eventfd.c (12324B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * fs/eventfd.c 4 * 5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> 6 * 7 */ 8 9#include <linux/file.h> 10#include <linux/poll.h> 11#include <linux/init.h> 12#include <linux/fs.h> 13#include <linux/sched/signal.h> 14#include <linux/kernel.h> 15#include <linux/slab.h> 16#include <linux/list.h> 17#include <linux/spinlock.h> 18#include <linux/anon_inodes.h> 19#include <linux/syscalls.h> 20#include <linux/export.h> 21#include <linux/kref.h> 22#include <linux/eventfd.h> 23#include <linux/proc_fs.h> 24#include <linux/seq_file.h> 25#include <linux/idr.h> 26#include <linux/uio.h> 27 28static DEFINE_IDA(eventfd_ida); 29 30struct eventfd_ctx { 31 struct kref kref; 32 wait_queue_head_t wqh; 33 /* 34 * Every time that a write(2) is performed on an eventfd, the 35 * value of the __u64 being written is added to "count" and a 36 * wakeup is performed on "wqh". A read(2) will return the "count" 37 * value to userspace, and will reset "count" to zero. The kernel 38 * side eventfd_signal() also, adds to the "count" counter and 39 * issue a wakeup. 40 */ 41 __u64 count; 42 unsigned int flags; 43 int id; 44}; 45 46/** 47 * eventfd_signal - Adds @n to the eventfd counter. 48 * @ctx: [in] Pointer to the eventfd context. 49 * @n: [in] Value of the counter to be added to the eventfd internal counter. 50 * The value cannot be negative. 51 * 52 * This function is supposed to be called by the kernel in paths that do not 53 * allow sleeping. In this function we allow the counter to reach the ULLONG_MAX 54 * value, and we signal this as overflow condition by returning a EPOLLERR 55 * to poll(2). 56 * 57 * Returns the amount by which the counter was incremented. This will be less 58 * than @n if the counter has overflowed. 59 */ 60__u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n) 61{ 62 unsigned long flags; 63 64 /* 65 * Deadlock or stack overflow issues can happen if we recurse here 66 * through waitqueue wakeup handlers. If the caller users potentially 67 * nested waitqueues with custom wakeup handlers, then it should 68 * check eventfd_signal_allowed() before calling this function. If 69 * it returns false, the eventfd_signal() call should be deferred to a 70 * safe context. 71 */ 72 if (WARN_ON_ONCE(current->in_eventfd_signal)) 73 return 0; 74 75 spin_lock_irqsave(&ctx->wqh.lock, flags); 76 current->in_eventfd_signal = 1; 77 if (ULLONG_MAX - ctx->count < n) 78 n = ULLONG_MAX - ctx->count; 79 ctx->count += n; 80 if (waitqueue_active(&ctx->wqh)) 81 wake_up_locked_poll(&ctx->wqh, EPOLLIN); 82 current->in_eventfd_signal = 0; 83 spin_unlock_irqrestore(&ctx->wqh.lock, flags); 84 85 return n; 86} 87EXPORT_SYMBOL_GPL(eventfd_signal); 88 89static void eventfd_free_ctx(struct eventfd_ctx *ctx) 90{ 91 if (ctx->id >= 0) 92 ida_simple_remove(&eventfd_ida, ctx->id); 93 kfree(ctx); 94} 95 96static void eventfd_free(struct kref *kref) 97{ 98 struct eventfd_ctx *ctx = container_of(kref, struct eventfd_ctx, kref); 99 100 eventfd_free_ctx(ctx); 101} 102 103/** 104 * eventfd_ctx_put - Releases a reference to the internal eventfd context. 105 * @ctx: [in] Pointer to eventfd context. 106 * 107 * The eventfd context reference must have been previously acquired either 108 * with eventfd_ctx_fdget() or eventfd_ctx_fileget(). 109 */ 110void eventfd_ctx_put(struct eventfd_ctx *ctx) 111{ 112 kref_put(&ctx->kref, eventfd_free); 113} 114EXPORT_SYMBOL_GPL(eventfd_ctx_put); 115 116static int eventfd_release(struct inode *inode, struct file *file) 117{ 118 struct eventfd_ctx *ctx = file->private_data; 119 120 wake_up_poll(&ctx->wqh, EPOLLHUP); 121 eventfd_ctx_put(ctx); 122 return 0; 123} 124 125static __poll_t eventfd_poll(struct file *file, poll_table *wait) 126{ 127 struct eventfd_ctx *ctx = file->private_data; 128 __poll_t events = 0; 129 u64 count; 130 131 poll_wait(file, &ctx->wqh, wait); 132 133 /* 134 * All writes to ctx->count occur within ctx->wqh.lock. This read 135 * can be done outside ctx->wqh.lock because we know that poll_wait 136 * takes that lock (through add_wait_queue) if our caller will sleep. 137 * 138 * The read _can_ therefore seep into add_wait_queue's critical 139 * section, but cannot move above it! add_wait_queue's spin_lock acts 140 * as an acquire barrier and ensures that the read be ordered properly 141 * against the writes. The following CAN happen and is safe: 142 * 143 * poll write 144 * ----------------- ------------ 145 * lock ctx->wqh.lock (in poll_wait) 146 * count = ctx->count 147 * __add_wait_queue 148 * unlock ctx->wqh.lock 149 * lock ctx->qwh.lock 150 * ctx->count += n 151 * if (waitqueue_active) 152 * wake_up_locked_poll 153 * unlock ctx->qwh.lock 154 * eventfd_poll returns 0 155 * 156 * but the following, which would miss a wakeup, cannot happen: 157 * 158 * poll write 159 * ----------------- ------------ 160 * count = ctx->count (INVALID!) 161 * lock ctx->qwh.lock 162 * ctx->count += n 163 * **waitqueue_active is false** 164 * **no wake_up_locked_poll!** 165 * unlock ctx->qwh.lock 166 * lock ctx->wqh.lock (in poll_wait) 167 * __add_wait_queue 168 * unlock ctx->wqh.lock 169 * eventfd_poll returns 0 170 */ 171 count = READ_ONCE(ctx->count); 172 173 if (count > 0) 174 events |= EPOLLIN; 175 if (count == ULLONG_MAX) 176 events |= EPOLLERR; 177 if (ULLONG_MAX - 1 > count) 178 events |= EPOLLOUT; 179 180 return events; 181} 182 183void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt) 184{ 185 lockdep_assert_held(&ctx->wqh.lock); 186 187 *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count; 188 ctx->count -= *cnt; 189} 190EXPORT_SYMBOL_GPL(eventfd_ctx_do_read); 191 192/** 193 * eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue. 194 * @ctx: [in] Pointer to eventfd context. 195 * @wait: [in] Wait queue to be removed. 196 * @cnt: [out] Pointer to the 64-bit counter value. 197 * 198 * Returns %0 if successful, or the following error codes: 199 * 200 * -EAGAIN : The operation would have blocked. 201 * 202 * This is used to atomically remove a wait queue entry from the eventfd wait 203 * queue head, and read/reset the counter value. 204 */ 205int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait, 206 __u64 *cnt) 207{ 208 unsigned long flags; 209 210 spin_lock_irqsave(&ctx->wqh.lock, flags); 211 eventfd_ctx_do_read(ctx, cnt); 212 __remove_wait_queue(&ctx->wqh, wait); 213 if (*cnt != 0 && waitqueue_active(&ctx->wqh)) 214 wake_up_locked_poll(&ctx->wqh, EPOLLOUT); 215 spin_unlock_irqrestore(&ctx->wqh.lock, flags); 216 217 return *cnt != 0 ? 0 : -EAGAIN; 218} 219EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queue); 220 221static ssize_t eventfd_read(struct kiocb *iocb, struct iov_iter *to) 222{ 223 struct file *file = iocb->ki_filp; 224 struct eventfd_ctx *ctx = file->private_data; 225 __u64 ucnt = 0; 226 DECLARE_WAITQUEUE(wait, current); 227 228 if (iov_iter_count(to) < sizeof(ucnt)) 229 return -EINVAL; 230 spin_lock_irq(&ctx->wqh.lock); 231 if (!ctx->count) { 232 if ((file->f_flags & O_NONBLOCK) || 233 (iocb->ki_flags & IOCB_NOWAIT)) { 234 spin_unlock_irq(&ctx->wqh.lock); 235 return -EAGAIN; 236 } 237 __add_wait_queue(&ctx->wqh, &wait); 238 for (;;) { 239 set_current_state(TASK_INTERRUPTIBLE); 240 if (ctx->count) 241 break; 242 if (signal_pending(current)) { 243 __remove_wait_queue(&ctx->wqh, &wait); 244 __set_current_state(TASK_RUNNING); 245 spin_unlock_irq(&ctx->wqh.lock); 246 return -ERESTARTSYS; 247 } 248 spin_unlock_irq(&ctx->wqh.lock); 249 schedule(); 250 spin_lock_irq(&ctx->wqh.lock); 251 } 252 __remove_wait_queue(&ctx->wqh, &wait); 253 __set_current_state(TASK_RUNNING); 254 } 255 eventfd_ctx_do_read(ctx, &ucnt); 256 if (waitqueue_active(&ctx->wqh)) 257 wake_up_locked_poll(&ctx->wqh, EPOLLOUT); 258 spin_unlock_irq(&ctx->wqh.lock); 259 if (unlikely(copy_to_iter(&ucnt, sizeof(ucnt), to) != sizeof(ucnt))) 260 return -EFAULT; 261 262 return sizeof(ucnt); 263} 264 265static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t count, 266 loff_t *ppos) 267{ 268 struct eventfd_ctx *ctx = file->private_data; 269 ssize_t res; 270 __u64 ucnt; 271 DECLARE_WAITQUEUE(wait, current); 272 273 if (count < sizeof(ucnt)) 274 return -EINVAL; 275 if (copy_from_user(&ucnt, buf, sizeof(ucnt))) 276 return -EFAULT; 277 if (ucnt == ULLONG_MAX) 278 return -EINVAL; 279 spin_lock_irq(&ctx->wqh.lock); 280 res = -EAGAIN; 281 if (ULLONG_MAX - ctx->count > ucnt) 282 res = sizeof(ucnt); 283 else if (!(file->f_flags & O_NONBLOCK)) { 284 __add_wait_queue(&ctx->wqh, &wait); 285 for (res = 0;;) { 286 set_current_state(TASK_INTERRUPTIBLE); 287 if (ULLONG_MAX - ctx->count > ucnt) { 288 res = sizeof(ucnt); 289 break; 290 } 291 if (signal_pending(current)) { 292 res = -ERESTARTSYS; 293 break; 294 } 295 spin_unlock_irq(&ctx->wqh.lock); 296 schedule(); 297 spin_lock_irq(&ctx->wqh.lock); 298 } 299 __remove_wait_queue(&ctx->wqh, &wait); 300 __set_current_state(TASK_RUNNING); 301 } 302 if (likely(res > 0)) { 303 ctx->count += ucnt; 304 if (waitqueue_active(&ctx->wqh)) 305 wake_up_locked_poll(&ctx->wqh, EPOLLIN); 306 } 307 spin_unlock_irq(&ctx->wqh.lock); 308 309 return res; 310} 311 312#ifdef CONFIG_PROC_FS 313static void eventfd_show_fdinfo(struct seq_file *m, struct file *f) 314{ 315 struct eventfd_ctx *ctx = f->private_data; 316 317 spin_lock_irq(&ctx->wqh.lock); 318 seq_printf(m, "eventfd-count: %16llx\n", 319 (unsigned long long)ctx->count); 320 spin_unlock_irq(&ctx->wqh.lock); 321 seq_printf(m, "eventfd-id: %d\n", ctx->id); 322} 323#endif 324 325static const struct file_operations eventfd_fops = { 326#ifdef CONFIG_PROC_FS 327 .show_fdinfo = eventfd_show_fdinfo, 328#endif 329 .release = eventfd_release, 330 .poll = eventfd_poll, 331 .read_iter = eventfd_read, 332 .write = eventfd_write, 333 .llseek = noop_llseek, 334}; 335 336/** 337 * eventfd_fget - Acquire a reference of an eventfd file descriptor. 338 * @fd: [in] Eventfd file descriptor. 339 * 340 * Returns a pointer to the eventfd file structure in case of success, or the 341 * following error pointer: 342 * 343 * -EBADF : Invalid @fd file descriptor. 344 * -EINVAL : The @fd file descriptor is not an eventfd file. 345 */ 346struct file *eventfd_fget(int fd) 347{ 348 struct file *file; 349 350 file = fget(fd); 351 if (!file) 352 return ERR_PTR(-EBADF); 353 if (file->f_op != &eventfd_fops) { 354 fput(file); 355 return ERR_PTR(-EINVAL); 356 } 357 358 return file; 359} 360EXPORT_SYMBOL_GPL(eventfd_fget); 361 362/** 363 * eventfd_ctx_fdget - Acquires a reference to the internal eventfd context. 364 * @fd: [in] Eventfd file descriptor. 365 * 366 * Returns a pointer to the internal eventfd context, otherwise the error 367 * pointers returned by the following functions: 368 * 369 * eventfd_fget 370 */ 371struct eventfd_ctx *eventfd_ctx_fdget(int fd) 372{ 373 struct eventfd_ctx *ctx; 374 struct fd f = fdget(fd); 375 if (!f.file) 376 return ERR_PTR(-EBADF); 377 ctx = eventfd_ctx_fileget(f.file); 378 fdput(f); 379 return ctx; 380} 381EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); 382 383/** 384 * eventfd_ctx_fileget - Acquires a reference to the internal eventfd context. 385 * @file: [in] Eventfd file pointer. 386 * 387 * Returns a pointer to the internal eventfd context, otherwise the error 388 * pointer: 389 * 390 * -EINVAL : The @fd file descriptor is not an eventfd file. 391 */ 392struct eventfd_ctx *eventfd_ctx_fileget(struct file *file) 393{ 394 struct eventfd_ctx *ctx; 395 396 if (file->f_op != &eventfd_fops) 397 return ERR_PTR(-EINVAL); 398 399 ctx = file->private_data; 400 kref_get(&ctx->kref); 401 return ctx; 402} 403EXPORT_SYMBOL_GPL(eventfd_ctx_fileget); 404 405static int do_eventfd(unsigned int count, int flags) 406{ 407 struct eventfd_ctx *ctx; 408 struct file *file; 409 int fd; 410 411 /* Check the EFD_* constants for consistency. */ 412 BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC); 413 BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOCK); 414 415 if (flags & ~EFD_FLAGS_SET) 416 return -EINVAL; 417 418 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); 419 if (!ctx) 420 return -ENOMEM; 421 422 kref_init(&ctx->kref); 423 init_waitqueue_head(&ctx->wqh); 424 ctx->count = count; 425 ctx->flags = flags; 426 ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL); 427 428 flags &= EFD_SHARED_FCNTL_FLAGS; 429 flags |= O_RDWR; 430 fd = get_unused_fd_flags(flags); 431 if (fd < 0) 432 goto err; 433 434 file = anon_inode_getfile("[eventfd]", &eventfd_fops, ctx, flags); 435 if (IS_ERR(file)) { 436 put_unused_fd(fd); 437 fd = PTR_ERR(file); 438 goto err; 439 } 440 441 file->f_mode |= FMODE_NOWAIT; 442 fd_install(fd, file); 443 return fd; 444err: 445 eventfd_free_ctx(ctx); 446 return fd; 447} 448 449SYSCALL_DEFINE2(eventfd2, unsigned int, count, int, flags) 450{ 451 return do_eventfd(count, flags); 452} 453 454SYSCALL_DEFINE1(eventfd, unsigned int, count) 455{ 456 return do_eventfd(count, 0); 457} 458