Descriptor handling cleanups

-----BEGIN PGP SIGNATURE-----
 
 iHQEABYIAB0WIQQqUNBr3gm4hGXdBJlZ7Krx/gZQ6wUCYpwEZAAKCRBZ7Krx/gZQ
 691uAP0QnwO0lOYOa41MfQ6QnzPbiYcffqtUuTJBWyfs8+WnugD2NNGQP7Zjtin9
 q0wcv2KA6yY7qgu7RCCbxU/7J0YdCg==
 =ywuh
 -----END PGP SIGNATURE-----

Merge tag 'pull-18-rc1-work.fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull file descriptor updates from Al Viro.

 - Descriptor handling cleanups

* tag 'pull-18-rc1-work.fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  Unify the primitives for file descriptor closing
  fs: remove fget_many and fput_many interface
  io_uring_enter(): don't leave f.flags uninitialized
This commit is contained in:
Linus Torvalds 2022-06-04 18:52:00 -07:00
commit dbe0ee4661
8 changed files with 55 additions and 94 deletions

View File

@ -1884,7 +1884,7 @@ static void binder_deferred_fd_close(int fd)
if (!twcb)
return;
init_task_work(&twcb->twork, binder_do_fd_close);
close_fd_get_file(fd, &twcb->file);
twcb->file = close_fd_get_file(fd);
if (twcb->file) {
filp_close(twcb->file, current->files);
task_work_add(current, &twcb->twork, TWA_RESUME);

110
fs/file.c
View File

@ -630,32 +630,23 @@ EXPORT_SYMBOL(fd_install);
* @files: file struct to retrieve file from
* @fd: file descriptor to retrieve file for
*
* If this functions returns an EINVAL error pointer the fd was beyond the
* current maximum number of file descriptors for that fdtable.
* Context: files_lock must be held.
*
* Returns: The file associated with @fd, on error returns an error pointer.
* Returns: The file associated with @fd (NULL if @fd is not open)
*/
static struct file *pick_file(struct files_struct *files, unsigned fd)
{
struct fdtable *fdt = files_fdtable(files);
struct file *file;
struct fdtable *fdt;
spin_lock(&files->file_lock);
fdt = files_fdtable(files);
if (fd >= fdt->max_fds) {
file = ERR_PTR(-EINVAL);
goto out_unlock;
}
if (fd >= fdt->max_fds)
return NULL;
file = fdt->fd[fd];
if (!file) {
file = ERR_PTR(-EBADF);
goto out_unlock;
if (file) {
rcu_assign_pointer(fdt->fd[fd], NULL);
__put_unused_fd(files, fd);
}
rcu_assign_pointer(fdt->fd[fd], NULL);
__put_unused_fd(files, fd);
out_unlock:
spin_unlock(&files->file_lock);
return file;
}
@ -664,8 +655,10 @@ int close_fd(unsigned fd)
struct files_struct *files = current->files;
struct file *file;
spin_lock(&files->file_lock);
file = pick_file(files, fd);
if (IS_ERR(file))
spin_unlock(&files->file_lock);
if (!file)
return -EBADF;
return filp_close(file, files);
@ -702,20 +695,25 @@ static inline void __range_cloexec(struct files_struct *cur_fds,
static inline void __range_close(struct files_struct *cur_fds, unsigned int fd,
unsigned int max_fd)
{
unsigned n;
rcu_read_lock();
n = last_fd(files_fdtable(cur_fds));
rcu_read_unlock();
max_fd = min(max_fd, n);
while (fd <= max_fd) {
struct file *file;
spin_lock(&cur_fds->file_lock);
file = pick_file(cur_fds, fd++);
if (!IS_ERR(file)) {
spin_unlock(&cur_fds->file_lock);
if (file) {
/* found a valid file to close */
filp_close(file, cur_fds);
cond_resched();
continue;
}
/* beyond the last fd in that table */
if (PTR_ERR(file) == -EINVAL)
return;
}
}
@ -795,26 +793,9 @@ int __close_range(unsigned fd, unsigned max_fd, unsigned int flags)
* See close_fd_get_file() below, this variant assumes current->files->file_lock
* is held.
*/
int __close_fd_get_file(unsigned int fd, struct file **res)
struct file *__close_fd_get_file(unsigned int fd)
{
struct files_struct *files = current->files;
struct file *file;
struct fdtable *fdt;
fdt = files_fdtable(files);
if (fd >= fdt->max_fds)
goto out_err;
file = fdt->fd[fd];
if (!file)
goto out_err;
rcu_assign_pointer(fdt->fd[fd], NULL);
__put_unused_fd(files, fd);
get_file(file);
*res = file;
return 0;
out_err:
*res = NULL;
return -ENOENT;
return pick_file(current->files, fd);
}
/*
@ -822,16 +803,16 @@ int __close_fd_get_file(unsigned int fd, struct file **res)
* The caller must ensure that filp_close() called on the file, and then
* an fput().
*/
int close_fd_get_file(unsigned int fd, struct file **res)
struct file *close_fd_get_file(unsigned int fd)
{
struct files_struct *files = current->files;
int ret;
struct file *file;
spin_lock(&files->file_lock);
ret = __close_fd_get_file(fd, res);
file = pick_file(files, fd);
spin_unlock(&files->file_lock);
return ret;
return file;
}
void do_close_on_exec(struct files_struct *files)
@ -871,7 +852,7 @@ void do_close_on_exec(struct files_struct *files)
}
static inline struct file *__fget_files_rcu(struct files_struct *files,
unsigned int fd, fmode_t mask, unsigned int refs)
unsigned int fd, fmode_t mask)
{
for (;;) {
struct file *file;
@ -897,10 +878,9 @@ static inline struct file *__fget_files_rcu(struct files_struct *files,
* Such a race can take two forms:
*
* (a) the file ref already went down to zero,
* and get_file_rcu_many() fails. Just try
* again:
* and get_file_rcu() fails. Just try again:
*/
if (unlikely(!get_file_rcu_many(file, refs)))
if (unlikely(!get_file_rcu(file)))
continue;
/*
@ -909,11 +889,11 @@ static inline struct file *__fget_files_rcu(struct files_struct *files,
* pointer having changed, because it always goes
* hand-in-hand with 'fdt'.
*
* If so, we need to put our refs and try again.
* If so, we need to put our ref and try again.
*/
if (unlikely(rcu_dereference_raw(files->fdt) != fdt) ||
unlikely(rcu_dereference_raw(*fdentry) != file)) {
fput_many(file, refs);
fput(file);
continue;
}
@ -926,37 +906,31 @@ static inline struct file *__fget_files_rcu(struct files_struct *files,
}
static struct file *__fget_files(struct files_struct *files, unsigned int fd,
fmode_t mask, unsigned int refs)
fmode_t mask)
{
struct file *file;
rcu_read_lock();
file = __fget_files_rcu(files, fd, mask, refs);
file = __fget_files_rcu(files, fd, mask);
rcu_read_unlock();
return file;
}
static inline struct file *__fget(unsigned int fd, fmode_t mask,
unsigned int refs)
static inline struct file *__fget(unsigned int fd, fmode_t mask)
{
return __fget_files(current->files, fd, mask, refs);
}
struct file *fget_many(unsigned int fd, unsigned int refs)
{
return __fget(fd, FMODE_PATH, refs);
return __fget_files(current->files, fd, mask);
}
struct file *fget(unsigned int fd)
{
return __fget(fd, FMODE_PATH, 1);
return __fget(fd, FMODE_PATH);
}
EXPORT_SYMBOL(fget);
struct file *fget_raw(unsigned int fd)
{
return __fget(fd, 0, 1);
return __fget(fd, 0);
}
EXPORT_SYMBOL(fget_raw);
@ -966,7 +940,7 @@ struct file *fget_task(struct task_struct *task, unsigned int fd)
task_lock(task);
if (task->files)
file = __fget_files(task->files, fd, 0, 1);
file = __fget_files(task->files, fd, 0);
task_unlock(task);
return file;
@ -1035,7 +1009,7 @@ static unsigned long __fget_light(unsigned int fd, fmode_t mask)
return 0;
return (unsigned long)file;
} else {
file = __fget(fd, mask, 1);
file = __fget(fd, mask);
if (!file)
return 0;
return FDPUT_FPUT | (unsigned long)file;

View File

@ -368,9 +368,9 @@ EXPORT_SYMBOL_GPL(flush_delayed_fput);
static DECLARE_DELAYED_WORK(delayed_fput_work, delayed_fput);
void fput_many(struct file *file, unsigned int refs)
void fput(struct file *file)
{
if (atomic_long_sub_and_test(refs, &file->f_count)) {
if (atomic_long_dec_and_test(&file->f_count)) {
struct task_struct *task = current;
if (likely(!in_interrupt() && !(task->flags & PF_KTHREAD))) {
@ -389,11 +389,6 @@ void fput_many(struct file *file, unsigned int refs)
}
}
void fput(struct file *file)
{
fput_many(file, 1);
}
/*
* synchronous analog of fput(); for kernel threads that might be needed
* in some umount() (and thus can't use flush_delayed_fput() without

View File

@ -125,7 +125,7 @@ extern struct file *do_file_open_root(const struct path *,
const char *, const struct open_flags *);
extern struct open_how build_open_how(int flags, umode_t mode);
extern int build_open_flags(const struct open_how *how, struct open_flags *op);
extern int __close_fd_get_file(unsigned int fd, struct file **res);
extern struct file *__close_fd_get_file(unsigned int fd);
long do_sys_ftruncate(unsigned int fd, loff_t length, int small);
int chmod_common(const struct path *path, umode_t mode);

View File

@ -6039,13 +6039,10 @@ static int io_close(struct io_kiocb *req, unsigned int issue_flags)
return -EAGAIN;
}
ret = __close_fd_get_file(close->fd, &file);
file = __close_fd_get_file(close->fd);
spin_unlock(&files->file_lock);
if (ret < 0) {
if (ret == -ENOENT)
ret = -EBADF;
if (!file)
goto err;
}
/* No ->flush() or already async, safely close from here */
ret = filp_close(file, current->files);
@ -12053,14 +12050,14 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
return -EINVAL;
fd = array_index_nospec(fd, IO_RINGFD_REG_MAX);
f.file = tctx->registered_rings[fd];
if (unlikely(!f.file))
return -EBADF;
f.flags = 0;
} else {
f = fdget(fd);
if (unlikely(!f.file))
return -EBADF;
}
if (unlikely(!f.file))
return -EBADF;
ret = -EOPNOTSUPP;
if (unlikely(f.file->f_op != &io_uring_fops))
goto out_fput;
@ -12158,8 +12155,7 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
out:
percpu_ref_put(&ctx->refs);
out_fput:
if (!(flags & IORING_ENTER_REGISTERED_RING))
fdput(f);
fdput(f);
return ret;
}

View File

@ -125,7 +125,7 @@ int iterate_fd(struct files_struct *, unsigned,
extern int close_fd(unsigned int fd);
extern int __close_range(unsigned int fd, unsigned int max_fd, unsigned int flags);
extern int close_fd_get_file(unsigned int fd, struct file **res);
extern struct file *close_fd_get_file(unsigned int fd);
extern int unshare_fd(unsigned long unshare_flags, unsigned int max_fds,
struct files_struct **new_fdp);

View File

@ -14,7 +14,6 @@
struct file;
extern void fput(struct file *);
extern void fput_many(struct file *, unsigned int);
struct file_operations;
struct task_struct;
@ -47,7 +46,6 @@ static inline void fdput(struct fd fd)
}
extern struct file *fget(unsigned int fd);
extern struct file *fget_many(unsigned int fd, unsigned int refs);
extern struct file *fget_raw(unsigned int fd);
extern struct file *fget_task(struct task_struct *task, unsigned int fd);
extern unsigned long __fdget(unsigned int fd);

View File

@ -974,9 +974,7 @@ static inline struct file *get_file(struct file *f)
atomic_long_inc(&f->f_count);
return f;
}
#define get_file_rcu_many(x, cnt) \
atomic_long_add_unless(&(x)->f_count, (cnt), 0)
#define get_file_rcu(x) get_file_rcu_many((x), 1)
#define get_file_rcu(x) atomic_long_inc_not_zero(&(x)->f_count)
#define file_count(x) atomic_long_read(&(x)->f_count)
#define MAX_NON_LFS ((1UL<<31) - 1)