[PATCH] wrong error path in dup_fd() leading to oopses in RCU
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / inotify.c
blob367c487c014b6f62db3c04811ad56e3bec4cc0df
1 /*
2 * fs/inotify.c - inode-based file event notifications
4 * Authors:
5 * John McCutchan <ttb@tentacle.dhs.org>
6 * Robert Love <rml@novell.com>
8 * Copyright (C) 2005 John McCutchan
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the
12 * Free Software Foundation; either version 2, or (at your option) any
13 * later version.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
21 #include <linux/module.h>
22 #include <linux/kernel.h>
23 #include <linux/sched.h>
24 #include <linux/spinlock.h>
25 #include <linux/idr.h>
26 #include <linux/slab.h>
27 #include <linux/fs.h>
28 #include <linux/file.h>
29 #include <linux/mount.h>
30 #include <linux/namei.h>
31 #include <linux/poll.h>
32 #include <linux/init.h>
33 #include <linux/list.h>
34 #include <linux/writeback.h>
35 #include <linux/inotify.h>
36 #include <linux/syscalls.h>
38 #include <asm/ioctls.h>
40 static atomic_t inotify_cookie;
42 static kmem_cache_t *watch_cachep __read_mostly;
43 static kmem_cache_t *event_cachep __read_mostly;
45 static struct vfsmount *inotify_mnt __read_mostly;
47 /* these are configurable via /proc/sys/fs/inotify/ */
48 int inotify_max_user_instances __read_mostly;
49 int inotify_max_user_watches __read_mostly;
50 int inotify_max_queued_events __read_mostly;
53 * Lock ordering:
55 * dentry->d_lock (used to keep d_move() away from dentry->d_parent)
56 * iprune_mutex (synchronize shrink_icache_memory())
57 * inode_lock (protects the super_block->s_inodes list)
58 * inode->inotify_mutex (protects inode->inotify_watches and watches->i_list)
59 * inotify_dev->mutex (protects inotify_device and watches->d_list)
63 * Lifetimes of the three main data structures--inotify_device, inode, and
64 * inotify_watch--are managed by reference count.
66 * inotify_device: Lifetime is from inotify_init() until release. Additional
67 * references can bump the count via get_inotify_dev() and drop the count via
68 * put_inotify_dev().
70 * inotify_watch: Lifetime is from create_watch() to destory_watch().
71 * Additional references can bump the count via get_inotify_watch() and drop
72 * the count via put_inotify_watch().
74 * inode: Pinned so long as the inode is associated with a watch, from
75 * create_watch() to put_inotify_watch().
79 * struct inotify_device - represents an inotify instance
81 * This structure is protected by the mutex 'mutex'.
83 struct inotify_device {
84 wait_queue_head_t wq; /* wait queue for i/o */
85 struct idr idr; /* idr mapping wd -> watch */
86 struct mutex mutex; /* protects this bad boy */
87 struct list_head events; /* list of queued events */
88 struct list_head watches; /* list of watches */
89 atomic_t count; /* reference count */
90 struct user_struct *user; /* user who opened this dev */
91 unsigned int queue_size; /* size of the queue (bytes) */
92 unsigned int event_count; /* number of pending events */
93 unsigned int max_events; /* maximum number of events */
94 u32 last_wd; /* the last wd allocated */
98 * struct inotify_kernel_event - An inotify event, originating from a watch and
99 * queued for user-space. A list of these is attached to each instance of the
100 * device. In read(), this list is walked and all events that can fit in the
101 * buffer are returned.
103 * Protected by dev->mutex of the device in which we are queued.
105 struct inotify_kernel_event {
106 struct inotify_event event; /* the user-space event */
107 struct list_head list; /* entry in inotify_device's list */
108 char *name; /* filename, if any */
112 * struct inotify_watch - represents a watch request on a specific inode
114 * d_list is protected by dev->mutex of the associated watch->dev.
115 * i_list and mask are protected by inode->inotify_mutex of the associated inode.
116 * dev, inode, and wd are never written to once the watch is created.
118 struct inotify_watch {
119 struct list_head d_list; /* entry in inotify_device's list */
120 struct list_head i_list; /* entry in inode's list */
121 atomic_t count; /* reference count */
122 struct inotify_device *dev; /* associated device */
123 struct inode *inode; /* associated inode */
124 s32 wd; /* watch descriptor */
125 u32 mask; /* event mask for this watch */
128 #ifdef CONFIG_SYSCTL
130 #include <linux/sysctl.h>
132 static int zero;
134 ctl_table inotify_table[] = {
136 .ctl_name = INOTIFY_MAX_USER_INSTANCES,
137 .procname = "max_user_instances",
138 .data = &inotify_max_user_instances,
139 .maxlen = sizeof(int),
140 .mode = 0644,
141 .proc_handler = &proc_dointvec_minmax,
142 .strategy = &sysctl_intvec,
143 .extra1 = &zero,
146 .ctl_name = INOTIFY_MAX_USER_WATCHES,
147 .procname = "max_user_watches",
148 .data = &inotify_max_user_watches,
149 .maxlen = sizeof(int),
150 .mode = 0644,
151 .proc_handler = &proc_dointvec_minmax,
152 .strategy = &sysctl_intvec,
153 .extra1 = &zero,
156 .ctl_name = INOTIFY_MAX_QUEUED_EVENTS,
157 .procname = "max_queued_events",
158 .data = &inotify_max_queued_events,
159 .maxlen = sizeof(int),
160 .mode = 0644,
161 .proc_handler = &proc_dointvec_minmax,
162 .strategy = &sysctl_intvec,
163 .extra1 = &zero
165 { .ctl_name = 0 }
167 #endif /* CONFIG_SYSCTL */
169 static inline void get_inotify_dev(struct inotify_device *dev)
171 atomic_inc(&dev->count);
174 static inline void put_inotify_dev(struct inotify_device *dev)
176 if (atomic_dec_and_test(&dev->count)) {
177 atomic_dec(&dev->user->inotify_devs);
178 free_uid(dev->user);
179 idr_destroy(&dev->idr);
180 kfree(dev);
184 static inline void get_inotify_watch(struct inotify_watch *watch)
186 atomic_inc(&watch->count);
190 * put_inotify_watch - decrements the ref count on a given watch. cleans up
191 * the watch and its references if the count reaches zero.
193 static inline void put_inotify_watch(struct inotify_watch *watch)
195 if (atomic_dec_and_test(&watch->count)) {
196 put_inotify_dev(watch->dev);
197 iput(watch->inode);
198 kmem_cache_free(watch_cachep, watch);
203 * kernel_event - create a new kernel event with the given parameters
205 * This function can sleep.
207 static struct inotify_kernel_event * kernel_event(s32 wd, u32 mask, u32 cookie,
208 const char *name)
210 struct inotify_kernel_event *kevent;
212 kevent = kmem_cache_alloc(event_cachep, GFP_KERNEL);
213 if (unlikely(!kevent))
214 return NULL;
216 /* we hand this out to user-space, so zero it just in case */
217 memset(&kevent->event, 0, sizeof(struct inotify_event));
219 kevent->event.wd = wd;
220 kevent->event.mask = mask;
221 kevent->event.cookie = cookie;
223 INIT_LIST_HEAD(&kevent->list);
225 if (name) {
226 size_t len, rem, event_size = sizeof(struct inotify_event);
229 * We need to pad the filename so as to properly align an
230 * array of inotify_event structures. Because the structure is
231 * small and the common case is a small filename, we just round
232 * up to the next multiple of the structure's sizeof. This is
233 * simple and safe for all architectures.
235 len = strlen(name) + 1;
236 rem = event_size - len;
237 if (len > event_size) {
238 rem = event_size - (len % event_size);
239 if (len % event_size == 0)
240 rem = 0;
243 kevent->name = kmalloc(len + rem, GFP_KERNEL);
244 if (unlikely(!kevent->name)) {
245 kmem_cache_free(event_cachep, kevent);
246 return NULL;
248 memcpy(kevent->name, name, len);
249 if (rem)
250 memset(kevent->name + len, 0, rem);
251 kevent->event.len = len + rem;
252 } else {
253 kevent->event.len = 0;
254 kevent->name = NULL;
257 return kevent;
261 * inotify_dev_get_event - return the next event in the given dev's queue
263 * Caller must hold dev->mutex.
265 static inline struct inotify_kernel_event *
266 inotify_dev_get_event(struct inotify_device *dev)
268 return list_entry(dev->events.next, struct inotify_kernel_event, list);
272 * inotify_dev_queue_event - add a new event to the given device
274 * Caller must hold dev->mutex. Can sleep (calls kernel_event()).
276 static void inotify_dev_queue_event(struct inotify_device *dev,
277 struct inotify_watch *watch, u32 mask,
278 u32 cookie, const char *name)
280 struct inotify_kernel_event *kevent, *last;
282 /* coalescing: drop this event if it is a dupe of the previous */
283 last = inotify_dev_get_event(dev);
284 if (last && last->event.mask == mask && last->event.wd == watch->wd &&
285 last->event.cookie == cookie) {
286 const char *lastname = last->name;
288 if (!name && !lastname)
289 return;
290 if (name && lastname && !strcmp(lastname, name))
291 return;
294 /* the queue overflowed and we already sent the Q_OVERFLOW event */
295 if (unlikely(dev->event_count > dev->max_events))
296 return;
298 /* if the queue overflows, we need to notify user space */
299 if (unlikely(dev->event_count == dev->max_events))
300 kevent = kernel_event(-1, IN_Q_OVERFLOW, cookie, NULL);
301 else
302 kevent = kernel_event(watch->wd, mask, cookie, name);
304 if (unlikely(!kevent))
305 return;
307 /* queue the event and wake up anyone waiting */
308 dev->event_count++;
309 dev->queue_size += sizeof(struct inotify_event) + kevent->event.len;
310 list_add_tail(&kevent->list, &dev->events);
311 wake_up_interruptible(&dev->wq);
315 * remove_kevent - cleans up and ultimately frees the given kevent
317 * Caller must hold dev->mutex.
319 static void remove_kevent(struct inotify_device *dev,
320 struct inotify_kernel_event *kevent)
322 list_del(&kevent->list);
324 dev->event_count--;
325 dev->queue_size -= sizeof(struct inotify_event) + kevent->event.len;
327 kfree(kevent->name);
328 kmem_cache_free(event_cachep, kevent);
332 * inotify_dev_event_dequeue - destroy an event on the given device
334 * Caller must hold dev->mutex.
336 static void inotify_dev_event_dequeue(struct inotify_device *dev)
338 if (!list_empty(&dev->events)) {
339 struct inotify_kernel_event *kevent;
340 kevent = inotify_dev_get_event(dev);
341 remove_kevent(dev, kevent);
346 * inotify_dev_get_wd - returns the next WD for use by the given dev
348 * Callers must hold dev->mutex. This function can sleep.
350 static int inotify_dev_get_wd(struct inotify_device *dev,
351 struct inotify_watch *watch)
353 int ret;
355 do {
356 if (unlikely(!idr_pre_get(&dev->idr, GFP_KERNEL)))
357 return -ENOSPC;
358 ret = idr_get_new_above(&dev->idr, watch, dev->last_wd+1, &watch->wd);
359 } while (ret == -EAGAIN);
361 return ret;
365 * find_inode - resolve a user-given path to a specific inode and return a nd
367 static int find_inode(const char __user *dirname, struct nameidata *nd,
368 unsigned flags)
370 int error;
372 error = __user_walk(dirname, flags, nd);
373 if (error)
374 return error;
375 /* you can only watch an inode if you have read permissions on it */
376 error = vfs_permission(nd, MAY_READ);
377 if (error)
378 path_release(nd);
379 return error;
383 * inotify_inode_watched - returns nonzero if there are watches on this inode
384 * and zero otherwise. We call this lockless, we do not care if we race.
386 static inline int inotify_inode_watched(struct inode *inode)
388 return !list_empty(&inode->inotify_watches);
392 * Get child dentry flag into synch with parent inode.
393 * Flag should always be clear for negative dentrys.
395 static void set_dentry_child_flags(struct inode *inode, int watched)
397 struct dentry *alias;
399 spin_lock(&dcache_lock);
400 list_for_each_entry(alias, &inode->i_dentry, d_alias) {
401 struct dentry *child;
403 list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) {
404 if (!child->d_inode) {
405 WARN_ON(child->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
406 continue;
408 spin_lock(&child->d_lock);
409 if (watched) {
410 WARN_ON(child->d_flags &
411 DCACHE_INOTIFY_PARENT_WATCHED);
412 child->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
413 } else {
414 WARN_ON(!(child->d_flags &
415 DCACHE_INOTIFY_PARENT_WATCHED));
416 child->d_flags&=~DCACHE_INOTIFY_PARENT_WATCHED;
418 spin_unlock(&child->d_lock);
421 spin_unlock(&dcache_lock);
425 * create_watch - creates a watch on the given device.
427 * Callers must hold dev->mutex. Calls inotify_dev_get_wd() so may sleep.
428 * Both 'dev' and 'inode' (by way of nameidata) need to be pinned.
430 static struct inotify_watch *create_watch(struct inotify_device *dev,
431 u32 mask, struct inode *inode)
433 struct inotify_watch *watch;
434 int ret;
436 if (atomic_read(&dev->user->inotify_watches) >=
437 inotify_max_user_watches)
438 return ERR_PTR(-ENOSPC);
440 watch = kmem_cache_alloc(watch_cachep, GFP_KERNEL);
441 if (unlikely(!watch))
442 return ERR_PTR(-ENOMEM);
444 ret = inotify_dev_get_wd(dev, watch);
445 if (unlikely(ret)) {
446 kmem_cache_free(watch_cachep, watch);
447 return ERR_PTR(ret);
450 dev->last_wd = watch->wd;
451 watch->mask = mask;
452 atomic_set(&watch->count, 0);
453 INIT_LIST_HEAD(&watch->d_list);
454 INIT_LIST_HEAD(&watch->i_list);
456 /* save a reference to device and bump the count to make it official */
457 get_inotify_dev(dev);
458 watch->dev = dev;
461 * Save a reference to the inode and bump the ref count to make it
462 * official. We hold a reference to nameidata, which makes this safe.
464 watch->inode = igrab(inode);
466 /* bump our own count, corresponding to our entry in dev->watches */
467 get_inotify_watch(watch);
469 atomic_inc(&dev->user->inotify_watches);
471 return watch;
475 * inotify_find_dev - find the watch associated with the given inode and dev
477 * Callers must hold inode->inotify_mutex.
479 static struct inotify_watch *inode_find_dev(struct inode *inode,
480 struct inotify_device *dev)
482 struct inotify_watch *watch;
484 list_for_each_entry(watch, &inode->inotify_watches, i_list) {
485 if (watch->dev == dev)
486 return watch;
489 return NULL;
493 * remove_watch_no_event - remove_watch() without the IN_IGNORED event.
495 static void remove_watch_no_event(struct inotify_watch *watch,
496 struct inotify_device *dev)
498 list_del(&watch->i_list);
499 list_del(&watch->d_list);
501 if (!inotify_inode_watched(watch->inode))
502 set_dentry_child_flags(watch->inode, 0);
504 atomic_dec(&dev->user->inotify_watches);
505 idr_remove(&dev->idr, watch->wd);
506 put_inotify_watch(watch);
510 * remove_watch - Remove a watch from both the device and the inode. Sends
511 * the IN_IGNORED event to the given device signifying that the inode is no
512 * longer watched.
514 * Callers must hold both inode->inotify_mutex and dev->mutex. We drop a
515 * reference to the inode before returning.
517 * The inode is not iput() so as to remain atomic. If the inode needs to be
518 * iput(), the call returns one. Otherwise, it returns zero.
520 static void remove_watch(struct inotify_watch *watch,struct inotify_device *dev)
522 inotify_dev_queue_event(dev, watch, IN_IGNORED, 0, NULL);
523 remove_watch_no_event(watch, dev);
526 /* Kernel API */
529 * inotify_d_instantiate - instantiate dcache entry for inode
531 void inotify_d_instantiate(struct dentry *entry, struct inode *inode)
533 struct dentry *parent;
535 if (!inode)
536 return;
538 WARN_ON(entry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
539 spin_lock(&entry->d_lock);
540 parent = entry->d_parent;
541 if (inotify_inode_watched(parent->d_inode))
542 entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
543 spin_unlock(&entry->d_lock);
547 * inotify_d_move - dcache entry has been moved
549 void inotify_d_move(struct dentry *entry)
551 struct dentry *parent;
553 parent = entry->d_parent;
554 if (inotify_inode_watched(parent->d_inode))
555 entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
556 else
557 entry->d_flags &= ~DCACHE_INOTIFY_PARENT_WATCHED;
561 * inotify_inode_queue_event - queue an event to all watches on this inode
562 * @inode: inode event is originating from
563 * @mask: event mask describing this event
564 * @cookie: cookie for synchronization, or zero
565 * @name: filename, if any
567 void inotify_inode_queue_event(struct inode *inode, u32 mask, u32 cookie,
568 const char *name)
570 struct inotify_watch *watch, *next;
572 if (!inotify_inode_watched(inode))
573 return;
575 mutex_lock(&inode->inotify_mutex);
576 list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) {
577 u32 watch_mask = watch->mask;
578 if (watch_mask & mask) {
579 struct inotify_device *dev = watch->dev;
580 get_inotify_watch(watch);
581 mutex_lock(&dev->mutex);
582 inotify_dev_queue_event(dev, watch, mask, cookie, name);
583 if (watch_mask & IN_ONESHOT)
584 remove_watch_no_event(watch, dev);
585 mutex_unlock(&dev->mutex);
586 put_inotify_watch(watch);
589 mutex_unlock(&inode->inotify_mutex);
591 EXPORT_SYMBOL_GPL(inotify_inode_queue_event);
594 * inotify_dentry_parent_queue_event - queue an event to a dentry's parent
595 * @dentry: the dentry in question, we queue against this dentry's parent
596 * @mask: event mask describing this event
597 * @cookie: cookie for synchronization, or zero
598 * @name: filename, if any
600 void inotify_dentry_parent_queue_event(struct dentry *dentry, u32 mask,
601 u32 cookie, const char *name)
603 struct dentry *parent;
604 struct inode *inode;
606 if (!(dentry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED))
607 return;
609 spin_lock(&dentry->d_lock);
610 parent = dentry->d_parent;
611 inode = parent->d_inode;
613 if (inotify_inode_watched(inode)) {
614 dget(parent);
615 spin_unlock(&dentry->d_lock);
616 inotify_inode_queue_event(inode, mask, cookie, name);
617 dput(parent);
618 } else
619 spin_unlock(&dentry->d_lock);
621 EXPORT_SYMBOL_GPL(inotify_dentry_parent_queue_event);
624 * inotify_get_cookie - return a unique cookie for use in synchronizing events.
626 u32 inotify_get_cookie(void)
628 return atomic_inc_return(&inotify_cookie);
630 EXPORT_SYMBOL_GPL(inotify_get_cookie);
633 * inotify_unmount_inodes - an sb is unmounting. handle any watched inodes.
634 * @list: list of inodes being unmounted (sb->s_inodes)
636 * Called with inode_lock held, protecting the unmounting super block's list
637 * of inodes, and with iprune_mutex held, keeping shrink_icache_memory() at bay.
638 * We temporarily drop inode_lock, however, and CAN block.
640 void inotify_unmount_inodes(struct list_head *list)
642 struct inode *inode, *next_i, *need_iput = NULL;
644 list_for_each_entry_safe(inode, next_i, list, i_sb_list) {
645 struct inotify_watch *watch, *next_w;
646 struct inode *need_iput_tmp;
647 struct list_head *watches;
650 * If i_count is zero, the inode cannot have any watches and
651 * doing an __iget/iput with MS_ACTIVE clear would actually
652 * evict all inodes with zero i_count from icache which is
653 * unnecessarily violent and may in fact be illegal to do.
655 if (!atomic_read(&inode->i_count))
656 continue;
659 * We cannot __iget() an inode in state I_CLEAR, I_FREEING, or
660 * I_WILL_FREE which is fine because by that point the inode
661 * cannot have any associated watches.
663 if (inode->i_state & (I_CLEAR | I_FREEING | I_WILL_FREE))
664 continue;
666 need_iput_tmp = need_iput;
667 need_iput = NULL;
668 /* In case the remove_watch() drops a reference. */
669 if (inode != need_iput_tmp)
670 __iget(inode);
671 else
672 need_iput_tmp = NULL;
673 /* In case the dropping of a reference would nuke next_i. */
674 if ((&next_i->i_sb_list != list) &&
675 atomic_read(&next_i->i_count) &&
676 !(next_i->i_state & (I_CLEAR | I_FREEING |
677 I_WILL_FREE))) {
678 __iget(next_i);
679 need_iput = next_i;
683 * We can safely drop inode_lock here because we hold
684 * references on both inode and next_i. Also no new inodes
685 * will be added since the umount has begun. Finally,
686 * iprune_mutex keeps shrink_icache_memory() away.
688 spin_unlock(&inode_lock);
690 if (need_iput_tmp)
691 iput(need_iput_tmp);
693 /* for each watch, send IN_UNMOUNT and then remove it */
694 mutex_lock(&inode->inotify_mutex);
695 watches = &inode->inotify_watches;
696 list_for_each_entry_safe(watch, next_w, watches, i_list) {
697 struct inotify_device *dev = watch->dev;
698 mutex_lock(&dev->mutex);
699 inotify_dev_queue_event(dev, watch, IN_UNMOUNT,0,NULL);
700 remove_watch(watch, dev);
701 mutex_unlock(&dev->mutex);
703 mutex_unlock(&inode->inotify_mutex);
704 iput(inode);
706 spin_lock(&inode_lock);
709 EXPORT_SYMBOL_GPL(inotify_unmount_inodes);
712 * inotify_inode_is_dead - an inode has been deleted, cleanup any watches
713 * @inode: inode that is about to be removed
715 void inotify_inode_is_dead(struct inode *inode)
717 struct inotify_watch *watch, *next;
719 mutex_lock(&inode->inotify_mutex);
720 list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) {
721 struct inotify_device *dev = watch->dev;
722 mutex_lock(&dev->mutex);
723 remove_watch(watch, dev);
724 mutex_unlock(&dev->mutex);
726 mutex_unlock(&inode->inotify_mutex);
728 EXPORT_SYMBOL_GPL(inotify_inode_is_dead);
730 /* Device Interface */
732 static unsigned int inotify_poll(struct file *file, poll_table *wait)
734 struct inotify_device *dev = file->private_data;
735 int ret = 0;
737 poll_wait(file, &dev->wq, wait);
738 mutex_lock(&dev->mutex);
739 if (!list_empty(&dev->events))
740 ret = POLLIN | POLLRDNORM;
741 mutex_unlock(&dev->mutex);
743 return ret;
746 static ssize_t inotify_read(struct file *file, char __user *buf,
747 size_t count, loff_t *pos)
749 size_t event_size = sizeof (struct inotify_event);
750 struct inotify_device *dev;
751 char __user *start;
752 int ret;
753 DEFINE_WAIT(wait);
755 start = buf;
756 dev = file->private_data;
758 while (1) {
759 int events;
761 prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE);
763 mutex_lock(&dev->mutex);
764 events = !list_empty(&dev->events);
765 mutex_unlock(&dev->mutex);
766 if (events) {
767 ret = 0;
768 break;
771 if (file->f_flags & O_NONBLOCK) {
772 ret = -EAGAIN;
773 break;
776 if (signal_pending(current)) {
777 ret = -EINTR;
778 break;
781 schedule();
784 finish_wait(&dev->wq, &wait);
785 if (ret)
786 return ret;
788 mutex_lock(&dev->mutex);
789 while (1) {
790 struct inotify_kernel_event *kevent;
792 ret = buf - start;
793 if (list_empty(&dev->events))
794 break;
796 kevent = inotify_dev_get_event(dev);
797 if (event_size + kevent->event.len > count)
798 break;
800 if (copy_to_user(buf, &kevent->event, event_size)) {
801 ret = -EFAULT;
802 break;
804 buf += event_size;
805 count -= event_size;
807 if (kevent->name) {
808 if (copy_to_user(buf, kevent->name, kevent->event.len)){
809 ret = -EFAULT;
810 break;
812 buf += kevent->event.len;
813 count -= kevent->event.len;
816 remove_kevent(dev, kevent);
818 mutex_unlock(&dev->mutex);
820 return ret;
823 static int inotify_release(struct inode *ignored, struct file *file)
825 struct inotify_device *dev = file->private_data;
828 * Destroy all of the watches on this device. Unfortunately, not very
829 * pretty. We cannot do a simple iteration over the list, because we
830 * do not know the inode until we iterate to the watch. But we need to
831 * hold inode->inotify_mutex before dev->mutex. The following works.
833 while (1) {
834 struct inotify_watch *watch;
835 struct list_head *watches;
836 struct inode *inode;
838 mutex_lock(&dev->mutex);
839 watches = &dev->watches;
840 if (list_empty(watches)) {
841 mutex_unlock(&dev->mutex);
842 break;
844 watch = list_entry(watches->next, struct inotify_watch, d_list);
845 get_inotify_watch(watch);
846 mutex_unlock(&dev->mutex);
848 inode = watch->inode;
849 mutex_lock(&inode->inotify_mutex);
850 mutex_lock(&dev->mutex);
851 remove_watch_no_event(watch, dev);
852 mutex_unlock(&dev->mutex);
853 mutex_unlock(&inode->inotify_mutex);
854 put_inotify_watch(watch);
857 /* destroy all of the events on this device */
858 mutex_lock(&dev->mutex);
859 while (!list_empty(&dev->events))
860 inotify_dev_event_dequeue(dev);
861 mutex_unlock(&dev->mutex);
863 /* free this device: the put matching the get in inotify_init() */
864 put_inotify_dev(dev);
866 return 0;
870 * inotify_ignore - remove a given wd from this inotify instance.
872 * Can sleep.
874 static int inotify_ignore(struct inotify_device *dev, s32 wd)
876 struct inotify_watch *watch;
877 struct inode *inode;
879 mutex_lock(&dev->mutex);
880 watch = idr_find(&dev->idr, wd);
881 if (unlikely(!watch)) {
882 mutex_unlock(&dev->mutex);
883 return -EINVAL;
885 get_inotify_watch(watch);
886 inode = watch->inode;
887 mutex_unlock(&dev->mutex);
889 mutex_lock(&inode->inotify_mutex);
890 mutex_lock(&dev->mutex);
892 /* make sure that we did not race */
893 watch = idr_find(&dev->idr, wd);
894 if (likely(watch))
895 remove_watch(watch, dev);
897 mutex_unlock(&dev->mutex);
898 mutex_unlock(&inode->inotify_mutex);
899 put_inotify_watch(watch);
901 return 0;
904 static long inotify_ioctl(struct file *file, unsigned int cmd,
905 unsigned long arg)
907 struct inotify_device *dev;
908 void __user *p;
909 int ret = -ENOTTY;
911 dev = file->private_data;
912 p = (void __user *) arg;
914 switch (cmd) {
915 case FIONREAD:
916 ret = put_user(dev->queue_size, (int __user *) p);
917 break;
920 return ret;
923 static const struct file_operations inotify_fops = {
924 .poll = inotify_poll,
925 .read = inotify_read,
926 .release = inotify_release,
927 .unlocked_ioctl = inotify_ioctl,
928 .compat_ioctl = inotify_ioctl,
931 asmlinkage long sys_inotify_init(void)
933 struct inotify_device *dev;
934 struct user_struct *user;
935 struct file *filp;
936 int fd, ret;
938 fd = get_unused_fd();
939 if (fd < 0)
940 return fd;
942 filp = get_empty_filp();
943 if (!filp) {
944 ret = -ENFILE;
945 goto out_put_fd;
948 user = get_uid(current->user);
949 if (unlikely(atomic_read(&user->inotify_devs) >=
950 inotify_max_user_instances)) {
951 ret = -EMFILE;
952 goto out_free_uid;
955 dev = kmalloc(sizeof(struct inotify_device), GFP_KERNEL);
956 if (unlikely(!dev)) {
957 ret = -ENOMEM;
958 goto out_free_uid;
961 filp->f_op = &inotify_fops;
962 filp->f_vfsmnt = mntget(inotify_mnt);
963 filp->f_dentry = dget(inotify_mnt->mnt_root);
964 filp->f_mapping = filp->f_dentry->d_inode->i_mapping;
965 filp->f_mode = FMODE_READ;
966 filp->f_flags = O_RDONLY;
967 filp->private_data = dev;
969 idr_init(&dev->idr);
970 INIT_LIST_HEAD(&dev->events);
971 INIT_LIST_HEAD(&dev->watches);
972 init_waitqueue_head(&dev->wq);
973 mutex_init(&dev->mutex);
974 dev->event_count = 0;
975 dev->queue_size = 0;
976 dev->max_events = inotify_max_queued_events;
977 dev->user = user;
978 dev->last_wd = 0;
979 atomic_set(&dev->count, 0);
981 get_inotify_dev(dev);
982 atomic_inc(&user->inotify_devs);
983 fd_install(fd, filp);
985 return fd;
986 out_free_uid:
987 free_uid(user);
988 put_filp(filp);
989 out_put_fd:
990 put_unused_fd(fd);
991 return ret;
994 asmlinkage long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
996 struct inotify_watch *watch, *old;
997 struct inode *inode;
998 struct inotify_device *dev;
999 struct nameidata nd;
1000 struct file *filp;
1001 int ret, fput_needed;
1002 int mask_add = 0;
1003 unsigned flags = 0;
1005 filp = fget_light(fd, &fput_needed);
1006 if (unlikely(!filp))
1007 return -EBADF;
1009 /* verify that this is indeed an inotify instance */
1010 if (unlikely(filp->f_op != &inotify_fops)) {
1011 ret = -EINVAL;
1012 goto fput_and_out;
1015 if (!(mask & IN_DONT_FOLLOW))
1016 flags |= LOOKUP_FOLLOW;
1017 if (mask & IN_ONLYDIR)
1018 flags |= LOOKUP_DIRECTORY;
1020 ret = find_inode(path, &nd, flags);
1021 if (unlikely(ret))
1022 goto fput_and_out;
1024 /* inode held in place by reference to nd; dev by fget on fd */
1025 inode = nd.dentry->d_inode;
1026 dev = filp->private_data;
1028 mutex_lock(&inode->inotify_mutex);
1029 mutex_lock(&dev->mutex);
1031 if (mask & IN_MASK_ADD)
1032 mask_add = 1;
1034 /* don't let user-space set invalid bits: we don't want flags set */
1035 mask &= IN_ALL_EVENTS | IN_ONESHOT;
1036 if (unlikely(!mask)) {
1037 ret = -EINVAL;
1038 goto out;
1042 * Handle the case of re-adding a watch on an (inode,dev) pair that we
1043 * are already watching. We just update the mask and return its wd.
1045 old = inode_find_dev(inode, dev);
1046 if (unlikely(old)) {
1047 if (mask_add)
1048 old->mask |= mask;
1049 else
1050 old->mask = mask;
1051 ret = old->wd;
1052 goto out;
1055 watch = create_watch(dev, mask, inode);
1056 if (unlikely(IS_ERR(watch))) {
1057 ret = PTR_ERR(watch);
1058 goto out;
1061 if (!inotify_inode_watched(inode))
1062 set_dentry_child_flags(inode, 1);
1064 /* Add the watch to the device's and the inode's list */
1065 list_add(&watch->d_list, &dev->watches);
1066 list_add(&watch->i_list, &inode->inotify_watches);
1067 ret = watch->wd;
1068 out:
1069 mutex_unlock(&dev->mutex);
1070 mutex_unlock(&inode->inotify_mutex);
1071 path_release(&nd);
1072 fput_and_out:
1073 fput_light(filp, fput_needed);
1074 return ret;
1077 asmlinkage long sys_inotify_rm_watch(int fd, u32 wd)
1079 struct file *filp;
1080 struct inotify_device *dev;
1081 int ret, fput_needed;
1083 filp = fget_light(fd, &fput_needed);
1084 if (unlikely(!filp))
1085 return -EBADF;
1087 /* verify that this is indeed an inotify instance */
1088 if (unlikely(filp->f_op != &inotify_fops)) {
1089 ret = -EINVAL;
1090 goto out;
1093 dev = filp->private_data;
1094 ret = inotify_ignore(dev, wd);
1096 out:
1097 fput_light(filp, fput_needed);
1098 return ret;
1101 static struct super_block *
1102 inotify_get_sb(struct file_system_type *fs_type, int flags,
1103 const char *dev_name, void *data)
1105 return get_sb_pseudo(fs_type, "inotify", NULL, 0xBAD1DEA);
1108 static struct file_system_type inotify_fs_type = {
1109 .name = "inotifyfs",
1110 .get_sb = inotify_get_sb,
1111 .kill_sb = kill_anon_super,
1115 * inotify_setup - Our initialization function. Note that we cannnot return
1116 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
1117 * must result in panic().
1119 static int __init inotify_setup(void)
1121 int ret;
1123 ret = register_filesystem(&inotify_fs_type);
1124 if (unlikely(ret))
1125 panic("inotify: register_filesystem returned %d!\n", ret);
1127 inotify_mnt = kern_mount(&inotify_fs_type);
1128 if (IS_ERR(inotify_mnt))
1129 panic("inotify: kern_mount ret %ld!\n", PTR_ERR(inotify_mnt));
1131 inotify_max_queued_events = 16384;
1132 inotify_max_user_instances = 128;
1133 inotify_max_user_watches = 8192;
1135 atomic_set(&inotify_cookie, 0);
1137 watch_cachep = kmem_cache_create("inotify_watch_cache",
1138 sizeof(struct inotify_watch),
1139 0, SLAB_PANIC, NULL, NULL);
1140 event_cachep = kmem_cache_create("inotify_event_cache",
1141 sizeof(struct inotify_kernel_event),
1142 0, SLAB_PANIC, NULL, NULL);
1144 return 0;
1147 module_init(inotify_setup);