Merge tag 'fsnotify_for_v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

	struct super_block *sb = dentry->d_sb;

	struct ext2_sb_info *sbi = EXT2_SB(sb);

	struct ext2_super_block *es = sbi->s_es;

	u64 fsid;

	spin_lock(&sbi->s_lock);

	buf->f_ffree = ext2_count_free_inodes(sb);

	es->s_free_inodes_count = cpu_to_le32(buf->f_ffree);

	buf->f_namelen = EXT2_NAME_LEN;

	fsid = le64_to_cpup((void *)es->s_uuid) ^

	       le64_to_cpup((void *)es->s_uuid + sizeof(u64));

	buf->f_fsid = u64_to_fsid(fsid);

	buf->f_fsid = uuid_to_fsid(es->s_uuid);

	spin_unlock(&sbi->s_lock);

	return 0;

}

	struct ext4_sb_info *sbi = EXT4_SB(sb);

	struct ext4_super_block *es = sbi->s_es;

	ext4_fsblk_t overhead = 0, resv_blocks;

	u64 fsid;

	s64 bfree;

	resv_blocks = EXT4_C2B(sbi, atomic64_read(&sbi->s_resv_clusters));

	buf->f_files = le32_to_cpu(es->s_inodes_count);

	buf->f_ffree = percpu_counter_sum_positive(&sbi->s_freeinodes_counter);

	buf->f_namelen = EXT4_NAME_LEN;

	fsid = le64_to_cpup((void *)es->s_uuid) ^

	       le64_to_cpup((void *)es->s_uuid + sizeof(u64));

	buf->f_fsid = u64_to_fsid(fsid);

	buf->f_fsid = uuid_to_fsid(es->s_uuid);

#ifdef CONFIG_QUOTA

	if (ext4_test_inode_flag(dentry->d_inode, EXT4_INODE_PROJINHERIT) &&

#include <linux/audit.h>

#include <linux/sched/mm.h>

#include <linux/statfs.h>

#include <linux/stringhash.h>

#include "fanotify.h"

	return p1->mnt == p2->mnt && p1->dentry == p2->dentry;

}

static unsigned int fanotify_hash_path(const struct path *path)

{

	return hash_ptr(path->dentry, FANOTIFY_EVENT_HASH_BITS) ^

		hash_ptr(path->mnt, FANOTIFY_EVENT_HASH_BITS);

}

static inline bool fanotify_fsid_equal(__kernel_fsid_t *fsid1,

				       __kernel_fsid_t *fsid2)

{

	return fsid1->val[0] == fsid2->val[0] && fsid1->val[1] == fsid2->val[1];

}

static unsigned int fanotify_hash_fsid(__kernel_fsid_t *fsid)

{

	return hash_32(fsid->val[0], FANOTIFY_EVENT_HASH_BITS) ^

		hash_32(fsid->val[1], FANOTIFY_EVENT_HASH_BITS);

}

static bool fanotify_fh_equal(struct fanotify_fh *fh1,

			      struct fanotify_fh *fh2)

{

		!memcmp(fanotify_fh_buf(fh1), fanotify_fh_buf(fh2), fh1->len);

}

static unsigned int fanotify_hash_fh(struct fanotify_fh *fh)

{

	long salt = (long)fh->type | (long)fh->len << 8;

	/*

	 * full_name_hash() works long by long, so it handles fh buf optimally.

	 */

	return full_name_hash((void *)salt, fanotify_fh_buf(fh), fh->len);

}

static bool fanotify_fid_event_equal(struct fanotify_fid_event *ffe1,

				     struct fanotify_fid_event *ffe2)

{

	return fanotify_info_equal(info1, info2);

}

static bool fanotify_should_merge(struct fsnotify_event *old_fsn,

				  struct fsnotify_event *new_fsn)

static bool fanotify_should_merge(struct fanotify_event *old,

				  struct fanotify_event *new)

{

	struct fanotify_event *old, *new;

	pr_debug("%s: old=%p new=%p\n", __func__, old, new);

	pr_debug("%s: old=%p new=%p\n", __func__, old_fsn, new_fsn);

	old = FANOTIFY_E(old_fsn);

	new = FANOTIFY_E(new_fsn);

	if (old_fsn->objectid != new_fsn->objectid ||

	if (old->hash != new->hash ||

	    old->type != new->type || old->pid != new->pid)

		return false;

	return false;

}

/* Limit event merges to limit CPU overhead per event */

#define FANOTIFY_MAX_MERGE_EVENTS 128

/* and the list better be locked by something too! */

static int fanotify_merge(struct list_head *list, struct fsnotify_event *event)

static int fanotify_merge(struct fsnotify_group *group,

			  struct fsnotify_event *event)

{

	struct fsnotify_event *test_event;

	struct fanotify_event *new;

	struct fanotify_event *old, *new = FANOTIFY_E(event);

	unsigned int bucket = fanotify_event_hash_bucket(group, new);

	struct hlist_head *hlist = &group->fanotify_data.merge_hash[bucket];

	int i = 0;

	pr_debug("%s: list=%p event=%p\n", __func__, list, event);

	new = FANOTIFY_E(event);

	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,

		 group, event, bucket);

	/*

	 * Don't merge a permission event with any other event so that we know

	if (fanotify_is_perm_event(new->mask))

		return 0;

	list_for_each_entry_reverse(test_event, list, list) {

		if (fanotify_should_merge(test_event, event)) {

			FANOTIFY_E(test_event)->mask |= new->mask;

	hlist_for_each_entry(old, hlist, merge_list) {

		if (++i > FANOTIFY_MAX_MERGE_EVENTS)

			break;

		if (fanotify_should_merge(old, new)) {

			old->mask |= new->mask;

			return 1;

		}

	}

			return ret;

		}

		/* Event not yet reported? Just remove it. */

		if (event->state == FAN_EVENT_INIT)

		if (event->state == FAN_EVENT_INIT) {

			fsnotify_remove_queued_event(group, &event->fae.fse);

			/* Permission events are not supposed to be hashed */

			WARN_ON_ONCE(!hlist_unhashed(&event->fae.merge_list));

		}

		/*

		 * Event may be also answered in case signal delivery raced

		 * with wakeup. In that case we have nothing to do besides

 * Return 0 on failure to encode.

 */

static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode,

			      unsigned int fh_len, gfp_t gfp)

			      unsigned int fh_len, unsigned int *hash,

			      gfp_t gfp)

{

	int dwords, type = 0;

	char *ext_buf = NULL;

	fh->type = type;

	fh->len = fh_len;

	/* Mix fh into event merge key */

	*hash ^= fanotify_hash_fh(fh);

	return FANOTIFY_FH_HDR_LEN + fh_len;

out_err:

}

static struct fanotify_event *fanotify_alloc_path_event(const struct path *path,

							unsigned int *hash,

							gfp_t gfp)

{

	struct fanotify_path_event *pevent;

	pevent->fae.type = FANOTIFY_EVENT_TYPE_PATH;

	pevent->path = *path;

	*hash ^= fanotify_hash_path(path);

	path_get(path);

	return &pevent->fae;

static struct fanotify_event *fanotify_alloc_fid_event(struct inode *id,

						       __kernel_fsid_t *fsid,

						       unsigned int *hash,

						       gfp_t gfp)

{

	struct fanotify_fid_event *ffe;

	ffe->fae.type = FANOTIFY_EVENT_TYPE_FID;

	ffe->fsid = *fsid;

	*hash ^= fanotify_hash_fsid(fsid);

	fanotify_encode_fh(&ffe->object_fh, id, fanotify_encode_fh_len(id),

			   gfp);

			   hash, gfp);

	return &ffe->fae;

}

static struct fanotify_event *fanotify_alloc_name_event(struct inode *id,

							__kernel_fsid_t *fsid,

							const struct qstr *file_name,

							const struct qstr *name,

							struct inode *child,

							unsigned int *hash,

							gfp_t gfp)

{

	struct fanotify_name_event *fne;

	size = sizeof(*fne) + FANOTIFY_FH_HDR_LEN + dir_fh_len;

	if (child_fh_len)

		size += FANOTIFY_FH_HDR_LEN + child_fh_len;

	if (file_name)

		size += file_name->len + 1;

	if (name)

		size += name->len + 1;

	fne = kmalloc(size, gfp);

	if (!fne)

		return NULL;

	fne->fae.type = FANOTIFY_EVENT_TYPE_FID_NAME;

	fne->fsid = *fsid;

	*hash ^= fanotify_hash_fsid(fsid);

	info = &fne->info;

	fanotify_info_init(info);

	dfh = fanotify_info_dir_fh(info);

	info->dir_fh_totlen = fanotify_encode_fh(dfh, id, dir_fh_len, 0);

	info->dir_fh_totlen = fanotify_encode_fh(dfh, id, dir_fh_len, hash, 0);

	if (child_fh_len) {

		ffh = fanotify_info_file_fh(info);

		info->file_fh_totlen = fanotify_encode_fh(ffh, child, child_fh_len, 0);

		info->file_fh_totlen = fanotify_encode_fh(ffh, child,

							child_fh_len, hash, 0);

	}

	if (name) {

		long salt = name->len;

		fanotify_info_copy_name(info, name);

		*hash ^= full_name_hash((void *)salt, name->name, name->len);

	}

	if (file_name)

		fanotify_info_copy_name(info, file_name);

	pr_debug("%s: ino=%lu size=%u dir_fh_len=%u child_fh_len=%u name_len=%u name='%.*s'\n",

		 __func__, id->i_ino, size, dir_fh_len, child_fh_len,

	struct mem_cgroup *old_memcg;

	struct inode *child = NULL;

	bool name_event = false;

	unsigned int hash = 0;

	bool ondir = mask & FAN_ONDIR;

	struct pid *pid;

	if ((fid_mode & FAN_REPORT_DIR_FID) && dirid) {

		/*

		 * report the child fid for events reported on a non-dir child

		 * in addition to reporting the parent fid and maybe child name.

		 */

		if ((fid_mode & FAN_REPORT_FID) &&

		    id != dirid && !(mask & FAN_ONDIR))

		if ((fid_mode & FAN_REPORT_FID) && id != dirid && !ondir)

			child = id;

		id = dirid;

		if (!(fid_mode & FAN_REPORT_NAME)) {

			name_event = !!child;

			file_name = NULL;

		} else if ((mask & ALL_FSNOTIFY_DIRENT_EVENTS) ||

			   !(mask & FAN_ONDIR)) {

		} else if ((mask & ALL_FSNOTIFY_DIRENT_EVENTS) || !ondir) {

			name_event = true;

		}

	}

		event = fanotify_alloc_perm_event(path, gfp);

	} else if (name_event && (file_name || child)) {

		event = fanotify_alloc_name_event(id, fsid, file_name, child,

						  gfp);

						  &hash, gfp);

	} else if (fid_mode) {

		event = fanotify_alloc_fid_event(id, fsid, gfp);

		event = fanotify_alloc_fid_event(id, fsid, &hash, gfp);

	} else {

		event = fanotify_alloc_path_event(path, gfp);

		event = fanotify_alloc_path_event(path, &hash, gfp);

	}

	if (!event)

		goto out;

	/*

	 * Use the victim inode instead of the watching inode as the id for

	 * event queue, so event reported on parent is merged with event

	 * reported on child when both directory and child watches exist.

	 */

	fanotify_init_event(event, (unsigned long)id, mask);

	if (FAN_GROUP_FLAG(group, FAN_REPORT_TID))

		event->pid = get_pid(task_pid(current));

		pid = get_pid(task_pid(current));

	else

		event->pid = get_pid(task_tgid(current));

		pid = get_pid(task_tgid(current));

	/* Mix event info, FAN_ONDIR flag and pid into event merge key */

	hash ^= hash_long((unsigned long)pid | ondir, FANOTIFY_EVENT_HASH_BITS);

	fanotify_init_event(event, hash, mask);

	event->pid = pid;

out:

	set_active_memcg(old_memcg);

	return fsid;

}

/*

 * Add an event to hash table for faster merge.

 */

static void fanotify_insert_event(struct fsnotify_group *group,

				  struct fsnotify_event *fsn_event)

{

	struct fanotify_event *event = FANOTIFY_E(fsn_event);

	unsigned int bucket = fanotify_event_hash_bucket(group, event);

	struct hlist_head *hlist = &group->fanotify_data.merge_hash[bucket];

	assert_spin_locked(&group->notification_lock);

	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,

		 group, event, bucket);

	hlist_add_head(&event->merge_list, hlist);

}

static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,

				 const void *data, int data_type,

				 struct inode *dir,

	}

	fsn_event = &event->fse;

	ret = fsnotify_add_event(group, fsn_event, fanotify_merge);

	ret = fsnotify_add_event(group, fsn_event, fanotify_merge,

				 fanotify_is_hashed_event(mask) ?

				 fanotify_insert_event : NULL);

	if (ret) {

		/* Permission events shouldn't be merged */

		BUG_ON(ret == 1 && mask & FANOTIFY_PERM_EVENTS);

static void fanotify_free_group_priv(struct fsnotify_group *group)

{

	struct user_struct *user;

	user = group->fanotify_data.user;

	atomic_dec(&user->fanotify_listeners);

	free_uid(user);

	kfree(group->fanotify_data.merge_hash);

	if (group->fanotify_data.ucounts)

		dec_ucount(group->fanotify_data.ucounts,

			   UCOUNT_FANOTIFY_GROUPS);

}

static void fanotify_free_path_event(struct fanotify_event *event)

	}

}

static void fanotify_freeing_mark(struct fsnotify_mark *mark,

				  struct fsnotify_group *group)

{

	if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS))

		dec_ucount(group->fanotify_data.ucounts, UCOUNT_FANOTIFY_MARKS);

}

static void fanotify_free_mark(struct fsnotify_mark *fsn_mark)

{

	kmem_cache_free(fanotify_mark_cache, fsn_mark);

	.handle_event = fanotify_handle_event,

	.free_group_priv = fanotify_free_group_priv,

	.free_event = fanotify_free_event,

	.freeing_mark = fanotify_freeing_mark,

	.free_mark = fanotify_free_mark,

};

#include <linux/path.h>

#include <linux/slab.h>

#include <linux/exportfs.h>

#include <linux/hashtable.h>

extern struct kmem_cache *fanotify_mark_cache;

extern struct kmem_cache *fanotify_fid_event_cachep;

	info->name_len = 0;

}

static inline unsigned int fanotify_info_len(struct fanotify_info *info)

{

	return info->dir_fh_totlen + info->file_fh_totlen + info->name_len;

}

static inline void fanotify_info_copy_name(struct fanotify_info *info,

					   const struct qstr *name)

{

	FANOTIFY_EVENT_TYPE_PATH,

	FANOTIFY_EVENT_TYPE_PATH_PERM,

	FANOTIFY_EVENT_TYPE_OVERFLOW, /* struct fanotify_event */

	__FANOTIFY_EVENT_TYPE_NUM

};

#define FANOTIFY_EVENT_TYPE_BITS \

	(ilog2(__FANOTIFY_EVENT_TYPE_NUM - 1) + 1)

#define FANOTIFY_EVENT_HASH_BITS \

	(32 - FANOTIFY_EVENT_TYPE_BITS)

struct fanotify_event {

	struct fsnotify_event fse;

	struct hlist_node merge_list;	/* List for hashed merge */

	u32 mask;

	enum fanotify_event_type type;

	struct {

		unsigned int type : FANOTIFY_EVENT_TYPE_BITS;

		unsigned int hash : FANOTIFY_EVENT_HASH_BITS;

	};

	struct pid *pid;

};

static inline void fanotify_init_event(struct fanotify_event *event,

				       unsigned long id, u32 mask)

				       unsigned int hash, u32 mask)

{

	fsnotify_init_event(&event->fse, id);

	fsnotify_init_event(&event->fse);

	INIT_HLIST_NODE(&event->merge_list);

	event->hash = hash;

	event->mask = mask;

	event->pid = NULL;

}

	else

		return NULL;

}

/*

 * Use 128 size hash table to speed up events merge.

 */

#define FANOTIFY_HTABLE_BITS	(7)

#define FANOTIFY_HTABLE_SIZE	(1 << FANOTIFY_HTABLE_BITS)

#define FANOTIFY_HTABLE_MASK	(FANOTIFY_HTABLE_SIZE - 1)

/*

 * Permission events and overflow event do not get merged - don't hash them.

 */

static inline bool fanotify_is_hashed_event(u32 mask)

{

	return !fanotify_is_perm_event(mask) && !(mask & FS_Q_OVERFLOW);

}

static inline unsigned int fanotify_event_hash_bucket(

						struct fsnotify_group *group,

						struct fanotify_event *event)

{

	return event->hash & FANOTIFY_HTABLE_MASK;

}

#include "fanotify.h"

#define FANOTIFY_DEFAULT_MAX_EVENTS	16384

#define FANOTIFY_DEFAULT_MAX_MARKS	8192

#define FANOTIFY_DEFAULT_MAX_LISTENERS	128

#define FANOTIFY_OLD_DEFAULT_MAX_MARKS	8192

#define FANOTIFY_DEFAULT_MAX_GROUPS	128

/*

 * Legacy fanotify marks limits (8192) is per group and we introduced a tunable

 * limit of marks per user, similar to inotify.  Effectively, the legacy limit

 * of fanotify marks per user is <max marks per group> * <max groups per user>.

 * This default limit (1M) also happens to match the increased limit of inotify

 * max_user_watches since v5.10.

 */

#define FANOTIFY_DEFAULT_MAX_USER_MARKS	\

	(FANOTIFY_OLD_DEFAULT_MAX_MARKS * FANOTIFY_DEFAULT_MAX_GROUPS)

/*

 * Most of the memory cost of adding an inode mark is pinning the marked inode.

 * The size of the filesystem inode struct is not uniform across filesystems,

 * so double the size of a VFS inode is used as a conservative approximation.

 */

#define INODE_MARK_COST	(2 * sizeof(struct inode))

/* configurable via /proc/sys/fs/fanotify/ */

static int fanotify_max_queued_events __read_mostly;

#ifdef CONFIG_SYSCTL

#include <linux/sysctl.h>

struct ctl_table fanotify_table[] = {

	{

		.procname	= "max_user_groups",

		.data	= &init_user_ns.ucount_max[UCOUNT_FANOTIFY_GROUPS],

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= SYSCTL_ZERO,

	},

	{

		.procname	= "max_user_marks",

		.data	= &init_user_ns.ucount_max[UCOUNT_FANOTIFY_MARKS],

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= SYSCTL_ZERO,

	},

	{

		.procname	= "max_queued_events",

		.data		= &fanotify_max_queued_events,

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= SYSCTL_ZERO

	},

	{ }

};

#endif /* CONFIG_SYSCTL */

/*

 * All flags that may be specified in parameter event_f_flags of fanotify_init.

	return info_len;

}

/*

 * Remove an hashed event from merge hash table.

 */

static void fanotify_unhash_event(struct fsnotify_group *group,

				  struct fanotify_event *event)

{

	assert_spin_locked(&group->notification_lock);

	pr_debug("%s: group=%p event=%p bucket=%u\n", __func__,

		 group, event, fanotify_event_hash_bucket(group, event));

	if (WARN_ON_ONCE(hlist_unhashed(&event->merge_list)))

		return;

	hlist_del_init(&event->merge_list);

}

/*

 * Get an fanotify notification event if one exists and is small

 * enough to fit in "count". Return an error pointer if the count

{

	size_t event_size = FAN_EVENT_METADATA_LEN;

	struct fanotify_event *event = NULL;

	struct fsnotify_event *fsn_event;

	unsigned int fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);

	pr_debug("%s: group=%p count=%zd\n", __func__, group, count);

	spin_lock(&group->notification_lock);

	if (fsnotify_notify_queue_is_empty(group))

	fsn_event = fsnotify_peek_first_event(group);

	if (!fsn_event)

		goto out;

	if (fid_mode) {

		event_size += fanotify_event_info_len(fid_mode,

			FANOTIFY_E(fsnotify_peek_first_event(group)));

	}

	event = FANOTIFY_E(fsn_event);

	if (fid_mode)

		event_size += fanotify_event_info_len(fid_mode, event);

	if (event_size > count) {

		event = ERR_PTR(-EINVAL);

		goto out;

	}

	event = FANOTIFY_E(fsnotify_remove_first_event(group));

	/*

	 * Held the notification_lock the whole time, so this is the

	 * same event we peeked above.

	 */

	fsnotify_remove_first_event(group);

	if (fanotify_is_perm_event(event->mask))

		FANOTIFY_PERM(event)->state = FAN_EVENT_REPORTED;

	if (fanotify_is_hashed_event(event->mask))

		fanotify_unhash_event(group, event);

out:

	spin_unlock(&group->notification_lock);

	return event;

	metadata.reserved = 0;

	metadata.mask = event->mask & FANOTIFY_OUTGOING_EVENTS;

	metadata.pid = pid_vnr(event->pid);

	/*

	 * For an unprivileged listener, event->pid can be used to identify the

	 * events generated by the listener process itself, without disclosing

	 * the pids of other processes.

	 */

	if (!capable(CAP_SYS_ADMIN) &&

	    task_tgid(current) != event->pid)

		metadata.pid = 0;