Daniel Mack [Fri, 9 Jan 2015 18:03:34 +0000 (19:03 +0100)]
names: fix total length of kvecs
Don't let kdbus_pool_slice_alloc() copy the kvecs along with allocating
the slice. The problem is that we only want to copy the header of the
block in this case, which doesn't work when the implicit behavior is
used.
Hence, open-code the functionality. Fixes an Ooops on 3.19-rc3.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Fri, 9 Jan 2015 15:19:18 +0000 (16:19 +0100)]
kdbus-util: all_ids_are_mapped() do not leak an fd
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Fri, 9 Jan 2015 14:12:39 +0000 (15:12 +0100)]
message: simplify -EMSGSIZE test
Simplify the code a bit and check for pool size overflows after we did
the modulo operation.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 9 Jan 2015 14:07:03 +0000 (15:07 +0100)]
metadata: cosmetics
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 9 Jan 2015 14:02:18 +0000 (15:02 +0100)]
Assorted spelling fixes
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 9 Jan 2015 12:52:10 +0000 (13:52 +0100)]
connection, reply: move worker function to reply.h
Change kdbus_reply_list_scan() so it becomes the worker callback, so we
can remove the the glue from connection.c.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Fri, 9 Jan 2015 00:21:37 +0000 (01:21 +0100)]
connection: simplify kdbus_conn_lock2()
Drop 6 lines again and move the conditions directly before the lock
invokations.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 8 Jan 2015 23:58:26 +0000 (00:58 +0100)]
message: allow bloom filters with unicast signals
Make sure unicast signals can have bloom-filters attached.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 8 Jan 2015 23:36:38 +0000 (00:36 +0100)]
connection: fix kdbus_conn_lock2() for A==B
In odd cases (eg., sending a message to yourself), you might call
kdbus_conn_lock2() with A==B. Make sure we lock the connection only once
to not dead-lock.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 8 Jan 2015 23:16:04 +0000 (00:16 +0100)]
connection: simplify kdbus_conn_lock2()
We can use mutex_lock_nested() in both cases, so simplify the code.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 8 Jan 2015 23:12:42 +0000 (00:12 +0100)]
connection: silence lockdep on wrongly _nested() calls
If we call lock2() with a==NULL, we call _nested(1), which is wrong. Fix
this so lockdep works correctly.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Thu, 8 Jan 2015 18:58:31 +0000 (19:58 +0100)]
connection: add extra ref to reply while operating on it
kdbus_reply_unlink() potentially destroys the reply, so keep an
extra reference while working with it. Drop the reference after
we're done.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Thu, 8 Jan 2015 16:06:40 +0000 (17:06 +0100)]
handle: properly reset output arguments to 0
Make sure all output arguments are set to 0 so we can copy them once we're
done with the ioctl, regardless whether they were set previously.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Thu, 8 Jan 2015 16:34:39 +0000 (17:34 +0100)]
metadata: simplify OOM check for cmdline
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Thu, 8 Jan 2015 15:57:30 +0000 (16:57 +0100)]
reply: fix ref-leak
Introduce kdbus_reply_link/unlink() which take care of the list-owned
reference to the reply object. Fix all the callsides to use it and
properly let each caller own its own reference now. We no longer have to
be aware of the queue-state at all times, instead, the list-state owns its
own reference.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 8 Jan 2015 15:45:10 +0000 (16:45 +0100)]
connection: remove redundant variable
'allowed' is equivalent to '!!r' so drop it.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Thu, 8 Jan 2015 13:47:03 +0000 (14:47 +0100)]
metadata: fix stray blank line
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 8 Jan 2015 13:45:42 +0000 (14:45 +0100)]
metadata: fix kerneldoc
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 8 Jan 2015 13:44:12 +0000 (14:44 +0100)]
reply: add kerneldoc
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 8 Jan 2015 13:14:14 +0000 (14:14 +0100)]
connection: store reply trackers at reply_dst side
We are currently storing the reply objects at the connection that is
expected to send the reply. This raises some problems with interrupted
system calls when the message receiver name is taken over while the
sender has returned to userspace, before it restarts the syscall. If
the name is not taken over, but the receiver simply dies at this time,
we even leak the kdbus_reply object.
Fix this by storing the replies with the sending (and possibly
blocking) connection, as this is really where they belong. However,
this means that when moving messages, or when a connection dies, we
have to walk all connection on the bus in order to find pending replies
that point back to the connection in question. This can be optimized
with a second list, but I left that for later.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 8 Jan 2015 13:12:36 +0000 (14:12 +0100)]
connection.h: make kdbus_conn_{un,}lock2() NULL pointer resistant
Allow NULL pointers in both arguments to kdbus_conn_lock2() and
kdbus_conn_unlock2().
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Wed, 7 Jan 2015 23:25:06 +0000 (00:25 +0100)]
test-message: messages that impersonate method replies are rejected
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Wed, 7 Jan 2015 23:12:50 +0000 (00:12 +0100)]
reply: fix kerneldoc indentation
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Wed, 7 Jan 2015 20:32:44 +0000 (21:32 +0100)]
reply: coding style cleanup
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 20:28:00 +0000 (21:28 +0100)]
Changelog: update
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 20:02:36 +0000 (21:02 +0100)]
Factor out reply related bits to reply.[ch]
Move some code from connection.c to reply.c for better separation.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 19:44:07 +0000 (20:44 +0100)]
connection: rename kdbus_reply → kdbus_conn_reply
Drop the 'conn' part of the name, as it doesn't make sense.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 19:41:08 +0000 (20:41 +0100)]
kdbus.h: rename kdbus_reply → kdbus_msg_info (API break)
Rename struct kdbus_reply and call it kdbus_msg_info, as the old
name didn't describe well what the struct is used for.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Wed, 7 Jan 2015 19:38:02 +0000 (20:38 +0100)]
metadata: fix seqnum on kernel notifications
The seqnum ID is passed together with the timestamps. Therefore, move the
"u64 seq" argument to kdbus_meta_add_timestamp(). As the seqnum is not
known at message allocation time, we now also move the
kdbus_meta_add_timestamp() to the time we actually allocate the ID.
This fixes seqnum IDs on kernel notifications.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 17:41:32 +0000 (18:41 +0100)]
connection: unlock order doesn't matter
Make kdbus_conn_unlock2() just unlock both mutices, unlock order never
matters.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 17:23:56 +0000 (18:23 +0100)]
connection: use current_cred() for sender policy checks
This changes the policy-decisions for sender-initiated actions to use
current_cred() instead of conn->cred. This means, policy decisions for
ioctls will use the current credentials, instead of the credentials during
open().
On the other hand, receiver credentials are now bound to the pool used for
retrieval of the messages. Therefore, broadcasts and implicit policies are
checked against the file credentials of the target.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 17:18:41 +0000 (18:18 +0100)]
policy: use egid instead of gid
Same as for UIDs, use EGID instead of GID to perform policy checks.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 16:50:28 +0000 (17:50 +0100)]
names: fix uninitialized return value
A recent commit dropped the initialization of 'ret' so now it is returned
uninitialized. Fix this!
The commit in question is:
commit
de18809ec40380e0d4681141281555f7df35b303
Author: Daniel Mack <daniel@zonque.org>
Date: Wed Jan 7 15:48:54 2015 +0100
names: ignore return value of kdbus_notify_name_change
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 16:44:37 +0000 (17:44 +0100)]
connection: introduce kdbus_conn_lock2()
Lets not hard-code locking behavior of connections somewhere deep down in
names.c. Use kdbus_conn_lock2() to lock 2 connections at the same time.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Wed, 7 Jan 2015 15:23:52 +0000 (16:23 +0100)]
Changelog: some more updates
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 14:51:28 +0000 (15:51 +0100)]
names: don't break lines if we don't have to
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 7 Jan 2015 14:48:54 +0000 (15:48 +0100)]
names: ignore return value of kdbus_notify_name_change
If we cannot notify connections about a lost name, just continue.
Releasing a name with CMD_NAME_RELEASE should never fail because of
such a condition.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Wed, 7 Jan 2015 13:33:29 +0000 (14:33 +0100)]
message: messages that expect a reply must provide a valid tracking cookie
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Wed, 7 Jan 2015 13:16:20 +0000 (14:16 +0100)]
test: test case for pending requests quota limit
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Wed, 7 Jan 2015 12:59:44 +0000 (13:59 +0100)]
Remove TODO
These have all been addressed or discussed, so the file can go away.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Wed, 7 Jan 2015 12:30:28 +0000 (13:30 +0100)]
kdbus: drop KDBUS_ITEM_SIGMASK
The sigset_t type is arch-dependent. We really don't want such types in
our kdbus API. Our CANCEL_FD provides a safe alternative, so use it.
If anyone wants SIGMASK support later on, we can always add it again. But
unless someone wants it, we will try hard to keep it out of kdbus.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Wed, 7 Jan 2015 11:49:48 +0000 (12:49 +0100)]
Revert commit
f198a45 "kdbus.h: Use #defines rather than an enum..."
This reverts commit:
commit
f198a45e3242a4825e1e720c0637a151a6ef5e0d
Author: Daniel Mack <daniel@zonque.org>
Date: Fri Oct 31 09:03:16 2014 +0100
kdbus.h: Use #defines rather than an enum for ioctl definition
If you want to discover available features, use autoconf.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Djalal Harouni [Tue, 6 Jan 2015 20:55:08 +0000 (21:55 +0100)]
test: standarize the userns arguments
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 5 Jan 2015 19:33:56 +0000 (20:33 +0100)]
connection: for KDBUS_MSG_SIGNAL check match db then the policy db
Minor optimization, before locking the endpoint policy db in order to
check for TALK access, check first that the destination match db is
interested in the signal.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 5 Jan 2015 14:08:26 +0000 (15:08 +0100)]
connection: code documentation for the signal access logic
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Mon, 5 Jan 2015 13:32:26 +0000 (14:32 +0100)]
connection: handle KDBUS_MSG_SIGNAL
Add missed hunks for handling KDBUS_MSG_SIGNAL.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 5 Jan 2015 12:38:31 +0000 (13:38 +0100)]
kdbus.h: close ioctl number gap (ABI break)
0x32 was used by KDBUS_CMD_CANCEL which was removed.
Close the number gap and reuse that number for CMD_FREE.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 5 Jan 2015 12:22:48 +0000 (13:22 +0100)]
kdbus.h: introduce KDBUS_MSG_SIGNAL
In order to allow directed (unicast) signals, we need to split the
handling logic and introduce KDBUS_MSG_SIGNAL as message flag.
For signals, no matter if unicast or broadcast, we apply the following
policy logic:
* The _destination_ of the message must have a TALK permission to
the _sender_
* The _destination_ must have a bloom filter installed that matches
the bloom filter attached to the message
Tests are tweaked to reflect the new implementation.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Sun, 4 Jan 2015 13:55:40 +0000 (14:55 +0100)]
test: add kdbus_msg_send_reply()
Move send_reply() from test-sync.c to kdbus-util.c and rename it to
kdbus_msg_send_reply().
Currently there is only one user, will add a quota test for sync
messages later that will use it.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Sat, 3 Jan 2015 23:01:04 +0000 (00:01 +0100)]
connection: ignore the CANCEL_FD item on asynchronous messages
The doc states that CANCEL_FD should be installed for synchronous, and
for asynchronous messages it should be accepted but ignored, so fix the
code to reflect this.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Sat, 3 Jan 2015 22:56:38 +0000 (23:56 +0100)]
test-metadata-ns: various fixes to metadata-ns test
Rename the functions that try to match the received CREDS or PIDS items
Make sure that we dump the full queue of the monitor connection and that
the received PIDS are valid, the monitor is in the parent pidns so it
should be able to map all the received pids.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Thu, 25 Dec 2014 17:09:45 +0000 (18:09 +0100)]
connection: fix documentation
A connection can be terminated by simply closing its file descriptor.
Don't confuse readers by mentioning BYEBYE explicitly.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Thu, 25 Dec 2014 16:28:30 +0000 (17:28 +0100)]
connection: fix kdbus_conn_wait_reply() documentation
* Add kdbus_conn_wait_reply() kerneldoc
* Fix some code doc, on some points we are referring to the calling
connection that issued the sync send.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Thu, 25 Dec 2014 15:42:38 +0000 (16:42 +0100)]
connection: doc: kdbus_conn_reply_find() callers have to take the lock
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Thu, 25 Dec 2014 15:27:54 +0000 (16:27 +0100)]
connection: ensure that if cookie_reply was provided then there is a pending request
If a cookie_reply was provided, then we must ensure that it is a real
reply message to a previously pending request. Currently we don't do
that correctly, if there are no pending request from origin then we
fallback to kdbus_conn_policy_talk() access check. Fix this by making
sure that if cookie_reply is set then the origin must have a pending
request in its queue. Its userspace responsability to sync its logic.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Thu, 25 Dec 2014 15:12:16 +0000 (16:12 +0100)]
connection: rename 'reply_count' field to 'request_count'
When reading the code you need always to remember that the reply_count
is not about conting replies, but for the pending request issued by a
connection that are still waiting for a reply. So just rename the
variable nane to reflect its usecase without having to refer to its
kerneldoc.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Thu, 25 Dec 2014 15:05:00 +0000 (16:05 +0100)]
test-sync: use ASSERT_EXIT() in child process
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Thu, 25 Dec 2014 00:05:10 +0000 (01:05 +0100)]
test-sync: add close_epipe_sync test
This test makes sure that we get -EPIPE while waiting for the sync reply
and the replying connection was closed. It's like the BYEBYE test except
that here we close the fd of the replying connection.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
David Herrmann [Wed, 24 Dec 2014 12:22:18 +0000 (13:22 +0100)]
metadata: document 'last_cap' ABI
Lets make clear that user-space can expect 'last_cap' to be equal to
/proc/sys/kernel/cap_last_cap. User-space can pre-allocate sufficient
array space this way, without checking it on each item.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Tue, 23 Dec 2014 19:34:10 +0000 (20:34 +0100)]
queue: drop unused function parameter
kdbus_queue_entry_move() doesn't use its first parameter 'conn_src'
for anything, so drop it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 23 Dec 2014 17:25:08 +0000 (18:25 +0100)]
metadata: minor variable cleanup
Keep variables locals if we can, and give them specific names to make
the code easier to read.
Fix a small typo in kdbus.txt while at it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Mon, 22 Dec 2014 16:18:32 +0000 (17:18 +0100)]
fs: flush VFS cache on node deactivation
Whenever a node is deactivated, we now invalidate any cached dentries.
This will make sure that we don't leave any dead entries in the VFS cache.
While this is not bad as is, it does make the cache slower. Therefore,
flush those entries as they will never be reused anyway.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 22 Dec 2014 16:09:50 +0000 (17:09 +0100)]
fs: keep domain->dentry backlink
We don't really want backlinks into the VFS, however, we need some way to
thrash old VFS cache entries when objects get destructed. Therefore, safe
a pointer to the root dentry in every domain.
We don't pin the dentry, as this would create circular dependencies.
Instead, we bind the dentry validity to the active lifetime of the domain.
Therefore, you can only access domain->dentry as long as it is active.
Once umount() is called, we deactivate the domain and thus drop the dentry
cache.
This backlink will be needed in a follow-up that flushes caches on object
destruction.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 22 Dec 2014 15:04:58 +0000 (16:04 +0100)]
node: add kdbus_node_is_deactivated()
This is similar to kdbus_node_is_active(), but returns 'true' if
kdbus_node_deactivate() was called on the node.
Similar to kdbus_node_is_active(), there is no guarantee that the node
stays in that state. Therefore, it's only safe to use it if you don't
care for reliability or if you have other means of synchronization against
node lifetime changes.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 22 Dec 2014 15:00:16 +0000 (16:00 +0100)]
fs: bind domain-lifetime to root dentry
Make sure we activate domains *after* we allocated the root dentry, and
deactivate them *before* destroying the root dentry. This allows us to
access the root dentry as long as we hold an active reference to the
linked domain.
During mount, it doesn't matter in which order we activate the domain or
root dentry, as the underlying superblock is still locked and inaccessible
from user-space. Similarly, during sb-kill, all user-space mounts have
already been removed so the sb is inaccessible from user-space. It's
therefore safe to use any activation/deactivation order we want.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 22 Dec 2014 14:57:18 +0000 (15:57 +0100)]
node: make clear that ->parent is valid until destruction
So far we pretended that ->parent is no longer valid once a node was
deactivated. However, we always pinned the parent until destruction for
several reasons. Update our comments to make this clear.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 19:15:30 +0000 (20:15 +0100)]
test-sync: add no_cancel test
This test passes a CANCEL_FD but doesn't signal it. Therefore, it should
have no effect.
This catches wrong POLL masks in the kernel.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Mon, 22 Dec 2014 11:29:21 +0000 (12:29 +0100)]
connection: catch return value of kdbus_queue_entry_move()
If kdbus_queue_entry_move(), we really shouldn't continue but
report the error up the call chain.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 22 Dec 2014 11:27:56 +0000 (12:27 +0100)]
queue: up-chain error in kdbus_queue_entry_move()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 22 Dec 2014 11:27:27 +0000 (12:27 +0100)]
pool: clean up error handling in kdbus_pool_copy()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Sun, 21 Dec 2014 19:14:37 +0000 (20:14 +0100)]
connection: only one KDBUS_ITEM_CANCEL_FD item is allowed
Make sure that only one KDBUS_ITEM_CANCEL_FD item is passed.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Sun, 21 Dec 2014 16:20:06 +0000 (17:20 +0100)]
connection: pin cancel_fd before sending message
If userspace provides a bogus cancel_fd, make sure not to queue the
message on the receiver. Instead, pin the fd from kdbus_cmd_msg_send()
and pass the pinned cancel_fd to kdbus_conn_wait_reply().
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sun, 21 Dec 2014 00:36:04 +0000 (01:36 +0100)]
message: fix double-increade of kmsg->pool_size
We're already doing this conditionally some lines above.
Fixes SD's ./test-bus-zero-copy.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Sat, 20 Dec 2014 23:34:54 +0000 (00:34 +0100)]
connection: rename kdbus_conn_reply_sync() to kdbus_sync_reply_wakeup()
Rename kdbus_conn_reply_sync() to kdbus_sync_reply_wakeup(), using the
name object sometimes makes it easy to remember what the function is
about, but here it seems not the case, especially for the kdbus_conn_reply
object which is used in several places... so just rename this function
to make it reflect that we are waking up origin due to the sync reply
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Sat, 20 Dec 2014 23:32:05 +0000 (00:32 +0100)]
kdbus-test: fail with return not _exit() here
Fix my stupid copy paste errors
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Sat, 20 Dec 2014 23:12:58 +0000 (00:12 +0100)]
message: allocate the correct size of kmsg->iov
Allocating (n_vecs + n_memfds) number of elements in kmsg->iov
is likely too much. Calculate how many we really need.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sat, 20 Dec 2014 22:35:37 +0000 (23:35 +0100)]
message: keep track of kmsg->iov length through kmsg->iov_count
Count the array members of kmsg->iov in a new variable called
kmsg->iov_count.
This is necessary because res->vec_count is also used for added
memfd zero-byte alignments, and the message install logic in
queue.c expect to see KDBUS_MSG_DATA_VEC entries in res->data.
It also feel more logical to have the number of array members
stored next to the actual array.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sat, 20 Dec 2014 21:48:03 +0000 (22:48 +0100)]
queue.c: cosmetic cleanup
Spare one pair of parentheses.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sat, 20 Dec 2014 14:35:41 +0000 (15:35 +0100)]
node, notify, pool: remove some more BUG_ON()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sat, 20 Dec 2014 14:25:43 +0000 (15:25 +0100)]
connection, names: some less BUG_ON()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sat, 20 Dec 2014 02:21:41 +0000 (03:21 +0100)]
connection: intialize pwq later
This way, we can get rid of clecnup pathes in error cases
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 19:00:53 +0000 (20:00 +0100)]
connection: fix memory leak wrt cancel_fd
We have to poll_freewait() in error pathes.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Fri, 19 Dec 2014 18:54:03 +0000 (19:54 +0100)]
connection: don't pass NULL to f->poll()
We must never pass NULL to f->poll(). Instead, we reset the callback to
NULL, thus the poll function will never add more queues.
We already do this via init_poll_funcptr(&xyz, NULL) so we can safely pass
the poll context everytime. This also allows us to drop the first dummy
call to ->poll().
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Fri, 19 Dec 2014 18:53:11 +0000 (19:53 +0100)]
connection: minor comment nit
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Fri, 19 Dec 2014 18:41:53 +0000 (19:41 +0100)]
connection: don't oops if CANCEL_FD doesn't support poll
Verify the passed CANCEL_FD does actually support ->poll(). Otherwise, we
will call a NULL pointer.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Fri, 19 Dec 2014 18:48:31 +0000 (19:48 +0100)]
connection: don't break lines unless we have to
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:47:52 +0000 (19:47 +0100)]
connection: add comment on init_poll_funcptr()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:44:41 +0000 (19:44 +0100)]
kdbus.txt, Changelog: document KDBUS_ITEM_CANCEL_FD
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:44:00 +0000 (19:44 +0100)]
connection: trigger on cancel_fd->poll() & POLLIN
POLLIN is the event we're waiting for, not POLLOUT.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:27:18 +0000 (19:27 +0100)]
test-sync: add test for cancelling a sync send with an eventfd
Fork a process, issue a blocking send with a cancelfd, and kill the
command by writing to the cancel fd.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:25:14 +0000 (19:25 +0100)]
test: add cancel_fd parameter to kdbus_msg_send_sync()
Add another parameter to kdbus_msg_send_sync() which should be set
to -1 if unused. If >= 0, it will cause the SEND cmd ioctl to carry
an item of type KDBUS_ITEM_CANCEL_FD, and put the given value into
it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:17:01 +0000 (19:17 +0100)]
connection: accept eventfd as cancellation point
Allow passing in a CANCEL_FD item with the send command (attached to
the command, not the message!) that carries a file descriptor.
When userspace writes to this fd, use it as cancellation point an
return -ECANCELED to the blocking caller of KDBUS_CMD_SEND.
For this to work, we have to sleep on two wait queues now - one for
our own connection, one for the passed in fd. For this, open-code
what select() does, and use a struct poll_wqueues on the stack
to attach both wake up source to it. Then use poll_schedule_timeout()
to actually put the task to sleep. However, we have to implement
the condition checking ourselves, in a busy loop.
item->fds[0] may be any type of file descriptor that implements
poll(). For instance, an eventfd.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:16:01 +0000 (19:16 +0100)]
connection: pass struct file from ioctl handler to kdbus_conn_kmsg_send()
We need to have access to the struct file that was used to issue the
ioctl later, so let's pass it down to kdbus_conn_kmsg_send().
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 19 Dec 2014 18:11:29 +0000 (19:11 +0100)]
kdbus.h: add KDBUS_ITEM_CANCEL_FD (ABI break)
Add a new item that takes a file descriptor, used to cancel a synchronous
SEND operation.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Fri, 19 Dec 2014 18:02:19 +0000 (19:02 +0100)]
policy: optimize wildcard entry lookup
There is really no reason to duplicate the lookup string if all we do is
prefix comparison. Introduce kdbus_strnhash() and then do proper prefix
comparison in kdbus_policy_lookup() without string modification.
There is a reason DBus uses reverse DNS-notation. Use it!
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 17:55:41 +0000 (18:55 +0100)]
util: kdbus_str_hash() -> kdbus_strhash()
Lets make this function look more like strlen(), strcopy(), ... and
friends. Not that I like it in particular, but a followup will introduce
kdbus_strnhash() and those names get really weird once used with
underscore style.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 17:46:28 +0000 (18:46 +0100)]
policy: drop unused 'wildcard' parameter
This argument is unused, drop it from kdbus_policy_lookup().
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 17:41:59 +0000 (18:41 +0100)]
policy: drop unused kdbus_policy_check_access()
Inline this helper into kdbus_policy_query_unlocked(). No reason to split
both. The query helper is a one-liner and the only caller of
check_access().
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 17:36:23 +0000 (18:36 +0100)]
policy: return highest policy on kdbus_policy_query()
Instead of asking for a specific policy level, we now always return the
highest level found. That means, kdbus_policy_query() always searches
through all access-entries of a given name-entry and tries to find the
highest access-level that matches.
Note that this means we cannot shortcut the policy-check on a single name.
However, that should not affect the performance considerably. But the
upside is we now can properly cache any result of the policy-db. There is
no reason to limit it to TALK. Instead, a policy cache can properly take
the policy result and just cache it, regardless of the call-side.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Fri, 19 Dec 2014 17:13:38 +0000 (18:13 +0100)]
connection: fix information leak on !SEE for real
In the past we noticed that if you cannot SEE a name, we should not return
EPERM but ENOENT. Otherwise, you will notice the name exists in case the
policy-check is done _after_ looking up the name.
For NAME queries we're fine, but for ID queries we're not. Lets fix this
all at once and make both lookup and policy-check use the same code-path,
and thus the same error-code.
Also add tests to verify both error codes are always the same. There is no
reason to let user-space know "you're allowed to see that name but it
doesn't exist". Stop that crazy and just return the same error regardless
whether you cannot see it or whether it doesn't exist.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
projects / platform / core / system / kdbus-bus.git / log