1 // SPDX-License-Identifier: GPL-2.0
3 #include <linux/fsnotify_backend.h>
4 #include <linux/namei.h>
5 #include <linux/mount.h>
6 #include <linux/kthread.h>
7 #include <linux/refcount.h>
8 #include <linux/slab.h>
16 struct audit_chunk *root;
17 struct list_head chunks;
18 struct list_head rules;
19 struct list_head list;
20 struct list_head same_root;
26 struct list_head hash;
28 struct fsnotify_mark *mark;
29 struct list_head trees; /* with root here */
34 struct list_head list;
35 struct audit_tree *owner;
36 unsigned index; /* index; upper bit indicates 'will prune' */
40 struct audit_tree_mark {
41 struct fsnotify_mark mark;
42 struct audit_chunk *chunk;
45 static LIST_HEAD(tree_list);
46 static LIST_HEAD(prune_list);
47 static struct task_struct *prune_thread;
50 * One struct chunk is attached to each inode of interest through
51 * audit_tree_mark (fsnotify mark). We replace struct chunk on tagging /
52 * untagging, the mark is stable as long as there is chunk attached. The
53 * association between mark and chunk is protected by hash_lock and
54 * audit_tree_group->mark_mutex. Thus as long as we hold
55 * audit_tree_group->mark_mutex and check that the mark is alive by
56 * FSNOTIFY_MARK_FLAG_ATTACHED flag check, we are sure the mark points to
59 * Rules have pointer to struct audit_tree.
60 * Rules have struct list_head rlist forming a list of rules over
62 * References to struct chunk are collected at audit_inode{,_child}()
63 * time and used in AUDIT_TREE rule matching.
64 * These references are dropped at the same time we are calling
65 * audit_free_names(), etc.
67 * Cyclic lists galore:
68 * tree.chunks anchors chunk.owners[].list hash_lock
69 * tree.rules anchors rule.rlist audit_filter_mutex
70 * chunk.trees anchors tree.same_root hash_lock
71 * chunk.hash is a hash with middle bits of watch.inode as
72 * a hash function. RCU, hash_lock
74 * tree is refcounted; one reference for "some rules on rules_list refer to
75 * it", one for each chunk with pointer to it.
77 * chunk is refcounted by embedded .refs. Mark associated with the chunk holds
78 * one chunk reference. This reference is dropped either when a mark is going
79 * to be freed (corresponding inode goes away) or when chunk attached to the
80 * mark gets replaced. This reference must be dropped using
81 * audit_mark_put_chunk() to make sure the reference is dropped only after RCU
82 * grace period as it protects RCU readers of the hash table.
84 * node.index allows to get from node.list to containing chunk.
85 * MSB of that sucker is stolen to mark taggings that we might have to
86 * revert - several operations have very unpleasant cleanup logics and
87 * that makes a difference. Some.
90 static struct fsnotify_group *audit_tree_group;
91 static struct kmem_cache *audit_tree_mark_cachep __read_mostly;
93 static struct audit_tree *alloc_tree(const char *s)
95 struct audit_tree *tree;
97 tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL);
99 refcount_set(&tree->count, 1);
101 INIT_LIST_HEAD(&tree->chunks);
102 INIT_LIST_HEAD(&tree->rules);
103 INIT_LIST_HEAD(&tree->list);
104 INIT_LIST_HEAD(&tree->same_root);
106 strcpy(tree->pathname, s);
111 static inline void get_tree(struct audit_tree *tree)
113 refcount_inc(&tree->count);
116 static inline void put_tree(struct audit_tree *tree)
118 if (refcount_dec_and_test(&tree->count))
119 kfree_rcu(tree, head);
122 /* to avoid bringing the entire thing in audit.h */
123 const char *audit_tree_path(struct audit_tree *tree)
125 return tree->pathname;
128 static void free_chunk(struct audit_chunk *chunk)
132 for (i = 0; i < chunk->count; i++) {
133 if (chunk->owners[i].owner)
134 put_tree(chunk->owners[i].owner);
139 void audit_put_chunk(struct audit_chunk *chunk)
141 if (atomic_long_dec_and_test(&chunk->refs))
145 static void __put_chunk(struct rcu_head *rcu)
147 struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head);
148 audit_put_chunk(chunk);
152 * Drop reference to the chunk that was held by the mark. This is the reference
153 * that gets dropped after we've removed the chunk from the hash table and we
154 * use it to make sure chunk cannot be freed before RCU grace period expires.
156 static void audit_mark_put_chunk(struct audit_chunk *chunk)
158 call_rcu(&chunk->head, __put_chunk);
161 static inline struct audit_tree_mark *audit_mark(struct fsnotify_mark *mark)
163 return container_of(mark, struct audit_tree_mark, mark);
166 static struct audit_chunk *mark_chunk(struct fsnotify_mark *mark)
168 return audit_mark(mark)->chunk;
171 static void audit_tree_destroy_watch(struct fsnotify_mark *mark)
173 kmem_cache_free(audit_tree_mark_cachep, audit_mark(mark));
176 static struct fsnotify_mark *alloc_mark(void)
178 struct audit_tree_mark *amark;
180 amark = kmem_cache_zalloc(audit_tree_mark_cachep, GFP_KERNEL);
183 fsnotify_init_mark(&amark->mark, audit_tree_group);
184 amark->mark.mask = FS_IN_IGNORED;
188 static struct audit_chunk *alloc_chunk(int count)
190 struct audit_chunk *chunk;
194 size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node);
195 chunk = kzalloc(size, GFP_KERNEL);
199 INIT_LIST_HEAD(&chunk->hash);
200 INIT_LIST_HEAD(&chunk->trees);
201 chunk->count = count;
202 atomic_long_set(&chunk->refs, 1);
203 for (i = 0; i < count; i++) {
204 INIT_LIST_HEAD(&chunk->owners[i].list);
205 chunk->owners[i].index = i;
210 enum {HASH_SIZE = 128};
211 static struct list_head chunk_hash_heads[HASH_SIZE];
212 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(hash_lock);
214 /* Function to return search key in our hash from inode. */
215 static unsigned long inode_to_key(const struct inode *inode)
217 /* Use address pointed to by connector->obj as the key */
218 return (unsigned long)&inode->i_fsnotify_marks;
221 static inline struct list_head *chunk_hash(unsigned long key)
223 unsigned long n = key / L1_CACHE_BYTES;
224 return chunk_hash_heads + n % HASH_SIZE;
227 /* hash_lock & mark->group->mark_mutex is held by caller */
228 static void insert_hash(struct audit_chunk *chunk)
230 struct list_head *list;
233 * Make sure chunk is fully initialized before making it visible in the
234 * hash. Pairs with a data dependency barrier in READ_ONCE() in
235 * audit_tree_lookup().
238 WARN_ON_ONCE(!chunk->key);
239 list = chunk_hash(chunk->key);
240 list_add_rcu(&chunk->hash, list);
243 /* called under rcu_read_lock */
244 struct audit_chunk *audit_tree_lookup(const struct inode *inode)
246 unsigned long key = inode_to_key(inode);
247 struct list_head *list = chunk_hash(key);
248 struct audit_chunk *p;
250 list_for_each_entry_rcu(p, list, hash) {
252 * We use a data dependency barrier in READ_ONCE() to make sure
253 * the chunk we see is fully initialized.
255 if (READ_ONCE(p->key) == key) {
256 atomic_long_inc(&p->refs);
263 bool audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree)
266 for (n = 0; n < chunk->count; n++)
267 if (chunk->owners[n].owner == tree)
272 /* tagging and untagging inodes with trees */
274 static struct audit_chunk *find_chunk(struct node *p)
276 int index = p->index & ~(1U<<31);
278 return container_of(p, struct audit_chunk, owners[0]);
281 static void replace_mark_chunk(struct fsnotify_mark *mark,
282 struct audit_chunk *chunk)
284 struct audit_chunk *old;
286 assert_spin_locked(&hash_lock);
287 old = mark_chunk(mark);
288 audit_mark(mark)->chunk = chunk;
295 static void replace_chunk(struct audit_chunk *new, struct audit_chunk *old)
297 struct audit_tree *owner;
301 list_splice_init(&old->trees, &new->trees);
302 list_for_each_entry(owner, &new->trees, same_root)
304 for (i = j = 0; j < old->count; i++, j++) {
305 if (!old->owners[j].owner) {
309 owner = old->owners[j].owner;
310 new->owners[i].owner = owner;
311 new->owners[i].index = old->owners[j].index - j + i;
312 if (!owner) /* result of earlier fallback */
315 list_replace_init(&old->owners[j].list, &new->owners[i].list);
317 replace_mark_chunk(old->mark, new);
319 * Make sure chunk is fully initialized before making it visible in the
320 * hash. Pairs with a data dependency barrier in READ_ONCE() in
321 * audit_tree_lookup().
324 list_replace_rcu(&old->hash, &new->hash);
327 static void remove_chunk_node(struct audit_chunk *chunk, struct node *p)
329 struct audit_tree *owner = p->owner;
331 if (owner->root == chunk) {
332 list_del_init(&owner->same_root);
335 list_del_init(&p->list);
340 static int chunk_count_trees(struct audit_chunk *chunk)
345 for (i = 0; i < chunk->count; i++)
346 if (chunk->owners[i].owner)
351 static void untag_chunk(struct audit_chunk *chunk, struct fsnotify_mark *mark)
353 struct audit_chunk *new;
356 mutex_lock(&audit_tree_group->mark_mutex);
358 * mark_mutex stabilizes chunk attached to the mark so we can check
359 * whether it didn't change while we've dropped hash_lock.
361 if (!(mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED) ||
362 mark_chunk(mark) != chunk)
365 size = chunk_count_trees(chunk);
367 spin_lock(&hash_lock);
368 list_del_init(&chunk->trees);
369 list_del_rcu(&chunk->hash);
370 replace_mark_chunk(mark, NULL);
371 spin_unlock(&hash_lock);
372 fsnotify_detach_mark(mark);
373 mutex_unlock(&audit_tree_group->mark_mutex);
374 audit_mark_put_chunk(chunk);
375 fsnotify_free_mark(mark);
379 new = alloc_chunk(size);
383 spin_lock(&hash_lock);
385 * This has to go last when updating chunk as once replace_chunk() is
386 * called, new RCU readers can see the new chunk.
388 replace_chunk(new, chunk);
389 spin_unlock(&hash_lock);
390 mutex_unlock(&audit_tree_group->mark_mutex);
391 audit_mark_put_chunk(chunk);
395 mutex_unlock(&audit_tree_group->mark_mutex);
398 /* Call with group->mark_mutex held, releases it */
399 static int create_chunk(struct inode *inode, struct audit_tree *tree)
401 struct fsnotify_mark *mark;
402 struct audit_chunk *chunk = alloc_chunk(1);
405 mutex_unlock(&audit_tree_group->mark_mutex);
411 mutex_unlock(&audit_tree_group->mark_mutex);
416 if (fsnotify_add_inode_mark_locked(mark, inode, 0)) {
417 mutex_unlock(&audit_tree_group->mark_mutex);
418 fsnotify_put_mark(mark);
423 spin_lock(&hash_lock);
425 spin_unlock(&hash_lock);
426 fsnotify_detach_mark(mark);
427 mutex_unlock(&audit_tree_group->mark_mutex);
428 fsnotify_free_mark(mark);
429 fsnotify_put_mark(mark);
433 replace_mark_chunk(mark, chunk);
434 chunk->owners[0].index = (1U << 31);
435 chunk->owners[0].owner = tree;
437 list_add(&chunk->owners[0].list, &tree->chunks);
440 list_add(&tree->same_root, &chunk->trees);
442 chunk->key = inode_to_key(inode);
444 * Inserting into the hash table has to go last as once we do that RCU
445 * readers can see the chunk.
448 spin_unlock(&hash_lock);
449 mutex_unlock(&audit_tree_group->mark_mutex);
451 * Drop our initial reference. When mark we point to is getting freed,
452 * we get notification through ->freeing_mark callback and cleanup
453 * chunk pointing to this mark.
455 fsnotify_put_mark(mark);
459 /* the first tagged inode becomes root of tree */
460 static int tag_chunk(struct inode *inode, struct audit_tree *tree)
462 struct fsnotify_mark *mark;
463 struct audit_chunk *chunk, *old;
467 mutex_lock(&audit_tree_group->mark_mutex);
468 mark = fsnotify_find_mark(&inode->i_fsnotify_marks, audit_tree_group);
470 return create_chunk(inode, tree);
473 * Found mark is guaranteed to be attached and mark_mutex protects mark
474 * from getting detached and thus it makes sure there is chunk attached
477 /* are we already there? */
478 spin_lock(&hash_lock);
479 old = mark_chunk(mark);
480 for (n = 0; n < old->count; n++) {
481 if (old->owners[n].owner == tree) {
482 spin_unlock(&hash_lock);
483 mutex_unlock(&audit_tree_group->mark_mutex);
484 fsnotify_put_mark(mark);
488 spin_unlock(&hash_lock);
490 chunk = alloc_chunk(old->count + 1);
492 mutex_unlock(&audit_tree_group->mark_mutex);
493 fsnotify_put_mark(mark);
497 spin_lock(&hash_lock);
499 spin_unlock(&hash_lock);
500 mutex_unlock(&audit_tree_group->mark_mutex);
501 fsnotify_put_mark(mark);
505 p = &chunk->owners[chunk->count - 1];
506 p->index = (chunk->count - 1) | (1U<<31);
509 list_add(&p->list, &tree->chunks);
512 list_add(&tree->same_root, &chunk->trees);
515 * This has to go last when updating chunk as once replace_chunk() is
516 * called, new RCU readers can see the new chunk.
518 replace_chunk(chunk, old);
519 spin_unlock(&hash_lock);
520 mutex_unlock(&audit_tree_group->mark_mutex);
521 fsnotify_put_mark(mark); /* pair to fsnotify_find_mark */
522 audit_mark_put_chunk(old);
527 static void audit_tree_log_remove_rule(struct audit_context *context,
528 struct audit_krule *rule)
530 struct audit_buffer *ab;
534 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
537 audit_log_format(ab, "op=remove_rule dir=");
538 audit_log_untrustedstring(ab, rule->tree->pathname);
539 audit_log_key(ab, rule->filterkey);
540 audit_log_format(ab, " list=%d res=1", rule->listnr);
544 static void kill_rules(struct audit_context *context, struct audit_tree *tree)
546 struct audit_krule *rule, *next;
547 struct audit_entry *entry;
549 list_for_each_entry_safe(rule, next, &tree->rules, rlist) {
550 entry = container_of(rule, struct audit_entry, rule);
552 list_del_init(&rule->rlist);
554 /* not a half-baked one */
555 audit_tree_log_remove_rule(context, rule);
557 audit_remove_mark(entry->rule.exe);
559 list_del_rcu(&entry->list);
560 list_del(&entry->rule.list);
561 call_rcu(&entry->rcu, audit_free_rule_rcu);
567 * Remove tree from chunks. If 'tagged' is set, remove tree only from tagged
568 * chunks. The function expects tagged chunks are all at the beginning of the
571 static void prune_tree_chunks(struct audit_tree *victim, bool tagged)
573 spin_lock(&hash_lock);
574 while (!list_empty(&victim->chunks)) {
576 struct audit_chunk *chunk;
577 struct fsnotify_mark *mark;
579 p = list_first_entry(&victim->chunks, struct node, list);
580 /* have we run out of marked? */
581 if (tagged && !(p->index & (1U<<31)))
583 chunk = find_chunk(p);
585 remove_chunk_node(chunk, p);
586 /* Racing with audit_tree_freeing_mark()? */
589 fsnotify_get_mark(mark);
590 spin_unlock(&hash_lock);
592 untag_chunk(chunk, mark);
593 fsnotify_put_mark(mark);
595 spin_lock(&hash_lock);
597 spin_unlock(&hash_lock);
602 * finish killing struct audit_tree
604 static void prune_one(struct audit_tree *victim)
606 prune_tree_chunks(victim, false);
609 /* trim the uncommitted chunks from tree */
611 static void trim_marked(struct audit_tree *tree)
613 struct list_head *p, *q;
614 spin_lock(&hash_lock);
616 spin_unlock(&hash_lock);
620 for (p = tree->chunks.next; p != &tree->chunks; p = q) {
621 struct node *node = list_entry(p, struct node, list);
623 if (node->index & (1U<<31)) {
625 list_add(p, &tree->chunks);
628 spin_unlock(&hash_lock);
630 prune_tree_chunks(tree, true);
632 spin_lock(&hash_lock);
633 if (!tree->root && !tree->goner) {
635 spin_unlock(&hash_lock);
636 mutex_lock(&audit_filter_mutex);
637 kill_rules(audit_context(), tree);
638 list_del_init(&tree->list);
639 mutex_unlock(&audit_filter_mutex);
642 spin_unlock(&hash_lock);
646 static void audit_schedule_prune(void);
648 /* called with audit_filter_mutex */
649 int audit_remove_tree_rule(struct audit_krule *rule)
651 struct audit_tree *tree;
654 spin_lock(&hash_lock);
655 list_del_init(&rule->rlist);
656 if (list_empty(&tree->rules) && !tree->goner) {
658 list_del_init(&tree->same_root);
660 list_move(&tree->list, &prune_list);
662 spin_unlock(&hash_lock);
663 audit_schedule_prune();
667 spin_unlock(&hash_lock);
673 static int compare_root(struct vfsmount *mnt, void *arg)
675 return inode_to_key(d_backing_inode(mnt->mnt_root)) ==
679 void audit_trim_trees(void)
681 struct list_head cursor;
683 mutex_lock(&audit_filter_mutex);
684 list_add(&cursor, &tree_list);
685 while (cursor.next != &tree_list) {
686 struct audit_tree *tree;
688 struct vfsmount *root_mnt;
692 tree = container_of(cursor.next, struct audit_tree, list);
695 list_add(&cursor, &tree->list);
696 mutex_unlock(&audit_filter_mutex);
698 err = kern_path(tree->pathname, 0, &path);
702 root_mnt = collect_mounts(&path);
704 if (IS_ERR(root_mnt))
707 spin_lock(&hash_lock);
708 list_for_each_entry(node, &tree->chunks, list) {
709 struct audit_chunk *chunk = find_chunk(node);
710 /* this could be NULL if the watch is dying else where... */
711 node->index |= 1U<<31;
712 if (iterate_mounts(compare_root,
713 (void *)(chunk->key),
715 node->index &= ~(1U<<31);
717 spin_unlock(&hash_lock);
719 drop_collected_mounts(root_mnt);
722 mutex_lock(&audit_filter_mutex);
725 mutex_unlock(&audit_filter_mutex);
728 int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op)
731 if (pathname[0] != '/' ||
732 rule->listnr != AUDIT_FILTER_EXIT ||
734 rule->inode_f || rule->watch || rule->tree)
736 rule->tree = alloc_tree(pathname);
742 void audit_put_tree(struct audit_tree *tree)
747 static int tag_mount(struct vfsmount *mnt, void *arg)
749 return tag_chunk(d_backing_inode(mnt->mnt_root), arg);
753 * That gets run when evict_chunk() ends up needing to kill audit_tree.
754 * Runs from a separate thread.
756 static int prune_tree_thread(void *unused)
759 if (list_empty(&prune_list)) {
760 set_current_state(TASK_INTERRUPTIBLE);
765 mutex_lock(&audit_filter_mutex);
767 while (!list_empty(&prune_list)) {
768 struct audit_tree *victim;
770 victim = list_entry(prune_list.next,
771 struct audit_tree, list);
772 list_del_init(&victim->list);
774 mutex_unlock(&audit_filter_mutex);
778 mutex_lock(&audit_filter_mutex);
781 mutex_unlock(&audit_filter_mutex);
787 static int audit_launch_prune(void)
791 prune_thread = kthread_run(prune_tree_thread, NULL,
793 if (IS_ERR(prune_thread)) {
794 pr_err("cannot start thread audit_prune_tree");
801 /* called with audit_filter_mutex */
802 int audit_add_tree_rule(struct audit_krule *rule)
804 struct audit_tree *seed = rule->tree, *tree;
806 struct vfsmount *mnt;
810 list_for_each_entry(tree, &tree_list, list) {
811 if (!strcmp(seed->pathname, tree->pathname)) {
814 list_add(&rule->rlist, &tree->rules);
819 list_add(&tree->list, &tree_list);
820 list_add(&rule->rlist, &tree->rules);
821 /* do not set rule->tree yet */
822 mutex_unlock(&audit_filter_mutex);
824 if (unlikely(!prune_thread)) {
825 err = audit_launch_prune();
830 err = kern_path(tree->pathname, 0, &path);
833 mnt = collect_mounts(&path);
841 err = iterate_mounts(tag_mount, tree, mnt);
842 drop_collected_mounts(mnt);
846 spin_lock(&hash_lock);
847 list_for_each_entry(node, &tree->chunks, list)
848 node->index &= ~(1U<<31);
849 spin_unlock(&hash_lock);
855 mutex_lock(&audit_filter_mutex);
856 if (list_empty(&rule->rlist)) {
865 mutex_lock(&audit_filter_mutex);
866 list_del_init(&tree->list);
867 list_del_init(&tree->rules);
872 int audit_tag_tree(char *old, char *new)
874 struct list_head cursor, barrier;
876 struct path path1, path2;
877 struct vfsmount *tagged;
880 err = kern_path(new, 0, &path2);
883 tagged = collect_mounts(&path2);
886 return PTR_ERR(tagged);
888 err = kern_path(old, 0, &path1);
890 drop_collected_mounts(tagged);
894 mutex_lock(&audit_filter_mutex);
895 list_add(&barrier, &tree_list);
896 list_add(&cursor, &barrier);
898 while (cursor.next != &tree_list) {
899 struct audit_tree *tree;
902 tree = container_of(cursor.next, struct audit_tree, list);
905 list_add(&cursor, &tree->list);
906 mutex_unlock(&audit_filter_mutex);
908 err = kern_path(tree->pathname, 0, &path2);
910 good_one = path_is_under(&path1, &path2);
916 mutex_lock(&audit_filter_mutex);
920 failed = iterate_mounts(tag_mount, tree, tagged);
923 mutex_lock(&audit_filter_mutex);
927 mutex_lock(&audit_filter_mutex);
928 spin_lock(&hash_lock);
930 list_del(&tree->list);
931 list_add(&tree->list, &tree_list);
933 spin_unlock(&hash_lock);
937 while (barrier.prev != &tree_list) {
938 struct audit_tree *tree;
940 tree = container_of(barrier.prev, struct audit_tree, list);
942 list_del(&tree->list);
943 list_add(&tree->list, &barrier);
944 mutex_unlock(&audit_filter_mutex);
948 spin_lock(&hash_lock);
949 list_for_each_entry(node, &tree->chunks, list)
950 node->index &= ~(1U<<31);
951 spin_unlock(&hash_lock);
957 mutex_lock(&audit_filter_mutex);
961 mutex_unlock(&audit_filter_mutex);
963 drop_collected_mounts(tagged);
968 static void audit_schedule_prune(void)
970 wake_up_process(prune_thread);
974 * ... and that one is done if evict_chunk() decides to delay until the end
975 * of syscall. Runs synchronously.
977 void audit_kill_trees(struct audit_context *context)
979 struct list_head *list = &context->killed_trees;
982 mutex_lock(&audit_filter_mutex);
984 while (!list_empty(list)) {
985 struct audit_tree *victim;
987 victim = list_entry(list->next, struct audit_tree, list);
988 kill_rules(context, victim);
989 list_del_init(&victim->list);
991 mutex_unlock(&audit_filter_mutex);
995 mutex_lock(&audit_filter_mutex);
998 mutex_unlock(&audit_filter_mutex);
1003 * Here comes the stuff asynchronous to auditctl operations
1006 static void evict_chunk(struct audit_chunk *chunk)
1008 struct audit_tree *owner;
1009 struct list_head *postponed = audit_killed_trees();
1013 mutex_lock(&audit_filter_mutex);
1014 spin_lock(&hash_lock);
1015 while (!list_empty(&chunk->trees)) {
1016 owner = list_entry(chunk->trees.next,
1017 struct audit_tree, same_root);
1020 list_del_init(&owner->same_root);
1021 spin_unlock(&hash_lock);
1023 kill_rules(audit_context(), owner);
1024 list_move(&owner->list, &prune_list);
1027 list_move(&owner->list, postponed);
1029 spin_lock(&hash_lock);
1031 list_del_rcu(&chunk->hash);
1032 for (n = 0; n < chunk->count; n++)
1033 list_del_init(&chunk->owners[n].list);
1034 spin_unlock(&hash_lock);
1035 mutex_unlock(&audit_filter_mutex);
1037 audit_schedule_prune();
1040 static int audit_tree_handle_event(struct fsnotify_group *group,
1041 struct inode *to_tell,
1042 u32 mask, const void *data, int data_type,
1043 const struct qstr *file_name, u32 cookie,
1044 struct fsnotify_iter_info *iter_info)
1049 static void audit_tree_freeing_mark(struct fsnotify_mark *mark,
1050 struct fsnotify_group *group)
1052 struct audit_chunk *chunk;
1054 mutex_lock(&mark->group->mark_mutex);
1055 spin_lock(&hash_lock);
1056 chunk = mark_chunk(mark);
1057 replace_mark_chunk(mark, NULL);
1058 spin_unlock(&hash_lock);
1059 mutex_unlock(&mark->group->mark_mutex);
1062 audit_mark_put_chunk(chunk);
1066 * We are guaranteed to have at least one reference to the mark from
1067 * either the inode or the caller of fsnotify_destroy_mark().
1069 BUG_ON(refcount_read(&mark->refcnt) < 1);
1072 static const struct fsnotify_ops audit_tree_ops = {
1073 .handle_event = audit_tree_handle_event,
1074 .freeing_mark = audit_tree_freeing_mark,
1075 .free_mark = audit_tree_destroy_watch,
1078 static int __init audit_tree_init(void)
1082 audit_tree_mark_cachep = KMEM_CACHE(audit_tree_mark, SLAB_PANIC);
1084 audit_tree_group = fsnotify_alloc_group(&audit_tree_ops);
1085 if (IS_ERR(audit_tree_group))
1086 audit_panic("cannot initialize fsnotify group for rectree watches");
1088 for (i = 0; i < HASH_SIZE; i++)
1089 INIT_LIST_HEAD(&chunk_hash_heads[i]);
1093 __initcall(audit_tree_init);
git.samba.org / sfrench / cifs-2.6.git / blob