NFSv4: Fix an rpc_cred reference leakage in fs/nfs/delegation.c
[linux-2.6] / fs / dcookies.c
1 /*
2  * dcookies.c
3  *
4  * Copyright 2002 John Levon <levon@movementarian.org>
5  *
6  * Persistent cookie-path mappings. These are used by
7  * profilers to convert a per-task EIP value into something
8  * non-transitory that can be processed at a later date.
9  * This is done by locking the dentry/vfsmnt pair in the
10  * kernel until released by the tasks needing the persistent
11  * objects. The tag is simply an unsigned long that refers
12  * to the pair and can be looked up from userspace.
13  */
14
15 #include <linux/syscalls.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/list.h>
19 #include <linux/mount.h>
20 #include <linux/capability.h>
21 #include <linux/dcache.h>
22 #include <linux/mm.h>
23 #include <linux/err.h>
24 #include <linux/errno.h>
25 #include <linux/dcookies.h>
26 #include <linux/mutex.h>
27 #include <asm/uaccess.h>
28
29 /* The dcookies are allocated from a kmem_cache and
30  * hashed onto a small number of lists. None of the
31  * code here is particularly performance critical
32  */
33 struct dcookie_struct {
34         struct dentry * dentry;
35         struct vfsmount * vfsmnt;
36         struct list_head hash_list;
37 };
38
39 static LIST_HEAD(dcookie_users);
40 static DEFINE_MUTEX(dcookie_mutex);
41 static struct kmem_cache *dcookie_cache __read_mostly;
42 static struct list_head *dcookie_hashtable __read_mostly;
43 static size_t hash_size __read_mostly;
44
45 static inline int is_live(void)
46 {
47         return !(list_empty(&dcookie_users));
48 }
49
50
51 /* The dentry is locked, its address will do for the cookie */
52 static inline unsigned long dcookie_value(struct dcookie_struct * dcs)
53 {
54         return (unsigned long)dcs->dentry;
55 }
56
57
58 static size_t dcookie_hash(unsigned long dcookie)
59 {
60         return (dcookie >> L1_CACHE_SHIFT) & (hash_size - 1);
61 }
62
63
64 static struct dcookie_struct * find_dcookie(unsigned long dcookie)
65 {
66         struct dcookie_struct *found = NULL;
67         struct dcookie_struct * dcs;
68         struct list_head * pos;
69         struct list_head * list;
70
71         list = dcookie_hashtable + dcookie_hash(dcookie);
72
73         list_for_each(pos, list) {
74                 dcs = list_entry(pos, struct dcookie_struct, hash_list);
75                 if (dcookie_value(dcs) == dcookie) {
76                         found = dcs;
77                         break;
78                 }
79         }
80
81         return found;
82 }
83
84
85 static void hash_dcookie(struct dcookie_struct * dcs)
86 {
87         struct list_head * list = dcookie_hashtable + dcookie_hash(dcookie_value(dcs));
88         list_add(&dcs->hash_list, list);
89 }
90
91
92 static struct dcookie_struct * alloc_dcookie(struct dentry * dentry,
93         struct vfsmount * vfsmnt)
94 {
95         struct dcookie_struct * dcs = kmem_cache_alloc(dcookie_cache, GFP_KERNEL);
96         if (!dcs)
97                 return NULL;
98
99         dentry->d_cookie = dcs;
100
101         dcs->dentry = dget(dentry);
102         dcs->vfsmnt = mntget(vfsmnt);
103         hash_dcookie(dcs);
104
105         return dcs;
106 }
107
108
109 /* This is the main kernel-side routine that retrieves the cookie
110  * value for a dentry/vfsmnt pair.
111  */
112 int get_dcookie(struct dentry * dentry, struct vfsmount * vfsmnt,
113         unsigned long * cookie)
114 {
115         int err = 0;
116         struct dcookie_struct * dcs;
117
118         mutex_lock(&dcookie_mutex);
119
120         if (!is_live()) {
121                 err = -EINVAL;
122                 goto out;
123         }
124
125         dcs = dentry->d_cookie;
126
127         if (!dcs)
128                 dcs = alloc_dcookie(dentry, vfsmnt);
129
130         if (!dcs) {
131                 err = -ENOMEM;
132                 goto out;
133         }
134
135         *cookie = dcookie_value(dcs);
136
137 out:
138         mutex_unlock(&dcookie_mutex);
139         return err;
140 }
141
142
143 /* And here is where the userspace process can look up the cookie value
144  * to retrieve the path.
145  */
146 asmlinkage long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
147 {
148         unsigned long cookie = (unsigned long)cookie64;
149         int err = -EINVAL;
150         char * kbuf;
151         char * path;
152         size_t pathlen;
153         struct dcookie_struct * dcs;
154
155         /* we could leak path information to users
156          * without dir read permission without this
157          */
158         if (!capable(CAP_SYS_ADMIN))
159                 return -EPERM;
160
161         mutex_lock(&dcookie_mutex);
162
163         if (!is_live()) {
164                 err = -EINVAL;
165                 goto out;
166         }
167
168         if (!(dcs = find_dcookie(cookie)))
169                 goto out;
170
171         err = -ENOMEM;
172         kbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
173         if (!kbuf)
174                 goto out;
175
176         /* FIXME: (deleted) ? */
177         path = d_path(dcs->dentry, dcs->vfsmnt, kbuf, PAGE_SIZE);
178
179         if (IS_ERR(path)) {
180                 err = PTR_ERR(path);
181                 goto out_free;
182         }
183
184         err = -ERANGE;
185  
186         pathlen = kbuf + PAGE_SIZE - path;
187         if (pathlen <= len) {
188                 err = pathlen;
189                 if (copy_to_user(buf, path, pathlen))
190                         err = -EFAULT;
191         }
192
193 out_free:
194         kfree(kbuf);
195 out:
196         mutex_unlock(&dcookie_mutex);
197         return err;
198 }
199
200
201 static int dcookie_init(void)
202 {
203         struct list_head * d;
204         unsigned int i, hash_bits;
205         int err = -ENOMEM;
206
207         dcookie_cache = kmem_cache_create("dcookie_cache",
208                 sizeof(struct dcookie_struct),
209                 0, 0, NULL);
210
211         if (!dcookie_cache)
212                 goto out;
213
214         dcookie_hashtable = kmalloc(PAGE_SIZE, GFP_KERNEL);
215         if (!dcookie_hashtable)
216                 goto out_kmem;
217
218         err = 0;
219
220         /*
221          * Find the power-of-two list-heads that can fit into the allocation..
222          * We don't guarantee that "sizeof(struct list_head)" is necessarily
223          * a power-of-two.
224          */
225         hash_size = PAGE_SIZE / sizeof(struct list_head);
226         hash_bits = 0;
227         do {
228                 hash_bits++;
229         } while ((hash_size >> hash_bits) != 0);
230         hash_bits--;
231
232         /*
233          * Re-calculate the actual number of entries and the mask
234          * from the number of bits we can fit.
235          */
236         hash_size = 1UL << hash_bits;
237
238         /* And initialize the newly allocated array */
239         d = dcookie_hashtable;
240         i = hash_size;
241         do {
242                 INIT_LIST_HEAD(d);
243                 d++;
244                 i--;
245         } while (i);
246
247 out:
248         return err;
249 out_kmem:
250         kmem_cache_destroy(dcookie_cache);
251         goto out;
252 }
253
254
255 static void free_dcookie(struct dcookie_struct * dcs)
256 {
257         dcs->dentry->d_cookie = NULL;
258         dput(dcs->dentry);
259         mntput(dcs->vfsmnt);
260         kmem_cache_free(dcookie_cache, dcs);
261 }
262
263
264 static void dcookie_exit(void)
265 {
266         struct list_head * list;
267         struct list_head * pos;
268         struct list_head * pos2;
269         struct dcookie_struct * dcs;
270         size_t i;
271
272         for (i = 0; i < hash_size; ++i) {
273                 list = dcookie_hashtable + i;
274                 list_for_each_safe(pos, pos2, list) {
275                         dcs = list_entry(pos, struct dcookie_struct, hash_list);
276                         list_del(&dcs->hash_list);
277                         free_dcookie(dcs);
278                 }
279         }
280
281         kfree(dcookie_hashtable);
282         kmem_cache_destroy(dcookie_cache);
283 }
284
285
286 struct dcookie_user {
287         struct list_head next;
288 };
289  
290 struct dcookie_user * dcookie_register(void)
291 {
292         struct dcookie_user * user;
293
294         mutex_lock(&dcookie_mutex);
295
296         user = kmalloc(sizeof(struct dcookie_user), GFP_KERNEL);
297         if (!user)
298                 goto out;
299
300         if (!is_live() && dcookie_init())
301                 goto out_free;
302
303         list_add(&user->next, &dcookie_users);
304
305 out:
306         mutex_unlock(&dcookie_mutex);
307         return user;
308 out_free:
309         kfree(user);
310         user = NULL;
311         goto out;
312 }
313
314
315 void dcookie_unregister(struct dcookie_user * user)
316 {
317         mutex_lock(&dcookie_mutex);
318
319         list_del(&user->next);
320         kfree(user);
321
322         if (!is_live())
323                 dcookie_exit();
324
325         mutex_unlock(&dcookie_mutex);
326 }
327
328 EXPORT_SYMBOL_GPL(dcookie_register);
329 EXPORT_SYMBOL_GPL(dcookie_unregister);
330 EXPORT_SYMBOL_GPL(get_dcookie);