Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * fs/timerfd.c
4 *
5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
6 *
7 *
8 * Thanks to Thomas Gleixner for code reviews and useful comments.
9 *
10 */
11
12#include <linux/alarmtimer.h>
13#include <linux/file.h>
14#include <linux/poll.h>
15#include <linux/init.h>
16#include <linux/fs.h>
17#include <linux/sched.h>
18#include <linux/kernel.h>
19#include <linux/slab.h>
20#include <linux/list.h>
21#include <linux/spinlock.h>
22#include <linux/time.h>
23#include <linux/hrtimer.h>
24#include <linux/anon_inodes.h>
25#include <linux/timerfd.h>
26#include <linux/syscalls.h>
27#include <linux/compat.h>
28#include <linux/rcupdate.h>
29#include <linux/time_namespace.h>
30
31struct timerfd_ctx {
32 union {
33 struct hrtimer tmr;
34 struct alarm alarm;
35 } t;
36 ktime_t tintv;
37 ktime_t moffs;
38 wait_queue_head_t wqh;
39 u64 ticks;
40 int clockid;
41 short unsigned expired;
42 short unsigned settime_flags; /* to show in fdinfo */
43 struct rcu_head rcu;
44 struct list_head clist;
45 spinlock_t cancel_lock;
46 bool might_cancel;
47};
48
49static LIST_HEAD(cancel_list);
50static DEFINE_SPINLOCK(cancel_lock);
51
52static inline bool isalarm(struct timerfd_ctx *ctx)
53{
54 return ctx->clockid == CLOCK_REALTIME_ALARM ||
55 ctx->clockid == CLOCK_BOOTTIME_ALARM;
56}
57
58/*
59 * This gets called when the timer event triggers. We set the "expired"
60 * flag, but we do not re-arm the timer (in case it's necessary,
61 * tintv != 0) until the timer is accessed.
62 */
63static void timerfd_triggered(struct timerfd_ctx *ctx)
64{
65 unsigned long flags;
66
67 spin_lock_irqsave(&ctx->wqh.lock, flags);
68 ctx->expired = 1;
69 ctx->ticks++;
70 wake_up_locked_poll(&ctx->wqh, EPOLLIN);
71 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
72}
73
74static enum hrtimer_restart timerfd_tmrproc(struct hrtimer *htmr)
75{
76 struct timerfd_ctx *ctx = container_of(htmr, struct timerfd_ctx,
77 t.tmr);
78 timerfd_triggered(ctx);
79 return HRTIMER_NORESTART;
80}
81
82static void timerfd_alarmproc(struct alarm *alarm, ktime_t now)
83{
84 struct timerfd_ctx *ctx = container_of(alarm, struct timerfd_ctx,
85 t.alarm);
86 timerfd_triggered(ctx);
87}
88
89/*
90 * Called when the clock was set to cancel the timers in the cancel
91 * list. This will wake up processes waiting on these timers. The
92 * wake-up requires ctx->ticks to be non zero, therefore we increment
93 * it before calling wake_up_locked().
94 */
95void timerfd_clock_was_set(void)
96{
97 ktime_t moffs = ktime_mono_to_real(0);
98 struct timerfd_ctx *ctx;
99 unsigned long flags;
100
101 rcu_read_lock();
102 list_for_each_entry_rcu(ctx, &cancel_list, clist) {
103 if (!ctx->might_cancel)
104 continue;
105 spin_lock_irqsave(&ctx->wqh.lock, flags);
106 if (ctx->moffs != moffs) {
107 ctx->moffs = KTIME_MAX;
108 ctx->ticks++;
109 wake_up_locked_poll(&ctx->wqh, EPOLLIN);
110 }
111 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
112 }
113 rcu_read_unlock();
114}
115
116static void timerfd_resume_work(struct work_struct *work)
117{
118 timerfd_clock_was_set();
119}
120
121static DECLARE_WORK(timerfd_work, timerfd_resume_work);
122
123/*
124 * Invoked from timekeeping_resume(). Defer the actual update to work so
125 * timerfd_clock_was_set() runs in task context.
126 */
127void timerfd_resume(void)
128{
129 schedule_work(&timerfd_work);
130}
131
132static void __timerfd_remove_cancel(struct timerfd_ctx *ctx)
133{
134 if (ctx->might_cancel) {
135 ctx->might_cancel = false;
136 spin_lock(&cancel_lock);
137 list_del_rcu(&ctx->clist);
138 spin_unlock(&cancel_lock);
139 }
140}
141
142static void timerfd_remove_cancel(struct timerfd_ctx *ctx)
143{
144 spin_lock(&ctx->cancel_lock);
145 __timerfd_remove_cancel(ctx);
146 spin_unlock(&ctx->cancel_lock);
147}
148
149static bool timerfd_canceled(struct timerfd_ctx *ctx)
150{
151 if (!ctx->might_cancel || ctx->moffs != KTIME_MAX)
152 return false;
153 ctx->moffs = ktime_mono_to_real(0);
154 return true;
155}
156
157static void timerfd_setup_cancel(struct timerfd_ctx *ctx, int flags)
158{
159 spin_lock(&ctx->cancel_lock);
160 if ((ctx->clockid == CLOCK_REALTIME ||
161 ctx->clockid == CLOCK_REALTIME_ALARM) &&
162 (flags & TFD_TIMER_ABSTIME) && (flags & TFD_TIMER_CANCEL_ON_SET)) {
163 if (!ctx->might_cancel) {
164 ctx->might_cancel = true;
165 spin_lock(&cancel_lock);
166 list_add_rcu(&ctx->clist, &cancel_list);
167 spin_unlock(&cancel_lock);
168 }
169 } else {
170 __timerfd_remove_cancel(ctx);
171 }
172 spin_unlock(&ctx->cancel_lock);
173}
174
175static ktime_t timerfd_get_remaining(struct timerfd_ctx *ctx)
176{
177 ktime_t remaining;
178
179 if (isalarm(ctx))
180 remaining = alarm_expires_remaining(&ctx->t.alarm);
181 else
182 remaining = hrtimer_expires_remaining_adjusted(&ctx->t.tmr);
183
184 return remaining < 0 ? 0: remaining;
185}
186
187static int timerfd_setup(struct timerfd_ctx *ctx, int flags,
188 const struct itimerspec64 *ktmr)
189{
190 enum hrtimer_mode htmode;
191 ktime_t texp;
192 int clockid = ctx->clockid;
193
194 htmode = (flags & TFD_TIMER_ABSTIME) ?
195 HRTIMER_MODE_ABS: HRTIMER_MODE_REL;
196
197 texp = timespec64_to_ktime(ktmr->it_value);
198 ctx->expired = 0;
199 ctx->ticks = 0;
200 ctx->tintv = timespec64_to_ktime(ktmr->it_interval);
201
202 if (isalarm(ctx)) {
203 alarm_init(&ctx->t.alarm,
204 ctx->clockid == CLOCK_REALTIME_ALARM ?
205 ALARM_REALTIME : ALARM_BOOTTIME,
206 timerfd_alarmproc);
207 } else {
208 hrtimer_init(&ctx->t.tmr, clockid, htmode);
209 hrtimer_set_expires(&ctx->t.tmr, texp);
210 ctx->t.tmr.function = timerfd_tmrproc;
211 }
212
213 if (texp != 0) {
214 if (flags & TFD_TIMER_ABSTIME)
215 texp = timens_ktime_to_host(clockid, texp);
216 if (isalarm(ctx)) {
217 if (flags & TFD_TIMER_ABSTIME)
218 alarm_start(&ctx->t.alarm, texp);
219 else
220 alarm_start_relative(&ctx->t.alarm, texp);
221 } else {
222 hrtimer_start(&ctx->t.tmr, texp, htmode);
223 }
224
225 if (timerfd_canceled(ctx))
226 return -ECANCELED;
227 }
228
229 ctx->settime_flags = flags & TFD_SETTIME_FLAGS;
230 return 0;
231}
232
233static int timerfd_release(struct inode *inode, struct file *file)
234{
235 struct timerfd_ctx *ctx = file->private_data;
236
237 timerfd_remove_cancel(ctx);
238
239 if (isalarm(ctx))
240 alarm_cancel(&ctx->t.alarm);
241 else
242 hrtimer_cancel(&ctx->t.tmr);
243 kfree_rcu(ctx, rcu);
244 return 0;
245}
246
247static __poll_t timerfd_poll(struct file *file, poll_table *wait)
248{
249 struct timerfd_ctx *ctx = file->private_data;
250 __poll_t events = 0;
251 unsigned long flags;
252
253 poll_wait(file, &ctx->wqh, wait);
254
255 spin_lock_irqsave(&ctx->wqh.lock, flags);
256 if (ctx->ticks)
257 events |= EPOLLIN;
258 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
259
260 return events;
261}
262
263static ssize_t timerfd_read_iter(struct kiocb *iocb, struct iov_iter *to)
264{
265 struct file *file = iocb->ki_filp;
266 struct timerfd_ctx *ctx = file->private_data;
267 ssize_t res;
268 u64 ticks = 0;
269
270 if (iov_iter_count(to) < sizeof(ticks))
271 return -EINVAL;
272
273 spin_lock_irq(&ctx->wqh.lock);
274 if (file->f_flags & O_NONBLOCK || iocb->ki_flags & IOCB_NOWAIT)
275 res = -EAGAIN;
276 else
277 res = wait_event_interruptible_locked_irq(ctx->wqh, ctx->ticks);
278
279 /*
280 * If clock has changed, we do not care about the
281 * ticks and we do not rearm the timer. Userspace must
282 * reevaluate anyway.
283 */
284 if (timerfd_canceled(ctx)) {
285 ctx->ticks = 0;
286 ctx->expired = 0;
287 res = -ECANCELED;
288 }
289
290 if (ctx->ticks) {
291 ticks = ctx->ticks;
292
293 if (ctx->expired && ctx->tintv) {
294 /*
295 * If tintv != 0, this is a periodic timer that
296 * needs to be re-armed. We avoid doing it in the timer
297 * callback to avoid DoS attacks specifying a very
298 * short timer period.
299 */
300 if (isalarm(ctx)) {
301 ticks += alarm_forward_now(
302 &ctx->t.alarm, ctx->tintv) - 1;
303 alarm_restart(&ctx->t.alarm);
304 } else {
305 ticks += hrtimer_forward_now(&ctx->t.tmr,
306 ctx->tintv) - 1;
307 hrtimer_restart(&ctx->t.tmr);
308 }
309 }
310 ctx->expired = 0;
311 ctx->ticks = 0;
312 }
313 spin_unlock_irq(&ctx->wqh.lock);
314 if (ticks) {
315 res = copy_to_iter(&ticks, sizeof(ticks), to);
316 if (!res)
317 res = -EFAULT;
318 }
319 return res;
320}
321
322#ifdef CONFIG_PROC_FS
323static void timerfd_show(struct seq_file *m, struct file *file)
324{
325 struct timerfd_ctx *ctx = file->private_data;
326 struct timespec64 value, interval;
327
328 spin_lock_irq(&ctx->wqh.lock);
329 value = ktime_to_timespec64(timerfd_get_remaining(ctx));
330 interval = ktime_to_timespec64(ctx->tintv);
331 spin_unlock_irq(&ctx->wqh.lock);
332
333 seq_printf(m,
334 "clockid: %d\n"
335 "ticks: %llu\n"
336 "settime flags: 0%o\n"
337 "it_value: (%llu, %llu)\n"
338 "it_interval: (%llu, %llu)\n",
339 ctx->clockid,
340 (unsigned long long)ctx->ticks,
341 ctx->settime_flags,
342 (unsigned long long)value.tv_sec,
343 (unsigned long long)value.tv_nsec,
344 (unsigned long long)interval.tv_sec,
345 (unsigned long long)interval.tv_nsec);
346}
347#else
348#define timerfd_show NULL
349#endif
350
351#ifdef CONFIG_CHECKPOINT_RESTORE
352static long timerfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
353{
354 struct timerfd_ctx *ctx = file->private_data;
355 int ret = 0;
356
357 switch (cmd) {
358 case TFD_IOC_SET_TICKS: {
359 u64 ticks;
360
361 if (copy_from_user(&ticks, (u64 __user *)arg, sizeof(ticks)))
362 return -EFAULT;
363 if (!ticks)
364 return -EINVAL;
365
366 spin_lock_irq(&ctx->wqh.lock);
367 if (!timerfd_canceled(ctx)) {
368 ctx->ticks = ticks;
369 wake_up_locked_poll(&ctx->wqh, EPOLLIN);
370 } else
371 ret = -ECANCELED;
372 spin_unlock_irq(&ctx->wqh.lock);
373 break;
374 }
375 default:
376 ret = -ENOTTY;
377 break;
378 }
379
380 return ret;
381}
382#else
383#define timerfd_ioctl NULL
384#endif
385
386static const struct file_operations timerfd_fops = {
387 .release = timerfd_release,
388 .poll = timerfd_poll,
389 .read_iter = timerfd_read_iter,
390 .llseek = noop_llseek,
391 .show_fdinfo = timerfd_show,
392 .unlocked_ioctl = timerfd_ioctl,
393};
394
395SYSCALL_DEFINE2(timerfd_create, int, clockid, int, flags)
396{
397 int ufd;
398 struct timerfd_ctx *ctx;
399 struct file *file;
400
401 /* Check the TFD_* constants for consistency. */
402 BUILD_BUG_ON(TFD_CLOEXEC != O_CLOEXEC);
403 BUILD_BUG_ON(TFD_NONBLOCK != O_NONBLOCK);
404
405 if ((flags & ~TFD_CREATE_FLAGS) ||
406 (clockid != CLOCK_MONOTONIC &&
407 clockid != CLOCK_REALTIME &&
408 clockid != CLOCK_REALTIME_ALARM &&
409 clockid != CLOCK_BOOTTIME &&
410 clockid != CLOCK_BOOTTIME_ALARM))
411 return -EINVAL;
412
413 if ((clockid == CLOCK_REALTIME_ALARM ||
414 clockid == CLOCK_BOOTTIME_ALARM) &&
415 !capable(CAP_WAKE_ALARM))
416 return -EPERM;
417
418 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
419 if (!ctx)
420 return -ENOMEM;
421
422 init_waitqueue_head(&ctx->wqh);
423 spin_lock_init(&ctx->cancel_lock);
424 ctx->clockid = clockid;
425
426 if (isalarm(ctx))
427 alarm_init(&ctx->t.alarm,
428 ctx->clockid == CLOCK_REALTIME_ALARM ?
429 ALARM_REALTIME : ALARM_BOOTTIME,
430 timerfd_alarmproc);
431 else
432 hrtimer_init(&ctx->t.tmr, clockid, HRTIMER_MODE_ABS);
433
434 ctx->moffs = ktime_mono_to_real(0);
435
436 ufd = get_unused_fd_flags(flags & TFD_SHARED_FCNTL_FLAGS);
437 if (ufd < 0) {
438 kfree(ctx);
439 return ufd;
440 }
441
442 file = anon_inode_getfile("[timerfd]", &timerfd_fops, ctx,
443 O_RDWR | (flags & TFD_SHARED_FCNTL_FLAGS));
444 if (IS_ERR(file)) {
445 put_unused_fd(ufd);
446 kfree(ctx);
447 return PTR_ERR(file);
448 }
449
450 file->f_mode |= FMODE_NOWAIT;
451 fd_install(ufd, file);
452 return ufd;
453}
454
455static int do_timerfd_settime(int ufd, int flags,
456 const struct itimerspec64 *new,
457 struct itimerspec64 *old)
458{
459 struct timerfd_ctx *ctx;
460 int ret;
461
462 if ((flags & ~TFD_SETTIME_FLAGS) ||
463 !itimerspec64_valid(new))
464 return -EINVAL;
465
466 CLASS(fd, f)(ufd);
467 if (fd_empty(f))
468 return -EBADF;
469
470 if (fd_file(f)->f_op != &timerfd_fops)
471 return -EINVAL;
472
473 ctx = fd_file(f)->private_data;
474
475 if (isalarm(ctx) && !capable(CAP_WAKE_ALARM))
476 return -EPERM;
477
478 timerfd_setup_cancel(ctx, flags);
479
480 /*
481 * We need to stop the existing timer before reprogramming
482 * it to the new values.
483 */
484 for (;;) {
485 spin_lock_irq(&ctx->wqh.lock);
486
487 if (isalarm(ctx)) {
488 if (alarm_try_to_cancel(&ctx->t.alarm) >= 0)
489 break;
490 } else {
491 if (hrtimer_try_to_cancel(&ctx->t.tmr) >= 0)
492 break;
493 }
494 spin_unlock_irq(&ctx->wqh.lock);
495
496 if (isalarm(ctx))
497 hrtimer_cancel_wait_running(&ctx->t.alarm.timer);
498 else
499 hrtimer_cancel_wait_running(&ctx->t.tmr);
500 }
501
502 /*
503 * If the timer is expired and it's periodic, we need to advance it
504 * because the caller may want to know the previous expiration time.
505 * We do not update "ticks" and "expired" since the timer will be
506 * re-programmed again in the following timerfd_setup() call.
507 */
508 if (ctx->expired && ctx->tintv) {
509 if (isalarm(ctx))
510 alarm_forward_now(&ctx->t.alarm, ctx->tintv);
511 else
512 hrtimer_forward_now(&ctx->t.tmr, ctx->tintv);
513 }
514
515 old->it_value = ktime_to_timespec64(timerfd_get_remaining(ctx));
516 old->it_interval = ktime_to_timespec64(ctx->tintv);
517
518 /*
519 * Re-program the timer to the new value ...
520 */
521 ret = timerfd_setup(ctx, flags, new);
522
523 spin_unlock_irq(&ctx->wqh.lock);
524 return ret;
525}
526
527static int do_timerfd_gettime(int ufd, struct itimerspec64 *t)
528{
529 struct timerfd_ctx *ctx;
530 CLASS(fd, f)(ufd);
531
532 if (fd_empty(f))
533 return -EBADF;
534 if (fd_file(f)->f_op != &timerfd_fops)
535 return -EINVAL;
536 ctx = fd_file(f)->private_data;
537
538 spin_lock_irq(&ctx->wqh.lock);
539 if (ctx->expired && ctx->tintv) {
540 ctx->expired = 0;
541
542 if (isalarm(ctx)) {
543 ctx->ticks +=
544 alarm_forward_now(
545 &ctx->t.alarm, ctx->tintv) - 1;
546 alarm_restart(&ctx->t.alarm);
547 } else {
548 ctx->ticks +=
549 hrtimer_forward_now(&ctx->t.tmr, ctx->tintv)
550 - 1;
551 hrtimer_restart(&ctx->t.tmr);
552 }
553 }
554 t->it_value = ktime_to_timespec64(timerfd_get_remaining(ctx));
555 t->it_interval = ktime_to_timespec64(ctx->tintv);
556 spin_unlock_irq(&ctx->wqh.lock);
557 return 0;
558}
559
560SYSCALL_DEFINE4(timerfd_settime, int, ufd, int, flags,
561 const struct __kernel_itimerspec __user *, utmr,
562 struct __kernel_itimerspec __user *, otmr)
563{
564 struct itimerspec64 new, old;
565 int ret;
566
567 if (get_itimerspec64(&new, utmr))
568 return -EFAULT;
569 ret = do_timerfd_settime(ufd, flags, &new, &old);
570 if (ret)
571 return ret;
572 if (otmr && put_itimerspec64(&old, otmr))
573 return -EFAULT;
574
575 return ret;
576}
577
578SYSCALL_DEFINE2(timerfd_gettime, int, ufd, struct __kernel_itimerspec __user *, otmr)
579{
580 struct itimerspec64 kotmr;
581 int ret = do_timerfd_gettime(ufd, &kotmr);
582 if (ret)
583 return ret;
584 return put_itimerspec64(&kotmr, otmr) ? -EFAULT : 0;
585}
586
587#ifdef CONFIG_COMPAT_32BIT_TIME
588SYSCALL_DEFINE4(timerfd_settime32, int, ufd, int, flags,
589 const struct old_itimerspec32 __user *, utmr,
590 struct old_itimerspec32 __user *, otmr)
591{
592 struct itimerspec64 new, old;
593 int ret;
594
595 if (get_old_itimerspec32(&new, utmr))
596 return -EFAULT;
597 ret = do_timerfd_settime(ufd, flags, &new, &old);
598 if (ret)
599 return ret;
600 if (otmr && put_old_itimerspec32(&old, otmr))
601 return -EFAULT;
602 return ret;
603}
604
605SYSCALL_DEFINE2(timerfd_gettime32, int, ufd,
606 struct old_itimerspec32 __user *, otmr)
607{
608 struct itimerspec64 kotmr;
609 int ret = do_timerfd_gettime(ufd, &kotmr);
610 if (ret)
611 return ret;
612 return put_old_itimerspec32(&kotmr, otmr) ? -EFAULT : 0;
613}
614#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * fs/timerfd.c
4 *
5 * Copyright (C) 2007 Davide Libenzi <davidel@xmailserver.org>
6 *
7 *
8 * Thanks to Thomas Gleixner for code reviews and useful comments.
9 *
10 */
11
12#include <linux/alarmtimer.h>
13#include <linux/file.h>
14#include <linux/poll.h>
15#include <linux/init.h>
16#include <linux/fs.h>
17#include <linux/sched.h>
18#include <linux/kernel.h>
19#include <linux/slab.h>
20#include <linux/list.h>
21#include <linux/spinlock.h>
22#include <linux/time.h>
23#include <linux/hrtimer.h>
24#include <linux/anon_inodes.h>
25#include <linux/timerfd.h>
26#include <linux/syscalls.h>
27#include <linux/compat.h>
28#include <linux/rcupdate.h>
29
30struct timerfd_ctx {
31 union {
32 struct hrtimer tmr;
33 struct alarm alarm;
34 } t;
35 ktime_t tintv;
36 ktime_t moffs;
37 wait_queue_head_t wqh;
38 u64 ticks;
39 int clockid;
40 short unsigned expired;
41 short unsigned settime_flags; /* to show in fdinfo */
42 struct rcu_head rcu;
43 struct list_head clist;
44 spinlock_t cancel_lock;
45 bool might_cancel;
46};
47
48static LIST_HEAD(cancel_list);
49static DEFINE_SPINLOCK(cancel_lock);
50
51static inline bool isalarm(struct timerfd_ctx *ctx)
52{
53 return ctx->clockid == CLOCK_REALTIME_ALARM ||
54 ctx->clockid == CLOCK_BOOTTIME_ALARM;
55}
56
57/*
58 * This gets called when the timer event triggers. We set the "expired"
59 * flag, but we do not re-arm the timer (in case it's necessary,
60 * tintv != 0) until the timer is accessed.
61 */
62static void timerfd_triggered(struct timerfd_ctx *ctx)
63{
64 unsigned long flags;
65
66 spin_lock_irqsave(&ctx->wqh.lock, flags);
67 ctx->expired = 1;
68 ctx->ticks++;
69 wake_up_locked(&ctx->wqh);
70 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
71}
72
73static enum hrtimer_restart timerfd_tmrproc(struct hrtimer *htmr)
74{
75 struct timerfd_ctx *ctx = container_of(htmr, struct timerfd_ctx,
76 t.tmr);
77 timerfd_triggered(ctx);
78 return HRTIMER_NORESTART;
79}
80
81static enum alarmtimer_restart timerfd_alarmproc(struct alarm *alarm,
82 ktime_t now)
83{
84 struct timerfd_ctx *ctx = container_of(alarm, struct timerfd_ctx,
85 t.alarm);
86 timerfd_triggered(ctx);
87 return ALARMTIMER_NORESTART;
88}
89
90/*
91 * Called when the clock was set to cancel the timers in the cancel
92 * list. This will wake up processes waiting on these timers. The
93 * wake-up requires ctx->ticks to be non zero, therefore we increment
94 * it before calling wake_up_locked().
95 */
96void timerfd_clock_was_set(void)
97{
98 ktime_t moffs = ktime_mono_to_real(0);
99 struct timerfd_ctx *ctx;
100 unsigned long flags;
101
102 rcu_read_lock();
103 list_for_each_entry_rcu(ctx, &cancel_list, clist) {
104 if (!ctx->might_cancel)
105 continue;
106 spin_lock_irqsave(&ctx->wqh.lock, flags);
107 if (ctx->moffs != moffs) {
108 ctx->moffs = KTIME_MAX;
109 ctx->ticks++;
110 wake_up_locked(&ctx->wqh);
111 }
112 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
113 }
114 rcu_read_unlock();
115}
116
117static void __timerfd_remove_cancel(struct timerfd_ctx *ctx)
118{
119 if (ctx->might_cancel) {
120 ctx->might_cancel = false;
121 spin_lock(&cancel_lock);
122 list_del_rcu(&ctx->clist);
123 spin_unlock(&cancel_lock);
124 }
125}
126
127static void timerfd_remove_cancel(struct timerfd_ctx *ctx)
128{
129 spin_lock(&ctx->cancel_lock);
130 __timerfd_remove_cancel(ctx);
131 spin_unlock(&ctx->cancel_lock);
132}
133
134static bool timerfd_canceled(struct timerfd_ctx *ctx)
135{
136 if (!ctx->might_cancel || ctx->moffs != KTIME_MAX)
137 return false;
138 ctx->moffs = ktime_mono_to_real(0);
139 return true;
140}
141
142static void timerfd_setup_cancel(struct timerfd_ctx *ctx, int flags)
143{
144 spin_lock(&ctx->cancel_lock);
145 if ((ctx->clockid == CLOCK_REALTIME ||
146 ctx->clockid == CLOCK_REALTIME_ALARM) &&
147 (flags & TFD_TIMER_ABSTIME) && (flags & TFD_TIMER_CANCEL_ON_SET)) {
148 if (!ctx->might_cancel) {
149 ctx->might_cancel = true;
150 spin_lock(&cancel_lock);
151 list_add_rcu(&ctx->clist, &cancel_list);
152 spin_unlock(&cancel_lock);
153 }
154 } else {
155 __timerfd_remove_cancel(ctx);
156 }
157 spin_unlock(&ctx->cancel_lock);
158}
159
160static ktime_t timerfd_get_remaining(struct timerfd_ctx *ctx)
161{
162 ktime_t remaining;
163
164 if (isalarm(ctx))
165 remaining = alarm_expires_remaining(&ctx->t.alarm);
166 else
167 remaining = hrtimer_expires_remaining_adjusted(&ctx->t.tmr);
168
169 return remaining < 0 ? 0: remaining;
170}
171
172static int timerfd_setup(struct timerfd_ctx *ctx, int flags,
173 const struct itimerspec64 *ktmr)
174{
175 enum hrtimer_mode htmode;
176 ktime_t texp;
177 int clockid = ctx->clockid;
178
179 htmode = (flags & TFD_TIMER_ABSTIME) ?
180 HRTIMER_MODE_ABS: HRTIMER_MODE_REL;
181
182 texp = timespec64_to_ktime(ktmr->it_value);
183 ctx->expired = 0;
184 ctx->ticks = 0;
185 ctx->tintv = timespec64_to_ktime(ktmr->it_interval);
186
187 if (isalarm(ctx)) {
188 alarm_init(&ctx->t.alarm,
189 ctx->clockid == CLOCK_REALTIME_ALARM ?
190 ALARM_REALTIME : ALARM_BOOTTIME,
191 timerfd_alarmproc);
192 } else {
193 hrtimer_init(&ctx->t.tmr, clockid, htmode);
194 hrtimer_set_expires(&ctx->t.tmr, texp);
195 ctx->t.tmr.function = timerfd_tmrproc;
196 }
197
198 if (texp != 0) {
199 if (isalarm(ctx)) {
200 if (flags & TFD_TIMER_ABSTIME)
201 alarm_start(&ctx->t.alarm, texp);
202 else
203 alarm_start_relative(&ctx->t.alarm, texp);
204 } else {
205 hrtimer_start(&ctx->t.tmr, texp, htmode);
206 }
207
208 if (timerfd_canceled(ctx))
209 return -ECANCELED;
210 }
211
212 ctx->settime_flags = flags & TFD_SETTIME_FLAGS;
213 return 0;
214}
215
216static int timerfd_release(struct inode *inode, struct file *file)
217{
218 struct timerfd_ctx *ctx = file->private_data;
219
220 timerfd_remove_cancel(ctx);
221
222 if (isalarm(ctx))
223 alarm_cancel(&ctx->t.alarm);
224 else
225 hrtimer_cancel(&ctx->t.tmr);
226 kfree_rcu(ctx, rcu);
227 return 0;
228}
229
230static __poll_t timerfd_poll(struct file *file, poll_table *wait)
231{
232 struct timerfd_ctx *ctx = file->private_data;
233 __poll_t events = 0;
234 unsigned long flags;
235
236 poll_wait(file, &ctx->wqh, wait);
237
238 spin_lock_irqsave(&ctx->wqh.lock, flags);
239 if (ctx->ticks)
240 events |= EPOLLIN;
241 spin_unlock_irqrestore(&ctx->wqh.lock, flags);
242
243 return events;
244}
245
246static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
247 loff_t *ppos)
248{
249 struct timerfd_ctx *ctx = file->private_data;
250 ssize_t res;
251 u64 ticks = 0;
252
253 if (count < sizeof(ticks))
254 return -EINVAL;
255 spin_lock_irq(&ctx->wqh.lock);
256 if (file->f_flags & O_NONBLOCK)
257 res = -EAGAIN;
258 else
259 res = wait_event_interruptible_locked_irq(ctx->wqh, ctx->ticks);
260
261 /*
262 * If clock has changed, we do not care about the
263 * ticks and we do not rearm the timer. Userspace must
264 * reevaluate anyway.
265 */
266 if (timerfd_canceled(ctx)) {
267 ctx->ticks = 0;
268 ctx->expired = 0;
269 res = -ECANCELED;
270 }
271
272 if (ctx->ticks) {
273 ticks = ctx->ticks;
274
275 if (ctx->expired && ctx->tintv) {
276 /*
277 * If tintv != 0, this is a periodic timer that
278 * needs to be re-armed. We avoid doing it in the timer
279 * callback to avoid DoS attacks specifying a very
280 * short timer period.
281 */
282 if (isalarm(ctx)) {
283 ticks += alarm_forward_now(
284 &ctx->t.alarm, ctx->tintv) - 1;
285 alarm_restart(&ctx->t.alarm);
286 } else {
287 ticks += hrtimer_forward_now(&ctx->t.tmr,
288 ctx->tintv) - 1;
289 hrtimer_restart(&ctx->t.tmr);
290 }
291 }
292 ctx->expired = 0;
293 ctx->ticks = 0;
294 }
295 spin_unlock_irq(&ctx->wqh.lock);
296 if (ticks)
297 res = put_user(ticks, (u64 __user *) buf) ? -EFAULT: sizeof(ticks);
298 return res;
299}
300
301#ifdef CONFIG_PROC_FS
302static void timerfd_show(struct seq_file *m, struct file *file)
303{
304 struct timerfd_ctx *ctx = file->private_data;
305 struct itimerspec t;
306
307 spin_lock_irq(&ctx->wqh.lock);
308 t.it_value = ktime_to_timespec(timerfd_get_remaining(ctx));
309 t.it_interval = ktime_to_timespec(ctx->tintv);
310 spin_unlock_irq(&ctx->wqh.lock);
311
312 seq_printf(m,
313 "clockid: %d\n"
314 "ticks: %llu\n"
315 "settime flags: 0%o\n"
316 "it_value: (%llu, %llu)\n"
317 "it_interval: (%llu, %llu)\n",
318 ctx->clockid,
319 (unsigned long long)ctx->ticks,
320 ctx->settime_flags,
321 (unsigned long long)t.it_value.tv_sec,
322 (unsigned long long)t.it_value.tv_nsec,
323 (unsigned long long)t.it_interval.tv_sec,
324 (unsigned long long)t.it_interval.tv_nsec);
325}
326#else
327#define timerfd_show NULL
328#endif
329
330#ifdef CONFIG_CHECKPOINT_RESTORE
331static long timerfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
332{
333 struct timerfd_ctx *ctx = file->private_data;
334 int ret = 0;
335
336 switch (cmd) {
337 case TFD_IOC_SET_TICKS: {
338 u64 ticks;
339
340 if (copy_from_user(&ticks, (u64 __user *)arg, sizeof(ticks)))
341 return -EFAULT;
342 if (!ticks)
343 return -EINVAL;
344
345 spin_lock_irq(&ctx->wqh.lock);
346 if (!timerfd_canceled(ctx)) {
347 ctx->ticks = ticks;
348 wake_up_locked(&ctx->wqh);
349 } else
350 ret = -ECANCELED;
351 spin_unlock_irq(&ctx->wqh.lock);
352 break;
353 }
354 default:
355 ret = -ENOTTY;
356 break;
357 }
358
359 return ret;
360}
361#else
362#define timerfd_ioctl NULL
363#endif
364
365static const struct file_operations timerfd_fops = {
366 .release = timerfd_release,
367 .poll = timerfd_poll,
368 .read = timerfd_read,
369 .llseek = noop_llseek,
370 .show_fdinfo = timerfd_show,
371 .unlocked_ioctl = timerfd_ioctl,
372};
373
374static int timerfd_fget(int fd, struct fd *p)
375{
376 struct fd f = fdget(fd);
377 if (!f.file)
378 return -EBADF;
379 if (f.file->f_op != &timerfd_fops) {
380 fdput(f);
381 return -EINVAL;
382 }
383 *p = f;
384 return 0;
385}
386
387SYSCALL_DEFINE2(timerfd_create, int, clockid, int, flags)
388{
389 int ufd;
390 struct timerfd_ctx *ctx;
391
392 /* Check the TFD_* constants for consistency. */
393 BUILD_BUG_ON(TFD_CLOEXEC != O_CLOEXEC);
394 BUILD_BUG_ON(TFD_NONBLOCK != O_NONBLOCK);
395
396 if ((flags & ~TFD_CREATE_FLAGS) ||
397 (clockid != CLOCK_MONOTONIC &&
398 clockid != CLOCK_REALTIME &&
399 clockid != CLOCK_REALTIME_ALARM &&
400 clockid != CLOCK_BOOTTIME &&
401 clockid != CLOCK_BOOTTIME_ALARM))
402 return -EINVAL;
403
404 if ((clockid == CLOCK_REALTIME_ALARM ||
405 clockid == CLOCK_BOOTTIME_ALARM) &&
406 !capable(CAP_WAKE_ALARM))
407 return -EPERM;
408
409 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
410 if (!ctx)
411 return -ENOMEM;
412
413 init_waitqueue_head(&ctx->wqh);
414 spin_lock_init(&ctx->cancel_lock);
415 ctx->clockid = clockid;
416
417 if (isalarm(ctx))
418 alarm_init(&ctx->t.alarm,
419 ctx->clockid == CLOCK_REALTIME_ALARM ?
420 ALARM_REALTIME : ALARM_BOOTTIME,
421 timerfd_alarmproc);
422 else
423 hrtimer_init(&ctx->t.tmr, clockid, HRTIMER_MODE_ABS);
424
425 ctx->moffs = ktime_mono_to_real(0);
426
427 ufd = anon_inode_getfd("[timerfd]", &timerfd_fops, ctx,
428 O_RDWR | (flags & TFD_SHARED_FCNTL_FLAGS));
429 if (ufd < 0)
430 kfree(ctx);
431
432 return ufd;
433}
434
435static int do_timerfd_settime(int ufd, int flags,
436 const struct itimerspec64 *new,
437 struct itimerspec64 *old)
438{
439 struct fd f;
440 struct timerfd_ctx *ctx;
441 int ret;
442
443 if ((flags & ~TFD_SETTIME_FLAGS) ||
444 !itimerspec64_valid(new))
445 return -EINVAL;
446
447 ret = timerfd_fget(ufd, &f);
448 if (ret)
449 return ret;
450 ctx = f.file->private_data;
451
452 if (isalarm(ctx) && !capable(CAP_WAKE_ALARM)) {
453 fdput(f);
454 return -EPERM;
455 }
456
457 timerfd_setup_cancel(ctx, flags);
458
459 /*
460 * We need to stop the existing timer before reprogramming
461 * it to the new values.
462 */
463 for (;;) {
464 spin_lock_irq(&ctx->wqh.lock);
465
466 if (isalarm(ctx)) {
467 if (alarm_try_to_cancel(&ctx->t.alarm) >= 0)
468 break;
469 } else {
470 if (hrtimer_try_to_cancel(&ctx->t.tmr) >= 0)
471 break;
472 }
473 spin_unlock_irq(&ctx->wqh.lock);
474 cpu_relax();
475 }
476
477 /*
478 * If the timer is expired and it's periodic, we need to advance it
479 * because the caller may want to know the previous expiration time.
480 * We do not update "ticks" and "expired" since the timer will be
481 * re-programmed again in the following timerfd_setup() call.
482 */
483 if (ctx->expired && ctx->tintv) {
484 if (isalarm(ctx))
485 alarm_forward_now(&ctx->t.alarm, ctx->tintv);
486 else
487 hrtimer_forward_now(&ctx->t.tmr, ctx->tintv);
488 }
489
490 old->it_value = ktime_to_timespec64(timerfd_get_remaining(ctx));
491 old->it_interval = ktime_to_timespec64(ctx->tintv);
492
493 /*
494 * Re-program the timer to the new value ...
495 */
496 ret = timerfd_setup(ctx, flags, new);
497
498 spin_unlock_irq(&ctx->wqh.lock);
499 fdput(f);
500 return ret;
501}
502
503static int do_timerfd_gettime(int ufd, struct itimerspec64 *t)
504{
505 struct fd f;
506 struct timerfd_ctx *ctx;
507 int ret = timerfd_fget(ufd, &f);
508 if (ret)
509 return ret;
510 ctx = f.file->private_data;
511
512 spin_lock_irq(&ctx->wqh.lock);
513 if (ctx->expired && ctx->tintv) {
514 ctx->expired = 0;
515
516 if (isalarm(ctx)) {
517 ctx->ticks +=
518 alarm_forward_now(
519 &ctx->t.alarm, ctx->tintv) - 1;
520 alarm_restart(&ctx->t.alarm);
521 } else {
522 ctx->ticks +=
523 hrtimer_forward_now(&ctx->t.tmr, ctx->tintv)
524 - 1;
525 hrtimer_restart(&ctx->t.tmr);
526 }
527 }
528 t->it_value = ktime_to_timespec64(timerfd_get_remaining(ctx));
529 t->it_interval = ktime_to_timespec64(ctx->tintv);
530 spin_unlock_irq(&ctx->wqh.lock);
531 fdput(f);
532 return 0;
533}
534
535SYSCALL_DEFINE4(timerfd_settime, int, ufd, int, flags,
536 const struct itimerspec __user *, utmr,
537 struct itimerspec __user *, otmr)
538{
539 struct itimerspec64 new, old;
540 int ret;
541
542 if (get_itimerspec64(&new, utmr))
543 return -EFAULT;
544 ret = do_timerfd_settime(ufd, flags, &new, &old);
545 if (ret)
546 return ret;
547 if (otmr && put_itimerspec64(&old, otmr))
548 return -EFAULT;
549
550 return ret;
551}
552
553SYSCALL_DEFINE2(timerfd_gettime, int, ufd, struct itimerspec __user *, otmr)
554{
555 struct itimerspec64 kotmr;
556 int ret = do_timerfd_gettime(ufd, &kotmr);
557 if (ret)
558 return ret;
559 return put_itimerspec64(&kotmr, otmr) ? -EFAULT : 0;
560}
561
562#ifdef CONFIG_COMPAT
563COMPAT_SYSCALL_DEFINE4(timerfd_settime, int, ufd, int, flags,
564 const struct compat_itimerspec __user *, utmr,
565 struct compat_itimerspec __user *, otmr)
566{
567 struct itimerspec64 new, old;
568 int ret;
569
570 if (get_compat_itimerspec64(&new, utmr))
571 return -EFAULT;
572 ret = do_timerfd_settime(ufd, flags, &new, &old);
573 if (ret)
574 return ret;
575 if (otmr && put_compat_itimerspec64(&old, otmr))
576 return -EFAULT;
577 return ret;
578}
579
580COMPAT_SYSCALL_DEFINE2(timerfd_gettime, int, ufd,
581 struct compat_itimerspec __user *, otmr)
582{
583 struct itimerspec64 kotmr;
584 int ret = do_timerfd_gettime(ufd, &kotmr);
585 if (ret)
586 return ret;
587 return put_compat_itimerspec64(&kotmr, otmr) ? -EFAULT : 0;
588}
589#endif