1 // SPDX-License-Identifier: GPL-2.0-only 1 // SPDX-License-Identifier: GPL-2.0-only
2 /* 2 /*
3 * fs/eventfd.c 3 * fs/eventfd.c
4 * 4 *
5 * Copyright (C) 2007 Davide Libenzi <davide 5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
6 * 6 *
7 */ 7 */
8 8
9 #include <linux/file.h> 9 #include <linux/file.h>
10 #include <linux/poll.h> 10 #include <linux/poll.h>
11 #include <linux/init.h> 11 #include <linux/init.h>
12 #include <linux/fs.h> 12 #include <linux/fs.h>
13 #include <linux/sched/signal.h> 13 #include <linux/sched/signal.h>
14 #include <linux/kernel.h> 14 #include <linux/kernel.h>
15 #include <linux/slab.h> 15 #include <linux/slab.h>
16 #include <linux/list.h> 16 #include <linux/list.h>
17 #include <linux/spinlock.h> 17 #include <linux/spinlock.h>
18 #include <linux/anon_inodes.h> 18 #include <linux/anon_inodes.h>
19 #include <linux/syscalls.h> 19 #include <linux/syscalls.h>
20 #include <linux/export.h> 20 #include <linux/export.h>
21 #include <linux/kref.h> 21 #include <linux/kref.h>
22 #include <linux/eventfd.h> 22 #include <linux/eventfd.h>
23 #include <linux/proc_fs.h> 23 #include <linux/proc_fs.h>
24 #include <linux/seq_file.h> 24 #include <linux/seq_file.h>
25 #include <linux/idr.h> 25 #include <linux/idr.h>
26 #include <linux/uio.h> 26 #include <linux/uio.h>
27 27
28 static DEFINE_IDA(eventfd_ida); 28 static DEFINE_IDA(eventfd_ida);
29 29
30 struct eventfd_ctx { 30 struct eventfd_ctx {
31 struct kref kref; 31 struct kref kref;
32 wait_queue_head_t wqh; 32 wait_queue_head_t wqh;
33 /* 33 /*
34 * Every time that a write(2) is perfo 34 * Every time that a write(2) is performed on an eventfd, the
35 * value of the __u64 being written is 35 * value of the __u64 being written is added to "count" and a
36 * wakeup is performed on "wqh". If EF 36 * wakeup is performed on "wqh". If EFD_SEMAPHORE flag was not
37 * specified, a read(2) will return th 37 * specified, a read(2) will return the "count" value to userspace,
38 * and will reset "count" to zero. The 38 * and will reset "count" to zero. The kernel side eventfd_signal()
39 * also, adds to the "count" counter a 39 * also, adds to the "count" counter and issue a wakeup.
40 */ 40 */
41 __u64 count; 41 __u64 count;
42 unsigned int flags; 42 unsigned int flags;
43 int id; 43 int id;
44 }; 44 };
45 45
46 /** !! 46 __u64 eventfd_signal_mask(struct eventfd_ctx *ctx, __u64 n, __poll_t mask)
47 * eventfd_signal_mask - Increment the event c <<
48 * @ctx: [in] Pointer to the eventfd context. <<
49 * @mask: [in] poll mask <<
50 * <<
51 * This function is supposed to be called by t <<
52 * allow sleeping. In this function we allow t <<
53 * value, and we signal this as overflow condi <<
54 * to poll(2). <<
55 */ <<
56 void eventfd_signal_mask(struct eventfd_ctx *c <<
57 { 47 {
58 unsigned long flags; 48 unsigned long flags;
59 49
60 /* 50 /*
61 * Deadlock or stack overflow issues c 51 * Deadlock or stack overflow issues can happen if we recurse here
62 * through waitqueue wakeup handlers. 52 * through waitqueue wakeup handlers. If the caller users potentially
63 * nested waitqueues with custom wakeu 53 * nested waitqueues with custom wakeup handlers, then it should
64 * check eventfd_signal_allowed() befo 54 * check eventfd_signal_allowed() before calling this function. If
65 * it returns false, the eventfd_signa 55 * it returns false, the eventfd_signal() call should be deferred to a
66 * safe context. 56 * safe context.
67 */ 57 */
68 if (WARN_ON_ONCE(current->in_eventfd)) 58 if (WARN_ON_ONCE(current->in_eventfd))
69 return; !! 59 return 0;
70 60
71 spin_lock_irqsave(&ctx->wqh.lock, flag 61 spin_lock_irqsave(&ctx->wqh.lock, flags);
72 current->in_eventfd = 1; 62 current->in_eventfd = 1;
73 if (ctx->count < ULLONG_MAX) !! 63 if (ULLONG_MAX - ctx->count < n)
74 ctx->count++; !! 64 n = ULLONG_MAX - ctx->count;
>> 65 ctx->count += n;
75 if (waitqueue_active(&ctx->wqh)) 66 if (waitqueue_active(&ctx->wqh))
76 wake_up_locked_poll(&ctx->wqh, 67 wake_up_locked_poll(&ctx->wqh, EPOLLIN | mask);
77 current->in_eventfd = 0; 68 current->in_eventfd = 0;
78 spin_unlock_irqrestore(&ctx->wqh.lock, 69 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
>> 70
>> 71 return n;
>> 72 }
>> 73
>> 74 /**
>> 75 * eventfd_signal - Adds @n to the eventfd counter.
>> 76 * @ctx: [in] Pointer to the eventfd context.
>> 77 * @n: [in] Value of the counter to be added to the eventfd internal counter.
>> 78 * The value cannot be negative.
>> 79 *
>> 80 * This function is supposed to be called by the kernel in paths that do not
>> 81 * allow sleeping. In this function we allow the counter to reach the ULLONG_MAX
>> 82 * value, and we signal this as overflow condition by returning a EPOLLERR
>> 83 * to poll(2).
>> 84 *
>> 85 * Returns the amount by which the counter was incremented. This will be less
>> 86 * than @n if the counter has overflowed.
>> 87 */
>> 88 __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n)
>> 89 {
>> 90 return eventfd_signal_mask(ctx, n, 0);
79 } 91 }
80 EXPORT_SYMBOL_GPL(eventfd_signal_mask); !! 92 EXPORT_SYMBOL_GPL(eventfd_signal);
81 93
82 static void eventfd_free_ctx(struct eventfd_ct 94 static void eventfd_free_ctx(struct eventfd_ctx *ctx)
83 { 95 {
84 if (ctx->id >= 0) 96 if (ctx->id >= 0)
85 ida_free(&eventfd_ida, ctx->id !! 97 ida_simple_remove(&eventfd_ida, ctx->id);
86 kfree(ctx); 98 kfree(ctx);
87 } 99 }
88 100
89 static void eventfd_free(struct kref *kref) 101 static void eventfd_free(struct kref *kref)
90 { 102 {
91 struct eventfd_ctx *ctx = container_of 103 struct eventfd_ctx *ctx = container_of(kref, struct eventfd_ctx, kref);
92 104
93 eventfd_free_ctx(ctx); 105 eventfd_free_ctx(ctx);
94 } 106 }
95 107
96 /** 108 /**
97 * eventfd_ctx_put - Releases a reference to t 109 * eventfd_ctx_put - Releases a reference to the internal eventfd context.
98 * @ctx: [in] Pointer to eventfd context. 110 * @ctx: [in] Pointer to eventfd context.
99 * 111 *
100 * The eventfd context reference must have bee 112 * The eventfd context reference must have been previously acquired either
101 * with eventfd_ctx_fdget() or eventfd_ctx_fil 113 * with eventfd_ctx_fdget() or eventfd_ctx_fileget().
102 */ 114 */
103 void eventfd_ctx_put(struct eventfd_ctx *ctx) 115 void eventfd_ctx_put(struct eventfd_ctx *ctx)
104 { 116 {
105 kref_put(&ctx->kref, eventfd_free); 117 kref_put(&ctx->kref, eventfd_free);
106 } 118 }
107 EXPORT_SYMBOL_GPL(eventfd_ctx_put); 119 EXPORT_SYMBOL_GPL(eventfd_ctx_put);
108 120
109 static int eventfd_release(struct inode *inode 121 static int eventfd_release(struct inode *inode, struct file *file)
110 { 122 {
111 struct eventfd_ctx *ctx = file->privat 123 struct eventfd_ctx *ctx = file->private_data;
112 124
113 wake_up_poll(&ctx->wqh, EPOLLHUP); 125 wake_up_poll(&ctx->wqh, EPOLLHUP);
114 eventfd_ctx_put(ctx); 126 eventfd_ctx_put(ctx);
115 return 0; 127 return 0;
116 } 128 }
117 129
118 static __poll_t eventfd_poll(struct file *file 130 static __poll_t eventfd_poll(struct file *file, poll_table *wait)
119 { 131 {
120 struct eventfd_ctx *ctx = file->privat 132 struct eventfd_ctx *ctx = file->private_data;
121 __poll_t events = 0; 133 __poll_t events = 0;
122 u64 count; 134 u64 count;
123 135
124 poll_wait(file, &ctx->wqh, wait); 136 poll_wait(file, &ctx->wqh, wait);
125 137
126 /* 138 /*
127 * All writes to ctx->count occur with 139 * All writes to ctx->count occur within ctx->wqh.lock. This read
128 * can be done outside ctx->wqh.lock b 140 * can be done outside ctx->wqh.lock because we know that poll_wait
129 * takes that lock (through add_wait_q 141 * takes that lock (through add_wait_queue) if our caller will sleep.
130 * 142 *
131 * The read _can_ therefore seep into 143 * The read _can_ therefore seep into add_wait_queue's critical
132 * section, but cannot move above it! 144 * section, but cannot move above it! add_wait_queue's spin_lock acts
133 * as an acquire barrier and ensures t 145 * as an acquire barrier and ensures that the read be ordered properly
134 * against the writes. The following 146 * against the writes. The following CAN happen and is safe:
135 * 147 *
136 * poll 148 * poll write
137 * ----------------- 149 * ----------------- ------------
138 * lock ctx->wqh.lock (in poll_wai 150 * lock ctx->wqh.lock (in poll_wait)
139 * count = ctx->count 151 * count = ctx->count
140 * __add_wait_queue 152 * __add_wait_queue
141 * unlock ctx->wqh.lock 153 * unlock ctx->wqh.lock
142 * 154 * lock ctx->qwh.lock
143 * 155 * ctx->count += n
144 * 156 * if (waitqueue_active)
145 * 157 * wake_up_locked_poll
146 * 158 * unlock ctx->qwh.lock
147 * eventfd_poll returns 0 159 * eventfd_poll returns 0
148 * 160 *
149 * but the following, which would miss 161 * but the following, which would miss a wakeup, cannot happen:
150 * 162 *
151 * poll 163 * poll write
152 * ----------------- 164 * ----------------- ------------
153 * count = ctx->count (INVALID!) 165 * count = ctx->count (INVALID!)
154 * 166 * lock ctx->qwh.lock
155 * 167 * ctx->count += n
156 * 168 * **waitqueue_active is false**
157 * 169 * **no wake_up_locked_poll!**
158 * 170 * unlock ctx->qwh.lock
159 * lock ctx->wqh.lock (in poll_wai 171 * lock ctx->wqh.lock (in poll_wait)
160 * __add_wait_queue 172 * __add_wait_queue
161 * unlock ctx->wqh.lock 173 * unlock ctx->wqh.lock
162 * eventfd_poll returns 0 174 * eventfd_poll returns 0
163 */ 175 */
164 count = READ_ONCE(ctx->count); 176 count = READ_ONCE(ctx->count);
165 177
166 if (count > 0) 178 if (count > 0)
167 events |= EPOLLIN; 179 events |= EPOLLIN;
168 if (count == ULLONG_MAX) 180 if (count == ULLONG_MAX)
169 events |= EPOLLERR; 181 events |= EPOLLERR;
170 if (ULLONG_MAX - 1 > count) 182 if (ULLONG_MAX - 1 > count)
171 events |= EPOLLOUT; 183 events |= EPOLLOUT;
172 184
173 return events; 185 return events;
174 } 186 }
175 187
176 void eventfd_ctx_do_read(struct eventfd_ctx *c 188 void eventfd_ctx_do_read(struct eventfd_ctx *ctx, __u64 *cnt)
177 { 189 {
178 lockdep_assert_held(&ctx->wqh.lock); 190 lockdep_assert_held(&ctx->wqh.lock);
179 191
180 *cnt = ((ctx->flags & EFD_SEMAPHORE) & 192 *cnt = ((ctx->flags & EFD_SEMAPHORE) && ctx->count) ? 1 : ctx->count;
181 ctx->count -= *cnt; 193 ctx->count -= *cnt;
182 } 194 }
183 EXPORT_SYMBOL_GPL(eventfd_ctx_do_read); 195 EXPORT_SYMBOL_GPL(eventfd_ctx_do_read);
184 196
185 /** 197 /**
186 * eventfd_ctx_remove_wait_queue - Read the cu 198 * eventfd_ctx_remove_wait_queue - Read the current counter and removes wait queue.
187 * @ctx: [in] Pointer to eventfd context. 199 * @ctx: [in] Pointer to eventfd context.
188 * @wait: [in] Wait queue to be removed. 200 * @wait: [in] Wait queue to be removed.
189 * @cnt: [out] Pointer to the 64-bit counter v 201 * @cnt: [out] Pointer to the 64-bit counter value.
190 * 202 *
191 * Returns %0 if successful, or the following 203 * Returns %0 if successful, or the following error codes:
192 * 204 *
193 * -EAGAIN : The operation would have blo 205 * -EAGAIN : The operation would have blocked.
194 * 206 *
195 * This is used to atomically remove a wait qu 207 * This is used to atomically remove a wait queue entry from the eventfd wait
196 * queue head, and read/reset the counter valu 208 * queue head, and read/reset the counter value.
197 */ 209 */
198 int eventfd_ctx_remove_wait_queue(struct event 210 int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait,
199 __u64 *cnt) 211 __u64 *cnt)
200 { 212 {
201 unsigned long flags; 213 unsigned long flags;
202 214
203 spin_lock_irqsave(&ctx->wqh.lock, flag 215 spin_lock_irqsave(&ctx->wqh.lock, flags);
204 eventfd_ctx_do_read(ctx, cnt); 216 eventfd_ctx_do_read(ctx, cnt);
205 __remove_wait_queue(&ctx->wqh, wait); 217 __remove_wait_queue(&ctx->wqh, wait);
206 if (*cnt != 0 && waitqueue_active(&ctx 218 if (*cnt != 0 && waitqueue_active(&ctx->wqh))
207 wake_up_locked_poll(&ctx->wqh, 219 wake_up_locked_poll(&ctx->wqh, EPOLLOUT);
208 spin_unlock_irqrestore(&ctx->wqh.lock, 220 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
209 221
210 return *cnt != 0 ? 0 : -EAGAIN; 222 return *cnt != 0 ? 0 : -EAGAIN;
211 } 223 }
212 EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queu 224 EXPORT_SYMBOL_GPL(eventfd_ctx_remove_wait_queue);
213 225
214 static ssize_t eventfd_read(struct kiocb *iocb 226 static ssize_t eventfd_read(struct kiocb *iocb, struct iov_iter *to)
215 { 227 {
216 struct file *file = iocb->ki_filp; 228 struct file *file = iocb->ki_filp;
217 struct eventfd_ctx *ctx = file->privat 229 struct eventfd_ctx *ctx = file->private_data;
218 __u64 ucnt = 0; 230 __u64 ucnt = 0;
219 231
220 if (iov_iter_count(to) < sizeof(ucnt)) 232 if (iov_iter_count(to) < sizeof(ucnt))
221 return -EINVAL; 233 return -EINVAL;
222 spin_lock_irq(&ctx->wqh.lock); 234 spin_lock_irq(&ctx->wqh.lock);
223 if (!ctx->count) { 235 if (!ctx->count) {
224 if ((file->f_flags & O_NONBLOC 236 if ((file->f_flags & O_NONBLOCK) ||
225 (iocb->ki_flags & IOCB_NOW 237 (iocb->ki_flags & IOCB_NOWAIT)) {
226 spin_unlock_irq(&ctx-> 238 spin_unlock_irq(&ctx->wqh.lock);
227 return -EAGAIN; 239 return -EAGAIN;
228 } 240 }
229 241
230 if (wait_event_interruptible_l 242 if (wait_event_interruptible_locked_irq(ctx->wqh, ctx->count)) {
231 spin_unlock_irq(&ctx-> 243 spin_unlock_irq(&ctx->wqh.lock);
232 return -ERESTARTSYS; 244 return -ERESTARTSYS;
233 } 245 }
234 } 246 }
235 eventfd_ctx_do_read(ctx, &ucnt); 247 eventfd_ctx_do_read(ctx, &ucnt);
236 current->in_eventfd = 1; 248 current->in_eventfd = 1;
237 if (waitqueue_active(&ctx->wqh)) 249 if (waitqueue_active(&ctx->wqh))
238 wake_up_locked_poll(&ctx->wqh, 250 wake_up_locked_poll(&ctx->wqh, EPOLLOUT);
239 current->in_eventfd = 0; 251 current->in_eventfd = 0;
240 spin_unlock_irq(&ctx->wqh.lock); 252 spin_unlock_irq(&ctx->wqh.lock);
241 if (unlikely(copy_to_iter(&ucnt, sizeo 253 if (unlikely(copy_to_iter(&ucnt, sizeof(ucnt), to) != sizeof(ucnt)))
242 return -EFAULT; 254 return -EFAULT;
243 255
244 return sizeof(ucnt); 256 return sizeof(ucnt);
245 } 257 }
246 258
247 static ssize_t eventfd_write(struct file *file 259 static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t count,
248 loff_t *ppos) 260 loff_t *ppos)
249 { 261 {
250 struct eventfd_ctx *ctx = file->privat 262 struct eventfd_ctx *ctx = file->private_data;
251 ssize_t res; 263 ssize_t res;
252 __u64 ucnt; 264 __u64 ucnt;
253 265
254 if (count != sizeof(ucnt)) !! 266 if (count < sizeof(ucnt))
255 return -EINVAL; 267 return -EINVAL;
256 if (copy_from_user(&ucnt, buf, sizeof( 268 if (copy_from_user(&ucnt, buf, sizeof(ucnt)))
257 return -EFAULT; 269 return -EFAULT;
258 if (ucnt == ULLONG_MAX) 270 if (ucnt == ULLONG_MAX)
259 return -EINVAL; 271 return -EINVAL;
260 spin_lock_irq(&ctx->wqh.lock); 272 spin_lock_irq(&ctx->wqh.lock);
261 res = -EAGAIN; 273 res = -EAGAIN;
262 if (ULLONG_MAX - ctx->count > ucnt) 274 if (ULLONG_MAX - ctx->count > ucnt)
263 res = sizeof(ucnt); 275 res = sizeof(ucnt);
264 else if (!(file->f_flags & O_NONBLOCK) 276 else if (!(file->f_flags & O_NONBLOCK)) {
265 res = wait_event_interruptible 277 res = wait_event_interruptible_locked_irq(ctx->wqh,
266 ULLONG_MAX - c 278 ULLONG_MAX - ctx->count > ucnt);
267 if (!res) 279 if (!res)
268 res = sizeof(ucnt); 280 res = sizeof(ucnt);
269 } 281 }
270 if (likely(res > 0)) { 282 if (likely(res > 0)) {
271 ctx->count += ucnt; 283 ctx->count += ucnt;
272 current->in_eventfd = 1; 284 current->in_eventfd = 1;
273 if (waitqueue_active(&ctx->wqh 285 if (waitqueue_active(&ctx->wqh))
274 wake_up_locked_poll(&c 286 wake_up_locked_poll(&ctx->wqh, EPOLLIN);
275 current->in_eventfd = 0; 287 current->in_eventfd = 0;
276 } 288 }
277 spin_unlock_irq(&ctx->wqh.lock); 289 spin_unlock_irq(&ctx->wqh.lock);
278 290
279 return res; 291 return res;
280 } 292 }
281 293
282 #ifdef CONFIG_PROC_FS 294 #ifdef CONFIG_PROC_FS
283 static void eventfd_show_fdinfo(struct seq_fil 295 static void eventfd_show_fdinfo(struct seq_file *m, struct file *f)
284 { 296 {
285 struct eventfd_ctx *ctx = f->private_d 297 struct eventfd_ctx *ctx = f->private_data;
286 __u64 cnt; <<
287 298
288 spin_lock_irq(&ctx->wqh.lock); 299 spin_lock_irq(&ctx->wqh.lock);
289 cnt = ctx->count; !! 300 seq_printf(m, "eventfd-count: %16llx\n",
>> 301 (unsigned long long)ctx->count);
290 spin_unlock_irq(&ctx->wqh.lock); 302 spin_unlock_irq(&ctx->wqh.lock);
291 !! 303 seq_printf(m, "eventfd-id: %d\n", ctx->id);
292 seq_printf(m, !! 304 seq_printf(m, "eventfd-semaphore: %d\n",
293 "eventfd-count: %16llx\n" <<
294 "eventfd-id: %d\n" <<
295 "eventfd-semaphore: %d\n", <<
296 cnt, <<
297 ctx->id, <<
298 !!(ctx->flags & EFD_SEMAPHO 305 !!(ctx->flags & EFD_SEMAPHORE));
299 } 306 }
300 #endif 307 #endif
301 308
302 static const struct file_operations eventfd_fo 309 static const struct file_operations eventfd_fops = {
303 #ifdef CONFIG_PROC_FS 310 #ifdef CONFIG_PROC_FS
304 .show_fdinfo = eventfd_show_fdinfo, 311 .show_fdinfo = eventfd_show_fdinfo,
305 #endif 312 #endif
306 .release = eventfd_release, 313 .release = eventfd_release,
307 .poll = eventfd_poll, 314 .poll = eventfd_poll,
308 .read_iter = eventfd_read, 315 .read_iter = eventfd_read,
309 .write = eventfd_write, 316 .write = eventfd_write,
310 .llseek = noop_llseek, 317 .llseek = noop_llseek,
311 }; 318 };
312 319
313 /** 320 /**
314 * eventfd_fget - Acquire a reference of an ev 321 * eventfd_fget - Acquire a reference of an eventfd file descriptor.
315 * @fd: [in] Eventfd file descriptor. 322 * @fd: [in] Eventfd file descriptor.
316 * 323 *
317 * Returns a pointer to the eventfd file struc 324 * Returns a pointer to the eventfd file structure in case of success, or the
318 * following error pointer: 325 * following error pointer:
319 * 326 *
320 * -EBADF : Invalid @fd file descriptor. 327 * -EBADF : Invalid @fd file descriptor.
321 * -EINVAL : The @fd file descriptor is not 328 * -EINVAL : The @fd file descriptor is not an eventfd file.
322 */ 329 */
323 struct file *eventfd_fget(int fd) 330 struct file *eventfd_fget(int fd)
324 { 331 {
325 struct file *file; 332 struct file *file;
326 333
327 file = fget(fd); 334 file = fget(fd);
328 if (!file) 335 if (!file)
329 return ERR_PTR(-EBADF); 336 return ERR_PTR(-EBADF);
330 if (file->f_op != &eventfd_fops) { 337 if (file->f_op != &eventfd_fops) {
331 fput(file); 338 fput(file);
332 return ERR_PTR(-EINVAL); 339 return ERR_PTR(-EINVAL);
333 } 340 }
334 341
335 return file; 342 return file;
336 } 343 }
337 EXPORT_SYMBOL_GPL(eventfd_fget); 344 EXPORT_SYMBOL_GPL(eventfd_fget);
338 345
339 /** 346 /**
340 * eventfd_ctx_fdget - Acquires a reference to 347 * eventfd_ctx_fdget - Acquires a reference to the internal eventfd context.
341 * @fd: [in] Eventfd file descriptor. 348 * @fd: [in] Eventfd file descriptor.
342 * 349 *
343 * Returns a pointer to the internal eventfd c 350 * Returns a pointer to the internal eventfd context, otherwise the error
344 * pointers returned by the following function 351 * pointers returned by the following functions:
345 * 352 *
346 * eventfd_fget 353 * eventfd_fget
347 */ 354 */
348 struct eventfd_ctx *eventfd_ctx_fdget(int fd) 355 struct eventfd_ctx *eventfd_ctx_fdget(int fd)
349 { 356 {
350 struct eventfd_ctx *ctx; 357 struct eventfd_ctx *ctx;
351 struct fd f = fdget(fd); 358 struct fd f = fdget(fd);
352 if (!f.file) 359 if (!f.file)
353 return ERR_PTR(-EBADF); 360 return ERR_PTR(-EBADF);
354 ctx = eventfd_ctx_fileget(f.file); 361 ctx = eventfd_ctx_fileget(f.file);
355 fdput(f); 362 fdput(f);
356 return ctx; 363 return ctx;
357 } 364 }
358 EXPORT_SYMBOL_GPL(eventfd_ctx_fdget); 365 EXPORT_SYMBOL_GPL(eventfd_ctx_fdget);
359 366
360 /** 367 /**
361 * eventfd_ctx_fileget - Acquires a reference 368 * eventfd_ctx_fileget - Acquires a reference to the internal eventfd context.
362 * @file: [in] Eventfd file pointer. 369 * @file: [in] Eventfd file pointer.
363 * 370 *
364 * Returns a pointer to the internal eventfd c 371 * Returns a pointer to the internal eventfd context, otherwise the error
365 * pointer: 372 * pointer:
366 * 373 *
367 * -EINVAL : The @fd file descriptor is not 374 * -EINVAL : The @fd file descriptor is not an eventfd file.
368 */ 375 */
369 struct eventfd_ctx *eventfd_ctx_fileget(struct 376 struct eventfd_ctx *eventfd_ctx_fileget(struct file *file)
370 { 377 {
371 struct eventfd_ctx *ctx; 378 struct eventfd_ctx *ctx;
372 379
373 if (file->f_op != &eventfd_fops) 380 if (file->f_op != &eventfd_fops)
374 return ERR_PTR(-EINVAL); 381 return ERR_PTR(-EINVAL);
375 382
376 ctx = file->private_data; 383 ctx = file->private_data;
377 kref_get(&ctx->kref); 384 kref_get(&ctx->kref);
378 return ctx; 385 return ctx;
379 } 386 }
380 EXPORT_SYMBOL_GPL(eventfd_ctx_fileget); 387 EXPORT_SYMBOL_GPL(eventfd_ctx_fileget);
381 388
382 static int do_eventfd(unsigned int count, int 389 static int do_eventfd(unsigned int count, int flags)
383 { 390 {
384 struct eventfd_ctx *ctx; 391 struct eventfd_ctx *ctx;
385 struct file *file; 392 struct file *file;
386 int fd; 393 int fd;
387 394
388 /* Check the EFD_* constants for consi 395 /* Check the EFD_* constants for consistency. */
389 BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC) 396 BUILD_BUG_ON(EFD_CLOEXEC != O_CLOEXEC);
390 BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOC 397 BUILD_BUG_ON(EFD_NONBLOCK != O_NONBLOCK);
391 BUILD_BUG_ON(EFD_SEMAPHORE != (1 << 0) <<
392 398
393 if (flags & ~EFD_FLAGS_SET) 399 if (flags & ~EFD_FLAGS_SET)
394 return -EINVAL; 400 return -EINVAL;
395 401
396 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL 402 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
397 if (!ctx) 403 if (!ctx)
398 return -ENOMEM; 404 return -ENOMEM;
399 405
400 kref_init(&ctx->kref); 406 kref_init(&ctx->kref);
401 init_waitqueue_head(&ctx->wqh); 407 init_waitqueue_head(&ctx->wqh);
402 ctx->count = count; 408 ctx->count = count;
403 ctx->flags = flags; 409 ctx->flags = flags;
404 ctx->id = ida_alloc(&eventfd_ida, GFP_ !! 410 ctx->id = ida_simple_get(&eventfd_ida, 0, 0, GFP_KERNEL);
405 411
406 flags &= EFD_SHARED_FCNTL_FLAGS; 412 flags &= EFD_SHARED_FCNTL_FLAGS;
407 flags |= O_RDWR; 413 flags |= O_RDWR;
408 fd = get_unused_fd_flags(flags); 414 fd = get_unused_fd_flags(flags);
409 if (fd < 0) 415 if (fd < 0)
410 goto err; 416 goto err;
411 417
412 file = anon_inode_getfile("[eventfd]", 418 file = anon_inode_getfile("[eventfd]", &eventfd_fops, ctx, flags);
413 if (IS_ERR(file)) { 419 if (IS_ERR(file)) {
414 put_unused_fd(fd); 420 put_unused_fd(fd);
415 fd = PTR_ERR(file); 421 fd = PTR_ERR(file);
416 goto err; 422 goto err;
417 } 423 }
418 424
419 file->f_mode |= FMODE_NOWAIT; 425 file->f_mode |= FMODE_NOWAIT;
420 fd_install(fd, file); 426 fd_install(fd, file);
421 return fd; 427 return fd;
422 err: 428 err:
423 eventfd_free_ctx(ctx); 429 eventfd_free_ctx(ctx);
424 return fd; 430 return fd;
425 } 431 }
426 432
427 SYSCALL_DEFINE2(eventfd2, unsigned int, count, 433 SYSCALL_DEFINE2(eventfd2, unsigned int, count, int, flags)
428 { 434 {
429 return do_eventfd(count, flags); 435 return do_eventfd(count, flags);
430 } 436 }
431 437
432 SYSCALL_DEFINE1(eventfd, unsigned int, count) 438 SYSCALL_DEFINE1(eventfd, unsigned int, count)
433 { 439 {
434 return do_eventfd(count, 0); 440 return do_eventfd(count, 0);
435 } 441 }
436 442
437 443
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.