lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230524063933.2339105-1-aloktiagi@gmail.com>
Date:   Wed, 24 May 2023 06:39:32 +0000
From:   aloktiagi <aloktiagi@...il.com>
To:     viro@...iv.linux.org.uk, willy@...radead.org, brauner@...nel.org,
        David.Laight@...LAB.COM, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     keescook@...omium.org, hch@...radead.org, tycho@...ho.pizza,
        aloktiagi@...il.com
Subject: [RFC v7 1/2] epoll: Implement eventpoll_replace_file()

Introduce a mechanism to replace a file linked in the epoll interface with a new
file.

eventpoll_replace() finds all instances of the file to be replaced and replaces
them with the new file and the interested events.

Signed-off-by: aloktiagi <aloktiagi@...il.com>
---
Changes in v7:
  - address review comments on incorrect use of spin_lock.
  - cleanup comments and simplify them.

Changes in v6:
  - incorporate latest changes that get rid of the global epmutex lock.

Changes in v5:
  - address review comments and move the call to replace old file in each
    subsystem (epoll, io_uring, etc.) outside the fdtable helpers like
    replace_fd().

Changes in v4:
  - address review comment to remove the redundant eventpoll_replace() function.
  - removed an extra empty line introduced in include/linux/file.h

Changes in v3:
  - address review comment and iterate over the file table while holding the
    spin_lock(&files->file_lock).
  - address review comment and call filp_close() outside the
    spin_lock(&files->file_lock).
---
 fs/eventpoll.c            | 75 +++++++++++++++++++++++++++++++++++++++
 include/linux/eventpoll.h |  2 ++
 2 files changed, 77 insertions(+)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 980483455cc0..60c14b549918 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -973,6 +973,81 @@ void eventpoll_release_file(struct file *file)
 	spin_unlock(&file->f_lock);
 }
 
+static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
+			struct file *tfile, int fd, int full_check);
+
+/*
+ * Replace a linked file in the epoll interface with a new file
+ */
+int eventpoll_replace_file(struct file *toreplace, struct file *file, int tfd)
+{
+	struct file *to_remove = toreplace;
+	struct epoll_event event;
+	struct hlist_node *next;
+	struct eventpoll *ep;
+	struct epitem *epi;
+	int error = 0;
+	bool dispose;
+	int fd;
+
+	if (!file_can_poll(file))
+		return 0;
+
+	spin_lock(&toreplace->f_lock);
+	hlist_for_each_entry_safe(epi, next, toreplace->f_ep, fllink) {
+		fd = epi->ffd.fd;
+		event = epi->event;
+		if (fd != tfd) {
+			spin_unlock(&toreplace->f_lock);
+			goto install;
+		}
+		ep = epi->ep;
+		ep_get(ep);
+		spin_unlock(&toreplace->f_lock);
+
+		mutex_lock(&ep->mtx);
+		error = ep_insert(ep, &event, file, fd, 1);
+		mutex_unlock(&ep->mtx);
+		if (error != 0)
+			goto error;
+		WARN_ON_ONCE(ep_refcount_dec_and_test(ep));
+install:
+		spin_lock(&toreplace->f_lock);
+	}
+	spin_unlock(&toreplace->f_lock);
+error:
+	/*
+	 * In case of an error remove all instances of the new file in the epoll
+	 * interface. If no error, remove all instances of the original file.
+	 */
+	if (error != 0)
+		to_remove = file;
+
+remove:
+	spin_lock(&to_remove->f_lock);
+	if (to_remove->f_ep && to_remove->f_ep->first) {
+		epi = hlist_entry(to_remove->f_ep->first, struct epitem, fllink);
+		fd = epi->ffd.fd;
+		if (fd != tfd) {
+			spin_unlock(&to_remove->f_lock);
+			goto remove;
+		}
+		epi->dying = true;
+		spin_unlock(&to_remove->f_lock);
+
+		ep = epi->ep;
+		mutex_lock(&ep->mtx);
+		dispose = __ep_remove(ep, epi, true);
+		mutex_unlock(&ep->mtx);
+
+		if (dispose)
+			ep_free(ep);
+		goto remove;
+	}
+	spin_unlock(&to_remove->f_lock);
+	return error;
+}
+
 static int ep_alloc(struct eventpoll **pep)
 {
 	int error;
diff --git a/include/linux/eventpoll.h b/include/linux/eventpoll.h
index 3337745d81bd..f8d52c45a37a 100644
--- a/include/linux/eventpoll.h
+++ b/include/linux/eventpoll.h
@@ -25,6 +25,8 @@ struct file *get_epoll_tfile_raw_ptr(struct file *file, int tfd, unsigned long t
 /* Used to release the epoll bits inside the "struct file" */
 void eventpoll_release_file(struct file *file);
 
+int eventpoll_replace_file(struct file *toreplace, struct file *file, int tfd);
+
 /*
  * This is called from inside fs/file_table.c:__fput() to unlink files
  * from the eventpoll interface. We need to have this facility to cleanup
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ