xref: /linux/fs/configfs/dir.c (revision 7d32e779eb9add47bfdb4731c4d4ff443a7f7fa6)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * dir.c - Operations for configfs directories.
4  *
5  * Based on sysfs:
6  * 	sysfs is Copyright (C) 2001, 2002, 2003 Patrick Mochel
7  *
8  * configfs Copyright (C) 2005 Oracle.  All rights reserved.
9  */
10 
11 #undef DEBUG
12 
13 #include <linux/fs.h>
14 #include <linux/fsnotify.h>
15 #include <linux/mount.h>
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/err.h>
19 
20 #include <linux/configfs.h>
21 #include "configfs_internal.h"
22 
23 /*
24  * Protects mutations of configfs_dirent linkage together with proper i_mutex
25  * Also protects mutations of symlinks linkage to target configfs_dirent
26  * Mutators of configfs_dirent linkage must *both* have the proper inode locked
27  * and configfs_dirent_lock locked, in that order.
28  * This allows one to safely traverse configfs_dirent trees and symlinks without
29  * having to lock inodes.
30  *
31  * Protects setting of CONFIGFS_USET_DROPPING: checking the flag
32  * unlocked is not reliable unless in detach_groups() called from
33  * rmdir()/unregister() and from configfs_attach_group()
34  */
35 DEFINE_SPINLOCK(configfs_dirent_lock);
36 
37 /*
38  * All of link_obj/unlink_obj/link_group/unlink_group require that
39  * subsys->su_mutex is held.
40  * But parent configfs_subsystem is NULL when config_item is root.
41  * Use this mutex when config_item is root.
42  */
43 static DEFINE_MUTEX(configfs_subsystem_mutex);
44 
45 static void configfs_d_iput(struct dentry * dentry,
46 			    struct inode * inode)
47 {
48 	struct configfs_dirent *sd = dentry->d_fsdata;
49 
50 	if (sd) {
51 		/* Coordinate with configfs_readdir */
52 		spin_lock(&configfs_dirent_lock);
53 		/*
54 		 * Set sd->s_dentry to null only when this dentry is the one
55 		 * that is going to be killed.  Otherwise configfs_d_iput may
56 		 * run just after configfs_lookup and set sd->s_dentry to
57 		 * NULL even it's still in use.
58 		 */
59 		if (sd->s_dentry == dentry)
60 			sd->s_dentry = NULL;
61 
62 		spin_unlock(&configfs_dirent_lock);
63 		configfs_put(sd);
64 	}
65 	iput(inode);
66 }
67 
68 const struct dentry_operations configfs_dentry_ops = {
69 	.d_iput		= configfs_d_iput,
70 	.d_delete	= always_delete_dentry,
71 };
72 
73 #ifdef CONFIG_LOCKDEP
74 
75 /*
76  * Helpers to make lockdep happy with our recursive locking of default groups'
77  * inodes (see configfs_attach_group() and configfs_detach_group()).
78  * We put default groups i_mutexes in separate classes according to their depth
79  * from the youngest non-default group ancestor.
80  *
81  * For a non-default group A having default groups A/B, A/C, and A/C/D, default
82  * groups A/B and A/C will have their inode's mutex in class
83  * default_group_class[0], and default group A/C/D will be in
84  * default_group_class[1].
85  *
86  * The lock classes are declared and assigned in inode.c, according to the
87  * s_depth value.
88  * The s_depth value is initialized to -1, adjusted to >= 0 when attaching
89  * default groups, and reset to -1 when all default groups are attached. During
90  * attachment, if configfs_create() sees s_depth > 0, the lock class of the new
91  * inode's mutex is set to default_group_class[s_depth - 1].
92  */
93 
94 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
95 {
96 	sd->s_depth = -1;
97 }
98 
99 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
100 					  struct configfs_dirent *sd)
101 {
102 	int parent_depth = parent_sd->s_depth;
103 
104 	if (parent_depth >= 0)
105 		sd->s_depth = parent_depth + 1;
106 }
107 
108 static void
109 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
110 {
111 	/*
112 	 * item's i_mutex class is already setup, so s_depth is now only
113 	 * used to set new sub-directories s_depth, which is always done
114 	 * with item's i_mutex locked.
115 	 */
116 	/*
117 	 *  sd->s_depth == -1 iff we are a non default group.
118 	 *  else (we are a default group) sd->s_depth > 0 (see
119 	 *  create_dir()).
120 	 */
121 	if (sd->s_depth == -1)
122 		/*
123 		 * We are a non default group and we are going to create
124 		 * default groups.
125 		 */
126 		sd->s_depth = 0;
127 }
128 
129 static void
130 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
131 {
132 	/* We will not create default groups anymore. */
133 	sd->s_depth = -1;
134 }
135 
136 #else /* CONFIG_LOCKDEP */
137 
138 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
139 {
140 }
141 
142 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
143 					  struct configfs_dirent *sd)
144 {
145 }
146 
147 static void
148 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
149 {
150 }
151 
152 static void
153 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
154 {
155 }
156 
157 #endif /* CONFIG_LOCKDEP */
158 
159 static struct configfs_fragment *new_fragment(void)
160 {
161 	struct configfs_fragment *p;
162 
163 	p = kmalloc(sizeof(struct configfs_fragment), GFP_KERNEL);
164 	if (p) {
165 		atomic_set(&p->frag_count, 1);
166 		init_rwsem(&p->frag_sem);
167 		p->frag_dead = false;
168 	}
169 	return p;
170 }
171 
172 void put_fragment(struct configfs_fragment *frag)
173 {
174 	if (frag && atomic_dec_and_test(&frag->frag_count))
175 		kfree(frag);
176 }
177 
178 struct configfs_fragment *get_fragment(struct configfs_fragment *frag)
179 {
180 	if (likely(frag))
181 		atomic_inc(&frag->frag_count);
182 	return frag;
183 }
184 
185 /*
186  * Allocates a new configfs_dirent and links it to the parent configfs_dirent
187  */
188 static struct configfs_dirent *configfs_new_dirent(struct configfs_dirent *parent_sd,
189 						   void *element, int type,
190 						   struct configfs_fragment *frag)
191 {
192 	struct configfs_dirent * sd;
193 
194 	sd = kmem_cache_zalloc(configfs_dir_cachep, GFP_KERNEL);
195 	if (!sd)
196 		return ERR_PTR(-ENOMEM);
197 
198 	atomic_set(&sd->s_count, 1);
199 	INIT_LIST_HEAD(&sd->s_children);
200 	sd->s_element = element;
201 	sd->s_type = type;
202 	configfs_init_dirent_depth(sd);
203 	spin_lock(&configfs_dirent_lock);
204 	if (parent_sd->s_type & CONFIGFS_USET_DROPPING) {
205 		spin_unlock(&configfs_dirent_lock);
206 		kmem_cache_free(configfs_dir_cachep, sd);
207 		return ERR_PTR(-ENOENT);
208 	}
209 	sd->s_frag = get_fragment(frag);
210 	list_add(&sd->s_sibling, &parent_sd->s_children);
211 	spin_unlock(&configfs_dirent_lock);
212 
213 	return sd;
214 }
215 
216 /*
217  *
218  * Return -EEXIST if there is already a configfs element with the same
219  * name for the same parent.
220  *
221  * called with parent inode's i_mutex held
222  */
223 static int configfs_dirent_exists(struct configfs_dirent *parent_sd,
224 				  const unsigned char *new)
225 {
226 	struct configfs_dirent * sd;
227 
228 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
229 		if (sd->s_element) {
230 			const unsigned char *existing = configfs_get_name(sd);
231 			if (strcmp(existing, new))
232 				continue;
233 			else
234 				return -EEXIST;
235 		}
236 	}
237 
238 	return 0;
239 }
240 
241 
242 int configfs_make_dirent(struct configfs_dirent * parent_sd,
243 			 struct dentry * dentry, void * element,
244 			 umode_t mode, int type, struct configfs_fragment *frag)
245 {
246 	struct configfs_dirent * sd;
247 
248 	sd = configfs_new_dirent(parent_sd, element, type, frag);
249 	if (IS_ERR(sd))
250 		return PTR_ERR(sd);
251 
252 	sd->s_mode = mode;
253 	sd->s_dentry = dentry;
254 	if (dentry)
255 		dentry->d_fsdata = configfs_get(sd);
256 
257 	return 0;
258 }
259 
260 static void configfs_remove_dirent(struct dentry *dentry)
261 {
262 	struct configfs_dirent *sd = dentry->d_fsdata;
263 
264 	if (!sd)
265 		return;
266 	spin_lock(&configfs_dirent_lock);
267 	list_del_init(&sd->s_sibling);
268 	spin_unlock(&configfs_dirent_lock);
269 	configfs_put(sd);
270 }
271 
272 /**
273  *	configfs_create_dir - create a directory for an config_item.
274  *	@item:		config_itemwe're creating directory for.
275  *	@dentry:	config_item's dentry.
276  *	@frag:		config_item's fragment.
277  *
278  *	Note: user-created entries won't be allowed under this new directory
279  *	until it is validated by configfs_dir_set_ready()
280  */
281 
282 static int configfs_create_dir(struct config_item *item, struct dentry *dentry,
283 				struct configfs_fragment *frag)
284 {
285 	int error;
286 	umode_t mode = S_IFDIR| S_IRWXU | S_IRUGO | S_IXUGO;
287 	struct dentry *p = dentry->d_parent;
288 	struct inode *inode;
289 
290 	BUG_ON(!item);
291 
292 	error = configfs_dirent_exists(p->d_fsdata, dentry->d_name.name);
293 	if (unlikely(error))
294 		return error;
295 
296 	error = configfs_make_dirent(p->d_fsdata, dentry, item, mode,
297 				     CONFIGFS_DIR | CONFIGFS_USET_CREATING,
298 				     frag);
299 	if (unlikely(error))
300 		return error;
301 
302 	configfs_set_dir_dirent_depth(p->d_fsdata, dentry->d_fsdata);
303 	inode = configfs_create(dentry, mode);
304 	if (IS_ERR(inode))
305 		goto out_remove;
306 
307 	inode->i_op = &configfs_dir_inode_operations;
308 	inode->i_fop = &configfs_dir_operations;
309 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
310 	inc_nlink(inode);
311 	d_instantiate(dentry, inode);
312 	/* already hashed */
313 	dget(dentry);  /* pin directory dentries in core */
314 	inc_nlink(d_inode(p));
315 	item->ci_dentry = dentry;
316 	return 0;
317 
318 out_remove:
319 	configfs_put(dentry->d_fsdata);
320 	configfs_remove_dirent(dentry);
321 	return PTR_ERR(inode);
322 }
323 
324 /*
325  * Allow userspace to create new entries under a new directory created with
326  * configfs_create_dir(), and under all of its chidlren directories recursively.
327  * @sd		configfs_dirent of the new directory to validate
328  *
329  * Caller must hold configfs_dirent_lock.
330  */
331 static void configfs_dir_set_ready(struct configfs_dirent *sd)
332 {
333 	struct configfs_dirent *child_sd;
334 
335 	sd->s_type &= ~CONFIGFS_USET_CREATING;
336 	list_for_each_entry(child_sd, &sd->s_children, s_sibling)
337 		if (child_sd->s_type & CONFIGFS_USET_CREATING)
338 			configfs_dir_set_ready(child_sd);
339 }
340 
341 /*
342  * Check that a directory does not belong to a directory hierarchy being
343  * attached and not validated yet.
344  * @sd		configfs_dirent of the directory to check
345  *
346  * @return	non-zero iff the directory was validated
347  *
348  * Note: takes configfs_dirent_lock, so the result may change from false to true
349  * in two consecutive calls, but never from true to false.
350  */
351 int configfs_dirent_is_ready(struct configfs_dirent *sd)
352 {
353 	int ret;
354 
355 	spin_lock(&configfs_dirent_lock);
356 	ret = !(sd->s_type & CONFIGFS_USET_CREATING);
357 	spin_unlock(&configfs_dirent_lock);
358 
359 	return ret;
360 }
361 
362 int configfs_create_link(struct configfs_dirent *target, struct dentry *parent,
363 		struct dentry *dentry, char *body)
364 {
365 	int err = 0;
366 	umode_t mode = S_IFLNK | S_IRWXUGO;
367 	struct configfs_dirent *p = parent->d_fsdata;
368 	struct inode *inode;
369 
370 	err = configfs_make_dirent(p, dentry, target, mode, CONFIGFS_ITEM_LINK,
371 			p->s_frag);
372 	if (err)
373 		return err;
374 
375 	inode = configfs_create(dentry, mode);
376 	if (IS_ERR(inode))
377 		goto out_remove;
378 
379 	inode->i_link = body;
380 	inode->i_op = &configfs_symlink_inode_operations;
381 	d_instantiate(dentry, inode);
382 	dget(dentry);  /* pin link dentries in core */
383 	return 0;
384 
385 out_remove:
386 	configfs_put(dentry->d_fsdata);
387 	configfs_remove_dirent(dentry);
388 	return PTR_ERR(inode);
389 }
390 
391 static void remove_dir(struct dentry * d)
392 {
393 	struct dentry * parent = dget(d->d_parent);
394 
395 	configfs_remove_dirent(d);
396 
397 	if (d_really_is_positive(d))
398 		simple_rmdir(d_inode(parent),d);
399 
400 	pr_debug(" o %pd removing done (%d)\n", d, d_count(d));
401 
402 	dput(parent);
403 }
404 
405 /**
406  * configfs_remove_dir - remove an config_item's directory.
407  * @item:	config_item we're removing.
408  *
409  * The only thing special about this is that we remove any files in
410  * the directory before we remove the directory, and we've inlined
411  * what used to be configfs_rmdir() below, instead of calling separately.
412  *
413  * Caller holds the mutex of the item's inode
414  */
415 
416 static void configfs_remove_dir(struct config_item * item)
417 {
418 	struct dentry * dentry = dget(item->ci_dentry);
419 
420 	if (!dentry)
421 		return;
422 
423 	remove_dir(dentry);
424 	/**
425 	 * Drop reference from dget() on entrance.
426 	 */
427 	dput(dentry);
428 }
429 
430 static struct dentry * configfs_lookup(struct inode *dir,
431 				       struct dentry *dentry,
432 				       unsigned int flags)
433 {
434 	struct configfs_dirent * parent_sd = dentry->d_parent->d_fsdata;
435 	struct configfs_dirent * sd;
436 	struct inode *inode = NULL;
437 
438 	if (dentry->d_name.len > NAME_MAX)
439 		return ERR_PTR(-ENAMETOOLONG);
440 
441 	/*
442 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
443 	 * being attached
444 	 *
445 	 * This forbids userspace to read/write attributes of items which may
446 	 * not complete their initialization, since the dentries of the
447 	 * attributes won't be instantiated.
448 	 */
449 	if (!configfs_dirent_is_ready(parent_sd))
450 		return ERR_PTR(-ENOENT);
451 
452 	spin_lock(&configfs_dirent_lock);
453 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
454 		if ((sd->s_type & CONFIGFS_NOT_PINNED) &&
455 		    !strcmp(configfs_get_name(sd), dentry->d_name.name)) {
456 			struct configfs_attribute *attr = sd->s_element;
457 			umode_t mode = (attr->ca_mode & S_IALLUGO) | S_IFREG;
458 
459 			dentry->d_fsdata = configfs_get(sd);
460 			sd->s_dentry = dentry;
461 			spin_unlock(&configfs_dirent_lock);
462 
463 			inode = configfs_create(dentry, mode);
464 			if (IS_ERR(inode)) {
465 				configfs_put(sd);
466 				return ERR_CAST(inode);
467 			}
468 			if (sd->s_type & CONFIGFS_ITEM_BIN_ATTR) {
469 				inode->i_size = 0;
470 				inode->i_fop = &configfs_bin_file_operations;
471 			} else {
472 				inode->i_size = PAGE_SIZE;
473 				inode->i_fop = &configfs_file_operations;
474 			}
475 			goto done;
476 		}
477 	}
478 	spin_unlock(&configfs_dirent_lock);
479 done:
480 	d_add(dentry, inode);
481 	return NULL;
482 }
483 
484 /*
485  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
486  * attributes and are removed by rmdir().  We recurse, setting
487  * CONFIGFS_USET_DROPPING on all children that are candidates for
488  * default detach.
489  * If there is an error, the caller will reset the flags via
490  * configfs_detach_rollback().
491  */
492 static int configfs_detach_prep(struct dentry *dentry, struct dentry **wait)
493 {
494 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
495 	struct configfs_dirent *sd;
496 	int ret;
497 
498 	/* Mark that we're trying to drop the group */
499 	parent_sd->s_type |= CONFIGFS_USET_DROPPING;
500 
501 	ret = -EBUSY;
502 	if (parent_sd->s_links)
503 		goto out;
504 
505 	ret = 0;
506 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
507 		if (!sd->s_element ||
508 		    (sd->s_type & CONFIGFS_NOT_PINNED))
509 			continue;
510 		if (sd->s_type & CONFIGFS_USET_DEFAULT) {
511 			/* Abort if racing with mkdir() */
512 			if (sd->s_type & CONFIGFS_USET_IN_MKDIR) {
513 				if (wait)
514 					*wait= dget(sd->s_dentry);
515 				return -EAGAIN;
516 			}
517 
518 			/*
519 			 * Yup, recursive.  If there's a problem, blame
520 			 * deep nesting of default_groups
521 			 */
522 			ret = configfs_detach_prep(sd->s_dentry, wait);
523 			if (!ret)
524 				continue;
525 		} else
526 			ret = -ENOTEMPTY;
527 
528 		break;
529 	}
530 
531 out:
532 	return ret;
533 }
534 
535 /*
536  * Walk the tree, resetting CONFIGFS_USET_DROPPING wherever it was
537  * set.
538  */
539 static void configfs_detach_rollback(struct dentry *dentry)
540 {
541 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
542 	struct configfs_dirent *sd;
543 
544 	parent_sd->s_type &= ~CONFIGFS_USET_DROPPING;
545 
546 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling)
547 		if (sd->s_type & CONFIGFS_USET_DEFAULT)
548 			configfs_detach_rollback(sd->s_dentry);
549 }
550 
551 static void detach_attrs(struct config_item * item)
552 {
553 	struct dentry * dentry = dget(item->ci_dentry);
554 	struct configfs_dirent * parent_sd;
555 	struct configfs_dirent * sd, * tmp;
556 
557 	if (!dentry)
558 		return;
559 
560 	pr_debug("configfs %s: dropping attrs for  dir\n",
561 		 dentry->d_name.name);
562 
563 	parent_sd = dentry->d_fsdata;
564 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
565 		if (!sd->s_element || !(sd->s_type & CONFIGFS_NOT_PINNED))
566 			continue;
567 		spin_lock(&configfs_dirent_lock);
568 		list_del_init(&sd->s_sibling);
569 		spin_unlock(&configfs_dirent_lock);
570 		configfs_drop_dentry(sd, dentry);
571 		configfs_put(sd);
572 	}
573 
574 	/**
575 	 * Drop reference from dget() on entrance.
576 	 */
577 	dput(dentry);
578 }
579 
580 static int populate_attrs(struct config_item *item)
581 {
582 	const struct config_item_type *t = item->ci_type;
583 	struct configfs_group_operations *ops;
584 	struct configfs_attribute *attr;
585 	struct configfs_bin_attribute *bin_attr;
586 	int error = 0;
587 	int i;
588 
589 	if (!t)
590 		return -EINVAL;
591 
592 	ops = t->ct_group_ops;
593 
594 	if (t->ct_attrs) {
595 		for (i = 0; (attr = t->ct_attrs[i]) != NULL; i++) {
596 			if (ops && ops->is_visible && !ops->is_visible(item, attr, i))
597 				continue;
598 
599 			if ((error = configfs_create_file(item, attr)))
600 				break;
601 		}
602 	}
603 	if (t->ct_bin_attrs) {
604 		for (i = 0; (bin_attr = t->ct_bin_attrs[i]) != NULL; i++) {
605 			if (ops && ops->is_bin_visible && !ops->is_bin_visible(item, bin_attr, i))
606 				continue;
607 
608 			error = configfs_create_bin_file(item, bin_attr);
609 			if (error)
610 				break;
611 		}
612 	}
613 
614 	if (error)
615 		detach_attrs(item);
616 
617 	return error;
618 }
619 
620 static int configfs_attach_group(struct config_item *parent_item,
621 				 struct config_item *item,
622 				 struct dentry *dentry,
623 				 struct configfs_fragment *frag);
624 static void configfs_detach_group(struct config_item *item);
625 
626 static void detach_groups(struct config_group *group)
627 {
628 	struct dentry * dentry = dget(group->cg_item.ci_dentry);
629 	struct dentry *child;
630 	struct configfs_dirent *parent_sd;
631 	struct configfs_dirent *sd, *tmp;
632 
633 	if (!dentry)
634 		return;
635 
636 	parent_sd = dentry->d_fsdata;
637 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
638 		if (!sd->s_element ||
639 		    !(sd->s_type & CONFIGFS_USET_DEFAULT))
640 			continue;
641 
642 		child = sd->s_dentry;
643 
644 		inode_lock(d_inode(child));
645 
646 		configfs_detach_group(sd->s_element);
647 		d_inode(child)->i_flags |= S_DEAD;
648 		dont_mount(child);
649 
650 		inode_unlock(d_inode(child));
651 
652 		d_delete(child);
653 		dput(child);
654 	}
655 
656 	/**
657 	 * Drop reference from dget() on entrance.
658 	 */
659 	dput(dentry);
660 }
661 
662 /*
663  * This fakes mkdir(2) on a default_groups[] entry.  It
664  * creates a dentry, attachs it, and then does fixup
665  * on the sd->s_type.
666  *
667  * We could, perhaps, tweak our parent's ->mkdir for a minute and
668  * try using vfs_mkdir.  Just a thought.
669  */
670 static int create_default_group(struct config_group *parent_group,
671 				struct config_group *group,
672 				struct configfs_fragment *frag)
673 {
674 	int ret;
675 	struct configfs_dirent *sd;
676 	/* We trust the caller holds a reference to parent */
677 	struct dentry *child, *parent = parent_group->cg_item.ci_dentry;
678 
679 	if (!group->cg_item.ci_name)
680 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
681 
682 	ret = -ENOMEM;
683 	child = d_alloc_name(parent, group->cg_item.ci_name);
684 	if (child) {
685 		d_add(child, NULL);
686 
687 		ret = configfs_attach_group(&parent_group->cg_item,
688 					    &group->cg_item, child, frag);
689 		if (!ret) {
690 			sd = child->d_fsdata;
691 			sd->s_type |= CONFIGFS_USET_DEFAULT;
692 		} else {
693 			BUG_ON(d_inode(child));
694 			d_drop(child);
695 			dput(child);
696 		}
697 	}
698 
699 	return ret;
700 }
701 
702 static int populate_groups(struct config_group *group,
703 			   struct configfs_fragment *frag)
704 {
705 	struct config_group *new_group;
706 	int ret = 0;
707 
708 	list_for_each_entry(new_group, &group->default_groups, group_entry) {
709 		ret = create_default_group(group, new_group, frag);
710 		if (ret) {
711 			detach_groups(group);
712 			break;
713 		}
714 	}
715 
716 	return ret;
717 }
718 
719 void configfs_remove_default_groups(struct config_group *group)
720 {
721 	struct config_group *g, *n;
722 
723 	list_for_each_entry_safe(g, n, &group->default_groups, group_entry) {
724 		list_del(&g->group_entry);
725 		config_item_put(&g->cg_item);
726 	}
727 }
728 EXPORT_SYMBOL(configfs_remove_default_groups);
729 
730 /*
731  * All of link_obj/unlink_obj/link_group/unlink_group require that
732  * subsys->su_mutex is held.
733  */
734 
735 static void unlink_obj(struct config_item *item)
736 {
737 	struct config_group *group;
738 
739 	group = item->ci_group;
740 	if (group) {
741 		list_del_init(&item->ci_entry);
742 
743 		item->ci_group = NULL;
744 		item->ci_parent = NULL;
745 
746 		/* Drop the reference for ci_entry */
747 		config_item_put(item);
748 
749 		/* Drop the reference for ci_parent */
750 		config_group_put(group);
751 	}
752 }
753 
754 static void link_obj(struct config_item *parent_item, struct config_item *item)
755 {
756 	/*
757 	 * Parent seems redundant with group, but it makes certain
758 	 * traversals much nicer.
759 	 */
760 	item->ci_parent = parent_item;
761 
762 	/*
763 	 * We hold a reference on the parent for the child's ci_parent
764 	 * link.
765 	 */
766 	item->ci_group = config_group_get(to_config_group(parent_item));
767 	list_add_tail(&item->ci_entry, &item->ci_group->cg_children);
768 
769 	/*
770 	 * We hold a reference on the child for ci_entry on the parent's
771 	 * cg_children
772 	 */
773 	config_item_get(item);
774 }
775 
776 static void unlink_group(struct config_group *group)
777 {
778 	struct config_group *new_group;
779 
780 	list_for_each_entry(new_group, &group->default_groups, group_entry)
781 		unlink_group(new_group);
782 
783 	group->cg_subsys = NULL;
784 	unlink_obj(&group->cg_item);
785 }
786 
787 static void link_group(struct config_group *parent_group, struct config_group *group)
788 {
789 	struct config_group *new_group;
790 	struct configfs_subsystem *subsys = NULL; /* gcc is a turd */
791 
792 	link_obj(&parent_group->cg_item, &group->cg_item);
793 
794 	if (parent_group->cg_subsys)
795 		subsys = parent_group->cg_subsys;
796 	else if (configfs_is_root(&parent_group->cg_item))
797 		subsys = to_configfs_subsystem(group);
798 	else
799 		BUG();
800 	group->cg_subsys = subsys;
801 
802 	list_for_each_entry(new_group, &group->default_groups, group_entry)
803 		link_group(group, new_group);
804 }
805 
806 /*
807  * The goal is that configfs_attach_item() (and
808  * configfs_attach_group()) can be called from either the VFS or this
809  * module.  That is, they assume that the items have been created,
810  * the dentry allocated, and the dcache is all ready to go.
811  *
812  * If they fail, they must clean up after themselves as if they
813  * had never been called.  The caller (VFS or local function) will
814  * handle cleaning up the dcache bits.
815  *
816  * configfs_detach_group() and configfs_detach_item() behave similarly on
817  * the way out.  They assume that the proper semaphores are held, they
818  * clean up the configfs items, and they expect their callers will
819  * handle the dcache bits.
820  */
821 static int configfs_attach_item(struct config_item *parent_item,
822 				struct config_item *item,
823 				struct dentry *dentry,
824 				struct configfs_fragment *frag)
825 {
826 	int ret;
827 
828 	ret = configfs_create_dir(item, dentry, frag);
829 	if (!ret) {
830 		ret = populate_attrs(item);
831 		if (ret) {
832 			/*
833 			 * We are going to remove an inode and its dentry but
834 			 * the VFS may already have hit and used them. Thus,
835 			 * we must lock them as rmdir() would.
836 			 */
837 			inode_lock(d_inode(dentry));
838 			configfs_remove_dir(item);
839 			d_inode(dentry)->i_flags |= S_DEAD;
840 			dont_mount(dentry);
841 			inode_unlock(d_inode(dentry));
842 			d_delete(dentry);
843 		}
844 	}
845 
846 	return ret;
847 }
848 
849 /* Caller holds the mutex of the item's inode */
850 static void configfs_detach_item(struct config_item *item)
851 {
852 	detach_attrs(item);
853 	configfs_remove_dir(item);
854 }
855 
856 static int configfs_attach_group(struct config_item *parent_item,
857 				 struct config_item *item,
858 				 struct dentry *dentry,
859 				 struct configfs_fragment *frag)
860 {
861 	int ret;
862 	struct configfs_dirent *sd;
863 
864 	ret = configfs_attach_item(parent_item, item, dentry, frag);
865 	if (!ret) {
866 		sd = dentry->d_fsdata;
867 		sd->s_type |= CONFIGFS_USET_DIR;
868 
869 		/*
870 		 * FYI, we're faking mkdir in populate_groups()
871 		 * We must lock the group's inode to avoid races with the VFS
872 		 * which can already hit the inode and try to add/remove entries
873 		 * under it.
874 		 *
875 		 * We must also lock the inode to remove it safely in case of
876 		 * error, as rmdir() would.
877 		 */
878 		inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
879 		configfs_adjust_dir_dirent_depth_before_populate(sd);
880 		ret = populate_groups(to_config_group(item), frag);
881 		if (ret) {
882 			configfs_detach_item(item);
883 			d_inode(dentry)->i_flags |= S_DEAD;
884 			dont_mount(dentry);
885 		}
886 		configfs_adjust_dir_dirent_depth_after_populate(sd);
887 		inode_unlock(d_inode(dentry));
888 		if (ret)
889 			d_delete(dentry);
890 	}
891 
892 	return ret;
893 }
894 
895 /* Caller holds the mutex of the group's inode */
896 static void configfs_detach_group(struct config_item *item)
897 {
898 	detach_groups(to_config_group(item));
899 	configfs_detach_item(item);
900 }
901 
902 /*
903  * After the item has been detached from the filesystem view, we are
904  * ready to tear it out of the hierarchy.  Notify the client before
905  * we do that so they can perform any cleanup that requires
906  * navigating the hierarchy.  A client does not need to provide this
907  * callback.  The subsystem semaphore MUST be held by the caller, and
908  * references must be valid for both items.  It also assumes the
909  * caller has validated ci_type.
910  */
911 static void client_disconnect_notify(struct config_item *parent_item,
912 				     struct config_item *item)
913 {
914 	const struct config_item_type *type;
915 
916 	type = parent_item->ci_type;
917 	BUG_ON(!type);
918 
919 	if (type->ct_group_ops && type->ct_group_ops->disconnect_notify)
920 		type->ct_group_ops->disconnect_notify(to_config_group(parent_item),
921 						      item);
922 }
923 
924 /*
925  * Drop the initial reference from make_item()/make_group()
926  * This function assumes that reference is held on item
927  * and that item holds a valid reference to the parent.  Also, it
928  * assumes the caller has validated ci_type.
929  */
930 static void client_drop_item(struct config_item *parent_item,
931 			     struct config_item *item)
932 {
933 	const struct config_item_type *type;
934 
935 	type = parent_item->ci_type;
936 	BUG_ON(!type);
937 
938 	/*
939 	 * If ->drop_item() exists, it is responsible for the
940 	 * config_item_put().
941 	 */
942 	if (type->ct_group_ops && type->ct_group_ops->drop_item)
943 		type->ct_group_ops->drop_item(to_config_group(parent_item),
944 					      item);
945 	else
946 		config_item_put(item);
947 }
948 
949 #ifdef DEBUG
950 static void configfs_dump_one(struct configfs_dirent *sd, int level)
951 {
952 	pr_info("%*s\"%s\":\n", level, " ", configfs_get_name(sd));
953 
954 #define type_print(_type) if (sd->s_type & _type) pr_info("%*s %s\n", level, " ", #_type);
955 	type_print(CONFIGFS_ROOT);
956 	type_print(CONFIGFS_DIR);
957 	type_print(CONFIGFS_ITEM_ATTR);
958 	type_print(CONFIGFS_ITEM_LINK);
959 	type_print(CONFIGFS_USET_DIR);
960 	type_print(CONFIGFS_USET_DEFAULT);
961 	type_print(CONFIGFS_USET_DROPPING);
962 #undef type_print
963 }
964 
965 static int configfs_dump(struct configfs_dirent *sd, int level)
966 {
967 	struct configfs_dirent *child_sd;
968 	int ret = 0;
969 
970 	configfs_dump_one(sd, level);
971 
972 	if (!(sd->s_type & (CONFIGFS_DIR|CONFIGFS_ROOT)))
973 		return 0;
974 
975 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
976 		ret = configfs_dump(child_sd, level + 2);
977 		if (ret)
978 			break;
979 	}
980 
981 	return ret;
982 }
983 #endif
984 
985 
986 /*
987  * configfs_depend_item() and configfs_undepend_item()
988  *
989  * WARNING: Do not call these from a configfs callback!
990  *
991  * This describes these functions and their helpers.
992  *
993  * Allow another kernel system to depend on a config_item.  If this
994  * happens, the item cannot go away until the dependent can live without
995  * it.  The idea is to give client modules as simple an interface as
996  * possible.  When a system asks them to depend on an item, they just
997  * call configfs_depend_item().  If the item is live and the client
998  * driver is in good shape, we'll happily do the work for them.
999  *
1000  * Why is the locking complex?  Because configfs uses the VFS to handle
1001  * all locking, but this function is called outside the normal
1002  * VFS->configfs path.  So it must take VFS locks to prevent the
1003  * VFS->configfs stuff (configfs_mkdir(), configfs_rmdir(), etc).  This is
1004  * why you can't call these functions underneath configfs callbacks.
1005  *
1006  * Note, btw, that this can be called at *any* time, even when a configfs
1007  * subsystem isn't registered, or when configfs is loading or unloading.
1008  * Just like configfs_register_subsystem().  So we take the same
1009  * precautions.  We pin the filesystem.  We lock configfs_dirent_lock.
1010  * If we can find the target item in the
1011  * configfs tree, it must be part of the subsystem tree as well, so we
1012  * do not need the subsystem semaphore.  Holding configfs_dirent_lock helps
1013  * locking out mkdir() and rmdir(), who might be racing us.
1014  */
1015 
1016 /*
1017  * configfs_depend_prep()
1018  *
1019  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
1020  * attributes.  This is similar but not the same to configfs_detach_prep().
1021  * Note that configfs_detach_prep() expects the parent to be locked when it
1022  * is called, but we lock the parent *inside* configfs_depend_prep().  We
1023  * do that so we can unlock it if we find nothing.
1024  *
1025  * Here we do a depth-first search of the dentry hierarchy looking for
1026  * our object.
1027  * We deliberately ignore items tagged as dropping since they are virtually
1028  * dead, as well as items in the middle of attachment since they virtually
1029  * do not exist yet. This completes the locking out of racing mkdir() and
1030  * rmdir().
1031  * Note: subdirectories in the middle of attachment start with s_type =
1032  * CONFIGFS_DIR|CONFIGFS_USET_CREATING set by create_dir().  When
1033  * CONFIGFS_USET_CREATING is set, we ignore the item.  The actual set of
1034  * s_type is in configfs_new_dirent(), which has configfs_dirent_lock.
1035  *
1036  * If the target is not found, -ENOENT is bubbled up.
1037  *
1038  * This adds a requirement that all config_items be unique!
1039  *
1040  * This is recursive.  There isn't
1041  * much on the stack, though, so folks that need this function - be careful
1042  * about your stack!  Patches will be accepted to make it iterative.
1043  */
1044 static int configfs_depend_prep(struct dentry *origin,
1045 				struct config_item *target)
1046 {
1047 	struct configfs_dirent *child_sd, *sd;
1048 	int ret = 0;
1049 
1050 	BUG_ON(!origin || !origin->d_fsdata);
1051 	sd = origin->d_fsdata;
1052 
1053 	if (sd->s_element == target)  /* Boo-yah */
1054 		goto out;
1055 
1056 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
1057 		if ((child_sd->s_type & CONFIGFS_DIR) &&
1058 		    !(child_sd->s_type & CONFIGFS_USET_DROPPING) &&
1059 		    !(child_sd->s_type & CONFIGFS_USET_CREATING)) {
1060 			ret = configfs_depend_prep(child_sd->s_dentry,
1061 						   target);
1062 			if (!ret)
1063 				goto out;  /* Child path boo-yah */
1064 		}
1065 	}
1066 
1067 	/* We looped all our children and didn't find target */
1068 	ret = -ENOENT;
1069 
1070 out:
1071 	return ret;
1072 }
1073 
1074 static int configfs_do_depend_item(struct dentry *subsys_dentry,
1075 				   struct config_item *target)
1076 {
1077 	struct configfs_dirent *p;
1078 	int ret;
1079 
1080 	spin_lock(&configfs_dirent_lock);
1081 	/* Scan the tree, return 0 if found */
1082 	ret = configfs_depend_prep(subsys_dentry, target);
1083 	if (ret)
1084 		goto out_unlock_dirent_lock;
1085 
1086 	/*
1087 	 * We are sure that the item is not about to be removed by rmdir(), and
1088 	 * not in the middle of attachment by mkdir().
1089 	 */
1090 	p = target->ci_dentry->d_fsdata;
1091 	p->s_dependent_count += 1;
1092 
1093 out_unlock_dirent_lock:
1094 	spin_unlock(&configfs_dirent_lock);
1095 
1096 	return ret;
1097 }
1098 
1099 static inline struct configfs_dirent *
1100 configfs_find_subsys_dentry(struct configfs_dirent *root_sd,
1101 			    struct config_item *subsys_item)
1102 {
1103 	struct configfs_dirent *p;
1104 	struct configfs_dirent *ret = NULL;
1105 
1106 	list_for_each_entry(p, &root_sd->s_children, s_sibling) {
1107 		if (p->s_type & CONFIGFS_DIR &&
1108 		    p->s_element == subsys_item) {
1109 			ret = p;
1110 			break;
1111 		}
1112 	}
1113 
1114 	return ret;
1115 }
1116 
1117 
1118 int configfs_depend_item(struct configfs_subsystem *subsys,
1119 			 struct config_item *target)
1120 {
1121 	int ret;
1122 	struct configfs_dirent *subsys_sd;
1123 	struct config_item *s_item = &subsys->su_group.cg_item;
1124 	struct dentry *root;
1125 
1126 	/*
1127 	 * Pin the configfs filesystem.  This means we can safely access
1128 	 * the root of the configfs filesystem.
1129 	 */
1130 	root = configfs_pin_fs();
1131 	if (IS_ERR(root))
1132 		return PTR_ERR(root);
1133 
1134 	/*
1135 	 * Next, lock the root directory.  We're going to check that the
1136 	 * subsystem is really registered, and so we need to lock out
1137 	 * configfs_[un]register_subsystem().
1138 	 */
1139 	inode_lock(d_inode(root));
1140 
1141 	subsys_sd = configfs_find_subsys_dentry(root->d_fsdata, s_item);
1142 	if (!subsys_sd) {
1143 		ret = -ENOENT;
1144 		goto out_unlock_fs;
1145 	}
1146 
1147 	/* Ok, now we can trust subsys/s_item */
1148 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1149 
1150 out_unlock_fs:
1151 	inode_unlock(d_inode(root));
1152 
1153 	/*
1154 	 * If we succeeded, the fs is pinned via other methods.  If not,
1155 	 * we're done with it anyway.  So release_fs() is always right.
1156 	 */
1157 	configfs_release_fs();
1158 
1159 	return ret;
1160 }
1161 EXPORT_SYMBOL(configfs_depend_item);
1162 
1163 /*
1164  * Release the dependent linkage.  This is much simpler than
1165  * configfs_depend_item() because we know that the client driver is
1166  * pinned, thus the subsystem is pinned, and therefore configfs is pinned.
1167  */
1168 void configfs_undepend_item(struct config_item *target)
1169 {
1170 	struct configfs_dirent *sd;
1171 
1172 	/*
1173 	 * Since we can trust everything is pinned, we just need
1174 	 * configfs_dirent_lock.
1175 	 */
1176 	spin_lock(&configfs_dirent_lock);
1177 
1178 	sd = target->ci_dentry->d_fsdata;
1179 	BUG_ON(sd->s_dependent_count < 1);
1180 
1181 	sd->s_dependent_count -= 1;
1182 
1183 	/*
1184 	 * After this unlock, we cannot trust the item to stay alive!
1185 	 * DO NOT REFERENCE item after this unlock.
1186 	 */
1187 	spin_unlock(&configfs_dirent_lock);
1188 }
1189 EXPORT_SYMBOL(configfs_undepend_item);
1190 
1191 /*
1192  * caller_subsys is a caller's subsystem not target's. This is used to
1193  * determine if we should lock root and check subsys or not. When we are
1194  * in the same subsystem as our target there is no need to do locking as
1195  * we know that subsys is valid and is not unregistered during this function
1196  * as we are called from callback of one of his children and VFS holds a lock
1197  * on some inode. Otherwise we have to lock our root to  ensure that target's
1198  * subsystem it is not unregistered during this function.
1199  */
1200 int configfs_depend_item_unlocked(struct configfs_subsystem *caller_subsys,
1201 				  struct config_item *target)
1202 {
1203 	struct configfs_subsystem *target_subsys;
1204 	struct config_group *root, *parent;
1205 	struct configfs_dirent *subsys_sd;
1206 	int ret = -ENOENT;
1207 
1208 	/* Disallow this function for configfs root */
1209 	if (configfs_is_root(target))
1210 		return -EINVAL;
1211 
1212 	parent = target->ci_group;
1213 	/*
1214 	 * This may happen when someone is trying to depend root
1215 	 * directory of some subsystem
1216 	 */
1217 	if (configfs_is_root(&parent->cg_item)) {
1218 		target_subsys = to_configfs_subsystem(to_config_group(target));
1219 		root = parent;
1220 	} else {
1221 		target_subsys = parent->cg_subsys;
1222 		/* Find a cofnigfs root as we may need it for locking */
1223 		for (root = parent; !configfs_is_root(&root->cg_item);
1224 		     root = root->cg_item.ci_group)
1225 			;
1226 	}
1227 
1228 	if (target_subsys != caller_subsys) {
1229 		/*
1230 		 * We are in other configfs subsystem, so we have to do
1231 		 * additional locking to prevent other subsystem from being
1232 		 * unregistered
1233 		 */
1234 		inode_lock(d_inode(root->cg_item.ci_dentry));
1235 
1236 		/*
1237 		 * As we are trying to depend item from other subsystem
1238 		 * we have to check if this subsystem is still registered
1239 		 */
1240 		subsys_sd = configfs_find_subsys_dentry(
1241 				root->cg_item.ci_dentry->d_fsdata,
1242 				&target_subsys->su_group.cg_item);
1243 		if (!subsys_sd)
1244 			goto out_root_unlock;
1245 	} else {
1246 		subsys_sd = target_subsys->su_group.cg_item.ci_dentry->d_fsdata;
1247 	}
1248 
1249 	/* Now we can execute core of depend item */
1250 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1251 
1252 	if (target_subsys != caller_subsys)
1253 out_root_unlock:
1254 		/*
1255 		 * We were called from subsystem other than our target so we
1256 		 * took some locks so now it's time to release them
1257 		 */
1258 		inode_unlock(d_inode(root->cg_item.ci_dentry));
1259 
1260 	return ret;
1261 }
1262 EXPORT_SYMBOL(configfs_depend_item_unlocked);
1263 
1264 static int configfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
1265 			  struct dentry *dentry, umode_t mode)
1266 {
1267 	int ret = 0;
1268 	int module_got = 0;
1269 	struct config_group *group = NULL;
1270 	struct config_item *item = NULL;
1271 	struct config_item *parent_item;
1272 	struct configfs_subsystem *subsys;
1273 	struct configfs_dirent *sd;
1274 	const struct config_item_type *type;
1275 	struct module *subsys_owner = NULL, *new_item_owner = NULL;
1276 	struct configfs_fragment *frag;
1277 	char *name;
1278 
1279 	sd = dentry->d_parent->d_fsdata;
1280 
1281 	/*
1282 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1283 	 * being attached
1284 	 */
1285 	if (!configfs_dirent_is_ready(sd)) {
1286 		ret = -ENOENT;
1287 		goto out;
1288 	}
1289 
1290 	if (!(sd->s_type & CONFIGFS_USET_DIR)) {
1291 		ret = -EPERM;
1292 		goto out;
1293 	}
1294 
1295 	frag = new_fragment();
1296 	if (!frag) {
1297 		ret = -ENOMEM;
1298 		goto out;
1299 	}
1300 
1301 	/* Get a working ref for the duration of this function */
1302 	parent_item = configfs_get_config_item(dentry->d_parent);
1303 	type = parent_item->ci_type;
1304 	subsys = to_config_group(parent_item)->cg_subsys;
1305 	BUG_ON(!subsys);
1306 
1307 	if (!type || !type->ct_group_ops ||
1308 	    (!type->ct_group_ops->make_group &&
1309 	     !type->ct_group_ops->make_item)) {
1310 		ret = -EPERM;  /* Lack-of-mkdir returns -EPERM */
1311 		goto out_put;
1312 	}
1313 
1314 	/*
1315 	 * The subsystem may belong to a different module than the item
1316 	 * being created.  We don't want to safely pin the new item but
1317 	 * fail to pin the subsystem it sits under.
1318 	 */
1319 	if (!subsys->su_group.cg_item.ci_type) {
1320 		ret = -EINVAL;
1321 		goto out_put;
1322 	}
1323 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1324 	if (!try_module_get(subsys_owner)) {
1325 		ret = -EINVAL;
1326 		goto out_put;
1327 	}
1328 
1329 	name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL);
1330 	if (!name) {
1331 		ret = -ENOMEM;
1332 		goto out_subsys_put;
1333 	}
1334 
1335 	snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name);
1336 
1337 	mutex_lock(&subsys->su_mutex);
1338 	if (type->ct_group_ops->make_group) {
1339 		group = type->ct_group_ops->make_group(to_config_group(parent_item), name);
1340 		if (!group)
1341 			group = ERR_PTR(-ENOMEM);
1342 		if (!IS_ERR(group)) {
1343 			link_group(to_config_group(parent_item), group);
1344 			item = &group->cg_item;
1345 		} else
1346 			ret = PTR_ERR(group);
1347 	} else {
1348 		item = type->ct_group_ops->make_item(to_config_group(parent_item), name);
1349 		if (!item)
1350 			item = ERR_PTR(-ENOMEM);
1351 		if (!IS_ERR(item))
1352 			link_obj(parent_item, item);
1353 		else
1354 			ret = PTR_ERR(item);
1355 	}
1356 	mutex_unlock(&subsys->su_mutex);
1357 
1358 	kfree(name);
1359 	if (ret) {
1360 		/*
1361 		 * If ret != 0, then link_obj() was never called.
1362 		 * There are no extra references to clean up.
1363 		 */
1364 		goto out_subsys_put;
1365 	}
1366 
1367 	/*
1368 	 * link_obj() has been called (via link_group() for groups).
1369 	 * From here on out, errors must clean that up.
1370 	 */
1371 
1372 	type = item->ci_type;
1373 	if (!type) {
1374 		ret = -EINVAL;
1375 		goto out_unlink;
1376 	}
1377 
1378 	new_item_owner = type->ct_owner;
1379 	if (!try_module_get(new_item_owner)) {
1380 		ret = -EINVAL;
1381 		goto out_unlink;
1382 	}
1383 
1384 	/*
1385 	 * I hate doing it this way, but if there is
1386 	 * an error,  module_put() probably should
1387 	 * happen after any cleanup.
1388 	 */
1389 	module_got = 1;
1390 
1391 	/*
1392 	 * Make racing rmdir() fail if it did not tag parent with
1393 	 * CONFIGFS_USET_DROPPING
1394 	 * Note: if CONFIGFS_USET_DROPPING is already set, attach_group() will
1395 	 * fail and let rmdir() terminate correctly
1396 	 */
1397 	spin_lock(&configfs_dirent_lock);
1398 	/* This will make configfs_detach_prep() fail */
1399 	sd->s_type |= CONFIGFS_USET_IN_MKDIR;
1400 	spin_unlock(&configfs_dirent_lock);
1401 
1402 	if (group)
1403 		ret = configfs_attach_group(parent_item, item, dentry, frag);
1404 	else
1405 		ret = configfs_attach_item(parent_item, item, dentry, frag);
1406 
1407 	spin_lock(&configfs_dirent_lock);
1408 	sd->s_type &= ~CONFIGFS_USET_IN_MKDIR;
1409 	if (!ret)
1410 		configfs_dir_set_ready(dentry->d_fsdata);
1411 	spin_unlock(&configfs_dirent_lock);
1412 
1413 out_unlink:
1414 	if (ret) {
1415 		/* Tear down everything we built up */
1416 		mutex_lock(&subsys->su_mutex);
1417 
1418 		client_disconnect_notify(parent_item, item);
1419 		if (group)
1420 			unlink_group(group);
1421 		else
1422 			unlink_obj(item);
1423 		client_drop_item(parent_item, item);
1424 
1425 		mutex_unlock(&subsys->su_mutex);
1426 
1427 		if (module_got)
1428 			module_put(new_item_owner);
1429 	}
1430 
1431 out_subsys_put:
1432 	if (ret)
1433 		module_put(subsys_owner);
1434 
1435 out_put:
1436 	/*
1437 	 * link_obj()/link_group() took a reference from child->parent,
1438 	 * so the parent is safely pinned.  We can drop our working
1439 	 * reference.
1440 	 */
1441 	config_item_put(parent_item);
1442 	put_fragment(frag);
1443 
1444 out:
1445 	return ret;
1446 }
1447 
1448 static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
1449 {
1450 	struct config_item *parent_item;
1451 	struct config_item *item;
1452 	struct configfs_subsystem *subsys;
1453 	struct configfs_dirent *sd;
1454 	struct configfs_fragment *frag;
1455 	struct module *subsys_owner = NULL, *dead_item_owner = NULL;
1456 	int ret;
1457 
1458 	sd = dentry->d_fsdata;
1459 	if (sd->s_type & CONFIGFS_USET_DEFAULT)
1460 		return -EPERM;
1461 
1462 	/* Get a working ref until we have the child */
1463 	parent_item = configfs_get_config_item(dentry->d_parent);
1464 	subsys = to_config_group(parent_item)->cg_subsys;
1465 	BUG_ON(!subsys);
1466 
1467 	if (!parent_item->ci_type) {
1468 		config_item_put(parent_item);
1469 		return -EINVAL;
1470 	}
1471 
1472 	/* configfs_mkdir() shouldn't have allowed this */
1473 	BUG_ON(!subsys->su_group.cg_item.ci_type);
1474 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1475 
1476 	/*
1477 	 * Ensure that no racing symlink() will make detach_prep() fail while
1478 	 * the new link is temporarily attached
1479 	 */
1480 	do {
1481 		struct dentry *wait;
1482 
1483 		mutex_lock(&configfs_symlink_mutex);
1484 		spin_lock(&configfs_dirent_lock);
1485 		/*
1486 		 * Here's where we check for dependents.  We're protected by
1487 		 * configfs_dirent_lock.
1488 		 * If no dependent, atomically tag the item as dropping.
1489 		 */
1490 		ret = sd->s_dependent_count ? -EBUSY : 0;
1491 		if (!ret) {
1492 			ret = configfs_detach_prep(dentry, &wait);
1493 			if (ret)
1494 				configfs_detach_rollback(dentry);
1495 		}
1496 		spin_unlock(&configfs_dirent_lock);
1497 		mutex_unlock(&configfs_symlink_mutex);
1498 
1499 		if (ret) {
1500 			if (ret != -EAGAIN) {
1501 				config_item_put(parent_item);
1502 				return ret;
1503 			}
1504 
1505 			/* Wait until the racing operation terminates */
1506 			inode_lock(d_inode(wait));
1507 			inode_unlock(d_inode(wait));
1508 			dput(wait);
1509 		}
1510 	} while (ret == -EAGAIN);
1511 
1512 	frag = sd->s_frag;
1513 	if (down_write_killable(&frag->frag_sem)) {
1514 		spin_lock(&configfs_dirent_lock);
1515 		configfs_detach_rollback(dentry);
1516 		spin_unlock(&configfs_dirent_lock);
1517 		config_item_put(parent_item);
1518 		return -EINTR;
1519 	}
1520 	frag->frag_dead = true;
1521 	up_write(&frag->frag_sem);
1522 
1523 	/* Get a working ref for the duration of this function */
1524 	item = configfs_get_config_item(dentry);
1525 
1526 	/* Drop reference from above, item already holds one. */
1527 	config_item_put(parent_item);
1528 
1529 	if (item->ci_type)
1530 		dead_item_owner = item->ci_type->ct_owner;
1531 
1532 	if (sd->s_type & CONFIGFS_USET_DIR) {
1533 		configfs_detach_group(item);
1534 
1535 		mutex_lock(&subsys->su_mutex);
1536 		client_disconnect_notify(parent_item, item);
1537 		unlink_group(to_config_group(item));
1538 	} else {
1539 		configfs_detach_item(item);
1540 
1541 		mutex_lock(&subsys->su_mutex);
1542 		client_disconnect_notify(parent_item, item);
1543 		unlink_obj(item);
1544 	}
1545 
1546 	client_drop_item(parent_item, item);
1547 	mutex_unlock(&subsys->su_mutex);
1548 
1549 	/* Drop our reference from above */
1550 	config_item_put(item);
1551 
1552 	module_put(dead_item_owner);
1553 	module_put(subsys_owner);
1554 
1555 	return 0;
1556 }
1557 
1558 const struct inode_operations configfs_dir_inode_operations = {
1559 	.mkdir		= configfs_mkdir,
1560 	.rmdir		= configfs_rmdir,
1561 	.symlink	= configfs_symlink,
1562 	.unlink		= configfs_unlink,
1563 	.lookup		= configfs_lookup,
1564 	.setattr	= configfs_setattr,
1565 };
1566 
1567 const struct inode_operations configfs_root_inode_operations = {
1568 	.lookup		= configfs_lookup,
1569 	.setattr	= configfs_setattr,
1570 };
1571 
1572 static int configfs_dir_open(struct inode *inode, struct file *file)
1573 {
1574 	struct dentry * dentry = file->f_path.dentry;
1575 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1576 	int err;
1577 
1578 	inode_lock(d_inode(dentry));
1579 	/*
1580 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1581 	 * being attached
1582 	 */
1583 	err = -ENOENT;
1584 	if (configfs_dirent_is_ready(parent_sd)) {
1585 		file->private_data = configfs_new_dirent(parent_sd, NULL, 0, NULL);
1586 		if (IS_ERR(file->private_data))
1587 			err = PTR_ERR(file->private_data);
1588 		else
1589 			err = 0;
1590 	}
1591 	inode_unlock(d_inode(dentry));
1592 
1593 	return err;
1594 }
1595 
1596 static int configfs_dir_close(struct inode *inode, struct file *file)
1597 {
1598 	struct dentry * dentry = file->f_path.dentry;
1599 	struct configfs_dirent * cursor = file->private_data;
1600 
1601 	inode_lock(d_inode(dentry));
1602 	spin_lock(&configfs_dirent_lock);
1603 	list_del_init(&cursor->s_sibling);
1604 	spin_unlock(&configfs_dirent_lock);
1605 	inode_unlock(d_inode(dentry));
1606 
1607 	release_configfs_dirent(cursor);
1608 
1609 	return 0;
1610 }
1611 
1612 static int configfs_readdir(struct file *file, struct dir_context *ctx)
1613 {
1614 	struct dentry *dentry = file->f_path.dentry;
1615 	struct super_block *sb = dentry->d_sb;
1616 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1617 	struct configfs_dirent *cursor = file->private_data;
1618 	struct list_head *p, *q = &cursor->s_sibling;
1619 	ino_t ino = 0;
1620 
1621 	if (!dir_emit_dots(file, ctx))
1622 		return 0;
1623 	spin_lock(&configfs_dirent_lock);
1624 	if (ctx->pos == 2)
1625 		list_move(q, &parent_sd->s_children);
1626 	for (p = q->next; p != &parent_sd->s_children; p = p->next) {
1627 		struct configfs_dirent *next;
1628 		const char *name;
1629 		int len;
1630 		struct inode *inode = NULL;
1631 
1632 		next = list_entry(p, struct configfs_dirent, s_sibling);
1633 		if (!next->s_element)
1634 			continue;
1635 
1636 		/*
1637 		 * We'll have a dentry and an inode for
1638 		 * PINNED items and for open attribute
1639 		 * files.  We lock here to prevent a race
1640 		 * with configfs_d_iput() clearing
1641 		 * s_dentry before calling iput().
1642 		 *
1643 		 * Why do we go to the trouble?  If
1644 		 * someone has an attribute file open,
1645 		 * the inode number should match until
1646 		 * they close it.  Beyond that, we don't
1647 		 * care.
1648 		 */
1649 		dentry = next->s_dentry;
1650 		if (dentry)
1651 			inode = d_inode(dentry);
1652 		if (inode)
1653 			ino = inode->i_ino;
1654 		spin_unlock(&configfs_dirent_lock);
1655 		if (!inode)
1656 			ino = iunique(sb, 2);
1657 
1658 		name = configfs_get_name(next);
1659 		len = strlen(name);
1660 
1661 		if (!dir_emit(ctx, name, len, ino,
1662 			      fs_umode_to_dtype(next->s_mode)))
1663 			return 0;
1664 
1665 		spin_lock(&configfs_dirent_lock);
1666 		list_move(q, p);
1667 		p = q;
1668 		ctx->pos++;
1669 	}
1670 	spin_unlock(&configfs_dirent_lock);
1671 	return 0;
1672 }
1673 
1674 static loff_t configfs_dir_lseek(struct file *file, loff_t offset, int whence)
1675 {
1676 	struct dentry * dentry = file->f_path.dentry;
1677 
1678 	switch (whence) {
1679 		case 1:
1680 			offset += file->f_pos;
1681 			fallthrough;
1682 		case 0:
1683 			if (offset >= 0)
1684 				break;
1685 			fallthrough;
1686 		default:
1687 			return -EINVAL;
1688 	}
1689 	if (offset != file->f_pos) {
1690 		file->f_pos = offset;
1691 		if (file->f_pos >= 2) {
1692 			struct configfs_dirent *sd = dentry->d_fsdata;
1693 			struct configfs_dirent *cursor = file->private_data;
1694 			struct list_head *p;
1695 			loff_t n = file->f_pos - 2;
1696 
1697 			spin_lock(&configfs_dirent_lock);
1698 			list_del(&cursor->s_sibling);
1699 			p = sd->s_children.next;
1700 			while (n && p != &sd->s_children) {
1701 				struct configfs_dirent *next;
1702 				next = list_entry(p, struct configfs_dirent,
1703 						   s_sibling);
1704 				if (next->s_element)
1705 					n--;
1706 				p = p->next;
1707 			}
1708 			list_add_tail(&cursor->s_sibling, p);
1709 			spin_unlock(&configfs_dirent_lock);
1710 		}
1711 	}
1712 	return offset;
1713 }
1714 
1715 const struct file_operations configfs_dir_operations = {
1716 	.open		= configfs_dir_open,
1717 	.release	= configfs_dir_close,
1718 	.llseek		= configfs_dir_lseek,
1719 	.read		= generic_read_dir,
1720 	.iterate_shared	= configfs_readdir,
1721 };
1722 
1723 /**
1724  * configfs_register_group - creates a parent-child relation between two groups
1725  * @parent_group:	parent group
1726  * @group:		child group
1727  *
1728  * link groups, creates dentry for the child and attaches it to the
1729  * parent dentry.
1730  *
1731  * Return: 0 on success, negative errno code on error
1732  */
1733 int configfs_register_group(struct config_group *parent_group,
1734 			    struct config_group *group)
1735 {
1736 	struct configfs_subsystem *subsys = parent_group->cg_subsys;
1737 	struct dentry *parent;
1738 	struct configfs_fragment *frag;
1739 	int ret;
1740 
1741 	frag = new_fragment();
1742 	if (!frag)
1743 		return -ENOMEM;
1744 
1745 	mutex_lock(&subsys->su_mutex);
1746 	link_group(parent_group, group);
1747 	mutex_unlock(&subsys->su_mutex);
1748 
1749 	parent = parent_group->cg_item.ci_dentry;
1750 
1751 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1752 	ret = create_default_group(parent_group, group, frag);
1753 	if (ret)
1754 		goto err_out;
1755 
1756 	spin_lock(&configfs_dirent_lock);
1757 	configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
1758 	spin_unlock(&configfs_dirent_lock);
1759 	inode_unlock(d_inode(parent));
1760 	put_fragment(frag);
1761 	return 0;
1762 err_out:
1763 	inode_unlock(d_inode(parent));
1764 	mutex_lock(&subsys->su_mutex);
1765 	unlink_group(group);
1766 	mutex_unlock(&subsys->su_mutex);
1767 	put_fragment(frag);
1768 	return ret;
1769 }
1770 EXPORT_SYMBOL(configfs_register_group);
1771 
1772 /**
1773  * configfs_unregister_group() - unregisters a child group from its parent
1774  * @group: parent group to be unregistered
1775  *
1776  * Undoes configfs_register_group()
1777  */
1778 void configfs_unregister_group(struct config_group *group)
1779 {
1780 	struct configfs_subsystem *subsys = group->cg_subsys;
1781 	struct dentry *dentry = group->cg_item.ci_dentry;
1782 	struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
1783 	struct configfs_dirent *sd = dentry->d_fsdata;
1784 	struct configfs_fragment *frag = sd->s_frag;
1785 
1786 	down_write(&frag->frag_sem);
1787 	frag->frag_dead = true;
1788 	up_write(&frag->frag_sem);
1789 
1790 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1791 	spin_lock(&configfs_dirent_lock);
1792 	configfs_detach_prep(dentry, NULL);
1793 	spin_unlock(&configfs_dirent_lock);
1794 
1795 	configfs_detach_group(&group->cg_item);
1796 	d_inode(dentry)->i_flags |= S_DEAD;
1797 	dont_mount(dentry);
1798 	d_drop(dentry);
1799 	fsnotify_rmdir(d_inode(parent), dentry);
1800 	inode_unlock(d_inode(parent));
1801 
1802 	dput(dentry);
1803 
1804 	mutex_lock(&subsys->su_mutex);
1805 	unlink_group(group);
1806 	mutex_unlock(&subsys->su_mutex);
1807 }
1808 EXPORT_SYMBOL(configfs_unregister_group);
1809 
1810 /**
1811  * configfs_register_default_group() - allocates and registers a child group
1812  * @parent_group:	parent group
1813  * @name:		child group name
1814  * @item_type:		child item type description
1815  *
1816  * boilerplate to allocate and register a child group with its parent. We need
1817  * kzalloc'ed memory because child's default_group is initially empty.
1818  *
1819  * Return: allocated config group or ERR_PTR() on error
1820  */
1821 struct config_group *
1822 configfs_register_default_group(struct config_group *parent_group,
1823 				const char *name,
1824 				const struct config_item_type *item_type)
1825 {
1826 	int ret;
1827 	struct config_group *group;
1828 
1829 	group = kzalloc(sizeof(*group), GFP_KERNEL);
1830 	if (!group)
1831 		return ERR_PTR(-ENOMEM);
1832 	config_group_init_type_name(group, name, item_type);
1833 
1834 	ret = configfs_register_group(parent_group, group);
1835 	if (ret) {
1836 		kfree(group);
1837 		return ERR_PTR(ret);
1838 	}
1839 	return group;
1840 }
1841 EXPORT_SYMBOL(configfs_register_default_group);
1842 
1843 /**
1844  * configfs_unregister_default_group() - unregisters and frees a child group
1845  * @group:	the group to act on
1846  */
1847 void configfs_unregister_default_group(struct config_group *group)
1848 {
1849 	configfs_unregister_group(group);
1850 	kfree(group);
1851 }
1852 EXPORT_SYMBOL(configfs_unregister_default_group);
1853 
1854 int configfs_register_subsystem(struct configfs_subsystem *subsys)
1855 {
1856 	int err;
1857 	struct config_group *group = &subsys->su_group;
1858 	struct dentry *dentry;
1859 	struct dentry *root;
1860 	struct configfs_dirent *sd;
1861 	struct configfs_fragment *frag;
1862 
1863 	frag = new_fragment();
1864 	if (!frag)
1865 		return -ENOMEM;
1866 
1867 	root = configfs_pin_fs();
1868 	if (IS_ERR(root)) {
1869 		put_fragment(frag);
1870 		return PTR_ERR(root);
1871 	}
1872 
1873 	if (!group->cg_item.ci_name)
1874 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
1875 
1876 	sd = root->d_fsdata;
1877 	mutex_lock(&configfs_subsystem_mutex);
1878 	link_group(to_config_group(sd->s_element), group);
1879 	mutex_unlock(&configfs_subsystem_mutex);
1880 
1881 	inode_lock_nested(d_inode(root), I_MUTEX_PARENT);
1882 
1883 	err = -ENOMEM;
1884 	dentry = d_alloc_name(root, group->cg_item.ci_name);
1885 	if (dentry) {
1886 		d_add(dentry, NULL);
1887 
1888 		err = configfs_attach_group(sd->s_element, &group->cg_item,
1889 					    dentry, frag);
1890 		if (err) {
1891 			BUG_ON(d_inode(dentry));
1892 			d_drop(dentry);
1893 			dput(dentry);
1894 		} else {
1895 			spin_lock(&configfs_dirent_lock);
1896 			configfs_dir_set_ready(dentry->d_fsdata);
1897 			spin_unlock(&configfs_dirent_lock);
1898 		}
1899 	}
1900 
1901 	inode_unlock(d_inode(root));
1902 
1903 	if (err) {
1904 		mutex_lock(&configfs_subsystem_mutex);
1905 		unlink_group(group);
1906 		mutex_unlock(&configfs_subsystem_mutex);
1907 		configfs_release_fs();
1908 	}
1909 	put_fragment(frag);
1910 
1911 	return err;
1912 }
1913 
1914 void configfs_unregister_subsystem(struct configfs_subsystem *subsys)
1915 {
1916 	struct config_group *group = &subsys->su_group;
1917 	struct dentry *dentry = group->cg_item.ci_dentry;
1918 	struct dentry *root = dentry->d_sb->s_root;
1919 	struct configfs_dirent *sd = dentry->d_fsdata;
1920 	struct configfs_fragment *frag = sd->s_frag;
1921 
1922 	if (dentry->d_parent != root) {
1923 		pr_err("Tried to unregister non-subsystem!\n");
1924 		return;
1925 	}
1926 
1927 	down_write(&frag->frag_sem);
1928 	frag->frag_dead = true;
1929 	up_write(&frag->frag_sem);
1930 
1931 	inode_lock_nested(d_inode(root),
1932 			  I_MUTEX_PARENT);
1933 	inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
1934 	mutex_lock(&configfs_symlink_mutex);
1935 	spin_lock(&configfs_dirent_lock);
1936 	if (configfs_detach_prep(dentry, NULL)) {
1937 		pr_err("Tried to unregister non-empty subsystem!\n");
1938 	}
1939 	spin_unlock(&configfs_dirent_lock);
1940 	mutex_unlock(&configfs_symlink_mutex);
1941 	configfs_detach_group(&group->cg_item);
1942 	d_inode(dentry)->i_flags |= S_DEAD;
1943 	dont_mount(dentry);
1944 	inode_unlock(d_inode(dentry));
1945 
1946 	d_drop(dentry);
1947 	fsnotify_rmdir(d_inode(root), dentry);
1948 
1949 	inode_unlock(d_inode(root));
1950 
1951 	dput(dentry);
1952 
1953 	mutex_lock(&configfs_subsystem_mutex);
1954 	unlink_group(group);
1955 	mutex_unlock(&configfs_subsystem_mutex);
1956 	configfs_release_fs();
1957 }
1958 
1959 EXPORT_SYMBOL(configfs_register_subsystem);
1960 EXPORT_SYMBOL(configfs_unregister_subsystem);
1961