security/inode.c
Source file repositories/reference/linux-study-clean/security/inode.c
File Facts
- System
- Linux kernel
- Corpus path
security/inode.c- Extension
.c- Size
- 11594 bytes
- Lines
- 381
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: operation-table or driver-model contract
- Status
- pattern implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines an operation table; this is where Linux turns generic core objects into subsystem-specific behavior.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/sysfs.hlinux/kobject.hlinux/fs.hlinux/fs_context.hlinux/mount.hlinux/pagemap.hlinux/init.hlinux/namei.hlinux/security.hlinux/lsm_hooks.hlinux/magic.hlsm.hlinux/spinlock.h
Detected Declarations
function securityfs_free_inodefunction securityfs_fill_superfunction securityfs_get_treefunction securityfs_init_fs_contextfunction openfunction openfunction securityfs_removefunction securityfs_removefunction remove_onefunction securityfs_removefunction lsm_readfunction securityfs_initexport securityfs_create_fileexport securityfs_create_direxport securityfs_create_symlinkexport securityfs_remove
Annotated Snippet
* @fops: a pointer to a struct file_operations that should be used for
* this file.
* @iops: a point to a struct of inode_operations that should be used for
* this file/dir
*
* This is the basic "create a file/dir/symlink" function for
* securityfs. It allows for a wide range of flexibility in creating
* a file, or a directory (if you want to create a directory, the
* securityfs_create_dir() function is recommended to be used
* instead).
*
* This function returns a pointer to a dentry if it succeeds. This
* pointer must be passed to the securityfs_remove() function when the
* file is to be removed (no automatic cleanup happens if your module
* is unloaded, you are responsible here). If an error occurs, the
* function will return the error value (via ERR_PTR).
*
* If securityfs is not enabled in the kernel, the value %-ENODEV is
* returned.
*/
static struct dentry *securityfs_create_dentry(const char *name, umode_t mode,
struct dentry *parent, void *data,
const struct file_operations *fops,
const struct inode_operations *iops)
{
struct dentry *dentry;
struct inode *dir, *inode;
int error;
bool pinned = false;
if (!(mode & S_IFMT))
mode = (mode & S_IALLUGO) | S_IFREG;
pr_debug("securityfs: creating file '%s'\n",name);
if (!parent) {
error = simple_pin_fs(&fs_type, &mount, &mount_count);
if (error)
return ERR_PTR(error);
pinned = true;
parent = mount->mnt_root;
}
inode = new_inode(parent->d_sb);
if (unlikely(!inode)) {
dentry = ERR_PTR(-ENOMEM);
goto out;
}
dir = d_inode(parent);
dentry = simple_start_creating(parent, name);
if (IS_ERR(dentry)) {
iput(inode);
goto out;
}
inode->i_ino = get_next_ino();
inode->i_mode = mode;
simple_inode_init_ts(inode);
inode->i_private = data;
if (S_ISDIR(mode)) {
inode->i_op = &simple_dir_inode_operations;
inode->i_fop = &simple_dir_operations;
inc_nlink(inode);
inc_nlink(dir);
} else if (S_ISLNK(mode)) {
inode->i_op = iops ? iops : &simple_symlink_inode_operations;
inode->i_link = data;
} else {
inode->i_fop = fops;
}
d_make_persistent(dentry, inode);
simple_done_creating(dentry);
return dentry; // borrowed
out:
if (pinned)
simple_release_fs(&mount, &mount_count);
return dentry;
}
/**
* securityfs_create_file - create a file in the securityfs filesystem
*
* @name: a pointer to a string containing the name of the file to create.
* @mode: the permission that the file should have
* @parent: a pointer to the parent dentry for this file. This should be a
* directory dentry if set. If this parameter is %NULL, then the
* file will be created in the root of the securityfs filesystem.
* @data: a pointer to something that the caller will want to get to later
Annotation
- Immediate include surface: `linux/sysfs.h`, `linux/kobject.h`, `linux/fs.h`, `linux/fs_context.h`, `linux/mount.h`, `linux/pagemap.h`, `linux/init.h`, `linux/namei.h`.
- Detected declarations: `function securityfs_free_inode`, `function securityfs_fill_super`, `function securityfs_get_tree`, `function securityfs_init_fs_context`, `function open`, `function open`, `function securityfs_remove`, `function securityfs_remove`, `function remove_one`, `function securityfs_remove`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: pattern implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.