *name, const struct dentry *dentry, +extern void __audit_inode(struct filename *name, const struct dentry *dentry, unsigned int parent); extern void __audit_inode_child(const struct inode *parent, const struct dentry *dentry, @@ -519,7 +519,7 @@ static inline void audit_getname(struct filename *name) if (unlikely(!audit_dummy_context())) __audit_getname(name); } -static inline void audit_inode(const char *name, const struct dentry *dentry, +static inline void audit_inode(struct filename *name, const struct dentry *dentry, unsigned int parent) { if (unlikely(!audit_dummy_context())) __audit_inode(name, dentry, parent); @@ -680,14 +680,16 @@ static inline void audit_getname(struct filename *name) { } static inline void audit_putname(struct filename *name) { } -static inline void __audit_inode(const char *name, const struct dentry *dentry, +static inline void __audit_inode(struct filename *name, + const struct dentry *dentry, unsigned int parent) { } static inline void __audit_inode_child(const struct inode *parent, const struct dentry *dentry, const unsigned char type) { } -static inline void audit_inode(const char *name, const struct dentry *dentry, +static inline void audit_inode(struct filename *name, + const struct dentry *dentry, unsigned int parent) { } static inline void audit_inode_child(const struct inode *parent, diff --git a/include/linux/fs.h b/include/linux/fs.h index b6b10e7f0ac0..4aa7160a51ce 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2196,9 +2196,11 @@ static inline int break_lease(struct inode *inode, unsigned int mode) #endif /* CONFIG_FILE_LOCKING */ /* fs/open.c */ +struct audit_names; struct filename { - const char *name; /* pointer to actual string */ - const __user char *uptr; /* original userland pointer */ + const char *name; /* pointer to actual string */ + const __user char *uptr; /* original userland pointer */ + struct audit_names *aname; }; extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 6c5d9dcc9030..71a3ca18c873 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -804,7 +804,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, if (oflag & O_CREAT) { if (path.dentry->d_inode) { /* entry already exists */ - audit_inode(name->name, path.dentry, 0); + audit_inode(name, path.dentry, 0); if (oflag & O_EXCL) { error = -EEXIST; goto out; @@ -824,7 +824,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, umode_t, mode, error = -ENOENT; goto out; } - audit_inode(name->name, path.dentry, 0); + audit_inode(name, path.dentry, 0); filp = do_open(&path, oflag); } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 521163a5d65f..2f186ed80c40 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2076,6 +2076,7 @@ void __audit_getname(struct filename *name) n->name = name; n->name_len = AUDIT_NAME_FULL; n->name_put = true; + name->aname = n; if (!context->pwd.dentry) get_fs_pwd(current->fs, &context->pwd); @@ -2166,7 +2167,7 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dent * @dentry: dentry being audited * @parent: does this dentry represent the parent? */ -void __audit_inode(const char *name, const struct dentry *dentry, +void __audit_inode(struct filename *name, const struct dentry *dentry, unsigned int parent) { struct audit_context *context = current->audit_context; @@ -2179,9 +2180,29 @@ void __audit_inode(const char *name, const struct dentry *dentry, if (!name) goto out_alloc; +#if AUDIT_DEBUG + /* The struct filename _must_ have a populated ->name */ + BUG_ON(!name->name); +#endif + /* + * If we have a pointer to an audit_names entry already, then we can + * just use it directly if the type is correct. + */ + n = name->aname; + if (n) { + if (parent) { + if (n->type == AUDIT_TYPE_PARENT || + n->type == AUDIT_TYPE_UNKNOWN) + goto out; + } else { + if (n->type != AUDIT_TYPE_PARENT) + goto out; + } + } + list_for_each_entry_reverse(n, &context->names_list, list) { /* does the name pointer match? */ - if (!n->name || n->name->name != name) + if (!n->name || n->name->name != name->name) continue; /* match the correct record type */ -- cgit v1.2.3-59-g8ed1b From 7950e3852ab86826b7349a535d2e8b0000340d7f Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 16:43:13 -0400 Subject: vfs: embed struct filename inside of names_cache allocation if possible In the common case where a name is much smaller than PATH_MAX, an extra allocation for struct filename is unnecessary. Before allocating a separate one, try to embed the struct filename inside the buffer first. If it turns out that that's not long enough, then fall back to allocating a separate struct filename and redoing the copy. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- fs/namei.c | 69 ++++++++++++++++++++++++++++++++++++++---------------- include/linux/fs.h | 1 + 2 files changed, 50 insertions(+), 20 deletions(-) (limited to 'include') diff --git a/fs/namei.c b/fs/namei.c index 80b162b142f9..d1895f308156 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -119,40 +119,69 @@ */ void final_putname(struct filename *name) { - __putname(name->name); - kfree(name); + if (name->separate) { + __putname(name->name); + kfree(name); + } else { + __putname(name); + } } +#define EMBEDDED_NAME_MAX (PATH_MAX - sizeof(struct filename)) + static struct filename * getname_flags(const char __user *filename, int flags, int *empty) { struct filename *result, *err; - char *kname; int len; + long max; + char *kname; result = audit_reusename(filename); if (result) return result; - /* FIXME: create dedicated slabcache? */ - result = kzalloc(sizeof(*result), GFP_KERNEL); + result = __getname(); if (unlikely(!result)) return ERR_PTR(-ENOMEM); - kname = __getname(); - if (unlikely(!kname)) { - err = ERR_PTR(-ENOMEM); - goto error_free_name; - } - + /* + * First, try to embed the struct filename inside the names_cache + * allocation + */ + kname = (char *)result + sizeof(*result); result->name = kname; - result->uptr = filename; - len = strncpy_from_user(kname, filename, PATH_MAX); + result->separate = false; + max = EMBEDDED_NAME_MAX; + +recopy: + len = strncpy_from_user(kname, filename, max); if (unlikely(len < 0)) { err = ERR_PTR(len); goto error; } + /* + * Uh-oh. We have a name that's approaching PATH_MAX. Allocate a + * separate struct filename so we can dedicate the entire + * names_cache allocation for the pathname, and re-do the copy from + * userland. + */ + if (len == EMBEDDED_NAME_MAX && max == EMBEDDED_NAME_MAX) { + kname = (char *)result; + + result = kzalloc(sizeof(*result), GFP_KERNEL); + if (!result) { + err = ERR_PTR(-ENOMEM); + result = (struct filename *)kname; + goto error; + } + result->name = kname; + result->separate = true; + max = PATH_MAX; + goto recopy; + } + /* The empty path is special. */ if (unlikely(!len)) { if (empty) @@ -163,15 +192,15 @@ getname_flags(const char __user *filename, int flags, int *empty) } err = ERR_PTR(-ENAMETOOLONG); - if (likely(len < PATH_MAX)) { - audit_getname(result); - return result; - } + if (unlikely(len >= PATH_MAX)) + goto error; + + result->uptr = filename; + audit_getname(result); + return result; error: - __putname(kname); -error_free_name: - kfree(result); + final_putname(result); return err; } diff --git a/include/linux/fs.h b/include/linux/fs.h index 4aa7160a51ce..65fbf571023f 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2201,6 +2201,7 @@ struct filename { const char *name; /* pointer to actual string */ const __user char *uptr; /* original userland pointer */ struct audit_names *aname; + bool separate; /* should "name" be freed? */ }; extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, -- cgit v1.2.3-59-g8ed1b