Blame view
fs/eventfd.c
11.6 KB
457c89965 treewide: Add SPD... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
e1ad7468c signal/timer/even... |
2 3 4 5 6 7 8 9 10 11 12 |
/* * fs/eventfd.c * * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> * */ #include <linux/file.h> #include <linux/poll.h> #include <linux/init.h> #include <linux/fs.h> |
174cd4b1e sched/headers: Pr... |
13 |
#include <linux/sched/signal.h> |
e1ad7468c signal/timer/even... |
14 |
#include <linux/kernel.h> |
5a0e3ad6a include cleanup: ... |
15 |
#include <linux/slab.h> |
e1ad7468c signal/timer/even... |
16 17 18 |
#include <linux/list.h> #include <linux/spinlock.h> #include <linux/anon_inodes.h> |
7747cdb2f fs/eventfd.c shou... |
19 |
#include <linux/syscalls.h> |
630d9c472 fs: reduce the us... |
20 |
#include <linux/export.h> |
133890103 eventfd: revised ... |
21 22 |
#include <linux/kref.h> #include <linux/eventfd.h> |
cbac5542d fs, eventfd: add ... |
23 24 |
#include <linux/proc_fs.h> #include <linux/seq_file.h> |
b556db17b eventfd: present ... |
25 |
#include <linux/idr.h> |
844d2025b eventfd: track ev... |
26 |
DEFINE_PER_CPU(int, eventfd_wake_count); |
ce528c4c2 fs/eventfd.c: mak... |
27 |
static DEFINE_IDA(eventfd_ida); |
e1ad7468c signal/timer/even... |
28 29 |
struct eventfd_ctx { |
133890103 eventfd: revised ... |
30 |
struct kref kref; |
e1ad7468c signal/timer/even... |
31 32 33 34 35 36 |
wait_queue_head_t wqh; /* * Every time that a write(2) is performed on an eventfd, the * value of the __u64 being written is added to "count" and a * wakeup is performed on "wqh". A read(2) will return the "count" * value to userspace, and will reset "count" to zero. The kernel |
133890103 eventfd: revised ... |
37 |
* side eventfd_signal() also, adds to the "count" counter and |
e1ad7468c signal/timer/even... |
38 39 40 |
* issue a wakeup. */ __u64 count; |
bcd0b235b eventfd: improve ... |
41 |
unsigned int flags; |
b556db17b eventfd: present ... |
42 |
int id; |
e1ad7468c signal/timer/even... |
43 |
}; |
133890103 eventfd: revised ... |
44 45 46 47 48 49 50 51 |
/** * eventfd_signal - Adds @n to the eventfd counter. * @ctx: [in] Pointer to the eventfd context. * @n: [in] Value of the counter to be added to the eventfd internal counter. * The value cannot be negative. * * This function is supposed to be called by the kernel in paths that do not * allow sleeping. In this function we allow the counter to reach the ULLONG_MAX |
a9a08845e vfs: do bulk POLL... |
52 |
* value, and we signal this as overflow condition by returning a EPOLLERR |
133890103 eventfd: revised ... |
53 54 |
* to poll(2). * |
20d5a865e Documentation: fi... |
55 |
* Returns the amount by which the counter was incremented. This will be less |
ee62c6b2d eventfd: change i... |
56 |
* than @n if the counter has overflowed. |
e1ad7468c signal/timer/even... |
57 |
*/ |
ee62c6b2d eventfd: change i... |
58 |
__u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n) |
e1ad7468c signal/timer/even... |
59 |
{ |
e1ad7468c signal/timer/even... |
60 |
unsigned long flags; |
844d2025b eventfd: track ev... |
61 62 63 64 65 66 67 68 69 70 |
/* * Deadlock or stack overflow issues can happen if we recurse here * through waitqueue wakeup handlers. If the caller users potentially * nested waitqueues with custom wakeup handlers, then it should * check eventfd_signal_count() before calling this function. If * it returns true, the eventfd_signal() call should be deferred to a * safe context. */ if (WARN_ON_ONCE(this_cpu_read(eventfd_wake_count))) return 0; |
d48eb2331 eventfd use waitq... |
71 |
spin_lock_irqsave(&ctx->wqh.lock, flags); |
844d2025b eventfd: track ev... |
72 |
this_cpu_inc(eventfd_wake_count); |
e1ad7468c signal/timer/even... |
73 |
if (ULLONG_MAX - ctx->count < n) |
ee62c6b2d eventfd: change i... |
74 |
n = ULLONG_MAX - ctx->count; |
e1ad7468c signal/timer/even... |
75 76 |
ctx->count += n; if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
77 |
wake_up_locked_poll(&ctx->wqh, EPOLLIN); |
844d2025b eventfd: track ev... |
78 |
this_cpu_dec(eventfd_wake_count); |
d48eb2331 eventfd use waitq... |
79 |
spin_unlock_irqrestore(&ctx->wqh.lock, flags); |
e1ad7468c signal/timer/even... |
80 81 82 |
return n; } |
5718607bb eventfd: export e... |
83 |
EXPORT_SYMBOL_GPL(eventfd_signal); |
e1ad7468c signal/timer/even... |
84 |
|
562787a5c anonfd: split int... |
85 86 |
static void eventfd_free_ctx(struct eventfd_ctx *ctx) { |
b556db17b eventfd: present ... |
87 88 |
if (ctx->id >= 0) ida_simple_remove(&eventfd_ida, ctx->id); |
562787a5c anonfd: split int... |
89 90 |
kfree(ctx); } |
133890103 eventfd: revised ... |
91 92 93 |
static void eventfd_free(struct kref *kref) { struct eventfd_ctx *ctx = container_of(kref, struct eventfd_ctx, kref); |
562787a5c anonfd: split int... |
94 |
eventfd_free_ctx(ctx); |
133890103 eventfd: revised ... |
95 96 97 |
} /** |
133890103 eventfd: revised ... |
98 99 100 101 |
* eventfd_ctx_put - Releases a reference to the internal eventfd context. * @ctx: [in] Pointer to eventfd context. * * The eventfd context reference must have been previously acquired either |
105f2b709 eventfd: fold eve... |
102 |
* with eventfd_ctx_fdget() or eventfd_ctx_fileget(). |
133890103 eventfd: revised ... |
103 104 105 106 107 108 |
*/ void eventfd_ctx_put(struct eventfd_ctx *ctx) { kref_put(&ctx->kref, eventfd_free); } EXPORT_SYMBOL_GPL(eventfd_ctx_put); |
e1ad7468c signal/timer/even... |
109 110 |
static int eventfd_release(struct inode *inode, struct file *file) { |
133890103 eventfd: revised ... |
111 |
struct eventfd_ctx *ctx = file->private_data; |
a9a08845e vfs: do bulk POLL... |
112 |
wake_up_poll(&ctx->wqh, EPOLLHUP); |
133890103 eventfd: revised ... |
113 |
eventfd_ctx_put(ctx); |
e1ad7468c signal/timer/even... |
114 115 |
return 0; } |
a11e1d432 Revert changes to... |
116 |
static __poll_t eventfd_poll(struct file *file, poll_table *wait) |
e1ad7468c signal/timer/even... |
117 118 |
{ struct eventfd_ctx *ctx = file->private_data; |
076ccb76e fs: annotate ->po... |
119 |
__poll_t events = 0; |
e22553e2a eventfd: don't ta... |
120 |
u64 count; |
e1ad7468c signal/timer/even... |
121 |
|
a11e1d432 Revert changes to... |
122 |
poll_wait(file, &ctx->wqh, wait); |
a484c3dd9 eventfd: document... |
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
/* * All writes to ctx->count occur within ctx->wqh.lock. This read * can be done outside ctx->wqh.lock because we know that poll_wait * takes that lock (through add_wait_queue) if our caller will sleep. * * The read _can_ therefore seep into add_wait_queue's critical * section, but cannot move above it! add_wait_queue's spin_lock acts * as an acquire barrier and ensures that the read be ordered properly * against the writes. The following CAN happen and is safe: * * poll write * ----------------- ------------ * lock ctx->wqh.lock (in poll_wait) * count = ctx->count * __add_wait_queue * unlock ctx->wqh.lock * lock ctx->qwh.lock * ctx->count += n * if (waitqueue_active) * wake_up_locked_poll * unlock ctx->qwh.lock * eventfd_poll returns 0 * * but the following, which would miss a wakeup, cannot happen: * * poll write * ----------------- ------------ * count = ctx->count (INVALID!) * lock ctx->qwh.lock * ctx->count += n * **waitqueue_active is false** * **no wake_up_locked_poll!** * unlock ctx->qwh.lock * lock ctx->wqh.lock (in poll_wait) * __add_wait_queue * unlock ctx->wqh.lock * eventfd_poll returns 0 */ count = READ_ONCE(ctx->count); |
e1ad7468c signal/timer/even... |
162 |
|
e22553e2a eventfd: don't ta... |
163 |
if (count > 0) |
a11e1d432 Revert changes to... |
164 |
events |= EPOLLIN; |
e22553e2a eventfd: don't ta... |
165 |
if (count == ULLONG_MAX) |
a9a08845e vfs: do bulk POLL... |
166 |
events |= EPOLLERR; |
e22553e2a eventfd: don't ta... |
167 |
if (ULLONG_MAX - 1 > count) |
a11e1d432 Revert changes to... |
168 |
events |= EPOLLOUT; |
e1ad7468c signal/timer/even... |
169 170 171 |
return events; } |
cb289d624 eventfd - allow a... |
172 173 174 175 176 177 178 179 180 181 |
static void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt) { *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count; ctx->count -= *cnt; } /** * eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue. * @ctx: [in] Pointer to eventfd context. * @wait: [in] Wait queue to be removed. |
361821854 Docbook: add fs/e... |
182 |
* @cnt: [out] Pointer to the 64-bit counter value. |
cb289d624 eventfd - allow a... |
183 |
* |
361821854 Docbook: add fs/e... |
184 |
* Returns %0 if successful, or the following error codes: |
cb289d624 eventfd - allow a... |
185 186 187 188 189 190 |
* * -EAGAIN : The operation would have blocked. * * This is used to atomically remove a wait queue entry from the eventfd wait * queue head, and read/reset the counter value. */ |
ac6424b98 sched/wait: Renam... |
191 |
int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait, |
cb289d624 eventfd - allow a... |
192 193 194 195 196 197 198 199 |
__u64 *cnt) { unsigned long flags; spin_lock_irqsave(&ctx->wqh.lock, flags); eventfd_ctx_do_read(ctx, cnt); __remove_wait_queue(&ctx->wqh, wait); if (*cnt != 0 && waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
200 |
wake_up_locked_poll(&ctx->wqh, EPOLLOUT); |
cb289d624 eventfd - allow a... |
201 202 203 204 205 |
spin_unlock_irqrestore(&ctx->wqh.lock, flags); return *cnt != 0 ? 0 : -EAGAIN; } EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queue); |
b6364572d eventfd: fold eve... |
206 207 |
static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) |
e1ad7468c signal/timer/even... |
208 |
{ |
b6364572d eventfd: fold eve... |
209 |
struct eventfd_ctx *ctx = file->private_data; |
e1ad7468c signal/timer/even... |
210 |
ssize_t res; |
b6364572d eventfd: fold eve... |
211 |
__u64 ucnt = 0; |
e1ad7468c signal/timer/even... |
212 |
DECLARE_WAITQUEUE(wait, current); |
b6364572d eventfd: fold eve... |
213 214 |
if (count < sizeof(ucnt)) return -EINVAL; |
d48eb2331 eventfd use waitq... |
215 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
216 |
res = -EAGAIN; |
bcd0b235b eventfd: improve ... |
217 |
if (ctx->count > 0) |
b6364572d eventfd: fold eve... |
218 219 |
res = sizeof(ucnt); else if (!(file->f_flags & O_NONBLOCK)) { |
e1ad7468c signal/timer/even... |
220 |
__add_wait_queue(&ctx->wqh, &wait); |
cb289d624 eventfd - allow a... |
221 |
for (;;) { |
e1ad7468c signal/timer/even... |
222 223 |
set_current_state(TASK_INTERRUPTIBLE); if (ctx->count > 0) { |
b6364572d eventfd: fold eve... |
224 |
res = sizeof(ucnt); |
e1ad7468c signal/timer/even... |
225 226 227 228 229 230 |
break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
231 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
232 |
schedule(); |
d48eb2331 eventfd use waitq... |
233 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
234 235 236 237 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
b6364572d eventfd: fold eve... |
238 239 |
if (likely(res > 0)) { eventfd_ctx_do_read(ctx, &ucnt); |
e1ad7468c signal/timer/even... |
240 |
if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
241 |
wake_up_locked_poll(&ctx->wqh, EPOLLOUT); |
e1ad7468c signal/timer/even... |
242 |
} |
d48eb2331 eventfd use waitq... |
243 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
244 |
|
b6364572d eventfd: fold eve... |
245 246 |
if (res > 0 && put_user(ucnt, (__u64 __user *)buf)) return -EFAULT; |
cb289d624 eventfd - allow a... |
247 |
|
b6364572d eventfd: fold eve... |
248 |
return res; |
cb289d624 eventfd - allow a... |
249 |
} |
e1ad7468c signal/timer/even... |
250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { struct eventfd_ctx *ctx = file->private_data; ssize_t res; __u64 ucnt; DECLARE_WAITQUEUE(wait, current); if (count < sizeof(ucnt)) return -EINVAL; if (copy_from_user(&ucnt, buf, sizeof(ucnt))) return -EFAULT; if (ucnt == ULLONG_MAX) return -EINVAL; |
d48eb2331 eventfd use waitq... |
265 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 |
res = -EAGAIN; if (ULLONG_MAX - ctx->count > ucnt) res = sizeof(ucnt); else if (!(file->f_flags & O_NONBLOCK)) { __add_wait_queue(&ctx->wqh, &wait); for (res = 0;;) { set_current_state(TASK_INTERRUPTIBLE); if (ULLONG_MAX - ctx->count > ucnt) { res = sizeof(ucnt); break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
281 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
282 |
schedule(); |
d48eb2331 eventfd use waitq... |
283 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
284 285 286 287 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
bcd0b235b eventfd: improve ... |
288 |
if (likely(res > 0)) { |
e1ad7468c signal/timer/even... |
289 290 |
ctx->count += ucnt; if (waitqueue_active(&ctx->wqh)) |
a9a08845e vfs: do bulk POLL... |
291 |
wake_up_locked_poll(&ctx->wqh, EPOLLIN); |
e1ad7468c signal/timer/even... |
292 |
} |
d48eb2331 eventfd use waitq... |
293 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
294 295 296 |
return res; } |
cbac5542d fs, eventfd: add ... |
297 |
#ifdef CONFIG_PROC_FS |
a3816ab0e fs: Convert show_... |
298 |
static void eventfd_show_fdinfo(struct seq_file *m, struct file *f) |
cbac5542d fs, eventfd: add ... |
299 300 |
{ struct eventfd_ctx *ctx = f->private_data; |
cbac5542d fs, eventfd: add ... |
301 302 |
spin_lock_irq(&ctx->wqh.lock); |
a3816ab0e fs: Convert show_... |
303 304 305 |
seq_printf(m, "eventfd-count: %16llx ", (unsigned long long)ctx->count); |
cbac5542d fs, eventfd: add ... |
306 |
spin_unlock_irq(&ctx->wqh.lock); |
b556db17b eventfd: present ... |
307 308 |
seq_printf(m, "eventfd-id: %d ", ctx->id); |
cbac5542d fs, eventfd: add ... |
309 310 |
} #endif |
e1ad7468c signal/timer/even... |
311 |
static const struct file_operations eventfd_fops = { |
cbac5542d fs, eventfd: add ... |
312 313 314 |
#ifdef CONFIG_PROC_FS .show_fdinfo = eventfd_show_fdinfo, #endif |
e1ad7468c signal/timer/even... |
315 |
.release = eventfd_release, |
a11e1d432 Revert changes to... |
316 |
.poll = eventfd_poll, |
e1ad7468c signal/timer/even... |
317 318 |
.read = eventfd_read, .write = eventfd_write, |
6038f373a llseek: automatic... |
319 |
.llseek = noop_llseek, |
e1ad7468c signal/timer/even... |
320 |
}; |
133890103 eventfd: revised ... |
321 322 323 324 325 326 327 328 329 330 |
/** * eventfd_fget - Acquire a reference of an eventfd file descriptor. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the eventfd file structure in case of success, or the * following error pointer: * * -EBADF : Invalid @fd file descriptor. * -EINVAL : The @fd file descriptor is not an eventfd file. */ |
e1ad7468c signal/timer/even... |
331 332 333 334 335 336 337 338 339 340 341 342 343 344 |
struct file *eventfd_fget(int fd) { struct file *file; file = fget(fd); if (!file) return ERR_PTR(-EBADF); if (file->f_op != &eventfd_fops) { fput(file); return ERR_PTR(-EINVAL); } return file; } |
5718607bb eventfd: export e... |
345 |
EXPORT_SYMBOL_GPL(eventfd_fget); |
e1ad7468c signal/timer/even... |
346 |
|
133890103 eventfd: revised ... |
347 348 349 350 351 352 353 354 355 356 357 |
/** * eventfd_ctx_fdget - Acquires a reference to the internal eventfd context. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the internal eventfd context, otherwise the error * pointers returned by the following functions: * * eventfd_fget */ struct eventfd_ctx *eventfd_ctx_fdget(int fd) { |
133890103 eventfd: revised ... |
358 |
struct eventfd_ctx *ctx; |
36a741172 eventfd_ctx_fdget... |
359 360 361 362 363 |
struct fd f = fdget(fd); if (!f.file) return ERR_PTR(-EBADF); ctx = eventfd_ctx_fileget(f.file); fdput(f); |
133890103 eventfd: revised ... |
364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
return ctx; } EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); /** * eventfd_ctx_fileget - Acquires a reference to the internal eventfd context. * @file: [in] Eventfd file pointer. * * Returns a pointer to the internal eventfd context, otherwise the error * pointer: * * -EINVAL : The @fd file descriptor is not an eventfd file. */ struct eventfd_ctx *eventfd_ctx_fileget(struct file *file) { |
105f2b709 eventfd: fold eve... |
379 |
struct eventfd_ctx *ctx; |
133890103 eventfd: revised ... |
380 381 |
if (file->f_op != &eventfd_fops) return ERR_PTR(-EINVAL); |
105f2b709 eventfd: fold eve... |
382 383 384 |
ctx = file->private_data; kref_get(&ctx->kref); return ctx; |
133890103 eventfd: revised ... |
385 386 |
} EXPORT_SYMBOL_GPL(eventfd_ctx_fileget); |
2fc96f833 fs: add do_eventf... |
387 |
static int do_eventfd(unsigned int count, int flags) |
e1ad7468c signal/timer/even... |
388 |
{ |
e1ad7468c signal/timer/even... |
389 |
struct eventfd_ctx *ctx; |
7d815165c eventfd: convert ... |
390 |
int fd; |
e1ad7468c signal/timer/even... |
391 |
|
e38b36f32 flag parameters: ... |
392 393 394 |
/* Check the EFD_* constants for consistency. */ BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC); BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOCK); |
bcd0b235b eventfd: improve ... |
395 |
if (flags & ~EFD_FLAGS_SET) |
7d815165c eventfd: convert ... |
396 |
return -EINVAL; |
b087498eb flag parameters: ... |
397 |
|
e1ad7468c signal/timer/even... |
398 399 |
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) |
7d815165c eventfd: convert ... |
400 |
return -ENOMEM; |
e1ad7468c signal/timer/even... |
401 |
|
133890103 eventfd: revised ... |
402 |
kref_init(&ctx->kref); |
e1ad7468c signal/timer/even... |
403 |
init_waitqueue_head(&ctx->wqh); |
e1ad7468c signal/timer/even... |
404 |
ctx->count = count; |
bcd0b235b eventfd: improve ... |
405 |
ctx->flags = flags; |
b556db17b eventfd: present ... |
406 |
ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL); |
e1ad7468c signal/timer/even... |
407 |
|
7d815165c eventfd: convert ... |
408 409 410 |
fd = anon_inode_getfd("[eventfd]", &eventfd_fops, ctx, O_RDWR | (flags & EFD_SHARED_FCNTL_FLAGS)); if (fd < 0) |
562787a5c anonfd: split int... |
411 |
eventfd_free_ctx(ctx); |
2030a42ce [PATCH] sanitize ... |
412 |
return fd; |
e1ad7468c signal/timer/even... |
413 |
} |
2fc96f833 fs: add do_eventf... |
414 415 416 417 |
SYSCALL_DEFINE2(eventfd2, unsigned int, count, int, flags) { return do_eventfd(count, flags); } |
d4e82042c [CVE-2009-0029] S... |
418 |
SYSCALL_DEFINE1(eventfd, unsigned int, count) |
b087498eb flag parameters: ... |
419 |
{ |
2fc96f833 fs: add do_eventf... |
420 |
return do_eventfd(count, 0); |
b087498eb flag parameters: ... |
421 |
} |
bcd0b235b eventfd: improve ... |
422 |