1/*
  2 * AppArmor security module
  3 *
  4 * This file contains basic common functions used in AppArmor
  5 *
  6 * Copyright (C) 1998-2008 Novell/SUSE
  7 * Copyright 2009-2010 Canonical Ltd.
  8 *
  9 * This program is free software; you can redistribute it and/or
 10 * modify it under the terms of the GNU General Public License as
 11 * published by the Free Software Foundation, version 2 of the
 12 * License.
 13 */
 14
 15#include <linux/mm.h>
 16#include <linux/slab.h>
 17#include <linux/string.h>
 18#include <linux/vmalloc.h>
 19
 20#include "include/audit.h"
 21#include "include/apparmor.h"
 22
 23
 24/**
 25 * aa_split_fqname - split a fqname into a profile and namespace name
 26 * @fqname: a full qualified name in namespace profile format (NOT NULL)
 27 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
 28 *
 29 * Returns: profile name or NULL if one is not specified
 30 *
 31 * Split a namespace name from a profile name (see policy.c for naming
 32 * description).  If a portion of the name is missing it returns NULL for
 33 * that portion.
 34 *
 35 * NOTE: may modify the @fqname string.  The pointers returned point
 36 *       into the @fqname string.
 37 */
 38char *aa_split_fqname(char *fqname, char **ns_name)
 39{
 40	char *name = strim(fqname);
 41
 42	*ns_name = NULL;
 43	if (name[0] == ':') {
 44		char *split = strchr(&name[1], ':');
 45		*ns_name = skip_spaces(&name[1]);
 46		if (split) {
 47			/* overwrite ':' with \0 */
 48			*split = 0;
 49			name = skip_spaces(split + 1);
 
 
 50		} else
 51			/* a ns name without a following profile is allowed */
 52			name = NULL;
 53	}
 54	if (name && *name == 0)
 55		name = NULL;
 56
 57	return name;
 58}
 59
 60/**
 61 * aa_info_message - log a none profile related status message
 62 * @str: message to log
 63 */
 64void aa_info_message(const char *str)
 65{
 66	if (audit_enabled) {
 67		struct common_audit_data sa;
 68		struct apparmor_audit_data aad = {0,};
 69		sa.type = LSM_AUDIT_DATA_NONE;
 70		sa.aad = &aad;
 71		aad.info = str;
 72		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
 73	}
 74	printk(KERN_INFO "AppArmor: %s\n", str);
 75}
 76
 77/**
 78 * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
 79 * @size: size of allocation
 
 80 *
 81 * Return: allocated buffer or NULL if failed
 82 *
 83 * It is possible that policy being loaded from the user is larger than
 84 * what can be allocated by kmalloc, in those cases fall back to vmalloc.
 85 */
 86void *kvmalloc(size_t size)
 87{
 88	void *buffer = NULL;
 89
 90	if (size == 0)
 91		return NULL;
 92
 93	/* do not attempt kmalloc if we need more than 16 pages at once */
 94	if (size <= (16*PAGE_SIZE))
 95		buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
 96	if (!buffer) {
 97		/* see kvfree for why size must be at least work_struct size
 98		 * when allocated via vmalloc
 99		 */
100		if (size < sizeof(struct work_struct))
101			size = sizeof(struct work_struct);
102		buffer = vmalloc(size);
103	}
104	return buffer;
105}
106
107/**
108 * do_vfree - workqueue routine for freeing vmalloced memory
109 * @work: data to be freed
110 *
111 * The work_struct is overlaid to the data being freed, as at the point
112 * the work is scheduled the data is no longer valid, be its freeing
113 * needs to be delayed until safe.
114 */
115static void do_vfree(struct work_struct *work)
116{
117	vfree(work);
118}
119
120/**
121 * kvfree - free an allocation do by kvmalloc
122 * @buffer: buffer to free (MAYBE_NULL)
123 *
124 * Free a buffer allocated by kvmalloc
125 */
126void kvfree(void *buffer)
127{
128	if (is_vmalloc_addr(buffer)) {
129		/* Data is no longer valid so just use the allocated space
130		 * as the work_struct
131		 */
132		struct work_struct *work = (struct work_struct *) buffer;
133		INIT_WORK(work, do_vfree);
134		schedule_work(work);
135	} else
136		kfree(buffer);
137}

  1/*
  2 * AppArmor security module
  3 *
  4 * This file contains basic common functions used in AppArmor
  5 *
  6 * Copyright (C) 1998-2008 Novell/SUSE
  7 * Copyright 2009-2010 Canonical Ltd.
  8 *
  9 * This program is free software; you can redistribute it and/or
 10 * modify it under the terms of the GNU General Public License as
 11 * published by the Free Software Foundation, version 2 of the
 12 * License.
 13 */
 14
 15#include <linux/mm.h>
 16#include <linux/slab.h>
 17#include <linux/string.h>
 18#include <linux/vmalloc.h>
 19
 20#include "include/audit.h"
 21#include "include/apparmor.h"
 22
 23
 24/**
 25 * aa_split_fqname - split a fqname into a profile and namespace name
 26 * @fqname: a full qualified name in namespace profile format (NOT NULL)
 27 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
 28 *
 29 * Returns: profile name or NULL if one is not specified
 30 *
 31 * Split a namespace name from a profile name (see policy.c for naming
 32 * description).  If a portion of the name is missing it returns NULL for
 33 * that portion.
 34 *
 35 * NOTE: may modify the @fqname string.  The pointers returned point
 36 *       into the @fqname string.
 37 */
 38char *aa_split_fqname(char *fqname, char **ns_name)
 39{
 40	char *name = strim(fqname);
 41
 42	*ns_name = NULL;
 43	if (name[0] == ':') {
 44		char *split = strchr(&name[1], ':');
 45		*ns_name = skip_spaces(&name[1]);
 46		if (split) {
 47			/* overwrite ':' with \0 */
 48			*split++ = 0;
 49			if (strncmp(split, "//", 2) == 0)
 50				split += 2;
 51			name = skip_spaces(split);
 52		} else
 53			/* a ns name without a following profile is allowed */
 54			name = NULL;
 55	}
 56	if (name && *name == 0)
 57		name = NULL;
 58
 59	return name;
 60}
 61
 62/**
 63 * aa_info_message - log a none profile related status message
 64 * @str: message to log
 65 */
 66void aa_info_message(const char *str)
 67{
 68	if (audit_enabled) {
 69		struct common_audit_data sa;
 70		struct apparmor_audit_data aad = {0,};
 71		sa.type = LSM_AUDIT_DATA_NONE;
 72		sa.aad = &aad;
 73		aad.info = str;
 74		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
 75	}
 76	printk(KERN_INFO "AppArmor: %s\n", str);
 77}
 78
 79/**
 80 * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
 81 * @size: how many bytes of memory are required
 82 * @flags: the type of memory to allocate (see kmalloc).
 83 *
 84 * Return: allocated buffer or NULL if failed
 85 *
 86 * It is possible that policy being loaded from the user is larger than
 87 * what can be allocated by kmalloc, in those cases fall back to vmalloc.
 88 */
 89void *__aa_kvmalloc(size_t size, gfp_t flags)
 90{
 91	void *buffer = NULL;
 92
 93	if (size == 0)
 94		return NULL;
 95
 96	/* do not attempt kmalloc if we need more than 16 pages at once */
 97	if (size <= (16*PAGE_SIZE))
 98		buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN);
 99	if (!buffer) {
100		if (flags & __GFP_ZERO)
101			buffer = vzalloc(size);
102		else
103			buffer = vmalloc(size);
 
 
104	}
105	return buffer;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106}