1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* -*- mode: c; c-basic-offset: 8; -*-
3  * vim: noexpandtab sw=8 ts=8 sts=0:
4  *
5  * dir.c - Operations for configfs directories.
6  *
7  * Based on sysfs:
8  * 	sysfs is Copyright (C) 2001, 2002, 2003 Patrick Mochel
9  *
10  * configfs Copyright (C) 2005 Oracle.  All rights reserved.
11  */
12 
13 #undef DEBUG
14 
15 #include <linux/fs.h>
16 #include <linux/fsnotify.h>
17 #include <linux/mount.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/err.h>
21 
22 #include <linux/configfs.h>
23 #include "configfs_internal.h"
24 
25 /*
26  * Protects mutations of configfs_dirent linkage together with proper i_mutex
27  * Also protects mutations of symlinks linkage to target configfs_dirent
28  * Mutators of configfs_dirent linkage must *both* have the proper inode locked
29  * and configfs_dirent_lock locked, in that order.
30  * This allows one to safely traverse configfs_dirent trees and symlinks without
31  * having to lock inodes.
32  *
33  * Protects setting of CONFIGFS_USET_DROPPING: checking the flag
34  * unlocked is not reliable unless in detach_groups() called from
35  * rmdir()/unregister() and from configfs_attach_group()
36  */
37 DEFINE_SPINLOCK(configfs_dirent_lock);
38 
configfs_d_iput(struct dentry * dentry,struct inode * inode)39 static void configfs_d_iput(struct dentry * dentry,
40 			    struct inode * inode)
41 {
42 	struct configfs_dirent *sd = dentry->d_fsdata;
43 
44 	if (sd) {
45 		/* Coordinate with configfs_readdir */
46 		spin_lock(&configfs_dirent_lock);
47 		/*
48 		 * Set sd->s_dentry to null only when this dentry is the one
49 		 * that is going to be killed.  Otherwise configfs_d_iput may
50 		 * run just after configfs_attach_attr and set sd->s_dentry to
51 		 * NULL even it's still in use.
52 		 */
53 		if (sd->s_dentry == dentry)
54 			sd->s_dentry = NULL;
55 
56 		spin_unlock(&configfs_dirent_lock);
57 		configfs_put(sd);
58 	}
59 	iput(inode);
60 }
61 
62 const struct dentry_operations configfs_dentry_ops = {
63 	.d_iput		= configfs_d_iput,
64 	.d_delete	= always_delete_dentry,
65 };
66 
67 #ifdef CONFIG_LOCKDEP
68 
69 /*
70  * Helpers to make lockdep happy with our recursive locking of default groups'
71  * inodes (see configfs_attach_group() and configfs_detach_group()).
72  * We put default groups i_mutexes in separate classes according to their depth
73  * from the youngest non-default group ancestor.
74  *
75  * For a non-default group A having default groups A/B, A/C, and A/C/D, default
76  * groups A/B and A/C will have their inode's mutex in class
77  * default_group_class[0], and default group A/C/D will be in
78  * default_group_class[1].
79  *
80  * The lock classes are declared and assigned in inode.c, according to the
81  * s_depth value.
82  * The s_depth value is initialized to -1, adjusted to >= 0 when attaching
83  * default groups, and reset to -1 when all default groups are attached. During
84  * attachment, if configfs_create() sees s_depth > 0, the lock class of the new
85  * inode's mutex is set to default_group_class[s_depth - 1].
86  */
87 
configfs_init_dirent_depth(struct configfs_dirent * sd)88 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
89 {
90 	sd->s_depth = -1;
91 }
92 
configfs_set_dir_dirent_depth(struct configfs_dirent * parent_sd,struct configfs_dirent * sd)93 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
94 					  struct configfs_dirent *sd)
95 {
96 	int parent_depth = parent_sd->s_depth;
97 
98 	if (parent_depth >= 0)
99 		sd->s_depth = parent_depth + 1;
100 }
101 
102 static void
configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent * sd)103 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
104 {
105 	/*
106 	 * item's i_mutex class is already setup, so s_depth is now only
107 	 * used to set new sub-directories s_depth, which is always done
108 	 * with item's i_mutex locked.
109 	 */
110 	/*
111 	 *  sd->s_depth == -1 iff we are a non default group.
112 	 *  else (we are a default group) sd->s_depth > 0 (see
113 	 *  create_dir()).
114 	 */
115 	if (sd->s_depth == -1)
116 		/*
117 		 * We are a non default group and we are going to create
118 		 * default groups.
119 		 */
120 		sd->s_depth = 0;
121 }
122 
123 static void
configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent * sd)124 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
125 {
126 	/* We will not create default groups anymore. */
127 	sd->s_depth = -1;
128 }
129 
130 #else /* CONFIG_LOCKDEP */
131 
configfs_init_dirent_depth(struct configfs_dirent * sd)132 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
133 {
134 }
135 
configfs_set_dir_dirent_depth(struct configfs_dirent * parent_sd,struct configfs_dirent * sd)136 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
137 					  struct configfs_dirent *sd)
138 {
139 }
140 
141 static void
configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent * sd)142 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
143 {
144 }
145 
146 static void
configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent * sd)147 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
148 {
149 }
150 
151 #endif /* CONFIG_LOCKDEP */
152 
new_fragment(void)153 static struct configfs_fragment *new_fragment(void)
154 {
155 	struct configfs_fragment *p;
156 
157 	p = kmalloc(sizeof(struct configfs_fragment), GFP_KERNEL);
158 	if (p) {
159 		atomic_set(&p->frag_count, 1);
160 		init_rwsem(&p->frag_sem);
161 		p->frag_dead = false;
162 	}
163 	return p;
164 }
165 
put_fragment(struct configfs_fragment * frag)166 void put_fragment(struct configfs_fragment *frag)
167 {
168 	if (frag && atomic_dec_and_test(&frag->frag_count))
169 		kfree(frag);
170 }
171 
get_fragment(struct configfs_fragment * frag)172 struct configfs_fragment *get_fragment(struct configfs_fragment *frag)
173 {
174 	if (likely(frag))
175 		atomic_inc(&frag->frag_count);
176 	return frag;
177 }
178 
179 /*
180  * Allocates a new configfs_dirent and links it to the parent configfs_dirent
181  */
configfs_new_dirent(struct configfs_dirent * parent_sd,void * element,int type,struct configfs_fragment * frag)182 static struct configfs_dirent *configfs_new_dirent(struct configfs_dirent *parent_sd,
183 						   void *element, int type,
184 						   struct configfs_fragment *frag)
185 {
186 	struct configfs_dirent * sd;
187 
188 	sd = kmem_cache_zalloc(configfs_dir_cachep, GFP_KERNEL);
189 	if (!sd)
190 		return ERR_PTR(-ENOMEM);
191 
192 	atomic_set(&sd->s_count, 1);
193 	INIT_LIST_HEAD(&sd->s_children);
194 	sd->s_element = element;
195 	sd->s_type = type;
196 	configfs_init_dirent_depth(sd);
197 	spin_lock(&configfs_dirent_lock);
198 	if (parent_sd->s_type & CONFIGFS_USET_DROPPING) {
199 		spin_unlock(&configfs_dirent_lock);
200 		kmem_cache_free(configfs_dir_cachep, sd);
201 		return ERR_PTR(-ENOENT);
202 	}
203 	sd->s_frag = get_fragment(frag);
204 	list_add(&sd->s_sibling, &parent_sd->s_children);
205 	spin_unlock(&configfs_dirent_lock);
206 
207 	return sd;
208 }
209 
210 /*
211  *
212  * Return -EEXIST if there is already a configfs element with the same
213  * name for the same parent.
214  *
215  * called with parent inode's i_mutex held
216  */
configfs_dirent_exists(struct configfs_dirent * parent_sd,const unsigned char * new)217 static int configfs_dirent_exists(struct configfs_dirent *parent_sd,
218 				  const unsigned char *new)
219 {
220 	struct configfs_dirent * sd;
221 
222 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
223 		if (sd->s_element) {
224 			const unsigned char *existing = configfs_get_name(sd);
225 			if (strcmp(existing, new))
226 				continue;
227 			else
228 				return -EEXIST;
229 		}
230 	}
231 
232 	return 0;
233 }
234 
235 
configfs_make_dirent(struct configfs_dirent * parent_sd,struct dentry * dentry,void * element,umode_t mode,int type,struct configfs_fragment * frag)236 int configfs_make_dirent(struct configfs_dirent * parent_sd,
237 			 struct dentry * dentry, void * element,
238 			 umode_t mode, int type, struct configfs_fragment *frag)
239 {
240 	struct configfs_dirent * sd;
241 
242 	sd = configfs_new_dirent(parent_sd, element, type, frag);
243 	if (IS_ERR(sd))
244 		return PTR_ERR(sd);
245 
246 	sd->s_mode = mode;
247 	sd->s_dentry = dentry;
248 	if (dentry)
249 		dentry->d_fsdata = configfs_get(sd);
250 
251 	return 0;
252 }
253 
configfs_remove_dirent(struct dentry * dentry)254 static void configfs_remove_dirent(struct dentry *dentry)
255 {
256 	struct configfs_dirent *sd = dentry->d_fsdata;
257 
258 	if (!sd)
259 		return;
260 	spin_lock(&configfs_dirent_lock);
261 	list_del_init(&sd->s_sibling);
262 	spin_unlock(&configfs_dirent_lock);
263 	configfs_put(sd);
264 }
265 
266 /**
267  *	configfs_create_dir - create a directory for an config_item.
268  *	@item:		config_itemwe're creating directory for.
269  *	@dentry:	config_item's dentry.
270  *
271  *	Note: user-created entries won't be allowed under this new directory
272  *	until it is validated by configfs_dir_set_ready()
273  */
274 
configfs_create_dir(struct config_item * item,struct dentry * dentry,struct configfs_fragment * frag)275 static int configfs_create_dir(struct config_item *item, struct dentry *dentry,
276 				struct configfs_fragment *frag)
277 {
278 	int error;
279 	umode_t mode = S_IFDIR| S_IRWXU | S_IRUGO | S_IXUGO;
280 	struct dentry *p = dentry->d_parent;
281 	struct inode *inode;
282 
283 	BUG_ON(!item);
284 
285 	error = configfs_dirent_exists(p->d_fsdata, dentry->d_name.name);
286 	if (unlikely(error))
287 		return error;
288 
289 	error = configfs_make_dirent(p->d_fsdata, dentry, item, mode,
290 				     CONFIGFS_DIR | CONFIGFS_USET_CREATING,
291 				     frag);
292 	if (unlikely(error))
293 		return error;
294 
295 	configfs_set_dir_dirent_depth(p->d_fsdata, dentry->d_fsdata);
296 	inode = configfs_create(dentry, mode);
297 	if (IS_ERR(inode))
298 		goto out_remove;
299 
300 	inode->i_op = &configfs_dir_inode_operations;
301 	inode->i_fop = &configfs_dir_operations;
302 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
303 	inc_nlink(inode);
304 	d_instantiate(dentry, inode);
305 	/* already hashed */
306 	dget(dentry);  /* pin directory dentries in core */
307 	inc_nlink(d_inode(p));
308 	item->ci_dentry = dentry;
309 	return 0;
310 
311 out_remove:
312 	configfs_remove_dirent(dentry);
313 	return PTR_ERR(inode);
314 }
315 
316 /*
317  * Allow userspace to create new entries under a new directory created with
318  * configfs_create_dir(), and under all of its chidlren directories recursively.
319  * @sd		configfs_dirent of the new directory to validate
320  *
321  * Caller must hold configfs_dirent_lock.
322  */
configfs_dir_set_ready(struct configfs_dirent * sd)323 static void configfs_dir_set_ready(struct configfs_dirent *sd)
324 {
325 	struct configfs_dirent *child_sd;
326 
327 	sd->s_type &= ~CONFIGFS_USET_CREATING;
328 	list_for_each_entry(child_sd, &sd->s_children, s_sibling)
329 		if (child_sd->s_type & CONFIGFS_USET_CREATING)
330 			configfs_dir_set_ready(child_sd);
331 }
332 
333 /*
334  * Check that a directory does not belong to a directory hierarchy being
335  * attached and not validated yet.
336  * @sd		configfs_dirent of the directory to check
337  *
338  * @return	non-zero iff the directory was validated
339  *
340  * Note: takes configfs_dirent_lock, so the result may change from false to true
341  * in two consecutive calls, but never from true to false.
342  */
configfs_dirent_is_ready(struct configfs_dirent * sd)343 int configfs_dirent_is_ready(struct configfs_dirent *sd)
344 {
345 	int ret;
346 
347 	spin_lock(&configfs_dirent_lock);
348 	ret = !(sd->s_type & CONFIGFS_USET_CREATING);
349 	spin_unlock(&configfs_dirent_lock);
350 
351 	return ret;
352 }
353 
configfs_create_link(struct configfs_dirent * target,struct dentry * parent,struct dentry * dentry,char * body)354 int configfs_create_link(struct configfs_dirent *target, struct dentry *parent,
355 		struct dentry *dentry, char *body)
356 {
357 	int err = 0;
358 	umode_t mode = S_IFLNK | S_IRWXUGO;
359 	struct configfs_dirent *p = parent->d_fsdata;
360 	struct inode *inode;
361 
362 	err = configfs_make_dirent(p, dentry, target, mode, CONFIGFS_ITEM_LINK,
363 			p->s_frag);
364 	if (err)
365 		return err;
366 
367 	inode = configfs_create(dentry, mode);
368 	if (IS_ERR(inode))
369 		goto out_remove;
370 
371 	inode->i_link = body;
372 	inode->i_op = &configfs_symlink_inode_operations;
373 	d_instantiate(dentry, inode);
374 	dget(dentry);  /* pin link dentries in core */
375 	return 0;
376 
377 out_remove:
378 	configfs_remove_dirent(dentry);
379 	return PTR_ERR(inode);
380 }
381 
remove_dir(struct dentry * d)382 static void remove_dir(struct dentry * d)
383 {
384 	struct dentry * parent = dget(d->d_parent);
385 
386 	configfs_remove_dirent(d);
387 
388 	if (d_really_is_positive(d))
389 		simple_rmdir(d_inode(parent),d);
390 
391 	pr_debug(" o %pd removing done (%d)\n", d, d_count(d));
392 
393 	dput(parent);
394 }
395 
396 /**
397  * configfs_remove_dir - remove an config_item's directory.
398  * @item:	config_item we're removing.
399  *
400  * The only thing special about this is that we remove any files in
401  * the directory before we remove the directory, and we've inlined
402  * what used to be configfs_rmdir() below, instead of calling separately.
403  *
404  * Caller holds the mutex of the item's inode
405  */
406 
configfs_remove_dir(struct config_item * item)407 static void configfs_remove_dir(struct config_item * item)
408 {
409 	struct dentry * dentry = dget(item->ci_dentry);
410 
411 	if (!dentry)
412 		return;
413 
414 	remove_dir(dentry);
415 	/**
416 	 * Drop reference from dget() on entrance.
417 	 */
418 	dput(dentry);
419 }
420 
421 
422 /* attaches attribute's configfs_dirent to the dentry corresponding to the
423  * attribute file
424  */
configfs_attach_attr(struct configfs_dirent * sd,struct dentry * dentry)425 static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * dentry)
426 {
427 	struct configfs_attribute * attr = sd->s_element;
428 	struct inode *inode;
429 
430 	spin_lock(&configfs_dirent_lock);
431 	dentry->d_fsdata = configfs_get(sd);
432 	sd->s_dentry = dentry;
433 	spin_unlock(&configfs_dirent_lock);
434 
435 	inode = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG);
436 	if (IS_ERR(inode)) {
437 		configfs_put(sd);
438 		return PTR_ERR(inode);
439 	}
440 	if (sd->s_type & CONFIGFS_ITEM_BIN_ATTR) {
441 		inode->i_size = 0;
442 		inode->i_fop = &configfs_bin_file_operations;
443 	} else {
444 		inode->i_size = PAGE_SIZE;
445 		inode->i_fop = &configfs_file_operations;
446 	}
447 	d_add(dentry, inode);
448 	return 0;
449 }
450 
configfs_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)451 static struct dentry * configfs_lookup(struct inode *dir,
452 				       struct dentry *dentry,
453 				       unsigned int flags)
454 {
455 	struct configfs_dirent * parent_sd = dentry->d_parent->d_fsdata;
456 	struct configfs_dirent * sd;
457 	int found = 0;
458 	int err;
459 
460 	/*
461 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
462 	 * being attached
463 	 *
464 	 * This forbids userspace to read/write attributes of items which may
465 	 * not complete their initialization, since the dentries of the
466 	 * attributes won't be instantiated.
467 	 */
468 	err = -ENOENT;
469 	if (!configfs_dirent_is_ready(parent_sd))
470 		goto out;
471 
472 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
473 		if (sd->s_type & CONFIGFS_NOT_PINNED) {
474 			const unsigned char * name = configfs_get_name(sd);
475 
476 			if (strcmp(name, dentry->d_name.name))
477 				continue;
478 
479 			found = 1;
480 			err = configfs_attach_attr(sd, dentry);
481 			break;
482 		}
483 	}
484 
485 	if (!found) {
486 		/*
487 		 * If it doesn't exist and it isn't a NOT_PINNED item,
488 		 * it must be negative.
489 		 */
490 		if (dentry->d_name.len > NAME_MAX)
491 			return ERR_PTR(-ENAMETOOLONG);
492 		d_add(dentry, NULL);
493 		return NULL;
494 	}
495 
496 out:
497 	return ERR_PTR(err);
498 }
499 
500 /*
501  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
502  * attributes and are removed by rmdir().  We recurse, setting
503  * CONFIGFS_USET_DROPPING on all children that are candidates for
504  * default detach.
505  * If there is an error, the caller will reset the flags via
506  * configfs_detach_rollback().
507  */
configfs_detach_prep(struct dentry * dentry,struct dentry ** wait)508 static int configfs_detach_prep(struct dentry *dentry, struct dentry **wait)
509 {
510 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
511 	struct configfs_dirent *sd;
512 	int ret;
513 
514 	/* Mark that we're trying to drop the group */
515 	parent_sd->s_type |= CONFIGFS_USET_DROPPING;
516 
517 	ret = -EBUSY;
518 	if (parent_sd->s_links)
519 		goto out;
520 
521 	ret = 0;
522 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
523 		if (!sd->s_element ||
524 		    (sd->s_type & CONFIGFS_NOT_PINNED))
525 			continue;
526 		if (sd->s_type & CONFIGFS_USET_DEFAULT) {
527 			/* Abort if racing with mkdir() */
528 			if (sd->s_type & CONFIGFS_USET_IN_MKDIR) {
529 				if (wait)
530 					*wait= dget(sd->s_dentry);
531 				return -EAGAIN;
532 			}
533 
534 			/*
535 			 * Yup, recursive.  If there's a problem, blame
536 			 * deep nesting of default_groups
537 			 */
538 			ret = configfs_detach_prep(sd->s_dentry, wait);
539 			if (!ret)
540 				continue;
541 		} else
542 			ret = -ENOTEMPTY;
543 
544 		break;
545 	}
546 
547 out:
548 	return ret;
549 }
550 
551 /*
552  * Walk the tree, resetting CONFIGFS_USET_DROPPING wherever it was
553  * set.
554  */
configfs_detach_rollback(struct dentry * dentry)555 static void configfs_detach_rollback(struct dentry *dentry)
556 {
557 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
558 	struct configfs_dirent *sd;
559 
560 	parent_sd->s_type &= ~CONFIGFS_USET_DROPPING;
561 
562 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling)
563 		if (sd->s_type & CONFIGFS_USET_DEFAULT)
564 			configfs_detach_rollback(sd->s_dentry);
565 }
566 
detach_attrs(struct config_item * item)567 static void detach_attrs(struct config_item * item)
568 {
569 	struct dentry * dentry = dget(item->ci_dentry);
570 	struct configfs_dirent * parent_sd;
571 	struct configfs_dirent * sd, * tmp;
572 
573 	if (!dentry)
574 		return;
575 
576 	pr_debug("configfs %s: dropping attrs for  dir\n",
577 		 dentry->d_name.name);
578 
579 	parent_sd = dentry->d_fsdata;
580 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
581 		if (!sd->s_element || !(sd->s_type & CONFIGFS_NOT_PINNED))
582 			continue;
583 		spin_lock(&configfs_dirent_lock);
584 		list_del_init(&sd->s_sibling);
585 		spin_unlock(&configfs_dirent_lock);
586 		configfs_drop_dentry(sd, dentry);
587 		configfs_put(sd);
588 	}
589 
590 	/**
591 	 * Drop reference from dget() on entrance.
592 	 */
593 	dput(dentry);
594 }
595 
populate_attrs(struct config_item * item)596 static int populate_attrs(struct config_item *item)
597 {
598 	const struct config_item_type *t = item->ci_type;
599 	struct configfs_attribute *attr;
600 	struct configfs_bin_attribute *bin_attr;
601 	int error = 0;
602 	int i;
603 
604 	if (!t)
605 		return -EINVAL;
606 	if (t->ct_attrs) {
607 		for (i = 0; (attr = t->ct_attrs[i]) != NULL; i++) {
608 			if ((error = configfs_create_file(item, attr)))
609 				break;
610 		}
611 	}
612 	if (t->ct_bin_attrs) {
613 		for (i = 0; (bin_attr = t->ct_bin_attrs[i]) != NULL; i++) {
614 			error = configfs_create_bin_file(item, bin_attr);
615 			if (error)
616 				break;
617 		}
618 	}
619 
620 	if (error)
621 		detach_attrs(item);
622 
623 	return error;
624 }
625 
626 static int configfs_attach_group(struct config_item *parent_item,
627 				 struct config_item *item,
628 				 struct dentry *dentry,
629 				 struct configfs_fragment *frag);
630 static void configfs_detach_group(struct config_item *item);
631 
detach_groups(struct config_group * group)632 static void detach_groups(struct config_group *group)
633 {
634 	struct dentry * dentry = dget(group->cg_item.ci_dentry);
635 	struct dentry *child;
636 	struct configfs_dirent *parent_sd;
637 	struct configfs_dirent *sd, *tmp;
638 
639 	if (!dentry)
640 		return;
641 
642 	parent_sd = dentry->d_fsdata;
643 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
644 		if (!sd->s_element ||
645 		    !(sd->s_type & CONFIGFS_USET_DEFAULT))
646 			continue;
647 
648 		child = sd->s_dentry;
649 
650 		inode_lock(d_inode(child));
651 
652 		configfs_detach_group(sd->s_element);
653 		d_inode(child)->i_flags |= S_DEAD;
654 		dont_mount(child);
655 
656 		inode_unlock(d_inode(child));
657 
658 		d_delete(child);
659 		dput(child);
660 	}
661 
662 	/**
663 	 * Drop reference from dget() on entrance.
664 	 */
665 	dput(dentry);
666 }
667 
668 /*
669  * This fakes mkdir(2) on a default_groups[] entry.  It
670  * creates a dentry, attachs it, and then does fixup
671  * on the sd->s_type.
672  *
673  * We could, perhaps, tweak our parent's ->mkdir for a minute and
674  * try using vfs_mkdir.  Just a thought.
675  */
create_default_group(struct config_group * parent_group,struct config_group * group,struct configfs_fragment * frag)676 static int create_default_group(struct config_group *parent_group,
677 				struct config_group *group,
678 				struct configfs_fragment *frag)
679 {
680 	int ret;
681 	struct configfs_dirent *sd;
682 	/* We trust the caller holds a reference to parent */
683 	struct dentry *child, *parent = parent_group->cg_item.ci_dentry;
684 
685 	if (!group->cg_item.ci_name)
686 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
687 
688 	ret = -ENOMEM;
689 	child = d_alloc_name(parent, group->cg_item.ci_name);
690 	if (child) {
691 		d_add(child, NULL);
692 
693 		ret = configfs_attach_group(&parent_group->cg_item,
694 					    &group->cg_item, child, frag);
695 		if (!ret) {
696 			sd = child->d_fsdata;
697 			sd->s_type |= CONFIGFS_USET_DEFAULT;
698 		} else {
699 			BUG_ON(d_inode(child));
700 			d_drop(child);
701 			dput(child);
702 		}
703 	}
704 
705 	return ret;
706 }
707 
populate_groups(struct config_group * group,struct configfs_fragment * frag)708 static int populate_groups(struct config_group *group,
709 			   struct configfs_fragment *frag)
710 {
711 	struct config_group *new_group;
712 	int ret = 0;
713 
714 	list_for_each_entry(new_group, &group->default_groups, group_entry) {
715 		ret = create_default_group(group, new_group, frag);
716 		if (ret) {
717 			detach_groups(group);
718 			break;
719 		}
720 	}
721 
722 	return ret;
723 }
724 
configfs_remove_default_groups(struct config_group * group)725 void configfs_remove_default_groups(struct config_group *group)
726 {
727 	struct config_group *g, *n;
728 
729 	list_for_each_entry_safe(g, n, &group->default_groups, group_entry) {
730 		list_del(&g->group_entry);
731 		config_item_put(&g->cg_item);
732 	}
733 }
734 EXPORT_SYMBOL(configfs_remove_default_groups);
735 
736 /*
737  * All of link_obj/unlink_obj/link_group/unlink_group require that
738  * subsys->su_mutex is held.
739  */
740 
unlink_obj(struct config_item * item)741 static void unlink_obj(struct config_item *item)
742 {
743 	struct config_group *group;
744 
745 	group = item->ci_group;
746 	if (group) {
747 		list_del_init(&item->ci_entry);
748 
749 		item->ci_group = NULL;
750 		item->ci_parent = NULL;
751 
752 		/* Drop the reference for ci_entry */
753 		config_item_put(item);
754 
755 		/* Drop the reference for ci_parent */
756 		config_group_put(group);
757 	}
758 }
759 
link_obj(struct config_item * parent_item,struct config_item * item)760 static void link_obj(struct config_item *parent_item, struct config_item *item)
761 {
762 	/*
763 	 * Parent seems redundant with group, but it makes certain
764 	 * traversals much nicer.
765 	 */
766 	item->ci_parent = parent_item;
767 
768 	/*
769 	 * We hold a reference on the parent for the child's ci_parent
770 	 * link.
771 	 */
772 	item->ci_group = config_group_get(to_config_group(parent_item));
773 	list_add_tail(&item->ci_entry, &item->ci_group->cg_children);
774 
775 	/*
776 	 * We hold a reference on the child for ci_entry on the parent's
777 	 * cg_children
778 	 */
779 	config_item_get(item);
780 }
781 
unlink_group(struct config_group * group)782 static void unlink_group(struct config_group *group)
783 {
784 	struct config_group *new_group;
785 
786 	list_for_each_entry(new_group, &group->default_groups, group_entry)
787 		unlink_group(new_group);
788 
789 	group->cg_subsys = NULL;
790 	unlink_obj(&group->cg_item);
791 }
792 
link_group(struct config_group * parent_group,struct config_group * group)793 static void link_group(struct config_group *parent_group, struct config_group *group)
794 {
795 	struct config_group *new_group;
796 	struct configfs_subsystem *subsys = NULL; /* gcc is a turd */
797 
798 	link_obj(&parent_group->cg_item, &group->cg_item);
799 
800 	if (parent_group->cg_subsys)
801 		subsys = parent_group->cg_subsys;
802 	else if (configfs_is_root(&parent_group->cg_item))
803 		subsys = to_configfs_subsystem(group);
804 	else
805 		BUG();
806 	group->cg_subsys = subsys;
807 
808 	list_for_each_entry(new_group, &group->default_groups, group_entry)
809 		link_group(group, new_group);
810 }
811 
812 /*
813  * The goal is that configfs_attach_item() (and
814  * configfs_attach_group()) can be called from either the VFS or this
815  * module.  That is, they assume that the items have been created,
816  * the dentry allocated, and the dcache is all ready to go.
817  *
818  * If they fail, they must clean up after themselves as if they
819  * had never been called.  The caller (VFS or local function) will
820  * handle cleaning up the dcache bits.
821  *
822  * configfs_detach_group() and configfs_detach_item() behave similarly on
823  * the way out.  They assume that the proper semaphores are held, they
824  * clean up the configfs items, and they expect their callers will
825  * handle the dcache bits.
826  */
configfs_attach_item(struct config_item * parent_item,struct config_item * item,struct dentry * dentry,struct configfs_fragment * frag)827 static int configfs_attach_item(struct config_item *parent_item,
828 				struct config_item *item,
829 				struct dentry *dentry,
830 				struct configfs_fragment *frag)
831 {
832 	int ret;
833 
834 	ret = configfs_create_dir(item, dentry, frag);
835 	if (!ret) {
836 		ret = populate_attrs(item);
837 		if (ret) {
838 			/*
839 			 * We are going to remove an inode and its dentry but
840 			 * the VFS may already have hit and used them. Thus,
841 			 * we must lock them as rmdir() would.
842 			 */
843 			inode_lock(d_inode(dentry));
844 			configfs_remove_dir(item);
845 			d_inode(dentry)->i_flags |= S_DEAD;
846 			dont_mount(dentry);
847 			inode_unlock(d_inode(dentry));
848 			d_delete(dentry);
849 		}
850 	}
851 
852 	return ret;
853 }
854 
855 /* Caller holds the mutex of the item's inode */
configfs_detach_item(struct config_item * item)856 static void configfs_detach_item(struct config_item *item)
857 {
858 	detach_attrs(item);
859 	configfs_remove_dir(item);
860 }
861 
configfs_attach_group(struct config_item * parent_item,struct config_item * item,struct dentry * dentry,struct configfs_fragment * frag)862 static int configfs_attach_group(struct config_item *parent_item,
863 				 struct config_item *item,
864 				 struct dentry *dentry,
865 				 struct configfs_fragment *frag)
866 {
867 	int ret;
868 	struct configfs_dirent *sd;
869 
870 	ret = configfs_attach_item(parent_item, item, dentry, frag);
871 	if (!ret) {
872 		sd = dentry->d_fsdata;
873 		sd->s_type |= CONFIGFS_USET_DIR;
874 
875 		/*
876 		 * FYI, we're faking mkdir in populate_groups()
877 		 * We must lock the group's inode to avoid races with the VFS
878 		 * which can already hit the inode and try to add/remove entries
879 		 * under it.
880 		 *
881 		 * We must also lock the inode to remove it safely in case of
882 		 * error, as rmdir() would.
883 		 */
884 		inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
885 		configfs_adjust_dir_dirent_depth_before_populate(sd);
886 		ret = populate_groups(to_config_group(item), frag);
887 		if (ret) {
888 			configfs_detach_item(item);
889 			d_inode(dentry)->i_flags |= S_DEAD;
890 			dont_mount(dentry);
891 		}
892 		configfs_adjust_dir_dirent_depth_after_populate(sd);
893 		inode_unlock(d_inode(dentry));
894 		if (ret)
895 			d_delete(dentry);
896 	}
897 
898 	return ret;
899 }
900 
901 /* Caller holds the mutex of the group's inode */
configfs_detach_group(struct config_item * item)902 static void configfs_detach_group(struct config_item *item)
903 {
904 	detach_groups(to_config_group(item));
905 	configfs_detach_item(item);
906 }
907 
908 /*
909  * After the item has been detached from the filesystem view, we are
910  * ready to tear it out of the hierarchy.  Notify the client before
911  * we do that so they can perform any cleanup that requires
912  * navigating the hierarchy.  A client does not need to provide this
913  * callback.  The subsystem semaphore MUST be held by the caller, and
914  * references must be valid for both items.  It also assumes the
915  * caller has validated ci_type.
916  */
client_disconnect_notify(struct config_item * parent_item,struct config_item * item)917 static void client_disconnect_notify(struct config_item *parent_item,
918 				     struct config_item *item)
919 {
920 	const struct config_item_type *type;
921 
922 	type = parent_item->ci_type;
923 	BUG_ON(!type);
924 
925 	if (type->ct_group_ops && type->ct_group_ops->disconnect_notify)
926 		type->ct_group_ops->disconnect_notify(to_config_group(parent_item),
927 						      item);
928 }
929 
930 /*
931  * Drop the initial reference from make_item()/make_group()
932  * This function assumes that reference is held on item
933  * and that item holds a valid reference to the parent.  Also, it
934  * assumes the caller has validated ci_type.
935  */
client_drop_item(struct config_item * parent_item,struct config_item * item)936 static void client_drop_item(struct config_item *parent_item,
937 			     struct config_item *item)
938 {
939 	const struct config_item_type *type;
940 
941 	type = parent_item->ci_type;
942 	BUG_ON(!type);
943 
944 	/*
945 	 * If ->drop_item() exists, it is responsible for the
946 	 * config_item_put().
947 	 */
948 	if (type->ct_group_ops && type->ct_group_ops->drop_item)
949 		type->ct_group_ops->drop_item(to_config_group(parent_item),
950 					      item);
951 	else
952 		config_item_put(item);
953 }
954 
955 #ifdef DEBUG
configfs_dump_one(struct configfs_dirent * sd,int level)956 static void configfs_dump_one(struct configfs_dirent *sd, int level)
957 {
958 	pr_info("%*s\"%s\":\n", level, " ", configfs_get_name(sd));
959 
960 #define type_print(_type) if (sd->s_type & _type) pr_info("%*s %s\n", level, " ", #_type);
961 	type_print(CONFIGFS_ROOT);
962 	type_print(CONFIGFS_DIR);
963 	type_print(CONFIGFS_ITEM_ATTR);
964 	type_print(CONFIGFS_ITEM_LINK);
965 	type_print(CONFIGFS_USET_DIR);
966 	type_print(CONFIGFS_USET_DEFAULT);
967 	type_print(CONFIGFS_USET_DROPPING);
968 #undef type_print
969 }
970 
configfs_dump(struct configfs_dirent * sd,int level)971 static int configfs_dump(struct configfs_dirent *sd, int level)
972 {
973 	struct configfs_dirent *child_sd;
974 	int ret = 0;
975 
976 	configfs_dump_one(sd, level);
977 
978 	if (!(sd->s_type & (CONFIGFS_DIR|CONFIGFS_ROOT)))
979 		return 0;
980 
981 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
982 		ret = configfs_dump(child_sd, level + 2);
983 		if (ret)
984 			break;
985 	}
986 
987 	return ret;
988 }
989 #endif
990 
991 
992 /*
993  * configfs_depend_item() and configfs_undepend_item()
994  *
995  * WARNING: Do not call these from a configfs callback!
996  *
997  * This describes these functions and their helpers.
998  *
999  * Allow another kernel system to depend on a config_item.  If this
1000  * happens, the item cannot go away until the dependent can live without
1001  * it.  The idea is to give client modules as simple an interface as
1002  * possible.  When a system asks them to depend on an item, they just
1003  * call configfs_depend_item().  If the item is live and the client
1004  * driver is in good shape, we'll happily do the work for them.
1005  *
1006  * Why is the locking complex?  Because configfs uses the VFS to handle
1007  * all locking, but this function is called outside the normal
1008  * VFS->configfs path.  So it must take VFS locks to prevent the
1009  * VFS->configfs stuff (configfs_mkdir(), configfs_rmdir(), etc).  This is
1010  * why you can't call these functions underneath configfs callbacks.
1011  *
1012  * Note, btw, that this can be called at *any* time, even when a configfs
1013  * subsystem isn't registered, or when configfs is loading or unloading.
1014  * Just like configfs_register_subsystem().  So we take the same
1015  * precautions.  We pin the filesystem.  We lock configfs_dirent_lock.
1016  * If we can find the target item in the
1017  * configfs tree, it must be part of the subsystem tree as well, so we
1018  * do not need the subsystem semaphore.  Holding configfs_dirent_lock helps
1019  * locking out mkdir() and rmdir(), who might be racing us.
1020  */
1021 
1022 /*
1023  * configfs_depend_prep()
1024  *
1025  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
1026  * attributes.  This is similar but not the same to configfs_detach_prep().
1027  * Note that configfs_detach_prep() expects the parent to be locked when it
1028  * is called, but we lock the parent *inside* configfs_depend_prep().  We
1029  * do that so we can unlock it if we find nothing.
1030  *
1031  * Here we do a depth-first search of the dentry hierarchy looking for
1032  * our object.
1033  * We deliberately ignore items tagged as dropping since they are virtually
1034  * dead, as well as items in the middle of attachment since they virtually
1035  * do not exist yet. This completes the locking out of racing mkdir() and
1036  * rmdir().
1037  * Note: subdirectories in the middle of attachment start with s_type =
1038  * CONFIGFS_DIR|CONFIGFS_USET_CREATING set by create_dir().  When
1039  * CONFIGFS_USET_CREATING is set, we ignore the item.  The actual set of
1040  * s_type is in configfs_new_dirent(), which has configfs_dirent_lock.
1041  *
1042  * If the target is not found, -ENOENT is bubbled up.
1043  *
1044  * This adds a requirement that all config_items be unique!
1045  *
1046  * This is recursive.  There isn't
1047  * much on the stack, though, so folks that need this function - be careful
1048  * about your stack!  Patches will be accepted to make it iterative.
1049  */
configfs_depend_prep(struct dentry * origin,struct config_item * target)1050 static int configfs_depend_prep(struct dentry *origin,
1051 				struct config_item *target)
1052 {
1053 	struct configfs_dirent *child_sd, *sd;
1054 	int ret = 0;
1055 
1056 	BUG_ON(!origin || !origin->d_fsdata);
1057 	sd = origin->d_fsdata;
1058 
1059 	if (sd->s_element == target)  /* Boo-yah */
1060 		goto out;
1061 
1062 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
1063 		if ((child_sd->s_type & CONFIGFS_DIR) &&
1064 		    !(child_sd->s_type & CONFIGFS_USET_DROPPING) &&
1065 		    !(child_sd->s_type & CONFIGFS_USET_CREATING)) {
1066 			ret = configfs_depend_prep(child_sd->s_dentry,
1067 						   target);
1068 			if (!ret)
1069 				goto out;  /* Child path boo-yah */
1070 		}
1071 	}
1072 
1073 	/* We looped all our children and didn't find target */
1074 	ret = -ENOENT;
1075 
1076 out:
1077 	return ret;
1078 }
1079 
configfs_do_depend_item(struct dentry * subsys_dentry,struct config_item * target)1080 static int configfs_do_depend_item(struct dentry *subsys_dentry,
1081 				   struct config_item *target)
1082 {
1083 	struct configfs_dirent *p;
1084 	int ret;
1085 
1086 	spin_lock(&configfs_dirent_lock);
1087 	/* Scan the tree, return 0 if found */
1088 	ret = configfs_depend_prep(subsys_dentry, target);
1089 	if (ret)
1090 		goto out_unlock_dirent_lock;
1091 
1092 	/*
1093 	 * We are sure that the item is not about to be removed by rmdir(), and
1094 	 * not in the middle of attachment by mkdir().
1095 	 */
1096 	p = target->ci_dentry->d_fsdata;
1097 	p->s_dependent_count += 1;
1098 
1099 out_unlock_dirent_lock:
1100 	spin_unlock(&configfs_dirent_lock);
1101 
1102 	return ret;
1103 }
1104 
1105 static inline struct configfs_dirent *
configfs_find_subsys_dentry(struct configfs_dirent * root_sd,struct config_item * subsys_item)1106 configfs_find_subsys_dentry(struct configfs_dirent *root_sd,
1107 			    struct config_item *subsys_item)
1108 {
1109 	struct configfs_dirent *p;
1110 	struct configfs_dirent *ret = NULL;
1111 
1112 	list_for_each_entry(p, &root_sd->s_children, s_sibling) {
1113 		if (p->s_type & CONFIGFS_DIR &&
1114 		    p->s_element == subsys_item) {
1115 			ret = p;
1116 			break;
1117 		}
1118 	}
1119 
1120 	return ret;
1121 }
1122 
1123 
configfs_depend_item(struct configfs_subsystem * subsys,struct config_item * target)1124 int configfs_depend_item(struct configfs_subsystem *subsys,
1125 			 struct config_item *target)
1126 {
1127 	int ret;
1128 	struct configfs_dirent *subsys_sd;
1129 	struct config_item *s_item = &subsys->su_group.cg_item;
1130 	struct dentry *root;
1131 
1132 	/*
1133 	 * Pin the configfs filesystem.  This means we can safely access
1134 	 * the root of the configfs filesystem.
1135 	 */
1136 	root = configfs_pin_fs();
1137 	if (IS_ERR(root))
1138 		return PTR_ERR(root);
1139 
1140 	/*
1141 	 * Next, lock the root directory.  We're going to check that the
1142 	 * subsystem is really registered, and so we need to lock out
1143 	 * configfs_[un]register_subsystem().
1144 	 */
1145 	inode_lock(d_inode(root));
1146 
1147 	subsys_sd = configfs_find_subsys_dentry(root->d_fsdata, s_item);
1148 	if (!subsys_sd) {
1149 		ret = -ENOENT;
1150 		goto out_unlock_fs;
1151 	}
1152 
1153 	/* Ok, now we can trust subsys/s_item */
1154 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1155 
1156 out_unlock_fs:
1157 	inode_unlock(d_inode(root));
1158 
1159 	/*
1160 	 * If we succeeded, the fs is pinned via other methods.  If not,
1161 	 * we're done with it anyway.  So release_fs() is always right.
1162 	 */
1163 	configfs_release_fs();
1164 
1165 	return ret;
1166 }
1167 EXPORT_SYMBOL(configfs_depend_item);
1168 
1169 /*
1170  * Release the dependent linkage.  This is much simpler than
1171  * configfs_depend_item() because we know that the client driver is
1172  * pinned, thus the subsystem is pinned, and therefore configfs is pinned.
1173  */
configfs_undepend_item(struct config_item * target)1174 void configfs_undepend_item(struct config_item *target)
1175 {
1176 	struct configfs_dirent *sd;
1177 
1178 	/*
1179 	 * Since we can trust everything is pinned, we just need
1180 	 * configfs_dirent_lock.
1181 	 */
1182 	spin_lock(&configfs_dirent_lock);
1183 
1184 	sd = target->ci_dentry->d_fsdata;
1185 	BUG_ON(sd->s_dependent_count < 1);
1186 
1187 	sd->s_dependent_count -= 1;
1188 
1189 	/*
1190 	 * After this unlock, we cannot trust the item to stay alive!
1191 	 * DO NOT REFERENCE item after this unlock.
1192 	 */
1193 	spin_unlock(&configfs_dirent_lock);
1194 }
1195 EXPORT_SYMBOL(configfs_undepend_item);
1196 
1197 /*
1198  * caller_subsys is a caller's subsystem not target's. This is used to
1199  * determine if we should lock root and check subsys or not. When we are
1200  * in the same subsystem as our target there is no need to do locking as
1201  * we know that subsys is valid and is not unregistered during this function
1202  * as we are called from callback of one of his children and VFS holds a lock
1203  * on some inode. Otherwise we have to lock our root to  ensure that target's
1204  * subsystem it is not unregistered during this function.
1205  */
configfs_depend_item_unlocked(struct configfs_subsystem * caller_subsys,struct config_item * target)1206 int configfs_depend_item_unlocked(struct configfs_subsystem *caller_subsys,
1207 				  struct config_item *target)
1208 {
1209 	struct configfs_subsystem *target_subsys;
1210 	struct config_group *root, *parent;
1211 	struct configfs_dirent *subsys_sd;
1212 	int ret = -ENOENT;
1213 
1214 	/* Disallow this function for configfs root */
1215 	if (configfs_is_root(target))
1216 		return -EINVAL;
1217 
1218 	parent = target->ci_group;
1219 	/*
1220 	 * This may happen when someone is trying to depend root
1221 	 * directory of some subsystem
1222 	 */
1223 	if (configfs_is_root(&parent->cg_item)) {
1224 		target_subsys = to_configfs_subsystem(to_config_group(target));
1225 		root = parent;
1226 	} else {
1227 		target_subsys = parent->cg_subsys;
1228 		/* Find a cofnigfs root as we may need it for locking */
1229 		for (root = parent; !configfs_is_root(&root->cg_item);
1230 		     root = root->cg_item.ci_group)
1231 			;
1232 	}
1233 
1234 	if (target_subsys != caller_subsys) {
1235 		/*
1236 		 * We are in other configfs subsystem, so we have to do
1237 		 * additional locking to prevent other subsystem from being
1238 		 * unregistered
1239 		 */
1240 		inode_lock(d_inode(root->cg_item.ci_dentry));
1241 
1242 		/*
1243 		 * As we are trying to depend item from other subsystem
1244 		 * we have to check if this subsystem is still registered
1245 		 */
1246 		subsys_sd = configfs_find_subsys_dentry(
1247 				root->cg_item.ci_dentry->d_fsdata,
1248 				&target_subsys->su_group.cg_item);
1249 		if (!subsys_sd)
1250 			goto out_root_unlock;
1251 	} else {
1252 		subsys_sd = target_subsys->su_group.cg_item.ci_dentry->d_fsdata;
1253 	}
1254 
1255 	/* Now we can execute core of depend item */
1256 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1257 
1258 	if (target_subsys != caller_subsys)
1259 out_root_unlock:
1260 		/*
1261 		 * We were called from subsystem other than our target so we
1262 		 * took some locks so now it's time to release them
1263 		 */
1264 		inode_unlock(d_inode(root->cg_item.ci_dentry));
1265 
1266 	return ret;
1267 }
1268 EXPORT_SYMBOL(configfs_depend_item_unlocked);
1269 
configfs_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)1270 static int configfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1271 {
1272 	int ret = 0;
1273 	int module_got = 0;
1274 	struct config_group *group = NULL;
1275 	struct config_item *item = NULL;
1276 	struct config_item *parent_item;
1277 	struct configfs_subsystem *subsys;
1278 	struct configfs_dirent *sd;
1279 	const struct config_item_type *type;
1280 	struct module *subsys_owner = NULL, *new_item_owner = NULL;
1281 	struct configfs_fragment *frag;
1282 	char *name;
1283 
1284 	sd = dentry->d_parent->d_fsdata;
1285 
1286 	/*
1287 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1288 	 * being attached
1289 	 */
1290 	if (!configfs_dirent_is_ready(sd)) {
1291 		ret = -ENOENT;
1292 		goto out;
1293 	}
1294 
1295 	if (!(sd->s_type & CONFIGFS_USET_DIR)) {
1296 		ret = -EPERM;
1297 		goto out;
1298 	}
1299 
1300 	frag = new_fragment();
1301 	if (!frag) {
1302 		ret = -ENOMEM;
1303 		goto out;
1304 	}
1305 
1306 	/* Get a working ref for the duration of this function */
1307 	parent_item = configfs_get_config_item(dentry->d_parent);
1308 	type = parent_item->ci_type;
1309 	subsys = to_config_group(parent_item)->cg_subsys;
1310 	BUG_ON(!subsys);
1311 
1312 	if (!type || !type->ct_group_ops ||
1313 	    (!type->ct_group_ops->make_group &&
1314 	     !type->ct_group_ops->make_item)) {
1315 		ret = -EPERM;  /* Lack-of-mkdir returns -EPERM */
1316 		goto out_put;
1317 	}
1318 
1319 	/*
1320 	 * The subsystem may belong to a different module than the item
1321 	 * being created.  We don't want to safely pin the new item but
1322 	 * fail to pin the subsystem it sits under.
1323 	 */
1324 	if (!subsys->su_group.cg_item.ci_type) {
1325 		ret = -EINVAL;
1326 		goto out_put;
1327 	}
1328 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1329 	if (!try_module_get(subsys_owner)) {
1330 		ret = -EINVAL;
1331 		goto out_put;
1332 	}
1333 
1334 	name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL);
1335 	if (!name) {
1336 		ret = -ENOMEM;
1337 		goto out_subsys_put;
1338 	}
1339 
1340 	snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name);
1341 
1342 	mutex_lock(&subsys->su_mutex);
1343 	if (type->ct_group_ops->make_group) {
1344 		group = type->ct_group_ops->make_group(to_config_group(parent_item), name);
1345 		if (!group)
1346 			group = ERR_PTR(-ENOMEM);
1347 		if (!IS_ERR(group)) {
1348 			link_group(to_config_group(parent_item), group);
1349 			item = &group->cg_item;
1350 		} else
1351 			ret = PTR_ERR(group);
1352 	} else {
1353 		item = type->ct_group_ops->make_item(to_config_group(parent_item), name);
1354 		if (!item)
1355 			item = ERR_PTR(-ENOMEM);
1356 		if (!IS_ERR(item))
1357 			link_obj(parent_item, item);
1358 		else
1359 			ret = PTR_ERR(item);
1360 	}
1361 	mutex_unlock(&subsys->su_mutex);
1362 
1363 	kfree(name);
1364 	if (ret) {
1365 		/*
1366 		 * If ret != 0, then link_obj() was never called.
1367 		 * There are no extra references to clean up.
1368 		 */
1369 		goto out_subsys_put;
1370 	}
1371 
1372 	/*
1373 	 * link_obj() has been called (via link_group() for groups).
1374 	 * From here on out, errors must clean that up.
1375 	 */
1376 
1377 	type = item->ci_type;
1378 	if (!type) {
1379 		ret = -EINVAL;
1380 		goto out_unlink;
1381 	}
1382 
1383 	new_item_owner = type->ct_owner;
1384 	if (!try_module_get(new_item_owner)) {
1385 		ret = -EINVAL;
1386 		goto out_unlink;
1387 	}
1388 
1389 	/*
1390 	 * I hate doing it this way, but if there is
1391 	 * an error,  module_put() probably should
1392 	 * happen after any cleanup.
1393 	 */
1394 	module_got = 1;
1395 
1396 	/*
1397 	 * Make racing rmdir() fail if it did not tag parent with
1398 	 * CONFIGFS_USET_DROPPING
1399 	 * Note: if CONFIGFS_USET_DROPPING is already set, attach_group() will
1400 	 * fail and let rmdir() terminate correctly
1401 	 */
1402 	spin_lock(&configfs_dirent_lock);
1403 	/* This will make configfs_detach_prep() fail */
1404 	sd->s_type |= CONFIGFS_USET_IN_MKDIR;
1405 	spin_unlock(&configfs_dirent_lock);
1406 
1407 	if (group)
1408 		ret = configfs_attach_group(parent_item, item, dentry, frag);
1409 	else
1410 		ret = configfs_attach_item(parent_item, item, dentry, frag);
1411 
1412 	spin_lock(&configfs_dirent_lock);
1413 	sd->s_type &= ~CONFIGFS_USET_IN_MKDIR;
1414 	if (!ret)
1415 		configfs_dir_set_ready(dentry->d_fsdata);
1416 	spin_unlock(&configfs_dirent_lock);
1417 
1418 out_unlink:
1419 	if (ret) {
1420 		/* Tear down everything we built up */
1421 		mutex_lock(&subsys->su_mutex);
1422 
1423 		client_disconnect_notify(parent_item, item);
1424 		if (group)
1425 			unlink_group(group);
1426 		else
1427 			unlink_obj(item);
1428 		client_drop_item(parent_item, item);
1429 
1430 		mutex_unlock(&subsys->su_mutex);
1431 
1432 		if (module_got)
1433 			module_put(new_item_owner);
1434 	}
1435 
1436 out_subsys_put:
1437 	if (ret)
1438 		module_put(subsys_owner);
1439 
1440 out_put:
1441 	/*
1442 	 * link_obj()/link_group() took a reference from child->parent,
1443 	 * so the parent is safely pinned.  We can drop our working
1444 	 * reference.
1445 	 */
1446 	config_item_put(parent_item);
1447 	put_fragment(frag);
1448 
1449 out:
1450 	return ret;
1451 }
1452 
configfs_rmdir(struct inode * dir,struct dentry * dentry)1453 static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
1454 {
1455 	struct config_item *parent_item;
1456 	struct config_item *item;
1457 	struct configfs_subsystem *subsys;
1458 	struct configfs_dirent *sd;
1459 	struct configfs_fragment *frag;
1460 	struct module *subsys_owner = NULL, *dead_item_owner = NULL;
1461 	int ret;
1462 
1463 	sd = dentry->d_fsdata;
1464 	if (sd->s_type & CONFIGFS_USET_DEFAULT)
1465 		return -EPERM;
1466 
1467 	/* Get a working ref until we have the child */
1468 	parent_item = configfs_get_config_item(dentry->d_parent);
1469 	subsys = to_config_group(parent_item)->cg_subsys;
1470 	BUG_ON(!subsys);
1471 
1472 	if (!parent_item->ci_type) {
1473 		config_item_put(parent_item);
1474 		return -EINVAL;
1475 	}
1476 
1477 	/* configfs_mkdir() shouldn't have allowed this */
1478 	BUG_ON(!subsys->su_group.cg_item.ci_type);
1479 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1480 
1481 	/*
1482 	 * Ensure that no racing symlink() will make detach_prep() fail while
1483 	 * the new link is temporarily attached
1484 	 */
1485 	do {
1486 		struct dentry *wait;
1487 
1488 		mutex_lock(&configfs_symlink_mutex);
1489 		spin_lock(&configfs_dirent_lock);
1490 		/*
1491 		 * Here's where we check for dependents.  We're protected by
1492 		 * configfs_dirent_lock.
1493 		 * If no dependent, atomically tag the item as dropping.
1494 		 */
1495 		ret = sd->s_dependent_count ? -EBUSY : 0;
1496 		if (!ret) {
1497 			ret = configfs_detach_prep(dentry, &wait);
1498 			if (ret)
1499 				configfs_detach_rollback(dentry);
1500 		}
1501 		spin_unlock(&configfs_dirent_lock);
1502 		mutex_unlock(&configfs_symlink_mutex);
1503 
1504 		if (ret) {
1505 			if (ret != -EAGAIN) {
1506 				config_item_put(parent_item);
1507 				return ret;
1508 			}
1509 
1510 			/* Wait until the racing operation terminates */
1511 			inode_lock(d_inode(wait));
1512 			inode_unlock(d_inode(wait));
1513 			dput(wait);
1514 		}
1515 	} while (ret == -EAGAIN);
1516 
1517 	frag = sd->s_frag;
1518 	if (down_write_killable(&frag->frag_sem)) {
1519 		spin_lock(&configfs_dirent_lock);
1520 		configfs_detach_rollback(dentry);
1521 		spin_unlock(&configfs_dirent_lock);
1522 		config_item_put(parent_item);
1523 		return -EINTR;
1524 	}
1525 	frag->frag_dead = true;
1526 	up_write(&frag->frag_sem);
1527 
1528 	/* Get a working ref for the duration of this function */
1529 	item = configfs_get_config_item(dentry);
1530 
1531 	/* Drop reference from above, item already holds one. */
1532 	config_item_put(parent_item);
1533 
1534 	if (item->ci_type)
1535 		dead_item_owner = item->ci_type->ct_owner;
1536 
1537 	if (sd->s_type & CONFIGFS_USET_DIR) {
1538 		configfs_detach_group(item);
1539 
1540 		mutex_lock(&subsys->su_mutex);
1541 		client_disconnect_notify(parent_item, item);
1542 		unlink_group(to_config_group(item));
1543 	} else {
1544 		configfs_detach_item(item);
1545 
1546 		mutex_lock(&subsys->su_mutex);
1547 		client_disconnect_notify(parent_item, item);
1548 		unlink_obj(item);
1549 	}
1550 
1551 	client_drop_item(parent_item, item);
1552 	mutex_unlock(&subsys->su_mutex);
1553 
1554 	/* Drop our reference from above */
1555 	config_item_put(item);
1556 
1557 	module_put(dead_item_owner);
1558 	module_put(subsys_owner);
1559 
1560 	return 0;
1561 }
1562 
1563 const struct inode_operations configfs_dir_inode_operations = {
1564 	.mkdir		= configfs_mkdir,
1565 	.rmdir		= configfs_rmdir,
1566 	.symlink	= configfs_symlink,
1567 	.unlink		= configfs_unlink,
1568 	.lookup		= configfs_lookup,
1569 	.setattr	= configfs_setattr,
1570 };
1571 
1572 const struct inode_operations configfs_root_inode_operations = {
1573 	.lookup		= configfs_lookup,
1574 	.setattr	= configfs_setattr,
1575 };
1576 
configfs_dir_open(struct inode * inode,struct file * file)1577 static int configfs_dir_open(struct inode *inode, struct file *file)
1578 {
1579 	struct dentry * dentry = file->f_path.dentry;
1580 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1581 	int err;
1582 
1583 	inode_lock(d_inode(dentry));
1584 	/*
1585 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1586 	 * being attached
1587 	 */
1588 	err = -ENOENT;
1589 	if (configfs_dirent_is_ready(parent_sd)) {
1590 		file->private_data = configfs_new_dirent(parent_sd, NULL, 0, NULL);
1591 		if (IS_ERR(file->private_data))
1592 			err = PTR_ERR(file->private_data);
1593 		else
1594 			err = 0;
1595 	}
1596 	inode_unlock(d_inode(dentry));
1597 
1598 	return err;
1599 }
1600 
configfs_dir_close(struct inode * inode,struct file * file)1601 static int configfs_dir_close(struct inode *inode, struct file *file)
1602 {
1603 	struct dentry * dentry = file->f_path.dentry;
1604 	struct configfs_dirent * cursor = file->private_data;
1605 
1606 	inode_lock(d_inode(dentry));
1607 	spin_lock(&configfs_dirent_lock);
1608 	list_del_init(&cursor->s_sibling);
1609 	spin_unlock(&configfs_dirent_lock);
1610 	inode_unlock(d_inode(dentry));
1611 
1612 	release_configfs_dirent(cursor);
1613 
1614 	return 0;
1615 }
1616 
1617 /* Relationship between s_mode and the DT_xxx types */
dt_type(struct configfs_dirent * sd)1618 static inline unsigned char dt_type(struct configfs_dirent *sd)
1619 {
1620 	return (sd->s_mode >> 12) & 15;
1621 }
1622 
configfs_readdir(struct file * file,struct dir_context * ctx)1623 static int configfs_readdir(struct file *file, struct dir_context *ctx)
1624 {
1625 	struct dentry *dentry = file->f_path.dentry;
1626 	struct super_block *sb = dentry->d_sb;
1627 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1628 	struct configfs_dirent *cursor = file->private_data;
1629 	struct list_head *p, *q = &cursor->s_sibling;
1630 	ino_t ino = 0;
1631 
1632 	if (!dir_emit_dots(file, ctx))
1633 		return 0;
1634 	spin_lock(&configfs_dirent_lock);
1635 	if (ctx->pos == 2)
1636 		list_move(q, &parent_sd->s_children);
1637 	for (p = q->next; p != &parent_sd->s_children; p = p->next) {
1638 		struct configfs_dirent *next;
1639 		const char *name;
1640 		int len;
1641 		struct inode *inode = NULL;
1642 
1643 		next = list_entry(p, struct configfs_dirent, s_sibling);
1644 		if (!next->s_element)
1645 			continue;
1646 
1647 		/*
1648 		 * We'll have a dentry and an inode for
1649 		 * PINNED items and for open attribute
1650 		 * files.  We lock here to prevent a race
1651 		 * with configfs_d_iput() clearing
1652 		 * s_dentry before calling iput().
1653 		 *
1654 		 * Why do we go to the trouble?  If
1655 		 * someone has an attribute file open,
1656 		 * the inode number should match until
1657 		 * they close it.  Beyond that, we don't
1658 		 * care.
1659 		 */
1660 		dentry = next->s_dentry;
1661 		if (dentry)
1662 			inode = d_inode(dentry);
1663 		if (inode)
1664 			ino = inode->i_ino;
1665 		spin_unlock(&configfs_dirent_lock);
1666 		if (!inode)
1667 			ino = iunique(sb, 2);
1668 
1669 		name = configfs_get_name(next);
1670 		len = strlen(name);
1671 
1672 		if (!dir_emit(ctx, name, len, ino, dt_type(next)))
1673 			return 0;
1674 
1675 		spin_lock(&configfs_dirent_lock);
1676 		list_move(q, p);
1677 		p = q;
1678 		ctx->pos++;
1679 	}
1680 	spin_unlock(&configfs_dirent_lock);
1681 	return 0;
1682 }
1683 
configfs_dir_lseek(struct file * file,loff_t offset,int whence)1684 static loff_t configfs_dir_lseek(struct file *file, loff_t offset, int whence)
1685 {
1686 	struct dentry * dentry = file->f_path.dentry;
1687 
1688 	switch (whence) {
1689 		case 1:
1690 			offset += file->f_pos;
1691 			fallthrough;
1692 		case 0:
1693 			if (offset >= 0)
1694 				break;
1695 			fallthrough;
1696 		default:
1697 			return -EINVAL;
1698 	}
1699 	if (offset != file->f_pos) {
1700 		file->f_pos = offset;
1701 		if (file->f_pos >= 2) {
1702 			struct configfs_dirent *sd = dentry->d_fsdata;
1703 			struct configfs_dirent *cursor = file->private_data;
1704 			struct list_head *p;
1705 			loff_t n = file->f_pos - 2;
1706 
1707 			spin_lock(&configfs_dirent_lock);
1708 			list_del(&cursor->s_sibling);
1709 			p = sd->s_children.next;
1710 			while (n && p != &sd->s_children) {
1711 				struct configfs_dirent *next;
1712 				next = list_entry(p, struct configfs_dirent,
1713 						   s_sibling);
1714 				if (next->s_element)
1715 					n--;
1716 				p = p->next;
1717 			}
1718 			list_add_tail(&cursor->s_sibling, p);
1719 			spin_unlock(&configfs_dirent_lock);
1720 		}
1721 	}
1722 	return offset;
1723 }
1724 
1725 const struct file_operations configfs_dir_operations = {
1726 	.open		= configfs_dir_open,
1727 	.release	= configfs_dir_close,
1728 	.llseek		= configfs_dir_lseek,
1729 	.read		= generic_read_dir,
1730 	.iterate_shared	= configfs_readdir,
1731 };
1732 
1733 /**
1734  * configfs_register_group - creates a parent-child relation between two groups
1735  * @parent_group:	parent group
1736  * @group:		child group
1737  *
1738  * link groups, creates dentry for the child and attaches it to the
1739  * parent dentry.
1740  *
1741  * Return: 0 on success, negative errno code on error
1742  */
configfs_register_group(struct config_group * parent_group,struct config_group * group)1743 int configfs_register_group(struct config_group *parent_group,
1744 			    struct config_group *group)
1745 {
1746 	struct configfs_subsystem *subsys = parent_group->cg_subsys;
1747 	struct dentry *parent;
1748 	struct configfs_fragment *frag;
1749 	int ret;
1750 
1751 	frag = new_fragment();
1752 	if (!frag)
1753 		return -ENOMEM;
1754 
1755 	mutex_lock(&subsys->su_mutex);
1756 	link_group(parent_group, group);
1757 	mutex_unlock(&subsys->su_mutex);
1758 
1759 	parent = parent_group->cg_item.ci_dentry;
1760 
1761 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1762 	ret = create_default_group(parent_group, group, frag);
1763 	if (ret)
1764 		goto err_out;
1765 
1766 	spin_lock(&configfs_dirent_lock);
1767 	configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
1768 	spin_unlock(&configfs_dirent_lock);
1769 	inode_unlock(d_inode(parent));
1770 	put_fragment(frag);
1771 	return 0;
1772 err_out:
1773 	inode_unlock(d_inode(parent));
1774 	mutex_lock(&subsys->su_mutex);
1775 	unlink_group(group);
1776 	mutex_unlock(&subsys->su_mutex);
1777 	put_fragment(frag);
1778 	return ret;
1779 }
1780 EXPORT_SYMBOL(configfs_register_group);
1781 
1782 /**
1783  * configfs_unregister_group() - unregisters a child group from its parent
1784  * @group: parent group to be unregistered
1785  *
1786  * Undoes configfs_register_group()
1787  */
configfs_unregister_group(struct config_group * group)1788 void configfs_unregister_group(struct config_group *group)
1789 {
1790 	struct configfs_subsystem *subsys = group->cg_subsys;
1791 	struct dentry *dentry = group->cg_item.ci_dentry;
1792 	struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
1793 	struct configfs_dirent *sd = dentry->d_fsdata;
1794 	struct configfs_fragment *frag = sd->s_frag;
1795 
1796 	down_write(&frag->frag_sem);
1797 	frag->frag_dead = true;
1798 	up_write(&frag->frag_sem);
1799 
1800 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1801 	spin_lock(&configfs_dirent_lock);
1802 	configfs_detach_prep(dentry, NULL);
1803 	spin_unlock(&configfs_dirent_lock);
1804 
1805 	configfs_detach_group(&group->cg_item);
1806 	d_inode(dentry)->i_flags |= S_DEAD;
1807 	dont_mount(dentry);
1808 	fsnotify_rmdir(d_inode(parent), dentry);
1809 	d_delete(dentry);
1810 	inode_unlock(d_inode(parent));
1811 
1812 	dput(dentry);
1813 
1814 	mutex_lock(&subsys->su_mutex);
1815 	unlink_group(group);
1816 	mutex_unlock(&subsys->su_mutex);
1817 }
1818 EXPORT_SYMBOL(configfs_unregister_group);
1819 
1820 /**
1821  * configfs_register_default_group() - allocates and registers a child group
1822  * @parent_group:	parent group
1823  * @name:		child group name
1824  * @item_type:		child item type description
1825  *
1826  * boilerplate to allocate and register a child group with its parent. We need
1827  * kzalloc'ed memory because child's default_group is initially empty.
1828  *
1829  * Return: allocated config group or ERR_PTR() on error
1830  */
1831 struct config_group *
configfs_register_default_group(struct config_group * parent_group,const char * name,const struct config_item_type * item_type)1832 configfs_register_default_group(struct config_group *parent_group,
1833 				const char *name,
1834 				const struct config_item_type *item_type)
1835 {
1836 	int ret;
1837 	struct config_group *group;
1838 
1839 	group = kzalloc(sizeof(*group), GFP_KERNEL);
1840 	if (!group)
1841 		return ERR_PTR(-ENOMEM);
1842 	config_group_init_type_name(group, name, item_type);
1843 
1844 	ret = configfs_register_group(parent_group, group);
1845 	if (ret) {
1846 		kfree(group);
1847 		return ERR_PTR(ret);
1848 	}
1849 	return group;
1850 }
1851 EXPORT_SYMBOL(configfs_register_default_group);
1852 
1853 /**
1854  * configfs_unregister_default_group() - unregisters and frees a child group
1855  * @group:	the group to act on
1856  */
configfs_unregister_default_group(struct config_group * group)1857 void configfs_unregister_default_group(struct config_group *group)
1858 {
1859 	configfs_unregister_group(group);
1860 	kfree(group);
1861 }
1862 EXPORT_SYMBOL(configfs_unregister_default_group);
1863 
configfs_register_subsystem(struct configfs_subsystem * subsys)1864 int configfs_register_subsystem(struct configfs_subsystem *subsys)
1865 {
1866 	int err;
1867 	struct config_group *group = &subsys->su_group;
1868 	struct dentry *dentry;
1869 	struct dentry *root;
1870 	struct configfs_dirent *sd;
1871 	struct configfs_fragment *frag;
1872 
1873 	frag = new_fragment();
1874 	if (!frag)
1875 		return -ENOMEM;
1876 
1877 	root = configfs_pin_fs();
1878 	if (IS_ERR(root)) {
1879 		put_fragment(frag);
1880 		return PTR_ERR(root);
1881 	}
1882 
1883 	if (!group->cg_item.ci_name)
1884 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
1885 
1886 	sd = root->d_fsdata;
1887 	link_group(to_config_group(sd->s_element), group);
1888 
1889 	inode_lock_nested(d_inode(root), I_MUTEX_PARENT);
1890 
1891 	err = -ENOMEM;
1892 	dentry = d_alloc_name(root, group->cg_item.ci_name);
1893 	if (dentry) {
1894 		d_add(dentry, NULL);
1895 
1896 		err = configfs_attach_group(sd->s_element, &group->cg_item,
1897 					    dentry, frag);
1898 		if (err) {
1899 			BUG_ON(d_inode(dentry));
1900 			d_drop(dentry);
1901 			dput(dentry);
1902 		} else {
1903 			spin_lock(&configfs_dirent_lock);
1904 			configfs_dir_set_ready(dentry->d_fsdata);
1905 			spin_unlock(&configfs_dirent_lock);
1906 		}
1907 	}
1908 
1909 	inode_unlock(d_inode(root));
1910 
1911 	if (err) {
1912 		unlink_group(group);
1913 		configfs_release_fs();
1914 	}
1915 	put_fragment(frag);
1916 
1917 	return err;
1918 }
1919 
configfs_unregister_subsystem(struct configfs_subsystem * subsys)1920 void configfs_unregister_subsystem(struct configfs_subsystem *subsys)
1921 {
1922 	struct config_group *group = &subsys->su_group;
1923 	struct dentry *dentry = group->cg_item.ci_dentry;
1924 	struct dentry *root = dentry->d_sb->s_root;
1925 	struct configfs_dirent *sd = dentry->d_fsdata;
1926 	struct configfs_fragment *frag = sd->s_frag;
1927 
1928 	if (dentry->d_parent != root) {
1929 		pr_err("Tried to unregister non-subsystem!\n");
1930 		return;
1931 	}
1932 
1933 	down_write(&frag->frag_sem);
1934 	frag->frag_dead = true;
1935 	up_write(&frag->frag_sem);
1936 
1937 	inode_lock_nested(d_inode(root),
1938 			  I_MUTEX_PARENT);
1939 	inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
1940 	mutex_lock(&configfs_symlink_mutex);
1941 	spin_lock(&configfs_dirent_lock);
1942 	if (configfs_detach_prep(dentry, NULL)) {
1943 		pr_err("Tried to unregister non-empty subsystem!\n");
1944 	}
1945 	spin_unlock(&configfs_dirent_lock);
1946 	mutex_unlock(&configfs_symlink_mutex);
1947 	configfs_detach_group(&group->cg_item);
1948 	d_inode(dentry)->i_flags |= S_DEAD;
1949 	dont_mount(dentry);
1950 	fsnotify_rmdir(d_inode(root), dentry);
1951 	inode_unlock(d_inode(dentry));
1952 
1953 	d_delete(dentry);
1954 
1955 	inode_unlock(d_inode(root));
1956 
1957 	dput(dentry);
1958 
1959 	unlink_group(group);
1960 	configfs_release_fs();
1961 }
1962 
1963 EXPORT_SYMBOL(configfs_register_subsystem);
1964 EXPORT_SYMBOL(configfs_unregister_subsystem);
1965