From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail202.messagelabs.com (mail202.messagelabs.com [216.82.254.227]) by kanga.kvack.org (Postfix) with SMTP id 448385F0001 for ; Sat, 11 Apr 2009 08:01:42 -0400 (EDT) Subject: [RFC][PATCH 0/9] File descriptor hot-unplug support From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:01:29 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: A couple of weeks ago I found myself looking at the uio, seeing that it does not support pci hot-unplug, and thinking "Great yet another implementation of hotunplug logic that needs to be added". I decided to see what it would take to add a generic implementation of the code we have for supporting hot unplugging devices in sysfs, proc, sysctl, tty_io, and now almost in the tun driver. Not long after I touched the tun driver and made it safe to delete the network device while still holding it's file descriptor open I someone else touch the code adding a different feature and my careful work went up in flames. Which brought home another point at the best of it this is ultimately complex tricky code that subsystems should not need to worry about. What makes this even more interesting is that in the presence of pci hot-unplug it looks like most subsystems and most devices will have to deal with the issue one way or another. This infrastructure could also be used to implement sys_revoke and when I could not think of a better name I have drawn on that. The following changes draw on and generalize the work in tty_io sysfs, proc, and sysctl and move it into the vfs level. Where the basic primitives are running faster, and the solution more general. The work is not complete. I have only fully converted proc. And there are more places in the vfs that need to be touched. But it is close enough the code works in practice and all of the core challenges should have been solved, and the design should be clear. Documentation/filesystems/vfs.txt | 4 + drivers/char/pty.c | 2 +- drivers/char/tty_io.c | 2 +- fs/Makefile | 2 +- fs/compat.c | 31 +++- fs/fcntl.c | 32 +++-- fs/file_table.c | 189 ++++++++++++++++++--- fs/inode.c | 1 + fs/ioctl.c | 39 +++-- fs/locks.c | 81 +++++++-- fs/open.c | 32 +++- fs/proc/generic.c | 100 ++++-------- fs/proc/inode.c | 339 +------------------------------------ fs/proc/internal.h | 2 + fs/proc/root.c | 2 +- fs/read_write.c | 143 ++++++++++++---- fs/readdir.c | 14 ++- fs/revoked_file.c | 181 ++++++++++++++++++++ fs/select.c | 17 ++- fs/super.c | 49 +++--- fs/sysfs/bin.c | 193 +--------------------- include/linux/fs.h | 31 +++- include/linux/mm.h | 3 + include/linux/proc_fs.h | 4 - mm/memory.c | 96 +++++++++++ 25 files changed, 841 insertions(+), 748 deletions(-) Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail203.messagelabs.com (mail203.messagelabs.com [216.82.254.243]) by kanga.kvack.org (Postfix) with SMTP id 05DAB5F0001 for ; Sat, 11 Apr 2009 08:03:24 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:03:23 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 1/9] mm: Introduce remap_file_mappings. Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail203.messagelabs.com (mail203.messagelabs.com [216.82.254.243]) by kanga.kvack.org (Postfix) with SMTP id 51EA05F0001 for ; Sat, 11 Apr 2009 08:05:23 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:05:23 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 2/9] mm: Implement generic support for revoking a mapping. Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Signed-off-by: Eric W. Biederman --- include/linux/mm.h | 2 ++ mm/memory.c | 9 +++++++++ 2 files changed, 11 insertions(+), 0 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 96d8342..3fcbb8e 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -807,6 +807,8 @@ static inline void unmap_shared_mapping_range(struct address_space *mapping, extern int vmtruncate(struct inode * inode, loff_t offset); extern int vmtruncate_range(struct inode * inode, loff_t offset, loff_t end); + +extern struct vm_operations_struct revoked_vm_ops; extern void remap_file_mappings(struct file *file, struct vm_operations_struct *vm_ops); #ifdef CONFIG_MMU diff --git a/mm/memory.c b/mm/memory.c index dcd0a3c..f68c84e 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2378,6 +2378,15 @@ out: spin_lock(&mapping->i_mmap_lock); } +static int revoked_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +{ + return VM_FAULT_SIGBUS; +} + +struct vm_operations_struct revoked_vm_ops = { + .fault = revoked_fault, +}; + void remap_file_mappings(struct file *file, struct vm_operations_struct *vm_ops) { /* After file->f_ops has been changed update the vmas */ -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail137.messagelabs.com (mail137.messagelabs.com [216.82.249.19]) by kanga.kvack.org (Postfix) with SMTP id C9FD15F0001 for ; Sat, 11 Apr 2009 08:06:10 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:06:11 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 3/9] sysfs: Use remap_file_mappings. Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Instead of wrapping all of the sysfs binary file vm operations when the backing kobject goes away, we can more easily change vm_ops on the vma when the backing kobject goes away. Leading to simpler and more easily maintained code. Signed-off-by: Eric W. Biederman --- fs/sysfs/bin.c | 193 +------------------------------------------------------- 1 files changed, 2 insertions(+), 191 deletions(-) diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c index 93e0c02..898163c 100644 --- a/fs/sysfs/bin.c +++ b/fs/sysfs/bin.c @@ -39,8 +39,6 @@ static DEFINE_MUTEX(sysfs_bin_lock); struct bin_buffer { struct mutex mutex; void *buffer; - int mmapped; - struct vm_operations_struct *vm_ops; struct file *file; struct hlist_node list; }; @@ -181,175 +179,6 @@ out_free: return count; } -static void bin_vma_open(struct vm_area_struct *vma) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - - if (!bb->vm_ops || !bb->vm_ops->open) - return; - - if (!sysfs_get_active_two(attr_sd)) - return; - - bb->vm_ops->open(vma); - - sysfs_put_active_two(attr_sd); -} - -static void bin_vma_close(struct vm_area_struct *vma) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - - if (!bb->vm_ops || !bb->vm_ops->close) - return; - - if (!sysfs_get_active_two(attr_sd)) - return; - - bb->vm_ops->close(vma); - - sysfs_put_active_two(attr_sd); -} - -static int bin_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - int ret; - - if (!bb->vm_ops || !bb->vm_ops->fault) - return VM_FAULT_SIGBUS; - - if (!sysfs_get_active_two(attr_sd)) - return VM_FAULT_SIGBUS; - - ret = bb->vm_ops->fault(vma, vmf); - - sysfs_put_active_two(attr_sd); - return ret; -} - -static int bin_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - int ret; - - if (!bb->vm_ops) - return VM_FAULT_SIGBUS; - - if (!bb->vm_ops->page_mkwrite) - return 0; - - if (!sysfs_get_active_two(attr_sd)) - return VM_FAULT_SIGBUS; - - ret = bb->vm_ops->page_mkwrite(vma, vmf); - - sysfs_put_active_two(attr_sd); - return ret; -} - -static int bin_access(struct vm_area_struct *vma, unsigned long addr, - void *buf, int len, int write) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - int ret; - - if (!bb->vm_ops || !bb->vm_ops->access) - return -EINVAL; - - if (!sysfs_get_active_two(attr_sd)) - return -EINVAL; - - ret = bb->vm_ops->access(vma, addr, buf, len, write); - - sysfs_put_active_two(attr_sd); - return ret; -} - -#ifdef CONFIG_NUMA -static int bin_set_policy(struct vm_area_struct *vma, struct mempolicy *new) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - int ret; - - if (!bb->vm_ops || !bb->vm_ops->set_policy) - return 0; - - if (!sysfs_get_active_two(attr_sd)) - return -EINVAL; - - ret = bb->vm_ops->set_policy(vma, new); - - sysfs_put_active_two(attr_sd); - return ret; -} - -static struct mempolicy *bin_get_policy(struct vm_area_struct *vma, - unsigned long addr) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - struct mempolicy *pol; - - if (!bb->vm_ops || !bb->vm_ops->get_policy) - return vma->vm_policy; - - if (!sysfs_get_active_two(attr_sd)) - return vma->vm_policy; - - pol = bb->vm_ops->get_policy(vma, addr); - - sysfs_put_active_two(attr_sd); - return pol; -} - -static int bin_migrate(struct vm_area_struct *vma, const nodemask_t *from, - const nodemask_t *to, unsigned long flags) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - int ret; - - if (!bb->vm_ops || !bb->vm_ops->migrate) - return 0; - - if (!sysfs_get_active_two(attr_sd)) - return 0; - - ret = bb->vm_ops->migrate(vma, from, to, flags); - - sysfs_put_active_two(attr_sd); - return ret; -} -#endif - -static struct vm_operations_struct bin_vm_ops = { - .open = bin_vma_open, - .close = bin_vma_close, - .fault = bin_fault, - .page_mkwrite = bin_page_mkwrite, - .access = bin_access, -#ifdef CONFIG_NUMA - .set_policy = bin_set_policy, - .get_policy = bin_get_policy, - .migrate = bin_migrate, -#endif -}; - static int mmap(struct file *file, struct vm_area_struct *vma) { struct bin_buffer *bb = file->private_data; @@ -370,25 +199,7 @@ static int mmap(struct file *file, struct vm_area_struct *vma) goto out_put; rc = attr->mmap(kobj, attr, vma); - if (rc) - goto out_put; - - /* - * PowerPC's pci_mmap of legacy_mem uses shmem_zero_setup() - * to satisfy versions of X which crash if the mmap fails: that - * substitutes a new vm_file, and we don't then want bin_vm_ops. - */ - if (vma->vm_file != file) - goto out_put; - - rc = -EINVAL; - if (bb->mmapped && bb->vm_ops != vma->vm_ops) - goto out_put; - rc = 0; - bb->mmapped = 1; - bb->vm_ops = vma->vm_ops; - vma->vm_ops = &bin_vm_ops; out_put: sysfs_put_active_two(attr_sd); out_unlock: @@ -475,9 +286,9 @@ void unmap_bin_file(struct sysfs_dirent *attr_sd) mutex_lock(&sysfs_bin_lock); hlist_for_each_entry(bb, tmp, &attr_sd->s_bin_attr.buffers, list) { - struct inode *inode = bb->file->f_path.dentry->d_inode; + struct file *file = bb->file; - unmap_mapping_range(inode->i_mapping, 0, 0, 1); + remap_file_mappings(file, &revoked_vm_ops); } mutex_unlock(&sysfs_bin_lock); -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with SMTP id 5B3175F0001 for ; Sat, 11 Apr 2009 08:07:38 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:07:39 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 4/9] vfs: Generalize the file_list Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: file_list_lock is held when files are being revoked aka hung up on in tty_io, and also needs to be done in a more general revoke case. The more general revoke case also needs to sleep so I have converted file_list_lock into a mutex. To make it clear what is on the file list and when I have changed file_move to file_add. The callers have been modified to to ensure file_add is called exactly once on a file. In __dentry_open file_add is called on everything except device files. In __ptmx_open and __tty_open file_add is called to place the ttys on the tty_files list. To make using the file_list for efficient for handling revokes I have moved the list head from the superblock to the inode. This means only relevant files need to be looked at. fs_may_remount_ro and mark_files_ro have been modified to walk the inode list to find all of the inodes and then to walk the file list on those inodes. It is a slightly slower process but just as efficient and potentially more correct as inodes may have some influence on the the rw state of the filesystem that files do not. Signed-off-by: Eric W. Biederman --- drivers/char/pty.c | 2 +- drivers/char/tty_io.c | 2 +- fs/file_table.c | 27 ++++++++++++++++++--------- fs/inode.c | 1 + fs/open.c | 3 ++- fs/super.c | 49 +++++++++++++++++++++++++++---------------------- include/linux/fs.h | 10 +++++----- 7 files changed, 55 insertions(+), 39 deletions(-) diff --git a/drivers/char/pty.c b/drivers/char/pty.c index 31038a0..3ed304c 100644 --- a/drivers/char/pty.c +++ b/drivers/char/pty.c @@ -662,7 +662,7 @@ static int __ptmx_open(struct inode *inode, struct file *filp) set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */ filp->private_data = tty; - file_move(filp, &tty->tty_files); + file_add(filp, &tty->tty_files); retval = devpts_pty_new(inode, tty->link); if (retval) diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index 66b99a2..22b978e 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -1836,7 +1836,7 @@ got_driver: return PTR_ERR(tty); filp->private_data = tty; - file_move(filp, &tty->tty_files); + file_add(filp, &tty->tty_files); check_tty_count(tty, "tty_open"); if (tty->driver->type == TTY_DRIVER_TYPE_PTY && tty->driver->subtype == PTY_TYPE_MASTER) diff --git a/fs/file_table.c b/fs/file_table.c index 54018fe..03d74b6 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -22,6 +22,7 @@ #include #include #include +#include #include @@ -31,7 +32,7 @@ struct files_stat_struct files_stat = { }; /* public. Not pretty! */ -__cacheline_aligned_in_smp DEFINE_SPINLOCK(files_lock); +__cacheline_aligned_in_smp DEFINE_MUTEX(files_lock); /* SLAB cache for file structures */ static struct kmem_cache *filp_cachep __read_mostly; @@ -357,12 +358,12 @@ void put_filp(struct file *file) } } -void file_move(struct file *file, struct list_head *list) +void file_add(struct file *file, struct list_head *list) { if (!list) return; file_list_lock(); - list_move(&file->f_u.fu_list, list); + list_add(&file->f_u.fu_list, list); file_list_unlock(); } @@ -377,24 +378,32 @@ void file_kill(struct file *file) int fs_may_remount_ro(struct super_block *sb) { + struct inode *inode; struct file *file; /* Check that no files are currently opened for writing. */ file_list_lock(); - list_for_each_entry(file, &sb->s_files, f_u.fu_list) { - struct inode *inode = file->f_path.dentry->d_inode; - + spin_lock(&inode_lock); + list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { /* File with pending delete? */ if (inode->i_nlink == 0) goto too_bad; - /* Writeable file? */ - if (S_ISREG(inode->i_mode) && (file->f_mode & FMODE_WRITE)) - goto too_bad; + /* Regular file */ + if (!S_ISREG(inode->i_mode)) + continue; + + list_for_each_entry(file, &inode->i_files, f_u.fu_list) { + /* Writeable file? */ + if (file->f_mode & FMODE_WRITE) + goto too_bad; + } } + spin_unlock(&inode_lock); file_list_unlock(); return 1; /* Tis' cool bro. */ too_bad: + spin_unlock(&inode_lock); file_list_unlock(); return 0; } diff --git a/fs/inode.c b/fs/inode.c index d06d6d2..9682caf 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -238,6 +238,7 @@ void inode_init_once(struct inode *inode) memset(inode, 0, sizeof(*inode)); INIT_HLIST_NODE(&inode->i_hash); INIT_LIST_HEAD(&inode->i_dentry); + INIT_LIST_HEAD(&inode->i_files); INIT_LIST_HEAD(&inode->i_devices); INIT_RADIX_TREE(&inode->i_data.page_tree, GFP_ATOMIC); spin_lock_init(&inode->i_data.tree_lock); diff --git a/fs/open.c b/fs/open.c index 377eb25..5e201cb 100644 --- a/fs/open.c +++ b/fs/open.c @@ -828,7 +828,8 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, f->f_path.mnt = mnt; f->f_pos = 0; f->f_op = fops_get(inode->i_fop); - file_move(f, &inode->i_sb->s_files); + if (!special_file(inode->i_mode)) + file_add(f, &inode->i_files); error = security_dentry_open(f, cred); if (error) diff --git a/fs/super.c b/fs/super.c index 786fe7d..e55299c 100644 --- a/fs/super.c +++ b/fs/super.c @@ -67,7 +67,6 @@ static struct super_block *alloc_super(struct file_system_type *type) INIT_LIST_HEAD(&s->s_dirty); INIT_LIST_HEAD(&s->s_io); INIT_LIST_HEAD(&s->s_more_io); - INIT_LIST_HEAD(&s->s_files); INIT_LIST_HEAD(&s->s_instances); INIT_HLIST_HEAD(&s->s_anon); INIT_LIST_HEAD(&s->s_inodes); @@ -597,32 +596,38 @@ out: static void mark_files_ro(struct super_block *sb) { + struct inode *inode; struct file *f; retry: file_list_lock(); - list_for_each_entry(f, &sb->s_files, f_u.fu_list) { - struct vfsmount *mnt; - if (!S_ISREG(f->f_path.dentry->d_inode->i_mode)) - continue; - if (!file_count(f)) - continue; - if (!(f->f_mode & FMODE_WRITE)) - continue; - f->f_mode &= ~FMODE_WRITE; - if (file_check_writeable(f) != 0) - continue; - file_release_write(f); - mnt = mntget(f->f_path.mnt); - file_list_unlock(); - /* - * This can sleep, so we can't hold - * the file_list_lock() spinlock. - */ - mnt_drop_write(mnt); - mntput(mnt); - goto retry; + spin_lock(&inode_lock); + list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { + list_for_each_entry(f, &inode->i_files, f_u.fu_list) { + struct vfsmount *mnt; + if (!S_ISREG(f->f_path.dentry->d_inode->i_mode)) + continue; + if (!file_count(f)) + continue; + if (!(f->f_mode & FMODE_WRITE)) + continue; + f->f_mode &= ~FMODE_WRITE; + if (file_check_writeable(f) != 0) + continue; + file_release_write(f); + mnt = mntget(f->f_path.mnt); + spin_unlock(&inode_lock); + file_list_unlock(); + /* + * This can sleep, so we can't hold + * the inode_lock spinlock. + */ + mnt_drop_write(mnt); + mntput(mnt); + goto retry; + } } + spin_unlock(&inode_lock); file_list_unlock(); } diff --git a/include/linux/fs.h b/include/linux/fs.h index 562d285..7805d20 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -656,6 +656,7 @@ struct inode { struct list_head i_list; struct list_head i_sb_list; struct list_head i_dentry; + struct list_head i_files; unsigned long i_ino; atomic_t i_count; unsigned int i_nlink; @@ -878,9 +879,9 @@ struct file { unsigned long f_mnt_write_state; #endif }; -extern spinlock_t files_lock; -#define file_list_lock() spin_lock(&files_lock); -#define file_list_unlock() spin_unlock(&files_lock); +extern struct mutex files_lock; +#define file_list_lock() mutex_lock(&files_lock); +#define file_list_unlock() mutex_unlock(&files_lock); #define get_file(x) atomic_long_inc(&(x)->f_count) #define file_count(x) atomic_long_read(&(x)->f_count) @@ -1277,7 +1278,6 @@ struct super_block { struct list_head s_io; /* parked for writeback */ struct list_head s_more_io; /* parked for more writeback */ struct hlist_head s_anon; /* anonymous dentries for (nfs) exporting */ - struct list_head s_files; /* s_dentry_lru and s_nr_dentry_unused are protected by dcache_lock */ struct list_head s_dentry_lru; /* unused dentry lru */ int s_nr_dentry_unused; /* # of dentry on lru */ @@ -2116,7 +2116,7 @@ static inline void insert_inode_hash(struct inode *inode) { } extern struct file * get_empty_filp(void); -extern void file_move(struct file *f, struct list_head *list); +extern void file_add(struct file *f, struct list_head *list); extern void file_kill(struct file *f); #ifdef CONFIG_BLOCK struct bio; -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail143.messagelabs.com (mail143.messagelabs.com [216.82.254.35]) by kanga.kvack.org (Postfix) with SMTP id 2513F5F0001 for ; Sat, 11 Apr 2009 08:08:56 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:08:58 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 5/9] vfs: Introduce basic infrastructure for revoking a file Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Going forward fops_read_lock should be held whenever file->f_op is being accesed and when the functions from f_op are executing. In 4 subsystems sysfs, proc, and sysctl, and tty we have support for modifing a file descriptor so that the underlying object can go away. In looking at the problem of pci hotunplug it appears that we potentially need that support for all file descriptors except ones talking to files on filesystems. Even on for file descriptors referring to files support for file the underlying object going away is interesting for implementing features like umount -f and sys_revoke. The implementations in sysfs, proc and sysctl are all very similar and are composed of several components. - A reference count to track that the file operations are being used. - An ability to flag the file as no longer being valid. - An ability to wait until the reference count is no longer used. Tracking when file_operations functions are running is done by holding the fops_read_lock across their invocations. Flagging when the file is no longer valid will be done by taking f_lock and modifying f_op, with a set of file operations that will return appropriate error codes,. roughly EIO from most operations, POLLERR from poll, and 0 from reads, and setting FMODE_REVOKE. Waiting until the functions are no longer being called is done with by waiting until f_use goes to 0. Essentially the same as synchronize_srcu. When implementing this I encountered an additional challenge. Ensuring that f_op->release is called exactly once, in an appropriate context. To ensure this I have taken several steps. - file_kill is moved immediate after after frelease in __fput to ensure the proper context is present even if fop_substitute calls release. - open sets FMODE_RELEASE after the open succeeds (but before fops_read_unlock) ensuring that fops_subsittute will know if release needs to be called after it has finished waiting for all of the files. - __fput samples fmode and f_op under f_lock and only calls __frelease if FMODE_REVOKE has not happened and FMODE_RELEASE is pending. Leaving it up to fops_subsitutate to call __frelease. - fops_substituate calls __frelease in all cases if after waiting for all users of a file to go to zero FMODE_RELEASE is still set. Signed-off-by: Eric W. Biederman --- Documentation/filesystems/vfs.txt | 4 + fs/file_table.c | 154 ++++++++++++++++++++++++++++++++++--- fs/open.c | 19 ++++- include/linux/fs.h | 19 +++++ 4 files changed, 181 insertions(+), 15 deletions(-) diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt index deeeed0..2b115ba 100644 --- a/Documentation/filesystems/vfs.txt +++ b/Documentation/filesystems/vfs.txt @@ -807,6 +807,10 @@ otherwise noted. splice_read: called by the VFS to splice data from file to a pipe. This method is used by the splice(2) system call + awaken_all_waiters: Called in while revoking a file to wake up poll, + aio operations, fasync, and anything else blocked + indefinitely waiting for something to happen. + Note that the file operations are implemented by the specific filesystem in which the inode resides. When opening a device node (character or block special) most filesystems will call special diff --git a/fs/file_table.c b/fs/file_table.c index 03d74b6..d216557 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -23,6 +23,7 @@ #include #include #include +#include #include @@ -204,7 +205,7 @@ int init_file(struct file *file, struct vfsmount *mnt, struct dentry *dentry, file->f_path.dentry = dentry; file->f_path.mnt = mntget(mnt); file->f_mapping = dentry->d_inode->i_mapping; - file->f_mode = mode; + file->f_mode = mode | FMODE_RELEASE; file->f_op = fop; /* @@ -255,6 +256,51 @@ void drop_file_write_access(struct file *file) } EXPORT_SYMBOL_GPL(drop_file_write_access); +static void __frelease(struct file *file, struct inode *inode, + const struct file_operations *f_op) +{ + locks_remove_flock(file); + if (unlikely(file->f_flags & FASYNC)) { + if (f_op && f_op->fasync) + file->f_op->fasync(-1, file, 0); + } + if (f_op && f_op->release) + f_op->release(inode, file); + + if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL)) + cdev_put(inode->i_cdev); +} + +static void frelease(struct file *file, struct inode *inode) + +{ + const struct file_operations *f_op; + int fops_idx; + fmode_t mode; + int need_release = 0; + + fops_idx = fops_read_lock(file); + + /* + * Ensure that __frelease is called exactly once. + * + * We don't do anything if FMODE_REVOKED is set because + * we will have a f_op without the proper release method + * and so can not cleanup from this path. + */ + spin_lock(&file->f_lock); + f_op = file->f_op; + mode = file->f_mode; + need_release = (mode & (FMODE_REVOKED | FMODE_RELEASE)) == FMODE_RELEASE; + if (need_release) + file->f_mode = mode & ~FMODE_RELEASE; + spin_unlock(&file->f_lock); + + if (need_release) + __frelease(file, inode, f_op); + fops_read_unlock(file, fops_idx); +} + /* __fput is called from task context when aio completion releases the last * last use of a struct file *. Do not use otherwise. */ @@ -272,21 +318,14 @@ void __fput(struct file *file) * in the file cleanup chain. */ eventpoll_release(file); - locks_remove_flock(file); - if (unlikely(file->f_flags & FASYNC)) { - if (file->f_op && file->f_op->fasync) - file->f_op->fasync(-1, file, 0); - } - if (file->f_op && file->f_op->release) - file->f_op->release(inode, file); + frelease(file, inode); + file_kill(file); + security_file_free(file); ima_file_free(file); - if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL)) - cdev_put(inode->i_cdev); fops_put(file->f_op); put_pid(file->f_owner.pid); - file_kill(file); if (file->f_mode & FMODE_WRITE) drop_file_write_access(file); file->f_path.dentry = NULL; @@ -296,6 +335,78 @@ void __fput(struct file *file) mntput(mnt); } +int fops_substitute(struct file *file, const struct file_operations *f_op, + struct vm_operations_struct *vm_ops) +{ + /* Must be called with file_list_lock held */ + /* This currently assumes that the new f_op does not need + * open or release to be called. + * This currently assumes that it will not be called twice + * on the same file. + */ + const struct file_operations *old_f_op; + fmode_t mode; + int err; + + err = -EINVAL; + f_op = fops_get(f_op); + if (!f_op) + goto out; + /* + * Ensure we have no new users of the old f_ops. + * Assignment order is important here. + */ + spin_lock(&file->f_lock); + old_f_op = file->f_op; + rcu_assign_pointer(file->f_op, f_op); + file->f_mode |= FMODE_REVOKED; + spin_unlock(&file->f_lock); + + /* + * Drain the existing uses of the original f_ops. + */ + remap_file_mappings(file, vm_ops); + if (old_f_op->awaken_all_waiters) + old_f_op->awaken_all_waiters(file); + + /* + * Wait until there are no more callers in the original + * file_operations methods. + */ + while (atomic_long_read(&file->f_use) > 0) + schedule_timeout_interruptible(1); + + /* + * Cleanup the data structures that were associated + * with the old fops. + */ + spin_lock(&file->f_lock); + mode = file->f_mode; + file->f_mode = mode & ~FMODE_RELEASE; + spin_unlock(&file->f_lock); + if (mode & FMODE_RELEASE) + __frelease(file, file->f_path.dentry->d_inode, old_f_op); + fops_put(old_f_op); + file->private_data = NULL; + err = 0; +out: + return err; +} + +void inode_fops_substitute(struct inode *inode, + const struct file_operations *f_op, + struct vm_operations_struct *vm_ops) +{ + struct file *file; + + file_list_lock(); + /* Prevent new files from showing up with the old f_ops */ + inode->i_fop = f_op; + list_for_each_entry(file, &inode->i_files, f_u.fu_list) + fops_substitute(file, f_op, vm_ops); + file_list_unlock(); +} + struct file *fget(unsigned int fd) { struct file *file; @@ -358,12 +469,17 @@ void put_filp(struct file *file) } } +void __file_add(struct file *file, struct list_head *list) +{ + list_add(&file->f_u.fu_list, list); +} + void file_add(struct file *file, struct list_head *list) { if (!list) return; file_list_lock(); - list_add(&file->f_u.fu_list, list); + __file_add(file, list); file_list_unlock(); } @@ -376,6 +492,20 @@ void file_kill(struct file *file) } } +int fops_read_lock(struct file *file) +{ + int revoked = (file->f_mode & FMODE_REVOKED); + if (likely(!revoked)) + atomic_long_inc(&file->f_use); + return revoked; +} + +void fops_read_unlock(struct file *file, int revoked) +{ + if (likely(!revoked)) + atomic_long_dec(&file->f_use); +} + int fs_may_remount_ro(struct super_block *sb) { struct inode *inode; diff --git a/fs/open.c b/fs/open.c index 5e201cb..0b75dde 100644 --- a/fs/open.c +++ b/fs/open.c @@ -808,7 +808,9 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, int (*open)(struct inode *, struct file *), const struct cred *cred) { + const struct file_operations *f_op; struct inode *inode; + int fops_idx; int error; f->f_flags = flags; @@ -827,21 +829,31 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, f->f_path.dentry = dentry; f->f_path.mnt = mnt; f->f_pos = 0; + + file_list_lock(); f->f_op = fops_get(inode->i_fop); if (!special_file(inode->i_mode)) - file_add(f, &inode->i_files); + __file_add(f, &inode->i_files); + file_list_unlock(); + + fops_idx = fops_read_lock(f); + f_op = rcu_dereference(f->f_op); error = security_dentry_open(f, cred); if (error) goto cleanup_all; - if (!open && f->f_op) - open = f->f_op->open; + if (!open && f_op) + open = f_op->open; if (open) { error = open(inode, f); if (error) goto cleanup_all; } + spin_lock(&f->f_lock); + f->f_mode |= FMODE_RELEASE; + spin_unlock(&f->f_lock); + fops_read_unlock(f, fops_idx); f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); @@ -860,6 +872,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, return f; cleanup_all: + fops_read_unlock(f, fops_idx); fops_put(f->f_op); if (f->f_mode & FMODE_WRITE) { put_write_access(inode); diff --git a/include/linux/fs.h b/include/linux/fs.h index 7805d20..a82a2ea 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -78,6 +78,13 @@ struct inodes_stat_t { /* File is opened using open(.., 3, ..) and is writeable only for ioctls (specialy hack for floppy.c) */ #define FMODE_WRITE_IOCTL ((__force fmode_t)256) +/* File release method needs to be called */ +#define FMODE_RELEASE ((__force fmode_t)512) +/* + * The file descriptor has been denied access to the original object. + * Likely a module removal, or device has been unplugged. + */ +#define FMODE_REVOKED ((__force fmode_t)1024) /* * Don't update ctime and mtime. @@ -329,6 +336,7 @@ struct kstatfs; struct vm_area_struct; struct vfsmount; struct cred; +struct vm_operations_struct; extern void __init inode_init(void); extern void __init inode_init_early(void); @@ -856,6 +864,7 @@ struct file { const struct file_operations *f_op; spinlock_t f_lock; /* f_ep_links, f_flags, no IRQ */ atomic_long_t f_count; + atomic_long_t f_use; /* f_op, private_data */ unsigned int f_flags; fmode_t f_mode; loff_t f_pos; @@ -879,6 +888,14 @@ struct file { unsigned long f_mnt_write_state; #endif }; + +extern int fops_read_lock(struct file *file); +extern void fops_read_unlock(struct file *file, int idx); +extern int fops_substitute(struct file *file, const struct file_operations *f_op, + struct vm_operations_struct *vm_ops); +extern void inode_fops_substitute(struct inode *inode, + const struct file_operations *f_op, struct vm_operations_struct *vm_ops); + extern struct mutex files_lock; #define file_list_lock() mutex_lock(&files_lock); #define file_list_unlock() mutex_unlock(&files_lock); @@ -1452,6 +1469,7 @@ struct file_operations { ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); int (*setlease)(struct file *, long, struct file_lock **); + int (*awaken_all_waiters)(struct file *); }; struct inode_operations { @@ -2116,6 +2134,7 @@ static inline void insert_inode_hash(struct inode *inode) { } extern struct file * get_empty_filp(void); +extern void __file_add(struct file *f, struct list_head *list); extern void file_add(struct file *f, struct list_head *list); extern void file_kill(struct file *f); #ifdef CONFIG_BLOCK -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail137.messagelabs.com (mail137.messagelabs.com [216.82.249.19]) by kanga.kvack.org (Postfix) with SMTP id 5FBE05F0001 for ; Sat, 11 Apr 2009 08:10:46 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:10:49 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 6/9] vfs: Utilize fops_read_lock where appropriate Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Signed-off-by: Eric W. Biederman --- fs/compat.c | 31 ++++++++---- fs/fcntl.c | 32 ++++++++---- fs/ioctl.c | 39 +++++++++------ fs/locks.c | 81 +++++++++++++++++++++++++------ fs/open.c | 12 ++++- fs/read_write.c | 143 ++++++++++++++++++++++++++++++++++++++++++------------- fs/readdir.c | 14 ++++- fs/select.c | 17 +++++- 8 files changed, 276 insertions(+), 93 deletions(-) diff --git a/fs/compat.c b/fs/compat.c index 3f84d5f..a73ca0d 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -1090,6 +1090,7 @@ out: #endif /* ! __ARCH_OMIT_COMPAT_SYS_GETDENTS64 */ static ssize_t compat_do_readv_writev(int type, struct file *file, + const struct file_operations *f_op, const struct compat_iovec __user *uvector, unsigned long nr_segs, loff_t *pos) { @@ -1117,7 +1118,7 @@ static ssize_t compat_do_readv_writev(int type, struct file *file, ret = -EINVAL; if ((nr_segs > UIO_MAXIOV) || (nr_segs <= 0)) goto out; - if (!file->f_op) + if (!f_op) goto out; if (nr_segs > UIO_FASTIOV) { ret = -ENOMEM; @@ -1170,11 +1171,11 @@ static ssize_t compat_do_readv_writev(int type, struct file *file, fnv = NULL; if (type == READ) { - fn = file->f_op->read; - fnv = file->f_op->aio_read; + fn = f_op->read; + fnv = f_op->aio_read; } else { - fn = (io_fn_t)file->f_op->write; - fnv = file->f_op->aio_write; + fn = (io_fn_t)f_op->write; + fnv = f_op->aio_write; } if (fnv) @@ -1200,21 +1201,27 @@ static size_t compat_readv(struct file *file, const struct compat_iovec __user *vec, unsigned long vlen, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; ssize_t ret = -EBADF; + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + if (!(file->f_mode & FMODE_READ)) goto out; ret = -EINVAL; - if (!file->f_op || (!file->f_op->aio_read && !file->f_op->read)) + if (!f_op || (!f_op->aio_read && !f_op->read)) goto out; - ret = compat_do_readv_writev(READ, file, vec, vlen, pos); + ret = compat_do_readv_writev(READ, file, f_op, vec, vlen, pos); out: if (ret > 0) add_rchar(current, ret); inc_syscr(current); + fops_read_unlock(file, fops_idx); return ret; } @@ -1257,21 +1264,27 @@ static size_t compat_writev(struct file *file, const struct compat_iovec __user *vec, unsigned long vlen, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; ssize_t ret = -EBADF; + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + if (!(file->f_mode & FMODE_WRITE)) goto out; ret = -EINVAL; - if (!file->f_op || (!file->f_op->aio_write && !file->f_op->write)) + if (!f_op || (!f_op->aio_write && !f_op->write)) goto out; - ret = compat_do_readv_writev(WRITE, file, vec, vlen, pos); + ret = compat_do_readv_writev(WRITE, file, f_op, vec, vlen, pos); out: if (ret > 0) add_wchar(current, ret); inc_syscw(current); + fops_read_unlock(file, fops_idx); return ret; } diff --git a/fs/fcntl.c b/fs/fcntl.c index cc8e4de..2718aea 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -146,42 +146,51 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) static int setfl(int fd, struct file * filp, unsigned long arg) { struct inode * inode = filp->f_path.dentry->d_inode; - int error = 0; + const struct file_operations *f_op; + int fops_idx; + int error; + + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); /* * O_APPEND cannot be cleared if the file is marked as append-only * and the file is open for write. */ + error = -EPERM; if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode)) - return -EPERM; + goto out; /* O_NOATIME can only be set by the owner or superuser */ + error = -EPERM; if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) if (!is_owner_or_cap(inode)) - return -EPERM; + goto out; /* required for strict SunOS emulation */ if (O_NONBLOCK != O_NDELAY) if (arg & O_NDELAY) arg |= O_NONBLOCK; + error = -EINVAL; if (arg & O_DIRECT) { if (!filp->f_mapping || !filp->f_mapping->a_ops || - !filp->f_mapping->a_ops->direct_IO) - return -EINVAL; + !filp->f_mapping->a_ops->direct_IO) + goto out; } - if (filp->f_op && filp->f_op->check_flags) - error = filp->f_op->check_flags(arg); + error = 0; + if (f_op && f_op->check_flags) + error = f_op->check_flags(arg); if (error) - return error; + goto out; /* * ->fasync() is responsible for setting the FASYNC bit. */ - if (((arg ^ filp->f_flags) & FASYNC) && filp->f_op && - filp->f_op->fasync) { - error = filp->f_op->fasync(fd, filp, (arg & FASYNC) != 0); + if (((arg ^ filp->f_flags) & FASYNC) && f_op && + f_op->fasync) { + error = f_op->fasync(fd, filp, (arg & FASYNC) != 0); if (error < 0) goto out; if (error > 0) @@ -192,6 +201,7 @@ static int setfl(int fd, struct file * filp, unsigned long arg) spin_unlock(&filp->f_lock); out: + fops_read_unlock(filp, fops_idx); return error; } diff --git a/fs/ioctl.c b/fs/ioctl.c index ac2d47e..158030b 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -33,23 +33,23 @@ * * Returns 0 on success, -errno on error. */ -static long vfs_ioctl(struct file *filp, unsigned int cmd, - unsigned long arg) +static long vfs_ioctl(struct file *filp, const struct file_operations *f_op, + unsigned int cmd, unsigned long arg) { int error = -ENOTTY; - if (!filp->f_op) + if (!f_op) goto out; - if (filp->f_op->unlocked_ioctl) { - error = filp->f_op->unlocked_ioctl(filp, cmd, arg); + if (f_op->unlocked_ioctl) { + error = f_op->unlocked_ioctl(filp, cmd, arg); if (error == -ENOIOCTLCMD) error = -EINVAL; goto out; - } else if (filp->f_op->ioctl) { + } else if (f_op->ioctl) { lock_kernel(); - error = filp->f_op->ioctl(filp->f_path.dentry->d_inode, - filp, cmd, arg); + error = f_op->ioctl(filp->f_path.dentry->d_inode, filp, + cmd, arg); unlock_kernel(); } @@ -370,8 +370,8 @@ EXPORT_SYMBOL(generic_block_fiemap); #endif /* CONFIG_BLOCK */ -static int file_ioctl(struct file *filp, unsigned int cmd, - unsigned long arg) +static int file_ioctl(struct file *filp, const struct file_operations *f_op, + unsigned int cmd, unsigned long arg) { struct inode *inode = filp->f_path.dentry->d_inode; int __user *p = (int __user *)arg; @@ -387,7 +387,7 @@ static int file_ioctl(struct file *filp, unsigned int cmd, return put_user(i_size_read(inode) - filp->f_pos, p); } - return vfs_ioctl(filp, cmd, arg); + return vfs_ioctl(filp, f_op, cmd, arg); } static int ioctl_fionbio(struct file *filp, int __user *argp) @@ -414,6 +414,7 @@ static int ioctl_fionbio(struct file *filp, int __user *argp) } static int ioctl_fioasync(unsigned int fd, struct file *filp, + const struct file_operations *f_op, int __user *argp) { unsigned int flag; @@ -426,9 +427,9 @@ static int ioctl_fioasync(unsigned int fd, struct file *filp, /* Did FASYNC state change ? */ if ((flag ^ filp->f_flags) & FASYNC) { - if (filp->f_op && filp->f_op->fasync) + if (f_op && f_op->fasync) /* fasync() adjusts filp->f_flags */ - error = filp->f_op->fasync(fd, filp, on); + error = f_op->fasync(fd, filp, on); else error = -ENOTTY; } @@ -482,9 +483,14 @@ static int ioctl_fsthaw(struct file *filp) int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, unsigned long arg) { + const struct file_operations *f_op; + int fops_idx; int error = 0; int __user *argp = (int __user *)arg; + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + switch (cmd) { case FIOCLEX: set_close_on_exec(fd, 1); @@ -499,7 +505,7 @@ int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, break; case FIOASYNC: - error = ioctl_fioasync(fd, filp, argp); + error = ioctl_fioasync(fd, filp, f_op, argp); break; case FIOQSIZE: @@ -524,11 +530,12 @@ int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, default: if (S_ISREG(filp->f_path.dentry->d_inode->i_mode)) - error = file_ioctl(filp, cmd, arg); + error = file_ioctl(filp, f_op, cmd, arg); else - error = vfs_ioctl(filp, cmd, arg); + error = vfs_ioctl(filp, f_op, cmd, arg); break; } + fops_read_unlock(filp, fops_idx); return error; } diff --git a/fs/locks.c b/fs/locks.c index ec3deea..5ff959e 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -1463,15 +1463,21 @@ EXPORT_SYMBOL(generic_setlease); int vfs_setlease(struct file *filp, long arg, struct file_lock **lease) { + const struct file_operations *f_op; + int fops_idx; int error; + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + lock_kernel(); - if (filp->f_op && filp->f_op->setlease) - error = filp->f_op->setlease(filp, arg, lease); + if (f_op && f_op->setlease) + error = f_op->setlease(filp, arg, lease); else error = generic_setlease(filp, arg, lease); unlock_kernel(); + fops_read_unlock(filp, fops_idx); return error; } EXPORT_SYMBOL_GPL(vfs_setlease); @@ -1566,9 +1572,11 @@ EXPORT_SYMBOL(flock_lock_file_wait); */ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd) { + const struct file_operations *f_op; struct file *filp; struct file_lock *lock; int can_sleep, unlock; + int fops_idx; int error; error = -EBADF; @@ -1594,13 +1602,18 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd) if (error) goto out_free; - if (filp->f_op && filp->f_op->flock) - error = filp->f_op->flock(filp, + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->flock) + error = f_op->flock(filp, (can_sleep) ? F_SETLKW : F_SETLK, lock); else error = flock_lock_file_wait(filp, lock); + fops_read_unlock(filp, fops_idx); + out_free: locks_free_lock(lock); @@ -1620,10 +1633,20 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd) */ int vfs_test_lock(struct file *filp, struct file_lock *fl) { - if (filp->f_op && filp->f_op->lock) - return filp->f_op->lock(filp, F_GETLK, fl); - posix_test_lock(filp, fl); - return 0; + const struct file_operations *f_op; + int fops_idx; + int ret = 0; + + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->lock) + ret = filp->f_op->lock(filp, F_GETLK, fl); + else + posix_test_lock(filp, fl); + + fops_read_unlock(filp, fops_idx); + return ret; } EXPORT_SYMBOL_GPL(vfs_test_lock); @@ -1732,10 +1755,20 @@ out: */ int vfs_lock_file(struct file *filp, unsigned int cmd, struct file_lock *fl, struct file_lock *conf) { - if (filp->f_op && filp->f_op->lock) - return filp->f_op->lock(filp, cmd, fl); + const struct file_operations *f_op; + int fops_idx; + int ret; + + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->lock) + ret = f_op->lock(filp, cmd, fl); else - return posix_lock_file(filp, fl, conf); + ret = posix_lock_file(filp, fl, conf); + + fops_read_unlock(filp, fops_idx); + return ret; } EXPORT_SYMBOL_GPL(vfs_lock_file); @@ -1999,13 +2032,18 @@ EXPORT_SYMBOL(locks_remove_posix); void locks_remove_flock(struct file *filp) { struct inode * inode = filp->f_path.dentry->d_inode; + const struct file_operations *f_op; struct file_lock *fl; struct file_lock **before; + int fops_idx; if (!inode->i_flock) return; - if (filp->f_op && filp->f_op->flock) { + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->flock) { struct file_lock fl = { .fl_pid = current->tgid, .fl_file = filp, @@ -2013,11 +2051,13 @@ void locks_remove_flock(struct file *filp) .fl_type = F_UNLCK, .fl_end = OFFSET_MAX, }; - filp->f_op->flock(filp, F_SETLKW, &fl); + f_op->flock(filp, F_SETLKW, &fl); if (fl.fl_ops && fl.fl_ops->fl_release_private) fl.fl_ops->fl_release_private(&fl); } + fops_read_unlock(filp, fops_idx); + lock_kernel(); before = &inode->i_flock; @@ -2071,9 +2111,18 @@ EXPORT_SYMBOL(posix_unblock_lock); */ int vfs_cancel_lock(struct file *filp, struct file_lock *fl) { - if (filp->f_op && filp->f_op->lock) - return filp->f_op->lock(filp, F_CANCELLK, fl); - return 0; + const struct file_operations *f_op; + int fops_idx; + int ret = 0; + + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->lock) + ret = f_op->lock(filp, F_CANCELLK, fl); + + fops_read_unlock(filp, fops_idx); + return ret; } EXPORT_SYMBOL_GPL(vfs_cancel_lock); diff --git a/fs/open.c b/fs/open.c index 0b75dde..67031e7 100644 --- a/fs/open.c +++ b/fs/open.c @@ -398,6 +398,7 @@ SYSCALL_DEFINE(fallocate)(int fd, int mode, loff_t offset, loff_t len) goto out; if (!(file->f_mode & FMODE_WRITE)) goto out_fput; + /* * Revalidate the write permissions, in case security policy has * changed since the files were opened. @@ -1107,6 +1108,8 @@ SYSCALL_DEFINE2(creat, const char __user *, pathname, int, mode) */ int filp_close(struct file *filp, fl_owner_t id) { + const struct file_operations *f_op; + int fops_idx; int retval = 0; if (!file_count(filp)) { @@ -1114,8 +1117,13 @@ int filp_close(struct file *filp, fl_owner_t id) return 0; } - if (filp->f_op && filp->f_op->flush) - retval = filp->f_op->flush(filp, id); + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + + if (f_op && f_op->flush) + retval = f_op->flush(filp, id); + + fops_read_unlock(filp, fops_idx); dnotify_flush(filp, id); locks_remove_posix(filp, id); diff --git a/fs/read_write.c b/fs/read_write.c index 9d1e76b..4def2ee 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -136,14 +136,23 @@ EXPORT_SYMBOL(default_llseek); loff_t vfs_llseek(struct file *file, loff_t offset, int origin) { loff_t (*fn)(struct file *, loff_t, int); + const struct file_operations *f_op; + int fops_idx; + loff_t ret; + + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); fn = no_llseek; if (file->f_mode & FMODE_LSEEK) { fn = default_llseek; - if (file->f_op && file->f_op->llseek) - fn = file->f_op->llseek; + if (f_op && f_op->llseek) + fn = f_op->llseek; } - return fn(file, offset, origin); + ret = fn(file, offset, origin); + + fops_read_unlock(file, fops_idx); + return ret; } EXPORT_SYMBOL(vfs_llseek); @@ -252,15 +261,20 @@ static void wait_on_retry_sync_kiocb(struct kiocb *iocb) ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos) { struct iovec iov = { .iov_base = buf, .iov_len = len }; + const struct file_operations *f_op; struct kiocb kiocb; + int fops_idx; ssize_t ret; + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + init_sync_kiocb(&kiocb, filp); kiocb.ki_pos = *ppos; kiocb.ki_left = len; for (;;) { - ret = filp->f_op->aio_read(&kiocb, &iov, 1, kiocb.ki_pos); + ret = f_op->aio_read(&kiocb, &iov, 1, kiocb.ki_pos); if (ret != -EIOCBRETRY) break; wait_on_retry_sync_kiocb(&kiocb); @@ -269,6 +283,8 @@ ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *pp if (-EIOCBQUEUED == ret) ret = wait_on_sync_kiocb(&kiocb); *ppos = kiocb.ki_pos; + fops_read_unlock(filp, fops_idx); + return ret; } @@ -276,20 +292,28 @@ EXPORT_SYMBOL(do_sync_read); ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; ssize_t ret; + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + + ret = -EBADF; if (!(file->f_mode & FMODE_READ)) - return -EBADF; - if (!file->f_op || (!file->f_op->read && !file->f_op->aio_read)) - return -EINVAL; + goto out; + ret = -EINVAL; + if (!f_op || (!f_op->read && !f_op->aio_read)) + goto out; + ret = -EFAULT; if (unlikely(!access_ok(VERIFY_WRITE, buf, count))) - return -EFAULT; + goto out; ret = rw_verify_area(READ, file, pos, count); if (ret >= 0) { count = ret; - if (file->f_op->read) - ret = file->f_op->read(file, buf, count, pos); + if (f_op->read) + ret = f_op->read(file, buf, count, pos); else ret = do_sync_read(file, buf, count, pos); if (ret > 0) { @@ -298,7 +322,8 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) } inc_syscr(current); } - +out: + fops_read_unlock(file, fops_idx); return ret; } @@ -307,15 +332,20 @@ EXPORT_SYMBOL(vfs_read); ssize_t do_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos) { struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len }; + const struct file_operations *f_op; struct kiocb kiocb; + int fops_idx; ssize_t ret; + fops_idx = fops_read_lock(filp); + f_op = rcu_dereference(filp->f_op); + init_sync_kiocb(&kiocb, filp); kiocb.ki_pos = *ppos; kiocb.ki_left = len; for (;;) { - ret = filp->f_op->aio_write(&kiocb, &iov, 1, kiocb.ki_pos); + ret = f_op->aio_write(&kiocb, &iov, 1, kiocb.ki_pos); if (ret != -EIOCBRETRY) break; wait_on_retry_sync_kiocb(&kiocb); @@ -324,6 +354,8 @@ ssize_t do_sync_write(struct file *filp, const char __user *buf, size_t len, lof if (-EIOCBQUEUED == ret) ret = wait_on_sync_kiocb(&kiocb); *ppos = kiocb.ki_pos; + + fops_read_unlock(filp, fops_idx); return ret; } @@ -331,20 +363,28 @@ EXPORT_SYMBOL(do_sync_write); ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; ssize_t ret; + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + + ret = -EBADF; if (!(file->f_mode & FMODE_WRITE)) - return -EBADF; - if (!file->f_op || (!file->f_op->write && !file->f_op->aio_write)) - return -EINVAL; + goto out; + ret = -EINVAL; + if (!f_op || (!f_op->write && !f_op->aio_write)) + goto out; + ret = -EFAULT; if (unlikely(!access_ok(VERIFY_READ, buf, count))) - return -EFAULT; + goto out; ret = rw_verify_area(WRITE, file, pos, count); if (ret >= 0) { count = ret; - if (file->f_op->write) - ret = file->f_op->write(file, buf, count, pos); + if (f_op->write) + ret = f_op->write(file, buf, count, pos); else ret = do_sync_write(file, buf, count, pos); if (ret > 0) { @@ -354,6 +394,8 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ inc_syscw(current); } +out: + fops_read_unlock(file, fops_idx); return ret; } @@ -611,6 +653,7 @@ out: } static ssize_t do_readv_writev(int type, struct file *file, + const struct file_operations *f_op, const struct iovec __user * uvector, unsigned long nr_segs, loff_t *pos) { @@ -621,7 +664,7 @@ static ssize_t do_readv_writev(int type, struct file *file, io_fn_t fn; iov_fn_t fnv; - if (!file->f_op) { + if (!f_op) { ret = -EINVAL; goto out; } @@ -638,11 +681,11 @@ static ssize_t do_readv_writev(int type, struct file *file, fnv = NULL; if (type == READ) { - fn = file->f_op->read; - fnv = file->f_op->aio_read; + fn = f_op->read; + fnv = f_op->aio_read; } else { - fn = (io_fn_t)file->f_op->write; - fnv = file->f_op->aio_write; + fn = (io_fn_t)f_op->write; + fnv = f_op->aio_write; } if (fnv) @@ -666,12 +709,25 @@ out: ssize_t vfs_readv(struct file *file, const struct iovec __user *vec, unsigned long vlen, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; + ssize_t ret; + + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + + ret = -EBADF; if (!(file->f_mode & FMODE_READ)) - return -EBADF; - if (!file->f_op || (!file->f_op->aio_read && !file->f_op->read)) - return -EINVAL; + goto out; + ret = -EINVAL; + if (!f_op || (!f_op->aio_read && !f_op->read)) + goto out; + + ret = do_readv_writev(READ, file, f_op, vec, vlen, pos); - return do_readv_writev(READ, file, vec, vlen, pos); +out: + fops_read_unlock(file, fops_idx); + return ret; } EXPORT_SYMBOL(vfs_readv); @@ -679,12 +735,25 @@ EXPORT_SYMBOL(vfs_readv); ssize_t vfs_writev(struct file *file, const struct iovec __user *vec, unsigned long vlen, loff_t *pos) { + const struct file_operations *f_op; + int fops_idx; + ssize_t ret; + + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + + ret = -EBADF; if (!(file->f_mode & FMODE_WRITE)) - return -EBADF; - if (!file->f_op || (!file->f_op->aio_write && !file->f_op->write)) - return -EINVAL; + goto out; + ret = -EINVAL; + if (!f_op || (!f_op->aio_write && !f_op->write)) + goto out; + + ret = do_readv_writev(WRITE, file, f_op, vec, vlen, pos); - return do_readv_writev(WRITE, file, vec, vlen, pos); +out: + fops_read_unlock(file, fops_idx); + return ret; } EXPORT_SYMBOL(vfs_writev); @@ -790,8 +859,10 @@ SYSCALL_DEFINE5(pwritev, unsigned long, fd, const struct iovec __user *, vec, static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, size_t count, loff_t max) { + const struct file_operations *in_f_op, *out_f_op; struct file * in_file, * out_file; struct inode * in_inode, * out_inode; + int in_fops_idx, out_fops_idx; loff_t pos; ssize_t retval; int fput_needed_in, fput_needed_out, fl; @@ -803,13 +874,15 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, in_file = fget_light(in_fd, &fput_needed_in); if (!in_file) goto out; + in_fops_idx = fops_read_lock(in_file); if (!(in_file->f_mode & FMODE_READ)) goto fput_in; retval = -EINVAL; in_inode = in_file->f_path.dentry->d_inode; if (!in_inode) goto fput_in; - if (!in_file->f_op || !in_file->f_op->splice_read) + in_f_op = rcu_dereference(in_file->f_op); + if (!in_f_op || !in_f_op->splice_read) goto fput_in; retval = -ESPIPE; if (!ppos) @@ -829,10 +902,12 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, out_file = fget_light(out_fd, &fput_needed_out); if (!out_file) goto fput_in; + out_fops_idx = fops_read_lock(out_file); if (!(out_file->f_mode & FMODE_WRITE)) goto fput_out; retval = -EINVAL; - if (!out_file->f_op || !out_file->f_op->sendpage) + out_f_op = rcu_dereference(out_file->f_op); + if (!out_f_op || !out_f_op->sendpage) goto fput_out; out_inode = out_file->f_path.dentry->d_inode; retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count); @@ -878,8 +953,10 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, retval = -EOVERFLOW; fput_out: + fops_read_unlock(out_file, out_fops_idx); fput_light(out_file, fput_needed_out); fput_in: + fops_read_unlock(in_file, in_fops_idx); fput_light(in_file, fput_needed_in); out: return retval; diff --git a/fs/readdir.c b/fs/readdir.c index 7723401..6017fa6 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -21,9 +21,16 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf) { - struct inode *inode = file->f_path.dentry->d_inode; + const struct file_operations *f_op; + struct inode *inode; + int fops_idx; int res = -ENOTDIR; - if (!file->f_op || !file->f_op->readdir) + + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + + inode = file->f_path.dentry->d_inode; + if (!f_op || !f_op->readdir) goto out; res = security_file_permission(file, MAY_READ); @@ -36,11 +43,12 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf) res = -ENOENT; if (!IS_DEADDIR(inode)) { - res = file->f_op->readdir(file, buf, filler); + res = f_op->readdir(file, buf, filler); file_accessed(file); } mutex_unlock(&inode->i_mutex); out: + fops_read_unlock(file, fops_idx); return res; } diff --git a/fs/select.c b/fs/select.c index 0fe0e14..8f736a9 100644 --- a/fs/select.c +++ b/fs/select.c @@ -416,10 +416,12 @@ int do_select(int n, fd_set_bits *fds, struct timespec *end_time) continue; file = fget_light(i, &fput_needed); if (file) { - f_op = file->f_op; + int fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); mask = DEFAULT_POLLMASK; if (f_op && f_op->poll) mask = (*f_op->poll)(file, retval ? NULL : wait); + fops_read_unlock(file, fops_idx); fput_light(file, fput_needed); if ((mask & POLLIN_SET) && (in & bit)) { res_in |= bit; @@ -684,11 +686,20 @@ static inline unsigned int do_pollfd(struct pollfd *pollfd, poll_table *pwait) file = fget_light(fd, &fput_needed); mask = POLLNVAL; if (file != NULL) { + const struct file_operations *f_op; + int fops_idx; + + fops_idx = fops_read_lock(file); + f_op = rcu_dereference(file->f_op); + mask = DEFAULT_POLLMASK; - if (file->f_op && file->f_op->poll) - mask = file->f_op->poll(file, pwait); + if (f_op && f_op->poll) + mask = f_op->poll(file, pwait); + /* Mask out unneeded events. */ mask &= pollfd->events | POLLERR | POLLHUP; + + fops_read_unlock(file, fops_idx); fput_light(file, fput_needed); } } -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail143.messagelabs.com (mail143.messagelabs.com [216.82.254.35]) by kanga.kvack.org (Postfix) with SMTP id 8CE275F0001 for ; Sat, 11 Apr 2009 08:11:53 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:11:59 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 7/9] vfs: Optimize fops_read_lock Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: After seeing fget_light and the justification for it in the commit log I did not want to introduce something into the common read/write path of file descriptors that could have a significant measurable impact on I/O speed. commit f6435db01709533f270b2dce1e5914770dbc65de Author: akpm Date: Thu May 8 05:19:50 2003 +0000 [PATCH] reduced overheads in fget/fput From: Dipankar Sarma fget() shows up on profiles, especially on SMP. Dipankar's patch special-cases the situation wherein there are no sharers of current->files. In this situation we know that no other process can close this file, so it is not necessary to increment the file's refcount. It's ugly as sin, but makes a substantial difference. The test is dd if=/dev/zero of=foo bs=1 count=1M On 4CPU P3 xeon with 1MB L2 cache and 512MB ram: kernel sys time std-dev ------------ -------- ------- UP - vanilla 2.104 0.028 UP - file 1.867 0.019 SMP - vanilla 2.976 0.023 SMP - file 2.719 0.026 BKrev: 3eb9e8f6Db0nMWoSx5IdHx6SBal8aw My test case was: dd if=/dev/zero of=/dev/null bs=1 count=1M. As writing to a real file turned out to cover the cost. Without the optimization I am seeing 2.4 - 2.5 MB/s on my idle core2 single socket quad core. With this optimization I am seeing 2.9 - 3.0 MB/s on the same machine. Maybe 2% slower than before I introduced fops_read_lock. The common case is that there is only one thread and so the fget_light optimization applies and f_count remains at 1. Which implies that there is only a single process performing operations through the file descriptor. In that case because there is no possible contention it is possible safely skip the atomic operations, gaining all of the benefits of rcu without requiring a per cpu variable. Signed-off-by: Eric W. Biederman --- fs/file_table.c | 18 ++++++++++++++---- 1 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fs/file_table.c b/fs/file_table.c index d216557..634d44c 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -495,15 +495,25 @@ void file_kill(struct file *file) int fops_read_lock(struct file *file) { int revoked = (file->f_mode & FMODE_REVOKED); - if (likely(!revoked)) - atomic_long_inc(&file->f_use); + if (likely(!revoked)) { + if (likely(atomic_long_read(&file->f_count) == 1)) + atomic_long_set(&file->f_use, + atomic_long_read(&file->f_use) + 1); + else + atomic_long_inc(&file->f_use); + } return revoked; } void fops_read_unlock(struct file *file, int revoked) { - if (likely(!revoked)) - atomic_long_dec(&file->f_use); + if (likely(!revoked)) { + if (likely(atomic_long_read(&file->f_count) == 1)) + atomic_long_set(&file->f_use, + atomic_long_read(&file->f_use) - 1); + else + atomic_long_dec(&file->f_use); + } } int fs_may_remount_ro(struct super_block *sb) -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail190.messagelabs.com (mail190.messagelabs.com [216.82.249.51]) by kanga.kvack.org (Postfix) with SMTP id EC4F85F0001 for ; Sat, 11 Apr 2009 08:13:15 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:13:22 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: revoked_file_ops is a set of file operations designed to be used when a files backing store has been removed. revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is always ready for I/O and return -EIO from all other operations. This is designed to allow userspace to gracefully file descriptors that enter this unusable state. Signed-off-by: Eric W. Biederman --- fs/Makefile | 2 +- fs/revoked_file.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/fs.h | 2 + 3 files changed, 184 insertions(+), 1 deletions(-) create mode 100644 fs/revoked_file.c diff --git a/fs/Makefile b/fs/Makefile index af6d047..7787ddd 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -11,7 +11,7 @@ obj-y := open.o read_write.o file_table.o super.o \ attr.o bad_inode.o file.o filesystems.o namespace.o \ seq_file.o xattr.o libfs.o fs-writeback.o \ pnode.o drop_caches.o splice.o sync.o utimes.o \ - stack.o fs_struct.o + stack.o fs_struct.o revoked_file.o ifeq ($(CONFIG_BLOCK),y) obj-y += buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o diff --git a/fs/revoked_file.c b/fs/revoked_file.c new file mode 100644 index 0000000..9936693 --- /dev/null +++ b/fs/revoked_file.c @@ -0,0 +1,181 @@ +/* + * linux/fs/revoked_file.c + * + * Copyright (C) 1997, Stephen Tweedie + * + * Provide stub functions for unreadable inodes + * + * Fabian Frederick : August 2003 - All file operations assigned to EIO + * + * Eric Biederman : 8 April 2008 - Derivied from bad_inode.c + */ + +#include +#include +#include +#include +#include +#include + +static loff_t revoked_file_llseek(struct file *file, loff_t offset, int origin) +{ + return -EIO; +} + +static ssize_t revoked_file_read(struct file *filp, char __user *buf, + size_t size, loff_t *ppos) +{ + return 0; +} + +static ssize_t revoked_file_write(struct file *filp, const char __user *buf, + size_t siz, loff_t *ppos) +{ + return -EIO; +} + +static ssize_t revoked_file_aio_read(struct kiocb *iocb, const struct iovec *iov, + unsigned long nr_segs, loff_t pos) +{ + return 0; +} + +static ssize_t revoked_file_aio_write(struct kiocb *iocb, const struct iovec *iov, + unsigned long nr_segs, loff_t pos) +{ + return -EIO; +} + +static int revoked_file_readdir(struct file *filp, void *dirent, filldir_t filldir) +{ + return -EIO; +} + +static unsigned int revoked_file_poll(struct file *filp, poll_table *wait) +{ + return POLLIN | POLLOUT | POLLERR | POLLRDNORM | POLLWRNORM; +} + +static int revoked_file_ioctl (struct inode *inode, struct file *filp, + unsigned int cmd, unsigned long arg) +{ + return -EIO; +} + +static long revoked_file_unlocked_ioctl(struct file *file, unsigned cmd, + unsigned long arg) +{ + return -EIO; +} + +static long revoked_file_compat_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + return -EIO; +} + +static int revoked_file_mmap(struct file *file, struct vm_area_struct *vma) +{ + return -EIO; +} + +static int revoked_file_open(struct inode *inode, struct file *filp) +{ + return -EIO; +} + +static int revoked_file_flush(struct file *file, fl_owner_t id) +{ + return 0; +} + +static int revoked_file_release(struct inode *inode, struct file *filp) +{ + return 0; +} + +static int revoked_file_fsync(struct file *file, struct dentry *dentry, + int datasync) +{ + return -EIO; +} + +static int revoked_file_aio_fsync(struct kiocb *iocb, int datasync) +{ + return -EIO; +} + +static int revoked_file_fasync(int fd, struct file *filp, int on) +{ + return -EIO; +} + +static int revoked_file_lock(struct file *file, int cmd, struct file_lock *fl) +{ + return -EIO; +} + +static ssize_t revoked_file_sendpage(struct file *file, struct page *page, + int off, size_t len, loff_t *pos, int more) +{ + return -EIO; +} + +static unsigned long revoked_file_get_unmapped_area(struct file *file, + unsigned long addr, unsigned long len, + unsigned long pgoff, unsigned long flags) +{ + return -EIO; +} + +static int revoked_file_check_flags(int flags) +{ + return -EIO; +} + +static int revoked_file_flock(struct file *filp, int cmd, struct file_lock *fl) +{ + return -EIO; +} + +static ssize_t revoked_file_splice_write(struct pipe_inode_info *pipe, + struct file *out, loff_t *ppos, size_t len, + unsigned int flags) +{ + return -EIO; +} + +static ssize_t revoked_file_splice_read(struct file *in, loff_t *ppos, + struct pipe_inode_info *pipe, size_t len, + unsigned int flags) +{ + return -EIO; +} + +const struct file_operations revoked_file_ops = +{ + .llseek = revoked_file_llseek, + .read = revoked_file_read, + .write = revoked_file_write, + .aio_read = revoked_file_aio_read, + .aio_write = revoked_file_aio_write, + .readdir = revoked_file_readdir, + .poll = revoked_file_poll, + .ioctl = revoked_file_ioctl, + .unlocked_ioctl = revoked_file_unlocked_ioctl, + .compat_ioctl = revoked_file_compat_ioctl, + .mmap = revoked_file_mmap, + .open = revoked_file_open, + .flush = revoked_file_flush, + .release = revoked_file_release, + .fsync = revoked_file_fsync, + .aio_fsync = revoked_file_aio_fsync, + .fasync = revoked_file_fasync, + .lock = revoked_file_lock, + .sendpage = revoked_file_sendpage, + .get_unmapped_area = revoked_file_get_unmapped_area, + .check_flags = revoked_file_check_flags, + .flock = revoked_file_flock, + .splice_write = revoked_file_splice_write, + .splice_read = revoked_file_splice_read, +}; diff --git a/include/linux/fs.h b/include/linux/fs.h index a82a2ea..2fb0871 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -896,6 +896,8 @@ extern int fops_substitute(struct file *file, const struct file_operations *f_op extern void inode_fops_substitute(struct inode *inode, const struct file_operations *f_op, struct vm_operations_struct *vm_ops); +extern const struct file_operations revoked_file_ops; + extern struct mutex files_lock; #define file_list_lock() mutex_lock(&files_lock); #define file_list_unlock() mutex_unlock(&files_lock); -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail137.messagelabs.com (mail137.messagelabs.com [216.82.249.19]) by kanga.kvack.org (Postfix) with SMTP id E96835F0001 for ; Sat, 11 Apr 2009 08:14:41 -0400 (EDT) References: From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 05:14:50 -0700 In-Reply-To: (Eric W. Biederman's message of "Sat\, 11 Apr 2009 05\:01\:29 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [RFC][PATCH 9/9] proc: Use the generic vfs revoke facility that now exists. Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Doing this the code becomes much simpler and more robust. Signed-off-by: Eric W. Biederman --- fs/proc/generic.c | 100 +++++---------- fs/proc/inode.c | 339 +---------------------------------------------- fs/proc/internal.h | 2 + fs/proc/root.c | 2 +- include/linux/proc_fs.h | 4 - 5 files changed, 36 insertions(+), 411 deletions(-) diff --git a/fs/proc/generic.c b/fs/proc/generic.c index fa678ab..5453114 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -20,6 +20,8 @@ #include #include #include +#include +#include #include #include "internal.h" @@ -37,7 +39,7 @@ static int proc_match(int len, const char *name, struct proc_dir_entry *de) #define PROC_BLOCK_SIZE (PAGE_SIZE - 1024) static ssize_t -__proc_file_read(struct file *file, char __user *buf, size_t nbytes, +proc_file_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) { struct inode * inode = file->f_path.dentry->d_inode; @@ -183,27 +185,6 @@ __proc_file_read(struct file *file, char __user *buf, size_t nbytes, } static ssize_t -proc_file_read(struct file *file, char __user *buf, size_t nbytes, - loff_t *ppos) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - ssize_t rv = -EIO; - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - spin_unlock(&pde->pde_unload_lock); - - rv = __proc_file_read(file, buf, nbytes, ppos); - - pde_users_dec(pde); - return rv; -} - -static ssize_t proc_file_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) { @@ -211,17 +192,8 @@ proc_file_write(struct file *file, const char __user *buffer, ssize_t rv = -EIO; if (pde->write_proc) { - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - spin_unlock(&pde->pde_unload_lock); - /* FIXME: does this routine need ppos? probably... */ rv = pde->write_proc(file, buffer, count, pde->data); - pde_users_dec(pde); } return rv; } @@ -630,10 +602,6 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent, ent->mode = mode; ent->nlink = nlink; atomic_set(&ent->count, 1); - ent->pde_users = 0; - spin_lock_init(&ent->pde_unload_lock); - ent->pde_unload_completion = NULL; - INIT_LIST_HEAD(&ent->pde_openers); out: return ent; } @@ -777,6 +745,33 @@ void free_proc_entry(struct proc_dir_entry *de) kfree(de); } +static struct inode *get_pde_inode(struct proc_dir_entry *de) +{ + struct inode *inode = NULL; + struct super_block *sb; + + spin_lock(&sb_lock); + list_for_each_entry(sb, &proc_fs_type.fs_supers, s_instances) { + inode = ilookup(sb, de->low_ino); + if (inode && inode->i_fop != &revoked_file_ops) + break; + iput(inode); + inode = NULL; + } + spin_unlock(&sb_lock); + return inode; +} + +static void proc_revoke_pde(struct proc_dir_entry *de) +{ + struct inode *inode; + + while ((inode = get_pde_inode(de))) { + inode_fops_substitute(inode, &revoked_file_ops, &revoked_vm_ops); + iput(inode); + } +} + /* * Remove a /proc entry and free it if it's not currently in use. */ @@ -804,40 +799,7 @@ void remove_proc_entry(const char *name, struct proc_dir_entry *parent) if (!de) return; - spin_lock(&de->pde_unload_lock); - /* - * Stop accepting new callers into module. If you're - * dynamically allocating ->proc_fops, save a pointer somewhere. - */ - de->proc_fops = NULL; - /* Wait until all existing callers into module are done. */ - if (de->pde_users > 0) { - DECLARE_COMPLETION_ONSTACK(c); - - if (!de->pde_unload_completion) - de->pde_unload_completion = &c; - - spin_unlock(&de->pde_unload_lock); - - wait_for_completion(de->pde_unload_completion); - - goto continue_removing; - } - spin_unlock(&de->pde_unload_lock); - -continue_removing: - spin_lock(&de->pde_unload_lock); - while (!list_empty(&de->pde_openers)) { - struct pde_opener *pdeo; - - pdeo = list_first_entry(&de->pde_openers, struct pde_opener, lh); - list_del(&pdeo->lh); - spin_unlock(&de->pde_unload_lock); - pdeo->release(pdeo->inode, pdeo->file); - kfree(pdeo); - spin_lock(&de->pde_unload_lock); - } - spin_unlock(&de->pde_unload_lock); + proc_revoke_pde(de); if (S_ISDIR(de->mode)) parent->nlink--; diff --git a/fs/proc/inode.c b/fs/proc/inode.c index d78ade3..aa7e629 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -117,330 +117,6 @@ static const struct super_operations proc_sops = { .statfs = simple_statfs, }; -static void __pde_users_dec(struct proc_dir_entry *pde) -{ - pde->pde_users--; - if (pde->pde_unload_completion && pde->pde_users == 0) - complete(pde->pde_unload_completion); -} - -void pde_users_dec(struct proc_dir_entry *pde) -{ - spin_lock(&pde->pde_unload_lock); - __pde_users_dec(pde); - spin_unlock(&pde->pde_unload_lock); -} - -static loff_t proc_reg_llseek(struct file *file, loff_t offset, int whence) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - loff_t rv = -EINVAL; - loff_t (*llseek)(struct file *, loff_t, int); - - spin_lock(&pde->pde_unload_lock); - /* - * remove_proc_entry() is going to delete PDE (as part of module - * cleanup sequence). No new callers into module allowed. - */ - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - /* - * Bump refcount so that remove_proc_entry will wail for ->llseek to - * complete. - */ - pde->pde_users++; - /* - * Save function pointer under lock, to protect against ->proc_fops - * NULL'ifying right after ->pde_unload_lock is dropped. - */ - llseek = pde->proc_fops->llseek; - spin_unlock(&pde->pde_unload_lock); - - if (!llseek) - llseek = default_llseek; - rv = llseek(file, offset, whence); - - pde_users_dec(pde); - return rv; -} - -static ssize_t proc_reg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - ssize_t rv = -EIO; - ssize_t (*read)(struct file *, char __user *, size_t, loff_t *); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - read = pde->proc_fops->read; - spin_unlock(&pde->pde_unload_lock); - - if (read) - rv = read(file, buf, count, ppos); - - pde_users_dec(pde); - return rv; -} - -static ssize_t proc_reg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - ssize_t rv = -EIO; - ssize_t (*write)(struct file *, const char __user *, size_t, loff_t *); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - write = pde->proc_fops->write; - spin_unlock(&pde->pde_unload_lock); - - if (write) - rv = write(file, buf, count, ppos); - - pde_users_dec(pde); - return rv; -} - -static unsigned int proc_reg_poll(struct file *file, struct poll_table_struct *pts) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - unsigned int rv = DEFAULT_POLLMASK; - unsigned int (*poll)(struct file *, struct poll_table_struct *); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - poll = pde->proc_fops->poll; - spin_unlock(&pde->pde_unload_lock); - - if (poll) - rv = poll(file, pts); - - pde_users_dec(pde); - return rv; -} - -static long proc_reg_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - long rv = -ENOTTY; - long (*unlocked_ioctl)(struct file *, unsigned int, unsigned long); - int (*ioctl)(struct inode *, struct file *, unsigned int, unsigned long); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - unlocked_ioctl = pde->proc_fops->unlocked_ioctl; - ioctl = pde->proc_fops->ioctl; - spin_unlock(&pde->pde_unload_lock); - - if (unlocked_ioctl) { - rv = unlocked_ioctl(file, cmd, arg); - if (rv == -ENOIOCTLCMD) - rv = -EINVAL; - } else if (ioctl) { - lock_kernel(); - rv = ioctl(file->f_path.dentry->d_inode, file, cmd, arg); - unlock_kernel(); - } - - pde_users_dec(pde); - return rv; -} - -#ifdef CONFIG_COMPAT -static long proc_reg_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - long rv = -ENOTTY; - long (*compat_ioctl)(struct file *, unsigned int, unsigned long); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - compat_ioctl = pde->proc_fops->compat_ioctl; - spin_unlock(&pde->pde_unload_lock); - - if (compat_ioctl) - rv = compat_ioctl(file, cmd, arg); - - pde_users_dec(pde); - return rv; -} -#endif - -static int proc_reg_mmap(struct file *file, struct vm_area_struct *vma) -{ - struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); - int rv = -EIO; - int (*mmap)(struct file *, struct vm_area_struct *); - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - mmap = pde->proc_fops->mmap; - spin_unlock(&pde->pde_unload_lock); - - if (mmap) - rv = mmap(file, vma); - - pde_users_dec(pde); - return rv; -} - -static int proc_reg_open(struct inode *inode, struct file *file) -{ - struct proc_dir_entry *pde = PDE(inode); - int rv = 0; - int (*open)(struct inode *, struct file *); - int (*release)(struct inode *, struct file *); - struct pde_opener *pdeo; - - /* - * What for, you ask? Well, we can have open, rmmod, remove_proc_entry - * sequence. ->release won't be called because ->proc_fops will be - * cleared. Depending on complexity of ->release, consequences vary. - * - * We can't wait for mercy when close will be done for real, it's - * deadlockable: rmmod foo release - * by hand in remove_proc_entry(). For this, save opener's credentials - * for later. - */ - pdeo = kmalloc(sizeof(struct pde_opener), GFP_KERNEL); - if (!pdeo) - return -ENOMEM; - - spin_lock(&pde->pde_unload_lock); - if (!pde->proc_fops) { - spin_unlock(&pde->pde_unload_lock); - kfree(pdeo); - return -EINVAL; - } - pde->pde_users++; - open = pde->proc_fops->open; - release = pde->proc_fops->release; - spin_unlock(&pde->pde_unload_lock); - - if (open) - rv = open(inode, file); - - spin_lock(&pde->pde_unload_lock); - if (rv == 0 && release) { - /* To know what to release. */ - pdeo->inode = inode; - pdeo->file = file; - /* Strictly for "too late" ->release in proc_reg_release(). */ - pdeo->release = release; - list_add(&pdeo->lh, &pde->pde_openers); - } else - kfree(pdeo); - __pde_users_dec(pde); - spin_unlock(&pde->pde_unload_lock); - return rv; -} - -static struct pde_opener *find_pde_opener(struct proc_dir_entry *pde, - struct inode *inode, struct file *file) -{ - struct pde_opener *pdeo; - - list_for_each_entry(pdeo, &pde->pde_openers, lh) { - if (pdeo->inode == inode && pdeo->file == file) - return pdeo; - } - return NULL; -} - -static int proc_reg_release(struct inode *inode, struct file *file) -{ - struct proc_dir_entry *pde = PDE(inode); - int rv = 0; - int (*release)(struct inode *, struct file *); - struct pde_opener *pdeo; - - spin_lock(&pde->pde_unload_lock); - pdeo = find_pde_opener(pde, inode, file); - if (!pde->proc_fops) { - /* - * Can't simply exit, __fput() will think that everything is OK, - * and move on to freeing struct file. remove_proc_entry() will - * find slacker in opener's list and will try to do non-trivial - * things with struct file. Therefore, remove opener from list. - * - * But if opener is removed from list, who will ->release it? - */ - if (pdeo) { - list_del(&pdeo->lh); - spin_unlock(&pde->pde_unload_lock); - rv = pdeo->release(inode, file); - kfree(pdeo); - } else - spin_unlock(&pde->pde_unload_lock); - return rv; - } - pde->pde_users++; - release = pde->proc_fops->release; - if (pdeo) { - list_del(&pdeo->lh); - kfree(pdeo); - } - spin_unlock(&pde->pde_unload_lock); - - if (release) - rv = release(inode, file); - - pde_users_dec(pde); - return rv; -} - -static const struct file_operations proc_reg_file_ops = { - .llseek = proc_reg_llseek, - .read = proc_reg_read, - .write = proc_reg_write, - .poll = proc_reg_poll, - .unlocked_ioctl = proc_reg_unlocked_ioctl, -#ifdef CONFIG_COMPAT - .compat_ioctl = proc_reg_compat_ioctl, -#endif - .mmap = proc_reg_mmap, - .open = proc_reg_open, - .release = proc_reg_release, -}; - -#ifdef CONFIG_COMPAT -static const struct file_operations proc_reg_file_ops_no_compat = { - .llseek = proc_reg_llseek, - .read = proc_reg_read, - .write = proc_reg_write, - .poll = proc_reg_poll, - .unlocked_ioctl = proc_reg_unlocked_ioctl, - .mmap = proc_reg_mmap, - .open = proc_reg_open, - .release = proc_reg_release, -}; -#endif - struct inode *proc_get_inode(struct super_block *sb, unsigned int ino, struct proc_dir_entry *de) { @@ -465,19 +141,8 @@ struct inode *proc_get_inode(struct super_block *sb, unsigned int ino, inode->i_nlink = de->nlink; if (de->proc_iops) inode->i_op = de->proc_iops; - if (de->proc_fops) { - if (S_ISREG(inode->i_mode)) { -#ifdef CONFIG_COMPAT - if (!de->proc_fops->compat_ioctl) - inode->i_fop = - &proc_reg_file_ops_no_compat; - else -#endif - inode->i_fop = &proc_reg_file_ops; - } else { - inode->i_fop = de->proc_fops; - } - } + if (de->proc_fops) + inode->i_fop = de->proc_fops; unlock_new_inode(inode); } else de_put(de); diff --git a/fs/proc/internal.h b/fs/proc/internal.h index f6db961..ea658ac 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -92,3 +92,5 @@ struct pde_opener { struct list_head lh; }; void pde_users_dec(struct proc_dir_entry *pde); + +extern struct file_system_type proc_fs_type; diff --git a/fs/proc/root.c b/fs/proc/root.c index 1e15a2b..ba7a99d 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c @@ -96,7 +96,7 @@ static void proc_kill_sb(struct super_block *sb) put_pid_ns(ns); } -static struct file_system_type proc_fs_type = { +struct file_system_type proc_fs_type = { .name = "proc", .get_sb = proc_get_sb, .kill_sb = proc_kill_sb, diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index fbfa3d4..2baeb37 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -72,10 +72,6 @@ struct proc_dir_entry { read_proc_t *read_proc; write_proc_t *write_proc; atomic_t count; /* use count */ - int pde_users; /* number of callers into module in progress */ - spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */ - struct completion *pde_unload_completion; - struct list_head pde_openers; /* who did ->open, but not ->release */ }; struct kcore_list { -- 1.6.1.2.350.g88cc -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail202.messagelabs.com (mail202.messagelabs.com [216.82.254.227]) by kanga.kvack.org (Postfix) with ESMTP id 781DA5F0001 for ; Sat, 11 Apr 2009 11:58:08 -0400 (EDT) Date: Sat, 11 Apr 2009 16:58:52 +0100 From: Al Viro Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support Message-ID: <20090411155852.GV26366@ZenIV.linux.org.uk> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: On Sat, Apr 11, 2009 at 05:01:29AM -0700, Eric W. Biederman wrote: > A couple of weeks ago I found myself looking at the uio, seeing that > it does not support pci hot-unplug, and thinking "Great yet another > implementation of hotunplug logic that needs to be added". > > I decided to see what it would take to add a generic implementation of > the code we have for supporting hot unplugging devices in sysfs, proc, > sysctl, tty_io, and now almost in the tun driver. > > Not long after I touched the tun driver and made it safe to delete the > network device while still holding it's file descriptor open I someone > else touch the code adding a different feature and my careful work > went up in flames. Which brought home another point at the best of it > this is ultimately complex tricky code that subsystems should not need > to worry about. > > What makes this even more interesting is that in the presence of pci > hot-unplug it looks like most subsystems and most devices will have to > deal with the issue one way or another. Ehh... The real mess is in things like "TTY in the middle of random ioctl" and there's another pile that won't be solved on struct file level - individual fs internals ;-/ > This infrastructure could also be used to implement sys_revoke and > when I could not think of a better name I have drawn on that. Yes, that's more or less obvious direction for revoke(), but there's a problem with locking overhead that always scared me away from that. Maybe I'm wrong, though... In any case, you want to carefully check the overhead and cacheline bouncing implications for things like pipes and sockets. Hell knows, maybe it'll work out, but... Anyway, the really nasty part of revoke() (and true SAK, which is obviously related) is handling of deep-inside-the-driver ioctls. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail137.messagelabs.com (mail137.messagelabs.com [216.82.249.19]) by kanga.kvack.org (Postfix) with SMTP id 0012A5F0001 for ; Sat, 11 Apr 2009 12:48:57 -0400 (EDT) References: <20090411155852.GV26366@ZenIV.linux.org.uk> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 09:49:36 -0700 In-Reply-To: <20090411155852.GV26366@ZenIV.linux.org.uk> (Al Viro's message of "Sat\, 11 Apr 2009 16\:58\:52 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support Sender: owner-linux-mm@kvack.org To: Al Viro Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Al Viro writes: > On Sat, Apr 11, 2009 at 05:01:29AM -0700, Eric W. Biederman wrote: > >> A couple of weeks ago I found myself looking at the uio, seeing that >> it does not support pci hot-unplug, and thinking "Great yet another >> implementation of hotunplug logic that needs to be added". >> >> I decided to see what it would take to add a generic implementation of >> the code we have for supporting hot unplugging devices in sysfs, proc, >> sysctl, tty_io, and now almost in the tun driver. >> >> Not long after I touched the tun driver and made it safe to delete the >> network device while still holding it's file descriptor open I someone >> else touch the code adding a different feature and my careful work >> went up in flames. Which brought home another point at the best of it >> this is ultimately complex tricky code that subsystems should not need >> to worry about. >> >> What makes this even more interesting is that in the presence of pci >> hot-unplug it looks like most subsystems and most devices will have to >> deal with the issue one way or another. > > Ehh... The real mess is in things like "TTY in the middle of random > ioctl" and there's another pile that won't be solved on struct file > level - individual fs internals ;-/ I haven't tackled code with a noticeable number of ioctls yet. But if they are anything like what I have seen so far, a ref count to see that you are in the still executing a function (so you don't pull the rug out) from under it, and an additional method to say stop sleeping and return should be sufficient. >> This infrastructure could also be used to implement sys_revoke and >> when I could not think of a better name I have drawn on that. > > Yes, that's more or less obvious direction for revoke(), but there's a > problem with locking overhead that always scared me away from that. > Maybe I'm wrong, though... In any case, you want to carefully check > the overhead and cacheline bouncing implications for things like pipes > and sockets. Hell knows, maybe it'll work out, but... I took a careful look and I can't claim perfection at this stage but I don't think there are any significant performance impacts from my code. Further I am confident that if someone finds some performance issues I will be able to understand and address them without a redesign. While working on this I took a good hard look at the overhead I have added to single byte reads and writes (operations that are dominated by any possible overhead I am adding) and currently I am within 2% of the case without my refcounting/locking. I would be interested in anyone running micro benchmarks against my patches and giving me feedback. The fact that in the common case only one task ever accesses a struct file leaves a lot of room for optimization. > Anyway, the really nasty part of revoke() (and true SAK, which is obviously > related) is handling of deep-inside-the-driver ioctls. I doubt I have solved all of the problems. My goals are more modest than a revoke that works for every possible file in the system. I just want a common implementation of refcounting and blocking unregistration code that can be used to solve the common problem I see in sysfs, sysctl, proc, etc. I completely expect to need to modify the code to take advantage of the infrastructure. Patch 9/9 has an example of that, modifying proc so that it uses the infrastructure I add and removing 400 lines of code. I do think that what I have built once it is in use will make a good foundation for building the rest of revoke. Mostly because I am solving common problems once in a common way. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with ESMTP id DA67D5F0001 for ; Sat, 11 Apr 2009 12:56:07 -0400 (EDT) Date: Sat, 11 Apr 2009 17:56:51 +0100 From: Al Viro Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support Message-ID: <20090411165651.GW26366@ZenIV.linux.org.uk> References: <20090411155852.GV26366@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: On Sat, Apr 11, 2009 at 09:49:36AM -0700, Eric W. Biederman wrote: > The fact that in the common case only one task ever accesses a struct > file leaves a lot of room for optimization. I'm not at all sure that it's a good assumption; even leaving aside e.g. several tasks sharing stdout/stderr, a bunch of datagrams coming out of several threads over the same socket is quite possible. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail190.messagelabs.com (mail190.messagelabs.com [216.82.249.51]) by kanga.kvack.org (Postfix) with SMTP id 96F665F0001 for ; Sat, 11 Apr 2009 19:56:40 -0400 (EDT) References: <20090411155852.GV26366@ZenIV.linux.org.uk> <20090411165651.GW26366@ZenIV.linux.org.uk> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sat, 11 Apr 2009 16:57:25 -0700 In-Reply-To: <20090411165651.GW26366@ZenIV.linux.org.uk> (Al Viro's message of "Sat\, 11 Apr 2009 17\:56\:51 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support Sender: owner-linux-mm@kvack.org To: Al Viro Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Al Viro writes: > On Sat, Apr 11, 2009 at 09:49:36AM -0700, Eric W. Biederman wrote: > >> The fact that in the common case only one task ever accesses a struct >> file leaves a lot of room for optimization. > > I'm not at all sure that it's a good assumption; even leaving aside e.g. > several tasks sharing stdout/stderr, a bunch of datagrams coming out of > several threads over the same socket is quite possible. Maybe not. However those cases are already more expensive today. Somewhere along the way we are already going to get cache line ping pongs if there is real contention, and we are going to see the cost of atomic operations. In which case the extra ref counting I am doing is a little more expensive. And when I say a little more expensive I mean 10-20ns per read/write more expensive. At the same time if the common case really is applications not sharing file descriptors (which seems sane) my current optimization easily keeps the cost to practically nothing. Using the srcu locking would also keep the cost down in the noise because it guarantees non-shared cachelines and no expensive atomic operations. srcu has the downside of requiring per cpu memory which seems wrong to me somehow. However there are hybrid models like what is used in mnt_want_write that are possible to limit the total amount of per cpu memory while still getting the advantages. Beyond that for correctness it looks like a pay me now or pay me later situation. Do we track when we are in the methods for an object generically where we can do the work once, and then concentrate on enhancements. Or do we bog ourselves down using inferior implementations that are replicated in varying ways from subsystem to subsystem, and spend our time fighting the bugs in the subsystems? I have the refcount/locking abstraction wrapped and have only to perform the most basic of optimizations. So if we need to do something more it should be easy. Is performance your only concern with my patches? Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with ESMTP id 6B1925F0001 for ; Sun, 12 Apr 2009 14:56:11 -0400 (EDT) Date: Sun, 12 Apr 2009 19:56:59 +0100 From: Jamie Lokier Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Message-ID: <20090412185659.GE4394@shareable.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: > revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is > always ready for I/O and return -EIO from all other operations. I think read should return -EIO too. If a program is reading from a /proc file (say), and the thing it's reading suddenly disappears, EOF gives the false impression that it's read to the end of formatted data from that file and it can process the data as if it's complete, which is wrong. -- Jamie -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail143.messagelabs.com (mail143.messagelabs.com [216.82.254.35]) by kanga.kvack.org (Postfix) with SMTP id DEA345F0001 for ; Sun, 12 Apr 2009 16:04:16 -0400 (EDT) References: <20090412185659.GE4394@shareable.org> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 12 Apr 2009 13:04:09 -0700 In-Reply-To: <20090412185659.GE4394@shareable.org> (Jamie Lokier's message of "Sun\, 12 Apr 2009 19\:56\:59 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Sender: owner-linux-mm@kvack.org To: Jamie Lokier Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Jamie Lokier writes: >> revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is >> always ready for I/O and return -EIO from all other operations. > > I think read should return -EIO too. If a program is reading from a > /proc file (say), and the thing it's reading suddenly disappears, EOF > gives the false impression that it's read to the end of formatted data > from that file and it can process the data as if it's complete, which > is wrong. Good point EIO is the current read return value for a removed proc file. For closed pipes, and hung up ttys the read return value is 0, and from my reading that is what bsd returns after a sys_revoke. The reason I have f_op settable is because I never expected complete agreement on the return codes, and because it makes auditing and spotting this kind of thing easier. I guess I should make two variations on revoked_file_ops then. Say eof_file_ops, eio_file_ops. Identical except for their treatment of reads. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with SMTP id EDC4C5F0001 for ; Sun, 12 Apr 2009 16:21:22 -0400 (EDT) References: <20090411155852.GV26366@ZenIV.linux.org.uk> <20090411165651.GW26366@ZenIV.linux.org.uk> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 12 Apr 2009 13:21:35 -0700 In-Reply-To: <20090411165651.GW26366@ZenIV.linux.org.uk> (Al Viro's message of "Sat\, 11 Apr 2009 17\:56\:51 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support Sender: owner-linux-mm@kvack.org To: Al Viro Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Al Viro writes: > On Sat, Apr 11, 2009 at 09:49:36AM -0700, Eric W. Biederman wrote: > >> The fact that in the common case only one task ever accesses a struct >> file leaves a lot of room for optimization. > > I'm not at all sure that it's a good assumption; even leaving aside e.g. > several tasks sharing stdout/stderr, a bunch of datagrams coming out of > several threads over the same socket is quite possible. I have thought about this a little more and a solution to ensure this is not a problem for code that has not opted in to this new functionality is simple. Require uses that need it to set FMODE_REVOKE. It is no extra code and it keeps the absolute worst case behavior for existing code down an additional branch mispredict. It is worth doing anyway because it cleans up the abstraction and makes it clear where revoke is supported. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with ESMTP id 9FB1C5F0001 for ; Sun, 12 Apr 2009 16:30:44 -0400 (EDT) Date: Sun, 12 Apr 2009 21:31:07 +0100 From: Jamie Lokier Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Message-ID: <20090412203107.GH4394@shareable.org> References: <20090412185659.GE4394@shareable.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Eric W. Biederman wrote: > >> revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is > >> always ready for I/O and return -EIO from all other operations. > > > > I think read should return -EIO too. If a program is reading from a > > /proc file (say), and the thing it's reading suddenly disappears, EOF > > gives the false impression that it's read to the end of formatted data > > from that file and it can process the data as if it's complete, which > > is wrong. > > Good point EIO is the current read return value for a removed proc file. > > For closed pipes, and hung up ttys the read return value is 0, and from > my reading that is what bsd returns after a sys_revoke. A few suggestions below. Feel free to ignore them on account of the basic revoking functionality being more important :-) I'm not sure a revoked pipe should look like a normally closed one. ECONNRESET? For hung up ttys, I agree. But where's the SIGHUP :-) You probably do want the process using it to die if it's not handling SIGHUP, because terminal-using processes don't always terminate themselves on EOF. For things writing to a pipe or file, SIGPIPE may be appropriate in addition to EIO, to avoid runaway processes. Looks odd I know. For writing to a terminal, SIGHUP again. > The reason I have f_op settable is because I never expected complete > agreement on the return codes, and because it makes auditing and spotting > this kind of thing easier. > > I guess I should make two variations on revoked_file_ops then. Say > eof_file_ops, eio_file_ops. Identical except for their treatment of > reads. Fair enough. It's good to have good defaults. I'm not convinced eof_file_ops is ever a good default. sighup_file_ops and sigpipe_file_ops maybe :-) -- Jamie -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail144.messagelabs.com (mail144.messagelabs.com [216.82.254.51]) by kanga.kvack.org (Postfix) with SMTP id 83CD65F0001 for ; Sun, 12 Apr 2009 16:54:01 -0400 (EDT) References: <20090412185659.GE4394@shareable.org> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 12 Apr 2009 13:54:45 -0700 In-Reply-To: (Eric W. Biederman's message of "Sun\, 12 Apr 2009 13\:04\:09 -0700") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Sender: owner-linux-mm@kvack.org To: Jamie Lokier Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: ebiederm@xmission.com (Eric W. Biederman) writes: > Jamie Lokier writes: > >>> revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is >>> always ready for I/O and return -EIO from all other operations. >> >> I think read should return -EIO too. If a program is reading from a >> /proc file (say), and the thing it's reading suddenly disappears, EOF >> gives the false impression that it's read to the end of formatted data >> from that file and it can process the data as if it's complete, which >> is wrong. I just thought about that some more and I am not convinced. In general the current return values from proc after an I/O operation are suspect. seek returns -EINVAL instead of -EIO. poll returns DEFAULT_POLLMASK (which doesn't set POLLERR). So I am not convinced that the existing proc return values on error are correct, and they are recent additions so the historical precedent is not especially large. EOF does give the impression that you have read all of the data from the /proc file, and that is in fact the case. There is no more data coming from that proc file. That the data is stale is well know. That the data is not atomic, anything that spans more than a single read is not atomic. So I don't see what returning EIO adds to the equation. Perhaps that your fragile user space string parser may break? EOF gives a clear indication the application should stop reading the data, because there is no more. EIO only says that the was a problem. I don't know of anything that depends on the rmmod behavior either way. But if we can get away with it I would like to use something that is generally useful instead of something that only makes sense in the context of proc. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with ESMTP id 08C415F0001 for ; Sun, 12 Apr 2009 17:03:00 -0400 (EDT) Date: Sun, 12 Apr 2009 22:02:56 +0100 From: Jamie Lokier Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Message-ID: <20090412210256.GK4394@shareable.org> References: <20090412185659.GE4394@shareable.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Eric W. Biederman wrote: > I just thought about that some more and I am not convinced. > > In general the current return values from proc after an I/O operation > are suspect. seek returns -EINVAL instead of -EIO. poll returns > DEFAULT_POLLMASK (which doesn't set POLLERR). So I am not convinced > that the existing proc return values on error are correct, and they > are recent additions so the historical precedent is not especially > large. > > EOF does give the impression that you have read all of the data from > the /proc file, and that is in fact the case. There is no more > data coming from that proc file. > > That the data is stale is well know. > > That the data is not atomic, anything that spans more than a single > read is not atomic. > > So I don't see what returning EIO adds to the equation. Perhaps > that your fragile user space string parser may break? > > EOF gives a clear indication the application should stop reading > the data, because there is no more. > > EIO only says that the was a problem. > > I don't know of anything that depends on the rmmod behavior either > way. But if we can get away with it I would like to use something > that is generally useful instead of something that only makes > sense in the context of proc. I'm not thinking of proc, really. More thinking of applications: EOF effectively means "whole file read without error - now do the next thing". If a filesystem file is revoked (umount -f), you definitely want to stop that Makefile which is copying a file from the unmounted filesystem to a target file. Otherwise you get inconsistent states which can only occur as a result of this umount -f, something Makefiles should never have to care about. rmmod behaviour is not something any app should see normally. Unexpected behaviour when files are oddly truncated (despite never being written that way) is not "fragile user space". So whatever it returns, it should be some error code, imho. -- Jamie -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail144.messagelabs.com (mail144.messagelabs.com [216.82.254.51]) by kanga.kvack.org (Postfix) with SMTP id EFB9F5F0001 for ; Sun, 12 Apr 2009 17:53:11 -0400 (EDT) References: <20090412185659.GE4394@shareable.org> <20090412203107.GH4394@shareable.org> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 12 Apr 2009 14:53:51 -0700 In-Reply-To: <20090412203107.GH4394@shareable.org> (Jamie Lokier's message of "Sun\, 12 Apr 2009 21\:31\:07 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Sender: owner-linux-mm@kvack.org To: Jamie Lokier Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Jamie Lokier writes: > Eric W. Biederman wrote: >> >> revoked_file_ops return 0 from reads (aka EOF). Tell poll the file is >> >> always ready for I/O and return -EIO from all other operations. >> > >> > I think read should return -EIO too. If a program is reading from a >> > /proc file (say), and the thing it's reading suddenly disappears, EOF >> > gives the false impression that it's read to the end of formatted data >> > from that file and it can process the data as if it's complete, which >> > is wrong. >> >> Good point EIO is the current read return value for a removed proc file. >> >> For closed pipes, and hung up ttys the read return value is 0, and from >> my reading that is what bsd returns after a sys_revoke. > > A few suggestions below. Feel free to ignore them on account of the > basic revoking functionality being more important :-) I think I will. This seems to be the part of the code that is easily approachable and it is going to be easy to have different opinions on, and there is no one right answer. For now I'm just going to pick my best understanding of what BSD did. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail138.messagelabs.com (mail138.messagelabs.com [216.82.249.35]) by kanga.kvack.org (Postfix) with SMTP id 2D8B95F0001 for ; Sun, 12 Apr 2009 19:06:38 -0400 (EDT) References: <20090412185659.GE4394@shareable.org> <20090412210256.GK4394@shareable.org> From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 12 Apr 2009 16:06:34 -0700 In-Reply-To: <20090412210256.GK4394@shareable.org> (Jamie Lokier's message of "Sun\, 12 Apr 2009 22\:02\:56 +0100") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations Sender: owner-linux-mm@kvack.org To: Jamie Lokier Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Tejun Heo , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Jamie Lokier writes: > Eric W. Biederman wrote: >> I just thought about that some more and I am not convinced. >> >> In general the current return values from proc after an I/O operation >> are suspect. seek returns -EINVAL instead of -EIO. poll returns >> DEFAULT_POLLMASK (which doesn't set POLLERR). So I am not convinced >> that the existing proc return values on error are correct, and they >> are recent additions so the historical precedent is not especially >> large. >> >> EOF does give the impression that you have read all of the data from >> the /proc file, and that is in fact the case. There is no more >> data coming from that proc file. >> >> That the data is stale is well know. >> >> That the data is not atomic, anything that spans more than a single >> read is not atomic. >> >> So I don't see what returning EIO adds to the equation. Perhaps >> that your fragile user space string parser may break? >> >> EOF gives a clear indication the application should stop reading >> the data, because there is no more. >> >> EIO only says that the was a problem. >> >> I don't know of anything that depends on the rmmod behavior either >> way. But if we can get away with it I would like to use something >> that is generally useful instead of something that only makes >> sense in the context of proc. > > I'm not thinking of proc, really. More thinking of applications: EOF > effectively means "whole file read without error - now do the next thing". > > If a filesystem file is revoked (umount -f), you definitely want to > stop that Makefile which is copying a file from the unmounted > filesystem to a target file. Otherwise you get inconsistent states > which can only occur as a result of this umount -f, something > Makefiles should never have to care about. > > rmmod behaviour is not something any app should see normally. > Unexpected behaviour when files are oddly truncated (despite never > being written that way) is not "fragile user space". So whatever it > returns, it should be some error code, imho. Well I just took a look at NetBSD 4.0.1 and it appears they agree with you. Plus I'm starting to feel a lot better about the linux manual pages, as the revoke(2) man pages from the BSDs describe different error codes than the implementation, and they fail to mention revoke appears to work on ordinary files as well. If the file is not a tty EIO is returned from read. opens return ENXIO writes return EIO ioctl returns EBADF close returns 0 Operations that just lookup the vnode simply return EBADF. I don't know if that is perfectly correct for the linux case. EBADF usually means the file descriptor specified isn't open. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail172.messagelabs.com (mail172.messagelabs.com [216.82.254.3]) by kanga.kvack.org (Postfix) with ESMTP id 19F0D5F0001 for ; Mon, 13 Apr 2009 23:15:34 -0400 (EDT) Message-ID: <49E4000E.10308@kernel.org> Date: Tue, 14 Apr 2009 12:16:30 +0900 From: Tejun Heo MIME-Version: 1.0 Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Hello, Eric. Eric W. Biederman wrote: > A couple of weeks ago I found myself looking at the uio, seeing that > it does not support pci hot-unplug, and thinking "Great yet another > implementation of hotunplug logic that needs to be added". > > I decided to see what it would take to add a generic implementation of > the code we have for supporting hot unplugging devices in sysfs, proc, > sysctl, tty_io, and now almost in the tun driver. > > Not long after I touched the tun driver and made it safe to delete the > network device while still holding it's file descriptor open I someone > else touch the code adding a different feature and my careful work > went up in flames. Which brought home another point at the best of it > this is ultimately complex tricky code that subsystems should not need > to worry about. I like the way it's headed. I'm trying to add similar 'revoke' or 'sever' mechanism at block and char device layers so that low level drivers don't have to worry about object lifetimes and so on. Doing it at the file layer makes sense and can probably replace whatever mechanism at the chardev. The biggest obstacle was the extra in-use reference count overhead. I thought it could be solved by implementing generic percpu reference count similar to the one used for module reference counting. Hot path overhead could be reduced to local_t cmpxchg (w/o LOCK prefix) on per-cpu variable + one branch, which was pretty good. The problem was that space and access overhead for dynamic per-cpu variables wasn't too good, so I started working on dynamic percpu allocator. The dynamic per-cpu allocator is pretty close to completion. Only several archs need to be converted and it's likely to happen during next few months. The plan after that was 1. add per-cpu local_t accessors (might replace local_t completely) 2. add generic per-cpu reference counter and move module reference counting to it 3. implement block/chardev sever (or revoke) support. I think #3 can be merged with what you're working on. What do you think? Thanks. -- tejun -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail143.messagelabs.com (mail143.messagelabs.com [216.82.254.35]) by kanga.kvack.org (Postfix) with SMTP id 0C4C25F0001 for ; Tue, 14 Apr 2009 03:38:57 -0400 (EDT) Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support References: <49E4000E.10308@kernel.org> From: ebiederm@xmission.com (Eric W. Biederman) Date: Tue, 14 Apr 2009 00:39:25 -0700 In-Reply-To: <49E4000E.10308@kernel.org> (Tejun Heo's message of "Tue\, 14 Apr 2009 12\:16\:30 +0900") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-linux-mm@kvack.org To: Tejun Heo Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins , Alexey Dobriyan , Linus Torvalds , Alan Cox , Greg Kroah-Hartman List-ID: Tejun Heo writes: > Hello, Eric. > > Eric W. Biederman wrote: >> A couple of weeks ago I found myself looking at the uio, seeing that >> it does not support pci hot-unplug, and thinking "Great yet another >> implementation of hotunplug logic that needs to be added". >> >> I decided to see what it would take to add a generic implementation of >> the code we have for supporting hot unplugging devices in sysfs, proc, >> sysctl, tty_io, and now almost in the tun driver. >> >> Not long after I touched the tun driver and made it safe to delete the >> network device while still holding it's file descriptor open I someone >> else touch the code adding a different feature and my careful work >> went up in flames. Which brought home another point at the best of it >> this is ultimately complex tricky code that subsystems should not need >> to worry about. > > I like the way it's headed. I'm trying to add similar 'revoke' or > 'sever' mechanism at block and char device layers so that low level > drivers don't have to worry about object lifetimes and so on. Doing > it at the file layer makes sense and can probably replace whatever > mechanism at the chardev. > > The biggest obstacle was the extra in-use reference count overhead. I > thought it could be solved by implementing generic percpu reference > count similar to the one used for module reference counting. Hot path > overhead could be reduced to local_t cmpxchg (w/o LOCK prefix) on > per-cpu variable + one branch, which was pretty good. The problem was > that space and access overhead for dynamic per-cpu variables wasn't > too good, so I started working on dynamic percpu allocator. > > The dynamic per-cpu allocator is pretty close to completion. Only > several archs need to be converted and it's likely to happen during > next few months. The plan after that was 1. add per-cpu local_t > accessors (might replace local_t completely) 2. add generic per-cpu > reference counter and move module reference counting to it > 3. implement block/chardev sever (or revoke) support. > > I think #3 can be merged with what you're working on. What do you > think? Sounds reasonable. Do you know of a case where we actually have multiple tasks accessing a file simultaneously? I just instrumented up my patch an so far the only case I have found are multiple processes closing the same file. Some weird part of bash forking extra processes. Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail143.messagelabs.com (mail143.messagelabs.com [216.82.254.35]) by kanga.kvack.org (Postfix) with ESMTP id 50C0E5F0001 for ; Tue, 14 Apr 2009 03:44:59 -0400 (EDT) Message-ID: <49E43F1D.3070400@kernel.org> Date: Tue, 14 Apr 2009 16:45:33 +0900 From: Tejun Heo MIME-Version: 1.0 Subject: Re: [RFC][PATCH 0/9] File descriptor hot-unplug support References: <49E4000E.10308@kernel.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org To: "Eric W. Biederman" Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Al Viro , Hugh Dickins