1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/super.c
4 *
5 * Copyright (C) 1991, 1992 Linus Torvalds
6 *
7 * super.c contains code to handle: - mount structures
8 * - super-block tables
9 * - filesystem drivers list
10 * - mount system call
11 * - umount system call
12 * - ustat system call
13 *
14 * GK 2/5/95 - Changed to support mounting the root fs via NFS
15 *
16 * Added kerneld support: Jacques Gelinas and Bjorn Ekwall
17 * Added change_root: Werner Almesberger & Hans Lermen, Feb '96
18 * Added options to /proc/mounts:
19 * Torbjörn Lindh (torbjorn.lindh@gopta.se), April 14, 1996.
20 * Added devfs support: Richard Gooch <rgooch@atnf.csiro.au>, 13-JAN-1998
21 * Heavily rewritten for 'one fs - one tree' dcache architecture. AV, Mar 2000
22 */
23
24#include <linux/export.h>
25#include <linux/slab.h>
26#include <linux/blkdev.h>
27#include <linux/mount.h>
28#include <linux/security.h>
29#include <linux/writeback.h> /* for the emergency remount stuff */
30#include <linux/idr.h>
31#include <linux/mutex.h>
32#include <linux/backing-dev.h>
33#include <linux/rculist_bl.h>
34#include <linux/fscrypt.h>
35#include <linux/fsnotify.h>
36#include <linux/lockdep.h>
37#include <linux/user_namespace.h>
38#include <linux/fs_context.h>
39#include <uapi/linux/mount.h>
40#include "internal.h"
41
42static int thaw_super_locked(struct super_block *sb, enum freeze_holder who,
43 const void *freeze_owner);
44
45static LIST_HEAD(super_blocks);
46static DEFINE_SPINLOCK(sb_lock);
47
48static char *sb_writers_name[SB_FREEZE_LEVELS] = {
49 "sb_writers",
50 "sb_pagefaults",
51 "sb_internal",
52};
53
54static inline void __super_lock(struct super_block *sb, bool excl)
55{
56 if (excl)
57 down_write(sem: &sb->s_umount);
58 else
59 down_read(sem: &sb->s_umount);
60}
61
62static inline void super_unlock(struct super_block *sb, bool excl)
63{
64 if (excl)
65 up_write(sem: &sb->s_umount);
66 else
67 up_read(sem: &sb->s_umount);
68}
69
70static inline void __super_lock_excl(struct super_block *sb)
71{
72 __super_lock(sb, excl: true);
73}
74
75static inline void super_unlock_excl(struct super_block *sb)
76{
77 super_unlock(sb, excl: true);
78}
79
80static inline void super_unlock_shared(struct super_block *sb)
81{
82 super_unlock(sb, excl: false);
83}
84
85static bool super_flags(const struct super_block *sb, unsigned int flags)
86{
87 /*
88 * Pairs with smp_store_release() in super_wake() and ensures
89 * that we see @flags after we're woken.
90 */
91 return smp_load_acquire(&sb->s_flags) & flags;
92}
93
94/**
95 * super_lock - wait for superblock to become ready and lock it
96 * @sb: superblock to wait for
97 * @excl: whether exclusive access is required
98 *
99 * If the superblock has neither passed through vfs_get_tree() or
100 * generic_shutdown_super() yet wait for it to happen. Either superblock
101 * creation will succeed and SB_BORN is set by vfs_get_tree() or we're
102 * woken and we'll see SB_DYING.
103 *
104 * The caller must have acquired a temporary reference on @sb->s_count.
105 *
106 * Return: The function returns true if SB_BORN was set and with
107 * s_umount held. The function returns false if SB_DYING was
108 * set and without s_umount held.
109 */
110static __must_check bool super_lock(struct super_block *sb, bool excl)
111{
112 lockdep_assert_not_held(&sb->s_umount);
113
114 /* wait until the superblock is ready or dying */
115 wait_var_event(&sb->s_flags, super_flags(sb, SB_BORN | SB_DYING));
116
117 /* Don't pointlessly acquire s_umount. */
118 if (super_flags(sb, SB_DYING))
119 return false;
120
121 __super_lock(sb, excl);
122
123 /*
124 * Has gone through generic_shutdown_super() in the meantime.
125 * @sb->s_root is NULL and @sb->s_active is 0. No one needs to
126 * grab a reference to this. Tell them so.
127 */
128 if (sb->s_flags & SB_DYING) {
129 super_unlock(sb, excl);
130 return false;
131 }
132
133 WARN_ON_ONCE(!(sb->s_flags & SB_BORN));
134 return true;
135}
136
137/* wait and try to acquire read-side of @sb->s_umount */
138static inline bool super_lock_shared(struct super_block *sb)
139{
140 return super_lock(sb, excl: false);
141}
142
143/* wait and try to acquire write-side of @sb->s_umount */
144static inline bool super_lock_excl(struct super_block *sb)
145{
146 return super_lock(sb, excl: true);
147}
148
149/* wake waiters */
150#define SUPER_WAKE_FLAGS (SB_BORN | SB_DYING | SB_DEAD)
151static void super_wake(struct super_block *sb, unsigned int flag)
152{
153 WARN_ON_ONCE((flag & ~SUPER_WAKE_FLAGS));
154 WARN_ON_ONCE(hweight32(flag & SUPER_WAKE_FLAGS) > 1);
155
156 /*
157 * Pairs with smp_load_acquire() in super_lock() to make sure
158 * all initializations in the superblock are seen by the user
159 * seeing SB_BORN sent.
160 */
161 smp_store_release(&sb->s_flags, sb->s_flags | flag);
162 /*
163 * Pairs with the barrier in prepare_to_wait_event() to make sure
164 * ___wait_var_event() either sees SB_BORN set or
165 * waitqueue_active() check in wake_up_var() sees the waiter.
166 */
167 smp_mb();
168 wake_up_var(var: &sb->s_flags);
169}
170
171/*
172 * One thing we have to be careful of with a per-sb shrinker is that we don't
173 * drop the last active reference to the superblock from within the shrinker.
174 * If that happens we could trigger unregistering the shrinker from within the
175 * shrinker path and that leads to deadlock on the shrinker_mutex. Hence we
176 * take a passive reference to the superblock to avoid this from occurring.
177 */
178static unsigned long super_cache_scan(struct shrinker *shrink,
179 struct shrink_control *sc)
180{
181 struct super_block *sb;
182 long fs_objects = 0;
183 long total_objects;
184 long freed = 0;
185 long dentries;
186 long inodes;
187
188 sb = shrink->private_data;
189
190 /*
191 * Deadlock avoidance. We may hold various FS locks, and we don't want
192 * to recurse into the FS that called us in clear_inode() and friends..
193 */
194 if (!(sc->gfp_mask & __GFP_FS))
195 return SHRINK_STOP;
196
197 if (!super_trylock_shared(sb))
198 return SHRINK_STOP;
199
200 if (sb->s_op->nr_cached_objects)
201 fs_objects = sb->s_op->nr_cached_objects(sb, sc);
202
203 inodes = list_lru_shrink_count(lru: &sb->s_inode_lru, sc);
204 dentries = list_lru_shrink_count(lru: &sb->s_dentry_lru, sc);
205 total_objects = dentries + inodes + fs_objects;
206 if (!total_objects)
207 total_objects = 1;
208
209 /* proportion the scan between the caches */
210 dentries = mult_frac(sc->nr_to_scan, dentries, total_objects);
211 inodes = mult_frac(sc->nr_to_scan, inodes, total_objects);
212 fs_objects = mult_frac(sc->nr_to_scan, fs_objects, total_objects);
213
214 /*
215 * prune the dcache first as the icache is pinned by it, then
216 * prune the icache, followed by the filesystem specific caches
217 *
218 * Ensure that we always scan at least one object - memcg kmem
219 * accounting uses this to fully empty the caches.
220 */
221 sc->nr_to_scan = dentries + 1;
222 freed = prune_dcache_sb(sb, sc);
223 sc->nr_to_scan = inodes + 1;
224 freed += prune_icache_sb(sb, sc);
225
226 if (fs_objects) {
227 sc->nr_to_scan = fs_objects + 1;
228 freed += sb->s_op->free_cached_objects(sb, sc);
229 }
230
231 super_unlock_shared(sb);
232 return freed;
233}
234
235static unsigned long super_cache_count(struct shrinker *shrink,
236 struct shrink_control *sc)
237{
238 struct super_block *sb;
239 long total_objects = 0;
240
241 sb = shrink->private_data;
242
243 /*
244 * We don't call super_trylock_shared() here as it is a scalability
245 * bottleneck, so we're exposed to partial setup state. The shrinker
246 * rwsem does not protect filesystem operations backing
247 * list_lru_shrink_count() or s_op->nr_cached_objects(). Counts can
248 * change between super_cache_count and super_cache_scan, so we really
249 * don't need locks here.
250 *
251 * However, if we are currently mounting the superblock, the underlying
252 * filesystem might be in a state of partial construction and hence it
253 * is dangerous to access it. super_trylock_shared() uses a SB_BORN check
254 * to avoid this situation, so do the same here. The memory barrier is
255 * matched with the one in mount_fs() as we don't hold locks here.
256 */
257 if (!(sb->s_flags & SB_BORN))
258 return 0;
259 smp_rmb();
260
261 if (sb->s_op && sb->s_op->nr_cached_objects)
262 total_objects = sb->s_op->nr_cached_objects(sb, sc);
263
264 total_objects += list_lru_shrink_count(lru: &sb->s_dentry_lru, sc);
265 total_objects += list_lru_shrink_count(lru: &sb->s_inode_lru, sc);
266
267 if (!total_objects)
268 return SHRINK_EMPTY;
269
270 total_objects = vfs_pressure_ratio(val: total_objects);
271 return total_objects;
272}
273
274static void destroy_super_work(struct work_struct *work)
275{
276 struct super_block *s = container_of(work, struct super_block,
277 destroy_work);
278 fsnotify_sb_free(sb: s);
279 security_sb_free(sb: s);
280 put_user_ns(ns: s->s_user_ns);
281 kfree(objp: s->s_subtype);
282 for (int i = 0; i < SB_FREEZE_LEVELS; i++)
283 percpu_free_rwsem(&s->s_writers.rw_sem[i]);
284 kfree(objp: s);
285}
286
287static void destroy_super_rcu(struct rcu_head *head)
288{
289 struct super_block *s = container_of(head, struct super_block, rcu);
290 INIT_WORK(&s->destroy_work, destroy_super_work);
291 schedule_work(work: &s->destroy_work);
292}
293
294/* Free a superblock that has never been seen by anyone */
295static void destroy_unused_super(struct super_block *s)
296{
297 if (!s)
298 return;
299 super_unlock_excl(sb: s);
300 list_lru_destroy(lru: &s->s_dentry_lru);
301 list_lru_destroy(lru: &s->s_inode_lru);
302 shrinker_free(shrinker: s->s_shrink);
303 /* no delays needed */
304 destroy_super_work(work: &s->destroy_work);
305}
306
307/**
308 * alloc_super - create new superblock
309 * @type: filesystem type superblock should belong to
310 * @flags: the mount flags
311 * @user_ns: User namespace for the super_block
312 *
313 * Allocates and initializes a new &struct super_block. alloc_super()
314 * returns a pointer new superblock or %NULL if allocation had failed.
315 */
316static struct super_block *alloc_super(struct file_system_type *type, int flags,
317 struct user_namespace *user_ns)
318{
319 struct super_block *s = kzalloc(sizeof(struct super_block), GFP_KERNEL);
320 static const struct super_operations default_op;
321 int i;
322
323 if (!s)
324 return NULL;
325
326 INIT_LIST_HEAD(list: &s->s_mounts);
327 s->s_user_ns = get_user_ns(ns: user_ns);
328 init_rwsem(&s->s_umount);
329 lockdep_set_class(&s->s_umount, &type->s_umount_key);
330 /*
331 * sget() can have s_umount recursion.
332 *
333 * When it cannot find a suitable sb, it allocates a new
334 * one (this one), and tries again to find a suitable old
335 * one.
336 *
337 * In case that succeeds, it will acquire the s_umount
338 * lock of the old one. Since these are clearly distrinct
339 * locks, and this object isn't exposed yet, there's no
340 * risk of deadlocks.
341 *
342 * Annotate this by putting this lock in a different
343 * subclass.
344 */
345 down_write_nested(sem: &s->s_umount, SINGLE_DEPTH_NESTING);
346
347 if (security_sb_alloc(sb: s))
348 goto fail;
349
350 for (i = 0; i < SB_FREEZE_LEVELS; i++) {
351 if (__percpu_init_rwsem(&s->s_writers.rw_sem[i],
352 sb_writers_name[i],
353 &type->s_writers_key[i]))
354 goto fail;
355 }
356 s->s_bdi = &noop_backing_dev_info;
357 s->s_flags = flags;
358 if (s->s_user_ns != &init_user_ns)
359 s->s_iflags |= SB_I_NODEV;
360 INIT_HLIST_NODE(h: &s->s_instances);
361 INIT_HLIST_BL_HEAD(&s->s_roots);
362 mutex_init(&s->s_sync_lock);
363 INIT_LIST_HEAD(list: &s->s_inodes);
364 spin_lock_init(&s->s_inode_list_lock);
365 INIT_LIST_HEAD(list: &s->s_inodes_wb);
366 spin_lock_init(&s->s_inode_wblist_lock);
367
368 s->s_count = 1;
369 atomic_set(v: &s->s_active, i: 1);
370 mutex_init(&s->s_vfs_rename_mutex);
371 lockdep_set_class(&s->s_vfs_rename_mutex, &type->s_vfs_rename_key);
372 init_rwsem(&s->s_dquot.dqio_sem);
373 s->s_maxbytes = MAX_NON_LFS;
374 s->s_op = &default_op;
375 s->s_time_gran = 1000000000;
376 s->s_time_min = TIME64_MIN;
377 s->s_time_max = TIME64_MAX;
378
379 s->s_shrink = shrinker_alloc(SHRINKER_NUMA_AWARE | SHRINKER_MEMCG_AWARE,
380 fmt: "sb-%s", type->name);
381 if (!s->s_shrink)
382 goto fail;
383
384 s->s_shrink->scan_objects = super_cache_scan;
385 s->s_shrink->count_objects = super_cache_count;
386 s->s_shrink->batch = 1024;
387 s->s_shrink->private_data = s;
388
389 if (list_lru_init_memcg(&s->s_dentry_lru, s->s_shrink))
390 goto fail;
391 if (list_lru_init_memcg(&s->s_inode_lru, s->s_shrink))
392 goto fail;
393 return s;
394
395fail:
396 destroy_unused_super(s);
397 return NULL;
398}
399
400/* Superblock refcounting */
401
402/*
403 * Drop a superblock's refcount. The caller must hold sb_lock.
404 */
405static void __put_super(struct super_block *s)
406{
407 if (!--s->s_count) {
408 list_del_init(entry: &s->s_list);
409 WARN_ON(s->s_dentry_lru.node);
410 WARN_ON(s->s_inode_lru.node);
411 WARN_ON(!list_empty(&s->s_mounts));
412 call_rcu(head: &s->rcu, func: destroy_super_rcu);
413 }
414}
415
416/**
417 * put_super - drop a temporary reference to superblock
418 * @sb: superblock in question
419 *
420 * Drops a temporary reference, frees superblock if there's no
421 * references left.
422 */
423void put_super(struct super_block *sb)
424{
425 spin_lock(lock: &sb_lock);
426 __put_super(s: sb);
427 spin_unlock(lock: &sb_lock);
428}
429
430static void kill_super_notify(struct super_block *sb)
431{
432 lockdep_assert_not_held(&sb->s_umount);
433
434 /* already notified earlier */
435 if (sb->s_flags & SB_DEAD)
436 return;
437
438 /*
439 * Remove it from @fs_supers so it isn't found by new
440 * sget{_fc}() walkers anymore. Any concurrent mounter still
441 * managing to grab a temporary reference is guaranteed to
442 * already see SB_DYING and will wait until we notify them about
443 * SB_DEAD.
444 */
445 spin_lock(lock: &sb_lock);
446 hlist_del_init(n: &sb->s_instances);
447 spin_unlock(lock: &sb_lock);
448
449 /*
450 * Let concurrent mounts know that this thing is really dead.
451 * We don't need @sb->s_umount here as every concurrent caller
452 * will see SB_DYING and either discard the superblock or wait
453 * for SB_DEAD.
454 */
455 super_wake(sb, SB_DEAD);
456}
457
458/**
459 * deactivate_locked_super - drop an active reference to superblock
460 * @s: superblock to deactivate
461 *
462 * Drops an active reference to superblock, converting it into a temporary
463 * one if there is no other active references left. In that case we
464 * tell fs driver to shut it down and drop the temporary reference we
465 * had just acquired.
466 *
467 * Caller holds exclusive lock on superblock; that lock is released.
468 */
469void deactivate_locked_super(struct super_block *s)
470{
471 struct file_system_type *fs = s->s_type;
472 if (atomic_dec_and_test(v: &s->s_active)) {
473 shrinker_free(shrinker: s->s_shrink);
474 fs->kill_sb(s);
475
476 kill_super_notify(sb: s);
477
478 /*
479 * Since list_lru_destroy() may sleep, we cannot call it from
480 * put_super(), where we hold the sb_lock. Therefore we destroy
481 * the lru lists right now.
482 */
483 list_lru_destroy(lru: &s->s_dentry_lru);
484 list_lru_destroy(lru: &s->s_inode_lru);
485
486 put_filesystem(fs);
487 put_super(sb: s);
488 } else {
489 super_unlock_excl(sb: s);
490 }
491}
492
493EXPORT_SYMBOL(deactivate_locked_super);
494
495/**
496 * deactivate_super - drop an active reference to superblock
497 * @s: superblock to deactivate
498 *
499 * Variant of deactivate_locked_super(), except that superblock is *not*
500 * locked by caller. If we are going to drop the final active reference,
501 * lock will be acquired prior to that.
502 */
503void deactivate_super(struct super_block *s)
504{
505 if (!atomic_add_unless(v: &s->s_active, a: -1, u: 1)) {
506 __super_lock_excl(sb: s);
507 deactivate_locked_super(s);
508 }
509}
510
511EXPORT_SYMBOL(deactivate_super);
512
513/**
514 * grab_super - acquire an active reference to a superblock
515 * @sb: superblock to acquire
516 *
517 * Acquire a temporary reference on a superblock and try to trade it for
518 * an active reference. This is used in sget{_fc}() to wait for a
519 * superblock to either become SB_BORN or for it to pass through
520 * sb->kill() and be marked as SB_DEAD.
521 *
522 * Return: This returns true if an active reference could be acquired,
523 * false if not.
524 */
525static bool grab_super(struct super_block *sb)
526{
527 bool locked;
528
529 sb->s_count++;
530 spin_unlock(lock: &sb_lock);
531 locked = super_lock_excl(sb);
532 if (locked) {
533 if (atomic_inc_not_zero(v: &sb->s_active)) {
534 put_super(sb);
535 return true;
536 }
537 super_unlock_excl(sb);
538 }
539 wait_var_event(&sb->s_flags, super_flags(sb, SB_DEAD));
540 put_super(sb);
541 return false;
542}
543
544/*
545 * super_trylock_shared - try to grab ->s_umount shared
546 * @sb: reference we are trying to grab
547 *
548 * Try to prevent fs shutdown. This is used in places where we
549 * cannot take an active reference but we need to ensure that the
550 * filesystem is not shut down while we are working on it. It returns
551 * false if we cannot acquire s_umount or if we lose the race and
552 * filesystem already got into shutdown, and returns true with the s_umount
553 * lock held in read mode in case of success. On successful return,
554 * the caller must drop the s_umount lock when done.
555 *
556 * Note that unlike get_super() et.al. this one does *not* bump ->s_count.
557 * The reason why it's safe is that we are OK with doing trylock instead
558 * of down_read(). There's a couple of places that are OK with that, but
559 * it's very much not a general-purpose interface.
560 */
561bool super_trylock_shared(struct super_block *sb)
562{
563 if (down_read_trylock(sem: &sb->s_umount)) {
564 if (!(sb->s_flags & SB_DYING) && sb->s_root &&
565 (sb->s_flags & SB_BORN))
566 return true;
567 super_unlock_shared(sb);
568 }
569
570 return false;
571}
572
573/**
574 * retire_super - prevents superblock from being reused
575 * @sb: superblock to retire
576 *
577 * The function marks superblock to be ignored in superblock test, which
578 * prevents it from being reused for any new mounts. If the superblock has
579 * a private bdi, it also unregisters it, but doesn't reduce the refcount
580 * of the superblock to prevent potential races. The refcount is reduced
581 * by generic_shutdown_super(). The function can not be called
582 * concurrently with generic_shutdown_super(). It is safe to call the
583 * function multiple times, subsequent calls have no effect.
584 *
585 * The marker will affect the re-use only for block-device-based
586 * superblocks. Other superblocks will still get marked if this function
587 * is used, but that will not affect their reusability.
588 */
589void retire_super(struct super_block *sb)
590{
591 WARN_ON(!sb->s_bdev);
592 __super_lock_excl(sb);
593 if (sb->s_iflags & SB_I_PERSB_BDI) {
594 bdi_unregister(bdi: sb->s_bdi);
595 sb->s_iflags &= ~SB_I_PERSB_BDI;
596 }
597 sb->s_iflags |= SB_I_RETIRED;
598 super_unlock_excl(sb);
599}
600EXPORT_SYMBOL(retire_super);
601
602/**
603 * generic_shutdown_super - common helper for ->kill_sb()
604 * @sb: superblock to kill
605 *
606 * generic_shutdown_super() does all fs-independent work on superblock
607 * shutdown. Typical ->kill_sb() should pick all fs-specific objects
608 * that need destruction out of superblock, call generic_shutdown_super()
609 * and release aforementioned objects. Note: dentries and inodes _are_
610 * taken care of and do not need specific handling.
611 *
612 * Upon calling this function, the filesystem may no longer alter or
613 * rearrange the set of dentries belonging to this super_block, nor may it
614 * change the attachments of dentries to inodes.
615 */
616void generic_shutdown_super(struct super_block *sb)
617{
618 const struct super_operations *sop = sb->s_op;
619
620 if (sb->s_root) {
621 shrink_dcache_for_umount(sb);
622 sync_filesystem(sb);
623 sb->s_flags &= ~SB_ACTIVE;
624
625 cgroup_writeback_umount(sb);
626
627 /* Evict all inodes with zero refcount. */
628 evict_inodes(sb);
629
630 /*
631 * Clean up and evict any inodes that still have references due
632 * to fsnotify or the security policy.
633 */
634 fsnotify_sb_delete(sb);
635 security_sb_delete(sb);
636
637 if (sb->s_dio_done_wq) {
638 destroy_workqueue(wq: sb->s_dio_done_wq);
639 sb->s_dio_done_wq = NULL;
640 }
641
642 if (sop->put_super)
643 sop->put_super(sb);
644
645 /*
646 * Now that all potentially-encrypted inodes have been evicted,
647 * the fscrypt keyring can be destroyed.
648 */
649 fscrypt_destroy_keyring(sb);
650
651 if (CHECK_DATA_CORRUPTION(!list_empty(&sb->s_inodes), NULL,
652 "VFS: Busy inodes after unmount of %s (%s)",
653 sb->s_id, sb->s_type->name)) {
654 /*
655 * Adding a proper bailout path here would be hard, but
656 * we can at least make it more likely that a later
657 * iput_final() or such crashes cleanly.
658 */
659 struct inode *inode;
660
661 spin_lock(lock: &sb->s_inode_list_lock);
662 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
663 inode->i_op = VFS_PTR_POISON;
664 inode->i_sb = VFS_PTR_POISON;
665 inode->i_mapping = VFS_PTR_POISON;
666 }
667 spin_unlock(lock: &sb->s_inode_list_lock);
668 }
669 }
670 /*
671 * Broadcast to everyone that grabbed a temporary reference to this
672 * superblock before we removed it from @fs_supers that the superblock
673 * is dying. Every walker of @fs_supers outside of sget{_fc}() will now
674 * discard this superblock and treat it as dead.
675 *
676 * We leave the superblock on @fs_supers so it can be found by
677 * sget{_fc}() until we passed sb->kill_sb().
678 */
679 super_wake(sb, SB_DYING);
680 super_unlock_excl(sb);
681 if (sb->s_bdi != &noop_backing_dev_info) {
682 if (sb->s_iflags & SB_I_PERSB_BDI)
683 bdi_unregister(bdi: sb->s_bdi);
684 bdi_put(bdi: sb->s_bdi);
685 sb->s_bdi = &noop_backing_dev_info;
686 }
687}
688
689EXPORT_SYMBOL(generic_shutdown_super);
690
691bool mount_capable(struct fs_context *fc)
692{
693 if (!(fc->fs_type->fs_flags & FS_USERNS_MOUNT))
694 return capable(CAP_SYS_ADMIN);
695 else
696 return ns_capable(ns: fc->user_ns, CAP_SYS_ADMIN);
697}
698
699/**
700 * sget_fc - Find or create a superblock
701 * @fc: Filesystem context.
702 * @test: Comparison callback
703 * @set: Setup callback
704 *
705 * Create a new superblock or find an existing one.
706 *
707 * The @test callback is used to find a matching existing superblock.
708 * Whether or not the requested parameters in @fc are taken into account
709 * is specific to the @test callback that is used. They may even be
710 * completely ignored.
711 *
712 * If an extant superblock is matched, it will be returned unless:
713 *
714 * (1) the namespace the filesystem context @fc and the extant
715 * superblock's namespace differ
716 *
717 * (2) the filesystem context @fc has requested that reusing an extant
718 * superblock is not allowed
719 *
720 * In both cases EBUSY will be returned.
721 *
722 * If no match is made, a new superblock will be allocated and basic
723 * initialisation will be performed (s_type, s_fs_info and s_id will be
724 * set and the @set callback will be invoked), the superblock will be
725 * published and it will be returned in a partially constructed state
726 * with SB_BORN and SB_ACTIVE as yet unset.
727 *
728 * Return: On success, an extant or newly created superblock is
729 * returned. On failure an error pointer is returned.
730 */
731struct super_block *sget_fc(struct fs_context *fc,
732 int (*test)(struct super_block *, struct fs_context *),
733 int (*set)(struct super_block *, struct fs_context *))
734{
735 struct super_block *s = NULL;
736 struct super_block *old;
737 struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns;
738 int err;
739
740 /*
741 * Never allow s_user_ns != &init_user_ns when FS_USERNS_MOUNT is
742 * not set, as the filesystem is likely unprepared to handle it.
743 * This can happen when fsconfig() is called from init_user_ns with
744 * an fs_fd opened in another user namespace.
745 */
746 if (user_ns != &init_user_ns && !(fc->fs_type->fs_flags & FS_USERNS_MOUNT)) {
747 errorfc(fc, "VFS: Mounting from non-initial user namespace is not allowed");
748 return ERR_PTR(error: -EPERM);
749 }
750
751retry:
752 spin_lock(lock: &sb_lock);
753 if (test) {
754 hlist_for_each_entry(old, &fc->fs_type->fs_supers, s_instances) {
755 if (test(old, fc))
756 goto share_extant_sb;
757 }
758 }
759 if (!s) {
760 spin_unlock(lock: &sb_lock);
761 s = alloc_super(type: fc->fs_type, flags: fc->sb_flags, user_ns);
762 if (!s)
763 return ERR_PTR(error: -ENOMEM);
764 goto retry;
765 }
766
767 s->s_fs_info = fc->s_fs_info;
768 err = set(s, fc);
769 if (err) {
770 s->s_fs_info = NULL;
771 spin_unlock(lock: &sb_lock);
772 destroy_unused_super(s);
773 return ERR_PTR(error: err);
774 }
775 fc->s_fs_info = NULL;
776 s->s_type = fc->fs_type;
777 s->s_iflags |= fc->s_iflags;
778 strscpy(s->s_id, s->s_type->name, sizeof(s->s_id));
779 /*
780 * Make the superblock visible on @super_blocks and @fs_supers.
781 * It's in a nascent state and users should wait on SB_BORN or
782 * SB_DYING to be set.
783 */
784 list_add_tail(new: &s->s_list, head: &super_blocks);
785 hlist_add_head(n: &s->s_instances, h: &s->s_type->fs_supers);
786 spin_unlock(lock: &sb_lock);
787 get_filesystem(fs: s->s_type);
788 shrinker_register(shrinker: s->s_shrink);
789 return s;
790
791share_extant_sb:
792 if (user_ns != old->s_user_ns || fc->exclusive) {
793 spin_unlock(lock: &sb_lock);
794 destroy_unused_super(s);
795 if (fc->exclusive)
796 warnfc(fc, "reusing existing filesystem not allowed");
797 else
798 warnfc(fc, "reusing existing filesystem in another namespace not allowed");
799 return ERR_PTR(error: -EBUSY);
800 }
801 if (!grab_super(sb: old))
802 goto retry;
803 destroy_unused_super(s);
804 return old;
805}
806EXPORT_SYMBOL(sget_fc);
807
808/**
809 * sget - find or create a superblock
810 * @type: filesystem type superblock should belong to
811 * @test: comparison callback
812 * @set: setup callback
813 * @flags: mount flags
814 * @data: argument to each of them
815 */
816struct super_block *sget(struct file_system_type *type,
817 int (*test)(struct super_block *,void *),
818 int (*set)(struct super_block *,void *),
819 int flags,
820 void *data)
821{
822 struct user_namespace *user_ns = current_user_ns();
823 struct super_block *s = NULL;
824 struct super_block *old;
825 int err;
826
827retry:
828 spin_lock(lock: &sb_lock);
829 if (test) {
830 hlist_for_each_entry(old, &type->fs_supers, s_instances) {
831 if (!test(old, data))
832 continue;
833 if (user_ns != old->s_user_ns) {
834 spin_unlock(lock: &sb_lock);
835 destroy_unused_super(s);
836 return ERR_PTR(error: -EBUSY);
837 }
838 if (!grab_super(sb: old))
839 goto retry;
840 destroy_unused_super(s);
841 return old;
842 }
843 }
844 if (!s) {
845 spin_unlock(lock: &sb_lock);
846 s = alloc_super(type, flags, user_ns);
847 if (!s)
848 return ERR_PTR(error: -ENOMEM);
849 goto retry;
850 }
851
852 err = set(s, data);
853 if (err) {
854 spin_unlock(lock: &sb_lock);
855 destroy_unused_super(s);
856 return ERR_PTR(error: err);
857 }
858 s->s_type = type;
859 strscpy(s->s_id, type->name, sizeof(s->s_id));
860 list_add_tail(new: &s->s_list, head: &super_blocks);
861 hlist_add_head(n: &s->s_instances, h: &type->fs_supers);
862 spin_unlock(lock: &sb_lock);
863 get_filesystem(fs: type);
864 shrinker_register(shrinker: s->s_shrink);
865 return s;
866}
867EXPORT_SYMBOL(sget);
868
869void drop_super(struct super_block *sb)
870{
871 super_unlock_shared(sb);
872 put_super(sb);
873}
874
875EXPORT_SYMBOL(drop_super);
876
877void drop_super_exclusive(struct super_block *sb)
878{
879 super_unlock_excl(sb);
880 put_super(sb);
881}
882EXPORT_SYMBOL(drop_super_exclusive);
883
884enum super_iter_flags_t {
885 SUPER_ITER_EXCL = (1U << 0),
886 SUPER_ITER_UNLOCKED = (1U << 1),
887 SUPER_ITER_REVERSE = (1U << 2),
888};
889
890static inline struct super_block *first_super(enum super_iter_flags_t flags)
891{
892 if (flags & SUPER_ITER_REVERSE)
893 return list_last_entry(&super_blocks, struct super_block, s_list);
894 return list_first_entry(&super_blocks, struct super_block, s_list);
895}
896
897static inline struct super_block *next_super(struct super_block *sb,
898 enum super_iter_flags_t flags)
899{
900 if (flags & SUPER_ITER_REVERSE)
901 return list_prev_entry(sb, s_list);
902 return list_next_entry(sb, s_list);
903}
904
905static void __iterate_supers(void (*f)(struct super_block *, void *), void *arg,
906 enum super_iter_flags_t flags)
907{
908 struct super_block *sb, *p = NULL;
909 bool excl = flags & SUPER_ITER_EXCL;
910
911 guard(spinlock)(l: &sb_lock);
912
913 for (sb = first_super(flags);
914 !list_entry_is_head(sb, &super_blocks, s_list);
915 sb = next_super(sb, flags)) {
916 if (super_flags(sb, SB_DYING))
917 continue;
918 sb->s_count++;
919 spin_unlock(lock: &sb_lock);
920
921 if (flags & SUPER_ITER_UNLOCKED) {
922 f(sb, arg);
923 } else if (super_lock(sb, excl)) {
924 f(sb, arg);
925 super_unlock(sb, excl);
926 }
927
928 spin_lock(lock: &sb_lock);
929 if (p)
930 __put_super(s: p);
931 p = sb;
932 }
933 if (p)
934 __put_super(s: p);
935}
936
937void iterate_supers(void (*f)(struct super_block *, void *), void *arg)
938{
939 __iterate_supers(f, arg, flags: 0);
940}
941
942/**
943 * iterate_supers_type - call function for superblocks of given type
944 * @type: fs type
945 * @f: function to call
946 * @arg: argument to pass to it
947 *
948 * Scans the superblock list and calls given function, passing it
949 * locked superblock and given argument.
950 */
951void iterate_supers_type(struct file_system_type *type,
952 void (*f)(struct super_block *, void *), void *arg)
953{
954 struct super_block *sb, *p = NULL;
955
956 spin_lock(lock: &sb_lock);
957 hlist_for_each_entry(sb, &type->fs_supers, s_instances) {
958 bool locked;
959
960 if (super_flags(sb, SB_DYING))
961 continue;
962
963 sb->s_count++;
964 spin_unlock(lock: &sb_lock);
965
966 locked = super_lock_shared(sb);
967 if (locked)
968 f(sb, arg);
969
970 spin_lock(lock: &sb_lock);
971 if (p)
972 __put_super(s: p);
973 p = sb;
974 }
975 if (p)
976 __put_super(s: p);
977 spin_unlock(lock: &sb_lock);
978}
979
980EXPORT_SYMBOL(iterate_supers_type);
981
982struct super_block *user_get_super(dev_t dev, bool excl)
983{
984 struct super_block *sb;
985
986 spin_lock(lock: &sb_lock);
987 list_for_each_entry(sb, &super_blocks, s_list) {
988 bool locked;
989
990 if (sb->s_dev != dev)
991 continue;
992
993 sb->s_count++;
994 spin_unlock(lock: &sb_lock);
995
996 locked = super_lock(sb, excl);
997 if (locked)
998 return sb;
999
1000 spin_lock(lock: &sb_lock);
1001 __put_super(s: sb);
1002 break;
1003 }
1004 spin_unlock(lock: &sb_lock);
1005 return NULL;
1006}
1007
1008/**
1009 * reconfigure_super - asks filesystem to change superblock parameters
1010 * @fc: The superblock and configuration
1011 *
1012 * Alters the configuration parameters of a live superblock.
1013 */
1014int reconfigure_super(struct fs_context *fc)
1015{
1016 struct super_block *sb = fc->root->d_sb;
1017 int retval;
1018 bool remount_ro = false;
1019 bool remount_rw = false;
1020 bool force = fc->sb_flags & SB_FORCE;
1021
1022 if (fc->sb_flags_mask & ~MS_RMT_MASK)
1023 return -EINVAL;
1024 if (sb->s_writers.frozen != SB_UNFROZEN)
1025 return -EBUSY;
1026
1027 retval = security_sb_remount(sb, mnt_opts: fc->security);
1028 if (retval)
1029 return retval;
1030
1031 if (fc->sb_flags_mask & SB_RDONLY) {
1032#ifdef CONFIG_BLOCK
1033 if (!(fc->sb_flags & SB_RDONLY) && sb->s_bdev &&
1034 bdev_read_only(bdev: sb->s_bdev))
1035 return -EACCES;
1036#endif
1037 remount_rw = !(fc->sb_flags & SB_RDONLY) && sb_rdonly(sb);
1038 remount_ro = (fc->sb_flags & SB_RDONLY) && !sb_rdonly(sb);
1039 }
1040
1041 if (remount_ro) {
1042 if (!hlist_empty(h: &sb->s_pins)) {
1043 super_unlock_excl(sb);
1044 group_pin_kill(p: &sb->s_pins);
1045 __super_lock_excl(sb);
1046 if (!sb->s_root)
1047 return 0;
1048 if (sb->s_writers.frozen != SB_UNFROZEN)
1049 return -EBUSY;
1050 remount_ro = !sb_rdonly(sb);
1051 }
1052 }
1053 shrink_dcache_sb(sb);
1054
1055 /* If we are reconfiguring to RDONLY and current sb is read/write,
1056 * make sure there are no files open for writing.
1057 */
1058 if (remount_ro) {
1059 if (force) {
1060 sb_start_ro_state_change(sb);
1061 } else {
1062 retval = sb_prepare_remount_readonly(sb);
1063 if (retval)
1064 return retval;
1065 }
1066 } else if (remount_rw) {
1067 /*
1068 * Protect filesystem's reconfigure code from writes from
1069 * userspace until reconfigure finishes.
1070 */
1071 sb_start_ro_state_change(sb);
1072 }
1073
1074 if (fc->ops->reconfigure) {
1075 retval = fc->ops->reconfigure(fc);
1076 if (retval) {
1077 if (!force)
1078 goto cancel_readonly;
1079 /* If forced remount, go ahead despite any errors */
1080 WARN(1, "forced remount of a %s fs returned %i\n",
1081 sb->s_type->name, retval);
1082 }
1083 }
1084
1085 WRITE_ONCE(sb->s_flags, ((sb->s_flags & ~fc->sb_flags_mask) |
1086 (fc->sb_flags & fc->sb_flags_mask)));
1087 sb_end_ro_state_change(sb);
1088
1089 /*
1090 * Some filesystems modify their metadata via some other path than the
1091 * bdev buffer cache (eg. use a private mapping, or directories in
1092 * pagecache, etc). Also file data modifications go via their own
1093 * mappings. So If we try to mount readonly then copy the filesystem
1094 * from bdev, we could get stale data, so invalidate it to give a best
1095 * effort at coherency.
1096 */
1097 if (remount_ro && sb->s_bdev)
1098 invalidate_bdev(bdev: sb->s_bdev);
1099 return 0;
1100
1101cancel_readonly:
1102 sb_end_ro_state_change(sb);
1103 return retval;
1104}
1105
1106static void do_emergency_remount_callback(struct super_block *sb, void *unused)
1107{
1108 if (sb->s_bdev && !sb_rdonly(sb)) {
1109 struct fs_context *fc;
1110
1111 fc = fs_context_for_reconfigure(dentry: sb->s_root,
1112 SB_RDONLY | SB_FORCE, SB_RDONLY);
1113 if (!IS_ERR(ptr: fc)) {
1114 if (parse_monolithic_mount_data(fc, NULL) == 0)
1115 (void)reconfigure_super(fc);
1116 put_fs_context(fc);
1117 }
1118 }
1119}
1120
1121static void do_emergency_remount(struct work_struct *work)
1122{
1123 __iterate_supers(f: do_emergency_remount_callback, NULL,
1124 flags: SUPER_ITER_EXCL | SUPER_ITER_REVERSE);
1125 kfree(objp: work);
1126 printk("Emergency Remount complete\n");
1127}
1128
1129void emergency_remount(void)
1130{
1131 struct work_struct *work;
1132
1133 work = kmalloc(sizeof(*work), GFP_ATOMIC);
1134 if (work) {
1135 INIT_WORK(work, do_emergency_remount);
1136 schedule_work(work);
1137 }
1138}
1139
1140static void do_thaw_all_callback(struct super_block *sb, void *unused)
1141{
1142 if (IS_ENABLED(CONFIG_BLOCK))
1143 while (sb->s_bdev && !bdev_thaw(bdev: sb->s_bdev))
1144 pr_warn("Emergency Thaw on %pg\n", sb->s_bdev);
1145 thaw_super_locked(sb, who: FREEZE_HOLDER_USERSPACE, NULL);
1146 return;
1147}
1148
1149static void do_thaw_all(struct work_struct *work)
1150{
1151 __iterate_supers(f: do_thaw_all_callback, NULL, flags: SUPER_ITER_EXCL);
1152 kfree(objp: work);
1153 printk(KERN_WARNING "Emergency Thaw complete\n");
1154}
1155
1156/**
1157 * emergency_thaw_all -- forcibly thaw every frozen filesystem
1158 *
1159 * Used for emergency unfreeze of all filesystems via SysRq
1160 */
1161void emergency_thaw_all(void)
1162{
1163 struct work_struct *work;
1164
1165 work = kmalloc(sizeof(*work), GFP_ATOMIC);
1166 if (work) {
1167 INIT_WORK(work, do_thaw_all);
1168 schedule_work(work);
1169 }
1170}
1171
1172static inline bool get_active_super(struct super_block *sb)
1173{
1174 bool active = false;
1175
1176 if (super_lock_excl(sb)) {
1177 active = atomic_inc_not_zero(v: &sb->s_active);
1178 super_unlock_excl(sb);
1179 }
1180 return active;
1181}
1182
1183static const char *filesystems_freeze_ptr = "filesystems_freeze";
1184
1185static void filesystems_freeze_callback(struct super_block *sb, void *unused)
1186{
1187 if (!sb->s_op->freeze_fs && !sb->s_op->freeze_super)
1188 return;
1189
1190 if (!get_active_super(sb))
1191 return;
1192
1193 if (sb->s_op->freeze_super)
1194 sb->s_op->freeze_super(sb, FREEZE_EXCL | FREEZE_HOLDER_KERNEL,
1195 filesystems_freeze_ptr);
1196 else
1197 freeze_super(super: sb, who: FREEZE_EXCL | FREEZE_HOLDER_KERNEL,
1198 freeze_owner: filesystems_freeze_ptr);
1199
1200 deactivate_super(sb);
1201}
1202
1203void filesystems_freeze(void)
1204{
1205 __iterate_supers(f: filesystems_freeze_callback, NULL,
1206 flags: SUPER_ITER_UNLOCKED | SUPER_ITER_REVERSE);
1207}
1208
1209static void filesystems_thaw_callback(struct super_block *sb, void *unused)
1210{
1211 if (!sb->s_op->freeze_fs && !sb->s_op->freeze_super)
1212 return;
1213
1214 if (!get_active_super(sb))
1215 return;
1216
1217 if (sb->s_op->thaw_super)
1218 sb->s_op->thaw_super(sb, FREEZE_EXCL | FREEZE_HOLDER_KERNEL,
1219 filesystems_freeze_ptr);
1220 else
1221 thaw_super(super: sb, who: FREEZE_EXCL | FREEZE_HOLDER_KERNEL,
1222 freeze_owner: filesystems_freeze_ptr);
1223
1224 deactivate_super(sb);
1225}
1226
1227void filesystems_thaw(void)
1228{
1229 __iterate_supers(f: filesystems_thaw_callback, NULL, flags: SUPER_ITER_UNLOCKED);
1230}
1231
1232static DEFINE_IDA(unnamed_dev_ida);
1233
1234/**
1235 * get_anon_bdev - Allocate a block device for filesystems which don't have one.
1236 * @p: Pointer to a dev_t.
1237 *
1238 * Filesystems which don't use real block devices can call this function
1239 * to allocate a virtual block device.
1240 *
1241 * Context: Any context. Frequently called while holding sb_lock.
1242 * Return: 0 on success, -EMFILE if there are no anonymous bdevs left
1243 * or -ENOMEM if memory allocation failed.
1244 */
1245int get_anon_bdev(dev_t *p)
1246{
1247 int dev;
1248
1249 /*
1250 * Many userspace utilities consider an FSID of 0 invalid.
1251 * Always return at least 1 from get_anon_bdev.
1252 */
1253 dev = ida_alloc_range(&unnamed_dev_ida, min: 1, max: (1 << MINORBITS) - 1,
1254 GFP_ATOMIC);
1255 if (dev == -ENOSPC)
1256 dev = -EMFILE;
1257 if (dev < 0)
1258 return dev;
1259
1260 *p = MKDEV(0, dev);
1261 return 0;
1262}
1263EXPORT_SYMBOL(get_anon_bdev);
1264
1265void free_anon_bdev(dev_t dev)
1266{
1267 ida_free(&unnamed_dev_ida, MINOR(dev));
1268}
1269EXPORT_SYMBOL(free_anon_bdev);
1270
1271int set_anon_super(struct super_block *s, void *data)
1272{
1273 return get_anon_bdev(&s->s_dev);
1274}
1275EXPORT_SYMBOL(set_anon_super);
1276
1277void kill_anon_super(struct super_block *sb)
1278{
1279 dev_t dev = sb->s_dev;
1280 generic_shutdown_super(sb);
1281 kill_super_notify(sb);
1282 free_anon_bdev(dev);
1283}
1284EXPORT_SYMBOL(kill_anon_super);
1285
1286void kill_litter_super(struct super_block *sb)
1287{
1288 if (sb->s_root)
1289 d_genocide(sb->s_root);
1290 kill_anon_super(sb);
1291}
1292EXPORT_SYMBOL(kill_litter_super);
1293
1294int set_anon_super_fc(struct super_block *sb, struct fs_context *fc)
1295{
1296 return set_anon_super(sb, NULL);
1297}
1298EXPORT_SYMBOL(set_anon_super_fc);
1299
1300static int test_keyed_super(struct super_block *sb, struct fs_context *fc)
1301{
1302 return sb->s_fs_info == fc->s_fs_info;
1303}
1304
1305static int test_single_super(struct super_block *s, struct fs_context *fc)
1306{
1307 return 1;
1308}
1309
1310static int vfs_get_super(struct fs_context *fc,
1311 int (*test)(struct super_block *, struct fs_context *),
1312 int (*fill_super)(struct super_block *sb,
1313 struct fs_context *fc))
1314{
1315 struct super_block *sb;
1316 int err;
1317
1318 sb = sget_fc(fc, test, set_anon_super_fc);
1319 if (IS_ERR(ptr: sb))
1320 return PTR_ERR(ptr: sb);
1321
1322 if (!sb->s_root) {
1323 err = fill_super(sb, fc);
1324 if (err)
1325 goto error;
1326
1327 sb->s_flags |= SB_ACTIVE;
1328 }
1329
1330 fc->root = dget(dentry: sb->s_root);
1331 return 0;
1332
1333error:
1334 deactivate_locked_super(sb);
1335 return err;
1336}
1337
1338int get_tree_nodev(struct fs_context *fc,
1339 int (*fill_super)(struct super_block *sb,
1340 struct fs_context *fc))
1341{
1342 return vfs_get_super(fc, NULL, fill_super);
1343}
1344EXPORT_SYMBOL(get_tree_nodev);
1345
1346int get_tree_single(struct fs_context *fc,
1347 int (*fill_super)(struct super_block *sb,
1348 struct fs_context *fc))
1349{
1350 return vfs_get_super(fc, test: test_single_super, fill_super);
1351}
1352EXPORT_SYMBOL(get_tree_single);
1353
1354int get_tree_keyed(struct fs_context *fc,
1355 int (*fill_super)(struct super_block *sb,
1356 struct fs_context *fc),
1357 void *key)
1358{
1359 fc->s_fs_info = key;
1360 return vfs_get_super(fc, test: test_keyed_super, fill_super);
1361}
1362EXPORT_SYMBOL(get_tree_keyed);
1363
1364static int set_bdev_super(struct super_block *s, void *data)
1365{
1366 s->s_dev = *(dev_t *)data;
1367 return 0;
1368}
1369
1370static int super_s_dev_set(struct super_block *s, struct fs_context *fc)
1371{
1372 return set_bdev_super(s, data: fc->sget_key);
1373}
1374
1375static int super_s_dev_test(struct super_block *s, struct fs_context *fc)
1376{
1377 return !(s->s_iflags & SB_I_RETIRED) &&
1378 s->s_dev == *(dev_t *)fc->sget_key;
1379}
1380
1381/**
1382 * sget_dev - Find or create a superblock by device number
1383 * @fc: Filesystem context.
1384 * @dev: device number
1385 *
1386 * Find or create a superblock using the provided device number that
1387 * will be stored in fc->sget_key.
1388 *
1389 * If an extant superblock is matched, then that will be returned with
1390 * an elevated reference count that the caller must transfer or discard.
1391 *
1392 * If no match is made, a new superblock will be allocated and basic
1393 * initialisation will be performed (s_type, s_fs_info, s_id, s_dev will
1394 * be set). The superblock will be published and it will be returned in
1395 * a partially constructed state with SB_BORN and SB_ACTIVE as yet
1396 * unset.
1397 *
1398 * Return: an existing or newly created superblock on success, an error
1399 * pointer on failure.
1400 */
1401struct super_block *sget_dev(struct fs_context *fc, dev_t dev)
1402{
1403 fc->sget_key = &dev;
1404 return sget_fc(fc, super_s_dev_test, super_s_dev_set);
1405}
1406EXPORT_SYMBOL(sget_dev);
1407
1408#ifdef CONFIG_BLOCK
1409/*
1410 * Lock the superblock that is holder of the bdev. Returns the superblock
1411 * pointer if we successfully locked the superblock and it is alive. Otherwise
1412 * we return NULL and just unlock bdev->bd_holder_lock.
1413 *
1414 * The function must be called with bdev->bd_holder_lock and releases it.
1415 */
1416static struct super_block *bdev_super_lock(struct block_device *bdev, bool excl)
1417 __releases(&bdev->bd_holder_lock)
1418{
1419 struct super_block *sb = bdev->bd_holder;
1420 bool locked;
1421
1422 lockdep_assert_held(&bdev->bd_holder_lock);
1423 lockdep_assert_not_held(&sb->s_umount);
1424 lockdep_assert_not_held(&bdev->bd_disk->open_mutex);
1425
1426 /* Make sure sb doesn't go away from under us */
1427 spin_lock(lock: &sb_lock);
1428 sb->s_count++;
1429 spin_unlock(lock: &sb_lock);
1430
1431 mutex_unlock(lock: &bdev->bd_holder_lock);
1432
1433 locked = super_lock(sb, excl);
1434
1435 /*
1436 * If the superblock wasn't already SB_DYING then we hold
1437 * s_umount and can safely drop our temporary reference.
1438 */
1439 put_super(sb);
1440
1441 if (!locked)
1442 return NULL;
1443
1444 if (!sb->s_root || !(sb->s_flags & SB_ACTIVE)) {
1445 super_unlock(sb, excl);
1446 return NULL;
1447 }
1448
1449 return sb;
1450}
1451
1452static void fs_bdev_mark_dead(struct block_device *bdev, bool surprise)
1453{
1454 struct super_block *sb;
1455
1456 sb = bdev_super_lock(bdev, excl: false);
1457 if (!sb)
1458 return;
1459
1460 if (!surprise)
1461 sync_filesystem(sb);
1462 shrink_dcache_sb(sb);
1463 evict_inodes(sb);
1464 if (sb->s_op->shutdown)
1465 sb->s_op->shutdown(sb);
1466
1467 super_unlock_shared(sb);
1468}
1469
1470static void fs_bdev_sync(struct block_device *bdev)
1471{
1472 struct super_block *sb;
1473
1474 sb = bdev_super_lock(bdev, excl: false);
1475 if (!sb)
1476 return;
1477
1478 sync_filesystem(sb);
1479 super_unlock_shared(sb);
1480}
1481
1482static struct super_block *get_bdev_super(struct block_device *bdev)
1483{
1484 bool active = false;
1485 struct super_block *sb;
1486
1487 sb = bdev_super_lock(bdev, excl: true);
1488 if (sb) {
1489 active = atomic_inc_not_zero(v: &sb->s_active);
1490 super_unlock_excl(sb);
1491 }
1492 if (!active)
1493 return NULL;
1494 return sb;
1495}
1496
1497/**
1498 * fs_bdev_freeze - freeze owning filesystem of block device
1499 * @bdev: block device
1500 *
1501 * Freeze the filesystem that owns this block device if it is still
1502 * active.
1503 *
1504 * A filesystem that owns multiple block devices may be frozen from each
1505 * block device and won't be unfrozen until all block devices are
1506 * unfrozen. Each block device can only freeze the filesystem once as we
1507 * nest freezes for block devices in the block layer.
1508 *
1509 * Return: If the freeze was successful zero is returned. If the freeze
1510 * failed a negative error code is returned.
1511 */
1512static int fs_bdev_freeze(struct block_device *bdev)
1513{
1514 struct super_block *sb;
1515 int error = 0;
1516
1517 lockdep_assert_held(&bdev->bd_fsfreeze_mutex);
1518
1519 sb = get_bdev_super(bdev);
1520 if (!sb)
1521 return -EINVAL;
1522
1523 if (sb->s_op->freeze_super)
1524 error = sb->s_op->freeze_super(sb,
1525 FREEZE_MAY_NEST | FREEZE_HOLDER_USERSPACE, NULL);
1526 else
1527 error = freeze_super(super: sb,
1528 who: FREEZE_MAY_NEST | FREEZE_HOLDER_USERSPACE, NULL);
1529 if (!error)
1530 error = sync_blockdev(bdev);
1531 deactivate_super(sb);
1532 return error;
1533}
1534
1535/**
1536 * fs_bdev_thaw - thaw owning filesystem of block device
1537 * @bdev: block device
1538 *
1539 * Thaw the filesystem that owns this block device.
1540 *
1541 * A filesystem that owns multiple block devices may be frozen from each
1542 * block device and won't be unfrozen until all block devices are
1543 * unfrozen. Each block device can only freeze the filesystem once as we
1544 * nest freezes for block devices in the block layer.
1545 *
1546 * Return: If the thaw was successful zero is returned. If the thaw
1547 * failed a negative error code is returned. If this function
1548 * returns zero it doesn't mean that the filesystem is unfrozen
1549 * as it may have been frozen multiple times (kernel may hold a
1550 * freeze or might be frozen from other block devices).
1551 */
1552static int fs_bdev_thaw(struct block_device *bdev)
1553{
1554 struct super_block *sb;
1555 int error;
1556
1557 lockdep_assert_held(&bdev->bd_fsfreeze_mutex);
1558
1559 /*
1560 * The block device may have been frozen before it was claimed by a
1561 * filesystem. Concurrently another process might try to mount that
1562 * frozen block device and has temporarily claimed the block device for
1563 * that purpose causing a concurrent fs_bdev_thaw() to end up here. The
1564 * mounter is already about to abort mounting because they still saw an
1565 * elevanted bdev->bd_fsfreeze_count so get_bdev_super() will return
1566 * NULL in that case.
1567 */
1568 sb = get_bdev_super(bdev);
1569 if (!sb)
1570 return -EINVAL;
1571
1572 if (sb->s_op->thaw_super)
1573 error = sb->s_op->thaw_super(sb,
1574 FREEZE_MAY_NEST | FREEZE_HOLDER_USERSPACE, NULL);
1575 else
1576 error = thaw_super(super: sb,
1577 who: FREEZE_MAY_NEST | FREEZE_HOLDER_USERSPACE, NULL);
1578 deactivate_super(sb);
1579 return error;
1580}
1581
1582const struct blk_holder_ops fs_holder_ops = {
1583 .mark_dead = fs_bdev_mark_dead,
1584 .sync = fs_bdev_sync,
1585 .freeze = fs_bdev_freeze,
1586 .thaw = fs_bdev_thaw,
1587};
1588EXPORT_SYMBOL_GPL(fs_holder_ops);
1589
1590int setup_bdev_super(struct super_block *sb, int sb_flags,
1591 struct fs_context *fc)
1592{
1593 blk_mode_t mode = sb_open_mode(sb_flags);
1594 struct file *bdev_file;
1595 struct block_device *bdev;
1596
1597 bdev_file = bdev_file_open_by_dev(dev: sb->s_dev, mode, holder: sb, hops: &fs_holder_ops);
1598 if (IS_ERR(ptr: bdev_file)) {
1599 if (fc)
1600 errorf(fc, "%s: Can't open blockdev", fc->source);
1601 return PTR_ERR(ptr: bdev_file);
1602 }
1603 bdev = file_bdev(bdev_file);
1604
1605 /*
1606 * This really should be in blkdev_get_by_dev, but right now can't due
1607 * to legacy issues that require us to allow opening a block device node
1608 * writable from userspace even for a read-only block device.
1609 */
1610 if ((mode & BLK_OPEN_WRITE) && bdev_read_only(bdev)) {
1611 bdev_fput(bdev_file);
1612 return -EACCES;
1613 }
1614
1615 /*
1616 * It is enough to check bdev was not frozen before we set
1617 * s_bdev as freezing will wait until SB_BORN is set.
1618 */
1619 if (atomic_read(v: &bdev->bd_fsfreeze_count) > 0) {
1620 if (fc)
1621 warnf(fc, "%pg: Can't mount, blockdev is frozen", bdev);
1622 bdev_fput(bdev_file);
1623 return -EBUSY;
1624 }
1625 spin_lock(lock: &sb_lock);
1626 sb->s_bdev_file = bdev_file;
1627 sb->s_bdev = bdev;
1628 sb->s_bdi = bdi_get(bdi: bdev->bd_disk->bdi);
1629 if (bdev_stable_writes(bdev))
1630 sb->s_iflags |= SB_I_STABLE_WRITES;
1631 spin_unlock(lock: &sb_lock);
1632
1633 snprintf(buf: sb->s_id, size: sizeof(sb->s_id), fmt: "%pg", bdev);
1634 shrinker_debugfs_rename(shrinker: sb->s_shrink, fmt: "sb-%s:%s", sb->s_type->name,
1635 sb->s_id);
1636 sb_set_blocksize(sb, block_size(bdev));
1637 return 0;
1638}
1639EXPORT_SYMBOL_GPL(setup_bdev_super);
1640
1641/**
1642 * get_tree_bdev_flags - Get a superblock based on a single block device
1643 * @fc: The filesystem context holding the parameters
1644 * @fill_super: Helper to initialise a new superblock
1645 * @flags: GET_TREE_BDEV_* flags
1646 */
1647int get_tree_bdev_flags(struct fs_context *fc,
1648 int (*fill_super)(struct super_block *sb,
1649 struct fs_context *fc), unsigned int flags)
1650{
1651 struct super_block *s;
1652 int error = 0;
1653 dev_t dev;
1654
1655 if (!fc->source)
1656 return invalf(fc, "No source specified");
1657
1658 error = lookup_bdev(pathname: fc->source, dev: &dev);
1659 if (error) {
1660 if (!(flags & GET_TREE_BDEV_QUIET_LOOKUP))
1661 errorf(fc, "%s: Can't lookup blockdev", fc->source);
1662 return error;
1663 }
1664 fc->sb_flags |= SB_NOSEC;
1665 s = sget_dev(fc, dev);
1666 if (IS_ERR(ptr: s))
1667 return PTR_ERR(ptr: s);
1668
1669 if (s->s_root) {
1670 /* Don't summarily change the RO/RW state. */
1671 if ((fc->sb_flags ^ s->s_flags) & SB_RDONLY) {
1672 warnf(fc, "%pg: Can't mount, would change RO state", s->s_bdev);
1673 deactivate_locked_super(s);
1674 return -EBUSY;
1675 }
1676 } else {
1677 error = setup_bdev_super(s, fc->sb_flags, fc);
1678 if (!error)
1679 error = fill_super(s, fc);
1680 if (error) {
1681 deactivate_locked_super(s);
1682 return error;
1683 }
1684 s->s_flags |= SB_ACTIVE;
1685 }
1686
1687 BUG_ON(fc->root);
1688 fc->root = dget(dentry: s->s_root);
1689 return 0;
1690}
1691EXPORT_SYMBOL_GPL(get_tree_bdev_flags);
1692
1693/**
1694 * get_tree_bdev - Get a superblock based on a single block device
1695 * @fc: The filesystem context holding the parameters
1696 * @fill_super: Helper to initialise a new superblock
1697 */
1698int get_tree_bdev(struct fs_context *fc,
1699 int (*fill_super)(struct super_block *,
1700 struct fs_context *))
1701{
1702 return get_tree_bdev_flags(fc, fill_super, 0);
1703}
1704EXPORT_SYMBOL(get_tree_bdev);
1705
1706static int test_bdev_super(struct super_block *s, void *data)
1707{
1708 return !(s->s_iflags & SB_I_RETIRED) && s->s_dev == *(dev_t *)data;
1709}
1710
1711struct dentry *mount_bdev(struct file_system_type *fs_type,
1712 int flags, const char *dev_name, void *data,
1713 int (*fill_super)(struct super_block *, void *, int))
1714{
1715 struct super_block *s;
1716 int error;
1717 dev_t dev;
1718
1719 error = lookup_bdev(pathname: dev_name, dev: &dev);
1720 if (error)
1721 return ERR_PTR(error);
1722
1723 flags |= SB_NOSEC;
1724 s = sget(fs_type, test_bdev_super, set_bdev_super, flags, &dev);
1725 if (IS_ERR(ptr: s))
1726 return ERR_CAST(ptr: s);
1727
1728 if (s->s_root) {
1729 if ((flags ^ s->s_flags) & SB_RDONLY) {
1730 deactivate_locked_super(s);
1731 return ERR_PTR(error: -EBUSY);
1732 }
1733 } else {
1734 error = setup_bdev_super(s, flags, NULL);
1735 if (!error)
1736 error = fill_super(s, data, flags & SB_SILENT ? 1 : 0);
1737 if (error) {
1738 deactivate_locked_super(s);
1739 return ERR_PTR(error);
1740 }
1741
1742 s->s_flags |= SB_ACTIVE;
1743 }
1744
1745 return dget(dentry: s->s_root);
1746}
1747EXPORT_SYMBOL(mount_bdev);
1748
1749void kill_block_super(struct super_block *sb)
1750{
1751 struct block_device *bdev = sb->s_bdev;
1752
1753 generic_shutdown_super(sb);
1754 if (bdev) {
1755 sync_blockdev(bdev);
1756 bdev_fput(bdev_file: sb->s_bdev_file);
1757 }
1758}
1759
1760EXPORT_SYMBOL(kill_block_super);
1761#endif
1762
1763struct dentry *mount_nodev(struct file_system_type *fs_type,
1764 int flags, void *data,
1765 int (*fill_super)(struct super_block *, void *, int))
1766{
1767 int error;
1768 struct super_block *s = sget(fs_type, NULL, set_anon_super, flags, NULL);
1769
1770 if (IS_ERR(ptr: s))
1771 return ERR_CAST(ptr: s);
1772
1773 error = fill_super(s, data, flags & SB_SILENT ? 1 : 0);
1774 if (error) {
1775 deactivate_locked_super(s);
1776 return ERR_PTR(error);
1777 }
1778 s->s_flags |= SB_ACTIVE;
1779 return dget(dentry: s->s_root);
1780}
1781EXPORT_SYMBOL(mount_nodev);
1782
1783/**
1784 * vfs_get_tree - Get the mountable root
1785 * @fc: The superblock configuration context.
1786 *
1787 * The filesystem is invoked to get or create a superblock which can then later
1788 * be used for mounting. The filesystem places a pointer to the root to be
1789 * used for mounting in @fc->root.
1790 */
1791int vfs_get_tree(struct fs_context *fc)
1792{
1793 struct super_block *sb;
1794 int error;
1795
1796 if (fc->root)
1797 return -EBUSY;
1798
1799 /* Get the mountable root in fc->root, with a ref on the root and a ref
1800 * on the superblock.
1801 */
1802 error = fc->ops->get_tree(fc);
1803 if (error < 0)
1804 return error;
1805
1806 if (!fc->root) {
1807 pr_err("Filesystem %s get_tree() didn't set fc->root, returned %i\n",
1808 fc->fs_type->name, error);
1809 /* We don't know what the locking state of the superblock is -
1810 * if there is a superblock.
1811 */
1812 BUG();
1813 }
1814
1815 sb = fc->root->d_sb;
1816 WARN_ON(!sb->s_bdi);
1817
1818 /*
1819 * super_wake() contains a memory barrier which also care of
1820 * ordering for super_cache_count(). We place it before setting
1821 * SB_BORN as the data dependency between the two functions is
1822 * the superblock structure contents that we just set up, not
1823 * the SB_BORN flag.
1824 */
1825 super_wake(sb, SB_BORN);
1826
1827 error = security_sb_set_mnt_opts(sb, mnt_opts: fc->security, kern_flags: 0, NULL);
1828 if (unlikely(error)) {
1829 fc_drop_locked(fc);
1830 return error;
1831 }
1832
1833 /*
1834 * filesystems should never set s_maxbytes larger than MAX_LFS_FILESIZE
1835 * but s_maxbytes was an unsigned long long for many releases. Throw
1836 * this warning for a little while to try and catch filesystems that
1837 * violate this rule.
1838 */
1839 WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to "
1840 "negative value (%lld)\n", fc->fs_type->name, sb->s_maxbytes);
1841
1842 return 0;
1843}
1844EXPORT_SYMBOL(vfs_get_tree);
1845
1846/*
1847 * Setup private BDI for given superblock. It gets automatically cleaned up
1848 * in generic_shutdown_super().
1849 */
1850int super_setup_bdi_name(struct super_block *sb, char *fmt, ...)
1851{
1852 struct backing_dev_info *bdi;
1853 int err;
1854 va_list args;
1855
1856 bdi = bdi_alloc(NUMA_NO_NODE);
1857 if (!bdi)
1858 return -ENOMEM;
1859
1860 va_start(args, fmt);
1861 err = bdi_register_va(bdi, fmt, args);
1862 va_end(args);
1863 if (err) {
1864 bdi_put(bdi);
1865 return err;
1866 }
1867 WARN_ON(sb->s_bdi != &noop_backing_dev_info);
1868 sb->s_bdi = bdi;
1869 sb->s_iflags |= SB_I_PERSB_BDI;
1870
1871 return 0;
1872}
1873EXPORT_SYMBOL(super_setup_bdi_name);
1874
1875/*
1876 * Setup private BDI for given superblock. I gets automatically cleaned up
1877 * in generic_shutdown_super().
1878 */
1879int super_setup_bdi(struct super_block *sb)
1880{
1881 static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
1882
1883 return super_setup_bdi_name(sb, "%.28s-%ld", sb->s_type->name,
1884 atomic_long_inc_return(v: &bdi_seq));
1885}
1886EXPORT_SYMBOL(super_setup_bdi);
1887
1888/**
1889 * sb_wait_write - wait until all writers to given file system finish
1890 * @sb: the super for which we wait
1891 * @level: type of writers we wait for (normal vs page fault)
1892 *
1893 * This function waits until there are no writers of given type to given file
1894 * system.
1895 */
1896static void sb_wait_write(struct super_block *sb, int level)
1897{
1898 percpu_down_write(sb->s_writers.rw_sem + level-1);
1899}
1900
1901/*
1902 * We are going to return to userspace and forget about these locks, the
1903 * ownership goes to the caller of thaw_super() which does unlock().
1904 */
1905static void lockdep_sb_freeze_release(struct super_block *sb)
1906{
1907 int level;
1908
1909 for (level = SB_FREEZE_LEVELS - 1; level >= 0; level--)
1910 percpu_rwsem_release(sem: sb->s_writers.rw_sem + level, _THIS_IP_);
1911}
1912
1913/*
1914 * Tell lockdep we are holding these locks before we call ->unfreeze_fs(sb).
1915 */
1916static void lockdep_sb_freeze_acquire(struct super_block *sb)
1917{
1918 int level;
1919
1920 for (level = 0; level < SB_FREEZE_LEVELS; ++level)
1921 percpu_rwsem_acquire(sem: sb->s_writers.rw_sem + level, read: 0, _THIS_IP_);
1922}
1923
1924static void sb_freeze_unlock(struct super_block *sb, int level)
1925{
1926 for (level--; level >= 0; level--)
1927 percpu_up_write(sb->s_writers.rw_sem + level);
1928}
1929
1930static int wait_for_partially_frozen(struct super_block *sb)
1931{
1932 int ret = 0;
1933
1934 do {
1935 unsigned short old = sb->s_writers.frozen;
1936
1937 up_write(sem: &sb->s_umount);
1938 ret = wait_var_event_killable(&sb->s_writers.frozen,
1939 sb->s_writers.frozen != old);
1940 down_write(sem: &sb->s_umount);
1941 } while (ret == 0 &&
1942 sb->s_writers.frozen != SB_UNFROZEN &&
1943 sb->s_writers.frozen != SB_FREEZE_COMPLETE);
1944
1945 return ret;
1946}
1947
1948#define FREEZE_HOLDERS (FREEZE_HOLDER_KERNEL | FREEZE_HOLDER_USERSPACE)
1949#define FREEZE_FLAGS (FREEZE_HOLDERS | FREEZE_MAY_NEST | FREEZE_EXCL)
1950
1951static inline int freeze_inc(struct super_block *sb, enum freeze_holder who)
1952{
1953 WARN_ON_ONCE((who & ~FREEZE_FLAGS));
1954 WARN_ON_ONCE(hweight32(who & FREEZE_HOLDERS) > 1);
1955
1956 if (who & FREEZE_HOLDER_KERNEL)
1957 ++sb->s_writers.freeze_kcount;
1958 if (who & FREEZE_HOLDER_USERSPACE)
1959 ++sb->s_writers.freeze_ucount;
1960 return sb->s_writers.freeze_kcount + sb->s_writers.freeze_ucount;
1961}
1962
1963static inline int freeze_dec(struct super_block *sb, enum freeze_holder who)
1964{
1965 WARN_ON_ONCE((who & ~FREEZE_FLAGS));
1966 WARN_ON_ONCE(hweight32(who & FREEZE_HOLDERS) > 1);
1967
1968 if ((who & FREEZE_HOLDER_KERNEL) && sb->s_writers.freeze_kcount)
1969 --sb->s_writers.freeze_kcount;
1970 if ((who & FREEZE_HOLDER_USERSPACE) && sb->s_writers.freeze_ucount)
1971 --sb->s_writers.freeze_ucount;
1972 return sb->s_writers.freeze_kcount + sb->s_writers.freeze_ucount;
1973}
1974
1975static inline bool may_freeze(struct super_block *sb, enum freeze_holder who,
1976 const void *freeze_owner)
1977{
1978 lockdep_assert_held(&sb->s_umount);
1979
1980 WARN_ON_ONCE((who & ~FREEZE_FLAGS));
1981 WARN_ON_ONCE(hweight32(who & FREEZE_HOLDERS) > 1);
1982
1983 if (who & FREEZE_EXCL) {
1984 if (WARN_ON_ONCE(!(who & FREEZE_HOLDER_KERNEL)))
1985 return false;
1986 if (WARN_ON_ONCE(who & ~(FREEZE_EXCL | FREEZE_HOLDER_KERNEL)))
1987 return false;
1988 if (WARN_ON_ONCE(!freeze_owner))
1989 return false;
1990 /* This freeze already has a specific owner. */
1991 if (sb->s_writers.freeze_owner)
1992 return false;
1993 /*
1994 * This is already frozen multiple times so we're just
1995 * going to take a reference count and mark the freeze as
1996 * being owned by the caller.
1997 */
1998 if (sb->s_writers.freeze_kcount + sb->s_writers.freeze_ucount)
1999 sb->s_writers.freeze_owner = freeze_owner;
2000 return true;
2001 }
2002
2003 if (who & FREEZE_HOLDER_KERNEL)
2004 return (who & FREEZE_MAY_NEST) ||
2005 sb->s_writers.freeze_kcount == 0;
2006 if (who & FREEZE_HOLDER_USERSPACE)
2007 return (who & FREEZE_MAY_NEST) ||
2008 sb->s_writers.freeze_ucount == 0;
2009 return false;
2010}
2011
2012static inline bool may_unfreeze(struct super_block *sb, enum freeze_holder who,
2013 const void *freeze_owner)
2014{
2015 lockdep_assert_held(&sb->s_umount);
2016
2017 WARN_ON_ONCE((who & ~FREEZE_FLAGS));
2018 WARN_ON_ONCE(hweight32(who & FREEZE_HOLDERS) > 1);
2019
2020 if (who & FREEZE_EXCL) {
2021 if (WARN_ON_ONCE(!(who & FREEZE_HOLDER_KERNEL)))
2022 return false;
2023 if (WARN_ON_ONCE(who & ~(FREEZE_EXCL | FREEZE_HOLDER_KERNEL)))
2024 return false;
2025 if (WARN_ON_ONCE(!freeze_owner))
2026 return false;
2027 if (WARN_ON_ONCE(sb->s_writers.freeze_kcount == 0))
2028 return false;
2029 /* This isn't exclusively frozen. */
2030 if (!sb->s_writers.freeze_owner)
2031 return false;
2032 /* This isn't exclusively frozen by us. */
2033 if (sb->s_writers.freeze_owner != freeze_owner)
2034 return false;
2035 /*
2036 * This is still frozen multiple times so we're just
2037 * going to drop our reference count and undo our
2038 * exclusive freeze.
2039 */
2040 if ((sb->s_writers.freeze_kcount + sb->s_writers.freeze_ucount) > 1)
2041 sb->s_writers.freeze_owner = NULL;
2042 return true;
2043 }
2044
2045 if (who & FREEZE_HOLDER_KERNEL) {
2046 /*
2047 * Someone's trying to steal the reference belonging to
2048 * @sb->s_writers.freeze_owner.
2049 */
2050 if (sb->s_writers.freeze_kcount == 1 &&
2051 sb->s_writers.freeze_owner)
2052 return false;
2053 return sb->s_writers.freeze_kcount > 0;
2054 }
2055
2056 if (who & FREEZE_HOLDER_USERSPACE)
2057 return sb->s_writers.freeze_ucount > 0;
2058
2059 return false;
2060}
2061
2062/**
2063 * freeze_super - lock the filesystem and force it into a consistent state
2064 * @sb: the super to lock
2065 * @who: context that wants to freeze
2066 * @freeze_owner: owner of the freeze
2067 *
2068 * Syncs the super to make sure the filesystem is consistent and calls the fs's
2069 * freeze_fs. Subsequent calls to this without first thawing the fs may return
2070 * -EBUSY.
2071 *
2072 * @who should be:
2073 * * %FREEZE_HOLDER_USERSPACE if userspace wants to freeze the fs;
2074 * * %FREEZE_HOLDER_KERNEL if the kernel wants to freeze the fs.
2075 * * %FREEZE_MAY_NEST whether nesting freeze and thaw requests is allowed.
2076 *
2077 * The @who argument distinguishes between the kernel and userspace trying to
2078 * freeze the filesystem. Although there cannot be multiple kernel freezes or
2079 * multiple userspace freezes in effect at any given time, the kernel and
2080 * userspace can both hold a filesystem frozen. The filesystem remains frozen
2081 * until there are no kernel or userspace freezes in effect.
2082 *
2083 * A filesystem may hold multiple devices and thus a filesystems may be
2084 * frozen through the block layer via multiple block devices. In this
2085 * case the request is marked as being allowed to nest by passing
2086 * FREEZE_MAY_NEST. The filesystem remains frozen until all block
2087 * devices are unfrozen. If multiple freezes are attempted without
2088 * FREEZE_MAY_NEST -EBUSY will be returned.
2089 *
2090 * During this function, sb->s_writers.frozen goes through these values:
2091 *
2092 * SB_UNFROZEN: File system is normal, all writes progress as usual.
2093 *
2094 * SB_FREEZE_WRITE: The file system is in the process of being frozen. New
2095 * writes should be blocked, though page faults are still allowed. We wait for
2096 * all writes to complete and then proceed to the next stage.
2097 *
2098 * SB_FREEZE_PAGEFAULT: Freezing continues. Now also page faults are blocked
2099 * but internal fs threads can still modify the filesystem (although they
2100 * should not dirty new pages or inodes), writeback can run etc. After waiting
2101 * for all running page faults we sync the filesystem which will clean all
2102 * dirty pages and inodes (no new dirty pages or inodes can be created when
2103 * sync is running).
2104 *
2105 * SB_FREEZE_FS: The file system is frozen. Now all internal sources of fs
2106 * modification are blocked (e.g. XFS preallocation truncation on inode
2107 * reclaim). This is usually implemented by blocking new transactions for
2108 * filesystems that have them and need this additional guard. After all
2109 * internal writers are finished we call ->freeze_fs() to finish filesystem
2110 * freezing. Then we transition to SB_FREEZE_COMPLETE state. This state is
2111 * mostly auxiliary for filesystems to verify they do not modify frozen fs.
2112 *
2113 * sb->s_writers.frozen is protected by sb->s_umount.
2114 *
2115 * Return: If the freeze was successful zero is returned. If the freeze
2116 * failed a negative error code is returned.
2117 */
2118int freeze_super(struct super_block *sb, enum freeze_holder who, const void *freeze_owner)
2119{
2120 int ret;
2121
2122 if (!super_lock_excl(sb)) {
2123 WARN_ON_ONCE("Dying superblock while freezing!");
2124 return -EINVAL;
2125 }
2126 atomic_inc(v: &sb->s_active);
2127
2128retry:
2129 if (sb->s_writers.frozen == SB_FREEZE_COMPLETE) {
2130 if (may_freeze(sb, who, freeze_owner))
2131 ret = !!WARN_ON_ONCE(freeze_inc(sb, who) == 1);
2132 else
2133 ret = -EBUSY;
2134 /* All freezers share a single active reference. */
2135 deactivate_locked_super(sb);
2136 return ret;
2137 }
2138
2139 if (sb->s_writers.frozen != SB_UNFROZEN) {
2140 ret = wait_for_partially_frozen(sb);
2141 if (ret) {
2142 deactivate_locked_super(sb);
2143 return ret;
2144 }
2145
2146 goto retry;
2147 }
2148
2149 if (sb_rdonly(sb)) {
2150 /* Nothing to do really... */
2151 WARN_ON_ONCE(freeze_inc(sb, who) > 1);
2152 sb->s_writers.freeze_owner = freeze_owner;
2153 sb->s_writers.frozen = SB_FREEZE_COMPLETE;
2154 wake_up_var(var: &sb->s_writers.frozen);
2155 super_unlock_excl(sb);
2156 return 0;
2157 }
2158
2159 sb->s_writers.frozen = SB_FREEZE_WRITE;
2160 /* Release s_umount to preserve sb_start_write -> s_umount ordering */
2161 super_unlock_excl(sb);
2162 sb_wait_write(sb, level: SB_FREEZE_WRITE);
2163 __super_lock_excl(sb);
2164
2165 /* Now we go and block page faults... */
2166 sb->s_writers.frozen = SB_FREEZE_PAGEFAULT;
2167 sb_wait_write(sb, level: SB_FREEZE_PAGEFAULT);
2168
2169 /* All writers are done so after syncing there won't be dirty data */
2170 ret = sync_filesystem(sb);
2171 if (ret) {
2172 sb->s_writers.frozen = SB_UNFROZEN;
2173 sb_freeze_unlock(sb, level: SB_FREEZE_PAGEFAULT);
2174 wake_up_var(var: &sb->s_writers.frozen);
2175 deactivate_locked_super(sb);
2176 return ret;
2177 }
2178
2179 /* Now wait for internal filesystem counter */
2180 sb->s_writers.frozen = SB_FREEZE_FS;
2181 sb_wait_write(sb, level: SB_FREEZE_FS);
2182
2183 if (sb->s_op->freeze_fs) {
2184 ret = sb->s_op->freeze_fs(sb);
2185 if (ret) {
2186 printk(KERN_ERR
2187 "VFS:Filesystem freeze failed\n");
2188 sb->s_writers.frozen = SB_UNFROZEN;
2189 sb_freeze_unlock(sb, level: SB_FREEZE_FS);
2190 wake_up_var(var: &sb->s_writers.frozen);
2191 deactivate_locked_super(sb);
2192 return ret;
2193 }
2194 }
2195 /*
2196 * For debugging purposes so that fs can warn if it sees write activity
2197 * when frozen is set to SB_FREEZE_COMPLETE, and for thaw_super().
2198 */
2199 WARN_ON_ONCE(freeze_inc(sb, who) > 1);
2200 sb->s_writers.freeze_owner = freeze_owner;
2201 sb->s_writers.frozen = SB_FREEZE_COMPLETE;
2202 wake_up_var(var: &sb->s_writers.frozen);
2203 lockdep_sb_freeze_release(sb);
2204 super_unlock_excl(sb);
2205 return 0;
2206}
2207EXPORT_SYMBOL(freeze_super);
2208
2209/*
2210 * Undoes the effect of a freeze_super_locked call. If the filesystem is
2211 * frozen both by userspace and the kernel, a thaw call from either source
2212 * removes that state without releasing the other state or unlocking the
2213 * filesystem.
2214 */
2215static int thaw_super_locked(struct super_block *sb, enum freeze_holder who,
2216 const void *freeze_owner)
2217{
2218 int error = -EINVAL;
2219
2220 if (sb->s_writers.frozen != SB_FREEZE_COMPLETE)
2221 goto out_unlock;
2222
2223 if (!may_unfreeze(sb, who, freeze_owner))
2224 goto out_unlock;
2225
2226 /*
2227 * All freezers share a single active reference.
2228 * So just unlock in case there are any left.
2229 */
2230 if (freeze_dec(sb, who))
2231 goto out_unlock;
2232
2233 if (sb_rdonly(sb)) {
2234 sb->s_writers.frozen = SB_UNFROZEN;
2235 sb->s_writers.freeze_owner = NULL;
2236 wake_up_var(var: &sb->s_writers.frozen);
2237 goto out_deactivate;
2238 }
2239
2240 lockdep_sb_freeze_acquire(sb);
2241
2242 if (sb->s_op->unfreeze_fs) {
2243 error = sb->s_op->unfreeze_fs(sb);
2244 if (error) {
2245 pr_err("VFS: Filesystem thaw failed\n");
2246 freeze_inc(sb, who);
2247 lockdep_sb_freeze_release(sb);
2248 goto out_unlock;
2249 }
2250 }
2251
2252 sb->s_writers.frozen = SB_UNFROZEN;
2253 sb->s_writers.freeze_owner = NULL;
2254 wake_up_var(var: &sb->s_writers.frozen);
2255 sb_freeze_unlock(sb, level: SB_FREEZE_FS);
2256out_deactivate:
2257 deactivate_locked_super(sb);
2258 return 0;
2259
2260out_unlock:
2261 super_unlock_excl(sb);
2262 return error;
2263}
2264
2265/**
2266 * thaw_super -- unlock filesystem
2267 * @sb: the super to thaw
2268 * @who: context that wants to freeze
2269 * @freeze_owner: owner of the freeze
2270 *
2271 * Unlocks the filesystem and marks it writeable again after freeze_super()
2272 * if there are no remaining freezes on the filesystem.
2273 *
2274 * @who should be:
2275 * * %FREEZE_HOLDER_USERSPACE if userspace wants to thaw the fs;
2276 * * %FREEZE_HOLDER_KERNEL if the kernel wants to thaw the fs.
2277 * * %FREEZE_MAY_NEST whether nesting freeze and thaw requests is allowed
2278 *
2279 * A filesystem may hold multiple devices and thus a filesystems may
2280 * have been frozen through the block layer via multiple block devices.
2281 * The filesystem remains frozen until all block devices are unfrozen.
2282 */
2283int thaw_super(struct super_block *sb, enum freeze_holder who,
2284 const void *freeze_owner)
2285{
2286 if (!super_lock_excl(sb)) {
2287 WARN_ON_ONCE("Dying superblock while thawing!");
2288 return -EINVAL;
2289 }
2290 return thaw_super_locked(sb, who, freeze_owner);
2291}
2292EXPORT_SYMBOL(thaw_super);
2293
2294/*
2295 * Create workqueue for deferred direct IO completions. We allocate the
2296 * workqueue when it's first needed. This avoids creating workqueue for
2297 * filesystems that don't need it and also allows us to create the workqueue
2298 * late enough so the we can include s_id in the name of the workqueue.
2299 */
2300int sb_init_dio_done_wq(struct super_block *sb)
2301{
2302 struct workqueue_struct *old;
2303 struct workqueue_struct *wq = alloc_workqueue(fmt: "dio/%s",
2304 flags: WQ_MEM_RECLAIM, max_active: 0,
2305 sb->s_id);
2306 if (!wq)
2307 return -ENOMEM;
2308 /*
2309 * This has to be atomic as more DIOs can race to create the workqueue
2310 */
2311 old = cmpxchg(&sb->s_dio_done_wq, NULL, wq);
2312 /* Someone created workqueue before us? Free ours... */
2313 if (old)
2314 destroy_workqueue(wq);
2315 return 0;
2316}
2317EXPORT_SYMBOL_GPL(sb_init_dio_done_wq);
2318

source code of linux/fs/super.c