| blob | 39ddcaf0918f145fb3f2cb916d27aa1b866a220e |
1 /*
2 * Copyright (C) 2008 Red Hat, Inc., Eric Paris <eparis@redhat.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2, or (at your option)
7 * any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; see the file COPYING. If not, write to
16 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
17 */
19 /*
20 * fsnotify inode mark locking/lifetime/and refcnting
21 *
22 * REFCNT:
23 * The group->recnt and mark->refcnt tell how many "things" in the kernel
24 * currently are referencing the objects. Both kind of objects typically will
25 * live inside the kernel with a refcnt of 2, one for its creation and one for
26 * the reference a group and a mark hold to each other.
27 * If you are holding the appropriate locks, you can take a reference and the
28 * object itself is guaranteed to survive until the reference is dropped.
29 *
30 * LOCKING:
31 * There are 3 locks involved with fsnotify inode marks and they MUST be taken
32 * in order as follows:
33 *
34 * group->mark_mutex
35 * mark->lock
36 * inode->i_lock
37 *
38 * group->mark_mutex protects the marks_list anchored inside a given group and
39 * each mark is hooked via the g_list. It also protects the groups private
40 * data (i.e group limits).
42 * mark->lock protects the marks attributes like its masks and flags.
43 * Furthermore it protects the access to a reference of the group that the mark
44 * is assigned to as well as the access to a reference of the inode/vfsmount
45 * that is being watched by the mark.
46 *
47 * inode->i_lock protects the i_fsnotify_marks list anchored inside a
48 * given inode and each mark is hooked via the i_list. (and sorta the
49 * free_i_list)
50 *
51 *
52 * LIFETIME:
53 * Inode marks survive between when they are added to an inode and when their
54 * refcnt==0.
55 *
56 * The inode mark can be cleared for a number of different reasons including:
57 * - The inode is unlinked for the last time. (fsnotify_inode_remove)
58 * - The inode is being evicted from cache. (fsnotify_inode_delete)
59 * - The fs the inode is on is unmounted. (fsnotify_inode_delete/fsnotify_unmount_inodes)
60 * - Something explicitly requests that it be removed. (fsnotify_destroy_mark)
61 * - The fsnotify_group associated with the mark is going away and all such marks
62 * need to be cleaned up. (fsnotify_clear_marks_by_group)
63 *
64 * Worst case we are given an inode and need to clean up all the marks on that
65 * inode. We take i_lock and walk the i_fsnotify_marks safely. For each
66 * mark on the list we take a reference (so the mark can't disappear under us).
67 * We remove that mark form the inode's list of marks and we add this mark to a
68 * private list anchored on the stack using i_free_list; we walk i_free_list
69 * and before we destroy the mark we make sure that we dont race with a
70 * concurrent destroy_group by getting a ref to the marks group and taking the
71 * groups mutex.
73 * Very similarly for freeing by group, except we use free_g_list.
74 *
75 * This has the very interesting property of being able to run concurrently with
76 * any (or all) other directions.
77 */
79 #include <linux/fs.h>
80 #include <linux/init.h>
81 #include <linux/kernel.h>
82 #include <linux/kthread.h>
83 #include <linux/module.h>
84 #include <linux/mutex.h>
85 #include <linux/slab.h>
86 #include <linux/spinlock.h>
87 #include <linux/srcu.h>
89 #include <linux/atomic.h>
91 #include <linux/fsnotify_backend.h>
100 {
102 }
105 {
110 }
111 }
113 /* Calculate mask of events for a list of marks */
115 {
122 }
124 /*
125 * Any time a mark is getting freed we end up here.
126 * The caller had better be holding a reference to this mark so we don't actually
127 * do the final put under the mark->lock
128 */
131 {
138 /* something else already called this function on this mark */
142 }
151 else
160 /* release lock temporarily */
167 /*
168 * We don't necessarily have a ref on mark from caller so the above destroy
169 * may have actually freed it, unless this group provides a 'freeing_mark'
170 * function which must be holding a reference.
171 */
173 /*
174 * Some groups like to know that marks are being freed. This is a
175 * callback to the group function to let it know that this mark
176 * is being freed.
177 */
181 /*
182 * __fsnotify_update_child_dentry_flags(inode);
183 *
184 * I really want to call that, but we can't, we have no idea if the inode
185 * still exists the second we drop the mark->lock.
186 *
187 * The next time an event arrive to this inode from one of it's children
188 * __fsnotify_parent will see that the inode doesn't care about it's
189 * children and will update all of these flags then. So really this
190 * is just a lazy update (and could be a perf win...)
191 */
196 }
200 {
204 }
206 /*
207 * Destroy all marks in the given list. The marks must be already detached from
208 * the original inode / vfsmount.
209 */
211 {
224 }
225 }
228 {
235 }
238 {
242 }
244 /*
245 * Sorting function for lists of fsnotify marks.
246 *
247 * Fanotify supports different notification classes (reflected as priority of
248 * notification group). Events shall be passed to notification groups in
249 * decreasing priority order. To achieve this marks in notification lists for
250 * inodes and vfsmounts are sorted so that priorities of corresponding groups
251 * are descending.
252 *
253 * Furthermore correct handling of the ignore mask requires processing inode
254 * and vfsmount marks of each group together. Using the group address as
255 * further sort criterion provides a unique sorting order and thus we can
256 * merge inode and vfsmount lists of marks in linear time and find groups
257 * present in both lists.
258 *
259 * A return value of 1 signifies that b has priority over a.
260 * A return value of 0 signifies that the two marks have to be handled together.
261 * A return value of -1 signifies that a has priority over b.
262 */
264 {
278 }
280 /* Add mark into proper place in given list of marks */
283 {
287 /* is mark the first mark? */
291 }
293 /* should mark be in the middle of the current list? */
304 }
305 }
308 /* mark should be the last entry. last is the current last entry */
311 }
313 /*
314 * Attach an initialized mark to a given group and fs object.
315 * These marks may be used for the fsnotify backend to determine which
316 * event types should be delivered to which group.
317 */
321 {
328 /*
329 * LOCKING ORDER!!!!
330 * group->mark_mutex
331 * mark->lock
332 * inode->i_lock
333 */
353 }
355 /* this will pin the object if appropriate */
363 err:
378 }
382 {
388 }
390 /*
391 * Given a list of marks, find the mark associated with given group. If found
392 * take a reference to that mark and return it, else return NULL.
393 */
396 {
403 }
404 }
406 }
408 /*
409 * clear any marks in a group in which mark->flags & flags is true
410 */
413 {
417 /*
418 * We have to be really careful here. Anytime we drop mark_mutex, e.g.
419 * fsnotify_clear_marks_by_inode() can come and free marks. Even in our
420 * to_free list so we have to use mark_mutex even when accessing that
421 * list. And freeing mark requires us to drop mark_mutex. So we can
422 * reliably free only the first mark in the list. That's why we first
423 * move marks to free to to_free list in one go and then free marks in
424 * to_free list one by one.
425 */
430 }
438 }
444 }
445 }
447 /*
448 * Given a group, destroy all of the marks associated with that group.
449 */
451 {
453 }
456 {
465 }
467 /*
468 * Nothing fancy, just initialize lists and locks and counters.
469 */
472 {
477 }
480 {
486 /* exchange the list head */
495 }
498 }
501 }
504 {
513 }