2 * fs/inotify_user.c - inotify support for userspace
5 * John McCutchan <ttb@tentacle.dhs.org>
6 * Robert Love <rml@novell.com>
8 * Copyright (C) 2005 John McCutchan
9 * Copyright 2006 Hewlett-Packard Development Company, L.P.
11 * Copyright (C) 2009 Eric Paris <Red Hat Inc>
12 * inotify was largely rewriten to make use of the fsnotify infrastructure
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2, or (at your option) any
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
25 #include <linux/file.h>
26 #include <linux/fs.h> /* struct inode */
27 #include <linux/fsnotify_backend.h>
28 #include <linux/idr.h>
29 #include <linux/init.h> /* fs_initcall */
30 #include <linux/inotify.h>
31 #include <linux/kernel.h> /* roundup() */
32 #include <linux/namei.h> /* LOOKUP_FOLLOW */
33 #include <linux/sched/signal.h>
34 #include <linux/slab.h> /* struct kmem_cache */
35 #include <linux/syscalls.h>
36 #include <linux/types.h>
37 #include <linux/anon_inodes.h>
38 #include <linux/uaccess.h>
39 #include <linux/poll.h>
40 #include <linux/wait.h>
43 #include "../fdinfo.h"
45 #include <asm/ioctls.h>
47 /* configurable via /proc/sys/fs/inotify/ */
48 static int inotify_max_queued_events __read_mostly
;
50 struct kmem_cache
*inotify_inode_mark_cachep __read_mostly
;
54 #include <linux/sysctl.h>
58 struct ctl_table inotify_table
[] = {
60 .procname
= "max_user_instances",
61 .data
= &init_user_ns
.ucount_max
[UCOUNT_INOTIFY_INSTANCES
],
62 .maxlen
= sizeof(int),
64 .proc_handler
= proc_dointvec_minmax
,
68 .procname
= "max_user_watches",
69 .data
= &init_user_ns
.ucount_max
[UCOUNT_INOTIFY_WATCHES
],
70 .maxlen
= sizeof(int),
72 .proc_handler
= proc_dointvec_minmax
,
76 .procname
= "max_queued_events",
77 .data
= &inotify_max_queued_events
,
78 .maxlen
= sizeof(int),
80 .proc_handler
= proc_dointvec_minmax
,
85 #endif /* CONFIG_SYSCTL */
87 static inline __u32
inotify_arg_to_mask(u32 arg
)
92 * everything should accept their own ignored, cares about children,
93 * and should receive events when the inode is unmounted
95 mask
= (FS_IN_IGNORED
| FS_EVENT_ON_CHILD
| FS_UNMOUNT
);
97 /* mask off the flags used to open the fd */
98 mask
|= (arg
& (IN_ALL_EVENTS
| IN_ONESHOT
| IN_EXCL_UNLINK
));
103 static inline u32
inotify_mask_to_arg(__u32 mask
)
105 return mask
& (IN_ALL_EVENTS
| IN_ISDIR
| IN_UNMOUNT
| IN_IGNORED
|
109 /* intofiy userspace file descriptor functions */
110 static __poll_t
inotify_poll(struct file
*file
, poll_table
*wait
)
112 struct fsnotify_group
*group
= file
->private_data
;
115 poll_wait(file
, &group
->notification_waitq
, wait
);
116 spin_lock(&group
->notification_lock
);
117 if (!fsnotify_notify_queue_is_empty(group
))
118 ret
= EPOLLIN
| EPOLLRDNORM
;
119 spin_unlock(&group
->notification_lock
);
124 static int round_event_name_len(struct fsnotify_event
*fsn_event
)
126 struct inotify_event_info
*event
;
128 event
= INOTIFY_E(fsn_event
);
129 if (!event
->name_len
)
131 return roundup(event
->name_len
+ 1, sizeof(struct inotify_event
));
135 * Get an inotify_kernel_event if one exists and is small
136 * enough to fit in "count". Return an error pointer if
139 * Called with the group->notification_lock held.
141 static struct fsnotify_event
*get_one_event(struct fsnotify_group
*group
,
144 size_t event_size
= sizeof(struct inotify_event
);
145 struct fsnotify_event
*event
;
147 if (fsnotify_notify_queue_is_empty(group
))
150 event
= fsnotify_peek_first_event(group
);
152 pr_debug("%s: group=%p event=%p\n", __func__
, group
, event
);
154 event_size
+= round_event_name_len(event
);
155 if (event_size
> count
)
156 return ERR_PTR(-EINVAL
);
158 /* held the notification_lock the whole time, so this is the
159 * same event we peeked above */
160 fsnotify_remove_first_event(group
);
166 * Copy an event to user space, returning how much we copied.
168 * We already checked that the event size is smaller than the
169 * buffer we had in "get_one_event()" above.
171 static ssize_t
copy_event_to_user(struct fsnotify_group
*group
,
172 struct fsnotify_event
*fsn_event
,
175 struct inotify_event inotify_event
;
176 struct inotify_event_info
*event
;
177 size_t event_size
= sizeof(struct inotify_event
);
181 pr_debug("%s: group=%p event=%p\n", __func__
, group
, fsn_event
);
183 event
= INOTIFY_E(fsn_event
);
184 name_len
= event
->name_len
;
186 * round up name length so it is a multiple of event_size
187 * plus an extra byte for the terminating '\0'.
189 pad_name_len
= round_event_name_len(fsn_event
);
190 inotify_event
.len
= pad_name_len
;
191 inotify_event
.mask
= inotify_mask_to_arg(fsn_event
->mask
);
192 inotify_event
.wd
= event
->wd
;
193 inotify_event
.cookie
= event
->sync_cookie
;
195 /* send the main event */
196 if (copy_to_user(buf
, &inotify_event
, event_size
))
202 * fsnotify only stores the pathname, so here we have to send the pathname
203 * and then pad that pathname out to a multiple of sizeof(inotify_event)
207 /* copy the path name */
208 if (copy_to_user(buf
, event
->name
, name_len
))
212 /* fill userspace with 0's */
213 if (clear_user(buf
, pad_name_len
- name_len
))
215 event_size
+= pad_name_len
;
221 static ssize_t
inotify_read(struct file
*file
, char __user
*buf
,
222 size_t count
, loff_t
*pos
)
224 struct fsnotify_group
*group
;
225 struct fsnotify_event
*kevent
;
228 DEFINE_WAIT_FUNC(wait
, woken_wake_function
);
231 group
= file
->private_data
;
233 add_wait_queue(&group
->notification_waitq
, &wait
);
235 spin_lock(&group
->notification_lock
);
236 kevent
= get_one_event(group
, count
);
237 spin_unlock(&group
->notification_lock
);
239 pr_debug("%s: group=%p kevent=%p\n", __func__
, group
, kevent
);
242 ret
= PTR_ERR(kevent
);
245 ret
= copy_event_to_user(group
, kevent
, buf
);
246 fsnotify_destroy_event(group
, kevent
);
255 if (file
->f_flags
& O_NONBLOCK
)
258 if (signal_pending(current
))
264 wait_woken(&wait
, TASK_INTERRUPTIBLE
, MAX_SCHEDULE_TIMEOUT
);
266 remove_wait_queue(&group
->notification_waitq
, &wait
);
268 if (start
!= buf
&& ret
!= -EFAULT
)
273 static int inotify_release(struct inode
*ignored
, struct file
*file
)
275 struct fsnotify_group
*group
= file
->private_data
;
277 pr_debug("%s: group=%p\n", __func__
, group
);
279 /* free this group, matching get was inotify_init->fsnotify_obtain_group */
280 fsnotify_destroy_group(group
);
285 static long inotify_ioctl(struct file
*file
, unsigned int cmd
,
288 struct fsnotify_group
*group
;
289 struct fsnotify_event
*fsn_event
;
294 group
= file
->private_data
;
295 p
= (void __user
*) arg
;
297 pr_debug("%s: group=%p cmd=%u\n", __func__
, group
, cmd
);
301 spin_lock(&group
->notification_lock
);
302 list_for_each_entry(fsn_event
, &group
->notification_list
,
304 send_len
+= sizeof(struct inotify_event
);
305 send_len
+= round_event_name_len(fsn_event
);
307 spin_unlock(&group
->notification_lock
);
308 ret
= put_user(send_len
, (int __user
*) p
);
315 static const struct file_operations inotify_fops
= {
316 .show_fdinfo
= inotify_show_fdinfo
,
317 .poll
= inotify_poll
,
318 .read
= inotify_read
,
319 .fasync
= fsnotify_fasync
,
320 .release
= inotify_release
,
321 .unlocked_ioctl
= inotify_ioctl
,
322 .compat_ioctl
= inotify_ioctl
,
323 .llseek
= noop_llseek
,
328 * find_inode - resolve a user-given path to a specific inode
330 static int inotify_find_inode(const char __user
*dirname
, struct path
*path
, unsigned flags
)
334 error
= user_path_at(AT_FDCWD
, dirname
, flags
, path
);
337 /* you can only watch an inode if you have read permissions on it */
338 error
= inode_permission(path
->dentry
->d_inode
, MAY_READ
);
344 static int inotify_add_to_idr(struct idr
*idr
, spinlock_t
*idr_lock
,
345 struct inotify_inode_mark
*i_mark
)
349 idr_preload(GFP_KERNEL
);
352 ret
= idr_alloc_cyclic(idr
, i_mark
, 1, 0, GFP_NOWAIT
);
354 /* we added the mark to the idr, take a reference */
356 fsnotify_get_mark(&i_mark
->fsn_mark
);
359 spin_unlock(idr_lock
);
361 return ret
< 0 ? ret
: 0;
364 static struct inotify_inode_mark
*inotify_idr_find_locked(struct fsnotify_group
*group
,
367 struct idr
*idr
= &group
->inotify_data
.idr
;
368 spinlock_t
*idr_lock
= &group
->inotify_data
.idr_lock
;
369 struct inotify_inode_mark
*i_mark
;
371 assert_spin_locked(idr_lock
);
373 i_mark
= idr_find(idr
, wd
);
375 struct fsnotify_mark
*fsn_mark
= &i_mark
->fsn_mark
;
377 fsnotify_get_mark(fsn_mark
);
378 /* One ref for being in the idr, one ref we just took */
379 BUG_ON(refcount_read(&fsn_mark
->refcnt
) < 2);
385 static struct inotify_inode_mark
*inotify_idr_find(struct fsnotify_group
*group
,
388 struct inotify_inode_mark
*i_mark
;
389 spinlock_t
*idr_lock
= &group
->inotify_data
.idr_lock
;
392 i_mark
= inotify_idr_find_locked(group
, wd
);
393 spin_unlock(idr_lock
);
399 * Remove the mark from the idr (if present) and drop the reference
400 * on the mark because it was in the idr.
402 static void inotify_remove_from_idr(struct fsnotify_group
*group
,
403 struct inotify_inode_mark
*i_mark
)
405 struct idr
*idr
= &group
->inotify_data
.idr
;
406 spinlock_t
*idr_lock
= &group
->inotify_data
.idr_lock
;
407 struct inotify_inode_mark
*found_i_mark
= NULL
;
414 * does this i_mark think it is in the idr? we shouldn't get called
418 WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p\n",
419 __func__
, i_mark
, i_mark
->wd
, i_mark
->fsn_mark
.group
);
423 /* Lets look in the idr to see if we find it */
424 found_i_mark
= inotify_idr_find_locked(group
, wd
);
425 if (unlikely(!found_i_mark
)) {
426 WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p\n",
427 __func__
, i_mark
, i_mark
->wd
, i_mark
->fsn_mark
.group
);
432 * We found an mark in the idr at the right wd, but it's
433 * not the mark we were told to remove. eparis seriously
434 * fucked up somewhere.
436 if (unlikely(found_i_mark
!= i_mark
)) {
437 WARN_ONCE(1, "%s: i_mark=%p i_mark->wd=%d i_mark->group=%p "
438 "found_i_mark=%p found_i_mark->wd=%d "
439 "found_i_mark->group=%p\n", __func__
, i_mark
,
440 i_mark
->wd
, i_mark
->fsn_mark
.group
, found_i_mark
,
441 found_i_mark
->wd
, found_i_mark
->fsn_mark
.group
);
446 * One ref for being in the idr
447 * one ref grabbed by inotify_idr_find
449 if (unlikely(refcount_read(&i_mark
->fsn_mark
.refcnt
) < 2)) {
450 printk(KERN_ERR
"%s: i_mark=%p i_mark->wd=%d i_mark->group=%p\n",
451 __func__
, i_mark
, i_mark
->wd
, i_mark
->fsn_mark
.group
);
452 /* we can't really recover with bad ref cnting.. */
457 /* Removed from the idr, drop that ref. */
458 fsnotify_put_mark(&i_mark
->fsn_mark
);
461 spin_unlock(idr_lock
);
462 /* match the ref taken by inotify_idr_find_locked() */
464 fsnotify_put_mark(&found_i_mark
->fsn_mark
);
468 * Send IN_IGNORED for this wd, remove this wd from the idr.
470 void inotify_ignored_and_remove_idr(struct fsnotify_mark
*fsn_mark
,
471 struct fsnotify_group
*group
)
473 struct inotify_inode_mark
*i_mark
;
475 /* Queue ignore event for the watch */
476 inotify_handle_event(group
, NULL
, fsn_mark
, NULL
, FS_IN_IGNORED
,
477 NULL
, FSNOTIFY_EVENT_NONE
, NULL
, 0, NULL
);
479 i_mark
= container_of(fsn_mark
, struct inotify_inode_mark
, fsn_mark
);
480 /* remove this mark from the idr */
481 inotify_remove_from_idr(group
, i_mark
);
483 dec_inotify_watches(group
->inotify_data
.ucounts
);
486 static int inotify_update_existing_watch(struct fsnotify_group
*group
,
490 struct fsnotify_mark
*fsn_mark
;
491 struct inotify_inode_mark
*i_mark
;
492 __u32 old_mask
, new_mask
;
494 int add
= (arg
& IN_MASK_ADD
);
497 mask
= inotify_arg_to_mask(arg
);
499 fsn_mark
= fsnotify_find_mark(&inode
->i_fsnotify_marks
, group
);
503 i_mark
= container_of(fsn_mark
, struct inotify_inode_mark
, fsn_mark
);
505 spin_lock(&fsn_mark
->lock
);
506 old_mask
= fsn_mark
->mask
;
508 fsn_mark
->mask
|= mask
;
510 fsn_mark
->mask
= mask
;
511 new_mask
= fsn_mark
->mask
;
512 spin_unlock(&fsn_mark
->lock
);
514 if (old_mask
!= new_mask
) {
515 /* more bits in old than in new? */
516 int dropped
= (old_mask
& ~new_mask
);
517 /* more bits in this fsn_mark than the inode's mask? */
518 int do_inode
= (new_mask
& ~inode
->i_fsnotify_mask
);
520 /* update the inode with this new fsn_mark */
521 if (dropped
|| do_inode
)
522 fsnotify_recalc_mask(inode
->i_fsnotify_marks
);
529 /* match the get from fsnotify_find_mark() */
530 fsnotify_put_mark(fsn_mark
);
535 static int inotify_new_watch(struct fsnotify_group
*group
,
539 struct inotify_inode_mark
*tmp_i_mark
;
542 struct idr
*idr
= &group
->inotify_data
.idr
;
543 spinlock_t
*idr_lock
= &group
->inotify_data
.idr_lock
;
545 mask
= inotify_arg_to_mask(arg
);
547 tmp_i_mark
= kmem_cache_alloc(inotify_inode_mark_cachep
, GFP_KERNEL
);
548 if (unlikely(!tmp_i_mark
))
551 fsnotify_init_mark(&tmp_i_mark
->fsn_mark
, group
);
552 tmp_i_mark
->fsn_mark
.mask
= mask
;
555 ret
= inotify_add_to_idr(idr
, idr_lock
, tmp_i_mark
);
559 /* increment the number of watches the user has */
560 if (!inc_inotify_watches(group
->inotify_data
.ucounts
)) {
561 inotify_remove_from_idr(group
, tmp_i_mark
);
566 /* we are on the idr, now get on the inode */
567 ret
= fsnotify_add_mark_locked(&tmp_i_mark
->fsn_mark
, inode
, NULL
, 0);
569 /* we failed to get on the inode, get off the idr */
570 inotify_remove_from_idr(group
, tmp_i_mark
);
575 /* return the watch descriptor for this new mark */
576 ret
= tmp_i_mark
->wd
;
579 /* match the ref from fsnotify_init_mark() */
580 fsnotify_put_mark(&tmp_i_mark
->fsn_mark
);
585 static int inotify_update_watch(struct fsnotify_group
*group
, struct inode
*inode
, u32 arg
)
589 mutex_lock(&group
->mark_mutex
);
590 /* try to update and existing watch with the new arg */
591 ret
= inotify_update_existing_watch(group
, inode
, arg
);
592 /* no mark present, try to add a new one */
594 ret
= inotify_new_watch(group
, inode
, arg
);
595 mutex_unlock(&group
->mark_mutex
);
600 static struct fsnotify_group
*inotify_new_group(unsigned int max_events
)
602 struct fsnotify_group
*group
;
603 struct inotify_event_info
*oevent
;
605 group
= fsnotify_alloc_group(&inotify_fsnotify_ops
);
609 oevent
= kmalloc(sizeof(struct inotify_event_info
), GFP_KERNEL
);
610 if (unlikely(!oevent
)) {
611 fsnotify_destroy_group(group
);
612 return ERR_PTR(-ENOMEM
);
614 group
->overflow_event
= &oevent
->fse
;
615 fsnotify_init_event(group
->overflow_event
, NULL
, FS_Q_OVERFLOW
);
617 oevent
->sync_cookie
= 0;
618 oevent
->name_len
= 0;
620 group
->max_events
= max_events
;
622 spin_lock_init(&group
->inotify_data
.idr_lock
);
623 idr_init(&group
->inotify_data
.idr
);
624 group
->inotify_data
.ucounts
= inc_ucount(current_user_ns(),
626 UCOUNT_INOTIFY_INSTANCES
);
628 if (!group
->inotify_data
.ucounts
) {
629 fsnotify_destroy_group(group
);
630 return ERR_PTR(-EMFILE
);
637 /* inotify syscalls */
638 SYSCALL_DEFINE1(inotify_init1
, int, flags
)
640 struct fsnotify_group
*group
;
643 /* Check the IN_* constants for consistency. */
644 BUILD_BUG_ON(IN_CLOEXEC
!= O_CLOEXEC
);
645 BUILD_BUG_ON(IN_NONBLOCK
!= O_NONBLOCK
);
647 if (flags
& ~(IN_CLOEXEC
| IN_NONBLOCK
))
650 /* fsnotify_obtain_group took a reference to group, we put this when we kill the file in the end */
651 group
= inotify_new_group(inotify_max_queued_events
);
653 return PTR_ERR(group
);
655 ret
= anon_inode_getfd("inotify", &inotify_fops
, group
,
658 fsnotify_destroy_group(group
);
663 SYSCALL_DEFINE0(inotify_init
)
665 return sys_inotify_init1(0);
668 SYSCALL_DEFINE3(inotify_add_watch
, int, fd
, const char __user
*, pathname
,
671 struct fsnotify_group
*group
;
679 * We share a lot of code with fs/dnotify. We also share
680 * the bit layout between inotify's IN_* and the fsnotify
681 * FS_*. This check ensures that only the inotify IN_*
682 * bits get passed in and set in watches/events.
684 if (unlikely(mask
& ~ALL_INOTIFY_BITS
))
687 * Require at least one valid bit set in the mask.
688 * Without _something_ set, we would have no events to
691 if (unlikely(!(mask
& ALL_INOTIFY_BITS
)))
695 if (unlikely(!f
.file
))
698 /* verify that this is indeed an inotify instance */
699 if (unlikely(f
.file
->f_op
!= &inotify_fops
)) {
704 if (!(mask
& IN_DONT_FOLLOW
))
705 flags
|= LOOKUP_FOLLOW
;
706 if (mask
& IN_ONLYDIR
)
707 flags
|= LOOKUP_DIRECTORY
;
709 ret
= inotify_find_inode(pathname
, &path
, flags
);
713 /* inode held in place by reference to path; group by fget on fd */
714 inode
= path
.dentry
->d_inode
;
715 group
= f
.file
->private_data
;
717 /* create/update an inode mark */
718 ret
= inotify_update_watch(group
, inode
, mask
);
725 SYSCALL_DEFINE2(inotify_rm_watch
, int, fd
, __s32
, wd
)
727 struct fsnotify_group
*group
;
728 struct inotify_inode_mark
*i_mark
;
733 if (unlikely(!f
.file
))
736 /* verify that this is indeed an inotify instance */
738 if (unlikely(f
.file
->f_op
!= &inotify_fops
))
741 group
= f
.file
->private_data
;
744 i_mark
= inotify_idr_find(group
, wd
);
745 if (unlikely(!i_mark
))
750 fsnotify_destroy_mark(&i_mark
->fsn_mark
, group
);
752 /* match ref taken by inotify_idr_find */
753 fsnotify_put_mark(&i_mark
->fsn_mark
);
761 * inotify_user_setup - Our initialization function. Note that we cannot return
762 * error because we have compiled-in VFS hooks. So an (unlikely) failure here
763 * must result in panic().
765 static int __init
inotify_user_setup(void)
767 BUILD_BUG_ON(IN_ACCESS
!= FS_ACCESS
);
768 BUILD_BUG_ON(IN_MODIFY
!= FS_MODIFY
);
769 BUILD_BUG_ON(IN_ATTRIB
!= FS_ATTRIB
);
770 BUILD_BUG_ON(IN_CLOSE_WRITE
!= FS_CLOSE_WRITE
);
771 BUILD_BUG_ON(IN_CLOSE_NOWRITE
!= FS_CLOSE_NOWRITE
);
772 BUILD_BUG_ON(IN_OPEN
!= FS_OPEN
);
773 BUILD_BUG_ON(IN_MOVED_FROM
!= FS_MOVED_FROM
);
774 BUILD_BUG_ON(IN_MOVED_TO
!= FS_MOVED_TO
);
775 BUILD_BUG_ON(IN_CREATE
!= FS_CREATE
);
776 BUILD_BUG_ON(IN_DELETE
!= FS_DELETE
);
777 BUILD_BUG_ON(IN_DELETE_SELF
!= FS_DELETE_SELF
);
778 BUILD_BUG_ON(IN_MOVE_SELF
!= FS_MOVE_SELF
);
779 BUILD_BUG_ON(IN_UNMOUNT
!= FS_UNMOUNT
);
780 BUILD_BUG_ON(IN_Q_OVERFLOW
!= FS_Q_OVERFLOW
);
781 BUILD_BUG_ON(IN_IGNORED
!= FS_IN_IGNORED
);
782 BUILD_BUG_ON(IN_EXCL_UNLINK
!= FS_EXCL_UNLINK
);
783 BUILD_BUG_ON(IN_ISDIR
!= FS_ISDIR
);
784 BUILD_BUG_ON(IN_ONESHOT
!= FS_IN_ONESHOT
);
786 BUG_ON(hweight32(ALL_INOTIFY_BITS
) != 21);
788 inotify_inode_mark_cachep
= KMEM_CACHE(inotify_inode_mark
, SLAB_PANIC
);
790 inotify_max_queued_events
= 16384;
791 init_user_ns
.ucount_max
[UCOUNT_INOTIFY_INSTANCES
] = 128;
792 init_user_ns
.ucount_max
[UCOUNT_INOTIFY_WATCHES
] = 8192;
796 fs_initcall(inotify_user_setup
);