1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/compiler_types.h> 4 #include <linux/errno.h> 5 #include <linux/fs.h> 6 #include <linux/fsnotify.h> 7 #include <linux/gfp.h> 8 #include <linux/idr.h> 9 #include <linux/init.h> 10 #include <linux/ipc_namespace.h> 11 #include <linux/kdev_t.h> 12 #include <linux/kernel.h> 13 #include <linux/list.h> 14 #include <linux/namei.h> 15 #include <linux/magic.h> 16 #include <linux/major.h> 17 #include <linux/miscdevice.h> 18 #include <linux/module.h> 19 #include <linux/mutex.h> 20 #include <linux/mount.h> 21 #include <linux/fs_parser.h> 22 #include <linux/sched.h> 23 #include <linux/seq_file.h> 24 #include <linux/slab.h> 25 #include <linux/spinlock_types.h> 26 #include <linux/stddef.h> 27 #include <linux/string.h> 28 #include <linux/types.h> 29 #include <linux/uaccess.h> 30 #include <linux/user_namespace.h> 31 #include <linux/xarray.h> 32 #include <uapi/asm-generic/errno-base.h> 33 #include <uapi/linux/android/binder.h> 34 #include <uapi/linux/android/binderfs.h> 35 36 #include "rust_binder.h" 37 #include "rust_binder_internal.h" 38 39 #define FIRST_INODE 1 40 #define SECOND_INODE 2 41 #define INODE_OFFSET 3 42 #define BINDERFS_MAX_MINOR (1U << MINORBITS) 43 /* Ensure that the initial ipc namespace always has devices available. */ 44 #define BINDERFS_MAX_MINOR_CAPPED (BINDERFS_MAX_MINOR - 4) 45 46 DEFINE_SHOW_ATTRIBUTE(rust_binder_stats); 47 DEFINE_SHOW_ATTRIBUTE(rust_binder_state); 48 DEFINE_SHOW_ATTRIBUTE(rust_binder_transactions); 49 DEFINE_SHOW_ATTRIBUTE(rust_binder_proc); 50 51 char *rust_binder_devices_param = CONFIG_ANDROID_BINDER_DEVICES; 52 module_param_named(rust_devices, rust_binder_devices_param, charp, 0444); 53 54 static dev_t binderfs_dev; 55 static DEFINE_MUTEX(binderfs_minors_mutex); 56 static DEFINE_IDA(binderfs_minors); 57 58 enum binderfs_param { 59 Opt_max, 60 Opt_stats_mode, 61 }; 62 63 enum binderfs_stats_mode { 64 binderfs_stats_mode_unset, 65 binderfs_stats_mode_global, 66 }; 67 68 struct binder_features { 69 bool oneway_spam_detection; 70 bool extended_error; 71 bool freeze_notification; 72 }; 73 74 static const struct constant_table binderfs_param_stats[] = { 75 { "global", binderfs_stats_mode_global }, 76 {} 77 }; 78 79 static const struct fs_parameter_spec binderfs_fs_parameters[] = { 80 fsparam_u32("max", Opt_max), 81 fsparam_enum("stats", Opt_stats_mode, binderfs_param_stats), 82 {} 83 }; 84 85 static struct binder_features binder_features = { 86 .oneway_spam_detection = true, 87 .extended_error = true, 88 .freeze_notification = true, 89 }; 90 91 static inline struct binderfs_info *BINDERFS_SB(const struct super_block *sb) 92 { 93 return sb->s_fs_info; 94 } 95 96 /** 97 * binderfs_binder_device_create - allocate inode from super block of a 98 * binderfs mount 99 * @ref_inode: inode from wich the super block will be taken 100 * @userp: buffer to copy information about new device for userspace to 101 * @req: struct binderfs_device as copied from userspace 102 * 103 * This function allocates a new binder_device and reserves a new minor 104 * number for it. 105 * Minor numbers are limited and tracked globally in binderfs_minors. The 106 * function will stash a struct binder_device for the specific binder 107 * device in i_private of the inode. 108 * It will go on to allocate a new inode from the super block of the 109 * filesystem mount, stash a struct binder_device in its i_private field 110 * and attach a dentry to that inode. 111 * 112 * Return: 0 on success, negative errno on failure 113 */ 114 static int binderfs_binder_device_create(struct inode *ref_inode, 115 struct binderfs_device __user *userp, 116 struct binderfs_device *req) 117 { 118 int minor, ret; 119 struct dentry *dentry, *root; 120 struct binder_device *device = NULL; 121 rust_binder_context ctx = NULL; 122 struct inode *inode = NULL; 123 struct super_block *sb = ref_inode->i_sb; 124 struct binderfs_info *info = sb->s_fs_info; 125 #if defined(CONFIG_IPC_NS) 126 bool use_reserve = (info->ipc_ns == &init_ipc_ns); 127 #else 128 bool use_reserve = true; 129 #endif 130 131 /* Reserve new minor number for the new device. */ 132 mutex_lock(&binderfs_minors_mutex); 133 if (++info->device_count <= info->mount_opts.max) 134 minor = ida_alloc_max(&binderfs_minors, 135 use_reserve ? BINDERFS_MAX_MINOR : 136 BINDERFS_MAX_MINOR_CAPPED, 137 GFP_KERNEL); 138 else 139 minor = -ENOSPC; 140 if (minor < 0) { 141 --info->device_count; 142 mutex_unlock(&binderfs_minors_mutex); 143 return minor; 144 } 145 mutex_unlock(&binderfs_minors_mutex); 146 147 ret = -ENOMEM; 148 device = kzalloc(sizeof(*device), GFP_KERNEL); 149 if (!device) 150 goto err; 151 152 req->name[BINDERFS_MAX_NAME] = '\0'; /* NUL-terminate */ 153 154 ctx = rust_binder_new_context(req->name); 155 if (!ctx) 156 goto err; 157 158 inode = new_inode(sb); 159 if (!inode) 160 goto err; 161 162 inode->i_ino = minor + INODE_OFFSET; 163 simple_inode_init_ts(inode); 164 init_special_inode(inode, S_IFCHR | 0600, 165 MKDEV(MAJOR(binderfs_dev), minor)); 166 inode->i_fop = &rust_binder_fops; 167 inode->i_uid = info->root_uid; 168 inode->i_gid = info->root_gid; 169 170 req->major = MAJOR(binderfs_dev); 171 req->minor = minor; 172 device->ctx = ctx; 173 device->minor = minor; 174 175 if (userp && copy_to_user(userp, req, sizeof(*req))) { 176 ret = -EFAULT; 177 goto err; 178 } 179 180 root = sb->s_root; 181 inode_lock(d_inode(root)); 182 183 /* look it up */ 184 dentry = lookup_noperm(&QSTR(req->name), root); 185 if (IS_ERR(dentry)) { 186 inode_unlock(d_inode(root)); 187 ret = PTR_ERR(dentry); 188 goto err; 189 } 190 191 if (d_really_is_positive(dentry)) { 192 /* already exists */ 193 dput(dentry); 194 inode_unlock(d_inode(root)); 195 ret = -EEXIST; 196 goto err; 197 } 198 199 inode->i_private = device; 200 d_instantiate(dentry, inode); 201 fsnotify_create(root->d_inode, dentry); 202 inode_unlock(d_inode(root)); 203 204 return 0; 205 206 err: 207 kfree(device); 208 rust_binder_remove_context(ctx); 209 mutex_lock(&binderfs_minors_mutex); 210 --info->device_count; 211 ida_free(&binderfs_minors, minor); 212 mutex_unlock(&binderfs_minors_mutex); 213 iput(inode); 214 215 return ret; 216 } 217 218 /** 219 * binder_ctl_ioctl - handle binder device node allocation requests 220 * 221 * The request handler for the binder-control device. All requests operate on 222 * the binderfs mount the binder-control device resides in: 223 * - BINDER_CTL_ADD 224 * Allocate a new binder device. 225 * 226 * Return: %0 on success, negative errno on failure. 227 */ 228 static long binder_ctl_ioctl(struct file *file, unsigned int cmd, 229 unsigned long arg) 230 { 231 int ret = -EINVAL; 232 struct inode *inode = file_inode(file); 233 struct binderfs_device __user *device = (struct binderfs_device __user *)arg; 234 struct binderfs_device device_req; 235 236 switch (cmd) { 237 case BINDER_CTL_ADD: 238 ret = copy_from_user(&device_req, device, sizeof(device_req)); 239 if (ret) { 240 ret = -EFAULT; 241 break; 242 } 243 244 ret = binderfs_binder_device_create(inode, device, &device_req); 245 break; 246 default: 247 break; 248 } 249 250 return ret; 251 } 252 253 static void binderfs_evict_inode(struct inode *inode) 254 { 255 struct binder_device *device = inode->i_private; 256 struct binderfs_info *info = BINDERFS_SB(inode->i_sb); 257 258 clear_inode(inode); 259 260 if (!S_ISCHR(inode->i_mode) || !device) 261 return; 262 263 mutex_lock(&binderfs_minors_mutex); 264 --info->device_count; 265 ida_free(&binderfs_minors, device->minor); 266 mutex_unlock(&binderfs_minors_mutex); 267 268 /* ctx is null for binder-control, but this function ignores null pointers */ 269 rust_binder_remove_context(device->ctx); 270 271 kfree(device); 272 } 273 274 static int binderfs_fs_context_parse_param(struct fs_context *fc, 275 struct fs_parameter *param) 276 { 277 int opt; 278 struct binderfs_mount_opts *ctx = fc->fs_private; 279 struct fs_parse_result result; 280 281 opt = fs_parse(fc, binderfs_fs_parameters, param, &result); 282 if (opt < 0) 283 return opt; 284 285 switch (opt) { 286 case Opt_max: 287 if (result.uint_32 > BINDERFS_MAX_MINOR) 288 return invalfc(fc, "Bad value for '%s'", param->key); 289 290 ctx->max = result.uint_32; 291 break; 292 case Opt_stats_mode: 293 if (!capable(CAP_SYS_ADMIN)) 294 return -EPERM; 295 296 ctx->stats_mode = result.uint_32; 297 break; 298 default: 299 return invalfc(fc, "Unsupported parameter '%s'", param->key); 300 } 301 302 return 0; 303 } 304 305 static int binderfs_fs_context_reconfigure(struct fs_context *fc) 306 { 307 struct binderfs_mount_opts *ctx = fc->fs_private; 308 struct binderfs_info *info = BINDERFS_SB(fc->root->d_sb); 309 310 if (info->mount_opts.stats_mode != ctx->stats_mode) 311 return invalfc(fc, "Binderfs stats mode cannot be changed during a remount"); 312 313 info->mount_opts.stats_mode = ctx->stats_mode; 314 info->mount_opts.max = ctx->max; 315 return 0; 316 } 317 318 static int binderfs_show_options(struct seq_file *seq, struct dentry *root) 319 { 320 struct binderfs_info *info = BINDERFS_SB(root->d_sb); 321 322 if (info->mount_opts.max <= BINDERFS_MAX_MINOR) 323 seq_printf(seq, ",max=%d", info->mount_opts.max); 324 325 switch (info->mount_opts.stats_mode) { 326 case binderfs_stats_mode_unset: 327 break; 328 case binderfs_stats_mode_global: 329 seq_puts(seq, ",stats=global"); 330 break; 331 } 332 333 return 0; 334 } 335 336 static const struct super_operations binderfs_super_ops = { 337 .evict_inode = binderfs_evict_inode, 338 .show_options = binderfs_show_options, 339 .statfs = simple_statfs, 340 }; 341 342 static inline bool is_binderfs_control_device(const struct dentry *dentry) 343 { 344 struct binderfs_info *info = dentry->d_sb->s_fs_info; 345 346 return info->control_dentry == dentry; 347 } 348 349 static int binderfs_rename(struct mnt_idmap *idmap, 350 struct inode *old_dir, struct dentry *old_dentry, 351 struct inode *new_dir, struct dentry *new_dentry, 352 unsigned int flags) 353 { 354 if (is_binderfs_control_device(old_dentry) || 355 is_binderfs_control_device(new_dentry)) 356 return -EPERM; 357 358 return simple_rename(idmap, old_dir, old_dentry, new_dir, 359 new_dentry, flags); 360 } 361 362 static int binderfs_unlink(struct inode *dir, struct dentry *dentry) 363 { 364 if (is_binderfs_control_device(dentry)) 365 return -EPERM; 366 367 return simple_unlink(dir, dentry); 368 } 369 370 static const struct file_operations binder_ctl_fops = { 371 .owner = THIS_MODULE, 372 .open = nonseekable_open, 373 .unlocked_ioctl = binder_ctl_ioctl, 374 .compat_ioctl = binder_ctl_ioctl, 375 .llseek = noop_llseek, 376 }; 377 378 /** 379 * binderfs_binder_ctl_create - create a new binder-control device 380 * @sb: super block of the binderfs mount 381 * 382 * This function creates a new binder-control device node in the binderfs mount 383 * referred to by @sb. 384 * 385 * Return: 0 on success, negative errno on failure 386 */ 387 static int binderfs_binder_ctl_create(struct super_block *sb) 388 { 389 int minor, ret; 390 struct dentry *dentry; 391 struct binder_device *device; 392 struct inode *inode = NULL; 393 struct dentry *root = sb->s_root; 394 struct binderfs_info *info = sb->s_fs_info; 395 #if defined(CONFIG_IPC_NS) 396 bool use_reserve = (info->ipc_ns == &init_ipc_ns); 397 #else 398 bool use_reserve = true; 399 #endif 400 401 device = kzalloc(sizeof(*device), GFP_KERNEL); 402 if (!device) 403 return -ENOMEM; 404 405 /* If we have already created a binder-control node, return. */ 406 if (info->control_dentry) { 407 ret = 0; 408 goto out; 409 } 410 411 ret = -ENOMEM; 412 inode = new_inode(sb); 413 if (!inode) 414 goto out; 415 416 /* Reserve a new minor number for the new device. */ 417 mutex_lock(&binderfs_minors_mutex); 418 minor = ida_alloc_max(&binderfs_minors, 419 use_reserve ? BINDERFS_MAX_MINOR : 420 BINDERFS_MAX_MINOR_CAPPED, 421 GFP_KERNEL); 422 mutex_unlock(&binderfs_minors_mutex); 423 if (minor < 0) { 424 ret = minor; 425 goto out; 426 } 427 428 inode->i_ino = SECOND_INODE; 429 simple_inode_init_ts(inode); 430 init_special_inode(inode, S_IFCHR | 0600, 431 MKDEV(MAJOR(binderfs_dev), minor)); 432 inode->i_fop = &binder_ctl_fops; 433 inode->i_uid = info->root_uid; 434 inode->i_gid = info->root_gid; 435 436 device->minor = minor; 437 device->ctx = NULL; 438 439 dentry = d_alloc_name(root, "binder-control"); 440 if (!dentry) 441 goto out; 442 443 inode->i_private = device; 444 info->control_dentry = dentry; 445 d_add(dentry, inode); 446 447 return 0; 448 449 out: 450 kfree(device); 451 iput(inode); 452 453 return ret; 454 } 455 456 static const struct inode_operations binderfs_dir_inode_operations = { 457 .lookup = simple_lookup, 458 .rename = binderfs_rename, 459 .unlink = binderfs_unlink, 460 }; 461 462 static struct inode *binderfs_make_inode(struct super_block *sb, int mode) 463 { 464 struct inode *ret; 465 466 ret = new_inode(sb); 467 if (ret) { 468 ret->i_ino = iunique(sb, BINDERFS_MAX_MINOR + INODE_OFFSET); 469 ret->i_mode = mode; 470 simple_inode_init_ts(ret); 471 } 472 return ret; 473 } 474 475 static struct dentry *binderfs_create_dentry(struct dentry *parent, 476 const char *name) 477 { 478 struct dentry *dentry; 479 480 dentry = lookup_noperm(&QSTR(name), parent); 481 if (IS_ERR(dentry)) 482 return dentry; 483 484 /* Return error if the file/dir already exists. */ 485 if (d_really_is_positive(dentry)) { 486 dput(dentry); 487 return ERR_PTR(-EEXIST); 488 } 489 490 return dentry; 491 } 492 493 void rust_binderfs_remove_file(struct dentry *dentry) 494 { 495 struct inode *parent_inode; 496 497 parent_inode = d_inode(dentry->d_parent); 498 inode_lock(parent_inode); 499 if (simple_positive(dentry)) { 500 dget(dentry); 501 simple_unlink(parent_inode, dentry); 502 d_delete(dentry); 503 dput(dentry); 504 } 505 inode_unlock(parent_inode); 506 } 507 508 static struct dentry *rust_binderfs_create_file(struct dentry *parent, const char *name, 509 const struct file_operations *fops, 510 void *data) 511 { 512 struct dentry *dentry; 513 struct inode *new_inode, *parent_inode; 514 struct super_block *sb; 515 516 parent_inode = d_inode(parent); 517 inode_lock(parent_inode); 518 519 dentry = binderfs_create_dentry(parent, name); 520 if (IS_ERR(dentry)) 521 goto out; 522 523 sb = parent_inode->i_sb; 524 new_inode = binderfs_make_inode(sb, S_IFREG | 0444); 525 if (!new_inode) { 526 dput(dentry); 527 dentry = ERR_PTR(-ENOMEM); 528 goto out; 529 } 530 531 new_inode->i_fop = fops; 532 new_inode->i_private = data; 533 d_instantiate(dentry, new_inode); 534 fsnotify_create(parent_inode, dentry); 535 536 out: 537 inode_unlock(parent_inode); 538 return dentry; 539 } 540 541 struct dentry *rust_binderfs_create_proc_file(struct inode *nodp, int pid) 542 { 543 struct binderfs_info *info = nodp->i_sb->s_fs_info; 544 struct dentry *dir = info->proc_log_dir; 545 char strbuf[20 + 1]; 546 void *data = (void *)(unsigned long) pid; 547 548 if (!dir) 549 return NULL; 550 551 snprintf(strbuf, sizeof(strbuf), "%u", pid); 552 return rust_binderfs_create_file(dir, strbuf, &rust_binder_proc_fops, data); 553 } 554 555 static struct dentry *binderfs_create_dir(struct dentry *parent, 556 const char *name) 557 { 558 struct dentry *dentry; 559 struct inode *new_inode, *parent_inode; 560 struct super_block *sb; 561 562 parent_inode = d_inode(parent); 563 inode_lock(parent_inode); 564 565 dentry = binderfs_create_dentry(parent, name); 566 if (IS_ERR(dentry)) 567 goto out; 568 569 sb = parent_inode->i_sb; 570 new_inode = binderfs_make_inode(sb, S_IFDIR | 0755); 571 if (!new_inode) { 572 dput(dentry); 573 dentry = ERR_PTR(-ENOMEM); 574 goto out; 575 } 576 577 new_inode->i_fop = &simple_dir_operations; 578 new_inode->i_op = &simple_dir_inode_operations; 579 580 set_nlink(new_inode, 2); 581 d_instantiate(dentry, new_inode); 582 inc_nlink(parent_inode); 583 fsnotify_mkdir(parent_inode, dentry); 584 585 out: 586 inode_unlock(parent_inode); 587 return dentry; 588 } 589 590 static int binder_features_show(struct seq_file *m, void *unused) 591 { 592 bool *feature = m->private; 593 594 seq_printf(m, "%d\n", *feature); 595 596 return 0; 597 } 598 DEFINE_SHOW_ATTRIBUTE(binder_features); 599 600 static int init_binder_features(struct super_block *sb) 601 { 602 struct dentry *dentry, *dir; 603 604 dir = binderfs_create_dir(sb->s_root, "features"); 605 if (IS_ERR(dir)) 606 return PTR_ERR(dir); 607 608 dentry = rust_binderfs_create_file(dir, "oneway_spam_detection", 609 &binder_features_fops, 610 &binder_features.oneway_spam_detection); 611 if (IS_ERR(dentry)) 612 return PTR_ERR(dentry); 613 614 dentry = rust_binderfs_create_file(dir, "extended_error", 615 &binder_features_fops, 616 &binder_features.extended_error); 617 if (IS_ERR(dentry)) 618 return PTR_ERR(dentry); 619 620 dentry = rust_binderfs_create_file(dir, "freeze_notification", 621 &binder_features_fops, 622 &binder_features.freeze_notification); 623 if (IS_ERR(dentry)) 624 return PTR_ERR(dentry); 625 626 return 0; 627 } 628 629 static int init_binder_logs(struct super_block *sb) 630 { 631 struct dentry *binder_logs_root_dir, *dentry, *proc_log_dir; 632 struct binderfs_info *info; 633 int ret = 0; 634 635 binder_logs_root_dir = binderfs_create_dir(sb->s_root, 636 "binder_logs"); 637 if (IS_ERR(binder_logs_root_dir)) { 638 ret = PTR_ERR(binder_logs_root_dir); 639 goto out; 640 } 641 642 dentry = rust_binderfs_create_file(binder_logs_root_dir, "stats", 643 &rust_binder_stats_fops, NULL); 644 if (IS_ERR(dentry)) { 645 ret = PTR_ERR(dentry); 646 goto out; 647 } 648 649 dentry = rust_binderfs_create_file(binder_logs_root_dir, "state", 650 &rust_binder_state_fops, NULL); 651 if (IS_ERR(dentry)) { 652 ret = PTR_ERR(dentry); 653 goto out; 654 } 655 656 dentry = rust_binderfs_create_file(binder_logs_root_dir, "transactions", 657 &rust_binder_transactions_fops, NULL); 658 if (IS_ERR(dentry)) { 659 ret = PTR_ERR(dentry); 660 goto out; 661 } 662 663 proc_log_dir = binderfs_create_dir(binder_logs_root_dir, "proc"); 664 if (IS_ERR(proc_log_dir)) { 665 ret = PTR_ERR(proc_log_dir); 666 goto out; 667 } 668 info = sb->s_fs_info; 669 info->proc_log_dir = proc_log_dir; 670 671 out: 672 return ret; 673 } 674 675 static int binderfs_fill_super(struct super_block *sb, struct fs_context *fc) 676 { 677 int ret; 678 struct binderfs_info *info; 679 struct binderfs_mount_opts *ctx = fc->fs_private; 680 struct inode *inode = NULL; 681 struct binderfs_device device_info = {}; 682 const char *name; 683 size_t len; 684 685 sb->s_blocksize = PAGE_SIZE; 686 sb->s_blocksize_bits = PAGE_SHIFT; 687 688 /* 689 * The binderfs filesystem can be mounted by userns root in a 690 * non-initial userns. By default such mounts have the SB_I_NODEV flag 691 * set in s_iflags to prevent security issues where userns root can 692 * just create random device nodes via mknod() since it owns the 693 * filesystem mount. But binderfs does not allow to create any files 694 * including devices nodes. The only way to create binder devices nodes 695 * is through the binder-control device which userns root is explicitly 696 * allowed to do. So removing the SB_I_NODEV flag from s_iflags is both 697 * necessary and safe. 698 */ 699 sb->s_iflags &= ~SB_I_NODEV; 700 sb->s_iflags |= SB_I_NOEXEC; 701 sb->s_magic = RUST_BINDERFS_SUPER_MAGIC; 702 sb->s_op = &binderfs_super_ops; 703 sb->s_time_gran = 1; 704 705 sb->s_fs_info = kzalloc(sizeof(struct binderfs_info), GFP_KERNEL); 706 if (!sb->s_fs_info) 707 return -ENOMEM; 708 info = sb->s_fs_info; 709 710 info->ipc_ns = get_ipc_ns(current->nsproxy->ipc_ns); 711 712 info->root_gid = make_kgid(sb->s_user_ns, 0); 713 if (!gid_valid(info->root_gid)) 714 info->root_gid = GLOBAL_ROOT_GID; 715 info->root_uid = make_kuid(sb->s_user_ns, 0); 716 if (!uid_valid(info->root_uid)) 717 info->root_uid = GLOBAL_ROOT_UID; 718 info->mount_opts.max = ctx->max; 719 info->mount_opts.stats_mode = ctx->stats_mode; 720 721 inode = new_inode(sb); 722 if (!inode) 723 return -ENOMEM; 724 725 inode->i_ino = FIRST_INODE; 726 inode->i_fop = &simple_dir_operations; 727 inode->i_mode = S_IFDIR | 0755; 728 simple_inode_init_ts(inode); 729 inode->i_op = &binderfs_dir_inode_operations; 730 set_nlink(inode, 2); 731 732 sb->s_root = d_make_root(inode); 733 if (!sb->s_root) 734 return -ENOMEM; 735 736 ret = binderfs_binder_ctl_create(sb); 737 if (ret) 738 return ret; 739 740 name = rust_binder_devices_param; 741 for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) { 742 strscpy(device_info.name, name, len + 1); 743 ret = binderfs_binder_device_create(inode, NULL, &device_info); 744 if (ret) 745 return ret; 746 name += len; 747 if (*name == ',') 748 name++; 749 } 750 751 ret = init_binder_features(sb); 752 if (ret) 753 return ret; 754 755 if (info->mount_opts.stats_mode == binderfs_stats_mode_global) 756 return init_binder_logs(sb); 757 758 return 0; 759 } 760 761 static int binderfs_fs_context_get_tree(struct fs_context *fc) 762 { 763 return get_tree_nodev(fc, binderfs_fill_super); 764 } 765 766 static void binderfs_fs_context_free(struct fs_context *fc) 767 { 768 struct binderfs_mount_opts *ctx = fc->fs_private; 769 770 kfree(ctx); 771 } 772 773 static const struct fs_context_operations binderfs_fs_context_ops = { 774 .free = binderfs_fs_context_free, 775 .get_tree = binderfs_fs_context_get_tree, 776 .parse_param = binderfs_fs_context_parse_param, 777 .reconfigure = binderfs_fs_context_reconfigure, 778 }; 779 780 static int binderfs_init_fs_context(struct fs_context *fc) 781 { 782 struct binderfs_mount_opts *ctx; 783 784 ctx = kzalloc(sizeof(struct binderfs_mount_opts), GFP_KERNEL); 785 if (!ctx) 786 return -ENOMEM; 787 788 ctx->max = BINDERFS_MAX_MINOR; 789 ctx->stats_mode = binderfs_stats_mode_unset; 790 791 fc->fs_private = ctx; 792 fc->ops = &binderfs_fs_context_ops; 793 794 return 0; 795 } 796 797 static void binderfs_kill_super(struct super_block *sb) 798 { 799 struct binderfs_info *info = sb->s_fs_info; 800 801 /* 802 * During inode eviction struct binderfs_info is needed. 803 * So first wipe the super_block then free struct binderfs_info. 804 */ 805 kill_litter_super(sb); 806 807 if (info && info->ipc_ns) 808 put_ipc_ns(info->ipc_ns); 809 810 kfree(info); 811 } 812 813 static struct file_system_type binder_fs_type = { 814 .name = "binder", 815 .init_fs_context = binderfs_init_fs_context, 816 .parameters = binderfs_fs_parameters, 817 .kill_sb = binderfs_kill_super, 818 .fs_flags = FS_USERNS_MOUNT, 819 }; 820 821 int init_rust_binderfs(void) 822 { 823 int ret; 824 const char *name; 825 size_t len; 826 827 /* Verify that the default binderfs device names are valid. */ 828 name = rust_binder_devices_param; 829 for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) { 830 if (len > BINDERFS_MAX_NAME) 831 return -E2BIG; 832 name += len; 833 if (*name == ',') 834 name++; 835 } 836 837 /* Allocate new major number for binderfs. */ 838 ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR, 839 "rust_binder"); 840 if (ret) 841 return ret; 842 843 ret = register_filesystem(&binder_fs_type); 844 if (ret) { 845 unregister_chrdev_region(binderfs_dev, BINDERFS_MAX_MINOR); 846 return ret; 847 } 848 849 return ret; 850 } 851