7747ceb9a2214350c43aebaad5ef5da2c11cccbb
[linux-2.6.git] / security / tomoyo / gc.c
1 /*
2  * security/tomoyo/gc.c
3  *
4  * Copyright (C) 2005-2011  NTT DATA CORPORATION
5  */
6
7 #include "common.h"
8 #include <linux/kthread.h>
9 #include <linux/slab.h>
10
11 /* The list for "struct tomoyo_io_buffer". */
12 static LIST_HEAD(tomoyo_io_buffer_list);
13 /* Lock for protecting tomoyo_io_buffer_list. */
14 static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
15
16 /* Size of an element. */
17 static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = {
18         [TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group),
19         [TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group),
20         [TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group),
21         [TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group),
22         [TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator),
23         [TOMOYO_ID_TRANSITION_CONTROL] =
24         sizeof(struct tomoyo_transition_control),
25         [TOMOYO_ID_MANAGER] = sizeof(struct tomoyo_manager),
26         /* [TOMOYO_ID_CONDITION] = "struct tomoyo_condition"->size, */
27         /* [TOMOYO_ID_NAME] = "struct tomoyo_name"->size, */
28         /* [TOMOYO_ID_ACL] =
29            tomoyo_acl_size["struct tomoyo_acl_info"->type], */
30         [TOMOYO_ID_DOMAIN] = sizeof(struct tomoyo_domain_info),
31 };
32
33 /* Size of a domain ACL element. */
34 static const u8 tomoyo_acl_size[] = {
35         [TOMOYO_TYPE_PATH_ACL] = sizeof(struct tomoyo_path_acl),
36         [TOMOYO_TYPE_PATH2_ACL] = sizeof(struct tomoyo_path2_acl),
37         [TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl),
38         [TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl),
39         [TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl),
40         [TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl),
41         [TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl),
42         [TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl),
43 };
44
45 /**
46  * tomoyo_struct_used_by_io_buffer - Check whether the list element is used by /sys/kernel/security/tomoyo/ users or not.
47  *
48  * @element: Pointer to "struct list_head".
49  *
50  * Returns true if @element is used by /sys/kernel/security/tomoyo/ users,
51  * false otherwise.
52  */
53 static bool tomoyo_struct_used_by_io_buffer(const struct list_head *element)
54 {
55         struct tomoyo_io_buffer *head;
56         bool in_use = false;
57
58         spin_lock(&tomoyo_io_buffer_list_lock);
59         list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
60                 head->users++;
61                 spin_unlock(&tomoyo_io_buffer_list_lock);
62                 if (mutex_lock_interruptible(&head->io_sem)) {
63                         in_use = true;
64                         goto out;
65                 }
66                 if (head->r.domain == element || head->r.group == element ||
67                     head->r.acl == element || &head->w.domain->list == element)
68                         in_use = true;
69                 mutex_unlock(&head->io_sem);
70 out:
71                 spin_lock(&tomoyo_io_buffer_list_lock);
72                 head->users--;
73                 if (in_use)
74                         break;
75         }
76         spin_unlock(&tomoyo_io_buffer_list_lock);
77         return in_use;
78 }
79
80 /**
81  * tomoyo_name_used_by_io_buffer - Check whether the string is used by /sys/kernel/security/tomoyo/ users or not.
82  *
83  * @string: String to check.
84  * @size:   Memory allocated for @string .
85  *
86  * Returns true if @string is used by /sys/kernel/security/tomoyo/ users,
87  * false otherwise.
88  */
89 static bool tomoyo_name_used_by_io_buffer(const char *string,
90                                           const size_t size)
91 {
92         struct tomoyo_io_buffer *head;
93         bool in_use = false;
94
95         spin_lock(&tomoyo_io_buffer_list_lock);
96         list_for_each_entry(head, &tomoyo_io_buffer_list, list) {
97                 int i;
98                 head->users++;
99                 spin_unlock(&tomoyo_io_buffer_list_lock);
100                 if (mutex_lock_interruptible(&head->io_sem)) {
101                         in_use = true;
102                         goto out;
103                 }
104                 for (i = 0; i < TOMOYO_MAX_IO_READ_QUEUE; i++) {
105                         const char *w = head->r.w[i];
106                         if (w < string || w > string + size)
107                                 continue;
108                         in_use = true;
109                         break;
110                 }
111                 mutex_unlock(&head->io_sem);
112 out:
113                 spin_lock(&tomoyo_io_buffer_list_lock);
114                 head->users--;
115                 if (in_use)
116                         break;
117         }
118         spin_unlock(&tomoyo_io_buffer_list_lock);
119         return in_use;
120 }
121
122 /* Structure for garbage collection. */
123 struct tomoyo_gc {
124         struct list_head list;
125         enum tomoyo_policy_id type;
126         size_t size;
127         struct list_head *element;
128 };
129 /* List of entries to be deleted. */
130 static LIST_HEAD(tomoyo_gc_list);
131 /* Length of tomoyo_gc_list. */
132 static int tomoyo_gc_list_len;
133
134 /**
135  * tomoyo_add_to_gc - Add an entry to to be deleted list.
136  *
137  * @type:    One of values in "enum tomoyo_policy_id".
138  * @element: Pointer to "struct list_head".
139  *
140  * Returns true on success, false otherwise.
141  *
142  * Caller holds tomoyo_policy_lock mutex.
143  *
144  * Adding an entry needs kmalloc(). Thus, if we try to add thousands of
145  * entries at once, it will take too long time. Thus, do not add more than 128
146  * entries per a scan. But to be able to handle worst case where all entries
147  * are in-use, we accept one more entry per a scan.
148  *
149  * If we use singly linked list using "struct list_head"->prev (which is
150  * LIST_POISON2), we can avoid kmalloc().
151  */
152 static bool tomoyo_add_to_gc(const int type, struct list_head *element)
153 {
154         struct tomoyo_gc *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
155         if (!entry)
156                 return false;
157         entry->type = type;
158         if (type == TOMOYO_ID_ACL)
159                 entry->size = tomoyo_acl_size[
160                               container_of(element,
161                                            typeof(struct tomoyo_acl_info),
162                                            list)->type];
163         else if (type == TOMOYO_ID_NAME)
164                 entry->size = strlen(container_of(element,
165                                                   typeof(struct tomoyo_name),
166                                                   head.list)->entry.name) + 1;
167         else if (type == TOMOYO_ID_CONDITION)
168                 entry->size =
169                         container_of(element, typeof(struct tomoyo_condition),
170                                      head.list)->size;
171         else
172                 entry->size = tomoyo_element_size[type];
173         entry->element = element;
174         list_add(&entry->list, &tomoyo_gc_list);
175         list_del_rcu(element);
176         return tomoyo_gc_list_len++ < 128;
177 }
178
179 /**
180  * tomoyo_element_linked_by_gc - Validate next element of an entry.
181  *
182  * @element: Pointer to an element.
183  * @size:    Size of @element in byte.
184  *
185  * Returns true if @element is linked by other elements in the garbage
186  * collector's queue, false otherwise.
187  */
188 static bool tomoyo_element_linked_by_gc(const u8 *element, const size_t size)
189 {
190         struct tomoyo_gc *p;
191         list_for_each_entry(p, &tomoyo_gc_list, list) {
192                 const u8 *ptr = (const u8 *) p->element->next;
193                 if (ptr < element || element + size < ptr)
194                         continue;
195                 return true;
196         }
197         return false;
198 }
199
200 /**
201  * tomoyo_del_transition_control - Delete members in "struct tomoyo_transition_control".
202  *
203  * @element: Pointer to "struct list_head".
204  *
205  * Returns nothing.
206  */
207 static void tomoyo_del_transition_control(struct list_head *element)
208 {
209         struct tomoyo_transition_control *ptr =
210                 container_of(element, typeof(*ptr), head.list);
211         tomoyo_put_name(ptr->domainname);
212         tomoyo_put_name(ptr->program);
213 }
214
215 /**
216  * tomoyo_del_aggregator - Delete members in "struct tomoyo_aggregator".
217  *
218  * @element: Pointer to "struct list_head".
219  *
220  * Returns nothing.
221  */
222 static void tomoyo_del_aggregator(struct list_head *element)
223 {
224         struct tomoyo_aggregator *ptr =
225                 container_of(element, typeof(*ptr), head.list);
226         tomoyo_put_name(ptr->original_name);
227         tomoyo_put_name(ptr->aggregated_name);
228 }
229
230 /**
231  * tomoyo_del_manager - Delete members in "struct tomoyo_manager".
232  *
233  * @element: Pointer to "struct list_head".
234  *
235  * Returns nothing.
236  */
237 static void tomoyo_del_manager(struct list_head *element)
238 {
239         struct tomoyo_manager *ptr =
240                 container_of(element, typeof(*ptr), head.list);
241         tomoyo_put_name(ptr->manager);
242 }
243
244 /**
245  * tomoyo_del_acl - Delete members in "struct tomoyo_acl_info".
246  *
247  * @element: Pointer to "struct list_head".
248  *
249  * Returns nothing.
250  */
251 static void tomoyo_del_acl(struct list_head *element)
252 {
253         struct tomoyo_acl_info *acl =
254                 container_of(element, typeof(*acl), list);
255         tomoyo_put_condition(acl->cond);
256         switch (acl->type) {
257         case TOMOYO_TYPE_PATH_ACL:
258                 {
259                         struct tomoyo_path_acl *entry
260                                 = container_of(acl, typeof(*entry), head);
261                         tomoyo_put_name_union(&entry->name);
262                 }
263                 break;
264         case TOMOYO_TYPE_PATH2_ACL:
265                 {
266                         struct tomoyo_path2_acl *entry
267                                 = container_of(acl, typeof(*entry), head);
268                         tomoyo_put_name_union(&entry->name1);
269                         tomoyo_put_name_union(&entry->name2);
270                 }
271                 break;
272         case TOMOYO_TYPE_PATH_NUMBER_ACL:
273                 {
274                         struct tomoyo_path_number_acl *entry
275                                 = container_of(acl, typeof(*entry), head);
276                         tomoyo_put_name_union(&entry->name);
277                         tomoyo_put_number_union(&entry->number);
278                 }
279                 break;
280         case TOMOYO_TYPE_MKDEV_ACL:
281                 {
282                         struct tomoyo_mkdev_acl *entry
283                                 = container_of(acl, typeof(*entry), head);
284                         tomoyo_put_name_union(&entry->name);
285                         tomoyo_put_number_union(&entry->mode);
286                         tomoyo_put_number_union(&entry->major);
287                         tomoyo_put_number_union(&entry->minor);
288                 }
289                 break;
290         case TOMOYO_TYPE_MOUNT_ACL:
291                 {
292                         struct tomoyo_mount_acl *entry
293                                 = container_of(acl, typeof(*entry), head);
294                         tomoyo_put_name_union(&entry->dev_name);
295                         tomoyo_put_name_union(&entry->dir_name);
296                         tomoyo_put_name_union(&entry->fs_type);
297                         tomoyo_put_number_union(&entry->flags);
298                 }
299                 break;
300         case TOMOYO_TYPE_ENV_ACL:
301                 {
302                         struct tomoyo_env_acl *entry =
303                                 container_of(acl, typeof(*entry), head);
304
305                         tomoyo_put_name(entry->env);
306                 }
307                 break;
308         case TOMOYO_TYPE_INET_ACL:
309                 {
310                         struct tomoyo_inet_acl *entry =
311                                 container_of(acl, typeof(*entry), head);
312
313                         tomoyo_put_group(entry->address.group);
314                         tomoyo_put_number_union(&entry->port);
315                 }
316                 break;
317         case TOMOYO_TYPE_UNIX_ACL:
318                 {
319                         struct tomoyo_unix_acl *entry =
320                                 container_of(acl, typeof(*entry), head);
321
322                         tomoyo_put_name_union(&entry->name);
323                 }
324                 break;
325         }
326 }
327
328 /**
329  * tomoyo_del_domain - Delete members in "struct tomoyo_domain_info".
330  *
331  * @element: Pointer to "struct list_head".
332  *
333  * Returns true if deleted, false otherwise.
334  */
335 static bool tomoyo_del_domain(struct list_head *element)
336 {
337         struct tomoyo_domain_info *domain =
338                 container_of(element, typeof(*domain), list);
339         struct tomoyo_acl_info *acl;
340         struct tomoyo_acl_info *tmp;
341         /*
342          * Since we don't protect whole execve() operation using SRCU,
343          * we need to recheck domain->users at this point.
344          *
345          * (1) Reader starts SRCU section upon execve().
346          * (2) Reader traverses tomoyo_domain_list and finds this domain.
347          * (3) Writer marks this domain as deleted.
348          * (4) Garbage collector removes this domain from tomoyo_domain_list
349          *     because this domain is marked as deleted and used by nobody.
350          * (5) Reader saves reference to this domain into
351          *     "struct linux_binprm"->cred->security .
352          * (6) Reader finishes SRCU section, although execve() operation has
353          *     not finished yet.
354          * (7) Garbage collector waits for SRCU synchronization.
355          * (8) Garbage collector kfree() this domain because this domain is
356          *     used by nobody.
357          * (9) Reader finishes execve() operation and restores this domain from
358          *     "struct linux_binprm"->cred->security.
359          *
360          * By updating domain->users at (5), we can solve this race problem
361          * by rechecking domain->users at (8).
362          */
363         if (atomic_read(&domain->users))
364                 return false;
365         list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
366                 tomoyo_del_acl(&acl->list);
367                 tomoyo_memory_free(acl);
368         }
369         tomoyo_put_name(domain->domainname);
370         return true;
371 }
372
373 /**
374  * tomoyo_del_condition - Delete members in "struct tomoyo_condition".
375  *
376  * @element: Pointer to "struct list_head".
377  *
378  * Returns nothing.
379  */
380 void tomoyo_del_condition(struct list_head *element)
381 {
382         struct tomoyo_condition *cond = container_of(element, typeof(*cond),
383                                                      head.list);
384         const u16 condc = cond->condc;
385         const u16 numbers_count = cond->numbers_count;
386         const u16 names_count = cond->names_count;
387         const u16 argc = cond->argc;
388         const u16 envc = cond->envc;
389         unsigned int i;
390         const struct tomoyo_condition_element *condp
391                 = (const struct tomoyo_condition_element *) (cond + 1);
392         struct tomoyo_number_union *numbers_p
393                 = (struct tomoyo_number_union *) (condp + condc);
394         struct tomoyo_name_union *names_p
395                 = (struct tomoyo_name_union *) (numbers_p + numbers_count);
396         const struct tomoyo_argv *argv
397                 = (const struct tomoyo_argv *) (names_p + names_count);
398         const struct tomoyo_envp *envp
399                 = (const struct tomoyo_envp *) (argv + argc);
400         for (i = 0; i < numbers_count; i++)
401                 tomoyo_put_number_union(numbers_p++);
402         for (i = 0; i < names_count; i++)
403                 tomoyo_put_name_union(names_p++);
404         for (i = 0; i < argc; argv++, i++)
405                 tomoyo_put_name(argv->value);
406         for (i = 0; i < envc; envp++, i++) {
407                 tomoyo_put_name(envp->name);
408                 tomoyo_put_name(envp->value);
409         }
410 }
411
412 /**
413  * tomoyo_del_name - Delete members in "struct tomoyo_name".
414  *
415  * @element: Pointer to "struct list_head".
416  *
417  * Returns nothing.
418  */
419 static void tomoyo_del_name(struct list_head *element)
420 {
421         const struct tomoyo_name *ptr =
422                 container_of(element, typeof(*ptr), head.list);
423 }
424
425 /**
426  * tomoyo_del_path_group - Delete members in "struct tomoyo_path_group".
427  *
428  * @element: Pointer to "struct list_head".
429  *
430  * Returns nothing.
431  */
432 static void tomoyo_del_path_group(struct list_head *element)
433 {
434         struct tomoyo_path_group *member =
435                 container_of(element, typeof(*member), head.list);
436         tomoyo_put_name(member->member_name);
437 }
438
439 /**
440  * tomoyo_del_group - Delete "struct tomoyo_group".
441  *
442  * @element: Pointer to "struct list_head".
443  *
444  * Returns nothing.
445  */
446 static void tomoyo_del_group(struct list_head *element)
447 {
448         struct tomoyo_group *group =
449                 container_of(element, typeof(*group), head.list);
450         tomoyo_put_name(group->group_name);
451 }
452
453 /**
454  * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
455  *
456  * @element: Pointer to "struct list_head".
457  *
458  * Returns nothing.
459  */
460 static inline void tomoyo_del_address_group(struct list_head *element)
461 {
462         /* Nothing to do. */
463 }
464
465 /**
466  * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
467  *
468  * @element: Pointer to "struct list_head".
469  *
470  * Returns nothing.
471  */
472 static void tomoyo_del_number_group(struct list_head *element)
473 {
474         struct tomoyo_number_group *member =
475                 container_of(element, typeof(*member), head.list);
476 }
477
478 /**
479  * tomoyo_collect_member - Delete elements with "struct tomoyo_acl_head".
480  *
481  * @id:          One of values in "enum tomoyo_policy_id".
482  * @member_list: Pointer to "struct list_head".
483  *
484  * Returns true if some elements are deleted, false otherwise.
485  */
486 static bool tomoyo_collect_member(const enum tomoyo_policy_id id,
487                                   struct list_head *member_list)
488 {
489         struct tomoyo_acl_head *member;
490         list_for_each_entry(member, member_list, list) {
491                 if (!member->is_deleted)
492                         continue;
493                 if (!tomoyo_add_to_gc(id, &member->list))
494                         return false;
495         }
496         return true;
497 }
498
499 /**
500  * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info".
501  *
502  * @list: Pointer to "struct list_head".
503  *
504  * Returns true if some elements are deleted, false otherwise.
505  */
506 static bool tomoyo_collect_acl(struct list_head *list)
507 {
508         struct tomoyo_acl_info *acl;
509         list_for_each_entry(acl, list, list) {
510                 if (!acl->is_deleted)
511                         continue;
512                 if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list))
513                         return false;
514         }
515         return true;
516 }
517
518 /**
519  * tomoyo_collect_entry - Scan lists for deleted elements.
520  *
521  * Returns nothing.
522  */
523 static void tomoyo_collect_entry(void)
524 {
525         int i;
526         enum tomoyo_policy_id id;
527         struct tomoyo_policy_namespace *ns;
528         int idx;
529         if (mutex_lock_interruptible(&tomoyo_policy_lock))
530                 return;
531         idx = tomoyo_read_lock();
532         {
533                 struct tomoyo_domain_info *domain;
534                 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
535                         if (!tomoyo_collect_acl(&domain->acl_info_list))
536                                 goto unlock;
537                         if (!domain->is_deleted || atomic_read(&domain->users))
538                                 continue;
539                         /*
540                          * Nobody is referring this domain. But somebody may
541                          * refer this domain after successful execve().
542                          * We recheck domain->users after SRCU synchronization.
543                          */
544                         if (!tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, &domain->list))
545                                 goto unlock;
546                 }
547         }
548         list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) {
549                 for (id = 0; id < TOMOYO_MAX_POLICY; id++)
550                         if (!tomoyo_collect_member(id, &ns->policy_list[id]))
551                                 goto unlock;
552                 for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
553                         if (!tomoyo_collect_acl(&ns->acl_group[i]))
554                                 goto unlock;
555                 for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
556                         struct list_head *list = &ns->group_list[i];
557                         struct tomoyo_group *group;
558                         switch (i) {
559                         case 0:
560                                 id = TOMOYO_ID_PATH_GROUP;
561                                 break;
562                         case 1:
563                                 id = TOMOYO_ID_NUMBER_GROUP;
564                                 break;
565                         default:
566                                 id = TOMOYO_ID_ADDRESS_GROUP;
567                                 break;
568                         }
569                         list_for_each_entry(group, list, head.list) {
570                                 if (!tomoyo_collect_member
571                                     (id, &group->member_list))
572                                         goto unlock;
573                                 if (!list_empty(&group->member_list) ||
574                                     atomic_read(&group->head.users))
575                                         continue;
576                                 if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP,
577                                                       &group->head.list))
578                                         goto unlock;
579                         }
580                 }
581         }
582         id = TOMOYO_ID_CONDITION;
583         for (i = 0; i < TOMOYO_MAX_HASH + 1; i++) {
584                 struct list_head *list = !i ?
585                         &tomoyo_condition_list : &tomoyo_name_list[i - 1];
586                 struct tomoyo_shared_acl_head *ptr;
587                 list_for_each_entry(ptr, list, list) {
588                         if (atomic_read(&ptr->users))
589                                 continue;
590                         if (!tomoyo_add_to_gc(id, &ptr->list))
591                                 goto unlock;
592                 }
593                 id = TOMOYO_ID_NAME;
594         }
595 unlock:
596         tomoyo_read_unlock(idx);
597         mutex_unlock(&tomoyo_policy_lock);
598 }
599
600 /**
601  * tomoyo_kfree_entry - Delete entries in tomoyo_gc_list.
602  *
603  * Returns true if some entries were kfree()d, false otherwise.
604  */
605 static bool tomoyo_kfree_entry(void)
606 {
607         struct tomoyo_gc *p;
608         struct tomoyo_gc *tmp;
609         bool result = false;
610
611         list_for_each_entry_safe(p, tmp, &tomoyo_gc_list, list) {
612                 struct list_head *element = p->element;
613
614                 /*
615                  * list_del_rcu() in tomoyo_add_to_gc() guarantees that the
616                  * list element became no longer reachable from the list which
617                  * the element was originally on (e.g. tomoyo_domain_list).
618                  * Also, synchronize_srcu() in tomoyo_gc_thread() guarantees
619                  * that the list element became no longer referenced by syscall
620                  * users.
621                  *
622                  * However, there are three users which may still be using the
623                  * list element. We need to defer until all of these users
624                  * forget the list element.
625                  *
626                  * Firstly, defer until "struct tomoyo_io_buffer"->r.{domain,
627                  * group,acl} and "struct tomoyo_io_buffer"->w.domain forget
628                  * the list element.
629                  */
630                 if (tomoyo_struct_used_by_io_buffer(element))
631                         continue;
632                 /*
633                  * Secondly, defer until all other elements in the
634                  * tomoyo_gc_list list forget the list element.
635                  */
636                 if (tomoyo_element_linked_by_gc((const u8 *) element, p->size))
637                         continue;
638                 switch (p->type) {
639                 case TOMOYO_ID_TRANSITION_CONTROL:
640                         tomoyo_del_transition_control(element);
641                         break;
642                 case TOMOYO_ID_AGGREGATOR:
643                         tomoyo_del_aggregator(element);
644                         break;
645                 case TOMOYO_ID_MANAGER:
646                         tomoyo_del_manager(element);
647                         break;
648                 case TOMOYO_ID_CONDITION:
649                         tomoyo_del_condition(element);
650                         break;
651                 case TOMOYO_ID_NAME:
652                         /*
653                          * Thirdly, defer until all "struct tomoyo_io_buffer"
654                          * ->r.w[] forget the list element.
655                          */
656                         if (tomoyo_name_used_by_io_buffer(
657                             container_of(element, typeof(struct tomoyo_name),
658                                          head.list)->entry.name, p->size))
659                                 continue;
660                         tomoyo_del_name(element);
661                         break;
662                 case TOMOYO_ID_ACL:
663                         tomoyo_del_acl(element);
664                         break;
665                 case TOMOYO_ID_DOMAIN:
666                         if (!tomoyo_del_domain(element))
667                                 continue;
668                         break;
669                 case TOMOYO_ID_PATH_GROUP:
670                         tomoyo_del_path_group(element);
671                         break;
672                 case TOMOYO_ID_ADDRESS_GROUP:
673                         tomoyo_del_address_group(element);
674                         break;
675                 case TOMOYO_ID_GROUP:
676                         tomoyo_del_group(element);
677                         break;
678                 case TOMOYO_ID_NUMBER_GROUP:
679                         tomoyo_del_number_group(element);
680                         break;
681                 case TOMOYO_MAX_POLICY:
682                         break;
683                 }
684                 tomoyo_memory_free(element);
685                 list_del(&p->list);
686                 kfree(p);
687                 tomoyo_gc_list_len--;
688                 result = true;
689         }
690         return result;
691 }
692
693 /**
694  * tomoyo_gc_thread - Garbage collector thread function.
695  *
696  * @unused: Unused.
697  *
698  * In case OOM-killer choose this thread for termination, we create this thread
699  * as a short live thread whenever /sys/kernel/security/tomoyo/ interface was
700  * close()d.
701  *
702  * Returns 0.
703  */
704 static int tomoyo_gc_thread(void *unused)
705 {
706         /* Garbage collector thread is exclusive. */
707         static DEFINE_MUTEX(tomoyo_gc_mutex);
708         if (!mutex_trylock(&tomoyo_gc_mutex))
709                 goto out;
710
711         do {
712                 tomoyo_collect_entry();
713                 if (list_empty(&tomoyo_gc_list))
714                         break;
715                 synchronize_srcu(&tomoyo_ss);
716         } while (tomoyo_kfree_entry());
717         {
718                 struct tomoyo_io_buffer *head;
719                 struct tomoyo_io_buffer *tmp;
720
721                 spin_lock(&tomoyo_io_buffer_list_lock);
722                 list_for_each_entry_safe(head, tmp, &tomoyo_io_buffer_list,
723                                          list) {
724                         if (head->users)
725                                 continue;
726                         list_del(&head->list);
727                         kfree(head->read_buf);
728                         kfree(head->write_buf);
729                         kfree(head);
730                 }
731                 spin_unlock(&tomoyo_io_buffer_list_lock);
732         }
733         mutex_unlock(&tomoyo_gc_mutex);
734 out:
735         /* This acts as do_exit(0). */
736         return 0;
737 }
738
739 /**
740  * tomoyo_notify_gc - Register/unregister /sys/kernel/security/tomoyo/ users.
741  *
742  * @head:        Pointer to "struct tomoyo_io_buffer".
743  * @is_register: True if register, false if unregister.
744  *
745  * Returns nothing.
746  */
747 void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register)
748 {
749         bool is_write = false;
750
751         spin_lock(&tomoyo_io_buffer_list_lock);
752         if (is_register) {
753                 head->users = 1;
754                 list_add(&head->list, &tomoyo_io_buffer_list);
755         } else {
756                 is_write = head->write_buf != NULL;
757                 if (!--head->users) {
758                         list_del(&head->list);
759                         kfree(head->read_buf);
760                         kfree(head->write_buf);
761                         kfree(head);
762                 }
763         }
764         spin_unlock(&tomoyo_io_buffer_list_lock);
765         if (is_write) {
766                 struct task_struct *task = kthread_create(tomoyo_gc_thread,
767                                                           NULL,
768                                                           "GC for TOMOYO");
769                 if (!IS_ERR(task))
770                         wake_up_process(task);
771         }
772 }