/* global disable flag, for security purposes */ staticbool devcd_disabled;
struct devcd_entry { struct device devcd_dev; void *data;
size_t datalen; /* * There are 2 races for which mutex is required. * * The first race is between device creation and userspace writing to * schedule immediately destruction. * * This race is handled by arming the timer before device creation, but * when device creation fails the timer still exists. * * To solve this, hold the mutex during device_add(), and set * init_completed on success before releasing the mutex. * * That way the timer will never fire until device_add() is called, * it will do nothing if init_completed is not set. The timer is also * cancelled in that case. * * The second race involves multiple parallel invocations of devcd_free(), * add a deleted flag so only 1 can call the destructor.
*/ struct mutex mutex; bool init_completed, deleted; struct module *owner;
ssize_t (*read)(char *buffer, loff_t offset, size_t count, void *data, size_t datalen); void (*free)(void *data); /* * If nothing interferes and device_add() was returns success, * del_wk will destroy the device after the timer fires. * * Multiple userspace processes can interfere in the working of the timer: * - Writing to the coredump will reschedule the timer to run immediately, * if still armed. * * This is handled by using "if (cancel_delayed_work()) { * schedule_delayed_work() }", to prevent re-arming after having * been previously fired. * - Writing to /sys/class/devcoredump/disabled will destroy the * coredump synchronously. * This is handled by using disable_delayed_work_sync(), and then * checking if deleted flag is set with &devcd->mutex held.
*/ struct delayed_work del_wk; struct device *failing_dev;
};
/* * this seems racy, but I don't see a notifier or such on * a struct device to know when it goes away?
*/ if (devcd->failing_dev->kobj.sd)
sysfs_delete_link(&devcd->failing_dev->kobj, &dev->kobj, "devcoredump");
/* * Although it's tempting to use mod_delayed work here, * that will cause a reschedule if the timer already fired.
*/ if (cancel_delayed_work(&devcd->del_wk))
schedule_delayed_work(&devcd->del_wk, 0);
/* * To prevent a race with devcd_data_write(), disable work and * complete manually instead. * * We cannot rely on the return value of * disable_delayed_work_sync() here, because it might be in the * middle of a cancel_delayed_work + schedule_delayed_work pair. * * devcd->mutex here guards against multiple parallel invocations * of devcd_free().
*/
disable_delayed_work_sync(&devcd->del_wk);
mutex_lock(&devcd->mutex); if (!devcd->deleted)
__devcd_del(devcd);
mutex_unlock(&devcd->mutex); return 0;
}
/* * * disabled_store() worker() * class_for_each_device(&devcd_class, * NULL, NULL, devcd_free) * ... * ... * while ((dev = class_dev_iter_next(&iter)) * devcd_del() * device_del() * put_device() <- last reference * error = fn(dev, data) devcd_dev_release() * devcd_free(dev, data) kfree(devcd) * * * In the above diagram, it looks like disabled_store() would be racing with parallelly * running devcd_del() and result in memory abort after dropping its last reference with * put_device(). However, this will not happens as fn(dev, data) runs * with its own reference to device via klist_node so it is not its last reference. * so, above situation would not occur.
*/
/* * This essentially makes the attribute write-once, since you can't * go back to not having it disabled. This is intentional, it serves * as a system lockdown feature.
*/ if (tmp != 1) return -EINVAL;
/** * dev_coredumpv - create device coredump with vmalloc data * @dev: the struct device for the crashed device * @data: vmalloc data containing the device coredump * @datalen: length of the data * @gfp: allocation flags * * This function takes ownership of the vmalloc'ed data and will free * it when it is no longer used. See dev_coredumpm() for more information.
*/ void dev_coredumpv(struct device *dev, void *data, size_t datalen,
gfp_t gfp)
{
dev_coredumpm(dev, NULL, data, datalen, gfp, devcd_readv, devcd_freev);
}
EXPORT_SYMBOL_GPL(dev_coredumpv);
/** * devcd_free_sgtable - free all the memory of the given scatterlist table * (i.e. both pages and scatterlist instances) * NOTE: if two tables allocated with devcd_alloc_sgtable and then chained * using the sg_chain function then that function should be called only once * on the chained table * @data: pointer to sg_table to free
*/ staticvoid devcd_free_sgtable(void *data)
{
_devcd_free_sgtable(data);
}
/** * devcd_read_from_sgtable - copy data from sg_table to a given buffer * and return the number of bytes read * @buffer: the buffer to copy the data to it * @buf_len: the length of the buffer * @data: the scatterlist table to copy from * @offset: start copy from @offset@ bytes from the head of the data * in the given scatterlist * @data_len: the length of the data in the sg_table * * Returns: the number of bytes copied
*/ static ssize_t devcd_read_from_sgtable(char *buffer, loff_t offset,
size_t buf_len, void *data,
size_t data_len)
{ struct scatterlist *table = data;
/** * dev_coredump_put - remove device coredump * @dev: the struct device for the crashed device * * dev_coredump_put() removes coredump, if exists, for a given device from * the file system and free its associated data otherwise, does nothing. * * It is useful for modules that do not want to keep coredump * available after its unload.
*/ void dev_coredump_put(struct device *dev)
{ struct device *existing;
/** * dev_coredumpm_timeout - create device coredump with read/free methods with a * custom timeout. * @dev: the struct device for the crashed device * @owner: the module that contains the read/free functions, use %THIS_MODULE * @data: data cookie for the @read/@free functions * @datalen: length of the data * @gfp: allocation flags * @read: function to read from the given buffer * @free: function to free the given buffer * @timeout: time in jiffies to remove coredump * * Creates a new device coredump for the given device. If a previous one hasn't * been read yet, the new coredump is discarded. The data lifetime is determined * by the device coredump framework and when it is no longer needed the @free * function will be called to free the data.
*/ void dev_coredumpm_timeout(struct device *dev, struct module *owner, void *data, size_t datalen, gfp_t gfp,
ssize_t (*read)(char *buffer, loff_t offset,
size_t count, void *data,
size_t datalen), void (*free)(void *data), unsignedlong timeout)
{ static atomic_t devcd_count = ATOMIC_INIT(0); struct devcd_entry *devcd; struct device *existing;
if (device_add(&devcd->devcd_dev)) goto put_device;
/* * These should normally not fail, but there is no problem * continuing without the links, so just warn instead of * failing.
*/ if (sysfs_create_link(&devcd->devcd_dev.kobj, &dev->kobj, "failing_device") ||
sysfs_create_link(&dev->kobj, &devcd->devcd_dev.kobj, "devcoredump"))
dev_warn(dev, "devcoredump create_link failed\n");
/* * Safe to run devcd_del() now that we are done with devcd_dev. * Alternatively we could have taken a ref on devcd_dev before * dropping the lock.
*/
devcd->init_completed = true;
mutex_unlock(&devcd->mutex); return;
put_device:
mutex_unlock(&devcd->mutex);
cancel_delayed_work_sync(&devcd->del_wk);
put_device(&devcd->devcd_dev);
/** * dev_coredumpsg - create device coredump that uses scatterlist as data * parameter * @dev: the struct device for the crashed device * @table: the dump data * @datalen: length of the data * @gfp: allocation flags * * Creates a new device coredump for the given device. If a previous one hasn't * been read yet, the new coredump is discarded. The data lifetime is determined * by the device coredump framework and when it is no longer needed * it will free the data.
*/ void dev_coredumpsg(struct device *dev, struct scatterlist *table,
size_t datalen, gfp_t gfp)
{
dev_coredumpm(dev, NULL, table, datalen, gfp, devcd_read_from_sgtable,
devcd_free_sgtable);
}
EXPORT_SYMBOL_GPL(dev_coredumpsg);
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
