1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Directory notifications for Linux.
4 *
5 * Copyright (C) 2000,2001,2002 Stephen Rothwell
6 *
7 * Copyright (C) 2009 Eric Paris <Red Hat Inc>
8 * dnotify was largly rewritten to use the new fsnotify infrastructure
9 */
10 #include <linux/fs.h>
11 #include <linux/module.h>
12 #include <linux/sched.h>
13 #include <linux/sched/signal.h>
14 #include <linux/dnotify.h>
15 #include <linux/init.h>
16 #include <linux/security.h>
17 #include <linux/spinlock.h>
18 #include <linux/slab.h>
19 #include <linux/fdtable.h>
20 #include <linux/fsnotify_backend.h>
21
22 static int dir_notify_enable __read_mostly = 1;
23 #ifdef CONFIG_SYSCTL
24 static struct ctl_table dnotify_sysctls[] = {
25 {
26 .procname = "dir-notify-enable",
27 .data = &dir_notify_enable,
28 .maxlen = sizeof(int),
29 .mode = 0644,
30 .proc_handler = proc_dointvec,
31 },
32 };
dnotify_sysctl_init(void)33 static void __init dnotify_sysctl_init(void)
34 {
35 register_sysctl_init("fs", dnotify_sysctls);
36 }
37 #else
38 #define dnotify_sysctl_init() do { } while (0)
39 #endif
40
41 static struct kmem_cache *dnotify_struct_cache __ro_after_init;
42 static struct kmem_cache *dnotify_mark_cache __ro_after_init;
43 static struct fsnotify_group *dnotify_group __ro_after_init;
44
45 /*
46 * dnotify will attach one of these to each inode (i_fsnotify_marks) which
47 * is being watched by dnotify. If multiple userspace applications are watching
48 * the same directory with dnotify their information is chained in dn
49 */
50 struct dnotify_mark {
51 struct fsnotify_mark fsn_mark;
52 struct dnotify_struct *dn;
53 };
54
55 /*
56 * When a process starts or stops watching an inode the set of events which
57 * dnotify cares about for that inode may change. This function runs the
58 * list of everything receiving dnotify events about this directory and calculates
59 * the set of all those events. After it updates what dnotify is interested in
60 * it calls the fsnotify function so it can update the set of all events relevant
61 * to this inode.
62 */
dnotify_recalc_inode_mask(struct fsnotify_mark * fsn_mark)63 static void dnotify_recalc_inode_mask(struct fsnotify_mark *fsn_mark)
64 {
65 __u32 new_mask = 0;
66 struct dnotify_struct *dn;
67 struct dnotify_mark *dn_mark = container_of(fsn_mark,
68 struct dnotify_mark,
69 fsn_mark);
70
71 assert_spin_locked(&fsn_mark->lock);
72
73 for (dn = dn_mark->dn; dn != NULL; dn = dn->dn_next)
74 new_mask |= (dn->dn_mask & ~FS_DN_MULTISHOT);
75 if (fsn_mark->mask == new_mask)
76 return;
77 fsn_mark->mask = new_mask;
78
79 fsnotify_recalc_mask(fsn_mark->connector);
80 }
81
82 /*
83 * Mains fsnotify call where events are delivered to dnotify.
84 * Find the dnotify mark on the relevant inode, run the list of dnotify structs
85 * on that mark and determine which of them has expressed interest in receiving
86 * events of this type. When found send the correct process and signal and
87 * destroy the dnotify struct if it was not registered to receive multiple
88 * events.
89 */
dnotify_handle_event(struct fsnotify_mark * inode_mark,u32 mask,struct inode * inode,struct inode * dir,const struct qstr * name,u32 cookie)90 static int dnotify_handle_event(struct fsnotify_mark *inode_mark, u32 mask,
91 struct inode *inode, struct inode *dir,
92 const struct qstr *name, u32 cookie)
93 {
94 struct dnotify_mark *dn_mark;
95 struct dnotify_struct *dn;
96 struct dnotify_struct **prev;
97 struct fown_struct *fown;
98 __u32 test_mask = mask & ~FS_EVENT_ON_CHILD;
99
100 /* not a dir, dnotify doesn't care */
101 if (!dir && !(mask & FS_ISDIR))
102 return 0;
103
104 dn_mark = container_of(inode_mark, struct dnotify_mark, fsn_mark);
105
106 spin_lock(&inode_mark->lock);
107 prev = &dn_mark->dn;
108 while ((dn = *prev) != NULL) {
109 if ((dn->dn_mask & test_mask) == 0) {
110 prev = &dn->dn_next;
111 continue;
112 }
113 fown = file_f_owner(dn->dn_filp);
114 send_sigio(fown, dn->dn_fd, POLL_MSG);
115 if (dn->dn_mask & FS_DN_MULTISHOT)
116 prev = &dn->dn_next;
117 else {
118 *prev = dn->dn_next;
119 kmem_cache_free(dnotify_struct_cache, dn);
120 dnotify_recalc_inode_mask(inode_mark);
121 }
122 }
123
124 spin_unlock(&inode_mark->lock);
125
126 return 0;
127 }
128
dnotify_free_mark(struct fsnotify_mark * fsn_mark)129 static void dnotify_free_mark(struct fsnotify_mark *fsn_mark)
130 {
131 struct dnotify_mark *dn_mark = container_of(fsn_mark,
132 struct dnotify_mark,
133 fsn_mark);
134
135 BUG_ON(dn_mark->dn);
136
137 kmem_cache_free(dnotify_mark_cache, dn_mark);
138 }
139
140 static const struct fsnotify_ops dnotify_fsnotify_ops = {
141 .handle_inode_event = dnotify_handle_event,
142 .free_mark = dnotify_free_mark,
143 };
144
145 /*
146 * Called every time a file is closed. Looks first for a dnotify mark on the
147 * inode. If one is found run all of the ->dn structures attached to that
148 * mark for one relevant to this process closing the file and remove that
149 * dnotify_struct. If that was the last dnotify_struct also remove the
150 * fsnotify_mark.
151 */
dnotify_flush(struct file * filp,fl_owner_t id)152 void dnotify_flush(struct file *filp, fl_owner_t id)
153 {
154 struct fsnotify_mark *fsn_mark;
155 struct dnotify_mark *dn_mark;
156 struct dnotify_struct *dn;
157 struct dnotify_struct **prev;
158 struct inode *inode;
159 bool free = false;
160
161 inode = file_inode(filp);
162 if (!S_ISDIR(inode->i_mode))
163 return;
164
165 fsn_mark = fsnotify_find_inode_mark(inode, dnotify_group);
166 if (!fsn_mark)
167 return;
168 dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark);
169
170 fsnotify_group_lock(dnotify_group);
171
172 spin_lock(&fsn_mark->lock);
173 prev = &dn_mark->dn;
174 while ((dn = *prev) != NULL) {
175 if ((dn->dn_owner == id) && (dn->dn_filp == filp)) {
176 *prev = dn->dn_next;
177 kmem_cache_free(dnotify_struct_cache, dn);
178 dnotify_recalc_inode_mask(fsn_mark);
179 break;
180 }
181 prev = &dn->dn_next;
182 }
183
184 spin_unlock(&fsn_mark->lock);
185
186 /* nothing else could have found us thanks to the dnotify_groups
187 mark_mutex */
188 if (dn_mark->dn == NULL) {
189 fsnotify_detach_mark(fsn_mark);
190 free = true;
191 }
192
193 fsnotify_group_unlock(dnotify_group);
194
195 if (free)
196 fsnotify_free_mark(fsn_mark);
197 fsnotify_put_mark(fsn_mark);
198 }
199
200 /* this conversion is done only at watch creation */
convert_arg(unsigned int arg)201 static __u32 convert_arg(unsigned int arg)
202 {
203 __u32 new_mask = FS_EVENT_ON_CHILD;
204
205 if (arg & DN_MULTISHOT)
206 new_mask |= FS_DN_MULTISHOT;
207 if (arg & DN_DELETE)
208 new_mask |= (FS_DELETE | FS_MOVED_FROM);
209 if (arg & DN_MODIFY)
210 new_mask |= FS_MODIFY;
211 if (arg & DN_ACCESS)
212 new_mask |= FS_ACCESS;
213 if (arg & DN_ATTRIB)
214 new_mask |= FS_ATTRIB;
215 if (arg & DN_RENAME)
216 new_mask |= FS_RENAME;
217 if (arg & DN_CREATE)
218 new_mask |= (FS_CREATE | FS_MOVED_TO);
219
220 return new_mask;
221 }
222
223 /*
224 * If multiple processes watch the same inode with dnotify there is only one
225 * dnotify mark in inode->i_fsnotify_marks but we chain a dnotify_struct
226 * onto that mark. This function either attaches the new dnotify_struct onto
227 * that list, or it |= the mask onto an existing dnofiy_struct.
228 */
attach_dn(struct dnotify_struct * dn,struct dnotify_mark * dn_mark,fl_owner_t id,int fd,struct file * filp,__u32 mask)229 static int attach_dn(struct dnotify_struct *dn, struct dnotify_mark *dn_mark,
230 fl_owner_t id, int fd, struct file *filp, __u32 mask)
231 {
232 struct dnotify_struct *odn;
233
234 odn = dn_mark->dn;
235 while (odn != NULL) {
236 /* adding more events to existing dnofiy_struct? */
237 if ((odn->dn_owner == id) && (odn->dn_filp == filp)) {
238 odn->dn_fd = fd;
239 odn->dn_mask |= mask;
240 return -EEXIST;
241 }
242 odn = odn->dn_next;
243 }
244
245 dn->dn_mask = mask;
246 dn->dn_fd = fd;
247 dn->dn_filp = filp;
248 dn->dn_owner = id;
249 dn->dn_next = dn_mark->dn;
250 dn_mark->dn = dn;
251
252 return 0;
253 }
254
255 /*
256 * When a process calls fcntl to attach a dnotify watch to a directory it ends
257 * up here. Allocate both a mark for fsnotify to add and a dnotify_struct to be
258 * attached to the fsnotify_mark.
259 */
fcntl_dirnotify(int fd,struct file * filp,unsigned int arg)260 int fcntl_dirnotify(int fd, struct file *filp, unsigned int arg)
261 {
262 struct dnotify_mark *new_dn_mark, *dn_mark;
263 struct fsnotify_mark *new_fsn_mark, *fsn_mark;
264 struct dnotify_struct *dn;
265 struct inode *inode;
266 fl_owner_t id = current->files;
267 struct file *f = NULL;
268 int destroy = 0, error = 0;
269 __u32 mask;
270
271 /* we use these to tell if we need to kfree */
272 new_fsn_mark = NULL;
273 dn = NULL;
274
275 if (!dir_notify_enable) {
276 error = -EINVAL;
277 goto out_err;
278 }
279
280 /* a 0 mask means we are explicitly removing the watch */
281 if ((arg & ~DN_MULTISHOT) == 0) {
282 dnotify_flush(filp, id);
283 error = 0;
284 goto out_err;
285 }
286
287 /* dnotify only works on directories */
288 inode = file_inode(filp);
289 if (!S_ISDIR(inode->i_mode)) {
290 error = -ENOTDIR;
291 goto out_err;
292 }
293
294 /*
295 * convert the userspace DN_* "arg" to the internal FS_*
296 * defined in fsnotify
297 */
298 mask = convert_arg(arg);
299
300 error = security_path_notify(&filp->f_path, mask,
301 FSNOTIFY_OBJ_TYPE_INODE);
302 if (error)
303 goto out_err;
304
305 /* expect most fcntl to add new rather than augment old */
306 dn = kmem_cache_alloc(dnotify_struct_cache, GFP_KERNEL);
307 if (!dn) {
308 error = -ENOMEM;
309 goto out_err;
310 }
311
312 /* new fsnotify mark, we expect most fcntl calls to add a new mark */
313 new_dn_mark = kmem_cache_alloc(dnotify_mark_cache, GFP_KERNEL);
314 if (!new_dn_mark) {
315 error = -ENOMEM;
316 goto out_err;
317 }
318
319 error = file_f_owner_allocate(filp);
320 if (error)
321 goto out_err;
322
323 /* set up the new_fsn_mark and new_dn_mark */
324 new_fsn_mark = &new_dn_mark->fsn_mark;
325 fsnotify_init_mark(new_fsn_mark, dnotify_group);
326 new_fsn_mark->mask = mask;
327 new_dn_mark->dn = NULL;
328
329 /* this is needed to prevent the fcntl/close race described below */
330 fsnotify_group_lock(dnotify_group);
331
332 /* add the new_fsn_mark or find an old one. */
333 fsn_mark = fsnotify_find_inode_mark(inode, dnotify_group);
334 if (fsn_mark) {
335 dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark);
336 spin_lock(&fsn_mark->lock);
337 } else {
338 error = fsnotify_add_inode_mark_locked(new_fsn_mark, inode, 0);
339 if (error) {
340 fsnotify_group_unlock(dnotify_group);
341 goto out_err;
342 }
343 spin_lock(&new_fsn_mark->lock);
344 fsn_mark = new_fsn_mark;
345 dn_mark = new_dn_mark;
346 /* we used new_fsn_mark, so don't free it */
347 new_fsn_mark = NULL;
348 }
349
350 rcu_read_lock();
351 f = lookup_fdget_rcu(fd);
352 rcu_read_unlock();
353
354 /* if (f != filp) means that we lost a race and another task/thread
355 * actually closed the fd we are still playing with before we grabbed
356 * the dnotify_groups mark_mutex and fsn_mark->lock. Since closing the
357 * fd is the only time we clean up the marks we need to get our mark
358 * off the list. */
359 if (f != filp) {
360 /* if we added ourselves, shoot ourselves, it's possible that
361 * the flush actually did shoot this fsn_mark. That's fine too
362 * since multiple calls to destroy_mark is perfectly safe, if
363 * we found a dn_mark already attached to the inode, just sod
364 * off silently as the flush at close time dealt with it.
365 */
366 if (dn_mark == new_dn_mark)
367 destroy = 1;
368 error = 0;
369 goto out;
370 }
371
372 __f_setown(filp, task_pid(current), PIDTYPE_TGID, 0);
373
374 error = attach_dn(dn, dn_mark, id, fd, filp, mask);
375 /* !error means that we attached the dn to the dn_mark, so don't free it */
376 if (!error)
377 dn = NULL;
378 /* -EEXIST means that we didn't add this new dn and used an old one.
379 * that isn't an error (and the unused dn should be freed) */
380 else if (error == -EEXIST)
381 error = 0;
382
383 dnotify_recalc_inode_mask(fsn_mark);
384 out:
385 spin_unlock(&fsn_mark->lock);
386
387 if (destroy)
388 fsnotify_detach_mark(fsn_mark);
389 fsnotify_group_unlock(dnotify_group);
390 if (destroy)
391 fsnotify_free_mark(fsn_mark);
392 fsnotify_put_mark(fsn_mark);
393 out_err:
394 if (new_fsn_mark)
395 fsnotify_put_mark(new_fsn_mark);
396 if (dn)
397 kmem_cache_free(dnotify_struct_cache, dn);
398 if (f)
399 fput(f);
400 return error;
401 }
402
dnotify_init(void)403 static int __init dnotify_init(void)
404 {
405 dnotify_struct_cache = KMEM_CACHE(dnotify_struct,
406 SLAB_PANIC|SLAB_ACCOUNT);
407 dnotify_mark_cache = KMEM_CACHE(dnotify_mark, SLAB_PANIC|SLAB_ACCOUNT);
408
409 dnotify_group = fsnotify_alloc_group(&dnotify_fsnotify_ops, 0);
410 if (IS_ERR(dnotify_group))
411 panic("unable to allocate fsnotify group for dnotify\n");
412 dnotify_sysctl_init();
413 return 0;
414 }
415
416 module_init(dnotify_init)
417