2 * Copyright (C) 2008 Red Hat, Inc., Eric Paris <eparis@redhat.com>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2, or (at your option)
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; see the file COPYING. If not, write to
16 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
20 * fsnotify inode mark locking/lifetime/and refcnting
23 * The group->recnt and mark->refcnt tell how many "things" in the kernel
24 * currently are referencing the objects. Both kind of objects typically will
25 * live inside the kernel with a refcnt of 2, one for its creation and one for
26 * the reference a group and a mark hold to each other.
27 * If you are holding the appropriate locks, you can take a reference and the
28 * object itself is guaranteed to survive until the reference is dropped.
31 * There are 3 locks involved with fsnotify inode marks and they MUST be taken
32 * in order as follows:
38 * group->mark_mutex protects the marks_list anchored inside a given group and
39 * each mark is hooked via the g_list. It also protects the groups private
40 * data (i.e group limits).
42 * mark->lock protects the marks attributes like its masks and flags.
43 * Furthermore it protects the access to a reference of the group that the mark
44 * is assigned to as well as the access to a reference of the inode/vfsmount
45 * that is being watched by the mark.
47 * inode->i_lock protects the i_fsnotify_marks list anchored inside a
48 * given inode and each mark is hooked via the i_list. (and sorta the
53 * Inode marks survive between when they are added to an inode and when their
56 * The inode mark can be cleared for a number of different reasons including:
57 * - The inode is unlinked for the last time. (fsnotify_inode_remove)
58 * - The inode is being evicted from cache. (fsnotify_inode_delete)
59 * - The fs the inode is on is unmounted. (fsnotify_inode_delete/fsnotify_unmount_inodes)
60 * - Something explicitly requests that it be removed. (fsnotify_destroy_mark)
61 * - The fsnotify_group associated with the mark is going away and all such marks
62 * need to be cleaned up. (fsnotify_clear_marks_by_group)
64 * Worst case we are given an inode and need to clean up all the marks on that
65 * inode. We take i_lock and walk the i_fsnotify_marks safely. For each
66 * mark on the list we take a reference (so the mark can't disappear under us).
67 * We remove that mark form the inode's list of marks and we add this mark to a
68 * private list anchored on the stack using i_free_list; we walk i_free_list
69 * and before we destroy the mark we make sure that we dont race with a
70 * concurrent destroy_group by getting a ref to the marks group and taking the
73 * Very similarly for freeing by group, except we use free_g_list.
75 * This has the very interesting property of being able to run concurrently with
76 * any (or all) other directions.
80 #include <linux/init.h>
81 #include <linux/kernel.h>
82 #include <linux/kthread.h>
83 #include <linux/module.h>
84 #include <linux/mutex.h>
85 #include <linux/slab.h>
86 #include <linux/spinlock.h>
87 #include <linux/srcu.h>
89 #include <linux/atomic.h>
91 #include <linux/fsnotify_backend.h>
94 #define FSNOTIFY_REAPER_DELAY (1) /* 1 jiffy */
96 struct srcu_struct fsnotify_mark_srcu
;
97 static DEFINE_SPINLOCK(destroy_lock
);
98 static LIST_HEAD(destroy_list
);
100 static void fsnotify_mark_destroy_workfn(struct work_struct
*work
);
101 static DECLARE_DELAYED_WORK(reaper_work
, fsnotify_mark_destroy_workfn
);
103 void fsnotify_get_mark(struct fsnotify_mark
*mark
)
105 atomic_inc(&mark
->refcnt
);
108 void fsnotify_put_mark(struct fsnotify_mark
*mark
)
110 if (atomic_dec_and_test(&mark
->refcnt
)) {
112 fsnotify_put_group(mark
->group
);
113 mark
->free_mark(mark
);
117 /* Calculate mask of events for a list of marks */
118 u32
fsnotify_recalc_mask(struct hlist_head
*head
)
121 struct fsnotify_mark
*mark
;
123 hlist_for_each_entry(mark
, head
, obj_list
)
124 new_mask
|= mark
->mask
;
129 * Remove mark from inode / vfsmount list, group list, drop inode reference
132 * Must be called with group->mark_mutex held.
134 void fsnotify_detach_mark(struct fsnotify_mark
*mark
)
136 struct inode
*inode
= NULL
;
137 struct fsnotify_group
*group
= mark
->group
;
139 BUG_ON(!mutex_is_locked(&group
->mark_mutex
));
141 spin_lock(&mark
->lock
);
143 /* something else already called this function on this mark */
144 if (!(mark
->flags
& FSNOTIFY_MARK_FLAG_ATTACHED
)) {
145 spin_unlock(&mark
->lock
);
149 mark
->flags
&= ~FSNOTIFY_MARK_FLAG_ATTACHED
;
151 if (mark
->flags
& FSNOTIFY_MARK_FLAG_INODE
) {
153 fsnotify_destroy_inode_mark(mark
);
154 } else if (mark
->flags
& FSNOTIFY_MARK_FLAG_VFSMOUNT
)
155 fsnotify_destroy_vfsmount_mark(mark
);
159 * Note that we didn't update flags telling whether inode cares about
160 * what's happening with children. We update these flags from
161 * __fsnotify_parent() lazily when next event happens on one of our
165 list_del_init(&mark
->g_list
);
167 spin_unlock(&mark
->lock
);
169 if (inode
&& (mark
->flags
& FSNOTIFY_MARK_FLAG_OBJECT_PINNED
))
172 atomic_dec(&group
->num_marks
);
176 * Prepare mark for freeing and add it to the list of marks prepared for
177 * freeing. The actual freeing must happen after SRCU period ends and the
178 * caller is responsible for this.
180 * The function returns true if the mark was added to the list of marks for
181 * freeing. The function returns false if someone else has already called
182 * __fsnotify_free_mark() for the mark.
184 static bool __fsnotify_free_mark(struct fsnotify_mark
*mark
)
186 struct fsnotify_group
*group
= mark
->group
;
188 spin_lock(&mark
->lock
);
189 /* something else already called this function on this mark */
190 if (!(mark
->flags
& FSNOTIFY_MARK_FLAG_ALIVE
)) {
191 spin_unlock(&mark
->lock
);
194 mark
->flags
&= ~FSNOTIFY_MARK_FLAG_ALIVE
;
195 spin_unlock(&mark
->lock
);
198 * Some groups like to know that marks are being freed. This is a
199 * callback to the group function to let it know that this mark
202 if (group
->ops
->freeing_mark
)
203 group
->ops
->freeing_mark(mark
, group
);
205 spin_lock(&destroy_lock
);
206 list_add(&mark
->g_list
, &destroy_list
);
207 spin_unlock(&destroy_lock
);
213 * Free fsnotify mark. The freeing is actually happening from a workqueue which
214 * first waits for srcu period end. Caller must have a reference to the mark
215 * or be protected by fsnotify_mark_srcu.
217 void fsnotify_free_mark(struct fsnotify_mark
*mark
)
219 if (__fsnotify_free_mark(mark
)) {
220 queue_delayed_work(system_unbound_wq
, &reaper_work
,
221 FSNOTIFY_REAPER_DELAY
);
225 void fsnotify_destroy_mark(struct fsnotify_mark
*mark
,
226 struct fsnotify_group
*group
)
228 mutex_lock_nested(&group
->mark_mutex
, SINGLE_DEPTH_NESTING
);
229 fsnotify_detach_mark(mark
);
230 mutex_unlock(&group
->mark_mutex
);
231 fsnotify_free_mark(mark
);
234 void fsnotify_destroy_marks(struct hlist_head
*head
, spinlock_t
*lock
)
236 struct fsnotify_mark
*mark
;
240 * We have to be careful since we can race with e.g.
241 * fsnotify_clear_marks_by_group() and once we drop 'lock',
242 * mark can get removed from the obj_list and destroyed. But
243 * we are holding mark reference so mark cannot be freed and
244 * calling fsnotify_destroy_mark() more than once is fine.
247 if (hlist_empty(head
)) {
251 mark
= hlist_entry(head
->first
, struct fsnotify_mark
, obj_list
);
253 * We don't update i_fsnotify_mask / mnt_fsnotify_mask here
254 * since inode / mount is going away anyway. So just remove
255 * mark from the list.
257 hlist_del_init_rcu(&mark
->obj_list
);
258 fsnotify_get_mark(mark
);
260 fsnotify_destroy_mark(mark
, mark
->group
);
261 fsnotify_put_mark(mark
);
265 void fsnotify_set_mark_mask_locked(struct fsnotify_mark
*mark
, __u32 mask
)
267 assert_spin_locked(&mark
->lock
);
271 if (mark
->flags
& FSNOTIFY_MARK_FLAG_INODE
)
272 fsnotify_set_inode_mark_mask_locked(mark
, mask
);
275 void fsnotify_set_mark_ignored_mask_locked(struct fsnotify_mark
*mark
, __u32 mask
)
277 assert_spin_locked(&mark
->lock
);
279 mark
->ignored_mask
= mask
;
283 * Sorting function for lists of fsnotify marks.
285 * Fanotify supports different notification classes (reflected as priority of
286 * notification group). Events shall be passed to notification groups in
287 * decreasing priority order. To achieve this marks in notification lists for
288 * inodes and vfsmounts are sorted so that priorities of corresponding groups
291 * Furthermore correct handling of the ignore mask requires processing inode
292 * and vfsmount marks of each group together. Using the group address as
293 * further sort criterion provides a unique sorting order and thus we can
294 * merge inode and vfsmount lists of marks in linear time and find groups
295 * present in both lists.
297 * A return value of 1 signifies that b has priority over a.
298 * A return value of 0 signifies that the two marks have to be handled together.
299 * A return value of -1 signifies that a has priority over b.
301 int fsnotify_compare_groups(struct fsnotify_group
*a
, struct fsnotify_group
*b
)
309 if (a
->priority
< b
->priority
)
311 if (a
->priority
> b
->priority
)
318 /* Add mark into proper place in given list of marks */
319 int fsnotify_add_mark_list(struct hlist_head
*head
, struct fsnotify_mark
*mark
,
322 struct fsnotify_mark
*lmark
, *last
= NULL
;
325 /* is mark the first mark? */
326 if (hlist_empty(head
)) {
327 hlist_add_head_rcu(&mark
->obj_list
, head
);
331 /* should mark be in the middle of the current list? */
332 hlist_for_each_entry(lmark
, head
, obj_list
) {
335 if ((lmark
->group
== mark
->group
) && !allow_dups
)
338 cmp
= fsnotify_compare_groups(lmark
->group
, mark
->group
);
340 hlist_add_before_rcu(&mark
->obj_list
, &lmark
->obj_list
);
345 BUG_ON(last
== NULL
);
346 /* mark should be the last entry. last is the current last entry */
347 hlist_add_behind_rcu(&mark
->obj_list
, &last
->obj_list
);
352 * Attach an initialized mark to a given group and fs object.
353 * These marks may be used for the fsnotify backend to determine which
354 * event types should be delivered to which group.
356 int fsnotify_add_mark_locked(struct fsnotify_mark
*mark
,
357 struct fsnotify_group
*group
, struct inode
*inode
,
358 struct vfsmount
*mnt
, int allow_dups
)
362 BUG_ON(inode
&& mnt
);
363 BUG_ON(!inode
&& !mnt
);
364 BUG_ON(!mutex_is_locked(&group
->mark_mutex
));
372 spin_lock(&mark
->lock
);
373 mark
->flags
|= FSNOTIFY_MARK_FLAG_ALIVE
| FSNOTIFY_MARK_FLAG_ATTACHED
;
375 fsnotify_get_group(group
);
377 list_add(&mark
->g_list
, &group
->marks_list
);
378 atomic_inc(&group
->num_marks
);
379 fsnotify_get_mark(mark
); /* for i_list and g_list */
382 ret
= fsnotify_add_inode_mark(mark
, group
, inode
, allow_dups
);
386 ret
= fsnotify_add_vfsmount_mark(mark
, group
, mnt
, allow_dups
);
393 /* this will pin the object if appropriate */
394 fsnotify_set_mark_mask_locked(mark
, mark
->mask
);
395 spin_unlock(&mark
->lock
);
398 __fsnotify_update_child_dentry_flags(inode
);
402 mark
->flags
&= ~FSNOTIFY_MARK_FLAG_ALIVE
;
403 list_del_init(&mark
->g_list
);
404 fsnotify_put_group(group
);
406 atomic_dec(&group
->num_marks
);
408 spin_unlock(&mark
->lock
);
410 spin_lock(&destroy_lock
);
411 list_add(&mark
->g_list
, &destroy_list
);
412 spin_unlock(&destroy_lock
);
413 queue_delayed_work(system_unbound_wq
, &reaper_work
,
414 FSNOTIFY_REAPER_DELAY
);
419 int fsnotify_add_mark(struct fsnotify_mark
*mark
, struct fsnotify_group
*group
,
420 struct inode
*inode
, struct vfsmount
*mnt
, int allow_dups
)
423 mutex_lock(&group
->mark_mutex
);
424 ret
= fsnotify_add_mark_locked(mark
, group
, inode
, mnt
, allow_dups
);
425 mutex_unlock(&group
->mark_mutex
);
430 * Given a list of marks, find the mark associated with given group. If found
431 * take a reference to that mark and return it, else return NULL.
433 struct fsnotify_mark
*fsnotify_find_mark(struct hlist_head
*head
,
434 struct fsnotify_group
*group
)
436 struct fsnotify_mark
*mark
;
438 hlist_for_each_entry(mark
, head
, obj_list
) {
439 if (mark
->group
== group
) {
440 fsnotify_get_mark(mark
);
448 * clear any marks in a group in which mark->flags & flags is true
450 void fsnotify_clear_marks_by_group_flags(struct fsnotify_group
*group
,
453 struct fsnotify_mark
*lmark
, *mark
;
457 * We have to be really careful here. Anytime we drop mark_mutex, e.g.
458 * fsnotify_clear_marks_by_inode() can come and free marks. Even in our
459 * to_free list so we have to use mark_mutex even when accessing that
460 * list. And freeing mark requires us to drop mark_mutex. So we can
461 * reliably free only the first mark in the list. That's why we first
462 * move marks to free to to_free list in one go and then free marks in
463 * to_free list one by one.
465 mutex_lock_nested(&group
->mark_mutex
, SINGLE_DEPTH_NESTING
);
466 list_for_each_entry_safe(mark
, lmark
, &group
->marks_list
, g_list
) {
467 if (mark
->flags
& flags
)
468 list_move(&mark
->g_list
, &to_free
);
470 mutex_unlock(&group
->mark_mutex
);
473 mutex_lock_nested(&group
->mark_mutex
, SINGLE_DEPTH_NESTING
);
474 if (list_empty(&to_free
)) {
475 mutex_unlock(&group
->mark_mutex
);
478 mark
= list_first_entry(&to_free
, struct fsnotify_mark
, g_list
);
479 fsnotify_get_mark(mark
);
480 fsnotify_detach_mark(mark
);
481 mutex_unlock(&group
->mark_mutex
);
482 fsnotify_free_mark(mark
);
483 fsnotify_put_mark(mark
);
488 * Given a group, prepare for freeing all the marks associated with that group.
489 * The marks are attached to the list of marks prepared for destruction, the
490 * caller is responsible for freeing marks in that list after SRCU period has
493 void fsnotify_detach_group_marks(struct fsnotify_group
*group
)
495 struct fsnotify_mark
*mark
;
498 mutex_lock_nested(&group
->mark_mutex
, SINGLE_DEPTH_NESTING
);
499 if (list_empty(&group
->marks_list
)) {
500 mutex_unlock(&group
->mark_mutex
);
503 mark
= list_first_entry(&group
->marks_list
,
504 struct fsnotify_mark
, g_list
);
505 fsnotify_get_mark(mark
);
506 fsnotify_detach_mark(mark
);
507 mutex_unlock(&group
->mark_mutex
);
508 __fsnotify_free_mark(mark
);
509 fsnotify_put_mark(mark
);
514 * Nothing fancy, just initialize lists and locks and counters.
516 void fsnotify_init_mark(struct fsnotify_mark
*mark
,
517 void (*free_mark
)(struct fsnotify_mark
*mark
))
519 memset(mark
, 0, sizeof(*mark
));
520 spin_lock_init(&mark
->lock
);
521 atomic_set(&mark
->refcnt
, 1);
522 mark
->free_mark
= free_mark
;
526 * Destroy all marks in destroy_list, waits for SRCU period to finish before
527 * actually freeing marks.
529 void fsnotify_mark_destroy_list(void)
531 struct fsnotify_mark
*mark
, *next
;
532 struct list_head private_destroy_list
;
534 spin_lock(&destroy_lock
);
535 /* exchange the list head */
536 list_replace_init(&destroy_list
, &private_destroy_list
);
537 spin_unlock(&destroy_lock
);
539 synchronize_srcu(&fsnotify_mark_srcu
);
541 list_for_each_entry_safe(mark
, next
, &private_destroy_list
, g_list
) {
542 list_del_init(&mark
->g_list
);
543 fsnotify_put_mark(mark
);
547 static void fsnotify_mark_destroy_workfn(struct work_struct
*work
)
549 fsnotify_mark_destroy_list();