mark.c (27178B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (C) 2008 Red Hat, Inc., Eric Paris <eparis@redhat.com> 4 */ 5 6/* 7 * fsnotify inode mark locking/lifetime/and refcnting 8 * 9 * REFCNT: 10 * The group->recnt and mark->refcnt tell how many "things" in the kernel 11 * currently are referencing the objects. Both kind of objects typically will 12 * live inside the kernel with a refcnt of 2, one for its creation and one for 13 * the reference a group and a mark hold to each other. 14 * If you are holding the appropriate locks, you can take a reference and the 15 * object itself is guaranteed to survive until the reference is dropped. 16 * 17 * LOCKING: 18 * There are 3 locks involved with fsnotify inode marks and they MUST be taken 19 * in order as follows: 20 * 21 * group->mark_mutex 22 * mark->lock 23 * mark->connector->lock 24 * 25 * group->mark_mutex protects the marks_list anchored inside a given group and 26 * each mark is hooked via the g_list. It also protects the groups private 27 * data (i.e group limits). 28 29 * mark->lock protects the marks attributes like its masks and flags. 30 * Furthermore it protects the access to a reference of the group that the mark 31 * is assigned to as well as the access to a reference of the inode/vfsmount 32 * that is being watched by the mark. 33 * 34 * mark->connector->lock protects the list of marks anchored inside an 35 * inode / vfsmount and each mark is hooked via the i_list. 36 * 37 * A list of notification marks relating to inode / mnt is contained in 38 * fsnotify_mark_connector. That structure is alive as long as there are any 39 * marks in the list and is also protected by fsnotify_mark_srcu. A mark gets 40 * detached from fsnotify_mark_connector when last reference to the mark is 41 * dropped. Thus having mark reference is enough to protect mark->connector 42 * pointer and to make sure fsnotify_mark_connector cannot disappear. Also 43 * because we remove mark from g_list before dropping mark reference associated 44 * with that, any mark found through g_list is guaranteed to have 45 * mark->connector set until we drop group->mark_mutex. 46 * 47 * LIFETIME: 48 * Inode marks survive between when they are added to an inode and when their 49 * refcnt==0. Marks are also protected by fsnotify_mark_srcu. 50 * 51 * The inode mark can be cleared for a number of different reasons including: 52 * - The inode is unlinked for the last time. (fsnotify_inode_remove) 53 * - The inode is being evicted from cache. (fsnotify_inode_delete) 54 * - The fs the inode is on is unmounted. (fsnotify_inode_delete/fsnotify_unmount_inodes) 55 * - Something explicitly requests that it be removed. (fsnotify_destroy_mark) 56 * - The fsnotify_group associated with the mark is going away and all such marks 57 * need to be cleaned up. (fsnotify_clear_marks_by_group) 58 * 59 * This has the very interesting property of being able to run concurrently with 60 * any (or all) other directions. 61 */ 62 63#include <linux/fs.h> 64#include <linux/init.h> 65#include <linux/kernel.h> 66#include <linux/kthread.h> 67#include <linux/module.h> 68#include <linux/mutex.h> 69#include <linux/slab.h> 70#include <linux/spinlock.h> 71#include <linux/srcu.h> 72#include <linux/ratelimit.h> 73 74#include <linux/atomic.h> 75 76#include <linux/fsnotify_backend.h> 77#include "fsnotify.h" 78 79#define FSNOTIFY_REAPER_DELAY (1) /* 1 jiffy */ 80 81struct srcu_struct fsnotify_mark_srcu; 82struct kmem_cache *fsnotify_mark_connector_cachep; 83 84static DEFINE_SPINLOCK(destroy_lock); 85static LIST_HEAD(destroy_list); 86static struct fsnotify_mark_connector *connector_destroy_list; 87 88static void fsnotify_mark_destroy_workfn(struct work_struct *work); 89static DECLARE_DELAYED_WORK(reaper_work, fsnotify_mark_destroy_workfn); 90 91static void fsnotify_connector_destroy_workfn(struct work_struct *work); 92static DECLARE_WORK(connector_reaper_work, fsnotify_connector_destroy_workfn); 93 94void fsnotify_get_mark(struct fsnotify_mark *mark) 95{ 96 WARN_ON_ONCE(!refcount_read(&mark->refcnt)); 97 refcount_inc(&mark->refcnt); 98} 99 100static __u32 *fsnotify_conn_mask_p(struct fsnotify_mark_connector *conn) 101{ 102 if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) 103 return &fsnotify_conn_inode(conn)->i_fsnotify_mask; 104 else if (conn->type == FSNOTIFY_OBJ_TYPE_VFSMOUNT) 105 return &fsnotify_conn_mount(conn)->mnt_fsnotify_mask; 106 else if (conn->type == FSNOTIFY_OBJ_TYPE_SB) 107 return &fsnotify_conn_sb(conn)->s_fsnotify_mask; 108 return NULL; 109} 110 111__u32 fsnotify_conn_mask(struct fsnotify_mark_connector *conn) 112{ 113 if (WARN_ON(!fsnotify_valid_obj_type(conn->type))) 114 return 0; 115 116 return *fsnotify_conn_mask_p(conn); 117} 118 119static void fsnotify_get_inode_ref(struct inode *inode) 120{ 121 ihold(inode); 122 atomic_long_inc(&inode->i_sb->s_fsnotify_connectors); 123} 124 125/* 126 * Grab or drop inode reference for the connector if needed. 127 * 128 * When it's time to drop the reference, we only clear the HAS_IREF flag and 129 * return the inode object. fsnotify_drop_object() will be resonsible for doing 130 * iput() outside of spinlocks. This happens when last mark that wanted iref is 131 * detached. 132 */ 133static struct inode *fsnotify_update_iref(struct fsnotify_mark_connector *conn, 134 bool want_iref) 135{ 136 bool has_iref = conn->flags & FSNOTIFY_CONN_FLAG_HAS_IREF; 137 struct inode *inode = NULL; 138 139 if (conn->type != FSNOTIFY_OBJ_TYPE_INODE || 140 want_iref == has_iref) 141 return NULL; 142 143 if (want_iref) { 144 /* Pin inode if any mark wants inode refcount held */ 145 fsnotify_get_inode_ref(fsnotify_conn_inode(conn)); 146 conn->flags |= FSNOTIFY_CONN_FLAG_HAS_IREF; 147 } else { 148 /* Unpin inode after detach of last mark that wanted iref */ 149 inode = fsnotify_conn_inode(conn); 150 conn->flags &= ~FSNOTIFY_CONN_FLAG_HAS_IREF; 151 } 152 153 return inode; 154} 155 156static void *__fsnotify_recalc_mask(struct fsnotify_mark_connector *conn) 157{ 158 u32 new_mask = 0; 159 bool want_iref = false; 160 struct fsnotify_mark *mark; 161 162 assert_spin_locked(&conn->lock); 163 /* We can get detached connector here when inode is getting unlinked. */ 164 if (!fsnotify_valid_obj_type(conn->type)) 165 return NULL; 166 hlist_for_each_entry(mark, &conn->list, obj_list) { 167 if (!(mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) 168 continue; 169 new_mask |= fsnotify_calc_mask(mark); 170 if (conn->type == FSNOTIFY_OBJ_TYPE_INODE && 171 !(mark->flags & FSNOTIFY_MARK_FLAG_NO_IREF)) 172 want_iref = true; 173 } 174 *fsnotify_conn_mask_p(conn) = new_mask; 175 176 return fsnotify_update_iref(conn, want_iref); 177} 178 179/* 180 * Calculate mask of events for a list of marks. The caller must make sure 181 * connector and connector->obj cannot disappear under us. Callers achieve 182 * this by holding a mark->lock or mark->group->mark_mutex for a mark on this 183 * list. 184 */ 185void fsnotify_recalc_mask(struct fsnotify_mark_connector *conn) 186{ 187 if (!conn) 188 return; 189 190 spin_lock(&conn->lock); 191 __fsnotify_recalc_mask(conn); 192 spin_unlock(&conn->lock); 193 if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) 194 __fsnotify_update_child_dentry_flags( 195 fsnotify_conn_inode(conn)); 196} 197 198/* Free all connectors queued for freeing once SRCU period ends */ 199static void fsnotify_connector_destroy_workfn(struct work_struct *work) 200{ 201 struct fsnotify_mark_connector *conn, *free; 202 203 spin_lock(&destroy_lock); 204 conn = connector_destroy_list; 205 connector_destroy_list = NULL; 206 spin_unlock(&destroy_lock); 207 208 synchronize_srcu(&fsnotify_mark_srcu); 209 while (conn) { 210 free = conn; 211 conn = conn->destroy_next; 212 kmem_cache_free(fsnotify_mark_connector_cachep, free); 213 } 214} 215 216static void fsnotify_put_inode_ref(struct inode *inode) 217{ 218 struct super_block *sb = inode->i_sb; 219 220 iput(inode); 221 if (atomic_long_dec_and_test(&sb->s_fsnotify_connectors)) 222 wake_up_var(&sb->s_fsnotify_connectors); 223} 224 225static void fsnotify_get_sb_connectors(struct fsnotify_mark_connector *conn) 226{ 227 struct super_block *sb = fsnotify_connector_sb(conn); 228 229 if (sb) 230 atomic_long_inc(&sb->s_fsnotify_connectors); 231} 232 233static void fsnotify_put_sb_connectors(struct fsnotify_mark_connector *conn) 234{ 235 struct super_block *sb = fsnotify_connector_sb(conn); 236 237 if (sb && atomic_long_dec_and_test(&sb->s_fsnotify_connectors)) 238 wake_up_var(&sb->s_fsnotify_connectors); 239} 240 241static void *fsnotify_detach_connector_from_object( 242 struct fsnotify_mark_connector *conn, 243 unsigned int *type) 244{ 245 struct inode *inode = NULL; 246 247 *type = conn->type; 248 if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED) 249 return NULL; 250 251 if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) { 252 inode = fsnotify_conn_inode(conn); 253 inode->i_fsnotify_mask = 0; 254 255 /* Unpin inode when detaching from connector */ 256 if (!(conn->flags & FSNOTIFY_CONN_FLAG_HAS_IREF)) 257 inode = NULL; 258 } else if (conn->type == FSNOTIFY_OBJ_TYPE_VFSMOUNT) { 259 fsnotify_conn_mount(conn)->mnt_fsnotify_mask = 0; 260 } else if (conn->type == FSNOTIFY_OBJ_TYPE_SB) { 261 fsnotify_conn_sb(conn)->s_fsnotify_mask = 0; 262 } 263 264 fsnotify_put_sb_connectors(conn); 265 rcu_assign_pointer(*(conn->obj), NULL); 266 conn->obj = NULL; 267 conn->type = FSNOTIFY_OBJ_TYPE_DETACHED; 268 269 return inode; 270} 271 272static void fsnotify_final_mark_destroy(struct fsnotify_mark *mark) 273{ 274 struct fsnotify_group *group = mark->group; 275 276 if (WARN_ON_ONCE(!group)) 277 return; 278 group->ops->free_mark(mark); 279 fsnotify_put_group(group); 280} 281 282/* Drop object reference originally held by a connector */ 283static void fsnotify_drop_object(unsigned int type, void *objp) 284{ 285 if (!objp) 286 return; 287 /* Currently only inode references are passed to be dropped */ 288 if (WARN_ON_ONCE(type != FSNOTIFY_OBJ_TYPE_INODE)) 289 return; 290 fsnotify_put_inode_ref(objp); 291} 292 293void fsnotify_put_mark(struct fsnotify_mark *mark) 294{ 295 struct fsnotify_mark_connector *conn = READ_ONCE(mark->connector); 296 void *objp = NULL; 297 unsigned int type = FSNOTIFY_OBJ_TYPE_DETACHED; 298 bool free_conn = false; 299 300 /* Catch marks that were actually never attached to object */ 301 if (!conn) { 302 if (refcount_dec_and_test(&mark->refcnt)) 303 fsnotify_final_mark_destroy(mark); 304 return; 305 } 306 307 /* 308 * We have to be careful so that traversals of obj_list under lock can 309 * safely grab mark reference. 310 */ 311 if (!refcount_dec_and_lock(&mark->refcnt, &conn->lock)) 312 return; 313 314 hlist_del_init_rcu(&mark->obj_list); 315 if (hlist_empty(&conn->list)) { 316 objp = fsnotify_detach_connector_from_object(conn, &type); 317 free_conn = true; 318 } else { 319 objp = __fsnotify_recalc_mask(conn); 320 type = conn->type; 321 } 322 WRITE_ONCE(mark->connector, NULL); 323 spin_unlock(&conn->lock); 324 325 fsnotify_drop_object(type, objp); 326 327 if (free_conn) { 328 spin_lock(&destroy_lock); 329 conn->destroy_next = connector_destroy_list; 330 connector_destroy_list = conn; 331 spin_unlock(&destroy_lock); 332 queue_work(system_unbound_wq, &connector_reaper_work); 333 } 334 /* 335 * Note that we didn't update flags telling whether inode cares about 336 * what's happening with children. We update these flags from 337 * __fsnotify_parent() lazily when next event happens on one of our 338 * children. 339 */ 340 spin_lock(&destroy_lock); 341 list_add(&mark->g_list, &destroy_list); 342 spin_unlock(&destroy_lock); 343 queue_delayed_work(system_unbound_wq, &reaper_work, 344 FSNOTIFY_REAPER_DELAY); 345} 346EXPORT_SYMBOL_GPL(fsnotify_put_mark); 347 348/* 349 * Get mark reference when we found the mark via lockless traversal of object 350 * list. Mark can be already removed from the list by now and on its way to be 351 * destroyed once SRCU period ends. 352 * 353 * Also pin the group so it doesn't disappear under us. 354 */ 355static bool fsnotify_get_mark_safe(struct fsnotify_mark *mark) 356{ 357 if (!mark) 358 return true; 359 360 if (refcount_inc_not_zero(&mark->refcnt)) { 361 spin_lock(&mark->lock); 362 if (mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED) { 363 /* mark is attached, group is still alive then */ 364 atomic_inc(&mark->group->user_waits); 365 spin_unlock(&mark->lock); 366 return true; 367 } 368 spin_unlock(&mark->lock); 369 fsnotify_put_mark(mark); 370 } 371 return false; 372} 373 374/* 375 * Puts marks and wakes up group destruction if necessary. 376 * 377 * Pairs with fsnotify_get_mark_safe() 378 */ 379static void fsnotify_put_mark_wake(struct fsnotify_mark *mark) 380{ 381 if (mark) { 382 struct fsnotify_group *group = mark->group; 383 384 fsnotify_put_mark(mark); 385 /* 386 * We abuse notification_waitq on group shutdown for waiting for 387 * all marks pinned when waiting for userspace. 388 */ 389 if (atomic_dec_and_test(&group->user_waits) && group->shutdown) 390 wake_up(&group->notification_waitq); 391 } 392} 393 394bool fsnotify_prepare_user_wait(struct fsnotify_iter_info *iter_info) 395 __releases(&fsnotify_mark_srcu) 396{ 397 int type; 398 399 fsnotify_foreach_iter_type(type) { 400 /* This can fail if mark is being removed */ 401 if (!fsnotify_get_mark_safe(iter_info->marks[type])) { 402 __release(&fsnotify_mark_srcu); 403 goto fail; 404 } 405 } 406 407 /* 408 * Now that both marks are pinned by refcount in the inode / vfsmount 409 * lists, we can drop SRCU lock, and safely resume the list iteration 410 * once userspace returns. 411 */ 412 srcu_read_unlock(&fsnotify_mark_srcu, iter_info->srcu_idx); 413 414 return true; 415 416fail: 417 for (type--; type >= 0; type--) 418 fsnotify_put_mark_wake(iter_info->marks[type]); 419 return false; 420} 421 422void fsnotify_finish_user_wait(struct fsnotify_iter_info *iter_info) 423 __acquires(&fsnotify_mark_srcu) 424{ 425 int type; 426 427 iter_info->srcu_idx = srcu_read_lock(&fsnotify_mark_srcu); 428 fsnotify_foreach_iter_type(type) 429 fsnotify_put_mark_wake(iter_info->marks[type]); 430} 431 432/* 433 * Mark mark as detached, remove it from group list. Mark still stays in object 434 * list until its last reference is dropped. Note that we rely on mark being 435 * removed from group list before corresponding reference to it is dropped. In 436 * particular we rely on mark->connector being valid while we hold 437 * group->mark_mutex if we found the mark through g_list. 438 * 439 * Must be called with group->mark_mutex held. The caller must either hold 440 * reference to the mark or be protected by fsnotify_mark_srcu. 441 */ 442void fsnotify_detach_mark(struct fsnotify_mark *mark) 443{ 444 fsnotify_group_assert_locked(mark->group); 445 WARN_ON_ONCE(!srcu_read_lock_held(&fsnotify_mark_srcu) && 446 refcount_read(&mark->refcnt) < 1 + 447 !!(mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED)); 448 449 spin_lock(&mark->lock); 450 /* something else already called this function on this mark */ 451 if (!(mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) { 452 spin_unlock(&mark->lock); 453 return; 454 } 455 mark->flags &= ~FSNOTIFY_MARK_FLAG_ATTACHED; 456 list_del_init(&mark->g_list); 457 spin_unlock(&mark->lock); 458 459 /* Drop mark reference acquired in fsnotify_add_mark_locked() */ 460 fsnotify_put_mark(mark); 461} 462 463/* 464 * Free fsnotify mark. The mark is actually only marked as being freed. The 465 * freeing is actually happening only once last reference to the mark is 466 * dropped from a workqueue which first waits for srcu period end. 467 * 468 * Caller must have a reference to the mark or be protected by 469 * fsnotify_mark_srcu. 470 */ 471void fsnotify_free_mark(struct fsnotify_mark *mark) 472{ 473 struct fsnotify_group *group = mark->group; 474 475 spin_lock(&mark->lock); 476 /* something else already called this function on this mark */ 477 if (!(mark->flags & FSNOTIFY_MARK_FLAG_ALIVE)) { 478 spin_unlock(&mark->lock); 479 return; 480 } 481 mark->flags &= ~FSNOTIFY_MARK_FLAG_ALIVE; 482 spin_unlock(&mark->lock); 483 484 /* 485 * Some groups like to know that marks are being freed. This is a 486 * callback to the group function to let it know that this mark 487 * is being freed. 488 */ 489 if (group->ops->freeing_mark) 490 group->ops->freeing_mark(mark, group); 491} 492 493void fsnotify_destroy_mark(struct fsnotify_mark *mark, 494 struct fsnotify_group *group) 495{ 496 fsnotify_group_lock(group); 497 fsnotify_detach_mark(mark); 498 fsnotify_group_unlock(group); 499 fsnotify_free_mark(mark); 500} 501EXPORT_SYMBOL_GPL(fsnotify_destroy_mark); 502 503/* 504 * Sorting function for lists of fsnotify marks. 505 * 506 * Fanotify supports different notification classes (reflected as priority of 507 * notification group). Events shall be passed to notification groups in 508 * decreasing priority order. To achieve this marks in notification lists for 509 * inodes and vfsmounts are sorted so that priorities of corresponding groups 510 * are descending. 511 * 512 * Furthermore correct handling of the ignore mask requires processing inode 513 * and vfsmount marks of each group together. Using the group address as 514 * further sort criterion provides a unique sorting order and thus we can 515 * merge inode and vfsmount lists of marks in linear time and find groups 516 * present in both lists. 517 * 518 * A return value of 1 signifies that b has priority over a. 519 * A return value of 0 signifies that the two marks have to be handled together. 520 * A return value of -1 signifies that a has priority over b. 521 */ 522int fsnotify_compare_groups(struct fsnotify_group *a, struct fsnotify_group *b) 523{ 524 if (a == b) 525 return 0; 526 if (!a) 527 return 1; 528 if (!b) 529 return -1; 530 if (a->priority < b->priority) 531 return 1; 532 if (a->priority > b->priority) 533 return -1; 534 if (a < b) 535 return 1; 536 return -1; 537} 538 539static int fsnotify_attach_connector_to_object(fsnotify_connp_t *connp, 540 unsigned int obj_type, 541 __kernel_fsid_t *fsid) 542{ 543 struct fsnotify_mark_connector *conn; 544 545 conn = kmem_cache_alloc(fsnotify_mark_connector_cachep, GFP_KERNEL); 546 if (!conn) 547 return -ENOMEM; 548 spin_lock_init(&conn->lock); 549 INIT_HLIST_HEAD(&conn->list); 550 conn->flags = 0; 551 conn->type = obj_type; 552 conn->obj = connp; 553 /* Cache fsid of filesystem containing the object */ 554 if (fsid) { 555 conn->fsid = *fsid; 556 conn->flags = FSNOTIFY_CONN_FLAG_HAS_FSID; 557 } else { 558 conn->fsid.val[0] = conn->fsid.val[1] = 0; 559 conn->flags = 0; 560 } 561 fsnotify_get_sb_connectors(conn); 562 563 /* 564 * cmpxchg() provides the barrier so that readers of *connp can see 565 * only initialized structure 566 */ 567 if (cmpxchg(connp, NULL, conn)) { 568 /* Someone else created list structure for us */ 569 fsnotify_put_sb_connectors(conn); 570 kmem_cache_free(fsnotify_mark_connector_cachep, conn); 571 } 572 573 return 0; 574} 575 576/* 577 * Get mark connector, make sure it is alive and return with its lock held. 578 * This is for users that get connector pointer from inode or mount. Users that 579 * hold reference to a mark on the list may directly lock connector->lock as 580 * they are sure list cannot go away under them. 581 */ 582static struct fsnotify_mark_connector *fsnotify_grab_connector( 583 fsnotify_connp_t *connp) 584{ 585 struct fsnotify_mark_connector *conn; 586 int idx; 587 588 idx = srcu_read_lock(&fsnotify_mark_srcu); 589 conn = srcu_dereference(*connp, &fsnotify_mark_srcu); 590 if (!conn) 591 goto out; 592 spin_lock(&conn->lock); 593 if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED) { 594 spin_unlock(&conn->lock); 595 srcu_read_unlock(&fsnotify_mark_srcu, idx); 596 return NULL; 597 } 598out: 599 srcu_read_unlock(&fsnotify_mark_srcu, idx); 600 return conn; 601} 602 603/* 604 * Add mark into proper place in given list of marks. These marks may be used 605 * for the fsnotify backend to determine which event types should be delivered 606 * to which group and for which inodes. These marks are ordered according to 607 * priority, highest number first, and then by the group's location in memory. 608 */ 609static int fsnotify_add_mark_list(struct fsnotify_mark *mark, 610 fsnotify_connp_t *connp, 611 unsigned int obj_type, 612 int add_flags, __kernel_fsid_t *fsid) 613{ 614 struct fsnotify_mark *lmark, *last = NULL; 615 struct fsnotify_mark_connector *conn; 616 int cmp; 617 int err = 0; 618 619 if (WARN_ON(!fsnotify_valid_obj_type(obj_type))) 620 return -EINVAL; 621 622 /* Backend is expected to check for zero fsid (e.g. tmpfs) */ 623 if (fsid && WARN_ON_ONCE(!fsid->val[0] && !fsid->val[1])) 624 return -ENODEV; 625 626restart: 627 spin_lock(&mark->lock); 628 conn = fsnotify_grab_connector(connp); 629 if (!conn) { 630 spin_unlock(&mark->lock); 631 err = fsnotify_attach_connector_to_object(connp, obj_type, 632 fsid); 633 if (err) 634 return err; 635 goto restart; 636 } else if (fsid && !(conn->flags & FSNOTIFY_CONN_FLAG_HAS_FSID)) { 637 conn->fsid = *fsid; 638 /* Pairs with smp_rmb() in fanotify_get_fsid() */ 639 smp_wmb(); 640 conn->flags |= FSNOTIFY_CONN_FLAG_HAS_FSID; 641 } else if (fsid && (conn->flags & FSNOTIFY_CONN_FLAG_HAS_FSID) && 642 (fsid->val[0] != conn->fsid.val[0] || 643 fsid->val[1] != conn->fsid.val[1])) { 644 /* 645 * Backend is expected to check for non uniform fsid 646 * (e.g. btrfs), but maybe we missed something? 647 * Only allow setting conn->fsid once to non zero fsid. 648 * inotify and non-fid fanotify groups do not set nor test 649 * conn->fsid. 650 */ 651 pr_warn_ratelimited("%s: fsid mismatch on object of type %u: " 652 "%x.%x != %x.%x\n", __func__, conn->type, 653 fsid->val[0], fsid->val[1], 654 conn->fsid.val[0], conn->fsid.val[1]); 655 err = -EXDEV; 656 goto out_err; 657 } 658 659 /* is mark the first mark? */ 660 if (hlist_empty(&conn->list)) { 661 hlist_add_head_rcu(&mark->obj_list, &conn->list); 662 goto added; 663 } 664 665 /* should mark be in the middle of the current list? */ 666 hlist_for_each_entry(lmark, &conn->list, obj_list) { 667 last = lmark; 668 669 if ((lmark->group == mark->group) && 670 (lmark->flags & FSNOTIFY_MARK_FLAG_ATTACHED) && 671 !(mark->group->flags & FSNOTIFY_GROUP_DUPS)) { 672 err = -EEXIST; 673 goto out_err; 674 } 675 676 cmp = fsnotify_compare_groups(lmark->group, mark->group); 677 if (cmp >= 0) { 678 hlist_add_before_rcu(&mark->obj_list, &lmark->obj_list); 679 goto added; 680 } 681 } 682 683 BUG_ON(last == NULL); 684 /* mark should be the last entry. last is the current last entry */ 685 hlist_add_behind_rcu(&mark->obj_list, &last->obj_list); 686added: 687 /* 688 * Since connector is attached to object using cmpxchg() we are 689 * guaranteed that connector initialization is fully visible by anyone 690 * seeing mark->connector set. 691 */ 692 WRITE_ONCE(mark->connector, conn); 693out_err: 694 spin_unlock(&conn->lock); 695 spin_unlock(&mark->lock); 696 return err; 697} 698 699/* 700 * Attach an initialized mark to a given group and fs object. 701 * These marks may be used for the fsnotify backend to determine which 702 * event types should be delivered to which group. 703 */ 704int fsnotify_add_mark_locked(struct fsnotify_mark *mark, 705 fsnotify_connp_t *connp, unsigned int obj_type, 706 int add_flags, __kernel_fsid_t *fsid) 707{ 708 struct fsnotify_group *group = mark->group; 709 int ret = 0; 710 711 fsnotify_group_assert_locked(group); 712 713 /* 714 * LOCKING ORDER!!!! 715 * group->mark_mutex 716 * mark->lock 717 * mark->connector->lock 718 */ 719 spin_lock(&mark->lock); 720 mark->flags |= FSNOTIFY_MARK_FLAG_ALIVE | FSNOTIFY_MARK_FLAG_ATTACHED; 721 722 list_add(&mark->g_list, &group->marks_list); 723 fsnotify_get_mark(mark); /* for g_list */ 724 spin_unlock(&mark->lock); 725 726 ret = fsnotify_add_mark_list(mark, connp, obj_type, add_flags, fsid); 727 if (ret) 728 goto err; 729 730 fsnotify_recalc_mask(mark->connector); 731 732 return ret; 733err: 734 spin_lock(&mark->lock); 735 mark->flags &= ~(FSNOTIFY_MARK_FLAG_ALIVE | 736 FSNOTIFY_MARK_FLAG_ATTACHED); 737 list_del_init(&mark->g_list); 738 spin_unlock(&mark->lock); 739 740 fsnotify_put_mark(mark); 741 return ret; 742} 743 744int fsnotify_add_mark(struct fsnotify_mark *mark, fsnotify_connp_t *connp, 745 unsigned int obj_type, int add_flags, 746 __kernel_fsid_t *fsid) 747{ 748 int ret; 749 struct fsnotify_group *group = mark->group; 750 751 fsnotify_group_lock(group); 752 ret = fsnotify_add_mark_locked(mark, connp, obj_type, add_flags, fsid); 753 fsnotify_group_unlock(group); 754 return ret; 755} 756EXPORT_SYMBOL_GPL(fsnotify_add_mark); 757 758/* 759 * Given a list of marks, find the mark associated with given group. If found 760 * take a reference to that mark and return it, else return NULL. 761 */ 762struct fsnotify_mark *fsnotify_find_mark(fsnotify_connp_t *connp, 763 struct fsnotify_group *group) 764{ 765 struct fsnotify_mark_connector *conn; 766 struct fsnotify_mark *mark; 767 768 conn = fsnotify_grab_connector(connp); 769 if (!conn) 770 return NULL; 771 772 hlist_for_each_entry(mark, &conn->list, obj_list) { 773 if (mark->group == group && 774 (mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED)) { 775 fsnotify_get_mark(mark); 776 spin_unlock(&conn->lock); 777 return mark; 778 } 779 } 780 spin_unlock(&conn->lock); 781 return NULL; 782} 783EXPORT_SYMBOL_GPL(fsnotify_find_mark); 784 785/* Clear any marks in a group with given type mask */ 786void fsnotify_clear_marks_by_group(struct fsnotify_group *group, 787 unsigned int obj_type) 788{ 789 struct fsnotify_mark *lmark, *mark; 790 LIST_HEAD(to_free); 791 struct list_head *head = &to_free; 792 793 /* Skip selection step if we want to clear all marks. */ 794 if (obj_type == FSNOTIFY_OBJ_TYPE_ANY) { 795 head = &group->marks_list; 796 goto clear; 797 } 798 /* 799 * We have to be really careful here. Anytime we drop mark_mutex, e.g. 800 * fsnotify_clear_marks_by_inode() can come and free marks. Even in our 801 * to_free list so we have to use mark_mutex even when accessing that 802 * list. And freeing mark requires us to drop mark_mutex. So we can 803 * reliably free only the first mark in the list. That's why we first 804 * move marks to free to to_free list in one go and then free marks in 805 * to_free list one by one. 806 */ 807 fsnotify_group_lock(group); 808 list_for_each_entry_safe(mark, lmark, &group->marks_list, g_list) { 809 if (mark->connector->type == obj_type) 810 list_move(&mark->g_list, &to_free); 811 } 812 fsnotify_group_unlock(group); 813 814clear: 815 while (1) { 816 fsnotify_group_lock(group); 817 if (list_empty(head)) { 818 fsnotify_group_unlock(group); 819 break; 820 } 821 mark = list_first_entry(head, struct fsnotify_mark, g_list); 822 fsnotify_get_mark(mark); 823 fsnotify_detach_mark(mark); 824 fsnotify_group_unlock(group); 825 fsnotify_free_mark(mark); 826 fsnotify_put_mark(mark); 827 } 828} 829 830/* Destroy all marks attached to an object via connector */ 831void fsnotify_destroy_marks(fsnotify_connp_t *connp) 832{ 833 struct fsnotify_mark_connector *conn; 834 struct fsnotify_mark *mark, *old_mark = NULL; 835 void *objp; 836 unsigned int type; 837 838 conn = fsnotify_grab_connector(connp); 839 if (!conn) 840 return; 841 /* 842 * We have to be careful since we can race with e.g. 843 * fsnotify_clear_marks_by_group() and once we drop the conn->lock, the 844 * list can get modified. However we are holding mark reference and 845 * thus our mark cannot be removed from obj_list so we can continue 846 * iteration after regaining conn->lock. 847 */ 848 hlist_for_each_entry(mark, &conn->list, obj_list) { 849 fsnotify_get_mark(mark); 850 spin_unlock(&conn->lock); 851 if (old_mark) 852 fsnotify_put_mark(old_mark); 853 old_mark = mark; 854 fsnotify_destroy_mark(mark, mark->group); 855 spin_lock(&conn->lock); 856 } 857 /* 858 * Detach list from object now so that we don't pin inode until all 859 * mark references get dropped. It would lead to strange results such 860 * as delaying inode deletion or blocking unmount. 861 */ 862 objp = fsnotify_detach_connector_from_object(conn, &type); 863 spin_unlock(&conn->lock); 864 if (old_mark) 865 fsnotify_put_mark(old_mark); 866 fsnotify_drop_object(type, objp); 867} 868 869/* 870 * Nothing fancy, just initialize lists and locks and counters. 871 */ 872void fsnotify_init_mark(struct fsnotify_mark *mark, 873 struct fsnotify_group *group) 874{ 875 memset(mark, 0, sizeof(*mark)); 876 spin_lock_init(&mark->lock); 877 refcount_set(&mark->refcnt, 1); 878 fsnotify_get_group(group); 879 mark->group = group; 880 WRITE_ONCE(mark->connector, NULL); 881} 882EXPORT_SYMBOL_GPL(fsnotify_init_mark); 883 884/* 885 * Destroy all marks in destroy_list, waits for SRCU period to finish before 886 * actually freeing marks. 887 */ 888static void fsnotify_mark_destroy_workfn(struct work_struct *work) 889{ 890 struct fsnotify_mark *mark, *next; 891 struct list_head private_destroy_list; 892 893 spin_lock(&destroy_lock); 894 /* exchange the list head */ 895 list_replace_init(&destroy_list, &private_destroy_list); 896 spin_unlock(&destroy_lock); 897 898 synchronize_srcu(&fsnotify_mark_srcu); 899 900 list_for_each_entry_safe(mark, next, &private_destroy_list, g_list) { 901 list_del_init(&mark->g_list); 902 fsnotify_final_mark_destroy(mark); 903 } 904} 905 906/* Wait for all marks queued for destruction to be actually destroyed */ 907void fsnotify_wait_marks_destroyed(void) 908{ 909 flush_delayed_work(&reaper_work); 910} 911EXPORT_SYMBOL_GPL(fsnotify_wait_marks_destroyed);