[linux-2.6-block.git] / security / tomoyo / gc.c

/*
 * security/tomoyo/gc.c
 *
 * Copyright (C) 2005-2011  NTT DATA CORPORATION
 */

#include "common.h"
#include <linux/kthread.h>
#include <linux/slab.h>

/* The list for "struct tomoyo_io_buffer". */
static LIST_HEAD(tomoyo_io_buffer_list);
/* Lock for protecting tomoyo_io_buffer_list. */
static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);

/**
 * tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not.
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns true if @element is used by /sys/kernel/security/tomoyo/ users,
 * false otherwise.
 */
static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element)
{
	struct tomoyo_io_buffer *head;
	bool in_use = false;

	spin_lock(&tomoyo_io_buffer_list_lock);
	list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
		head->users++;
		spin_unlock(&tomoyo_io_buffer_list_lock);
		mutex_lock(&head->io_sem);
		if (head->r.domain == element || head->r.group == element ||
		    head->r.acl == element || &head->w.domain->list == element)
			in_use = true;
		mutex_unlock(&head->io_sem);
		spin_lock(&tomoyo_io_buffer_list_lock);
		head->users--;
		if (in_use)
			break;
	}
	spin_unlock(&tomoyo_io_buffer_list_lock);
	return in_use;
}

/**
 * tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not.
 *
 * @string: String to check.
 *
 * Returns true if @string is used by /sys/kernel/security/tomoyo/ users,
 * false otherwise.
 */
static bool tomoyo_name_used_by_io_buffer(const char *string)
{
	struct tomoyo_io_buffer *head;
	const size_t size = strlen(string) + 1;
	bool in_use = false;

	spin_lock(&tomoyo_io_buffer_list_lock);
	list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
		int i;
		head->users++;
		spin_unlock(&tomoyo_io_buffer_list_lock);
		mutex_lock(&head->io_sem);
		for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) {
			const char *w = head->r.w[i];
			if (w < string || w > string + size)
				continue;
			in_use = true;
			break;
		}
		mutex_unlock(&head->io_sem);
		spin_lock(&tomoyo_io_buffer_list_lock);
		head->users--;
		if (in_use)
			break;
	}
	spin_unlock(&tomoyo_io_buffer_list_lock);
	return in_use;
}

/**
 * tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_transition_control(struct list_head *element)
{
	struct tomoyo_transition_control *ptr =
		container_of(element, typeof(*ptr), head.list);
	tomoyo_put_name(ptr->domainname);
	tomoyo_put_name(ptr->program);
}

/**
 * tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_aggregator(struct list_head *element)
{
	struct tomoyo_aggregator *ptr =
		container_of(element, typeof(*ptr), head.list);
	tomoyo_put_name(ptr->original_name);
	tomoyo_put_name(ptr->aggregated_name);
}

/**
 * tomoyo_del_manager - Delete members in "struct tomoyo_manager".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_manager(struct list_head *element)
{
	struct tomoyo_manager *ptr =
		container_of(element, typeof(*ptr), head.list);
	tomoyo_put_name(ptr->manager);
}

/**
 * tomoyo_del_acl - Delete members in "struct tomoyo_acl_info".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static void tomoyo_del_acl(struct list_head *element)
{
	struct tomoyo_acl_info *acl =
		container_of(element, typeof(*acl), list);
	tomoyo_put_condition(acl->cond);
	switch (acl->type) {
	case TOMOYO_TYPE_PATH_ACL:
		{
			struct tomoyo_path_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->name);
		}
		break;
	case TOMOYO_TYPE_PATH2_ACL:
		{
			struct tomoyo_path2_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->name1);
			tomoyo_put_name_union(&entry->name2);
		}
		break;
	case TOMOYO_TYPE_PATH_NUMBER_ACL:
		{
			struct tomoyo_path_number_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->name);
			tomoyo_put_number_union(&entry->number);
		}
		break;
	case TOMOYO_TYPE_MKDEV_ACL:
		{
			struct tomoyo_mkdev_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->name);
			tomoyo_put_number_union(&entry->mode);
			tomoyo_put_number_union(&entry->major);
			tomoyo_put_number_union(&entry->minor);
		}
		break;
	case TOMOYO_TYPE_MOUNT_ACL:
		{
			struct tomoyo_mount_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->dev_name);
			tomoyo_put_name_union(&entry->dir_name);
			tomoyo_put_name_union(&entry->fs_type);
			tomoyo_put_number_union(&entry->flags);
		}
		break;
	case TOMOYO_TYPE_ENV_ACL:
		{
			struct tomoyo_env_acl *entry =
				container_of(acl, typeof(*entry), head);

			tomoyo_put_name(entry->env);
		}
		break;
	case TOMOYO_TYPE_INET_ACL:
		{
			struct tomoyo_inet_acl *entry =
				container_of(acl, typeof(*entry), head);

			tomoyo_put_group(entry->address.group);
			tomoyo_put_number_union(&entry->port);
		}
		break;
	case TOMOYO_TYPE_UNIX_ACL:
		{
			struct tomoyo_unix_acl *entry =
				container_of(acl, typeof(*entry), head);

			tomoyo_put_name_union(&entry->name);
		}
		break;
	}
}

/**
 * tomoyo_del_domain - Delete members in "struct tomoyo_domain_info".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_domain(struct list_head *element)
{
	struct tomoyo_domain_info *domain =
		container_of(element, typeof(*domain), list);
	struct tomoyo_acl_info *acl;
	struct tomoyo_acl_info *tmp;
	/*
	 * Since this domain is referenced from neither
	 * "struct tomoyo_io_buffer" nor "struct cred"->security, we can delete
	 * elements without checking for is_deleted flag.
	 */
	list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
		tomoyo_del_acl(&acl->list);
		tomoyo_memory_free(acl);
	}
	tomoyo_put_name(domain->domainname);
}

/**
 * tomoyo_del_condition - Delete members in "struct tomoyo_condition".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
void tomoyo_del_condition(struct list_head *element)
{
	struct tomoyo_condition *cond = container_of(element, typeof(*cond),
						     head.list);
	const u16 condc = cond->condc;
	const u16 numbers_count = cond->numbers_count;
	const u16 names_count = cond->names_count;
	const u16 argc = cond->argc;
	const u16 envc = cond->envc;
	unsigned int i;
	const struct tomoyo_condition_element *condp
		= (const struct tomoyo_condition_element *) (cond + 1);
	struct tomoyo_number_union *numbers_p
		= (struct tomoyo_number_union *) (condp + condc);
	struct tomoyo_name_union *names_p
		= (struct tomoyo_name_union *) (numbers_p + numbers_count);
	const struct tomoyo_argv *argv
		= (const struct tomoyo_argv *) (names_p + names_count);
	const struct tomoyo_envp *envp
		= (const struct tomoyo_envp *) (argv + argc);
	for (i = 0; i < numbers_count; i++)
		tomoyo_put_number_union(numbers_p++);
	for (i = 0; i < names_count; i++)
		tomoyo_put_name_union(names_p++);
	for (i = 0; i < argc; argv++, i++)
		tomoyo_put_name(argv->value);
	for (i = 0; i < envc; envp++, i++) {
		tomoyo_put_name(envp->name);
		tomoyo_put_name(envp->value);
	}
}

/**
 * tomoyo_del_name - Delete members in "struct tomoyo_name".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_name(struct list_head *element)
{
	/* Nothing to do. */
}

/**
 * tomoyo_del_path_group - Delete members in "struct tomoyo_path_group".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_path_group(struct list_head *element)
{
	struct tomoyo_path_group *member =
		container_of(element, typeof(*member), head.list);
	tomoyo_put_name(member->member_name);
}

/**
 * tomoyo_del_group - Delete "struct tomoyo_group".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_group(struct list_head *element)
{
	struct tomoyo_group *group =
		container_of(element, typeof(*group), head.list);
	tomoyo_put_name(group->group_name);
}

/**
 * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_address_group(struct list_head *element)
{
	/* Nothing to do. */
}

/**
 * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
 *
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static inline void tomoyo_del_number_group(struct list_head *element)
{
	/* Nothing to do. */
}

/**
 * tomoyo_try_to_gc - Try to kfree() an entry.
 *
 * @type:    One of values in "enum tomoyo_policy_id".
 * @element: Pointer to "struct list_head".
 *
 * Returns nothing.
 *
 * Caller holds tomoyo_policy_lock mutex.
 */
static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
			     struct list_head *element)
{
	/*
	 * __list_del_entry() guarantees that the list element became no longer
	 * reachable from the list which the element was originally on (e.g.
	 * tomoyo_domain_list). Also, synchronize_srcu() guarantees that the
	 * list element became no longer referenced by syscall users.
	 */
	__list_del_entry(element);
	mutex_unlock(&tomoyo_policy_lock);
	synchronize_srcu(&tomoyo_ss);
	/*
	 * However, there are two users which may still be using the list
	 * element. We need to defer until both users forget this element.
	 *
	 * Don't kfree() until "struct tomoyo_io_buffer"->r.{domain,group,acl}
	 * and "struct tomoyo_io_buffer"->w.domain forget this element.
	 */
	if (tomoyo_struct_used_by_io_buffer(element))
		goto reinject;
	switch (type) {
	case TOMOYO_ID_TRANSITION_CONTROL:
		tomoyo_del_transition_control(element);
		break;
	case TOMOYO_ID_MANAGER:
		tomoyo_del_manager(element);
		break;
	case TOMOYO_ID_AGGREGATOR:
		tomoyo_del_aggregator(element);
		break;
	case TOMOYO_ID_GROUP:
		tomoyo_del_group(element);
		break;
	case TOMOYO_ID_PATH_GROUP:
		tomoyo_del_path_group(element);
		break;
	case TOMOYO_ID_ADDRESS_GROUP:
		tomoyo_del_address_group(element);
		break;
	case TOMOYO_ID_NUMBER_GROUP:
		tomoyo_del_number_group(element);
		break;
	case TOMOYO_ID_CONDITION:
		tomoyo_del_condition(element);
		break;
	case TOMOYO_ID_NAME:
		/*
		 * Don't kfree() until all "struct tomoyo_io_buffer"->r.w[]
		 * forget this element.
		 */
		if (tomoyo_name_used_by_io_buffer
		    (container_of(element, typeof(struct tomoyo_name),
				  head.list)->entry.name))
			goto reinject;
		tomoyo_del_name(element);
		break;
	case TOMOYO_ID_ACL:
		tomoyo_del_acl(element);
		break;
	case TOMOYO_ID_DOMAIN:
		/*
		 * Don't kfree() until all "struct cred"->security forget this
		 * element.
		 */
		if (atomic_read(&container_of
				(element, typeof(struct tomoyo_domain_info),
				 list)->users))
			goto reinject;
		tomoyo_del_domain(element);
		break;
	case TOMOYO_MAX_POLICY:
		break;
	}
	mutex_lock(&tomoyo_policy_lock);
	tomoyo_memory_free(element);
	return;
reinject:
	/*
	 * We can safely reinject this element here bacause
	 * (1) Appending list elements and removing list elements are protected
	 *     by tomoyo_policy_lock mutex.
	 * (2) Only this function removes list elements and this function is
	 *     exclusively executed by tomoyo_gc_mutex mutex.
	 * are true.
	 */
	mutex_lock(&tomoyo_policy_lock);
	list_add_rcu(element, element->prev);
}

/**
 * tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head".
 *
 * @id:          One of values in "enum tomoyo_policy_id".
 * @member_list: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static void tomoyo_collect_member(const enum tomoyo_policy_id id,
				  struct list_head *member_list)
{
	struct tomoyo_acl_head *member;
	struct tomoyo_acl_head *tmp;
	list_for_each_entry_safe(member, tmp, member_list, list) {
		if (!member->is_deleted)
			continue;
		member->is_deleted = TOMOYO_GC_IN_PROGRESS;
		tomoyo_try_to_gc(id, &member->list);
	}
}

/**
 * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info".
 *
 * @list: Pointer to "struct list_head".
 *
 * Returns nothing.
 */
static void tomoyo_collect_acl(struct list_head *list)
{
	struct tomoyo_acl_info *acl;
	struct tomoyo_acl_info *tmp;
	list_for_each_entry_safe(acl, tmp, list, list) {
		if (!acl->is_deleted)
			continue;
		acl->is_deleted = TOMOYO_GC_IN_PROGRESS;
		tomoyo_try_to_gc(TOMOYO_ID_ACL, &acl->list);
	}
}

/**
 * tomoyo_collect_entry - Try to kfree() deleted elements.
 *
 * Returns nothing.
 */
static void tomoyo_collect_entry(void)
{
	int i;
	enum tomoyo_policy_id id;
	struct tomoyo_policy_namespace *ns;
	mutex_lock(&tomoyo_policy_lock);
	{
		struct tomoyo_domain_info *domain;
		struct tomoyo_domain_info *tmp;
		list_for_each_entry_safe(domain, tmp, &tomoyo_domain_list,
					 list) {
			tomoyo_collect_acl(&domain->acl_info_list);
			if (!domain->is_deleted || atomic_read(&domain->users))
				continue;
			tomoyo_try_to_gc(TOMOYO_ID_DOMAIN, &domain->list);
		}
	}
	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
		for (id = 0; id < TOMOYO_MAX_POLICY; id++)
			tomoyo_collect_member(id, &ns->policy_list[id]);
		for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
			tomoyo_collect_acl(&ns->acl_group[i]);
	}
	{
		struct tomoyo_shared_acl_head *ptr;
		struct tomoyo_shared_acl_head *tmp;
		list_for_each_entry_safe(ptr, tmp, &tomoyo_condition_list,
					 list) {
			if (atomic_read(&ptr->users) > 0)
				continue;
			atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
			tomoyo_try_to_gc(TOMOYO_ID_CONDITION, &ptr->list);
		}
	}
	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
		for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
			struct list_head *list = &ns->group_list[i];
			struct tomoyo_group *group;
			struct tomoyo_group *tmp;
			switch (i) {
			case 0:
				id = TOMOYO_ID_PATH_GROUP;
				break;
			case 1:
				id = TOMOYO_ID_NUMBER_GROUP;
				break;
			default:
				id = TOMOYO_ID_ADDRESS_GROUP;
				break;
			}
			list_for_each_entry_safe(group, tmp, list, head.list) {
				tomoyo_collect_member(id, &group->member_list);
				if (!list_empty(&group->member_list) ||
				    atomic_read(&group->head.users) > 0)
					continue;
				atomic_set(&group->head.users,
					   TOMOYO_GC_IN_PROGRESS);
				tomoyo_try_to_gc(TOMOYO_ID_GROUP,
						 &group->head.list);
			}
		}
	}
	for (i = 0; i < TOMOYO_MAX_HASH; i++) {
		struct list_head *list = &tomoyo_name_list[i];
		struct tomoyo_shared_acl_head *ptr;
		struct tomoyo_shared_acl_head *tmp;
		list_for_each_entry_safe(ptr, tmp, list, list) {
			if (atomic_read(&ptr->users) > 0)
				continue;
			atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
			tomoyo_try_to_gc(TOMOYO_ID_NAME, &ptr->list);
		}
	}
	mutex_unlock(&tomoyo_policy_lock);
}

/**
 * tomoyo_gc_thread - Garbage collector thread function.
 *
 * @unused: Unused.
 *
 * Returns 0.
 */
static int tomoyo_gc_thread(void *unused)
{
	/* Garbage collector thread is exclusive. */
	static DEFINE_MUTEX(tomoyo_gc_mutex);
	if (!mutex_trylock(&tomoyo_gc_mutex))
		goto out;
	tomoyo_collect_entry();
	{
		struct tomoyo_io_buffer *head;
		struct tomoyo_io_buffer *tmp;

		spin_lock(&tomoyo_io_buffer_list_lock);
		list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list,
					 list) {
			if (head->users)
				continue;
			list_del(&head->list);
			kfree(head->read_buf);
			kfree(head->write_buf);
			kfree(head);
		}
		spin_unlock(&tomoyo_io_buffer_list_lock);
	}
	mutex_unlock(&tomoyo_gc_mutex);
out:
	/* This acts as do_exit(0). */
	return 0;
}

/**
 * tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users.
 *
 * @head:        Pointer to "struct tomoyo_io_buffer".
 * @is_register: True if register, false if unregister.
 *
 * Returns nothing.
 */
void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register)
{
	bool is_write = false;

	spin_lock(&tomoyo_io_buffer_list_lock);
	if (is_register) {
		head->users = 1;
		list_add(&head->list, &tomoyo_io_buffer_list);
	} else {
		is_write = head->write_buf != NULL;
		if (!--head->users) {
			list_del(&head->list);
			kfree(head->read_buf);
			kfree(head->write_buf);
			kfree(head);
		}
	}
	spin_unlock(&tomoyo_io_buffer_list_lock);
	if (is_write) {
		struct task_struct *task = kthread_create(tomoyo_gc_thread,
							  NULL,
							  "GC for TOMOYO");
		if (!IS_ERR(task))
			wake_up_process(task);
	}
}
Commit	Line	Data
847b173e TH	1	/*
	2	* security/tomoyo/gc.c
	3	*
0f2a55d5	4	* Copyright (C) 2005-2011 NTT DATA CORPORATION
847b173e TH	5	*/
	6
	7	#include "common.h"
	8	#include <linux/kthread.h>
5a0e3ad6	9	#include <linux/slab.h>
847b173e	10
2e503bbb TH	11	/* The list for "struct tomoyo_io_buffer". */
	12	static LIST_HEAD(tomoyo_io_buffer_list);
	13	/* Lock for protecting tomoyo_io_buffer_list. */
	14	static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
	15
2e503bbb TH	16	/**
	17	* tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not.
	18	*
	19	* @element: Pointer to "struct list_head".
	20	*
	21	* Returns true if @element is used by /sys/kernel/security/tomoyo/ users,
	22	* false otherwise.
	23	*/
	24	static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element)
	25	{
	26	struct tomoyo_io_buffer *head;
	27	bool in_use = false;
	28
	29	spin_lock(&tomoyo_io_buffer_list_lock);
	30	list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
	31	head->users++;
	32	spin_unlock(&tomoyo_io_buffer_list_lock);
f9732ea1	33	mutex_lock(&head->io_sem);
2e503bbb TH	34	if (head->r.domain == element \|\| head->r.group == element \|\|
	35	head->r.acl == element \|\| &head->w.domain->list == element)
	36	in_use = true;
	37	mutex_unlock(&head->io_sem);
2e503bbb TH	38	spin_lock(&tomoyo_io_buffer_list_lock);
	39	head->users--;
	40	if (in_use)
	41	break;
	42	}
	43	spin_unlock(&tomoyo_io_buffer_list_lock);
	44	return in_use;
	45	}
	46
	47	/**
	48	* tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not.
	49	*
	50	* @string: String to check.
2e503bbb TH	51	*
	52	* Returns true if @string is used by /sys/kernel/security/tomoyo/ users,
	53	* false otherwise.
	54	*/
f9732ea1	55	static bool tomoyo_name_used_by_io_buffer(const char *string)
2e503bbb TH	56	{
2e503bbb TH	57	struct tomoyo_io_buffer *head;
f9732ea1	58	const size_t size = strlen(string) + 1;
2e503bbb TH	59	bool in_use = false;
	60
	61	spin_lock(&tomoyo_io_buffer_list_lock);
	62	list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
	63	int i;
	64	head->users++;
	65	spin_unlock(&tomoyo_io_buffer_list_lock);
f9732ea1	66	mutex_lock(&head->io_sem);
2e503bbb TH	67	for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) {
	68	const char *w = head->r.w[i];
	69	if (w < string \|\| w > string + size)
	70	continue;
	71	in_use = true;
	72	break;
	73	}
	74	mutex_unlock(&head->io_sem);
2e503bbb TH	75	spin_lock(&tomoyo_io_buffer_list_lock);
	76	head->users--;
	77	if (in_use)
	78	break;
	79	}
	80	spin_unlock(&tomoyo_io_buffer_list_lock);
	81	return in_use;
	82	}
	83
0df7e8b8 TH	84	/**
	85	* tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control".
	86	*
	87	* @element: Pointer to "struct list_head".
	88	*
	89	* Returns nothing.
	90	*/
f9732ea1	91	static inline void tomoyo_del_transition_control(struct list_head *element)
847b173e	92	{
5448ec4f	93	struct tomoyo_transition_control *ptr =
e79acf0e	94	container_of(element, typeof(*ptr), head.list);
847b173e TH	95	tomoyo_put_name(ptr->domainname);
	96	tomoyo_put_name(ptr->program);
	97	}
	98
0df7e8b8 TH	99	/**
	100	* tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator".
	101	*
	102	* @element: Pointer to "struct list_head".
	103	*
	104	* Returns nothing.
	105	*/
f9732ea1	106	static inline void tomoyo_del_aggregator(struct list_head *element)
1084307c	107	{
e2bf6907	108	struct tomoyo_aggregator *ptr =
e79acf0e	109	container_of(element, typeof(*ptr), head.list);
1084307c TH	110	tomoyo_put_name(ptr->original_name);
	111	tomoyo_put_name(ptr->aggregated_name);
	112	}
	113
0df7e8b8 TH	114	/**
	115	* tomoyo_del_manager - Delete members in "struct tomoyo_manager".
	116	*
	117	* @element: Pointer to "struct list_head".
	118	*
	119	* Returns nothing.
	120	*/
f9732ea1	121	static inline void tomoyo_del_manager(struct list_head *element)
847b173e	122	{
e2bf6907	123	struct tomoyo_manager *ptr =
e79acf0e	124	container_of(element, typeof(*ptr), head.list);
847b173e TH	125	tomoyo_put_name(ptr->manager);
	126	}
	127
0df7e8b8 TH	128	/**
	129	* tomoyo_del_acl - Delete members in "struct tomoyo_acl_info".
	130	*
	131	* @element: Pointer to "struct list_head".
	132	*
	133	* Returns nothing.
	134	*/
e79acf0e	135	static void tomoyo_del_acl(struct list_head *element)
847b173e	136	{
e79acf0e TH	137	struct tomoyo_acl_info *acl =
e79acf0e TH	138	container_of(element, typeof(*acl), list);
2066a361	139	tomoyo_put_condition(acl->cond);
847b173e	140	switch (acl->type) {
7ef61233	141	case TOMOYO_TYPE_PATH_ACL:
847b173e	142	{
7ef61233	143	struct tomoyo_path_acl *entry
847b173e	144	= container_of(acl, typeof(*entry), head);
7762fbff	145	tomoyo_put_name_union(&entry->name);
847b173e TH	146	}
847b173e TH	147	break;
7ef61233	148	case TOMOYO_TYPE_PATH2_ACL:
847b173e	149	{
7ef61233	150	struct tomoyo_path2_acl *entry
847b173e	151	= container_of(acl, typeof(*entry), head);
7762fbff TH	152	tomoyo_put_name_union(&entry->name1);
7762fbff TH	153	tomoyo_put_name_union(&entry->name2);
847b173e TH	154	}
847b173e TH	155	break;
a1f9bb6a TH	156	case TOMOYO_TYPE_PATH_NUMBER_ACL:
	157	{
	158	struct tomoyo_path_number_acl *entry
	159	= container_of(acl, typeof(*entry), head);
	160	tomoyo_put_name_union(&entry->name);
	161	tomoyo_put_number_union(&entry->number);
	162	}
	163	break;
75093152	164	case TOMOYO_TYPE_MKDEV_ACL:
a1f9bb6a	165	{
75093152	166	struct tomoyo_mkdev_acl *entry
a1f9bb6a TH	167	= container_of(acl, typeof(*entry), head);
	168	tomoyo_put_name_union(&entry->name);
	169	tomoyo_put_number_union(&entry->mode);
	170	tomoyo_put_number_union(&entry->major);
	171	tomoyo_put_number_union(&entry->minor);
	172	}
	173	break;
2106ccd9 TH	174	case TOMOYO_TYPE_MOUNT_ACL:
	175	{
	176	struct tomoyo_mount_acl *entry
	177	= container_of(acl, typeof(*entry), head);
	178	tomoyo_put_name_union(&entry->dev_name);
	179	tomoyo_put_name_union(&entry->dir_name);
	180	tomoyo_put_name_union(&entry->fs_type);
	181	tomoyo_put_number_union(&entry->flags);
	182	}
	183	break;
d58e0da8 TH	184	case TOMOYO_TYPE_ENV_ACL:
	185	{
	186	struct tomoyo_env_acl *entry =
	187	container_of(acl, typeof(*entry), head);
	188
	189	tomoyo_put_name(entry->env);
	190	}
	191	break;
059d84db TH	192	case TOMOYO_TYPE_INET_ACL:
	193	{
	194	struct tomoyo_inet_acl *entry =
	195	container_of(acl, typeof(*entry), head);
	196
	197	tomoyo_put_group(entry->address.group);
	198	tomoyo_put_number_union(&entry->port);
	199	}
	200	break;
	201	case TOMOYO_TYPE_UNIX_ACL:
	202	{
	203	struct tomoyo_unix_acl *entry =
	204	container_of(acl, typeof(*entry), head);
	205
	206	tomoyo_put_name_union(&entry->name);
	207	}
	208	break;
847b173e TH	209	}
	210	}
	211
2e503bbb TH	212	/**
	213	* tomoyo_del_domain - Delete members in "struct tomoyo_domain_info".
	214	*
	215	* @element: Pointer to "struct list_head".
	216	*
f9732ea1	217	* Returns nothing.
2e503bbb	218	*/
f9732ea1	219	static inline void tomoyo_del_domain(struct list_head *element)
847b173e	220	{
e79acf0e TH	221	struct tomoyo_domain_info *domain =
e79acf0e TH	222	container_of(element, typeof(*domain), list);
847b173e TH	223	struct tomoyo_acl_info *acl;
	224	struct tomoyo_acl_info *tmp;
	225	/*
f9732ea1 TH	226	* Since this domain is referenced from neither
	227	* "struct tomoyo_io_buffer" nor "struct cred"->security, we can delete
	228	* elements without checking for is_deleted flag.
847b173e	229	*/
847b173e	230	list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
e79acf0e	231	tomoyo_del_acl(&acl->list);
847b173e TH	232	tomoyo_memory_free(acl);
	233	}
	234	tomoyo_put_name(domain->domainname);
847b173e TH	235	}
847b173e TH	236
2066a361 TH	237	/**
	238	* tomoyo_del_condition - Delete members in "struct tomoyo_condition".
	239	*
	240	* @element: Pointer to "struct list_head".
	241	*
	242	* Returns nothing.
	243	*/
	244	void tomoyo_del_condition(struct list_head *element)
	245	{
	246	struct tomoyo_condition cond = container_of(element, typeof(cond),
	247	head.list);
	248	const u16 condc = cond->condc;
	249	const u16 numbers_count = cond->numbers_count;
2ca9bf45	250	const u16 names_count = cond->names_count;
5b636857 TH	251	const u16 argc = cond->argc;
5b636857 TH	252	const u16 envc = cond->envc;
2066a361 TH	253	unsigned int i;
	254	const struct tomoyo_condition_element *condp
	255	= (const struct tomoyo_condition_element *) (cond + 1);
	256	struct tomoyo_number_union *numbers_p
	257	= (struct tomoyo_number_union *) (condp + condc);
2ca9bf45 TH	258	struct tomoyo_name_union *names_p
2ca9bf45 TH	259	= (struct tomoyo_name_union *) (numbers_p + numbers_count);
5b636857 TH	260	const struct tomoyo_argv *argv
	261	= (const struct tomoyo_argv *) (names_p + names_count);
	262	const struct tomoyo_envp *envp
	263	= (const struct tomoyo_envp *) (argv + argc);
2066a361 TH	264	for (i = 0; i < numbers_count; i++)
2066a361 TH	265	tomoyo_put_number_union(numbers_p++);
2ca9bf45 TH	266	for (i = 0; i < names_count; i++)
2ca9bf45 TH	267	tomoyo_put_name_union(names_p++);
5b636857 TH	268	for (i = 0; i < argc; argv++, i++)
	269	tomoyo_put_name(argv->value);
	270	for (i = 0; i < envc; envp++, i++) {
	271	tomoyo_put_name(envp->name);
	272	tomoyo_put_name(envp->value);
	273	}
2066a361	274	}
847b173e	275
0df7e8b8 TH	276	/**
	277	* tomoyo_del_name - Delete members in "struct tomoyo_name".
	278	*
	279	* @element: Pointer to "struct list_head".
	280	*
	281	* Returns nothing.
	282	*/
f9732ea1	283	static inline void tomoyo_del_name(struct list_head *element)
847b173e	284	{
f9732ea1	285	/* Nothing to do. */
847b173e TH	286	}
847b173e TH	287
0df7e8b8 TH	288	/**
	289	* tomoyo_del_path_group - Delete members in "struct tomoyo_path_group".
	290	*
	291	* @element: Pointer to "struct list_head".
	292	*
	293	* Returns nothing.
	294	*/
f9732ea1	295	static inline void tomoyo_del_path_group(struct list_head *element)
7762fbff	296	{
a98aa4de	297	struct tomoyo_path_group *member =
e79acf0e	298	container_of(element, typeof(*member), head.list);
7762fbff TH	299	tomoyo_put_name(member->member_name);
	300	}
	301
0df7e8b8 TH	302	/**
	303	* tomoyo_del_group - Delete "struct tomoyo_group".
	304	*
	305	* @element: Pointer to "struct list_head".
	306	*
	307	* Returns nothing.
	308	*/
f9732ea1	309	static inline void tomoyo_del_group(struct list_head *element)
7762fbff	310	{
a98aa4de	311	struct tomoyo_group *group =
0df7e8b8	312	container_of(element, typeof(*group), head.list);
7762fbff TH	313	tomoyo_put_name(group->group_name);
	314	}
	315
059d84db TH	316	/**
	317	* tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
	318	*
	319	* @element: Pointer to "struct list_head".
	320	*
	321	* Returns nothing.
	322	*/
	323	static inline void tomoyo_del_address_group(struct list_head *element)
	324	{
	325	/* Nothing to do. */
	326	}
	327
0df7e8b8 TH	328	/**
	329	* tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
	330	*
	331	* @element: Pointer to "struct list_head".
	332	*
	333	* Returns nothing.
	334	*/
f9732ea1	335	static inline void tomoyo_del_number_group(struct list_head *element)
4c3e9e2d	336	{
f9732ea1 TH	337	/* Nothing to do. */
	338	}
	339
	340	/**
	341	* tomoyo_try_to_gc - Try to kfree() an entry.
	342	*
	343	* @type: One of values in "enum tomoyo_policy_id".
	344	* @element: Pointer to "struct list_head".
	345	*
	346	* Returns nothing.
	347	*
	348	* Caller holds tomoyo_policy_lock mutex.
	349	*/
	350	static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
	351	struct list_head *element)
	352	{
	353	/*
	354	* __list_del_entry() guarantees that the list element became no longer
	355	* reachable from the list which the element was originally on (e.g.
	356	* tomoyo_domain_list). Also, synchronize_srcu() guarantees that the
	357	* list element became no longer referenced by syscall users.
	358	*/
	359	__list_del_entry(element);
	360	mutex_unlock(&tomoyo_policy_lock);
	361	synchronize_srcu(&tomoyo_ss);
	362	/*
	363	* However, there are two users which may still be using the list
	364	* element. We need to defer until both users forget this element.
	365	*
	366	* Don't kfree() until "struct tomoyo_io_buffer"->r.{domain,group,acl}
	367	* and "struct tomoyo_io_buffer"->w.domain forget this element.
	368	*/
	369	if (tomoyo_struct_used_by_io_buffer(element))
	370	goto reinject;
	371	switch (type) {
	372	case TOMOYO_ID_TRANSITION_CONTROL:
	373	tomoyo_del_transition_control(element);
	374	break;
	375	case TOMOYO_ID_MANAGER:
	376	tomoyo_del_manager(element);
	377	break;
	378	case TOMOYO_ID_AGGREGATOR:
	379	tomoyo_del_aggregator(element);
	380	break;
	381	case TOMOYO_ID_GROUP:
	382	tomoyo_del_group(element);
	383	break;
	384	case TOMOYO_ID_PATH_GROUP:
	385	tomoyo_del_path_group(element);
	386	break;
	387	case TOMOYO_ID_ADDRESS_GROUP:
	388	tomoyo_del_address_group(element);
	389	break;
	390	case TOMOYO_ID_NUMBER_GROUP:
	391	tomoyo_del_number_group(element);
	392	break;
	393	case TOMOYO_ID_CONDITION:
	394	tomoyo_del_condition(element);
	395	break;
	396	case TOMOYO_ID_NAME:
	397	/*
	398	* Don't kfree() until all "struct tomoyo_io_buffer"->r.w[]
	399	* forget this element.
	400	*/
401	if (tomoyo_name_used_by_io_buffer
402	(container_of(element, typeof(struct tomoyo_name),
403	head.list)->entry.name))
404	goto reinject;
405	tomoyo_del_name(element);
406	break;
407	case TOMOYO_ID_ACL:
408	tomoyo_del_acl(element);
409	break;
410	case TOMOYO_ID_DOMAIN:
411	/*
412	* Don't kfree() until all "struct cred"->security forget this
413	* element.
414	*/
415	if (atomic_read(&container_of
416	(element, typeof(struct tomoyo_domain_info),
417	list)->users))
418	goto reinject;
419	tomoyo_del_domain(element);
420	break;
421	case TOMOYO_MAX_POLICY:
422	break;
423	}
424	mutex_lock(&tomoyo_policy_lock);
425	tomoyo_memory_free(element);
426	return;
427	reinject:
428	/*
429	* We can safely reinject this element here bacause
430	* (1) Appending list elements and removing list elements are protected
431	* by tomoyo_policy_lock mutex.
432	* (2) Only this function removes list elements and this function is
433	* exclusively executed by tomoyo_gc_mutex mutex.
434	* are true.
435	*/
436	mutex_lock(&tomoyo_policy_lock);
437	list_add_rcu(element, element->prev);
4c3e9e2d TH	438	}
4c3e9e2d TH	439
0df7e8b8 TH	440	/**
	441	* tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head".
	442	*
	443	* @id: One of values in "enum tomoyo_policy_id".
	444	* @member_list: Pointer to "struct list_head".
	445	*
f9732ea1	446	* Returns nothing.
0df7e8b8	447	*/
f9732ea1	448	static void tomoyo_collect_member(const enum tomoyo_policy_id id,
0df7e8b8	449	struct list_head *member_list)
d2f8b234 TH	450	{
d2f8b234 TH	451	struct tomoyo_acl_head *member;
f9732ea1 TH	452	struct tomoyo_acl_head *tmp;
f9732ea1 TH	453	list_for_each_entry_safe(member, tmp, member_list, list) {
d2f8b234 TH	454	if (!member->is_deleted)
d2f8b234 TH	455	continue;
f9732ea1 TH	456	member->is_deleted = TOMOYO_GC_IN_PROGRESS;
f9732ea1 TH	457	tomoyo_try_to_gc(id, &member->list);
d2f8b234	458	}
d2f8b234 TH	459	}
d2f8b234 TH	460
32997144 TH	461	/**
	462	* tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info".
	463	*
	464	* @list: Pointer to "struct list_head".
	465	*
f9732ea1	466	* Returns nothing.
32997144	467	*/
f9732ea1	468	static void tomoyo_collect_acl(struct list_head *list)
d2f8b234 TH	469	{
d2f8b234 TH	470	struct tomoyo_acl_info *acl;
f9732ea1 TH	471	struct tomoyo_acl_info *tmp;
f9732ea1 TH	472	list_for_each_entry_safe(acl, tmp, list, list) {
d2f8b234 TH	473	if (!acl->is_deleted)
d2f8b234 TH	474	continue;
f9732ea1 TH	475	acl->is_deleted = TOMOYO_GC_IN_PROGRESS;
f9732ea1 TH	476	tomoyo_try_to_gc(TOMOYO_ID_ACL, &acl->list);
d2f8b234	477	}
d2f8b234 TH	478	}
d2f8b234 TH	479
0df7e8b8	480	/**
f9732ea1	481	* tomoyo_collect_entry - Try to kfree() deleted elements.
0df7e8b8 TH	482	*
	483	* Returns nothing.
	484	*/
847b173e TH	485	static void tomoyo_collect_entry(void)
847b173e TH	486	{
d2f8b234	487	int i;
bd03a3e4 TH	488	enum tomoyo_policy_id id;
bd03a3e4 TH	489	struct tomoyo_policy_namespace *ns;
f9732ea1	490	mutex_lock(&tomoyo_policy_lock);
847b173e TH	491	{
847b173e TH	492	struct tomoyo_domain_info *domain;
f9732ea1 TH	493	struct tomoyo_domain_info *tmp;
	494	list_for_each_entry_safe(domain, tmp, &tomoyo_domain_list,
	495	list) {
	496	tomoyo_collect_acl(&domain->acl_info_list);
847b173e TH	497	if (!domain->is_deleted \|\| atomic_read(&domain->users))
847b173e TH	498	continue;
f9732ea1	499	tomoyo_try_to_gc(TOMOYO_ID_DOMAIN, &domain->list);
847b173e TH	500	}
847b173e TH	501	}
f9732ea1	502	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
bd03a3e4	503	for (id = 0; id < TOMOYO_MAX_POLICY; id++)
f9732ea1	504	tomoyo_collect_member(id, &ns->policy_list[id]);
bd03a3e4	505	for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
f9732ea1 TH	506	tomoyo_collect_acl(&ns->acl_group[i]);
	507	}
	508	{
	509	struct tomoyo_shared_acl_head *ptr;
	510	struct tomoyo_shared_acl_head *tmp;
	511	list_for_each_entry_safe(ptr, tmp, &tomoyo_condition_list,
	512	list) {
	513	if (atomic_read(&ptr->users) > 0)
	514	continue;
	515	atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
	516	tomoyo_try_to_gc(TOMOYO_ID_CONDITION, &ptr->list);
	517	}
	518	}
	519	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
bd03a3e4 TH	520	for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
	521	struct list_head *list = &ns->group_list[i];
	522	struct tomoyo_group *group;
f9732ea1	523	struct tomoyo_group *tmp;
bd03a3e4 TH	524	switch (i) {
	525	case 0:
	526	id = TOMOYO_ID_PATH_GROUP;
	527	break;
059d84db	528	case 1:
bd03a3e4 TH	529	id = TOMOYO_ID_NUMBER_GROUP;
bd03a3e4 TH	530	break;
059d84db TH	531	default:
	532	id = TOMOYO_ID_ADDRESS_GROUP;
	533	break;
bd03a3e4	534	}
f9732ea1 TH	535	list_for_each_entry_safe(group, tmp, list, head.list) {
f9732ea1 TH	536	tomoyo_collect_member(id, &group->member_list);
bd03a3e4	537	if (!list_empty(&group->member_list) \|\|
f9732ea1	538	atomic_read(&group->head.users) > 0)
bd03a3e4	539	continue;
f9732ea1 TH	540	atomic_set(&group->head.users,
	541	TOMOYO_GC_IN_PROGRESS);
	542	tomoyo_try_to_gc(TOMOYO_ID_GROUP,
	543	&group->head.list);
bd03a3e4	544	}
847b173e TH	545	}
847b173e TH	546	}
f9732ea1 TH	547	for (i = 0; i < TOMOYO_MAX_HASH; i++) {
f9732ea1 TH	548	struct list_head *list = &tomoyo_name_list[i];
bd03a3e4	549	struct tomoyo_shared_acl_head *ptr;
f9732ea1 TH	550	struct tomoyo_shared_acl_head *tmp;
	551	list_for_each_entry_safe(ptr, tmp, list, list) {
	552	if (atomic_read(&ptr->users) > 0)
4c3e9e2d	553	continue;
f9732ea1 TH	554	atomic_set(&ptr->users, TOMOYO_GC_IN_PROGRESS);
f9732ea1 TH	555	tomoyo_try_to_gc(TOMOYO_ID_NAME, &ptr->list);
4c3e9e2d TH	556	}
4c3e9e2d TH	557	}
29282381	558	mutex_unlock(&tomoyo_policy_lock);
847b173e TH	559	}
847b173e TH	560
0df7e8b8 TH	561	/**
	562	* tomoyo_gc_thread - Garbage collector thread function.
	563	*
	564	* @unused: Unused.
	565	*
0df7e8b8 TH	566	* Returns 0.
0df7e8b8 TH	567	*/
847b173e TH	568	static int tomoyo_gc_thread(void *unused)
847b173e TH	569	{
2e503bbb TH	570	/* Garbage collector thread is exclusive. */
	571	static DEFINE_MUTEX(tomoyo_gc_mutex);
	572	if (!mutex_trylock(&tomoyo_gc_mutex))
	573	goto out;
f9732ea1	574	tomoyo_collect_entry();
2e503bbb TH	575	{
	576	struct tomoyo_io_buffer *head;
	577	struct tomoyo_io_buffer *tmp;
	578
	579	spin_lock(&tomoyo_io_buffer_list_lock);
	580	list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list,
	581	list) {
	582	if (head->users)
	583	continue;
	584	list_del(&head->list);
	585	kfree(head->read_buf);
	586	kfree(head->write_buf);
	587	kfree(head);
847b173e	588	}
2e503bbb	589	spin_unlock(&tomoyo_io_buffer_list_lock);
847b173e	590	}
2e503bbb TH	591	mutex_unlock(&tomoyo_gc_mutex);
	592	out:
	593	/* This acts as do_exit(0). */
	594	return 0;
847b173e TH	595	}
847b173e TH	596
2e503bbb TH	597	/**
	598	* tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users.
	599	*
	600	* @head: Pointer to "struct tomoyo_io_buffer".
	601	* @is_register: True if register, false if unregister.
	602	*
	603	* Returns nothing.
	604	*/
	605	void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register)
847b173e	606	{
2e503bbb TH	607	bool is_write = false;
	608
	609	spin_lock(&tomoyo_io_buffer_list_lock);
	610	if (is_register) {
	611	head->users = 1;
	612	list_add(&head->list, &tomoyo_io_buffer_list);
	613	} else {
	614	is_write = head->write_buf != NULL;
	615	if (!--head->users) {
	616	list_del(&head->list);
	617	kfree(head->read_buf);
	618	kfree(head->write_buf);
	619	kfree(head);
	620	}
	621	}
	622	spin_unlock(&tomoyo_io_buffer_list_lock);
	623	if (is_write) {
	624	struct task_struct *task = kthread_create(tomoyo_gc_thread,
	625	NULL,
	626	"GC for TOMOYO");
	627	if (!IS_ERR(task))
	628	wake_up_process(task);
	629	}
847b173e	630	}