nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity
kernel/fs/tracefs/event_inode.c
Steven Rostedt d2603279c7 eventfs: Use list_del_rcu() for SRCU protected list variable 
Chi Zhiling reported:

  We found a null pointer accessing in tracefs[1], the reason is that the
  variable 'ei_child' is set to LIST_POISON1, that means the list was
  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the
  panic triggered.

  by the way, the following script can reproduce this panic

  loop1 (){
      while true
      do
          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events
          echo "" > /sys/kernel/debug/tracing/kprobe_events
      done
  }
  loop2 (){
      while true
      do
          tree /sys/kernel/debug/tracing/events/kprobes/
      done
  }
  loop1 &
  loop2

  [1]:
  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150
  [ 1147.968239][T17331] Mem abort info:
  [ 1147.971739][T17331]   ESR = 0x0000000096000004
  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits
  [ 1147.982171][T17331]   SET = 0, FnV = 0
  [ 1147.985906][T17331]   EA = 0, S1PTW = 0
  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault
  [ 1147.995292][T17331] Data abort info:
  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges
  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP
  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]
  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2
  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650
  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020
  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398
  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398
  [ 1148.115969][T17331] sp : ffff80008d56bbd0
  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000
  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100
  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10
  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000
  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0
  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0
  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862
  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068
  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001
  [ 1148.198131][T17331] Call trace:
  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398
  [ 1148.205864][T17331]  iterate_dir+0x98/0x188
  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160
  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108
  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0
  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38
  [ 1148.228974][T17331]  el0_svc+0x40/0x168
  [ 1148.232798][T17331]  el0t_64_sync_handler+0x120/0x130
  [ 1148.237836][T17331]  el0t_64_sync+0x1a4/0x1a8
  [ 1148.242182][T17331] Code: 54ffff6c f9400676 910006d6 f9000676 (b9405300)
  [ 1148.248955][T17331] ---[ end trace 0000000000000000 ]---

The issue is that list_del() is used on an SRCU protected list variable
before the synchronization occurs. This can poison the list pointers while
there is a reader iterating the list.

This is simply fixed by using list_del_rcu() that is specifically made for
this purpose.

Link: https://lore.kernel.org/linux-trace-kernel/20240829085025.3600021-1-chizhiling@163.com/

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20240904131605.640d42b1@gandalf.local.home
Fixes: 43aa6f97c2 ("eventfs: Get rid of dentry pointers without refcounts")
Reported-by: Chi Zhiling <chizhiling@kylinos.cn>
Tested-by: Chi Zhiling <chizhiling@kylinos.cn>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2024-09-05 10:18:48 -04:00

913 lines
23 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-only
/*
* event_inode.c - part of tracefs, a pseudo file system for activating tracing
*
* Copyright (C) 2020-23 VMware Inc, author: Steven Rostedt <rostedt@goodmis.org>
* Copyright (C) 2020-23 VMware Inc, author: Ajay Kaher <akaher@vmware.com>
* Copyright (C) 2023 Google, author: Steven Rostedt <rostedt@goodmis.org>
*
* eventfs is used to dynamically create inodes and dentries based on the
* meta data provided by the tracing system.
*
* eventfs stores the meta-data of files/dirs and holds off on creating
* inodes/dentries of the files. When accessed, the eventfs will create the
* inodes/dentries in a just-in-time (JIT) manner. The eventfs will clean up
* and delete the inodes/dentries when they are no longer referenced.
*/
#include <linux/fsnotify.h>
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/workqueue.h>
#include <linux/security.h>
#include <linux/tracefs.h>
#include <linux/kref.h>
#include <linux/delay.h>
#include "internal.h"
/*
* eventfs_mutex protects the eventfs_inode (ei) dentry. Any access
* to the ei->dentry must be done under this mutex and after checking
* if ei->is_freed is not set. When ei->is_freed is set, the dentry
* is on its way to being freed after the last dput() is made on it.
*/
static DEFINE_MUTEX(eventfs_mutex);
/* Choose something "unique" ;-) */
#define EVENTFS_FILE_INODE_INO 0x12c4e37
struct eventfs_root_inode {
struct eventfs_inode ei;
struct dentry *events_dir;
};
static struct eventfs_root_inode *get_root_inode(struct eventfs_inode *ei)
{
WARN_ON_ONCE(!ei->is_events);
return container_of(ei, struct eventfs_root_inode, ei);
}
/* Just try to make something consistent and unique */
static int eventfs_dir_ino(struct eventfs_inode *ei)
{
if (!ei->ino) {
ei->ino = get_next_ino();
/* Must not have the file inode number */
if (ei->ino == EVENTFS_FILE_INODE_INO)
ei->ino = get_next_ino();
}
return ei->ino;
}
/*
* The eventfs_inode (ei) itself is protected by SRCU. It is released from
* its parent's list and will have is_freed set (under eventfs_mutex).
* After the SRCU grace period is over and the last dput() is called
* the ei is freed.
*/
DEFINE_STATIC_SRCU(eventfs_srcu);
/* Mode is unsigned short, use the upper bits for flags */
enum {
EVENTFS_SAVE_MODE = BIT(16),
EVENTFS_SAVE_UID = BIT(17),
EVENTFS_SAVE_GID = BIT(18),
};
#define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1)
static void free_ei_rcu(struct rcu_head *rcu)
{
struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu);
struct eventfs_root_inode *rei;
kfree(ei->entry_attrs);
kfree_const(ei->name);
if (ei->is_events) {
rei = get_root_inode(ei);
kfree(rei);
} else {
kfree(ei);
}
}
/*
* eventfs_inode reference count management.
*
* NOTE! We count only references from dentries, in the
* form 'dentry->d_fsdata'. There are also references from
* directory inodes ('ti->private'), but the dentry reference
* count is always a superset of the inode reference count.
*/
static void release_ei(struct kref *ref)
{
struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref);
const struct eventfs_entry *entry;
WARN_ON_ONCE(!ei->is_freed);
for (int i = 0; i < ei->nr_entries; i++) {
entry = &ei->entries[i];
if (entry->release)
entry->release(entry->name, ei->data);
}
call_srcu(&eventfs_srcu, &ei->rcu, free_ei_rcu);
}
static inline void put_ei(struct eventfs_inode *ei)
{
if (ei)
kref_put(&ei->kref, release_ei);
}
static inline void free_ei(struct eventfs_inode *ei)
{
if (ei) {
ei->is_freed = 1;
put_ei(ei);
}
}
/*
* Called when creation of an ei fails, do not call release() functions.
*/
static inline void cleanup_ei(struct eventfs_inode *ei)
{
if (ei) {
/* Set nr_entries to 0 to prevent release() function being called */
ei->nr_entries = 0;
free_ei(ei);
}
}
static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei)
{
if (ei)
kref_get(&ei->kref);
return ei;
}
static struct dentry *eventfs_root_lookup(struct inode *dir,
struct dentry *dentry,
unsigned int flags);
static int eventfs_iterate(struct file *file, struct dir_context *ctx);
static void update_attr(struct eventfs_attr *attr, struct iattr *iattr)
{
unsigned int ia_valid = iattr->ia_valid;
if (ia_valid & ATTR_MODE) {
attr->mode = (attr->mode & ~EVENTFS_MODE_MASK) |
(iattr->ia_mode & EVENTFS_MODE_MASK) |
EVENTFS_SAVE_MODE;
}
if (ia_valid & ATTR_UID) {
attr->mode |= EVENTFS_SAVE_UID;
attr->uid = iattr->ia_uid;
}
if (ia_valid & ATTR_GID) {
attr->mode |= EVENTFS_SAVE_GID;
attr->gid = iattr->ia_gid;
}
}
static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *iattr)
{
const struct eventfs_entry *entry;
struct eventfs_inode *ei;
const char *name;
int ret;
mutex_lock(&eventfs_mutex);
ei = dentry->d_fsdata;
if (ei->is_freed) {
/* Do not allow changes if the event is about to be removed. */
mutex_unlock(&eventfs_mutex);
return -ENODEV;
}
/* Preallocate the children mode array if necessary */
if (!(dentry->d_inode->i_mode & S_IFDIR)) {
if (!ei->entry_attrs) {
ei->entry_attrs = kcalloc(ei->nr_entries, sizeof(*ei->entry_attrs),
GFP_NOFS);
if (!ei->entry_attrs) {
ret = -ENOMEM;
goto out;
}
}
}
ret = simple_setattr(idmap, dentry, iattr);
if (ret < 0)
goto out;
/*
* If this is a dir, then update the ei cache, only the file
* mode is saved in the ei->m_children, and the ownership is
* determined by the parent directory.
*/
if (dentry->d_inode->i_mode & S_IFDIR) {
/* Just use the inode permissions for the events directory */
if (!ei->is_events)
update_attr(&ei->attr, iattr);
} else {
name = dentry->d_name.name;
for (int i = 0; i < ei->nr_entries; i++) {
entry = &ei->entries[i];
if (strcmp(name, entry->name) == 0) {
update_attr(&ei->entry_attrs[i], iattr);
break;
}
}
}
out:
mutex_unlock(&eventfs_mutex);
return ret;
}
static const struct inode_operations eventfs_dir_inode_operations = {
.lookup = eventfs_root_lookup,
.setattr = eventfs_set_attr,
};
static const struct inode_operations eventfs_file_inode_operations = {
.setattr = eventfs_set_attr,
};
static const struct file_operations eventfs_file_operations = {
.read = generic_read_dir,
.iterate_shared = eventfs_iterate,
.llseek = generic_file_llseek,
};
static void eventfs_set_attrs(struct eventfs_inode *ei, bool update_uid, kuid_t uid,
bool update_gid, kgid_t gid, int level)
{
struct eventfs_inode *ei_child;
/* Update events/<system>/<event> */
if (WARN_ON_ONCE(level > 3))
return;
if (update_uid) {
ei->attr.mode &= ~EVENTFS_SAVE_UID;
ei->attr.uid = uid;
}
if (update_gid) {
ei->attr.mode &= ~EVENTFS_SAVE_GID;
ei->attr.gid = gid;
}
list_for_each_entry(ei_child, &ei->children, list) {
eventfs_set_attrs(ei_child, update_uid, uid, update_gid, gid, level + 1);
}
if (!ei->entry_attrs)
return;
for (int i = 0; i < ei->nr_entries; i++) {
if (update_uid) {
ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID;
ei->entry_attrs[i].uid = uid;
}
if (update_gid) {
ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID;
ei->entry_attrs[i].gid = gid;
}
}
}
/*
* On a remount of tracefs, if UID or GID options are set, then
* the mount point inode permissions should be used.
* Reset the saved permission flags appropriately.
*/
void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid)
{
struct eventfs_inode *ei = ti->private;
/* Only the events directory does the updates */
if (!ei || !ei->is_events || ei->is_freed)
return;
eventfs_set_attrs(ei, update_uid, ti->vfs_inode.i_uid,
update_gid, ti->vfs_inode.i_gid, 0);
}
static void update_inode_attr(struct inode *inode, umode_t mode,
struct eventfs_attr *attr, struct eventfs_root_inode *rei)
{
if (attr && attr->mode & EVENTFS_SAVE_MODE)
inode->i_mode = attr->mode & EVENTFS_MODE_MASK;
else
inode->i_mode = mode;
if (attr && attr->mode & EVENTFS_SAVE_UID)
inode->i_uid = attr->uid;
else
inode->i_uid = rei->ei.attr.uid;
if (attr && attr->mode & EVENTFS_SAVE_GID)
inode->i_gid = attr->gid;
else
inode->i_gid = rei->ei.attr.gid;
}
static struct inode *eventfs_get_inode(struct dentry *dentry, struct eventfs_attr *attr,
umode_t mode, struct eventfs_inode *ei)
{
struct eventfs_root_inode *rei;
struct eventfs_inode *pei;
struct tracefs_inode *ti;
struct inode *inode;
inode = tracefs_get_inode(dentry->d_sb);
if (!inode)
return NULL;
ti = get_tracefs(inode);
ti->private = ei;
ti->flags |= TRACEFS_EVENT_INODE;
/* Find the top dentry that holds the "events" directory */
do {
dentry = dentry->d_parent;
/* Directories always have d_fsdata */
pei = dentry->d_fsdata;
} while (!pei->is_events);
rei = get_root_inode(pei);
update_inode_attr(inode, mode, attr, rei);
return inode;
}
/**
* lookup_file - look up a file in the tracefs filesystem
* @parent_ei: Pointer to the eventfs_inode that represents parent of the file
* @dentry: the dentry to look up
* @mode: the permission that the file should have.
* @attr: saved attributes changed by user
* @data: something that the caller will want to get to later on.
* @fop: struct file_operations that should be used for this file.
*
* This function creates a dentry that represents a file in the eventsfs_inode
* directory. The inode.i_private pointer will point to @data in the open()
* call.
*/
static struct dentry *lookup_file(struct eventfs_inode *parent_ei,
struct dentry *dentry,
umode_t mode,
struct eventfs_attr *attr,
void *data,
const struct file_operations *fop)
{
struct inode *inode;
if (!(mode & S_IFMT))
mode |= S_IFREG;
if (WARN_ON_ONCE(!S_ISREG(mode)))
return ERR_PTR(-EIO);
/* Only directories have ti->private set to an ei, not files */
inode = eventfs_get_inode(dentry, attr, mode, NULL);
if (unlikely(!inode))
return ERR_PTR(-ENOMEM);
inode->i_op = &eventfs_file_inode_operations;
inode->i_fop = fop;
inode->i_private = data;
/* All files will have the same inode number */
inode->i_ino = EVENTFS_FILE_INODE_INO;
// Files have their parent's ei as their fsdata
dentry->d_fsdata = get_ei(parent_ei);
d_add(dentry, inode);
return NULL;
};
/**
* lookup_dir_entry - look up a dir in the tracefs filesystem
* @dentry: the directory to look up
* @pei: Pointer to the parent eventfs_inode if available
* @ei: the eventfs_inode that represents the directory to create
*
* This function will look up a dentry for a directory represented by
* a eventfs_inode.
*/
static struct dentry *lookup_dir_entry(struct dentry *dentry,
struct eventfs_inode *pei, struct eventfs_inode *ei)
{
struct inode *inode;
umode_t mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
inode = eventfs_get_inode(dentry, &ei->attr, mode, ei);
if (unlikely(!inode))
return ERR_PTR(-ENOMEM);
inode->i_op = &eventfs_dir_inode_operations;
inode->i_fop = &eventfs_file_operations;
/* All directories will have the same inode number */
inode->i_ino = eventfs_dir_ino(ei);
dentry->d_fsdata = get_ei(ei);
d_add(dentry, inode);
return NULL;
}
static inline struct eventfs_inode *init_ei(struct eventfs_inode *ei, const char *name)
{
ei->name = kstrdup_const(name, GFP_KERNEL);
if (!ei->name)
return NULL;
kref_init(&ei->kref);
return ei;
}
static inline struct eventfs_inode *alloc_ei(const char *name)
{
struct eventfs_inode *ei = kzalloc(sizeof(*ei), GFP_KERNEL);
struct eventfs_inode *result;
if (!ei)
return NULL;
result = init_ei(ei, name);
if (!result)
kfree(ei);
return result;
}
static inline struct eventfs_inode *alloc_root_ei(const char *name)
{
struct eventfs_root_inode *rei = kzalloc(sizeof(*rei), GFP_KERNEL);
struct eventfs_inode *ei;
if (!rei)
return NULL;
rei->ei.is_events = 1;
ei = init_ei(&rei->ei, name);
if (!ei)
kfree(rei);
return ei;
}
/**
* eventfs_d_release - dentry is going away
* @dentry: dentry which has the reference to remove.
*
* Remove the association between a dentry from an eventfs_inode.
*/
void eventfs_d_release(struct dentry *dentry)
{
put_ei(dentry->d_fsdata);
}
/**
* lookup_file_dentry - create a dentry for a file of an eventfs_inode
* @dentry: The parent dentry under which the new file's dentry will be created
* @ei: the eventfs_inode that the file will be created under
* @idx: the index into the entry_attrs[] of the @ei
* @mode: The mode of the file.
* @data: The data to use to set the inode of the file with on open()
* @fops: The fops of the file to be created.
*
* This function creates a dentry for a file associated with an
* eventfs_inode @ei. It uses the entry attributes specified by @idx,
* if available. The file will have the specified @mode and its inode will be
* set up with @data upon open. The file operations will be set to @fops.
*
* Return: Returns a pointer to the newly created file's dentry or an error
* pointer.
*/
static struct dentry *
lookup_file_dentry(struct dentry *dentry,
struct eventfs_inode *ei, int idx,
umode_t mode, void *data,
const struct file_operations *fops)
{
struct eventfs_attr *attr = NULL;
if (ei->entry_attrs)
attr = &ei->entry_attrs[idx];
return lookup_file(ei, dentry, mode, attr, data, fops);
}
/**
* eventfs_root_lookup - lookup routine to create file/dir
* @dir: in which a lookup is being done
* @dentry: file/dir dentry
* @flags: Just passed to simple_lookup()
*
* Used to create dynamic file/dir with-in @dir, search with-in @ei
* list, if @dentry found go ahead and create the file/dir
*/
static struct dentry *eventfs_root_lookup(struct inode *dir,
struct dentry *dentry,
unsigned int flags)
{
struct eventfs_inode *ei_child;
struct tracefs_inode *ti;
struct eventfs_inode *ei;
const char *name = dentry->d_name.name;
struct dentry *result = NULL;
ti = get_tracefs(dir);
if (WARN_ON_ONCE(!(ti->flags & TRACEFS_EVENT_INODE)))
return ERR_PTR(-EIO);
mutex_lock(&eventfs_mutex);
ei = ti->private;
if (!ei || ei->is_freed)
goto out;
list_for_each_entry(ei_child, &ei->children, list) {
if (strcmp(ei_child->name, name) != 0)
continue;
/* A child is freed and removed from the list at the same time */
if (WARN_ON_ONCE(ei_child->is_freed))
goto out;
result = lookup_dir_entry(dentry, ei, ei_child);
goto out;
}
for (int i = 0; i < ei->nr_entries; i++) {
void *data;
umode_t mode;
const struct file_operations *fops;
const struct eventfs_entry *entry = &ei->entries[i];
if (strcmp(name, entry->name) != 0)
continue;
data = ei->data;
if (entry->callback(name, &mode, &data, &fops) <= 0)
goto out;
result = lookup_file_dentry(dentry, ei, i, mode, data, fops);
goto out;
}
out:
mutex_unlock(&eventfs_mutex);
return result;
}
/*
* Walk the children of a eventfs_inode to fill in getdents().
*/
static int eventfs_iterate(struct file *file, struct dir_context *ctx)
{
const struct file_operations *fops;
struct inode *f_inode = file_inode(file);
const struct eventfs_entry *entry;
struct eventfs_inode *ei_child;
struct tracefs_inode *ti;
struct eventfs_inode *ei;
const char *name;
umode_t mode;
int idx;
int ret = -EINVAL;
int ino;
int i, r, c;
if (!dir_emit_dots(file, ctx))
return 0;
ti = get_tracefs(f_inode);
if (!(ti->flags & TRACEFS_EVENT_INODE))
return -EINVAL;
c = ctx->pos - 2;
idx = srcu_read_lock(&eventfs_srcu);
mutex_lock(&eventfs_mutex);
ei = READ_ONCE(ti->private);
if (ei && ei->is_freed)
ei = NULL;
mutex_unlock(&eventfs_mutex);
if (!ei)
goto out;
/*
* Need to create the dentries and inodes to have a consistent
* inode number.
*/
ret = 0;
/* Start at 'c' to jump over already read entries */
for (i = c; i < ei->nr_entries; i++, ctx->pos++) {
void *cdata = ei->data;
entry = &ei->entries[i];
name = entry->name;
mutex_lock(&eventfs_mutex);
/* If ei->is_freed then just bail here, nothing more to do */
if (ei->is_freed) {
mutex_unlock(&eventfs_mutex);
goto out;
}
r = entry->callback(name, &mode, &cdata, &fops);
mutex_unlock(&eventfs_mutex);
if (r <= 0)
continue;
ino = EVENTFS_FILE_INODE_INO;
if (!dir_emit(ctx, name, strlen(name), ino, DT_REG))
goto out;
}
/* Subtract the skipped entries above */
c -= min((unsigned int)c, (unsigned int)ei->nr_entries);
list_for_each_entry_srcu(ei_child, &ei->children, list,
srcu_read_lock_held(&eventfs_srcu)) {
if (c > 0) {
c--;
continue;
}
ctx->pos++;
if (ei_child->is_freed)
continue;
name = ei_child->name;
ino = eventfs_dir_ino(ei_child);
if (!dir_emit(ctx, name, strlen(name), ino, DT_DIR))
goto out_dec;
}
ret = 1;
out:
srcu_read_unlock(&eventfs_srcu, idx);
return ret;
out_dec:
/* Incremented ctx->pos without adding something, reset it */
ctx->pos--;
goto out;
}
/**
* eventfs_create_dir - Create the eventfs_inode for this directory
* @name: The name of the directory to create.
* @parent: The eventfs_inode of the parent directory.
* @entries: A list of entries that represent the files under this directory
* @size: The number of @entries
* @data: The default data to pass to the files (an entry may override it).
*
* This function creates the descriptor to represent a directory in the
* eventfs. This descriptor is an eventfs_inode, and it is returned to be
* used to create other children underneath.
*
* The @entries is an array of eventfs_entry structures which has:
* const char *name
* eventfs_callback callback;
*
* The name is the name of the file, and the callback is a pointer to a function
* that will be called when the file is reference (either by lookup or by
* reading a directory). The callback is of the prototype:
*
* int callback(const char *name, umode_t *mode, void **data,
* const struct file_operations **fops);
*
* When a file needs to be created, this callback will be called with
* name = the name of the file being created (so that the same callback
* may be used for multiple files).
* mode = a place to set the file's mode
* data = A pointer to @data, and the callback may replace it, which will
* cause the file created to pass the new data to the open() call.
* fops = the fops to use for the created file.
*
* NB. @callback is called while holding internal locks of the eventfs
* system. The callback must not call any code that might also call into
* the tracefs or eventfs system or it will risk creating a deadlock.
*/
struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode *parent,
const struct eventfs_entry *entries,
int size, void *data)
{
struct eventfs_inode *ei;
if (!parent)
return ERR_PTR(-EINVAL);
ei = alloc_ei(name);
if (!ei)
return ERR_PTR(-ENOMEM);
ei->entries = entries;
ei->nr_entries = size;
ei->data = data;
INIT_LIST_HEAD(&ei->children);
INIT_LIST_HEAD(&ei->list);
mutex_lock(&eventfs_mutex);
if (!parent->is_freed)
list_add_tail(&ei->list, &parent->children);
mutex_unlock(&eventfs_mutex);
/* Was the parent freed? */
if (list_empty(&ei->list)) {
cleanup_ei(ei);
ei = ERR_PTR(-EBUSY);
}
return ei;
}
/**
* eventfs_create_events_dir - create the top level events directory
* @name: The name of the top level directory to create.
* @parent: Parent dentry for this file in the tracefs directory.
* @entries: A list of entries that represent the files under this directory
* @size: The number of @entries
* @data: The default data to pass to the files (an entry may override it).
*
* This function creates the top of the trace event directory.
*
* See eventfs_create_dir() for use of @entries.
*/
struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry *parent,
const struct eventfs_entry *entries,
int size, void *data)
{
struct dentry *dentry = tracefs_start_creating(name, parent);
struct eventfs_root_inode *rei;
struct eventfs_inode *ei;
struct tracefs_inode *ti;
struct inode *inode;
kuid_t uid;
kgid_t gid;
if (security_locked_down(LOCKDOWN_TRACEFS))
return NULL;
if (IS_ERR(dentry))
return ERR_CAST(dentry);
ei = alloc_root_ei(name);
if (!ei)
goto fail;
inode = tracefs_get_inode(dentry->d_sb);
if (unlikely(!inode))
goto fail;
// Note: we have a ref to the dentry from tracefs_start_creating()
rei = get_root_inode(ei);
rei->events_dir = dentry;
ei->entries = entries;
ei->nr_entries = size;
ei->data = data;
/* Save the ownership of this directory */
uid = d_inode(dentry->d_parent)->i_uid;
gid = d_inode(dentry->d_parent)->i_gid;
/*
* The ei->attr will be used as the default values for the
* files beneath this directory.
*/
ei->attr.uid = uid;
ei->attr.gid = gid;
INIT_LIST_HEAD(&ei->children);
INIT_LIST_HEAD(&ei->list);
ti = get_tracefs(inode);
ti->flags |= TRACEFS_EVENT_INODE;
ti->private = ei;
inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
inode->i_uid = uid;
inode->i_gid = gid;
inode->i_op = &eventfs_dir_inode_operations;
inode->i_fop = &eventfs_file_operations;
dentry->d_fsdata = get_ei(ei);
/*
* Keep all eventfs directories with i_nlink == 1.
* Due to the dynamic nature of the dentry creations and not
* wanting to add a pointer to the parent eventfs_inode in the
* eventfs_inode structure, keeping the i_nlink in sync with the
* number of directories would cause too much complexity for
* something not worth much. Keeping directory links at 1
* tells userspace not to trust the link number.
*/
d_instantiate(dentry, inode);
/* The dentry of the "events" parent does keep track though */
inc_nlink(dentry->d_parent->d_inode);
fsnotify_mkdir(dentry->d_parent->d_inode, dentry);
tracefs_end_creating(dentry);
return ei;
fail:
cleanup_ei(ei);
tracefs_failed_creating(dentry);
return ERR_PTR(-ENOMEM);
}
/**
* eventfs_remove_rec - remove eventfs dir or file from list
* @ei: eventfs_inode to be removed.
* @level: prevent recursion from going more than 3 levels deep.
*
* This function recursively removes eventfs_inodes which
* contains info of files and/or directories.
*/
static void eventfs_remove_rec(struct eventfs_inode *ei, int level)
{
struct eventfs_inode *ei_child;
/*
* Check recursion depth. It should never be greater than 3:
* 0 - events/
* 1 - events/group/
* 2 - events/group/event/
* 3 - events/group/event/file
*/
if (WARN_ON_ONCE(level > 3))
return;
/* search for nested folders or files */
list_for_each_entry(ei_child, &ei->children, list)
eventfs_remove_rec(ei_child, level + 1);
list_del_rcu(&ei->list);
free_ei(ei);
}
/**
* eventfs_remove_dir - remove eventfs dir or file from list
* @ei: eventfs_inode to be removed.
*
* This function acquire the eventfs_mutex lock and call eventfs_remove_rec()
*/
void eventfs_remove_dir(struct eventfs_inode *ei)
{
if (!ei)
return;
mutex_lock(&eventfs_mutex);
eventfs_remove_rec(ei, 0);
mutex_unlock(&eventfs_mutex);
}
/**
* eventfs_remove_events_dir - remove the top level eventfs directory
* @ei: the event_inode returned by eventfs_create_events_dir().
*
* This function removes the events main directory
*/
void eventfs_remove_events_dir(struct eventfs_inode *ei)
{
struct eventfs_root_inode *rei;
struct dentry *dentry;
rei = get_root_inode(ei);
dentry = rei->events_dir;
if (!dentry)
return;
rei->events_dir = NULL;
eventfs_remove_dir(ei);
/*
* Matches the dget() done by tracefs_start_creating()
* in eventfs_create_events_dir() when it the dentry was
* created. In other words, it's a normal dentry that
* sticks around while the other ei->dentry are created
* and destroyed dynamically.
*/
d_invalidate(dentry);
dput(dentry);
}
View git blame Copy permalink