mirror of
https://github.com/torvalds/linux.git
synced 2024-11-26 14:12:06 +00:00
b6a7828502
The summary of the changes for this pull requests is: * Song Liu's new struct module_memory replacement * Nick Alcock's MODULE_LICENSE() removal for non-modules * My cleanups and enhancements to reduce the areas where we vmalloc module memory for duplicates, and the respective debug code which proves the remaining vmalloc pressure comes from userspace. Most of the changes have been in linux-next for quite some time except the minor fixes I made to check if a module was already loaded prior to allocating the final module memory with vmalloc and the respective debug code it introduces to help clarify the issue. Although the functional change is small it is rather safe as it can only *help* reduce vmalloc space for duplicates and is confirmed to fix a bootup issue with over 400 CPUs with KASAN enabled. I don't expect stable kernels to pick up that fix as the cleanups would have also had to have been picked up. Folks on larger CPU systems with modules will want to just upgrade if vmalloc space has been an issue on bootup. Given the size of this request, here's some more elaborate details on this pull request. The functional change change in this pull request is the very first patch from Song Liu which replaces the struct module_layout with a new struct module memory. The old data structure tried to put together all types of supported module memory types in one data structure, the new one abstracts the differences in memory types in a module to allow each one to provide their own set of details. This paves the way in the future so we can deal with them in a cleaner way. If you look at changes they also provide a nice cleanup of how we handle these different memory areas in a module. This change has been in linux-next since before the merge window opened for v6.3 so to provide more than a full kernel cycle of testing. It's a good thing as quite a bit of fixes have been found for it. Jason Baron then made dynamic debug a first class citizen module user by using module notifier callbacks to allocate / remove module specific dynamic debug information. Nick Alcock has done quite a bit of work cross-tree to remove module license tags from things which cannot possibly be module at my request so to: a) help him with his longer term tooling goals which require a deterministic evaluation if a piece a symbol code could ever be part of a module or not. But quite recently it is has been made clear that tooling is not the only one that would benefit. Disambiguating symbols also helps efforts such as live patching, kprobes and BPF, but for other reasons and R&D on this area is active with no clear solution in sight. b) help us inch closer to the now generally accepted long term goal of automating all the MODULE_LICENSE() tags from SPDX license tags In so far as a) is concerned, although module license tags are a no-op for non-modules, tools which would want create a mapping of possible modules can only rely on the module license tag after the commit8b41fc4454
("kbuild: create modules.builtin without Makefile.modbuiltin or tristate.conf"). Nick has been working on this *for years* and AFAICT I was the only one to suggest two alternatives to this approach for tooling. The complexity in one of my suggested approaches lies in that we'd need a possible-obj-m and a could-be-module which would check if the object being built is part of any kconfig build which could ever lead to it being part of a module, and if so define a new define -DPOSSIBLE_MODULE [0]. A more obvious yet theoretical approach I've suggested would be to have a tristate in kconfig imply the same new -DPOSSIBLE_MODULE as well but that means getting kconfig symbol names mapping to modules always, and I don't think that's the case today. I am not aware of Nick or anyone exploring either of these options. Quite recently Josh Poimboeuf has pointed out that live patching, kprobes and BPF would benefit from resolving some part of the disambiguation as well but for other reasons. The function granularity KASLR (fgkaslr) patches were mentioned but Joe Lawrence has clarified this effort has been dropped with no clear solution in sight [1]. In the meantime removing module license tags from code which could never be modules is welcomed for both objectives mentioned above. Some developers have also welcomed these changes as it has helped clarify when a module was never possible and they forgot to clean this up, and so you'll see quite a bit of Nick's patches in other pull requests for this merge window. I just picked up the stragglers after rc3. LWN has good coverage on the motivation behind this work [2] and the typical cross-tree issues he ran into along the way. The only concrete blocker issue he ran into was that we should not remove the MODULE_LICENSE() tags from files which have no SPDX tags yet, even if they can never be modules. Nick ended up giving up on his efforts due to having to do this vetting and backlash he ran into from folks who really did *not understand* the core of the issue nor were providing any alternative / guidance. I've gone through his changes and dropped the patches which dropped the module license tags where an SPDX license tag was missing, it only consisted of 11 drivers. To see if a pull request deals with a file which lacks SPDX tags you can just use: ./scripts/spdxcheck.py -f \ $(git diff --name-only commid-id | xargs echo) You'll see a core module file in this pull request for the above, but that's not related to his changes. WE just need to add the SPDX license tag for the kernel/module/kmod.c file in the future but it demonstrates the effectiveness of the script. Most of Nick's changes were spread out through different trees, and I just picked up the slack after rc3 for the last kernel was out. Those changes have been in linux-next for over two weeks. The cleanups, debug code I added and final fix I added for modules were motivated by David Hildenbrand's report of boot failing on a systems with over 400 CPUs when KASAN was enabled due to running out of virtual memory space. Although the functional change only consists of 3 lines in the patch "module: avoid allocation if module is already present and ready", proving that this was the best we can do on the modules side took quite a bit of effort and new debug code. The initial cleanups I did on the modules side of things has been in linux-next since around rc3 of the last kernel, the actual final fix for and debug code however have only been in linux-next for about a week or so but I think it is worth getting that code in for this merge window as it does help fix / prove / evaluate the issues reported with larger number of CPUs. Userspace is not yet fixed as it is taking a bit of time for folks to understand the crux of the issue and find a proper resolution. Worst come to worst, I have a kludge-of-concept [3] of how to make kernel_read*() calls for modules unique / converge them, but I'm currently inclined to just see if userspace can fix this instead. [0] https://lore.kernel.org/all/Y/kXDqW+7d71C4wz@bombadil.infradead.org/ [1] https://lkml.kernel.org/r/025f2151-ce7c-5630-9b90-98742c97ac65@redhat.com [2] https://lwn.net/Articles/927569/ [3] https://lkml.kernel.org/r/20230414052840.1994456-3-mcgrof@kernel.org -----BEGIN PGP SIGNATURE----- iQJGBAABCgAwFiEENnNq2KuOejlQLZofziMdCjCSiKcFAmRG4m0SHG1jZ3JvZkBr ZXJuZWwub3JnAAoJEM4jHQowkoinQ2oP/0xlvKwJg6Ey8fHZF0qv8VOskE80zoLF hMazU3xfqLA+1TQvouW1YBxt3jwS3t1Ehs+NrV+nY9Yzcm0MzRX/n3fASJVe7nRr oqWWQU+voYl5Pw1xsfdp6C8IXpBQorpYby3Vp0MAMoZyl2W2YrNo36NV488wM9KC jD4HF5Z6xpnPSZTRR7AgW9mo7FdAtxPeKJ76Bch7lH8U6omT7n36WqTw+5B1eAYU YTOvrjRs294oqmWE+LeebyiOOXhH/yEYx4JNQgCwPdxwnRiGJWKsk5va0hRApqF/ WW8dIqdEnjsa84lCuxnmWgbcPK8cgmlO0rT0DyneACCldNlldCW1LJ0HOwLk9pea p3JFAsBL7TKue4Tos6I7/4rx1ufyBGGIigqw9/VX5g0Iif+3BhWnqKRfz+p9wiMa Fl7cU6u7yC68CHu1HBSisK16cYMCPeOnTSd89upHj8JU/t74O6k/ARvjrQ9qmNUt c5U+OY+WpNJ1nXQydhY/yIDhFdYg8SSpNuIO90r4L8/8jRQYXNG80FDd1UtvVDuy eq0r2yZ8C0XHSlOT9QHaua/tWV/aaKtyC/c0hDRrigfUrq8UOlGujMXbUnrmrWJI tLJLAc7ePWAAoZXGSHrt0U27l029GzLwRdKqJ6kkDANVnTeOdV+mmBg9zGh3/Mp6 agiwdHUMVN7X =56WK -----END PGP SIGNATURE----- Merge tag 'modules-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux Pull module updates from Luis Chamberlain: "The summary of the changes for this pull requests is: - Song Liu's new struct module_memory replacement - Nick Alcock's MODULE_LICENSE() removal for non-modules - My cleanups and enhancements to reduce the areas where we vmalloc module memory for duplicates, and the respective debug code which proves the remaining vmalloc pressure comes from userspace. Most of the changes have been in linux-next for quite some time except the minor fixes I made to check if a module was already loaded prior to allocating the final module memory with vmalloc and the respective debug code it introduces to help clarify the issue. Although the functional change is small it is rather safe as it can only *help* reduce vmalloc space for duplicates and is confirmed to fix a bootup issue with over 400 CPUs with KASAN enabled. I don't expect stable kernels to pick up that fix as the cleanups would have also had to have been picked up. Folks on larger CPU systems with modules will want to just upgrade if vmalloc space has been an issue on bootup. Given the size of this request, here's some more elaborate details: The functional change change in this pull request is the very first patch from Song Liu which replaces the 'struct module_layout' with a new 'struct module_memory'. The old data structure tried to put together all types of supported module memory types in one data structure, the new one abstracts the differences in memory types in a module to allow each one to provide their own set of details. This paves the way in the future so we can deal with them in a cleaner way. If you look at changes they also provide a nice cleanup of how we handle these different memory areas in a module. This change has been in linux-next since before the merge window opened for v6.3 so to provide more than a full kernel cycle of testing. It's a good thing as quite a bit of fixes have been found for it. Jason Baron then made dynamic debug a first class citizen module user by using module notifier callbacks to allocate / remove module specific dynamic debug information. Nick Alcock has done quite a bit of work cross-tree to remove module license tags from things which cannot possibly be module at my request so to: a) help him with his longer term tooling goals which require a deterministic evaluation if a piece a symbol code could ever be part of a module or not. But quite recently it is has been made clear that tooling is not the only one that would benefit. Disambiguating symbols also helps efforts such as live patching, kprobes and BPF, but for other reasons and R&D on this area is active with no clear solution in sight. b) help us inch closer to the now generally accepted long term goal of automating all the MODULE_LICENSE() tags from SPDX license tags In so far as a) is concerned, although module license tags are a no-op for non-modules, tools which would want create a mapping of possible modules can only rely on the module license tag after the commit8b41fc4454
("kbuild: create modules.builtin without Makefile.modbuiltin or tristate.conf"). Nick has been working on this *for years* and AFAICT I was the only one to suggest two alternatives to this approach for tooling. The complexity in one of my suggested approaches lies in that we'd need a possible-obj-m and a could-be-module which would check if the object being built is part of any kconfig build which could ever lead to it being part of a module, and if so define a new define -DPOSSIBLE_MODULE [0]. A more obvious yet theoretical approach I've suggested would be to have a tristate in kconfig imply the same new -DPOSSIBLE_MODULE as well but that means getting kconfig symbol names mapping to modules always, and I don't think that's the case today. I am not aware of Nick or anyone exploring either of these options. Quite recently Josh Poimboeuf has pointed out that live patching, kprobes and BPF would benefit from resolving some part of the disambiguation as well but for other reasons. The function granularity KASLR (fgkaslr) patches were mentioned but Joe Lawrence has clarified this effort has been dropped with no clear solution in sight [1]. In the meantime removing module license tags from code which could never be modules is welcomed for both objectives mentioned above. Some developers have also welcomed these changes as it has helped clarify when a module was never possible and they forgot to clean this up, and so you'll see quite a bit of Nick's patches in other pull requests for this merge window. I just picked up the stragglers after rc3. LWN has good coverage on the motivation behind this work [2] and the typical cross-tree issues he ran into along the way. The only concrete blocker issue he ran into was that we should not remove the MODULE_LICENSE() tags from files which have no SPDX tags yet, even if they can never be modules. Nick ended up giving up on his efforts due to having to do this vetting and backlash he ran into from folks who really did *not understand* the core of the issue nor were providing any alternative / guidance. I've gone through his changes and dropped the patches which dropped the module license tags where an SPDX license tag was missing, it only consisted of 11 drivers. To see if a pull request deals with a file which lacks SPDX tags you can just use: ./scripts/spdxcheck.py -f \ $(git diff --name-only commid-id | xargs echo) You'll see a core module file in this pull request for the above, but that's not related to his changes. WE just need to add the SPDX license tag for the kernel/module/kmod.c file in the future but it demonstrates the effectiveness of the script. Most of Nick's changes were spread out through different trees, and I just picked up the slack after rc3 for the last kernel was out. Those changes have been in linux-next for over two weeks. The cleanups, debug code I added and final fix I added for modules were motivated by David Hildenbrand's report of boot failing on a systems with over 400 CPUs when KASAN was enabled due to running out of virtual memory space. Although the functional change only consists of 3 lines in the patch "module: avoid allocation if module is already present and ready", proving that this was the best we can do on the modules side took quite a bit of effort and new debug code. The initial cleanups I did on the modules side of things has been in linux-next since around rc3 of the last kernel, the actual final fix for and debug code however have only been in linux-next for about a week or so but I think it is worth getting that code in for this merge window as it does help fix / prove / evaluate the issues reported with larger number of CPUs. Userspace is not yet fixed as it is taking a bit of time for folks to understand the crux of the issue and find a proper resolution. Worst come to worst, I have a kludge-of-concept [3] of how to make kernel_read*() calls for modules unique / converge them, but I'm currently inclined to just see if userspace can fix this instead" Link: https://lore.kernel.org/all/Y/kXDqW+7d71C4wz@bombadil.infradead.org/ [0] Link: https://lkml.kernel.org/r/025f2151-ce7c-5630-9b90-98742c97ac65@redhat.com [1] Link: https://lwn.net/Articles/927569/ [2] Link: https://lkml.kernel.org/r/20230414052840.1994456-3-mcgrof@kernel.org [3] * tag 'modules-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux: (121 commits) module: add debugging auto-load duplicate module support module: stats: fix invalid_mod_bytes typo module: remove use of uninitialized variable len module: fix building stats for 32-bit targets module: stats: include uapi/linux/module.h module: avoid allocation if module is already present and ready module: add debug stats to help identify memory pressure module: extract patient module check into helper modules/kmod: replace implementation with a semaphore Change DEFINE_SEMAPHORE() to take a number argument module: fix kmemleak annotations for non init ELF sections module: Ignore L0 and rename is_arm_mapping_symbol() module: Move is_arm_mapping_symbol() to module_symbol.h module: Sync code of is_arm_mapping_symbol() scripts/gdb: use mem instead of core_layout to get the module address interconnect: remove module-related code interconnect: remove MODULE_LICENSE in non-modules zswap: remove MODULE_LICENSE in non-modules zpool: remove MODULE_LICENSE in non-modules x86/mm/dump_pagetables: remove MODULE_LICENSE in non-modules ...
701 lines
17 KiB
C
701 lines
17 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/* Watch queue and general notification mechanism, built on pipes
|
|
*
|
|
* Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* See Documentation/core-api/watch_queue.rst
|
|
*/
|
|
|
|
#define pr_fmt(fmt) "watchq: " fmt
|
|
#include <linux/module.h>
|
|
#include <linux/init.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/printk.h>
|
|
#include <linux/miscdevice.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/poll.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/file.h>
|
|
#include <linux/security.h>
|
|
#include <linux/cred.h>
|
|
#include <linux/sched/signal.h>
|
|
#include <linux/watch_queue.h>
|
|
#include <linux/pipe_fs_i.h>
|
|
|
|
MODULE_DESCRIPTION("Watch queue");
|
|
MODULE_AUTHOR("Red Hat, Inc.");
|
|
|
|
#define WATCH_QUEUE_NOTE_SIZE 128
|
|
#define WATCH_QUEUE_NOTES_PER_PAGE (PAGE_SIZE / WATCH_QUEUE_NOTE_SIZE)
|
|
|
|
/*
|
|
* This must be called under the RCU read-lock, which makes
|
|
* sure that the wqueue still exists. It can then take the lock,
|
|
* and check that the wqueue hasn't been destroyed, which in
|
|
* turn makes sure that the notification pipe still exists.
|
|
*/
|
|
static inline bool lock_wqueue(struct watch_queue *wqueue)
|
|
{
|
|
spin_lock_bh(&wqueue->lock);
|
|
if (unlikely(wqueue->defunct)) {
|
|
spin_unlock_bh(&wqueue->lock);
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static inline void unlock_wqueue(struct watch_queue *wqueue)
|
|
{
|
|
spin_unlock_bh(&wqueue->lock);
|
|
}
|
|
|
|
static void watch_queue_pipe_buf_release(struct pipe_inode_info *pipe,
|
|
struct pipe_buffer *buf)
|
|
{
|
|
struct watch_queue *wqueue = (struct watch_queue *)buf->private;
|
|
struct page *page;
|
|
unsigned int bit;
|
|
|
|
/* We need to work out which note within the page this refers to, but
|
|
* the note might have been maximum size, so merely ANDing the offset
|
|
* off doesn't work. OTOH, the note must've been more than zero size.
|
|
*/
|
|
bit = buf->offset + buf->len;
|
|
if ((bit & (WATCH_QUEUE_NOTE_SIZE - 1)) == 0)
|
|
bit -= WATCH_QUEUE_NOTE_SIZE;
|
|
bit /= WATCH_QUEUE_NOTE_SIZE;
|
|
|
|
page = buf->page;
|
|
bit += page->index;
|
|
|
|
set_bit(bit, wqueue->notes_bitmap);
|
|
generic_pipe_buf_release(pipe, buf);
|
|
}
|
|
|
|
// No try_steal function => no stealing
|
|
#define watch_queue_pipe_buf_try_steal NULL
|
|
|
|
/* New data written to a pipe may be appended to a buffer with this type. */
|
|
static const struct pipe_buf_operations watch_queue_pipe_buf_ops = {
|
|
.release = watch_queue_pipe_buf_release,
|
|
.try_steal = watch_queue_pipe_buf_try_steal,
|
|
.get = generic_pipe_buf_get,
|
|
};
|
|
|
|
/*
|
|
* Post a notification to a watch queue.
|
|
*
|
|
* Must be called with the RCU lock for reading, and the
|
|
* watch_queue lock held, which guarantees that the pipe
|
|
* hasn't been released.
|
|
*/
|
|
static bool post_one_notification(struct watch_queue *wqueue,
|
|
struct watch_notification *n)
|
|
{
|
|
void *p;
|
|
struct pipe_inode_info *pipe = wqueue->pipe;
|
|
struct pipe_buffer *buf;
|
|
struct page *page;
|
|
unsigned int head, tail, mask, note, offset, len;
|
|
bool done = false;
|
|
|
|
if (!pipe)
|
|
return false;
|
|
|
|
spin_lock_irq(&pipe->rd_wait.lock);
|
|
|
|
mask = pipe->ring_size - 1;
|
|
head = pipe->head;
|
|
tail = pipe->tail;
|
|
if (pipe_full(head, tail, pipe->ring_size))
|
|
goto lost;
|
|
|
|
note = find_first_bit(wqueue->notes_bitmap, wqueue->nr_notes);
|
|
if (note >= wqueue->nr_notes)
|
|
goto lost;
|
|
|
|
page = wqueue->notes[note / WATCH_QUEUE_NOTES_PER_PAGE];
|
|
offset = note % WATCH_QUEUE_NOTES_PER_PAGE * WATCH_QUEUE_NOTE_SIZE;
|
|
get_page(page);
|
|
len = n->info & WATCH_INFO_LENGTH;
|
|
p = kmap_atomic(page);
|
|
memcpy(p + offset, n, len);
|
|
kunmap_atomic(p);
|
|
|
|
buf = &pipe->bufs[head & mask];
|
|
buf->page = page;
|
|
buf->private = (unsigned long)wqueue;
|
|
buf->ops = &watch_queue_pipe_buf_ops;
|
|
buf->offset = offset;
|
|
buf->len = len;
|
|
buf->flags = PIPE_BUF_FLAG_WHOLE;
|
|
smp_store_release(&pipe->head, head + 1); /* vs pipe_read() */
|
|
|
|
if (!test_and_clear_bit(note, wqueue->notes_bitmap)) {
|
|
spin_unlock_irq(&pipe->rd_wait.lock);
|
|
BUG();
|
|
}
|
|
wake_up_interruptible_sync_poll_locked(&pipe->rd_wait, EPOLLIN | EPOLLRDNORM);
|
|
done = true;
|
|
|
|
out:
|
|
spin_unlock_irq(&pipe->rd_wait.lock);
|
|
if (done)
|
|
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
|
|
return done;
|
|
|
|
lost:
|
|
buf = &pipe->bufs[(head - 1) & mask];
|
|
buf->flags |= PIPE_BUF_FLAG_LOSS;
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* Apply filter rules to a notification.
|
|
*/
|
|
static bool filter_watch_notification(const struct watch_filter *wf,
|
|
const struct watch_notification *n)
|
|
{
|
|
const struct watch_type_filter *wt;
|
|
unsigned int st_bits = sizeof(wt->subtype_filter[0]) * 8;
|
|
unsigned int st_index = n->subtype / st_bits;
|
|
unsigned int st_bit = 1U << (n->subtype % st_bits);
|
|
int i;
|
|
|
|
if (!test_bit(n->type, wf->type_filter))
|
|
return false;
|
|
|
|
for (i = 0; i < wf->nr_filters; i++) {
|
|
wt = &wf->filters[i];
|
|
if (n->type == wt->type &&
|
|
(wt->subtype_filter[st_index] & st_bit) &&
|
|
(n->info & wt->info_mask) == wt->info_filter)
|
|
return true;
|
|
}
|
|
|
|
return false; /* If there is a filter, the default is to reject. */
|
|
}
|
|
|
|
/**
|
|
* __post_watch_notification - Post an event notification
|
|
* @wlist: The watch list to post the event to.
|
|
* @n: The notification record to post.
|
|
* @cred: The creds of the process that triggered the notification.
|
|
* @id: The ID to match on the watch.
|
|
*
|
|
* Post a notification of an event into a set of watch queues and let the users
|
|
* know.
|
|
*
|
|
* The size of the notification should be set in n->info & WATCH_INFO_LENGTH and
|
|
* should be in units of sizeof(*n).
|
|
*/
|
|
void __post_watch_notification(struct watch_list *wlist,
|
|
struct watch_notification *n,
|
|
const struct cred *cred,
|
|
u64 id)
|
|
{
|
|
const struct watch_filter *wf;
|
|
struct watch_queue *wqueue;
|
|
struct watch *watch;
|
|
|
|
if (((n->info & WATCH_INFO_LENGTH) >> WATCH_INFO_LENGTH__SHIFT) == 0) {
|
|
WARN_ON(1);
|
|
return;
|
|
}
|
|
|
|
rcu_read_lock();
|
|
|
|
hlist_for_each_entry_rcu(watch, &wlist->watchers, list_node) {
|
|
if (watch->id != id)
|
|
continue;
|
|
n->info &= ~WATCH_INFO_ID;
|
|
n->info |= watch->info_id;
|
|
|
|
wqueue = rcu_dereference(watch->queue);
|
|
wf = rcu_dereference(wqueue->filter);
|
|
if (wf && !filter_watch_notification(wf, n))
|
|
continue;
|
|
|
|
if (security_post_notification(watch->cred, cred, n) < 0)
|
|
continue;
|
|
|
|
if (lock_wqueue(wqueue)) {
|
|
post_one_notification(wqueue, n);
|
|
unlock_wqueue(wqueue);
|
|
}
|
|
}
|
|
|
|
rcu_read_unlock();
|
|
}
|
|
EXPORT_SYMBOL(__post_watch_notification);
|
|
|
|
/*
|
|
* Allocate sufficient pages to preallocation for the requested number of
|
|
* notifications.
|
|
*/
|
|
long watch_queue_set_size(struct pipe_inode_info *pipe, unsigned int nr_notes)
|
|
{
|
|
struct watch_queue *wqueue = pipe->watch_queue;
|
|
struct page **pages;
|
|
unsigned long *bitmap;
|
|
unsigned long user_bufs;
|
|
int ret, i, nr_pages;
|
|
|
|
if (!wqueue)
|
|
return -ENODEV;
|
|
if (wqueue->notes)
|
|
return -EBUSY;
|
|
|
|
if (nr_notes < 1 ||
|
|
nr_notes > 512) /* TODO: choose a better hard limit */
|
|
return -EINVAL;
|
|
|
|
nr_pages = (nr_notes + WATCH_QUEUE_NOTES_PER_PAGE - 1);
|
|
nr_pages /= WATCH_QUEUE_NOTES_PER_PAGE;
|
|
user_bufs = account_pipe_buffers(pipe->user, pipe->nr_accounted, nr_pages);
|
|
|
|
if (nr_pages > pipe->max_usage &&
|
|
(too_many_pipe_buffers_hard(user_bufs) ||
|
|
too_many_pipe_buffers_soft(user_bufs)) &&
|
|
pipe_is_unprivileged_user()) {
|
|
ret = -EPERM;
|
|
goto error;
|
|
}
|
|
|
|
nr_notes = nr_pages * WATCH_QUEUE_NOTES_PER_PAGE;
|
|
ret = pipe_resize_ring(pipe, roundup_pow_of_two(nr_notes));
|
|
if (ret < 0)
|
|
goto error;
|
|
|
|
ret = -ENOMEM;
|
|
pages = kcalloc(sizeof(struct page *), nr_pages, GFP_KERNEL);
|
|
if (!pages)
|
|
goto error;
|
|
|
|
for (i = 0; i < nr_pages; i++) {
|
|
pages[i] = alloc_page(GFP_KERNEL);
|
|
if (!pages[i])
|
|
goto error_p;
|
|
pages[i]->index = i * WATCH_QUEUE_NOTES_PER_PAGE;
|
|
}
|
|
|
|
bitmap = bitmap_alloc(nr_notes, GFP_KERNEL);
|
|
if (!bitmap)
|
|
goto error_p;
|
|
|
|
bitmap_fill(bitmap, nr_notes);
|
|
wqueue->notes = pages;
|
|
wqueue->notes_bitmap = bitmap;
|
|
wqueue->nr_pages = nr_pages;
|
|
wqueue->nr_notes = nr_notes;
|
|
return 0;
|
|
|
|
error_p:
|
|
while (--i >= 0)
|
|
__free_page(pages[i]);
|
|
kfree(pages);
|
|
error:
|
|
(void) account_pipe_buffers(pipe->user, nr_pages, pipe->nr_accounted);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Set the filter on a watch queue.
|
|
*/
|
|
long watch_queue_set_filter(struct pipe_inode_info *pipe,
|
|
struct watch_notification_filter __user *_filter)
|
|
{
|
|
struct watch_notification_type_filter *tf;
|
|
struct watch_notification_filter filter;
|
|
struct watch_type_filter *q;
|
|
struct watch_filter *wfilter;
|
|
struct watch_queue *wqueue = pipe->watch_queue;
|
|
int ret, nr_filter = 0, i;
|
|
|
|
if (!wqueue)
|
|
return -ENODEV;
|
|
|
|
if (!_filter) {
|
|
/* Remove the old filter */
|
|
wfilter = NULL;
|
|
goto set;
|
|
}
|
|
|
|
/* Grab the user's filter specification */
|
|
if (copy_from_user(&filter, _filter, sizeof(filter)) != 0)
|
|
return -EFAULT;
|
|
if (filter.nr_filters == 0 ||
|
|
filter.nr_filters > 16 ||
|
|
filter.__reserved != 0)
|
|
return -EINVAL;
|
|
|
|
tf = memdup_user(_filter->filters, filter.nr_filters * sizeof(*tf));
|
|
if (IS_ERR(tf))
|
|
return PTR_ERR(tf);
|
|
|
|
ret = -EINVAL;
|
|
for (i = 0; i < filter.nr_filters; i++) {
|
|
if ((tf[i].info_filter & ~tf[i].info_mask) ||
|
|
tf[i].info_mask & WATCH_INFO_LENGTH)
|
|
goto err_filter;
|
|
/* Ignore any unknown types */
|
|
if (tf[i].type >= WATCH_TYPE__NR)
|
|
continue;
|
|
nr_filter++;
|
|
}
|
|
|
|
/* Now we need to build the internal filter from only the relevant
|
|
* user-specified filters.
|
|
*/
|
|
ret = -ENOMEM;
|
|
wfilter = kzalloc(struct_size(wfilter, filters, nr_filter), GFP_KERNEL);
|
|
if (!wfilter)
|
|
goto err_filter;
|
|
wfilter->nr_filters = nr_filter;
|
|
|
|
q = wfilter->filters;
|
|
for (i = 0; i < filter.nr_filters; i++) {
|
|
if (tf[i].type >= WATCH_TYPE__NR)
|
|
continue;
|
|
|
|
q->type = tf[i].type;
|
|
q->info_filter = tf[i].info_filter;
|
|
q->info_mask = tf[i].info_mask;
|
|
q->subtype_filter[0] = tf[i].subtype_filter[0];
|
|
__set_bit(q->type, wfilter->type_filter);
|
|
q++;
|
|
}
|
|
|
|
kfree(tf);
|
|
set:
|
|
pipe_lock(pipe);
|
|
wfilter = rcu_replace_pointer(wqueue->filter, wfilter,
|
|
lockdep_is_held(&pipe->mutex));
|
|
pipe_unlock(pipe);
|
|
if (wfilter)
|
|
kfree_rcu(wfilter, rcu);
|
|
return 0;
|
|
|
|
err_filter:
|
|
kfree(tf);
|
|
return ret;
|
|
}
|
|
|
|
static void __put_watch_queue(struct kref *kref)
|
|
{
|
|
struct watch_queue *wqueue =
|
|
container_of(kref, struct watch_queue, usage);
|
|
struct watch_filter *wfilter;
|
|
int i;
|
|
|
|
for (i = 0; i < wqueue->nr_pages; i++)
|
|
__free_page(wqueue->notes[i]);
|
|
kfree(wqueue->notes);
|
|
bitmap_free(wqueue->notes_bitmap);
|
|
|
|
wfilter = rcu_access_pointer(wqueue->filter);
|
|
if (wfilter)
|
|
kfree_rcu(wfilter, rcu);
|
|
kfree_rcu(wqueue, rcu);
|
|
}
|
|
|
|
/**
|
|
* put_watch_queue - Dispose of a ref on a watchqueue.
|
|
* @wqueue: The watch queue to unref.
|
|
*/
|
|
void put_watch_queue(struct watch_queue *wqueue)
|
|
{
|
|
kref_put(&wqueue->usage, __put_watch_queue);
|
|
}
|
|
EXPORT_SYMBOL(put_watch_queue);
|
|
|
|
static void free_watch(struct rcu_head *rcu)
|
|
{
|
|
struct watch *watch = container_of(rcu, struct watch, rcu);
|
|
|
|
put_watch_queue(rcu_access_pointer(watch->queue));
|
|
atomic_dec(&watch->cred->user->nr_watches);
|
|
put_cred(watch->cred);
|
|
kfree(watch);
|
|
}
|
|
|
|
static void __put_watch(struct kref *kref)
|
|
{
|
|
struct watch *watch = container_of(kref, struct watch, usage);
|
|
|
|
call_rcu(&watch->rcu, free_watch);
|
|
}
|
|
|
|
/*
|
|
* Discard a watch.
|
|
*/
|
|
static void put_watch(struct watch *watch)
|
|
{
|
|
kref_put(&watch->usage, __put_watch);
|
|
}
|
|
|
|
/**
|
|
* init_watch - Initialise a watch
|
|
* @watch: The watch to initialise.
|
|
* @wqueue: The queue to assign.
|
|
*
|
|
* Initialise a watch and set the watch queue.
|
|
*/
|
|
void init_watch(struct watch *watch, struct watch_queue *wqueue)
|
|
{
|
|
kref_init(&watch->usage);
|
|
INIT_HLIST_NODE(&watch->list_node);
|
|
INIT_HLIST_NODE(&watch->queue_node);
|
|
rcu_assign_pointer(watch->queue, wqueue);
|
|
}
|
|
|
|
static int add_one_watch(struct watch *watch, struct watch_list *wlist, struct watch_queue *wqueue)
|
|
{
|
|
const struct cred *cred;
|
|
struct watch *w;
|
|
|
|
hlist_for_each_entry(w, &wlist->watchers, list_node) {
|
|
struct watch_queue *wq = rcu_access_pointer(w->queue);
|
|
if (wqueue == wq && watch->id == w->id)
|
|
return -EBUSY;
|
|
}
|
|
|
|
cred = current_cred();
|
|
if (atomic_inc_return(&cred->user->nr_watches) > task_rlimit(current, RLIMIT_NOFILE)) {
|
|
atomic_dec(&cred->user->nr_watches);
|
|
return -EAGAIN;
|
|
}
|
|
|
|
watch->cred = get_cred(cred);
|
|
rcu_assign_pointer(watch->watch_list, wlist);
|
|
|
|
kref_get(&wqueue->usage);
|
|
kref_get(&watch->usage);
|
|
hlist_add_head(&watch->queue_node, &wqueue->watches);
|
|
hlist_add_head_rcu(&watch->list_node, &wlist->watchers);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* add_watch_to_object - Add a watch on an object to a watch list
|
|
* @watch: The watch to add
|
|
* @wlist: The watch list to add to
|
|
*
|
|
* @watch->queue must have been set to point to the queue to post notifications
|
|
* to and the watch list of the object to be watched. @watch->cred must also
|
|
* have been set to the appropriate credentials and a ref taken on them.
|
|
*
|
|
* The caller must pin the queue and the list both and must hold the list
|
|
* locked against racing watch additions/removals.
|
|
*/
|
|
int add_watch_to_object(struct watch *watch, struct watch_list *wlist)
|
|
{
|
|
struct watch_queue *wqueue;
|
|
int ret = -ENOENT;
|
|
|
|
rcu_read_lock();
|
|
|
|
wqueue = rcu_access_pointer(watch->queue);
|
|
if (lock_wqueue(wqueue)) {
|
|
spin_lock(&wlist->lock);
|
|
ret = add_one_watch(watch, wlist, wqueue);
|
|
spin_unlock(&wlist->lock);
|
|
unlock_wqueue(wqueue);
|
|
}
|
|
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL(add_watch_to_object);
|
|
|
|
/**
|
|
* remove_watch_from_object - Remove a watch or all watches from an object.
|
|
* @wlist: The watch list to remove from
|
|
* @wq: The watch queue of interest (ignored if @all is true)
|
|
* @id: The ID of the watch to remove (ignored if @all is true)
|
|
* @all: True to remove all objects
|
|
*
|
|
* Remove a specific watch or all watches from an object. A notification is
|
|
* sent to the watcher to tell them that this happened.
|
|
*/
|
|
int remove_watch_from_object(struct watch_list *wlist, struct watch_queue *wq,
|
|
u64 id, bool all)
|
|
{
|
|
struct watch_notification_removal n;
|
|
struct watch_queue *wqueue;
|
|
struct watch *watch;
|
|
int ret = -EBADSLT;
|
|
|
|
rcu_read_lock();
|
|
|
|
again:
|
|
spin_lock(&wlist->lock);
|
|
hlist_for_each_entry(watch, &wlist->watchers, list_node) {
|
|
if (all ||
|
|
(watch->id == id && rcu_access_pointer(watch->queue) == wq))
|
|
goto found;
|
|
}
|
|
spin_unlock(&wlist->lock);
|
|
goto out;
|
|
|
|
found:
|
|
ret = 0;
|
|
hlist_del_init_rcu(&watch->list_node);
|
|
rcu_assign_pointer(watch->watch_list, NULL);
|
|
spin_unlock(&wlist->lock);
|
|
|
|
/* We now own the reference on watch that used to belong to wlist. */
|
|
|
|
n.watch.type = WATCH_TYPE_META;
|
|
n.watch.subtype = WATCH_META_REMOVAL_NOTIFICATION;
|
|
n.watch.info = watch->info_id | watch_sizeof(n.watch);
|
|
n.id = id;
|
|
if (id != 0)
|
|
n.watch.info = watch->info_id | watch_sizeof(n);
|
|
|
|
wqueue = rcu_dereference(watch->queue);
|
|
|
|
if (lock_wqueue(wqueue)) {
|
|
post_one_notification(wqueue, &n.watch);
|
|
|
|
if (!hlist_unhashed(&watch->queue_node)) {
|
|
hlist_del_init_rcu(&watch->queue_node);
|
|
put_watch(watch);
|
|
}
|
|
|
|
unlock_wqueue(wqueue);
|
|
}
|
|
|
|
if (wlist->release_watch) {
|
|
void (*release_watch)(struct watch *);
|
|
|
|
release_watch = wlist->release_watch;
|
|
rcu_read_unlock();
|
|
(*release_watch)(watch);
|
|
rcu_read_lock();
|
|
}
|
|
put_watch(watch);
|
|
|
|
if (all && !hlist_empty(&wlist->watchers))
|
|
goto again;
|
|
out:
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL(remove_watch_from_object);
|
|
|
|
/*
|
|
* Remove all the watches that are contributory to a queue. This has the
|
|
* potential to race with removal of the watches by the destruction of the
|
|
* objects being watched or with the distribution of notifications.
|
|
*/
|
|
void watch_queue_clear(struct watch_queue *wqueue)
|
|
{
|
|
struct watch_list *wlist;
|
|
struct watch *watch;
|
|
bool release;
|
|
|
|
rcu_read_lock();
|
|
spin_lock_bh(&wqueue->lock);
|
|
|
|
/* Prevent new notifications from being stored. */
|
|
wqueue->defunct = true;
|
|
|
|
while (!hlist_empty(&wqueue->watches)) {
|
|
watch = hlist_entry(wqueue->watches.first, struct watch, queue_node);
|
|
hlist_del_init_rcu(&watch->queue_node);
|
|
/* We now own a ref on the watch. */
|
|
spin_unlock_bh(&wqueue->lock);
|
|
|
|
/* We can't do the next bit under the queue lock as we need to
|
|
* get the list lock - which would cause a deadlock if someone
|
|
* was removing from the opposite direction at the same time or
|
|
* posting a notification.
|
|
*/
|
|
wlist = rcu_dereference(watch->watch_list);
|
|
if (wlist) {
|
|
void (*release_watch)(struct watch *);
|
|
|
|
spin_lock(&wlist->lock);
|
|
|
|
release = !hlist_unhashed(&watch->list_node);
|
|
if (release) {
|
|
hlist_del_init_rcu(&watch->list_node);
|
|
rcu_assign_pointer(watch->watch_list, NULL);
|
|
|
|
/* We now own a second ref on the watch. */
|
|
}
|
|
|
|
release_watch = wlist->release_watch;
|
|
spin_unlock(&wlist->lock);
|
|
|
|
if (release) {
|
|
if (release_watch) {
|
|
rcu_read_unlock();
|
|
/* This might need to call dput(), so
|
|
* we have to drop all the locks.
|
|
*/
|
|
(*release_watch)(watch);
|
|
rcu_read_lock();
|
|
}
|
|
put_watch(watch);
|
|
}
|
|
}
|
|
|
|
put_watch(watch);
|
|
spin_lock_bh(&wqueue->lock);
|
|
}
|
|
|
|
spin_unlock_bh(&wqueue->lock);
|
|
rcu_read_unlock();
|
|
}
|
|
|
|
/**
|
|
* get_watch_queue - Get a watch queue from its file descriptor.
|
|
* @fd: The fd to query.
|
|
*/
|
|
struct watch_queue *get_watch_queue(int fd)
|
|
{
|
|
struct pipe_inode_info *pipe;
|
|
struct watch_queue *wqueue = ERR_PTR(-EINVAL);
|
|
struct fd f;
|
|
|
|
f = fdget(fd);
|
|
if (f.file) {
|
|
pipe = get_pipe_info(f.file, false);
|
|
if (pipe && pipe->watch_queue) {
|
|
wqueue = pipe->watch_queue;
|
|
kref_get(&wqueue->usage);
|
|
}
|
|
fdput(f);
|
|
}
|
|
|
|
return wqueue;
|
|
}
|
|
EXPORT_SYMBOL(get_watch_queue);
|
|
|
|
/*
|
|
* Initialise a watch queue
|
|
*/
|
|
int watch_queue_init(struct pipe_inode_info *pipe)
|
|
{
|
|
struct watch_queue *wqueue;
|
|
|
|
wqueue = kzalloc(sizeof(*wqueue), GFP_KERNEL);
|
|
if (!wqueue)
|
|
return -ENOMEM;
|
|
|
|
wqueue->pipe = pipe;
|
|
kref_init(&wqueue->usage);
|
|
spin_lock_init(&wqueue->lock);
|
|
INIT_HLIST_HEAD(&wqueue->watches);
|
|
|
|
pipe->watch_queue = wqueue;
|
|
return 0;
|
|
}
|