Blame view
fs/eventfd.c
11.1 KB
457c89965 treewide: Add SPD... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
e1ad7468c signal/timer/even... |
2 3 4 5 6 7 8 9 10 11 12 |
/* * fs/eventfd.c * * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> * */ #include <linux/file.h> #include <linux/poll.h> #include <linux/init.h> #include <linux/fs.h> |
174cd4b1e sched/headers: Pr... |
13 |
#include <linux/sched/signal.h> |
e1ad7468c signal/timer/even... |
14 |
#include <linux/kernel.h> |
5a0e3ad6a include cleanup: ... |
15 |
#include <linux/slab.h> |
e1ad7468c signal/timer/even... |
16 17 18 |
#include <linux/list.h> #include <linux/spinlock.h> #include <linux/anon_inodes.h> |
7747cdb2f fs/eventfd.c shou... |
19 |
#include <linux/syscalls.h> |
630d9c472 fs: reduce the us... |
20 |
#include <linux/export.h> |
133890103 eventfd: revised ... |
21 22 |
#include <linux/kref.h> #include <linux/eventfd.h> |
cbac5542d fs, eventfd: add ... |
23 24 |
#include <linux/proc_fs.h> #include <linux/seq_file.h> |
b556db17b eventfd: present ... |
25 |
#include <linux/idr.h> |
ce528c4c2 fs/eventfd.c: mak... |
26 |
static DEFINE_IDA(eventfd_ida); |
e1ad7468c signal/timer/even... |
27 28 |
struct eventfd_ctx { |
133890103 eventfd: revised ... |
29 |
struct kref kref; |
e1ad7468c signal/timer/even... |
30 31 32 33 34 35 |
wait_queue_head_t wqh; /* * Every time that a write(2) is performed on an eventfd, the * value of the __u64 being written is added to "count" and a * wakeup is performed on "wqh". A read(2) will return the "count" * value to userspace, and will reset "count" to zero. The kernel |
133890103 eventfd: revised ... |
36 |
* side eventfd_signal() also, adds to the "count" counter and |
e1ad7468c signal/timer/even... |
37 38 39 |
* issue a wakeup. */ __u64 count; |
bcd0b235b eventfd: improve ... |
40 |
unsigned int flags; |
b556db17b eventfd: present ... |
41 |
int id; |
e1ad7468c signal/timer/even... |
42 |
}; |
133890103 eventfd: revised ... |
43 44 45 46 47 48 49 50 |
/** * eventfd_signal - Adds @n to the eventfd counter. * @ctx: [in] Pointer to the eventfd context. * @n: [in] Value of the counter to be added to the eventfd internal counter. * The value cannot be negative. * * This function is supposed to be called by the kernel in paths that do not * allow sleeping. In this function we allow the counter to reach the ULLONG_MAX |
a9a08845e vfs: do bulk POLL... |
51 |
* value, and we signal this as overflow condition by returning a EPOLLERR |
133890103 eventfd: revised ... |
52 53 |
* to poll(2). * |
20d5a865e Documentation: fi... |
54 |
* Returns the amount by which the counter was incremented. This will be less |
ee62c6b2d eventfd: change i... |
55 |
* than @n if the counter has overflowed. |
e1ad7468c signal/timer/even... |
56 |
*/ |
ee62c6b2d eventfd: change i... |
57 |
__u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n) |
e1ad7468c signal/timer/even... |
58 |
{ |
e1ad7468c signal/timer/even... |
59 |
unsigned long flags; |
d48eb2331 eventfd use waitq... |
60 |
spin_lock_irqsave(&ctx->wqh.lock, flags); |
e1ad7468c signal/timer/even... |
61 |
if (ULLONG_MAX - ctx->count < n) |
ee62c6b2d eventfd: change i... |
62 |
n = ULLONG_MAX - ctx->count; |
e1ad7468c signal/timer/even... |
63 64 |
ctx->count += n; if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
65 |
wake_up_locked_poll(&ctx->wqh, EPOLLIN); |
d48eb2331 eventfd use waitq... |
66 |
spin_unlock_irqrestore(&ctx->wqh.lock, flags); |
e1ad7468c signal/timer/even... |
67 68 69 |
return n; } |
5718607bb eventfd: export e... |
70 |
EXPORT_SYMBOL_GPL(eventfd_signal); |
e1ad7468c signal/timer/even... |
71 |
|
562787a5c anonfd: split int... |
72 73 |
static void eventfd_free_ctx(struct eventfd_ctx *ctx) { |
b556db17b eventfd: present ... |
74 75 |
if (ctx->id >= 0) ida_simple_remove(&eventfd_ida, ctx->id); |
562787a5c anonfd: split int... |
76 77 |
kfree(ctx); } |
133890103 eventfd: revised ... |
78 79 80 |
static void eventfd_free(struct kref *kref) { struct eventfd_ctx *ctx = container_of(kref, struct eventfd_ctx, kref); |
562787a5c anonfd: split int... |
81 |
eventfd_free_ctx(ctx); |
133890103 eventfd: revised ... |
82 83 84 |
} /** |
133890103 eventfd: revised ... |
85 86 87 88 |
* eventfd_ctx_put - Releases a reference to the internal eventfd context. * @ctx: [in] Pointer to eventfd context. * * The eventfd context reference must have been previously acquired either |
105f2b709 eventfd: fold eve... |
89 |
* with eventfd_ctx_fdget() or eventfd_ctx_fileget(). |
133890103 eventfd: revised ... |
90 91 92 93 94 95 |
*/ void eventfd_ctx_put(struct eventfd_ctx *ctx) { kref_put(&ctx->kref, eventfd_free); } EXPORT_SYMBOL_GPL(eventfd_ctx_put); |
e1ad7468c signal/timer/even... |
96 97 |
static int eventfd_release(struct inode *inode, struct file *file) { |
133890103 eventfd: revised ... |
98 |
struct eventfd_ctx *ctx = file->private_data; |
a9a08845e vfs: do bulk POLL... |
99 |
wake_up_poll(&ctx->wqh, EPOLLHUP); |
133890103 eventfd: revised ... |
100 |
eventfd_ctx_put(ctx); |
e1ad7468c signal/timer/even... |
101 102 |
return 0; } |
a11e1d432 Revert changes to... |
103 |
static __poll_t eventfd_poll(struct file *file, poll_table *wait) |
e1ad7468c signal/timer/even... |
104 105 |
{ struct eventfd_ctx *ctx = file->private_data; |
076ccb76e fs: annotate ->po... |
106 |
__poll_t events = 0; |
e22553e2a eventfd: don't ta... |
107 |
u64 count; |
e1ad7468c signal/timer/even... |
108 |
|
a11e1d432 Revert changes to... |
109 |
poll_wait(file, &ctx->wqh, wait); |
a484c3dd9 eventfd: document... |
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
/* * All writes to ctx->count occur within ctx->wqh.lock. This read * can be done outside ctx->wqh.lock because we know that poll_wait * takes that lock (through add_wait_queue) if our caller will sleep. * * The read _can_ therefore seep into add_wait_queue's critical * section, but cannot move above it! add_wait_queue's spin_lock acts * as an acquire barrier and ensures that the read be ordered properly * against the writes. The following CAN happen and is safe: * * poll write * ----------------- ------------ * lock ctx->wqh.lock (in poll_wait) * count = ctx->count * __add_wait_queue * unlock ctx->wqh.lock * lock ctx->qwh.lock * ctx->count += n * if (waitqueue_active) * wake_up_locked_poll * unlock ctx->qwh.lock * eventfd_poll returns 0 * * but the following, which would miss a wakeup, cannot happen: * * poll write * ----------------- ------------ * count = ctx->count (INVALID!) * lock ctx->qwh.lock * ctx->count += n * **waitqueue_active is false** * **no wake_up_locked_poll!** * unlock ctx->qwh.lock * lock ctx->wqh.lock (in poll_wait) * __add_wait_queue * unlock ctx->wqh.lock * eventfd_poll returns 0 */ count = READ_ONCE(ctx->count); |
e1ad7468c signal/timer/even... |
149 |
|
e22553e2a eventfd: don't ta... |
150 |
if (count > 0) |
a11e1d432 Revert changes to... |
151 |
events |= EPOLLIN; |
e22553e2a eventfd: don't ta... |
152 |
if (count == ULLONG_MAX) |
a9a08845e vfs: do bulk POLL... |
153 |
events |= EPOLLERR; |
e22553e2a eventfd: don't ta... |
154 |
if (ULLONG_MAX - 1 > count) |
a11e1d432 Revert changes to... |
155 |
events |= EPOLLOUT; |
e1ad7468c signal/timer/even... |
156 157 158 |
return events; } |
cb289d624 eventfd - allow a... |
159 160 161 162 163 164 165 166 167 168 |
static void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt) { *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count; ctx->count -= *cnt; } /** * eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue. * @ctx: [in] Pointer to eventfd context. * @wait: [in] Wait queue to be removed. |
361821854 Docbook: add fs/e... |
169 |
* @cnt: [out] Pointer to the 64-bit counter value. |
cb289d624 eventfd - allow a... |
170 |
* |
361821854 Docbook: add fs/e... |
171 |
* Returns %0 if successful, or the following error codes: |
cb289d624 eventfd - allow a... |
172 173 174 175 176 177 |
* * -EAGAIN : The operation would have blocked. * * This is used to atomically remove a wait queue entry from the eventfd wait * queue head, and read/reset the counter value. */ |
ac6424b98 sched/wait: Renam... |
178 |
int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait, |
cb289d624 eventfd - allow a... |
179 180 181 182 183 184 185 186 |
__u64 *cnt) { unsigned long flags; spin_lock_irqsave(&ctx->wqh.lock, flags); eventfd_ctx_do_read(ctx, cnt); __remove_wait_queue(&ctx->wqh, wait); if (*cnt != 0 && waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
187 |
wake_up_locked_poll(&ctx->wqh, EPOLLOUT); |
cb289d624 eventfd - allow a... |
188 189 190 191 192 |
spin_unlock_irqrestore(&ctx->wqh.lock, flags); return *cnt != 0 ? 0 : -EAGAIN; } EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queue); |
b6364572d eventfd: fold eve... |
193 194 |
static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) |
e1ad7468c signal/timer/even... |
195 |
{ |
b6364572d eventfd: fold eve... |
196 |
struct eventfd_ctx *ctx = file->private_data; |
e1ad7468c signal/timer/even... |
197 |
ssize_t res; |
b6364572d eventfd: fold eve... |
198 |
__u64 ucnt = 0; |
e1ad7468c signal/timer/even... |
199 |
DECLARE_WAITQUEUE(wait, current); |
b6364572d eventfd: fold eve... |
200 201 |
if (count < sizeof(ucnt)) return -EINVAL; |
d48eb2331 eventfd use waitq... |
202 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
203 |
res = -EAGAIN; |
bcd0b235b eventfd: improve ... |
204 |
if (ctx->count > 0) |
b6364572d eventfd: fold eve... |
205 206 |
res = sizeof(ucnt); else if (!(file->f_flags & O_NONBLOCK)) { |
e1ad7468c signal/timer/even... |
207 |
__add_wait_queue(&ctx->wqh, &wait); |
cb289d624 eventfd - allow a... |
208 |
for (;;) { |
e1ad7468c signal/timer/even... |
209 210 |
set_current_state(TASK_INTERRUPTIBLE); if (ctx->count > 0) { |
b6364572d eventfd: fold eve... |
211 |
res = sizeof(ucnt); |
e1ad7468c signal/timer/even... |
212 213 214 215 216 217 |
break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
218 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
219 |
schedule(); |
d48eb2331 eventfd use waitq... |
220 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
221 222 223 224 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
b6364572d eventfd: fold eve... |
225 226 |
if (likely(res > 0)) { eventfd_ctx_do_read(ctx, &ucnt); |
e1ad7468c signal/timer/even... |
227 |
if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
228 |
wake_up_locked_poll(&ctx->wqh, EPOLLOUT); |
e1ad7468c signal/timer/even... |
229 |
} |
d48eb2331 eventfd use waitq... |
230 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
231 |
|
b6364572d eventfd: fold eve... |
232 233 |
if (res > 0 && put_user(ucnt, (__u64 __user *)buf)) return -EFAULT; |
cb289d624 eventfd - allow a... |
234 |
|
b6364572d eventfd: fold eve... |
235 |
return res; |
cb289d624 eventfd - allow a... |
236 |
} |
e1ad7468c signal/timer/even... |
237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 |
static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { struct eventfd_ctx *ctx = file->private_data; ssize_t res; __u64 ucnt; DECLARE_WAITQUEUE(wait, current); if (count < sizeof(ucnt)) return -EINVAL; if (copy_from_user(&ucnt, buf, sizeof(ucnt))) return -EFAULT; if (ucnt == ULLONG_MAX) return -EINVAL; |
d48eb2331 eventfd use waitq... |
252 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 |
res = -EAGAIN; if (ULLONG_MAX - ctx->count > ucnt) res = sizeof(ucnt); else if (!(file->f_flags & O_NONBLOCK)) { __add_wait_queue(&ctx->wqh, &wait); for (res = 0;;) { set_current_state(TASK_INTERRUPTIBLE); if (ULLONG_MAX - ctx->count > ucnt) { res = sizeof(ucnt); break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
268 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
269 |
schedule(); |
d48eb2331 eventfd use waitq... |
270 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
271 272 273 274 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
bcd0b235b eventfd: improve ... |
275 |
if (likely(res > 0)) { |
e1ad7468c signal/timer/even... |
276 277 |
ctx->count += ucnt; if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
278 |
wake_up_locked_poll(&ctx->wqh, EPOLLIN); |
e1ad7468c signal/timer/even... |
279 |
} |
d48eb2331 eventfd use waitq... |
280 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
281 282 283 |
return res; } |
cbac5542d fs, eventfd: add ... |
284 |
#ifdef CONFIG_PROC_FS |
a3816ab0e fs: Convert show_... |
285 |
static void eventfd_show_fdinfo(struct seq_file *m, struct file *f) |
cbac5542d fs, eventfd: add ... |
286 287 |
{ struct eventfd_ctx *ctx = f->private_data; |
cbac5542d fs, eventfd: add ... |
288 289 |
spin_lock_irq(&ctx->wqh.lock); |
a3816ab0e fs: Convert show_... |
290 291 292 |
seq_printf(m, "eventfd-count: %16llx ", (unsigned long long)ctx->count); |
cbac5542d fs, eventfd: add ... |
293 |
spin_unlock_irq(&ctx->wqh.lock); |
b556db17b eventfd: present ... |
294 295 |
seq_printf(m, "eventfd-id: %d ", ctx->id); |
cbac5542d fs, eventfd: add ... |
296 297 |
} #endif |
e1ad7468c signal/timer/even... |
298 |
static const struct file_operations eventfd_fops = { |
cbac5542d fs, eventfd: add ... |
299 300 301 |
#ifdef CONFIG_PROC_FS .show_fdinfo = eventfd_show_fdinfo, #endif |
e1ad7468c signal/timer/even... |
302 |
.release = eventfd_release, |
a11e1d432 Revert changes to... |
303 |
.poll = eventfd_poll, |
e1ad7468c signal/timer/even... |
304 305 |
.read = eventfd_read, .write = eventfd_write, |
6038f373a llseek: automatic... |
306 |
.llseek = noop_llseek, |
e1ad7468c signal/timer/even... |
307 |
}; |
133890103 eventfd: revised ... |
308 309 310 311 312 313 314 315 316 317 |
/** * eventfd_fget - Acquire a reference of an eventfd file descriptor. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the eventfd file structure in case of success, or the * following error pointer: * * -EBADF : Invalid @fd file descriptor. * -EINVAL : The @fd file descriptor is not an eventfd file. */ |
e1ad7468c signal/timer/even... |
318 319 320 321 322 323 324 325 326 327 328 329 330 331 |
struct file *eventfd_fget(int fd) { struct file *file; file = fget(fd); if (!file) return ERR_PTR(-EBADF); if (file->f_op != &eventfd_fops) { fput(file); return ERR_PTR(-EINVAL); } return file; } |
5718607bb eventfd: export e... |
332 |
EXPORT_SYMBOL_GPL(eventfd_fget); |
e1ad7468c signal/timer/even... |
333 |
|
133890103 eventfd: revised ... |
334 335 336 337 338 339 340 341 342 343 344 |
/** * eventfd_ctx_fdget - Acquires a reference to the internal eventfd context. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the internal eventfd context, otherwise the error * pointers returned by the following functions: * * eventfd_fget */ struct eventfd_ctx *eventfd_ctx_fdget(int fd) { |
133890103 eventfd: revised ... |
345 |
struct eventfd_ctx *ctx; |
36a741172 eventfd_ctx_fdget... |
346 347 348 349 350 |
struct fd f = fdget(fd); if (!f.file) return ERR_PTR(-EBADF); ctx = eventfd_ctx_fileget(f.file); fdput(f); |
133890103 eventfd: revised ... |
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 |
return ctx; } EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); /** * eventfd_ctx_fileget - Acquires a reference to the internal eventfd context. * @file: [in] Eventfd file pointer. * * Returns a pointer to the internal eventfd context, otherwise the error * pointer: * * -EINVAL : The @fd file descriptor is not an eventfd file. */ struct eventfd_ctx *eventfd_ctx_fileget(struct file *file) { |
105f2b709 eventfd: fold eve... |
366 |
struct eventfd_ctx *ctx; |
133890103 eventfd: revised ... |
367 368 |
if (file->f_op != &eventfd_fops) return ERR_PTR(-EINVAL); |
105f2b709 eventfd: fold eve... |
369 370 371 |
ctx = file->private_data; kref_get(&ctx->kref); return ctx; |
133890103 eventfd: revised ... |
372 373 |
} EXPORT_SYMBOL_GPL(eventfd_ctx_fileget); |
2fc96f833 fs: add do_eventf... |
374 |
static int do_eventfd(unsigned int count, int flags) |
e1ad7468c signal/timer/even... |
375 |
{ |
e1ad7468c signal/timer/even... |
376 |
struct eventfd_ctx *ctx; |
7d815165c eventfd: convert ... |
377 |
int fd; |
e1ad7468c signal/timer/even... |
378 |
|
e38b36f32 flag parameters: ... |
379 380 381 |
/* Check the EFD_* constants for consistency. */ BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC); BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOCK); |
bcd0b235b eventfd: improve ... |
382 |
if (flags & ~EFD_FLAGS_SET) |
7d815165c eventfd: convert ... |
383 |
return -EINVAL; |
b087498eb flag parameters: ... |
384 |
|
e1ad7468c signal/timer/even... |
385 386 |
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) |
7d815165c eventfd: convert ... |
387 |
return -ENOMEM; |
e1ad7468c signal/timer/even... |
388 |
|
133890103 eventfd: revised ... |
389 |
kref_init(&ctx->kref); |
e1ad7468c signal/timer/even... |
390 |
init_waitqueue_head(&ctx->wqh); |
e1ad7468c signal/timer/even... |
391 |
ctx->count = count; |
bcd0b235b eventfd: improve ... |
392 |
ctx->flags = flags; |
b556db17b eventfd: present ... |
393 |
ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL); |
e1ad7468c signal/timer/even... |
394 |
|
7d815165c eventfd: convert ... |
395 396 397 |
fd = anon_inode_getfd("[eventfd]", &eventfd_fops, ctx, O_RDWR | (flags & EFD_SHARED_FCNTL_FLAGS)); if (fd < 0) |
562787a5c anonfd: split int... |
398 |
eventfd_free_ctx(ctx); |
2030a42ce [PATCH] sanitize ... |
399 |
return fd; |
e1ad7468c signal/timer/even... |
400 |
} |
2fc96f833 fs: add do_eventf... |
401 402 403 404 |
SYSCALL_DEFINE2(eventfd2, unsigned int, count, int, flags) { return do_eventfd(count, flags); } |
d4e82042c [CVE-2009-0029] S... |
405 |
SYSCALL_DEFINE1(eventfd, unsigned int, count) |
b087498eb flag parameters: ... |
406 |
{ |
2fc96f833 fs: add do_eventf... |
407 |
return do_eventfd(count, 0); |
b087498eb flag parameters: ... |
408 |
} |
bcd0b235b eventfd: improve ... |
409 |