Greg Kroah-Hartman [Sun, 2 Nov 2014 01:29:29 +0000 (18:29 -0700)]
kdbus.txt: grammer fixes from Peter Meerwald
Djalal Harouni [Sat, 1 Nov 2014 14:00:30 +0000 (15:00 +0100)]
handle: when caching the creator's metadata cache also KDBUS_ATTACH_AUXGROUPS
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Fri, 31 Oct 2014 14:35:22 +0000 (15:35 +0100)]
handle.c: remove unnecessary pointer assignment
No need to assign `ptr' to the return value of idr_replace()
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 31 Oct 2014 11:05:02 +0000 (12:05 +0100)]
handle.c: rework pointer assignment logic
During the review on LKML, Thomas Gleixner stubled over the usage
of our 'p' variable assignment. Apparantly, the idea of assigning
memdup()'ed memory to a void pointer that is automatically freed
at the end of the function wasn't obvious to readers.
Let's fix this, and
a) make kdbus_memdup_user() return void* instead of int, so we can
directly assign variables to the return value
b) assign the void* variable after the memdup, and call it 'free_ptr'
to make clearer what's going on.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 31 Oct 2014 09:49:35 +0000 (10:49 +0100)]
convert *_new() functions to return the new object directly
Al Viro writes:
BTW, the calling conventions for your foo_new() are annoying - instead of
"return -E... or 0, storing the reference to new object in var parameter
passed as the last argument", could you please just return ERR_PTR(-E...)
on error, a pointer to new object on success and to hell with those
struct foo **foo in the argument lists?
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 31 Oct 2014 08:03:16 +0000 (09:03 +0100)]
kdbus.h: Use #defines rather than an enum for ioctl definition
Arnd Bergmann writes:
I think in general, using enum is great, but for ioctl command numbers,
we probably want to have defines so the user space implementation can
use #ifdef to see if the kernel version that it is being built for
knows a particular command.
[...]
which might in fact help some tools that try to do automated parsing
of header files to find ioctl commands.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 30 Oct 2014 08:13:06 +0000 (09:13 +0100)]
item.c: #include <linux/fs.h>
This should fix tonight's build bot error.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Wed, 29 Oct 2014 19:49:21 +0000 (20:49 +0100)]
doc: fix a typo kdbus instead of kbus
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 28 Oct 2014 15:42:26 +0000 (16:42 +0100)]
benchmark: cache the kdbus msg and update only memfd item offset if needed
No need to create the kdbus msg every time, and if we are sending a
memfd, then just store its item offset, patch it later with the right
memfd fd+data, seal it, then send it.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 28 Oct 2014 12:07:50 +0000 (13:07 +0100)]
connection: block only normal fds allwo sending memfds
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Tue, 28 Oct 2014 12:03:17 +0000 (13:03 +0100)]
test/test-sync: we accept SA_RESTART now
Tweak the test case accordingly.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 28 Oct 2014 11:47:22 +0000 (12:47 +0100)]
connection: rework interrupted system call implementation
Calls that end up in wait_event_interruptible_timeout() are subject
to be interrupted if the userspace task receives a signal. In such
cases, the function will return -ERESTARTSYS, and in case a signal
handler was installed with SA_RESTART, the syscall would be
automatically restarted.
However, in case of KDBUS_CMD_MSG_SEND, however, we have to avoid
sending the same message again in that case, which is why we
decided to return -EINPROGRESS before, and let userspace call into
a special ioctl to catch up on the 2nd half of the SEND syscall.
However, it turns out there's a much simpler solution to that:
* If a system call is interrupted, we set .interrupted = true in
the reply tracker object, so it will be cleaned up by the
connection worker.
* When KDBUS_CMD_MSG_SEND is calles in a synchronous fashion,
try to find a reply tracking object in the destination connection.
If it exists, and is marked as .interrupted == true, catch up on
it, and go back to wait_event_interruptible_timeout() right away.
That way, we can explicitly support SA_RESTART now, and as timeouts
are absolute, a restarted syscall does the right thing.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 28 Oct 2014 11:44:39 +0000 (12:44 +0100)]
connection: add kdbus_conn_reply.interrupted
Add a new boolean flag to track reply objects affected by interrupted
system calls. Treat such object as non-sync in kdbus_conn_work().
This patch does not add any user that sets this flag yet.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 28 Oct 2014 11:43:43 +0000 (12:43 +0100)]
connection: conditional branch cleanups
Use an else branch for better readability.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 28 Oct 2014 10:40:44 +0000 (11:40 +0100)]
connection: introduce kdbus_conn_find_reply()
Introduce kdbus_conn_find_reply() and factor out the list walking
code from kdbus_cmd_msg_cancel() and kdbus_conn_check_access().
There will be one more user later.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Tue, 28 Oct 2014 10:44:17 +0000 (11:44 +0100)]
test-fd: check if we did receive the right number of passed fds
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 28 Oct 2014 09:44:21 +0000 (10:44 +0100)]
connection: improve the connection do not accept fd passing check
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Mon, 27 Oct 2014 15:41:30 +0000 (16:41 +0100)]
kdbus.h: strip down header
Copyright information in kdbus.h seems overkill, so remove it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 27 Oct 2014 15:32:46 +0000 (16:32 +0100)]
kdbus.h, metadata: factor out capabilities (ABI break)
Move capabilites to its own struct inside kdbus_item. This also gives
us the ability to inform userspace of the highest caps bit the kernel
knows about.
Hence, if the capabilites grow in either the number of sets or the
number of rows, we can now detect and handle both from userspace.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Mon, 27 Oct 2014 15:06:44 +0000 (16:06 +0100)]
test-fd: add more passfd+close tests to fdpassing
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 27 Oct 2014 13:41:35 +0000 (14:41 +0100)]
test-fd: test send fd operations on connection that do not accept fds
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Mon, 27 Oct 2014 11:33:43 +0000 (12:33 +0100)]
connection, message: cosmetics
Just two tiny cleanups.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Sun, 26 Oct 2014 16:30:22 +0000 (17:30 +0100)]
connection, handle: fix a number of checkpatch warnings
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Sat, 25 Oct 2014 12:02:12 +0000 (13:02 +0100)]
policy: check if name is valid when updating policies
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Sat, 25 Oct 2014 11:31:10 +0000 (12:31 +0100)]
test-monitor: add KDBUS_CMD_CONN_UPDATE tests for monitor connections
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Sat, 25 Oct 2014 11:30:14 +0000 (12:30 +0100)]
connection: make KDBUS_CMD_CONN_UPDATE ioctl available for monitor connections
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Fri, 24 Oct 2014 23:45:28 +0000 (00:45 +0100)]
handle: validate items in kdbus_items_validate() in KDBUS_CMD_CONN_INFO
Try to validate the KDBUS_ITEM_NAME before going further
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Fri, 24 Oct 2014 23:40:39 +0000 (00:40 +0100)]
doc: the well-known name in kdbus_cmd_info is passed in the item list
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Fri, 24 Oct 2014 22:47:36 +0000 (23:47 +0100)]
connection: fix kdbus_cmd_info() argument indentation
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Fri, 24 Oct 2014 22:12:55 +0000 (23:12 +0100)]
test-names: name validity tests for CMD_NAME_{ACQUIRE|RELEASE}
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Fri, 24 Oct 2014 22:11:49 +0000 (23:11 +0100)]
names: check if name is valid for CMD_NAME_ACQUIRE and CMD_NAME_RELEASE
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Lukasz Skalski [Fri, 24 Oct 2014 10:18:12 +0000 (12:18 +0200)]
kdbus.h: fix kernel doc
David Herrmann [Thu, 23 Oct 2014 13:11:43 +0000 (15:11 +0200)]
connection: keep SYNC messages alive on EINTR
If a SYNC-SEND is interrupted by a signal, there is no way we can restart
the syscall. If we returned ERESTARTSYS, we'd queue the message again on
restart. This is very irritating, therefore, we never support restarting
syscalls. Instead, we return EINPROGRESS if the message was queued but no
reply was received, yet.
Internally, we turn the 'sync' reply_wait into an 'async' reply. This way,
it will be treated the same way as any other asynchronous reply.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 12:15:14 +0000 (14:15 +0200)]
connection: dont leak sync replies
If a timeout occurs before we can queue a reply to a message, we might
queue it _after_ the sync caller already returned and dropped its ref.
Avoid this by using the 'waiting' flag to sync between sender and
receiver.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 12:02:55 +0000 (14:02 +0200)]
connection: make sure to delete reply_wake entries
If we reply to a pending method call, we must make sure to only allow a
single connection to respond. Therefore, unqueue reply_wake entries
unconditionally after we allowed a single call to pass through.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 12:01:03 +0000 (14:01 +0200)]
connection: hold conn_reply ref on reply_wake
We pass reply_wake around without holding any locks. It might get
destructed by parallel timeouts of other replies that are faster than we
are. Make sure we hold a reference to avoid those races.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 11:56:35 +0000 (13:56 +0200)]
connection: make conn_reply ref-counted
conn_reply objects are used all over the place. We often pass pointers
around without actually holding the parent lock. They might get destructed
while we use it. To avoid this, make it ref-counted so there's no need to
constantly hold locks..
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 11:49:00 +0000 (13:49 +0200)]
connection: conn_add_expected_reply -> conn_reply_new
Rename kdbus_conn_add_expected_reply() to kdbus_conn_reply_new(). The
function no longer adds replies but only allocates them. No reason to keep
the old name.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 11:30:13 +0000 (13:30 +0200)]
connection: dont leak replies if message-queueing fails
Currently, we queue the conn_reply _before_ queueing the actual message.
This might leak conn_reply objects if we cannot queue the message. Avoid
this by queuing the conn_reply object at the same time we queue the
message.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 10:53:41 +0000 (12:53 +0200)]
connection: correctly filter messages on name takeover
If a name is taken over by an activator, we move messages that were
targetted at the this exact name over. However, we must make sure to leave
all other messages correctly queued on the source, so it can continue
using other names it might posess.
This fixes the filtering we apply on the messages itself, to no longer
leak them. Furthermore, it also applies proper filtering to the conn_reply
objects, so only matching objects are moved.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 10:34:45 +0000 (12:34 +0200)]
connection: rename reply->conn to reply->reply_dst
reply->conn is pretty vague and I have a hard time remembering which side
of the communication it points to. Rename it to "reply_dst" so it's clear
that it points to the destination of the reply (or: origin of the call).
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 10:20:06 +0000 (12:20 +0200)]
connection: don't send DEAD-NOTIFICATIONS on sync SENDs
If we synchronously send messages, we never queue notifications on the
sender if a timeout or reset occurs. Fix the DEAD_DESTINATION handling to
not queue such messages either.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Thu, 23 Oct 2014 10:16:25 +0000 (12:16 +0200)]
connection: simplify reply cleanups
There is no reason why we cannot destroy replies while holding a
connection lock. If the reply points to the connection whose lock we hold,
we also have another ref on that connection due to our context. If the
lock points to another connection, we can simply unref it at any time.
Note that we never cause disconnects on the connection. We only unref it!
The object destruction is a simple memory cleanup. Nothing fancy is done
there, and no inter-object refs can exist anymore (otherwise, it would not
get freed). Therefore, fix all our callers to free replies directly,
instead of releasing the locks first.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Djalal Harouni [Wed, 22 Oct 2014 19:44:23 +0000 (20:44 +0100)]
test-fd: make sure that passed fds do not also allow fd queueing
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Wed, 22 Oct 2014 16:36:45 +0000 (18:36 +0200)]
kdbus.h: rename kdbus_{cmd,}_conn_info → kdbus_{cmd,}_info
As we now use kdbus_cmd_conn_info and kdbus_conn_info for bus creator
information as well, rename the structs to a more generic term.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 22 Oct 2014 16:01:19 +0000 (18:01 +0200)]
kdbus.h: add KDBUS_CMD_BUS_CREATOR_INFO
Add a call to return metadata on the task that created a bus, at the
moment it did so. The call behaves similar to KDBUS_CMD_CONN_INFO, and
shares the same dispatcher code in handle.c.
While at it, factor out bus-related test functions to their own file,
and also add some code test the new ioctl.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Wed, 22 Oct 2014 14:45:04 +0000 (15:45 +0100)]
message: switch to fget_raw() to allow passing O_PATH file descriptors
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Wed, 22 Oct 2014 14:39:27 +0000 (15:39 +0100)]
message: we want to allow O_PATHed file descriptors
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Wed, 22 Oct 2014 12:18:18 +0000 (14:18 +0200)]
test-fd: add a bloom filter to broadcast message
Satisfy a kernel check so we can be sure we really bail out due
to the check we're actually enforcing.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 22 Oct 2014 12:05:39 +0000 (14:05 +0200)]
message: allow memfds for broadcast messages
As discussed on LPC.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 22 Oct 2014 11:49:05 +0000 (13:49 +0200)]
connection: remove unused variable
That was introduced by a wrong conflict resolution.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Wed, 22 Oct 2014 11:41:34 +0000 (12:41 +0100)]
test: just define KDBUS_SYSNAME_MAX_LEN here in test-endpoint
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Wed, 22 Oct 2014 10:24:39 +0000 (11:24 +0100)]
test: make sure that creating endpoint with long names will fail
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Wed, 22 Oct 2014 10:22:45 +0000 (11:22 +0100)]
test-sync: do a second recv only when SA_RESTART was passed
The test was working for all cases, but fix it to only check for the
SA_RESTART case.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Wed, 22 Oct 2014 10:08:41 +0000 (12:08 +0200)]
Makefile: add 'doc' target
So easy the process of checking kernel-doc entries
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 22 Oct 2014 09:58:01 +0000 (11:58 +0200)]
handle.c: fix and add kernel-doc
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Wed, 22 Oct 2014 09:52:04 +0000 (11:52 +0200)]
Revert "notify: set item->size"
This reverts commit
b62c3ed2b7bed76935a57a9a65e7bba63602b4c4.
m->msg.items[0].size is already set from kdbus_kmsg_new(), so this
is unnecessary. Furthermode, we need to ALIGN8() the item size, which
kdbus_kmsg_new() also does for us already.
Daniel Mack [Wed, 22 Oct 2014 09:49:05 +0000 (11:49 +0200)]
test: use kdbus_msg_dump() to check for message integrity
Make kdbus_msg_dump() return an error in case there's anything wrong
with the message. Return such errors from kdbus_msg_recv(). We currently
fail with notifications.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 21 Oct 2014 18:52:45 +0000 (20:52 +0200)]
connection.c: cosmetic cleanup
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 21 Oct 2014 18:23:07 +0000 (20:23 +0200)]
connection: switch to absolute timeouts (API break)
Make the timeouts in struct kdbus_msg.timeout_ns absolute.
This is necessary in order to support blocking sync calls with
SA_RESTART behavior.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 21 Oct 2014 18:17:45 +0000 (20:17 +0200)]
test-sync: implement send_reply()
Implement a new helper function to reply to pending messages.
Formerly, the test abused the timeout parameter to respond, knowing
that its value will eventually end up in the kdbus message in the
same union as the cookie_reply field.
In the process of switching to absolute timeouts, however, this bites
us, so move this hack out of the way first.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Tue, 21 Oct 2014 20:05:44 +0000 (22:05 +0200)]
connection: drop unused variable
The 'ts' variable is no longer used. Drop it.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Tue, 21 Oct 2014 20:04:12 +0000 (22:04 +0200)]
connection: remove debugging printk()
This probably wasn't meant to be included in the commit. Remove stray
printk() debugging helper.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Tue, 21 Oct 2014 17:56:41 +0000 (19:56 +0200)]
connection.c: comments cleanup
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 21 Oct 2014 17:07:14 +0000 (19:07 +0200)]
kdbus.h: split in and out flags of ioctls (ABI break)
Instead of negotating kernel flags via the same field for input and
output, use two different bitfields for that, and call the returned
flags 'kernel_flags'.
The approach implemented before didn't turn out to work too well for
more complex userspace programs that retain the same ioctl buffers
for multiple calls, and which had to manually save and restore the
flags before.
While at it, rename conn_flags → flags in kdbus_cmd_hello to ease
the internal helper functions and unify the API a bit more.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 21 Oct 2014 16:59:23 +0000 (18:59 +0200)]
kdbus.h: factor out name info struct (ABI break)
Introduce struct kdbus_name_info and report information on name lists
with it, instead of (ab)using struct kdbus_cmd_name for it.
That way, we can get rid of two fields in the latter.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Tue, 21 Oct 2014 12:11:36 +0000 (14:11 +0200)]
handle: use dynamic major/minor allocation (ABI break)
Instead of requiring 1 major per domain, we now allocate major/minor
combinations dynamically. So far, only a single major is allocated during
module init, but the code can easily be extended to even make those
dynamic. However, device-cgroups require us to have a fixed major. User
space must be aware that major/minor numbers no longer have any specific
meaning. Each major/minor combination might be assigned to any domain
and/or endpoint! Apart from this semantics change, the ABI stays the same.
Furthermore, this patch reworks the kdbus_domain_new() and kdbus_ep_new()
functions to avoid races against UEVENT_ADD. Both objects must be active
before we call device_add() and thus produce UEVENT_ADD.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Djalal Harouni [Mon, 20 Oct 2014 20:40:35 +0000 (21:40 +0100)]
message: document the verify fd and increment usage count logic
We explicitly verify the fd and then just increment the usage counter.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 20:28:42 +0000 (21:28 +0100)]
util: fput files refs in reverse order
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 20:04:11 +0000 (21:04 +0100)]
message: minor optimization no need to pass invalid fds to fget()
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 16:57:40 +0000 (17:57 +0100)]
test-fd: fix the fd passing test and use KDBUS_MSG_MAX_FDS for normal fds
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 16:50:57 +0000 (17:50 +0100)]
message: revert commit
65b277d6c0 since KDBUS_MSG_MAX_FDS is only for normal fds
As noted by Daniel, the KDBUS_MSG_MAX_FDS is only for normal fds,
messages that carry payloads as memfds will be accounted against
KDBUS_MSG_MAX_ITEMS, so revert and restore the previous logic.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 16:13:14 +0000 (17:13 +0100)]
message: account both memfds and fds against KDBUS_MSG_MAX_FDS
Ensure that the number of memfds and normal fds will not exceed
KDBUS_MSG_MAX_FDS per message.
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 20 Oct 2014 16:12:12 +0000 (17:12 +0100)]
test-fd: add tests for fd and memfd accounting
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Mon, 20 Oct 2014 15:28:55 +0000 (17:28 +0200)]
handle: allocate handle after domain lookup
Just a small cleanup that orders memory allocation after the domain
has been looked up. That saves us an extra kfree() in the error path.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Mon, 20 Oct 2014 13:47:06 +0000 (15:47 +0200)]
TODO: remove external-API entry
We decided on how to handle external API compatibility:
* unknown flags are rejected and properly overwritten by the kernel
* unknown items have to be ignored by *BOTH* sides
Drop this entry from the TODO list.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 20 Oct 2014 13:41:49 +0000 (15:41 +0200)]
connection: make attach_flags atomic
Instead of requiring connection locks, make conn->attach_flags a 64bit
atomic. This isn't particularly fast on archs that don't optimize
atomic64, but it simplifies the locking in kdbus. Requiring the connection
lock is just annoying. Furthermore, most 'real' archs should provide 64bit
atomics, anyway.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Mon, 20 Oct 2014 13:29:28 +0000 (15:29 +0200)]
util.c: degrade (valid & KDBUS_FLAG_KERNEL) to warning
Don't BUG_ON(valid & KDBUS_FLAG_KERNEL), a warning is sufficient.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 20 Oct 2014 12:39:27 +0000 (14:39 +0200)]
metadata: split KDBUS_ATTACH_COMM in _PID and _TID (ABI break)
Allow users to specify KDBUS_ATTACH_COMM_PID and KDBUS_ATTACH_COMM_TID
separately. This also makes the attachment maintainance in metdata.c
cleaner.
Users that use _KDBUS_ATTACH_ALL just need to recompile.
Signed-off-by: Daniel Mack <daniel@zonque.org>
David Herrmann [Mon, 20 Oct 2014 13:24:15 +0000 (15:24 +0200)]
bus: make conn_rwlock a low-level lock
conn_rwlock protects the connection lists on a bus. Those lists are
usually only accessed deep down in our call-paths, so we can safely order
conn_rwlock _after_ bus->lock and ep->lock. We can even order it after
registry->lock and thus fix a dead-lock in list_names where we used to
have:
down_read(&bus->conn_rwlock);
down_read(®->rwlock);
.. which dead-locks against kmsg_send():
kdbus_name_lock(reg); (=> down_read(®->rwlock))
down_read(&bus->conn_rwlock);
The new lock-order isn't particularly beautiful, but there's currently no
way around it. We have to lock destination names on kmsg_send() to make
sure an activator does not get activated concurrently. We could lock
conn_rwlock in kmsg_send() early, but this is kinda ugly regarding
kdbus_conn_wait_reply(). Therefore, for now, lock conn_rwlock late. We can
always change the lock order again later.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
David Herrmann [Mon, 20 Oct 2014 12:51:51 +0000 (14:51 +0200)]
connection: split kdbus_conn_wait_reply() off kdbus_conn_kmsg_send()
Move the helper to wait synchronously for a reply into
kdbus_conn_wait_reply(). This reduces the size of kdbus_conn_kmsg_send()
further and makes it much easier to review.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Daniel Mack [Mon, 20 Oct 2014 12:33:13 +0000 (14:33 +0200)]
queue: consolidate kdbus_queue_entry_*fds_install()
Combine code from kdbus_queue_entry_fds_install() and
kdbus_queue_entry_memfds_install() and make simplify the caller site.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Mon, 20 Oct 2014 11:58:55 +0000 (13:58 +0200)]
message, queue: pin files over their entire lifetime
Make sure the passed fds and memfds are pinned throughout their usage
in kdbus, that is, until they are installed. That closes a race gap in
which a user could possibly replace an fd after submitting a message to
the kernel and the message's delivery and the fd's installation.
While at it, also move the seal check for memfds from queue.c to
message.c and introduce a method to free an array of struct file*.
Now, the incoming QA check in message.c will make sure the files are of
the correct type, memfds are sealed etc. After that, when queue entry
items are created, we call get_file() on each of the passed files to
add increase the reference count once more, and decrement them when the
entry is installed in the receiver's task.
Also, the reference taken my the kmsg are dropped from
kdbus_kmsg_free().
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 17 Oct 2014 11:43:14 +0000 (13:43 +0200)]
tree-wide: rework flags negotiation (ABI break)
We are obliged to reject all bits in flags fields that are not known
to the kernel. In order to let userspace know which flags the kernel
knowns about, we agreed to always write back to the flags field in the
ioctl buffer, even if the call succeeded. The kernel will, however,
will always set the KDBUS_FLAG_KERNEL bit, which consequently is always
invalid when submitted by userspace.
Move some checks from other place to handle.c, and update the testsuite
and documentation accordingly.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Fri, 17 Oct 2014 07:55:51 +0000 (09:55 +0200)]
queue: set O_CLOEXEC on installed file descriptors
The receiver can still opt-out for this with fcntl(), but by default,
we should really set O_CLOEXEC.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 16 Oct 2014 16:12:54 +0000 (18:12 +0200)]
kdbus.h: remove features bitfield from make calls (ABI break)
After discussion in the systemd hackfest, we agreed on flags
negotiation via the flags fields, so there's no need for a bitmask
called 'features' anymore. Drop it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Greg Kroah-Hartman [Fri, 17 Oct 2014 08:23:27 +0000 (10:23 +0200)]
queue.c: move a stack variable before the variable array
This way the compiler doesn't have to calculate the location of the
pointer "on the fly".
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kay Sievers [Fri, 17 Oct 2014 08:00:35 +0000 (10:00 +0200)]
Revert KDBUS_HELLO_ACCEPT_MEMFD support (ABI break)
Memfds are a basic exchange mechanism not supposed to be
optional per connection. A per-bus flag, instead of a
per-connection one, would probably be acceptable,
but its usefulness is questionable at this point.
Broadcasts can contain memfds and we would silently messages
for such connections, which is not the expected behavior.
Receivers just need to make sure to be able to receive messages
with memfd payload, otherwise they are just not fully supporting
the common kdbus interface.
Contracts of not supporting memfds on private buses are fine,
but the general purpose communication will always require
memfds to be supported by all clients.
Daniel Mack [Thu, 16 Oct 2014 10:16:56 +0000 (12:16 +0200)]
limits: lower KDBUS_MSG_MAX_FDS to 253
Lower the number of maximum file descriptors accepted as a message item
to 253. See commit
bba14de98 (Linux) for the rationale behind that
number.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 16 Oct 2014 09:57:57 +0000 (11:57 +0200)]
metadata: update meta->attached once the attach succeeded
If we fail to append metadata items, but ignore the errors on purpose
for broadcast messages, we might end up with the same metadata multiple
times if we only update meta->attached wt the end of
kdbus_meta_append().
Hence, set each bit individually once the attachment succeeded.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 16 Oct 2014 09:38:37 +0000 (11:38 +0200)]
domain: detroy IDRs
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 16 Oct 2014 09:18:44 +0000 (11:18 +0200)]
bus.c: remove unneeded include
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Thu, 16 Oct 2014 09:16:20 +0000 (11:16 +0200)]
notify: set item->size
Fully initialize the API. We should also have strict checking for this
on userspace.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Djalal Harouni [Tue, 14 Oct 2014 21:44:37 +0000 (22:44 +0100)]
doc: document the new KDBUS_HELLO_ACCEPT_MEMFD flag
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 14 Oct 2014 21:34:50 +0000 (22:34 +0100)]
connection: use KDBUS_HELLO_ACCEPT_MEMFD to check for passed memfds
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 14 Oct 2014 19:47:50 +0000 (20:47 +0100)]
test-activator: add more tests for the activation logic
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Tue, 14 Oct 2014 13:22:57 +0000 (14:22 +0100)]
test-util: add test_is_capable() to check for capabilities and use it
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Djalal Harouni [Mon, 13 Oct 2014 22:27:07 +0000 (23:27 +0100)]
test-util: move RUN_UNPRIVILEGED definitions to kdbus-util.h
Will be used by other tests
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Daniel Mack [Tue, 14 Oct 2014 17:53:23 +0000 (19:53 +0200)]
kdbus.h: add KDBUS_HELLO_ACCEPT_MEMFD (ABI break)
Add another flags to the connection's flags to denote whether it
want to receive memfds. Reject messages with -ECOMM if it contains
a memfd if the receiver can't cope with it.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Daniel Mack [Tue, 14 Oct 2014 12:54:27 +0000 (14:54 +0200)]
tests: strncpy() corrections
Use the correct maximum size with strncpy(), even though we're using
small static strings as sources.
Signed-off-by: Daniel Mack <daniel@zonque.org>