2006-06-02 04:10:59 +08:00
|
|
|
/*
|
|
|
|
* fs/inotify_user.c - inotify support for userspace
|
|
|
|
*
|
|
|
|
* Authors:
|
|
|
|
* John McCutchan <ttb@tentacle.dhs.org>
|
|
|
|
* Robert Love <rml@novell.com>
|
|
|
|
*
|
|
|
|
* Copyright (C) 2005 John McCutchan
|
|
|
|
* Copyright 2006 Hewlett-Packard Development Company, L.P.
|
|
|
|
*
|
2009-05-22 05:02:01 +08:00
|
|
|
* Copyright (C) 2009 Eric Paris <Red Hat Inc>
|
|
|
|
* inotify was largely rewriten to make use of the fsnotify infrastructure
|
|
|
|
*
|
2006-06-02 04:10:59 +08:00
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2, or (at your option) any
|
|
|
|
* later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/file.h>
|
2009-05-22 05:02:01 +08:00
|
|
|
#include <linux/fs.h> /* struct inode */
|
|
|
|
#include <linux/fsnotify_backend.h>
|
|
|
|
#include <linux/idr.h>
|
2015-05-02 08:08:20 +08:00
|
|
|
#include <linux/init.h> /* fs_initcall */
|
2006-06-02 04:10:59 +08:00
|
|
|
#include <linux/inotify.h>
|
2009-05-22 05:02:01 +08:00
|
|
|
#include <linux/kernel.h> /* roundup() */
|
|
|
|
#include <linux/namei.h> /* LOOKUP_FOLLOW */
|
|
|
|
#include <linux/sched.h> /* struct user */
|
|
|
|
#include <linux/slab.h> /* struct kmem_cache */
|
2006-06-02 04:10:59 +08:00
|
|
|
#include <linux/syscalls.h>
|
2009-05-22 05:02:01 +08:00
|
|
|
#include <linux/types.h>
|
2010-02-11 15:24:46 +08:00
|
|
|
#include <linux/anon_inodes.h>
|
2009-05-22 05:02:01 +08:00
|
|
|
#include <linux/uaccess.h>
|
|
|
|
#include <linux/poll.h>
|
|
|
|
#include <linux/wait.h>
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
#include "inotify.h"
|
2012-12-18 08:05:12 +08:00
|
|
|
#include "../fdinfo.h"
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
#include <asm/ioctls.h>
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
/* these are configurable via /proc/sys/fs/inotify/ */
|
2008-02-15 11:31:21 +08:00
|
|
|
static int inotify_max_user_instances __read_mostly;
|
|
|
|
static int inotify_max_queued_events __read_mostly;
|
2010-05-15 04:35:21 +08:00
|
|
|
static int inotify_max_user_watches __read_mostly;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
static struct kmem_cache *inotify_inode_mark_cachep __read_mostly;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
|
|
|
|
#include <linux/sysctl.h>
|
|
|
|
|
|
|
|
static int zero;
|
|
|
|
|
2014-06-07 05:38:04 +08:00
|
|
|
struct ctl_table inotify_table[] = {
|
2006-06-02 04:10:59 +08:00
|
|
|
{
|
|
|
|
.procname = "max_user_instances",
|
|
|
|
.data = &inotify_max_user_instances,
|
|
|
|
.maxlen = sizeof(int),
|
|
|
|
.mode = 0644,
|
2009-11-16 19:11:48 +08:00
|
|
|
.proc_handler = proc_dointvec_minmax,
|
2006-06-02 04:10:59 +08:00
|
|
|
.extra1 = &zero,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.procname = "max_user_watches",
|
|
|
|
.data = &inotify_max_user_watches,
|
|
|
|
.maxlen = sizeof(int),
|
|
|
|
.mode = 0644,
|
2009-11-16 19:11:48 +08:00
|
|
|
.proc_handler = proc_dointvec_minmax,
|
2006-06-02 04:10:59 +08:00
|
|
|
.extra1 = &zero,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.procname = "max_queued_events",
|
|
|
|
.data = &inotify_max_queued_events,
|
|
|
|
.maxlen = sizeof(int),
|
|
|
|
.mode = 0644,
|
2009-11-16 19:11:48 +08:00
|
|
|
.proc_handler = proc_dointvec_minmax,
|
2006-06-02 04:10:59 +08:00
|
|
|
.extra1 = &zero
|
|
|
|
},
|
2009-11-06 06:25:10 +08:00
|
|
|
{ }
|
2006-06-02 04:10:59 +08:00
|
|
|
};
|
|
|
|
#endif /* CONFIG_SYSCTL */
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
static inline __u32 inotify_arg_to_mask(u32 arg)
|
2008-02-06 17:36:09 +08:00
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
__u32 mask;
|
2008-02-06 17:36:09 +08:00
|
|
|
|
2010-07-28 22:18:37 +08:00
|
|
|
/*
|
|
|
|
* everything should accept their own ignored, cares about children,
|
|
|
|
* and should receive events when the inode is unmounted
|
|
|
|
*/
|
|
|
|
mask = (FS_IN_IGNORED | FS_EVENT_ON_CHILD | FS_UNMOUNT);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* mask off the flags used to open the fd */
|
2010-07-28 22:18:37 +08:00
|
|
|
mask |= (arg & (IN_ALL_EVENTS | IN_ONESHOT | IN_EXCL_UNLINK));
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
return mask;
|
2006-06-02 04:10:59 +08:00
|
|
|
}
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
static inline u32 inotify_mask_to_arg(__u32 mask)
|
2006-06-02 04:10:59 +08:00
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
return mask & (IN_ALL_EVENTS | IN_ISDIR | IN_UNMOUNT | IN_IGNORED |
|
|
|
|
IN_Q_OVERFLOW);
|
2006-06-02 04:10:59 +08:00
|
|
|
}
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* intofiy userspace file descriptor functions */
|
2006-06-02 04:10:59 +08:00
|
|
|
static unsigned int inotify_poll(struct file *file, poll_table *wait)
|
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group = file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
int ret = 0;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
poll_wait(file, &group->notification_waitq, wait);
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_lock(&group->notification_lock);
|
2009-05-22 05:02:01 +08:00
|
|
|
if (!fsnotify_notify_queue_is_empty(group))
|
2006-06-02 04:10:59 +08:00
|
|
|
ret = POLLIN | POLLRDNORM;
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_unlock(&group->notification_lock);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2014-01-22 07:48:14 +08:00
|
|
|
static int round_event_name_len(struct fsnotify_event *fsn_event)
|
2014-01-22 07:48:13 +08:00
|
|
|
{
|
2014-01-22 07:48:14 +08:00
|
|
|
struct inotify_event_info *event;
|
|
|
|
|
|
|
|
event = INOTIFY_E(fsn_event);
|
2014-01-22 07:48:13 +08:00
|
|
|
if (!event->name_len)
|
|
|
|
return 0;
|
|
|
|
return roundup(event->name_len + 1, sizeof(struct inotify_event));
|
|
|
|
}
|
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
/*
|
|
|
|
* Get an inotify_kernel_event if one exists and is small
|
|
|
|
* enough to fit in "count". Return an error pointer if
|
|
|
|
* not large enough.
|
|
|
|
*
|
2016-10-08 07:56:52 +08:00
|
|
|
* Called with the group->notification_lock held.
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
*/
|
2009-05-22 05:02:01 +08:00
|
|
|
static struct fsnotify_event *get_one_event(struct fsnotify_group *group,
|
|
|
|
size_t count)
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
{
|
|
|
|
size_t event_size = sizeof(struct inotify_event);
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_event *event;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
if (fsnotify_notify_queue_is_empty(group))
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
return NULL;
|
|
|
|
|
2014-08-07 07:03:26 +08:00
|
|
|
event = fsnotify_peek_first_event(group);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2010-07-28 22:18:37 +08:00
|
|
|
pr_debug("%s: group=%p event=%p\n", __func__, group, event);
|
|
|
|
|
2014-01-22 07:48:13 +08:00
|
|
|
event_size += round_event_name_len(event);
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (event_size > count)
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
|
2016-10-08 07:56:52 +08:00
|
|
|
/* held the notification_lock the whole time, so this is the
|
2009-05-22 05:02:01 +08:00
|
|
|
* same event we peeked above */
|
2014-08-07 07:03:26 +08:00
|
|
|
fsnotify_remove_first_event(group);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
|
|
|
return event;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copy an event to user space, returning how much we copied.
|
|
|
|
*
|
|
|
|
* We already checked that the event size is smaller than the
|
|
|
|
* buffer we had in "get_one_event()" above.
|
|
|
|
*/
|
2009-05-22 05:02:01 +08:00
|
|
|
static ssize_t copy_event_to_user(struct fsnotify_group *group,
|
2014-01-22 07:48:14 +08:00
|
|
|
struct fsnotify_event *fsn_event,
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
char __user *buf)
|
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct inotify_event inotify_event;
|
2014-01-22 07:48:14 +08:00
|
|
|
struct inotify_event_info *event;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
size_t event_size = sizeof(struct inotify_event);
|
2014-01-22 07:48:13 +08:00
|
|
|
size_t name_len;
|
|
|
|
size_t pad_name_len;
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2014-01-22 07:48:14 +08:00
|
|
|
pr_debug("%s: group=%p event=%p\n", __func__, group, fsn_event);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2014-01-22 07:48:14 +08:00
|
|
|
event = INOTIFY_E(fsn_event);
|
2014-01-22 07:48:13 +08:00
|
|
|
name_len = event->name_len;
|
2009-08-28 22:00:05 +08:00
|
|
|
/*
|
2014-01-22 07:48:13 +08:00
|
|
|
* round up name length so it is a multiple of event_size
|
2009-08-27 18:20:04 +08:00
|
|
|
* plus an extra byte for the terminating '\0'.
|
|
|
|
*/
|
2014-01-22 07:48:14 +08:00
|
|
|
pad_name_len = round_event_name_len(fsn_event);
|
2014-01-22 07:48:13 +08:00
|
|
|
inotify_event.len = pad_name_len;
|
2014-01-22 07:48:14 +08:00
|
|
|
inotify_event.mask = inotify_mask_to_arg(fsn_event->mask);
|
|
|
|
inotify_event.wd = event->wd;
|
2009-05-22 05:02:01 +08:00
|
|
|
inotify_event.cookie = event->sync_cookie;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* send the main event */
|
|
|
|
if (copy_to_user(buf, &inotify_event, event_size))
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
return -EFAULT;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
buf += event_size;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/*
|
|
|
|
* fsnotify only stores the pathname, so here we have to send the pathname
|
|
|
|
* and then pad that pathname out to a multiple of sizeof(inotify_event)
|
2014-01-22 07:48:13 +08:00
|
|
|
* with zeros.
|
2009-05-22 05:02:01 +08:00
|
|
|
*/
|
2014-01-22 07:48:13 +08:00
|
|
|
if (pad_name_len) {
|
2009-05-22 05:02:01 +08:00
|
|
|
/* copy the path name */
|
2014-01-22 07:48:14 +08:00
|
|
|
if (copy_to_user(buf, event->name, name_len))
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
return -EFAULT;
|
2014-01-22 07:48:13 +08:00
|
|
|
buf += name_len;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
|
2009-08-27 18:20:04 +08:00
|
|
|
/* fill userspace with 0's */
|
2014-01-22 07:48:13 +08:00
|
|
|
if (clear_user(buf, pad_name_len - name_len))
|
2009-05-22 05:02:01 +08:00
|
|
|
return -EFAULT;
|
2014-01-22 07:48:13 +08:00
|
|
|
event_size += pad_name_len;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
}
|
2009-05-22 05:02:01 +08:00
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
return event_size;
|
|
|
|
}
|
|
|
|
|
2006-06-02 04:10:59 +08:00
|
|
|
static ssize_t inotify_read(struct file *file, char __user *buf,
|
|
|
|
size_t count, loff_t *pos)
|
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group;
|
|
|
|
struct fsnotify_event *kevent;
|
2006-06-02 04:10:59 +08:00
|
|
|
char __user *start;
|
|
|
|
int ret;
|
2014-09-24 16:18:50 +08:00
|
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
start = buf;
|
2009-05-22 05:02:01 +08:00
|
|
|
group = file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2014-09-24 16:18:50 +08:00
|
|
|
add_wait_queue(&group->notification_waitq, &wait);
|
2006-06-02 04:10:59 +08:00
|
|
|
while (1) {
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_lock(&group->notification_lock);
|
2009-05-22 05:02:01 +08:00
|
|
|
kevent = get_one_event(group, count);
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_unlock(&group->notification_lock);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2010-07-28 22:18:37 +08:00
|
|
|
pr_debug("%s: group=%p kevent=%p\n", __func__, group, kevent);
|
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (kevent) {
|
|
|
|
ret = PTR_ERR(kevent);
|
|
|
|
if (IS_ERR(kevent))
|
|
|
|
break;
|
2009-05-22 05:02:01 +08:00
|
|
|
ret = copy_event_to_user(group, kevent, buf);
|
2014-01-22 07:48:14 +08:00
|
|
|
fsnotify_destroy_event(group, kevent);
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (ret < 0)
|
|
|
|
break;
|
|
|
|
buf += ret;
|
|
|
|
count -= ret;
|
|
|
|
continue;
|
2006-06-02 04:10:59 +08:00
|
|
|
}
|
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
ret = -EAGAIN;
|
|
|
|
if (file->f_flags & O_NONBLOCK)
|
2006-06-02 04:10:59 +08:00
|
|
|
break;
|
2012-03-27 01:07:59 +08:00
|
|
|
ret = -ERESTARTSYS;
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (signal_pending(current))
|
2006-06-02 04:10:59 +08:00
|
|
|
break;
|
2008-10-03 05:50:12 +08:00
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (start != buf)
|
2006-06-02 04:10:59 +08:00
|
|
|
break;
|
2008-10-03 05:50:12 +08:00
|
|
|
|
2014-09-24 16:18:50 +08:00
|
|
|
wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
|
2006-06-02 04:10:59 +08:00
|
|
|
}
|
2014-09-24 16:18:50 +08:00
|
|
|
remove_wait_queue(&group->notification_waitq, &wait);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-22 22:29:45 +08:00
|
|
|
if (start != buf && ret != -EFAULT)
|
|
|
|
ret = buf - start;
|
2006-06-02 04:10:59 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int inotify_release(struct inode *ignored, struct file *file)
|
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group = file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2010-07-28 22:18:37 +08:00
|
|
|
pr_debug("%s: group=%p\n", __func__, group);
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* free this group, matching get was inotify_init->fsnotify_obtain_group */
|
2011-06-14 23:29:45 +08:00
|
|
|
fsnotify_destroy_group(group);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static long inotify_ioctl(struct file *file, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group;
|
2014-01-22 07:48:14 +08:00
|
|
|
struct fsnotify_event *fsn_event;
|
2006-06-02 04:10:59 +08:00
|
|
|
void __user *p;
|
|
|
|
int ret = -ENOTTY;
|
2009-05-22 05:02:01 +08:00
|
|
|
size_t send_len = 0;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
group = file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
p = (void __user *) arg;
|
|
|
|
|
2010-07-28 22:18:37 +08:00
|
|
|
pr_debug("%s: group=%p cmd=%u\n", __func__, group, cmd);
|
|
|
|
|
2006-06-02 04:10:59 +08:00
|
|
|
switch (cmd) {
|
|
|
|
case FIONREAD:
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_lock(&group->notification_lock);
|
2014-01-22 07:48:14 +08:00
|
|
|
list_for_each_entry(fsn_event, &group->notification_list,
|
|
|
|
list) {
|
2009-05-22 05:02:01 +08:00
|
|
|
send_len += sizeof(struct inotify_event);
|
2014-01-22 07:48:14 +08:00
|
|
|
send_len += round_event_name_len(fsn_event);
|
2009-05-22 05:02:01 +08:00
|
|
|
}
|
2016-10-08 07:56:52 +08:00
|
|
|
spin_unlock(&group->notification_lock);
|
2009-05-22 05:02:01 +08:00
|
|
|
ret = put_user(send_len, (int __user *) p);
|
2006-06-02 04:10:59 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const struct file_operations inotify_fops = {
|
2012-12-18 08:05:12 +08:00
|
|
|
.show_fdinfo = inotify_show_fdinfo,
|
2009-05-22 05:02:01 +08:00
|
|
|
.poll = inotify_poll,
|
|
|
|
.read = inotify_read,
|
2011-10-15 05:43:39 +08:00
|
|
|
.fasync = fsnotify_fasync,
|
2009-05-22 05:02:01 +08:00
|
|
|
.release = inotify_release,
|
|
|
|
.unlocked_ioctl = inotify_ioctl,
|
2006-06-02 04:10:59 +08:00
|
|
|
.compat_ioctl = inotify_ioctl,
|
llseek: automatically add .llseek fop
All file_operations should get a .llseek operation so we can make
nonseekable_open the default for future file operations without a
.llseek pointer.
The three cases that we can automatically detect are no_llseek, seq_lseek
and default_llseek. For cases where we can we can automatically prove that
the file offset is always ignored, we use noop_llseek, which maintains
the current behavior of not returning an error from a seek.
New drivers should normally not use noop_llseek but instead use no_llseek
and call nonseekable_open at open time. Existing drivers can be converted
to do the same when the maintainer knows for certain that no user code
relies on calling seek on the device file.
The generated code is often incorrectly indented and right now contains
comments that clarify for each added line why a specific variant was
chosen. In the version that gets submitted upstream, the comments will
be gone and I will manually fix the indentation, because there does not
seem to be a way to do that using coccinelle.
Some amount of new code is currently sitting in linux-next that should get
the same modifications, which I will do at the end of the merge window.
Many thanks to Julia Lawall for helping me learn to write a semantic
patch that does all this.
===== begin semantic patch =====
// This adds an llseek= method to all file operations,
// as a preparation for making no_llseek the default.
//
// The rules are
// - use no_llseek explicitly if we do nonseekable_open
// - use seq_lseek for sequential files
// - use default_llseek if we know we access f_pos
// - use noop_llseek if we know we don't access f_pos,
// but we still want to allow users to call lseek
//
@ open1 exists @
identifier nested_open;
@@
nested_open(...)
{
<+...
nonseekable_open(...)
...+>
}
@ open exists@
identifier open_f;
identifier i, f;
identifier open1.nested_open;
@@
int open_f(struct inode *i, struct file *f)
{
<+...
(
nonseekable_open(...)
|
nested_open(...)
)
...+>
}
@ read disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
<+...
(
*off = E
|
*off += E
|
func(..., off, ...)
|
E = *off
)
...+>
}
@ read_no_fpos disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
... when != off
}
@ write @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
<+...
(
*off = E
|
*off += E
|
func(..., off, ...)
|
E = *off
)
...+>
}
@ write_no_fpos @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
... when != off
}
@ fops0 @
identifier fops;
@@
struct file_operations fops = {
...
};
@ has_llseek depends on fops0 @
identifier fops0.fops;
identifier llseek_f;
@@
struct file_operations fops = {
...
.llseek = llseek_f,
...
};
@ has_read depends on fops0 @
identifier fops0.fops;
identifier read_f;
@@
struct file_operations fops = {
...
.read = read_f,
...
};
@ has_write depends on fops0 @
identifier fops0.fops;
identifier write_f;
@@
struct file_operations fops = {
...
.write = write_f,
...
};
@ has_open depends on fops0 @
identifier fops0.fops;
identifier open_f;
@@
struct file_operations fops = {
...
.open = open_f,
...
};
// use no_llseek if we call nonseekable_open
////////////////////////////////////////////
@ nonseekable1 depends on !has_llseek && has_open @
identifier fops0.fops;
identifier nso ~= "nonseekable_open";
@@
struct file_operations fops = {
... .open = nso, ...
+.llseek = no_llseek, /* nonseekable */
};
@ nonseekable2 depends on !has_llseek @
identifier fops0.fops;
identifier open.open_f;
@@
struct file_operations fops = {
... .open = open_f, ...
+.llseek = no_llseek, /* open uses nonseekable */
};
// use seq_lseek for sequential files
/////////////////////////////////////
@ seq depends on !has_llseek @
identifier fops0.fops;
identifier sr ~= "seq_read";
@@
struct file_operations fops = {
... .read = sr, ...
+.llseek = seq_lseek, /* we have seq_read */
};
// use default_llseek if there is a readdir
///////////////////////////////////////////
@ fops1 depends on !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier readdir_e;
@@
// any other fop is used that changes pos
struct file_operations fops = {
... .readdir = readdir_e, ...
+.llseek = default_llseek, /* readdir is present */
};
// use default_llseek if at least one of read/write touches f_pos
/////////////////////////////////////////////////////////////////
@ fops2 depends on !fops1 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read.read_f;
@@
// read fops use offset
struct file_operations fops = {
... .read = read_f, ...
+.llseek = default_llseek, /* read accesses f_pos */
};
@ fops3 depends on !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write.write_f;
@@
// write fops use offset
struct file_operations fops = {
... .write = write_f, ...
+ .llseek = default_llseek, /* write accesses f_pos */
};
// Use noop_llseek if neither read nor write accesses f_pos
///////////////////////////////////////////////////////////
@ fops4 depends on !fops1 && !fops2 && !fops3 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
identifier write_no_fpos.write_f;
@@
// write fops use offset
struct file_operations fops = {
...
.write = write_f,
.read = read_f,
...
+.llseek = noop_llseek, /* read and write both use no f_pos */
};
@ depends on has_write && !has_read && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write_no_fpos.write_f;
@@
struct file_operations fops = {
... .write = write_f, ...
+.llseek = noop_llseek, /* write uses no f_pos */
};
@ depends on has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
@@
struct file_operations fops = {
... .read = read_f, ...
+.llseek = noop_llseek, /* read uses no f_pos */
};
@ depends on !has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
@@
struct file_operations fops = {
...
+.llseek = noop_llseek, /* no read or write fn */
};
===== End semantic patch =====
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Julia Lawall <julia@diku.dk>
Cc: Christoph Hellwig <hch@infradead.org>
2010-08-16 00:52:59 +08:00
|
|
|
.llseek = noop_llseek,
|
2006-06-02 04:10:59 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/*
|
|
|
|
* find_inode - resolve a user-given path to a specific inode
|
|
|
|
*/
|
|
|
|
static int inotify_find_inode(const char __user *dirname, struct path *path, unsigned flags)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = user_path_at(AT_FDCWD, dirname, flags, path);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
/* you can only watch an inode if you have read permissions on it */
|
|
|
|
error = inode_permission(path->dentry->d_inode, MAY_READ);
|
|
|
|
if (error)
|
|
|
|
path_put(path);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
static int inotify_add_to_idr(struct idr *idr, spinlock_t *idr_lock,
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark)
|
2009-12-18 09:12:04 +08:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
2013-02-28 09:04:50 +08:00
|
|
|
idr_preload(GFP_KERNEL);
|
|
|
|
spin_lock(idr_lock);
|
2009-12-18 09:12:04 +08:00
|
|
|
|
2013-04-30 07:21:21 +08:00
|
|
|
ret = idr_alloc_cyclic(idr, i_mark, 1, 0, GFP_NOWAIT);
|
2013-02-28 09:04:50 +08:00
|
|
|
if (ret >= 0) {
|
2009-12-18 09:12:04 +08:00
|
|
|
/* we added the mark to the idr, take a reference */
|
2013-02-28 09:04:50 +08:00
|
|
|
i_mark->wd = ret;
|
|
|
|
fsnotify_get_mark(&i_mark->fsn_mark);
|
|
|
|
}
|
2009-12-18 09:12:04 +08:00
|
|
|
|
2013-02-28 09:04:50 +08:00
|
|
|
spin_unlock(idr_lock);
|
|
|
|
idr_preload_end();
|
|
|
|
return ret < 0 ? ret : 0;
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
static struct inotify_inode_mark *inotify_idr_find_locked(struct fsnotify_group *group,
|
2009-12-18 09:12:04 +08:00
|
|
|
int wd)
|
|
|
|
{
|
|
|
|
struct idr *idr = &group->inotify_data.idr;
|
|
|
|
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark;
|
2009-12-18 09:12:04 +08:00
|
|
|
|
|
|
|
assert_spin_locked(idr_lock);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
i_mark = idr_find(idr, wd);
|
|
|
|
if (i_mark) {
|
|
|
|
struct fsnotify_mark *fsn_mark = &i_mark->fsn_mark;
|
2009-12-18 09:12:04 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
fsnotify_get_mark(fsn_mark);
|
2009-12-18 09:12:04 +08:00
|
|
|
/* One ref for being in the idr, one ref we just took */
|
2009-12-18 10:24:24 +08:00
|
|
|
BUG_ON(atomic_read(&fsn_mark->refcnt) < 2);
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
return i_mark;
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
static struct inotify_inode_mark *inotify_idr_find(struct fsnotify_group *group,
|
2009-12-18 09:12:04 +08:00
|
|
|
int wd)
|
|
|
|
{
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark;
|
2009-12-18 09:12:04 +08:00
|
|
|
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
|
|
|
|
|
|
|
|
spin_lock(idr_lock);
|
2009-12-18 10:24:24 +08:00
|
|
|
i_mark = inotify_idr_find_locked(group, wd);
|
2009-12-18 09:12:04 +08:00
|
|
|
spin_unlock(idr_lock);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
return i_mark;
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void do_inotify_remove_from_idr(struct fsnotify_group *group,
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark)
|
2009-12-18 09:12:04 +08:00
|
|
|
{
|
|
|
|
struct idr *idr = &group->inotify_data.idr;
|
|
|
|
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
|
2009-12-18 10:24:24 +08:00
|
|
|
int wd = i_mark->wd;
|
2009-12-18 09:12:04 +08:00
|
|
|
|
|
|
|
assert_spin_locked(idr_lock);
|
|
|
|
|
|
|
|
idr_remove(idr, wd);
|
|
|
|
|
|
|
|
/* removed from the idr, drop that ref */
|
2009-12-18 10:24:24 +08:00
|
|
|
fsnotify_put_mark(&i_mark->fsn_mark);
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
|
|
|
|
2009-08-25 04:03:35 +08:00
|
|
|
/*
|
|
|
|
* Remove the mark from the idr (if present) and drop the reference
|
|
|
|
* on the mark because it was in the idr.
|
|
|
|
*/
|
2009-07-07 22:28:24 +08:00
|
|
|
static void inotify_remove_from_idr(struct fsnotify_group *group,
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark)
|
2009-07-07 22:28:24 +08:00
|
|
|
{
|
2009-12-18 09:12:04 +08:00
|
|
|
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *found_i_mark = NULL;
|
2009-08-25 04:03:35 +08:00
|
|
|
int wd;
|
2009-07-07 22:28:24 +08:00
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
spin_lock(idr_lock);
|
2009-12-18 10:24:24 +08:00
|
|
|
wd = i_mark->wd;
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
/*
|
2009-12-18 10:24:24 +08:00
|
|
|
* does this i_mark think it is in the idr? we shouldn't get called
|
2009-12-18 09:12:04 +08:00
|
|
|
* if it wasn't....
|
|
|
|
*/
|
|
|
|
if (wd == -1) {
|
2009-12-18 10:24:24 +08:00
|
|
|
WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p"
|
|
|
|
" i_mark->inode=%p\n", __func__, i_mark, i_mark->wd,
|
2014-12-13 08:58:36 +08:00
|
|
|
i_mark->fsn_mark.group, i_mark->fsn_mark.inode);
|
2009-08-25 04:03:35 +08:00
|
|
|
goto out;
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
/* Lets look in the idr to see if we find it */
|
2009-12-18 10:24:24 +08:00
|
|
|
found_i_mark = inotify_idr_find_locked(group, wd);
|
|
|
|
if (unlikely(!found_i_mark)) {
|
|
|
|
WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p"
|
|
|
|
" i_mark->inode=%p\n", __func__, i_mark, i_mark->wd,
|
2014-12-13 08:58:36 +08:00
|
|
|
i_mark->fsn_mark.group, i_mark->fsn_mark.inode);
|
2009-08-25 04:03:35 +08:00
|
|
|
goto out;
|
2009-12-18 09:12:04 +08:00
|
|
|
}
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
/*
|
2009-12-18 10:24:24 +08:00
|
|
|
* We found an mark in the idr at the right wd, but it's
|
|
|
|
* not the mark we were told to remove. eparis seriously
|
2009-12-18 09:12:04 +08:00
|
|
|
* fucked up somewhere.
|
|
|
|
*/
|
2009-12-18 10:24:24 +08:00
|
|
|
if (unlikely(found_i_mark != i_mark)) {
|
|
|
|
WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p "
|
|
|
|
"mark->inode=%p found_i_mark=%p found_i_mark->wd=%d "
|
|
|
|
"found_i_mark->group=%p found_i_mark->inode=%p\n",
|
|
|
|
__func__, i_mark, i_mark->wd, i_mark->fsn_mark.group,
|
2014-12-13 08:58:36 +08:00
|
|
|
i_mark->fsn_mark.inode, found_i_mark, found_i_mark->wd,
|
2009-12-18 10:24:24 +08:00
|
|
|
found_i_mark->fsn_mark.group,
|
2014-12-13 08:58:36 +08:00
|
|
|
found_i_mark->fsn_mark.inode);
|
2009-08-25 04:03:35 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
/*
|
|
|
|
* One ref for being in the idr
|
|
|
|
* one ref held by the caller trying to kill us
|
|
|
|
* one ref grabbed by inotify_idr_find
|
|
|
|
*/
|
2009-12-18 10:24:24 +08:00
|
|
|
if (unlikely(atomic_read(&i_mark->fsn_mark.refcnt) < 3)) {
|
|
|
|
printk(KERN_ERR "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p"
|
|
|
|
" i_mark->inode=%p\n", __func__, i_mark, i_mark->wd,
|
2014-12-13 08:58:36 +08:00
|
|
|
i_mark->fsn_mark.group, i_mark->fsn_mark.inode);
|
2009-12-18 09:12:04 +08:00
|
|
|
/* we can't really recover with bad ref cnting.. */
|
|
|
|
BUG();
|
|
|
|
}
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
do_inotify_remove_from_idr(group, i_mark);
|
2009-08-25 04:03:35 +08:00
|
|
|
out:
|
2009-12-18 09:12:04 +08:00
|
|
|
/* match the ref taken by inotify_idr_find_locked() */
|
2009-12-18 10:24:24 +08:00
|
|
|
if (found_i_mark)
|
|
|
|
fsnotify_put_mark(&found_i_mark->fsn_mark);
|
|
|
|
i_mark->wd = -1;
|
2009-12-18 09:12:04 +08:00
|
|
|
spin_unlock(idr_lock);
|
2009-07-07 22:28:24 +08:00
|
|
|
}
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/*
|
2009-08-25 04:03:35 +08:00
|
|
|
* Send IN_IGNORED for this wd, remove this wd from the idr.
|
2009-05-22 05:02:01 +08:00
|
|
|
*/
|
2009-12-18 10:24:24 +08:00
|
|
|
void inotify_ignored_and_remove_idr(struct fsnotify_mark *fsn_mark,
|
2009-06-13 04:04:26 +08:00
|
|
|
struct fsnotify_group *group)
|
2009-05-22 05:02:01 +08:00
|
|
|
{
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark;
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2014-01-22 07:48:14 +08:00
|
|
|
/* Queue ignore event for the watch */
|
|
|
|
inotify_handle_event(group, NULL, fsn_mark, NULL, FS_IN_IGNORED,
|
2014-02-17 20:09:50 +08:00
|
|
|
NULL, FSNOTIFY_EVENT_NONE, NULL, 0);
|
2009-07-16 03:49:52 +08:00
|
|
|
|
2014-01-22 07:48:14 +08:00
|
|
|
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
2009-12-18 10:24:24 +08:00
|
|
|
/* remove this mark from the idr */
|
|
|
|
inotify_remove_from_idr(group, i_mark);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2009-07-07 22:28:23 +08:00
|
|
|
atomic_dec(&group->inotify_data.user->inotify_watches);
|
2009-05-22 05:02:01 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ding dong the mark is dead */
|
2009-12-18 10:24:24 +08:00
|
|
|
static void inotify_free_mark(struct fsnotify_mark *fsn_mark)
|
2009-05-22 05:02:01 +08:00
|
|
|
{
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark;
|
2009-12-18 09:12:06 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
kmem_cache_free(inotify_inode_mark_cachep, i_mark);
|
2009-05-22 05:02:01 +08:00
|
|
|
}
|
|
|
|
|
2009-08-25 04:03:35 +08:00
|
|
|
static int inotify_update_existing_watch(struct fsnotify_group *group,
|
|
|
|
struct inode *inode,
|
|
|
|
u32 arg)
|
2009-05-22 05:02:01 +08:00
|
|
|
{
|
2009-12-18 10:24:24 +08:00
|
|
|
struct fsnotify_mark *fsn_mark;
|
|
|
|
struct inotify_inode_mark *i_mark;
|
2009-05-22 05:02:01 +08:00
|
|
|
__u32 old_mask, new_mask;
|
2009-08-25 04:03:35 +08:00
|
|
|
__u32 mask;
|
|
|
|
int add = (arg & IN_MASK_ADD);
|
|
|
|
int ret;
|
2009-05-22 05:02:01 +08:00
|
|
|
|
|
|
|
mask = inotify_arg_to_mask(arg);
|
|
|
|
|
2009-12-18 10:24:27 +08:00
|
|
|
fsn_mark = fsnotify_find_inode_mark(group, inode);
|
2009-12-18 10:24:24 +08:00
|
|
|
if (!fsn_mark)
|
2009-08-25 04:03:35 +08:00
|
|
|
return -ENOENT;
|
2009-07-07 22:28:24 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
2009-07-07 22:28:23 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
spin_lock(&fsn_mark->lock);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
old_mask = fsn_mark->mask;
|
2009-12-18 10:24:33 +08:00
|
|
|
if (add)
|
|
|
|
fsnotify_set_mark_mask_locked(fsn_mark, (fsn_mark->mask | mask));
|
|
|
|
else
|
|
|
|
fsnotify_set_mark_mask_locked(fsn_mark, mask);
|
|
|
|
new_mask = fsn_mark->mask;
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
spin_unlock(&fsn_mark->lock);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
|
|
|
if (old_mask != new_mask) {
|
|
|
|
/* more bits in old than in new? */
|
|
|
|
int dropped = (old_mask & ~new_mask);
|
2009-12-18 10:24:24 +08:00
|
|
|
/* more bits in this fsn_mark than the inode's mask? */
|
2009-05-22 05:02:01 +08:00
|
|
|
int do_inode = (new_mask & ~inode->i_fsnotify_mask);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
/* update the inode with this new fsn_mark */
|
2009-05-22 05:02:01 +08:00
|
|
|
if (dropped || do_inode)
|
|
|
|
fsnotify_recalc_inode_mask(inode);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2009-08-25 04:03:35 +08:00
|
|
|
/* return the wd */
|
2009-12-18 10:24:24 +08:00
|
|
|
ret = i_mark->wd;
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
/* match the get from fsnotify_find_mark() */
|
2009-12-18 10:24:24 +08:00
|
|
|
fsnotify_put_mark(fsn_mark);
|
2009-07-07 22:28:23 +08:00
|
|
|
|
2009-08-25 04:03:35 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int inotify_new_watch(struct fsnotify_group *group,
|
|
|
|
struct inode *inode,
|
|
|
|
u32 arg)
|
|
|
|
{
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *tmp_i_mark;
|
2009-08-25 04:03:35 +08:00
|
|
|
__u32 mask;
|
|
|
|
int ret;
|
2009-12-18 09:12:04 +08:00
|
|
|
struct idr *idr = &group->inotify_data.idr;
|
|
|
|
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
|
2009-08-25 04:03:35 +08:00
|
|
|
|
|
|
|
mask = inotify_arg_to_mask(arg);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL);
|
|
|
|
if (unlikely(!tmp_i_mark))
|
2009-08-25 04:03:35 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
fsnotify_init_mark(&tmp_i_mark->fsn_mark, inotify_free_mark);
|
|
|
|
tmp_i_mark->fsn_mark.mask = mask;
|
|
|
|
tmp_i_mark->wd = -1;
|
2009-08-25 04:03:35 +08:00
|
|
|
|
|
|
|
ret = -ENOSPC;
|
|
|
|
if (atomic_read(&group->inotify_data.user->inotify_watches) >= inotify_max_user_watches)
|
|
|
|
goto out_err;
|
2010-05-12 05:17:40 +08:00
|
|
|
|
2013-04-30 07:21:21 +08:00
|
|
|
ret = inotify_add_to_idr(idr, idr_lock, tmp_i_mark);
|
2009-12-18 09:12:04 +08:00
|
|
|
if (ret)
|
2009-08-25 04:03:35 +08:00
|
|
|
goto out_err;
|
|
|
|
|
|
|
|
/* we are on the idr, now get on the inode */
|
2013-07-09 06:59:45 +08:00
|
|
|
ret = fsnotify_add_mark_locked(&tmp_i_mark->fsn_mark, group, inode,
|
|
|
|
NULL, 0);
|
2009-08-25 04:03:35 +08:00
|
|
|
if (ret) {
|
|
|
|
/* we failed to get on the inode, get off the idr */
|
2009-12-18 10:24:24 +08:00
|
|
|
inotify_remove_from_idr(group, tmp_i_mark);
|
2009-08-25 04:03:35 +08:00
|
|
|
goto out_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* increment the number of watches the user has */
|
|
|
|
atomic_inc(&group->inotify_data.user->inotify_watches);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
/* return the watch descriptor for this new mark */
|
|
|
|
ret = tmp_i_mark->wd;
|
2009-08-25 04:03:35 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
out_err:
|
2009-12-18 10:24:24 +08:00
|
|
|
/* match the ref from fsnotify_init_mark() */
|
|
|
|
fsnotify_put_mark(&tmp_i_mark->fsn_mark);
|
2009-08-25 04:03:35 +08:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int inotify_update_watch(struct fsnotify_group *group, struct inode *inode, u32 arg)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
|
2013-07-09 06:59:45 +08:00
|
|
|
mutex_lock(&group->mark_mutex);
|
2009-08-25 04:03:35 +08:00
|
|
|
/* try to update and existing watch with the new arg */
|
|
|
|
ret = inotify_update_existing_watch(group, inode, arg);
|
|
|
|
/* no mark present, try to add a new one */
|
|
|
|
if (ret == -ENOENT)
|
|
|
|
ret = inotify_new_watch(group, inode, arg);
|
2013-07-09 06:59:45 +08:00
|
|
|
mutex_unlock(&group->mark_mutex);
|
2009-07-07 22:28:24 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2011-04-06 05:20:50 +08:00
|
|
|
static struct fsnotify_group *inotify_new_group(unsigned int max_events)
|
2009-05-22 05:02:01 +08:00
|
|
|
{
|
|
|
|
struct fsnotify_group *group;
|
2014-02-22 02:14:11 +08:00
|
|
|
struct inotify_event_info *oevent;
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2009-12-18 10:24:22 +08:00
|
|
|
group = fsnotify_alloc_group(&inotify_fsnotify_ops);
|
2009-05-22 05:02:01 +08:00
|
|
|
if (IS_ERR(group))
|
|
|
|
return group;
|
|
|
|
|
2014-02-22 02:14:11 +08:00
|
|
|
oevent = kmalloc(sizeof(struct inotify_event_info), GFP_KERNEL);
|
|
|
|
if (unlikely(!oevent)) {
|
|
|
|
fsnotify_destroy_group(group);
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
}
|
|
|
|
group->overflow_event = &oevent->fse;
|
|
|
|
fsnotify_init_event(group->overflow_event, NULL, FS_Q_OVERFLOW);
|
|
|
|
oevent->wd = -1;
|
|
|
|
oevent->sync_cookie = 0;
|
|
|
|
oevent->name_len = 0;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
group->max_events = max_events;
|
|
|
|
|
|
|
|
spin_lock_init(&group->inotify_data.idr_lock);
|
|
|
|
idr_init(&group->inotify_data.idr);
|
2011-04-06 05:20:50 +08:00
|
|
|
group->inotify_data.user = get_current_user();
|
|
|
|
|
|
|
|
if (atomic_inc_return(&group->inotify_data.user->inotify_devs) >
|
|
|
|
inotify_max_user_instances) {
|
2011-06-14 23:29:45 +08:00
|
|
|
fsnotify_destroy_group(group);
|
2011-04-06 05:20:50 +08:00
|
|
|
return ERR_PTR(-EMFILE);
|
|
|
|
}
|
2009-05-22 05:02:01 +08:00
|
|
|
|
|
|
|
return group;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* inotify syscalls */
|
2009-01-14 21:14:30 +08:00
|
|
|
SYSCALL_DEFINE1(inotify_init1, int, flags)
|
2006-06-02 04:10:59 +08:00
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group;
|
2010-02-11 15:24:46 +08:00
|
|
|
int ret;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2008-07-24 12:29:42 +08:00
|
|
|
/* Check the IN_* constants for consistency. */
|
|
|
|
BUILD_BUG_ON(IN_CLOEXEC != O_CLOEXEC);
|
|
|
|
BUILD_BUG_ON(IN_NONBLOCK != O_NONBLOCK);
|
|
|
|
|
2008-07-24 12:29:41 +08:00
|
|
|
if (flags & ~(IN_CLOEXEC | IN_NONBLOCK))
|
2008-07-24 12:29:32 +08:00
|
|
|
return -EINVAL;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* fsnotify_obtain_group took a reference to group, we put this when we kill the file in the end */
|
2011-04-06 05:20:50 +08:00
|
|
|
group = inotify_new_group(inotify_max_queued_events);
|
|
|
|
if (IS_ERR(group))
|
|
|
|
return PTR_ERR(group);
|
2009-08-05 22:35:21 +08:00
|
|
|
|
2010-02-11 15:24:46 +08:00
|
|
|
ret = anon_inode_getfd("inotify", &inotify_fops, group,
|
|
|
|
O_RDONLY | flags);
|
2011-04-06 05:20:50 +08:00
|
|
|
if (ret < 0)
|
2011-06-14 23:29:45 +08:00
|
|
|
fsnotify_destroy_group(group);
|
2009-08-05 22:35:21 +08:00
|
|
|
|
2006-06-02 04:10:59 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-01-14 21:14:30 +08:00
|
|
|
SYSCALL_DEFINE0(inotify_init)
|
2008-07-24 12:29:32 +08:00
|
|
|
{
|
|
|
|
return sys_inotify_init1(0);
|
|
|
|
}
|
|
|
|
|
2009-01-14 21:14:31 +08:00
|
|
|
SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname,
|
|
|
|
u32, mask)
|
2006-06-02 04:10:59 +08:00
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group;
|
2006-06-02 04:10:59 +08:00
|
|
|
struct inode *inode;
|
2008-07-22 21:59:21 +08:00
|
|
|
struct path path;
|
2012-08-29 00:52:22 +08:00
|
|
|
struct fd f;
|
|
|
|
int ret;
|
2006-06-02 04:10:59 +08:00
|
|
|
unsigned flags = 0;
|
|
|
|
|
2015-11-06 10:43:46 +08:00
|
|
|
/*
|
|
|
|
* We share a lot of code with fs/dnotify. We also share
|
|
|
|
* the bit layout between inotify's IN_* and the fsnotify
|
|
|
|
* FS_*. This check ensures that only the inotify IN_*
|
|
|
|
* bits get passed in and set in watches/events.
|
|
|
|
*/
|
|
|
|
if (unlikely(mask & ~ALL_INOTIFY_BITS))
|
|
|
|
return -EINVAL;
|
|
|
|
/*
|
|
|
|
* Require at least one valid bit set in the mask.
|
|
|
|
* Without _something_ set, we would have no events to
|
|
|
|
* watch for.
|
|
|
|
*/
|
2013-05-01 06:26:46 +08:00
|
|
|
if (unlikely(!(mask & ALL_INOTIFY_BITS)))
|
|
|
|
return -EINVAL;
|
|
|
|
|
2012-08-29 00:52:22 +08:00
|
|
|
f = fdget(fd);
|
|
|
|
if (unlikely(!f.file))
|
2006-06-02 04:10:59 +08:00
|
|
|
return -EBADF;
|
|
|
|
|
|
|
|
/* verify that this is indeed an inotify instance */
|
2012-08-29 00:52:22 +08:00
|
|
|
if (unlikely(f.file->f_op != &inotify_fops)) {
|
2006-06-02 04:10:59 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto fput_and_out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(mask & IN_DONT_FOLLOW))
|
|
|
|
flags |= LOOKUP_FOLLOW;
|
|
|
|
if (mask & IN_ONLYDIR)
|
|
|
|
flags |= LOOKUP_DIRECTORY;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
ret = inotify_find_inode(pathname, &path, flags);
|
|
|
|
if (ret)
|
2006-06-02 04:10:59 +08:00
|
|
|
goto fput_and_out;
|
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* inode held in place by reference to path; group by fget on fd */
|
2008-07-22 21:59:21 +08:00
|
|
|
inode = path.dentry->d_inode;
|
2012-08-29 00:52:22 +08:00
|
|
|
group = f.file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-05-22 05:02:01 +08:00
|
|
|
/* create/update an inode mark */
|
|
|
|
ret = inotify_update_watch(group, inode, mask);
|
2008-07-22 21:59:21 +08:00
|
|
|
path_put(&path);
|
2006-06-02 04:10:59 +08:00
|
|
|
fput_and_out:
|
2012-08-29 00:52:22 +08:00
|
|
|
fdput(f);
|
2006-06-02 04:10:59 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-01-14 21:14:31 +08:00
|
|
|
SYSCALL_DEFINE2(inotify_rm_watch, int, fd, __s32, wd)
|
2006-06-02 04:10:59 +08:00
|
|
|
{
|
2009-05-22 05:02:01 +08:00
|
|
|
struct fsnotify_group *group;
|
2009-12-18 10:24:24 +08:00
|
|
|
struct inotify_inode_mark *i_mark;
|
2012-08-29 00:52:22 +08:00
|
|
|
struct fd f;
|
|
|
|
int ret = 0;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2012-08-29 00:52:22 +08:00
|
|
|
f = fdget(fd);
|
|
|
|
if (unlikely(!f.file))
|
2006-06-02 04:10:59 +08:00
|
|
|
return -EBADF;
|
|
|
|
|
|
|
|
/* verify that this is indeed an inotify instance */
|
2009-12-18 09:12:04 +08:00
|
|
|
ret = -EINVAL;
|
2012-08-29 00:52:22 +08:00
|
|
|
if (unlikely(f.file->f_op != &inotify_fops))
|
2006-06-02 04:10:59 +08:00
|
|
|
goto out;
|
|
|
|
|
2012-08-29 00:52:22 +08:00
|
|
|
group = f.file->private_data;
|
2006-06-02 04:10:59 +08:00
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
ret = -EINVAL;
|
2009-12-18 10:24:24 +08:00
|
|
|
i_mark = inotify_idr_find(group, wd);
|
|
|
|
if (unlikely(!i_mark))
|
2009-05-22 05:02:01 +08:00
|
|
|
goto out;
|
|
|
|
|
2009-12-18 09:12:04 +08:00
|
|
|
ret = 0;
|
|
|
|
|
2011-06-14 23:29:51 +08:00
|
|
|
fsnotify_destroy_mark(&i_mark->fsn_mark, group);
|
2009-12-18 09:12:04 +08:00
|
|
|
|
|
|
|
/* match ref taken by inotify_idr_find */
|
2009-12-18 10:24:24 +08:00
|
|
|
fsnotify_put_mark(&i_mark->fsn_mark);
|
2006-06-02 04:10:59 +08:00
|
|
|
|
|
|
|
out:
|
2012-08-29 00:52:22 +08:00
|
|
|
fdput(f);
|
2006-06-02 04:10:59 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2011-03-01 22:06:02 +08:00
|
|
|
* inotify_user_setup - Our initialization function. Note that we cannot return
|
2006-06-02 04:10:59 +08:00
|
|
|
* error because we have compiled-in VFS hooks. So an (unlikely) failure here
|
|
|
|
* must result in panic().
|
|
|
|
*/
|
|
|
|
static int __init inotify_user_setup(void)
|
|
|
|
{
|
2010-07-28 22:18:37 +08:00
|
|
|
BUILD_BUG_ON(IN_ACCESS != FS_ACCESS);
|
|
|
|
BUILD_BUG_ON(IN_MODIFY != FS_MODIFY);
|
|
|
|
BUILD_BUG_ON(IN_ATTRIB != FS_ATTRIB);
|
|
|
|
BUILD_BUG_ON(IN_CLOSE_WRITE != FS_CLOSE_WRITE);
|
|
|
|
BUILD_BUG_ON(IN_CLOSE_NOWRITE != FS_CLOSE_NOWRITE);
|
|
|
|
BUILD_BUG_ON(IN_OPEN != FS_OPEN);
|
|
|
|
BUILD_BUG_ON(IN_MOVED_FROM != FS_MOVED_FROM);
|
|
|
|
BUILD_BUG_ON(IN_MOVED_TO != FS_MOVED_TO);
|
|
|
|
BUILD_BUG_ON(IN_CREATE != FS_CREATE);
|
|
|
|
BUILD_BUG_ON(IN_DELETE != FS_DELETE);
|
|
|
|
BUILD_BUG_ON(IN_DELETE_SELF != FS_DELETE_SELF);
|
|
|
|
BUILD_BUG_ON(IN_MOVE_SELF != FS_MOVE_SELF);
|
|
|
|
BUILD_BUG_ON(IN_UNMOUNT != FS_UNMOUNT);
|
|
|
|
BUILD_BUG_ON(IN_Q_OVERFLOW != FS_Q_OVERFLOW);
|
|
|
|
BUILD_BUG_ON(IN_IGNORED != FS_IN_IGNORED);
|
|
|
|
BUILD_BUG_ON(IN_EXCL_UNLINK != FS_EXCL_UNLINK);
|
2010-10-29 05:21:58 +08:00
|
|
|
BUILD_BUG_ON(IN_ISDIR != FS_ISDIR);
|
2010-07-28 22:18:37 +08:00
|
|
|
BUILD_BUG_ON(IN_ONESHOT != FS_IN_ONESHOT);
|
|
|
|
|
|
|
|
BUG_ON(hweight32(ALL_INOTIFY_BITS) != 21);
|
|
|
|
|
2009-12-18 10:24:24 +08:00
|
|
|
inotify_inode_mark_cachep = KMEM_CACHE(inotify_inode_mark, SLAB_PANIC);
|
2009-05-22 05:02:01 +08:00
|
|
|
|
2006-06-02 04:10:59 +08:00
|
|
|
inotify_max_queued_events = 16384;
|
|
|
|
inotify_max_user_instances = 128;
|
|
|
|
inotify_max_user_watches = 8192;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2015-05-02 08:08:20 +08:00
|
|
|
fs_initcall(inotify_user_setup);
|