162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * security/tomoyo/memory.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2005-2011 NTT DATA CORPORATION 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <linux/hash.h> 962306a36Sopenharmony_ci#include <linux/slab.h> 1062306a36Sopenharmony_ci#include "common.h" 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci/** 1362306a36Sopenharmony_ci * tomoyo_warn_oom - Print out of memory warning message. 1462306a36Sopenharmony_ci * 1562306a36Sopenharmony_ci * @function: Function's name. 1662306a36Sopenharmony_ci */ 1762306a36Sopenharmony_civoid tomoyo_warn_oom(const char *function) 1862306a36Sopenharmony_ci{ 1962306a36Sopenharmony_ci /* Reduce error messages. */ 2062306a36Sopenharmony_ci static pid_t tomoyo_last_pid; 2162306a36Sopenharmony_ci const pid_t pid = current->pid; 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_ci if (tomoyo_last_pid != pid) { 2462306a36Sopenharmony_ci pr_warn("ERROR: Out of memory at %s.\n", function); 2562306a36Sopenharmony_ci tomoyo_last_pid = pid; 2662306a36Sopenharmony_ci } 2762306a36Sopenharmony_ci if (!tomoyo_policy_loaded) 2862306a36Sopenharmony_ci panic("MAC Initialization failed.\n"); 2962306a36Sopenharmony_ci} 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ci/* Memoy currently used by policy/audit log/query. */ 3262306a36Sopenharmony_ciunsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; 3362306a36Sopenharmony_ci/* Memory quota for "policy"/"audit log"/"query". */ 3462306a36Sopenharmony_ciunsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci/** 3762306a36Sopenharmony_ci * tomoyo_memory_ok - Check memory quota. 3862306a36Sopenharmony_ci * 3962306a36Sopenharmony_ci * @ptr: Pointer to allocated memory. 4062306a36Sopenharmony_ci * 4162306a36Sopenharmony_ci * Returns true on success, false otherwise. 4262306a36Sopenharmony_ci * 4362306a36Sopenharmony_ci * Returns true if @ptr is not NULL and quota not exceeded, false otherwise. 4462306a36Sopenharmony_ci * 4562306a36Sopenharmony_ci * Caller holds tomoyo_policy_lock mutex. 4662306a36Sopenharmony_ci */ 4762306a36Sopenharmony_cibool tomoyo_memory_ok(void *ptr) 4862306a36Sopenharmony_ci{ 4962306a36Sopenharmony_ci if (ptr) { 5062306a36Sopenharmony_ci const size_t s = ksize(ptr); 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci tomoyo_memory_used[TOMOYO_MEMORY_POLICY] += s; 5362306a36Sopenharmony_ci if (!tomoyo_memory_quota[TOMOYO_MEMORY_POLICY] || 5462306a36Sopenharmony_ci tomoyo_memory_used[TOMOYO_MEMORY_POLICY] <= 5562306a36Sopenharmony_ci tomoyo_memory_quota[TOMOYO_MEMORY_POLICY]) 5662306a36Sopenharmony_ci return true; 5762306a36Sopenharmony_ci tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s; 5862306a36Sopenharmony_ci } 5962306a36Sopenharmony_ci tomoyo_warn_oom(__func__); 6062306a36Sopenharmony_ci return false; 6162306a36Sopenharmony_ci} 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ci/** 6462306a36Sopenharmony_ci * tomoyo_commit_ok - Check memory quota. 6562306a36Sopenharmony_ci * 6662306a36Sopenharmony_ci * @data: Data to copy from. 6762306a36Sopenharmony_ci * @size: Size in byte. 6862306a36Sopenharmony_ci * 6962306a36Sopenharmony_ci * Returns pointer to allocated memory on success, NULL otherwise. 7062306a36Sopenharmony_ci * @data is zero-cleared on success. 7162306a36Sopenharmony_ci * 7262306a36Sopenharmony_ci * Caller holds tomoyo_policy_lock mutex. 7362306a36Sopenharmony_ci */ 7462306a36Sopenharmony_civoid *tomoyo_commit_ok(void *data, const unsigned int size) 7562306a36Sopenharmony_ci{ 7662306a36Sopenharmony_ci void *ptr = kzalloc(size, GFP_NOFS | __GFP_NOWARN); 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci if (tomoyo_memory_ok(ptr)) { 7962306a36Sopenharmony_ci memmove(ptr, data, size); 8062306a36Sopenharmony_ci memset(data, 0, size); 8162306a36Sopenharmony_ci return ptr; 8262306a36Sopenharmony_ci } 8362306a36Sopenharmony_ci kfree(ptr); 8462306a36Sopenharmony_ci return NULL; 8562306a36Sopenharmony_ci} 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci/** 8862306a36Sopenharmony_ci * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". 8962306a36Sopenharmony_ci * 9062306a36Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 9162306a36Sopenharmony_ci * @idx: Index number. 9262306a36Sopenharmony_ci * 9362306a36Sopenharmony_ci * Returns pointer to "struct tomoyo_group" on success, NULL otherwise. 9462306a36Sopenharmony_ci */ 9562306a36Sopenharmony_cistruct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, 9662306a36Sopenharmony_ci const u8 idx) 9762306a36Sopenharmony_ci{ 9862306a36Sopenharmony_ci struct tomoyo_group e = { }; 9962306a36Sopenharmony_ci struct tomoyo_group *group = NULL; 10062306a36Sopenharmony_ci struct list_head *list; 10162306a36Sopenharmony_ci const char *group_name = tomoyo_read_token(param); 10262306a36Sopenharmony_ci bool found = false; 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci if (!tomoyo_correct_word(group_name) || idx >= TOMOYO_MAX_GROUP) 10562306a36Sopenharmony_ci return NULL; 10662306a36Sopenharmony_ci e.group_name = tomoyo_get_name(group_name); 10762306a36Sopenharmony_ci if (!e.group_name) 10862306a36Sopenharmony_ci return NULL; 10962306a36Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 11062306a36Sopenharmony_ci goto out; 11162306a36Sopenharmony_ci list = ¶m->ns->group_list[idx]; 11262306a36Sopenharmony_ci list_for_each_entry(group, list, head.list) { 11362306a36Sopenharmony_ci if (e.group_name != group->group_name || 11462306a36Sopenharmony_ci atomic_read(&group->head.users) == TOMOYO_GC_IN_PROGRESS) 11562306a36Sopenharmony_ci continue; 11662306a36Sopenharmony_ci atomic_inc(&group->head.users); 11762306a36Sopenharmony_ci found = true; 11862306a36Sopenharmony_ci break; 11962306a36Sopenharmony_ci } 12062306a36Sopenharmony_ci if (!found) { 12162306a36Sopenharmony_ci struct tomoyo_group *entry = tomoyo_commit_ok(&e, sizeof(e)); 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci if (entry) { 12462306a36Sopenharmony_ci INIT_LIST_HEAD(&entry->member_list); 12562306a36Sopenharmony_ci atomic_set(&entry->head.users, 1); 12662306a36Sopenharmony_ci list_add_tail_rcu(&entry->head.list, list); 12762306a36Sopenharmony_ci group = entry; 12862306a36Sopenharmony_ci found = true; 12962306a36Sopenharmony_ci } 13062306a36Sopenharmony_ci } 13162306a36Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 13262306a36Sopenharmony_ciout: 13362306a36Sopenharmony_ci tomoyo_put_name(e.group_name); 13462306a36Sopenharmony_ci return found ? group : NULL; 13562306a36Sopenharmony_ci} 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci/* 13862306a36Sopenharmony_ci * tomoyo_name_list is used for holding string data used by TOMOYO. 13962306a36Sopenharmony_ci * Since same string data is likely used for multiple times (e.g. 14062306a36Sopenharmony_ci * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of 14162306a36Sopenharmony_ci * "const struct tomoyo_path_info *". 14262306a36Sopenharmony_ci */ 14362306a36Sopenharmony_cistruct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci/** 14662306a36Sopenharmony_ci * tomoyo_get_name - Allocate permanent memory for string data. 14762306a36Sopenharmony_ci * 14862306a36Sopenharmony_ci * @name: The string to store into the permernent memory. 14962306a36Sopenharmony_ci * 15062306a36Sopenharmony_ci * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise. 15162306a36Sopenharmony_ci */ 15262306a36Sopenharmony_ciconst struct tomoyo_path_info *tomoyo_get_name(const char *name) 15362306a36Sopenharmony_ci{ 15462306a36Sopenharmony_ci struct tomoyo_name *ptr; 15562306a36Sopenharmony_ci unsigned int hash; 15662306a36Sopenharmony_ci int len; 15762306a36Sopenharmony_ci struct list_head *head; 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_ci if (!name) 16062306a36Sopenharmony_ci return NULL; 16162306a36Sopenharmony_ci len = strlen(name) + 1; 16262306a36Sopenharmony_ci hash = full_name_hash(NULL, (const unsigned char *) name, len - 1); 16362306a36Sopenharmony_ci head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)]; 16462306a36Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 16562306a36Sopenharmony_ci return NULL; 16662306a36Sopenharmony_ci list_for_each_entry(ptr, head, head.list) { 16762306a36Sopenharmony_ci if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name) || 16862306a36Sopenharmony_ci atomic_read(&ptr->head.users) == TOMOYO_GC_IN_PROGRESS) 16962306a36Sopenharmony_ci continue; 17062306a36Sopenharmony_ci atomic_inc(&ptr->head.users); 17162306a36Sopenharmony_ci goto out; 17262306a36Sopenharmony_ci } 17362306a36Sopenharmony_ci ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS | __GFP_NOWARN); 17462306a36Sopenharmony_ci if (tomoyo_memory_ok(ptr)) { 17562306a36Sopenharmony_ci ptr->entry.name = ((char *) ptr) + sizeof(*ptr); 17662306a36Sopenharmony_ci memmove((char *) ptr->entry.name, name, len); 17762306a36Sopenharmony_ci atomic_set(&ptr->head.users, 1); 17862306a36Sopenharmony_ci tomoyo_fill_path_info(&ptr->entry); 17962306a36Sopenharmony_ci list_add_tail(&ptr->head.list, head); 18062306a36Sopenharmony_ci } else { 18162306a36Sopenharmony_ci kfree(ptr); 18262306a36Sopenharmony_ci ptr = NULL; 18362306a36Sopenharmony_ci } 18462306a36Sopenharmony_ciout: 18562306a36Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 18662306a36Sopenharmony_ci return ptr ? &ptr->entry : NULL; 18762306a36Sopenharmony_ci} 18862306a36Sopenharmony_ci 18962306a36Sopenharmony_ci/* Initial namespace.*/ 19062306a36Sopenharmony_cistruct tomoyo_policy_namespace tomoyo_kernel_namespace; 19162306a36Sopenharmony_ci 19262306a36Sopenharmony_ci/** 19362306a36Sopenharmony_ci * tomoyo_mm_init - Initialize mm related code. 19462306a36Sopenharmony_ci */ 19562306a36Sopenharmony_civoid __init tomoyo_mm_init(void) 19662306a36Sopenharmony_ci{ 19762306a36Sopenharmony_ci int idx; 19862306a36Sopenharmony_ci 19962306a36Sopenharmony_ci for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) 20062306a36Sopenharmony_ci INIT_LIST_HEAD(&tomoyo_name_list[idx]); 20162306a36Sopenharmony_ci tomoyo_kernel_namespace.name = "<kernel>"; 20262306a36Sopenharmony_ci tomoyo_init_policy_namespace(&tomoyo_kernel_namespace); 20362306a36Sopenharmony_ci tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; 20462306a36Sopenharmony_ci INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); 20562306a36Sopenharmony_ci tomoyo_kernel_domain.domainname = tomoyo_get_name("<kernel>"); 20662306a36Sopenharmony_ci list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list); 20762306a36Sopenharmony_ci} 208