2019-05-19 13:08:55 +01:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
2011-11-16 23:57:37 -05:00
|
|
|
#include <linux/export.h>
|
2017-02-08 18:51:30 +01:00
|
|
|
#include <linux/sched/signal.h>
|
2017-02-08 18:51:36 +01:00
|
|
|
#include <linux/sched/task.h>
|
2009-03-29 19:00:13 -04:00
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/path.h>
|
|
|
|
#include <linux/slab.h>
|
2009-03-29 19:50:06 -04:00
|
|
|
#include <linux/fs_struct.h>
|
2011-01-14 22:30:21 -05:00
|
|
|
#include "internal.h"
|
|
|
|
|
2009-03-29 19:00:13 -04:00
|
|
|
/*
|
|
|
|
* Replace the fs->{rootmnt,root} with {mnt,dentry}. Put the old values.
|
|
|
|
* It can block.
|
|
|
|
*/
|
2013-03-01 23:51:07 -05:00
|
|
|
void set_fs_root(struct fs_struct *fs, const struct path *path)
|
2009-03-29 19:00:13 -04:00
|
|
|
{
|
|
|
|
struct path old_root;
|
|
|
|
|
2012-06-09 00:59:08 -04:00
|
|
|
path_get(path);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock(&fs->lock);
|
2011-01-07 17:49:53 +11:00
|
|
|
write_seqcount_begin(&fs->seq);
|
2009-03-29 19:00:13 -04:00
|
|
|
old_root = fs->root;
|
|
|
|
fs->root = *path;
|
2011-01-07 17:49:53 +11:00
|
|
|
write_seqcount_end(&fs->seq);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_unlock(&fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
if (old_root.dentry)
|
2012-06-09 00:59:08 -04:00
|
|
|
path_put(&old_root);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Replace the fs->{pwdmnt,pwd} with {mnt,dentry}. Put the old values.
|
|
|
|
* It can block.
|
|
|
|
*/
|
2013-03-01 23:51:07 -05:00
|
|
|
void set_fs_pwd(struct fs_struct *fs, const struct path *path)
|
2009-03-29 19:00:13 -04:00
|
|
|
{
|
|
|
|
struct path old_pwd;
|
|
|
|
|
2012-06-09 00:59:08 -04:00
|
|
|
path_get(path);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock(&fs->lock);
|
2011-01-07 17:49:53 +11:00
|
|
|
write_seqcount_begin(&fs->seq);
|
2009-03-29 19:00:13 -04:00
|
|
|
old_pwd = fs->pwd;
|
|
|
|
fs->pwd = *path;
|
2011-01-07 17:49:53 +11:00
|
|
|
write_seqcount_end(&fs->seq);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_unlock(&fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
|
|
|
|
if (old_pwd.dentry)
|
2012-06-09 00:59:08 -04:00
|
|
|
path_put(&old_pwd);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
|
2012-03-15 14:48:55 -04:00
|
|
|
static inline int replace_path(struct path *p, const struct path *old, const struct path *new)
|
|
|
|
{
|
|
|
|
if (likely(p->dentry != old->dentry || p->mnt != old->mnt))
|
|
|
|
return 0;
|
|
|
|
*p = *new;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-03-01 23:51:07 -05:00
|
|
|
void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
|
2009-03-29 19:00:13 -04:00
|
|
|
{
|
|
|
|
struct task_struct *g, *p;
|
|
|
|
struct fs_struct *fs;
|
|
|
|
int count = 0;
|
|
|
|
|
|
|
|
read_lock(&tasklist_lock);
|
kill do_each_thread()
Eric has pointed out that we still have 3 users of do_each_thread().
Change them to use for_each_process_thread() and kill this helper.
There is a subtle change, after do_each_thread/while_each_thread g == t ==
&init_task, while after for_each_process_thread() they both point to
nowhere, but this doesn't matter.
> Why is for_each_process_thread() better than do_each_thread()?
Say, for_each_process_thread() is rcu safe, do_each_thread() is not.
And certainly
for_each_process_thread(p, t) {
do_something(p, t);
}
looks better than
do_each_thread(p, t) {
do_something(p, t);
} while_each_thread(p, t);
And again, there are only 3 users of this awkward helper left. It should
have been killed years ago and in fact I thought it had already been
killed. It uses while_each_thread() which needs some changes.
Link: https://lkml.kernel.org/r/20230817163708.GA8248@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: "Christian Brauner (Microsoft)" <brauner@kernel.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Jiri Slaby <jirislaby@kernel.org> # tty/serial
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-08-17 18:37:08 +02:00
|
|
|
for_each_process_thread(g, p) {
|
2009-03-29 19:00:13 -04:00
|
|
|
task_lock(p);
|
|
|
|
fs = p->fs;
|
|
|
|
if (fs) {
|
2012-03-15 14:48:55 -04:00
|
|
|
int hits = 0;
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock(&fs->lock);
|
2011-01-07 17:49:53 +11:00
|
|
|
write_seqcount_begin(&fs->seq);
|
2012-03-15 14:48:55 -04:00
|
|
|
hits += replace_path(&fs->root, old_root, new_root);
|
|
|
|
hits += replace_path(&fs->pwd, old_root, new_root);
|
|
|
|
write_seqcount_end(&fs->seq);
|
|
|
|
while (hits--) {
|
2009-03-29 19:00:13 -04:00
|
|
|
count++;
|
2012-06-09 00:59:08 -04:00
|
|
|
path_get(new_root);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_unlock(&fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
task_unlock(p);
|
kill do_each_thread()
Eric has pointed out that we still have 3 users of do_each_thread().
Change them to use for_each_process_thread() and kill this helper.
There is a subtle change, after do_each_thread/while_each_thread g == t ==
&init_task, while after for_each_process_thread() they both point to
nowhere, but this doesn't matter.
> Why is for_each_process_thread() better than do_each_thread()?
Say, for_each_process_thread() is rcu safe, do_each_thread() is not.
And certainly
for_each_process_thread(p, t) {
do_something(p, t);
}
looks better than
do_each_thread(p, t) {
do_something(p, t);
} while_each_thread(p, t);
And again, there are only 3 users of this awkward helper left. It should
have been killed years ago and in fact I thought it had already been
killed. It uses while_each_thread() which needs some changes.
Link: https://lkml.kernel.org/r/20230817163708.GA8248@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: "Christian Brauner (Microsoft)" <brauner@kernel.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Jiri Slaby <jirislaby@kernel.org> # tty/serial
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-08-17 18:37:08 +02:00
|
|
|
}
|
2009-03-29 19:00:13 -04:00
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
while (count--)
|
2012-06-09 00:59:08 -04:00
|
|
|
path_put(old_root);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
|
2009-03-30 07:20:30 -04:00
|
|
|
void free_fs_struct(struct fs_struct *fs)
|
2009-03-29 19:00:13 -04:00
|
|
|
{
|
2012-06-09 00:59:08 -04:00
|
|
|
path_put(&fs->root);
|
|
|
|
path_put(&fs->pwd);
|
2009-03-30 07:20:30 -04:00
|
|
|
kmem_cache_free(fs_cachep, fs);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
void exit_fs(struct task_struct *tsk)
|
|
|
|
{
|
2009-03-30 07:20:30 -04:00
|
|
|
struct fs_struct *fs = tsk->fs;
|
2009-03-29 19:00:13 -04:00
|
|
|
|
|
|
|
if (fs) {
|
2009-03-30 07:20:30 -04:00
|
|
|
int kill;
|
2009-03-29 19:00:13 -04:00
|
|
|
task_lock(tsk);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock(&fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
tsk->fs = NULL;
|
2009-03-30 07:20:30 -04:00
|
|
|
kill = !--fs->users;
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_unlock(&fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
task_unlock(tsk);
|
2009-03-30 07:20:30 -04:00
|
|
|
if (kill)
|
|
|
|
free_fs_struct(fs);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
struct fs_struct *copy_fs_struct(struct fs_struct *old)
|
|
|
|
{
|
|
|
|
struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
|
|
|
|
/* We don't need to lock fs - think why ;-) */
|
|
|
|
if (fs) {
|
2009-03-30 07:20:30 -04:00
|
|
|
fs->users = 1;
|
|
|
|
fs->in_exec = 0;
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock_init(&fs->lock);
|
2020-07-20 17:55:24 +02:00
|
|
|
seqcount_spinlock_init(&fs->seq, &fs->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
fs->umask = old->umask;
|
fs: scale mntget/mntput
The problem that this patch aims to fix is vfsmount refcounting scalability.
We need to take a reference on the vfsmount for every successful path lookup,
which often go to the same mount point.
The fundamental difficulty is that a "simple" reference count can never be made
scalable, because any time a reference is dropped, we must check whether that
was the last reference. To do that requires communication with all other CPUs
that may have taken a reference count.
We can make refcounts more scalable in a couple of ways, involving keeping
distributed counters, and checking for the global-zero condition less
frequently.
- check the global sum once every interval (this will delay zero detection
for some interval, so it's probably a showstopper for vfsmounts).
- keep a local count and only taking the global sum when local reaches 0 (this
is difficult for vfsmounts, because we can't hold preempt off for the life of
a reference, so a counter would need to be per-thread or tied strongly to a
particular CPU which requires more locking).
- keep a local difference of increments and decrements, which allows us to sum
the total difference and hence find the refcount when summing all CPUs. Then,
keep a single integer "long" refcount for slow and long lasting references,
and only take the global sum of local counters when the long refcount is 0.
This last scheme is what I implemented here. Attached mounts and process root
and working directory references are "long" references, and everything else is
a short reference.
This allows scalable vfsmount references during path walking over mounted
subtrees and unattached (lazy umounted) mounts with processes still running
in them.
This results in one fewer atomic op in the fastpath: mntget is now just a
per-CPU inc, rather than an atomic inc; and mntput just requires a spinlock
and non-atomic decrement in the common case. However code is otherwise bigger
and heavier, so single threaded performance is basically a wash.
Signed-off-by: Nick Piggin <npiggin@kernel.dk>
2011-01-07 17:50:11 +11:00
|
|
|
|
|
|
|
spin_lock(&old->lock);
|
|
|
|
fs->root = old->root;
|
2012-06-09 00:59:08 -04:00
|
|
|
path_get(&fs->root);
|
fs: scale mntget/mntput
The problem that this patch aims to fix is vfsmount refcounting scalability.
We need to take a reference on the vfsmount for every successful path lookup,
which often go to the same mount point.
The fundamental difficulty is that a "simple" reference count can never be made
scalable, because any time a reference is dropped, we must check whether that
was the last reference. To do that requires communication with all other CPUs
that may have taken a reference count.
We can make refcounts more scalable in a couple of ways, involving keeping
distributed counters, and checking for the global-zero condition less
frequently.
- check the global sum once every interval (this will delay zero detection
for some interval, so it's probably a showstopper for vfsmounts).
- keep a local count and only taking the global sum when local reaches 0 (this
is difficult for vfsmounts, because we can't hold preempt off for the life of
a reference, so a counter would need to be per-thread or tied strongly to a
particular CPU which requires more locking).
- keep a local difference of increments and decrements, which allows us to sum
the total difference and hence find the refcount when summing all CPUs. Then,
keep a single integer "long" refcount for slow and long lasting references,
and only take the global sum of local counters when the long refcount is 0.
This last scheme is what I implemented here. Attached mounts and process root
and working directory references are "long" references, and everything else is
a short reference.
This allows scalable vfsmount references during path walking over mounted
subtrees and unattached (lazy umounted) mounts with processes still running
in them.
This results in one fewer atomic op in the fastpath: mntget is now just a
per-CPU inc, rather than an atomic inc; and mntput just requires a spinlock
and non-atomic decrement in the common case. However code is otherwise bigger
and heavier, so single threaded performance is basically a wash.
Signed-off-by: Nick Piggin <npiggin@kernel.dk>
2011-01-07 17:50:11 +11:00
|
|
|
fs->pwd = old->pwd;
|
2012-06-09 00:59:08 -04:00
|
|
|
path_get(&fs->pwd);
|
fs: scale mntget/mntput
The problem that this patch aims to fix is vfsmount refcounting scalability.
We need to take a reference on the vfsmount for every successful path lookup,
which often go to the same mount point.
The fundamental difficulty is that a "simple" reference count can never be made
scalable, because any time a reference is dropped, we must check whether that
was the last reference. To do that requires communication with all other CPUs
that may have taken a reference count.
We can make refcounts more scalable in a couple of ways, involving keeping
distributed counters, and checking for the global-zero condition less
frequently.
- check the global sum once every interval (this will delay zero detection
for some interval, so it's probably a showstopper for vfsmounts).
- keep a local count and only taking the global sum when local reaches 0 (this
is difficult for vfsmounts, because we can't hold preempt off for the life of
a reference, so a counter would need to be per-thread or tied strongly to a
particular CPU which requires more locking).
- keep a local difference of increments and decrements, which allows us to sum
the total difference and hence find the refcount when summing all CPUs. Then,
keep a single integer "long" refcount for slow and long lasting references,
and only take the global sum of local counters when the long refcount is 0.
This last scheme is what I implemented here. Attached mounts and process root
and working directory references are "long" references, and everything else is
a short reference.
This allows scalable vfsmount references during path walking over mounted
subtrees and unattached (lazy umounted) mounts with processes still running
in them.
This results in one fewer atomic op in the fastpath: mntget is now just a
per-CPU inc, rather than an atomic inc; and mntput just requires a spinlock
and non-atomic decrement in the common case. However code is otherwise bigger
and heavier, so single threaded performance is basically a wash.
Signed-off-by: Nick Piggin <npiggin@kernel.dk>
2011-01-07 17:50:11 +11:00
|
|
|
spin_unlock(&old->lock);
|
2009-03-29 19:00:13 -04:00
|
|
|
}
|
|
|
|
return fs;
|
|
|
|
}
|
|
|
|
|
|
|
|
int unshare_fs_struct(void)
|
|
|
|
{
|
2009-03-30 07:20:30 -04:00
|
|
|
struct fs_struct *fs = current->fs;
|
|
|
|
struct fs_struct *new_fs = copy_fs_struct(fs);
|
|
|
|
int kill;
|
|
|
|
|
|
|
|
if (!new_fs)
|
2009-03-29 19:00:13 -04:00
|
|
|
return -ENOMEM;
|
2009-03-30 07:20:30 -04:00
|
|
|
|
|
|
|
task_lock(current);
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_lock(&fs->lock);
|
2009-03-30 07:20:30 -04:00
|
|
|
kill = !--fs->users;
|
|
|
|
current->fs = new_fs;
|
2010-08-18 04:37:33 +10:00
|
|
|
spin_unlock(&fs->lock);
|
2009-03-30 07:20:30 -04:00
|
|
|
task_unlock(current);
|
|
|
|
|
|
|
|
if (kill)
|
|
|
|
free_fs_struct(fs);
|
|
|
|
|
2009-03-29 19:00:13 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(unshare_fs_struct);
|
|
|
|
|
2009-03-29 19:08:22 -04:00
|
|
|
int current_umask(void)
|
|
|
|
{
|
|
|
|
return current->fs->umask;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(current_umask);
|
|
|
|
|
2009-03-29 19:00:13 -04:00
|
|
|
/* to be mentioned only in INIT_TASK */
|
|
|
|
struct fs_struct init_fs = {
|
2009-03-30 07:20:30 -04:00
|
|
|
.users = 1,
|
2010-08-18 04:37:33 +10:00
|
|
|
.lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
|
2020-07-20 17:55:24 +02:00
|
|
|
.seq = SEQCNT_SPINLOCK_ZERO(init_fs.seq, &init_fs.lock),
|
2009-03-29 19:00:13 -04:00
|
|
|
.umask = 0022,
|
|
|
|
};
|