[PATCH] uml: prevent umid theft
[linux-2.6/mini2440.git] / fs / file_table.c
blobbcea1998b4de48b56fed18334159c34b2559d6c5
1 /*
2 * linux/fs/file_table.c
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 * Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu)
6 */
8 #include <linux/config.h>
9 #include <linux/string.h>
10 #include <linux/slab.h>
11 #include <linux/file.h>
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/smp_lock.h>
15 #include <linux/fs.h>
16 #include <linux/security.h>
17 #include <linux/eventpoll.h>
18 #include <linux/rcupdate.h>
19 #include <linux/mount.h>
20 #include <linux/capability.h>
21 #include <linux/cdev.h>
22 #include <linux/fsnotify.h>
23 #include <linux/sysctl.h>
24 #include <linux/percpu_counter.h>
26 #include <asm/atomic.h>
28 /* sysctl tunables... */
29 struct files_stat_struct files_stat = {
30 .max_files = NR_FILE
33 /* public. Not pretty! */
34 __cacheline_aligned_in_smp DEFINE_SPINLOCK(files_lock);
36 static struct percpu_counter nr_files __cacheline_aligned_in_smp;
38 static inline void file_free_rcu(struct rcu_head *head)
40 struct file *f = container_of(head, struct file, f_u.fu_rcuhead);
41 kmem_cache_free(filp_cachep, f);
44 static inline void file_free(struct file *f)
46 percpu_counter_dec(&nr_files);
47 call_rcu(&f->f_u.fu_rcuhead, file_free_rcu);
51 * Return the total number of open files in the system
53 static int get_nr_files(void)
55 return percpu_counter_read_positive(&nr_files);
59 * Return the maximum number of open files in the system
61 int get_max_files(void)
63 return files_stat.max_files;
65 EXPORT_SYMBOL_GPL(get_max_files);
68 * Handle nr_files sysctl
70 #if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS)
71 int proc_nr_files(ctl_table *table, int write, struct file *filp,
72 void __user *buffer, size_t *lenp, loff_t *ppos)
74 files_stat.nr_files = get_nr_files();
75 return proc_dointvec(table, write, filp, buffer, lenp, ppos);
77 #else
78 int proc_nr_files(ctl_table *table, int write, struct file *filp,
79 void __user *buffer, size_t *lenp, loff_t *ppos)
81 return -ENOSYS;
83 #endif
85 /* Find an unused file structure and return a pointer to it.
86 * Returns NULL, if there are no more free file structures or
87 * we run out of memory.
89 struct file *get_empty_filp(void)
91 struct task_struct *tsk;
92 static int old_max;
93 struct file * f;
96 * Privileged users can go above max_files
98 if (get_nr_files() >= files_stat.max_files && !capable(CAP_SYS_ADMIN)) {
100 * percpu_counters are inaccurate. Do an expensive check before
101 * we go and fail.
103 if (percpu_counter_sum(&nr_files) >= files_stat.max_files)
104 goto over;
107 f = kmem_cache_alloc(filp_cachep, GFP_KERNEL);
108 if (f == NULL)
109 goto fail;
111 percpu_counter_inc(&nr_files);
112 memset(f, 0, sizeof(*f));
113 if (security_file_alloc(f))
114 goto fail_sec;
116 tsk = current;
117 INIT_LIST_HEAD(&f->f_u.fu_list);
118 atomic_set(&f->f_count, 1);
119 rwlock_init(&f->f_owner.lock);
120 f->f_uid = tsk->fsuid;
121 f->f_gid = tsk->fsgid;
122 eventpoll_init_file(f);
123 /* f->f_version: 0 */
124 return f;
126 over:
127 /* Ran out of filps - report that */
128 if (get_nr_files() > old_max) {
129 printk(KERN_INFO "VFS: file-max limit %d reached\n",
130 get_max_files());
131 old_max = get_nr_files();
133 goto fail;
135 fail_sec:
136 file_free(f);
137 fail:
138 return NULL;
141 EXPORT_SYMBOL(get_empty_filp);
143 void fastcall fput(struct file *file)
145 if (atomic_dec_and_test(&file->f_count))
146 __fput(file);
149 EXPORT_SYMBOL(fput);
151 /* __fput is called from task context when aio completion releases the last
152 * last use of a struct file *. Do not use otherwise.
154 void fastcall __fput(struct file *file)
156 struct dentry *dentry = file->f_dentry;
157 struct vfsmount *mnt = file->f_vfsmnt;
158 struct inode *inode = dentry->d_inode;
160 might_sleep();
162 fsnotify_close(file);
164 * The function eventpoll_release() should be the first called
165 * in the file cleanup chain.
167 eventpoll_release(file);
168 locks_remove_flock(file);
170 if (file->f_op && file->f_op->release)
171 file->f_op->release(inode, file);
172 security_file_free(file);
173 if (unlikely(inode->i_cdev != NULL))
174 cdev_put(inode->i_cdev);
175 fops_put(file->f_op);
176 if (file->f_mode & FMODE_WRITE)
177 put_write_access(inode);
178 file_kill(file);
179 file->f_dentry = NULL;
180 file->f_vfsmnt = NULL;
181 file_free(file);
182 dput(dentry);
183 mntput(mnt);
186 struct file fastcall *fget(unsigned int fd)
188 struct file *file;
189 struct files_struct *files = current->files;
191 rcu_read_lock();
192 file = fcheck_files(files, fd);
193 if (file) {
194 if (!atomic_inc_not_zero(&file->f_count)) {
195 /* File object ref couldn't be taken */
196 rcu_read_unlock();
197 return NULL;
200 rcu_read_unlock();
202 return file;
205 EXPORT_SYMBOL(fget);
208 * Lightweight file lookup - no refcnt increment if fd table isn't shared.
209 * You can use this only if it is guranteed that the current task already
210 * holds a refcnt to that file. That check has to be done at fget() only
211 * and a flag is returned to be passed to the corresponding fput_light().
212 * There must not be a cloning between an fget_light/fput_light pair.
214 struct file fastcall *fget_light(unsigned int fd, int *fput_needed)
216 struct file *file;
217 struct files_struct *files = current->files;
219 *fput_needed = 0;
220 if (likely((atomic_read(&files->count) == 1))) {
221 file = fcheck_files(files, fd);
222 } else {
223 rcu_read_lock();
224 file = fcheck_files(files, fd);
225 if (file) {
226 if (atomic_inc_not_zero(&file->f_count))
227 *fput_needed = 1;
228 else
229 /* Didn't get the reference, someone's freed */
230 file = NULL;
232 rcu_read_unlock();
235 return file;
239 void put_filp(struct file *file)
241 if (atomic_dec_and_test(&file->f_count)) {
242 security_file_free(file);
243 file_kill(file);
244 file_free(file);
248 void file_move(struct file *file, struct list_head *list)
250 if (!list)
251 return;
252 file_list_lock();
253 list_move(&file->f_u.fu_list, list);
254 file_list_unlock();
257 void file_kill(struct file *file)
259 if (!list_empty(&file->f_u.fu_list)) {
260 file_list_lock();
261 list_del_init(&file->f_u.fu_list);
262 file_list_unlock();
266 int fs_may_remount_ro(struct super_block *sb)
268 struct list_head *p;
270 /* Check that no files are currently opened for writing. */
271 file_list_lock();
272 list_for_each(p, &sb->s_files) {
273 struct file *file = list_entry(p, struct file, f_u.fu_list);
274 struct inode *inode = file->f_dentry->d_inode;
276 /* File with pending delete? */
277 if (inode->i_nlink == 0)
278 goto too_bad;
280 /* Writeable file? */
281 if (S_ISREG(inode->i_mode) && (file->f_mode & FMODE_WRITE))
282 goto too_bad;
284 file_list_unlock();
285 return 1; /* Tis' cool bro. */
286 too_bad:
287 file_list_unlock();
288 return 0;
291 void __init files_init(unsigned long mempages)
293 int n;
294 /* One file with associated inode and dcache is very roughly 1K.
295 * Per default don't use more than 10% of our memory for files.
298 n = (mempages * (PAGE_SIZE / 1024)) / 10;
299 files_stat.max_files = n;
300 if (files_stat.max_files < NR_FILE)
301 files_stat.max_files = NR_FILE;
302 files_defer_init();
303 percpu_counter_init(&nr_files);