binderfs.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786
  1. // SPDX-License-Identifier: GPL-2.0
  2. #include <linux/compiler_types.h>
  3. #include <linux/errno.h>
  4. #include <linux/fs.h>
  5. #include <linux/fsnotify.h>
  6. #include <linux/gfp.h>
  7. #include <linux/idr.h>
  8. #include <linux/init.h>
  9. #include <linux/ipc_namespace.h>
  10. #include <linux/kdev_t.h>
  11. #include <linux/kernel.h>
  12. #include <linux/list.h>
  13. #include <linux/namei.h>
  14. #include <linux/magic.h>
  15. #include <linux/major.h>
  16. #include <linux/miscdevice.h>
  17. #include <linux/module.h>
  18. #include <linux/mutex.h>
  19. #include <linux/mount.h>
  20. #include <linux/fs_parser.h>
  21. #include <linux/sched.h>
  22. #include <linux/seq_file.h>
  23. #include <linux/slab.h>
  24. #include <linux/spinlock_types.h>
  25. #include <linux/stddef.h>
  26. #include <linux/string.h>
  27. #include <linux/types.h>
  28. #include <linux/uaccess.h>
  29. #include <linux/user_namespace.h>
  30. #include <linux/xarray.h>
  31. #include <uapi/linux/android/binder.h>
  32. #include <uapi/linux/android/binderfs.h>
  33. #include "binder_internal.h"
  34. #define FIRST_INODE 1
  35. #define SECOND_INODE 2
  36. #define INODE_OFFSET 3
  37. #define BINDERFS_MAX_MINOR (1U << MINORBITS)
  38. /* Ensure that the initial ipc namespace always has devices available. */
  39. #define BINDERFS_MAX_MINOR_CAPPED (BINDERFS_MAX_MINOR - 4)
  40. static dev_t binderfs_dev;
  41. static DEFINE_MUTEX(binderfs_minors_mutex);
  42. static DEFINE_IDA(binderfs_minors);
  43. enum binderfs_param {
  44. Opt_max,
  45. Opt_stats_mode,
  46. };
  47. enum binderfs_stats_mode {
  48. binderfs_stats_mode_unset,
  49. binderfs_stats_mode_global,
  50. };
  51. struct binder_features {
  52. bool oneway_spam_detection;
  53. bool extended_error;
  54. bool freeze_notification;
  55. bool transaction_report;
  56. };
  57. static const struct constant_table binderfs_param_stats[] = {
  58. { "global", binderfs_stats_mode_global },
  59. {}
  60. };
  61. static const struct fs_parameter_spec binderfs_fs_parameters[] = {
  62. fsparam_u32("max", Opt_max),
  63. fsparam_enum("stats", Opt_stats_mode, binderfs_param_stats),
  64. {}
  65. };
  66. static struct binder_features binder_features = {
  67. .oneway_spam_detection = true,
  68. .extended_error = true,
  69. .freeze_notification = true,
  70. .transaction_report = true,
  71. };
  72. static inline struct binderfs_info *BINDERFS_SB(const struct super_block *sb)
  73. {
  74. return sb->s_fs_info;
  75. }
  76. bool is_binderfs_device(const struct inode *inode)
  77. {
  78. if (inode->i_sb->s_magic == BINDERFS_SUPER_MAGIC)
  79. return true;
  80. return false;
  81. }
  82. /**
  83. * binderfs_binder_device_create - allocate inode from super block of a
  84. * binderfs mount
  85. * @ref_inode: inode from which the super block will be taken
  86. * @userp: buffer to copy information about new device for userspace to
  87. * @req: struct binderfs_device as copied from userspace
  88. *
  89. * This function allocates a new binder_device and reserves a new minor
  90. * number for it.
  91. * Minor numbers are limited and tracked globally in binderfs_minors. The
  92. * function will stash a struct binder_device for the specific binder
  93. * device in i_private of the inode.
  94. * It will go on to allocate a new inode from the super block of the
  95. * filesystem mount, stash a struct binder_device in its i_private field
  96. * and attach a dentry to that inode.
  97. *
  98. * Return: 0 on success, negative errno on failure
  99. */
  100. static int binderfs_binder_device_create(struct inode *ref_inode,
  101. struct binderfs_device __user *userp,
  102. struct binderfs_device *req)
  103. {
  104. int minor, ret;
  105. struct dentry *dentry, *root;
  106. struct binder_device *device;
  107. char *name = NULL;
  108. struct inode *inode = NULL;
  109. struct super_block *sb = ref_inode->i_sb;
  110. struct binderfs_info *info = sb->s_fs_info;
  111. #if defined(CONFIG_IPC_NS)
  112. bool use_reserve = (info->ipc_ns == &init_ipc_ns);
  113. #else
  114. bool use_reserve = true;
  115. #endif
  116. /* Reserve new minor number for the new device. */
  117. mutex_lock(&binderfs_minors_mutex);
  118. if (++info->device_count <= info->mount_opts.max)
  119. minor = ida_alloc_max(&binderfs_minors,
  120. use_reserve ? BINDERFS_MAX_MINOR - 1 :
  121. BINDERFS_MAX_MINOR_CAPPED - 1,
  122. GFP_KERNEL);
  123. else
  124. minor = -ENOSPC;
  125. if (minor < 0) {
  126. --info->device_count;
  127. mutex_unlock(&binderfs_minors_mutex);
  128. return minor;
  129. }
  130. mutex_unlock(&binderfs_minors_mutex);
  131. ret = -ENOMEM;
  132. device = kzalloc_obj(*device);
  133. if (!device)
  134. goto err;
  135. inode = new_inode(sb);
  136. if (!inode)
  137. goto err;
  138. inode->i_ino = minor + INODE_OFFSET;
  139. simple_inode_init_ts(inode);
  140. init_special_inode(inode, S_IFCHR | 0600,
  141. MKDEV(MAJOR(binderfs_dev), minor));
  142. inode->i_fop = &binder_fops;
  143. inode->i_uid = info->root_uid;
  144. inode->i_gid = info->root_gid;
  145. req->name[BINDERFS_MAX_NAME] = '\0'; /* NUL-terminate */
  146. name = kstrdup(req->name, GFP_KERNEL);
  147. if (!name)
  148. goto err;
  149. refcount_set(&device->ref, 1);
  150. device->binderfs_inode = inode;
  151. device->context.binder_context_mgr_uid = INVALID_UID;
  152. device->context.name = name;
  153. device->miscdev.name = name;
  154. device->miscdev.minor = minor;
  155. mutex_init(&device->context.context_mgr_node_lock);
  156. req->major = MAJOR(binderfs_dev);
  157. req->minor = minor;
  158. if (userp && copy_to_user(userp, req, sizeof(*req))) {
  159. ret = -EFAULT;
  160. goto err;
  161. }
  162. root = sb->s_root;
  163. dentry = simple_start_creating(root, name);
  164. if (IS_ERR(dentry)) {
  165. ret = PTR_ERR(dentry);
  166. goto err;
  167. }
  168. inode->i_private = device;
  169. d_make_persistent(dentry, inode);
  170. fsnotify_create(root->d_inode, dentry);
  171. simple_done_creating(dentry);
  172. binder_add_device(device);
  173. return 0;
  174. err:
  175. kfree(name);
  176. kfree(device);
  177. mutex_lock(&binderfs_minors_mutex);
  178. --info->device_count;
  179. ida_free(&binderfs_minors, minor);
  180. mutex_unlock(&binderfs_minors_mutex);
  181. iput(inode);
  182. return ret;
  183. }
  184. /**
  185. * binder_ctl_ioctl - handle binder device node allocation requests
  186. * @file: The file pointer for the binder-control device node.
  187. * @cmd: The ioctl command.
  188. * @arg: The ioctl argument.
  189. *
  190. * The request handler for the binder-control device. All requests operate on
  191. * the binderfs mount the binder-control device resides in:
  192. * - BINDER_CTL_ADD
  193. * Allocate a new binder device.
  194. *
  195. * Return: %0 on success, negative errno on failure.
  196. */
  197. static long binder_ctl_ioctl(struct file *file, unsigned int cmd,
  198. unsigned long arg)
  199. {
  200. int ret = -EINVAL;
  201. struct inode *inode = file_inode(file);
  202. struct binderfs_device __user *device = (struct binderfs_device __user *)arg;
  203. struct binderfs_device device_req;
  204. switch (cmd) {
  205. case BINDER_CTL_ADD:
  206. ret = copy_from_user(&device_req, device, sizeof(device_req));
  207. if (ret) {
  208. ret = -EFAULT;
  209. break;
  210. }
  211. ret = binderfs_binder_device_create(inode, device, &device_req);
  212. break;
  213. default:
  214. break;
  215. }
  216. return ret;
  217. }
  218. static void binderfs_evict_inode(struct inode *inode)
  219. {
  220. struct binder_device *device = inode->i_private;
  221. struct binderfs_info *info = BINDERFS_SB(inode->i_sb);
  222. clear_inode(inode);
  223. if (!S_ISCHR(inode->i_mode) || !device)
  224. return;
  225. mutex_lock(&binderfs_minors_mutex);
  226. --info->device_count;
  227. ida_free(&binderfs_minors, device->miscdev.minor);
  228. mutex_unlock(&binderfs_minors_mutex);
  229. if (refcount_dec_and_test(&device->ref)) {
  230. binder_remove_device(device);
  231. kfree(device->context.name);
  232. kfree(device);
  233. }
  234. }
  235. static int binderfs_fs_context_parse_param(struct fs_context *fc,
  236. struct fs_parameter *param)
  237. {
  238. int opt;
  239. struct binderfs_mount_opts *ctx = fc->fs_private;
  240. struct fs_parse_result result;
  241. opt = fs_parse(fc, binderfs_fs_parameters, param, &result);
  242. if (opt < 0)
  243. return opt;
  244. switch (opt) {
  245. case Opt_max:
  246. if (result.uint_32 > BINDERFS_MAX_MINOR)
  247. return invalfc(fc, "Bad value for '%s'", param->key);
  248. ctx->max = result.uint_32;
  249. break;
  250. case Opt_stats_mode:
  251. if (!capable(CAP_SYS_ADMIN))
  252. return -EPERM;
  253. ctx->stats_mode = result.uint_32;
  254. break;
  255. default:
  256. return invalfc(fc, "Unsupported parameter '%s'", param->key);
  257. }
  258. return 0;
  259. }
  260. static int binderfs_fs_context_reconfigure(struct fs_context *fc)
  261. {
  262. struct binderfs_mount_opts *ctx = fc->fs_private;
  263. struct binderfs_info *info = BINDERFS_SB(fc->root->d_sb);
  264. if (info->mount_opts.stats_mode != ctx->stats_mode)
  265. return invalfc(fc, "Binderfs stats mode cannot be changed during a remount");
  266. info->mount_opts.stats_mode = ctx->stats_mode;
  267. info->mount_opts.max = ctx->max;
  268. return 0;
  269. }
  270. static int binderfs_show_options(struct seq_file *seq, struct dentry *root)
  271. {
  272. struct binderfs_info *info = BINDERFS_SB(root->d_sb);
  273. if (info->mount_opts.max <= BINDERFS_MAX_MINOR)
  274. seq_printf(seq, ",max=%d", info->mount_opts.max);
  275. switch (info->mount_opts.stats_mode) {
  276. case binderfs_stats_mode_unset:
  277. break;
  278. case binderfs_stats_mode_global:
  279. seq_printf(seq, ",stats=global");
  280. break;
  281. }
  282. return 0;
  283. }
  284. static const struct super_operations binderfs_super_ops = {
  285. .evict_inode = binderfs_evict_inode,
  286. .show_options = binderfs_show_options,
  287. .statfs = simple_statfs,
  288. };
  289. static inline bool is_binderfs_control_device(const struct dentry *dentry)
  290. {
  291. struct binderfs_info *info = dentry->d_sb->s_fs_info;
  292. return info->control_dentry == dentry;
  293. }
  294. static int binderfs_rename(struct mnt_idmap *idmap,
  295. struct inode *old_dir, struct dentry *old_dentry,
  296. struct inode *new_dir, struct dentry *new_dentry,
  297. unsigned int flags)
  298. {
  299. if (is_binderfs_control_device(old_dentry) ||
  300. is_binderfs_control_device(new_dentry))
  301. return -EPERM;
  302. return simple_rename(idmap, old_dir, old_dentry, new_dir,
  303. new_dentry, flags);
  304. }
  305. static int binderfs_unlink(struct inode *dir, struct dentry *dentry)
  306. {
  307. if (is_binderfs_control_device(dentry))
  308. return -EPERM;
  309. return simple_unlink(dir, dentry);
  310. }
  311. static const struct file_operations binder_ctl_fops = {
  312. .owner = THIS_MODULE,
  313. .open = nonseekable_open,
  314. .unlocked_ioctl = binder_ctl_ioctl,
  315. .compat_ioctl = binder_ctl_ioctl,
  316. .llseek = noop_llseek,
  317. };
  318. /**
  319. * binderfs_binder_ctl_create - create a new binder-control device
  320. * @sb: super block of the binderfs mount
  321. *
  322. * This function creates a new binder-control device node in the binderfs mount
  323. * referred to by @sb.
  324. *
  325. * Return: 0 on success, negative errno on failure
  326. */
  327. static int binderfs_binder_ctl_create(struct super_block *sb)
  328. {
  329. int minor, ret;
  330. struct dentry *dentry;
  331. struct binder_device *device;
  332. struct inode *inode = NULL;
  333. struct dentry *root = sb->s_root;
  334. struct binderfs_info *info = sb->s_fs_info;
  335. #if defined(CONFIG_IPC_NS)
  336. bool use_reserve = (info->ipc_ns == &init_ipc_ns);
  337. #else
  338. bool use_reserve = true;
  339. #endif
  340. device = kzalloc_obj(*device);
  341. if (!device)
  342. return -ENOMEM;
  343. ret = -ENOMEM;
  344. inode = new_inode(sb);
  345. if (!inode)
  346. goto out;
  347. /* Reserve a new minor number for the new device. */
  348. mutex_lock(&binderfs_minors_mutex);
  349. minor = ida_alloc_max(&binderfs_minors,
  350. use_reserve ? BINDERFS_MAX_MINOR - 1 :
  351. BINDERFS_MAX_MINOR_CAPPED - 1,
  352. GFP_KERNEL);
  353. mutex_unlock(&binderfs_minors_mutex);
  354. if (minor < 0) {
  355. ret = minor;
  356. goto out;
  357. }
  358. inode->i_ino = SECOND_INODE;
  359. simple_inode_init_ts(inode);
  360. init_special_inode(inode, S_IFCHR | 0600,
  361. MKDEV(MAJOR(binderfs_dev), minor));
  362. inode->i_fop = &binder_ctl_fops;
  363. inode->i_uid = info->root_uid;
  364. inode->i_gid = info->root_gid;
  365. refcount_set(&device->ref, 1);
  366. device->binderfs_inode = inode;
  367. device->miscdev.minor = minor;
  368. dentry = d_alloc_name(root, "binder-control");
  369. if (!dentry)
  370. goto out;
  371. inode->i_private = device;
  372. info->control_dentry = dentry;
  373. d_make_persistent(dentry, inode);
  374. dput(dentry);
  375. return 0;
  376. out:
  377. kfree(device);
  378. iput(inode);
  379. return ret;
  380. }
  381. static const struct inode_operations binderfs_dir_inode_operations = {
  382. .lookup = simple_lookup,
  383. .rename = binderfs_rename,
  384. .unlink = binderfs_unlink,
  385. };
  386. static struct inode *binderfs_make_inode(struct super_block *sb, int mode)
  387. {
  388. struct inode *ret;
  389. ret = new_inode(sb);
  390. if (ret) {
  391. ret->i_ino = iunique(sb, BINDERFS_MAX_MINOR + INODE_OFFSET);
  392. ret->i_mode = mode;
  393. simple_inode_init_ts(ret);
  394. }
  395. return ret;
  396. }
  397. struct dentry *binderfs_create_file(struct dentry *parent, const char *name,
  398. const struct file_operations *fops,
  399. void *data)
  400. {
  401. struct dentry *dentry;
  402. struct inode *new_inode, *parent_inode;
  403. struct super_block *sb;
  404. parent_inode = d_inode(parent);
  405. dentry = simple_start_creating(parent, name);
  406. if (IS_ERR(dentry))
  407. return dentry;
  408. sb = parent_inode->i_sb;
  409. new_inode = binderfs_make_inode(sb, S_IFREG | 0444);
  410. if (!new_inode) {
  411. simple_done_creating(dentry);
  412. return ERR_PTR(-ENOMEM);
  413. }
  414. new_inode->i_fop = fops;
  415. new_inode->i_private = data;
  416. d_make_persistent(dentry, new_inode);
  417. fsnotify_create(parent_inode, dentry);
  418. simple_done_creating(dentry);
  419. return dentry; // borrowed
  420. }
  421. static struct dentry *binderfs_create_dir(struct dentry *parent,
  422. const char *name)
  423. {
  424. struct dentry *dentry;
  425. struct inode *new_inode, *parent_inode;
  426. struct super_block *sb;
  427. parent_inode = d_inode(parent);
  428. dentry = simple_start_creating(parent, name);
  429. if (IS_ERR(dentry))
  430. return dentry;
  431. sb = parent_inode->i_sb;
  432. new_inode = binderfs_make_inode(sb, S_IFDIR | 0755);
  433. if (!new_inode) {
  434. simple_done_creating(dentry);
  435. return ERR_PTR(-ENOMEM);
  436. }
  437. new_inode->i_fop = &simple_dir_operations;
  438. new_inode->i_op = &simple_dir_inode_operations;
  439. set_nlink(new_inode, 2);
  440. d_make_persistent(dentry, new_inode);
  441. inc_nlink(parent_inode);
  442. fsnotify_mkdir(parent_inode, dentry);
  443. simple_done_creating(dentry);
  444. return dentry;
  445. }
  446. static int binder_features_show(struct seq_file *m, void *unused)
  447. {
  448. bool *feature = m->private;
  449. seq_printf(m, "%d\n", *feature);
  450. return 0;
  451. }
  452. DEFINE_SHOW_ATTRIBUTE(binder_features);
  453. static int init_binder_features(struct super_block *sb)
  454. {
  455. struct dentry *dentry, *dir;
  456. dir = binderfs_create_dir(sb->s_root, "features");
  457. if (IS_ERR(dir))
  458. return PTR_ERR(dir);
  459. dentry = binderfs_create_file(dir, "oneway_spam_detection",
  460. &binder_features_fops,
  461. &binder_features.oneway_spam_detection);
  462. if (IS_ERR(dentry))
  463. return PTR_ERR(dentry);
  464. dentry = binderfs_create_file(dir, "extended_error",
  465. &binder_features_fops,
  466. &binder_features.extended_error);
  467. if (IS_ERR(dentry))
  468. return PTR_ERR(dentry);
  469. dentry = binderfs_create_file(dir, "freeze_notification",
  470. &binder_features_fops,
  471. &binder_features.freeze_notification);
  472. if (IS_ERR(dentry))
  473. return PTR_ERR(dentry);
  474. dentry = binderfs_create_file(dir, "transaction_report",
  475. &binder_features_fops,
  476. &binder_features.transaction_report);
  477. if (IS_ERR(dentry))
  478. return PTR_ERR(dentry);
  479. return 0;
  480. }
  481. static int init_binder_logs(struct super_block *sb)
  482. {
  483. struct dentry *binder_logs_root_dir, *dentry, *proc_log_dir;
  484. const struct binder_debugfs_entry *db_entry;
  485. struct binderfs_info *info;
  486. int ret = 0;
  487. binder_logs_root_dir = binderfs_create_dir(sb->s_root,
  488. "binder_logs");
  489. if (IS_ERR(binder_logs_root_dir)) {
  490. ret = PTR_ERR(binder_logs_root_dir);
  491. goto out;
  492. }
  493. binder_for_each_debugfs_entry(db_entry) {
  494. dentry = binderfs_create_file(binder_logs_root_dir,
  495. db_entry->name,
  496. db_entry->fops,
  497. db_entry->data);
  498. if (IS_ERR(dentry)) {
  499. ret = PTR_ERR(dentry);
  500. goto out;
  501. }
  502. }
  503. proc_log_dir = binderfs_create_dir(binder_logs_root_dir, "proc");
  504. if (IS_ERR(proc_log_dir)) {
  505. ret = PTR_ERR(proc_log_dir);
  506. goto out;
  507. }
  508. info = sb->s_fs_info;
  509. info->proc_log_dir = proc_log_dir;
  510. out:
  511. return ret;
  512. }
  513. static int binderfs_fill_super(struct super_block *sb, struct fs_context *fc)
  514. {
  515. int ret;
  516. struct binderfs_info *info;
  517. struct binderfs_mount_opts *ctx = fc->fs_private;
  518. struct inode *inode = NULL;
  519. struct binderfs_device device_info = {};
  520. const char *name;
  521. size_t len;
  522. sb->s_blocksize = PAGE_SIZE;
  523. sb->s_blocksize_bits = PAGE_SHIFT;
  524. /*
  525. * The binderfs filesystem can be mounted by userns root in a
  526. * non-initial userns. By default such mounts have the SB_I_NODEV flag
  527. * set in s_iflags to prevent security issues where userns root can
  528. * just create random device nodes via mknod() since it owns the
  529. * filesystem mount. But binderfs does not allow to create any files
  530. * including devices nodes. The only way to create binder devices nodes
  531. * is through the binder-control device which userns root is explicitly
  532. * allowed to do. So removing the SB_I_NODEV flag from s_iflags is both
  533. * necessary and safe.
  534. */
  535. sb->s_iflags &= ~SB_I_NODEV;
  536. sb->s_iflags |= SB_I_NOEXEC;
  537. sb->s_magic = BINDERFS_SUPER_MAGIC;
  538. sb->s_op = &binderfs_super_ops;
  539. sb->s_time_gran = 1;
  540. sb->s_fs_info = kzalloc_obj(struct binderfs_info);
  541. if (!sb->s_fs_info)
  542. return -ENOMEM;
  543. info = sb->s_fs_info;
  544. info->ipc_ns = get_ipc_ns(current->nsproxy->ipc_ns);
  545. info->root_gid = make_kgid(sb->s_user_ns, 0);
  546. if (!gid_valid(info->root_gid))
  547. info->root_gid = GLOBAL_ROOT_GID;
  548. info->root_uid = make_kuid(sb->s_user_ns, 0);
  549. if (!uid_valid(info->root_uid))
  550. info->root_uid = GLOBAL_ROOT_UID;
  551. info->mount_opts.max = ctx->max;
  552. info->mount_opts.stats_mode = ctx->stats_mode;
  553. inode = new_inode(sb);
  554. if (!inode)
  555. return -ENOMEM;
  556. inode->i_ino = FIRST_INODE;
  557. inode->i_fop = &simple_dir_operations;
  558. inode->i_mode = S_IFDIR | 0755;
  559. simple_inode_init_ts(inode);
  560. inode->i_op = &binderfs_dir_inode_operations;
  561. set_nlink(inode, 2);
  562. sb->s_root = d_make_root(inode);
  563. if (!sb->s_root)
  564. return -ENOMEM;
  565. ret = binderfs_binder_ctl_create(sb);
  566. if (ret)
  567. return ret;
  568. name = binder_devices_param;
  569. for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
  570. strscpy(device_info.name, name, len + 1);
  571. ret = binderfs_binder_device_create(inode, NULL, &device_info);
  572. if (ret)
  573. return ret;
  574. name += len;
  575. if (*name == ',')
  576. name++;
  577. }
  578. ret = init_binder_features(sb);
  579. if (ret)
  580. return ret;
  581. if (info->mount_opts.stats_mode == binderfs_stats_mode_global)
  582. return init_binder_logs(sb);
  583. return 0;
  584. }
  585. static int binderfs_fs_context_get_tree(struct fs_context *fc)
  586. {
  587. return get_tree_nodev(fc, binderfs_fill_super);
  588. }
  589. static void binderfs_fs_context_free(struct fs_context *fc)
  590. {
  591. struct binderfs_mount_opts *ctx = fc->fs_private;
  592. kfree(ctx);
  593. }
  594. static const struct fs_context_operations binderfs_fs_context_ops = {
  595. .free = binderfs_fs_context_free,
  596. .get_tree = binderfs_fs_context_get_tree,
  597. .parse_param = binderfs_fs_context_parse_param,
  598. .reconfigure = binderfs_fs_context_reconfigure,
  599. };
  600. static int binderfs_init_fs_context(struct fs_context *fc)
  601. {
  602. struct binderfs_mount_opts *ctx;
  603. ctx = kzalloc_obj(struct binderfs_mount_opts);
  604. if (!ctx)
  605. return -ENOMEM;
  606. ctx->max = BINDERFS_MAX_MINOR;
  607. ctx->stats_mode = binderfs_stats_mode_unset;
  608. fc->fs_private = ctx;
  609. fc->ops = &binderfs_fs_context_ops;
  610. return 0;
  611. }
  612. static void binderfs_kill_super(struct super_block *sb)
  613. {
  614. struct binderfs_info *info = sb->s_fs_info;
  615. /*
  616. * During inode eviction struct binderfs_info is needed.
  617. * So first wipe the super_block then free struct binderfs_info.
  618. */
  619. kill_anon_super(sb);
  620. if (info && info->ipc_ns)
  621. put_ipc_ns(info->ipc_ns);
  622. kfree(info);
  623. }
  624. static struct file_system_type binder_fs_type = {
  625. .name = "binder",
  626. .init_fs_context = binderfs_init_fs_context,
  627. .parameters = binderfs_fs_parameters,
  628. .kill_sb = binderfs_kill_super,
  629. .fs_flags = FS_USERNS_MOUNT,
  630. };
  631. int __init init_binderfs(void)
  632. {
  633. int ret;
  634. const char *name;
  635. size_t len;
  636. /* Verify that the default binderfs device names are valid. */
  637. name = binder_devices_param;
  638. for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
  639. if (len > BINDERFS_MAX_NAME)
  640. return -E2BIG;
  641. name += len;
  642. if (*name == ',')
  643. name++;
  644. }
  645. /* Allocate new major number for binderfs. */
  646. ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR,
  647. "binder");
  648. if (ret)
  649. return ret;
  650. ret = register_filesystem(&binder_fs_type);
  651. if (ret) {
  652. unregister_chrdev_region(binderfs_dev, BINDERFS_MAX_MINOR);
  653. return ret;
  654. }
  655. return ret;
  656. }