Blame view
fs/eventfd.c
12.9 KB
e1ad7468c signal/timer/even... |
1 2 3 4 5 6 7 8 9 10 11 12 13 |
/* * fs/eventfd.c * * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org> * */ #include <linux/file.h> #include <linux/poll.h> #include <linux/init.h> #include <linux/fs.h> #include <linux/sched.h> #include <linux/kernel.h> |
5a0e3ad6a include cleanup: ... |
14 |
#include <linux/slab.h> |
e1ad7468c signal/timer/even... |
15 16 17 |
#include <linux/list.h> #include <linux/spinlock.h> #include <linux/anon_inodes.h> |
7747cdb2f fs/eventfd.c shou... |
18 |
#include <linux/syscalls.h> |
630d9c472 fs: reduce the us... |
19 |
#include <linux/export.h> |
133890103 eventfd: revised ... |
20 21 |
#include <linux/kref.h> #include <linux/eventfd.h> |
cbac5542d fs, eventfd: add ... |
22 23 |
#include <linux/proc_fs.h> #include <linux/seq_file.h> |
e1ad7468c signal/timer/even... |
24 25 |
struct eventfd_ctx { |
133890103 eventfd: revised ... |
26 |
struct kref kref; |
e1ad7468c signal/timer/even... |
27 28 29 30 31 32 |
wait_queue_head_t wqh; /* * Every time that a write(2) is performed on an eventfd, the * value of the __u64 being written is added to "count" and a * wakeup is performed on "wqh". A read(2) will return the "count" * value to userspace, and will reset "count" to zero. The kernel |
133890103 eventfd: revised ... |
33 |
* side eventfd_signal() also, adds to the "count" counter and |
e1ad7468c signal/timer/even... |
34 35 36 |
* issue a wakeup. */ __u64 count; |
bcd0b235b eventfd: improve ... |
37 |
unsigned int flags; |
e1ad7468c signal/timer/even... |
38 |
}; |
133890103 eventfd: revised ... |
39 40 41 42 43 44 45 46 |
/** * eventfd_signal - Adds @n to the eventfd counter. * @ctx: [in] Pointer to the eventfd context. * @n: [in] Value of the counter to be added to the eventfd internal counter. * The value cannot be negative. * * This function is supposed to be called by the kernel in paths that do not * allow sleeping. In this function we allow the counter to reach the ULLONG_MAX |
20d5a865e Documentation: fi... |
47 |
* value, and we signal this as overflow condition by returning a POLLERR |
133890103 eventfd: revised ... |
48 49 |
* to poll(2). * |
20d5a865e Documentation: fi... |
50 |
* Returns the amount by which the counter was incremented. This will be less |
ee62c6b2d eventfd: change i... |
51 |
* than @n if the counter has overflowed. |
e1ad7468c signal/timer/even... |
52 |
*/ |
ee62c6b2d eventfd: change i... |
53 |
__u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n) |
e1ad7468c signal/timer/even... |
54 |
{ |
e1ad7468c signal/timer/even... |
55 |
unsigned long flags; |
d48eb2331 eventfd use waitq... |
56 |
spin_lock_irqsave(&ctx->wqh.lock, flags); |
e1ad7468c signal/timer/even... |
57 |
if (ULLONG_MAX - ctx->count < n) |
ee62c6b2d eventfd: change i... |
58 |
n = ULLONG_MAX - ctx->count; |
e1ad7468c signal/timer/even... |
59 60 |
ctx->count += n; if (waitqueue_active(&ctx->wqh)) |
395108880 epoll keyed wakeu... |
61 |
wake_up_locked_poll(&ctx->wqh, POLLIN); |
d48eb2331 eventfd use waitq... |
62 |
spin_unlock_irqrestore(&ctx->wqh.lock, flags); |
e1ad7468c signal/timer/even... |
63 64 65 |
return n; } |
5718607bb eventfd: export e... |
66 |
EXPORT_SYMBOL_GPL(eventfd_signal); |
e1ad7468c signal/timer/even... |
67 |
|
562787a5c anonfd: split int... |
68 69 70 71 |
static void eventfd_free_ctx(struct eventfd_ctx *ctx) { kfree(ctx); } |
133890103 eventfd: revised ... |
72 73 74 |
static void eventfd_free(struct kref *kref) { struct eventfd_ctx *ctx = container_of(kref, struct eventfd_ctx, kref); |
562787a5c anonfd: split int... |
75 |
eventfd_free_ctx(ctx); |
133890103 eventfd: revised ... |
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
} /** * eventfd_ctx_get - Acquires a reference to the internal eventfd context. * @ctx: [in] Pointer to the eventfd context. * * Returns: In case of success, returns a pointer to the eventfd context. */ struct eventfd_ctx *eventfd_ctx_get(struct eventfd_ctx *ctx) { kref_get(&ctx->kref); return ctx; } EXPORT_SYMBOL_GPL(eventfd_ctx_get); /** * eventfd_ctx_put - Releases a reference to the internal eventfd context. * @ctx: [in] Pointer to eventfd context. * * The eventfd context reference must have been previously acquired either |
361821854 Docbook: add fs/e... |
96 |
* with eventfd_ctx_get() or eventfd_ctx_fdget(). |
133890103 eventfd: revised ... |
97 98 99 100 101 102 |
*/ void eventfd_ctx_put(struct eventfd_ctx *ctx) { kref_put(&ctx->kref, eventfd_free); } EXPORT_SYMBOL_GPL(eventfd_ctx_put); |
e1ad7468c signal/timer/even... |
103 104 |
static int eventfd_release(struct inode *inode, struct file *file) { |
133890103 eventfd: revised ... |
105 106 107 108 |
struct eventfd_ctx *ctx = file->private_data; wake_up_poll(&ctx->wqh, POLLHUP); eventfd_ctx_put(ctx); |
e1ad7468c signal/timer/even... |
109 110 111 112 113 114 115 |
return 0; } static unsigned int eventfd_poll(struct file *file, poll_table *wait) { struct eventfd_ctx *ctx = file->private_data; unsigned int events = 0; |
e22553e2a eventfd: don't ta... |
116 |
u64 count; |
e1ad7468c signal/timer/even... |
117 118 |
poll_wait(file, &ctx->wqh, wait); |
a484c3dd9 eventfd: document... |
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
/* * All writes to ctx->count occur within ctx->wqh.lock. This read * can be done outside ctx->wqh.lock because we know that poll_wait * takes that lock (through add_wait_queue) if our caller will sleep. * * The read _can_ therefore seep into add_wait_queue's critical * section, but cannot move above it! add_wait_queue's spin_lock acts * as an acquire barrier and ensures that the read be ordered properly * against the writes. The following CAN happen and is safe: * * poll write * ----------------- ------------ * lock ctx->wqh.lock (in poll_wait) * count = ctx->count * __add_wait_queue * unlock ctx->wqh.lock * lock ctx->qwh.lock * ctx->count += n * if (waitqueue_active) * wake_up_locked_poll * unlock ctx->qwh.lock * eventfd_poll returns 0 * * but the following, which would miss a wakeup, cannot happen: * * poll write * ----------------- ------------ * count = ctx->count (INVALID!) * lock ctx->qwh.lock * ctx->count += n * **waitqueue_active is false** * **no wake_up_locked_poll!** * unlock ctx->qwh.lock * lock ctx->wqh.lock (in poll_wait) * __add_wait_queue * unlock ctx->wqh.lock * eventfd_poll returns 0 */ count = READ_ONCE(ctx->count); |
e1ad7468c signal/timer/even... |
159 |
|
e22553e2a eventfd: don't ta... |
160 |
if (count > 0) |
e1ad7468c signal/timer/even... |
161 |
events |= POLLIN; |
e22553e2a eventfd: don't ta... |
162 |
if (count == ULLONG_MAX) |
e1ad7468c signal/timer/even... |
163 |
events |= POLLERR; |
e22553e2a eventfd: don't ta... |
164 |
if (ULLONG_MAX - 1 > count) |
e1ad7468c signal/timer/even... |
165 |
events |= POLLOUT; |
e1ad7468c signal/timer/even... |
166 167 168 |
return events; } |
cb289d624 eventfd - allow a... |
169 170 171 172 173 174 175 176 177 178 |
static void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt) { *cnt = (ctx->flags & EFD_SEMAPHORE) ? 1 : ctx->count; ctx->count -= *cnt; } /** * eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue. * @ctx: [in] Pointer to eventfd context. * @wait: [in] Wait queue to be removed. |
361821854 Docbook: add fs/e... |
179 |
* @cnt: [out] Pointer to the 64-bit counter value. |
cb289d624 eventfd - allow a... |
180 |
* |
361821854 Docbook: add fs/e... |
181 |
* Returns %0 if successful, or the following error codes: |
cb289d624 eventfd - allow a... |
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
* * -EAGAIN : The operation would have blocked. * * This is used to atomically remove a wait queue entry from the eventfd wait * queue head, and read/reset the counter value. */ int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_t *wait, __u64 *cnt) { unsigned long flags; spin_lock_irqsave(&ctx->wqh.lock, flags); eventfd_ctx_do_read(ctx, cnt); __remove_wait_queue(&ctx->wqh, wait); if (*cnt != 0 && waitqueue_active(&ctx->wqh)) wake_up_locked_poll(&ctx->wqh, POLLOUT); spin_unlock_irqrestore(&ctx->wqh.lock, flags); return *cnt != 0 ? 0 : -EAGAIN; } EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queue); /** * eventfd_ctx_read - Reads the eventfd counter or wait if it is zero. * @ctx: [in] Pointer to eventfd context. * @no_wait: [in] Different from zero if the operation should not block. |
361821854 Docbook: add fs/e... |
208 |
* @cnt: [out] Pointer to the 64-bit counter value. |
cb289d624 eventfd - allow a... |
209 |
* |
361821854 Docbook: add fs/e... |
210 |
* Returns %0 if successful, or the following error codes: |
cb289d624 eventfd - allow a... |
211 |
* |
361821854 Docbook: add fs/e... |
212 |
* -EAGAIN : The operation would have blocked but @no_wait was non-zero. |
cb289d624 eventfd - allow a... |
213 214 215 216 217 218 |
* -ERESTARTSYS : A signal interrupted the wait operation. * * If @no_wait is zero, the function might sleep until the eventfd internal * counter becomes greater than zero. */ ssize_t eventfd_ctx_read(struct eventfd_ctx *ctx, int no_wait, __u64 *cnt) |
e1ad7468c signal/timer/even... |
219 |
{ |
e1ad7468c signal/timer/even... |
220 |
ssize_t res; |
e1ad7468c signal/timer/even... |
221 |
DECLARE_WAITQUEUE(wait, current); |
d48eb2331 eventfd use waitq... |
222 |
spin_lock_irq(&ctx->wqh.lock); |
cb289d624 eventfd - allow a... |
223 |
*cnt = 0; |
e1ad7468c signal/timer/even... |
224 |
res = -EAGAIN; |
bcd0b235b eventfd: improve ... |
225 |
if (ctx->count > 0) |
cb289d624 eventfd - allow a... |
226 227 |
res = 0; else if (!no_wait) { |
e1ad7468c signal/timer/even... |
228 |
__add_wait_queue(&ctx->wqh, &wait); |
cb289d624 eventfd - allow a... |
229 |
for (;;) { |
e1ad7468c signal/timer/even... |
230 231 |
set_current_state(TASK_INTERRUPTIBLE); if (ctx->count > 0) { |
cb289d624 eventfd - allow a... |
232 |
res = 0; |
e1ad7468c signal/timer/even... |
233 234 235 236 237 238 |
break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
239 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
240 |
schedule(); |
d48eb2331 eventfd use waitq... |
241 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
242 243 244 245 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
cb289d624 eventfd - allow a... |
246 247 |
if (likely(res == 0)) { eventfd_ctx_do_read(ctx, cnt); |
e1ad7468c signal/timer/even... |
248 |
if (waitqueue_active(&ctx->wqh)) |
395108880 epoll keyed wakeu... |
249 |
wake_up_locked_poll(&ctx->wqh, POLLOUT); |
e1ad7468c signal/timer/even... |
250 |
} |
d48eb2331 eventfd use waitq... |
251 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
252 253 254 |
return res; } |
cb289d624 eventfd - allow a... |
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
EXPORT_SYMBOL_GPL(eventfd_ctx_read); static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct eventfd_ctx *ctx = file->private_data; ssize_t res; __u64 cnt; if (count < sizeof(cnt)) return -EINVAL; res = eventfd_ctx_read(ctx, file->f_flags & O_NONBLOCK, &cnt); if (res < 0) return res; return put_user(cnt, (__u64 __user *) buf) ? -EFAULT : sizeof(cnt); } |
e1ad7468c signal/timer/even... |
272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { struct eventfd_ctx *ctx = file->private_data; ssize_t res; __u64 ucnt; DECLARE_WAITQUEUE(wait, current); if (count < sizeof(ucnt)) return -EINVAL; if (copy_from_user(&ucnt, buf, sizeof(ucnt))) return -EFAULT; if (ucnt == ULLONG_MAX) return -EINVAL; |
d48eb2331 eventfd use waitq... |
287 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 |
res = -EAGAIN; if (ULLONG_MAX - ctx->count > ucnt) res = sizeof(ucnt); else if (!(file->f_flags & O_NONBLOCK)) { __add_wait_queue(&ctx->wqh, &wait); for (res = 0;;) { set_current_state(TASK_INTERRUPTIBLE); if (ULLONG_MAX - ctx->count > ucnt) { res = sizeof(ucnt); break; } if (signal_pending(current)) { res = -ERESTARTSYS; break; } |
d48eb2331 eventfd use waitq... |
303 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
304 |
schedule(); |
d48eb2331 eventfd use waitq... |
305 |
spin_lock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
306 307 308 309 |
} __remove_wait_queue(&ctx->wqh, &wait); __set_current_state(TASK_RUNNING); } |
bcd0b235b eventfd: improve ... |
310 |
if (likely(res > 0)) { |
e1ad7468c signal/timer/even... |
311 312 |
ctx->count += ucnt; if (waitqueue_active(&ctx->wqh)) |
395108880 epoll keyed wakeu... |
313 |
wake_up_locked_poll(&ctx->wqh, POLLIN); |
e1ad7468c signal/timer/even... |
314 |
} |
d48eb2331 eventfd use waitq... |
315 |
spin_unlock_irq(&ctx->wqh.lock); |
e1ad7468c signal/timer/even... |
316 317 318 |
return res; } |
cbac5542d fs, eventfd: add ... |
319 |
#ifdef CONFIG_PROC_FS |
a3816ab0e fs: Convert show_... |
320 |
static void eventfd_show_fdinfo(struct seq_file *m, struct file *f) |
cbac5542d fs, eventfd: add ... |
321 322 |
{ struct eventfd_ctx *ctx = f->private_data; |
cbac5542d fs, eventfd: add ... |
323 324 |
spin_lock_irq(&ctx->wqh.lock); |
a3816ab0e fs: Convert show_... |
325 326 327 |
seq_printf(m, "eventfd-count: %16llx ", (unsigned long long)ctx->count); |
cbac5542d fs, eventfd: add ... |
328 |
spin_unlock_irq(&ctx->wqh.lock); |
cbac5542d fs, eventfd: add ... |
329 330 |
} #endif |
e1ad7468c signal/timer/even... |
331 |
static const struct file_operations eventfd_fops = { |
cbac5542d fs, eventfd: add ... |
332 333 334 |
#ifdef CONFIG_PROC_FS .show_fdinfo = eventfd_show_fdinfo, #endif |
e1ad7468c signal/timer/even... |
335 336 337 338 |
.release = eventfd_release, .poll = eventfd_poll, .read = eventfd_read, .write = eventfd_write, |
6038f373a llseek: automatic... |
339 |
.llseek = noop_llseek, |
e1ad7468c signal/timer/even... |
340 |
}; |
133890103 eventfd: revised ... |
341 342 343 344 345 346 347 348 349 350 |
/** * eventfd_fget - Acquire a reference of an eventfd file descriptor. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the eventfd file structure in case of success, or the * following error pointer: * * -EBADF : Invalid @fd file descriptor. * -EINVAL : The @fd file descriptor is not an eventfd file. */ |
e1ad7468c signal/timer/even... |
351 352 353 354 355 356 357 358 359 360 361 362 363 364 |
struct file *eventfd_fget(int fd) { struct file *file; file = fget(fd); if (!file) return ERR_PTR(-EBADF); if (file->f_op != &eventfd_fops) { fput(file); return ERR_PTR(-EINVAL); } return file; } |
5718607bb eventfd: export e... |
365 |
EXPORT_SYMBOL_GPL(eventfd_fget); |
e1ad7468c signal/timer/even... |
366 |
|
133890103 eventfd: revised ... |
367 368 369 370 371 372 373 374 375 376 377 |
/** * eventfd_ctx_fdget - Acquires a reference to the internal eventfd context. * @fd: [in] Eventfd file descriptor. * * Returns a pointer to the internal eventfd context, otherwise the error * pointers returned by the following functions: * * eventfd_fget */ struct eventfd_ctx *eventfd_ctx_fdget(int fd) { |
133890103 eventfd: revised ... |
378 |
struct eventfd_ctx *ctx; |
36a741172 eventfd_ctx_fdget... |
379 380 381 382 383 |
struct fd f = fdget(fd); if (!f.file) return ERR_PTR(-EBADF); ctx = eventfd_ctx_fileget(f.file); fdput(f); |
133890103 eventfd: revised ... |
384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 |
return ctx; } EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); /** * eventfd_ctx_fileget - Acquires a reference to the internal eventfd context. * @file: [in] Eventfd file pointer. * * Returns a pointer to the internal eventfd context, otherwise the error * pointer: * * -EINVAL : The @fd file descriptor is not an eventfd file. */ struct eventfd_ctx *eventfd_ctx_fileget(struct file *file) { if (file->f_op != &eventfd_fops) return ERR_PTR(-EINVAL); return eventfd_ctx_get(file->private_data); } EXPORT_SYMBOL_GPL(eventfd_ctx_fileget); |
562787a5c anonfd: split int... |
405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 |
/** * eventfd_file_create - Creates an eventfd file pointer. * @count: Initial eventfd counter value. * @flags: Flags for the eventfd file. * * This function creates an eventfd file pointer, w/out installing it into * the fd table. This is useful when the eventfd file is used during the * initialization of data structures that require extra setup after the eventfd * creation. So the eventfd creation is split into the file pointer creation * phase, and the file descriptor installation phase. * In this way races with userspace closing the newly installed file descriptor * can be avoided. * Returns an eventfd file pointer, or a proper error pointer. */ struct file *eventfd_file_create(unsigned int count, int flags) |
e1ad7468c signal/timer/even... |
420 |
{ |
562787a5c anonfd: split int... |
421 |
struct file *file; |
e1ad7468c signal/timer/even... |
422 |
struct eventfd_ctx *ctx; |
e1ad7468c signal/timer/even... |
423 |
|
e38b36f32 flag parameters: ... |
424 425 426 |
/* Check the EFD_* constants for consistency. */ BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC); BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOCK); |
bcd0b235b eventfd: improve ... |
427 |
if (flags & ~EFD_FLAGS_SET) |
562787a5c anonfd: split int... |
428 |
return ERR_PTR(-EINVAL); |
b087498eb flag parameters: ... |
429 |
|
e1ad7468c signal/timer/even... |
430 431 |
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) |
562787a5c anonfd: split int... |
432 |
return ERR_PTR(-ENOMEM); |
e1ad7468c signal/timer/even... |
433 |
|
133890103 eventfd: revised ... |
434 |
kref_init(&ctx->kref); |
e1ad7468c signal/timer/even... |
435 |
init_waitqueue_head(&ctx->wqh); |
e1ad7468c signal/timer/even... |
436 |
ctx->count = count; |
bcd0b235b eventfd: improve ... |
437 |
ctx->flags = flags; |
e1ad7468c signal/timer/even... |
438 |
|
562787a5c anonfd: split int... |
439 |
file = anon_inode_getfile("[eventfd]", &eventfd_fops, ctx, |
628ff7c1d anonfd: Allow mak... |
440 |
O_RDWR | (flags & EFD_SHARED_FCNTL_FLAGS)); |
562787a5c anonfd: split int... |
441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 |
if (IS_ERR(file)) eventfd_free_ctx(ctx); return file; } SYSCALL_DEFINE2(eventfd2, unsigned int, count, int, flags) { int fd, error; struct file *file; error = get_unused_fd_flags(flags & EFD_SHARED_FCNTL_FLAGS); if (error < 0) return error; fd = error; file = eventfd_file_create(count, flags); if (IS_ERR(file)) { error = PTR_ERR(file); goto err_put_unused_fd; } fd_install(fd, file); |
2030a42ce [PATCH] sanitize ... |
463 |
return fd; |
562787a5c anonfd: split int... |
464 465 466 467 468 |
err_put_unused_fd: put_unused_fd(fd); return error; |
e1ad7468c signal/timer/even... |
469 |
} |
d4e82042c [CVE-2009-0029] S... |
470 |
SYSCALL_DEFINE1(eventfd, unsigned int, count) |
b087498eb flag parameters: ... |
471 472 473 |
{ return sys_eventfd2(count, 0); } |
bcd0b235b eventfd: improve ... |
474 |