35  * Legacy fanotify marks limits (8192) is per group and we introduced a tunable
37  * of fanotify marks per user is <max marks per group> * <max groups per user>.
143 		 * With group flag FAN_REPORT_NAME, if name was not recorded in  in fanotify_event_info_len()
161 static void fanotify_unhash_event(struct fsnotify_group *group,  in fanotify_unhash_event()  argument
164 	assert_spin_locked(&group->notification_lock);  in fanotify_unhash_event()
166 	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,  in fanotify_unhash_event()
167 		 group, event, fanotify_event_hash_bucket(group, event));  in fanotify_unhash_event()
181 static struct fanotify_event *get_one_event(struct fsnotify_group *group,  in get_one_event()  argument
187 	unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES);  in get_one_event()
189 	pr_debug("%s: group=%p count=%zd\n", __func__, group, count);  in get_one_event()
191 	spin_lock(&group->notification_lock);  in get_one_event()
192 	fsn_event = fsnotify_peek_first_event(group);  in get_one_event()
209 	fsnotify_remove_first_event(group);  in get_one_event()
213 		fanotify_unhash_event(group, event);  in get_one_event()
215 	spin_unlock(&group->notification_lock);  in get_one_event()
219 static int create_fd(struct fsnotify_group *group, struct path *path,  in create_fd()  argument
225 	client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);  in create_fd()
234 			       group->fanotify_data.f_flags | FMODE_NONOTIFY,  in create_fd()
255  * drop group->notification_lock.
257 static void finish_permission_event(struct fsnotify_group *group,  in finish_permission_event()  argument
260 				    __releases(&group->notification_lock)  in finish_permission_event()
264 	assert_spin_locked(&group->notification_lock);  in finish_permission_event()
270 	spin_unlock(&group->notification_lock);  in finish_permission_event()
272 		fsnotify_destroy_event(group, &event->fae.fse);  in finish_permission_event()
275 static int process_access_response(struct fsnotify_group *group,  in process_access_response()  argument
282 	pr_debug("%s: group=%p fd=%d response=%d\n", __func__, group,  in process_access_response()
300 	if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT))  in process_access_response()
303 	spin_lock(&group->notification_lock);  in process_access_response()
304 	list_for_each_entry(event, &group->fanotify_data.access_list,  in process_access_response()
310 		finish_permission_event(group, event, response);  in process_access_response()
311 		wake_up(&group->fanotify_data.access_waitq);  in process_access_response()
314 	spin_unlock(&group->notification_lock);  in process_access_response()
469 			 * With only group flag FAN_REPORT_FID only type FID is  in copy_info_records_to_user()
476 			 * With group flag FAN_REPORT_NAME, if name was not  in copy_info_records_to_user()
486 			 * With group flag FAN_REPORT_DIR_FID, a single info  in copy_info_records_to_user()
493 			 * With group flags FAN_REPORT_DIR_FID|FAN_REPORT_FID,  in copy_info_records_to_user()
526 static ssize_t copy_event_to_user(struct fsnotify_group *group,  in copy_event_to_user()  argument
533 	unsigned int info_mode = FAN_GROUP_FLAG(group, FANOTIFY_INFO_MODES);  in copy_event_to_user()
538 	pr_debug("%s: group=%p event=%p\n", __func__, group, event);  in copy_event_to_user()
552 	if (FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) &&  in copy_event_to_user()
562 	if (!FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) &&  in copy_event_to_user()
564 		fd = create_fd(group, path, &f);  in copy_event_to_user()
575 		 * creation of pidfds for thread-group leaders.  in copy_event_to_user()
577 		WARN_ON_ONCE(FAN_GROUP_FLAG(group, FAN_REPORT_TID));  in copy_event_to_user()
641 	struct fsnotify_group *group = file->private_data;  in fanotify_poll()  local
644 	poll_wait(file, &group->notification_waitq, wait);  in fanotify_poll()
645 	spin_lock(&group->notification_lock);  in fanotify_poll()
646 	if (!fsnotify_notify_queue_is_empty(group))  in fanotify_poll()
648 	spin_unlock(&group->notification_lock);  in fanotify_poll()
656 	struct fsnotify_group *group;  in fanotify_read()  local
663 	group = file->private_data;  in fanotify_read()
665 	pr_debug("%s: group=%p\n", __func__, group);  in fanotify_read()
667 	add_wait_queue(&group->notification_waitq, &wait);  in fanotify_read()
674 		event = get_one_event(group, count);  in fanotify_read()
696 		ret = copy_event_to_user(group, event, buf, count);  in fanotify_read()
712 			fsnotify_destroy_event(group, &event->fse);  in fanotify_read()
715 				spin_lock(&group->notification_lock);  in fanotify_read()
716 				finish_permission_event(group,  in fanotify_read()
718 				wake_up(&group->fanotify_data.access_waitq);  in fanotify_read()
720 				spin_lock(&group->notification_lock);  in fanotify_read()
722 					&group->fanotify_data.access_list);  in fanotify_read()
723 				spin_unlock(&group->notification_lock);  in fanotify_read()
731 	remove_wait_queue(&group->notification_waitq, &wait);  in fanotify_read()
741 	struct fsnotify_group *group;  in fanotify_write()  local
747 	group = file->private_data;  in fanotify_write()
754 	pr_debug("%s: group=%p count=%zu\n", __func__, group, count);  in fanotify_write()
759 	ret = process_access_response(group, &response);  in fanotify_write()
768 	struct fsnotify_group *group = file->private_data;  in fanotify_release()  local
776 	fsnotify_group_stop_queueing(group);  in fanotify_release()
782 	spin_lock(&group->notification_lock);  in fanotify_release()
783 	while (!list_empty(&group->fanotify_data.access_list)) {  in fanotify_release()
786 		event = list_first_entry(&group->fanotify_data.access_list,  in fanotify_release()
789 		finish_permission_event(group, event, FAN_ALLOW);  in fanotify_release()
790 		spin_lock(&group->notification_lock);  in fanotify_release()
798 	while ((fsn_event = fsnotify_remove_first_event(group))) {  in fanotify_release()
802 			spin_unlock(&group->notification_lock);  in fanotify_release()
803 			fsnotify_destroy_event(group, fsn_event);  in fanotify_release()
805 			finish_permission_event(group, FANOTIFY_PERM(event),  in fanotify_release()
808 		spin_lock(&group->notification_lock);  in fanotify_release()
810 	spin_unlock(&group->notification_lock);  in fanotify_release()
813 	wake_up(&group->fanotify_data.access_waitq);  in fanotify_release()
816 	fsnotify_destroy_group(group);  in fanotify_release()
823 	struct fsnotify_group *group;  in fanotify_ioctl()  local
829 	group = file->private_data;  in fanotify_ioctl()
835 		spin_lock(&group->notification_lock);  in fanotify_ioctl()
836 		list_for_each_entry(fsn_event, &group->notification_list, list)  in fanotify_ioctl()
838 		spin_unlock(&group->notification_lock);  in fanotify_ioctl()
939 static int fanotify_remove_mark(struct fsnotify_group *group,  in fanotify_remove_mark()  argument
947 	mutex_lock(&group->mark_mutex);  in fanotify_remove_mark()
948 	fsn_mark = fsnotify_find_mark(connp, group);  in fanotify_remove_mark()
950 		mutex_unlock(&group->mark_mutex);  in fanotify_remove_mark()
960 	mutex_unlock(&group->mark_mutex);  in fanotify_remove_mark()
969 static int fanotify_remove_vfsmount_mark(struct fsnotify_group *group,  in fanotify_remove_vfsmount_mark()  argument
973 	return fanotify_remove_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,  in fanotify_remove_vfsmount_mark()
977 static int fanotify_remove_sb_mark(struct fsnotify_group *group,  in fanotify_remove_sb_mark()  argument
981 	return fanotify_remove_mark(group, &sb->s_fsnotify_marks, mask,  in fanotify_remove_sb_mark()
985 static int fanotify_remove_inode_mark(struct fsnotify_group *group,  in fanotify_remove_inode_mark()  argument
989 	return fanotify_remove_mark(group, &inode->i_fsnotify_marks, mask,  in fanotify_remove_inode_mark()
1013 static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,  in fanotify_add_new_mark()  argument
1018 	struct ucounts *ucounts = group->fanotify_data.ucounts;  in fanotify_add_new_mark()
1024 	 * A group with FAN_UNLIMITED_MARKS does not contribute to mark count  in fanotify_add_new_mark()
1027 	if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS) &&  in fanotify_add_new_mark()
1037 	fsnotify_init_mark(mark, group);  in fanotify_add_new_mark()
1047 	if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS))  in fanotify_add_new_mark()
1053 static int fanotify_add_mark(struct fsnotify_group *group,  in fanotify_add_mark()  argument
1061 	mutex_lock(&group->mark_mutex);  in fanotify_add_mark()
1062 	fsn_mark = fsnotify_find_mark(connp, group);  in fanotify_add_mark()
1064 		fsn_mark = fanotify_add_new_mark(group, connp, type, fsid);  in fanotify_add_mark()
1066 			mutex_unlock(&group->mark_mutex);  in fanotify_add_mark()
1073 	mutex_unlock(&group->mark_mutex);  in fanotify_add_mark()
1079 static int fanotify_add_vfsmount_mark(struct fsnotify_group *group,  in fanotify_add_vfsmount_mark()  argument
1083 	return fanotify_add_mark(group, &real_mount(mnt)->mnt_fsnotify_marks,  in fanotify_add_vfsmount_mark()
1087 static int fanotify_add_sb_mark(struct fsnotify_group *group,  in fanotify_add_sb_mark()  argument
1091 	return fanotify_add_mark(group, &sb->s_fsnotify_marks,  in fanotify_add_sb_mark()
1095 static int fanotify_add_inode_mark(struct fsnotify_group *group,  in fanotify_add_inode_mark()  argument
1099 	pr_debug("%s: group=%p inode=%p\n", __func__, group, inode);  in fanotify_add_inode_mark()
1111 	return fanotify_add_mark(group, &inode->i_fsnotify_marks,  in fanotify_add_inode_mark()
1146 	struct fsnotify_group *group;  in SYSCALL_DEFINE2()  local
1157 		 * An unprivileged user can setup an fanotify group with  in SYSCALL_DEFINE2()
1158 		 * limited functionality - an unprivileged group is limited to  in SYSCALL_DEFINE2()
1166 		 * Setting the internal flag FANOTIFY_UNPRIV on the group  in SYSCALL_DEFINE2()
1167 		 * prevents setting mount/filesystem marks on this group and  in SYSCALL_DEFINE2()
1181 	 * A pidfd can only be returned for a thread-group leader; thus  in SYSCALL_DEFINE2()
1217 	group = fsnotify_alloc_user_group(&fanotify_fsnotify_ops);  in SYSCALL_DEFINE2()
1218 	if (IS_ERR(group)) {  in SYSCALL_DEFINE2()
1219 		return PTR_ERR(group);  in SYSCALL_DEFINE2()
1223 	group->fanotify_data.ucounts = inc_ucount(current_user_ns(),  in SYSCALL_DEFINE2()
1226 	if (!group->fanotify_data.ucounts) {  in SYSCALL_DEFINE2()
1231 	group->fanotify_data.flags = flags | internal_flags;  in SYSCALL_DEFINE2()
1232 	group->memcg = get_mem_cgroup_from_mm(current->mm);  in SYSCALL_DEFINE2()
1234 	group->fanotify_data.merge_hash = fanotify_alloc_merge_hash();  in SYSCALL_DEFINE2()
1235 	if (!group->fanotify_data.merge_hash) {  in SYSCALL_DEFINE2()
1240 	group->overflow_event = fanotify_alloc_overflow_event();  in SYSCALL_DEFINE2()
1241 	if (unlikely(!group->overflow_event)) {  in SYSCALL_DEFINE2()
1248 	group->fanotify_data.f_flags = event_f_flags;  in SYSCALL_DEFINE2()
1249 	init_waitqueue_head(&group->fanotify_data.access_waitq);  in SYSCALL_DEFINE2()
1250 	INIT_LIST_HEAD(&group->fanotify_data.access_list);  in SYSCALL_DEFINE2()
1253 		group->priority = FS_PRIO_0;  in SYSCALL_DEFINE2()
1256 		group->priority = FS_PRIO_1;  in SYSCALL_DEFINE2()
1259 		group->priority = FS_PRIO_2;  in SYSCALL_DEFINE2()
1270 		group->max_events = UINT_MAX;  in SYSCALL_DEFINE2()
1272 		group->max_events = fanotify_max_queued_events;  in SYSCALL_DEFINE2()
1287 	fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);  in SYSCALL_DEFINE2()
1294 	fsnotify_destroy_group(group);  in SYSCALL_DEFINE2()
1361 	struct fsnotify_group *group;  in do_fanotify_mark()  local
1428 	group = f.file->private_data;  in do_fanotify_mark()
1432 	 * marks.  This also includes setting up such marks by a group that  in do_fanotify_mark()
1437 	     FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV)) &&  in do_fanotify_mark()
1442 	 * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF.  These are not  in do_fanotify_mark()
1447 	    group->priority == FS_PRIO_0)  in do_fanotify_mark()
1453 	 * group supports reporting fid.  in do_fanotify_mark()
1457 	fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);  in do_fanotify_mark()
1465 			fsnotify_clear_vfsmount_marks_by_group(group);  in do_fanotify_mark()
1467 			fsnotify_clear_sb_marks_by_group(group);  in do_fanotify_mark()
1469 			fsnotify_clear_inode_marks_by_group(group);  in do_fanotify_mark()
1492 	/* inode held in place by reference to path; group by fget on fd */  in do_fanotify_mark()
1503 		 * If group needs to report parent fid, register for getting  in do_fanotify_mark()
1515 			ret = fanotify_add_vfsmount_mark(group, mnt, mask,  in do_fanotify_mark()
1518 			ret = fanotify_add_sb_mark(group, mnt->mnt_sb, mask,  in do_fanotify_mark()
1521 			ret = fanotify_add_inode_mark(group, inode, mask,  in do_fanotify_mark()
1526 			ret = fanotify_remove_vfsmount_mark(group, mnt, mask,  in do_fanotify_mark()
1529 			ret = fanotify_remove_sb_mark(group, mnt->mnt_sb, mask,  in do_fanotify_mark()
1532 			ret = fanotify_remove_inode_mark(group, inode, mask,  in do_fanotify_mark()