1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Directory notifications for Linux. 4 * 5 * Copyright (C) 2000,2001,2002 Stephen Rothwell 6 * 7 * Copyright (C) 2009 Eric Paris <Red Hat Inc> 8 * dnotify was largly rewritten to use the new fsnotify infrastructure 9 */ 10 #include <linux/fs.h> 11 #include <linux/module.h> 12 #include <linux/sched.h> 13 #include <linux/sched/signal.h> 14 #include <linux/dnotify.h> 15 #include <linux/init.h> 16 #include <linux/security.h> 17 #include <linux/spinlock.h> 18 #include <linux/slab.h> 19 #include <linux/fdtable.h> 20 #include <linux/fsnotify_backend.h> 21 22 int dir_notify_enable __read_mostly = 1; 23 24 static struct kmem_cache *dnotify_struct_cache __read_mostly; 25 static struct kmem_cache *dnotify_mark_cache __read_mostly; 26 static struct fsnotify_group *dnotify_group __read_mostly; 27 28 /* 29 * dnotify will attach one of these to each inode (i_fsnotify_marks) which 30 * is being watched by dnotify. If multiple userspace applications are watching 31 * the same directory with dnotify their information is chained in dn 32 */ 33 struct dnotify_mark { 34 struct fsnotify_mark fsn_mark; 35 struct dnotify_struct *dn; 36 }; 37 38 /* 39 * When a process starts or stops watching an inode the set of events which 40 * dnotify cares about for that inode may change. This function runs the 41 * list of everything receiving dnotify events about this directory and calculates 42 * the set of all those events. After it updates what dnotify is interested in 43 * it calls the fsnotify function so it can update the set of all events relevant 44 * to this inode. 45 */ 46 static void dnotify_recalc_inode_mask(struct fsnotify_mark *fsn_mark) 47 { 48 __u32 new_mask = 0; 49 struct dnotify_struct *dn; 50 struct dnotify_mark *dn_mark = container_of(fsn_mark, 51 struct dnotify_mark, 52 fsn_mark); 53 54 assert_spin_locked(&fsn_mark->lock); 55 56 for (dn = dn_mark->dn; dn != NULL; dn = dn->dn_next) 57 new_mask |= (dn->dn_mask & ~FS_DN_MULTISHOT); 58 if (fsn_mark->mask == new_mask) 59 return; 60 fsn_mark->mask = new_mask; 61 62 fsnotify_recalc_mask(fsn_mark->connector); 63 } 64 65 /* 66 * Mains fsnotify call where events are delivered to dnotify. 67 * Find the dnotify mark on the relevant inode, run the list of dnotify structs 68 * on that mark and determine which of them has expressed interest in receiving 69 * events of this type. When found send the correct process and signal and 70 * destroy the dnotify struct if it was not registered to receive multiple 71 * events. 72 */ 73 static int dnotify_handle_event(struct fsnotify_group *group, 74 struct inode *inode, 75 u32 mask, const void *data, int data_type, 76 const struct qstr *file_name, u32 cookie, 77 struct fsnotify_iter_info *iter_info) 78 { 79 struct fsnotify_mark *inode_mark = fsnotify_iter_inode_mark(iter_info); 80 struct dnotify_mark *dn_mark; 81 struct dnotify_struct *dn; 82 struct dnotify_struct **prev; 83 struct fown_struct *fown; 84 __u32 test_mask = mask & ~FS_EVENT_ON_CHILD; 85 86 /* not a dir, dnotify doesn't care */ 87 if (!S_ISDIR(inode->i_mode)) 88 return 0; 89 90 if (WARN_ON(fsnotify_iter_vfsmount_mark(iter_info))) 91 return 0; 92 93 dn_mark = container_of(inode_mark, struct dnotify_mark, fsn_mark); 94 95 spin_lock(&inode_mark->lock); 96 prev = &dn_mark->dn; 97 while ((dn = *prev) != NULL) { 98 if ((dn->dn_mask & test_mask) == 0) { 99 prev = &dn->dn_next; 100 continue; 101 } 102 fown = &dn->dn_filp->f_owner; 103 send_sigio(fown, dn->dn_fd, POLL_MSG); 104 if (dn->dn_mask & FS_DN_MULTISHOT) 105 prev = &dn->dn_next; 106 else { 107 *prev = dn->dn_next; 108 kmem_cache_free(dnotify_struct_cache, dn); 109 dnotify_recalc_inode_mask(inode_mark); 110 } 111 } 112 113 spin_unlock(&inode_mark->lock); 114 115 return 0; 116 } 117 118 static void dnotify_free_mark(struct fsnotify_mark *fsn_mark) 119 { 120 struct dnotify_mark *dn_mark = container_of(fsn_mark, 121 struct dnotify_mark, 122 fsn_mark); 123 124 BUG_ON(dn_mark->dn); 125 126 kmem_cache_free(dnotify_mark_cache, dn_mark); 127 } 128 129 static const struct fsnotify_ops dnotify_fsnotify_ops = { 130 .handle_event = dnotify_handle_event, 131 .free_mark = dnotify_free_mark, 132 }; 133 134 /* 135 * Called every time a file is closed. Looks first for a dnotify mark on the 136 * inode. If one is found run all of the ->dn structures attached to that 137 * mark for one relevant to this process closing the file and remove that 138 * dnotify_struct. If that was the last dnotify_struct also remove the 139 * fsnotify_mark. 140 */ 141 void dnotify_flush(struct file *filp, fl_owner_t id) 142 { 143 struct fsnotify_mark *fsn_mark; 144 struct dnotify_mark *dn_mark; 145 struct dnotify_struct *dn; 146 struct dnotify_struct **prev; 147 struct inode *inode; 148 bool free = false; 149 150 inode = file_inode(filp); 151 if (!S_ISDIR(inode->i_mode)) 152 return; 153 154 fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, dnotify_group); 155 if (!fsn_mark) 156 return; 157 dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark); 158 159 mutex_lock(&dnotify_group->mark_mutex); 160 161 spin_lock(&fsn_mark->lock); 162 prev = &dn_mark->dn; 163 while ((dn = *prev) != NULL) { 164 if ((dn->dn_owner == id) && (dn->dn_filp == filp)) { 165 *prev = dn->dn_next; 166 kmem_cache_free(dnotify_struct_cache, dn); 167 dnotify_recalc_inode_mask(fsn_mark); 168 break; 169 } 170 prev = &dn->dn_next; 171 } 172 173 spin_unlock(&fsn_mark->lock); 174 175 /* nothing else could have found us thanks to the dnotify_groups 176 mark_mutex */ 177 if (dn_mark->dn == NULL) { 178 fsnotify_detach_mark(fsn_mark); 179 free = true; 180 } 181 182 mutex_unlock(&dnotify_group->mark_mutex); 183 184 if (free) 185 fsnotify_free_mark(fsn_mark); 186 fsnotify_put_mark(fsn_mark); 187 } 188 189 /* this conversion is done only at watch creation */ 190 static __u32 convert_arg(unsigned long arg) 191 { 192 __u32 new_mask = FS_EVENT_ON_CHILD; 193 194 if (arg & DN_MULTISHOT) 195 new_mask |= FS_DN_MULTISHOT; 196 if (arg & DN_DELETE) 197 new_mask |= (FS_DELETE | FS_MOVED_FROM); 198 if (arg & DN_MODIFY) 199 new_mask |= FS_MODIFY; 200 if (arg & DN_ACCESS) 201 new_mask |= FS_ACCESS; 202 if (arg & DN_ATTRIB) 203 new_mask |= FS_ATTRIB; 204 if (arg & DN_RENAME) 205 new_mask |= FS_DN_RENAME; 206 if (arg & DN_CREATE) 207 new_mask |= (FS_CREATE | FS_MOVED_TO); 208 209 return new_mask; 210 } 211 212 /* 213 * If multiple processes watch the same inode with dnotify there is only one 214 * dnotify mark in inode->i_fsnotify_marks but we chain a dnotify_struct 215 * onto that mark. This function either attaches the new dnotify_struct onto 216 * that list, or it |= the mask onto an existing dnofiy_struct. 217 */ 218 static int attach_dn(struct dnotify_struct *dn, struct dnotify_mark *dn_mark, 219 fl_owner_t id, int fd, struct file *filp, __u32 mask) 220 { 221 struct dnotify_struct *odn; 222 223 odn = dn_mark->dn; 224 while (odn != NULL) { 225 /* adding more events to existing dnofiy_struct? */ 226 if ((odn->dn_owner == id) && (odn->dn_filp == filp)) { 227 odn->dn_fd = fd; 228 odn->dn_mask |= mask; 229 return -EEXIST; 230 } 231 odn = odn->dn_next; 232 } 233 234 dn->dn_mask = mask; 235 dn->dn_fd = fd; 236 dn->dn_filp = filp; 237 dn->dn_owner = id; 238 dn->dn_next = dn_mark->dn; 239 dn_mark->dn = dn; 240 241 return 0; 242 } 243 244 /* 245 * When a process calls fcntl to attach a dnotify watch to a directory it ends 246 * up here. Allocate both a mark for fsnotify to add and a dnotify_struct to be 247 * attached to the fsnotify_mark. 248 */ 249 int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg) 250 { 251 struct dnotify_mark *new_dn_mark, *dn_mark; 252 struct fsnotify_mark *new_fsn_mark, *fsn_mark; 253 struct dnotify_struct *dn; 254 struct inode *inode; 255 fl_owner_t id = current->files; 256 struct file *f; 257 int destroy = 0, error = 0; 258 __u32 mask; 259 260 /* we use these to tell if we need to kfree */ 261 new_fsn_mark = NULL; 262 dn = NULL; 263 264 if (!dir_notify_enable) { 265 error = -EINVAL; 266 goto out_err; 267 } 268 269 /* a 0 mask means we are explicitly removing the watch */ 270 if ((arg & ~DN_MULTISHOT) == 0) { 271 dnotify_flush(filp, id); 272 error = 0; 273 goto out_err; 274 } 275 276 /* dnotify only works on directories */ 277 inode = file_inode(filp); 278 if (!S_ISDIR(inode->i_mode)) { 279 error = -ENOTDIR; 280 goto out_err; 281 } 282 283 /* 284 * convert the userspace DN_* "arg" to the internal FS_* 285 * defined in fsnotify 286 */ 287 mask = convert_arg(arg); 288 289 error = security_path_notify(&filp->f_path, mask, 290 FSNOTIFY_OBJ_TYPE_INODE); 291 if (error) 292 goto out_err; 293 294 /* expect most fcntl to add new rather than augment old */ 295 dn = kmem_cache_alloc(dnotify_struct_cache, GFP_KERNEL); 296 if (!dn) { 297 error = -ENOMEM; 298 goto out_err; 299 } 300 301 /* new fsnotify mark, we expect most fcntl calls to add a new mark */ 302 new_dn_mark = kmem_cache_alloc(dnotify_mark_cache, GFP_KERNEL); 303 if (!new_dn_mark) { 304 error = -ENOMEM; 305 goto out_err; 306 } 307 308 /* set up the new_fsn_mark and new_dn_mark */ 309 new_fsn_mark = &new_dn_mark->fsn_mark; 310 fsnotify_init_mark(new_fsn_mark, dnotify_group); 311 new_fsn_mark->mask = mask; 312 new_dn_mark->dn = NULL; 313 314 /* this is needed to prevent the fcntl/close race described below */ 315 mutex_lock(&dnotify_group->mark_mutex); 316 317 /* add the new_fsn_mark or find an old one. */ 318 fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, dnotify_group); 319 if (fsn_mark) { 320 dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark); 321 spin_lock(&fsn_mark->lock); 322 } else { 323 error = fsnotify_add_inode_mark_locked(new_fsn_mark, inode, 0); 324 if (error) { 325 mutex_unlock(&dnotify_group->mark_mutex); 326 goto out_err; 327 } 328 spin_lock(&new_fsn_mark->lock); 329 fsn_mark = new_fsn_mark; 330 dn_mark = new_dn_mark; 331 /* we used new_fsn_mark, so don't free it */ 332 new_fsn_mark = NULL; 333 } 334 335 rcu_read_lock(); 336 f = fcheck(fd); 337 rcu_read_unlock(); 338 339 /* if (f != filp) means that we lost a race and another task/thread 340 * actually closed the fd we are still playing with before we grabbed 341 * the dnotify_groups mark_mutex and fsn_mark->lock. Since closing the 342 * fd is the only time we clean up the marks we need to get our mark 343 * off the list. */ 344 if (f != filp) { 345 /* if we added ourselves, shoot ourselves, it's possible that 346 * the flush actually did shoot this fsn_mark. That's fine too 347 * since multiple calls to destroy_mark is perfectly safe, if 348 * we found a dn_mark already attached to the inode, just sod 349 * off silently as the flush at close time dealt with it. 350 */ 351 if (dn_mark == new_dn_mark) 352 destroy = 1; 353 error = 0; 354 goto out; 355 } 356 357 __f_setown(filp, task_pid(current), PIDTYPE_TGID, 0); 358 359 error = attach_dn(dn, dn_mark, id, fd, filp, mask); 360 /* !error means that we attached the dn to the dn_mark, so don't free it */ 361 if (!error) 362 dn = NULL; 363 /* -EEXIST means that we didn't add this new dn and used an old one. 364 * that isn't an error (and the unused dn should be freed) */ 365 else if (error == -EEXIST) 366 error = 0; 367 368 dnotify_recalc_inode_mask(fsn_mark); 369 out: 370 spin_unlock(&fsn_mark->lock); 371 372 if (destroy) 373 fsnotify_detach_mark(fsn_mark); 374 mutex_unlock(&dnotify_group->mark_mutex); 375 if (destroy) 376 fsnotify_free_mark(fsn_mark); 377 fsnotify_put_mark(fsn_mark); 378 out_err: 379 if (new_fsn_mark) 380 fsnotify_put_mark(new_fsn_mark); 381 if (dn) 382 kmem_cache_free(dnotify_struct_cache, dn); 383 return error; 384 } 385 386 static int __init dnotify_init(void) 387 { 388 dnotify_struct_cache = KMEM_CACHE(dnotify_struct, 389 SLAB_PANIC|SLAB_ACCOUNT); 390 dnotify_mark_cache = KMEM_CACHE(dnotify_mark, SLAB_PANIC|SLAB_ACCOUNT); 391 392 dnotify_group = fsnotify_alloc_group(&dnotify_fsnotify_ops); 393 if (IS_ERR(dnotify_group)) 394 panic("unable to allocate fsnotify group for dnotify\n"); 395 return 0; 396 } 397 398 module_init(dnotify_init) 399