xref: /openbmc/linux/fs/configfs/dir.c (revision f3d7c2cd)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * dir.c - Operations for configfs directories.
4  *
5  * Based on sysfs:
6  * 	sysfs is Copyright (C) 2001, 2002, 2003 Patrick Mochel
7  *
8  * configfs Copyright (C) 2005 Oracle.  All rights reserved.
9  */
10 
11 #undef DEBUG
12 
13 #include <linux/fs.h>
14 #include <linux/fsnotify.h>
15 #include <linux/mount.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/err.h>
19 
20 #include <linux/configfs.h>
21 #include "configfs_internal.h"
22 
23 /*
24  * Protects mutations of configfs_dirent linkage together with proper i_mutex
25  * Also protects mutations of symlinks linkage to target configfs_dirent
26  * Mutators of configfs_dirent linkage must *both* have the proper inode locked
27  * and configfs_dirent_lock locked, in that order.
28  * This allows one to safely traverse configfs_dirent trees and symlinks without
29  * having to lock inodes.
30  *
31  * Protects setting of CONFIGFS_USET_DROPPING: checking the flag
32  * unlocked is not reliable unless in detach_groups() called from
33  * rmdir()/unregister() and from configfs_attach_group()
34  */
35 DEFINE_SPINLOCK(configfs_dirent_lock);
36 
37 static void configfs_d_iput(struct dentry * dentry,
38 			    struct inode * inode)
39 {
40 	struct configfs_dirent *sd = dentry->d_fsdata;
41 
42 	if (sd) {
43 		/* Coordinate with configfs_readdir */
44 		spin_lock(&configfs_dirent_lock);
45 		/*
46 		 * Set sd->s_dentry to null only when this dentry is the one
47 		 * that is going to be killed.  Otherwise configfs_d_iput may
48 		 * run just after configfs_lookup and set sd->s_dentry to
49 		 * NULL even it's still in use.
50 		 */
51 		if (sd->s_dentry == dentry)
52 			sd->s_dentry = NULL;
53 
54 		spin_unlock(&configfs_dirent_lock);
55 		configfs_put(sd);
56 	}
57 	iput(inode);
58 }
59 
60 const struct dentry_operations configfs_dentry_ops = {
61 	.d_iput		= configfs_d_iput,
62 	.d_delete	= always_delete_dentry,
63 };
64 
65 #ifdef CONFIG_LOCKDEP
66 
67 /*
68  * Helpers to make lockdep happy with our recursive locking of default groups'
69  * inodes (see configfs_attach_group() and configfs_detach_group()).
70  * We put default groups i_mutexes in separate classes according to their depth
71  * from the youngest non-default group ancestor.
72  *
73  * For a non-default group A having default groups A/B, A/C, and A/C/D, default
74  * groups A/B and A/C will have their inode's mutex in class
75  * default_group_class[0], and default group A/C/D will be in
76  * default_group_class[1].
77  *
78  * The lock classes are declared and assigned in inode.c, according to the
79  * s_depth value.
80  * The s_depth value is initialized to -1, adjusted to >= 0 when attaching
81  * default groups, and reset to -1 when all default groups are attached. During
82  * attachment, if configfs_create() sees s_depth > 0, the lock class of the new
83  * inode's mutex is set to default_group_class[s_depth - 1].
84  */
85 
86 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
87 {
88 	sd->s_depth = -1;
89 }
90 
91 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
92 					  struct configfs_dirent *sd)
93 {
94 	int parent_depth = parent_sd->s_depth;
95 
96 	if (parent_depth >= 0)
97 		sd->s_depth = parent_depth + 1;
98 }
99 
100 static void
101 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
102 {
103 	/*
104 	 * item's i_mutex class is already setup, so s_depth is now only
105 	 * used to set new sub-directories s_depth, which is always done
106 	 * with item's i_mutex locked.
107 	 */
108 	/*
109 	 *  sd->s_depth == -1 iff we are a non default group.
110 	 *  else (we are a default group) sd->s_depth > 0 (see
111 	 *  create_dir()).
112 	 */
113 	if (sd->s_depth == -1)
114 		/*
115 		 * We are a non default group and we are going to create
116 		 * default groups.
117 		 */
118 		sd->s_depth = 0;
119 }
120 
121 static void
122 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
123 {
124 	/* We will not create default groups anymore. */
125 	sd->s_depth = -1;
126 }
127 
128 #else /* CONFIG_LOCKDEP */
129 
130 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
131 {
132 }
133 
134 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
135 					  struct configfs_dirent *sd)
136 {
137 }
138 
139 static void
140 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
141 {
142 }
143 
144 static void
145 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
146 {
147 }
148 
149 #endif /* CONFIG_LOCKDEP */
150 
151 static struct configfs_fragment *new_fragment(void)
152 {
153 	struct configfs_fragment *p;
154 
155 	p = kmalloc(sizeof(struct configfs_fragment), GFP_KERNEL);
156 	if (p) {
157 		atomic_set(&p->frag_count, 1);
158 		init_rwsem(&p->frag_sem);
159 		p->frag_dead = false;
160 	}
161 	return p;
162 }
163 
164 void put_fragment(struct configfs_fragment *frag)
165 {
166 	if (frag && atomic_dec_and_test(&frag->frag_count))
167 		kfree(frag);
168 }
169 
170 struct configfs_fragment *get_fragment(struct configfs_fragment *frag)
171 {
172 	if (likely(frag))
173 		atomic_inc(&frag->frag_count);
174 	return frag;
175 }
176 
177 /*
178  * Allocates a new configfs_dirent and links it to the parent configfs_dirent
179  */
180 static struct configfs_dirent *configfs_new_dirent(struct configfs_dirent *parent_sd,
181 						   void *element, int type,
182 						   struct configfs_fragment *frag)
183 {
184 	struct configfs_dirent * sd;
185 
186 	sd = kmem_cache_zalloc(configfs_dir_cachep, GFP_KERNEL);
187 	if (!sd)
188 		return ERR_PTR(-ENOMEM);
189 
190 	atomic_set(&sd->s_count, 1);
191 	INIT_LIST_HEAD(&sd->s_children);
192 	sd->s_element = element;
193 	sd->s_type = type;
194 	configfs_init_dirent_depth(sd);
195 	spin_lock(&configfs_dirent_lock);
196 	if (parent_sd->s_type & CONFIGFS_USET_DROPPING) {
197 		spin_unlock(&configfs_dirent_lock);
198 		kmem_cache_free(configfs_dir_cachep, sd);
199 		return ERR_PTR(-ENOENT);
200 	}
201 	sd->s_frag = get_fragment(frag);
202 	list_add(&sd->s_sibling, &parent_sd->s_children);
203 	spin_unlock(&configfs_dirent_lock);
204 
205 	return sd;
206 }
207 
208 /*
209  *
210  * Return -EEXIST if there is already a configfs element with the same
211  * name for the same parent.
212  *
213  * called with parent inode's i_mutex held
214  */
215 static int configfs_dirent_exists(struct configfs_dirent *parent_sd,
216 				  const unsigned char *new)
217 {
218 	struct configfs_dirent * sd;
219 
220 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
221 		if (sd->s_element) {
222 			const unsigned char *existing = configfs_get_name(sd);
223 			if (strcmp(existing, new))
224 				continue;
225 			else
226 				return -EEXIST;
227 		}
228 	}
229 
230 	return 0;
231 }
232 
233 
234 int configfs_make_dirent(struct configfs_dirent * parent_sd,
235 			 struct dentry * dentry, void * element,
236 			 umode_t mode, int type, struct configfs_fragment *frag)
237 {
238 	struct configfs_dirent * sd;
239 
240 	sd = configfs_new_dirent(parent_sd, element, type, frag);
241 	if (IS_ERR(sd))
242 		return PTR_ERR(sd);
243 
244 	sd->s_mode = mode;
245 	sd->s_dentry = dentry;
246 	if (dentry)
247 		dentry->d_fsdata = configfs_get(sd);
248 
249 	return 0;
250 }
251 
252 static void configfs_remove_dirent(struct dentry *dentry)
253 {
254 	struct configfs_dirent *sd = dentry->d_fsdata;
255 
256 	if (!sd)
257 		return;
258 	spin_lock(&configfs_dirent_lock);
259 	list_del_init(&sd->s_sibling);
260 	spin_unlock(&configfs_dirent_lock);
261 	configfs_put(sd);
262 }
263 
264 /**
265  *	configfs_create_dir - create a directory for an config_item.
266  *	@item:		config_itemwe're creating directory for.
267  *	@dentry:	config_item's dentry.
268  *	@frag:		config_item's fragment.
269  *
270  *	Note: user-created entries won't be allowed under this new directory
271  *	until it is validated by configfs_dir_set_ready()
272  */
273 
274 static int configfs_create_dir(struct config_item *item, struct dentry *dentry,
275 				struct configfs_fragment *frag)
276 {
277 	int error;
278 	umode_t mode = S_IFDIR| S_IRWXU | S_IRUGO | S_IXUGO;
279 	struct dentry *p = dentry->d_parent;
280 	struct inode *inode;
281 
282 	BUG_ON(!item);
283 
284 	error = configfs_dirent_exists(p->d_fsdata, dentry->d_name.name);
285 	if (unlikely(error))
286 		return error;
287 
288 	error = configfs_make_dirent(p->d_fsdata, dentry, item, mode,
289 				     CONFIGFS_DIR | CONFIGFS_USET_CREATING,
290 				     frag);
291 	if (unlikely(error))
292 		return error;
293 
294 	configfs_set_dir_dirent_depth(p->d_fsdata, dentry->d_fsdata);
295 	inode = configfs_create(dentry, mode);
296 	if (IS_ERR(inode))
297 		goto out_remove;
298 
299 	inode->i_op = &configfs_dir_inode_operations;
300 	inode->i_fop = &configfs_dir_operations;
301 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
302 	inc_nlink(inode);
303 	d_instantiate(dentry, inode);
304 	/* already hashed */
305 	dget(dentry);  /* pin directory dentries in core */
306 	inc_nlink(d_inode(p));
307 	item->ci_dentry = dentry;
308 	return 0;
309 
310 out_remove:
311 	configfs_remove_dirent(dentry);
312 	return PTR_ERR(inode);
313 }
314 
315 /*
316  * Allow userspace to create new entries under a new directory created with
317  * configfs_create_dir(), and under all of its chidlren directories recursively.
318  * @sd		configfs_dirent of the new directory to validate
319  *
320  * Caller must hold configfs_dirent_lock.
321  */
322 static void configfs_dir_set_ready(struct configfs_dirent *sd)
323 {
324 	struct configfs_dirent *child_sd;
325 
326 	sd->s_type &= ~CONFIGFS_USET_CREATING;
327 	list_for_each_entry(child_sd, &sd->s_children, s_sibling)
328 		if (child_sd->s_type & CONFIGFS_USET_CREATING)
329 			configfs_dir_set_ready(child_sd);
330 }
331 
332 /*
333  * Check that a directory does not belong to a directory hierarchy being
334  * attached and not validated yet.
335  * @sd		configfs_dirent of the directory to check
336  *
337  * @return	non-zero iff the directory was validated
338  *
339  * Note: takes configfs_dirent_lock, so the result may change from false to true
340  * in two consecutive calls, but never from true to false.
341  */
342 int configfs_dirent_is_ready(struct configfs_dirent *sd)
343 {
344 	int ret;
345 
346 	spin_lock(&configfs_dirent_lock);
347 	ret = !(sd->s_type & CONFIGFS_USET_CREATING);
348 	spin_unlock(&configfs_dirent_lock);
349 
350 	return ret;
351 }
352 
353 int configfs_create_link(struct configfs_dirent *target, struct dentry *parent,
354 		struct dentry *dentry, char *body)
355 {
356 	int err = 0;
357 	umode_t mode = S_IFLNK | S_IRWXUGO;
358 	struct configfs_dirent *p = parent->d_fsdata;
359 	struct inode *inode;
360 
361 	err = configfs_make_dirent(p, dentry, target, mode, CONFIGFS_ITEM_LINK,
362 			p->s_frag);
363 	if (err)
364 		return err;
365 
366 	inode = configfs_create(dentry, mode);
367 	if (IS_ERR(inode))
368 		goto out_remove;
369 
370 	inode->i_link = body;
371 	inode->i_op = &configfs_symlink_inode_operations;
372 	d_instantiate(dentry, inode);
373 	dget(dentry);  /* pin link dentries in core */
374 	return 0;
375 
376 out_remove:
377 	configfs_remove_dirent(dentry);
378 	return PTR_ERR(inode);
379 }
380 
381 static void remove_dir(struct dentry * d)
382 {
383 	struct dentry * parent = dget(d->d_parent);
384 
385 	configfs_remove_dirent(d);
386 
387 	if (d_really_is_positive(d))
388 		simple_rmdir(d_inode(parent),d);
389 
390 	pr_debug(" o %pd removing done (%d)\n", d, d_count(d));
391 
392 	dput(parent);
393 }
394 
395 /**
396  * configfs_remove_dir - remove an config_item's directory.
397  * @item:	config_item we're removing.
398  *
399  * The only thing special about this is that we remove any files in
400  * the directory before we remove the directory, and we've inlined
401  * what used to be configfs_rmdir() below, instead of calling separately.
402  *
403  * Caller holds the mutex of the item's inode
404  */
405 
406 static void configfs_remove_dir(struct config_item * item)
407 {
408 	struct dentry * dentry = dget(item->ci_dentry);
409 
410 	if (!dentry)
411 		return;
412 
413 	remove_dir(dentry);
414 	/**
415 	 * Drop reference from dget() on entrance.
416 	 */
417 	dput(dentry);
418 }
419 
420 static struct dentry * configfs_lookup(struct inode *dir,
421 				       struct dentry *dentry,
422 				       unsigned int flags)
423 {
424 	struct configfs_dirent * parent_sd = dentry->d_parent->d_fsdata;
425 	struct configfs_dirent * sd;
426 	struct inode *inode = NULL;
427 
428 	if (dentry->d_name.len > NAME_MAX)
429 		return ERR_PTR(-ENAMETOOLONG);
430 
431 	/*
432 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
433 	 * being attached
434 	 *
435 	 * This forbids userspace to read/write attributes of items which may
436 	 * not complete their initialization, since the dentries of the
437 	 * attributes won't be instantiated.
438 	 */
439 	if (!configfs_dirent_is_ready(parent_sd))
440 		return ERR_PTR(-ENOENT);
441 
442 	spin_lock(&configfs_dirent_lock);
443 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
444 		if ((sd->s_type & CONFIGFS_NOT_PINNED) &&
445 		    !strcmp(configfs_get_name(sd), dentry->d_name.name)) {
446 			struct configfs_attribute *attr = sd->s_element;
447 			umode_t mode = (attr->ca_mode & S_IALLUGO) | S_IFREG;
448 
449 			dentry->d_fsdata = configfs_get(sd);
450 			sd->s_dentry = dentry;
451 			spin_unlock(&configfs_dirent_lock);
452 
453 			inode = configfs_create(dentry, mode);
454 			if (IS_ERR(inode)) {
455 				configfs_put(sd);
456 				return ERR_CAST(inode);
457 			}
458 			if (sd->s_type & CONFIGFS_ITEM_BIN_ATTR) {
459 				inode->i_size = 0;
460 				inode->i_fop = &configfs_bin_file_operations;
461 			} else {
462 				inode->i_size = PAGE_SIZE;
463 				inode->i_fop = &configfs_file_operations;
464 			}
465 			goto done;
466 		}
467 	}
468 	spin_unlock(&configfs_dirent_lock);
469 done:
470 	d_add(dentry, inode);
471 	return NULL;
472 }
473 
474 /*
475  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
476  * attributes and are removed by rmdir().  We recurse, setting
477  * CONFIGFS_USET_DROPPING on all children that are candidates for
478  * default detach.
479  * If there is an error, the caller will reset the flags via
480  * configfs_detach_rollback().
481  */
482 static int configfs_detach_prep(struct dentry *dentry, struct dentry **wait)
483 {
484 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
485 	struct configfs_dirent *sd;
486 	int ret;
487 
488 	/* Mark that we're trying to drop the group */
489 	parent_sd->s_type |= CONFIGFS_USET_DROPPING;
490 
491 	ret = -EBUSY;
492 	if (parent_sd->s_links)
493 		goto out;
494 
495 	ret = 0;
496 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
497 		if (!sd->s_element ||
498 		    (sd->s_type & CONFIGFS_NOT_PINNED))
499 			continue;
500 		if (sd->s_type & CONFIGFS_USET_DEFAULT) {
501 			/* Abort if racing with mkdir() */
502 			if (sd->s_type & CONFIGFS_USET_IN_MKDIR) {
503 				if (wait)
504 					*wait= dget(sd->s_dentry);
505 				return -EAGAIN;
506 			}
507 
508 			/*
509 			 * Yup, recursive.  If there's a problem, blame
510 			 * deep nesting of default_groups
511 			 */
512 			ret = configfs_detach_prep(sd->s_dentry, wait);
513 			if (!ret)
514 				continue;
515 		} else
516 			ret = -ENOTEMPTY;
517 
518 		break;
519 	}
520 
521 out:
522 	return ret;
523 }
524 
525 /*
526  * Walk the tree, resetting CONFIGFS_USET_DROPPING wherever it was
527  * set.
528  */
529 static void configfs_detach_rollback(struct dentry *dentry)
530 {
531 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
532 	struct configfs_dirent *sd;
533 
534 	parent_sd->s_type &= ~CONFIGFS_USET_DROPPING;
535 
536 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling)
537 		if (sd->s_type & CONFIGFS_USET_DEFAULT)
538 			configfs_detach_rollback(sd->s_dentry);
539 }
540 
541 static void detach_attrs(struct config_item * item)
542 {
543 	struct dentry * dentry = dget(item->ci_dentry);
544 	struct configfs_dirent * parent_sd;
545 	struct configfs_dirent * sd, * tmp;
546 
547 	if (!dentry)
548 		return;
549 
550 	pr_debug("configfs %s: dropping attrs for  dir\n",
551 		 dentry->d_name.name);
552 
553 	parent_sd = dentry->d_fsdata;
554 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
555 		if (!sd->s_element || !(sd->s_type & CONFIGFS_NOT_PINNED))
556 			continue;
557 		spin_lock(&configfs_dirent_lock);
558 		list_del_init(&sd->s_sibling);
559 		spin_unlock(&configfs_dirent_lock);
560 		configfs_drop_dentry(sd, dentry);
561 		configfs_put(sd);
562 	}
563 
564 	/**
565 	 * Drop reference from dget() on entrance.
566 	 */
567 	dput(dentry);
568 }
569 
570 static int populate_attrs(struct config_item *item)
571 {
572 	const struct config_item_type *t = item->ci_type;
573 	struct configfs_attribute *attr;
574 	struct configfs_bin_attribute *bin_attr;
575 	int error = 0;
576 	int i;
577 
578 	if (!t)
579 		return -EINVAL;
580 	if (t->ct_attrs) {
581 		for (i = 0; (attr = t->ct_attrs[i]) != NULL; i++) {
582 			if ((error = configfs_create_file(item, attr)))
583 				break;
584 		}
585 	}
586 	if (t->ct_bin_attrs) {
587 		for (i = 0; (bin_attr = t->ct_bin_attrs[i]) != NULL; i++) {
588 			error = configfs_create_bin_file(item, bin_attr);
589 			if (error)
590 				break;
591 		}
592 	}
593 
594 	if (error)
595 		detach_attrs(item);
596 
597 	return error;
598 }
599 
600 static int configfs_attach_group(struct config_item *parent_item,
601 				 struct config_item *item,
602 				 struct dentry *dentry,
603 				 struct configfs_fragment *frag);
604 static void configfs_detach_group(struct config_item *item);
605 
606 static void detach_groups(struct config_group *group)
607 {
608 	struct dentry * dentry = dget(group->cg_item.ci_dentry);
609 	struct dentry *child;
610 	struct configfs_dirent *parent_sd;
611 	struct configfs_dirent *sd, *tmp;
612 
613 	if (!dentry)
614 		return;
615 
616 	parent_sd = dentry->d_fsdata;
617 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
618 		if (!sd->s_element ||
619 		    !(sd->s_type & CONFIGFS_USET_DEFAULT))
620 			continue;
621 
622 		child = sd->s_dentry;
623 
624 		inode_lock(d_inode(child));
625 
626 		configfs_detach_group(sd->s_element);
627 		d_inode(child)->i_flags |= S_DEAD;
628 		dont_mount(child);
629 
630 		inode_unlock(d_inode(child));
631 
632 		d_delete(child);
633 		dput(child);
634 	}
635 
636 	/**
637 	 * Drop reference from dget() on entrance.
638 	 */
639 	dput(dentry);
640 }
641 
642 /*
643  * This fakes mkdir(2) on a default_groups[] entry.  It
644  * creates a dentry, attachs it, and then does fixup
645  * on the sd->s_type.
646  *
647  * We could, perhaps, tweak our parent's ->mkdir for a minute and
648  * try using vfs_mkdir.  Just a thought.
649  */
650 static int create_default_group(struct config_group *parent_group,
651 				struct config_group *group,
652 				struct configfs_fragment *frag)
653 {
654 	int ret;
655 	struct configfs_dirent *sd;
656 	/* We trust the caller holds a reference to parent */
657 	struct dentry *child, *parent = parent_group->cg_item.ci_dentry;
658 
659 	if (!group->cg_item.ci_name)
660 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
661 
662 	ret = -ENOMEM;
663 	child = d_alloc_name(parent, group->cg_item.ci_name);
664 	if (child) {
665 		d_add(child, NULL);
666 
667 		ret = configfs_attach_group(&parent_group->cg_item,
668 					    &group->cg_item, child, frag);
669 		if (!ret) {
670 			sd = child->d_fsdata;
671 			sd->s_type |= CONFIGFS_USET_DEFAULT;
672 		} else {
673 			BUG_ON(d_inode(child));
674 			d_drop(child);
675 			dput(child);
676 		}
677 	}
678 
679 	return ret;
680 }
681 
682 static int populate_groups(struct config_group *group,
683 			   struct configfs_fragment *frag)
684 {
685 	struct config_group *new_group;
686 	int ret = 0;
687 
688 	list_for_each_entry(new_group, &group->default_groups, group_entry) {
689 		ret = create_default_group(group, new_group, frag);
690 		if (ret) {
691 			detach_groups(group);
692 			break;
693 		}
694 	}
695 
696 	return ret;
697 }
698 
699 void configfs_remove_default_groups(struct config_group *group)
700 {
701 	struct config_group *g, *n;
702 
703 	list_for_each_entry_safe(g, n, &group->default_groups, group_entry) {
704 		list_del(&g->group_entry);
705 		config_item_put(&g->cg_item);
706 	}
707 }
708 EXPORT_SYMBOL(configfs_remove_default_groups);
709 
710 /*
711  * All of link_obj/unlink_obj/link_group/unlink_group require that
712  * subsys->su_mutex is held.
713  */
714 
715 static void unlink_obj(struct config_item *item)
716 {
717 	struct config_group *group;
718 
719 	group = item->ci_group;
720 	if (group) {
721 		list_del_init(&item->ci_entry);
722 
723 		item->ci_group = NULL;
724 		item->ci_parent = NULL;
725 
726 		/* Drop the reference for ci_entry */
727 		config_item_put(item);
728 
729 		/* Drop the reference for ci_parent */
730 		config_group_put(group);
731 	}
732 }
733 
734 static void link_obj(struct config_item *parent_item, struct config_item *item)
735 {
736 	/*
737 	 * Parent seems redundant with group, but it makes certain
738 	 * traversals much nicer.
739 	 */
740 	item->ci_parent = parent_item;
741 
742 	/*
743 	 * We hold a reference on the parent for the child's ci_parent
744 	 * link.
745 	 */
746 	item->ci_group = config_group_get(to_config_group(parent_item));
747 	list_add_tail(&item->ci_entry, &item->ci_group->cg_children);
748 
749 	/*
750 	 * We hold a reference on the child for ci_entry on the parent's
751 	 * cg_children
752 	 */
753 	config_item_get(item);
754 }
755 
756 static void unlink_group(struct config_group *group)
757 {
758 	struct config_group *new_group;
759 
760 	list_for_each_entry(new_group, &group->default_groups, group_entry)
761 		unlink_group(new_group);
762 
763 	group->cg_subsys = NULL;
764 	unlink_obj(&group->cg_item);
765 }
766 
767 static void link_group(struct config_group *parent_group, struct config_group *group)
768 {
769 	struct config_group *new_group;
770 	struct configfs_subsystem *subsys = NULL; /* gcc is a turd */
771 
772 	link_obj(&parent_group->cg_item, &group->cg_item);
773 
774 	if (parent_group->cg_subsys)
775 		subsys = parent_group->cg_subsys;
776 	else if (configfs_is_root(&parent_group->cg_item))
777 		subsys = to_configfs_subsystem(group);
778 	else
779 		BUG();
780 	group->cg_subsys = subsys;
781 
782 	list_for_each_entry(new_group, &group->default_groups, group_entry)
783 		link_group(group, new_group);
784 }
785 
786 /*
787  * The goal is that configfs_attach_item() (and
788  * configfs_attach_group()) can be called from either the VFS or this
789  * module.  That is, they assume that the items have been created,
790  * the dentry allocated, and the dcache is all ready to go.
791  *
792  * If they fail, they must clean up after themselves as if they
793  * had never been called.  The caller (VFS or local function) will
794  * handle cleaning up the dcache bits.
795  *
796  * configfs_detach_group() and configfs_detach_item() behave similarly on
797  * the way out.  They assume that the proper semaphores are held, they
798  * clean up the configfs items, and they expect their callers will
799  * handle the dcache bits.
800  */
801 static int configfs_attach_item(struct config_item *parent_item,
802 				struct config_item *item,
803 				struct dentry *dentry,
804 				struct configfs_fragment *frag)
805 {
806 	int ret;
807 
808 	ret = configfs_create_dir(item, dentry, frag);
809 	if (!ret) {
810 		ret = populate_attrs(item);
811 		if (ret) {
812 			/*
813 			 * We are going to remove an inode and its dentry but
814 			 * the VFS may already have hit and used them. Thus,
815 			 * we must lock them as rmdir() would.
816 			 */
817 			inode_lock(d_inode(dentry));
818 			configfs_remove_dir(item);
819 			d_inode(dentry)->i_flags |= S_DEAD;
820 			dont_mount(dentry);
821 			inode_unlock(d_inode(dentry));
822 			d_delete(dentry);
823 		}
824 	}
825 
826 	return ret;
827 }
828 
829 /* Caller holds the mutex of the item's inode */
830 static void configfs_detach_item(struct config_item *item)
831 {
832 	detach_attrs(item);
833 	configfs_remove_dir(item);
834 }
835 
836 static int configfs_attach_group(struct config_item *parent_item,
837 				 struct config_item *item,
838 				 struct dentry *dentry,
839 				 struct configfs_fragment *frag)
840 {
841 	int ret;
842 	struct configfs_dirent *sd;
843 
844 	ret = configfs_attach_item(parent_item, item, dentry, frag);
845 	if (!ret) {
846 		sd = dentry->d_fsdata;
847 		sd->s_type |= CONFIGFS_USET_DIR;
848 
849 		/*
850 		 * FYI, we're faking mkdir in populate_groups()
851 		 * We must lock the group's inode to avoid races with the VFS
852 		 * which can already hit the inode and try to add/remove entries
853 		 * under it.
854 		 *
855 		 * We must also lock the inode to remove it safely in case of
856 		 * error, as rmdir() would.
857 		 */
858 		inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
859 		configfs_adjust_dir_dirent_depth_before_populate(sd);
860 		ret = populate_groups(to_config_group(item), frag);
861 		if (ret) {
862 			configfs_detach_item(item);
863 			d_inode(dentry)->i_flags |= S_DEAD;
864 			dont_mount(dentry);
865 		}
866 		configfs_adjust_dir_dirent_depth_after_populate(sd);
867 		inode_unlock(d_inode(dentry));
868 		if (ret)
869 			d_delete(dentry);
870 	}
871 
872 	return ret;
873 }
874 
875 /* Caller holds the mutex of the group's inode */
876 static void configfs_detach_group(struct config_item *item)
877 {
878 	detach_groups(to_config_group(item));
879 	configfs_detach_item(item);
880 }
881 
882 /*
883  * After the item has been detached from the filesystem view, we are
884  * ready to tear it out of the hierarchy.  Notify the client before
885  * we do that so they can perform any cleanup that requires
886  * navigating the hierarchy.  A client does not need to provide this
887  * callback.  The subsystem semaphore MUST be held by the caller, and
888  * references must be valid for both items.  It also assumes the
889  * caller has validated ci_type.
890  */
891 static void client_disconnect_notify(struct config_item *parent_item,
892 				     struct config_item *item)
893 {
894 	const struct config_item_type *type;
895 
896 	type = parent_item->ci_type;
897 	BUG_ON(!type);
898 
899 	if (type->ct_group_ops && type->ct_group_ops->disconnect_notify)
900 		type->ct_group_ops->disconnect_notify(to_config_group(parent_item),
901 						      item);
902 }
903 
904 /*
905  * Drop the initial reference from make_item()/make_group()
906  * This function assumes that reference is held on item
907  * and that item holds a valid reference to the parent.  Also, it
908  * assumes the caller has validated ci_type.
909  */
910 static void client_drop_item(struct config_item *parent_item,
911 			     struct config_item *item)
912 {
913 	const struct config_item_type *type;
914 
915 	type = parent_item->ci_type;
916 	BUG_ON(!type);
917 
918 	/*
919 	 * If ->drop_item() exists, it is responsible for the
920 	 * config_item_put().
921 	 */
922 	if (type->ct_group_ops && type->ct_group_ops->drop_item)
923 		type->ct_group_ops->drop_item(to_config_group(parent_item),
924 					      item);
925 	else
926 		config_item_put(item);
927 }
928 
929 #ifdef DEBUG
930 static void configfs_dump_one(struct configfs_dirent *sd, int level)
931 {
932 	pr_info("%*s\"%s\":\n", level, " ", configfs_get_name(sd));
933 
934 #define type_print(_type) if (sd->s_type & _type) pr_info("%*s %s\n", level, " ", #_type);
935 	type_print(CONFIGFS_ROOT);
936 	type_print(CONFIGFS_DIR);
937 	type_print(CONFIGFS_ITEM_ATTR);
938 	type_print(CONFIGFS_ITEM_LINK);
939 	type_print(CONFIGFS_USET_DIR);
940 	type_print(CONFIGFS_USET_DEFAULT);
941 	type_print(CONFIGFS_USET_DROPPING);
942 #undef type_print
943 }
944 
945 static int configfs_dump(struct configfs_dirent *sd, int level)
946 {
947 	struct configfs_dirent *child_sd;
948 	int ret = 0;
949 
950 	configfs_dump_one(sd, level);
951 
952 	if (!(sd->s_type & (CONFIGFS_DIR|CONFIGFS_ROOT)))
953 		return 0;
954 
955 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
956 		ret = configfs_dump(child_sd, level + 2);
957 		if (ret)
958 			break;
959 	}
960 
961 	return ret;
962 }
963 #endif
964 
965 
966 /*
967  * configfs_depend_item() and configfs_undepend_item()
968  *
969  * WARNING: Do not call these from a configfs callback!
970  *
971  * This describes these functions and their helpers.
972  *
973  * Allow another kernel system to depend on a config_item.  If this
974  * happens, the item cannot go away until the dependent can live without
975  * it.  The idea is to give client modules as simple an interface as
976  * possible.  When a system asks them to depend on an item, they just
977  * call configfs_depend_item().  If the item is live and the client
978  * driver is in good shape, we'll happily do the work for them.
979  *
980  * Why is the locking complex?  Because configfs uses the VFS to handle
981  * all locking, but this function is called outside the normal
982  * VFS->configfs path.  So it must take VFS locks to prevent the
983  * VFS->configfs stuff (configfs_mkdir(), configfs_rmdir(), etc).  This is
984  * why you can't call these functions underneath configfs callbacks.
985  *
986  * Note, btw, that this can be called at *any* time, even when a configfs
987  * subsystem isn't registered, or when configfs is loading or unloading.
988  * Just like configfs_register_subsystem().  So we take the same
989  * precautions.  We pin the filesystem.  We lock configfs_dirent_lock.
990  * If we can find the target item in the
991  * configfs tree, it must be part of the subsystem tree as well, so we
992  * do not need the subsystem semaphore.  Holding configfs_dirent_lock helps
993  * locking out mkdir() and rmdir(), who might be racing us.
994  */
995 
996 /*
997  * configfs_depend_prep()
998  *
999  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
1000  * attributes.  This is similar but not the same to configfs_detach_prep().
1001  * Note that configfs_detach_prep() expects the parent to be locked when it
1002  * is called, but we lock the parent *inside* configfs_depend_prep().  We
1003  * do that so we can unlock it if we find nothing.
1004  *
1005  * Here we do a depth-first search of the dentry hierarchy looking for
1006  * our object.
1007  * We deliberately ignore items tagged as dropping since they are virtually
1008  * dead, as well as items in the middle of attachment since they virtually
1009  * do not exist yet. This completes the locking out of racing mkdir() and
1010  * rmdir().
1011  * Note: subdirectories in the middle of attachment start with s_type =
1012  * CONFIGFS_DIR|CONFIGFS_USET_CREATING set by create_dir().  When
1013  * CONFIGFS_USET_CREATING is set, we ignore the item.  The actual set of
1014  * s_type is in configfs_new_dirent(), which has configfs_dirent_lock.
1015  *
1016  * If the target is not found, -ENOENT is bubbled up.
1017  *
1018  * This adds a requirement that all config_items be unique!
1019  *
1020  * This is recursive.  There isn't
1021  * much on the stack, though, so folks that need this function - be careful
1022  * about your stack!  Patches will be accepted to make it iterative.
1023  */
1024 static int configfs_depend_prep(struct dentry *origin,
1025 				struct config_item *target)
1026 {
1027 	struct configfs_dirent *child_sd, *sd;
1028 	int ret = 0;
1029 
1030 	BUG_ON(!origin || !origin->d_fsdata);
1031 	sd = origin->d_fsdata;
1032 
1033 	if (sd->s_element == target)  /* Boo-yah */
1034 		goto out;
1035 
1036 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
1037 		if ((child_sd->s_type & CONFIGFS_DIR) &&
1038 		    !(child_sd->s_type & CONFIGFS_USET_DROPPING) &&
1039 		    !(child_sd->s_type & CONFIGFS_USET_CREATING)) {
1040 			ret = configfs_depend_prep(child_sd->s_dentry,
1041 						   target);
1042 			if (!ret)
1043 				goto out;  /* Child path boo-yah */
1044 		}
1045 	}
1046 
1047 	/* We looped all our children and didn't find target */
1048 	ret = -ENOENT;
1049 
1050 out:
1051 	return ret;
1052 }
1053 
1054 static int configfs_do_depend_item(struct dentry *subsys_dentry,
1055 				   struct config_item *target)
1056 {
1057 	struct configfs_dirent *p;
1058 	int ret;
1059 
1060 	spin_lock(&configfs_dirent_lock);
1061 	/* Scan the tree, return 0 if found */
1062 	ret = configfs_depend_prep(subsys_dentry, target);
1063 	if (ret)
1064 		goto out_unlock_dirent_lock;
1065 
1066 	/*
1067 	 * We are sure that the item is not about to be removed by rmdir(), and
1068 	 * not in the middle of attachment by mkdir().
1069 	 */
1070 	p = target->ci_dentry->d_fsdata;
1071 	p->s_dependent_count += 1;
1072 
1073 out_unlock_dirent_lock:
1074 	spin_unlock(&configfs_dirent_lock);
1075 
1076 	return ret;
1077 }
1078 
1079 static inline struct configfs_dirent *
1080 configfs_find_subsys_dentry(struct configfs_dirent *root_sd,
1081 			    struct config_item *subsys_item)
1082 {
1083 	struct configfs_dirent *p;
1084 	struct configfs_dirent *ret = NULL;
1085 
1086 	list_for_each_entry(p, &root_sd->s_children, s_sibling) {
1087 		if (p->s_type & CONFIGFS_DIR &&
1088 		    p->s_element == subsys_item) {
1089 			ret = p;
1090 			break;
1091 		}
1092 	}
1093 
1094 	return ret;
1095 }
1096 
1097 
1098 int configfs_depend_item(struct configfs_subsystem *subsys,
1099 			 struct config_item *target)
1100 {
1101 	int ret;
1102 	struct configfs_dirent *subsys_sd;
1103 	struct config_item *s_item = &subsys->su_group.cg_item;
1104 	struct dentry *root;
1105 
1106 	/*
1107 	 * Pin the configfs filesystem.  This means we can safely access
1108 	 * the root of the configfs filesystem.
1109 	 */
1110 	root = configfs_pin_fs();
1111 	if (IS_ERR(root))
1112 		return PTR_ERR(root);
1113 
1114 	/*
1115 	 * Next, lock the root directory.  We're going to check that the
1116 	 * subsystem is really registered, and so we need to lock out
1117 	 * configfs_[un]register_subsystem().
1118 	 */
1119 	inode_lock(d_inode(root));
1120 
1121 	subsys_sd = configfs_find_subsys_dentry(root->d_fsdata, s_item);
1122 	if (!subsys_sd) {
1123 		ret = -ENOENT;
1124 		goto out_unlock_fs;
1125 	}
1126 
1127 	/* Ok, now we can trust subsys/s_item */
1128 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1129 
1130 out_unlock_fs:
1131 	inode_unlock(d_inode(root));
1132 
1133 	/*
1134 	 * If we succeeded, the fs is pinned via other methods.  If not,
1135 	 * we're done with it anyway.  So release_fs() is always right.
1136 	 */
1137 	configfs_release_fs();
1138 
1139 	return ret;
1140 }
1141 EXPORT_SYMBOL(configfs_depend_item);
1142 
1143 /*
1144  * Release the dependent linkage.  This is much simpler than
1145  * configfs_depend_item() because we know that the client driver is
1146  * pinned, thus the subsystem is pinned, and therefore configfs is pinned.
1147  */
1148 void configfs_undepend_item(struct config_item *target)
1149 {
1150 	struct configfs_dirent *sd;
1151 
1152 	/*
1153 	 * Since we can trust everything is pinned, we just need
1154 	 * configfs_dirent_lock.
1155 	 */
1156 	spin_lock(&configfs_dirent_lock);
1157 
1158 	sd = target->ci_dentry->d_fsdata;
1159 	BUG_ON(sd->s_dependent_count < 1);
1160 
1161 	sd->s_dependent_count -= 1;
1162 
1163 	/*
1164 	 * After this unlock, we cannot trust the item to stay alive!
1165 	 * DO NOT REFERENCE item after this unlock.
1166 	 */
1167 	spin_unlock(&configfs_dirent_lock);
1168 }
1169 EXPORT_SYMBOL(configfs_undepend_item);
1170 
1171 /*
1172  * caller_subsys is a caller's subsystem not target's. This is used to
1173  * determine if we should lock root and check subsys or not. When we are
1174  * in the same subsystem as our target there is no need to do locking as
1175  * we know that subsys is valid and is not unregistered during this function
1176  * as we are called from callback of one of his children and VFS holds a lock
1177  * on some inode. Otherwise we have to lock our root to  ensure that target's
1178  * subsystem it is not unregistered during this function.
1179  */
1180 int configfs_depend_item_unlocked(struct configfs_subsystem *caller_subsys,
1181 				  struct config_item *target)
1182 {
1183 	struct configfs_subsystem *target_subsys;
1184 	struct config_group *root, *parent;
1185 	struct configfs_dirent *subsys_sd;
1186 	int ret = -ENOENT;
1187 
1188 	/* Disallow this function for configfs root */
1189 	if (configfs_is_root(target))
1190 		return -EINVAL;
1191 
1192 	parent = target->ci_group;
1193 	/*
1194 	 * This may happen when someone is trying to depend root
1195 	 * directory of some subsystem
1196 	 */
1197 	if (configfs_is_root(&parent->cg_item)) {
1198 		target_subsys = to_configfs_subsystem(to_config_group(target));
1199 		root = parent;
1200 	} else {
1201 		target_subsys = parent->cg_subsys;
1202 		/* Find a cofnigfs root as we may need it for locking */
1203 		for (root = parent; !configfs_is_root(&root->cg_item);
1204 		     root = root->cg_item.ci_group)
1205 			;
1206 	}
1207 
1208 	if (target_subsys != caller_subsys) {
1209 		/*
1210 		 * We are in other configfs subsystem, so we have to do
1211 		 * additional locking to prevent other subsystem from being
1212 		 * unregistered
1213 		 */
1214 		inode_lock(d_inode(root->cg_item.ci_dentry));
1215 
1216 		/*
1217 		 * As we are trying to depend item from other subsystem
1218 		 * we have to check if this subsystem is still registered
1219 		 */
1220 		subsys_sd = configfs_find_subsys_dentry(
1221 				root->cg_item.ci_dentry->d_fsdata,
1222 				&target_subsys->su_group.cg_item);
1223 		if (!subsys_sd)
1224 			goto out_root_unlock;
1225 	} else {
1226 		subsys_sd = target_subsys->su_group.cg_item.ci_dentry->d_fsdata;
1227 	}
1228 
1229 	/* Now we can execute core of depend item */
1230 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1231 
1232 	if (target_subsys != caller_subsys)
1233 out_root_unlock:
1234 		/*
1235 		 * We were called from subsystem other than our target so we
1236 		 * took some locks so now it's time to release them
1237 		 */
1238 		inode_unlock(d_inode(root->cg_item.ci_dentry));
1239 
1240 	return ret;
1241 }
1242 EXPORT_SYMBOL(configfs_depend_item_unlocked);
1243 
1244 static int configfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
1245 			  struct dentry *dentry, umode_t mode)
1246 {
1247 	int ret = 0;
1248 	int module_got = 0;
1249 	struct config_group *group = NULL;
1250 	struct config_item *item = NULL;
1251 	struct config_item *parent_item;
1252 	struct configfs_subsystem *subsys;
1253 	struct configfs_dirent *sd;
1254 	const struct config_item_type *type;
1255 	struct module *subsys_owner = NULL, *new_item_owner = NULL;
1256 	struct configfs_fragment *frag;
1257 	char *name;
1258 
1259 	sd = dentry->d_parent->d_fsdata;
1260 
1261 	/*
1262 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1263 	 * being attached
1264 	 */
1265 	if (!configfs_dirent_is_ready(sd)) {
1266 		ret = -ENOENT;
1267 		goto out;
1268 	}
1269 
1270 	if (!(sd->s_type & CONFIGFS_USET_DIR)) {
1271 		ret = -EPERM;
1272 		goto out;
1273 	}
1274 
1275 	frag = new_fragment();
1276 	if (!frag) {
1277 		ret = -ENOMEM;
1278 		goto out;
1279 	}
1280 
1281 	/* Get a working ref for the duration of this function */
1282 	parent_item = configfs_get_config_item(dentry->d_parent);
1283 	type = parent_item->ci_type;
1284 	subsys = to_config_group(parent_item)->cg_subsys;
1285 	BUG_ON(!subsys);
1286 
1287 	if (!type || !type->ct_group_ops ||
1288 	    (!type->ct_group_ops->make_group &&
1289 	     !type->ct_group_ops->make_item)) {
1290 		ret = -EPERM;  /* Lack-of-mkdir returns -EPERM */
1291 		goto out_put;
1292 	}
1293 
1294 	/*
1295 	 * The subsystem may belong to a different module than the item
1296 	 * being created.  We don't want to safely pin the new item but
1297 	 * fail to pin the subsystem it sits under.
1298 	 */
1299 	if (!subsys->su_group.cg_item.ci_type) {
1300 		ret = -EINVAL;
1301 		goto out_put;
1302 	}
1303 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1304 	if (!try_module_get(subsys_owner)) {
1305 		ret = -EINVAL;
1306 		goto out_put;
1307 	}
1308 
1309 	name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL);
1310 	if (!name) {
1311 		ret = -ENOMEM;
1312 		goto out_subsys_put;
1313 	}
1314 
1315 	snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name);
1316 
1317 	mutex_lock(&subsys->su_mutex);
1318 	if (type->ct_group_ops->make_group) {
1319 		group = type->ct_group_ops->make_group(to_config_group(parent_item), name);
1320 		if (!group)
1321 			group = ERR_PTR(-ENOMEM);
1322 		if (!IS_ERR(group)) {
1323 			link_group(to_config_group(parent_item), group);
1324 			item = &group->cg_item;
1325 		} else
1326 			ret = PTR_ERR(group);
1327 	} else {
1328 		item = type->ct_group_ops->make_item(to_config_group(parent_item), name);
1329 		if (!item)
1330 			item = ERR_PTR(-ENOMEM);
1331 		if (!IS_ERR(item))
1332 			link_obj(parent_item, item);
1333 		else
1334 			ret = PTR_ERR(item);
1335 	}
1336 	mutex_unlock(&subsys->su_mutex);
1337 
1338 	kfree(name);
1339 	if (ret) {
1340 		/*
1341 		 * If ret != 0, then link_obj() was never called.
1342 		 * There are no extra references to clean up.
1343 		 */
1344 		goto out_subsys_put;
1345 	}
1346 
1347 	/*
1348 	 * link_obj() has been called (via link_group() for groups).
1349 	 * From here on out, errors must clean that up.
1350 	 */
1351 
1352 	type = item->ci_type;
1353 	if (!type) {
1354 		ret = -EINVAL;
1355 		goto out_unlink;
1356 	}
1357 
1358 	new_item_owner = type->ct_owner;
1359 	if (!try_module_get(new_item_owner)) {
1360 		ret = -EINVAL;
1361 		goto out_unlink;
1362 	}
1363 
1364 	/*
1365 	 * I hate doing it this way, but if there is
1366 	 * an error,  module_put() probably should
1367 	 * happen after any cleanup.
1368 	 */
1369 	module_got = 1;
1370 
1371 	/*
1372 	 * Make racing rmdir() fail if it did not tag parent with
1373 	 * CONFIGFS_USET_DROPPING
1374 	 * Note: if CONFIGFS_USET_DROPPING is already set, attach_group() will
1375 	 * fail and let rmdir() terminate correctly
1376 	 */
1377 	spin_lock(&configfs_dirent_lock);
1378 	/* This will make configfs_detach_prep() fail */
1379 	sd->s_type |= CONFIGFS_USET_IN_MKDIR;
1380 	spin_unlock(&configfs_dirent_lock);
1381 
1382 	if (group)
1383 		ret = configfs_attach_group(parent_item, item, dentry, frag);
1384 	else
1385 		ret = configfs_attach_item(parent_item, item, dentry, frag);
1386 
1387 	spin_lock(&configfs_dirent_lock);
1388 	sd->s_type &= ~CONFIGFS_USET_IN_MKDIR;
1389 	if (!ret)
1390 		configfs_dir_set_ready(dentry->d_fsdata);
1391 	spin_unlock(&configfs_dirent_lock);
1392 
1393 out_unlink:
1394 	if (ret) {
1395 		/* Tear down everything we built up */
1396 		mutex_lock(&subsys->su_mutex);
1397 
1398 		client_disconnect_notify(parent_item, item);
1399 		if (group)
1400 			unlink_group(group);
1401 		else
1402 			unlink_obj(item);
1403 		client_drop_item(parent_item, item);
1404 
1405 		mutex_unlock(&subsys->su_mutex);
1406 
1407 		if (module_got)
1408 			module_put(new_item_owner);
1409 	}
1410 
1411 out_subsys_put:
1412 	if (ret)
1413 		module_put(subsys_owner);
1414 
1415 out_put:
1416 	/*
1417 	 * link_obj()/link_group() took a reference from child->parent,
1418 	 * so the parent is safely pinned.  We can drop our working
1419 	 * reference.
1420 	 */
1421 	config_item_put(parent_item);
1422 	put_fragment(frag);
1423 
1424 out:
1425 	return ret;
1426 }
1427 
1428 static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
1429 {
1430 	struct config_item *parent_item;
1431 	struct config_item *item;
1432 	struct configfs_subsystem *subsys;
1433 	struct configfs_dirent *sd;
1434 	struct configfs_fragment *frag;
1435 	struct module *subsys_owner = NULL, *dead_item_owner = NULL;
1436 	int ret;
1437 
1438 	sd = dentry->d_fsdata;
1439 	if (sd->s_type & CONFIGFS_USET_DEFAULT)
1440 		return -EPERM;
1441 
1442 	/* Get a working ref until we have the child */
1443 	parent_item = configfs_get_config_item(dentry->d_parent);
1444 	subsys = to_config_group(parent_item)->cg_subsys;
1445 	BUG_ON(!subsys);
1446 
1447 	if (!parent_item->ci_type) {
1448 		config_item_put(parent_item);
1449 		return -EINVAL;
1450 	}
1451 
1452 	/* configfs_mkdir() shouldn't have allowed this */
1453 	BUG_ON(!subsys->su_group.cg_item.ci_type);
1454 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1455 
1456 	/*
1457 	 * Ensure that no racing symlink() will make detach_prep() fail while
1458 	 * the new link is temporarily attached
1459 	 */
1460 	do {
1461 		struct dentry *wait;
1462 
1463 		mutex_lock(&configfs_symlink_mutex);
1464 		spin_lock(&configfs_dirent_lock);
1465 		/*
1466 		 * Here's where we check for dependents.  We're protected by
1467 		 * configfs_dirent_lock.
1468 		 * If no dependent, atomically tag the item as dropping.
1469 		 */
1470 		ret = sd->s_dependent_count ? -EBUSY : 0;
1471 		if (!ret) {
1472 			ret = configfs_detach_prep(dentry, &wait);
1473 			if (ret)
1474 				configfs_detach_rollback(dentry);
1475 		}
1476 		spin_unlock(&configfs_dirent_lock);
1477 		mutex_unlock(&configfs_symlink_mutex);
1478 
1479 		if (ret) {
1480 			if (ret != -EAGAIN) {
1481 				config_item_put(parent_item);
1482 				return ret;
1483 			}
1484 
1485 			/* Wait until the racing operation terminates */
1486 			inode_lock(d_inode(wait));
1487 			inode_unlock(d_inode(wait));
1488 			dput(wait);
1489 		}
1490 	} while (ret == -EAGAIN);
1491 
1492 	frag = sd->s_frag;
1493 	if (down_write_killable(&frag->frag_sem)) {
1494 		spin_lock(&configfs_dirent_lock);
1495 		configfs_detach_rollback(dentry);
1496 		spin_unlock(&configfs_dirent_lock);
1497 		config_item_put(parent_item);
1498 		return -EINTR;
1499 	}
1500 	frag->frag_dead = true;
1501 	up_write(&frag->frag_sem);
1502 
1503 	/* Get a working ref for the duration of this function */
1504 	item = configfs_get_config_item(dentry);
1505 
1506 	/* Drop reference from above, item already holds one. */
1507 	config_item_put(parent_item);
1508 
1509 	if (item->ci_type)
1510 		dead_item_owner = item->ci_type->ct_owner;
1511 
1512 	if (sd->s_type & CONFIGFS_USET_DIR) {
1513 		configfs_detach_group(item);
1514 
1515 		mutex_lock(&subsys->su_mutex);
1516 		client_disconnect_notify(parent_item, item);
1517 		unlink_group(to_config_group(item));
1518 	} else {
1519 		configfs_detach_item(item);
1520 
1521 		mutex_lock(&subsys->su_mutex);
1522 		client_disconnect_notify(parent_item, item);
1523 		unlink_obj(item);
1524 	}
1525 
1526 	client_drop_item(parent_item, item);
1527 	mutex_unlock(&subsys->su_mutex);
1528 
1529 	/* Drop our reference from above */
1530 	config_item_put(item);
1531 
1532 	module_put(dead_item_owner);
1533 	module_put(subsys_owner);
1534 
1535 	return 0;
1536 }
1537 
1538 const struct inode_operations configfs_dir_inode_operations = {
1539 	.mkdir		= configfs_mkdir,
1540 	.rmdir		= configfs_rmdir,
1541 	.symlink	= configfs_symlink,
1542 	.unlink		= configfs_unlink,
1543 	.lookup		= configfs_lookup,
1544 	.setattr	= configfs_setattr,
1545 };
1546 
1547 const struct inode_operations configfs_root_inode_operations = {
1548 	.lookup		= configfs_lookup,
1549 	.setattr	= configfs_setattr,
1550 };
1551 
1552 static int configfs_dir_open(struct inode *inode, struct file *file)
1553 {
1554 	struct dentry * dentry = file->f_path.dentry;
1555 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1556 	int err;
1557 
1558 	inode_lock(d_inode(dentry));
1559 	/*
1560 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1561 	 * being attached
1562 	 */
1563 	err = -ENOENT;
1564 	if (configfs_dirent_is_ready(parent_sd)) {
1565 		file->private_data = configfs_new_dirent(parent_sd, NULL, 0, NULL);
1566 		if (IS_ERR(file->private_data))
1567 			err = PTR_ERR(file->private_data);
1568 		else
1569 			err = 0;
1570 	}
1571 	inode_unlock(d_inode(dentry));
1572 
1573 	return err;
1574 }
1575 
1576 static int configfs_dir_close(struct inode *inode, struct file *file)
1577 {
1578 	struct dentry * dentry = file->f_path.dentry;
1579 	struct configfs_dirent * cursor = file->private_data;
1580 
1581 	inode_lock(d_inode(dentry));
1582 	spin_lock(&configfs_dirent_lock);
1583 	list_del_init(&cursor->s_sibling);
1584 	spin_unlock(&configfs_dirent_lock);
1585 	inode_unlock(d_inode(dentry));
1586 
1587 	release_configfs_dirent(cursor);
1588 
1589 	return 0;
1590 }
1591 
1592 /* Relationship between s_mode and the DT_xxx types */
1593 static inline unsigned char dt_type(struct configfs_dirent *sd)
1594 {
1595 	return (sd->s_mode >> 12) & 15;
1596 }
1597 
1598 static int configfs_readdir(struct file *file, struct dir_context *ctx)
1599 {
1600 	struct dentry *dentry = file->f_path.dentry;
1601 	struct super_block *sb = dentry->d_sb;
1602 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1603 	struct configfs_dirent *cursor = file->private_data;
1604 	struct list_head *p, *q = &cursor->s_sibling;
1605 	ino_t ino = 0;
1606 
1607 	if (!dir_emit_dots(file, ctx))
1608 		return 0;
1609 	spin_lock(&configfs_dirent_lock);
1610 	if (ctx->pos == 2)
1611 		list_move(q, &parent_sd->s_children);
1612 	for (p = q->next; p != &parent_sd->s_children; p = p->next) {
1613 		struct configfs_dirent *next;
1614 		const char *name;
1615 		int len;
1616 		struct inode *inode = NULL;
1617 
1618 		next = list_entry(p, struct configfs_dirent, s_sibling);
1619 		if (!next->s_element)
1620 			continue;
1621 
1622 		/*
1623 		 * We'll have a dentry and an inode for
1624 		 * PINNED items and for open attribute
1625 		 * files.  We lock here to prevent a race
1626 		 * with configfs_d_iput() clearing
1627 		 * s_dentry before calling iput().
1628 		 *
1629 		 * Why do we go to the trouble?  If
1630 		 * someone has an attribute file open,
1631 		 * the inode number should match until
1632 		 * they close it.  Beyond that, we don't
1633 		 * care.
1634 		 */
1635 		dentry = next->s_dentry;
1636 		if (dentry)
1637 			inode = d_inode(dentry);
1638 		if (inode)
1639 			ino = inode->i_ino;
1640 		spin_unlock(&configfs_dirent_lock);
1641 		if (!inode)
1642 			ino = iunique(sb, 2);
1643 
1644 		name = configfs_get_name(next);
1645 		len = strlen(name);
1646 
1647 		if (!dir_emit(ctx, name, len, ino, dt_type(next)))
1648 			return 0;
1649 
1650 		spin_lock(&configfs_dirent_lock);
1651 		list_move(q, p);
1652 		p = q;
1653 		ctx->pos++;
1654 	}
1655 	spin_unlock(&configfs_dirent_lock);
1656 	return 0;
1657 }
1658 
1659 static loff_t configfs_dir_lseek(struct file *file, loff_t offset, int whence)
1660 {
1661 	struct dentry * dentry = file->f_path.dentry;
1662 
1663 	switch (whence) {
1664 		case 1:
1665 			offset += file->f_pos;
1666 			fallthrough;
1667 		case 0:
1668 			if (offset >= 0)
1669 				break;
1670 			fallthrough;
1671 		default:
1672 			return -EINVAL;
1673 	}
1674 	if (offset != file->f_pos) {
1675 		file->f_pos = offset;
1676 		if (file->f_pos >= 2) {
1677 			struct configfs_dirent *sd = dentry->d_fsdata;
1678 			struct configfs_dirent *cursor = file->private_data;
1679 			struct list_head *p;
1680 			loff_t n = file->f_pos - 2;
1681 
1682 			spin_lock(&configfs_dirent_lock);
1683 			list_del(&cursor->s_sibling);
1684 			p = sd->s_children.next;
1685 			while (n && p != &sd->s_children) {
1686 				struct configfs_dirent *next;
1687 				next = list_entry(p, struct configfs_dirent,
1688 						   s_sibling);
1689 				if (next->s_element)
1690 					n--;
1691 				p = p->next;
1692 			}
1693 			list_add_tail(&cursor->s_sibling, p);
1694 			spin_unlock(&configfs_dirent_lock);
1695 		}
1696 	}
1697 	return offset;
1698 }
1699 
1700 const struct file_operations configfs_dir_operations = {
1701 	.open		= configfs_dir_open,
1702 	.release	= configfs_dir_close,
1703 	.llseek		= configfs_dir_lseek,
1704 	.read		= generic_read_dir,
1705 	.iterate_shared	= configfs_readdir,
1706 };
1707 
1708 /**
1709  * configfs_register_group - creates a parent-child relation between two groups
1710  * @parent_group:	parent group
1711  * @group:		child group
1712  *
1713  * link groups, creates dentry for the child and attaches it to the
1714  * parent dentry.
1715  *
1716  * Return: 0 on success, negative errno code on error
1717  */
1718 int configfs_register_group(struct config_group *parent_group,
1719 			    struct config_group *group)
1720 {
1721 	struct configfs_subsystem *subsys = parent_group->cg_subsys;
1722 	struct dentry *parent;
1723 	struct configfs_fragment *frag;
1724 	int ret;
1725 
1726 	frag = new_fragment();
1727 	if (!frag)
1728 		return -ENOMEM;
1729 
1730 	mutex_lock(&subsys->su_mutex);
1731 	link_group(parent_group, group);
1732 	mutex_unlock(&subsys->su_mutex);
1733 
1734 	parent = parent_group->cg_item.ci_dentry;
1735 
1736 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1737 	ret = create_default_group(parent_group, group, frag);
1738 	if (ret)
1739 		goto err_out;
1740 
1741 	spin_lock(&configfs_dirent_lock);
1742 	configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
1743 	spin_unlock(&configfs_dirent_lock);
1744 	inode_unlock(d_inode(parent));
1745 	put_fragment(frag);
1746 	return 0;
1747 err_out:
1748 	inode_unlock(d_inode(parent));
1749 	mutex_lock(&subsys->su_mutex);
1750 	unlink_group(group);
1751 	mutex_unlock(&subsys->su_mutex);
1752 	put_fragment(frag);
1753 	return ret;
1754 }
1755 EXPORT_SYMBOL(configfs_register_group);
1756 
1757 /**
1758  * configfs_unregister_group() - unregisters a child group from its parent
1759  * @group: parent group to be unregistered
1760  *
1761  * Undoes configfs_register_group()
1762  */
1763 void configfs_unregister_group(struct config_group *group)
1764 {
1765 	struct configfs_subsystem *subsys = group->cg_subsys;
1766 	struct dentry *dentry = group->cg_item.ci_dentry;
1767 	struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
1768 	struct configfs_dirent *sd = dentry->d_fsdata;
1769 	struct configfs_fragment *frag = sd->s_frag;
1770 
1771 	down_write(&frag->frag_sem);
1772 	frag->frag_dead = true;
1773 	up_write(&frag->frag_sem);
1774 
1775 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1776 	spin_lock(&configfs_dirent_lock);
1777 	configfs_detach_prep(dentry, NULL);
1778 	spin_unlock(&configfs_dirent_lock);
1779 
1780 	configfs_detach_group(&group->cg_item);
1781 	d_inode(dentry)->i_flags |= S_DEAD;
1782 	dont_mount(dentry);
1783 	fsnotify_rmdir(d_inode(parent), dentry);
1784 	d_delete(dentry);
1785 	inode_unlock(d_inode(parent));
1786 
1787 	dput(dentry);
1788 
1789 	mutex_lock(&subsys->su_mutex);
1790 	unlink_group(group);
1791 	mutex_unlock(&subsys->su_mutex);
1792 }
1793 EXPORT_SYMBOL(configfs_unregister_group);
1794 
1795 /**
1796  * configfs_register_default_group() - allocates and registers a child group
1797  * @parent_group:	parent group
1798  * @name:		child group name
1799  * @item_type:		child item type description
1800  *
1801  * boilerplate to allocate and register a child group with its parent. We need
1802  * kzalloc'ed memory because child's default_group is initially empty.
1803  *
1804  * Return: allocated config group or ERR_PTR() on error
1805  */
1806 struct config_group *
1807 configfs_register_default_group(struct config_group *parent_group,
1808 				const char *name,
1809 				const struct config_item_type *item_type)
1810 {
1811 	int ret;
1812 	struct config_group *group;
1813 
1814 	group = kzalloc(sizeof(*group), GFP_KERNEL);
1815 	if (!group)
1816 		return ERR_PTR(-ENOMEM);
1817 	config_group_init_type_name(group, name, item_type);
1818 
1819 	ret = configfs_register_group(parent_group, group);
1820 	if (ret) {
1821 		kfree(group);
1822 		return ERR_PTR(ret);
1823 	}
1824 	return group;
1825 }
1826 EXPORT_SYMBOL(configfs_register_default_group);
1827 
1828 /**
1829  * configfs_unregister_default_group() - unregisters and frees a child group
1830  * @group:	the group to act on
1831  */
1832 void configfs_unregister_default_group(struct config_group *group)
1833 {
1834 	configfs_unregister_group(group);
1835 	kfree(group);
1836 }
1837 EXPORT_SYMBOL(configfs_unregister_default_group);
1838 
1839 int configfs_register_subsystem(struct configfs_subsystem *subsys)
1840 {
1841 	int err;
1842 	struct config_group *group = &subsys->su_group;
1843 	struct dentry *dentry;
1844 	struct dentry *root;
1845 	struct configfs_dirent *sd;
1846 	struct configfs_fragment *frag;
1847 
1848 	frag = new_fragment();
1849 	if (!frag)
1850 		return -ENOMEM;
1851 
1852 	root = configfs_pin_fs();
1853 	if (IS_ERR(root)) {
1854 		put_fragment(frag);
1855 		return PTR_ERR(root);
1856 	}
1857 
1858 	if (!group->cg_item.ci_name)
1859 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
1860 
1861 	sd = root->d_fsdata;
1862 	link_group(to_config_group(sd->s_element), group);
1863 
1864 	inode_lock_nested(d_inode(root), I_MUTEX_PARENT);
1865 
1866 	err = -ENOMEM;
1867 	dentry = d_alloc_name(root, group->cg_item.ci_name);
1868 	if (dentry) {
1869 		d_add(dentry, NULL);
1870 
1871 		err = configfs_attach_group(sd->s_element, &group->cg_item,
1872 					    dentry, frag);
1873 		if (err) {
1874 			BUG_ON(d_inode(dentry));
1875 			d_drop(dentry);
1876 			dput(dentry);
1877 		} else {
1878 			spin_lock(&configfs_dirent_lock);
1879 			configfs_dir_set_ready(dentry->d_fsdata);
1880 			spin_unlock(&configfs_dirent_lock);
1881 		}
1882 	}
1883 
1884 	inode_unlock(d_inode(root));
1885 
1886 	if (err) {
1887 		unlink_group(group);
1888 		configfs_release_fs();
1889 	}
1890 	put_fragment(frag);
1891 
1892 	return err;
1893 }
1894 
1895 void configfs_unregister_subsystem(struct configfs_subsystem *subsys)
1896 {
1897 	struct config_group *group = &subsys->su_group;
1898 	struct dentry *dentry = group->cg_item.ci_dentry;
1899 	struct dentry *root = dentry->d_sb->s_root;
1900 	struct configfs_dirent *sd = dentry->d_fsdata;
1901 	struct configfs_fragment *frag = sd->s_frag;
1902 
1903 	if (dentry->d_parent != root) {
1904 		pr_err("Tried to unregister non-subsystem!\n");
1905 		return;
1906 	}
1907 
1908 	down_write(&frag->frag_sem);
1909 	frag->frag_dead = true;
1910 	up_write(&frag->frag_sem);
1911 
1912 	inode_lock_nested(d_inode(root),
1913 			  I_MUTEX_PARENT);
1914 	inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
1915 	mutex_lock(&configfs_symlink_mutex);
1916 	spin_lock(&configfs_dirent_lock);
1917 	if (configfs_detach_prep(dentry, NULL)) {
1918 		pr_err("Tried to unregister non-empty subsystem!\n");
1919 	}
1920 	spin_unlock(&configfs_dirent_lock);
1921 	mutex_unlock(&configfs_symlink_mutex);
1922 	configfs_detach_group(&group->cg_item);
1923 	d_inode(dentry)->i_flags |= S_DEAD;
1924 	dont_mount(dentry);
1925 	fsnotify_rmdir(d_inode(root), dentry);
1926 	inode_unlock(d_inode(dentry));
1927 
1928 	d_delete(dentry);
1929 
1930 	inode_unlock(d_inode(root));
1931 
1932 	dput(dentry);
1933 
1934 	unlink_group(group);
1935 	configfs_release_fs();
1936 }
1937 
1938 EXPORT_SYMBOL(configfs_register_subsystem);
1939 EXPORT_SYMBOL(configfs_unregister_subsystem);
1940