file_table.c (11240B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * linux/fs/file_table.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu) 7 */ 8 9#include <linux/string.h> 10#include <linux/slab.h> 11#include <linux/file.h> 12#include <linux/fdtable.h> 13#include <linux/init.h> 14#include <linux/module.h> 15#include <linux/fs.h> 16#include <linux/security.h> 17#include <linux/cred.h> 18#include <linux/eventpoll.h> 19#include <linux/rcupdate.h> 20#include <linux/mount.h> 21#include <linux/capability.h> 22#include <linux/cdev.h> 23#include <linux/fsnotify.h> 24#include <linux/sysctl.h> 25#include <linux/percpu_counter.h> 26#include <linux/percpu.h> 27#include <linux/task_work.h> 28#include <linux/ima.h> 29#include <linux/swap.h> 30#include <linux/kmemleak.h> 31 32#include <linux/atomic.h> 33 34#include "internal.h" 35 36/* sysctl tunables... */ 37static struct files_stat_struct files_stat = { 38 .max_files = NR_FILE 39}; 40 41/* SLAB cache for file structures */ 42static struct kmem_cache *filp_cachep __read_mostly; 43 44static struct percpu_counter nr_files __cacheline_aligned_in_smp; 45 46static void file_free_rcu(struct rcu_head *head) 47{ 48 struct file *f = container_of(head, struct file, f_u.fu_rcuhead); 49 50 put_cred(f->f_cred); 51 kmem_cache_free(filp_cachep, f); 52} 53 54static inline void file_free(struct file *f) 55{ 56 security_file_free(f); 57 if (!(f->f_mode & FMODE_NOACCOUNT)) 58 percpu_counter_dec(&nr_files); 59 call_rcu(&f->f_u.fu_rcuhead, file_free_rcu); 60} 61 62/* 63 * Return the total number of open files in the system 64 */ 65static long get_nr_files(void) 66{ 67 return percpu_counter_read_positive(&nr_files); 68} 69 70/* 71 * Return the maximum number of open files in the system 72 */ 73unsigned long get_max_files(void) 74{ 75 return files_stat.max_files; 76} 77EXPORT_SYMBOL_GPL(get_max_files); 78 79#if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS) 80 81/* 82 * Handle nr_files sysctl 83 */ 84static int proc_nr_files(struct ctl_table *table, int write, void *buffer, 85 size_t *lenp, loff_t *ppos) 86{ 87 files_stat.nr_files = get_nr_files(); 88 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 89} 90 91static struct ctl_table fs_stat_sysctls[] = { 92 { 93 .procname = "file-nr", 94 .data = &files_stat, 95 .maxlen = sizeof(files_stat), 96 .mode = 0444, 97 .proc_handler = proc_nr_files, 98 }, 99 { 100 .procname = "file-max", 101 .data = &files_stat.max_files, 102 .maxlen = sizeof(files_stat.max_files), 103 .mode = 0644, 104 .proc_handler = proc_doulongvec_minmax, 105 .extra1 = SYSCTL_LONG_ZERO, 106 .extra2 = SYSCTL_LONG_MAX, 107 }, 108 { 109 .procname = "nr_open", 110 .data = &sysctl_nr_open, 111 .maxlen = sizeof(unsigned int), 112 .mode = 0644, 113 .proc_handler = proc_dointvec_minmax, 114 .extra1 = &sysctl_nr_open_min, 115 .extra2 = &sysctl_nr_open_max, 116 }, 117 { } 118}; 119 120static int __init init_fs_stat_sysctls(void) 121{ 122 register_sysctl_init("fs", fs_stat_sysctls); 123 if (IS_ENABLED(CONFIG_BINFMT_MISC)) { 124 struct ctl_table_header *hdr; 125 hdr = register_sysctl_mount_point("fs/binfmt_misc"); 126 kmemleak_not_leak(hdr); 127 } 128 return 0; 129} 130fs_initcall(init_fs_stat_sysctls); 131#endif 132 133static struct file *__alloc_file(int flags, const struct cred *cred) 134{ 135 struct file *f; 136 int error; 137 138 f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL); 139 if (unlikely(!f)) 140 return ERR_PTR(-ENOMEM); 141 142 f->f_cred = get_cred(cred); 143 error = security_file_alloc(f); 144 if (unlikely(error)) { 145 file_free_rcu(&f->f_u.fu_rcuhead); 146 return ERR_PTR(error); 147 } 148 149 atomic_long_set(&f->f_count, 1); 150 rwlock_init(&f->f_owner.lock); 151 spin_lock_init(&f->f_lock); 152 mutex_init(&f->f_pos_lock); 153 f->f_flags = flags; 154 f->f_mode = OPEN_FMODE(flags); 155 /* f->f_version: 0 */ 156 157 return f; 158} 159 160/* Find an unused file structure and return a pointer to it. 161 * Returns an error pointer if some error happend e.g. we over file 162 * structures limit, run out of memory or operation is not permitted. 163 * 164 * Be very careful using this. You are responsible for 165 * getting write access to any mount that you might assign 166 * to this filp, if it is opened for write. If this is not 167 * done, you will imbalance int the mount's writer count 168 * and a warning at __fput() time. 169 */ 170struct file *alloc_empty_file(int flags, const struct cred *cred) 171{ 172 static long old_max; 173 struct file *f; 174 175 /* 176 * Privileged users can go above max_files 177 */ 178 if (get_nr_files() >= files_stat.max_files && !capable(CAP_SYS_ADMIN)) { 179 /* 180 * percpu_counters are inaccurate. Do an expensive check before 181 * we go and fail. 182 */ 183 if (percpu_counter_sum_positive(&nr_files) >= files_stat.max_files) 184 goto over; 185 } 186 187 f = __alloc_file(flags, cred); 188 if (!IS_ERR(f)) 189 percpu_counter_inc(&nr_files); 190 191 return f; 192 193over: 194 /* Ran out of filps - report that */ 195 if (get_nr_files() > old_max) { 196 pr_info("VFS: file-max limit %lu reached\n", get_max_files()); 197 old_max = get_nr_files(); 198 } 199 return ERR_PTR(-ENFILE); 200} 201 202/* 203 * Variant of alloc_empty_file() that doesn't check and modify nr_files. 204 * 205 * Should not be used unless there's a very good reason to do so. 206 */ 207struct file *alloc_empty_file_noaccount(int flags, const struct cred *cred) 208{ 209 struct file *f = __alloc_file(flags, cred); 210 211 if (!IS_ERR(f)) 212 f->f_mode |= FMODE_NOACCOUNT; 213 214 return f; 215} 216 217/** 218 * alloc_file - allocate and initialize a 'struct file' 219 * 220 * @path: the (dentry, vfsmount) pair for the new file 221 * @flags: O_... flags with which the new file will be opened 222 * @fop: the 'struct file_operations' for the new file 223 */ 224static struct file *alloc_file(const struct path *path, int flags, 225 const struct file_operations *fop) 226{ 227 struct file *file; 228 229 file = alloc_empty_file(flags, current_cred()); 230 if (IS_ERR(file)) 231 return file; 232 233 file->f_path = *path; 234 file->f_inode = path->dentry->d_inode; 235 file->f_mapping = path->dentry->d_inode->i_mapping; 236 file->f_wb_err = filemap_sample_wb_err(file->f_mapping); 237 file->f_sb_err = file_sample_sb_err(file); 238 if ((file->f_mode & FMODE_READ) && 239 likely(fop->read || fop->read_iter)) 240 file->f_mode |= FMODE_CAN_READ; 241 if ((file->f_mode & FMODE_WRITE) && 242 likely(fop->write || fop->write_iter)) 243 file->f_mode |= FMODE_CAN_WRITE; 244 file->f_mode |= FMODE_OPENED; 245 file->f_op = fop; 246 if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 247 i_readcount_inc(path->dentry->d_inode); 248 return file; 249} 250 251struct file *alloc_file_pseudo(struct inode *inode, struct vfsmount *mnt, 252 const char *name, int flags, 253 const struct file_operations *fops) 254{ 255 static const struct dentry_operations anon_ops = { 256 .d_dname = simple_dname 257 }; 258 struct qstr this = QSTR_INIT(name, strlen(name)); 259 struct path path; 260 struct file *file; 261 262 path.dentry = d_alloc_pseudo(mnt->mnt_sb, &this); 263 if (!path.dentry) 264 return ERR_PTR(-ENOMEM); 265 if (!mnt->mnt_sb->s_d_op) 266 d_set_d_op(path.dentry, &anon_ops); 267 path.mnt = mntget(mnt); 268 d_instantiate(path.dentry, inode); 269 file = alloc_file(&path, flags, fops); 270 if (IS_ERR(file)) { 271 ihold(inode); 272 path_put(&path); 273 } 274 return file; 275} 276EXPORT_SYMBOL(alloc_file_pseudo); 277 278struct file *alloc_file_clone(struct file *base, int flags, 279 const struct file_operations *fops) 280{ 281 struct file *f = alloc_file(&base->f_path, flags, fops); 282 if (!IS_ERR(f)) { 283 path_get(&f->f_path); 284 f->f_mapping = base->f_mapping; 285 } 286 return f; 287} 288 289/* the real guts of fput() - releasing the last reference to file 290 */ 291static void __fput(struct file *file) 292{ 293 struct dentry *dentry = file->f_path.dentry; 294 struct vfsmount *mnt = file->f_path.mnt; 295 struct inode *inode = file->f_inode; 296 fmode_t mode = file->f_mode; 297 298 if (unlikely(!(file->f_mode & FMODE_OPENED))) 299 goto out; 300 301 might_sleep(); 302 303 fsnotify_close(file); 304 /* 305 * The function eventpoll_release() should be the first called 306 * in the file cleanup chain. 307 */ 308 eventpoll_release(file); 309 locks_remove_file(file); 310 311 ima_file_free(file); 312 if (unlikely(file->f_flags & FASYNC)) { 313 if (file->f_op->fasync) 314 file->f_op->fasync(-1, file, 0); 315 } 316 if (file->f_op->release) 317 file->f_op->release(inode, file); 318 if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && 319 !(mode & FMODE_PATH))) { 320 cdev_put(inode->i_cdev); 321 } 322 fops_put(file->f_op); 323 put_pid(file->f_owner.pid); 324 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 325 i_readcount_dec(inode); 326 if (mode & FMODE_WRITER) { 327 put_write_access(inode); 328 __mnt_drop_write(mnt); 329 } 330 dput(dentry); 331 if (unlikely(mode & FMODE_NEED_UNMOUNT)) 332 dissolve_on_fput(mnt); 333 mntput(mnt); 334out: 335 file_free(file); 336} 337 338static LLIST_HEAD(delayed_fput_list); 339static void delayed_fput(struct work_struct *unused) 340{ 341 struct llist_node *node = llist_del_all(&delayed_fput_list); 342 struct file *f, *t; 343 344 llist_for_each_entry_safe(f, t, node, f_u.fu_llist) 345 __fput(f); 346} 347 348static void ____fput(struct callback_head *work) 349{ 350 __fput(container_of(work, struct file, f_u.fu_rcuhead)); 351} 352 353/* 354 * If kernel thread really needs to have the final fput() it has done 355 * to complete, call this. The only user right now is the boot - we 356 * *do* need to make sure our writes to binaries on initramfs has 357 * not left us with opened struct file waiting for __fput() - execve() 358 * won't work without that. Please, don't add more callers without 359 * very good reasons; in particular, never call that with locks 360 * held and never call that from a thread that might need to do 361 * some work on any kind of umount. 362 */ 363void flush_delayed_fput(void) 364{ 365 delayed_fput(NULL); 366} 367EXPORT_SYMBOL_GPL(flush_delayed_fput); 368 369static DECLARE_DELAYED_WORK(delayed_fput_work, delayed_fput); 370 371void fput(struct file *file) 372{ 373 if (atomic_long_dec_and_test(&file->f_count)) { 374 struct task_struct *task = current; 375 376 if (likely(!in_interrupt() && !(task->flags & PF_KTHREAD))) { 377 init_task_work(&file->f_u.fu_rcuhead, ____fput); 378 if (!task_work_add(task, &file->f_u.fu_rcuhead, TWA_RESUME)) 379 return; 380 /* 381 * After this task has run exit_task_work(), 382 * task_work_add() will fail. Fall through to delayed 383 * fput to avoid leaking *file. 384 */ 385 } 386 387 if (llist_add(&file->f_u.fu_llist, &delayed_fput_list)) 388 schedule_delayed_work(&delayed_fput_work, 1); 389 } 390} 391 392/* 393 * synchronous analog of fput(); for kernel threads that might be needed 394 * in some umount() (and thus can't use flush_delayed_fput() without 395 * risking deadlocks), need to wait for completion of __fput() and know 396 * for this specific struct file it won't involve anything that would 397 * need them. Use only if you really need it - at the very least, 398 * don't blindly convert fput() by kernel thread to that. 399 */ 400void __fput_sync(struct file *file) 401{ 402 if (atomic_long_dec_and_test(&file->f_count)) { 403 struct task_struct *task = current; 404 BUG_ON(!(task->flags & PF_KTHREAD)); 405 __fput(file); 406 } 407} 408 409EXPORT_SYMBOL(fput); 410EXPORT_SYMBOL(__fput_sync); 411 412void __init files_init(void) 413{ 414 filp_cachep = kmem_cache_create("filp", sizeof(struct file), 0, 415 SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT, NULL); 416 percpu_counter_init(&nr_files, 0, GFP_KERNEL); 417} 418 419/* 420 * One file with associated inode and dcache is very roughly 1K. Per default 421 * do not use more than 10% of our memory for files. 422 */ 423void __init files_maxfiles_init(void) 424{ 425 unsigned long n; 426 unsigned long nr_pages = totalram_pages(); 427 unsigned long memreserve = (nr_pages - nr_free_pages()) * 3/2; 428 429 memreserve = min(memreserve, nr_pages - 1); 430 n = ((nr_pages - memreserve) * (PAGE_SIZE / 1024)) / 10; 431 432 files_stat.max_files = max_t(unsigned long, n, NR_FILE); 433}