1/*
2 * fs/inotify_user.c - inotify support for userspace
3 *
4 * Authors:
5 *	John McCutchan	<ttb@tentacle.dhs.org>
6 *	Robert Love	<rml@novell.com>
7 *
8 * Copyright (C) 2005 John McCutchan
9 * Copyright 2006 Hewlett-Packard Development Company, L.P.
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2, or (at your option) any
14 * later version.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19 * General Public License for more details.
20 */
21
22#include <linux/kernel.h>
23#include <linux/sched.h>
24#include <linux/slab.h>
25#include <linux/fs.h>
26#include <linux/file.h>
27#include <linux/mount.h>
28#include <linux/namei.h>
29#include <linux/poll.h>
30#include <linux/init.h>
31#include <linux/list.h>
32#include <linux/inotify.h>
33#include <linux/syscalls.h>
34
35#include <asm/ioctls.h>
36
37static struct kmem_cache *watch_cachep __read_mostly;
38static struct kmem_cache *event_cachep __read_mostly;
39
40static struct vfsmount *inotify_mnt __read_mostly;
41
42/* these are configurable via /proc/sys/fs/inotify/ */
43int inotify_max_user_instances __read_mostly;
44int inotify_max_user_watches __read_mostly;
45int inotify_max_queued_events __read_mostly;
46
47/*
48 * Lock ordering:
49 *
50 * inotify_dev->up_mutex (ensures we don't re-add the same watch)
51 * 	inode->inotify_mutex (protects inode's watch list)
52 * 		inotify_handle->mutex (protects inotify_handle's watch list)
53 * 			inotify_dev->ev_mutex (protects device's event queue)
54 */
55
56/*
57 * Lifetimes of the main data structures:
58 *
59 * inotify_device: Lifetime is managed by reference count, from
60 * sys_inotify_init() until release.  Additional references can bump the count
61 * via get_inotify_dev() and drop the count via put_inotify_dev().
62 *
63 * inotify_user_watch: Lifetime is from create_watch() to the receipt of an
64 * IN_IGNORED event from inotify, or when using IN_ONESHOT, to receipt of the
65 * first event, or to inotify_destroy().
66 */
67
68/*
69 * struct inotify_device - represents an inotify instance
70 *
71 * This structure is protected by the mutex 'mutex'.
72 */
73struct inotify_device {
74	wait_queue_head_t 	wq;		/* wait queue for i/o */
75	struct mutex		ev_mutex;	/* protects event queue */
76	struct mutex		up_mutex;	/* synchronizes watch updates */
77	struct list_head 	events;		/* list of queued events */
78	atomic_t		count;		/* reference count */
79	struct user_struct	*user;		/* user who opened this dev */
80	struct inotify_handle	*ih;		/* inotify handle */
81	unsigned int		queue_size;	/* size of the queue (bytes) */
82	unsigned int		event_count;	/* number of pending events */
83	unsigned int		max_events;	/* maximum number of events */
84};
85
86/*
87 * struct inotify_kernel_event - An inotify event, originating from a watch and
88 * queued for user-space.  A list of these is attached to each instance of the
89 * device.  In read(), this list is walked and all events that can fit in the
90 * buffer are returned.
91 *
92 * Protected by dev->ev_mutex of the device in which we are queued.
93 */
94struct inotify_kernel_event {
95	struct inotify_event	event;	/* the user-space event */
96	struct list_head        list;	/* entry in inotify_device's list */
97	char			*name;	/* filename, if any */
98};
99
100/*
101 * struct inotify_user_watch - our version of an inotify_watch, we add
102 * a reference to the associated inotify_device.
103 */
104struct inotify_user_watch {
105	struct inotify_device	*dev;	/* associated device */
106	struct inotify_watch	wdata;	/* inotify watch data */
107};
108
109#ifdef CONFIG_SYSCTL
110
111#include <linux/sysctl.h>
112
113static int zero;
114
115ctl_table inotify_table[] = {
116	{
117		.ctl_name	= INOTIFY_MAX_USER_INSTANCES,
118		.procname	= "max_user_instances",
119		.data		= &inotify_max_user_instances,
120		.maxlen		= sizeof(int),
121		.mode		= 0644,
122		.proc_handler	= &proc_dointvec_minmax,
123		.strategy	= &sysctl_intvec,
124		.extra1		= &zero,
125	},
126	{
127		.ctl_name	= INOTIFY_MAX_USER_WATCHES,
128		.procname	= "max_user_watches",
129		.data		= &inotify_max_user_watches,
130		.maxlen		= sizeof(int),
131		.mode		= 0644,
132		.proc_handler	= &proc_dointvec_minmax,
133		.strategy	= &sysctl_intvec,
134		.extra1		= &zero,
135	},
136	{
137		.ctl_name	= INOTIFY_MAX_QUEUED_EVENTS,
138		.procname	= "max_queued_events",
139		.data		= &inotify_max_queued_events,
140		.maxlen		= sizeof(int),
141		.mode		= 0644,
142		.proc_handler	= &proc_dointvec_minmax,
143		.strategy	= &sysctl_intvec,
144		.extra1		= &zero
145	},
146	{ .ctl_name = 0 }
147};
148#endif /* CONFIG_SYSCTL */
149
150static inline void get_inotify_dev(struct inotify_device *dev)
151{
152	atomic_inc(&dev->count);
153}
154
155static inline void put_inotify_dev(struct inotify_device *dev)
156{
157	if (atomic_dec_and_test(&dev->count)) {
158		atomic_dec(&dev->user->inotify_devs);
159		free_uid(dev->user);
160		kfree(dev);
161	}
162}
163
164/*
165 * free_inotify_user_watch - cleans up the watch and its references
166 */
167static void free_inotify_user_watch(struct inotify_watch *w)
168{
169	struct inotify_user_watch *watch;
170	struct inotify_device *dev;
171
172	watch = container_of(w, struct inotify_user_watch, wdata);
173	dev = watch->dev;
174
175	atomic_dec(&dev->user->inotify_watches);
176	put_inotify_dev(dev);
177	kmem_cache_free(watch_cachep, watch);
178}
179
180/*
181 * kernel_event - create a new kernel event with the given parameters
182 *
183 * This function can sleep.
184 */
185static struct inotify_kernel_event * kernel_event(s32 wd, u32 mask, u32 cookie,
186						  const char *name)
187{
188	struct inotify_kernel_event *kevent;
189
190	kevent = kmem_cache_alloc(event_cachep, GFP_NOFS);
191	if (unlikely(!kevent))
192		return NULL;
193
194	/* we hand this out to user-space, so zero it just in case */
195	memset(&kevent->event, 0, sizeof(struct inotify_event));
196
197	kevent->event.wd = wd;
198	kevent->event.mask = mask;
199	kevent->event.cookie = cookie;
200
201	INIT_LIST_HEAD(&kevent->list);
202
203	if (name) {
204		size_t len, rem, event_size = sizeof(struct inotify_event);
205
206		/*
207		 * We need to pad the filename so as to properly align an
208		 * array of inotify_event structures.  Because the structure is
209		 * small and the common case is a small filename, we just round
210		 * up to the next multiple of the structure's sizeof.  This is
211		 * simple and safe for all architectures.
212		 */
213		len = strlen(name) + 1;
214		rem = event_size - len;
215		if (len > event_size) {
216			rem = event_size - (len % event_size);
217			if (len % event_size == 0)
218				rem = 0;
219		}
220
221		kevent->name = kmalloc(len + rem, GFP_KERNEL);
222		if (unlikely(!kevent->name)) {
223			kmem_cache_free(event_cachep, kevent);
224			return NULL;
225		}
226		memcpy(kevent->name, name, len);
227		if (rem)
228			memset(kevent->name + len, 0, rem);
229		kevent->event.len = len + rem;
230	} else {
231		kevent->event.len = 0;
232		kevent->name = NULL;
233	}
234
235	return kevent;
236}
237
238/*
239 * inotify_dev_get_event - return the next event in the given dev's queue
240 *
241 * Caller must hold dev->ev_mutex.
242 */
243static inline struct inotify_kernel_event *
244inotify_dev_get_event(struct inotify_device *dev)
245{
246	return list_entry(dev->events.next, struct inotify_kernel_event, list);
247}
248
249/*
250 * inotify_dev_queue_event - event handler registered with core inotify, adds
251 * a new event to the given device
252 *
253 * Can sleep (calls kernel_event()).
254 */
255static void inotify_dev_queue_event(struct inotify_watch *w, u32 wd, u32 mask,
256				    u32 cookie, const char *name,
257				    struct inode *ignored)
258{
259	struct inotify_user_watch *watch;
260	struct inotify_device *dev;
261	struct inotify_kernel_event *kevent, *last;
262
263	watch = container_of(w, struct inotify_user_watch, wdata);
264	dev = watch->dev;
265
266	mutex_lock(&dev->ev_mutex);
267
268	/* we can safely put the watch as we don't reference it while
269	 * generating the event
270	 */
271	if (mask & IN_IGNORED || mask & IN_ONESHOT)
272		put_inotify_watch(w); /* final put */
273
274	/* coalescing: drop this event if it is a dupe of the previous */
275	last = inotify_dev_get_event(dev);
276	if (last && last->event.mask == mask && last->event.wd == wd &&
277			last->event.cookie == cookie) {
278		const char *lastname = last->name;
279
280		if (!name && !lastname)
281			goto out;
282		if (name && lastname && !strcmp(lastname, name))
283			goto out;
284	}
285
286	/* the queue overflowed and we already sent the Q_OVERFLOW event */
287	if (unlikely(dev->event_count > dev->max_events))
288		goto out;
289
290	/* if the queue overflows, we need to notify user space */
291	if (unlikely(dev->event_count == dev->max_events))
292		kevent = kernel_event(-1, IN_Q_OVERFLOW, cookie, NULL);
293	else
294		kevent = kernel_event(wd, mask, cookie, name);
295
296	if (unlikely(!kevent))
297		goto out;
298
299	/* queue the event and wake up anyone waiting */
300	dev->event_count++;
301	dev->queue_size += sizeof(struct inotify_event) + kevent->event.len;
302	list_add_tail(&kevent->list, &dev->events);
303	wake_up_interruptible(&dev->wq);
304
305out:
306	mutex_unlock(&dev->ev_mutex);
307}
308
309/*
310 * remove_kevent - cleans up and ultimately frees the given kevent
311 *
312 * Caller must hold dev->ev_mutex.
313 */
314static void remove_kevent(struct inotify_device *dev,
315			  struct inotify_kernel_event *kevent)
316{
317	list_del(&kevent->list);
318
319	dev->event_count--;
320	dev->queue_size -= sizeof(struct inotify_event) + kevent->event.len;
321
322	kfree(kevent->name);
323	kmem_cache_free(event_cachep, kevent);
324}
325
326/*
327 * inotify_dev_event_dequeue - destroy an event on the given device
328 *
329 * Caller must hold dev->ev_mutex.
330 */
331static void inotify_dev_event_dequeue(struct inotify_device *dev)
332{
333	if (!list_empty(&dev->events)) {
334		struct inotify_kernel_event *kevent;
335		kevent = inotify_dev_get_event(dev);
336		remove_kevent(dev, kevent);
337	}
338}
339
340/*
341 * find_inode - resolve a user-given path to a specific inode and return a nd
342 */
343static int find_inode(const char __user *dirname, struct nameidata *nd,
344		      unsigned flags)
345{
346	int error;
347
348	error = __user_walk(dirname, flags, nd);
349	if (error)
350		return error;
351	/* you can only watch an inode if you have read permissions on it */
352	error = vfs_permission(nd, MAY_READ);
353	if (error)
354		path_release(nd);
355	return error;
356}
357
358/*
359 * create_watch - creates a watch on the given device.
360 *
361 * Callers must hold dev->up_mutex.
362 */
363static int create_watch(struct inotify_device *dev, struct inode *inode,
364			u32 mask)
365{
366	struct inotify_user_watch *watch;
367	int ret;
368
369	if (atomic_read(&dev->user->inotify_watches) >=
370			inotify_max_user_watches)
371		return -ENOSPC;
372
373	watch = kmem_cache_alloc(watch_cachep, GFP_KERNEL);
374	if (unlikely(!watch))
375		return -ENOMEM;
376
377	/* save a reference to device and bump the count to make it official */
378	get_inotify_dev(dev);
379	watch->dev = dev;
380
381	atomic_inc(&dev->user->inotify_watches);
382
383	inotify_init_watch(&watch->wdata);
384	ret = inotify_add_watch(dev->ih, &watch->wdata, inode, mask);
385	if (ret < 0)
386		free_inotify_user_watch(&watch->wdata);
387
388	return ret;
389}
390
391/* Device Interface */
392
393static unsigned int inotify_poll(struct file *file, poll_table *wait)
394{
395	struct inotify_device *dev = file->private_data;
396	int ret = 0;
397
398	poll_wait(file, &dev->wq, wait);
399	mutex_lock(&dev->ev_mutex);
400	if (!list_empty(&dev->events))
401		ret = POLLIN | POLLRDNORM;
402	mutex_unlock(&dev->ev_mutex);
403
404	return ret;
405}
406
407static ssize_t inotify_read(struct file *file, char __user *buf,
408			    size_t count, loff_t *pos)
409{
410	size_t event_size = sizeof (struct inotify_event);
411	struct inotify_device *dev;
412	char __user *start;
413	int ret;
414	DEFINE_WAIT(wait);
415
416	start = buf;
417	dev = file->private_data;
418
419	while (1) {
420		int events;
421
422		prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE);
423
424		mutex_lock(&dev->ev_mutex);
425		events = !list_empty(&dev->events);
426		mutex_unlock(&dev->ev_mutex);
427		if (events) {
428			ret = 0;
429			break;
430		}
431
432		if (file->f_flags & O_NONBLOCK) {
433			ret = -EAGAIN;
434			break;
435		}
436
437		if (signal_pending(current)) {
438			ret = -EINTR;
439			break;
440		}
441
442		schedule();
443	}
444
445	finish_wait(&dev->wq, &wait);
446	if (ret)
447		return ret;
448
449	mutex_lock(&dev->ev_mutex);
450	while (1) {
451		struct inotify_kernel_event *kevent;
452
453		ret = buf - start;
454		if (list_empty(&dev->events))
455			break;
456
457		kevent = inotify_dev_get_event(dev);
458		if (event_size + kevent->event.len > count) {
459			if (ret == 0 && count > 0) {
460				/*
461				 * could not get a single event because we
462				 * didn't have enough buffer space.
463				 */
464				ret = -EINVAL;
465			}
466			break;
467		}
468
469		if (copy_to_user(buf, &kevent->event, event_size)) {
470			ret = -EFAULT;
471			break;
472		}
473		buf += event_size;
474		count -= event_size;
475
476		if (kevent->name) {
477			if (copy_to_user(buf, kevent->name, kevent->event.len)){
478				ret = -EFAULT;
479				break;
480			}
481			buf += kevent->event.len;
482			count -= kevent->event.len;
483		}
484
485		remove_kevent(dev, kevent);
486	}
487	mutex_unlock(&dev->ev_mutex);
488
489	return ret;
490}
491
492static int inotify_release(struct inode *ignored, struct file *file)
493{
494	struct inotify_device *dev = file->private_data;
495
496	inotify_destroy(dev->ih);
497
498	/* destroy all of the events on this device */
499	mutex_lock(&dev->ev_mutex);
500	while (!list_empty(&dev->events))
501		inotify_dev_event_dequeue(dev);
502	mutex_unlock(&dev->ev_mutex);
503
504	/* free this device: the put matching the get in inotify_init() */
505	put_inotify_dev(dev);
506
507	return 0;
508}
509
510static long inotify_ioctl(struct file *file, unsigned int cmd,
511			  unsigned long arg)
512{
513	struct inotify_device *dev;
514	void __user *p;
515	int ret = -ENOTTY;
516
517	dev = file->private_data;
518	p = (void __user *) arg;
519
520	switch (cmd) {
521	case FIONREAD:
522		ret = put_user(dev->queue_size, (int __user *) p);
523		break;
524	}
525
526	return ret;
527}
528
529static const struct file_operations inotify_fops = {
530	.poll           = inotify_poll,
531	.read           = inotify_read,
532	.release        = inotify_release,
533	.unlocked_ioctl = inotify_ioctl,
534	.compat_ioctl	= inotify_ioctl,
535};
536
537static const struct inotify_operations inotify_user_ops = {
538	.handle_event	= inotify_dev_queue_event,
539	.destroy_watch	= free_inotify_user_watch,
540};
541
542asmlinkage long sys_inotify_init(void)
543{
544	struct inotify_device *dev;
545	struct inotify_handle *ih;
546	struct user_struct *user;
547	struct file *filp;
548	int fd, ret;
549
550	fd = get_unused_fd();
551	if (fd < 0)
552		return fd;
553
554	filp = get_empty_filp();
555	if (!filp) {
556		ret = -ENFILE;
557		goto out_put_fd;
558	}
559
560	user = get_uid(current->user);
561	if (unlikely(atomic_read(&user->inotify_devs) >=
562			inotify_max_user_instances)) {
563		ret = -EMFILE;
564		goto out_free_uid;
565	}
566
567	dev = kmalloc(sizeof(struct inotify_device), GFP_KERNEL);
568	if (unlikely(!dev)) {
569		ret = -ENOMEM;
570		goto out_free_uid;
571	}
572
573	ih = inotify_init(&inotify_user_ops);
574	if (unlikely(IS_ERR(ih))) {
575		ret = PTR_ERR(ih);
576		goto out_free_dev;
577	}
578	dev->ih = ih;
579
580	filp->f_op = &inotify_fops;
581	filp->f_path.mnt = mntget(inotify_mnt);
582	filp->f_path.dentry = dget(inotify_mnt->mnt_root);
583	filp->f_mapping = filp->f_path.dentry->d_inode->i_mapping;
584	filp->f_mode = FMODE_READ;
585	filp->f_flags = O_RDONLY;
586	filp->private_data = dev;
587
588	INIT_LIST_HEAD(&dev->events);
589	init_waitqueue_head(&dev->wq);
590	mutex_init(&dev->ev_mutex);
591	mutex_init(&dev->up_mutex);
592	dev->event_count = 0;
593	dev->queue_size = 0;
594	dev->max_events = inotify_max_queued_events;
595	dev->user = user;
596	atomic_set(&dev->count, 0);
597
598	get_inotify_dev(dev);
599	atomic_inc(&user->inotify_devs);
600	fd_install(fd, filp);
601
602	return fd;
603out_free_dev:
604	kfree(dev);
605out_free_uid:
606	free_uid(user);
607	put_filp(filp);
608out_put_fd:
609	put_unused_fd(fd);
610	return ret;
611}
612
613asmlinkage long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
614{
615	struct inode *inode;
616	struct inotify_device *dev;
617	struct nameidata nd;
618	struct file *filp;
619	int ret, fput_needed;
620	unsigned flags = 0;
621
622	filp = fget_light(fd, &fput_needed);
623	if (unlikely(!filp))
624		return -EBADF;
625
626	/* verify that this is indeed an inotify instance */
627	if (unlikely(filp->f_op != &inotify_fops)) {
628		ret = -EINVAL;
629		goto fput_and_out;
630	}
631
632	if (!(mask & IN_DONT_FOLLOW))
633		flags |= LOOKUP_FOLLOW;
634	if (mask & IN_ONLYDIR)
635		flags |= LOOKUP_DIRECTORY;
636
637	ret = find_inode(path, &nd, flags);
638	if (unlikely(ret))
639		goto fput_and_out;
640
641	/* inode held in place by reference to nd; dev by fget on fd */
642	inode = nd.dentry->d_inode;
643	dev = filp->private_data;
644
645	mutex_lock(&dev->up_mutex);
646	ret = inotify_find_update_watch(dev->ih, inode, mask);
647	if (ret == -ENOENT)
648		ret = create_watch(dev, inode, mask);
649	mutex_unlock(&dev->up_mutex);
650
651	path_release(&nd);
652fput_and_out:
653	fput_light(filp, fput_needed);
654	return ret;
655}
656
657asmlinkage long sys_inotify_rm_watch(int fd, u32 wd)
658{
659	struct file *filp;
660	struct inotify_device *dev;
661	int ret, fput_needed;
662
663	filp = fget_light(fd, &fput_needed);
664	if (unlikely(!filp))
665		return -EBADF;
666
667	/* verify that this is indeed an inotify instance */
668	if (unlikely(filp->f_op != &inotify_fops)) {
669		ret = -EINVAL;
670		goto out;
671	}
672
673	dev = filp->private_data;
674
675	/* we free our watch data when we get IN_IGNORED */
676	ret = inotify_rm_wd(dev->ih, wd);
677
678out:
679	fput_light(filp, fput_needed);
680	return ret;
681}
682
683static int
684inotify_get_sb(struct file_system_type *fs_type, int flags,
685	       const char *dev_name, void *data, struct vfsmount *mnt)
686{
687	return get_sb_pseudo(fs_type, "inotify", NULL, 0xBAD1DEA, mnt);
688}
689
690static struct file_system_type inotify_fs_type = {
691    .name           = "inotifyfs",
692    .get_sb         = inotify_get_sb,
693    .kill_sb        = kill_anon_super,
694};
695
696/*
697 * inotify_user_setup - Our initialization function.  Note that we cannnot return
698 * error because we have compiled-in VFS hooks.  So an (unlikely) failure here
699 * must result in panic().
700 */
701static int __init inotify_user_setup(void)
702{
703	int ret;
704
705	ret = register_filesystem(&inotify_fs_type);
706	if (unlikely(ret))
707		panic("inotify: register_filesystem returned %d!\n", ret);
708
709	inotify_mnt = kern_mount(&inotify_fs_type);
710	if (IS_ERR(inotify_mnt))
711		panic("inotify: kern_mount ret %ld!\n", PTR_ERR(inotify_mnt));
712
713	inotify_max_queued_events = 16384;
714	inotify_max_user_instances = 128;
715	inotify_max_user_watches = 8192;
716
717	watch_cachep = kmem_cache_create("inotify_watch_cache",
718					 sizeof(struct inotify_user_watch),
719					 0, SLAB_PANIC, NULL, NULL);
720	event_cachep = kmem_cache_create("inotify_event_cache",
721					 sizeof(struct inotify_kernel_event),
722					 0, SLAB_PANIC, NULL, NULL);
723
724	return 0;
725}
726
727module_init(inotify_user_setup);
728