Driver core: fix race in sysfs between sysfs_remove_file() and read()/write()
This patch prevents a race between IO and removing a file from sysfs. It introduces a list of sysfs_buffers associated with a file at the inode. Upon removal of a file the list is walked and the buffers marked orphaned. IO to orphaned buffers fails with -ENODEV. The driver can safely free associated data structures or be unloaded. Signed-off-by: Oliver Neukum <oliver@neukum.name> Acked-by: Maneesh Soni <maneesh@in.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
cb986b749c
commit
94bebf4d1b
@ -16,6 +16,7 @@
|
||||
#include <linux/slab.h>
|
||||
|
||||
#include <asm/uaccess.h>
|
||||
#include <asm/semaphore.h>
|
||||
|
||||
#include "sysfs.h"
|
||||
|
||||
|
@ -9,6 +9,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/kobject.h>
|
||||
#include <linux/namei.h>
|
||||
#include <asm/semaphore.h>
|
||||
#include "sysfs.h"
|
||||
|
||||
DECLARE_RWSEM(sysfs_rename_sem);
|
||||
|
@ -7,6 +7,7 @@
|
||||
#include <linux/kobject.h>
|
||||
#include <linux/namei.h>
|
||||
#include <linux/poll.h>
|
||||
#include <linux/list.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include <asm/semaphore.h>
|
||||
|
||||
@ -50,17 +51,29 @@ static struct sysfs_ops subsys_sysfs_ops = {
|
||||
.store = subsys_attr_store,
|
||||
};
|
||||
|
||||
/**
|
||||
* add_to_collection - add buffer to a collection
|
||||
* @buffer: buffer to be added
|
||||
* @node inode of set to add to
|
||||
*/
|
||||
|
||||
struct sysfs_buffer {
|
||||
size_t count;
|
||||
loff_t pos;
|
||||
char * page;
|
||||
struct sysfs_ops * ops;
|
||||
struct semaphore sem;
|
||||
int needs_read_fill;
|
||||
int event;
|
||||
};
|
||||
static inline void
|
||||
add_to_collection(struct sysfs_buffer *buffer, struct inode *node)
|
||||
{
|
||||
struct sysfs_buffer_collection *set = node->i_private;
|
||||
|
||||
mutex_lock(&node->i_mutex);
|
||||
list_add(&buffer->associates, &set->associates);
|
||||
mutex_unlock(&node->i_mutex);
|
||||
}
|
||||
|
||||
static inline void
|
||||
remove_from_collection(struct sysfs_buffer *buffer, struct inode *node)
|
||||
{
|
||||
mutex_lock(&node->i_mutex);
|
||||
list_del(&buffer->associates);
|
||||
mutex_unlock(&node->i_mutex);
|
||||
}
|
||||
|
||||
/**
|
||||
* fill_read_buffer - allocate and fill buffer from object.
|
||||
@ -153,6 +166,10 @@ sysfs_read_file(struct file *file, char __user *buf, size_t count, loff_t *ppos)
|
||||
ssize_t retval = 0;
|
||||
|
||||
down(&buffer->sem);
|
||||
if (buffer->orphaned) {
|
||||
retval = -ENODEV;
|
||||
goto out;
|
||||
}
|
||||
if (buffer->needs_read_fill) {
|
||||
if ((retval = fill_read_buffer(file->f_path.dentry,buffer)))
|
||||
goto out;
|
||||
@ -165,7 +182,6 @@ out:
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* fill_write_buffer - copy buffer from userspace.
|
||||
* @buffer: data buffer for file.
|
||||
@ -243,19 +259,25 @@ sysfs_write_file(struct file *file, const char __user *buf, size_t count, loff_t
|
||||
ssize_t len;
|
||||
|
||||
down(&buffer->sem);
|
||||
if (buffer->orphaned) {
|
||||
len = -ENODEV;
|
||||
goto out;
|
||||
}
|
||||
len = fill_write_buffer(buffer, buf, count);
|
||||
if (len > 0)
|
||||
len = flush_write_buffer(file->f_path.dentry, buffer, len);
|
||||
if (len > 0)
|
||||
*ppos += len;
|
||||
out:
|
||||
up(&buffer->sem);
|
||||
return len;
|
||||
}
|
||||
|
||||
static int check_perm(struct inode * inode, struct file * file)
|
||||
static int sysfs_open_file(struct inode *inode, struct file *file)
|
||||
{
|
||||
struct kobject *kobj = sysfs_get_kobject(file->f_path.dentry->d_parent);
|
||||
struct attribute * attr = to_attr(file->f_path.dentry);
|
||||
struct sysfs_buffer_collection *set;
|
||||
struct sysfs_buffer * buffer;
|
||||
struct sysfs_ops * ops = NULL;
|
||||
int error = 0;
|
||||
@ -285,6 +307,18 @@ static int check_perm(struct inode * inode, struct file * file)
|
||||
if (!ops)
|
||||
goto Eaccess;
|
||||
|
||||
/* make sure we have a collection to add our buffers to */
|
||||
mutex_lock(&inode->i_mutex);
|
||||
if (!(set = inode->i_private)) {
|
||||
if (!(set = inode->i_private = kmalloc(sizeof(struct sysfs_buffer_collection), GFP_KERNEL))) {
|
||||
error = -ENOMEM;
|
||||
goto Done;
|
||||
} else {
|
||||
INIT_LIST_HEAD(&set->associates);
|
||||
}
|
||||
}
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
|
||||
/* File needs write support.
|
||||
* The inode's perms must say it's ok,
|
||||
* and we must have a store method.
|
||||
@ -310,9 +344,11 @@ static int check_perm(struct inode * inode, struct file * file)
|
||||
*/
|
||||
buffer = kzalloc(sizeof(struct sysfs_buffer), GFP_KERNEL);
|
||||
if (buffer) {
|
||||
INIT_LIST_HEAD(&buffer->associates);
|
||||
init_MUTEX(&buffer->sem);
|
||||
buffer->needs_read_fill = 1;
|
||||
buffer->ops = ops;
|
||||
add_to_collection(buffer, inode);
|
||||
file->private_data = buffer;
|
||||
} else
|
||||
error = -ENOMEM;
|
||||
@ -330,11 +366,6 @@ static int check_perm(struct inode * inode, struct file * file)
|
||||
return error;
|
||||
}
|
||||
|
||||
static int sysfs_open_file(struct inode * inode, struct file * filp)
|
||||
{
|
||||
return check_perm(inode,filp);
|
||||
}
|
||||
|
||||
static int sysfs_release(struct inode * inode, struct file * filp)
|
||||
{
|
||||
struct kobject * kobj = to_kobj(filp->f_path.dentry->d_parent);
|
||||
@ -342,6 +373,8 @@ static int sysfs_release(struct inode * inode, struct file * filp)
|
||||
struct module * owner = attr->owner;
|
||||
struct sysfs_buffer * buffer = filp->private_data;
|
||||
|
||||
if (buffer)
|
||||
remove_from_collection(buffer, inode);
|
||||
if (kobj)
|
||||
kobject_put(kobj);
|
||||
/* After this point, attr should not be accessed. */
|
||||
@ -548,7 +581,7 @@ EXPORT_SYMBOL_GPL(sysfs_chmod_file);
|
||||
|
||||
void sysfs_remove_file(struct kobject * kobj, const struct attribute * attr)
|
||||
{
|
||||
sysfs_hash_and_remove(kobj->dentry,attr->name);
|
||||
sysfs_hash_and_remove(kobj->dentry, attr->name);
|
||||
}
|
||||
|
||||
|
||||
|
@ -13,6 +13,7 @@
|
||||
#include <linux/dcache.h>
|
||||
#include <linux/namei.h>
|
||||
#include <linux/err.h>
|
||||
#include <asm/semaphore.h>
|
||||
#include "sysfs.h"
|
||||
|
||||
|
||||
|
@ -13,6 +13,7 @@
|
||||
#include <linux/backing-dev.h>
|
||||
#include <linux/capability.h>
|
||||
#include <linux/errno.h>
|
||||
#include <asm/semaphore.h>
|
||||
#include "sysfs.h"
|
||||
|
||||
extern struct super_block * sysfs_sb;
|
||||
@ -209,6 +210,22 @@ const unsigned char * sysfs_get_name(struct sysfs_dirent *sd)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline void orphan_all_buffers(struct inode *node)
|
||||
{
|
||||
struct sysfs_buffer_collection *set = node->i_private;
|
||||
struct sysfs_buffer *buf;
|
||||
|
||||
mutex_lock(&node->i_mutex);
|
||||
if (node->i_private) {
|
||||
list_for_each_entry(buf, &set->associates, associates) {
|
||||
down(&buf->sem);
|
||||
buf->orphaned = 1;
|
||||
up(&buf->sem);
|
||||
}
|
||||
}
|
||||
mutex_unlock(&node->i_mutex);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Unhashes the dentry corresponding to given sysfs_dirent
|
||||
@ -217,16 +234,23 @@ const unsigned char * sysfs_get_name(struct sysfs_dirent *sd)
|
||||
void sysfs_drop_dentry(struct sysfs_dirent * sd, struct dentry * parent)
|
||||
{
|
||||
struct dentry * dentry = sd->s_dentry;
|
||||
struct inode *inode;
|
||||
|
||||
if (dentry) {
|
||||
spin_lock(&dcache_lock);
|
||||
spin_lock(&dentry->d_lock);
|
||||
if (!(d_unhashed(dentry) && dentry->d_inode)) {
|
||||
inode = dentry->d_inode;
|
||||
spin_lock(&inode->i_lock);
|
||||
__iget(inode);
|
||||
spin_unlock(&inode->i_lock);
|
||||
dget_locked(dentry);
|
||||
__d_drop(dentry);
|
||||
spin_unlock(&dentry->d_lock);
|
||||
spin_unlock(&dcache_lock);
|
||||
simple_unlink(parent->d_inode, dentry);
|
||||
orphan_all_buffers(inode);
|
||||
iput(inode);
|
||||
} else {
|
||||
spin_unlock(&dentry->d_lock);
|
||||
spin_unlock(&dcache_lock);
|
||||
|
@ -8,6 +8,7 @@
|
||||
#include <linux/mount.h>
|
||||
#include <linux/pagemap.h>
|
||||
#include <linux/init.h>
|
||||
#include <asm/semaphore.h>
|
||||
|
||||
#include "sysfs.h"
|
||||
|
||||
@ -18,9 +19,12 @@ struct vfsmount *sysfs_mount;
|
||||
struct super_block * sysfs_sb = NULL;
|
||||
struct kmem_cache *sysfs_dir_cachep;
|
||||
|
||||
static void sysfs_clear_inode(struct inode *inode);
|
||||
|
||||
static struct super_operations sysfs_ops = {
|
||||
.statfs = simple_statfs,
|
||||
.drop_inode = generic_delete_inode,
|
||||
.clear_inode = sysfs_clear_inode,
|
||||
};
|
||||
|
||||
static struct sysfs_dirent sysfs_root = {
|
||||
@ -31,6 +35,11 @@ static struct sysfs_dirent sysfs_root = {
|
||||
.s_iattr = NULL,
|
||||
};
|
||||
|
||||
static void sysfs_clear_inode(struct inode *inode)
|
||||
{
|
||||
kfree(inode->i_private);
|
||||
}
|
||||
|
||||
static int sysfs_fill_super(struct super_block *sb, void *data, int silent)
|
||||
{
|
||||
struct inode *inode;
|
||||
|
@ -7,6 +7,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/kobject.h>
|
||||
#include <linux/namei.h>
|
||||
#include <asm/semaphore.h>
|
||||
|
||||
#include "sysfs.h"
|
||||
|
||||
|
@ -33,6 +33,22 @@ struct sysfs_symlink {
|
||||
struct kobject * target_kobj;
|
||||
};
|
||||
|
||||
struct sysfs_buffer {
|
||||
struct list_head associates;
|
||||
size_t count;
|
||||
loff_t pos;
|
||||
char * page;
|
||||
struct sysfs_ops * ops;
|
||||
struct semaphore sem;
|
||||
int orphaned;
|
||||
int needs_read_fill;
|
||||
int event;
|
||||
};
|
||||
|
||||
struct sysfs_buffer_collection {
|
||||
struct list_head associates;
|
||||
};
|
||||
|
||||
static inline struct kobject * to_kobj(struct dentry * dentry)
|
||||
{
|
||||
struct sysfs_dirent * sd = dentry->d_fsdata;
|
||||
|
Loading…
x
Reference in New Issue
Block a user