projects / mirror_ubuntu-jammy-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 2b188cc1 JA |
1 | // SPDX-License-Identifier: GPL-2.0 |
| 2 | /* | |
| 3 | * Shared application/kernel submission and completion ring pairs, for | |
| 4 | * supporting fast/efficient IO. | |
| 5 | * | |
| 6 | * A note on the read/write ordering memory barriers that are matched between | |
| 1e84b97b SB |
7 | * the application and kernel side. |
| 8 | * | |
| 9 | * After the application reads the CQ ring tail, it must use an | |
| 10 | * appropriate smp_rmb() to pair with the smp_wmb() the kernel uses | |
| 11 | * before writing the tail (using smp_load_acquire to read the tail will | |
| 12 | * do). It also needs a smp_mb() before updating CQ head (ordering the | |
| 13 | * entry load(s) with the head store), pairing with an implicit barrier | |
| 14 | * through a control-dependency in io_get_cqring (smp_store_release to | |
| 15 | * store head will do). Failure to do so could lead to reading invalid | |
| 16 | * CQ entries. | |
| 17 | * | |
| 18 | * Likewise, the application must use an appropriate smp_wmb() before | |
| 19 | * writing the SQ tail (ordering SQ entry stores with the tail store), | |
| 20 | * which pairs with smp_load_acquire in io_get_sqring (smp_store_release | |
| 21 | * to store the tail will do). And it needs a barrier ordering the SQ | |
| 22 | * head load before writing new SQ entries (smp_load_acquire to read | |
| 23 | * head will do). | |
| 24 | * | |
| 25 | * When using the SQ poll thread (IORING_SETUP_SQPOLL), the application | |
| 26 | * needs to check the SQ flags for IORING_SQ_NEED_WAKEUP *after* | |
| 27 | * updating the SQ tail; a full memory barrier smp_mb() is needed | |
| 28 | * between. | |
| 2b188cc1 JA |
29 | * |
| 30 | * Also see the examples in the liburing library: | |
| 31 | * | |
| 32 | * git://git.kernel.dk/liburing | |
| 33 | * | |
| 34 | * io_uring also uses READ/WRITE_ONCE() for _any_ store or load that happens | |
| 35 | * from data shared between the kernel and application. This is done both | |
| 36 | * for ordering purposes, but also to ensure that once a value is loaded from | |
| 37 | * data that the application could potentially modify, it remains stable. | |
| 38 | * | |
| 39 | * Copyright (C) 2018-2019 Jens Axboe | |
| c992fe29 | 40 | * Copyright (c) 2018-2019 Christoph Hellwig |
| 2b188cc1 JA |
41 | */ |
| 42 | #include <linux/kernel.h> | |
| 43 | #include <linux/init.h> | |
| 44 | #include <linux/errno.h> | |
| 45 | #include <linux/syscalls.h> | |
| 46 | #include <linux/compat.h> | |
| 52de1fe1 | 47 | #include <net/compat.h> |
| 2b188cc1 JA |
48 | #include <linux/refcount.h> |
| 49 | #include <linux/uio.h> | |
| 6b47ee6e | 50 | #include <linux/bits.h> |
| 2b188cc1 JA |
51 | |
| 52 | #include <linux/sched/signal.h> | |
| 53 | #include <linux/fs.h> | |
| 54 | #include <linux/file.h> | |
| 55 | #include <linux/fdtable.h> | |
| 56 | #include <linux/mm.h> | |
| 57 | #include <linux/mman.h> | |
| 2b188cc1 JA |
58 | #include <linux/percpu.h> |
| 59 | #include <linux/slab.h> | |
| 2b188cc1 | 60 | #include <linux/blkdev.h> |
| edafccee | 61 | #include <linux/bvec.h> |
| 2b188cc1 JA |
62 | #include <linux/net.h> |
| 63 | #include <net/sock.h> | |
| 64 | #include <net/af_unix.h> | |
| 6b06314c | 65 | #include <net/scm.h> |
| 2b188cc1 JA |
66 | #include <linux/anon_inodes.h> |
| 67 | #include <linux/sched/mm.h> | |
| 68 | #include <linux/uaccess.h> | |
| 69 | #include <linux/nospec.h> | |
| edafccee JA |
70 | #include <linux/sizes.h> |
| 71 | #include <linux/hugetlb.h> | |
| aa4c3967 | 72 | #include <linux/highmem.h> |
| 15b71abe JA |
73 | #include <linux/namei.h> |
| 74 | #include <linux/fsnotify.h> | |
| 4840e418 | 75 | #include <linux/fadvise.h> |
| 3e4827b0 | 76 | #include <linux/eventpoll.h> |
| 7d67af2c | 77 | #include <linux/splice.h> |
| b41e9852 | 78 | #include <linux/task_work.h> |
| bcf5a063 | 79 | #include <linux/pagemap.h> |
| 0f212204 | 80 | #include <linux/io_uring.h> |
| e4b4a13f | 81 | #include <linux/freezer.h> |
| 2b188cc1 | 82 | |
| c826bd7a DD |
83 | #define CREATE_TRACE_POINTS |
| 84 | #include <trace/events/io_uring.h> | |
| 85 | ||
| 2b188cc1 JA |
86 | #include <uapi/linux/io_uring.h> |
| 87 | ||
| 88 | #include "internal.h" | |
| 561fb04a | 89 | #include "io-wq.h" |
| 2b188cc1 | 90 | |
| 5277deaa | 91 | #define IORING_MAX_ENTRIES 32768 |
| 33a107f0 | 92 | #define IORING_MAX_CQ_ENTRIES (2 * IORING_MAX_ENTRIES) |
| 65e19f54 JA |
93 | |
| 94 | /* | |
| 95 | * Shift of 9 is 512 entries, or exactly one page on 64-bit archs | |
| 96 | */ | |
| 97 | #define IORING_FILE_TABLE_SHIFT 9 | |
| 98 | #define IORING_MAX_FILES_TABLE (1U << IORING_FILE_TABLE_SHIFT) | |
| 99 | #define IORING_FILE_TABLE_MASK (IORING_MAX_FILES_TABLE - 1) | |
| 100 | #define IORING_MAX_FIXED_FILES (64 * IORING_MAX_FILES_TABLE) | |
| 21b55dbc SG |
101 | #define IORING_MAX_RESTRICTIONS (IORING_RESTRICTION_LAST + \ |
| 102 | IORING_REGISTER_LAST + IORING_OP_LAST) | |
| 2b188cc1 | 103 | |
| b16fed66 PB |
104 | #define SQE_VALID_FLAGS (IOSQE_FIXED_FILE|IOSQE_IO_DRAIN|IOSQE_IO_LINK| \ |
| 105 | IOSQE_IO_HARDLINK | IOSQE_ASYNC | \ | |
| 106 | IOSQE_BUFFER_SELECT) | |
| 107 | ||
| 2b188cc1 JA |
108 | struct io_uring { |
| 109 | u32 head ____cacheline_aligned_in_smp; | |
| 110 | u32 tail ____cacheline_aligned_in_smp; | |
| 111 | }; | |
| 112 | ||
| 1e84b97b | 113 | /* |
| 75b28aff HV |
114 | * This data is shared with the application through the mmap at offsets |
| 115 | * IORING_OFF_SQ_RING and IORING_OFF_CQ_RING. | |
| 1e84b97b SB |
116 | * |
| 117 | * The offsets to the member fields are published through struct | |
| 118 | * io_sqring_offsets when calling io_uring_setup. | |
| 119 | */ | |
| 75b28aff | 120 | struct io_rings { |
| 1e84b97b SB |
121 | /* |
| 122 | * Head and tail offsets into the ring; the offsets need to be | |
| 123 | * masked to get valid indices. | |
| 124 | * | |
| 75b28aff HV |
125 | * The kernel controls head of the sq ring and the tail of the cq ring, |
| 126 | * and the application controls tail of the sq ring and the head of the | |
| 127 | * cq ring. | |
| 1e84b97b | 128 | */ |
| 75b28aff | 129 | struct io_uring sq, cq; |
| 1e84b97b | 130 | /* |
| 75b28aff | 131 | * Bitmasks to apply to head and tail offsets (constant, equals |
| 1e84b97b SB |
132 | * ring_entries - 1) |
| 133 | */ | |
| 75b28aff HV |
134 | u32 sq_ring_mask, cq_ring_mask; |
| 135 | /* Ring sizes (constant, power of 2) */ | |
| 136 | u32 sq_ring_entries, cq_ring_entries; | |
| 1e84b97b SB |
137 | /* |
| 138 | * Number of invalid entries dropped by the kernel due to | |
| 139 | * invalid index stored in array | |
| 140 | * | |
| 141 | * Written by the kernel, shouldn't be modified by the | |
| 142 | * application (i.e. get number of "new events" by comparing to | |
| 143 | * cached value). | |
| 144 | * | |
| 145 | * After a new SQ head value was read by the application this | |
| 146 | * counter includes all submissions that were dropped reaching | |
| 147 | * the new SQ head (and possibly more). | |
| 148 | */ | |
| 75b28aff | 149 | u32 sq_dropped; |
| 1e84b97b | 150 | /* |
| 0d9b5b3a | 151 | * Runtime SQ flags |
| 1e84b97b SB |
152 | * |
| 153 | * Written by the kernel, shouldn't be modified by the | |
| 154 | * application. | |
| 155 | * | |
| 156 | * The application needs a full memory barrier before checking | |
| 157 | * for IORING_SQ_NEED_WAKEUP after updating the sq tail. | |
| 158 | */ | |
| 75b28aff | 159 | u32 sq_flags; |
| 0d9b5b3a SG |
160 | /* |
| 161 | * Runtime CQ flags | |
| 162 | * | |
| 163 | * Written by the application, shouldn't be modified by the | |
| 164 | * kernel. | |
| 165 | */ | |
| 166 | u32 cq_flags; | |
| 1e84b97b SB |
167 | /* |
| 168 | * Number of completion events lost because the queue was full; | |
| 169 | * this should be avoided by the application by making sure | |
| 0b4295b5 | 170 | * there are not more requests pending than there is space in |
| 1e84b97b SB |
171 | * the completion queue. |
| 172 | * | |
| 173 | * Written by the kernel, shouldn't be modified by the | |
| 174 | * application (i.e. get number of "new events" by comparing to | |
| 175 | * cached value). | |
| 176 | * | |
| 177 | * As completion events come in out of order this counter is not | |
| 178 | * ordered with any other data. | |
| 179 | */ | |
| 75b28aff | 180 | u32 cq_overflow; |
| 1e84b97b SB |
181 | /* |
| 182 | * Ring buffer of completion events. | |
| 183 | * | |
| 184 | * The kernel writes completion events fresh every time they are | |
| 185 | * produced, so the application is allowed to modify pending | |
| 186 | * entries. | |
| 187 | */ | |
| 75b28aff | 188 | struct io_uring_cqe cqes[] ____cacheline_aligned_in_smp; |
| 2b188cc1 JA |
189 | }; |
| 190 | ||
| 45d189c6 PB |
191 | enum io_uring_cmd_flags { |
| 192 | IO_URING_F_NONBLOCK = 1, | |
| 889fca73 | 193 | IO_URING_F_COMPLETE_DEFER = 2, |
| 45d189c6 PB |
194 | }; |
| 195 | ||
| edafccee JA |
196 | struct io_mapped_ubuf { |
| 197 | u64 ubuf; | |
| 198 | size_t len; | |
| 199 | struct bio_vec *bvec; | |
| 200 | unsigned int nr_bvecs; | |
| de293938 | 201 | unsigned long acct_pages; |
| edafccee JA |
202 | }; |
| 203 | ||
| 50238531 BM |
204 | struct io_ring_ctx; |
| 205 | ||
| 269bbe5f BM |
206 | struct io_rsrc_put { |
| 207 | struct list_head list; | |
| 50238531 BM |
208 | union { |
| 209 | void *rsrc; | |
| 210 | struct file *file; | |
| 211 | }; | |
| 269bbe5f BM |
212 | }; |
| 213 | ||
| 214 | struct fixed_rsrc_table { | |
| 65e19f54 | 215 | struct file **files; |
| 31b51510 JA |
216 | }; |
| 217 | ||
| 269bbe5f | 218 | struct fixed_rsrc_ref_node { |
| 05589553 XW |
219 | struct percpu_ref refs; |
| 220 | struct list_head node; | |
| 269bbe5f BM |
221 | struct list_head rsrc_list; |
| 222 | struct fixed_rsrc_data *rsrc_data; | |
| 50238531 BM |
223 | void (*rsrc_put)(struct io_ring_ctx *ctx, |
| 224 | struct io_rsrc_put *prsrc); | |
| 4a38aed2 | 225 | struct llist_node llist; |
| e297822b | 226 | bool done; |
| 05589553 XW |
227 | }; |
| 228 | ||
| 269bbe5f BM |
229 | struct fixed_rsrc_data { |
| 230 | struct fixed_rsrc_table *table; | |
| 05f3fb3c JA |
231 | struct io_ring_ctx *ctx; |
| 232 | ||
| 269bbe5f | 233 | struct fixed_rsrc_ref_node *node; |
| 05f3fb3c | 234 | struct percpu_ref refs; |
| 05f3fb3c | 235 | struct completion done; |
| 8bad28d8 | 236 | bool quiesce; |
| 05f3fb3c JA |
237 | }; |
| 238 | ||
| 5a2e745d JA |
239 | struct io_buffer { |
| 240 | struct list_head list; | |
| 241 | __u64 addr; | |
| 242 | __s32 len; | |
| 243 | __u16 bid; | |
| 244 | }; | |
| 245 | ||
| 21b55dbc SG |
246 | struct io_restriction { |
| 247 | DECLARE_BITMAP(register_op, IORING_REGISTER_LAST); | |
| 248 | DECLARE_BITMAP(sqe_op, IORING_OP_LAST); | |
| 249 | u8 sqe_flags_allowed; | |
| 250 | u8 sqe_flags_required; | |
| 7e84e1c7 | 251 | bool registered; |
| 21b55dbc SG |
252 | }; |
| 253 | ||
| 37d1e2e3 JA |
254 | enum { |
| 255 | IO_SQ_THREAD_SHOULD_STOP = 0, | |
| 256 | IO_SQ_THREAD_SHOULD_PARK, | |
| 257 | }; | |
| 258 | ||
| 534ca6d6 JA |
259 | struct io_sq_data { |
| 260 | refcount_t refs; | |
| 69fb2131 JA |
261 | struct mutex lock; |
| 262 | ||
| 263 | /* ctx's that are using this sqd */ | |
| 264 | struct list_head ctx_list; | |
| 265 | struct list_head ctx_new_list; | |
| 266 | struct mutex ctx_lock; | |
| 267 | ||
| 534ca6d6 JA |
268 | struct task_struct *thread; |
| 269 | struct wait_queue_head wait; | |
| 08369246 XW |
270 | |
| 271 | unsigned sq_thread_idle; | |
| 37d1e2e3 JA |
272 | int sq_cpu; |
| 273 | pid_t task_pid; | |
| 274 | ||
| 275 | unsigned long state; | |
| 276 | struct completion startup; | |
| 86e0d676 | 277 | struct completion parked; |
| 37d1e2e3 | 278 | struct completion exited; |
| 534ca6d6 JA |
279 | }; |
| 280 | ||
| 258b29a9 | 281 | #define IO_IOPOLL_BATCH 8 |
| 6dd0be1e | 282 | #define IO_COMPL_BATCH 32 |
| 6ff119a6 | 283 | #define IO_REQ_CACHE_SIZE 32 |
| bf019da7 | 284 | #define IO_REQ_ALLOC_BATCH 8 |
| 258b29a9 PB |
285 | |
| 286 | struct io_comp_state { | |
| 6dd0be1e | 287 | struct io_kiocb *reqs[IO_COMPL_BATCH]; |
| 1b4c351f | 288 | unsigned int nr; |
| c7dae4ba JA |
289 | unsigned int locked_free_nr; |
| 290 | /* inline/task_work completion list, under ->uring_lock */ | |
| 1b4c351f | 291 | struct list_head free_list; |
| c7dae4ba JA |
292 | /* IRQ completion list, under ->completion_lock */ |
| 293 | struct list_head locked_free_list; | |
| 258b29a9 PB |
294 | }; |
| 295 | ||
| a1ab7b35 PB |
296 | struct io_submit_link { |
| 297 | struct io_kiocb *head; | |
| 298 | struct io_kiocb *last; | |
| 299 | }; | |
| 300 | ||
| 258b29a9 PB |
301 | struct io_submit_state { |
| 302 | struct blk_plug plug; | |
| a1ab7b35 | 303 | struct io_submit_link link; |
| 258b29a9 PB |
304 | |
| 305 | /* | |
| 306 | * io_kiocb alloc cache | |
| 307 | */ | |
| bf019da7 | 308 | void *reqs[IO_REQ_CACHE_SIZE]; |
| 258b29a9 PB |
309 | unsigned int free_reqs; |
| 310 | ||
| 311 | bool plug_started; | |
| 312 | ||
| 313 | /* | |
| 314 | * Batch completion logic | |
| 315 | */ | |
| 316 | struct io_comp_state comp; | |
| 317 | ||
| 318 | /* | |
| 319 | * File reference cache | |
| 320 | */ | |
| 321 | struct file *file; | |
| 322 | unsigned int fd; | |
| 323 | unsigned int file_refs; | |
| 324 | unsigned int ios_left; | |
| 325 | }; | |
| 326 | ||
| 2b188cc1 JA |
327 | struct io_ring_ctx { |
| 328 | struct { | |
| 329 | struct percpu_ref refs; | |
| 330 | } ____cacheline_aligned_in_smp; | |
| 331 | ||
| 332 | struct { | |
| 333 | unsigned int flags; | |
| e1d85334 | 334 | unsigned int compat: 1; |
| e1d85334 RD |
335 | unsigned int cq_overflow_flushed: 1; |
| 336 | unsigned int drain_next: 1; | |
| 337 | unsigned int eventfd_async: 1; | |
| 21b55dbc | 338 | unsigned int restricted: 1; |
| 5f3f26f9 | 339 | unsigned int sqo_exec: 1; |
| 2b188cc1 | 340 | |
| 75b28aff HV |
341 | /* |
| 342 | * Ring buffer of indices into array of io_uring_sqe, which is | |
| 343 | * mmapped by the application using the IORING_OFF_SQES offset. | |
| 344 | * | |
| 345 | * This indirection could e.g. be used to assign fixed | |
| 346 | * io_uring_sqe entries to operations and only submit them to | |
| 347 | * the queue when needed. | |
| 348 | * | |
| 349 | * The kernel modifies neither the indices array nor the entries | |
| 350 | * array. | |
| 351 | */ | |
| 352 | u32 *sq_array; | |
| 2b188cc1 JA |
353 | unsigned cached_sq_head; |
| 354 | unsigned sq_entries; | |
| 355 | unsigned sq_mask; | |
| 6c271ce2 | 356 | unsigned sq_thread_idle; |
| 498ccd9e | 357 | unsigned cached_sq_dropped; |
| 2c3bac6d | 358 | unsigned cached_cq_overflow; |
| ad3eb2c8 | 359 | unsigned long sq_check_overflow; |
| de0617e4 | 360 | |
| e941894e JA |
361 | /* hashed buffered write serialization */ |
| 362 | struct io_wq_hash *hash_map; | |
| 363 | ||
| de0617e4 | 364 | struct list_head defer_list; |
| 5262f567 | 365 | struct list_head timeout_list; |
| 1d7bb1d5 | 366 | struct list_head cq_overflow_list; |
| fcb323cc | 367 | |
| ad3eb2c8 | 368 | struct io_uring_sqe *sq_sqes; |
| 2b188cc1 JA |
369 | } ____cacheline_aligned_in_smp; |
| 370 | ||
| 3c1a2ead JA |
371 | struct { |
| 372 | struct mutex uring_lock; | |
| 373 | wait_queue_head_t wait; | |
| 374 | } ____cacheline_aligned_in_smp; | |
| 375 | ||
| 376 | struct io_submit_state submit_state; | |
| 377 | ||
| 206aefde JA |
378 | struct io_rings *rings; |
| 379 | ||
| 2aede0e4 JA |
380 | /* Only used for accounting purposes */ |
| 381 | struct mm_struct *mm_account; | |
| 382 | ||
| 534ca6d6 JA |
383 | struct io_sq_data *sq_data; /* if using sq thread polling */ |
| 384 | ||
| 90554200 | 385 | struct wait_queue_head sqo_sq_wait; |
| 69fb2131 | 386 | struct list_head sqd_list; |
| 75b28aff | 387 | |
| 6b06314c JA |
388 | /* |
| 389 | * If used, fixed file set. Writers must ensure that ->refs is dead, | |
| 390 | * readers must ensure that ->refs is alive as long as the file* is | |
| 391 | * used. Only updated through io_uring_register(2). | |
| 392 | */ | |
| 269bbe5f | 393 | struct fixed_rsrc_data *file_data; |
| 6b06314c JA |
394 | unsigned nr_user_files; |
| 395 | ||
| edafccee JA |
396 | /* if used, fixed mapped user buffers */ |
| 397 | unsigned nr_user_bufs; | |
| 398 | struct io_mapped_ubuf *user_bufs; | |
| 399 | ||
| 2b188cc1 JA |
400 | struct user_struct *user; |
| 401 | ||
| 0f158b4c JA |
402 | struct completion ref_comp; |
| 403 | struct completion sq_thread_comp; | |
| 206aefde JA |
404 | |
| 405 | #if defined(CONFIG_UNIX) | |
| 406 | struct socket *ring_sock; | |
| 407 | #endif | |
| 408 | ||
| 5a2e745d JA |
409 | struct idr io_buffer_idr; |
| 410 | ||
| 071698e1 JA |
411 | struct idr personality_idr; |
| 412 | ||
| 206aefde JA |
413 | struct { |
| 414 | unsigned cached_cq_tail; | |
| 415 | unsigned cq_entries; | |
| 416 | unsigned cq_mask; | |
| 417 | atomic_t cq_timeouts; | |
| f010505b | 418 | unsigned cq_last_tm_flush; |
| ad3eb2c8 | 419 | unsigned long cq_check_overflow; |
| 206aefde JA |
420 | struct wait_queue_head cq_wait; |
| 421 | struct fasync_struct *cq_fasync; | |
| 422 | struct eventfd_ctx *cq_ev_fd; | |
| 423 | } ____cacheline_aligned_in_smp; | |
| 2b188cc1 | 424 | |
| 2b188cc1 JA |
425 | struct { |
| 426 | spinlock_t completion_lock; | |
| e94f141b | 427 | |
| def596e9 | 428 | /* |
| 540e32a0 | 429 | * ->iopoll_list is protected by the ctx->uring_lock for |
| def596e9 JA |
430 | * io_uring instances that don't use IORING_SETUP_SQPOLL. |
| 431 | * For SQPOLL, only the single threaded io_sq_thread() will | |
| 432 | * manipulate the list, hence no extra locking is needed there. | |
| 433 | */ | |
| 540e32a0 | 434 | struct list_head iopoll_list; |
| 78076bb6 JA |
435 | struct hlist_head *cancel_hash; |
| 436 | unsigned cancel_hash_bits; | |
| e94f141b | 437 | bool poll_multi_file; |
| 31b51510 | 438 | |
| fcb323cc JA |
439 | spinlock_t inflight_lock; |
| 440 | struct list_head inflight_list; | |
| 2b188cc1 | 441 | } ____cacheline_aligned_in_smp; |
| 85faa7b8 | 442 | |
| 269bbe5f BM |
443 | struct delayed_work rsrc_put_work; |
| 444 | struct llist_head rsrc_put_llist; | |
| d67d2263 BM |
445 | struct list_head rsrc_ref_list; |
| 446 | spinlock_t rsrc_ref_lock; | |
| 4a38aed2 | 447 | |
| 21b55dbc | 448 | struct io_restriction restrictions; |
| 3c1a2ead | 449 | |
| 7c25c0d1 JA |
450 | /* exit task_work */ |
| 451 | struct callback_head *exit_task_work; | |
| 452 | ||
| e941894e JA |
453 | struct wait_queue_head hash_wait; |
| 454 | ||
| 3c1a2ead JA |
455 | /* Keep this last, we don't need it for the fast path */ |
| 456 | struct work_struct exit_work; | |
| 2b188cc1 JA |
457 | }; |
| 458 | ||
| 09bb8394 JA |
459 | /* |
| 460 | * First field must be the file pointer in all the | |
| 461 | * iocb unions! See also 'struct kiocb' in <linux/fs.h> | |
| 462 | */ | |
| 221c5eb2 JA |
463 | struct io_poll_iocb { |
| 464 | struct file *file; | |
| 018043be | 465 | struct wait_queue_head *head; |
| 221c5eb2 | 466 | __poll_t events; |
| 8c838788 | 467 | bool done; |
| 221c5eb2 | 468 | bool canceled; |
| 392edb45 | 469 | struct wait_queue_entry wait; |
| 221c5eb2 JA |
470 | }; |
| 471 | ||
| 018043be PB |
472 | struct io_poll_remove { |
| 473 | struct file *file; | |
| 474 | u64 addr; | |
| 475 | }; | |
| 476 | ||
| b5dba59e JA |
477 | struct io_close { |
| 478 | struct file *file; | |
| b5dba59e JA |
479 | int fd; |
| 480 | }; | |
| 481 | ||
| ad8a48ac JA |
482 | struct io_timeout_data { |
| 483 | struct io_kiocb *req; | |
| 484 | struct hrtimer timer; | |
| 485 | struct timespec64 ts; | |
| 486 | enum hrtimer_mode mode; | |
| 487 | }; | |
| 488 | ||
| 8ed8d3c3 JA |
489 | struct io_accept { |
| 490 | struct file *file; | |
| 491 | struct sockaddr __user *addr; | |
| 492 | int __user *addr_len; | |
| 493 | int flags; | |
| 09952e3e | 494 | unsigned long nofile; |
| 8ed8d3c3 JA |
495 | }; |
| 496 | ||
| 497 | struct io_sync { | |
| 498 | struct file *file; | |
| 499 | loff_t len; | |
| 500 | loff_t off; | |
| 501 | int flags; | |
| d63d1b5e | 502 | int mode; |
| 8ed8d3c3 JA |
503 | }; |
| 504 | ||
| fbf23849 JA |
505 | struct io_cancel { |
| 506 | struct file *file; | |
| 507 | u64 addr; | |
| 508 | }; | |
| 509 | ||
| b29472ee JA |
510 | struct io_timeout { |
| 511 | struct file *file; | |
| bfe68a22 PB |
512 | u32 off; |
| 513 | u32 target_seq; | |
| 135fcde8 | 514 | struct list_head list; |
| 90cd7e42 PB |
515 | /* head of the link, used by linked timeouts only */ |
| 516 | struct io_kiocb *head; | |
| b29472ee JA |
517 | }; |
| 518 | ||
| 0bdf7a2d PB |
519 | struct io_timeout_rem { |
| 520 | struct file *file; | |
| 521 | u64 addr; | |
| 9c8e11b3 PB |
522 | |
| 523 | /* timeout update */ | |
| 524 | struct timespec64 ts; | |
| 525 | u32 flags; | |
| 0bdf7a2d PB |
526 | }; |
| 527 | ||
| 9adbd45d JA |
528 | struct io_rw { |
| 529 | /* NOTE: kiocb has the file as the first member, so don't do it here */ | |
| 530 | struct kiocb kiocb; | |
| 531 | u64 addr; | |
| 532 | u64 len; | |
| 533 | }; | |
| 534 | ||
| 3fbb51c1 JA |
535 | struct io_connect { |
| 536 | struct file *file; | |
| 537 | struct sockaddr __user *addr; | |
| 538 | int addr_len; | |
| 539 | }; | |
| 540 | ||
| e47293fd JA |
541 | struct io_sr_msg { |
| 542 | struct file *file; | |
| fddaface | 543 | union { |
| 270a5940 | 544 | struct user_msghdr __user *umsg; |
| fddaface JA |
545 | void __user *buf; |
| 546 | }; | |
| e47293fd | 547 | int msg_flags; |
| bcda7baa | 548 | int bgid; |
| fddaface | 549 | size_t len; |
| bcda7baa | 550 | struct io_buffer *kbuf; |
| e47293fd JA |
551 | }; |
| 552 | ||
| 15b71abe JA |
553 | struct io_open { |
| 554 | struct file *file; | |
| 555 | int dfd; | |
| 15b71abe | 556 | struct filename *filename; |
| c12cedf2 | 557 | struct open_how how; |
| 4022e7af | 558 | unsigned long nofile; |
| 15b71abe JA |
559 | }; |
| 560 | ||
| 269bbe5f | 561 | struct io_rsrc_update { |
| 05f3fb3c JA |
562 | struct file *file; |
| 563 | u64 arg; | |
| 564 | u32 nr_args; | |
| 565 | u32 offset; | |
| 566 | }; | |
| 567 | ||
| 4840e418 JA |
568 | struct io_fadvise { |
| 569 | struct file *file; | |
| 570 | u64 offset; | |
| 571 | u32 len; | |
| 572 | u32 advice; | |
| 573 | }; | |
| 574 | ||
| c1ca757b JA |
575 | struct io_madvise { |
| 576 | struct file *file; | |
| 577 | u64 addr; | |
| 578 | u32 len; | |
| 579 | u32 advice; | |
| 580 | }; | |
| 581 | ||
| 3e4827b0 JA |
582 | struct io_epoll { |
| 583 | struct file *file; | |
| 584 | int epfd; | |
| 585 | int op; | |
| 586 | int fd; | |
| 587 | struct epoll_event event; | |
| e47293fd JA |
588 | }; |
| 589 | ||
| 7d67af2c PB |
590 | struct io_splice { |
| 591 | struct file *file_out; | |
| 592 | struct file *file_in; | |
| 593 | loff_t off_out; | |
| 594 | loff_t off_in; | |
| 595 | u64 len; | |
| 596 | unsigned int flags; | |
| 597 | }; | |
| 598 | ||
| ddf0322d JA |
599 | struct io_provide_buf { |
| 600 | struct file *file; | |
| 601 | __u64 addr; | |
| 602 | __s32 len; | |
| 603 | __u32 bgid; | |
| 604 | __u16 nbufs; | |
| 605 | __u16 bid; | |
| 606 | }; | |
| 607 | ||
| 1d9e1288 BM |
608 | struct io_statx { |
| 609 | struct file *file; | |
| 610 | int dfd; | |
| 611 | unsigned int mask; | |
| 612 | unsigned int flags; | |
| e62753e4 | 613 | const char __user *filename; |
| 1d9e1288 BM |
614 | struct statx __user *buffer; |
| 615 | }; | |
| 616 | ||
| 36f4fa68 JA |
617 | struct io_shutdown { |
| 618 | struct file *file; | |
| 619 | int how; | |
| 620 | }; | |
| 621 | ||
| 80a261fd JA |
622 | struct io_rename { |
| 623 | struct file *file; | |
| 624 | int old_dfd; | |
| 625 | int new_dfd; | |
| 626 | struct filename *oldpath; | |
| 627 | struct filename *newpath; | |
| 628 | int flags; | |
| 629 | }; | |
| 630 | ||
| 14a1143b JA |
631 | struct io_unlink { |
| 632 | struct file *file; | |
| 633 | int dfd; | |
| 634 | int flags; | |
| 635 | struct filename *filename; | |
| 636 | }; | |
| 637 | ||
| 3ca405eb PB |
638 | struct io_completion { |
| 639 | struct file *file; | |
| 640 | struct list_head list; | |
| 0f7e466b | 641 | int cflags; |
| 3ca405eb PB |
642 | }; |
| 643 | ||
| f499a021 JA |
644 | struct io_async_connect { |
| 645 | struct sockaddr_storage address; | |
| 646 | }; | |
| 647 | ||
| 03b1230c JA |
648 | struct io_async_msghdr { |
| 649 | struct iovec fast_iov[UIO_FASTIOV]; | |
| 257e84a5 PB |
650 | /* points to an allocated iov, if NULL we use fast_iov instead */ |
| 651 | struct iovec *free_iov; | |
| 03b1230c JA |
652 | struct sockaddr __user *uaddr; |
| 653 | struct msghdr msg; | |
| b537916c | 654 | struct sockaddr_storage addr; |
| 03b1230c JA |
655 | }; |
| 656 | ||
| f67676d1 JA |
657 | struct io_async_rw { |
| 658 | struct iovec fast_iov[UIO_FASTIOV]; | |
| ff6165b2 JA |
659 | const struct iovec *free_iovec; |
| 660 | struct iov_iter iter; | |
| 227c0c96 | 661 | size_t bytes_done; |
| bcf5a063 | 662 | struct wait_page_queue wpq; |
| f67676d1 JA |
663 | }; |
| 664 | ||
| 6b47ee6e PB |
665 | enum { |
| 666 | REQ_F_FIXED_FILE_BIT = IOSQE_FIXED_FILE_BIT, | |
| 667 | REQ_F_IO_DRAIN_BIT = IOSQE_IO_DRAIN_BIT, | |
| 668 | REQ_F_LINK_BIT = IOSQE_IO_LINK_BIT, | |
| 669 | REQ_F_HARDLINK_BIT = IOSQE_IO_HARDLINK_BIT, | |
| 670 | REQ_F_FORCE_ASYNC_BIT = IOSQE_ASYNC_BIT, | |
| bcda7baa | 671 | REQ_F_BUFFER_SELECT_BIT = IOSQE_BUFFER_SELECT_BIT, |
| 6b47ee6e | 672 | |
| 6b47ee6e PB |
673 | REQ_F_FAIL_LINK_BIT, |
| 674 | REQ_F_INFLIGHT_BIT, | |
| 675 | REQ_F_CUR_POS_BIT, | |
| 676 | REQ_F_NOWAIT_BIT, | |
| 6b47ee6e | 677 | REQ_F_LINK_TIMEOUT_BIT, |
| 6b47ee6e | 678 | REQ_F_ISREG_BIT, |
| 99bc4c38 | 679 | REQ_F_NEED_CLEANUP_BIT, |
| d7718a9d | 680 | REQ_F_POLLED_BIT, |
| bcda7baa | 681 | REQ_F_BUFFER_SELECTED_BIT, |
| 5b0bbee4 | 682 | REQ_F_NO_FILE_TABLE_BIT, |
| 900fad45 | 683 | REQ_F_LTIMEOUT_ACTIVE_BIT, |
| e342c807 | 684 | REQ_F_COMPLETE_INLINE_BIT, |
| 84557871 JA |
685 | |
| 686 | /* not a real bit, just to check we're not overflowing the space */ | |
| 687 | __REQ_F_LAST_BIT, | |
| 6b47ee6e PB |
688 | }; |
| 689 | ||
| 690 | enum { | |
| 691 | /* ctx owns file */ | |
| 692 | REQ_F_FIXED_FILE = BIT(REQ_F_FIXED_FILE_BIT), | |
| 693 | /* drain existing IO first */ | |
| 694 | REQ_F_IO_DRAIN = BIT(REQ_F_IO_DRAIN_BIT), | |
| 695 | /* linked sqes */ | |
| 696 | REQ_F_LINK = BIT(REQ_F_LINK_BIT), | |
| 697 | /* doesn't sever on completion < 0 */ | |
| 698 | REQ_F_HARDLINK = BIT(REQ_F_HARDLINK_BIT), | |
| 699 | /* IOSQE_ASYNC */ | |
| 700 | REQ_F_FORCE_ASYNC = BIT(REQ_F_FORCE_ASYNC_BIT), | |
| bcda7baa JA |
701 | /* IOSQE_BUFFER_SELECT */ |
| 702 | REQ_F_BUFFER_SELECT = BIT(REQ_F_BUFFER_SELECT_BIT), | |
| 6b47ee6e | 703 | |
| 6b47ee6e PB |
704 | /* fail rest of links */ |
| 705 | REQ_F_FAIL_LINK = BIT(REQ_F_FAIL_LINK_BIT), | |
| b05a1bcd | 706 | /* on inflight list, should be cancelled and waited on exit reliably */ |
| 6b47ee6e PB |
707 | REQ_F_INFLIGHT = BIT(REQ_F_INFLIGHT_BIT), |
| 708 | /* read/write uses file position */ | |
| 709 | REQ_F_CUR_POS = BIT(REQ_F_CUR_POS_BIT), | |
| 710 | /* must not punt to workers */ | |
| 711 | REQ_F_NOWAIT = BIT(REQ_F_NOWAIT_BIT), | |
| 900fad45 | 712 | /* has or had linked timeout */ |
| 6b47ee6e | 713 | REQ_F_LINK_TIMEOUT = BIT(REQ_F_LINK_TIMEOUT_BIT), |
| 6b47ee6e PB |
714 | /* regular file */ |
| 715 | REQ_F_ISREG = BIT(REQ_F_ISREG_BIT), | |
| 99bc4c38 PB |
716 | /* needs cleanup */ |
| 717 | REQ_F_NEED_CLEANUP = BIT(REQ_F_NEED_CLEANUP_BIT), | |
| d7718a9d JA |
718 | /* already went through poll handler */ |
| 719 | REQ_F_POLLED = BIT(REQ_F_POLLED_BIT), | |
| bcda7baa JA |
720 | /* buffer already selected */ |
| 721 | REQ_F_BUFFER_SELECTED = BIT(REQ_F_BUFFER_SELECTED_BIT), | |
| 5b0bbee4 JA |
722 | /* doesn't need file table for this request */ |
| 723 | REQ_F_NO_FILE_TABLE = BIT(REQ_F_NO_FILE_TABLE_BIT), | |
| 900fad45 PB |
724 | /* linked timeout is active, i.e. prepared by link's head */ |
| 725 | REQ_F_LTIMEOUT_ACTIVE = BIT(REQ_F_LTIMEOUT_ACTIVE_BIT), | |
| e342c807 PB |
726 | /* completion is deferred through io_comp_state */ |
| 727 | REQ_F_COMPLETE_INLINE = BIT(REQ_F_COMPLETE_INLINE_BIT), | |
| d7718a9d JA |
728 | }; |
| 729 | ||
| 730 | struct async_poll { | |
| 731 | struct io_poll_iocb poll; | |
| 807abcb0 | 732 | struct io_poll_iocb *double_poll; |
| 6b47ee6e PB |
733 | }; |
| 734 | ||
| 7cbf1722 JA |
735 | struct io_task_work { |
| 736 | struct io_wq_work_node node; | |
| 737 | task_work_func_t func; | |
| 738 | }; | |
| 739 | ||
| 09bb8394 JA |
740 | /* |
| 741 | * NOTE! Each of the iocb union members has the file pointer | |
| 742 | * as the first entry in their struct definition. So you can | |
| 743 | * access the file pointer through any of the sub-structs, | |
| 744 | * or directly as just 'ki_filp' in this struct. | |
| 745 | */ | |
| 2b188cc1 | 746 | struct io_kiocb { |
| 221c5eb2 | 747 | union { |
| 09bb8394 | 748 | struct file *file; |
| 9adbd45d | 749 | struct io_rw rw; |
| 221c5eb2 | 750 | struct io_poll_iocb poll; |
| 018043be | 751 | struct io_poll_remove poll_remove; |
| 8ed8d3c3 JA |
752 | struct io_accept accept; |
| 753 | struct io_sync sync; | |
| fbf23849 | 754 | struct io_cancel cancel; |
| b29472ee | 755 | struct io_timeout timeout; |
| 0bdf7a2d | 756 | struct io_timeout_rem timeout_rem; |
| 3fbb51c1 | 757 | struct io_connect connect; |
| e47293fd | 758 | struct io_sr_msg sr_msg; |
| 15b71abe | 759 | struct io_open open; |
| b5dba59e | 760 | struct io_close close; |
| 269bbe5f | 761 | struct io_rsrc_update rsrc_update; |
| 4840e418 | 762 | struct io_fadvise fadvise; |
| c1ca757b | 763 | struct io_madvise madvise; |
| 3e4827b0 | 764 | struct io_epoll epoll; |
| 7d67af2c | 765 | struct io_splice splice; |
| ddf0322d | 766 | struct io_provide_buf pbuf; |
| 1d9e1288 | 767 | struct io_statx statx; |
| 36f4fa68 | 768 | struct io_shutdown shutdown; |
| 80a261fd | 769 | struct io_rename rename; |
| 14a1143b | 770 | struct io_unlink unlink; |
| 3ca405eb PB |
771 | /* use only after cleaning per-op data, see io_clean_op() */ |
| 772 | struct io_completion compl; | |
| 221c5eb2 | 773 | }; |
| 2b188cc1 | 774 | |
| e8c2bc1f JA |
775 | /* opcode allocated if it needs to store data for async defer */ |
| 776 | void *async_data; | |
| d625c6ee | 777 | u8 opcode; |
| 65a6543d XW |
778 | /* polled IO has completed */ |
| 779 | u8 iopoll_completed; | |
| 2b188cc1 | 780 | |
| 4f4eeba8 | 781 | u16 buf_index; |
| 9cf7c104 | 782 | u32 result; |
| 4f4eeba8 | 783 | |
| 010e8e6b PB |
784 | struct io_ring_ctx *ctx; |
| 785 | unsigned int flags; | |
| 786 | refcount_t refs; | |
| 787 | struct task_struct *task; | |
| 788 | u64 user_data; | |
| d7718a9d | 789 | |
| f2f87370 | 790 | struct io_kiocb *link; |
| 269bbe5f | 791 | struct percpu_ref *fixed_rsrc_refs; |
| fcb323cc | 792 | |
| d21ffe7e PB |
793 | /* |
| 794 | * 1. used with ctx->iopoll_list with reads/writes | |
| 795 | * 2. to track reqs with ->files (see io_op_def::file_table) | |
| 796 | */ | |
| 010e8e6b | 797 | struct list_head inflight_entry; |
| 7cbf1722 JA |
798 | union { |
| 799 | struct io_task_work io_task_work; | |
| 800 | struct callback_head task_work; | |
| 801 | }; | |
| 010e8e6b PB |
802 | /* for polled requests, i.e. IORING_OP_POLL_ADD and async armed poll */ |
| 803 | struct hlist_node hash_node; | |
| 804 | struct async_poll *apoll; | |
| 805 | struct io_wq_work work; | |
| 2b188cc1 | 806 | }; |
| 05589553 | 807 | |
| 27dc8338 PB |
808 | struct io_defer_entry { |
| 809 | struct list_head list; | |
| 810 | struct io_kiocb *req; | |
| 9cf7c104 | 811 | u32 seq; |
| 2b188cc1 JA |
812 | }; |
| 813 | ||
| d3656344 | 814 | struct io_op_def { |
| d3656344 JA |
815 | /* needs req->file assigned */ |
| 816 | unsigned needs_file : 1; | |
| d3656344 JA |
817 | /* hash wq insertion if file is a regular file */ |
| 818 | unsigned hash_reg_file : 1; | |
| 819 | /* unbound wq insertion if file is a non-regular file */ | |
| 820 | unsigned unbound_nonreg_file : 1; | |
| 66f4af93 JA |
821 | /* opcode is not supported by this kernel */ |
| 822 | unsigned not_supported : 1; | |
| 8a72758c JA |
823 | /* set if opcode supports polled "wait" */ |
| 824 | unsigned pollin : 1; | |
| 825 | unsigned pollout : 1; | |
| bcda7baa JA |
826 | /* op supports buffer selection */ |
| 827 | unsigned buffer_select : 1; | |
| e8c2bc1f JA |
828 | /* must always have async data allocated */ |
| 829 | unsigned needs_async_data : 1; | |
| 27926b68 JA |
830 | /* should block plug */ |
| 831 | unsigned plug : 1; | |
| e8c2bc1f JA |
832 | /* size of async data needed, if any */ |
| 833 | unsigned short async_size; | |
| d3656344 JA |
834 | }; |
| 835 | ||
| 0918682b | 836 | static const struct io_op_def io_op_defs[] = { |
| 0463b6c5 PB |
837 | [IORING_OP_NOP] = {}, |
| 838 | [IORING_OP_READV] = { | |
| d3656344 JA |
839 | .needs_file = 1, |
| 840 | .unbound_nonreg_file = 1, | |
| 8a72758c | 841 | .pollin = 1, |
| 4d954c25 | 842 | .buffer_select = 1, |
| e8c2bc1f | 843 | .needs_async_data = 1, |
| 27926b68 | 844 | .plug = 1, |
| e8c2bc1f | 845 | .async_size = sizeof(struct io_async_rw), |
| d3656344 | 846 | }, |
| 0463b6c5 | 847 | [IORING_OP_WRITEV] = { |
| d3656344 JA |
848 | .needs_file = 1, |
| 849 | .hash_reg_file = 1, | |
| 850 | .unbound_nonreg_file = 1, | |
| 8a72758c | 851 | .pollout = 1, |
| e8c2bc1f | 852 | .needs_async_data = 1, |
| 27926b68 | 853 | .plug = 1, |
| e8c2bc1f | 854 | .async_size = sizeof(struct io_async_rw), |
| d3656344 | 855 | }, |
| 0463b6c5 | 856 | [IORING_OP_FSYNC] = { |
| d3656344 JA |
857 | .needs_file = 1, |
| 858 | }, | |
| 0463b6c5 | 859 | [IORING_OP_READ_FIXED] = { |
| d3656344 JA |
860 | .needs_file = 1, |
| 861 | .unbound_nonreg_file = 1, | |
| 8a72758c | 862 | .pollin = 1, |
| 27926b68 | 863 | .plug = 1, |
| e8c2bc1f | 864 | .async_size = sizeof(struct io_async_rw), |
| d3656344 | 865 | }, |
| 0463b6c5 | 866 | [IORING_OP_WRITE_FIXED] = { |
| d3656344 JA |
867 | .needs_file = 1, |
| 868 | .hash_reg_file = 1, | |
| 869 | .unbound_nonreg_file = 1, | |
| 8a72758c | 870 | .pollout = 1, |
| 27926b68 | 871 | .plug = 1, |
| e8c2bc1f | 872 | .async_size = sizeof(struct io_async_rw), |
| d3656344 | 873 | }, |
| 0463b6c5 | 874 | [IORING_OP_POLL_ADD] = { |
| d3656344 JA |
875 | .needs_file = 1, |
| 876 | .unbound_nonreg_file = 1, | |
| 877 | }, | |
| 0463b6c5 PB |
878 | [IORING_OP_POLL_REMOVE] = {}, |
| 879 | [IORING_OP_SYNC_FILE_RANGE] = { | |
| d3656344 JA |
880 | .needs_file = 1, |
| 881 | }, | |
| 0463b6c5 | 882 | [IORING_OP_SENDMSG] = { |
| d3656344 JA |
883 | .needs_file = 1, |
| 884 | .unbound_nonreg_file = 1, | |
| 8a72758c | 885 | .pollout = 1, |
| e8c2bc1f JA |
886 | .needs_async_data = 1, |
| 887 | .async_size = sizeof(struct io_async_msghdr), | |
| d3656344 | 888 | }, |
| 0463b6c5 | 889 | [IORING_OP_RECVMSG] = { |
| d3656344 JA |
890 | .needs_file = 1, |
| 891 | .unbound_nonreg_file = 1, | |
| 8a72758c | 892 | .pollin = 1, |
| 52de1fe1 | 893 | .buffer_select = 1, |
| e8c2bc1f JA |
894 | .needs_async_data = 1, |
| 895 | .async_size = sizeof(struct io_async_msghdr), | |
| d3656344 | 896 | }, |
| 0463b6c5 | 897 | [IORING_OP_TIMEOUT] = { |
| e8c2bc1f JA |
898 | .needs_async_data = 1, |
| 899 | .async_size = sizeof(struct io_timeout_data), | |
| d3656344 | 900 | }, |
| 9c8e11b3 PB |
901 | [IORING_OP_TIMEOUT_REMOVE] = { |
| 902 | /* used by timeout updates' prep() */ | |
| 9c8e11b3 | 903 | }, |
| 0463b6c5 | 904 | [IORING_OP_ACCEPT] = { |
| d3656344 JA |
905 | .needs_file = 1, |
| 906 | .unbound_nonreg_file = 1, | |
| 8a72758c | 907 | .pollin = 1, |
| d3656344 | 908 | }, |
| 0463b6c5 PB |
909 | [IORING_OP_ASYNC_CANCEL] = {}, |
| 910 | [IORING_OP_LINK_TIMEOUT] = { | |
| e8c2bc1f JA |
911 | .needs_async_data = 1, |
| 912 | .async_size = sizeof(struct io_timeout_data), | |
| d3656344 | 913 | }, |
| 0463b6c5 | 914 | [IORING_OP_CONNECT] = { |
| d3656344 JA |
915 | .needs_file = 1, |
| 916 | .unbound_nonreg_file = 1, | |
| 8a72758c | 917 | .pollout = 1, |
| e8c2bc1f JA |
918 | .needs_async_data = 1, |
| 919 | .async_size = sizeof(struct io_async_connect), | |
| d3656344 | 920 | }, |
| 0463b6c5 | 921 | [IORING_OP_FALLOCATE] = { |
| d3656344 | 922 | .needs_file = 1, |
| d3656344 | 923 | }, |
| 44526bed JA |
924 | [IORING_OP_OPENAT] = {}, |
| 925 | [IORING_OP_CLOSE] = {}, | |
| 926 | [IORING_OP_FILES_UPDATE] = {}, | |
| 927 | [IORING_OP_STATX] = {}, | |
| 0463b6c5 | 928 | [IORING_OP_READ] = { |
| 3a6820f2 JA |
929 | .needs_file = 1, |
| 930 | .unbound_nonreg_file = 1, | |
| 8a72758c | 931 | .pollin = 1, |
| bcda7baa | 932 | .buffer_select = 1, |
| 27926b68 | 933 | .plug = 1, |
| e8c2bc1f | 934 | .async_size = sizeof(struct io_async_rw), |
| 3a6820f2 | 935 | }, |
| 0463b6c5 | 936 | [IORING_OP_WRITE] = { |
| 3a6820f2 JA |
937 | .needs_file = 1, |
| 938 | .unbound_nonreg_file = 1, | |
| 8a72758c | 939 | .pollout = 1, |
| 27926b68 | 940 | .plug = 1, |
| e8c2bc1f | 941 | .async_size = sizeof(struct io_async_rw), |
| 3a6820f2 | 942 | }, |
| 0463b6c5 | 943 | [IORING_OP_FADVISE] = { |
| 4840e418 | 944 | .needs_file = 1, |
| c1ca757b | 945 | }, |
| 44526bed | 946 | [IORING_OP_MADVISE] = {}, |
| 0463b6c5 | 947 | [IORING_OP_SEND] = { |
| fddaface JA |
948 | .needs_file = 1, |
| 949 | .unbound_nonreg_file = 1, | |
| 8a72758c | 950 | .pollout = 1, |
| fddaface | 951 | }, |
| 0463b6c5 | 952 | [IORING_OP_RECV] = { |
| fddaface JA |
953 | .needs_file = 1, |
| 954 | .unbound_nonreg_file = 1, | |
| 8a72758c | 955 | .pollin = 1, |
| bcda7baa | 956 | .buffer_select = 1, |
| fddaface | 957 | }, |
| 0463b6c5 | 958 | [IORING_OP_OPENAT2] = { |
| cebdb986 | 959 | }, |
| 3e4827b0 JA |
960 | [IORING_OP_EPOLL_CTL] = { |
| 961 | .unbound_nonreg_file = 1, | |
| 3e4827b0 | 962 | }, |
| 7d67af2c PB |
963 | [IORING_OP_SPLICE] = { |
| 964 | .needs_file = 1, | |
| 965 | .hash_reg_file = 1, | |
| 966 | .unbound_nonreg_file = 1, | |
| ddf0322d JA |
967 | }, |
| 968 | [IORING_OP_PROVIDE_BUFFERS] = {}, | |
| 067524e9 | 969 | [IORING_OP_REMOVE_BUFFERS] = {}, |
| f2a8d5c7 PB |
970 | [IORING_OP_TEE] = { |
| 971 | .needs_file = 1, | |
| 972 | .hash_reg_file = 1, | |
| 973 | .unbound_nonreg_file = 1, | |
| 974 | }, | |
| 36f4fa68 JA |
975 | [IORING_OP_SHUTDOWN] = { |
| 976 | .needs_file = 1, | |
| 977 | }, | |
| 44526bed JA |
978 | [IORING_OP_RENAMEAT] = {}, |
| 979 | [IORING_OP_UNLINKAT] = {}, | |
| d3656344 JA |
980 | }; |
| 981 | ||
| 9936c7c2 PB |
982 | static void io_uring_try_cancel_requests(struct io_ring_ctx *ctx, |
| 983 | struct task_struct *task, | |
| 984 | struct files_struct *files); | |
| 37d1e2e3 | 985 | static void io_uring_cancel_sqpoll(struct io_ring_ctx *ctx); |
| 269bbe5f | 986 | static void destroy_fixed_rsrc_ref_node(struct fixed_rsrc_ref_node *ref_node); |
| bc9744cd | 987 | static struct fixed_rsrc_ref_node *alloc_fixed_rsrc_ref_node( |
| 1ffc5422 | 988 | struct io_ring_ctx *ctx); |
| f2303b1f | 989 | static void io_ring_file_put(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc); |
| 1ffc5422 | 990 | |
| 23faba36 | 991 | static bool io_rw_reissue(struct io_kiocb *req); |
| 78e19bbe | 992 | static void io_cqring_fill_event(struct io_kiocb *req, long res); |
| ec9c02ad | 993 | static void io_put_req(struct io_kiocb *req); |
| 216578e5 | 994 | static void io_put_req_deferred(struct io_kiocb *req, int nr); |
| c40f6379 | 995 | static void io_double_put_req(struct io_kiocb *req); |
| c7dae4ba JA |
996 | static void io_dismantle_req(struct io_kiocb *req); |
| 997 | static void io_put_task(struct task_struct *task, int nr); | |
| 998 | static void io_queue_next(struct io_kiocb *req); | |
| 94ae5e77 | 999 | static struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req); |
| 7271ef3a | 1000 | static void __io_queue_linked_timeout(struct io_kiocb *req); |
| 94ae5e77 | 1001 | static void io_queue_linked_timeout(struct io_kiocb *req); |
| 05f3fb3c | 1002 | static int __io_sqe_files_update(struct io_ring_ctx *ctx, |
| 269bbe5f | 1003 | struct io_uring_rsrc_update *ip, |
| 05f3fb3c | 1004 | unsigned nr_args); |
| 3ca405eb | 1005 | static void __io_clean_op(struct io_kiocb *req); |
| 8371adf5 PB |
1006 | static struct file *io_file_get(struct io_submit_state *state, |
| 1007 | struct io_kiocb *req, int fd, bool fixed); | |
| c5eef2b9 | 1008 | static void __io_queue_sqe(struct io_kiocb *req); |
| 269bbe5f | 1009 | static void io_rsrc_put_work(struct work_struct *work); |
| de0617e4 | 1010 | |
| 847595de PB |
1011 | static int io_import_iovec(int rw, struct io_kiocb *req, struct iovec **iovec, |
| 1012 | struct iov_iter *iter, bool needs_lock); | |
| ff6165b2 JA |
1013 | static int io_setup_async_rw(struct io_kiocb *req, const struct iovec *iovec, |
| 1014 | const struct iovec *fast_iov, | |
| 227c0c96 | 1015 | struct iov_iter *iter, bool force); |
| 907d1df3 | 1016 | static void io_req_task_queue(struct io_kiocb *req); |
| 65453d1e JA |
1017 | static void io_submit_flush_completions(struct io_comp_state *cs, |
| 1018 | struct io_ring_ctx *ctx); | |
| de0617e4 | 1019 | |
| 2b188cc1 JA |
1020 | static struct kmem_cache *req_cachep; |
| 1021 | ||
| 0918682b | 1022 | static const struct file_operations io_uring_fops; |
| 2b188cc1 JA |
1023 | |
| 1024 | struct sock *io_uring_get_socket(struct file *file) | |
| 1025 | { | |
| 1026 | #if defined(CONFIG_UNIX) | |
| 1027 | if (file->f_op == &io_uring_fops) { | |
| 1028 | struct io_ring_ctx *ctx = file->private_data; | |
| 1029 | ||
| 1030 | return ctx->ring_sock->sk; | |
| 1031 | } | |
| 1032 | #endif | |
| 1033 | return NULL; | |
| 1034 | } | |
| 1035 | EXPORT_SYMBOL(io_uring_get_socket); | |
| 1036 | ||
| f2f87370 PB |
1037 | #define io_for_each_link(pos, head) \ |
| 1038 | for (pos = (head); pos; pos = pos->link) | |
| 1039 | ||
| 3ca405eb PB |
1040 | static inline void io_clean_op(struct io_kiocb *req) |
| 1041 | { | |
| 9d5c8190 | 1042 | if (req->flags & (REQ_F_NEED_CLEANUP | REQ_F_BUFFER_SELECTED)) |
| 3ca405eb PB |
1043 | __io_clean_op(req); |
| 1044 | } | |
| 1045 | ||
| 36f72fe2 PB |
1046 | static inline void io_set_resource_node(struct io_kiocb *req) |
| 1047 | { | |
| 1048 | struct io_ring_ctx *ctx = req->ctx; | |
| 1049 | ||
| 269bbe5f BM |
1050 | if (!req->fixed_rsrc_refs) { |
| 1051 | req->fixed_rsrc_refs = &ctx->file_data->node->refs; | |
| 1052 | percpu_ref_get(req->fixed_rsrc_refs); | |
| 36f72fe2 PB |
1053 | } |
| 1054 | } | |
| 1055 | ||
| 08d23634 PB |
1056 | static bool io_match_task(struct io_kiocb *head, |
| 1057 | struct task_struct *task, | |
| 1058 | struct files_struct *files) | |
| 1059 | { | |
| 1060 | struct io_kiocb *req; | |
| 1061 | ||
| 84965ff8 JA |
1062 | if (task && head->task != task) { |
| 1063 | /* in terms of cancelation, always match if req task is dead */ | |
| 1064 | if (head->task->flags & PF_EXITING) | |
| 1065 | return true; | |
| 08d23634 | 1066 | return false; |
| 84965ff8 | 1067 | } |
| 08d23634 PB |
1068 | if (!files) |
| 1069 | return true; | |
| 1070 | ||
| 1071 | io_for_each_link(req, head) { | |
| b05a1bcd | 1072 | if (req->flags & REQ_F_INFLIGHT) |
| 02a13674 | 1073 | return true; |
| 4379bf8b | 1074 | if (req->task->files == files) |
| 08d23634 PB |
1075 | return true; |
| 1076 | } | |
| 1077 | return false; | |
| 1078 | } | |
| 1079 | ||
| c40f6379 JA |
1080 | static inline void req_set_fail_links(struct io_kiocb *req) |
| 1081 | { | |
| 1082 | if ((req->flags & (REQ_F_LINK | REQ_F_HARDLINK)) == REQ_F_LINK) | |
| 1083 | req->flags |= REQ_F_FAIL_LINK; | |
| 1084 | } | |
| 4a38aed2 | 1085 | |
| 2b188cc1 JA |
1086 | static void io_ring_ctx_ref_free(struct percpu_ref *ref) |
| 1087 | { | |
| 1088 | struct io_ring_ctx *ctx = container_of(ref, struct io_ring_ctx, refs); | |
| 1089 | ||
| 0f158b4c | 1090 | complete(&ctx->ref_comp); |
| 2b188cc1 JA |
1091 | } |
| 1092 | ||
| 8eb7e2d0 PB |
1093 | static inline bool io_is_timeout_noseq(struct io_kiocb *req) |
| 1094 | { | |
| 1095 | return !req->timeout.off; | |
| 1096 | } | |
| 1097 | ||
| 2b188cc1 JA |
1098 | static struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p) |
| 1099 | { | |
| 1100 | struct io_ring_ctx *ctx; | |
| 78076bb6 | 1101 | int hash_bits; |
| 2b188cc1 JA |
1102 | |
| 1103 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | |
| 1104 | if (!ctx) | |
| 1105 | return NULL; | |
| 1106 | ||
| 78076bb6 JA |
1107 | /* |
| 1108 | * Use 5 bits less than the max cq entries, that should give us around | |
| 1109 | * 32 entries per hash list if totally full and uniformly spread. | |
| 1110 | */ | |
| 1111 | hash_bits = ilog2(p->cq_entries); | |
| 1112 | hash_bits -= 5; | |
| 1113 | if (hash_bits <= 0) | |
| 1114 | hash_bits = 1; | |
| 1115 | ctx->cancel_hash_bits = hash_bits; | |
| 1116 | ctx->cancel_hash = kmalloc((1U << hash_bits) * sizeof(struct hlist_head), | |
| 1117 | GFP_KERNEL); | |
| 1118 | if (!ctx->cancel_hash) | |
| 1119 | goto err; | |
| 1120 | __hash_init(ctx->cancel_hash, 1U << hash_bits); | |
| 1121 | ||
| 21482896 | 1122 | if (percpu_ref_init(&ctx->refs, io_ring_ctx_ref_free, |
| 206aefde JA |
1123 | PERCPU_REF_ALLOW_REINIT, GFP_KERNEL)) |
| 1124 | goto err; | |
| 2b188cc1 JA |
1125 | |
| 1126 | ctx->flags = p->flags; | |
| 90554200 | 1127 | init_waitqueue_head(&ctx->sqo_sq_wait); |
| 69fb2131 | 1128 | INIT_LIST_HEAD(&ctx->sqd_list); |
| 2b188cc1 | 1129 | init_waitqueue_head(&ctx->cq_wait); |
| 1d7bb1d5 | 1130 | INIT_LIST_HEAD(&ctx->cq_overflow_list); |
| 0f158b4c JA |
1131 | init_completion(&ctx->ref_comp); |
| 1132 | init_completion(&ctx->sq_thread_comp); | |
| 5a2e745d | 1133 | idr_init(&ctx->io_buffer_idr); |
| 071698e1 | 1134 | idr_init(&ctx->personality_idr); |
| 2b188cc1 JA |
1135 | mutex_init(&ctx->uring_lock); |
| 1136 | init_waitqueue_head(&ctx->wait); | |
| 1137 | spin_lock_init(&ctx->completion_lock); | |
| 540e32a0 | 1138 | INIT_LIST_HEAD(&ctx->iopoll_list); |
| de0617e4 | 1139 | INIT_LIST_HEAD(&ctx->defer_list); |
| 5262f567 | 1140 | INIT_LIST_HEAD(&ctx->timeout_list); |
| fcb323cc JA |
1141 | spin_lock_init(&ctx->inflight_lock); |
| 1142 | INIT_LIST_HEAD(&ctx->inflight_list); | |
| d67d2263 BM |
1143 | spin_lock_init(&ctx->rsrc_ref_lock); |
| 1144 | INIT_LIST_HEAD(&ctx->rsrc_ref_list); | |
| 269bbe5f BM |
1145 | INIT_DELAYED_WORK(&ctx->rsrc_put_work, io_rsrc_put_work); |
| 1146 | init_llist_head(&ctx->rsrc_put_llist); | |
| 1b4c351f | 1147 | INIT_LIST_HEAD(&ctx->submit_state.comp.free_list); |
| c7dae4ba | 1148 | INIT_LIST_HEAD(&ctx->submit_state.comp.locked_free_list); |
| 2b188cc1 | 1149 | return ctx; |
| 206aefde | 1150 | err: |
| 78076bb6 | 1151 | kfree(ctx->cancel_hash); |
| 206aefde JA |
1152 | kfree(ctx); |
| 1153 | return NULL; | |
| 2b188cc1 JA |
1154 | } |
| 1155 | ||
| 9cf7c104 | 1156 | static bool req_need_defer(struct io_kiocb *req, u32 seq) |
| 7adf4eaf | 1157 | { |
| 2bc9930e JA |
1158 | if (unlikely(req->flags & REQ_F_IO_DRAIN)) { |
| 1159 | struct io_ring_ctx *ctx = req->ctx; | |
| a197f664 | 1160 | |
| 9cf7c104 | 1161 | return seq != ctx->cached_cq_tail |
| 2c3bac6d | 1162 | + READ_ONCE(ctx->cached_cq_overflow); |
| 2bc9930e | 1163 | } |
| de0617e4 | 1164 | |
| 9d858b21 | 1165 | return false; |
| de0617e4 JA |
1166 | } |
| 1167 | ||
| ce3d5aae PB |
1168 | static void io_req_track_inflight(struct io_kiocb *req) |
| 1169 | { | |
| 1170 | struct io_ring_ctx *ctx = req->ctx; | |
| 1171 | ||
| 1172 | if (!(req->flags & REQ_F_INFLIGHT)) { | |
| ce3d5aae PB |
1173 | req->flags |= REQ_F_INFLIGHT; |
| 1174 | ||
| 1175 | spin_lock_irq(&ctx->inflight_lock); | |
| 1176 | list_add(&req->inflight_entry, &ctx->inflight_list); | |
| 1177 | spin_unlock_irq(&ctx->inflight_lock); | |
| 1178 | } | |
| 1179 | } | |
| 1180 | ||
| 1e6fa521 JA |
1181 | static void io_prep_async_work(struct io_kiocb *req) |
| 1182 | { | |
| 1183 | const struct io_op_def *def = &io_op_defs[req->opcode]; | |
| 1e6fa521 JA |
1184 | struct io_ring_ctx *ctx = req->ctx; |
| 1185 | ||
| 003e8dcc JA |
1186 | if (!req->work.creds) |
| 1187 | req->work.creds = get_current_cred(); | |
| 1188 | ||
| feaadc4f PB |
1189 | if (req->flags & REQ_F_FORCE_ASYNC) |
| 1190 | req->work.flags |= IO_WQ_WORK_CONCURRENT; | |
| 1191 | ||
| 1e6fa521 JA |
1192 | if (req->flags & REQ_F_ISREG) { |
| 1193 | if (def->hash_reg_file || (ctx->flags & IORING_SETUP_IOPOLL)) | |
| 1194 | io_wq_hash_work(&req->work, file_inode(req->file)); | |
| 1195 | } else { | |
| 1196 | if (def->unbound_nonreg_file) | |
| 1197 | req->work.flags |= IO_WQ_WORK_UNBOUND; | |
| 1198 | } | |
| 561fb04a | 1199 | } |
| cccf0ee8 | 1200 | |
| cbdcb435 | 1201 | static void io_prep_async_link(struct io_kiocb *req) |
| 561fb04a | 1202 | { |
| cbdcb435 | 1203 | struct io_kiocb *cur; |
| 54a91f3b | 1204 | |
| f2f87370 PB |
1205 | io_for_each_link(cur, req) |
| 1206 | io_prep_async_work(cur); | |
| 561fb04a JA |
1207 | } |
| 1208 | ||
| ebf93667 | 1209 | static void io_queue_async_work(struct io_kiocb *req) |
| 561fb04a | 1210 | { |
| a197f664 | 1211 | struct io_ring_ctx *ctx = req->ctx; |
| cbdcb435 | 1212 | struct io_kiocb *link = io_prep_linked_timeout(req); |
| 5aa75ed5 | 1213 | struct io_uring_task *tctx = req->task->io_uring; |
| 561fb04a | 1214 | |
| 3bfe6106 JA |
1215 | BUG_ON(!tctx); |
| 1216 | BUG_ON(!tctx->io_wq); | |
| 561fb04a | 1217 | |
| 8766dd51 PB |
1218 | trace_io_uring_queue_async_work(ctx, io_wq_is_hashed(&req->work), req, |
| 1219 | &req->work, req->flags); | |
| cbdcb435 PB |
1220 | /* init ->work of the whole link before punting */ |
| 1221 | io_prep_async_link(req); | |
| ebf93667 | 1222 | io_wq_enqueue(tctx->io_wq, &req->work); |
| 7271ef3a JA |
1223 | if (link) |
| 1224 | io_queue_linked_timeout(link); | |
| cbdcb435 PB |
1225 | } |
| 1226 | ||
| 5262f567 JA |
1227 | static void io_kill_timeout(struct io_kiocb *req) |
| 1228 | { | |
| e8c2bc1f | 1229 | struct io_timeout_data *io = req->async_data; |
| 5262f567 JA |
1230 | int ret; |
| 1231 | ||
| e8c2bc1f | 1232 | ret = hrtimer_try_to_cancel(&io->timer); |
| 5262f567 | 1233 | if (ret != -1) { |
| 01cec8c1 PB |
1234 | atomic_set(&req->ctx->cq_timeouts, |
| 1235 | atomic_read(&req->ctx->cq_timeouts) + 1); | |
| 135fcde8 | 1236 | list_del_init(&req->timeout.list); |
| 78e19bbe | 1237 | io_cqring_fill_event(req, 0); |
| 216578e5 | 1238 | io_put_req_deferred(req, 1); |
| 5262f567 JA |
1239 | } |
| 1240 | } | |
| 1241 | ||
| 76e1b642 JA |
1242 | /* |
| 1243 | * Returns true if we found and killed one or more timeouts | |
| 1244 | */ | |
| 6b81928d PB |
1245 | static bool io_kill_timeouts(struct io_ring_ctx *ctx, struct task_struct *tsk, |
| 1246 | struct files_struct *files) | |
| 5262f567 JA |
1247 | { |
| 1248 | struct io_kiocb *req, *tmp; | |
| 76e1b642 | 1249 | int canceled = 0; |
| 5262f567 JA |
1250 | |
| 1251 | spin_lock_irq(&ctx->completion_lock); | |
| f3606e3a | 1252 | list_for_each_entry_safe(req, tmp, &ctx->timeout_list, timeout.list) { |
| 6b81928d | 1253 | if (io_match_task(req, tsk, files)) { |
| f3606e3a | 1254 | io_kill_timeout(req); |
| 76e1b642 JA |
1255 | canceled++; |
| 1256 | } | |
| f3606e3a | 1257 | } |
| 5262f567 | 1258 | spin_unlock_irq(&ctx->completion_lock); |
| 76e1b642 | 1259 | return canceled != 0; |
| 5262f567 JA |
1260 | } |
| 1261 | ||
| 04518945 | 1262 | static void __io_queue_deferred(struct io_ring_ctx *ctx) |
| de0617e4 | 1263 | { |
| 04518945 | 1264 | do { |
| 27dc8338 PB |
1265 | struct io_defer_entry *de = list_first_entry(&ctx->defer_list, |
| 1266 | struct io_defer_entry, list); | |
| de0617e4 | 1267 | |
| 9cf7c104 | 1268 | if (req_need_defer(de->req, de->seq)) |
| 04518945 | 1269 | break; |
| 27dc8338 | 1270 | list_del_init(&de->list); |
| 907d1df3 | 1271 | io_req_task_queue(de->req); |
| 27dc8338 | 1272 | kfree(de); |
| 04518945 PB |
1273 | } while (!list_empty(&ctx->defer_list)); |
| 1274 | } | |
| 1275 | ||
| 360428f8 | 1276 | static void io_flush_timeouts(struct io_ring_ctx *ctx) |
| de0617e4 | 1277 | { |
| f010505b MDG |
1278 | u32 seq; |
| 1279 | ||
| 1280 | if (list_empty(&ctx->timeout_list)) | |
| 1281 | return; | |
| 1282 | ||
| 1283 | seq = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts); | |
| 1284 | ||
| 1285 | do { | |
| 1286 | u32 events_needed, events_got; | |
| 360428f8 | 1287 | struct io_kiocb *req = list_first_entry(&ctx->timeout_list, |
| 135fcde8 | 1288 | struct io_kiocb, timeout.list); |
| de0617e4 | 1289 | |
| 8eb7e2d0 | 1290 | if (io_is_timeout_noseq(req)) |
| 360428f8 | 1291 | break; |
| f010505b MDG |
1292 | |
| 1293 | /* | |
| 1294 | * Since seq can easily wrap around over time, subtract | |
| 1295 | * the last seq at which timeouts were flushed before comparing. | |
| 1296 | * Assuming not more than 2^31-1 events have happened since, | |
| 1297 | * these subtractions won't have wrapped, so we can check if | |
| 1298 | * target is in [last_seq, current_seq] by comparing the two. | |
| 1299 | */ | |
| 1300 | events_needed = req->timeout.target_seq - ctx->cq_last_tm_flush; | |
| 1301 | events_got = seq - ctx->cq_last_tm_flush; | |
| 1302 | if (events_got < events_needed) | |
| 360428f8 | 1303 | break; |
| bfe68a22 | 1304 | |
| 135fcde8 | 1305 | list_del_init(&req->timeout.list); |
| 5262f567 | 1306 | io_kill_timeout(req); |
| f010505b MDG |
1307 | } while (!list_empty(&ctx->timeout_list)); |
| 1308 | ||
| 1309 | ctx->cq_last_tm_flush = seq; | |
| 360428f8 | 1310 | } |
| 5262f567 | 1311 | |
| 360428f8 PB |
1312 | static void io_commit_cqring(struct io_ring_ctx *ctx) |
| 1313 | { | |
| 1314 | io_flush_timeouts(ctx); | |
| ec30e04b PB |
1315 | |
| 1316 | /* order cqe stores with ring update */ | |
| 1317 | smp_store_release(&ctx->rings->cq.tail, ctx->cached_cq_tail); | |
| de0617e4 | 1318 | |
| 04518945 PB |
1319 | if (unlikely(!list_empty(&ctx->defer_list))) |
| 1320 | __io_queue_deferred(ctx); | |
| de0617e4 JA |
1321 | } |
| 1322 | ||
| 90554200 JA |
1323 | static inline bool io_sqring_full(struct io_ring_ctx *ctx) |
| 1324 | { | |
| 1325 | struct io_rings *r = ctx->rings; | |
| 1326 | ||
| 1327 | return READ_ONCE(r->sq.tail) - ctx->cached_sq_head == r->sq_ring_entries; | |
| 1328 | } | |
| 1329 | ||
| 888aae2e PB |
1330 | static inline unsigned int __io_cqring_events(struct io_ring_ctx *ctx) |
| 1331 | { | |
| 1332 | return ctx->cached_cq_tail - READ_ONCE(ctx->rings->cq.head); | |
| 1333 | } | |
| 1334 | ||
| 2b188cc1 JA |
1335 | static struct io_uring_cqe *io_get_cqring(struct io_ring_ctx *ctx) |
| 1336 | { | |
| 75b28aff | 1337 | struct io_rings *rings = ctx->rings; |
| 2b188cc1 JA |
1338 | unsigned tail; |
| 1339 | ||
| 115e12e5 SB |
1340 | /* |
| 1341 | * writes to the cq entry need to come after reading head; the | |
| 1342 | * control dependency is enough as we're using WRITE_ONCE to | |
| 1343 | * fill the cq entry | |
| 1344 | */ | |
| 888aae2e | 1345 | if (__io_cqring_events(ctx) == rings->cq_ring_entries) |
| 2b188cc1 JA |
1346 | return NULL; |
| 1347 | ||
| 888aae2e | 1348 | tail = ctx->cached_cq_tail++; |
| 75b28aff | 1349 | return &rings->cqes[tail & ctx->cq_mask]; |
| 2b188cc1 JA |
1350 | } |
| 1351 | ||
| f2842ab5 JA |
1352 | static inline bool io_should_trigger_evfd(struct io_ring_ctx *ctx) |
| 1353 | { | |
| f0b493e6 JA |
1354 | if (!ctx->cq_ev_fd) |
| 1355 | return false; | |
| 7e55a19c SG |
1356 | if (READ_ONCE(ctx->rings->cq_flags) & IORING_CQ_EVENTFD_DISABLED) |
| 1357 | return false; | |
| f2842ab5 JA |
1358 | if (!ctx->eventfd_async) |
| 1359 | return true; | |
| b41e9852 | 1360 | return io_wq_current_is_worker(); |
| f2842ab5 JA |
1361 | } |
| 1362 | ||
| b41e9852 | 1363 | static void io_cqring_ev_posted(struct io_ring_ctx *ctx) |
| 1d7bb1d5 | 1364 | { |
| b1445e59 PB |
1365 | /* see waitqueue_active() comment */ |
| 1366 | smp_mb(); | |
| 1367 | ||
| 1d7bb1d5 JA |
1368 | if (waitqueue_active(&ctx->wait)) |
| 1369 | wake_up(&ctx->wait); | |
| 534ca6d6 JA |
1370 | if (ctx->sq_data && waitqueue_active(&ctx->sq_data->wait)) |
| 1371 | wake_up(&ctx->sq_data->wait); | |
| b41e9852 | 1372 | if (io_should_trigger_evfd(ctx)) |
| 1d7bb1d5 | 1373 | eventfd_signal(ctx->cq_ev_fd, 1); |
| b1445e59 | 1374 | if (waitqueue_active(&ctx->cq_wait)) { |
| 4aa84f2f PB |
1375 | wake_up_interruptible(&ctx->cq_wait); |
| 1376 | kill_fasync(&ctx->cq_fasync, SIGIO, POLL_IN); | |
| 1377 | } | |
| 1d7bb1d5 JA |
1378 | } |
| 1379 | ||
| 80c18e4a PB |
1380 | static void io_cqring_ev_posted_iopoll(struct io_ring_ctx *ctx) |
| 1381 | { | |
| b1445e59 PB |
1382 | /* see waitqueue_active() comment */ |
| 1383 | smp_mb(); | |
| 1384 | ||
| 80c18e4a PB |
1385 | if (ctx->flags & IORING_SETUP_SQPOLL) { |
| 1386 | if (waitqueue_active(&ctx->wait)) | |
| 1387 | wake_up(&ctx->wait); | |
| 1388 | } | |
| 1389 | if (io_should_trigger_evfd(ctx)) | |
| 1390 | eventfd_signal(ctx->cq_ev_fd, 1); | |
| b1445e59 | 1391 | if (waitqueue_active(&ctx->cq_wait)) { |
| 4aa84f2f PB |
1392 | wake_up_interruptible(&ctx->cq_wait); |
| 1393 | kill_fasync(&ctx->cq_fasync, SIGIO, POLL_IN); | |
| 1394 | } | |
| 80c18e4a PB |
1395 | } |
| 1396 | ||
| c4a2ed72 | 1397 | /* Returns true if there are no backlogged entries after the flush */ |
| 6c503150 PB |
1398 | static bool __io_cqring_overflow_flush(struct io_ring_ctx *ctx, bool force, |
| 1399 | struct task_struct *tsk, | |
| 1400 | struct files_struct *files) | |
| 1d7bb1d5 JA |
1401 | { |
| 1402 | struct io_rings *rings = ctx->rings; | |
| e6c8aa9a | 1403 | struct io_kiocb *req, *tmp; |
| 1d7bb1d5 | 1404 | struct io_uring_cqe *cqe; |
| 1d7bb1d5 | 1405 | unsigned long flags; |
| b18032bb | 1406 | bool all_flushed, posted; |
| 1d7bb1d5 JA |
1407 | LIST_HEAD(list); |
| 1408 | ||
| e23de15f PB |
1409 | if (!force && __io_cqring_events(ctx) == rings->cq_ring_entries) |
| 1410 | return false; | |
| 1d7bb1d5 | 1411 | |
| b18032bb | 1412 | posted = false; |
| 1d7bb1d5 | 1413 | spin_lock_irqsave(&ctx->completion_lock, flags); |
| e6c8aa9a | 1414 | list_for_each_entry_safe(req, tmp, &ctx->cq_overflow_list, compl.list) { |
| 08d23634 | 1415 | if (!io_match_task(req, tsk, files)) |
| e6c8aa9a JA |
1416 | continue; |
| 1417 | ||
| 1d7bb1d5 JA |
1418 | cqe = io_get_cqring(ctx); |
| 1419 | if (!cqe && !force) | |
| 1420 | break; | |
| 1421 | ||
| 40d8ddd4 | 1422 | list_move(&req->compl.list, &list); |
| 1d7bb1d5 JA |
1423 | if (cqe) { |
| 1424 | WRITE_ONCE(cqe->user_data, req->user_data); | |
| 1425 | WRITE_ONCE(cqe->res, req->result); | |
| 0f7e466b | 1426 | WRITE_ONCE(cqe->flags, req->compl.cflags); |
| 1d7bb1d5 | 1427 | } else { |
| 2c3bac6d | 1428 | ctx->cached_cq_overflow++; |
| 1d7bb1d5 | 1429 | WRITE_ONCE(ctx->rings->cq_overflow, |
| 2c3bac6d | 1430 | ctx->cached_cq_overflow); |
| 1d7bb1d5 | 1431 | } |
| b18032bb | 1432 | posted = true; |
| 1d7bb1d5 JA |
1433 | } |
| 1434 | ||
| 09e88404 PB |
1435 | all_flushed = list_empty(&ctx->cq_overflow_list); |
| 1436 | if (all_flushed) { | |
| 1437 | clear_bit(0, &ctx->sq_check_overflow); | |
| 1438 | clear_bit(0, &ctx->cq_check_overflow); | |
| 1439 | ctx->rings->sq_flags &= ~IORING_SQ_CQ_OVERFLOW; | |
| 1440 | } | |
| 46930143 | 1441 | |
| b18032bb JA |
1442 | if (posted) |
| 1443 | io_commit_cqring(ctx); | |
| 1d7bb1d5 | 1444 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| b18032bb JA |
1445 | if (posted) |
| 1446 | io_cqring_ev_posted(ctx); | |
| 1d7bb1d5 JA |
1447 | |
| 1448 | while (!list_empty(&list)) { | |
| 40d8ddd4 PB |
1449 | req = list_first_entry(&list, struct io_kiocb, compl.list); |
| 1450 | list_del(&req->compl.list); | |
| ec9c02ad | 1451 | io_put_req(req); |
| 1d7bb1d5 | 1452 | } |
| c4a2ed72 | 1453 | |
| 09e88404 | 1454 | return all_flushed; |
| 1d7bb1d5 JA |
1455 | } |
| 1456 | ||
| ca0a2651 | 1457 | static bool io_cqring_overflow_flush(struct io_ring_ctx *ctx, bool force, |
| 6c503150 PB |
1458 | struct task_struct *tsk, |
| 1459 | struct files_struct *files) | |
| 1460 | { | |
| ca0a2651 JA |
1461 | bool ret = true; |
| 1462 | ||
| 6c503150 PB |
1463 | if (test_bit(0, &ctx->cq_check_overflow)) { |
| 1464 | /* iopoll syncs against uring_lock, not completion_lock */ | |
| 1465 | if (ctx->flags & IORING_SETUP_IOPOLL) | |
| 1466 | mutex_lock(&ctx->uring_lock); | |
| ca0a2651 | 1467 | ret = __io_cqring_overflow_flush(ctx, force, tsk, files); |
| 6c503150 PB |
1468 | if (ctx->flags & IORING_SETUP_IOPOLL) |
| 1469 | mutex_unlock(&ctx->uring_lock); | |
| 1470 | } | |
| ca0a2651 JA |
1471 | |
| 1472 | return ret; | |
| 6c503150 PB |
1473 | } |
| 1474 | ||
| bcda7baa | 1475 | static void __io_cqring_fill_event(struct io_kiocb *req, long res, long cflags) |
| 2b188cc1 | 1476 | { |
| 78e19bbe | 1477 | struct io_ring_ctx *ctx = req->ctx; |
| 2b188cc1 JA |
1478 | struct io_uring_cqe *cqe; |
| 1479 | ||
| 78e19bbe | 1480 | trace_io_uring_complete(ctx, req->user_data, res); |
| 51c3ff62 | 1481 | |
| 2b188cc1 JA |
1482 | /* |
| 1483 | * If we can't get a cq entry, userspace overflowed the | |
| 1484 | * submission (by quite a lot). Increment the overflow count in | |
| 1485 | * the ring. | |
| 1486 | */ | |
| 1487 | cqe = io_get_cqring(ctx); | |
| 1d7bb1d5 | 1488 | if (likely(cqe)) { |
| 78e19bbe | 1489 | WRITE_ONCE(cqe->user_data, req->user_data); |
| 2b188cc1 | 1490 | WRITE_ONCE(cqe->res, res); |
| bcda7baa | 1491 | WRITE_ONCE(cqe->flags, cflags); |
| fdaf083c JA |
1492 | } else if (ctx->cq_overflow_flushed || |
| 1493 | atomic_read(&req->task->io_uring->in_idle)) { | |
| 0f212204 JA |
1494 | /* |
| 1495 | * If we're in ring overflow flush mode, or in task cancel mode, | |
| 1496 | * then we cannot store the request for later flushing, we need | |
| 1497 | * to drop it on the floor. | |
| 1498 | */ | |
| 2c3bac6d PB |
1499 | ctx->cached_cq_overflow++; |
| 1500 | WRITE_ONCE(ctx->rings->cq_overflow, ctx->cached_cq_overflow); | |
| 1d7bb1d5 | 1501 | } else { |
| ad3eb2c8 JA |
1502 | if (list_empty(&ctx->cq_overflow_list)) { |
| 1503 | set_bit(0, &ctx->sq_check_overflow); | |
| 1504 | set_bit(0, &ctx->cq_check_overflow); | |
| 6d5f9049 | 1505 | ctx->rings->sq_flags |= IORING_SQ_CQ_OVERFLOW; |
| ad3eb2c8 | 1506 | } |
| 40d8ddd4 | 1507 | io_clean_op(req); |
| 1d7bb1d5 | 1508 | req->result = res; |
| 0f7e466b | 1509 | req->compl.cflags = cflags; |
| 40d8ddd4 PB |
1510 | refcount_inc(&req->refs); |
| 1511 | list_add_tail(&req->compl.list, &ctx->cq_overflow_list); | |
| 2b188cc1 JA |
1512 | } |
| 1513 | } | |
| 1514 | ||
| bcda7baa JA |
1515 | static void io_cqring_fill_event(struct io_kiocb *req, long res) |
| 1516 | { | |
| 1517 | __io_cqring_fill_event(req, res, 0); | |
| 1518 | } | |
| 1519 | ||
| c7dae4ba JA |
1520 | static inline void io_req_complete_post(struct io_kiocb *req, long res, |
| 1521 | unsigned int cflags) | |
| 2b188cc1 | 1522 | { |
| 78e19bbe | 1523 | struct io_ring_ctx *ctx = req->ctx; |
| 2b188cc1 JA |
1524 | unsigned long flags; |
| 1525 | ||
| 1526 | spin_lock_irqsave(&ctx->completion_lock, flags); | |
| bcda7baa | 1527 | __io_cqring_fill_event(req, res, cflags); |
| 2b188cc1 | 1528 | io_commit_cqring(ctx); |
| c7dae4ba JA |
1529 | /* |
| 1530 | * If we're the last reference to this request, add to our locked | |
| 1531 | * free_list cache. | |
| 1532 | */ | |
| 1533 | if (refcount_dec_and_test(&req->refs)) { | |
| 1534 | struct io_comp_state *cs = &ctx->submit_state.comp; | |
| 1535 | ||
| 1536 | io_dismantle_req(req); | |
| 1537 | io_put_task(req->task, 1); | |
| 1538 | list_add(&req->compl.list, &cs->locked_free_list); | |
| 1539 | cs->locked_free_nr++; | |
| 1540 | } else | |
| 1541 | req = NULL; | |
| 2b188cc1 JA |
1542 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| 1543 | ||
| 8c838788 | 1544 | io_cqring_ev_posted(ctx); |
| c7dae4ba JA |
1545 | if (req) { |
| 1546 | io_queue_next(req); | |
| 1547 | percpu_ref_put(&ctx->refs); | |
| 229a7b63 | 1548 | } |
| 229a7b63 JA |
1549 | } |
| 1550 | ||
| a38d68db | 1551 | static void io_req_complete_state(struct io_kiocb *req, long res, |
| 889fca73 | 1552 | unsigned int cflags) |
| 229a7b63 | 1553 | { |
| a38d68db PB |
1554 | io_clean_op(req); |
| 1555 | req->result = res; | |
| 1556 | req->compl.cflags = cflags; | |
| e342c807 | 1557 | req->flags |= REQ_F_COMPLETE_INLINE; |
| e1e16097 JA |
1558 | } |
| 1559 | ||
| 889fca73 PB |
1560 | static inline void __io_req_complete(struct io_kiocb *req, unsigned issue_flags, |
| 1561 | long res, unsigned cflags) | |
| bcda7baa | 1562 | { |
| 889fca73 PB |
1563 | if (issue_flags & IO_URING_F_COMPLETE_DEFER) |
| 1564 | io_req_complete_state(req, res, cflags); | |
| a38d68db | 1565 | else |
| c7dae4ba | 1566 | io_req_complete_post(req, res, cflags); |
| bcda7baa JA |
1567 | } |
| 1568 | ||
| a38d68db | 1569 | static inline void io_req_complete(struct io_kiocb *req, long res) |
| 0ddf92e8 | 1570 | { |
| 889fca73 | 1571 | __io_req_complete(req, 0, res, 0); |
| 0ddf92e8 JA |
1572 | } |
| 1573 | ||
| c7dae4ba | 1574 | static bool io_flush_cached_reqs(struct io_ring_ctx *ctx) |
| 0ddf92e8 | 1575 | { |
| c7dae4ba JA |
1576 | struct io_submit_state *state = &ctx->submit_state; |
| 1577 | struct io_comp_state *cs = &state->comp; | |
| e5d1bc0a | 1578 | struct io_kiocb *req = NULL; |
| 0ddf92e8 | 1579 | |
| c7dae4ba JA |
1580 | /* |
| 1581 | * If we have more than a batch's worth of requests in our IRQ side | |
| 1582 | * locked cache, grab the lock and move them over to our submission | |
| 1583 | * side cache. | |
| 1584 | */ | |
| 1585 | if (READ_ONCE(cs->locked_free_nr) > IO_COMPL_BATCH) { | |
| 1586 | spin_lock_irq(&ctx->completion_lock); | |
| 1587 | list_splice_init(&cs->locked_free_list, &cs->free_list); | |
| 1588 | cs->locked_free_nr = 0; | |
| 1589 | spin_unlock_irq(&ctx->completion_lock); | |
| 1590 | } | |
| 0ddf92e8 | 1591 | |
| c7dae4ba JA |
1592 | while (!list_empty(&cs->free_list)) { |
| 1593 | req = list_first_entry(&cs->free_list, struct io_kiocb, | |
| 1b4c351f JA |
1594 | compl.list); |
| 1595 | list_del(&req->compl.list); | |
| e5d1bc0a PB |
1596 | state->reqs[state->free_reqs++] = req; |
| 1597 | if (state->free_reqs == ARRAY_SIZE(state->reqs)) | |
| 1598 | break; | |
| 1b4c351f JA |
1599 | } |
| 1600 | ||
| e5d1bc0a | 1601 | return req != NULL; |
| 0ddf92e8 JA |
1602 | } |
| 1603 | ||
| e5d1bc0a | 1604 | static struct io_kiocb *io_alloc_req(struct io_ring_ctx *ctx) |
| 2b188cc1 | 1605 | { |
| e5d1bc0a PB |
1606 | struct io_submit_state *state = &ctx->submit_state; |
| 1607 | ||
| 1608 | BUILD_BUG_ON(IO_REQ_ALLOC_BATCH > ARRAY_SIZE(state->reqs)); | |
| 1609 | ||
| f6b6c7d6 | 1610 | if (!state->free_reqs) { |
| 291b2821 | 1611 | gfp_t gfp = GFP_KERNEL | __GFP_NOWARN; |
| 2579f913 JA |
1612 | int ret; |
| 1613 | ||
| c7dae4ba | 1614 | if (io_flush_cached_reqs(ctx)) |
| e5d1bc0a PB |
1615 | goto got_req; |
| 1616 | ||
| bf019da7 PB |
1617 | ret = kmem_cache_alloc_bulk(req_cachep, gfp, IO_REQ_ALLOC_BATCH, |
| 1618 | state->reqs); | |
| fd6fab2c JA |
1619 | |
| 1620 | /* | |
| 1621 | * Bulk alloc is all-or-nothing. If we fail to get a batch, | |
| 1622 | * retry single alloc to be on the safe side. | |
| 1623 | */ | |
| 1624 | if (unlikely(ret <= 0)) { | |
| 1625 | state->reqs[0] = kmem_cache_alloc(req_cachep, gfp); | |
| 1626 | if (!state->reqs[0]) | |
| 3893f39f | 1627 | return NULL; |
| fd6fab2c JA |
1628 | ret = 1; |
| 1629 | } | |
| 291b2821 | 1630 | state->free_reqs = ret; |
| 2b188cc1 | 1631 | } |
| e5d1bc0a | 1632 | got_req: |
| 291b2821 PB |
1633 | state->free_reqs--; |
| 1634 | return state->reqs[state->free_reqs]; | |
| 2b188cc1 JA |
1635 | } |
| 1636 | ||
| 8da11c19 PB |
1637 | static inline void io_put_file(struct io_kiocb *req, struct file *file, |
| 1638 | bool fixed) | |
| 1639 | { | |
| 36f72fe2 | 1640 | if (!fixed) |
| 8da11c19 PB |
1641 | fput(file); |
| 1642 | } | |
| 1643 | ||
| 4edf20f9 | 1644 | static void io_dismantle_req(struct io_kiocb *req) |
| 2b188cc1 | 1645 | { |
| 3ca405eb | 1646 | io_clean_op(req); |
| 929a3af9 | 1647 | |
| e8c2bc1f JA |
1648 | if (req->async_data) |
| 1649 | kfree(req->async_data); | |
| 8da11c19 PB |
1650 | if (req->file) |
| 1651 | io_put_file(req, req->file, (req->flags & REQ_F_FIXED_FILE)); | |
| 269bbe5f BM |
1652 | if (req->fixed_rsrc_refs) |
| 1653 | percpu_ref_put(req->fixed_rsrc_refs); | |
| 003e8dcc JA |
1654 | if (req->work.creds) { |
| 1655 | put_cred(req->work.creds); | |
| 1656 | req->work.creds = NULL; | |
| 1657 | } | |
| f85c310a PB |
1658 | |
| 1659 | if (req->flags & REQ_F_INFLIGHT) { | |
| 1660 | struct io_ring_ctx *ctx = req->ctx; | |
| f85c310a PB |
1661 | unsigned long flags; |
| 1662 | ||
| 1663 | spin_lock_irqsave(&ctx->inflight_lock, flags); | |
| 1664 | list_del(&req->inflight_entry); | |
| 1665 | spin_unlock_irqrestore(&ctx->inflight_lock, flags); | |
| 1666 | req->flags &= ~REQ_F_INFLIGHT; | |
| f85c310a | 1667 | } |
| e65ef56d JA |
1668 | } |
| 1669 | ||
| b23fcf47 | 1670 | /* must to be called somewhat shortly after putting a request */ |
| 7c660731 PB |
1671 | static inline void io_put_task(struct task_struct *task, int nr) |
| 1672 | { | |
| 1673 | struct io_uring_task *tctx = task->io_uring; | |
| 1674 | ||
| 1675 | percpu_counter_sub(&tctx->inflight, nr); | |
| 1676 | if (unlikely(atomic_read(&tctx->in_idle))) | |
| 1677 | wake_up(&tctx->wait); | |
| 1678 | put_task_struct_many(task, nr); | |
| 1679 | } | |
| 1680 | ||
| 216578e5 | 1681 | static void __io_free_req(struct io_kiocb *req) |
| c6ca97b3 | 1682 | { |
| 51a4cc11 | 1683 | struct io_ring_ctx *ctx = req->ctx; |
| c6ca97b3 | 1684 | |
| 216578e5 | 1685 | io_dismantle_req(req); |
| 7c660731 | 1686 | io_put_task(req->task, 1); |
| c6ca97b3 | 1687 | |
| 3893f39f | 1688 | kmem_cache_free(req_cachep, req); |
| ecfc5177 | 1689 | percpu_ref_put(&ctx->refs); |
| e65ef56d JA |
1690 | } |
| 1691 | ||
| f2f87370 PB |
1692 | static inline void io_remove_next_linked(struct io_kiocb *req) |
| 1693 | { | |
| 1694 | struct io_kiocb *nxt = req->link; | |
| 1695 | ||
| 1696 | req->link = nxt->link; | |
| 1697 | nxt->link = NULL; | |
| 1698 | } | |
| 1699 | ||
| c9abd7ad | 1700 | static void io_kill_linked_timeout(struct io_kiocb *req) |
| 2665abfd | 1701 | { |
| a197f664 | 1702 | struct io_ring_ctx *ctx = req->ctx; |
| 7c86ffee | 1703 | struct io_kiocb *link; |
| c9abd7ad PB |
1704 | bool cancelled = false; |
| 1705 | unsigned long flags; | |
| 7c86ffee | 1706 | |
| c9abd7ad | 1707 | spin_lock_irqsave(&ctx->completion_lock, flags); |
| f2f87370 PB |
1708 | link = req->link; |
| 1709 | ||
| 900fad45 PB |
1710 | /* |
| 1711 | * Can happen if a linked timeout fired and link had been like | |
| 1712 | * req -> link t-out -> link t-out [-> ...] | |
| 1713 | */ | |
| c9abd7ad PB |
1714 | if (link && (link->flags & REQ_F_LTIMEOUT_ACTIVE)) { |
| 1715 | struct io_timeout_data *io = link->async_data; | |
| 1716 | int ret; | |
| 7c86ffee | 1717 | |
| f2f87370 | 1718 | io_remove_next_linked(req); |
| 90cd7e42 | 1719 | link->timeout.head = NULL; |
| c9abd7ad PB |
1720 | ret = hrtimer_try_to_cancel(&io->timer); |
| 1721 | if (ret != -1) { | |
| 1722 | io_cqring_fill_event(link, -ECANCELED); | |
| 1723 | io_commit_cqring(ctx); | |
| 1724 | cancelled = true; | |
| 1725 | } | |
| 1726 | } | |
| 7c86ffee | 1727 | req->flags &= ~REQ_F_LINK_TIMEOUT; |
| 216578e5 | 1728 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| ab0b6451 | 1729 | |
| c9abd7ad | 1730 | if (cancelled) { |
| 7c86ffee | 1731 | io_cqring_ev_posted(ctx); |
| c9abd7ad PB |
1732 | io_put_req(link); |
| 1733 | } | |
| 7c86ffee PB |
1734 | } |
| 1735 | ||
| 9e645e11 | 1736 | |
| d148ca4b | 1737 | static void io_fail_links(struct io_kiocb *req) |
| 9e645e11 | 1738 | { |
| f2f87370 | 1739 | struct io_kiocb *link, *nxt; |
| 2665abfd | 1740 | struct io_ring_ctx *ctx = req->ctx; |
| d148ca4b | 1741 | unsigned long flags; |
| 9e645e11 | 1742 | |
| d148ca4b | 1743 | spin_lock_irqsave(&ctx->completion_lock, flags); |
| f2f87370 PB |
1744 | link = req->link; |
| 1745 | req->link = NULL; | |
| 9e645e11 | 1746 | |
| f2f87370 PB |
1747 | while (link) { |
| 1748 | nxt = link->link; | |
| 1749 | link->link = NULL; | |
| 2665abfd | 1750 | |
| f2f87370 | 1751 | trace_io_uring_fail_link(req, link); |
| 7c86ffee | 1752 | io_cqring_fill_event(link, -ECANCELED); |
| 216578e5 | 1753 | |
| 1575f21a | 1754 | io_put_req_deferred(link, 2); |
| f2f87370 | 1755 | link = nxt; |
| 9e645e11 | 1756 | } |
| 2665abfd | 1757 | io_commit_cqring(ctx); |
| 216578e5 | 1758 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| 9e645e11 | 1759 | |
| 2665abfd | 1760 | io_cqring_ev_posted(ctx); |
| 9e645e11 JA |
1761 | } |
| 1762 | ||
| 3fa5e0f3 | 1763 | static struct io_kiocb *__io_req_find_next(struct io_kiocb *req) |
| c69f8dbe | 1764 | { |
| 7c86ffee PB |
1765 | if (req->flags & REQ_F_LINK_TIMEOUT) |
| 1766 | io_kill_linked_timeout(req); | |
| 944e58bf | 1767 | |
| 9e645e11 JA |
1768 | /* |
| 1769 | * If LINK is set, we have dependent requests in this chain. If we | |
| 1770 | * didn't fail this request, queue the first one up, moving any other | |
| 1771 | * dependencies to the next request. In case of failure, fail the rest | |
| 1772 | * of the chain. | |
| 1773 | */ | |
| f2f87370 PB |
1774 | if (likely(!(req->flags & REQ_F_FAIL_LINK))) { |
| 1775 | struct io_kiocb *nxt = req->link; | |
| 1776 | ||
| 1777 | req->link = NULL; | |
| 1778 | return nxt; | |
| 1779 | } | |
| 9b5f7bd9 PB |
1780 | io_fail_links(req); |
| 1781 | return NULL; | |
| 4d7dd462 | 1782 | } |
| 9e645e11 | 1783 | |
| f2f87370 | 1784 | static inline struct io_kiocb *io_req_find_next(struct io_kiocb *req) |
| 3fa5e0f3 | 1785 | { |
| cdbff982 | 1786 | if (likely(!(req->flags & (REQ_F_LINK|REQ_F_HARDLINK)))) |
| 3fa5e0f3 PB |
1787 | return NULL; |
| 1788 | return __io_req_find_next(req); | |
| 1789 | } | |
| 1790 | ||
| 2c32395d PB |
1791 | static void ctx_flush_and_put(struct io_ring_ctx *ctx) |
| 1792 | { | |
| 1793 | if (!ctx) | |
| 1794 | return; | |
| 1795 | if (ctx->submit_state.comp.nr) { | |
| 1796 | mutex_lock(&ctx->uring_lock); | |
| 1797 | io_submit_flush_completions(&ctx->submit_state.comp, ctx); | |
| 1798 | mutex_unlock(&ctx->uring_lock); | |
| 1799 | } | |
| 1800 | percpu_ref_put(&ctx->refs); | |
| 1801 | } | |
| 1802 | ||
| 7cbf1722 | 1803 | static bool __tctx_task_work(struct io_uring_task *tctx) |
| c2c4c83c | 1804 | { |
| 65453d1e | 1805 | struct io_ring_ctx *ctx = NULL; |
| 7cbf1722 JA |
1806 | struct io_wq_work_list list; |
| 1807 | struct io_wq_work_node *node; | |
| c2c4c83c | 1808 | |
| 7cbf1722 JA |
1809 | if (wq_list_empty(&tctx->task_list)) |
| 1810 | return false; | |
| 6200b0ae | 1811 | |
| 0b81e80c | 1812 | spin_lock_irq(&tctx->task_lock); |
| 7cbf1722 JA |
1813 | list = tctx->task_list; |
| 1814 | INIT_WQ_LIST(&tctx->task_list); | |
| 0b81e80c | 1815 | spin_unlock_irq(&tctx->task_lock); |
| c2c4c83c | 1816 | |
| 7cbf1722 JA |
1817 | node = list.first; |
| 1818 | while (node) { | |
| 1819 | struct io_wq_work_node *next = node->next; | |
| 1820 | struct io_kiocb *req; | |
| 0ba9c9ed | 1821 | |
| 7cbf1722 | 1822 | req = container_of(node, struct io_kiocb, io_task_work.node); |
| 2c32395d PB |
1823 | if (req->ctx != ctx) { |
| 1824 | ctx_flush_and_put(ctx); | |
| 1825 | ctx = req->ctx; | |
| 1826 | percpu_ref_get(&ctx->refs); | |
| 65453d1e | 1827 | } |
| 65453d1e | 1828 | |
| 2c32395d PB |
1829 | req->task_work.func(&req->task_work); |
| 1830 | node = next; | |
| 7cbf1722 JA |
1831 | } |
| 1832 | ||
| 2c32395d | 1833 | ctx_flush_and_put(ctx); |
| 7cbf1722 | 1834 | return list.first != NULL; |
| c2c4c83c JA |
1835 | } |
| 1836 | ||
| 7cbf1722 | 1837 | static void tctx_task_work(struct callback_head *cb) |
| c40f6379 | 1838 | { |
| 7cbf1722 | 1839 | struct io_uring_task *tctx = container_of(cb, struct io_uring_task, task_work); |
| c40f6379 | 1840 | |
| 1d5f360d JA |
1841 | clear_bit(0, &tctx->task_state); |
| 1842 | ||
| 7cbf1722 JA |
1843 | while (__tctx_task_work(tctx)) |
| 1844 | cond_resched(); | |
| 7cbf1722 JA |
1845 | } |
| 1846 | ||
| 1847 | static int io_task_work_add(struct task_struct *tsk, struct io_kiocb *req, | |
| 1848 | enum task_work_notify_mode notify) | |
| 1849 | { | |
| 1850 | struct io_uring_task *tctx = tsk->io_uring; | |
| 1851 | struct io_wq_work_node *node, *prev; | |
| 0b81e80c | 1852 | unsigned long flags; |
| 7cbf1722 JA |
1853 | int ret; |
| 1854 | ||
| 1855 | WARN_ON_ONCE(!tctx); | |
| 1856 | ||
| 0b81e80c | 1857 | spin_lock_irqsave(&tctx->task_lock, flags); |
| 7cbf1722 | 1858 | wq_list_add_tail(&req->io_task_work.node, &tctx->task_list); |
| 0b81e80c | 1859 | spin_unlock_irqrestore(&tctx->task_lock, flags); |
| 7cbf1722 JA |
1860 | |
| 1861 | /* task_work already pending, we're done */ | |
| 1862 | if (test_bit(0, &tctx->task_state) || | |
| 1863 | test_and_set_bit(0, &tctx->task_state)) | |
| 1864 | return 0; | |
| 1865 | ||
| 1866 | if (!task_work_add(tsk, &tctx->task_work, notify)) | |
| 1867 | return 0; | |
| 1868 | ||
| 1869 | /* | |
| 1870 | * Slow path - we failed, find and delete work. if the work is not | |
| 1871 | * in the list, it got run and we're fine. | |
| 1872 | */ | |
| 1873 | ret = 0; | |
| 0b81e80c | 1874 | spin_lock_irqsave(&tctx->task_lock, flags); |
| 7cbf1722 JA |
1875 | wq_list_for_each(node, prev, &tctx->task_list) { |
| 1876 | if (&req->io_task_work.node == node) { | |
| 1877 | wq_list_del(&tctx->task_list, node, prev); | |
| 1878 | ret = 1; | |
| 1879 | break; | |
| 1880 | } | |
| 1881 | } | |
| 0b81e80c | 1882 | spin_unlock_irqrestore(&tctx->task_lock, flags); |
| 7cbf1722 JA |
1883 | clear_bit(0, &tctx->task_state); |
| 1884 | return ret; | |
| 1885 | } | |
| 1886 | ||
| 355fb9e2 | 1887 | static int io_req_task_work_add(struct io_kiocb *req) |
| c2c4c83c JA |
1888 | { |
| 1889 | struct task_struct *tsk = req->task; | |
| 1890 | struct io_ring_ctx *ctx = req->ctx; | |
| 91989c70 JA |
1891 | enum task_work_notify_mode notify; |
| 1892 | int ret; | |
| c2c4c83c | 1893 | |
| 6200b0ae JA |
1894 | if (tsk->flags & PF_EXITING) |
| 1895 | return -ESRCH; | |
| 1896 | ||
| c2c4c83c | 1897 | /* |
| 0ba9c9ed JA |
1898 | * SQPOLL kernel thread doesn't need notification, just a wakeup. For |
| 1899 | * all other cases, use TWA_SIGNAL unconditionally to ensure we're | |
| 1900 | * processing task_work. There's no reliable way to tell if TWA_RESUME | |
| 1901 | * will do the job. | |
| c2c4c83c | 1902 | */ |
| 91989c70 | 1903 | notify = TWA_NONE; |
| 355fb9e2 | 1904 | if (!(ctx->flags & IORING_SETUP_SQPOLL)) |
| c2c4c83c JA |
1905 | notify = TWA_SIGNAL; |
| 1906 | ||
| 7cbf1722 | 1907 | ret = io_task_work_add(tsk, req, notify); |
| c2c4c83c JA |
1908 | if (!ret) |
| 1909 | wake_up_process(tsk); | |
| 0ba9c9ed | 1910 | |
| c2c4c83c JA |
1911 | return ret; |
| 1912 | } | |
| 1913 | ||
| eab30c4d | 1914 | static void io_req_task_work_add_fallback(struct io_kiocb *req, |
| 7cbf1722 | 1915 | task_work_func_t cb) |
| eab30c4d | 1916 | { |
| 7c25c0d1 JA |
1917 | struct io_ring_ctx *ctx = req->ctx; |
| 1918 | struct callback_head *head; | |
| eab30c4d PB |
1919 | |
| 1920 | init_task_work(&req->task_work, cb); | |
| 7c25c0d1 JA |
1921 | do { |
| 1922 | head = READ_ONCE(ctx->exit_task_work); | |
| 1923 | req->task_work.next = head; | |
| 1924 | } while (cmpxchg(&ctx->exit_task_work, head, &req->task_work) != head); | |
| eab30c4d PB |
1925 | } |
| 1926 | ||
| c40f6379 JA |
1927 | static void __io_req_task_cancel(struct io_kiocb *req, int error) |
| 1928 | { | |
| 1929 | struct io_ring_ctx *ctx = req->ctx; | |
| 1930 | ||
| 1931 | spin_lock_irq(&ctx->completion_lock); | |
| 1932 | io_cqring_fill_event(req, error); | |
| 1933 | io_commit_cqring(ctx); | |
| 1934 | spin_unlock_irq(&ctx->completion_lock); | |
| 1935 | ||
| 1936 | io_cqring_ev_posted(ctx); | |
| 1937 | req_set_fail_links(req); | |
| 1938 | io_double_put_req(req); | |
| 1939 | } | |
| 1940 | ||
| 1941 | static void io_req_task_cancel(struct callback_head *cb) | |
| 1942 | { | |
| 1943 | struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work); | |
| 87ceb6a6 | 1944 | struct io_ring_ctx *ctx = req->ctx; |
| c40f6379 | 1945 | |
| 792bb6eb | 1946 | mutex_lock(&ctx->uring_lock); |
| a3df7698 | 1947 | __io_req_task_cancel(req, req->result); |
| 792bb6eb | 1948 | mutex_unlock(&ctx->uring_lock); |
| 87ceb6a6 | 1949 | percpu_ref_put(&ctx->refs); |
| c40f6379 JA |
1950 | } |
| 1951 | ||
| 1952 | static void __io_req_task_submit(struct io_kiocb *req) | |
| 1953 | { | |
| 1954 | struct io_ring_ctx *ctx = req->ctx; | |
| 1955 | ||
| 04fc6c80 | 1956 | /* ctx stays valid until unlock, even if we drop all ours ctx->refs */ |
| 81b6d05c | 1957 | mutex_lock(&ctx->uring_lock); |
| 70aacfe6 | 1958 | if (!(current->flags & PF_EXITING) && !current->in_execve) |
| c5eef2b9 | 1959 | __io_queue_sqe(req); |
| 81b6d05c | 1960 | else |
| c40f6379 | 1961 | __io_req_task_cancel(req, -EFAULT); |
| 81b6d05c | 1962 | mutex_unlock(&ctx->uring_lock); |
| c40f6379 JA |
1963 | } |
| 1964 | ||
| 1965 | static void io_req_task_submit(struct callback_head *cb) | |
| 1966 | { | |
| 1967 | struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work); | |
| 1968 | ||
| 1969 | __io_req_task_submit(req); | |
| 1970 | } | |
| 1971 | ||
| 1972 | static void io_req_task_queue(struct io_kiocb *req) | |
| 1973 | { | |
| c40f6379 JA |
1974 | int ret; |
| 1975 | ||
| 7cbf1722 | 1976 | req->task_work.func = io_req_task_submit; |
| 355fb9e2 | 1977 | ret = io_req_task_work_add(req); |
| c40f6379 | 1978 | if (unlikely(ret)) { |
| a3df7698 | 1979 | req->result = -ECANCELED; |
| 04fc6c80 | 1980 | percpu_ref_get(&req->ctx->refs); |
| eab30c4d | 1981 | io_req_task_work_add_fallback(req, io_req_task_cancel); |
| c40f6379 | 1982 | } |
| c40f6379 JA |
1983 | } |
| 1984 | ||
| a3df7698 PB |
1985 | static void io_req_task_queue_fail(struct io_kiocb *req, int ret) |
| 1986 | { | |
| 1987 | percpu_ref_get(&req->ctx->refs); | |
| 1988 | req->result = ret; | |
| 1989 | req->task_work.func = io_req_task_cancel; | |
| 1990 | ||
| 1991 | if (unlikely(io_req_task_work_add(req))) | |
| 1992 | io_req_task_work_add_fallback(req, io_req_task_cancel); | |
| 1993 | } | |
| 1994 | ||
| f2f87370 | 1995 | static inline void io_queue_next(struct io_kiocb *req) |
| c69f8dbe | 1996 | { |
| 9b5f7bd9 | 1997 | struct io_kiocb *nxt = io_req_find_next(req); |
| 944e58bf PB |
1998 | |
| 1999 | if (nxt) | |
| 906a8c3f | 2000 | io_req_task_queue(nxt); |
| c69f8dbe JL |
2001 | } |
| 2002 | ||
| c3524383 | 2003 | static void io_free_req(struct io_kiocb *req) |
| 7a743e22 | 2004 | { |
| c3524383 PB |
2005 | io_queue_next(req); |
| 2006 | __io_free_req(req); | |
| 2007 | } | |
| 8766dd51 | 2008 | |
| 2d6500d4 | 2009 | struct req_batch { |
| 5af1d13e PB |
2010 | struct task_struct *task; |
| 2011 | int task_refs; | |
| 1b4c351f | 2012 | int ctx_refs; |
| 2d6500d4 PB |
2013 | }; |
| 2014 | ||
| 5af1d13e PB |
2015 | static inline void io_init_req_batch(struct req_batch *rb) |
| 2016 | { | |
| 5af1d13e | 2017 | rb->task_refs = 0; |
| 9ae72463 | 2018 | rb->ctx_refs = 0; |
| 5af1d13e PB |
2019 | rb->task = NULL; |
| 2020 | } | |
| 2021 | ||
| 2d6500d4 PB |
2022 | static void io_req_free_batch_finish(struct io_ring_ctx *ctx, |
| 2023 | struct req_batch *rb) | |
| 2024 | { | |
| 6e833d53 | 2025 | if (rb->task) |
| 7c660731 | 2026 | io_put_task(rb->task, rb->task_refs); |
| 9ae72463 PB |
2027 | if (rb->ctx_refs) |
| 2028 | percpu_ref_put_many(&ctx->refs, rb->ctx_refs); | |
| 2d6500d4 PB |
2029 | } |
| 2030 | ||
| 6ff119a6 PB |
2031 | static void io_req_free_batch(struct req_batch *rb, struct io_kiocb *req, |
| 2032 | struct io_submit_state *state) | |
| 2d6500d4 | 2033 | { |
| f2f87370 | 2034 | io_queue_next(req); |
| 2d6500d4 | 2035 | |
| e3bc8e9d | 2036 | if (req->task != rb->task) { |
| 7c660731 PB |
2037 | if (rb->task) |
| 2038 | io_put_task(rb->task, rb->task_refs); | |
| e3bc8e9d JA |
2039 | rb->task = req->task; |
| 2040 | rb->task_refs = 0; | |
| 5af1d13e | 2041 | } |
| e3bc8e9d | 2042 | rb->task_refs++; |
| 9ae72463 | 2043 | rb->ctx_refs++; |
| 5af1d13e | 2044 | |
| 4edf20f9 | 2045 | io_dismantle_req(req); |
| bd759045 | 2046 | if (state->free_reqs != ARRAY_SIZE(state->reqs)) |
| 6ff119a6 | 2047 | state->reqs[state->free_reqs++] = req; |
| bd759045 PB |
2048 | else |
| 2049 | list_add(&req->compl.list, &state->comp.free_list); | |
| 7a743e22 PB |
2050 | } |
| 2051 | ||
| 905c172f PB |
2052 | static void io_submit_flush_completions(struct io_comp_state *cs, |
| 2053 | struct io_ring_ctx *ctx) | |
| 2054 | { | |
| 2055 | int i, nr = cs->nr; | |
| 2056 | struct io_kiocb *req; | |
| 2057 | struct req_batch rb; | |
| 2058 | ||
| 2059 | io_init_req_batch(&rb); | |
| 2060 | spin_lock_irq(&ctx->completion_lock); | |
| 2061 | for (i = 0; i < nr; i++) { | |
| 2062 | req = cs->reqs[i]; | |
| 2063 | __io_cqring_fill_event(req, req->result, req->compl.cflags); | |
| 2064 | } | |
| 2065 | io_commit_cqring(ctx); | |
| 2066 | spin_unlock_irq(&ctx->completion_lock); | |
| 2067 | ||
| 2068 | io_cqring_ev_posted(ctx); | |
| 2069 | for (i = 0; i < nr; i++) { | |
| 2070 | req = cs->reqs[i]; | |
| 2071 | ||
| 2072 | /* submission and completion refs */ | |
| 2073 | if (refcount_sub_and_test(2, &req->refs)) | |
| 6ff119a6 | 2074 | io_req_free_batch(&rb, req, &ctx->submit_state); |
| 905c172f PB |
2075 | } |
| 2076 | ||
| 2077 | io_req_free_batch_finish(ctx, &rb); | |
| 2078 | cs->nr = 0; | |
| 7a743e22 PB |
2079 | } |
| 2080 | ||
| ba816ad6 JA |
2081 | /* |
| 2082 | * Drop reference to request, return next in chain (if there is one) if this | |
| 2083 | * was the last reference to this request. | |
| 2084 | */ | |
| 9b5f7bd9 | 2085 | static struct io_kiocb *io_put_req_find_next(struct io_kiocb *req) |
| e65ef56d | 2086 | { |
| 9b5f7bd9 PB |
2087 | struct io_kiocb *nxt = NULL; |
| 2088 | ||
| 2a44f467 | 2089 | if (refcount_dec_and_test(&req->refs)) { |
| 9b5f7bd9 | 2090 | nxt = io_req_find_next(req); |
| 4d7dd462 | 2091 | __io_free_req(req); |
| 2a44f467 | 2092 | } |
| 9b5f7bd9 | 2093 | return nxt; |
| 2b188cc1 JA |
2094 | } |
| 2095 | ||
| e65ef56d JA |
2096 | static void io_put_req(struct io_kiocb *req) |
| 2097 | { | |
| 2098 | if (refcount_dec_and_test(&req->refs)) | |
| 2099 | io_free_req(req); | |
| 2b188cc1 JA |
2100 | } |
| 2101 | ||
| 216578e5 PB |
2102 | static void io_put_req_deferred_cb(struct callback_head *cb) |
| 2103 | { | |
| 2104 | struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work); | |
| 2105 | ||
| 2106 | io_free_req(req); | |
| 2107 | } | |
| 2108 | ||
| 2109 | static void io_free_req_deferred(struct io_kiocb *req) | |
| 2110 | { | |
| 2111 | int ret; | |
| 2112 | ||
| 7cbf1722 | 2113 | req->task_work.func = io_put_req_deferred_cb; |
| 355fb9e2 | 2114 | ret = io_req_task_work_add(req); |
| eab30c4d PB |
2115 | if (unlikely(ret)) |
| 2116 | io_req_task_work_add_fallback(req, io_put_req_deferred_cb); | |
| 216578e5 PB |
2117 | } |
| 2118 | ||
| 2119 | static inline void io_put_req_deferred(struct io_kiocb *req, int refs) | |
| 2120 | { | |
| 2121 | if (refcount_sub_and_test(refs, &req->refs)) | |
| 2122 | io_free_req_deferred(req); | |
| 2123 | } | |
| 2124 | ||
| 978db57e JA |
2125 | static void io_double_put_req(struct io_kiocb *req) |
| 2126 | { | |
| 2127 | /* drop both submit and complete references */ | |
| 2128 | if (refcount_sub_and_test(2, &req->refs)) | |
| 2129 | io_free_req(req); | |
| 2130 | } | |
| 2131 | ||
| 6c503150 | 2132 | static unsigned io_cqring_events(struct io_ring_ctx *ctx) |
| a3a0e43f JA |
2133 | { |
| 2134 | /* See comment at the top of this file */ | |
| 2135 | smp_rmb(); | |
| e23de15f | 2136 | return __io_cqring_events(ctx); |
| a3a0e43f JA |
2137 | } |
| 2138 | ||
| fb5ccc98 PB |
2139 | static inline unsigned int io_sqring_entries(struct io_ring_ctx *ctx) |
| 2140 | { | |
| 2141 | struct io_rings *rings = ctx->rings; | |
| 2142 | ||
| 2143 | /* make sure SQ entry isn't read before tail */ | |
| 2144 | return smp_load_acquire(&rings->sq.tail) - ctx->cached_sq_head; | |
| 2145 | } | |
| 2146 | ||
| 8ff069bf | 2147 | static unsigned int io_put_kbuf(struct io_kiocb *req, struct io_buffer *kbuf) |
| e94f141b | 2148 | { |
| 8ff069bf | 2149 | unsigned int cflags; |
| e94f141b | 2150 | |
| bcda7baa JA |
2151 | cflags = kbuf->bid << IORING_CQE_BUFFER_SHIFT; |
| 2152 | cflags |= IORING_CQE_F_BUFFER; | |
| 0e1b6fe3 | 2153 | req->flags &= ~REQ_F_BUFFER_SELECTED; |
| bcda7baa JA |
2154 | kfree(kbuf); |
| 2155 | return cflags; | |
| e94f141b JA |
2156 | } |
| 2157 | ||
| 8ff069bf | 2158 | static inline unsigned int io_put_rw_kbuf(struct io_kiocb *req) |
| bcda7baa | 2159 | { |
| 4d954c25 | 2160 | struct io_buffer *kbuf; |
| bcda7baa | 2161 | |
| 4d954c25 | 2162 | kbuf = (struct io_buffer *) (unsigned long) req->rw.addr; |
| 8ff069bf PB |
2163 | return io_put_kbuf(req, kbuf); |
| 2164 | } | |
| 2165 | ||
| 4c6e277c JA |
2166 | static inline bool io_run_task_work(void) |
| 2167 | { | |
| 6200b0ae JA |
2168 | /* |
| 2169 | * Not safe to run on exiting task, and the task_work handling will | |
| 2170 | * not add work to such a task. | |
| 2171 | */ | |
| 2172 | if (unlikely(current->flags & PF_EXITING)) | |
| 2173 | return false; | |
| 4c6e277c JA |
2174 | if (current->task_works) { |
| 2175 | __set_current_state(TASK_RUNNING); | |
| 2176 | task_work_run(); | |
| 2177 | return true; | |
| 2178 | } | |
| 2179 | ||
| 2180 | return false; | |
| bcda7baa JA |
2181 | } |
| 2182 | ||
| def596e9 JA |
2183 | /* |
| 2184 | * Find and free completed poll iocbs | |
| 2185 | */ | |
| 2186 | static void io_iopoll_complete(struct io_ring_ctx *ctx, unsigned int *nr_events, | |
| 2187 | struct list_head *done) | |
| 2188 | { | |
| 8237e045 | 2189 | struct req_batch rb; |
| def596e9 | 2190 | struct io_kiocb *req; |
| bbde017a XW |
2191 | |
| 2192 | /* order with ->result store in io_complete_rw_iopoll() */ | |
| 2193 | smp_rmb(); | |
| def596e9 | 2194 | |
| 5af1d13e | 2195 | io_init_req_batch(&rb); |
| def596e9 | 2196 | while (!list_empty(done)) { |
| bcda7baa JA |
2197 | int cflags = 0; |
| 2198 | ||
| d21ffe7e | 2199 | req = list_first_entry(done, struct io_kiocb, inflight_entry); |
| f161340d PB |
2200 | list_del(&req->inflight_entry); |
| 2201 | ||
| bbde017a XW |
2202 | if (READ_ONCE(req->result) == -EAGAIN) { |
| 2203 | req->iopoll_completed = 0; | |
| 23faba36 | 2204 | if (io_rw_reissue(req)) |
| f161340d | 2205 | continue; |
| bbde017a | 2206 | } |
| def596e9 | 2207 | |
| bcda7baa | 2208 | if (req->flags & REQ_F_BUFFER_SELECTED) |
| 8ff069bf | 2209 | cflags = io_put_rw_kbuf(req); |
| bcda7baa JA |
2210 | |
| 2211 | __io_cqring_fill_event(req, req->result, cflags); | |
| def596e9 JA |
2212 | (*nr_events)++; |
| 2213 | ||
| c3524383 | 2214 | if (refcount_dec_and_test(&req->refs)) |
| 6ff119a6 | 2215 | io_req_free_batch(&rb, req, &ctx->submit_state); |
| def596e9 | 2216 | } |
| def596e9 | 2217 | |
| 09bb8394 | 2218 | io_commit_cqring(ctx); |
| 80c18e4a | 2219 | io_cqring_ev_posted_iopoll(ctx); |
| 2d6500d4 | 2220 | io_req_free_batch_finish(ctx, &rb); |
| 581f9810 BM |
2221 | } |
| 2222 | ||
| def596e9 JA |
2223 | static int io_do_iopoll(struct io_ring_ctx *ctx, unsigned int *nr_events, |
| 2224 | long min) | |
| 2225 | { | |
| 2226 | struct io_kiocb *req, *tmp; | |
| 2227 | LIST_HEAD(done); | |
| 2228 | bool spin; | |
| 2229 | int ret; | |
| 2230 | ||
| 2231 | /* | |
| 2232 | * Only spin for completions if we don't have multiple devices hanging | |
| 2233 | * off our complete list, and we're under the requested amount. | |
| 2234 | */ | |
| 2235 | spin = !ctx->poll_multi_file && *nr_events < min; | |
| 2236 | ||
| 2237 | ret = 0; | |
| d21ffe7e | 2238 | list_for_each_entry_safe(req, tmp, &ctx->iopoll_list, inflight_entry) { |
| 9adbd45d | 2239 | struct kiocb *kiocb = &req->rw.kiocb; |
| def596e9 JA |
2240 | |
| 2241 | /* | |
| 581f9810 BM |
2242 | * Move completed and retryable entries to our local lists. |
| 2243 | * If we find a request that requires polling, break out | |
| 2244 | * and complete those lists first, if we have entries there. | |
| def596e9 | 2245 | */ |
| 65a6543d | 2246 | if (READ_ONCE(req->iopoll_completed)) { |
| d21ffe7e | 2247 | list_move_tail(&req->inflight_entry, &done); |
| def596e9 JA |
2248 | continue; |
| 2249 | } | |
| 2250 | if (!list_empty(&done)) | |
| 2251 | break; | |
| 2252 | ||
| 2253 | ret = kiocb->ki_filp->f_op->iopoll(kiocb, spin); | |
| 2254 | if (ret < 0) | |
| 2255 | break; | |
| 2256 | ||
| 3aadc23e PB |
2257 | /* iopoll may have completed current req */ |
| 2258 | if (READ_ONCE(req->iopoll_completed)) | |
| d21ffe7e | 2259 | list_move_tail(&req->inflight_entry, &done); |
| 3aadc23e | 2260 | |
| def596e9 JA |
2261 | if (ret && spin) |
| 2262 | spin = false; | |
| 2263 | ret = 0; | |
| 2264 | } | |
| 2265 | ||
| 2266 | if (!list_empty(&done)) | |
| 2267 | io_iopoll_complete(ctx, nr_events, &done); | |
| 2268 | ||
| 2269 | return ret; | |
| 2270 | } | |
| 2271 | ||
| 2272 | /* | |
| d195a66e | 2273 | * Poll for a minimum of 'min' events. Note that if min == 0 we consider that a |
| def596e9 JA |
2274 | * non-spinning poll check - we'll still enter the driver poll loop, but only |
| 2275 | * as a non-spinning completion check. | |
| 2276 | */ | |
| 2277 | static int io_iopoll_getevents(struct io_ring_ctx *ctx, unsigned int *nr_events, | |
| 2278 | long min) | |
| 2279 | { | |
| 540e32a0 | 2280 | while (!list_empty(&ctx->iopoll_list) && !need_resched()) { |
| def596e9 JA |
2281 | int ret; |
| 2282 | ||
| 2283 | ret = io_do_iopoll(ctx, nr_events, min); | |
| 2284 | if (ret < 0) | |
| 2285 | return ret; | |
| eba0a4dd | 2286 | if (*nr_events >= min) |
| def596e9 JA |
2287 | return 0; |
| 2288 | } | |
| 2289 | ||
| 2290 | return 1; | |
| 2291 | } | |
| 2292 | ||
| 2293 | /* | |
| 2294 | * We can't just wait for polled events to come to us, we have to actively | |
| 2295 | * find and complete them. | |
| 2296 | */ | |
| b2edc0a7 | 2297 | static void io_iopoll_try_reap_events(struct io_ring_ctx *ctx) |
| def596e9 JA |
2298 | { |
| 2299 | if (!(ctx->flags & IORING_SETUP_IOPOLL)) | |
| 2300 | return; | |
| 2301 | ||
| 2302 | mutex_lock(&ctx->uring_lock); | |
| 540e32a0 | 2303 | while (!list_empty(&ctx->iopoll_list)) { |
| def596e9 JA |
2304 | unsigned int nr_events = 0; |
| 2305 | ||
| b2edc0a7 | 2306 | io_do_iopoll(ctx, &nr_events, 0); |
| 08f5439f | 2307 | |
| b2edc0a7 PB |
2308 | /* let it sleep and repeat later if can't complete a request */ |
| 2309 | if (nr_events == 0) | |
| 2310 | break; | |
| 08f5439f JA |
2311 | /* |
| 2312 | * Ensure we allow local-to-the-cpu processing to take place, | |
| 2313 | * in this case we need to ensure that we reap all events. | |
| 3fcee5a6 | 2314 | * Also let task_work, etc. to progress by releasing the mutex |
| 08f5439f | 2315 | */ |
| 3fcee5a6 PB |
2316 | if (need_resched()) { |
| 2317 | mutex_unlock(&ctx->uring_lock); | |
| 2318 | cond_resched(); | |
| 2319 | mutex_lock(&ctx->uring_lock); | |
| 2320 | } | |
| def596e9 JA |
2321 | } |
| 2322 | mutex_unlock(&ctx->uring_lock); | |
| 2323 | } | |
| 2324 | ||
| 7668b92a | 2325 | static int io_iopoll_check(struct io_ring_ctx *ctx, long min) |
| def596e9 | 2326 | { |
| 7668b92a | 2327 | unsigned int nr_events = 0; |
| 2b2ed975 | 2328 | int iters = 0, ret = 0; |
| 500f9fba | 2329 | |
| c7849be9 XW |
2330 | /* |
| 2331 | * We disallow the app entering submit/complete with polling, but we | |
| 2332 | * still need to lock the ring to prevent racing with polled issue | |
| 2333 | * that got punted to a workqueue. | |
| 2334 | */ | |
| 2335 | mutex_lock(&ctx->uring_lock); | |
| def596e9 | 2336 | do { |
| a3a0e43f JA |
2337 | /* |
| 2338 | * Don't enter poll loop if we already have events pending. | |
| 2339 | * If we do, we can potentially be spinning for commands that | |
| 2340 | * already triggered a CQE (eg in error). | |
| 2341 | */ | |
| 6c503150 PB |
2342 | if (test_bit(0, &ctx->cq_check_overflow)) |
| 2343 | __io_cqring_overflow_flush(ctx, false, NULL, NULL); | |
| 2344 | if (io_cqring_events(ctx)) | |
| a3a0e43f JA |
2345 | break; |
| 2346 | ||
| 500f9fba JA |
2347 | /* |
| 2348 | * If a submit got punted to a workqueue, we can have the | |
| 2349 | * application entering polling for a command before it gets | |
| 2350 | * issued. That app will hold the uring_lock for the duration | |
| 2351 | * of the poll right here, so we need to take a breather every | |
| 2352 | * now and then to ensure that the issue has a chance to add | |
| 2353 | * the poll to the issued list. Otherwise we can spin here | |
| 2354 | * forever, while the workqueue is stuck trying to acquire the | |
| 2355 | * very same mutex. | |
| 2356 | */ | |
| 2357 | if (!(++iters & 7)) { | |
| 2358 | mutex_unlock(&ctx->uring_lock); | |
| 4c6e277c | 2359 | io_run_task_work(); |
| 500f9fba JA |
2360 | mutex_lock(&ctx->uring_lock); |
| 2361 | } | |
| 2362 | ||
| 7668b92a | 2363 | ret = io_iopoll_getevents(ctx, &nr_events, min); |
| def596e9 JA |
2364 | if (ret <= 0) |
| 2365 | break; | |
| 2366 | ret = 0; | |
| 7668b92a | 2367 | } while (min && !nr_events && !need_resched()); |
| def596e9 | 2368 | |
| 500f9fba | 2369 | mutex_unlock(&ctx->uring_lock); |
| def596e9 JA |
2370 | return ret; |
| 2371 | } | |
| 2372 | ||
| 491381ce | 2373 | static void kiocb_end_write(struct io_kiocb *req) |
| 2b188cc1 | 2374 | { |
| 491381ce JA |
2375 | /* |
| 2376 | * Tell lockdep we inherited freeze protection from submission | |
| 2377 | * thread. | |
| 2378 | */ | |
| 2379 | if (req->flags & REQ_F_ISREG) { | |
| 2380 | struct inode *inode = file_inode(req->file); | |
| 2b188cc1 | 2381 | |
| 491381ce | 2382 | __sb_writers_acquired(inode->i_sb, SB_FREEZE_WRITE); |
| 2b188cc1 | 2383 | } |
| 491381ce | 2384 | file_end_write(req->file); |
| 2b188cc1 JA |
2385 | } |
| 2386 | ||
| b63534c4 | 2387 | #ifdef CONFIG_BLOCK |
| dc2a6e9a | 2388 | static bool io_resubmit_prep(struct io_kiocb *req) |
| b63534c4 JA |
2389 | { |
| 2390 | struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs; | |
| 4a245479 | 2391 | int rw, ret; |
| b63534c4 | 2392 | struct iov_iter iter; |
| b63534c4 | 2393 | |
| dc2a6e9a PB |
2394 | /* already prepared */ |
| 2395 | if (req->async_data) | |
| 2396 | return true; | |
| b63534c4 JA |
2397 | |
| 2398 | switch (req->opcode) { | |
| 2399 | case IORING_OP_READV: | |
| 2400 | case IORING_OP_READ_FIXED: | |
| 2401 | case IORING_OP_READ: | |
| 2402 | rw = READ; | |
| 2403 | break; | |
| 2404 | case IORING_OP_WRITEV: | |
| 2405 | case IORING_OP_WRITE_FIXED: | |
| 2406 | case IORING_OP_WRITE: | |
| 2407 | rw = WRITE; | |
| 2408 | break; | |
| 2409 | default: | |
| 2410 | printk_once(KERN_WARNING "io_uring: bad opcode in resubmit %d\n", | |
| 2411 | req->opcode); | |
| dc2a6e9a | 2412 | return false; |
| b63534c4 JA |
2413 | } |
| 2414 | ||
| dc2a6e9a PB |
2415 | ret = io_import_iovec(rw, req, &iovec, &iter, false); |
| 2416 | if (ret < 0) | |
| 2417 | return false; | |
| 6bf985dc | 2418 | return !io_setup_async_rw(req, iovec, inline_vecs, &iter, false); |
| b63534c4 | 2419 | } |
| b63534c4 | 2420 | |
| 3e6a0d3c | 2421 | static bool io_rw_should_reissue(struct io_kiocb *req) |
| b63534c4 | 2422 | { |
| 355afaeb | 2423 | umode_t mode = file_inode(req->file)->i_mode; |
| 3e6a0d3c | 2424 | struct io_ring_ctx *ctx = req->ctx; |
| b63534c4 | 2425 | |
| 355afaeb JA |
2426 | if (!S_ISBLK(mode) && !S_ISREG(mode)) |
| 2427 | return false; | |
| 3e6a0d3c JA |
2428 | if ((req->flags & REQ_F_NOWAIT) || (io_wq_current_is_worker() && |
| 2429 | !(ctx->flags & IORING_SETUP_IOPOLL))) | |
| b63534c4 | 2430 | return false; |
| 7c977a58 JA |
2431 | /* |
| 2432 | * If ref is dying, we might be running poll reap from the exit work. | |
| 2433 | * Don't attempt to reissue from that path, just let it fail with | |
| 2434 | * -EAGAIN. | |
| 2435 | */ | |
| 3e6a0d3c JA |
2436 | if (percpu_ref_is_dying(&ctx->refs)) |
| 2437 | return false; | |
| 2438 | return true; | |
| 2439 | } | |
| 2440 | #endif | |
| 2441 | ||
| 2442 | static bool io_rw_reissue(struct io_kiocb *req) | |
| 2443 | { | |
| 2444 | #ifdef CONFIG_BLOCK | |
| 2445 | if (!io_rw_should_reissue(req)) | |
| 7c977a58 | 2446 | return false; |
| b63534c4 | 2447 | |
| 55e6ac1e PB |
2448 | lockdep_assert_held(&req->ctx->uring_lock); |
| 2449 | ||
| 37d1e2e3 | 2450 | if (io_resubmit_prep(req)) { |
| fdee946d JA |
2451 | refcount_inc(&req->refs); |
| 2452 | io_queue_async_work(req); | |
| b63534c4 | 2453 | return true; |
| fdee946d | 2454 | } |
| dc2a6e9a | 2455 | req_set_fail_links(req); |
| b63534c4 JA |
2456 | #endif |
| 2457 | return false; | |
| 2458 | } | |
| 2459 | ||
| a1d7c393 | 2460 | static void __io_complete_rw(struct io_kiocb *req, long res, long res2, |
| 889fca73 | 2461 | unsigned int issue_flags) |
| a1d7c393 | 2462 | { |
| 2f8e45f1 PB |
2463 | int cflags = 0; |
| 2464 | ||
| 23faba36 PB |
2465 | if ((res == -EAGAIN || res == -EOPNOTSUPP) && io_rw_reissue(req)) |
| 2466 | return; | |
| 2f8e45f1 PB |
2467 | if (res != req->result) |
| 2468 | req_set_fail_links(req); | |
| 23faba36 | 2469 | |
| 2f8e45f1 PB |
2470 | if (req->rw.kiocb.ki_flags & IOCB_WRITE) |
| 2471 | kiocb_end_write(req); | |
| 2472 | if (req->flags & REQ_F_BUFFER_SELECTED) | |
| 2473 | cflags = io_put_rw_kbuf(req); | |
| 2474 | __io_req_complete(req, issue_flags, res, cflags); | |
| ba816ad6 JA |
2475 | } |
| 2476 | ||
| 2477 | static void io_complete_rw(struct kiocb *kiocb, long res, long res2) | |
| 2478 | { | |
| 9adbd45d | 2479 | struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb); |
| ba816ad6 | 2480 | |
| 889fca73 | 2481 | __io_complete_rw(req, res, res2, 0); |
| 2b188cc1 JA |
2482 | } |
| 2483 | ||
| def596e9 JA |
2484 | static void io_complete_rw_iopoll(struct kiocb *kiocb, long res, long res2) |
| 2485 | { | |
| 9adbd45d | 2486 | struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb); |
| def596e9 | 2487 | |
| 3e6a0d3c JA |
2488 | #ifdef CONFIG_BLOCK |
| 2489 | /* Rewind iter, if we have one. iopoll path resubmits as usual */ | |
| 2490 | if (res == -EAGAIN && io_rw_should_reissue(req)) { | |
| 2491 | struct io_async_rw *rw = req->async_data; | |
| 2492 | ||
| 2493 | if (rw) | |
| 2494 | iov_iter_revert(&rw->iter, | |
| 2495 | req->result - iov_iter_count(&rw->iter)); | |
| 2496 | else if (!io_resubmit_prep(req)) | |
| 2497 | res = -EIO; | |
| 2498 | } | |
| 2499 | #endif | |
| 2500 | ||
| 491381ce JA |
2501 | if (kiocb->ki_flags & IOCB_WRITE) |
| 2502 | kiocb_end_write(req); | |
| def596e9 | 2503 | |
| 2d7d6792 | 2504 | if (res != -EAGAIN && res != req->result) |
| 4e88d6e7 | 2505 | req_set_fail_links(req); |
| bbde017a XW |
2506 | |
| 2507 | WRITE_ONCE(req->result, res); | |
| 2508 | /* order with io_poll_complete() checking ->result */ | |
| cd664b0e PB |
2509 | smp_wmb(); |
| 2510 | WRITE_ONCE(req->iopoll_completed, 1); | |
| def596e9 JA |
2511 | } |
| 2512 | ||
| 2513 | /* | |
| 2514 | * After the iocb has been issued, it's safe to be found on the poll list. | |
| 2515 | * Adding the kiocb to the list AFTER submission ensures that we don't | |
| 2516 | * find it from a io_iopoll_getevents() thread before the issuer is done | |
| 2517 | * accessing the kiocb cookie. | |
| 2518 | */ | |
| 2e9dbe90 | 2519 | static void io_iopoll_req_issued(struct io_kiocb *req, bool in_async) |
| def596e9 JA |
2520 | { |
| 2521 | struct io_ring_ctx *ctx = req->ctx; | |
| 2522 | ||
| 2523 | /* | |
| 2524 | * Track whether we have multiple files in our lists. This will impact | |
| 2525 | * how we do polling eventually, not spinning if we're on potentially | |
| 2526 | * different devices. | |
| 2527 | */ | |
| 540e32a0 | 2528 | if (list_empty(&ctx->iopoll_list)) { |
| def596e9 JA |
2529 | ctx->poll_multi_file = false; |
| 2530 | } else if (!ctx->poll_multi_file) { | |
| 2531 | struct io_kiocb *list_req; | |
| 2532 | ||
| 540e32a0 | 2533 | list_req = list_first_entry(&ctx->iopoll_list, struct io_kiocb, |
| d21ffe7e | 2534 | inflight_entry); |
| 9adbd45d | 2535 | if (list_req->file != req->file) |
| def596e9 JA |
2536 | ctx->poll_multi_file = true; |
| 2537 | } | |
| 2538 | ||
| 2539 | /* | |
| 2540 | * For fast devices, IO may have already completed. If it has, add | |
| 2541 | * it to the front so we find it first. | |
| 2542 | */ | |
| 65a6543d | 2543 | if (READ_ONCE(req->iopoll_completed)) |
| d21ffe7e | 2544 | list_add(&req->inflight_entry, &ctx->iopoll_list); |
| def596e9 | 2545 | else |
| d21ffe7e | 2546 | list_add_tail(&req->inflight_entry, &ctx->iopoll_list); |
| bdcd3eab | 2547 | |
| 2e9dbe90 XW |
2548 | /* |
| 2549 | * If IORING_SETUP_SQPOLL is enabled, sqes are either handled in sq thread | |
| 2550 | * task context or in io worker task context. If current task context is | |
| 2551 | * sq thread, we don't need to check whether should wake up sq thread. | |
| 2552 | */ | |
| 2553 | if (in_async && (ctx->flags & IORING_SETUP_SQPOLL) && | |
| 534ca6d6 JA |
2554 | wq_has_sleeper(&ctx->sq_data->wait)) |
| 2555 | wake_up(&ctx->sq_data->wait); | |
| def596e9 JA |
2556 | } |
| 2557 | ||
| 9f13c35b PB |
2558 | static inline void io_state_file_put(struct io_submit_state *state) |
| 2559 | { | |
| 02b23a9a PB |
2560 | if (state->file_refs) { |
| 2561 | fput_many(state->file, state->file_refs); | |
| 2562 | state->file_refs = 0; | |
| 2563 | } | |
| 9a56a232 JA |
2564 | } |
| 2565 | ||
| 2566 | /* | |
| 2567 | * Get as many references to a file as we have IOs left in this submission, | |
| 2568 | * assuming most submissions are for one file, or at least that each file | |
| 2569 | * has more than one submission. | |
| 2570 | */ | |
| 8da11c19 | 2571 | static struct file *__io_file_get(struct io_submit_state *state, int fd) |
| 9a56a232 JA |
2572 | { |
| 2573 | if (!state) | |
| 2574 | return fget(fd); | |
| 2575 | ||
| 6e1271e6 | 2576 | if (state->file_refs) { |
| 9a56a232 | 2577 | if (state->fd == fd) { |
| 6e1271e6 | 2578 | state->file_refs--; |
| 9a56a232 JA |
2579 | return state->file; |
| 2580 | } | |
| 02b23a9a | 2581 | io_state_file_put(state); |
| 9a56a232 JA |
2582 | } |
| 2583 | state->file = fget_many(fd, state->ios_left); | |
| 6e1271e6 | 2584 | if (unlikely(!state->file)) |
| 9a56a232 JA |
2585 | return NULL; |
| 2586 | ||
| 2587 | state->fd = fd; | |
| 6e1271e6 | 2588 | state->file_refs = state->ios_left - 1; |
| 9a56a232 JA |
2589 | return state->file; |
| 2590 | } | |
| 2591 | ||
| 4503b767 JA |
2592 | static bool io_bdev_nowait(struct block_device *bdev) |
| 2593 | { | |
| 9ba0d0c8 | 2594 | return !bdev || blk_queue_nowait(bdev_get_queue(bdev)); |
| 4503b767 JA |
2595 | } |
| 2596 | ||
| 2b188cc1 JA |
2597 | /* |
| 2598 | * If we tracked the file through the SCM inflight mechanism, we could support | |
| 2599 | * any file. For now, just ensure that anything potentially problematic is done | |
| 2600 | * inline. | |
| 2601 | */ | |
| af197f50 | 2602 | static bool io_file_supports_async(struct file *file, int rw) |
| 2b188cc1 JA |
2603 | { |
| 2604 | umode_t mode = file_inode(file)->i_mode; | |
| 2605 | ||
| 4503b767 | 2606 | if (S_ISBLK(mode)) { |
| 4e7b5671 CH |
2607 | if (IS_ENABLED(CONFIG_BLOCK) && |
| 2608 | io_bdev_nowait(I_BDEV(file->f_mapping->host))) | |
| 4503b767 JA |
2609 | return true; |
| 2610 | return false; | |
| 2611 | } | |
| 2612 | if (S_ISCHR(mode) || S_ISSOCK(mode)) | |
| 2b188cc1 | 2613 | return true; |
| 4503b767 | 2614 | if (S_ISREG(mode)) { |
| 4e7b5671 CH |
2615 | if (IS_ENABLED(CONFIG_BLOCK) && |
| 2616 | io_bdev_nowait(file->f_inode->i_sb->s_bdev) && | |
| 4503b767 JA |
2617 | file->f_op != &io_uring_fops) |
| 2618 | return true; | |
| 2619 | return false; | |
| 2620 | } | |
| 2b188cc1 | 2621 | |
| c5b85625 JA |
2622 | /* any ->read/write should understand O_NONBLOCK */ |
| 2623 | if (file->f_flags & O_NONBLOCK) | |
| 2624 | return true; | |
| 2625 | ||
| af197f50 JA |
2626 | if (!(file->f_mode & FMODE_NOWAIT)) |
| 2627 | return false; | |
| 2628 | ||
| 2629 | if (rw == READ) | |
| 2630 | return file->f_op->read_iter != NULL; | |
| 2631 | ||
| 2632 | return file->f_op->write_iter != NULL; | |
| 2b188cc1 JA |
2633 | } |
| 2634 | ||
| a88fc400 | 2635 | static int io_prep_rw(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 2b188cc1 | 2636 | { |
| def596e9 | 2637 | struct io_ring_ctx *ctx = req->ctx; |
| 9adbd45d | 2638 | struct kiocb *kiocb = &req->rw.kiocb; |
| 75c668cd | 2639 | struct file *file = req->file; |
| 09bb8394 JA |
2640 | unsigned ioprio; |
| 2641 | int ret; | |
| 2b188cc1 | 2642 | |
| 75c668cd | 2643 | if (S_ISREG(file_inode(file)->i_mode)) |
| 491381ce JA |
2644 | req->flags |= REQ_F_ISREG; |
| 2645 | ||
| 2b188cc1 | 2646 | kiocb->ki_pos = READ_ONCE(sqe->off); |
| 75c668cd | 2647 | if (kiocb->ki_pos == -1 && !(file->f_mode & FMODE_STREAM)) { |
| ba04291e | 2648 | req->flags |= REQ_F_CUR_POS; |
| 75c668cd | 2649 | kiocb->ki_pos = file->f_pos; |
| ba04291e | 2650 | } |
| 2b188cc1 | 2651 | kiocb->ki_hint = ki_hint_validate(file_write_hint(kiocb->ki_filp)); |
| 3e577dcd PB |
2652 | kiocb->ki_flags = iocb_flags(kiocb->ki_filp); |
| 2653 | ret = kiocb_set_rw_flags(kiocb, READ_ONCE(sqe->rw_flags)); | |
| 2654 | if (unlikely(ret)) | |
| 2655 | return ret; | |
| 2b188cc1 | 2656 | |
| 75c668cd PB |
2657 | /* don't allow async punt for O_NONBLOCK or RWF_NOWAIT */ |
| 2658 | if ((kiocb->ki_flags & IOCB_NOWAIT) || (file->f_flags & O_NONBLOCK)) | |
| 2659 | req->flags |= REQ_F_NOWAIT; | |
| 2660 | ||
| 2b188cc1 JA |
2661 | ioprio = READ_ONCE(sqe->ioprio); |
| 2662 | if (ioprio) { | |
| 2663 | ret = ioprio_check_cap(ioprio); | |
| 2664 | if (ret) | |
| 09bb8394 | 2665 | return ret; |
| 2b188cc1 JA |
2666 | |
| 2667 | kiocb->ki_ioprio = ioprio; | |
| 2668 | } else | |
| 2669 | kiocb->ki_ioprio = get_current_ioprio(); | |
| 2670 | ||
| def596e9 | 2671 | if (ctx->flags & IORING_SETUP_IOPOLL) { |
| def596e9 JA |
2672 | if (!(kiocb->ki_flags & IOCB_DIRECT) || |
| 2673 | !kiocb->ki_filp->f_op->iopoll) | |
| 09bb8394 | 2674 | return -EOPNOTSUPP; |
| 2b188cc1 | 2675 | |
| def596e9 JA |
2676 | kiocb->ki_flags |= IOCB_HIPRI; |
| 2677 | kiocb->ki_complete = io_complete_rw_iopoll; | |
| 65a6543d | 2678 | req->iopoll_completed = 0; |
| def596e9 | 2679 | } else { |
| 09bb8394 JA |
2680 | if (kiocb->ki_flags & IOCB_HIPRI) |
| 2681 | return -EINVAL; | |
| def596e9 JA |
2682 | kiocb->ki_complete = io_complete_rw; |
| 2683 | } | |
| 9adbd45d | 2684 | |
| 3529d8c2 JA |
2685 | req->rw.addr = READ_ONCE(sqe->addr); |
| 2686 | req->rw.len = READ_ONCE(sqe->len); | |
| 4f4eeba8 | 2687 | req->buf_index = READ_ONCE(sqe->buf_index); |
| 2b188cc1 | 2688 | return 0; |
| 2b188cc1 JA |
2689 | } |
| 2690 | ||
| 2691 | static inline void io_rw_done(struct kiocb *kiocb, ssize_t ret) | |
| 2692 | { | |
| 2693 | switch (ret) { | |
| 2694 | case -EIOCBQUEUED: | |
| 2695 | break; | |
| 2696 | case -ERESTARTSYS: | |
| 2697 | case -ERESTARTNOINTR: | |
| 2698 | case -ERESTARTNOHAND: | |
| 2699 | case -ERESTART_RESTARTBLOCK: | |
| 2700 | /* | |
| 2701 | * We can't just restart the syscall, since previously | |
| 2702 | * submitted sqes may already be in progress. Just fail this | |
| 2703 | * IO with EINTR. | |
| 2704 | */ | |
| 2705 | ret = -EINTR; | |
| df561f66 | 2706 | fallthrough; |
| 2b188cc1 JA |
2707 | default: |
| 2708 | kiocb->ki_complete(kiocb, ret, 0); | |
| 2709 | } | |
| 2710 | } | |
| 2711 | ||
| a1d7c393 | 2712 | static void kiocb_done(struct kiocb *kiocb, ssize_t ret, |
| 889fca73 | 2713 | unsigned int issue_flags) |
| ba816ad6 | 2714 | { |
| ba04291e | 2715 | struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb); |
| e8c2bc1f | 2716 | struct io_async_rw *io = req->async_data; |
| ba04291e | 2717 | |
| 227c0c96 | 2718 | /* add previously done IO, if any */ |
| e8c2bc1f | 2719 | if (io && io->bytes_done > 0) { |
| 227c0c96 | 2720 | if (ret < 0) |
| e8c2bc1f | 2721 | ret = io->bytes_done; |
| 227c0c96 | 2722 | else |
| e8c2bc1f | 2723 | ret += io->bytes_done; |
| 227c0c96 JA |
2724 | } |
| 2725 | ||
| ba04291e JA |
2726 | if (req->flags & REQ_F_CUR_POS) |
| 2727 | req->file->f_pos = kiocb->ki_pos; | |
| bcaec089 | 2728 | if (ret >= 0 && kiocb->ki_complete == io_complete_rw) |
| 889fca73 | 2729 | __io_complete_rw(req, ret, 0, issue_flags); |
| ba816ad6 JA |
2730 | else |
| 2731 | io_rw_done(kiocb, ret); | |
| 2732 | } | |
| 2733 | ||
| 847595de | 2734 | static int io_import_fixed(struct io_kiocb *req, int rw, struct iov_iter *iter) |
| edafccee | 2735 | { |
| 9adbd45d JA |
2736 | struct io_ring_ctx *ctx = req->ctx; |
| 2737 | size_t len = req->rw.len; | |
| edafccee | 2738 | struct io_mapped_ubuf *imu; |
| 4be1c615 | 2739 | u16 index, buf_index = req->buf_index; |
| edafccee JA |
2740 | size_t offset; |
| 2741 | u64 buf_addr; | |
| 2742 | ||
| edafccee JA |
2743 | if (unlikely(buf_index >= ctx->nr_user_bufs)) |
| 2744 | return -EFAULT; | |
| edafccee JA |
2745 | index = array_index_nospec(buf_index, ctx->nr_user_bufs); |
| 2746 | imu = &ctx->user_bufs[index]; | |
| 9adbd45d | 2747 | buf_addr = req->rw.addr; |
| edafccee JA |
2748 | |
| 2749 | /* overflow */ | |
| 2750 | if (buf_addr + len < buf_addr) | |
| 2751 | return -EFAULT; | |
| 2752 | /* not inside the mapped region */ | |
| 2753 | if (buf_addr < imu->ubuf || buf_addr + len > imu->ubuf + imu->len) | |
| 2754 | return -EFAULT; | |
| 2755 | ||
| 2756 | /* | |
| 2757 | * May not be a start of buffer, set size appropriately | |
| 2758 | * and advance us to the beginning. | |
| 2759 | */ | |
| 2760 | offset = buf_addr - imu->ubuf; | |
| 2761 | iov_iter_bvec(iter, rw, imu->bvec, imu->nr_bvecs, offset + len); | |
| bd11b3a3 JA |
2762 | |
| 2763 | if (offset) { | |
| 2764 | /* | |
| 2765 | * Don't use iov_iter_advance() here, as it's really slow for | |
| 2766 | * using the latter parts of a big fixed buffer - it iterates | |
| 2767 | * over each segment manually. We can cheat a bit here, because | |
| 2768 | * we know that: | |
| 2769 | * | |
| 2770 | * 1) it's a BVEC iter, we set it up | |
| 2771 | * 2) all bvecs are PAGE_SIZE in size, except potentially the | |
| 2772 | * first and last bvec | |
| 2773 | * | |
| 2774 | * So just find our index, and adjust the iterator afterwards. | |
| 2775 | * If the offset is within the first bvec (or the whole first | |
| 2776 | * bvec, just use iov_iter_advance(). This makes it easier | |
| 2777 | * since we can just skip the first segment, which may not | |
| 2778 | * be PAGE_SIZE aligned. | |
| 2779 | */ | |
| 2780 | const struct bio_vec *bvec = imu->bvec; | |
| 2781 | ||
| 2782 | if (offset <= bvec->bv_len) { | |
| 2783 | iov_iter_advance(iter, offset); | |
| 2784 | } else { | |
| 2785 | unsigned long seg_skip; | |
| 2786 | ||
| 2787 | /* skip first vec */ | |
| 2788 | offset -= bvec->bv_len; | |
| 2789 | seg_skip = 1 + (offset >> PAGE_SHIFT); | |
| 2790 | ||
| 2791 | iter->bvec = bvec + seg_skip; | |
| 2792 | iter->nr_segs -= seg_skip; | |
| 99c79f66 | 2793 | iter->count -= bvec->bv_len + offset; |
| bd11b3a3 | 2794 | iter->iov_offset = offset & ~PAGE_MASK; |
| bd11b3a3 JA |
2795 | } |
| 2796 | } | |
| 2797 | ||
| 847595de | 2798 | return 0; |
| edafccee JA |
2799 | } |
| 2800 | ||
| bcda7baa JA |
2801 | static void io_ring_submit_unlock(struct io_ring_ctx *ctx, bool needs_lock) |
| 2802 | { | |
| 2803 | if (needs_lock) | |
| 2804 | mutex_unlock(&ctx->uring_lock); | |
| 2805 | } | |
| 2806 | ||
| 2807 | static void io_ring_submit_lock(struct io_ring_ctx *ctx, bool needs_lock) | |
| 2808 | { | |
| 2809 | /* | |
| 2810 | * "Normal" inline submissions always hold the uring_lock, since we | |
| 2811 | * grab it from the system call. Same is true for the SQPOLL offload. | |
| 2812 | * The only exception is when we've detached the request and issue it | |
| 2813 | * from an async worker thread, grab the lock for that case. | |
| 2814 | */ | |
| 2815 | if (needs_lock) | |
| 2816 | mutex_lock(&ctx->uring_lock); | |
| 2817 | } | |
| 2818 | ||
| 2819 | static struct io_buffer *io_buffer_select(struct io_kiocb *req, size_t *len, | |
| 2820 | int bgid, struct io_buffer *kbuf, | |
| 2821 | bool needs_lock) | |
| 2822 | { | |
| 2823 | struct io_buffer *head; | |
| 2824 | ||
| 2825 | if (req->flags & REQ_F_BUFFER_SELECTED) | |
| 2826 | return kbuf; | |
| 2827 | ||
| 2828 | io_ring_submit_lock(req->ctx, needs_lock); | |
| 2829 | ||
| 2830 | lockdep_assert_held(&req->ctx->uring_lock); | |
| 2831 | ||
| 2832 | head = idr_find(&req->ctx->io_buffer_idr, bgid); | |
| 2833 | if (head) { | |
| 2834 | if (!list_empty(&head->list)) { | |
| 2835 | kbuf = list_last_entry(&head->list, struct io_buffer, | |
| 2836 | list); | |
| 2837 | list_del(&kbuf->list); | |
| 2838 | } else { | |
| 2839 | kbuf = head; | |
| 2840 | idr_remove(&req->ctx->io_buffer_idr, bgid); | |
| 2841 | } | |
| 2842 | if (*len > kbuf->len) | |
| 2843 | *len = kbuf->len; | |
| 2844 | } else { | |
| 2845 | kbuf = ERR_PTR(-ENOBUFS); | |
| 2846 | } | |
| 2847 | ||
| 2848 | io_ring_submit_unlock(req->ctx, needs_lock); | |
| 2849 | ||
| 2850 | return kbuf; | |
| 2851 | } | |
| 2852 | ||
| 4d954c25 JA |
2853 | static void __user *io_rw_buffer_select(struct io_kiocb *req, size_t *len, |
| 2854 | bool needs_lock) | |
| 2855 | { | |
| 2856 | struct io_buffer *kbuf; | |
| 4f4eeba8 | 2857 | u16 bgid; |
| 4d954c25 JA |
2858 | |
| 2859 | kbuf = (struct io_buffer *) (unsigned long) req->rw.addr; | |
| 4f4eeba8 | 2860 | bgid = req->buf_index; |
| 4d954c25 JA |
2861 | kbuf = io_buffer_select(req, len, bgid, kbuf, needs_lock); |
| 2862 | if (IS_ERR(kbuf)) | |
| 2863 | return kbuf; | |
| 2864 | req->rw.addr = (u64) (unsigned long) kbuf; | |
| 2865 | req->flags |= REQ_F_BUFFER_SELECTED; | |
| 2866 | return u64_to_user_ptr(kbuf->addr); | |
| 2867 | } | |
| 2868 | ||
| 2869 | #ifdef CONFIG_COMPAT | |
| 2870 | static ssize_t io_compat_import(struct io_kiocb *req, struct iovec *iov, | |
| 2871 | bool needs_lock) | |
| 2872 | { | |
| 2873 | struct compat_iovec __user *uiov; | |
| 2874 | compat_ssize_t clen; | |
| 2875 | void __user *buf; | |
| 2876 | ssize_t len; | |
| 2877 | ||
| 2878 | uiov = u64_to_user_ptr(req->rw.addr); | |
| 2879 | if (!access_ok(uiov, sizeof(*uiov))) | |
| 2880 | return -EFAULT; | |
| 2881 | if (__get_user(clen, &uiov->iov_len)) | |
| 2882 | return -EFAULT; | |
| 2883 | if (clen < 0) | |
| 2884 | return -EINVAL; | |
| 2885 | ||
| 2886 | len = clen; | |
| 2887 | buf = io_rw_buffer_select(req, &len, needs_lock); | |
| 2888 | if (IS_ERR(buf)) | |
| 2889 | return PTR_ERR(buf); | |
| 2890 | iov[0].iov_base = buf; | |
| 2891 | iov[0].iov_len = (compat_size_t) len; | |
| 2892 | return 0; | |
| 2893 | } | |
| 2894 | #endif | |
| 2895 | ||
| 2896 | static ssize_t __io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov, | |
| 2897 | bool needs_lock) | |
| 2898 | { | |
| 2899 | struct iovec __user *uiov = u64_to_user_ptr(req->rw.addr); | |
| 2900 | void __user *buf; | |
| 2901 | ssize_t len; | |
| 2902 | ||
| 2903 | if (copy_from_user(iov, uiov, sizeof(*uiov))) | |
| 2904 | return -EFAULT; | |
| 2905 | ||
| 2906 | len = iov[0].iov_len; | |
| 2907 | if (len < 0) | |
| 2908 | return -EINVAL; | |
| 2909 | buf = io_rw_buffer_select(req, &len, needs_lock); | |
| 2910 | if (IS_ERR(buf)) | |
| 2911 | return PTR_ERR(buf); | |
| 2912 | iov[0].iov_base = buf; | |
| 2913 | iov[0].iov_len = len; | |
| 2914 | return 0; | |
| 2915 | } | |
| 2916 | ||
| 2917 | static ssize_t io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov, | |
| 2918 | bool needs_lock) | |
| 2919 | { | |
| dddb3e26 JA |
2920 | if (req->flags & REQ_F_BUFFER_SELECTED) { |
| 2921 | struct io_buffer *kbuf; | |
| 2922 | ||
| 2923 | kbuf = (struct io_buffer *) (unsigned long) req->rw.addr; | |
| 2924 | iov[0].iov_base = u64_to_user_ptr(kbuf->addr); | |
| 2925 | iov[0].iov_len = kbuf->len; | |
| 4d954c25 | 2926 | return 0; |
| dddb3e26 | 2927 | } |
| dd201662 | 2928 | if (req->rw.len != 1) |
| 4d954c25 JA |
2929 | return -EINVAL; |
| 2930 | ||
| 2931 | #ifdef CONFIG_COMPAT | |
| 2932 | if (req->ctx->compat) | |
| 2933 | return io_compat_import(req, iov, needs_lock); | |
| 2934 | #endif | |
| 2935 | ||
| 2936 | return __io_iov_buffer_select(req, iov, needs_lock); | |
| 2937 | } | |
| 2938 | ||
| 847595de PB |
2939 | static int io_import_iovec(int rw, struct io_kiocb *req, struct iovec **iovec, |
| 2940 | struct iov_iter *iter, bool needs_lock) | |
| 2b188cc1 | 2941 | { |
| 9adbd45d JA |
2942 | void __user *buf = u64_to_user_ptr(req->rw.addr); |
| 2943 | size_t sqe_len = req->rw.len; | |
| 847595de | 2944 | u8 opcode = req->opcode; |
| 4d954c25 | 2945 | ssize_t ret; |
| edafccee | 2946 | |
| 7d009165 | 2947 | if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED) { |
| edafccee | 2948 | *iovec = NULL; |
| 9adbd45d | 2949 | return io_import_fixed(req, rw, iter); |
| edafccee | 2950 | } |
| 2b188cc1 | 2951 | |
| bcda7baa | 2952 | /* buffer index only valid with fixed read/write, or buffer select */ |
| 4f4eeba8 | 2953 | if (req->buf_index && !(req->flags & REQ_F_BUFFER_SELECT)) |
| 9adbd45d JA |
2954 | return -EINVAL; |
| 2955 | ||
| 3a6820f2 | 2956 | if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) { |
| bcda7baa | 2957 | if (req->flags & REQ_F_BUFFER_SELECT) { |
| 4d954c25 | 2958 | buf = io_rw_buffer_select(req, &sqe_len, needs_lock); |
| 867a23ea | 2959 | if (IS_ERR(buf)) |
| 4d954c25 | 2960 | return PTR_ERR(buf); |
| 3f9d6441 | 2961 | req->rw.len = sqe_len; |
| bcda7baa JA |
2962 | } |
| 2963 | ||
| 3a6820f2 JA |
2964 | ret = import_single_range(rw, buf, sqe_len, *iovec, iter); |
| 2965 | *iovec = NULL; | |
| 10fc72e4 | 2966 | return ret; |
| 3a6820f2 JA |
2967 | } |
| 2968 | ||
| 4d954c25 JA |
2969 | if (req->flags & REQ_F_BUFFER_SELECT) { |
| 2970 | ret = io_iov_buffer_select(req, *iovec, needs_lock); | |
| 847595de PB |
2971 | if (!ret) |
| 2972 | iov_iter_init(iter, rw, *iovec, 1, (*iovec)->iov_len); | |
| 4d954c25 JA |
2973 | *iovec = NULL; |
| 2974 | return ret; | |
| 2975 | } | |
| 2976 | ||
| 89cd35c5 CH |
2977 | return __import_iovec(rw, buf, sqe_len, UIO_FASTIOV, iovec, iter, |
| 2978 | req->ctx->compat); | |
| 2b188cc1 JA |
2979 | } |
| 2980 | ||
| 0fef9483 JA |
2981 | static inline loff_t *io_kiocb_ppos(struct kiocb *kiocb) |
| 2982 | { | |
| 5b09e37e | 2983 | return (kiocb->ki_filp->f_mode & FMODE_STREAM) ? NULL : &kiocb->ki_pos; |
| 0fef9483 JA |
2984 | } |
| 2985 | ||
| 31b51510 | 2986 | /* |
| 32960613 JA |
2987 | * For files that don't have ->read_iter() and ->write_iter(), handle them |
| 2988 | * by looping over ->read() or ->write() manually. | |
| 31b51510 | 2989 | */ |
| 4017eb91 | 2990 | static ssize_t loop_rw_iter(int rw, struct io_kiocb *req, struct iov_iter *iter) |
| 32960613 | 2991 | { |
| 4017eb91 JA |
2992 | struct kiocb *kiocb = &req->rw.kiocb; |
| 2993 | struct file *file = req->file; | |
| 32960613 JA |
2994 | ssize_t ret = 0; |
| 2995 | ||
| 2996 | /* | |
| 2997 | * Don't support polled IO through this interface, and we can't | |
| 2998 | * support non-blocking either. For the latter, this just causes | |
| 2999 | * the kiocb to be handled from an async context. | |
| 3000 | */ | |
| 3001 | if (kiocb->ki_flags & IOCB_HIPRI) | |
| 3002 | return -EOPNOTSUPP; | |
| 3003 | if (kiocb->ki_flags & IOCB_NOWAIT) | |
| 3004 | return -EAGAIN; | |
| 3005 | ||
| 3006 | while (iov_iter_count(iter)) { | |
| 311ae9e1 | 3007 | struct iovec iovec; |
| 32960613 JA |
3008 | ssize_t nr; |
| 3009 | ||
| 311ae9e1 PB |
3010 | if (!iov_iter_is_bvec(iter)) { |
| 3011 | iovec = iov_iter_iovec(iter); | |
| 3012 | } else { | |
| 4017eb91 JA |
3013 | iovec.iov_base = u64_to_user_ptr(req->rw.addr); |
| 3014 | iovec.iov_len = req->rw.len; | |
| 311ae9e1 PB |
3015 | } |
| 3016 | ||
| 32960613 JA |
3017 | if (rw == READ) { |
| 3018 | nr = file->f_op->read(file, iovec.iov_base, | |
| 0fef9483 | 3019 | iovec.iov_len, io_kiocb_ppos(kiocb)); |
| 32960613 JA |
3020 | } else { |
| 3021 | nr = file->f_op->write(file, iovec.iov_base, | |
| 0fef9483 | 3022 | iovec.iov_len, io_kiocb_ppos(kiocb)); |
| 32960613 JA |
3023 | } |
| 3024 | ||
| 3025 | if (nr < 0) { | |
| 3026 | if (!ret) | |
| 3027 | ret = nr; | |
| 3028 | break; | |
| 3029 | } | |
| 3030 | ret += nr; | |
| 3031 | if (nr != iovec.iov_len) | |
| 3032 | break; | |
| 4017eb91 JA |
3033 | req->rw.len -= nr; |
| 3034 | req->rw.addr += nr; | |
| 32960613 JA |
3035 | iov_iter_advance(iter, nr); |
| 3036 | } | |
| 3037 | ||
| 3038 | return ret; | |
| 3039 | } | |
| 3040 | ||
| ff6165b2 JA |
3041 | static void io_req_map_rw(struct io_kiocb *req, const struct iovec *iovec, |
| 3042 | const struct iovec *fast_iov, struct iov_iter *iter) | |
| f67676d1 | 3043 | { |
| e8c2bc1f | 3044 | struct io_async_rw *rw = req->async_data; |
| b64e3444 | 3045 | |
| ff6165b2 | 3046 | memcpy(&rw->iter, iter, sizeof(*iter)); |
| afb87658 | 3047 | rw->free_iovec = iovec; |
| 227c0c96 | 3048 | rw->bytes_done = 0; |
| ff6165b2 | 3049 | /* can only be fixed buffers, no need to do anything */ |
| 9c3a205c | 3050 | if (iov_iter_is_bvec(iter)) |
| ff6165b2 | 3051 | return; |
| b64e3444 | 3052 | if (!iovec) { |
| ff6165b2 JA |
3053 | unsigned iov_off = 0; |
| 3054 | ||
| 3055 | rw->iter.iov = rw->fast_iov; | |
| 3056 | if (iter->iov != fast_iov) { | |
| 3057 | iov_off = iter->iov - fast_iov; | |
| 3058 | rw->iter.iov += iov_off; | |
| 3059 | } | |
| 3060 | if (rw->fast_iov != fast_iov) | |
| 3061 | memcpy(rw->fast_iov + iov_off, fast_iov + iov_off, | |
| 45097dae | 3062 | sizeof(struct iovec) * iter->nr_segs); |
| 99bc4c38 PB |
3063 | } else { |
| 3064 | req->flags |= REQ_F_NEED_CLEANUP; | |
| f67676d1 JA |
3065 | } |
| 3066 | } | |
| 3067 | ||
| e8c2bc1f | 3068 | static inline int __io_alloc_async_data(struct io_kiocb *req) |
| 3d9932a8 | 3069 | { |
| e8c2bc1f JA |
3070 | WARN_ON_ONCE(!io_op_defs[req->opcode].async_size); |
| 3071 | req->async_data = kmalloc(io_op_defs[req->opcode].async_size, GFP_KERNEL); | |
| 3072 | return req->async_data == NULL; | |
| 3d9932a8 XW |
3073 | } |
| 3074 | ||
| e8c2bc1f | 3075 | static int io_alloc_async_data(struct io_kiocb *req) |
| f67676d1 | 3076 | { |
| e8c2bc1f | 3077 | if (!io_op_defs[req->opcode].needs_async_data) |
| d3656344 | 3078 | return 0; |
| 3d9932a8 | 3079 | |
| e8c2bc1f | 3080 | return __io_alloc_async_data(req); |
| b7bb4f7d JA |
3081 | } |
| 3082 | ||
| ff6165b2 JA |
3083 | static int io_setup_async_rw(struct io_kiocb *req, const struct iovec *iovec, |
| 3084 | const struct iovec *fast_iov, | |
| 227c0c96 | 3085 | struct iov_iter *iter, bool force) |
| b7bb4f7d | 3086 | { |
| e8c2bc1f | 3087 | if (!force && !io_op_defs[req->opcode].needs_async_data) |
| 74566df3 | 3088 | return 0; |
| e8c2bc1f | 3089 | if (!req->async_data) { |
| 6bf985dc PB |
3090 | if (__io_alloc_async_data(req)) { |
| 3091 | kfree(iovec); | |
| 5d204bcf | 3092 | return -ENOMEM; |
| 6bf985dc | 3093 | } |
| b7bb4f7d | 3094 | |
| ff6165b2 | 3095 | io_req_map_rw(req, iovec, fast_iov, iter); |
| 5d204bcf | 3096 | } |
| b7bb4f7d | 3097 | return 0; |
| f67676d1 JA |
3098 | } |
| 3099 | ||
| 73debe68 | 3100 | static inline int io_rw_prep_async(struct io_kiocb *req, int rw) |
| c3e330a4 | 3101 | { |
| e8c2bc1f | 3102 | struct io_async_rw *iorw = req->async_data; |
| f4bff104 | 3103 | struct iovec *iov = iorw->fast_iov; |
| 847595de | 3104 | int ret; |
| c3e330a4 | 3105 | |
| 2846c481 | 3106 | ret = io_import_iovec(rw, req, &iov, &iorw->iter, false); |
| c3e330a4 PB |
3107 | if (unlikely(ret < 0)) |
| 3108 | return ret; | |
| 3109 | ||
| ab0b196c PB |
3110 | iorw->bytes_done = 0; |
| 3111 | iorw->free_iovec = iov; | |
| 3112 | if (iov) | |
| 3113 | req->flags |= REQ_F_NEED_CLEANUP; | |
| c3e330a4 PB |
3114 | return 0; |
| 3115 | } | |
| 3116 | ||
| 73debe68 | 3117 | static int io_read_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| f67676d1 | 3118 | { |
| 3529d8c2 JA |
3119 | if (unlikely(!(req->file->f_mode & FMODE_READ))) |
| 3120 | return -EBADF; | |
| 93642ef8 | 3121 | return io_prep_rw(req, sqe); |
| f67676d1 JA |
3122 | } |
| 3123 | ||
| c1dd91d1 JA |
3124 | /* |
| 3125 | * This is our waitqueue callback handler, registered through lock_page_async() | |
| 3126 | * when we initially tried to do the IO with the iocb armed our waitqueue. | |
| 3127 | * This gets called when the page is unlocked, and we generally expect that to | |
| 3128 | * happen when the page IO is completed and the page is now uptodate. This will | |
| 3129 | * queue a task_work based retry of the operation, attempting to copy the data | |
| 3130 | * again. If the latter fails because the page was NOT uptodate, then we will | |
| 3131 | * do a thread based blocking retry of the operation. That's the unexpected | |
| 3132 | * slow path. | |
| 3133 | */ | |
| bcf5a063 JA |
3134 | static int io_async_buf_func(struct wait_queue_entry *wait, unsigned mode, |
| 3135 | int sync, void *arg) | |
| 3136 | { | |
| 3137 | struct wait_page_queue *wpq; | |
| 3138 | struct io_kiocb *req = wait->private; | |
| bcf5a063 | 3139 | struct wait_page_key *key = arg; |
| bcf5a063 JA |
3140 | |
| 3141 | wpq = container_of(wait, struct wait_page_queue, wait); | |
| 3142 | ||
| cdc8fcb4 LT |
3143 | if (!wake_page_match(wpq, key)) |
| 3144 | return 0; | |
| 3145 | ||
| c8d317aa | 3146 | req->rw.kiocb.ki_flags &= ~IOCB_WAITQ; |
| bcf5a063 JA |
3147 | list_del_init(&wait->entry); |
| 3148 | ||
| bcf5a063 JA |
3149 | /* submit ref gets dropped, acquire a new one */ |
| 3150 | refcount_inc(&req->refs); | |
| 921b9054 | 3151 | io_req_task_queue(req); |
| bcf5a063 JA |
3152 | return 1; |
| 3153 | } | |
| 3154 | ||
| c1dd91d1 JA |
3155 | /* |
| 3156 | * This controls whether a given IO request should be armed for async page | |
| 3157 | * based retry. If we return false here, the request is handed to the async | |
| 3158 | * worker threads for retry. If we're doing buffered reads on a regular file, | |
| 3159 | * we prepare a private wait_page_queue entry and retry the operation. This | |
| 3160 | * will either succeed because the page is now uptodate and unlocked, or it | |
| 3161 | * will register a callback when the page is unlocked at IO completion. Through | |
| 3162 | * that callback, io_uring uses task_work to setup a retry of the operation. | |
| 3163 | * That retry will attempt the buffered read again. The retry will generally | |
| 3164 | * succeed, or in rare cases where it fails, we then fall back to using the | |
| 3165 | * async worker threads for a blocking retry. | |
| 3166 | */ | |
| 227c0c96 | 3167 | static bool io_rw_should_retry(struct io_kiocb *req) |
| f67676d1 | 3168 | { |
| e8c2bc1f JA |
3169 | struct io_async_rw *rw = req->async_data; |
| 3170 | struct wait_page_queue *wait = &rw->wpq; | |
| bcf5a063 | 3171 | struct kiocb *kiocb = &req->rw.kiocb; |
| f67676d1 | 3172 | |
| bcf5a063 JA |
3173 | /* never retry for NOWAIT, we just complete with -EAGAIN */ |
| 3174 | if (req->flags & REQ_F_NOWAIT) | |
| 3175 | return false; | |
| f67676d1 | 3176 | |
| 227c0c96 | 3177 | /* Only for buffered IO */ |
| 3b2a4439 | 3178 | if (kiocb->ki_flags & (IOCB_DIRECT | IOCB_HIPRI)) |
| bcf5a063 | 3179 | return false; |
| 3b2a4439 | 3180 | |
| bcf5a063 JA |
3181 | /* |
| 3182 | * just use poll if we can, and don't attempt if the fs doesn't | |
| 3183 | * support callback based unlocks | |
| 3184 | */ | |
| 3185 | if (file_can_poll(req->file) || !(req->file->f_mode & FMODE_BUF_RASYNC)) | |
| 3186 | return false; | |
| f67676d1 | 3187 | |
| 3b2a4439 JA |
3188 | wait->wait.func = io_async_buf_func; |
| 3189 | wait->wait.private = req; | |
| 3190 | wait->wait.flags = 0; | |
| 3191 | INIT_LIST_HEAD(&wait->wait.entry); | |
| 3192 | kiocb->ki_flags |= IOCB_WAITQ; | |
| c8d317aa | 3193 | kiocb->ki_flags &= ~IOCB_NOWAIT; |
| 3b2a4439 | 3194 | kiocb->ki_waitq = wait; |
| 3b2a4439 | 3195 | return true; |
| bcf5a063 JA |
3196 | } |
| 3197 | ||
| 3198 | static int io_iter_do_read(struct io_kiocb *req, struct iov_iter *iter) | |
| 3199 | { | |
| 3200 | if (req->file->f_op->read_iter) | |
| 3201 | return call_read_iter(req->file, &req->rw.kiocb, iter); | |
| 2dd2111d | 3202 | else if (req->file->f_op->read) |
| 4017eb91 | 3203 | return loop_rw_iter(READ, req, iter); |
| 2dd2111d GH |
3204 | else |
| 3205 | return -EINVAL; | |
| f67676d1 JA |
3206 | } |
| 3207 | ||
| 889fca73 | 3208 | static int io_read(struct io_kiocb *req, unsigned int issue_flags) |
| 2b188cc1 JA |
3209 | { |
| 3210 | struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs; | |
| 9adbd45d | 3211 | struct kiocb *kiocb = &req->rw.kiocb; |
| ff6165b2 | 3212 | struct iov_iter __iter, *iter = &__iter; |
| e8c2bc1f | 3213 | struct io_async_rw *rw = req->async_data; |
| 227c0c96 | 3214 | ssize_t io_size, ret, ret2; |
| 45d189c6 | 3215 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| ff6165b2 | 3216 | |
| 2846c481 | 3217 | if (rw) { |
| e8c2bc1f | 3218 | iter = &rw->iter; |
| 2846c481 PB |
3219 | iovec = NULL; |
| 3220 | } else { | |
| 3221 | ret = io_import_iovec(READ, req, &iovec, iter, !force_nonblock); | |
| 3222 | if (ret < 0) | |
| 3223 | return ret; | |
| 3224 | } | |
| 632546c4 | 3225 | io_size = iov_iter_count(iter); |
| fa15bafb | 3226 | req->result = io_size; |
| 2b188cc1 | 3227 | |
| fd6c2e4c JA |
3228 | /* Ensure we clear previously set non-block flag */ |
| 3229 | if (!force_nonblock) | |
| 29de5f6a | 3230 | kiocb->ki_flags &= ~IOCB_NOWAIT; |
| a88fc400 PB |
3231 | else |
| 3232 | kiocb->ki_flags |= IOCB_NOWAIT; | |
| 3233 | ||
| 24c74678 | 3234 | /* If the file doesn't support async, just async punt */ |
| 6713e7a6 PB |
3235 | if (force_nonblock && !io_file_supports_async(req->file, READ)) { |
| 3236 | ret = io_setup_async_rw(req, iovec, inline_vecs, iter, true); | |
| 6bf985dc | 3237 | return ret ?: -EAGAIN; |
| 6713e7a6 | 3238 | } |
| 9e645e11 | 3239 | |
| 632546c4 | 3240 | ret = rw_verify_area(READ, req->file, io_kiocb_ppos(kiocb), io_size); |
| 5ea5dd45 PB |
3241 | if (unlikely(ret)) { |
| 3242 | kfree(iovec); | |
| 3243 | return ret; | |
| 3244 | } | |
| 2b188cc1 | 3245 | |
| 227c0c96 | 3246 | ret = io_iter_do_read(req, iter); |
| 32960613 | 3247 | |
| 57cd657b | 3248 | if (ret == -EIOCBQUEUED) { |
| 3e6a0d3c JA |
3249 | if (req->async_data) |
| 3250 | iov_iter_revert(iter, io_size - iov_iter_count(iter)); | |
| fe1cdd55 | 3251 | goto out_free; |
| 227c0c96 | 3252 | } else if (ret == -EAGAIN) { |
| eefdf30f JA |
3253 | /* IOPOLL retry should happen for io-wq threads */ |
| 3254 | if (!force_nonblock && !(req->ctx->flags & IORING_SETUP_IOPOLL)) | |
| f91daf56 | 3255 | goto done; |
| 75c668cd PB |
3256 | /* no retry on NONBLOCK nor RWF_NOWAIT */ |
| 3257 | if (req->flags & REQ_F_NOWAIT) | |
| 355afaeb | 3258 | goto done; |
| 84216315 | 3259 | /* some cases will consume bytes even on error returns */ |
| 632546c4 | 3260 | iov_iter_revert(iter, io_size - iov_iter_count(iter)); |
| f38c7e3a | 3261 | ret = 0; |
| 7335e3bf | 3262 | } else if (ret <= 0 || ret == io_size || !force_nonblock || |
| 75c668cd | 3263 | (req->flags & REQ_F_NOWAIT) || !(req->flags & REQ_F_ISREG)) { |
| 7335e3bf | 3264 | /* read all, failed, already did sync or don't want to retry */ |
| 00d23d51 | 3265 | goto done; |
| 227c0c96 JA |
3266 | } |
| 3267 | ||
| 227c0c96 | 3268 | ret2 = io_setup_async_rw(req, iovec, inline_vecs, iter, true); |
| 6bf985dc PB |
3269 | if (ret2) |
| 3270 | return ret2; | |
| 3271 | ||
| fe1cdd55 | 3272 | iovec = NULL; |
| e8c2bc1f | 3273 | rw = req->async_data; |
| 227c0c96 | 3274 | /* now use our persistent iterator, if we aren't already */ |
| e8c2bc1f | 3275 | iter = &rw->iter; |
| 227c0c96 | 3276 | |
| b23df91b PB |
3277 | do { |
| 3278 | io_size -= ret; | |
| 3279 | rw->bytes_done += ret; | |
| 3280 | /* if we can retry, do so with the callbacks armed */ | |
| 3281 | if (!io_rw_should_retry(req)) { | |
| 3282 | kiocb->ki_flags &= ~IOCB_WAITQ; | |
| 3283 | return -EAGAIN; | |
| 3284 | } | |
| 3285 | ||
| 3286 | /* | |
| 3287 | * Now retry read with the IOCB_WAITQ parts set in the iocb. If | |
| 3288 | * we get -EIOCBQUEUED, then we'll get a notification when the | |
| 3289 | * desired page gets unlocked. We can also get a partial read | |
| 3290 | * here, and if we do, then just retry at the new offset. | |
| 3291 | */ | |
| 3292 | ret = io_iter_do_read(req, iter); | |
| 3293 | if (ret == -EIOCBQUEUED) | |
| 3294 | return 0; | |
| 227c0c96 | 3295 | /* we got some bytes, but not all. retry. */ |
| b5b0ecb7 | 3296 | kiocb->ki_flags &= ~IOCB_WAITQ; |
| b23df91b | 3297 | } while (ret > 0 && ret < io_size); |
| 227c0c96 | 3298 | done: |
| 889fca73 | 3299 | kiocb_done(kiocb, ret, issue_flags); |
| fe1cdd55 PB |
3300 | out_free: |
| 3301 | /* it's faster to check here then delegate to kfree */ | |
| 3302 | if (iovec) | |
| 3303 | kfree(iovec); | |
| 5ea5dd45 | 3304 | return 0; |
| 2b188cc1 JA |
3305 | } |
| 3306 | ||
| 73debe68 | 3307 | static int io_write_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| f67676d1 | 3308 | { |
| 3529d8c2 JA |
3309 | if (unlikely(!(req->file->f_mode & FMODE_WRITE))) |
| 3310 | return -EBADF; | |
| 93642ef8 | 3311 | return io_prep_rw(req, sqe); |
| f67676d1 JA |
3312 | } |
| 3313 | ||
| 889fca73 | 3314 | static int io_write(struct io_kiocb *req, unsigned int issue_flags) |
| 2b188cc1 JA |
3315 | { |
| 3316 | struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs; | |
| 9adbd45d | 3317 | struct kiocb *kiocb = &req->rw.kiocb; |
| ff6165b2 | 3318 | struct iov_iter __iter, *iter = &__iter; |
| e8c2bc1f | 3319 | struct io_async_rw *rw = req->async_data; |
| fa15bafb | 3320 | ssize_t ret, ret2, io_size; |
| 45d189c6 | 3321 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| 2b188cc1 | 3322 | |
| 2846c481 | 3323 | if (rw) { |
| e8c2bc1f | 3324 | iter = &rw->iter; |
| 2846c481 PB |
3325 | iovec = NULL; |
| 3326 | } else { | |
| 3327 | ret = io_import_iovec(WRITE, req, &iovec, iter, !force_nonblock); | |
| 3328 | if (ret < 0) | |
| 3329 | return ret; | |
| 3330 | } | |
| 632546c4 | 3331 | io_size = iov_iter_count(iter); |
| fa15bafb | 3332 | req->result = io_size; |
| 2b188cc1 | 3333 | |
| fd6c2e4c JA |
3334 | /* Ensure we clear previously set non-block flag */ |
| 3335 | if (!force_nonblock) | |
| a88fc400 PB |
3336 | kiocb->ki_flags &= ~IOCB_NOWAIT; |
| 3337 | else | |
| 3338 | kiocb->ki_flags |= IOCB_NOWAIT; | |
| fd6c2e4c | 3339 | |
| 24c74678 | 3340 | /* If the file doesn't support async, just async punt */ |
| af197f50 | 3341 | if (force_nonblock && !io_file_supports_async(req->file, WRITE)) |
| f67676d1 | 3342 | goto copy_iov; |
| 31b51510 | 3343 | |
| 10d59345 JA |
3344 | /* file path doesn't support NOWAIT for non-direct_IO */ |
| 3345 | if (force_nonblock && !(kiocb->ki_flags & IOCB_DIRECT) && | |
| 3346 | (req->flags & REQ_F_ISREG)) | |
| f67676d1 | 3347 | goto copy_iov; |
| 31b51510 | 3348 | |
| 632546c4 | 3349 | ret = rw_verify_area(WRITE, req->file, io_kiocb_ppos(kiocb), io_size); |
| fa15bafb PB |
3350 | if (unlikely(ret)) |
| 3351 | goto out_free; | |
| 4ed734b0 | 3352 | |
| fa15bafb PB |
3353 | /* |
| 3354 | * Open-code file_start_write here to grab freeze protection, | |
| 3355 | * which will be released by another thread in | |
| 3356 | * io_complete_rw(). Fool lockdep by telling it the lock got | |
| 3357 | * released so that it doesn't complain about the held lock when | |
| 3358 | * we return to userspace. | |
| 3359 | */ | |
| 3360 | if (req->flags & REQ_F_ISREG) { | |
| 8a3c84b6 | 3361 | sb_start_write(file_inode(req->file)->i_sb); |
| fa15bafb PB |
3362 | __sb_writers_release(file_inode(req->file)->i_sb, |
| 3363 | SB_FREEZE_WRITE); | |
| 3364 | } | |
| 3365 | kiocb->ki_flags |= IOCB_WRITE; | |
| 4ed734b0 | 3366 | |
| fa15bafb | 3367 | if (req->file->f_op->write_iter) |
| ff6165b2 | 3368 | ret2 = call_write_iter(req->file, kiocb, iter); |
| 2dd2111d | 3369 | else if (req->file->f_op->write) |
| 4017eb91 | 3370 | ret2 = loop_rw_iter(WRITE, req, iter); |
| 2dd2111d GH |
3371 | else |
| 3372 | ret2 = -EINVAL; | |
| 4ed734b0 | 3373 | |
| fa15bafb PB |
3374 | /* |
| 3375 | * Raw bdev writes will return -EOPNOTSUPP for IOCB_NOWAIT. Just | |
| 3376 | * retry them without IOCB_NOWAIT. | |
| 3377 | */ | |
| 3378 | if (ret2 == -EOPNOTSUPP && (kiocb->ki_flags & IOCB_NOWAIT)) | |
| 3379 | ret2 = -EAGAIN; | |
| 75c668cd PB |
3380 | /* no retry on NONBLOCK nor RWF_NOWAIT */ |
| 3381 | if (ret2 == -EAGAIN && (req->flags & REQ_F_NOWAIT)) | |
| 355afaeb | 3382 | goto done; |
| 3e6a0d3c JA |
3383 | if (ret2 == -EIOCBQUEUED && req->async_data) |
| 3384 | iov_iter_revert(iter, io_size - iov_iter_count(iter)); | |
| fa15bafb | 3385 | if (!force_nonblock || ret2 != -EAGAIN) { |
| eefdf30f JA |
3386 | /* IOPOLL retry should happen for io-wq threads */ |
| 3387 | if ((req->ctx->flags & IORING_SETUP_IOPOLL) && ret2 == -EAGAIN) | |
| 3388 | goto copy_iov; | |
| 355afaeb | 3389 | done: |
| 889fca73 | 3390 | kiocb_done(kiocb, ret2, issue_flags); |
| fa15bafb | 3391 | } else { |
| f67676d1 | 3392 | copy_iov: |
| 84216315 | 3393 | /* some cases will consume bytes even on error returns */ |
| 632546c4 | 3394 | iov_iter_revert(iter, io_size - iov_iter_count(iter)); |
| 227c0c96 | 3395 | ret = io_setup_async_rw(req, iovec, inline_vecs, iter, false); |
| 6bf985dc | 3396 | return ret ?: -EAGAIN; |
| 2b188cc1 | 3397 | } |
| 31b51510 | 3398 | out_free: |
| f261c168 | 3399 | /* it's reportedly faster than delegating the null check to kfree() */ |
| 252917c3 | 3400 | if (iovec) |
| 6f2cc166 | 3401 | kfree(iovec); |
| 2b188cc1 JA |
3402 | return ret; |
| 3403 | } | |
| 3404 | ||
| 80a261fd JA |
3405 | static int io_renameat_prep(struct io_kiocb *req, |
| 3406 | const struct io_uring_sqe *sqe) | |
| 3407 | { | |
| 3408 | struct io_rename *ren = &req->rename; | |
| 3409 | const char __user *oldf, *newf; | |
| 3410 | ||
| 3411 | if (unlikely(req->flags & REQ_F_FIXED_FILE)) | |
| 3412 | return -EBADF; | |
| 3413 | ||
| 3414 | ren->old_dfd = READ_ONCE(sqe->fd); | |
| 3415 | oldf = u64_to_user_ptr(READ_ONCE(sqe->addr)); | |
| 3416 | newf = u64_to_user_ptr(READ_ONCE(sqe->addr2)); | |
| 3417 | ren->new_dfd = READ_ONCE(sqe->len); | |
| 3418 | ren->flags = READ_ONCE(sqe->rename_flags); | |
| 3419 | ||
| 3420 | ren->oldpath = getname(oldf); | |
| 3421 | if (IS_ERR(ren->oldpath)) | |
| 3422 | return PTR_ERR(ren->oldpath); | |
| 3423 | ||
| 3424 | ren->newpath = getname(newf); | |
| 3425 | if (IS_ERR(ren->newpath)) { | |
| 3426 | putname(ren->oldpath); | |
| 3427 | return PTR_ERR(ren->newpath); | |
| 3428 | } | |
| 3429 | ||
| 3430 | req->flags |= REQ_F_NEED_CLEANUP; | |
| 3431 | return 0; | |
| 3432 | } | |
| 3433 | ||
| 45d189c6 | 3434 | static int io_renameat(struct io_kiocb *req, unsigned int issue_flags) |
| 80a261fd JA |
3435 | { |
| 3436 | struct io_rename *ren = &req->rename; | |
| 3437 | int ret; | |
| 3438 | ||
| 45d189c6 | 3439 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 80a261fd JA |
3440 | return -EAGAIN; |
| 3441 | ||
| 3442 | ret = do_renameat2(ren->old_dfd, ren->oldpath, ren->new_dfd, | |
| 3443 | ren->newpath, ren->flags); | |
| 3444 | ||
| 3445 | req->flags &= ~REQ_F_NEED_CLEANUP; | |
| 3446 | if (ret < 0) | |
| 3447 | req_set_fail_links(req); | |
| 3448 | io_req_complete(req, ret); | |
| 3449 | return 0; | |
| 3450 | } | |
| 3451 | ||
| 14a1143b JA |
3452 | static int io_unlinkat_prep(struct io_kiocb *req, |
| 3453 | const struct io_uring_sqe *sqe) | |
| 3454 | { | |
| 3455 | struct io_unlink *un = &req->unlink; | |
| 3456 | const char __user *fname; | |
| 3457 | ||
| 3458 | if (unlikely(req->flags & REQ_F_FIXED_FILE)) | |
| 3459 | return -EBADF; | |
| 3460 | ||
| 3461 | un->dfd = READ_ONCE(sqe->fd); | |
| 3462 | ||
| 3463 | un->flags = READ_ONCE(sqe->unlink_flags); | |
| 3464 | if (un->flags & ~AT_REMOVEDIR) | |
| 3465 | return -EINVAL; | |
| 3466 | ||
| 3467 | fname = u64_to_user_ptr(READ_ONCE(sqe->addr)); | |
| 3468 | un->filename = getname(fname); | |
| 3469 | if (IS_ERR(un->filename)) | |
| 3470 | return PTR_ERR(un->filename); | |
| 3471 | ||
| 3472 | req->flags |= REQ_F_NEED_CLEANUP; | |
| 3473 | return 0; | |
| 3474 | } | |
| 3475 | ||
| 45d189c6 | 3476 | static int io_unlinkat(struct io_kiocb *req, unsigned int issue_flags) |
| 14a1143b JA |
3477 | { |
| 3478 | struct io_unlink *un = &req->unlink; | |
| 3479 | int ret; | |
| 3480 | ||
| 45d189c6 | 3481 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 14a1143b JA |
3482 | return -EAGAIN; |
| 3483 | ||
| 3484 | if (un->flags & AT_REMOVEDIR) | |
| 3485 | ret = do_rmdir(un->dfd, un->filename); | |
| 3486 | else | |
| 3487 | ret = do_unlinkat(un->dfd, un->filename); | |
| 3488 | ||
| 3489 | req->flags &= ~REQ_F_NEED_CLEANUP; | |
| 3490 | if (ret < 0) | |
| 3491 | req_set_fail_links(req); | |
| 3492 | io_req_complete(req, ret); | |
| 3493 | return 0; | |
| 3494 | } | |
| 3495 | ||
| 36f4fa68 JA |
3496 | static int io_shutdown_prep(struct io_kiocb *req, |
| 3497 | const struct io_uring_sqe *sqe) | |
| 3498 | { | |
| 3499 | #if defined(CONFIG_NET) | |
| 3500 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) | |
| 3501 | return -EINVAL; | |
| 3502 | if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || | |
| 3503 | sqe->buf_index) | |
| 3504 | return -EINVAL; | |
| 3505 | ||
| 3506 | req->shutdown.how = READ_ONCE(sqe->len); | |
| 3507 | return 0; | |
| 3508 | #else | |
| 3509 | return -EOPNOTSUPP; | |
| 3510 | #endif | |
| 3511 | } | |
| 3512 | ||
| 45d189c6 | 3513 | static int io_shutdown(struct io_kiocb *req, unsigned int issue_flags) |
| 36f4fa68 JA |
3514 | { |
| 3515 | #if defined(CONFIG_NET) | |
| 3516 | struct socket *sock; | |
| 3517 | int ret; | |
| 3518 | ||
| 45d189c6 | 3519 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 36f4fa68 JA |
3520 | return -EAGAIN; |
| 3521 | ||
| 48aba79b | 3522 | sock = sock_from_file(req->file); |
| 36f4fa68 | 3523 | if (unlikely(!sock)) |
| 48aba79b | 3524 | return -ENOTSOCK; |
| 36f4fa68 JA |
3525 | |
| 3526 | ret = __sys_shutdown_sock(sock, req->shutdown.how); | |
| a146468d JA |
3527 | if (ret < 0) |
| 3528 | req_set_fail_links(req); | |
| 36f4fa68 JA |
3529 | io_req_complete(req, ret); |
| 3530 | return 0; | |
| 3531 | #else | |
| 3532 | return -EOPNOTSUPP; | |
| 3533 | #endif | |
| 3534 | } | |
| 3535 | ||
| f2a8d5c7 PB |
3536 | static int __io_splice_prep(struct io_kiocb *req, |
| 3537 | const struct io_uring_sqe *sqe) | |
| 7d67af2c PB |
3538 | { |
| 3539 | struct io_splice* sp = &req->splice; | |
| 3540 | unsigned int valid_flags = SPLICE_F_FD_IN_FIXED | SPLICE_F_ALL; | |
| 7d67af2c | 3541 | |
| 3232dd02 PB |
3542 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 3543 | return -EINVAL; | |
| 7d67af2c PB |
3544 | |
| 3545 | sp->file_in = NULL; | |
| 7d67af2c PB |
3546 | sp->len = READ_ONCE(sqe->len); |
| 3547 | sp->flags = READ_ONCE(sqe->splice_flags); | |
| 3548 | ||
| 3549 | if (unlikely(sp->flags & ~valid_flags)) | |
| 3550 | return -EINVAL; | |
| 3551 | ||
| 8371adf5 PB |
3552 | sp->file_in = io_file_get(NULL, req, READ_ONCE(sqe->splice_fd_in), |
| 3553 | (sp->flags & SPLICE_F_FD_IN_FIXED)); | |
| 3554 | if (!sp->file_in) | |
| 3555 | return -EBADF; | |
| 7d67af2c PB |
3556 | req->flags |= REQ_F_NEED_CLEANUP; |
| 3557 | ||
| 7cdaf587 XW |
3558 | if (!S_ISREG(file_inode(sp->file_in)->i_mode)) { |
| 3559 | /* | |
| 3560 | * Splice operation will be punted aync, and here need to | |
| 3561 | * modify io_wq_work.flags, so initialize io_wq_work firstly. | |
| 3562 | */ | |
| 7d67af2c | 3563 | req->work.flags |= IO_WQ_WORK_UNBOUND; |
| 7cdaf587 | 3564 | } |
| 7d67af2c PB |
3565 | |
| 3566 | return 0; | |
| 3567 | } | |
| 3568 | ||
| f2a8d5c7 PB |
3569 | static int io_tee_prep(struct io_kiocb *req, |
| 3570 | const struct io_uring_sqe *sqe) | |
| 3571 | { | |
| 3572 | if (READ_ONCE(sqe->splice_off_in) || READ_ONCE(sqe->off)) | |
| 3573 | return -EINVAL; | |
| 3574 | return __io_splice_prep(req, sqe); | |
| 3575 | } | |
| 3576 | ||
| 45d189c6 | 3577 | static int io_tee(struct io_kiocb *req, unsigned int issue_flags) |
| f2a8d5c7 PB |
3578 | { |
| 3579 | struct io_splice *sp = &req->splice; | |
| 3580 | struct file *in = sp->file_in; | |
| 3581 | struct file *out = sp->file_out; | |
| 3582 | unsigned int flags = sp->flags & ~SPLICE_F_FD_IN_FIXED; | |
| 3583 | long ret = 0; | |
| 3584 | ||
| 45d189c6 | 3585 | if (issue_flags & IO_URING_F_NONBLOCK) |
| f2a8d5c7 PB |
3586 | return -EAGAIN; |
| 3587 | if (sp->len) | |
| 3588 | ret = do_tee(in, out, sp->len, flags); | |
| 3589 | ||
| 3590 | io_put_file(req, in, (sp->flags & SPLICE_F_FD_IN_FIXED)); | |
| 3591 | req->flags &= ~REQ_F_NEED_CLEANUP; | |
| 3592 | ||
| f2a8d5c7 PB |
3593 | if (ret != sp->len) |
| 3594 | req_set_fail_links(req); | |
| e1e16097 | 3595 | io_req_complete(req, ret); |
| f2a8d5c7 PB |
3596 | return 0; |
| 3597 | } | |
| 3598 | ||
| 3599 | static int io_splice_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) | |
| 3600 | { | |
| 3601 | struct io_splice* sp = &req->splice; | |
| 3602 | ||
| 3603 | sp->off_in = READ_ONCE(sqe->splice_off_in); | |
| 3604 | sp->off_out = READ_ONCE(sqe->off); | |
| 3605 | return __io_splice_prep(req, sqe); | |
| 3606 | } | |
| 3607 | ||
| 45d189c6 | 3608 | static int io_splice(struct io_kiocb *req, unsigned int issue_flags) |
| 7d67af2c PB |
3609 | { |
| 3610 | struct io_splice *sp = &req->splice; | |
| 3611 | struct file *in = sp->file_in; | |
| 3612 | struct file *out = sp->file_out; | |
| 3613 | unsigned int flags = sp->flags & ~SPLICE_F_FD_IN_FIXED; | |
| 3614 | loff_t *poff_in, *poff_out; | |
| c9687426 | 3615 | long ret = 0; |
| 7d67af2c | 3616 | |
| 45d189c6 | 3617 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 2fb3e822 | 3618 | return -EAGAIN; |
| 7d67af2c PB |
3619 | |
| 3620 | poff_in = (sp->off_in == -1) ? NULL : &sp->off_in; | |
| 3621 | poff_out = (sp->off_out == -1) ? NULL : &sp->off_out; | |
| c9687426 | 3622 | |
| 948a7749 | 3623 | if (sp->len) |
| c9687426 | 3624 | ret = do_splice(in, poff_in, out, poff_out, sp->len, flags); |
| 7d67af2c PB |
3625 | |
| 3626 | io_put_file(req, in, (sp->flags & SPLICE_F_FD_IN_FIXED)); | |
| 3627 | req->flags &= ~REQ_F_NEED_CLEANUP; | |
| 3628 | ||
| 7d67af2c PB |
3629 | if (ret != sp->len) |
| 3630 | req_set_fail_links(req); | |
| e1e16097 | 3631 | io_req_complete(req, ret); |
| 7d67af2c PB |
3632 | return 0; |
| 3633 | } | |
| 3634 | ||
| 2b188cc1 JA |
3635 | /* |
| 3636 | * IORING_OP_NOP just posts a completion event, nothing else. | |
| 3637 | */ | |
| 889fca73 | 3638 | static int io_nop(struct io_kiocb *req, unsigned int issue_flags) |
| 2b188cc1 JA |
3639 | { |
| 3640 | struct io_ring_ctx *ctx = req->ctx; | |
| 2b188cc1 | 3641 | |
| def596e9 JA |
3642 | if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) |
| 3643 | return -EINVAL; | |
| 3644 | ||
| 889fca73 | 3645 | __io_req_complete(req, issue_flags, 0, 0); |
| 2b188cc1 JA |
3646 | return 0; |
| 3647 | } | |
| 3648 | ||
| 1155c76a | 3649 | static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| c992fe29 | 3650 | { |
| 6b06314c | 3651 | struct io_ring_ctx *ctx = req->ctx; |
| c992fe29 | 3652 | |
| 09bb8394 JA |
3653 | if (!req->file) |
| 3654 | return -EBADF; | |
| c992fe29 | 3655 | |
| 6b06314c | 3656 | if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) |
| def596e9 | 3657 | return -EINVAL; |
| edafccee | 3658 | if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) |
| c992fe29 CH |
3659 | return -EINVAL; |
| 3660 | ||
| 8ed8d3c3 JA |
3661 | req->sync.flags = READ_ONCE(sqe->fsync_flags); |
| 3662 | if (unlikely(req->sync.flags & ~IORING_FSYNC_DATASYNC)) | |
| 3663 | return -EINVAL; | |
| 3664 | ||
| 3665 | req->sync.off = READ_ONCE(sqe->off); | |
| 3666 | req->sync.len = READ_ONCE(sqe->len); | |
| c992fe29 CH |
3667 | return 0; |
| 3668 | } | |
| 3669 | ||
| 45d189c6 | 3670 | static int io_fsync(struct io_kiocb *req, unsigned int issue_flags) |
| 8ed8d3c3 | 3671 | { |
| 8ed8d3c3 | 3672 | loff_t end = req->sync.off + req->sync.len; |
| 8ed8d3c3 JA |
3673 | int ret; |
| 3674 | ||
| ac45abc0 | 3675 | /* fsync always requires a blocking context */ |
| 45d189c6 | 3676 | if (issue_flags & IO_URING_F_NONBLOCK) |
| ac45abc0 PB |
3677 | return -EAGAIN; |
| 3678 | ||
| 9adbd45d | 3679 | ret = vfs_fsync_range(req->file, req->sync.off, |
| 8ed8d3c3 JA |
3680 | end > 0 ? end : LLONG_MAX, |
| 3681 | req->sync.flags & IORING_FSYNC_DATASYNC); | |
| 3682 | if (ret < 0) | |
| 3683 | req_set_fail_links(req); | |
| e1e16097 | 3684 | io_req_complete(req, ret); |
| c992fe29 CH |
3685 | return 0; |
| 3686 | } | |
| 3687 | ||
| d63d1b5e JA |
3688 | static int io_fallocate_prep(struct io_kiocb *req, |
| 3689 | const struct io_uring_sqe *sqe) | |
| 3690 | { | |
| 3691 | if (sqe->ioprio || sqe->buf_index || sqe->rw_flags) | |
| 3692 | return -EINVAL; | |
| 3232dd02 PB |
3693 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 3694 | return -EINVAL; | |
| d63d1b5e JA |
3695 | |
| 3696 | req->sync.off = READ_ONCE(sqe->off); | |
| 3697 | req->sync.len = READ_ONCE(sqe->addr); | |
| 3698 | req->sync.mode = READ_ONCE(sqe->len); | |
| 3699 | return 0; | |
| 3700 | } | |
| 3701 | ||
| 45d189c6 | 3702 | static int io_fallocate(struct io_kiocb *req, unsigned int issue_flags) |
| 5d17b4a4 | 3703 | { |
| ac45abc0 PB |
3704 | int ret; |
| 3705 | ||
| d63d1b5e | 3706 | /* fallocate always requiring blocking context */ |
| 45d189c6 | 3707 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 5d17b4a4 | 3708 | return -EAGAIN; |
| ac45abc0 PB |
3709 | ret = vfs_fallocate(req->file, req->sync.mode, req->sync.off, |
| 3710 | req->sync.len); | |
| ac45abc0 PB |
3711 | if (ret < 0) |
| 3712 | req_set_fail_links(req); | |
| e1e16097 | 3713 | io_req_complete(req, ret); |
| 5d17b4a4 JA |
3714 | return 0; |
| 3715 | } | |
| 3716 | ||
| ec65fea5 | 3717 | static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| b7bb4f7d | 3718 | { |
| f8748881 | 3719 | const char __user *fname; |
| 15b71abe | 3720 | int ret; |
| b7bb4f7d | 3721 | |
| ec65fea5 | 3722 | if (unlikely(sqe->ioprio || sqe->buf_index)) |
| 15b71abe | 3723 | return -EINVAL; |
| ec65fea5 | 3724 | if (unlikely(req->flags & REQ_F_FIXED_FILE)) |
| cf3040ca | 3725 | return -EBADF; |
| 03b1230c | 3726 | |
| ec65fea5 PB |
3727 | /* open.how should be already initialised */ |
| 3728 | if (!(req->open.how.flags & O_PATH) && force_o_largefile()) | |
| 08a1d26e | 3729 | req->open.how.flags |= O_LARGEFILE; |
| 3529d8c2 | 3730 | |
| 25e72d10 PB |
3731 | req->open.dfd = READ_ONCE(sqe->fd); |
| 3732 | fname = u64_to_user_ptr(READ_ONCE(sqe->addr)); | |
| f8748881 | 3733 | req->open.filename = getname(fname); |
| 15b71abe JA |
3734 | if (IS_ERR(req->open.filename)) { |
| 3735 | ret = PTR_ERR(req->open.filename); | |
| 3736 | req->open.filename = NULL; | |
| 3737 | return ret; | |
| 3738 | } | |
| 4022e7af | 3739 | req->open.nofile = rlimit(RLIMIT_NOFILE); |
| 8fef80bf | 3740 | req->flags |= REQ_F_NEED_CLEANUP; |
| 15b71abe | 3741 | return 0; |
| 03b1230c JA |
3742 | } |
| 3743 | ||
| ec65fea5 PB |
3744 | static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 3745 | { | |
| 3746 | u64 flags, mode; | |
| 3747 | ||
| 14587a46 | 3748 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4eb8dded | 3749 | return -EINVAL; |
| ec65fea5 PB |
3750 | mode = READ_ONCE(sqe->len); |
| 3751 | flags = READ_ONCE(sqe->open_flags); | |
| 3752 | req->open.how = build_open_how(flags, mode); | |
| 3753 | return __io_openat_prep(req, sqe); | |
| 3754 | } | |
| 3755 | ||
| cebdb986 | 3756 | static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| aa1fa28f | 3757 | { |
| cebdb986 | 3758 | struct open_how __user *how; |
| cebdb986 | 3759 | size_t len; |
| 0fa03c62 JA |
3760 | int ret; |
| 3761 | ||
| 14587a46 | 3762 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4eb8dded | 3763 | return -EINVAL; |
| cebdb986 JA |
3764 | how = u64_to_user_ptr(READ_ONCE(sqe->addr2)); |
| 3765 | len = READ_ONCE(sqe->len); | |
| cebdb986 JA |
3766 | if (len < OPEN_HOW_SIZE_VER0) |
| 3767 | return -EINVAL; | |
| 3529d8c2 | 3768 | |
| cebdb986 JA |
3769 | ret = copy_struct_from_user(&req->open.how, sizeof(req->open.how), how, |
| 3770 | len); | |
| 3771 | if (ret) | |
| 3772 | return ret; | |
| 3529d8c2 | 3773 | |
| ec65fea5 | 3774 | return __io_openat_prep(req, sqe); |
| cebdb986 JA |
3775 | } |
| 3776 | ||
| 45d189c6 | 3777 | static int io_openat2(struct io_kiocb *req, unsigned int issue_flags) |
| 15b71abe JA |
3778 | { |
| 3779 | struct open_flags op; | |
| 15b71abe | 3780 | struct file *file; |
| 3a81fd02 JA |
3781 | bool nonblock_set; |
| 3782 | bool resolve_nonblock; | |
| 15b71abe JA |
3783 | int ret; |
| 3784 | ||
| cebdb986 | 3785 | ret = build_open_flags(&req->open.how, &op); |
| 15b71abe JA |
3786 | if (ret) |
| 3787 | goto err; | |
| 3a81fd02 JA |
3788 | nonblock_set = op.open_flag & O_NONBLOCK; |
| 3789 | resolve_nonblock = req->open.how.resolve & RESOLVE_CACHED; | |
| 45d189c6 | 3790 | if (issue_flags & IO_URING_F_NONBLOCK) { |
| 3a81fd02 JA |
3791 | /* |
| 3792 | * Don't bother trying for O_TRUNC, O_CREAT, or O_TMPFILE open, | |
| 3793 | * it'll always -EAGAIN | |
| 3794 | */ | |
| 3795 | if (req->open.how.flags & (O_TRUNC | O_CREAT | O_TMPFILE)) | |
| 3796 | return -EAGAIN; | |
| 3797 | op.lookup_flags |= LOOKUP_CACHED; | |
| 3798 | op.open_flag |= O_NONBLOCK; | |
| 3799 | } | |
| 15b71abe | 3800 | |
| 4022e7af | 3801 | ret = __get_unused_fd_flags(req->open.how.flags, req->open.nofile); |
| 15b71abe JA |
3802 | if (ret < 0) |
| 3803 | goto err; | |
| 3804 | ||
| 3805 | file = do_filp_open(req->open.dfd, req->open.filename, &op); | |
| 3a81fd02 | 3806 | /* only retry if RESOLVE_CACHED wasn't already set by application */ |
| 45d189c6 PB |
3807 | if ((!resolve_nonblock && (issue_flags & IO_URING_F_NONBLOCK)) && |
| 3808 | file == ERR_PTR(-EAGAIN)) { | |
| 944d1444 | 3809 | /* |
| 3a81fd02 JA |
3810 | * We could hang on to this 'fd', but seems like marginal |
| 3811 | * gain for something that is now known to be a slower path. | |
| 3812 | * So just put it, and we'll get a new one when we retry. | |
| 944d1444 | 3813 | */ |
| 3a81fd02 JA |
3814 | put_unused_fd(ret); |
| 3815 | return -EAGAIN; | |
| 3816 | } | |
| 3817 | ||
| 15b71abe JA |
3818 | if (IS_ERR(file)) { |
| 3819 | put_unused_fd(ret); | |
| 3820 | ret = PTR_ERR(file); | |
| 3821 | } else { | |
| 45d189c6 | 3822 | if ((issue_flags & IO_URING_F_NONBLOCK) && !nonblock_set) |
| 3a81fd02 | 3823 | file->f_flags &= ~O_NONBLOCK; |
| 15b71abe JA |
3824 | fsnotify_open(file); |
| 3825 | fd_install(ret, file); | |
| 3826 | } | |
| 3827 | err: | |
| 3828 | putname(req->open.filename); | |
| 8fef80bf | 3829 | req->flags &= ~REQ_F_NEED_CLEANUP; |
| 15b71abe JA |
3830 | if (ret < 0) |
| 3831 | req_set_fail_links(req); | |
| e1e16097 | 3832 | io_req_complete(req, ret); |
| 15b71abe JA |
3833 | return 0; |
| 3834 | } | |
| 3835 | ||
| 45d189c6 | 3836 | static int io_openat(struct io_kiocb *req, unsigned int issue_flags) |
| cebdb986 | 3837 | { |
| e45cff58 | 3838 | return io_openat2(req, issue_flags); |
| cebdb986 JA |
3839 | } |
| 3840 | ||
| 067524e9 JA |
3841 | static int io_remove_buffers_prep(struct io_kiocb *req, |
| 3842 | const struct io_uring_sqe *sqe) | |
| 3843 | { | |
| 3844 | struct io_provide_buf *p = &req->pbuf; | |
| 3845 | u64 tmp; | |
| 3846 | ||
| 3847 | if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off) | |
| 3848 | return -EINVAL; | |
| 3849 | ||
| 3850 | tmp = READ_ONCE(sqe->fd); | |
| 3851 | if (!tmp || tmp > USHRT_MAX) | |
| 3852 | return -EINVAL; | |
| 3853 | ||
| 3854 | memset(p, 0, sizeof(*p)); | |
| 3855 | p->nbufs = tmp; | |
| 3856 | p->bgid = READ_ONCE(sqe->buf_group); | |
| 3857 | return 0; | |
| 3858 | } | |
| 3859 | ||
| 3860 | static int __io_remove_buffers(struct io_ring_ctx *ctx, struct io_buffer *buf, | |
| 3861 | int bgid, unsigned nbufs) | |
| 3862 | { | |
| 3863 | unsigned i = 0; | |
| 3864 | ||
| 3865 | /* shouldn't happen */ | |
| 3866 | if (!nbufs) | |
| 3867 | return 0; | |
| 3868 | ||
| 3869 | /* the head kbuf is the list itself */ | |
| 3870 | while (!list_empty(&buf->list)) { | |
| 3871 | struct io_buffer *nxt; | |
| 3872 | ||
| 3873 | nxt = list_first_entry(&buf->list, struct io_buffer, list); | |
| 3874 | list_del(&nxt->list); | |
| 3875 | kfree(nxt); | |
| 3876 | if (++i == nbufs) | |
| 3877 | return i; | |
| 3878 | } | |
| 3879 | i++; | |
| 3880 | kfree(buf); | |
| 3881 | idr_remove(&ctx->io_buffer_idr, bgid); | |
| 3882 | ||
| 3883 | return i; | |
| 3884 | } | |
| 3885 | ||
| 889fca73 | 3886 | static int io_remove_buffers(struct io_kiocb *req, unsigned int issue_flags) |
| 067524e9 JA |
3887 | { |
| 3888 | struct io_provide_buf *p = &req->pbuf; | |
| 3889 | struct io_ring_ctx *ctx = req->ctx; | |
| 3890 | struct io_buffer *head; | |
| 3891 | int ret = 0; | |
| 45d189c6 | 3892 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| 067524e9 JA |
3893 | |
| 3894 | io_ring_submit_lock(ctx, !force_nonblock); | |
| 3895 | ||
| 3896 | lockdep_assert_held(&ctx->uring_lock); | |
| 3897 | ||
| 3898 | ret = -ENOENT; | |
| 3899 | head = idr_find(&ctx->io_buffer_idr, p->bgid); | |
| 3900 | if (head) | |
| 3901 | ret = __io_remove_buffers(ctx, head, p->bgid, p->nbufs); | |
| 067524e9 JA |
3902 | if (ret < 0) |
| 3903 | req_set_fail_links(req); | |
| 067524e9 | 3904 | |
| 31bff9a5 PB |
3905 | /* need to hold the lock to complete IOPOLL requests */ |
| 3906 | if (ctx->flags & IORING_SETUP_IOPOLL) { | |
| 889fca73 | 3907 | __io_req_complete(req, issue_flags, ret, 0); |
| 31bff9a5 PB |
3908 | io_ring_submit_unlock(ctx, !force_nonblock); |
| 3909 | } else { | |
| 3910 | io_ring_submit_unlock(ctx, !force_nonblock); | |
| 889fca73 | 3911 | __io_req_complete(req, issue_flags, ret, 0); |
| 31bff9a5 | 3912 | } |
| 067524e9 JA |
3913 | return 0; |
| 3914 | } | |
| 3915 | ||
| ddf0322d JA |
3916 | static int io_provide_buffers_prep(struct io_kiocb *req, |
| 3917 | const struct io_uring_sqe *sqe) | |
| 3918 | { | |
| 3919 | struct io_provide_buf *p = &req->pbuf; | |
| 3920 | u64 tmp; | |
| 3921 | ||
| 3922 | if (sqe->ioprio || sqe->rw_flags) | |
| 3923 | return -EINVAL; | |
| 3924 | ||
| 3925 | tmp = READ_ONCE(sqe->fd); | |
| 3926 | if (!tmp || tmp > USHRT_MAX) | |
| 3927 | return -E2BIG; | |
| 3928 | p->nbufs = tmp; | |
| 3929 | p->addr = READ_ONCE(sqe->addr); | |
| 3930 | p->len = READ_ONCE(sqe->len); | |
| 3931 | ||
| efe68c1c | 3932 | if (!access_ok(u64_to_user_ptr(p->addr), (p->len * p->nbufs))) |
| ddf0322d JA |
3933 | return -EFAULT; |
| 3934 | ||
| 3935 | p->bgid = READ_ONCE(sqe->buf_group); | |
| 3936 | tmp = READ_ONCE(sqe->off); | |
| 3937 | if (tmp > USHRT_MAX) | |
| 3938 | return -E2BIG; | |
| 3939 | p->bid = tmp; | |
| 3940 | return 0; | |
| 3941 | } | |
| 3942 | ||
| 3943 | static int io_add_buffers(struct io_provide_buf *pbuf, struct io_buffer **head) | |
| 3944 | { | |
| 3945 | struct io_buffer *buf; | |
| 3946 | u64 addr = pbuf->addr; | |
| 3947 | int i, bid = pbuf->bid; | |
| 3948 | ||
| 3949 | for (i = 0; i < pbuf->nbufs; i++) { | |
| 3950 | buf = kmalloc(sizeof(*buf), GFP_KERNEL); | |
| 3951 | if (!buf) | |
| 3952 | break; | |
| 3953 | ||
| 3954 | buf->addr = addr; | |
| 3955 | buf->len = pbuf->len; | |
| 3956 | buf->bid = bid; | |
| 3957 | addr += pbuf->len; | |
| 3958 | bid++; | |
| 3959 | if (!*head) { | |
| 3960 | INIT_LIST_HEAD(&buf->list); | |
| 3961 | *head = buf; | |
| 3962 | } else { | |
| 3963 | list_add_tail(&buf->list, &(*head)->list); | |
| 3964 | } | |
| 3965 | } | |
| 3966 | ||
| 3967 | return i ? i : -ENOMEM; | |
| 3968 | } | |
| 3969 | ||
| 889fca73 | 3970 | static int io_provide_buffers(struct io_kiocb *req, unsigned int issue_flags) |
| ddf0322d JA |
3971 | { |
| 3972 | struct io_provide_buf *p = &req->pbuf; | |
| 3973 | struct io_ring_ctx *ctx = req->ctx; | |
| 3974 | struct io_buffer *head, *list; | |
| 3975 | int ret = 0; | |
| 45d189c6 | 3976 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| ddf0322d JA |
3977 | |
| 3978 | io_ring_submit_lock(ctx, !force_nonblock); | |
| 3979 | ||
| 3980 | lockdep_assert_held(&ctx->uring_lock); | |
| 3981 | ||
| 3982 | list = head = idr_find(&ctx->io_buffer_idr, p->bgid); | |
| 3983 | ||
| 3984 | ret = io_add_buffers(p, &head); | |
| 3985 | if (ret < 0) | |
| 3986 | goto out; | |
| 3987 | ||
| 3988 | if (!list) { | |
| 3989 | ret = idr_alloc(&ctx->io_buffer_idr, head, p->bgid, p->bgid + 1, | |
| 3990 | GFP_KERNEL); | |
| 3991 | if (ret < 0) { | |
| 067524e9 | 3992 | __io_remove_buffers(ctx, head, p->bgid, -1U); |
| ddf0322d JA |
3993 | goto out; |
| 3994 | } | |
| 3995 | } | |
| 3996 | out: | |
| ddf0322d JA |
3997 | if (ret < 0) |
| 3998 | req_set_fail_links(req); | |
| 31bff9a5 PB |
3999 | |
| 4000 | /* need to hold the lock to complete IOPOLL requests */ | |
| 4001 | if (ctx->flags & IORING_SETUP_IOPOLL) { | |
| 889fca73 | 4002 | __io_req_complete(req, issue_flags, ret, 0); |
| 31bff9a5 PB |
4003 | io_ring_submit_unlock(ctx, !force_nonblock); |
| 4004 | } else { | |
| 4005 | io_ring_submit_unlock(ctx, !force_nonblock); | |
| 889fca73 | 4006 | __io_req_complete(req, issue_flags, ret, 0); |
| 31bff9a5 | 4007 | } |
| ddf0322d | 4008 | return 0; |
| cebdb986 JA |
4009 | } |
| 4010 | ||
| 3e4827b0 JA |
4011 | static int io_epoll_ctl_prep(struct io_kiocb *req, |
| 4012 | const struct io_uring_sqe *sqe) | |
| 4013 | { | |
| 4014 | #if defined(CONFIG_EPOLL) | |
| 4015 | if (sqe->ioprio || sqe->buf_index) | |
| 4016 | return -EINVAL; | |
| 6ca56f84 | 4017 | if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL | IORING_SETUP_SQPOLL))) |
| 3232dd02 | 4018 | return -EINVAL; |
| 3e4827b0 JA |
4019 | |
| 4020 | req->epoll.epfd = READ_ONCE(sqe->fd); | |
| 4021 | req->epoll.op = READ_ONCE(sqe->len); | |
| 4022 | req->epoll.fd = READ_ONCE(sqe->off); | |
| 4023 | ||
| 4024 | if (ep_op_has_event(req->epoll.op)) { | |
| 4025 | struct epoll_event __user *ev; | |
| 4026 | ||
| 4027 | ev = u64_to_user_ptr(READ_ONCE(sqe->addr)); | |
| 4028 | if (copy_from_user(&req->epoll.event, ev, sizeof(*ev))) | |
| 4029 | return -EFAULT; | |
| 4030 | } | |
| 4031 | ||
| 4032 | return 0; | |
| 4033 | #else | |
| 4034 | return -EOPNOTSUPP; | |
| 4035 | #endif | |
| 4036 | } | |
| 4037 | ||
| 889fca73 | 4038 | static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags) |
| 3e4827b0 JA |
4039 | { |
| 4040 | #if defined(CONFIG_EPOLL) | |
| 4041 | struct io_epoll *ie = &req->epoll; | |
| 4042 | int ret; | |
| 45d189c6 | 4043 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| 3e4827b0 JA |
4044 | |
| 4045 | ret = do_epoll_ctl(ie->epfd, ie->op, ie->fd, &ie->event, force_nonblock); | |
| 4046 | if (force_nonblock && ret == -EAGAIN) | |
| 4047 | return -EAGAIN; | |
| 4048 | ||
| 4049 | if (ret < 0) | |
| 4050 | req_set_fail_links(req); | |
| 889fca73 | 4051 | __io_req_complete(req, issue_flags, ret, 0); |
| 3e4827b0 JA |
4052 | return 0; |
| 4053 | #else | |
| 4054 | return -EOPNOTSUPP; | |
| 4055 | #endif | |
| 4056 | } | |
| 4057 | ||
| c1ca757b JA |
4058 | static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 4059 | { | |
| 4060 | #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) | |
| 4061 | if (sqe->ioprio || sqe->buf_index || sqe->off) | |
| 4062 | return -EINVAL; | |
| 3232dd02 PB |
4063 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4064 | return -EINVAL; | |
| c1ca757b JA |
4065 | |
| 4066 | req->madvise.addr = READ_ONCE(sqe->addr); | |
| 4067 | req->madvise.len = READ_ONCE(sqe->len); | |
| 4068 | req->madvise.advice = READ_ONCE(sqe->fadvise_advice); | |
| 4069 | return 0; | |
| 4070 | #else | |
| 4071 | return -EOPNOTSUPP; | |
| 4072 | #endif | |
| 4073 | } | |
| 4074 | ||
| 45d189c6 | 4075 | static int io_madvise(struct io_kiocb *req, unsigned int issue_flags) |
| c1ca757b JA |
4076 | { |
| 4077 | #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) | |
| 4078 | struct io_madvise *ma = &req->madvise; | |
| 4079 | int ret; | |
| 4080 | ||
| 45d189c6 | 4081 | if (issue_flags & IO_URING_F_NONBLOCK) |
| c1ca757b JA |
4082 | return -EAGAIN; |
| 4083 | ||
| 0726b01e | 4084 | ret = do_madvise(current->mm, ma->addr, ma->len, ma->advice); |
| c1ca757b JA |
4085 | if (ret < 0) |
| 4086 | req_set_fail_links(req); | |
| e1e16097 | 4087 | io_req_complete(req, ret); |
| c1ca757b JA |
4088 | return 0; |
| 4089 | #else | |
| 4090 | return -EOPNOTSUPP; | |
| 4091 | #endif | |
| 4092 | } | |
| 4093 | ||
| 4840e418 JA |
4094 | static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 4095 | { | |
| 4096 | if (sqe->ioprio || sqe->buf_index || sqe->addr) | |
| 4097 | return -EINVAL; | |
| 3232dd02 PB |
4098 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4099 | return -EINVAL; | |
| 4840e418 JA |
4100 | |
| 4101 | req->fadvise.offset = READ_ONCE(sqe->off); | |
| 4102 | req->fadvise.len = READ_ONCE(sqe->len); | |
| 4103 | req->fadvise.advice = READ_ONCE(sqe->fadvise_advice); | |
| 4104 | return 0; | |
| 4105 | } | |
| 4106 | ||
| 45d189c6 | 4107 | static int io_fadvise(struct io_kiocb *req, unsigned int issue_flags) |
| 4840e418 JA |
4108 | { |
| 4109 | struct io_fadvise *fa = &req->fadvise; | |
| 4110 | int ret; | |
| 4111 | ||
| 45d189c6 | 4112 | if (issue_flags & IO_URING_F_NONBLOCK) { |
| 3e69426d JA |
4113 | switch (fa->advice) { |
| 4114 | case POSIX_FADV_NORMAL: | |
| 4115 | case POSIX_FADV_RANDOM: | |
| 4116 | case POSIX_FADV_SEQUENTIAL: | |
| 4117 | break; | |
| 4118 | default: | |
| 4119 | return -EAGAIN; | |
| 4120 | } | |
| 4121 | } | |
| 4840e418 JA |
4122 | |
| 4123 | ret = vfs_fadvise(req->file, fa->offset, fa->len, fa->advice); | |
| 4124 | if (ret < 0) | |
| 4125 | req_set_fail_links(req); | |
| e1e16097 | 4126 | io_req_complete(req, ret); |
| 4840e418 JA |
4127 | return 0; |
| 4128 | } | |
| 4129 | ||
| eddc7ef5 JA |
4130 | static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 4131 | { | |
| 6ca56f84 | 4132 | if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL | IORING_SETUP_SQPOLL))) |
| 3232dd02 | 4133 | return -EINVAL; |
| eddc7ef5 JA |
4134 | if (sqe->ioprio || sqe->buf_index) |
| 4135 | return -EINVAL; | |
| 9c280f90 | 4136 | if (req->flags & REQ_F_FIXED_FILE) |
| cf3040ca | 4137 | return -EBADF; |
| eddc7ef5 | 4138 | |
| 1d9e1288 BM |
4139 | req->statx.dfd = READ_ONCE(sqe->fd); |
| 4140 | req->statx.mask = READ_ONCE(sqe->len); | |
| e62753e4 | 4141 | req->statx.filename = u64_to_user_ptr(READ_ONCE(sqe->addr)); |
| 1d9e1288 BM |
4142 | req->statx.buffer = u64_to_user_ptr(READ_ONCE(sqe->addr2)); |
| 4143 | req->statx.flags = READ_ONCE(sqe->statx_flags); | |
| eddc7ef5 JA |
4144 | |
| 4145 | return 0; | |
| 4146 | } | |
| 4147 | ||
| 45d189c6 | 4148 | static int io_statx(struct io_kiocb *req, unsigned int issue_flags) |
| eddc7ef5 | 4149 | { |
| 1d9e1288 | 4150 | struct io_statx *ctx = &req->statx; |
| eddc7ef5 JA |
4151 | int ret; |
| 4152 | ||
| 45d189c6 | 4153 | if (issue_flags & IO_URING_F_NONBLOCK) { |
| 5b0bbee4 JA |
4154 | /* only need file table for an actual valid fd */ |
| 4155 | if (ctx->dfd == -1 || ctx->dfd == AT_FDCWD) | |
| 4156 | req->flags |= REQ_F_NO_FILE_TABLE; | |
| eddc7ef5 | 4157 | return -EAGAIN; |
| 5b0bbee4 | 4158 | } |
| eddc7ef5 | 4159 | |
| e62753e4 BM |
4160 | ret = do_statx(ctx->dfd, ctx->filename, ctx->flags, ctx->mask, |
| 4161 | ctx->buffer); | |
| eddc7ef5 | 4162 | |
| eddc7ef5 JA |
4163 | if (ret < 0) |
| 4164 | req_set_fail_links(req); | |
| e1e16097 | 4165 | io_req_complete(req, ret); |
| eddc7ef5 JA |
4166 | return 0; |
| 4167 | } | |
| 4168 | ||
| b5dba59e JA |
4169 | static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 4170 | { | |
| 14587a46 | 4171 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 3232dd02 | 4172 | return -EINVAL; |
| b5dba59e JA |
4173 | if (sqe->ioprio || sqe->off || sqe->addr || sqe->len || |
| 4174 | sqe->rw_flags || sqe->buf_index) | |
| 4175 | return -EINVAL; | |
| 9c280f90 | 4176 | if (req->flags & REQ_F_FIXED_FILE) |
| cf3040ca | 4177 | return -EBADF; |
| b5dba59e JA |
4178 | |
| 4179 | req->close.fd = READ_ONCE(sqe->fd); | |
| b5dba59e | 4180 | return 0; |
| b5dba59e JA |
4181 | } |
| 4182 | ||
| 889fca73 | 4183 | static int io_close(struct io_kiocb *req, unsigned int issue_flags) |
| b5dba59e | 4184 | { |
| 9eac1904 | 4185 | struct files_struct *files = current->files; |
| 3af73b28 | 4186 | struct io_close *close = &req->close; |
| 9eac1904 JA |
4187 | struct fdtable *fdt; |
| 4188 | struct file *file; | |
| b5dba59e JA |
4189 | int ret; |
| 4190 | ||
| 9eac1904 JA |
4191 | file = NULL; |
| 4192 | ret = -EBADF; | |
| 4193 | spin_lock(&files->file_lock); | |
| 4194 | fdt = files_fdtable(files); | |
| 4195 | if (close->fd >= fdt->max_fds) { | |
| 4196 | spin_unlock(&files->file_lock); | |
| 4197 | goto err; | |
| 4198 | } | |
| 4199 | file = fdt->fd[close->fd]; | |
| 4200 | if (!file) { | |
| 4201 | spin_unlock(&files->file_lock); | |
| 4202 | goto err; | |
| 4203 | } | |
| 4204 | ||
| 4205 | if (file->f_op == &io_uring_fops) { | |
| 4206 | spin_unlock(&files->file_lock); | |
| 4207 | file = NULL; | |
| 4208 | goto err; | |
| 3af73b28 | 4209 | } |
| b5dba59e JA |
4210 | |
| 4211 | /* if the file has a flush method, be safe and punt to async */ | |
| 45d189c6 | 4212 | if (file->f_op->flush && (issue_flags & IO_URING_F_NONBLOCK)) { |
| 9eac1904 | 4213 | spin_unlock(&files->file_lock); |
| 0bf0eefd | 4214 | return -EAGAIN; |
| a2100672 | 4215 | } |
| b5dba59e | 4216 | |
| 9eac1904 JA |
4217 | ret = __close_fd_get_file(close->fd, &file); |
| 4218 | spin_unlock(&files->file_lock); | |
| 4219 | if (ret < 0) { | |
| 4220 | if (ret == -ENOENT) | |
| 4221 | ret = -EBADF; | |
| 4222 | goto err; | |
| 4223 | } | |
| 4224 | ||
| 3af73b28 | 4225 | /* No ->flush() or already async, safely close from here */ |
| 9eac1904 JA |
4226 | ret = filp_close(file, current->files); |
| 4227 | err: | |
| 3af73b28 PB |
4228 | if (ret < 0) |
| 4229 | req_set_fail_links(req); | |
| 9eac1904 JA |
4230 | if (file) |
| 4231 | fput(file); | |
| 889fca73 | 4232 | __io_req_complete(req, issue_flags, ret, 0); |
| 1a417f4e | 4233 | return 0; |
| b5dba59e JA |
4234 | } |
| 4235 | ||
| 1155c76a | 4236 | static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 5d17b4a4 JA |
4237 | { |
| 4238 | struct io_ring_ctx *ctx = req->ctx; | |
| 5d17b4a4 | 4239 | |
| 5d17b4a4 JA |
4240 | if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) |
| 4241 | return -EINVAL; | |
| 4242 | if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) | |
| 4243 | return -EINVAL; | |
| 4244 | ||
| 8ed8d3c3 JA |
4245 | req->sync.off = READ_ONCE(sqe->off); |
| 4246 | req->sync.len = READ_ONCE(sqe->len); | |
| 4247 | req->sync.flags = READ_ONCE(sqe->sync_range_flags); | |
| 8ed8d3c3 JA |
4248 | return 0; |
| 4249 | } | |
| 4250 | ||
| 45d189c6 | 4251 | static int io_sync_file_range(struct io_kiocb *req, unsigned int issue_flags) |
| 8ed8d3c3 | 4252 | { |
| 8ed8d3c3 JA |
4253 | int ret; |
| 4254 | ||
| ac45abc0 | 4255 | /* sync_file_range always requires a blocking context */ |
| 45d189c6 | 4256 | if (issue_flags & IO_URING_F_NONBLOCK) |
| ac45abc0 PB |
4257 | return -EAGAIN; |
| 4258 | ||
| 9adbd45d | 4259 | ret = sync_file_range(req->file, req->sync.off, req->sync.len, |
| 8ed8d3c3 JA |
4260 | req->sync.flags); |
| 4261 | if (ret < 0) | |
| 4262 | req_set_fail_links(req); | |
| e1e16097 | 4263 | io_req_complete(req, ret); |
| 5d17b4a4 JA |
4264 | return 0; |
| 4265 | } | |
| 4266 | ||
| 469956e8 | 4267 | #if defined(CONFIG_NET) |
| 02d27d89 PB |
4268 | static int io_setup_async_msg(struct io_kiocb *req, |
| 4269 | struct io_async_msghdr *kmsg) | |
| 4270 | { | |
| e8c2bc1f JA |
4271 | struct io_async_msghdr *async_msg = req->async_data; |
| 4272 | ||
| 4273 | if (async_msg) | |
| 02d27d89 | 4274 | return -EAGAIN; |
| e8c2bc1f | 4275 | if (io_alloc_async_data(req)) { |
| 257e84a5 | 4276 | kfree(kmsg->free_iov); |
| 02d27d89 PB |
4277 | return -ENOMEM; |
| 4278 | } | |
| e8c2bc1f | 4279 | async_msg = req->async_data; |
| 02d27d89 | 4280 | req->flags |= REQ_F_NEED_CLEANUP; |
| e8c2bc1f | 4281 | memcpy(async_msg, kmsg, sizeof(*kmsg)); |
| 2a780802 | 4282 | async_msg->msg.msg_name = &async_msg->addr; |
| 257e84a5 PB |
4283 | /* if were using fast_iov, set it to the new one */ |
| 4284 | if (!async_msg->free_iov) | |
| 4285 | async_msg->msg.msg_iter.iov = async_msg->fast_iov; | |
| 4286 | ||
| 02d27d89 PB |
4287 | return -EAGAIN; |
| 4288 | } | |
| 4289 | ||
| 2ae523ed PB |
4290 | static int io_sendmsg_copy_hdr(struct io_kiocb *req, |
| 4291 | struct io_async_msghdr *iomsg) | |
| 4292 | { | |
| 2ae523ed | 4293 | iomsg->msg.msg_name = &iomsg->addr; |
| 257e84a5 | 4294 | iomsg->free_iov = iomsg->fast_iov; |
| 2ae523ed | 4295 | return sendmsg_copy_msghdr(&iomsg->msg, req->sr_msg.umsg, |
| 257e84a5 | 4296 | req->sr_msg.msg_flags, &iomsg->free_iov); |
| 2ae523ed PB |
4297 | } |
| 4298 | ||
| 93642ef8 PB |
4299 | static int io_sendmsg_prep_async(struct io_kiocb *req) |
| 4300 | { | |
| 4301 | int ret; | |
| 4302 | ||
| 4303 | if (!io_op_defs[req->opcode].needs_async_data) | |
| 4304 | return 0; | |
| 4305 | ret = io_sendmsg_copy_hdr(req, req->async_data); | |
| 4306 | if (!ret) | |
| 4307 | req->flags |= REQ_F_NEED_CLEANUP; | |
| 4308 | return ret; | |
| 4309 | } | |
| 4310 | ||
| 3529d8c2 | 4311 | static int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 03b1230c | 4312 | { |
| e47293fd | 4313 | struct io_sr_msg *sr = &req->sr_msg; |
| 03b1230c | 4314 | |
| d2b6f48b PB |
4315 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4316 | return -EINVAL; | |
| 4317 | ||
| e47293fd | 4318 | sr->msg_flags = READ_ONCE(sqe->msg_flags); |
| 270a5940 | 4319 | sr->umsg = u64_to_user_ptr(READ_ONCE(sqe->addr)); |
| fddaface | 4320 | sr->len = READ_ONCE(sqe->len); |
| 3529d8c2 | 4321 | |
| d8768362 JA |
4322 | #ifdef CONFIG_COMPAT |
| 4323 | if (req->ctx->compat) | |
| 4324 | sr->msg_flags |= MSG_CMSG_COMPAT; | |
| 4325 | #endif | |
| 93642ef8 | 4326 | return 0; |
| 03b1230c JA |
4327 | } |
| 4328 | ||
| 889fca73 | 4329 | static int io_sendmsg(struct io_kiocb *req, unsigned int issue_flags) |
| aa1fa28f | 4330 | { |
| 6b754c8b | 4331 | struct io_async_msghdr iomsg, *kmsg; |
| 0fa03c62 | 4332 | struct socket *sock; |
| 7a7cacba | 4333 | unsigned flags; |
| 0fa03c62 JA |
4334 | int ret; |
| 4335 | ||
| dba4a925 | 4336 | sock = sock_from_file(req->file); |
| 7a7cacba | 4337 | if (unlikely(!sock)) |
| dba4a925 | 4338 | return -ENOTSOCK; |
| 3529d8c2 | 4339 | |
| 257e84a5 PB |
4340 | kmsg = req->async_data; |
| 4341 | if (!kmsg) { | |
| 7a7cacba PB |
4342 | ret = io_sendmsg_copy_hdr(req, &iomsg); |
| 4343 | if (ret) | |
| 4344 | return ret; | |
| 4345 | kmsg = &iomsg; | |
| 0fa03c62 | 4346 | } |
| 0fa03c62 | 4347 | |
| 7a7cacba PB |
4348 | flags = req->sr_msg.msg_flags; |
| 4349 | if (flags & MSG_DONTWAIT) | |
| 4350 | req->flags |= REQ_F_NOWAIT; | |
| 45d189c6 | 4351 | else if (issue_flags & IO_URING_F_NONBLOCK) |
| 7a7cacba | 4352 | flags |= MSG_DONTWAIT; |
| e47293fd | 4353 | |
| 7a7cacba | 4354 | ret = __sys_sendmsg_sock(sock, &kmsg->msg, flags); |
| 45d189c6 | 4355 | if ((issue_flags & IO_URING_F_NONBLOCK) && ret == -EAGAIN) |
| 7a7cacba PB |
4356 | return io_setup_async_msg(req, kmsg); |
| 4357 | if (ret == -ERESTARTSYS) | |
| 4358 | ret = -EINTR; | |
| 0fa03c62 | 4359 | |
| 257e84a5 PB |
4360 | /* fast path, check for non-NULL to avoid function call */ |
| 4361 | if (kmsg->free_iov) | |
| 4362 | kfree(kmsg->free_iov); | |
| 99bc4c38 | 4363 | req->flags &= ~REQ_F_NEED_CLEANUP; |
| 4e88d6e7 JA |
4364 | if (ret < 0) |
| 4365 | req_set_fail_links(req); | |
| 889fca73 | 4366 | __io_req_complete(req, issue_flags, ret, 0); |
| 5d17b4a4 | 4367 | return 0; |
| 03b1230c | 4368 | } |
| aa1fa28f | 4369 | |
| 889fca73 | 4370 | static int io_send(struct io_kiocb *req, unsigned int issue_flags) |
| fddaface | 4371 | { |
| 7a7cacba PB |
4372 | struct io_sr_msg *sr = &req->sr_msg; |
| 4373 | struct msghdr msg; | |
| 4374 | struct iovec iov; | |
| fddaface | 4375 | struct socket *sock; |
| 7a7cacba | 4376 | unsigned flags; |
| fddaface JA |
4377 | int ret; |
| 4378 | ||
| dba4a925 | 4379 | sock = sock_from_file(req->file); |
| 7a7cacba | 4380 | if (unlikely(!sock)) |
| dba4a925 | 4381 | return -ENOTSOCK; |
| fddaface | 4382 | |
| 7a7cacba PB |
4383 | ret = import_single_range(WRITE, sr->buf, sr->len, &iov, &msg.msg_iter); |
| 4384 | if (unlikely(ret)) | |
| 14db8411 | 4385 | return ret; |
| fddaface | 4386 | |
| 7a7cacba PB |
4387 | msg.msg_name = NULL; |
| 4388 | msg.msg_control = NULL; | |
| 4389 | msg.msg_controllen = 0; | |
| 4390 | msg.msg_namelen = 0; | |
| fddaface | 4391 | |
| 7a7cacba PB |
4392 | flags = req->sr_msg.msg_flags; |
| 4393 | if (flags & MSG_DONTWAIT) | |
| 4394 | req->flags |= REQ_F_NOWAIT; | |
| 45d189c6 | 4395 | else if (issue_flags & IO_URING_F_NONBLOCK) |
| 7a7cacba | 4396 | flags |= MSG_DONTWAIT; |
| fddaface | 4397 | |
| 7a7cacba PB |
4398 | msg.msg_flags = flags; |
| 4399 | ret = sock_sendmsg(sock, &msg); | |
| 45d189c6 | 4400 | if ((issue_flags & IO_URING_F_NONBLOCK) && ret == -EAGAIN) |
| 7a7cacba PB |
4401 | return -EAGAIN; |
| 4402 | if (ret == -ERESTARTSYS) | |
| 4403 | ret = -EINTR; | |
| fddaface | 4404 | |
| fddaface JA |
4405 | if (ret < 0) |
| 4406 | req_set_fail_links(req); | |
| 889fca73 | 4407 | __io_req_complete(req, issue_flags, ret, 0); |
| fddaface | 4408 | return 0; |
| fddaface JA |
4409 | } |
| 4410 | ||
| 1400e697 PB |
4411 | static int __io_recvmsg_copy_hdr(struct io_kiocb *req, |
| 4412 | struct io_async_msghdr *iomsg) | |
| 52de1fe1 JA |
4413 | { |
| 4414 | struct io_sr_msg *sr = &req->sr_msg; | |
| 4415 | struct iovec __user *uiov; | |
| 4416 | size_t iov_len; | |
| 4417 | int ret; | |
| 4418 | ||
| 1400e697 PB |
4419 | ret = __copy_msghdr_from_user(&iomsg->msg, sr->umsg, |
| 4420 | &iomsg->uaddr, &uiov, &iov_len); | |
| 52de1fe1 JA |
4421 | if (ret) |
| 4422 | return ret; | |
| 4423 | ||
| 4424 | if (req->flags & REQ_F_BUFFER_SELECT) { | |
| 4425 | if (iov_len > 1) | |
| 4426 | return -EINVAL; | |
| 5476dfed | 4427 | if (copy_from_user(iomsg->fast_iov, uiov, sizeof(*uiov))) |
| 52de1fe1 | 4428 | return -EFAULT; |
| 5476dfed | 4429 | sr->len = iomsg->fast_iov[0].iov_len; |
| 257e84a5 | 4430 | iomsg->free_iov = NULL; |
| 52de1fe1 | 4431 | } else { |
| 257e84a5 | 4432 | iomsg->free_iov = iomsg->fast_iov; |
| 89cd35c5 | 4433 | ret = __import_iovec(READ, uiov, iov_len, UIO_FASTIOV, |
| 257e84a5 | 4434 | &iomsg->free_iov, &iomsg->msg.msg_iter, |
| 89cd35c5 | 4435 | false); |
| 52de1fe1 JA |
4436 | if (ret > 0) |
| 4437 | ret = 0; | |
| 4438 | } | |
| 4439 | ||
| 4440 | return ret; | |
| 4441 | } | |
| 4442 | ||
| 4443 | #ifdef CONFIG_COMPAT | |
| 4444 | static int __io_compat_recvmsg_copy_hdr(struct io_kiocb *req, | |
| 1400e697 | 4445 | struct io_async_msghdr *iomsg) |
| 52de1fe1 JA |
4446 | { |
| 4447 | struct compat_msghdr __user *msg_compat; | |
| 4448 | struct io_sr_msg *sr = &req->sr_msg; | |
| 4449 | struct compat_iovec __user *uiov; | |
| 4450 | compat_uptr_t ptr; | |
| 4451 | compat_size_t len; | |
| 4452 | int ret; | |
| 4453 | ||
| 270a5940 | 4454 | msg_compat = (struct compat_msghdr __user *) sr->umsg; |
| 1400e697 | 4455 | ret = __get_compat_msghdr(&iomsg->msg, msg_compat, &iomsg->uaddr, |
| 52de1fe1 JA |
4456 | &ptr, &len); |
| 4457 | if (ret) | |
| 4458 | return ret; | |
| 4459 | ||
| 4460 | uiov = compat_ptr(ptr); | |
| 4461 | if (req->flags & REQ_F_BUFFER_SELECT) { | |
| 4462 | compat_ssize_t clen; | |
| 4463 | ||
| 4464 | if (len > 1) | |
| 4465 | return -EINVAL; | |
| 4466 | if (!access_ok(uiov, sizeof(*uiov))) | |
| 4467 | return -EFAULT; | |
| 4468 | if (__get_user(clen, &uiov->iov_len)) | |
| 4469 | return -EFAULT; | |
| 4470 | if (clen < 0) | |
| 4471 | return -EINVAL; | |
| 2d280bc8 | 4472 | sr->len = clen; |
| 257e84a5 | 4473 | iomsg->free_iov = NULL; |
| 52de1fe1 | 4474 | } else { |
| 257e84a5 | 4475 | iomsg->free_iov = iomsg->fast_iov; |
| 89cd35c5 | 4476 | ret = __import_iovec(READ, (struct iovec __user *)uiov, len, |
| 257e84a5 | 4477 | UIO_FASTIOV, &iomsg->free_iov, |
| 89cd35c5 | 4478 | &iomsg->msg.msg_iter, true); |
| 52de1fe1 JA |
4479 | if (ret < 0) |
| 4480 | return ret; | |
| 4481 | } | |
| 4482 | ||
| 4483 | return 0; | |
| 4484 | } | |
| 4485 | #endif | |
| 4486 | ||
| 1400e697 PB |
4487 | static int io_recvmsg_copy_hdr(struct io_kiocb *req, |
| 4488 | struct io_async_msghdr *iomsg) | |
| 52de1fe1 | 4489 | { |
| 1400e697 | 4490 | iomsg->msg.msg_name = &iomsg->addr; |
| 52de1fe1 JA |
4491 | |
| 4492 | #ifdef CONFIG_COMPAT | |
| 4493 | if (req->ctx->compat) | |
| 1400e697 | 4494 | return __io_compat_recvmsg_copy_hdr(req, iomsg); |
| fddaface | 4495 | #endif |
| 52de1fe1 | 4496 | |
| 1400e697 | 4497 | return __io_recvmsg_copy_hdr(req, iomsg); |
| 52de1fe1 JA |
4498 | } |
| 4499 | ||
| bcda7baa | 4500 | static struct io_buffer *io_recv_buffer_select(struct io_kiocb *req, |
| 7fbb1b54 | 4501 | bool needs_lock) |
| bcda7baa JA |
4502 | { |
| 4503 | struct io_sr_msg *sr = &req->sr_msg; | |
| 4504 | struct io_buffer *kbuf; | |
| 4505 | ||
| bcda7baa JA |
4506 | kbuf = io_buffer_select(req, &sr->len, sr->bgid, sr->kbuf, needs_lock); |
| 4507 | if (IS_ERR(kbuf)) | |
| 4508 | return kbuf; | |
| 4509 | ||
| 4510 | sr->kbuf = kbuf; | |
| 4511 | req->flags |= REQ_F_BUFFER_SELECTED; | |
| bcda7baa | 4512 | return kbuf; |
| fddaface JA |
4513 | } |
| 4514 | ||
| 7fbb1b54 PB |
4515 | static inline unsigned int io_put_recv_kbuf(struct io_kiocb *req) |
| 4516 | { | |
| 4517 | return io_put_kbuf(req, req->sr_msg.kbuf); | |
| 4518 | } | |
| 4519 | ||
| 93642ef8 | 4520 | static int io_recvmsg_prep_async(struct io_kiocb *req) |
| aa1fa28f | 4521 | { |
| 99bc4c38 | 4522 | int ret; |
| 3529d8c2 | 4523 | |
| 93642ef8 PB |
4524 | if (!io_op_defs[req->opcode].needs_async_data) |
| 4525 | return 0; | |
| 4526 | ret = io_recvmsg_copy_hdr(req, req->async_data); | |
| 4527 | if (!ret) | |
| 4528 | req->flags |= REQ_F_NEED_CLEANUP; | |
| 4529 | return ret; | |
| 4530 | } | |
| 4531 | ||
| 4532 | static int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) | |
| 4533 | { | |
| 4534 | struct io_sr_msg *sr = &req->sr_msg; | |
| 4535 | ||
| d2b6f48b PB |
4536 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 4537 | return -EINVAL; | |
| 4538 | ||
| 3529d8c2 | 4539 | sr->msg_flags = READ_ONCE(sqe->msg_flags); |
| 270a5940 | 4540 | sr->umsg = u64_to_user_ptr(READ_ONCE(sqe->addr)); |
| 0b7b21e4 | 4541 | sr->len = READ_ONCE(sqe->len); |
| bcda7baa | 4542 | sr->bgid = READ_ONCE(sqe->buf_group); |
| 06b76d44 | 4543 | |
| d8768362 JA |
4544 | #ifdef CONFIG_COMPAT |
| 4545 | if (req->ctx->compat) | |
| 4546 | sr->msg_flags |= MSG_CMSG_COMPAT; | |
| 4547 | #endif | |
| 93642ef8 | 4548 | return 0; |
| aa1fa28f JA |
4549 | } |
| 4550 | ||
| 889fca73 | 4551 | static int io_recvmsg(struct io_kiocb *req, unsigned int issue_flags) |
| aa1fa28f | 4552 | { |
| 6b754c8b | 4553 | struct io_async_msghdr iomsg, *kmsg; |
| 03b1230c | 4554 | struct socket *sock; |
| 7fbb1b54 | 4555 | struct io_buffer *kbuf; |
| 7a7cacba | 4556 | unsigned flags; |
| 52de1fe1 | 4557 | int ret, cflags = 0; |
| 45d189c6 | 4558 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| 03b1230c | 4559 | |
| dba4a925 | 4560 | sock = sock_from_file(req->file); |
| 7a7cacba | 4561 | if (unlikely(!sock)) |
| dba4a925 | 4562 | return -ENOTSOCK; |
| 3529d8c2 | 4563 | |
| 257e84a5 PB |
4564 | kmsg = req->async_data; |
| 4565 | if (!kmsg) { | |
| 7a7cacba PB |
4566 | ret = io_recvmsg_copy_hdr(req, &iomsg); |
| 4567 | if (ret) | |
| 681fda8d | 4568 | return ret; |
| 7a7cacba PB |
4569 | kmsg = &iomsg; |
| 4570 | } | |
| 03b1230c | 4571 | |
| bc02ef33 | 4572 | if (req->flags & REQ_F_BUFFER_SELECT) { |
| 7fbb1b54 | 4573 | kbuf = io_recv_buffer_select(req, !force_nonblock); |
| bc02ef33 | 4574 | if (IS_ERR(kbuf)) |
| 52de1fe1 | 4575 | return PTR_ERR(kbuf); |
| 7a7cacba | 4576 | kmsg->fast_iov[0].iov_base = u64_to_user_ptr(kbuf->addr); |
| 5476dfed PB |
4577 | kmsg->fast_iov[0].iov_len = req->sr_msg.len; |
| 4578 | iov_iter_init(&kmsg->msg.msg_iter, READ, kmsg->fast_iov, | |
| 7a7cacba PB |
4579 | 1, req->sr_msg.len); |
| 4580 | } | |
| 52de1fe1 | 4581 | |
| 7a7cacba PB |
4582 | flags = req->sr_msg.msg_flags; |
| 4583 | if (flags & MSG_DONTWAIT) | |
| 4584 | req->flags |= REQ_F_NOWAIT; | |
| 4585 | else if (force_nonblock) | |
| 4586 | flags |= MSG_DONTWAIT; | |
| e47293fd | 4587 | |
| 7a7cacba PB |
4588 | ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.umsg, |
| 4589 | kmsg->uaddr, flags); | |
| 0e1b6fe3 PB |
4590 | if (force_nonblock && ret == -EAGAIN) |
| 4591 | return io_setup_async_msg(req, kmsg); | |
| 7a7cacba PB |
4592 | if (ret == -ERESTARTSYS) |
| 4593 | ret = -EINTR; | |
| 03b1230c | 4594 | |
| 7fbb1b54 PB |
4595 | if (req->flags & REQ_F_BUFFER_SELECTED) |
| 4596 | cflags = io_put_recv_kbuf(req); | |
| 257e84a5 PB |
4597 | /* fast path, check for non-NULL to avoid function call */ |
| 4598 | if (kmsg->free_iov) | |
| 4599 | kfree(kmsg->free_iov); | |
| 99bc4c38 | 4600 | req->flags &= ~REQ_F_NEED_CLEANUP; |
| 4e88d6e7 JA |
4601 | if (ret < 0) |
| 4602 | req_set_fail_links(req); | |
| 889fca73 | 4603 | __io_req_complete(req, issue_flags, ret, cflags); |
| 03b1230c | 4604 | return 0; |
| 0fa03c62 | 4605 | } |
| 5d17b4a4 | 4606 | |
| 889fca73 | 4607 | static int io_recv(struct io_kiocb *req, unsigned int issue_flags) |
| fddaface | 4608 | { |
| 6b754c8b | 4609 | struct io_buffer *kbuf; |
| 7a7cacba PB |
4610 | struct io_sr_msg *sr = &req->sr_msg; |
| 4611 | struct msghdr msg; | |
| 4612 | void __user *buf = sr->buf; | |
| fddaface | 4613 | struct socket *sock; |
| 7a7cacba PB |
4614 | struct iovec iov; |
| 4615 | unsigned flags; | |
| bcda7baa | 4616 | int ret, cflags = 0; |
| 45d189c6 | 4617 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| fddaface | 4618 | |
| dba4a925 | 4619 | sock = sock_from_file(req->file); |
| 7a7cacba | 4620 | if (unlikely(!sock)) |
| dba4a925 | 4621 | return -ENOTSOCK; |
| fddaface | 4622 | |
| bc02ef33 | 4623 | if (req->flags & REQ_F_BUFFER_SELECT) { |
| 7fbb1b54 | 4624 | kbuf = io_recv_buffer_select(req, !force_nonblock); |
| bcda7baa JA |
4625 | if (IS_ERR(kbuf)) |
| 4626 | return PTR_ERR(kbuf); | |
| 7a7cacba | 4627 | buf = u64_to_user_ptr(kbuf->addr); |
| bc02ef33 | 4628 | } |
| bcda7baa | 4629 | |
| 7a7cacba | 4630 | ret = import_single_range(READ, buf, sr->len, &iov, &msg.msg_iter); |
| 14c32eee PB |
4631 | if (unlikely(ret)) |
| 4632 | goto out_free; | |
| fddaface | 4633 | |
| 7a7cacba PB |
4634 | msg.msg_name = NULL; |
| 4635 | msg.msg_control = NULL; | |
| 4636 | msg.msg_controllen = 0; | |
| 4637 | msg.msg_namelen = 0; | |
| 4638 | msg.msg_iocb = NULL; | |
| 4639 | msg.msg_flags = 0; | |
| fddaface | 4640 | |
| 7a7cacba PB |
4641 | flags = req->sr_msg.msg_flags; |
| 4642 | if (flags & MSG_DONTWAIT) | |
| 4643 | req->flags |= REQ_F_NOWAIT; | |
| 4644 | else if (force_nonblock) | |
| 4645 | flags |= MSG_DONTWAIT; | |
| 4646 | ||
| 4647 | ret = sock_recvmsg(sock, &msg, flags); | |
| 4648 | if (force_nonblock && ret == -EAGAIN) | |
| 4649 | return -EAGAIN; | |
| 4650 | if (ret == -ERESTARTSYS) | |
| 4651 | ret = -EINTR; | |
| 14c32eee | 4652 | out_free: |
| 7fbb1b54 PB |
4653 | if (req->flags & REQ_F_BUFFER_SELECTED) |
| 4654 | cflags = io_put_recv_kbuf(req); | |
| fddaface JA |
4655 | if (ret < 0) |
| 4656 | req_set_fail_links(req); | |
| 889fca73 | 4657 | __io_req_complete(req, issue_flags, ret, cflags); |
| fddaface | 4658 | return 0; |
| fddaface JA |
4659 | } |
| 4660 | ||
| 3529d8c2 | 4661 | static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 17f2fe35 | 4662 | { |
| 8ed8d3c3 JA |
4663 | struct io_accept *accept = &req->accept; |
| 4664 | ||
| 14587a46 | 4665 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 17f2fe35 | 4666 | return -EINVAL; |
| 8042d6ce | 4667 | if (sqe->ioprio || sqe->len || sqe->buf_index) |
| 17f2fe35 JA |
4668 | return -EINVAL; |
| 4669 | ||
| d55e5f5b JA |
4670 | accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); |
| 4671 | accept->addr_len = u64_to_user_ptr(READ_ONCE(sqe->addr2)); | |
| 8ed8d3c3 | 4672 | accept->flags = READ_ONCE(sqe->accept_flags); |
| 09952e3e | 4673 | accept->nofile = rlimit(RLIMIT_NOFILE); |
| 8ed8d3c3 | 4674 | return 0; |
| 8ed8d3c3 | 4675 | } |
| 17f2fe35 | 4676 | |
| 889fca73 | 4677 | static int io_accept(struct io_kiocb *req, unsigned int issue_flags) |
| 8ed8d3c3 JA |
4678 | { |
| 4679 | struct io_accept *accept = &req->accept; | |
| 45d189c6 | 4680 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| ac45abc0 | 4681 | unsigned int file_flags = force_nonblock ? O_NONBLOCK : 0; |
| 8ed8d3c3 JA |
4682 | int ret; |
| 4683 | ||
| e697deed JX |
4684 | if (req->file->f_flags & O_NONBLOCK) |
| 4685 | req->flags |= REQ_F_NOWAIT; | |
| 4686 | ||
| 8ed8d3c3 | 4687 | ret = __sys_accept4_file(req->file, file_flags, accept->addr, |
| 09952e3e JA |
4688 | accept->addr_len, accept->flags, |
| 4689 | accept->nofile); | |
| 8ed8d3c3 | 4690 | if (ret == -EAGAIN && force_nonblock) |
| 17f2fe35 | 4691 | return -EAGAIN; |
| ac45abc0 PB |
4692 | if (ret < 0) { |
| 4693 | if (ret == -ERESTARTSYS) | |
| 4694 | ret = -EINTR; | |
| 4e88d6e7 | 4695 | req_set_fail_links(req); |
| ac45abc0 | 4696 | } |
| 889fca73 | 4697 | __io_req_complete(req, issue_flags, ret, 0); |
| 17f2fe35 | 4698 | return 0; |
| 8ed8d3c3 JA |
4699 | } |
| 4700 | ||
| 93642ef8 PB |
4701 | static int io_connect_prep_async(struct io_kiocb *req) |
| 4702 | { | |
| 4703 | struct io_async_connect *io = req->async_data; | |
| 4704 | struct io_connect *conn = &req->connect; | |
| 4705 | ||
| 4706 | return move_addr_to_kernel(conn->addr, conn->addr_len, &io->address); | |
| 4707 | } | |
| 4708 | ||
| 3529d8c2 | 4709 | static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| f499a021 | 4710 | { |
| 3529d8c2 | 4711 | struct io_connect *conn = &req->connect; |
| f499a021 | 4712 | |
| 14587a46 | 4713 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 3fbb51c1 JA |
4714 | return -EINVAL; |
| 4715 | if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags) | |
| 4716 | return -EINVAL; | |
| 4717 | ||
| 3529d8c2 JA |
4718 | conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); |
| 4719 | conn->addr_len = READ_ONCE(sqe->addr2); | |
| 93642ef8 | 4720 | return 0; |
| f499a021 JA |
4721 | } |
| 4722 | ||
| 889fca73 | 4723 | static int io_connect(struct io_kiocb *req, unsigned int issue_flags) |
| f8e85cf2 | 4724 | { |
| e8c2bc1f | 4725 | struct io_async_connect __io, *io; |
| f8e85cf2 | 4726 | unsigned file_flags; |
| 3fbb51c1 | 4727 | int ret; |
| 45d189c6 | 4728 | bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; |
| f8e85cf2 | 4729 | |
| e8c2bc1f JA |
4730 | if (req->async_data) { |
| 4731 | io = req->async_data; | |
| f499a021 | 4732 | } else { |
| 3529d8c2 JA |
4733 | ret = move_addr_to_kernel(req->connect.addr, |
| 4734 | req->connect.addr_len, | |
| e8c2bc1f | 4735 | &__io.address); |
| f499a021 JA |
4736 | if (ret) |
| 4737 | goto out; | |
| 4738 | io = &__io; | |
| 4739 | } | |
| 4740 | ||
| 3fbb51c1 JA |
4741 | file_flags = force_nonblock ? O_NONBLOCK : 0; |
| 4742 | ||
| e8c2bc1f | 4743 | ret = __sys_connect_file(req->file, &io->address, |
| 3fbb51c1 | 4744 | req->connect.addr_len, file_flags); |
| 87f80d62 | 4745 | if ((ret == -EAGAIN || ret == -EINPROGRESS) && force_nonblock) { |
| e8c2bc1f | 4746 | if (req->async_data) |
| b7bb4f7d | 4747 | return -EAGAIN; |
| e8c2bc1f | 4748 | if (io_alloc_async_data(req)) { |
| f499a021 JA |
4749 | ret = -ENOMEM; |
| 4750 | goto out; | |
| 4751 | } | |
| e8c2bc1f JA |
4752 | io = req->async_data; |
| 4753 | memcpy(req->async_data, &__io, sizeof(__io)); | |
| f8e85cf2 | 4754 | return -EAGAIN; |
| f499a021 | 4755 | } |
| f8e85cf2 JA |
4756 | if (ret == -ERESTARTSYS) |
| 4757 | ret = -EINTR; | |
| f499a021 | 4758 | out: |
| 4e88d6e7 JA |
4759 | if (ret < 0) |
| 4760 | req_set_fail_links(req); | |
| 889fca73 | 4761 | __io_req_complete(req, issue_flags, ret, 0); |
| f8e85cf2 | 4762 | return 0; |
| 469956e8 Y |
4763 | } |
| 4764 | #else /* !CONFIG_NET */ | |
| 99a10081 JA |
4765 | #define IO_NETOP_FN(op) \ |
| 4766 | static int io_##op(struct io_kiocb *req, unsigned int issue_flags) \ | |
| 4767 | { \ | |
| 4768 | return -EOPNOTSUPP; \ | |
| 4769 | } | |
| 4770 | ||
| 4771 | #define IO_NETOP_PREP(op) \ | |
| 4772 | IO_NETOP_FN(op) \ | |
| 4773 | static int io_##op##_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) \ | |
| 4774 | { \ | |
| 4775 | return -EOPNOTSUPP; \ | |
| 4776 | } \ | |
| 4777 | ||
| 4778 | #define IO_NETOP_PREP_ASYNC(op) \ | |
| 4779 | IO_NETOP_PREP(op) \ | |
| 4780 | static int io_##op##_prep_async(struct io_kiocb *req) \ | |
| 4781 | { \ | |
| 4782 | return -EOPNOTSUPP; \ | |
| 4783 | } | |
| 4784 | ||
| 4785 | IO_NETOP_PREP_ASYNC(sendmsg); | |
| 4786 | IO_NETOP_PREP_ASYNC(recvmsg); | |
| 4787 | IO_NETOP_PREP_ASYNC(connect); | |
| 4788 | IO_NETOP_PREP(accept); | |
| 4789 | IO_NETOP_FN(send); | |
| 4790 | IO_NETOP_FN(recv); | |
| 469956e8 | 4791 | #endif /* CONFIG_NET */ |
| f8e85cf2 | 4792 | |
| d7718a9d JA |
4793 | struct io_poll_table { |
| 4794 | struct poll_table_struct pt; | |
| 4795 | struct io_kiocb *req; | |
| 4796 | int error; | |
| 4797 | }; | |
| ce593a6c | 4798 | |
| d7718a9d JA |
4799 | static int __io_async_wake(struct io_kiocb *req, struct io_poll_iocb *poll, |
| 4800 | __poll_t mask, task_work_func_t func) | |
| 4801 | { | |
| aa96bf8a | 4802 | int ret; |
| d7718a9d JA |
4803 | |
| 4804 | /* for instances that support it check for an event match first: */ | |
| 4805 | if (mask && !(mask & poll->events)) | |
| 4806 | return 0; | |
| 4807 | ||
| 4808 | trace_io_uring_task_add(req->ctx, req->opcode, req->user_data, mask); | |
| 4809 | ||
| 4810 | list_del_init(&poll->wait.entry); | |
| 4811 | ||
| d7718a9d | 4812 | req->result = mask; |
| 7cbf1722 | 4813 | req->task_work.func = func; |
| 6d816e08 JA |
4814 | percpu_ref_get(&req->ctx->refs); |
| 4815 | ||
| d7718a9d | 4816 | /* |
| e3aabf95 JA |
4817 | * If this fails, then the task is exiting. When a task exits, the |
| 4818 | * work gets canceled, so just cancel this request as well instead | |
| 4819 | * of executing it. We can't safely execute it anyway, as we may not | |
| 4820 | * have the needed state needed for it anyway. | |
| d7718a9d | 4821 | */ |
| 355fb9e2 | 4822 | ret = io_req_task_work_add(req); |
| aa96bf8a | 4823 | if (unlikely(ret)) { |
| e3aabf95 | 4824 | WRITE_ONCE(poll->canceled, true); |
| eab30c4d | 4825 | io_req_task_work_add_fallback(req, func); |
| aa96bf8a | 4826 | } |
| d7718a9d JA |
4827 | return 1; |
| 4828 | } | |
| 4829 | ||
| 74ce6ce4 JA |
4830 | static bool io_poll_rewait(struct io_kiocb *req, struct io_poll_iocb *poll) |
| 4831 | __acquires(&req->ctx->completion_lock) | |
| 4832 | { | |
| 4833 | struct io_ring_ctx *ctx = req->ctx; | |
| 4834 | ||
| 4835 | if (!req->result && !READ_ONCE(poll->canceled)) { | |
| 4836 | struct poll_table_struct pt = { ._key = poll->events }; | |
| 4837 | ||
| 4838 | req->result = vfs_poll(req->file, &pt) & poll->events; | |
| 4839 | } | |
| 4840 | ||
| 4841 | spin_lock_irq(&ctx->completion_lock); | |
| 4842 | if (!req->result && !READ_ONCE(poll->canceled)) { | |
| 4843 | add_wait_queue(poll->head, &poll->wait); | |
| 4844 | return true; | |
| 4845 | } | |
| 4846 | ||
| 4847 | return false; | |
| 4848 | } | |
| 4849 | ||
| d4e7cd36 | 4850 | static struct io_poll_iocb *io_poll_get_double(struct io_kiocb *req) |
| 18bceab1 | 4851 | { |
| e8c2bc1f | 4852 | /* pure poll stashes this in ->async_data, poll driven retry elsewhere */ |
| d4e7cd36 | 4853 | if (req->opcode == IORING_OP_POLL_ADD) |
| e8c2bc1f | 4854 | return req->async_data; |
| d4e7cd36 JA |
4855 | return req->apoll->double_poll; |
| 4856 | } | |
| 4857 | ||
| 4858 | static struct io_poll_iocb *io_poll_get_single(struct io_kiocb *req) | |
| 4859 | { | |
| 4860 | if (req->opcode == IORING_OP_POLL_ADD) | |
| 4861 | return &req->poll; | |
| 4862 | return &req->apoll->poll; | |
| 4863 | } | |
| 4864 | ||
| 4865 | static void io_poll_remove_double(struct io_kiocb *req) | |
| 4866 | { | |
| 4867 | struct io_poll_iocb *poll = io_poll_get_double(req); | |
| 18bceab1 JA |
4868 | |
| 4869 | lockdep_assert_held(&req->ctx->completion_lock); | |
| 4870 | ||
| 4871 | if (poll && poll->head) { | |
| 4872 | struct wait_queue_head *head = poll->head; | |
| 4873 | ||
| 4874 | spin_lock(&head->lock); | |
| 4875 | list_del_init(&poll->wait.entry); | |
| 4876 | if (poll->wait.private) | |
| 4877 | refcount_dec(&req->refs); | |
| 4878 | poll->head = NULL; | |
| 4879 | spin_unlock(&head->lock); | |
| 4880 | } | |
| 4881 | } | |
| 4882 | ||
| 4883 | static void io_poll_complete(struct io_kiocb *req, __poll_t mask, int error) | |
| 4884 | { | |
| 4885 | struct io_ring_ctx *ctx = req->ctx; | |
| 4886 | ||
| d4e7cd36 | 4887 | io_poll_remove_double(req); |
| 18bceab1 JA |
4888 | req->poll.done = true; |
| 4889 | io_cqring_fill_event(req, error ? error : mangle_poll(mask)); | |
| 4890 | io_commit_cqring(ctx); | |
| 4891 | } | |
| 4892 | ||
| dd221f46 | 4893 | static void io_poll_task_func(struct callback_head *cb) |
| 18bceab1 | 4894 | { |
| dd221f46 | 4895 | struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work); |
| 18bceab1 | 4896 | struct io_ring_ctx *ctx = req->ctx; |
| dd221f46 | 4897 | struct io_kiocb *nxt; |
| 18bceab1 JA |
4898 | |
| 4899 | if (io_poll_rewait(req, &req->poll)) { | |
| 4900 | spin_unlock_irq(&ctx->completion_lock); | |
| dd221f46 PB |
4901 | } else { |
| 4902 | hash_del(&req->hash_node); | |
| 4903 | io_poll_complete(req, req->result, 0); | |
| 4904 | spin_unlock_irq(&ctx->completion_lock); | |
| 18bceab1 | 4905 | |
| dd221f46 PB |
4906 | nxt = io_put_req_find_next(req); |
| 4907 | io_cqring_ev_posted(ctx); | |
| 4908 | if (nxt) | |
| 4909 | __io_req_task_submit(nxt); | |
| 4910 | } | |
| 18bceab1 | 4911 | |
| 6d816e08 | 4912 | percpu_ref_put(&ctx->refs); |
| 18bceab1 JA |
4913 | } |
| 4914 | ||
| 4915 | static int io_poll_double_wake(struct wait_queue_entry *wait, unsigned mode, | |
| 4916 | int sync, void *key) | |
| 4917 | { | |
| 4918 | struct io_kiocb *req = wait->private; | |
| d4e7cd36 | 4919 | struct io_poll_iocb *poll = io_poll_get_single(req); |
| 18bceab1 JA |
4920 | __poll_t mask = key_to_poll(key); |
| 4921 | ||
| 4922 | /* for instances that support it check for an event match first: */ | |
| 4923 | if (mask && !(mask & poll->events)) | |
| 4924 | return 0; | |
| 4925 | ||
| 8706e04e JA |
4926 | list_del_init(&wait->entry); |
| 4927 | ||
| 807abcb0 | 4928 | if (poll && poll->head) { |
| 18bceab1 JA |
4929 | bool done; |
| 4930 | ||
| 807abcb0 JA |
4931 | spin_lock(&poll->head->lock); |
| 4932 | done = list_empty(&poll->wait.entry); | |
| 18bceab1 | 4933 | if (!done) |
| 807abcb0 | 4934 | list_del_init(&poll->wait.entry); |
| d4e7cd36 JA |
4935 | /* make sure double remove sees this as being gone */ |
| 4936 | wait->private = NULL; | |
| 807abcb0 | 4937 | spin_unlock(&poll->head->lock); |
| c8b5e260 JA |
4938 | if (!done) { |
| 4939 | /* use wait func handler, so it matches the rq type */ | |
| 4940 | poll->wait.func(&poll->wait, mode, sync, key); | |
| 4941 | } | |
| 18bceab1 JA |
4942 | } |
| 4943 | refcount_dec(&req->refs); | |
| 4944 | return 1; | |
| 4945 | } | |
| 4946 | ||
| 4947 | static void io_init_poll_iocb(struct io_poll_iocb *poll, __poll_t events, | |
| 4948 | wait_queue_func_t wake_func) | |
| 4949 | { | |
| 4950 | poll->head = NULL; | |
| 4951 | poll->done = false; | |
| 4952 | poll->canceled = false; | |
| 4953 | poll->events = events; | |
| 4954 | INIT_LIST_HEAD(&poll->wait.entry); | |
| 4955 | init_waitqueue_func_entry(&poll->wait, wake_func); | |
| 4956 | } | |
| 4957 | ||
| 4958 | static void __io_queue_proc(struct io_poll_iocb *poll, struct io_poll_table *pt, | |
| 807abcb0 JA |
4959 | struct wait_queue_head *head, |
| 4960 | struct io_poll_iocb **poll_ptr) | |
| 18bceab1 JA |
4961 | { |
| 4962 | struct io_kiocb *req = pt->req; | |
| 4963 | ||
| 4964 | /* | |
| 4965 | * If poll->head is already set, it's because the file being polled | |
| 4966 | * uses multiple waitqueues for poll handling (eg one for read, one | |
| 4967 | * for write). Setup a separate io_poll_iocb if this happens. | |
| 4968 | */ | |
| 4969 | if (unlikely(poll->head)) { | |
| 58852d4d PB |
4970 | struct io_poll_iocb *poll_one = poll; |
| 4971 | ||
| 18bceab1 | 4972 | /* already have a 2nd entry, fail a third attempt */ |
| 807abcb0 | 4973 | if (*poll_ptr) { |
| 18bceab1 JA |
4974 | pt->error = -EINVAL; |
| 4975 | return; | |
| 4976 | } | |
| 1c3b3e65 JA |
4977 | /* double add on the same waitqueue head, ignore */ |
| 4978 | if (poll->head == head) | |
| 4979 | return; | |
| 18bceab1 JA |
4980 | poll = kmalloc(sizeof(*poll), GFP_ATOMIC); |
| 4981 | if (!poll) { | |
| 4982 | pt->error = -ENOMEM; | |
| 4983 | return; | |
| 4984 | } | |
| 58852d4d | 4985 | io_init_poll_iocb(poll, poll_one->events, io_poll_double_wake); |
| 18bceab1 JA |
4986 | refcount_inc(&req->refs); |
| 4987 | poll->wait.private = req; | |
| 807abcb0 | 4988 | *poll_ptr = poll; |
| 18bceab1 JA |
4989 | } |
| 4990 | ||
| 4991 | pt->error = 0; | |
| 4992 | poll->head = head; | |
| a31eb4a2 JX |
4993 | |
| 4994 | if (poll->events & EPOLLEXCLUSIVE) | |
| 4995 | add_wait_queue_exclusive(head, &poll->wait); | |
| 4996 | else | |
| 4997 | add_wait_queue(head, &poll->wait); | |
| 18bceab1 JA |
4998 | } |
| 4999 | ||
| 5000 | static void io_async_queue_proc(struct file *file, struct wait_queue_head *head, | |
| 5001 | struct poll_table_struct *p) | |
| 5002 | { | |
| 5003 | struct io_poll_table *pt = container_of(p, struct io_poll_table, pt); | |
| 807abcb0 | 5004 | struct async_poll *apoll = pt->req->apoll; |
| 18bceab1 | 5005 | |
| 807abcb0 | 5006 | __io_queue_proc(&apoll->poll, pt, head, &apoll->double_poll); |
| 18bceab1 JA |
5007 | } |
| 5008 | ||
| d7718a9d JA |
5009 | static void io_async_task_func(struct callback_head *cb) |
| 5010 | { | |
| 5011 | struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work); | |
| 5012 | struct async_poll *apoll = req->apoll; | |
| 5013 | struct io_ring_ctx *ctx = req->ctx; | |
| 5014 | ||
| 5015 | trace_io_uring_task_run(req->ctx, req->opcode, req->user_data); | |
| 5016 | ||
| 74ce6ce4 | 5017 | if (io_poll_rewait(req, &apoll->poll)) { |
| d7718a9d | 5018 | spin_unlock_irq(&ctx->completion_lock); |
| 6d816e08 | 5019 | percpu_ref_put(&ctx->refs); |
| 74ce6ce4 | 5020 | return; |
| d7718a9d JA |
5021 | } |
| 5022 | ||
| 31067255 | 5023 | /* If req is still hashed, it cannot have been canceled. Don't check. */ |
| 0be0b0e3 | 5024 | if (hash_hashed(&req->hash_node)) |
| 74ce6ce4 | 5025 | hash_del(&req->hash_node); |
| 2bae047e | 5026 | |
| d4e7cd36 | 5027 | io_poll_remove_double(req); |
| 74ce6ce4 JA |
5028 | spin_unlock_irq(&ctx->completion_lock); |
| 5029 | ||
| 0be0b0e3 PB |
5030 | if (!READ_ONCE(apoll->poll.canceled)) |
| 5031 | __io_req_task_submit(req); | |
| 5032 | else | |
| 5033 | __io_req_task_cancel(req, -ECANCELED); | |
| aa340845 | 5034 | |
| 6d816e08 | 5035 | percpu_ref_put(&ctx->refs); |
| 807abcb0 | 5036 | kfree(apoll->double_poll); |
| 31067255 | 5037 | kfree(apoll); |
| d7718a9d JA |
5038 | } |
| 5039 | ||
| 5040 | static int io_async_wake(struct wait_queue_entry *wait, unsigned mode, int sync, | |
| 5041 | void *key) | |
| 5042 | { | |
| 5043 | struct io_kiocb *req = wait->private; | |
| 5044 | struct io_poll_iocb *poll = &req->apoll->poll; | |
| 5045 | ||
| 5046 | trace_io_uring_poll_wake(req->ctx, req->opcode, req->user_data, | |
| 5047 | key_to_poll(key)); | |
| 5048 | ||
| 5049 | return __io_async_wake(req, poll, key_to_poll(key), io_async_task_func); | |
| 5050 | } | |
| 5051 | ||
| 5052 | static void io_poll_req_insert(struct io_kiocb *req) | |
| 5053 | { | |
| 5054 | struct io_ring_ctx *ctx = req->ctx; | |
| 5055 | struct hlist_head *list; | |
| 5056 | ||
| 5057 | list = &ctx->cancel_hash[hash_long(req->user_data, ctx->cancel_hash_bits)]; | |
| 5058 | hlist_add_head(&req->hash_node, list); | |
| 5059 | } | |
| 5060 | ||
| 5061 | static __poll_t __io_arm_poll_handler(struct io_kiocb *req, | |
| 5062 | struct io_poll_iocb *poll, | |
| 5063 | struct io_poll_table *ipt, __poll_t mask, | |
| 5064 | wait_queue_func_t wake_func) | |
| 5065 | __acquires(&ctx->completion_lock) | |
| 5066 | { | |
| 5067 | struct io_ring_ctx *ctx = req->ctx; | |
| 5068 | bool cancel = false; | |
| 5069 | ||
| 4d52f338 | 5070 | INIT_HLIST_NODE(&req->hash_node); |
| 18bceab1 | 5071 | io_init_poll_iocb(poll, mask, wake_func); |
| b90cd197 | 5072 | poll->file = req->file; |
| 18bceab1 | 5073 | poll->wait.private = req; |
| d7718a9d JA |
5074 | |
| 5075 | ipt->pt._key = mask; | |
| 5076 | ipt->req = req; | |
| 5077 | ipt->error = -EINVAL; | |
| 5078 | ||
| d7718a9d JA |
5079 | mask = vfs_poll(req->file, &ipt->pt) & poll->events; |
| 5080 | ||
| 5081 | spin_lock_irq(&ctx->completion_lock); | |
| 5082 | if (likely(poll->head)) { | |
| 5083 | spin_lock(&poll->head->lock); | |
| 5084 | if (unlikely(list_empty(&poll->wait.entry))) { | |
| 5085 | if (ipt->error) | |
| 5086 | cancel = true; | |
| 5087 | ipt->error = 0; | |
| 5088 | mask = 0; | |
| 5089 | } | |
| 5090 | if (mask || ipt->error) | |
| 5091 | list_del_init(&poll->wait.entry); | |
| 5092 | else if (cancel) | |
| 5093 | WRITE_ONCE(poll->canceled, true); | |
| 5094 | else if (!poll->done) /* actually waiting for an event */ | |
| 5095 | io_poll_req_insert(req); | |
| 5096 | spin_unlock(&poll->head->lock); | |
| 5097 | } | |
| 5098 | ||
| 5099 | return mask; | |
| 5100 | } | |
| 5101 | ||
| 5102 | static bool io_arm_poll_handler(struct io_kiocb *req) | |
| 5103 | { | |
| 5104 | const struct io_op_def *def = &io_op_defs[req->opcode]; | |
| 5105 | struct io_ring_ctx *ctx = req->ctx; | |
| 5106 | struct async_poll *apoll; | |
| 5107 | struct io_poll_table ipt; | |
| 5108 | __poll_t mask, ret; | |
| 9dab14b8 | 5109 | int rw; |
| d7718a9d JA |
5110 | |
| 5111 | if (!req->file || !file_can_poll(req->file)) | |
| 5112 | return false; | |
| 24c74678 | 5113 | if (req->flags & REQ_F_POLLED) |
| d7718a9d | 5114 | return false; |
| 9dab14b8 JA |
5115 | if (def->pollin) |
| 5116 | rw = READ; | |
| 5117 | else if (def->pollout) | |
| 5118 | rw = WRITE; | |
| 5119 | else | |
| 5120 | return false; | |
| 5121 | /* if we can't nonblock try, then no point in arming a poll handler */ | |
| 5122 | if (!io_file_supports_async(req->file, rw)) | |
| d7718a9d JA |
5123 | return false; |
| 5124 | ||
| 5125 | apoll = kmalloc(sizeof(*apoll), GFP_ATOMIC); | |
| 5126 | if (unlikely(!apoll)) | |
| 5127 | return false; | |
| 807abcb0 | 5128 | apoll->double_poll = NULL; |
| d7718a9d JA |
5129 | |
| 5130 | req->flags |= REQ_F_POLLED; | |
| d7718a9d | 5131 | req->apoll = apoll; |
| d7718a9d | 5132 | |
| 8755d97a | 5133 | mask = 0; |
| d7718a9d | 5134 | if (def->pollin) |
| 8755d97a | 5135 | mask |= POLLIN | POLLRDNORM; |
| d7718a9d JA |
5136 | if (def->pollout) |
| 5137 | mask |= POLLOUT | POLLWRNORM; | |
| 901341bb LH |
5138 | |
| 5139 | /* If reading from MSG_ERRQUEUE using recvmsg, ignore POLLIN */ | |
| 5140 | if ((req->opcode == IORING_OP_RECVMSG) && | |
| 5141 | (req->sr_msg.msg_flags & MSG_ERRQUEUE)) | |
| 5142 | mask &= ~POLLIN; | |
| 5143 | ||
| d7718a9d JA |
5144 | mask |= POLLERR | POLLPRI; |
| 5145 | ||
| 5146 | ipt.pt._qproc = io_async_queue_proc; | |
| 5147 | ||
| 5148 | ret = __io_arm_poll_handler(req, &apoll->poll, &ipt, mask, | |
| 5149 | io_async_wake); | |
| a36da65c | 5150 | if (ret || ipt.error) { |
| d4e7cd36 | 5151 | io_poll_remove_double(req); |
| d7718a9d | 5152 | spin_unlock_irq(&ctx->completion_lock); |
| 807abcb0 | 5153 | kfree(apoll->double_poll); |
| d7718a9d JA |
5154 | kfree(apoll); |
| 5155 | return false; | |
| 5156 | } | |
| 5157 | spin_unlock_irq(&ctx->completion_lock); | |
| 5158 | trace_io_uring_poll_arm(ctx, req->opcode, req->user_data, mask, | |
| 5159 | apoll->poll.events); | |
| 5160 | return true; | |
| 5161 | } | |
| 5162 | ||
| 5163 | static bool __io_poll_remove_one(struct io_kiocb *req, | |
| 5164 | struct io_poll_iocb *poll) | |
| 221c5eb2 | 5165 | { |
| b41e9852 | 5166 | bool do_complete = false; |
| 221c5eb2 JA |
5167 | |
| 5168 | spin_lock(&poll->head->lock); | |
| 5169 | WRITE_ONCE(poll->canceled, true); | |
| 392edb45 JA |
5170 | if (!list_empty(&poll->wait.entry)) { |
| 5171 | list_del_init(&poll->wait.entry); | |
| b41e9852 | 5172 | do_complete = true; |
| 221c5eb2 JA |
5173 | } |
| 5174 | spin_unlock(&poll->head->lock); | |
| 3bfa5bcb | 5175 | hash_del(&req->hash_node); |
| d7718a9d JA |
5176 | return do_complete; |
| 5177 | } | |
| 5178 | ||
| 5179 | static bool io_poll_remove_one(struct io_kiocb *req) | |
| 5180 | { | |
| 5181 | bool do_complete; | |
| 5182 | ||
| d4e7cd36 JA |
5183 | io_poll_remove_double(req); |
| 5184 | ||
| d7718a9d JA |
5185 | if (req->opcode == IORING_OP_POLL_ADD) { |
| 5186 | do_complete = __io_poll_remove_one(req, &req->poll); | |
| 5187 | } else { | |
| 3bfa5bcb JA |
5188 | struct async_poll *apoll = req->apoll; |
| 5189 | ||
| d7718a9d | 5190 | /* non-poll requests have submit ref still */ |
| 3bfa5bcb JA |
5191 | do_complete = __io_poll_remove_one(req, &apoll->poll); |
| 5192 | if (do_complete) { | |
| d7718a9d | 5193 | io_put_req(req); |
| 807abcb0 | 5194 | kfree(apoll->double_poll); |
| 3bfa5bcb JA |
5195 | kfree(apoll); |
| 5196 | } | |
| b1f573bd XW |
5197 | } |
| 5198 | ||
| b41e9852 JA |
5199 | if (do_complete) { |
| 5200 | io_cqring_fill_event(req, -ECANCELED); | |
| 5201 | io_commit_cqring(req->ctx); | |
| f254ac04 | 5202 | req_set_fail_links(req); |
| 216578e5 | 5203 | io_put_req_deferred(req, 1); |
| b41e9852 JA |
5204 | } |
| 5205 | ||
| 5206 | return do_complete; | |
| 221c5eb2 JA |
5207 | } |
| 5208 | ||
| 76e1b642 JA |
5209 | /* |
| 5210 | * Returns true if we found and killed one or more poll requests | |
| 5211 | */ | |
| 6b81928d PB |
5212 | static bool io_poll_remove_all(struct io_ring_ctx *ctx, struct task_struct *tsk, |
| 5213 | struct files_struct *files) | |
| 221c5eb2 | 5214 | { |
| 78076bb6 | 5215 | struct hlist_node *tmp; |
| 221c5eb2 | 5216 | struct io_kiocb *req; |
| 8e2e1faf | 5217 | int posted = 0, i; |
| 221c5eb2 JA |
5218 | |
| 5219 | spin_lock_irq(&ctx->completion_lock); | |
| 78076bb6 JA |
5220 | for (i = 0; i < (1U << ctx->cancel_hash_bits); i++) { |
| 5221 | struct hlist_head *list; | |
| 5222 | ||
| 5223 | list = &ctx->cancel_hash[i]; | |
| f3606e3a | 5224 | hlist_for_each_entry_safe(req, tmp, list, hash_node) { |
| 6b81928d | 5225 | if (io_match_task(req, tsk, files)) |
| f3606e3a JA |
5226 | posted += io_poll_remove_one(req); |
| 5227 | } | |
| 221c5eb2 JA |
5228 | } |
| 5229 | spin_unlock_irq(&ctx->completion_lock); | |
| b41e9852 | 5230 | |
| 8e2e1faf JA |
5231 | if (posted) |
| 5232 | io_cqring_ev_posted(ctx); | |
| 76e1b642 JA |
5233 | |
| 5234 | return posted != 0; | |
| 221c5eb2 JA |
5235 | } |
| 5236 | ||
| 47f46768 JA |
5237 | static int io_poll_cancel(struct io_ring_ctx *ctx, __u64 sqe_addr) |
| 5238 | { | |
| 78076bb6 | 5239 | struct hlist_head *list; |
| 47f46768 JA |
5240 | struct io_kiocb *req; |
| 5241 | ||
| 78076bb6 JA |
5242 | list = &ctx->cancel_hash[hash_long(sqe_addr, ctx->cancel_hash_bits)]; |
| 5243 | hlist_for_each_entry(req, list, hash_node) { | |
| b41e9852 JA |
5244 | if (sqe_addr != req->user_data) |
| 5245 | continue; | |
| 5246 | if (io_poll_remove_one(req)) | |
| eac406c6 | 5247 | return 0; |
| b41e9852 | 5248 | return -EALREADY; |
| 47f46768 JA |
5249 | } |
| 5250 | ||
| 5251 | return -ENOENT; | |
| 5252 | } | |
| 5253 | ||
| 3529d8c2 JA |
5254 | static int io_poll_remove_prep(struct io_kiocb *req, |
| 5255 | const struct io_uring_sqe *sqe) | |
| 0969e783 | 5256 | { |
| 0969e783 JA |
5257 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 5258 | return -EINVAL; | |
| 5259 | if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index || | |
| 5260 | sqe->poll_events) | |
| 5261 | return -EINVAL; | |
| 5262 | ||
| 018043be | 5263 | req->poll_remove.addr = READ_ONCE(sqe->addr); |
| 0969e783 JA |
5264 | return 0; |
| 5265 | } | |
| 5266 | ||
| 221c5eb2 JA |
5267 | /* |
| 5268 | * Find a running poll command that matches one specified in sqe->addr, | |
| 5269 | * and remove it if found. | |
| 5270 | */ | |
| 61e98203 | 5271 | static int io_poll_remove(struct io_kiocb *req, unsigned int issue_flags) |
| 221c5eb2 JA |
5272 | { |
| 5273 | struct io_ring_ctx *ctx = req->ctx; | |
| 47f46768 | 5274 | int ret; |
| 221c5eb2 | 5275 | |
| 221c5eb2 | 5276 | spin_lock_irq(&ctx->completion_lock); |
| 018043be | 5277 | ret = io_poll_cancel(ctx, req->poll_remove.addr); |
| 221c5eb2 JA |
5278 | spin_unlock_irq(&ctx->completion_lock); |
| 5279 | ||
| 4e88d6e7 JA |
5280 | if (ret < 0) |
| 5281 | req_set_fail_links(req); | |
| e1e16097 | 5282 | io_req_complete(req, ret); |
| 221c5eb2 JA |
5283 | return 0; |
| 5284 | } | |
| 5285 | ||
| 221c5eb2 JA |
5286 | static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, |
| 5287 | void *key) | |
| 5288 | { | |
| c2f2eb7d JA |
5289 | struct io_kiocb *req = wait->private; |
| 5290 | struct io_poll_iocb *poll = &req->poll; | |
| 221c5eb2 | 5291 | |
| d7718a9d | 5292 | return __io_async_wake(req, poll, key_to_poll(key), io_poll_task_func); |
| 221c5eb2 JA |
5293 | } |
| 5294 | ||
| 221c5eb2 JA |
5295 | static void io_poll_queue_proc(struct file *file, struct wait_queue_head *head, |
| 5296 | struct poll_table_struct *p) | |
| 5297 | { | |
| 5298 | struct io_poll_table *pt = container_of(p, struct io_poll_table, pt); | |
| 5299 | ||
| e8c2bc1f | 5300 | __io_queue_proc(&pt->req->poll, pt, head, (struct io_poll_iocb **) &pt->req->async_data); |
| eac406c6 JA |
5301 | } |
| 5302 | ||
| 3529d8c2 | 5303 | static int io_poll_add_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| 221c5eb2 JA |
5304 | { |
| 5305 | struct io_poll_iocb *poll = &req->poll; | |
| 5769a351 | 5306 | u32 events; |
| 221c5eb2 JA |
5307 | |
| 5308 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) | |
| 5309 | return -EINVAL; | |
| 5310 | if (sqe->addr || sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) | |
| 5311 | return -EINVAL; | |
| 5312 | ||
| 5769a351 JX |
5313 | events = READ_ONCE(sqe->poll32_events); |
| 5314 | #ifdef __BIG_ENDIAN | |
| 5315 | events = swahw32(events); | |
| 5316 | #endif | |
| a31eb4a2 JX |
5317 | poll->events = demangle_poll(events) | EPOLLERR | EPOLLHUP | |
| 5318 | (events & EPOLLEXCLUSIVE); | |
| 0969e783 JA |
5319 | return 0; |
| 5320 | } | |
| 5321 | ||
| 61e98203 | 5322 | static int io_poll_add(struct io_kiocb *req, unsigned int issue_flags) |
| 0969e783 JA |
5323 | { |
| 5324 | struct io_poll_iocb *poll = &req->poll; | |
| 5325 | struct io_ring_ctx *ctx = req->ctx; | |
| 5326 | struct io_poll_table ipt; | |
| 0969e783 | 5327 | __poll_t mask; |
| 0969e783 | 5328 | |
| d7718a9d | 5329 | ipt.pt._qproc = io_poll_queue_proc; |
| 36703247 | 5330 | |
| d7718a9d JA |
5331 | mask = __io_arm_poll_handler(req, &req->poll, &ipt, poll->events, |
| 5332 | io_poll_wake); | |
| 221c5eb2 | 5333 | |
| 8c838788 | 5334 | if (mask) { /* no async, we'd stolen it */ |
| 221c5eb2 | 5335 | ipt.error = 0; |
| b0dd8a41 | 5336 | io_poll_complete(req, mask, 0); |
| 221c5eb2 | 5337 | } |
| 221c5eb2 JA |
5338 | spin_unlock_irq(&ctx->completion_lock); |
| 5339 | ||
| 8c838788 JA |
5340 | if (mask) { |
| 5341 | io_cqring_ev_posted(ctx); | |
| 014db007 | 5342 | io_put_req(req); |
| 221c5eb2 | 5343 | } |
| 8c838788 | 5344 | return ipt.error; |
| 221c5eb2 JA |
5345 | } |
| 5346 | ||
| 5262f567 JA |
5347 | static enum hrtimer_restart io_timeout_fn(struct hrtimer *timer) |
| 5348 | { | |
| ad8a48ac JA |
5349 | struct io_timeout_data *data = container_of(timer, |
| 5350 | struct io_timeout_data, timer); | |
| 5351 | struct io_kiocb *req = data->req; | |
| 5352 | struct io_ring_ctx *ctx = req->ctx; | |
| 5262f567 JA |
5353 | unsigned long flags; |
| 5354 | ||
| 5262f567 | 5355 | spin_lock_irqsave(&ctx->completion_lock, flags); |
| a71976f3 | 5356 | list_del_init(&req->timeout.list); |
| 01cec8c1 PB |
5357 | atomic_set(&req->ctx->cq_timeouts, |
| 5358 | atomic_read(&req->ctx->cq_timeouts) + 1); | |
| 5359 | ||
| 78e19bbe | 5360 | io_cqring_fill_event(req, -ETIME); |
| 5262f567 JA |
5361 | io_commit_cqring(ctx); |
| 5362 | spin_unlock_irqrestore(&ctx->completion_lock, flags); | |
| 5363 | ||
| 5364 | io_cqring_ev_posted(ctx); | |
| 4e88d6e7 | 5365 | req_set_fail_links(req); |
| 5262f567 JA |
5366 | io_put_req(req); |
| 5367 | return HRTIMER_NORESTART; | |
| 5368 | } | |
| 5369 | ||
| fbd15848 PB |
5370 | static struct io_kiocb *io_timeout_extract(struct io_ring_ctx *ctx, |
| 5371 | __u64 user_data) | |
| f254ac04 | 5372 | { |
| fbd15848 | 5373 | struct io_timeout_data *io; |
| 47f46768 JA |
5374 | struct io_kiocb *req; |
| 5375 | int ret = -ENOENT; | |
| f254ac04 | 5376 | |
| 135fcde8 | 5377 | list_for_each_entry(req, &ctx->timeout_list, timeout.list) { |
| 47f46768 | 5378 | if (user_data == req->user_data) { |
| 47f46768 JA |
5379 | ret = 0; |
| 5380 | break; | |
| 5381 | } | |
| 5382 | } | |
| 5383 | ||
| 5384 | if (ret == -ENOENT) | |
| fbd15848 PB |
5385 | return ERR_PTR(ret); |
| 5386 | ||
| 5387 | io = req->async_data; | |
| e8c2bc1f | 5388 | ret = hrtimer_try_to_cancel(&io->timer); |
| f254ac04 | 5389 | if (ret == -1) |
| fbd15848 | 5390 | return ERR_PTR(-EALREADY); |
| a71976f3 | 5391 | list_del_init(&req->timeout.list); |
| fbd15848 PB |
5392 | return req; |
| 5393 | } | |
| 47f46768 | 5394 | |
| fbd15848 PB |
5395 | static int io_timeout_cancel(struct io_ring_ctx *ctx, __u64 user_data) |
| 5396 | { | |
| 5397 | struct io_kiocb *req = io_timeout_extract(ctx, user_data); | |
| 5398 | ||
| 5399 | if (IS_ERR(req)) | |
| 5400 | return PTR_ERR(req); | |
| f254ac04 JA |
5401 | |
| 5402 | req_set_fail_links(req); | |
| f254ac04 | 5403 | io_cqring_fill_event(req, -ECANCELED); |
| 216578e5 | 5404 | io_put_req_deferred(req, 1); |
| f254ac04 JA |
5405 | return 0; |
| 5406 | } | |
| 5407 | ||
| 9c8e11b3 PB |
5408 | static int io_timeout_update(struct io_ring_ctx *ctx, __u64 user_data, |
| 5409 | struct timespec64 *ts, enum hrtimer_mode mode) | |
| 47f46768 | 5410 | { |
| 9c8e11b3 PB |
5411 | struct io_kiocb *req = io_timeout_extract(ctx, user_data); |
| 5412 | struct io_timeout_data *data; | |
| 47f46768 | 5413 | |
| 9c8e11b3 PB |
5414 | if (IS_ERR(req)) |
| 5415 | return PTR_ERR(req); | |
| 47f46768 | 5416 | |
| 9c8e11b3 PB |
5417 | req->timeout.off = 0; /* noseq */ |
| 5418 | data = req->async_data; | |
| 5419 | list_add_tail(&req->timeout.list, &ctx->timeout_list); | |
| 5420 | hrtimer_init(&data->timer, CLOCK_MONOTONIC, mode); | |
| 5421 | data->timer.function = io_timeout_fn; | |
| 5422 | hrtimer_start(&data->timer, timespec64_to_ktime(*ts), mode); | |
| 5423 | return 0; | |
| 47f46768 JA |
5424 | } |
| 5425 | ||
| 3529d8c2 JA |
5426 | static int io_timeout_remove_prep(struct io_kiocb *req, |
| 5427 | const struct io_uring_sqe *sqe) | |
| b29472ee | 5428 | { |
| 9c8e11b3 PB |
5429 | struct io_timeout_rem *tr = &req->timeout_rem; |
| 5430 | ||
| b29472ee JA |
5431 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 5432 | return -EINVAL; | |
| 61710e43 DA |
5433 | if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) |
| 5434 | return -EINVAL; | |
| 9c8e11b3 | 5435 | if (sqe->ioprio || sqe->buf_index || sqe->len) |
| b29472ee JA |
5436 | return -EINVAL; |
| 5437 | ||
| 9c8e11b3 PB |
5438 | tr->addr = READ_ONCE(sqe->addr); |
| 5439 | tr->flags = READ_ONCE(sqe->timeout_flags); | |
| 5440 | if (tr->flags & IORING_TIMEOUT_UPDATE) { | |
| 5441 | if (tr->flags & ~(IORING_TIMEOUT_UPDATE|IORING_TIMEOUT_ABS)) | |
| 5442 | return -EINVAL; | |
| 5443 | if (get_timespec64(&tr->ts, u64_to_user_ptr(sqe->addr2))) | |
| 5444 | return -EFAULT; | |
| 5445 | } else if (tr->flags) { | |
| 5446 | /* timeout removal doesn't support flags */ | |
| b29472ee | 5447 | return -EINVAL; |
| 9c8e11b3 | 5448 | } |
| b29472ee | 5449 | |
| b29472ee JA |
5450 | return 0; |
| 5451 | } | |
| 5452 | ||
| 8662daec PB |
5453 | static inline enum hrtimer_mode io_translate_timeout_mode(unsigned int flags) |
| 5454 | { | |
| 5455 | return (flags & IORING_TIMEOUT_ABS) ? HRTIMER_MODE_ABS | |
| 5456 | : HRTIMER_MODE_REL; | |
| 5457 | } | |
| 5458 | ||
| 11365043 JA |
5459 | /* |
| 5460 | * Remove or update an existing timeout command | |
| 5461 | */ | |
| 61e98203 | 5462 | static int io_timeout_remove(struct io_kiocb *req, unsigned int issue_flags) |
| 11365043 | 5463 | { |
| 9c8e11b3 | 5464 | struct io_timeout_rem *tr = &req->timeout_rem; |
| 11365043 | 5465 | struct io_ring_ctx *ctx = req->ctx; |
| 47f46768 | 5466 | int ret; |
| 11365043 | 5467 | |
| 11365043 | 5468 | spin_lock_irq(&ctx->completion_lock); |
| 8662daec | 5469 | if (!(req->timeout_rem.flags & IORING_TIMEOUT_UPDATE)) |
| 9c8e11b3 | 5470 | ret = io_timeout_cancel(ctx, tr->addr); |
| 8662daec PB |
5471 | else |
| 5472 | ret = io_timeout_update(ctx, tr->addr, &tr->ts, | |
| 5473 | io_translate_timeout_mode(tr->flags)); | |
| 11365043 | 5474 | |
| 47f46768 | 5475 | io_cqring_fill_event(req, ret); |
| 11365043 JA |
5476 | io_commit_cqring(ctx); |
| 5477 | spin_unlock_irq(&ctx->completion_lock); | |
| 5262f567 | 5478 | io_cqring_ev_posted(ctx); |
| 4e88d6e7 JA |
5479 | if (ret < 0) |
| 5480 | req_set_fail_links(req); | |
| ec9c02ad | 5481 | io_put_req(req); |
| 11365043 | 5482 | return 0; |
| 5262f567 JA |
5483 | } |
| 5484 | ||
| 3529d8c2 | 5485 | static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe, |
| 2d28390a | 5486 | bool is_timeout_link) |
| 5262f567 | 5487 | { |
| ad8a48ac | 5488 | struct io_timeout_data *data; |
| a41525ab | 5489 | unsigned flags; |
| 56080b02 | 5490 | u32 off = READ_ONCE(sqe->off); |
| 5262f567 | 5491 | |
| ad8a48ac | 5492 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| 5262f567 | 5493 | return -EINVAL; |
| ad8a48ac | 5494 | if (sqe->ioprio || sqe->buf_index || sqe->len != 1) |
| a41525ab | 5495 | return -EINVAL; |
| 56080b02 | 5496 | if (off && is_timeout_link) |
| 2d28390a | 5497 | return -EINVAL; |
| a41525ab JA |
5498 | flags = READ_ONCE(sqe->timeout_flags); |
| 5499 | if (flags & ~IORING_TIMEOUT_ABS) | |
| 5262f567 | 5500 | return -EINVAL; |
| bdf20073 | 5501 | |
| bfe68a22 | 5502 | req->timeout.off = off; |
| 26a61679 | 5503 | |
| e8c2bc1f | 5504 | if (!req->async_data && io_alloc_async_data(req)) |
| 26a61679 JA |
5505 | return -ENOMEM; |
| 5506 | ||
| e8c2bc1f | 5507 | data = req->async_data; |
| ad8a48ac | 5508 | data->req = req; |
| ad8a48ac JA |
5509 | |
| 5510 | if (get_timespec64(&data->ts, u64_to_user_ptr(sqe->addr))) | |
| 5262f567 JA |
5511 | return -EFAULT; |
| 5512 | ||
| 8662daec | 5513 | data->mode = io_translate_timeout_mode(flags); |
| ad8a48ac | 5514 | hrtimer_init(&data->timer, CLOCK_MONOTONIC, data->mode); |
| dd59a3d5 | 5515 | io_req_track_inflight(req); |
| ad8a48ac JA |
5516 | return 0; |
| 5517 | } | |
| 5518 | ||
| 61e98203 | 5519 | static int io_timeout(struct io_kiocb *req, unsigned int issue_flags) |
| ad8a48ac | 5520 | { |
| ad8a48ac | 5521 | struct io_ring_ctx *ctx = req->ctx; |
| e8c2bc1f | 5522 | struct io_timeout_data *data = req->async_data; |
| ad8a48ac | 5523 | struct list_head *entry; |
| bfe68a22 | 5524 | u32 tail, off = req->timeout.off; |
| ad8a48ac | 5525 | |
| 733f5c95 | 5526 | spin_lock_irq(&ctx->completion_lock); |
| 93bd25bb | 5527 | |
| 5262f567 JA |
5528 | /* |
| 5529 | * sqe->off holds how many events that need to occur for this | |
| 93bd25bb JA |
5530 | * timeout event to be satisfied. If it isn't set, then this is |
| 5531 | * a pure timeout request, sequence isn't used. | |
| 5262f567 | 5532 | */ |
| 8eb7e2d0 | 5533 | if (io_is_timeout_noseq(req)) { |
| 93bd25bb JA |
5534 | entry = ctx->timeout_list.prev; |
| 5535 | goto add; | |
| 5536 | } | |
| 5262f567 | 5537 | |
| bfe68a22 PB |
5538 | tail = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts); |
| 5539 | req->timeout.target_seq = tail + off; | |
| 5262f567 | 5540 | |
| f010505b MDG |
5541 | /* Update the last seq here in case io_flush_timeouts() hasn't. |
| 5542 | * This is safe because ->completion_lock is held, and submissions | |
| 5543 | * and completions are never mixed in the same ->completion_lock section. | |
| 5544 | */ | |
| 5545 | ctx->cq_last_tm_flush = tail; | |
| 5546 | ||
| 5262f567 JA |
5547 | /* |
| 5548 | * Insertion sort, ensuring the first entry in the list is always | |
| 5549 | * the one we need first. | |
| 5550 | */ | |
| 5262f567 | 5551 | list_for_each_prev(entry, &ctx->timeout_list) { |
| 135fcde8 PB |
5552 | struct io_kiocb *nxt = list_entry(entry, struct io_kiocb, |
| 5553 | timeout.list); | |
| 5262f567 | 5554 | |
| 8eb7e2d0 | 5555 | if (io_is_timeout_noseq(nxt)) |
| 93bd25bb | 5556 | continue; |
| bfe68a22 PB |
5557 | /* nxt.seq is behind @tail, otherwise would've been completed */ |
| 5558 | if (off >= nxt->timeout.target_seq - tail) | |
| 5262f567 JA |
5559 | break; |
| 5560 | } | |
| 93bd25bb | 5561 | add: |
| 135fcde8 | 5562 | list_add(&req->timeout.list, entry); |
| ad8a48ac JA |
5563 | data->timer.function = io_timeout_fn; |
| 5564 | hrtimer_start(&data->timer, timespec64_to_ktime(data->ts), data->mode); | |
| 5262f567 | 5565 | spin_unlock_irq(&ctx->completion_lock); |
| 5262f567 JA |
5566 | return 0; |
| 5567 | } | |
| 5262f567 | 5568 | |
| 62755e35 JA |
5569 | static bool io_cancel_cb(struct io_wq_work *work, void *data) |
| 5570 | { | |
| 5571 | struct io_kiocb *req = container_of(work, struct io_kiocb, work); | |
| 5572 | ||
| 5573 | return req->user_data == (unsigned long) data; | |
| 5574 | } | |
| 5575 | ||
| 5aa75ed5 | 5576 | static int io_async_cancel_one(struct io_uring_task *tctx, void *sqe_addr) |
| 62755e35 | 5577 | { |
| 62755e35 | 5578 | enum io_wq_cancel cancel_ret; |
| 62755e35 JA |
5579 | int ret = 0; |
| 5580 | ||
| 5aa75ed5 JA |
5581 | if (!tctx->io_wq) |
| 5582 | return -ENOENT; | |
| 5583 | ||
| 5584 | cancel_ret = io_wq_cancel_cb(tctx->io_wq, io_cancel_cb, sqe_addr, false); | |
| 62755e35 JA |
5585 | switch (cancel_ret) { |
| 5586 | case IO_WQ_CANCEL_OK: | |
| 5587 | ret = 0; | |
| 5588 | break; | |
| 5589 | case IO_WQ_CANCEL_RUNNING: | |
| 5590 | ret = -EALREADY; | |
| 5591 | break; | |
| 5592 | case IO_WQ_CANCEL_NOTFOUND: | |
| 5593 | ret = -ENOENT; | |
| 5594 | break; | |
| 5595 | } | |
| 5596 | ||
| e977d6d3 JA |
5597 | return ret; |
| 5598 | } | |
| 5599 | ||
| 47f46768 JA |
5600 | static void io_async_find_and_cancel(struct io_ring_ctx *ctx, |
| 5601 | struct io_kiocb *req, __u64 sqe_addr, | |
| 014db007 | 5602 | int success_ret) |
| 47f46768 JA |
5603 | { |
| 5604 | unsigned long flags; | |
| 5605 | int ret; | |
| 5606 | ||
| 5aa75ed5 JA |
5607 | ret = io_async_cancel_one(req->task->io_uring, |
| 5608 | (void *) (unsigned long) sqe_addr); | |
| 47f46768 JA |
5609 | if (ret != -ENOENT) { |
| 5610 | spin_lock_irqsave(&ctx->completion_lock, flags); | |
| 5611 | goto done; | |
| 5612 | } | |
| 5613 | ||
| 5614 | spin_lock_irqsave(&ctx->completion_lock, flags); | |
| 5615 | ret = io_timeout_cancel(ctx, sqe_addr); | |
| 5616 | if (ret != -ENOENT) | |
| 5617 | goto done; | |
| 5618 | ret = io_poll_cancel(ctx, sqe_addr); | |
| 5619 | done: | |
| b0dd8a41 JA |
5620 | if (!ret) |
| 5621 | ret = success_ret; | |
| 47f46768 JA |
5622 | io_cqring_fill_event(req, ret); |
| 5623 | io_commit_cqring(ctx); | |
| 5624 | spin_unlock_irqrestore(&ctx->completion_lock, flags); | |
| 5625 | io_cqring_ev_posted(ctx); | |
| 5626 | ||
| 4e88d6e7 JA |
5627 | if (ret < 0) |
| 5628 | req_set_fail_links(req); | |
| 014db007 | 5629 | io_put_req(req); |
| 47f46768 JA |
5630 | } |
| 5631 | ||
| 3529d8c2 JA |
5632 | static int io_async_cancel_prep(struct io_kiocb *req, |
| 5633 | const struct io_uring_sqe *sqe) | |
| e977d6d3 | 5634 | { |
| fbf23849 | 5635 | if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) |
| e977d6d3 | 5636 | return -EINVAL; |
| 61710e43 DA |
5637 | if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) |
| 5638 | return -EINVAL; | |
| 5639 | if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags) | |
| e977d6d3 JA |
5640 | return -EINVAL; |
| 5641 | ||
| fbf23849 JA |
5642 | req->cancel.addr = READ_ONCE(sqe->addr); |
| 5643 | return 0; | |
| 5644 | } | |
| 5645 | ||
| 61e98203 | 5646 | static int io_async_cancel(struct io_kiocb *req, unsigned int issue_flags) |
| fbf23849 JA |
5647 | { |
| 5648 | struct io_ring_ctx *ctx = req->ctx; | |
| fbf23849 | 5649 | |
| 014db007 | 5650 | io_async_find_and_cancel(ctx, req, req->cancel.addr, 0); |
| 5262f567 JA |
5651 | return 0; |
| 5652 | } | |
| 5653 | ||
| 269bbe5f | 5654 | static int io_rsrc_update_prep(struct io_kiocb *req, |
| 05f3fb3c JA |
5655 | const struct io_uring_sqe *sqe) |
| 5656 | { | |
| 6ca56f84 JA |
5657 | if (unlikely(req->ctx->flags & IORING_SETUP_SQPOLL)) |
| 5658 | return -EINVAL; | |
| 61710e43 DA |
5659 | if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) |
| 5660 | return -EINVAL; | |
| 5661 | if (sqe->ioprio || sqe->rw_flags) | |
| 05f3fb3c JA |
5662 | return -EINVAL; |
| 5663 | ||
| 269bbe5f BM |
5664 | req->rsrc_update.offset = READ_ONCE(sqe->off); |
| 5665 | req->rsrc_update.nr_args = READ_ONCE(sqe->len); | |
| 5666 | if (!req->rsrc_update.nr_args) | |
| 05f3fb3c | 5667 | return -EINVAL; |
| 269bbe5f | 5668 | req->rsrc_update.arg = READ_ONCE(sqe->addr); |
| 05f3fb3c JA |
5669 | return 0; |
| 5670 | } | |
| 5671 | ||
| 889fca73 | 5672 | static int io_files_update(struct io_kiocb *req, unsigned int issue_flags) |
| fbf23849 JA |
5673 | { |
| 5674 | struct io_ring_ctx *ctx = req->ctx; | |
| 269bbe5f | 5675 | struct io_uring_rsrc_update up; |
| 05f3fb3c | 5676 | int ret; |
| fbf23849 | 5677 | |
| 45d189c6 | 5678 | if (issue_flags & IO_URING_F_NONBLOCK) |
| 05f3fb3c | 5679 | return -EAGAIN; |
| 05f3fb3c | 5680 | |
| 269bbe5f BM |
5681 | up.offset = req->rsrc_update.offset; |
| 5682 | up.data = req->rsrc_update.arg; | |
| 05f3fb3c JA |
5683 | |
| 5684 | mutex_lock(&ctx->uring_lock); | |
| 269bbe5f | 5685 | ret = __io_sqe_files_update(ctx, &up, req->rsrc_update.nr_args); |
| 05f3fb3c JA |
5686 | mutex_unlock(&ctx->uring_lock); |
| 5687 | ||
| 5688 | if (ret < 0) | |
| 5689 | req_set_fail_links(req); | |
| 889fca73 | 5690 | __io_req_complete(req, issue_flags, ret, 0); |
| 5262f567 JA |
5691 | return 0; |
| 5692 | } | |
| 5693 | ||
| bfe76559 | 5694 | static int io_req_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
| f67676d1 | 5695 | { |
| d625c6ee | 5696 | switch (req->opcode) { |
| e781573e | 5697 | case IORING_OP_NOP: |
| bfe76559 | 5698 | return 0; |
| f67676d1 JA |
5699 | case IORING_OP_READV: |
| 5700 | case IORING_OP_READ_FIXED: | |
| 3a6820f2 | 5701 | case IORING_OP_READ: |
| bfe76559 | 5702 | return io_read_prep(req, sqe); |
| f67676d1 JA |
5703 | case IORING_OP_WRITEV: |
| 5704 | case IORING_OP_WRITE_FIXED: | |
| 3a6820f2 | 5705 | case IORING_OP_WRITE: |
| bfe76559 | 5706 | return io_write_prep(req, sqe); |
| 0969e783 | 5707 | case IORING_OP_POLL_ADD: |
| bfe76559 | 5708 | return io_poll_add_prep(req, sqe); |
| 0969e783 | 5709 | case IORING_OP_POLL_REMOVE: |
| bfe76559 | 5710 | return io_poll_remove_prep(req, sqe); |
| 8ed8d3c3 | 5711 | case IORING_OP_FSYNC: |
| 1155c76a | 5712 | return io_fsync_prep(req, sqe); |
| 8ed8d3c3 | 5713 | case IORING_OP_SYNC_FILE_RANGE: |
| 1155c76a | 5714 | return io_sfr_prep(req, sqe); |
| 03b1230c | 5715 | case IORING_OP_SENDMSG: |
| fddaface | 5716 | case IORING_OP_SEND: |
| bfe76559 | 5717 | return io_sendmsg_prep(req, sqe); |
| 03b1230c | 5718 | case IORING_OP_RECVMSG: |
| fddaface | 5719 | case IORING_OP_RECV: |
| bfe76559 | 5720 | return io_recvmsg_prep(req, sqe); |
| f499a021 | 5721 | case IORING_OP_CONNECT: |
| bfe76559 | 5722 | return io_connect_prep(req, sqe); |
| 2d28390a | 5723 | case IORING_OP_TIMEOUT: |
| bfe76559 | 5724 | return io_timeout_prep(req, sqe, false); |
| b29472ee | 5725 | case IORING_OP_TIMEOUT_REMOVE: |
| bfe76559 | 5726 | return io_timeout_remove_prep(req, sqe); |
| fbf23849 | 5727 | case IORING_OP_ASYNC_CANCEL: |
| bfe76559 | 5728 | return io_async_cancel_prep(req, sqe); |
| 2d28390a | 5729 | case IORING_OP_LINK_TIMEOUT: |
| bfe76559 | 5730 | return io_timeout_prep(req, sqe, true); |
| 8ed8d3c3 | 5731 | case IORING_OP_ACCEPT: |
| bfe76559 | 5732 | return io_accept_prep(req, sqe); |
| d63d1b5e | 5733 | case IORING_OP_FALLOCATE: |
| bfe76559 | 5734 | return io_fallocate_prep(req, sqe); |
| 15b71abe | 5735 | case IORING_OP_OPENAT: |
| bfe76559 | 5736 | return io_openat_prep(req, sqe); |
| b5dba59e | 5737 | case IORING_OP_CLOSE: |
| bfe76559 | 5738 | return io_close_prep(req, sqe); |
| 05f3fb3c | 5739 | case IORING_OP_FILES_UPDATE: |
| 269bbe5f | 5740 | return io_rsrc_update_prep(req, sqe); |
| eddc7ef5 | 5741 | case IORING_OP_STATX: |
| bfe76559 | 5742 | return io_statx_prep(req, sqe); |
| 4840e418 | 5743 | case IORING_OP_FADVISE: |
| bfe76559 | 5744 | return io_fadvise_prep(req, sqe); |
| c1ca757b | 5745 | case IORING_OP_MADVISE: |
| bfe76559 | 5746 | return io_madvise_prep(req, sqe); |
| cebdb986 | 5747 | case IORING_OP_OPENAT2: |
| bfe76559 | 5748 | return io_openat2_prep(req, sqe); |
| 3e4827b0 | 5749 | case IORING_OP_EPOLL_CTL: |
| bfe76559 | 5750 | return io_epoll_ctl_prep(req, sqe); |
| 7d67af2c | 5751 | case IORING_OP_SPLICE: |
| bfe76559 | 5752 | return io_splice_prep(req, sqe); |
| ddf0322d | 5753 | case IORING_OP_PROVIDE_BUFFERS: |
| bfe76559 | 5754 | return io_provide_buffers_prep(req, sqe); |
| 067524e9 | 5755 | case IORING_OP_REMOVE_BUFFERS: |
| bfe76559 | 5756 | return io_remove_buffers_prep(req, sqe); |
| f2a8d5c7 | 5757 | case IORING_OP_TEE: |
| bfe76559 | 5758 | return io_tee_prep(req, sqe); |
| 36f4fa68 JA |
5759 | case IORING_OP_SHUTDOWN: |
| 5760 | return io_shutdown_prep(req, sqe); | |
| 80a261fd JA |
5761 | case IORING_OP_RENAMEAT: |
| 5762 | return io_renameat_prep(req, sqe); | |
| 14a1143b JA |
5763 | case IORING_OP_UNLINKAT: |
| 5764 | return io_unlinkat_prep(req, sqe); | |
| f67676d1 JA |
5765 | } |
| 5766 | ||
| bfe76559 PB |
5767 | printk_once(KERN_WARNING "io_uring: unhandled opcode %d\n", |
| 5768 | req->opcode); | |
| 5769 | return-EINVAL; | |
| 5770 | } | |
| 5771 | ||
| 93642ef8 | 5772 | static int io_req_prep_async(struct io_kiocb *req) |
| bfe76559 | 5773 | { |
| 93642ef8 PB |
5774 | switch (req->opcode) { |
| 5775 | case IORING_OP_READV: | |
| 5776 | case IORING_OP_READ_FIXED: | |
| 5777 | case IORING_OP_READ: | |
| 5778 | return io_rw_prep_async(req, READ); | |
| 5779 | case IORING_OP_WRITEV: | |
| 5780 | case IORING_OP_WRITE_FIXED: | |
| 5781 | case IORING_OP_WRITE: | |
| 5782 | return io_rw_prep_async(req, WRITE); | |
| 5783 | case IORING_OP_SENDMSG: | |
| 5784 | case IORING_OP_SEND: | |
| 5785 | return io_sendmsg_prep_async(req); | |
| 5786 | case IORING_OP_RECVMSG: | |
| 5787 | case IORING_OP_RECV: | |
| 5788 | return io_recvmsg_prep_async(req); | |
| 5789 | case IORING_OP_CONNECT: | |
| 5790 | return io_connect_prep_async(req); | |
| 5791 | } | |
| 5792 | return 0; | |
| 5793 | } | |
| 5794 | ||
| be7053b7 | 5795 | static int io_req_defer_prep(struct io_kiocb *req) |
| bfe76559 | 5796 | { |
| be7053b7 | 5797 | if (!io_op_defs[req->opcode].needs_async_data) |
| bfe76559 | 5798 | return 0; |
| be7053b7 | 5799 | /* some opcodes init it during the inital prep */ |
| 93642ef8 | 5800 | if (req->async_data) |
| be7053b7 PB |
5801 | return 0; |
| 5802 | if (__io_alloc_async_data(req)) | |
| bfe76559 | 5803 | return -EAGAIN; |
| be7053b7 | 5804 | return io_req_prep_async(req); |
| f67676d1 JA |
5805 | } |
| 5806 | ||
| 9cf7c104 PB |
5807 | static u32 io_get_sequence(struct io_kiocb *req) |
| 5808 | { | |
| 5809 | struct io_kiocb *pos; | |
| 5810 | struct io_ring_ctx *ctx = req->ctx; | |
| f2f87370 | 5811 | u32 total_submitted, nr_reqs = 0; |
| 9cf7c104 | 5812 | |
| f2f87370 PB |
5813 | io_for_each_link(pos, req) |
| 5814 | nr_reqs++; | |
| 9cf7c104 PB |
5815 | |
| 5816 | total_submitted = ctx->cached_sq_head - ctx->cached_sq_dropped; | |
| 5817 | return total_submitted - nr_reqs; | |
| 5818 | } | |
| 5819 | ||
| be7053b7 | 5820 | static int io_req_defer(struct io_kiocb *req) |
| de0617e4 | 5821 | { |
| a197f664 | 5822 | struct io_ring_ctx *ctx = req->ctx; |
| 27dc8338 | 5823 | struct io_defer_entry *de; |
| f67676d1 | 5824 | int ret; |
| 9cf7c104 | 5825 | u32 seq; |
| de0617e4 | 5826 | |
| 9d858b21 | 5827 | /* Still need defer if there is pending req in defer list. */ |
| 9cf7c104 PB |
5828 | if (likely(list_empty_careful(&ctx->defer_list) && |
| 5829 | !(req->flags & REQ_F_IO_DRAIN))) | |
| 5830 | return 0; | |
| 5831 | ||
| 5832 | seq = io_get_sequence(req); | |
| 5833 | /* Still a chance to pass the sequence check */ | |
| 5834 | if (!req_need_defer(req, seq) && list_empty_careful(&ctx->defer_list)) | |
| de0617e4 JA |
5835 | return 0; |
| 5836 | ||
| be7053b7 PB |
5837 | ret = io_req_defer_prep(req); |
| 5838 | if (ret) | |
| 5839 | return ret; | |
| cbdcb435 | 5840 | io_prep_async_link(req); |
| 27dc8338 PB |
5841 | de = kmalloc(sizeof(*de), GFP_KERNEL); |
| 5842 | if (!de) | |
| 5843 | return -ENOMEM; | |
| 2d28390a | 5844 | |
| de0617e4 | 5845 | spin_lock_irq(&ctx->completion_lock); |
| 9cf7c104 | 5846 | if (!req_need_defer(req, seq) && list_empty(&ctx->defer_list)) { |
| de0617e4 | 5847 | spin_unlock_irq(&ctx->completion_lock); |
| 27dc8338 | 5848 | kfree(de); |
| ae34817b PB |
5849 | io_queue_async_work(req); |
| 5850 | return -EIOCBQUEUED; | |
| de0617e4 JA |
5851 | } |
| 5852 | ||
| 915967f6 | 5853 | trace_io_uring_defer(ctx, req, req->user_data); |
| 27dc8338 | 5854 | de->req = req; |
| 9cf7c104 | 5855 | de->seq = seq; |
| 27dc8338 | 5856 | list_add_tail(&de->list, &ctx->defer_list); |
| de0617e4 JA |
5857 | spin_unlock_irq(&ctx->completion_lock); |
| 5858 | return -EIOCBQUEUED; | |
| 5859 | } | |
| 5860 | ||
| 3ca405eb | 5861 | static void __io_clean_op(struct io_kiocb *req) |
| 99bc4c38 | 5862 | { |
| 0e1b6fe3 PB |
5863 | if (req->flags & REQ_F_BUFFER_SELECTED) { |
| 5864 | switch (req->opcode) { | |
| 5865 | case IORING_OP_READV: | |
| 5866 | case IORING_OP_READ_FIXED: | |
| 5867 | case IORING_OP_READ: | |
| bcda7baa | 5868 | kfree((void *)(unsigned long)req->rw.addr); |
| 0e1b6fe3 PB |
5869 | break; |
| 5870 | case IORING_OP_RECVMSG: | |
| 5871 | case IORING_OP_RECV: | |
| bcda7baa | 5872 | kfree(req->sr_msg.kbuf); |
| 0e1b6fe3 PB |
5873 | break; |
| 5874 | } | |
| 5875 | req->flags &= ~REQ_F_BUFFER_SELECTED; | |
| 99bc4c38 PB |
5876 | } |
| 5877 | ||
| 0e1b6fe3 PB |
5878 | if (req->flags & REQ_F_NEED_CLEANUP) { |
| 5879 | switch (req->opcode) { | |
| 5880 | case IORING_OP_READV: | |
| 5881 | case IORING_OP_READ_FIXED: | |
| 5882 | case IORING_OP_READ: | |
| 5883 | case IORING_OP_WRITEV: | |
| 5884 | case IORING_OP_WRITE_FIXED: | |
| e8c2bc1f JA |
5885 | case IORING_OP_WRITE: { |
| 5886 | struct io_async_rw *io = req->async_data; | |
| 5887 | if (io->free_iovec) | |
| 5888 | kfree(io->free_iovec); | |
| 0e1b6fe3 | 5889 | break; |
| e8c2bc1f | 5890 | } |
| 0e1b6fe3 | 5891 | case IORING_OP_RECVMSG: |
| e8c2bc1f JA |
5892 | case IORING_OP_SENDMSG: { |
| 5893 | struct io_async_msghdr *io = req->async_data; | |
| 257e84a5 PB |
5894 | |
| 5895 | kfree(io->free_iov); | |
| 0e1b6fe3 | 5896 | break; |
| e8c2bc1f | 5897 | } |
| 0e1b6fe3 PB |
5898 | case IORING_OP_SPLICE: |
| 5899 | case IORING_OP_TEE: | |
| 5900 | io_put_file(req, req->splice.file_in, | |
| 5901 | (req->splice.flags & SPLICE_F_FD_IN_FIXED)); | |
| 5902 | break; | |
| f3cd4850 JA |
5903 | case IORING_OP_OPENAT: |
| 5904 | case IORING_OP_OPENAT2: | |
| 5905 | if (req->open.filename) | |
| 5906 | putname(req->open.filename); | |
| 5907 | break; | |
| 80a261fd JA |
5908 | case IORING_OP_RENAMEAT: |
| 5909 | putname(req->rename.oldpath); | |
| 5910 | putname(req->rename.newpath); | |
| 5911 | break; | |
| 14a1143b JA |
5912 | case IORING_OP_UNLINKAT: |
| 5913 | putname(req->unlink.filename); | |
| 5914 | break; | |
| 0e1b6fe3 PB |
5915 | } |
| 5916 | req->flags &= ~REQ_F_NEED_CLEANUP; | |
| 99bc4c38 | 5917 | } |
| 99bc4c38 PB |
5918 | } |
| 5919 | ||
| 889fca73 | 5920 | static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) |
| 2b188cc1 | 5921 | { |
| a197f664 | 5922 | struct io_ring_ctx *ctx = req->ctx; |
| 5730b27e | 5923 | const struct cred *creds = NULL; |
| d625c6ee | 5924 | int ret; |
| 2b188cc1 | 5925 | |
| 003e8dcc JA |
5926 | if (req->work.creds && req->work.creds != current_cred()) |
| 5927 | creds = override_creds(req->work.creds); | |
| 5730b27e | 5928 | |
| d625c6ee | 5929 | switch (req->opcode) { |
| 2b188cc1 | 5930 | case IORING_OP_NOP: |
| 889fca73 | 5931 | ret = io_nop(req, issue_flags); |
| 2b188cc1 JA |
5932 | break; |
| 5933 | case IORING_OP_READV: | |
| edafccee | 5934 | case IORING_OP_READ_FIXED: |
| 3a6820f2 | 5935 | case IORING_OP_READ: |
| 889fca73 | 5936 | ret = io_read(req, issue_flags); |
| edafccee | 5937 | break; |
| 3529d8c2 | 5938 | case IORING_OP_WRITEV: |
| edafccee | 5939 | case IORING_OP_WRITE_FIXED: |
| 3a6820f2 | 5940 | case IORING_OP_WRITE: |
| 889fca73 | 5941 | ret = io_write(req, issue_flags); |
| 2b188cc1 | 5942 | break; |
| c992fe29 | 5943 | case IORING_OP_FSYNC: |
| 45d189c6 | 5944 | ret = io_fsync(req, issue_flags); |
| c992fe29 | 5945 | break; |
| 221c5eb2 | 5946 | case IORING_OP_POLL_ADD: |
| 61e98203 | 5947 | ret = io_poll_add(req, issue_flags); |
| 221c5eb2 JA |
5948 | break; |
| 5949 | case IORING_OP_POLL_REMOVE: | |
| 61e98203 | 5950 | ret = io_poll_remove(req, issue_flags); |
| 221c5eb2 | 5951 | break; |
| 5d17b4a4 | 5952 | case IORING_OP_SYNC_FILE_RANGE: |
| 45d189c6 | 5953 | ret = io_sync_file_range(req, issue_flags); |
| 5d17b4a4 | 5954 | break; |
| 0fa03c62 | 5955 | case IORING_OP_SENDMSG: |
| 889fca73 | 5956 | ret = io_sendmsg(req, issue_flags); |
| 062d04d7 | 5957 | break; |
| fddaface | 5958 | case IORING_OP_SEND: |
| 889fca73 | 5959 | ret = io_send(req, issue_flags); |
| 0fa03c62 | 5960 | break; |
| aa1fa28f | 5961 | case IORING_OP_RECVMSG: |
| 889fca73 | 5962 | ret = io_recvmsg(req, issue_flags); |
| 062d04d7 | 5963 | break; |
| fddaface | 5964 | case IORING_OP_RECV: |
| 889fca73 | 5965 | ret = io_recv(req, issue_flags); |
| aa1fa28f | 5966 | break; |
| 5262f567 | 5967 | case IORING_OP_TIMEOUT: |
| 61e98203 | 5968 | ret = io_timeout(req, issue_flags); |
| 5262f567 | 5969 | break; |
| 11365043 | 5970 | case IORING_OP_TIMEOUT_REMOVE: |
| 61e98203 | 5971 | ret = io_timeout_remove(req, issue_flags); |
| 11365043 | 5972 | break; |
| 17f2fe35 | 5973 | case IORING_OP_ACCEPT: |
| 889fca73 | 5974 | ret = io_accept(req, issue_flags); |
| 17f2fe35 | 5975 | break; |
| f8e85cf2 | 5976 | case IORING_OP_CONNECT: |
| 889fca73 | 5977 | ret = io_connect(req, issue_flags); |
| f8e85cf2 | 5978 | break; |
| 62755e35 | 5979 | case IORING_OP_ASYNC_CANCEL: |
| 61e98203 | 5980 | ret = io_async_cancel(req, issue_flags); |
| 62755e35 | 5981 | break; |
| d63d1b5e | 5982 | case IORING_OP_FALLOCATE: |
| 45d189c6 | 5983 | ret = io_fallocate(req, issue_flags); |
| d63d1b5e | 5984 | break; |
| 15b71abe | 5985 | case IORING_OP_OPENAT: |
| 45d189c6 | 5986 | ret = io_openat(req, issue_flags); |
| 15b71abe | 5987 | break; |
| b5dba59e | 5988 | case IORING_OP_CLOSE: |
| 889fca73 | 5989 | ret = io_close(req, issue_flags); |
| b5dba59e | 5990 | break; |
| 05f3fb3c | 5991 | case IORING_OP_FILES_UPDATE: |
| 889fca73 | 5992 | ret = io_files_update(req, issue_flags); |
| 05f3fb3c | 5993 | break; |
| eddc7ef5 | 5994 | case IORING_OP_STATX: |
| 45d189c6 | 5995 | ret = io_statx(req, issue_flags); |
| eddc7ef5 | 5996 | break; |
| 4840e418 | 5997 | case IORING_OP_FADVISE: |
| 45d189c6 | 5998 | ret = io_fadvise(req, issue_flags); |
| 4840e418 | 5999 | break; |
| c1ca757b | 6000 | case IORING_OP_MADVISE: |
| 45d189c6 | 6001 | ret = io_madvise(req, issue_flags); |
| c1ca757b | 6002 | break; |
| cebdb986 | 6003 | case IORING_OP_OPENAT2: |
| 45d189c6 | 6004 | ret = io_openat2(req, issue_flags); |
| cebdb986 | 6005 | break; |
| 3e4827b0 | 6006 | case IORING_OP_EPOLL_CTL: |
| 889fca73 | 6007 | ret = io_epoll_ctl(req, issue_flags); |
| 3e4827b0 | 6008 | break; |
| 7d67af2c | 6009 | case IORING_OP_SPLICE: |
| 45d189c6 | 6010 | ret = io_splice(req, issue_flags); |
| 7d67af2c | 6011 | break; |
| ddf0322d | 6012 | case IORING_OP_PROVIDE_BUFFERS: |
| 889fca73 | 6013 | ret = io_provide_buffers(req, issue_flags); |
| ddf0322d | 6014 | break; |
| 067524e9 | 6015 | case IORING_OP_REMOVE_BUFFERS: |
| 889fca73 | 6016 | ret = io_remove_buffers(req, issue_flags); |
| 3e4827b0 | 6017 | break; |
| f2a8d5c7 | 6018 | case IORING_OP_TEE: |
| 45d189c6 | 6019 | ret = io_tee(req, issue_flags); |
| f2a8d5c7 | 6020 | break; |
| 36f4fa68 | 6021 | case IORING_OP_SHUTDOWN: |
| 45d189c6 | 6022 | ret = io_shutdown(req, issue_flags); |
| 36f4fa68 | 6023 | break; |
| 80a261fd | 6024 | case IORING_OP_RENAMEAT: |
| 45d189c6 | 6025 | ret = io_renameat(req, issue_flags); |
| 80a261fd | 6026 | break; |
| 14a1143b | 6027 | case IORING_OP_UNLINKAT: |
| 45d189c6 | 6028 | ret = io_unlinkat(req, issue_flags); |
| 14a1143b | 6029 | break; |
| 2b188cc1 JA |
6030 | default: |
| 6031 | ret = -EINVAL; | |
| 6032 | break; | |
| 6033 | } | |
| 6034 | ||
| 5730b27e JA |
6035 | if (creds) |
| 6036 | revert_creds(creds); | |
| 6037 | ||
| def596e9 JA |
6038 | if (ret) |
| 6039 | return ret; | |
| 6040 | ||
| b532576e JA |
6041 | /* If the op doesn't have a file, we're not polling for it */ |
| 6042 | if ((ctx->flags & IORING_SETUP_IOPOLL) && req->file) { | |
| 11ba820b JA |
6043 | const bool in_async = io_wq_current_is_worker(); |
| 6044 | ||
| 11ba820b JA |
6045 | /* workqueue context doesn't hold uring_lock, grab it now */ |
| 6046 | if (in_async) | |
| 6047 | mutex_lock(&ctx->uring_lock); | |
| 6048 | ||
| 2e9dbe90 | 6049 | io_iopoll_req_issued(req, in_async); |
| 11ba820b JA |
6050 | |
| 6051 | if (in_async) | |
| 6052 | mutex_unlock(&ctx->uring_lock); | |
| def596e9 JA |
6053 | } |
| 6054 | ||
| 6055 | return 0; | |
| 2b188cc1 JA |
6056 | } |
| 6057 | ||
| 5280f7e5 | 6058 | static void io_wq_submit_work(struct io_wq_work *work) |
| 2b188cc1 JA |
6059 | { |
| 6060 | struct io_kiocb *req = container_of(work, struct io_kiocb, work); | |
| 6df1db6b | 6061 | struct io_kiocb *timeout; |
| 561fb04a | 6062 | int ret = 0; |
| 2b188cc1 | 6063 | |
| 6df1db6b PB |
6064 | timeout = io_prep_linked_timeout(req); |
| 6065 | if (timeout) | |
| 6066 | io_queue_linked_timeout(timeout); | |
| d4c81f38 | 6067 | |
| 4014d943 | 6068 | if (work->flags & IO_WQ_WORK_CANCEL) |
| 561fb04a | 6069 | ret = -ECANCELED; |
| 31b51510 | 6070 | |
| 561fb04a | 6071 | if (!ret) { |
| 561fb04a | 6072 | do { |
| 889fca73 | 6073 | ret = io_issue_sqe(req, 0); |
| 561fb04a JA |
6074 | /* |
| 6075 | * We can get EAGAIN for polled IO even though we're | |
| 6076 | * forcing a sync submission from here, since we can't | |
| 6077 | * wait for request slots on the block side. | |
| 6078 | */ | |
| 6079 | if (ret != -EAGAIN) | |
| 6080 | break; | |
| 6081 | cond_resched(); | |
| 6082 | } while (1); | |
| 6083 | } | |
| 31b51510 | 6084 | |
| a3df7698 | 6085 | /* avoid locking problems by failing it from a clean context */ |
| 561fb04a | 6086 | if (ret) { |
| a3df7698 PB |
6087 | /* io-wq is going to take one down */ |
| 6088 | refcount_inc(&req->refs); | |
| 6089 | io_req_task_queue_fail(req, ret); | |
| edafccee | 6090 | } |
| 2b188cc1 JA |
6091 | } |
| 6092 | ||
| 65e19f54 JA |
6093 | static inline struct file *io_file_from_index(struct io_ring_ctx *ctx, |
| 6094 | int index) | |
| 6095 | { | |
| 269bbe5f | 6096 | struct fixed_rsrc_table *table; |
| 65e19f54 | 6097 | |
| 05f3fb3c | 6098 | table = &ctx->file_data->table[index >> IORING_FILE_TABLE_SHIFT]; |
| 84695089 | 6099 | return table->files[index & IORING_FILE_TABLE_MASK]; |
| 65e19f54 JA |
6100 | } |
| 6101 | ||
| 8371adf5 PB |
6102 | static struct file *io_file_get(struct io_submit_state *state, |
| 6103 | struct io_kiocb *req, int fd, bool fixed) | |
| 09bb8394 | 6104 | { |
| a197f664 | 6105 | struct io_ring_ctx *ctx = req->ctx; |
| 8da11c19 | 6106 | struct file *file; |
| 09bb8394 | 6107 | |
| 8da11c19 | 6108 | if (fixed) { |
| 479f517b | 6109 | if (unlikely((unsigned int)fd >= ctx->nr_user_files)) |
| 8371adf5 | 6110 | return NULL; |
| b7620121 | 6111 | fd = array_index_nospec(fd, ctx->nr_user_files); |
| 8da11c19 | 6112 | file = io_file_from_index(ctx, fd); |
| 36f72fe2 | 6113 | io_set_resource_node(req); |
| 09bb8394 | 6114 | } else { |
| c826bd7a | 6115 | trace_io_uring_file_get(ctx, fd); |
| 8da11c19 | 6116 | file = __io_file_get(state, fd); |
| 09bb8394 JA |
6117 | } |
| 6118 | ||
| ce3d5aae PB |
6119 | if (file && unlikely(file->f_op == &io_uring_fops)) |
| 6120 | io_req_track_inflight(req); | |
| 8371adf5 | 6121 | return file; |
| 09bb8394 JA |
6122 | } |
| 6123 | ||
| 2665abfd | 6124 | static enum hrtimer_restart io_link_timeout_fn(struct hrtimer *timer) |
| 2b188cc1 | 6125 | { |
| ad8a48ac JA |
6126 | struct io_timeout_data *data = container_of(timer, |
| 6127 | struct io_timeout_data, timer); | |
| 90cd7e42 | 6128 | struct io_kiocb *prev, *req = data->req; |
| 2665abfd | 6129 | struct io_ring_ctx *ctx = req->ctx; |
| 2665abfd | 6130 | unsigned long flags; |
| 2665abfd JA |
6131 | |
| 6132 | spin_lock_irqsave(&ctx->completion_lock, flags); | |
| 90cd7e42 PB |
6133 | prev = req->timeout.head; |
| 6134 | req->timeout.head = NULL; | |
| 2665abfd JA |
6135 | |
| 6136 | /* | |
| 6137 | * We don't expect the list to be empty, that will only happen if we | |
| 6138 | * race with the completion of the linked work. | |
| 6139 | */ | |
| 90cd7e42 | 6140 | if (prev && refcount_inc_not_zero(&prev->refs)) |
| f2f87370 | 6141 | io_remove_next_linked(prev); |
| 90cd7e42 PB |
6142 | else |
| 6143 | prev = NULL; | |
| 2665abfd JA |
6144 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| 6145 | ||
| 6146 | if (prev) { | |
| 4e88d6e7 | 6147 | req_set_fail_links(prev); |
| 014db007 | 6148 | io_async_find_and_cancel(ctx, req, prev->user_data, -ETIME); |
| 9ae1f8dd | 6149 | io_put_req_deferred(prev, 1); |
| 47f46768 | 6150 | } else { |
| 9ae1f8dd PB |
6151 | io_req_complete_post(req, -ETIME, 0); |
| 6152 | io_put_req_deferred(req, 1); | |
| 2665abfd | 6153 | } |
| 2665abfd JA |
6154 | return HRTIMER_NORESTART; |
| 6155 | } | |
| 6156 | ||
| 7271ef3a | 6157 | static void __io_queue_linked_timeout(struct io_kiocb *req) |
| 2665abfd | 6158 | { |
| 76a46e06 | 6159 | /* |
| f2f87370 PB |
6160 | * If the back reference is NULL, then our linked request finished |
| 6161 | * before we got a chance to setup the timer | |
| 76a46e06 | 6162 | */ |
| 90cd7e42 | 6163 | if (req->timeout.head) { |
| e8c2bc1f | 6164 | struct io_timeout_data *data = req->async_data; |
| 94ae5e77 | 6165 | |
| ad8a48ac JA |
6166 | data->timer.function = io_link_timeout_fn; |
| 6167 | hrtimer_start(&data->timer, timespec64_to_ktime(data->ts), | |
| 6168 | data->mode); | |
| 2665abfd | 6169 | } |
| 7271ef3a JA |
6170 | } |
| 6171 | ||
| 6172 | static void io_queue_linked_timeout(struct io_kiocb *req) | |
| 6173 | { | |
| 6174 | struct io_ring_ctx *ctx = req->ctx; | |
| 6175 | ||
| 6176 | spin_lock_irq(&ctx->completion_lock); | |
| 6177 | __io_queue_linked_timeout(req); | |
| 76a46e06 | 6178 | spin_unlock_irq(&ctx->completion_lock); |
| 2665abfd | 6179 | |
| 2665abfd | 6180 | /* drop submission reference */ |
| 76a46e06 JA |
6181 | io_put_req(req); |
| 6182 | } | |
| 2665abfd | 6183 | |
| ad8a48ac | 6184 | static struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) |
| 2665abfd | 6185 | { |
| f2f87370 | 6186 | struct io_kiocb *nxt = req->link; |
| 2665abfd | 6187 | |
| f2f87370 PB |
6188 | if (!nxt || (req->flags & REQ_F_LINK_TIMEOUT) || |
| 6189 | nxt->opcode != IORING_OP_LINK_TIMEOUT) | |
| 76a46e06 | 6190 | return NULL; |
| 2665abfd | 6191 | |
| 90cd7e42 | 6192 | nxt->timeout.head = req; |
| 900fad45 | 6193 | nxt->flags |= REQ_F_LTIMEOUT_ACTIVE; |
| 76a46e06 | 6194 | req->flags |= REQ_F_LINK_TIMEOUT; |
| 76a46e06 | 6195 | return nxt; |
| 2665abfd JA |
6196 | } |
| 6197 | ||
| c5eef2b9 | 6198 | static void __io_queue_sqe(struct io_kiocb *req) |
| 2b188cc1 | 6199 | { |
| d3d7298d | 6200 | struct io_kiocb *linked_timeout = io_prep_linked_timeout(req); |
| e0c5c576 | 6201 | int ret; |
| 2b188cc1 | 6202 | |
| c5eef2b9 | 6203 | ret = io_issue_sqe(req, IO_URING_F_NONBLOCK|IO_URING_F_COMPLETE_DEFER); |
| 193155c8 | 6204 | |
| 491381ce JA |
6205 | /* |
| 6206 | * We async punt it if the file wasn't marked NOWAIT, or if the file | |
| 6207 | * doesn't support non-blocking read/write attempts | |
| 6208 | */ | |
| 24c74678 | 6209 | if (ret == -EAGAIN && !(req->flags & REQ_F_NOWAIT)) { |
| f063c547 | 6210 | if (!io_arm_poll_handler(req)) { |
| f063c547 PB |
6211 | /* |
| 6212 | * Queued up for async execution, worker will release | |
| 6213 | * submit reference when the iocb is actually submitted. | |
| 6214 | */ | |
| 6215 | io_queue_async_work(req); | |
| 2b188cc1 | 6216 | } |
| 0d63c148 PB |
6217 | } else if (likely(!ret)) { |
| 6218 | /* drop submission reference */ | |
| e342c807 | 6219 | if (req->flags & REQ_F_COMPLETE_INLINE) { |
| c5eef2b9 PB |
6220 | struct io_ring_ctx *ctx = req->ctx; |
| 6221 | struct io_comp_state *cs = &ctx->submit_state.comp; | |
| e65ef56d | 6222 | |
| 6dd0be1e | 6223 | cs->reqs[cs->nr++] = req; |
| d3d7298d | 6224 | if (cs->nr == ARRAY_SIZE(cs->reqs)) |
| c5eef2b9 | 6225 | io_submit_flush_completions(cs, ctx); |
| 9affd664 | 6226 | } else { |
| d3d7298d | 6227 | io_put_req(req); |
| 0d63c148 PB |
6228 | } |
| 6229 | } else { | |
| 4e88d6e7 | 6230 | req_set_fail_links(req); |
| e65ef56d | 6231 | io_put_req(req); |
| e1e16097 | 6232 | io_req_complete(req, ret); |
| 9e645e11 | 6233 | } |
| d3d7298d PB |
6234 | if (linked_timeout) |
| 6235 | io_queue_linked_timeout(linked_timeout); | |
| 2b188cc1 JA |
6236 | } |
| 6237 | ||
| be7053b7 | 6238 | static void io_queue_sqe(struct io_kiocb *req) |
| 4fe2c963 JL |
6239 | { |
| 6240 | int ret; | |
| 6241 | ||
| be7053b7 | 6242 | ret = io_req_defer(req); |
| 4fe2c963 JL |
6243 | if (ret) { |
| 6244 | if (ret != -EIOCBQUEUED) { | |
| 1118591a | 6245 | fail_req: |
| 4e88d6e7 | 6246 | req_set_fail_links(req); |
| e1e16097 JA |
6247 | io_put_req(req); |
| 6248 | io_req_complete(req, ret); | |
| 4fe2c963 | 6249 | } |
| 2550878f | 6250 | } else if (req->flags & REQ_F_FORCE_ASYNC) { |
| be7053b7 PB |
6251 | ret = io_req_defer_prep(req); |
| 6252 | if (unlikely(ret)) | |
| 6253 | goto fail_req; | |
| ce35a47a JA |
6254 | io_queue_async_work(req); |
| 6255 | } else { | |
| c5eef2b9 | 6256 | __io_queue_sqe(req); |
| ce35a47a | 6257 | } |
| 4fe2c963 JL |
6258 | } |
| 6259 | ||
| b16fed66 PB |
6260 | /* |
| 6261 | * Check SQE restrictions (opcode and flags). | |
| 6262 | * | |
| 6263 | * Returns 'true' if SQE is allowed, 'false' otherwise. | |
| 6264 | */ | |
| 6265 | static inline bool io_check_restriction(struct io_ring_ctx *ctx, | |
| 6266 | struct io_kiocb *req, | |
| 6267 | unsigned int sqe_flags) | |
| 4fe2c963 | 6268 | { |
| b16fed66 PB |
6269 | if (!ctx->restricted) |
| 6270 | return true; | |
| 6271 | ||
| 6272 | if (!test_bit(req->opcode, ctx->restrictions.sqe_op)) | |
| 6273 | return false; | |
| 6274 | ||
| 6275 | if ((sqe_flags & ctx->restrictions.sqe_flags_required) != | |
| 6276 | ctx->restrictions.sqe_flags_required) | |
| 6277 | return false; | |
| 6278 | ||
| 6279 | if (sqe_flags & ~(ctx->restrictions.sqe_flags_allowed | | |
| 6280 | ctx->restrictions.sqe_flags_required)) | |
| 6281 | return false; | |
| 6282 | ||
| 6283 | return true; | |
| 4fe2c963 JL |
6284 | } |
| 6285 | ||
| b16fed66 PB |
6286 | static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, |
| 6287 | const struct io_uring_sqe *sqe) | |
| 6288 | { | |
| 6289 | struct io_submit_state *state; | |
| 6290 | unsigned int sqe_flags; | |
| 003e8dcc | 6291 | int personality, ret = 0; |
| b16fed66 PB |
6292 | |
| 6293 | req->opcode = READ_ONCE(sqe->opcode); | |
| 6294 | /* same numerical values with corresponding REQ_F_*, safe to copy */ | |
| 6295 | req->flags = sqe_flags = READ_ONCE(sqe->flags); | |
| 6296 | req->user_data = READ_ONCE(sqe->user_data); | |
| 6297 | req->async_data = NULL; | |
| 6298 | req->file = NULL; | |
| 6299 | req->ctx = ctx; | |
| 6300 | req->link = NULL; | |
| 6301 | req->fixed_rsrc_refs = NULL; | |
| 6302 | /* one is dropped after submission, the other at completion */ | |
| 6303 | refcount_set(&req->refs, 2); | |
| 6304 | req->task = current; | |
| 6305 | req->result = 0; | |
| 6306 | ||
| 6307 | /* enforce forwards compatibility on users */ | |
| ebf4a5db PB |
6308 | if (unlikely(sqe_flags & ~SQE_VALID_FLAGS)) { |
| 6309 | req->flags = 0; | |
| b16fed66 | 6310 | return -EINVAL; |
| ebf4a5db | 6311 | } |
| b16fed66 PB |
6312 | |
| 6313 | if (unlikely(req->opcode >= IORING_OP_LAST)) | |
| 6314 | return -EINVAL; | |
| 6315 | ||
| b16fed66 PB |
6316 | if (unlikely(!io_check_restriction(ctx, req, sqe_flags))) |
| 6317 | return -EACCES; | |
| 6318 | ||
| 6319 | if ((sqe_flags & IOSQE_BUFFER_SELECT) && | |
| 6320 | !io_op_defs[req->opcode].buffer_select) | |
| 6321 | return -EOPNOTSUPP; | |
| 863e0560 | 6322 | |
| 5730b27e | 6323 | req->work.list.next = NULL; |
| 003e8dcc JA |
6324 | personality = READ_ONCE(sqe->personality); |
| 6325 | if (personality) { | |
| 6326 | req->work.creds = idr_find(&ctx->personality_idr, personality); | |
| 6327 | if (!req->work.creds) | |
| 6328 | return -EINVAL; | |
| 6329 | get_cred(req->work.creds); | |
| 6330 | } else { | |
| 6331 | req->work.creds = NULL; | |
| 6332 | } | |
| 5730b27e | 6333 | req->work.flags = 0; |
| b16fed66 PB |
6334 | state = &ctx->submit_state; |
| 6335 | ||
| 6336 | /* | |
| 6337 | * Plug now if we have more than 1 IO left after this, and the target | |
| 6338 | * is potentially a read/write to block based storage. | |
| 6339 | */ | |
| 6340 | if (!state->plug_started && state->ios_left > 1 && | |
| 6341 | io_op_defs[req->opcode].plug) { | |
| 6342 | blk_start_plug(&state->plug); | |
| 6343 | state->plug_started = true; | |
| 6344 | } | |
| 6345 | ||
| 6346 | if (io_op_defs[req->opcode].needs_file) { | |
| 6347 | bool fixed = req->flags & REQ_F_FIXED_FILE; | |
| 6348 | ||
| 6349 | req->file = io_file_get(state, req, READ_ONCE(sqe->fd), fixed); | |
| 6350 | if (unlikely(!req->file)) | |
| 6351 | ret = -EBADF; | |
| 6352 | } | |
| 6353 | ||
| 6354 | state->ios_left--; | |
| 6355 | return ret; | |
| 6356 | } | |
| 6357 | ||
| a6b8cadc | 6358 | static int io_submit_sqe(struct io_ring_ctx *ctx, struct io_kiocb *req, |
| a1ab7b35 | 6359 | const struct io_uring_sqe *sqe) |
| 9e645e11 | 6360 | { |
| a1ab7b35 | 6361 | struct io_submit_link *link = &ctx->submit_state.link; |
| ef4ff581 | 6362 | int ret; |
| 9e645e11 | 6363 | |
| a6b8cadc PB |
6364 | ret = io_init_req(ctx, req, sqe); |
| 6365 | if (unlikely(ret)) { | |
| 6366 | fail_req: | |
| 6367 | io_put_req(req); | |
| 6368 | io_req_complete(req, ret); | |
| de59bc10 PB |
6369 | if (link->head) { |
| 6370 | /* fail even hard links since we don't submit */ | |
| cf109604 | 6371 | link->head->flags |= REQ_F_FAIL_LINK; |
| de59bc10 PB |
6372 | io_put_req(link->head); |
| 6373 | io_req_complete(link->head, -ECANCELED); | |
| 6374 | link->head = NULL; | |
| 6375 | } | |
| a6b8cadc PB |
6376 | return ret; |
| 6377 | } | |
| be7053b7 PB |
6378 | ret = io_req_prep(req, sqe); |
| 6379 | if (unlikely(ret)) | |
| 6380 | goto fail_req; | |
| a6b8cadc | 6381 | |
| be7053b7 | 6382 | /* don't need @sqe from now on */ |
| a6b8cadc PB |
6383 | trace_io_uring_submit_sqe(ctx, req->opcode, req->user_data, |
| 6384 | true, ctx->flags & IORING_SETUP_SQPOLL); | |
| 6385 | ||
| 9e645e11 JA |
6386 | /* |
| 6387 | * If we already have a head request, queue this one for async | |
| 6388 | * submittal once the head completes. If we don't have a head but | |
| 6389 | * IOSQE_IO_LINK is set in the sqe, start a new head. This one will be | |
| 6390 | * submitted sync once the chain is complete. If none of those | |
| 6391 | * conditions are true (normal request), then just queue it. | |
| 6392 | */ | |
| 863e0560 PB |
6393 | if (link->head) { |
| 6394 | struct io_kiocb *head = link->head; | |
| 4e88d6e7 | 6395 | |
| 8cdf2193 PB |
6396 | /* |
| 6397 | * Taking sequential execution of a link, draining both sides | |
| 6398 | * of the link also fullfils IOSQE_IO_DRAIN semantics for all | |
| 6399 | * requests in the link. So, it drains the head and the | |
| 6400 | * next after the link request. The last one is done via | |
| 6401 | * drain_next flag to persist the effect across calls. | |
| 6402 | */ | |
| ef4ff581 | 6403 | if (req->flags & REQ_F_IO_DRAIN) { |
| 711be031 PB |
6404 | head->flags |= REQ_F_IO_DRAIN; |
| 6405 | ctx->drain_next = 1; | |
| 6406 | } | |
| be7053b7 | 6407 | ret = io_req_defer_prep(req); |
| cf109604 | 6408 | if (unlikely(ret)) |
| a6b8cadc | 6409 | goto fail_req; |
| 9d76377f | 6410 | trace_io_uring_link(ctx, req, head); |
| f2f87370 | 6411 | link->last->link = req; |
| 863e0560 | 6412 | link->last = req; |
| 32fe525b PB |
6413 | |
| 6414 | /* last request of a link, enqueue the link */ | |
| ef4ff581 | 6415 | if (!(req->flags & (REQ_F_LINK | REQ_F_HARDLINK))) { |
| de59bc10 | 6416 | io_queue_sqe(head); |
| 863e0560 | 6417 | link->head = NULL; |
| 32fe525b | 6418 | } |
| 9e645e11 | 6419 | } else { |
| 711be031 PB |
6420 | if (unlikely(ctx->drain_next)) { |
| 6421 | req->flags |= REQ_F_IO_DRAIN; | |
| ef4ff581 | 6422 | ctx->drain_next = 0; |
| 711be031 | 6423 | } |
| ef4ff581 | 6424 | if (req->flags & (REQ_F_LINK | REQ_F_HARDLINK)) { |
| 863e0560 PB |
6425 | link->head = req; |
| 6426 | link->last = req; | |
| 711be031 | 6427 | } else { |
| be7053b7 | 6428 | io_queue_sqe(req); |
| 711be031 | 6429 | } |
| 9e645e11 | 6430 | } |
| 2e6e1fde | 6431 | |
| 1d4240cc | 6432 | return 0; |
| 9e645e11 JA |
6433 | } |
| 6434 | ||
| 9a56a232 JA |
6435 | /* |
| 6436 | * Batched submission is done, ensure local IO is flushed out. | |
| 6437 | */ | |
| ba88ff11 PB |
6438 | static void io_submit_state_end(struct io_submit_state *state, |
| 6439 | struct io_ring_ctx *ctx) | |
| 9a56a232 | 6440 | { |
| a1ab7b35 | 6441 | if (state->link.head) |
| de59bc10 | 6442 | io_queue_sqe(state->link.head); |
| 6dd0be1e | 6443 | if (state->comp.nr) |
| ba88ff11 | 6444 | io_submit_flush_completions(&state->comp, ctx); |
| 27926b68 JA |
6445 | if (state->plug_started) |
| 6446 | blk_finish_plug(&state->plug); | |
| 9f13c35b | 6447 | io_state_file_put(state); |
| 9a56a232 JA |
6448 | } |
| 6449 | ||
| 6450 | /* | |
| 6451 | * Start submission side cache. | |
| 6452 | */ | |
| 6453 | static void io_submit_state_start(struct io_submit_state *state, | |
| ba88ff11 | 6454 | unsigned int max_ios) |
| 9a56a232 | 6455 | { |
| 27926b68 | 6456 | state->plug_started = false; |
| 9a56a232 | 6457 | state->ios_left = max_ios; |
| a1ab7b35 PB |
6458 | /* set only head, no need to init link_last in advance */ |
| 6459 | state->link.head = NULL; | |
| 9a56a232 JA |
6460 | } |
| 6461 | ||
| 2b188cc1 JA |
6462 | static void io_commit_sqring(struct io_ring_ctx *ctx) |
| 6463 | { | |
| 75b28aff | 6464 | struct io_rings *rings = ctx->rings; |
| 2b188cc1 | 6465 | |
| caf582c6 PB |
6466 | /* |
| 6467 | * Ensure any loads from the SQEs are done at this point, | |
| 6468 | * since once we write the new head, the application could | |
| 6469 | * write new data to them. | |
| 6470 | */ | |
| 6471 | smp_store_release(&rings->sq.head, ctx->cached_sq_head); | |
| 2b188cc1 JA |
6472 | } |
| 6473 | ||
| 2b188cc1 | 6474 | /* |
| 3529d8c2 | 6475 | * Fetch an sqe, if one is available. Note that sqe_ptr will point to memory |
| 2b188cc1 JA |
6476 | * that is mapped by userspace. This means that care needs to be taken to |
| 6477 | * ensure that reads are stable, as we cannot rely on userspace always | |
| 6478 | * being a good citizen. If members of the sqe are validated and then later | |
| 6479 | * used, it's important that those reads are done through READ_ONCE() to | |
| 6480 | * prevent a re-load down the line. | |
| 6481 | */ | |
| 709b302f | 6482 | static const struct io_uring_sqe *io_get_sqe(struct io_ring_ctx *ctx) |
| 2b188cc1 | 6483 | { |
| 75b28aff | 6484 | u32 *sq_array = ctx->sq_array; |
| 2b188cc1 JA |
6485 | unsigned head; |
| 6486 | ||
| 6487 | /* | |
| 6488 | * The cached sq head (or cq tail) serves two purposes: | |
| 6489 | * | |
| 6490 | * 1) allows us to batch the cost of updating the user visible | |
| 6491 | * head updates. | |
| 6492 | * 2) allows the kernel side to track the head on its own, even | |
| 6493 | * though the application is the one updating it. | |
| 6494 | */ | |
| 4fccfcbb | 6495 | head = READ_ONCE(sq_array[ctx->cached_sq_head++ & ctx->sq_mask]); |
| 709b302f PB |
6496 | if (likely(head < ctx->sq_entries)) |
| 6497 | return &ctx->sq_sqes[head]; | |
| 2b188cc1 JA |
6498 | |
| 6499 | /* drop invalid entries */ | |
| 498ccd9e | 6500 | ctx->cached_sq_dropped++; |
| ee7d46d9 | 6501 | WRITE_ONCE(ctx->rings->sq_dropped, ctx->cached_sq_dropped); |
| 709b302f PB |
6502 | return NULL; |
| 6503 | } | |
| 6504 | ||
| 0f212204 | 6505 | static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr) |
| 6c271ce2 | 6506 | { |
| 46c4e16a | 6507 | int submitted = 0; |
| 6c271ce2 | 6508 | |
| c4a2ed72 | 6509 | /* if we have a backlog and couldn't flush it all, return BUSY */ |
| ad3eb2c8 | 6510 | if (test_bit(0, &ctx->sq_check_overflow)) { |
| 6c503150 | 6511 | if (!__io_cqring_overflow_flush(ctx, false, NULL, NULL)) |
| ad3eb2c8 JA |
6512 | return -EBUSY; |
| 6513 | } | |
| 6c271ce2 | 6514 | |
| ee7d46d9 PB |
6515 | /* make sure SQ entry isn't read before tail */ |
| 6516 | nr = min3(nr, ctx->sq_entries, io_sqring_entries(ctx)); | |
| 9ef4f124 | 6517 | |
| 2b85edfc PB |
6518 | if (!percpu_ref_tryget_many(&ctx->refs, nr)) |
| 6519 | return -EAGAIN; | |
| 6c271ce2 | 6520 | |
| d8a6df10 | 6521 | percpu_counter_add(¤t->io_uring->inflight, nr); |
| faf7b51c | 6522 | refcount_add(nr, ¤t->usage); |
| ba88ff11 | 6523 | io_submit_state_start(&ctx->submit_state, nr); |
| b14cca0c | 6524 | |
| 46c4e16a | 6525 | while (submitted < nr) { |
| 3529d8c2 | 6526 | const struct io_uring_sqe *sqe; |
| 196be95c | 6527 | struct io_kiocb *req; |
| fb5ccc98 | 6528 | |
| 258b29a9 | 6529 | req = io_alloc_req(ctx); |
| 196be95c PB |
6530 | if (unlikely(!req)) { |
| 6531 | if (!submitted) | |
| 6532 | submitted = -EAGAIN; | |
| fb5ccc98 | 6533 | break; |
| 196be95c | 6534 | } |
| 4fccfcbb PB |
6535 | sqe = io_get_sqe(ctx); |
| 6536 | if (unlikely(!sqe)) { | |
| 6537 | kmem_cache_free(req_cachep, req); | |
| 6538 | break; | |
| 6539 | } | |
| d3656344 JA |
6540 | /* will complete beyond this point, count as submitted */ |
| 6541 | submitted++; | |
| a1ab7b35 | 6542 | if (io_submit_sqe(ctx, req, sqe)) |
| 196be95c | 6543 | break; |
| 6c271ce2 JA |
6544 | } |
| 6545 | ||
| 9466f437 PB |
6546 | if (unlikely(submitted != nr)) { |
| 6547 | int ref_used = (submitted == -EAGAIN) ? 0 : submitted; | |
| d8a6df10 JA |
6548 | struct io_uring_task *tctx = current->io_uring; |
| 6549 | int unused = nr - ref_used; | |
| 9466f437 | 6550 | |
| d8a6df10 JA |
6551 | percpu_ref_put_many(&ctx->refs, unused); |
| 6552 | percpu_counter_sub(&tctx->inflight, unused); | |
| 6553 | put_task_struct_many(current, unused); | |
| 9466f437 | 6554 | } |
| 6c271ce2 | 6555 | |
| a1ab7b35 | 6556 | io_submit_state_end(&ctx->submit_state, ctx); |
| ae9428ca PB |
6557 | /* Commit SQ ring head once we've consumed and submitted all SQEs */ |
| 6558 | io_commit_sqring(ctx); | |
| 6559 | ||
| 6c271ce2 JA |
6560 | return submitted; |
| 6561 | } | |
| 6562 | ||
| 23b3628e XW |
6563 | static inline void io_ring_set_wakeup_flag(struct io_ring_ctx *ctx) |
| 6564 | { | |
| 6565 | /* Tell userspace we may need a wakeup call */ | |
| 6566 | spin_lock_irq(&ctx->completion_lock); | |
| 6567 | ctx->rings->sq_flags |= IORING_SQ_NEED_WAKEUP; | |
| 6568 | spin_unlock_irq(&ctx->completion_lock); | |
| 6569 | } | |
| 6570 | ||
| 6571 | static inline void io_ring_clear_wakeup_flag(struct io_ring_ctx *ctx) | |
| 6572 | { | |
| 6573 | spin_lock_irq(&ctx->completion_lock); | |
| 6574 | ctx->rings->sq_flags &= ~IORING_SQ_NEED_WAKEUP; | |
| 6575 | spin_unlock_irq(&ctx->completion_lock); | |
| 6576 | } | |
| 6577 | ||
| 08369246 | 6578 | static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) |
| 6c271ce2 | 6579 | { |
| c8d1ba58 | 6580 | unsigned int to_submit; |
| bdcd3eab | 6581 | int ret = 0; |
| 6c271ce2 | 6582 | |
| c8d1ba58 | 6583 | to_submit = io_sqring_entries(ctx); |
| e95eee2d JA |
6584 | /* if we're handling multiple rings, cap submit size for fairness */ |
| 6585 | if (cap_entries && to_submit > 8) | |
| 6586 | to_submit = 8; | |
| 6587 | ||
| 906a3c6f | 6588 | if (!list_empty(&ctx->iopoll_list) || to_submit) { |
| c8d1ba58 | 6589 | unsigned nr_events = 0; |
| a4c0b3de | 6590 | |
| c8d1ba58 | 6591 | mutex_lock(&ctx->uring_lock); |
| 906a3c6f | 6592 | if (!list_empty(&ctx->iopoll_list)) |
| c8d1ba58 | 6593 | io_do_iopoll(ctx, &nr_events, 0); |
| 906a3c6f | 6594 | |
| 70aacfe6 | 6595 | if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs))) |
| 08369246 | 6596 | ret = io_submit_sqes(ctx, to_submit); |
| c8d1ba58 JA |
6597 | mutex_unlock(&ctx->uring_lock); |
| 6598 | } | |
| 6c271ce2 | 6599 | |
| 90554200 JA |
6600 | if (!io_sqring_full(ctx) && wq_has_sleeper(&ctx->sqo_sq_wait)) |
| 6601 | wake_up(&ctx->sqo_sq_wait); | |
| 6c271ce2 | 6602 | |
| 08369246 XW |
6603 | return ret; |
| 6604 | } | |
| 6c271ce2 | 6605 | |
| 08369246 XW |
6606 | static void io_sqd_update_thread_idle(struct io_sq_data *sqd) |
| 6607 | { | |
| 6608 | struct io_ring_ctx *ctx; | |
| 6609 | unsigned sq_thread_idle = 0; | |
| 6c271ce2 | 6610 | |
| 08369246 XW |
6611 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { |
| 6612 | if (sq_thread_idle < ctx->sq_thread_idle) | |
| 6613 | sq_thread_idle = ctx->sq_thread_idle; | |
| c8d1ba58 | 6614 | } |
| c1edbf5f | 6615 | |
| 08369246 | 6616 | sqd->sq_thread_idle = sq_thread_idle; |
| c8d1ba58 | 6617 | } |
| 6c271ce2 | 6618 | |
| 69fb2131 JA |
6619 | static void io_sqd_init_new(struct io_sq_data *sqd) |
| 6620 | { | |
| 6621 | struct io_ring_ctx *ctx; | |
| 6622 | ||
| 6623 | while (!list_empty(&sqd->ctx_new_list)) { | |
| 6624 | ctx = list_first_entry(&sqd->ctx_new_list, struct io_ring_ctx, sqd_list); | |
| 69fb2131 JA |
6625 | list_move_tail(&ctx->sqd_list, &sqd->ctx_list); |
| 6626 | complete(&ctx->sq_thread_comp); | |
| 6627 | } | |
| 08369246 XW |
6628 | |
| 6629 | io_sqd_update_thread_idle(sqd); | |
| 69fb2131 JA |
6630 | } |
| 6631 | ||
| 37d1e2e3 JA |
6632 | static bool io_sq_thread_should_stop(struct io_sq_data *sqd) |
| 6633 | { | |
| 6634 | return test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); | |
| 6635 | } | |
| 6636 | ||
| 6637 | static bool io_sq_thread_should_park(struct io_sq_data *sqd) | |
| 6638 | { | |
| 6639 | return test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); | |
| 6640 | } | |
| 6641 | ||
| 6642 | static void io_sq_thread_parkme(struct io_sq_data *sqd) | |
| 6643 | { | |
| 6644 | for (;;) { | |
| 6645 | /* | |
| 6646 | * TASK_PARKED is a special state; we must serialize against | |
| 6647 | * possible pending wakeups to avoid store-store collisions on | |
| 6648 | * task->state. | |
| 6649 | * | |
| 6650 | * Such a collision might possibly result in the task state | |
| 6651 | * changin from TASK_PARKED and us failing the | |
| 6652 | * wait_task_inactive() in kthread_park(). | |
| 6653 | */ | |
| 6654 | set_special_state(TASK_PARKED); | |
| 6655 | if (!test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state)) | |
| 6656 | break; | |
| 6657 | ||
| 6658 | /* | |
| 6659 | * Thread is going to call schedule(), do not preempt it, | |
| 6660 | * or the caller of kthread_park() may spend more time in | |
| 6661 | * wait_task_inactive(). | |
| 6662 | */ | |
| 6663 | preempt_disable(); | |
| 86e0d676 | 6664 | complete(&sqd->parked); |
| 37d1e2e3 JA |
6665 | schedule_preempt_disabled(); |
| 6666 | preempt_enable(); | |
| 6667 | } | |
| 6668 | __set_current_state(TASK_RUNNING); | |
| 6669 | } | |
| 6670 | ||
| c8d1ba58 JA |
6671 | static int io_sq_thread(void *data) |
| 6672 | { | |
| 69fb2131 JA |
6673 | struct io_sq_data *sqd = data; |
| 6674 | struct io_ring_ctx *ctx; | |
| a0d9205f | 6675 | unsigned long timeout = 0; |
| 37d1e2e3 | 6676 | char buf[TASK_COMM_LEN]; |
| 08369246 | 6677 | DEFINE_WAIT(wait); |
| 6c271ce2 | 6678 | |
| 37d1e2e3 JA |
6679 | sprintf(buf, "iou-sqp-%d", sqd->task_pid); |
| 6680 | set_task_comm(current, buf); | |
| 37d1e2e3 JA |
6681 | current->pf_io_worker = NULL; |
| 6682 | ||
| 6683 | if (sqd->sq_cpu != -1) | |
| 6684 | set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu)); | |
| 6685 | else | |
| 6686 | set_cpus_allowed_ptr(current, cpu_online_mask); | |
| 6687 | current->flags |= PF_NO_SETAFFINITY; | |
| 6688 | ||
| 37d1e2e3 JA |
6689 | wait_for_completion(&sqd->startup); |
| 6690 | ||
| 6691 | while (!io_sq_thread_should_stop(sqd)) { | |
| 08369246 XW |
6692 | int ret; |
| 6693 | bool cap_entries, sqt_spin, needs_sched; | |
| c1edbf5f JA |
6694 | |
| 6695 | /* | |
| 69fb2131 | 6696 | * Any changes to the sqd lists are synchronized through the |
| 37d1e2e3 | 6697 | * thread parking. This synchronizes the thread vs users, |
| 69fb2131 | 6698 | * the users are synchronized on the sqd->ctx_lock. |
| c1edbf5f | 6699 | */ |
| 37d1e2e3 JA |
6700 | if (io_sq_thread_should_park(sqd)) { |
| 6701 | io_sq_thread_parkme(sqd); | |
| 6702 | continue; | |
| 65b2b213 | 6703 | } |
| 08369246 | 6704 | if (unlikely(!list_empty(&sqd->ctx_new_list))) { |
| 69fb2131 | 6705 | io_sqd_init_new(sqd); |
| 08369246 XW |
6706 | timeout = jiffies + sqd->sq_thread_idle; |
| 6707 | } | |
| 37d1e2e3 JA |
6708 | if (fatal_signal_pending(current)) |
| 6709 | break; | |
| 08369246 | 6710 | sqt_spin = false; |
| e95eee2d | 6711 | cap_entries = !list_is_singular(&sqd->ctx_list); |
| 69fb2131 | 6712 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { |
| 08369246 XW |
6713 | ret = __io_sq_thread(ctx, cap_entries); |
| 6714 | if (!sqt_spin && (ret > 0 || !list_empty(&ctx->iopoll_list))) | |
| 6715 | sqt_spin = true; | |
| 69fb2131 | 6716 | } |
| 6c271ce2 | 6717 | |
| 08369246 | 6718 | if (sqt_spin || !time_after(jiffies, timeout)) { |
| c8d1ba58 JA |
6719 | io_run_task_work(); |
| 6720 | cond_resched(); | |
| 08369246 XW |
6721 | if (sqt_spin) |
| 6722 | timeout = jiffies + sqd->sq_thread_idle; | |
| 6723 | continue; | |
| 6724 | } | |
| 6725 | ||
| 08369246 XW |
6726 | needs_sched = true; |
| 6727 | prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE); | |
| 6728 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { | |
| 6729 | if ((ctx->flags & IORING_SETUP_IOPOLL) && | |
| 6730 | !list_empty_careful(&ctx->iopoll_list)) { | |
| 6731 | needs_sched = false; | |
| 6732 | break; | |
| 6733 | } | |
| 6734 | if (io_sqring_entries(ctx)) { | |
| 6735 | needs_sched = false; | |
| 6736 | break; | |
| 6737 | } | |
| 6738 | } | |
| 6739 | ||
| 37d1e2e3 | 6740 | if (needs_sched && !io_sq_thread_should_park(sqd)) { |
| 69fb2131 JA |
6741 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) |
| 6742 | io_ring_set_wakeup_flag(ctx); | |
| 08369246 | 6743 | |
| 69fb2131 | 6744 | schedule(); |
| e4b4a13f | 6745 | try_to_freeze(); |
| 69fb2131 JA |
6746 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) |
| 6747 | io_ring_clear_wakeup_flag(ctx); | |
| 6c271ce2 | 6748 | } |
| 08369246 XW |
6749 | |
| 6750 | finish_wait(&sqd->wait, &wait); | |
| 6751 | timeout = jiffies + sqd->sq_thread_idle; | |
| 6c271ce2 JA |
6752 | } |
| 6753 | ||
| 37d1e2e3 JA |
6754 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) |
| 6755 | io_uring_cancel_sqpoll(ctx); | |
| 06058632 | 6756 | |
| 37d1e2e3 | 6757 | io_run_task_work(); |
| 28cea78a | 6758 | |
| 37d1e2e3 | 6759 | /* |
| 86e0d676 JA |
6760 | * Ensure that we park properly if racing with someone trying to park |
| 6761 | * while we're exiting. If we fail to grab the lock, check park and | |
| 6762 | * park if necessary. The ordering with the park bit and the lock | |
| 6763 | * ensures that we catch this reliably. | |
| 37d1e2e3 | 6764 | */ |
| 86e0d676 JA |
6765 | if (!mutex_trylock(&sqd->lock)) { |
| 6766 | if (io_sq_thread_should_park(sqd)) | |
| 6767 | io_sq_thread_parkme(sqd); | |
| 6768 | mutex_lock(&sqd->lock); | |
| 6769 | } | |
| 6770 | ||
| 37d1e2e3 | 6771 | sqd->thread = NULL; |
| 5f3f26f9 JA |
6772 | list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { |
| 6773 | ctx->sqo_exec = 1; | |
| 6774 | io_ring_set_wakeup_flag(ctx); | |
| 6775 | } | |
| 06058632 | 6776 | |
| 37d1e2e3 | 6777 | complete(&sqd->exited); |
| e54945ae | 6778 | mutex_unlock(&sqd->lock); |
| 37d1e2e3 | 6779 | do_exit(0); |
| 6c271ce2 JA |
6780 | } |
| 6781 | ||
| bda52162 JA |
6782 | struct io_wait_queue { |
| 6783 | struct wait_queue_entry wq; | |
| 6784 | struct io_ring_ctx *ctx; | |
| 6785 | unsigned to_wait; | |
| 6786 | unsigned nr_timeouts; | |
| 6787 | }; | |
| 6788 | ||
| 6c503150 | 6789 | static inline bool io_should_wake(struct io_wait_queue *iowq) |
| bda52162 JA |
6790 | { |
| 6791 | struct io_ring_ctx *ctx = iowq->ctx; | |
| 6792 | ||
| 6793 | /* | |
| d195a66e | 6794 | * Wake up if we have enough events, or if a timeout occurred since we |
| bda52162 JA |
6795 | * started waiting. For timeouts, we always want to return to userspace, |
| 6796 | * regardless of event count. | |
| 6797 | */ | |
| 6c503150 | 6798 | return io_cqring_events(ctx) >= iowq->to_wait || |
| bda52162 JA |
6799 | atomic_read(&ctx->cq_timeouts) != iowq->nr_timeouts; |
| 6800 | } | |
| 6801 | ||
| 6802 | static int io_wake_function(struct wait_queue_entry *curr, unsigned int mode, | |
| 6803 | int wake_flags, void *key) | |
| 6804 | { | |
| 6805 | struct io_wait_queue *iowq = container_of(curr, struct io_wait_queue, | |
| 6806 | wq); | |
| 6807 | ||
| 6c503150 PB |
6808 | /* |
| 6809 | * Cannot safely flush overflowed CQEs from here, ensure we wake up | |
| 6810 | * the task, and the next invocation will do it. | |
| 6811 | */ | |
| 6812 | if (io_should_wake(iowq) || test_bit(0, &iowq->ctx->cq_check_overflow)) | |
| 6813 | return autoremove_wake_function(curr, mode, wake_flags, key); | |
| 6814 | return -1; | |
| bda52162 JA |
6815 | } |
| 6816 | ||
| af9c1a44 JA |
6817 | static int io_run_task_work_sig(void) |
| 6818 | { | |
| 6819 | if (io_run_task_work()) | |
| 6820 | return 1; | |
| 6821 | if (!signal_pending(current)) | |
| 6822 | return 0; | |
| 792ee0f6 JA |
6823 | if (test_tsk_thread_flag(current, TIF_NOTIFY_SIGNAL)) |
| 6824 | return -ERESTARTSYS; | |
| af9c1a44 JA |
6825 | return -EINTR; |
| 6826 | } | |
| 6827 | ||
| eeb60b9a PB |
6828 | /* when returns >0, the caller should retry */ |
| 6829 | static inline int io_cqring_wait_schedule(struct io_ring_ctx *ctx, | |
| 6830 | struct io_wait_queue *iowq, | |
| 6831 | signed long *timeout) | |
| 6832 | { | |
| 6833 | int ret; | |
| 6834 | ||
| 6835 | /* make sure we run task_work before checking for signals */ | |
| 6836 | ret = io_run_task_work_sig(); | |
| 6837 | if (ret || io_should_wake(iowq)) | |
| 6838 | return ret; | |
| 6839 | /* let the caller flush overflows, retry */ | |
| 6840 | if (test_bit(0, &ctx->cq_check_overflow)) | |
| 6841 | return 1; | |
| 6842 | ||
| 6843 | *timeout = schedule_timeout(*timeout); | |
| 6844 | return !*timeout ? -ETIME : 1; | |
| 6845 | } | |
| 6846 | ||
| 2b188cc1 JA |
6847 | /* |
| 6848 | * Wait until events become available, if we don't already have some. The | |
| 6849 | * application must reap them itself, as they reside on the shared cq ring. | |
| 6850 | */ | |
| 6851 | static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, | |
| c73ebb68 HX |
6852 | const sigset_t __user *sig, size_t sigsz, |
| 6853 | struct __kernel_timespec __user *uts) | |
| 2b188cc1 | 6854 | { |
| bda52162 JA |
6855 | struct io_wait_queue iowq = { |
| 6856 | .wq = { | |
| 6857 | .private = current, | |
| 6858 | .func = io_wake_function, | |
| 6859 | .entry = LIST_HEAD_INIT(iowq.wq.entry), | |
| 6860 | }, | |
| 6861 | .ctx = ctx, | |
| 6862 | .to_wait = min_events, | |
| 6863 | }; | |
| 75b28aff | 6864 | struct io_rings *rings = ctx->rings; |
| c1d5a224 PB |
6865 | signed long timeout = MAX_SCHEDULE_TIMEOUT; |
| 6866 | int ret; | |
| 2b188cc1 | 6867 | |
| b41e9852 | 6868 | do { |
| 6c503150 PB |
6869 | io_cqring_overflow_flush(ctx, false, NULL, NULL); |
| 6870 | if (io_cqring_events(ctx) >= min_events) | |
| b41e9852 | 6871 | return 0; |
| 4c6e277c | 6872 | if (!io_run_task_work()) |
| b41e9852 | 6873 | break; |
| b41e9852 | 6874 | } while (1); |
| 2b188cc1 JA |
6875 | |
| 6876 | if (sig) { | |
| 9e75ad5d AB |
6877 | #ifdef CONFIG_COMPAT |
| 6878 | if (in_compat_syscall()) | |
| 6879 | ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, | |
| b772434b | 6880 | sigsz); |
| 9e75ad5d AB |
6881 | else |
| 6882 | #endif | |
| b772434b | 6883 | ret = set_user_sigmask(sig, sigsz); |
| 9e75ad5d | 6884 | |
| 2b188cc1 JA |
6885 | if (ret) |
| 6886 | return ret; | |
| 6887 | } | |
| 6888 | ||
| c73ebb68 | 6889 | if (uts) { |
| c1d5a224 PB |
6890 | struct timespec64 ts; |
| 6891 | ||
| c73ebb68 HX |
6892 | if (get_timespec64(&ts, uts)) |
| 6893 | return -EFAULT; | |
| 6894 | timeout = timespec64_to_jiffies(&ts); | |
| 6895 | } | |
| 6896 | ||
| bda52162 | 6897 | iowq.nr_timeouts = atomic_read(&ctx->cq_timeouts); |
| c826bd7a | 6898 | trace_io_uring_cqring_wait(ctx, min_events); |
| bda52162 | 6899 | do { |
| ca0a2651 JA |
6900 | /* if we can't even flush overflow, don't wait for more */ |
| 6901 | if (!io_cqring_overflow_flush(ctx, false, NULL, NULL)) { | |
| 6902 | ret = -EBUSY; | |
| 6903 | break; | |
| 6904 | } | |
| bda52162 JA |
6905 | prepare_to_wait_exclusive(&ctx->wait, &iowq.wq, |
| 6906 | TASK_INTERRUPTIBLE); | |
| eeb60b9a PB |
6907 | ret = io_cqring_wait_schedule(ctx, &iowq, &timeout); |
| 6908 | finish_wait(&ctx->wait, &iowq.wq); | |
| ca0a2651 | 6909 | cond_resched(); |
| eeb60b9a | 6910 | } while (ret > 0); |
| bda52162 | 6911 | |
| b7db41c9 | 6912 | restore_saved_sigmask_unless(ret == -EINTR); |
| 2b188cc1 | 6913 | |
| 75b28aff | 6914 | return READ_ONCE(rings->cq.head) == READ_ONCE(rings->cq.tail) ? ret : 0; |
| 2b188cc1 JA |
6915 | } |
| 6916 | ||
| 6b06314c JA |
6917 | static void __io_sqe_files_unregister(struct io_ring_ctx *ctx) |
| 6918 | { | |
| 6919 | #if defined(CONFIG_UNIX) | |
| 6920 | if (ctx->ring_sock) { | |
| 6921 | struct sock *sock = ctx->ring_sock->sk; | |
| 6922 | struct sk_buff *skb; | |
| 6923 | ||
| 6924 | while ((skb = skb_dequeue(&sock->sk_receive_queue)) != NULL) | |
| 6925 | kfree_skb(skb); | |
| 6926 | } | |
| 6927 | #else | |
| 6928 | int i; | |
| 6929 | ||
| 65e19f54 JA |
6930 | for (i = 0; i < ctx->nr_user_files; i++) { |
| 6931 | struct file *file; | |
| 6932 | ||
| 6933 | file = io_file_from_index(ctx, i); | |
| 6934 | if (file) | |
| 6935 | fput(file); | |
| 6936 | } | |
| 6b06314c JA |
6937 | #endif |
| 6938 | } | |
| 6939 | ||
| 00835dce | 6940 | static void io_rsrc_data_ref_zero(struct percpu_ref *ref) |
| 05f3fb3c | 6941 | { |
| 269bbe5f | 6942 | struct fixed_rsrc_data *data; |
| 05f3fb3c | 6943 | |
| 269bbe5f | 6944 | data = container_of(ref, struct fixed_rsrc_data, refs); |
| 05f3fb3c JA |
6945 | complete(&data->done); |
| 6946 | } | |
| 6947 | ||
| 2a63b2d9 | 6948 | static inline void io_rsrc_ref_lock(struct io_ring_ctx *ctx) |
| 1642b445 | 6949 | { |
| 2a63b2d9 | 6950 | spin_lock_bh(&ctx->rsrc_ref_lock); |
| 1642b445 PB |
6951 | } |
| 6952 | ||
| 2a63b2d9 | 6953 | static inline void io_rsrc_ref_unlock(struct io_ring_ctx *ctx) |
| 6b06314c | 6954 | { |
| 2a63b2d9 BM |
6955 | spin_unlock_bh(&ctx->rsrc_ref_lock); |
| 6956 | } | |
| 65e19f54 | 6957 | |
| d67d2263 BM |
6958 | static void io_sqe_rsrc_set_node(struct io_ring_ctx *ctx, |
| 6959 | struct fixed_rsrc_data *rsrc_data, | |
| 269bbe5f | 6960 | struct fixed_rsrc_ref_node *ref_node) |
| 1642b445 | 6961 | { |
| 2a63b2d9 | 6962 | io_rsrc_ref_lock(ctx); |
| 269bbe5f | 6963 | rsrc_data->node = ref_node; |
| d67d2263 | 6964 | list_add_tail(&ref_node->node, &ctx->rsrc_ref_list); |
| 2a63b2d9 | 6965 | io_rsrc_ref_unlock(ctx); |
| 269bbe5f | 6966 | percpu_ref_get(&rsrc_data->refs); |
| 1642b445 PB |
6967 | } |
| 6968 | ||
| 8bad28d8 | 6969 | static void io_sqe_rsrc_kill_node(struct io_ring_ctx *ctx, struct fixed_rsrc_data *data) |
| 6b06314c | 6970 | { |
| 8bad28d8 | 6971 | struct fixed_rsrc_ref_node *ref_node = NULL; |
| 6b06314c | 6972 | |
| 2a63b2d9 | 6973 | io_rsrc_ref_lock(ctx); |
| 1e5d770b | 6974 | ref_node = data->node; |
| e6cb007c | 6975 | data->node = NULL; |
| 2a63b2d9 | 6976 | io_rsrc_ref_unlock(ctx); |
| 05589553 XW |
6977 | if (ref_node) |
| 6978 | percpu_ref_kill(&ref_node->refs); | |
| 8bad28d8 HX |
6979 | } |
| 6980 | ||
| 6981 | static int io_rsrc_ref_quiesce(struct fixed_rsrc_data *data, | |
| 6982 | struct io_ring_ctx *ctx, | |
| f2303b1f PB |
6983 | void (*rsrc_put)(struct io_ring_ctx *ctx, |
| 6984 | struct io_rsrc_put *prsrc)) | |
| 8bad28d8 | 6985 | { |
| f2303b1f | 6986 | struct fixed_rsrc_ref_node *backup_node; |
| 8bad28d8 | 6987 | int ret; |
| 05589553 | 6988 | |
| 8bad28d8 HX |
6989 | if (data->quiesce) |
| 6990 | return -ENXIO; | |
| 05589553 | 6991 | |
| 8bad28d8 | 6992 | data->quiesce = true; |
| 1ffc5422 | 6993 | do { |
| f2303b1f PB |
6994 | ret = -ENOMEM; |
| 6995 | backup_node = alloc_fixed_rsrc_ref_node(ctx); | |
| 6996 | if (!backup_node) | |
| 6997 | break; | |
| 6998 | backup_node->rsrc_data = data; | |
| 6999 | backup_node->rsrc_put = rsrc_put; | |
| 7000 | ||
| 8bad28d8 HX |
7001 | io_sqe_rsrc_kill_node(ctx, data); |
| 7002 | percpu_ref_kill(&data->refs); | |
| 7003 | flush_delayed_work(&ctx->rsrc_put_work); | |
| 7004 | ||
| 1ffc5422 PB |
7005 | ret = wait_for_completion_interruptible(&data->done); |
| 7006 | if (!ret) | |
| 7007 | break; | |
| 8bad28d8 | 7008 | |
| cb5e1b81 | 7009 | percpu_ref_resurrect(&data->refs); |
| 8bad28d8 HX |
7010 | io_sqe_rsrc_set_node(ctx, data, backup_node); |
| 7011 | backup_node = NULL; | |
| cb5e1b81 | 7012 | reinit_completion(&data->done); |
| 8bad28d8 | 7013 | mutex_unlock(&ctx->uring_lock); |
| 1ffc5422 | 7014 | ret = io_run_task_work_sig(); |
| 8bad28d8 | 7015 | mutex_lock(&ctx->uring_lock); |
| f2303b1f | 7016 | } while (ret >= 0); |
| 8bad28d8 | 7017 | data->quiesce = false; |
| 05f3fb3c | 7018 | |
| 8bad28d8 HX |
7019 | if (backup_node) |
| 7020 | destroy_fixed_rsrc_ref_node(backup_node); | |
| 7021 | return ret; | |
| d7954b2b BM |
7022 | } |
| 7023 | ||
| 1ad555c6 BM |
7024 | static struct fixed_rsrc_data *alloc_fixed_rsrc_data(struct io_ring_ctx *ctx) |
| 7025 | { | |
| 7026 | struct fixed_rsrc_data *data; | |
| 7027 | ||
| 7028 | data = kzalloc(sizeof(*data), GFP_KERNEL); | |
| 7029 | if (!data) | |
| 7030 | return NULL; | |
| 7031 | ||
| 00835dce | 7032 | if (percpu_ref_init(&data->refs, io_rsrc_data_ref_zero, |
| 1ad555c6 BM |
7033 | PERCPU_REF_ALLOW_REINIT, GFP_KERNEL)) { |
| 7034 | kfree(data); | |
| 7035 | return NULL; | |
| 7036 | } | |
| 7037 | data->ctx = ctx; | |
| 7038 | init_completion(&data->done); | |
| 7039 | return data; | |
| 7040 | } | |
| 7041 | ||
| 7042 | static void free_fixed_rsrc_data(struct fixed_rsrc_data *data) | |
| 7043 | { | |
| 7044 | percpu_ref_exit(&data->refs); | |
| 7045 | kfree(data->table); | |
| 7046 | kfree(data); | |
| 7047 | } | |
| 7048 | ||
| d7954b2b BM |
7049 | static int io_sqe_files_unregister(struct io_ring_ctx *ctx) |
| 7050 | { | |
| 7051 | struct fixed_rsrc_data *data = ctx->file_data; | |
| d7954b2b BM |
7052 | unsigned nr_tables, i; |
| 7053 | int ret; | |
| 7054 | ||
| 8bad28d8 HX |
7055 | /* |
| 7056 | * percpu_ref_is_dying() is to stop parallel files unregister | |
| 7057 | * Since we possibly drop uring lock later in this function to | |
| 7058 | * run task work. | |
| 7059 | */ | |
| 7060 | if (!data || percpu_ref_is_dying(&data->refs)) | |
| d7954b2b | 7061 | return -ENXIO; |
| f2303b1f | 7062 | ret = io_rsrc_ref_quiesce(data, ctx, io_ring_file_put); |
| d7954b2b BM |
7063 | if (ret) |
| 7064 | return ret; | |
| 7065 | ||
| 6b06314c | 7066 | __io_sqe_files_unregister(ctx); |
| 65e19f54 JA |
7067 | nr_tables = DIV_ROUND_UP(ctx->nr_user_files, IORING_MAX_FILES_TABLE); |
| 7068 | for (i = 0; i < nr_tables; i++) | |
| 05f3fb3c | 7069 | kfree(data->table[i].files); |
| 1ad555c6 | 7070 | free_fixed_rsrc_data(data); |
| 05f3fb3c | 7071 | ctx->file_data = NULL; |
| 6b06314c JA |
7072 | ctx->nr_user_files = 0; |
| 7073 | return 0; | |
| 7074 | } | |
| 7075 | ||
| 37d1e2e3 JA |
7076 | static void io_sq_thread_unpark(struct io_sq_data *sqd) |
| 7077 | __releases(&sqd->lock) | |
| 7078 | { | |
| 37d1e2e3 JA |
7079 | if (sqd->thread == current) |
| 7080 | return; | |
| 7081 | clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); | |
| 86e0d676 JA |
7082 | if (sqd->thread) |
| 7083 | wake_up_state(sqd->thread, TASK_PARKED); | |
| 37d1e2e3 JA |
7084 | mutex_unlock(&sqd->lock); |
| 7085 | } | |
| 7086 | ||
| 86e0d676 | 7087 | static void io_sq_thread_park(struct io_sq_data *sqd) |
| 37d1e2e3 JA |
7088 | __acquires(&sqd->lock) |
| 7089 | { | |
| 7090 | if (sqd->thread == current) | |
| 86e0d676 JA |
7091 | return; |
| 7092 | set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); | |
| 37d1e2e3 | 7093 | mutex_lock(&sqd->lock); |
| 86e0d676 JA |
7094 | if (sqd->thread) { |
| 7095 | wake_up_process(sqd->thread); | |
| 7096 | wait_for_completion(&sqd->parked); | |
| 37d1e2e3 | 7097 | } |
| 37d1e2e3 JA |
7098 | } |
| 7099 | ||
| 7100 | static void io_sq_thread_stop(struct io_sq_data *sqd) | |
| 7101 | { | |
| e54945ae | 7102 | if (test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state)) |
| 37d1e2e3 | 7103 | return; |
| e54945ae JA |
7104 | mutex_lock(&sqd->lock); |
| 7105 | if (sqd->thread) { | |
| 7106 | set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); | |
| 7107 | WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state)); | |
| 7108 | wake_up_process(sqd->thread); | |
| 7109 | mutex_unlock(&sqd->lock); | |
| 7110 | wait_for_completion(&sqd->exited); | |
| 7111 | WARN_ON_ONCE(sqd->thread); | |
| 7112 | } else { | |
| 7113 | mutex_unlock(&sqd->lock); | |
| 7114 | } | |
| 37d1e2e3 JA |
7115 | } |
| 7116 | ||
| 534ca6d6 | 7117 | static void io_put_sq_data(struct io_sq_data *sqd) |
| 6c271ce2 | 7118 | { |
| 534ca6d6 | 7119 | if (refcount_dec_and_test(&sqd->refs)) { |
| 37d1e2e3 JA |
7120 | io_sq_thread_stop(sqd); |
| 7121 | kfree(sqd); | |
| 7122 | } | |
| 7123 | } | |
| 7124 | ||
| 7125 | static void io_sq_thread_finish(struct io_ring_ctx *ctx) | |
| 7126 | { | |
| 7127 | struct io_sq_data *sqd = ctx->sq_data; | |
| 7128 | ||
| 7129 | if (sqd) { | |
| eb85890b | 7130 | complete(&sqd->startup); |
| 534ca6d6 | 7131 | if (sqd->thread) { |
| 37d1e2e3 JA |
7132 | wait_for_completion(&ctx->sq_thread_comp); |
| 7133 | io_sq_thread_park(sqd); | |
| 534ca6d6 JA |
7134 | } |
| 7135 | ||
| 37d1e2e3 JA |
7136 | mutex_lock(&sqd->ctx_lock); |
| 7137 | list_del(&ctx->sqd_list); | |
| 7138 | io_sqd_update_thread_idle(sqd); | |
| 7139 | mutex_unlock(&sqd->ctx_lock); | |
| 7140 | ||
| 7141 | if (sqd->thread) | |
| 7142 | io_sq_thread_unpark(sqd); | |
| 7143 | ||
| 7144 | io_put_sq_data(sqd); | |
| 7145 | ctx->sq_data = NULL; | |
| 534ca6d6 JA |
7146 | } |
| 7147 | } | |
| 7148 | ||
| aa06165d JA |
7149 | static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p) |
| 7150 | { | |
| 7151 | struct io_ring_ctx *ctx_attach; | |
| 7152 | struct io_sq_data *sqd; | |
| 7153 | struct fd f; | |
| 7154 | ||
| 7155 | f = fdget(p->wq_fd); | |
| 7156 | if (!f.file) | |
| 7157 | return ERR_PTR(-ENXIO); | |
| 7158 | if (f.file->f_op != &io_uring_fops) { | |
| 7159 | fdput(f); | |
| 7160 | return ERR_PTR(-EINVAL); | |
| 7161 | } | |
| 7162 | ||
| 7163 | ctx_attach = f.file->private_data; | |
| 7164 | sqd = ctx_attach->sq_data; | |
| 7165 | if (!sqd) { | |
| 7166 | fdput(f); | |
| 7167 | return ERR_PTR(-EINVAL); | |
| 7168 | } | |
| 7169 | ||
| 7170 | refcount_inc(&sqd->refs); | |
| 7171 | fdput(f); | |
| 7172 | return sqd; | |
| 7173 | } | |
| 7174 | ||
| 534ca6d6 JA |
7175 | static struct io_sq_data *io_get_sq_data(struct io_uring_params *p) |
| 7176 | { | |
| 7177 | struct io_sq_data *sqd; | |
| 7178 | ||
| aa06165d JA |
7179 | if (p->flags & IORING_SETUP_ATTACH_WQ) |
| 7180 | return io_attach_sq_data(p); | |
| 7181 | ||
| 534ca6d6 JA |
7182 | sqd = kzalloc(sizeof(*sqd), GFP_KERNEL); |
| 7183 | if (!sqd) | |
| 7184 | return ERR_PTR(-ENOMEM); | |
| 7185 | ||
| 7186 | refcount_set(&sqd->refs, 1); | |
| 69fb2131 JA |
7187 | INIT_LIST_HEAD(&sqd->ctx_list); |
| 7188 | INIT_LIST_HEAD(&sqd->ctx_new_list); | |
| 7189 | mutex_init(&sqd->ctx_lock); | |
| 7190 | mutex_init(&sqd->lock); | |
| 534ca6d6 | 7191 | init_waitqueue_head(&sqd->wait); |
| 37d1e2e3 | 7192 | init_completion(&sqd->startup); |
| 86e0d676 | 7193 | init_completion(&sqd->parked); |
| 37d1e2e3 | 7194 | init_completion(&sqd->exited); |
| 534ca6d6 JA |
7195 | return sqd; |
| 7196 | } | |
| 7197 | ||
| 6b06314c | 7198 | #if defined(CONFIG_UNIX) |
| 6b06314c JA |
7199 | /* |
| 7200 | * Ensure the UNIX gc is aware of our file set, so we are certain that | |
| 7201 | * the io_uring can be safely unregistered on process exit, even if we have | |
| 7202 | * loops in the file referencing. | |
| 7203 | */ | |
| 7204 | static int __io_sqe_files_scm(struct io_ring_ctx *ctx, int nr, int offset) | |
| 7205 | { | |
| 7206 | struct sock *sk = ctx->ring_sock->sk; | |
| 7207 | struct scm_fp_list *fpl; | |
| 7208 | struct sk_buff *skb; | |
| 08a45173 | 7209 | int i, nr_files; |
| 6b06314c | 7210 | |
| 6b06314c JA |
7211 | fpl = kzalloc(sizeof(*fpl), GFP_KERNEL); |
| 7212 | if (!fpl) | |
| 7213 | return -ENOMEM; | |
| 7214 | ||
| 7215 | skb = alloc_skb(0, GFP_KERNEL); | |
| 7216 | if (!skb) { | |
| 7217 | kfree(fpl); | |
| 7218 | return -ENOMEM; | |
| 7219 | } | |
| 7220 | ||
| 7221 | skb->sk = sk; | |
| 6b06314c | 7222 | |
| 08a45173 | 7223 | nr_files = 0; |
| 62e398be | 7224 | fpl->user = get_uid(current_user()); |
| 6b06314c | 7225 | for (i = 0; i < nr; i++) { |
| 65e19f54 JA |
7226 | struct file *file = io_file_from_index(ctx, i + offset); |
| 7227 | ||
| 7228 | if (!file) | |
| 08a45173 | 7229 | continue; |
| 65e19f54 | 7230 | fpl->fp[nr_files] = get_file(file); |
| 08a45173 JA |
7231 | unix_inflight(fpl->user, fpl->fp[nr_files]); |
| 7232 | nr_files++; | |
| 6b06314c JA |
7233 | } |
| 7234 | ||
| 08a45173 JA |
7235 | if (nr_files) { |
| 7236 | fpl->max = SCM_MAX_FD; | |
| 7237 | fpl->count = nr_files; | |
| 7238 | UNIXCB(skb).fp = fpl; | |
| 05f3fb3c | 7239 | skb->destructor = unix_destruct_scm; |
| 08a45173 JA |
7240 | refcount_add(skb->truesize, &sk->sk_wmem_alloc); |
| 7241 | skb_queue_head(&sk->sk_receive_queue, skb); | |
| 6b06314c | 7242 | |
| 08a45173 JA |
7243 | for (i = 0; i < nr_files; i++) |
| 7244 | fput(fpl->fp[i]); | |
| 7245 | } else { | |
| 7246 | kfree_skb(skb); | |
| 7247 | kfree(fpl); | |
| 7248 | } | |
| 6b06314c JA |
7249 | |
| 7250 | return 0; | |
| 7251 | } | |
| 7252 | ||
| 7253 | /* | |
| 7254 | * If UNIX sockets are enabled, fd passing can cause a reference cycle which | |
| 7255 | * causes regular reference counting to break down. We rely on the UNIX | |
| 7256 | * garbage collection to take care of this problem for us. | |
| 7257 | */ | |
| 7258 | static int io_sqe_files_scm(struct io_ring_ctx *ctx) | |
| 7259 | { | |
| 7260 | unsigned left, total; | |
| 7261 | int ret = 0; | |
| 7262 | ||
| 7263 | total = 0; | |
| 7264 | left = ctx->nr_user_files; | |
| 7265 | while (left) { | |
| 7266 | unsigned this_files = min_t(unsigned, left, SCM_MAX_FD); | |
| 6b06314c JA |
7267 | |
| 7268 | ret = __io_sqe_files_scm(ctx, this_files, total); | |
| 7269 | if (ret) | |
| 7270 | break; | |
| 7271 | left -= this_files; | |
| 7272 | total += this_files; | |
| 7273 | } | |
| 7274 | ||
| 7275 | if (!ret) | |
| 7276 | return 0; | |
| 7277 | ||
| 7278 | while (total < ctx->nr_user_files) { | |
| 65e19f54 JA |
7279 | struct file *file = io_file_from_index(ctx, total); |
| 7280 | ||
| 7281 | if (file) | |
| 7282 | fput(file); | |
| 6b06314c JA |
7283 | total++; |
| 7284 | } | |
| 7285 | ||
| 7286 | return ret; | |
| 7287 | } | |
| 7288 | #else | |
| 7289 | static int io_sqe_files_scm(struct io_ring_ctx *ctx) | |
| 7290 | { | |
| 7291 | return 0; | |
| 7292 | } | |
| 7293 | #endif | |
| 7294 | ||
| 269bbe5f | 7295 | static int io_sqe_alloc_file_tables(struct fixed_rsrc_data *file_data, |
| 5398ae69 | 7296 | unsigned nr_tables, unsigned nr_files) |
| 65e19f54 JA |
7297 | { |
| 7298 | int i; | |
| 7299 | ||
| 7300 | for (i = 0; i < nr_tables; i++) { | |
| 269bbe5f | 7301 | struct fixed_rsrc_table *table = &file_data->table[i]; |
| 65e19f54 JA |
7302 | unsigned this_files; |
| 7303 | ||
| 7304 | this_files = min(nr_files, IORING_MAX_FILES_TABLE); | |
| 7305 | table->files = kcalloc(this_files, sizeof(struct file *), | |
| 7306 | GFP_KERNEL); | |
| 7307 | if (!table->files) | |
| 7308 | break; | |
| 7309 | nr_files -= this_files; | |
| 7310 | } | |
| 7311 | ||
| 7312 | if (i == nr_tables) | |
| 7313 | return 0; | |
| 7314 | ||
| 7315 | for (i = 0; i < nr_tables; i++) { | |
| 269bbe5f | 7316 | struct fixed_rsrc_table *table = &file_data->table[i]; |
| 65e19f54 JA |
7317 | kfree(table->files); |
| 7318 | } | |
| 7319 | return 1; | |
| 7320 | } | |
| 7321 | ||
| 50238531 | 7322 | static void io_ring_file_put(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc) |
| 05f3fb3c | 7323 | { |
| 50238531 | 7324 | struct file *file = prsrc->file; |
| 05f3fb3c JA |
7325 | #if defined(CONFIG_UNIX) |
| 7326 | struct sock *sock = ctx->ring_sock->sk; | |
| 7327 | struct sk_buff_head list, *head = &sock->sk_receive_queue; | |
| 7328 | struct sk_buff *skb; | |
| 7329 | int i; | |
| 7330 | ||
| 7331 | __skb_queue_head_init(&list); | |
| 7332 | ||
| 7333 | /* | |
| 7334 | * Find the skb that holds this file in its SCM_RIGHTS. When found, | |
| 7335 | * remove this entry and rearrange the file array. | |
| 7336 | */ | |
| 7337 | skb = skb_dequeue(head); | |
| 7338 | while (skb) { | |
| 7339 | struct scm_fp_list *fp; | |
| 7340 | ||
| 7341 | fp = UNIXCB(skb).fp; | |
| 7342 | for (i = 0; i < fp->count; i++) { | |
| 7343 | int left; | |
| 7344 | ||
| 7345 | if (fp->fp[i] != file) | |
| 7346 | continue; | |
| 7347 | ||
| 7348 | unix_notinflight(fp->user, fp->fp[i]); | |
| 7349 | left = fp->count - 1 - i; | |
| 7350 | if (left) { | |
| 7351 | memmove(&fp->fp[i], &fp->fp[i + 1], | |
| 7352 | left * sizeof(struct file *)); | |
| 7353 | } | |
| 7354 | fp->count--; | |
| 7355 | if (!fp->count) { | |
| 7356 | kfree_skb(skb); | |
| 7357 | skb = NULL; | |
| 7358 | } else { | |
| 7359 | __skb_queue_tail(&list, skb); | |
| 7360 | } | |
| 7361 | fput(file); | |
| 7362 | file = NULL; | |
| 7363 | break; | |
| 7364 | } | |
| 7365 | ||
| 7366 | if (!file) | |
| 7367 | break; | |
| 7368 | ||
| 7369 | __skb_queue_tail(&list, skb); | |
| 7370 | ||
| 7371 | skb = skb_dequeue(head); | |
| 7372 | } | |
| 7373 | ||
| 7374 | if (skb_peek(&list)) { | |
| 7375 | spin_lock_irq(&head->lock); | |
| 7376 | while ((skb = __skb_dequeue(&list)) != NULL) | |
| 7377 | __skb_queue_tail(head, skb); | |
| 7378 | spin_unlock_irq(&head->lock); | |
| 7379 | } | |
| 7380 | #else | |
| 7381 | fput(file); | |
| 7382 | #endif | |
| 7383 | } | |
| 7384 | ||
| 269bbe5f | 7385 | static void __io_rsrc_put_work(struct fixed_rsrc_ref_node *ref_node) |
| 65e19f54 | 7386 | { |
| 269bbe5f BM |
7387 | struct fixed_rsrc_data *rsrc_data = ref_node->rsrc_data; |
| 7388 | struct io_ring_ctx *ctx = rsrc_data->ctx; | |
| 7389 | struct io_rsrc_put *prsrc, *tmp; | |
| 05589553 | 7390 | |
| 269bbe5f BM |
7391 | list_for_each_entry_safe(prsrc, tmp, &ref_node->rsrc_list, list) { |
| 7392 | list_del(&prsrc->list); | |
| 50238531 | 7393 | ref_node->rsrc_put(ctx, prsrc); |
| 269bbe5f | 7394 | kfree(prsrc); |
| 65e19f54 | 7395 | } |
| 05589553 | 7396 | |
| 05589553 XW |
7397 | percpu_ref_exit(&ref_node->refs); |
| 7398 | kfree(ref_node); | |
| 269bbe5f | 7399 | percpu_ref_put(&rsrc_data->refs); |
| 2faf852d | 7400 | } |
| 65e19f54 | 7401 | |
| 269bbe5f | 7402 | static void io_rsrc_put_work(struct work_struct *work) |
| 4a38aed2 JA |
7403 | { |
| 7404 | struct io_ring_ctx *ctx; | |
| 7405 | struct llist_node *node; | |
| 7406 | ||
| 269bbe5f BM |
7407 | ctx = container_of(work, struct io_ring_ctx, rsrc_put_work.work); |
| 7408 | node = llist_del_all(&ctx->rsrc_put_llist); | |
| 4a38aed2 JA |
7409 | |
| 7410 | while (node) { | |
| 269bbe5f | 7411 | struct fixed_rsrc_ref_node *ref_node; |
| 4a38aed2 JA |
7412 | struct llist_node *next = node->next; |
| 7413 | ||
| 269bbe5f BM |
7414 | ref_node = llist_entry(node, struct fixed_rsrc_ref_node, llist); |
| 7415 | __io_rsrc_put_work(ref_node); | |
| 4a38aed2 JA |
7416 | node = next; |
| 7417 | } | |
| 7418 | } | |
| 7419 | ||
| ea64ec02 PB |
7420 | static struct file **io_fixed_file_slot(struct fixed_rsrc_data *file_data, |
| 7421 | unsigned i) | |
| 2faf852d | 7422 | { |
| ea64ec02 PB |
7423 | struct fixed_rsrc_table *table; |
| 7424 | ||
| 7425 | table = &file_data->table[i >> IORING_FILE_TABLE_SHIFT]; | |
| 7426 | return &table->files[i & IORING_FILE_TABLE_MASK]; | |
| 7427 | } | |
| 7428 | ||
| 00835dce | 7429 | static void io_rsrc_node_ref_zero(struct percpu_ref *ref) |
| 2faf852d | 7430 | { |
| 269bbe5f BM |
7431 | struct fixed_rsrc_ref_node *ref_node; |
| 7432 | struct fixed_rsrc_data *data; | |
| 4a38aed2 | 7433 | struct io_ring_ctx *ctx; |
| e297822b | 7434 | bool first_add = false; |
| 4a38aed2 | 7435 | int delay = HZ; |
| 65e19f54 | 7436 | |
| 269bbe5f BM |
7437 | ref_node = container_of(ref, struct fixed_rsrc_ref_node, refs); |
| 7438 | data = ref_node->rsrc_data; | |
| e297822b PB |
7439 | ctx = data->ctx; |
| 7440 | ||
| 2a63b2d9 | 7441 | io_rsrc_ref_lock(ctx); |
| e297822b PB |
7442 | ref_node->done = true; |
| 7443 | ||
| d67d2263 BM |
7444 | while (!list_empty(&ctx->rsrc_ref_list)) { |
| 7445 | ref_node = list_first_entry(&ctx->rsrc_ref_list, | |
| 269bbe5f | 7446 | struct fixed_rsrc_ref_node, node); |
| e297822b PB |
7447 | /* recycle ref nodes in order */ |
| 7448 | if (!ref_node->done) | |
| 7449 | break; | |
| 7450 | list_del(&ref_node->node); | |
| 269bbe5f | 7451 | first_add |= llist_add(&ref_node->llist, &ctx->rsrc_put_llist); |
| e297822b | 7452 | } |
| 2a63b2d9 | 7453 | io_rsrc_ref_unlock(ctx); |
| 05589553 | 7454 | |
| e297822b | 7455 | if (percpu_ref_is_dying(&data->refs)) |
| 4a38aed2 | 7456 | delay = 0; |
| 05589553 | 7457 | |
| 4a38aed2 | 7458 | if (!delay) |
| 269bbe5f | 7459 | mod_delayed_work(system_wq, &ctx->rsrc_put_work, 0); |
| 4a38aed2 | 7460 | else if (first_add) |
| 269bbe5f | 7461 | queue_delayed_work(system_wq, &ctx->rsrc_put_work, delay); |
| 05f3fb3c | 7462 | } |
| 65e19f54 | 7463 | |
| 6802535d | 7464 | static struct fixed_rsrc_ref_node *alloc_fixed_rsrc_ref_node( |
| 05589553 | 7465 | struct io_ring_ctx *ctx) |
| 05f3fb3c | 7466 | { |
| 269bbe5f | 7467 | struct fixed_rsrc_ref_node *ref_node; |
| 05f3fb3c | 7468 | |
| 05589553 XW |
7469 | ref_node = kzalloc(sizeof(*ref_node), GFP_KERNEL); |
| 7470 | if (!ref_node) | |
| 3e2224c5 | 7471 | return NULL; |
| 05f3fb3c | 7472 | |
| 00835dce | 7473 | if (percpu_ref_init(&ref_node->refs, io_rsrc_node_ref_zero, |
| 05589553 XW |
7474 | 0, GFP_KERNEL)) { |
| 7475 | kfree(ref_node); | |
| 3e2224c5 | 7476 | return NULL; |
| 05589553 XW |
7477 | } |
| 7478 | INIT_LIST_HEAD(&ref_node->node); | |
| 269bbe5f | 7479 | INIT_LIST_HEAD(&ref_node->rsrc_list); |
| e297822b | 7480 | ref_node->done = false; |
| 05589553 | 7481 | return ref_node; |
| 05589553 XW |
7482 | } |
| 7483 | ||
| bc9744cd PB |
7484 | static void init_fixed_file_ref_node(struct io_ring_ctx *ctx, |
| 7485 | struct fixed_rsrc_ref_node *ref_node) | |
| 6802535d | 7486 | { |
| 269bbe5f | 7487 | ref_node->rsrc_data = ctx->file_data; |
| 50238531 | 7488 | ref_node->rsrc_put = io_ring_file_put; |
| 05589553 XW |
7489 | } |
| 7490 | ||
| 269bbe5f | 7491 | static void destroy_fixed_rsrc_ref_node(struct fixed_rsrc_ref_node *ref_node) |
| 05589553 XW |
7492 | { |
| 7493 | percpu_ref_exit(&ref_node->refs); | |
| 7494 | kfree(ref_node); | |
| 65e19f54 JA |
7495 | } |
| 7496 | ||
| ea64ec02 | 7497 | |
| 6b06314c JA |
7498 | static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg, |
| 7499 | unsigned nr_args) | |
| 7500 | { | |
| 7501 | __s32 __user *fds = (__s32 __user *) arg; | |
| 600cf3f8 | 7502 | unsigned nr_tables, i; |
| 05f3fb3c | 7503 | struct file *file; |
| 600cf3f8 | 7504 | int fd, ret = -ENOMEM; |
| 269bbe5f BM |
7505 | struct fixed_rsrc_ref_node *ref_node; |
| 7506 | struct fixed_rsrc_data *file_data; | |
| 6b06314c | 7507 | |
| 05f3fb3c | 7508 | if (ctx->file_data) |
| 6b06314c JA |
7509 | return -EBUSY; |
| 7510 | if (!nr_args) | |
| 7511 | return -EINVAL; | |
| 7512 | if (nr_args > IORING_MAX_FIXED_FILES) | |
| 7513 | return -EMFILE; | |
| 7514 | ||
| 1ad555c6 | 7515 | file_data = alloc_fixed_rsrc_data(ctx); |
| 5398ae69 | 7516 | if (!file_data) |
| 05f3fb3c | 7517 | return -ENOMEM; |
| 13770a71 | 7518 | ctx->file_data = file_data; |
| 05f3fb3c | 7519 | |
| 65e19f54 | 7520 | nr_tables = DIV_ROUND_UP(nr_args, IORING_MAX_FILES_TABLE); |
| 035fbafc | 7521 | file_data->table = kcalloc(nr_tables, sizeof(*file_data->table), |
| 5398ae69 | 7522 | GFP_KERNEL); |
| 600cf3f8 PB |
7523 | if (!file_data->table) |
| 7524 | goto out_free; | |
| 05f3fb3c | 7525 | |
| 600cf3f8 | 7526 | if (io_sqe_alloc_file_tables(file_data, nr_tables, nr_args)) |
| 1ad555c6 | 7527 | goto out_free; |
| 65e19f54 | 7528 | |
| 08a45173 | 7529 | for (i = 0; i < nr_args; i++, ctx->nr_user_files++) { |
| 600cf3f8 PB |
7530 | if (copy_from_user(&fd, &fds[i], sizeof(fd))) { |
| 7531 | ret = -EFAULT; | |
| 7532 | goto out_fput; | |
| 7533 | } | |
| 08a45173 | 7534 | /* allow sparse sets */ |
| 600cf3f8 | 7535 | if (fd == -1) |
| 08a45173 | 7536 | continue; |
| 6b06314c | 7537 | |
| 05f3fb3c | 7538 | file = fget(fd); |
| 6b06314c | 7539 | ret = -EBADF; |
| 05f3fb3c | 7540 | if (!file) |
| 600cf3f8 | 7541 | goto out_fput; |
| 05f3fb3c | 7542 | |
| 6b06314c JA |
7543 | /* |
| 7544 | * Don't allow io_uring instances to be registered. If UNIX | |
| 7545 | * isn't enabled, then this causes a reference cycle and this | |
| 7546 | * instance can never get freed. If UNIX is enabled we'll | |
| 7547 | * handle it just fine, but there's still no point in allowing | |
| 7548 | * a ring fd as it doesn't support regular read/write anyway. | |
| 7549 | */ | |
| 05f3fb3c JA |
7550 | if (file->f_op == &io_uring_fops) { |
| 7551 | fput(file); | |
| 600cf3f8 | 7552 | goto out_fput; |
| 6b06314c | 7553 | } |
| ea64ec02 | 7554 | *io_fixed_file_slot(file_data, i) = file; |
| 6b06314c JA |
7555 | } |
| 7556 | ||
| 6b06314c | 7557 | ret = io_sqe_files_scm(ctx); |
| 05589553 | 7558 | if (ret) { |
| 6b06314c | 7559 | io_sqe_files_unregister(ctx); |
| 05589553 XW |
7560 | return ret; |
| 7561 | } | |
| 6b06314c | 7562 | |
| bc9744cd | 7563 | ref_node = alloc_fixed_rsrc_ref_node(ctx); |
| 3e2224c5 | 7564 | if (!ref_node) { |
| 05589553 | 7565 | io_sqe_files_unregister(ctx); |
| 3e2224c5 | 7566 | return -ENOMEM; |
| 05589553 | 7567 | } |
| bc9744cd | 7568 | init_fixed_file_ref_node(ctx, ref_node); |
| 05589553 | 7569 | |
| d67d2263 | 7570 | io_sqe_rsrc_set_node(ctx, file_data, ref_node); |
| 6b06314c | 7571 | return ret; |
| 600cf3f8 PB |
7572 | out_fput: |
| 7573 | for (i = 0; i < ctx->nr_user_files; i++) { | |
| 7574 | file = io_file_from_index(ctx, i); | |
| 7575 | if (file) | |
| 7576 | fput(file); | |
| 7577 | } | |
| 7578 | for (i = 0; i < nr_tables; i++) | |
| 7579 | kfree(file_data->table[i].files); | |
| 7580 | ctx->nr_user_files = 0; | |
| 600cf3f8 | 7581 | out_free: |
| 1ad555c6 | 7582 | free_fixed_rsrc_data(ctx->file_data); |
| 55cbc256 | 7583 | ctx->file_data = NULL; |
| 6b06314c JA |
7584 | return ret; |
| 7585 | } | |
| 7586 | ||
| c3a31e60 JA |
7587 | static int io_sqe_file_register(struct io_ring_ctx *ctx, struct file *file, |
| 7588 | int index) | |
| 7589 | { | |
| 7590 | #if defined(CONFIG_UNIX) | |
| 7591 | struct sock *sock = ctx->ring_sock->sk; | |
| 7592 | struct sk_buff_head *head = &sock->sk_receive_queue; | |
| 7593 | struct sk_buff *skb; | |
| 7594 | ||
| 7595 | /* | |
| 7596 | * See if we can merge this file into an existing skb SCM_RIGHTS | |
| 7597 | * file set. If there's no room, fall back to allocating a new skb | |
| 7598 | * and filling it in. | |
| 7599 | */ | |
| 7600 | spin_lock_irq(&head->lock); | |
| 7601 | skb = skb_peek(head); | |
| 7602 | if (skb) { | |
| 7603 | struct scm_fp_list *fpl = UNIXCB(skb).fp; | |
| 7604 | ||
| 7605 | if (fpl->count < SCM_MAX_FD) { | |
| 7606 | __skb_unlink(skb, head); | |
| 7607 | spin_unlock_irq(&head->lock); | |
| 7608 | fpl->fp[fpl->count] = get_file(file); | |
| 7609 | unix_inflight(fpl->user, fpl->fp[fpl->count]); | |
| 7610 | fpl->count++; | |
| 7611 | spin_lock_irq(&head->lock); | |
| 7612 | __skb_queue_head(head, skb); | |
| 7613 | } else { | |
| 7614 | skb = NULL; | |
| 7615 | } | |
| 7616 | } | |
| 7617 | spin_unlock_irq(&head->lock); | |
| 7618 | ||
| 7619 | if (skb) { | |
| 7620 | fput(file); | |
| 7621 | return 0; | |
| 7622 | } | |
| 7623 | ||
| 7624 | return __io_sqe_files_scm(ctx, 1, index); | |
| 7625 | #else | |
| 7626 | return 0; | |
| 7627 | #endif | |
| 7628 | } | |
| 7629 | ||
| 50238531 | 7630 | static int io_queue_rsrc_removal(struct fixed_rsrc_data *data, void *rsrc) |
| 05f3fb3c | 7631 | { |
| 269bbe5f BM |
7632 | struct io_rsrc_put *prsrc; |
| 7633 | struct fixed_rsrc_ref_node *ref_node = data->node; | |
| 05f3fb3c | 7634 | |
| 269bbe5f BM |
7635 | prsrc = kzalloc(sizeof(*prsrc), GFP_KERNEL); |
| 7636 | if (!prsrc) | |
| a5318d3c | 7637 | return -ENOMEM; |
| 05f3fb3c | 7638 | |
| 50238531 | 7639 | prsrc->rsrc = rsrc; |
| 269bbe5f | 7640 | list_add(&prsrc->list, &ref_node->rsrc_list); |
| 05589553 | 7641 | |
| a5318d3c | 7642 | return 0; |
| 05f3fb3c JA |
7643 | } |
| 7644 | ||
| 269bbe5f BM |
7645 | static inline int io_queue_file_removal(struct fixed_rsrc_data *data, |
| 7646 | struct file *file) | |
| 7647 | { | |
| 50238531 | 7648 | return io_queue_rsrc_removal(data, (void *)file); |
| 269bbe5f BM |
7649 | } |
| 7650 | ||
| 05f3fb3c | 7651 | static int __io_sqe_files_update(struct io_ring_ctx *ctx, |
| 269bbe5f | 7652 | struct io_uring_rsrc_update *up, |
| 05f3fb3c JA |
7653 | unsigned nr_args) |
| 7654 | { | |
| 269bbe5f BM |
7655 | struct fixed_rsrc_data *data = ctx->file_data; |
| 7656 | struct fixed_rsrc_ref_node *ref_node; | |
| ea64ec02 | 7657 | struct file *file, **file_slot; |
| c3a31e60 JA |
7658 | __s32 __user *fds; |
| 7659 | int fd, i, err; | |
| 7660 | __u32 done; | |
| 05589553 | 7661 | bool needs_switch = false; |
| c3a31e60 | 7662 | |
| 05f3fb3c | 7663 | if (check_add_overflow(up->offset, nr_args, &done)) |
| c3a31e60 JA |
7664 | return -EOVERFLOW; |
| 7665 | if (done > ctx->nr_user_files) | |
| 7666 | return -EINVAL; | |
| 7667 | ||
| bc9744cd | 7668 | ref_node = alloc_fixed_rsrc_ref_node(ctx); |
| 3e2224c5 MWO |
7669 | if (!ref_node) |
| 7670 | return -ENOMEM; | |
| bc9744cd | 7671 | init_fixed_file_ref_node(ctx, ref_node); |
| 05589553 | 7672 | |
| 269bbe5f | 7673 | fds = u64_to_user_ptr(up->data); |
| 67973b93 | 7674 | for (done = 0; done < nr_args; done++) { |
| c3a31e60 JA |
7675 | err = 0; |
| 7676 | if (copy_from_user(&fd, &fds[done], sizeof(fd))) { | |
| 7677 | err = -EFAULT; | |
| 7678 | break; | |
| 7679 | } | |
| 4e0377a1 | 7680 | if (fd == IORING_REGISTER_FILES_SKIP) |
| 7681 | continue; | |
| 7682 | ||
| 67973b93 | 7683 | i = array_index_nospec(up->offset + done, ctx->nr_user_files); |
| ea64ec02 PB |
7684 | file_slot = io_fixed_file_slot(ctx->file_data, i); |
| 7685 | ||
| 7686 | if (*file_slot) { | |
| 7687 | err = io_queue_file_removal(data, *file_slot); | |
| a5318d3c HD |
7688 | if (err) |
| 7689 | break; | |
| ea64ec02 | 7690 | *file_slot = NULL; |
| 05589553 | 7691 | needs_switch = true; |
| c3a31e60 JA |
7692 | } |
| 7693 | if (fd != -1) { | |
| c3a31e60 JA |
7694 | file = fget(fd); |
| 7695 | if (!file) { | |
| 7696 | err = -EBADF; | |
| 7697 | break; | |
| 7698 | } | |
| 7699 | /* | |
| 7700 | * Don't allow io_uring instances to be registered. If | |
| 7701 | * UNIX isn't enabled, then this causes a reference | |
| 7702 | * cycle and this instance can never get freed. If UNIX | |
| 7703 | * is enabled we'll handle it just fine, but there's | |
| 7704 | * still no point in allowing a ring fd as it doesn't | |
| 7705 | * support regular read/write anyway. | |
| 7706 | */ | |
| 7707 | if (file->f_op == &io_uring_fops) { | |
| 7708 | fput(file); | |
| 7709 | err = -EBADF; | |
| 7710 | break; | |
| 7711 | } | |
| e68a3ff8 | 7712 | *file_slot = file; |
| c3a31e60 | 7713 | err = io_sqe_file_register(ctx, file, i); |
| f3bd9dae | 7714 | if (err) { |
| e68a3ff8 | 7715 | *file_slot = NULL; |
| f3bd9dae | 7716 | fput(file); |
| c3a31e60 | 7717 | break; |
| f3bd9dae | 7718 | } |
| c3a31e60 | 7719 | } |
| 05f3fb3c JA |
7720 | } |
| 7721 | ||
| 05589553 | 7722 | if (needs_switch) { |
| b2e96852 | 7723 | percpu_ref_kill(&data->node->refs); |
| d67d2263 | 7724 | io_sqe_rsrc_set_node(ctx, data, ref_node); |
| 05589553 | 7725 | } else |
| 269bbe5f | 7726 | destroy_fixed_rsrc_ref_node(ref_node); |
| c3a31e60 JA |
7727 | |
| 7728 | return done ? done : err; | |
| 7729 | } | |
| 05589553 | 7730 | |
| 05f3fb3c JA |
7731 | static int io_sqe_files_update(struct io_ring_ctx *ctx, void __user *arg, |
| 7732 | unsigned nr_args) | |
| 7733 | { | |
| 269bbe5f | 7734 | struct io_uring_rsrc_update up; |
| 05f3fb3c JA |
7735 | |
| 7736 | if (!ctx->file_data) | |
| 7737 | return -ENXIO; | |
| 7738 | if (!nr_args) | |
| 7739 | return -EINVAL; | |
| 7740 | if (copy_from_user(&up, arg, sizeof(up))) | |
| 7741 | return -EFAULT; | |
| 7742 | if (up.resv) | |
| 7743 | return -EINVAL; | |
| 7744 | ||
| 7745 | return __io_sqe_files_update(ctx, &up, nr_args); | |
| 7746 | } | |
| c3a31e60 | 7747 | |
| 5280f7e5 | 7748 | static struct io_wq_work *io_free_work(struct io_wq_work *work) |
| 7d723065 JA |
7749 | { |
| 7750 | struct io_kiocb *req = container_of(work, struct io_kiocb, work); | |
| 7751 | ||
| 5280f7e5 PB |
7752 | req = io_put_req_find_next(req); |
| 7753 | return req ? &req->work : NULL; | |
| 7d723065 JA |
7754 | } |
| 7755 | ||
| 5aa75ed5 | 7756 | static struct io_wq *io_init_wq_offload(struct io_ring_ctx *ctx) |
| 24369c2e | 7757 | { |
| e941894e | 7758 | struct io_wq_hash *hash; |
| 24369c2e | 7759 | struct io_wq_data data; |
| 24369c2e | 7760 | unsigned int concurrency; |
| 24369c2e | 7761 | |
| e941894e JA |
7762 | hash = ctx->hash_map; |
| 7763 | if (!hash) { | |
| 7764 | hash = kzalloc(sizeof(*hash), GFP_KERNEL); | |
| 7765 | if (!hash) | |
| 7766 | return ERR_PTR(-ENOMEM); | |
| 7767 | refcount_set(&hash->refs, 1); | |
| 7768 | init_waitqueue_head(&hash->wait); | |
| 7769 | ctx->hash_map = hash; | |
| 24369c2e PB |
7770 | } |
| 7771 | ||
| e941894e | 7772 | data.hash = hash; |
| e9fd9396 | 7773 | data.free_work = io_free_work; |
| f5fa38c5 | 7774 | data.do_work = io_wq_submit_work; |
| 24369c2e | 7775 | |
| d25e3a3d JA |
7776 | /* Do QD, or 4 * CPUS, whatever is smallest */ |
| 7777 | concurrency = min(ctx->sq_entries, 4 * num_online_cpus()); | |
| 24369c2e | 7778 | |
| 5aa75ed5 | 7779 | return io_wq_create(concurrency, &data); |
| 24369c2e PB |
7780 | } |
| 7781 | ||
| 5aa75ed5 JA |
7782 | static int io_uring_alloc_task_context(struct task_struct *task, |
| 7783 | struct io_ring_ctx *ctx) | |
| 0f212204 JA |
7784 | { |
| 7785 | struct io_uring_task *tctx; | |
| d8a6df10 | 7786 | int ret; |
| 0f212204 JA |
7787 | |
| 7788 | tctx = kmalloc(sizeof(*tctx), GFP_KERNEL); | |
| 7789 | if (unlikely(!tctx)) | |
| 7790 | return -ENOMEM; | |
| 7791 | ||
| d8a6df10 JA |
7792 | ret = percpu_counter_init(&tctx->inflight, 0, GFP_KERNEL); |
| 7793 | if (unlikely(ret)) { | |
| 7794 | kfree(tctx); | |
| 7795 | return ret; | |
| 7796 | } | |
| 7797 | ||
| 5aa75ed5 JA |
7798 | tctx->io_wq = io_init_wq_offload(ctx); |
| 7799 | if (IS_ERR(tctx->io_wq)) { | |
| 7800 | ret = PTR_ERR(tctx->io_wq); | |
| 7801 | percpu_counter_destroy(&tctx->inflight); | |
| 7802 | kfree(tctx); | |
| 7803 | return ret; | |
| 7804 | } | |
| 7805 | ||
| 0f212204 JA |
7806 | xa_init(&tctx->xa); |
| 7807 | init_waitqueue_head(&tctx->wait); | |
| 7808 | tctx->last = NULL; | |
| fdaf083c JA |
7809 | atomic_set(&tctx->in_idle, 0); |
| 7810 | tctx->sqpoll = false; | |
| 0f212204 | 7811 | task->io_uring = tctx; |
| 7cbf1722 JA |
7812 | spin_lock_init(&tctx->task_lock); |
| 7813 | INIT_WQ_LIST(&tctx->task_list); | |
| 7814 | tctx->task_state = 0; | |
| 7815 | init_task_work(&tctx->task_work, tctx_task_work); | |
| 0f212204 JA |
7816 | return 0; |
| 7817 | } | |
| 7818 | ||
| 7819 | void __io_uring_free(struct task_struct *tsk) | |
| 7820 | { | |
| 7821 | struct io_uring_task *tctx = tsk->io_uring; | |
| 7822 | ||
| 7823 | WARN_ON_ONCE(!xa_empty(&tctx->xa)); | |
| ef8eaa4e PB |
7824 | WARN_ON_ONCE(tctx->io_wq); |
| 7825 | ||
| d8a6df10 | 7826 | percpu_counter_destroy(&tctx->inflight); |
| 0f212204 JA |
7827 | kfree(tctx); |
| 7828 | tsk->io_uring = NULL; | |
| 7829 | } | |
| 7830 | ||
| 5f3f26f9 JA |
7831 | static int io_sq_thread_fork(struct io_sq_data *sqd, struct io_ring_ctx *ctx) |
| 7832 | { | |
| 46fe18b1 | 7833 | struct task_struct *tsk; |
| 5f3f26f9 JA |
7834 | int ret; |
| 7835 | ||
| 7836 | clear_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); | |
| 86e0d676 | 7837 | reinit_completion(&sqd->parked); |
| 70aacfe6 | 7838 | ctx->sqo_exec = 0; |
| 5f3f26f9 | 7839 | sqd->task_pid = current->pid; |
| 46fe18b1 JA |
7840 | tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE); |
| 7841 | if (IS_ERR(tsk)) | |
| 7842 | return PTR_ERR(tsk); | |
| 7843 | ret = io_uring_alloc_task_context(tsk, ctx); | |
| 7844 | if (ret) | |
| 7845 | set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); | |
| 7846 | sqd->thread = tsk; | |
| 7847 | wake_up_new_task(tsk); | |
| 7848 | return ret; | |
| 5f3f26f9 JA |
7849 | } |
| 7850 | ||
| 7e84e1c7 SG |
7851 | static int io_sq_offload_create(struct io_ring_ctx *ctx, |
| 7852 | struct io_uring_params *p) | |
| 2b188cc1 JA |
7853 | { |
| 7854 | int ret; | |
| 7855 | ||
| d25e3a3d JA |
7856 | /* Retain compatibility with failing for an invalid attach attempt */ |
| 7857 | if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) == | |
| 7858 | IORING_SETUP_ATTACH_WQ) { | |
| 7859 | struct fd f; | |
| 7860 | ||
| 7861 | f = fdget(p->wq_fd); | |
| 7862 | if (!f.file) | |
| 7863 | return -ENXIO; | |
| 7864 | if (f.file->f_op != &io_uring_fops) { | |
| 7865 | fdput(f); | |
| 7866 | return -EINVAL; | |
| 7867 | } | |
| 7868 | fdput(f); | |
| 7869 | } | |
| 6c271ce2 | 7870 | if (ctx->flags & IORING_SETUP_SQPOLL) { |
| 46fe18b1 | 7871 | struct task_struct *tsk; |
| 534ca6d6 JA |
7872 | struct io_sq_data *sqd; |
| 7873 | ||
| 3ec482d1 | 7874 | ret = -EPERM; |
| ce59fc69 | 7875 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) |
| 3ec482d1 JA |
7876 | goto err; |
| 7877 | ||
| 534ca6d6 JA |
7878 | sqd = io_get_sq_data(p); |
| 7879 | if (IS_ERR(sqd)) { | |
| 7880 | ret = PTR_ERR(sqd); | |
| 7881 | goto err; | |
| 7882 | } | |
| 69fb2131 | 7883 | |
| 534ca6d6 | 7884 | ctx->sq_data = sqd; |
| 69fb2131 JA |
7885 | io_sq_thread_park(sqd); |
| 7886 | mutex_lock(&sqd->ctx_lock); | |
| 7887 | list_add(&ctx->sqd_list, &sqd->ctx_new_list); | |
| 7888 | mutex_unlock(&sqd->ctx_lock); | |
| 7889 | io_sq_thread_unpark(sqd); | |
| 534ca6d6 | 7890 | |
| 917257da JA |
7891 | ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle); |
| 7892 | if (!ctx->sq_thread_idle) | |
| 7893 | ctx->sq_thread_idle = HZ; | |
| 7894 | ||
| aa06165d | 7895 | if (sqd->thread) |
| 5aa75ed5 | 7896 | return 0; |
| aa06165d | 7897 | |
| 6c271ce2 | 7898 | if (p->flags & IORING_SETUP_SQ_AFF) { |
| 44a9bd18 | 7899 | int cpu = p->sq_thread_cpu; |
| 6c271ce2 | 7900 | |
| 917257da | 7901 | ret = -EINVAL; |
| 44a9bd18 JA |
7902 | if (cpu >= nr_cpu_ids) |
| 7903 | goto err; | |
| 7889f44d | 7904 | if (!cpu_online(cpu)) |
| 917257da JA |
7905 | goto err; |
| 7906 | ||
| 37d1e2e3 | 7907 | sqd->sq_cpu = cpu; |
| 6c271ce2 | 7908 | } else { |
| 37d1e2e3 | 7909 | sqd->sq_cpu = -1; |
| 6c271ce2 | 7910 | } |
| 37d1e2e3 JA |
7911 | |
| 7912 | sqd->task_pid = current->pid; | |
| 46fe18b1 JA |
7913 | tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE); |
| 7914 | if (IS_ERR(tsk)) { | |
| 7915 | ret = PTR_ERR(tsk); | |
| 6c271ce2 JA |
7916 | goto err; |
| 7917 | } | |
| 46fe18b1 JA |
7918 | ret = io_uring_alloc_task_context(tsk, ctx); |
| 7919 | if (ret) | |
| 7920 | set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); | |
| 7921 | sqd->thread = tsk; | |
| 7922 | wake_up_new_task(tsk); | |
| 0f212204 JA |
7923 | if (ret) |
| 7924 | goto err; | |
| 6c271ce2 JA |
7925 | } else if (p->flags & IORING_SETUP_SQ_AFF) { |
| 7926 | /* Can't have SQ_AFF without SQPOLL */ | |
| 7927 | ret = -EINVAL; | |
| 7928 | goto err; | |
| 7929 | } | |
| 7930 | ||
| 2b188cc1 JA |
7931 | return 0; |
| 7932 | err: | |
| 37d1e2e3 | 7933 | io_sq_thread_finish(ctx); |
| 2b188cc1 JA |
7934 | return ret; |
| 7935 | } | |
| 7936 | ||
| 7e84e1c7 SG |
7937 | static void io_sq_offload_start(struct io_ring_ctx *ctx) |
| 7938 | { | |
| 534ca6d6 JA |
7939 | struct io_sq_data *sqd = ctx->sq_data; |
| 7940 | ||
| 3ebba796 | 7941 | ctx->flags &= ~IORING_SETUP_R_DISABLED; |
| eb85890b | 7942 | if (ctx->flags & IORING_SETUP_SQPOLL) |
| 37d1e2e3 | 7943 | complete(&sqd->startup); |
| 7e84e1c7 SG |
7944 | } |
| 7945 | ||
| a087e2b5 BM |
7946 | static inline void __io_unaccount_mem(struct user_struct *user, |
| 7947 | unsigned long nr_pages) | |
| 2b188cc1 JA |
7948 | { |
| 7949 | atomic_long_sub(nr_pages, &user->locked_vm); | |
| 7950 | } | |
| 7951 | ||
| a087e2b5 BM |
7952 | static inline int __io_account_mem(struct user_struct *user, |
| 7953 | unsigned long nr_pages) | |
| 2b188cc1 JA |
7954 | { |
| 7955 | unsigned long page_limit, cur_pages, new_pages; | |
| 7956 | ||
| 7957 | /* Don't allow more pages than we can safely lock */ | |
| 7958 | page_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; | |
| 7959 | ||
| 7960 | do { | |
| 7961 | cur_pages = atomic_long_read(&user->locked_vm); | |
| 7962 | new_pages = cur_pages + nr_pages; | |
| 7963 | if (new_pages > page_limit) | |
| 7964 | return -ENOMEM; | |
| 7965 | } while (atomic_long_cmpxchg(&user->locked_vm, cur_pages, | |
| 7966 | new_pages) != cur_pages); | |
| 7967 | ||
| 7968 | return 0; | |
| 7969 | } | |
| 7970 | ||
| 26bfa89e | 7971 | static void io_unaccount_mem(struct io_ring_ctx *ctx, unsigned long nr_pages) |
| a087e2b5 | 7972 | { |
| 62e398be | 7973 | if (ctx->user) |
| a087e2b5 | 7974 | __io_unaccount_mem(ctx->user, nr_pages); |
| 30975825 | 7975 | |
| 26bfa89e JA |
7976 | if (ctx->mm_account) |
| 7977 | atomic64_sub(nr_pages, &ctx->mm_account->pinned_vm); | |
| a087e2b5 BM |
7978 | } |
| 7979 | ||
| 26bfa89e | 7980 | static int io_account_mem(struct io_ring_ctx *ctx, unsigned long nr_pages) |
| a087e2b5 | 7981 | { |
| 30975825 BM |
7982 | int ret; |
| 7983 | ||
| 62e398be | 7984 | if (ctx->user) { |
| 30975825 BM |
7985 | ret = __io_account_mem(ctx->user, nr_pages); |
| 7986 | if (ret) | |
| 7987 | return ret; | |
| 7988 | } | |
| 7989 | ||
| 26bfa89e JA |
7990 | if (ctx->mm_account) |
| 7991 | atomic64_add(nr_pages, &ctx->mm_account->pinned_vm); | |
| a087e2b5 BM |
7992 | |
| 7993 | return 0; | |
| 7994 | } | |
| 7995 | ||
| 2b188cc1 JA |
7996 | static void io_mem_free(void *ptr) |
| 7997 | { | |
| 52e04ef4 MR |
7998 | struct page *page; |
| 7999 | ||
| 8000 | if (!ptr) | |
| 8001 | return; | |
| 2b188cc1 | 8002 | |
| 52e04ef4 | 8003 | page = virt_to_head_page(ptr); |
| 2b188cc1 JA |
8004 | if (put_page_testzero(page)) |
| 8005 | free_compound_page(page); | |
| 8006 | } | |
| 8007 | ||
| 8008 | static void *io_mem_alloc(size_t size) | |
| 8009 | { | |
| 8010 | gfp_t gfp_flags = GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_COMP | | |
| 26bfa89e | 8011 | __GFP_NORETRY | __GFP_ACCOUNT; |
| 2b188cc1 JA |
8012 | |
| 8013 | return (void *) __get_free_pages(gfp_flags, get_order(size)); | |
| 8014 | } | |
| 8015 | ||
| 75b28aff HV |
8016 | static unsigned long rings_size(unsigned sq_entries, unsigned cq_entries, |
| 8017 | size_t *sq_offset) | |
| 8018 | { | |
| 8019 | struct io_rings *rings; | |
| 8020 | size_t off, sq_array_size; | |
| 8021 | ||
| 8022 | off = struct_size(rings, cqes, cq_entries); | |
| 8023 | if (off == SIZE_MAX) | |
| 8024 | return SIZE_MAX; | |
| 8025 | ||
| 8026 | #ifdef CONFIG_SMP | |
| 8027 | off = ALIGN(off, SMP_CACHE_BYTES); | |
| 8028 | if (off == 0) | |
| 8029 | return SIZE_MAX; | |
| 8030 | #endif | |
| 8031 | ||
| b36200f5 DV |
8032 | if (sq_offset) |
| 8033 | *sq_offset = off; | |
| 8034 | ||
| 75b28aff HV |
8035 | sq_array_size = array_size(sizeof(u32), sq_entries); |
| 8036 | if (sq_array_size == SIZE_MAX) | |
| 8037 | return SIZE_MAX; | |
| 8038 | ||
| 8039 | if (check_add_overflow(off, sq_array_size, &off)) | |
| 8040 | return SIZE_MAX; | |
| 8041 | ||
| 75b28aff HV |
8042 | return off; |
| 8043 | } | |
| 8044 | ||
| 0a96bbe4 | 8045 | static int io_sqe_buffers_unregister(struct io_ring_ctx *ctx) |
| edafccee JA |
8046 | { |
| 8047 | int i, j; | |
| 8048 | ||
| 8049 | if (!ctx->user_bufs) | |
| 8050 | return -ENXIO; | |
| 8051 | ||
| 8052 | for (i = 0; i < ctx->nr_user_bufs; i++) { | |
| 8053 | struct io_mapped_ubuf *imu = &ctx->user_bufs[i]; | |
| 8054 | ||
| 8055 | for (j = 0; j < imu->nr_bvecs; j++) | |
| f1f6a7dd | 8056 | unpin_user_page(imu->bvec[j].bv_page); |
| edafccee | 8057 | |
| de293938 | 8058 | if (imu->acct_pages) |
| 26bfa89e | 8059 | io_unaccount_mem(ctx, imu->acct_pages); |
| d4ef6475 | 8060 | kvfree(imu->bvec); |
| edafccee JA |
8061 | imu->nr_bvecs = 0; |
| 8062 | } | |
| 8063 | ||
| 8064 | kfree(ctx->user_bufs); | |
| 8065 | ctx->user_bufs = NULL; | |
| 8066 | ctx->nr_user_bufs = 0; | |
| 8067 | return 0; | |
| 8068 | } | |
| 8069 | ||
| 8070 | static int io_copy_iov(struct io_ring_ctx *ctx, struct iovec *dst, | |
| 8071 | void __user *arg, unsigned index) | |
| 8072 | { | |
| 8073 | struct iovec __user *src; | |
| 8074 | ||
| 8075 | #ifdef CONFIG_COMPAT | |
| 8076 | if (ctx->compat) { | |
| 8077 | struct compat_iovec __user *ciovs; | |
| 8078 | struct compat_iovec ciov; | |
| 8079 | ||
| 8080 | ciovs = (struct compat_iovec __user *) arg; | |
| 8081 | if (copy_from_user(&ciov, &ciovs[index], sizeof(ciov))) | |
| 8082 | return -EFAULT; | |
| 8083 | ||
| d55e5f5b | 8084 | dst->iov_base = u64_to_user_ptr((u64)ciov.iov_base); |
| edafccee JA |
8085 | dst->iov_len = ciov.iov_len; |
| 8086 | return 0; | |
| 8087 | } | |
| 8088 | #endif | |
| 8089 | src = (struct iovec __user *) arg; | |
| 8090 | if (copy_from_user(dst, &src[index], sizeof(*dst))) | |
| 8091 | return -EFAULT; | |
| 8092 | return 0; | |
| 8093 | } | |
| 8094 | ||
| de293938 JA |
8095 | /* |
| 8096 | * Not super efficient, but this is just a registration time. And we do cache | |
| 8097 | * the last compound head, so generally we'll only do a full search if we don't | |
| 8098 | * match that one. | |
| 8099 | * | |
| 8100 | * We check if the given compound head page has already been accounted, to | |
| 8101 | * avoid double accounting it. This allows us to account the full size of the | |
| 8102 | * page, not just the constituent pages of a huge page. | |
| 8103 | */ | |
| 8104 | static bool headpage_already_acct(struct io_ring_ctx *ctx, struct page **pages, | |
| 8105 | int nr_pages, struct page *hpage) | |
| 8106 | { | |
| 8107 | int i, j; | |
| 8108 | ||
| 8109 | /* check current page array */ | |
| 8110 | for (i = 0; i < nr_pages; i++) { | |
| 8111 | if (!PageCompound(pages[i])) | |
| 8112 | continue; | |
| 8113 | if (compound_head(pages[i]) == hpage) | |
| 8114 | return true; | |
| 8115 | } | |
| 8116 | ||
| 8117 | /* check previously registered pages */ | |
| 8118 | for (i = 0; i < ctx->nr_user_bufs; i++) { | |
| 8119 | struct io_mapped_ubuf *imu = &ctx->user_bufs[i]; | |
| 8120 | ||
| 8121 | for (j = 0; j < imu->nr_bvecs; j++) { | |
| 8122 | if (!PageCompound(imu->bvec[j].bv_page)) | |
| 8123 | continue; | |
| 8124 | if (compound_head(imu->bvec[j].bv_page) == hpage) | |
| 8125 | return true; | |
| 8126 | } | |
| 8127 | } | |
| 8128 | ||
| 8129 | return false; | |
| 8130 | } | |
| 8131 | ||
| 8132 | static int io_buffer_account_pin(struct io_ring_ctx *ctx, struct page **pages, | |
| 8133 | int nr_pages, struct io_mapped_ubuf *imu, | |
| 8134 | struct page **last_hpage) | |
| 8135 | { | |
| 8136 | int i, ret; | |
| 8137 | ||
| 8138 | for (i = 0; i < nr_pages; i++) { | |
| 8139 | if (!PageCompound(pages[i])) { | |
| 8140 | imu->acct_pages++; | |
| 8141 | } else { | |
| 8142 | struct page *hpage; | |
| 8143 | ||
| 8144 | hpage = compound_head(pages[i]); | |
| 8145 | if (hpage == *last_hpage) | |
| 8146 | continue; | |
| 8147 | *last_hpage = hpage; | |
| 8148 | if (headpage_already_acct(ctx, pages, i, hpage)) | |
| 8149 | continue; | |
| 8150 | imu->acct_pages += page_size(hpage) >> PAGE_SHIFT; | |
| 8151 | } | |
| 8152 | } | |
| 8153 | ||
| 8154 | if (!imu->acct_pages) | |
| 8155 | return 0; | |
| 8156 | ||
| 26bfa89e | 8157 | ret = io_account_mem(ctx, imu->acct_pages); |
| de293938 JA |
8158 | if (ret) |
| 8159 | imu->acct_pages = 0; | |
| 8160 | return ret; | |
| 8161 | } | |
| 8162 | ||
| 0a96bbe4 BM |
8163 | static int io_sqe_buffer_register(struct io_ring_ctx *ctx, struct iovec *iov, |
| 8164 | struct io_mapped_ubuf *imu, | |
| 8165 | struct page **last_hpage) | |
| edafccee JA |
8166 | { |
| 8167 | struct vm_area_struct **vmas = NULL; | |
| 8168 | struct page **pages = NULL; | |
| 0a96bbe4 BM |
8169 | unsigned long off, start, end, ubuf; |
| 8170 | size_t size; | |
| 8171 | int ret, pret, nr_pages, i; | |
| 8172 | ||
| 8173 | ubuf = (unsigned long) iov->iov_base; | |
| 8174 | end = (ubuf + iov->iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT; | |
| 8175 | start = ubuf >> PAGE_SHIFT; | |
| 8176 | nr_pages = end - start; | |
| 8177 | ||
| 8178 | ret = -ENOMEM; | |
| 8179 | ||
| 8180 | pages = kvmalloc_array(nr_pages, sizeof(struct page *), GFP_KERNEL); | |
| 8181 | if (!pages) | |
| 8182 | goto done; | |
| 8183 | ||
| 8184 | vmas = kvmalloc_array(nr_pages, sizeof(struct vm_area_struct *), | |
| 8185 | GFP_KERNEL); | |
| 8186 | if (!vmas) | |
| 8187 | goto done; | |
| edafccee | 8188 | |
| 0a96bbe4 BM |
8189 | imu->bvec = kvmalloc_array(nr_pages, sizeof(struct bio_vec), |
| 8190 | GFP_KERNEL); | |
| 8191 | if (!imu->bvec) | |
| 8192 | goto done; | |
| 8193 | ||
| 8194 | ret = 0; | |
| 8195 | mmap_read_lock(current->mm); | |
| 8196 | pret = pin_user_pages(ubuf, nr_pages, FOLL_WRITE | FOLL_LONGTERM, | |
| 8197 | pages, vmas); | |
| 8198 | if (pret == nr_pages) { | |
| 8199 | /* don't support file backed memory */ | |
| 8200 | for (i = 0; i < nr_pages; i++) { | |
| 8201 | struct vm_area_struct *vma = vmas[i]; | |
| 8202 | ||
| 8203 | if (vma->vm_file && | |
| 8204 | !is_file_hugepages(vma->vm_file)) { | |
| 8205 | ret = -EOPNOTSUPP; | |
| 8206 | break; | |
| 8207 | } | |
| 8208 | } | |
| 8209 | } else { | |
| 8210 | ret = pret < 0 ? pret : -EFAULT; | |
| 8211 | } | |
| 8212 | mmap_read_unlock(current->mm); | |
| 8213 | if (ret) { | |
| 8214 | /* | |
| 8215 | * if we did partial map, or found file backed vmas, | |
| 8216 | * release any pages we did get | |
| 8217 | */ | |
| 8218 | if (pret > 0) | |
| 8219 | unpin_user_pages(pages, pret); | |
| 8220 | kvfree(imu->bvec); | |
| 8221 | goto done; | |
| 8222 | } | |
| 8223 | ||
| 8224 | ret = io_buffer_account_pin(ctx, pages, pret, imu, last_hpage); | |
| 8225 | if (ret) { | |
| 8226 | unpin_user_pages(pages, pret); | |
| 8227 | kvfree(imu->bvec); | |
| 8228 | goto done; | |
| 8229 | } | |
| 8230 | ||
| 8231 | off = ubuf & ~PAGE_MASK; | |
| 8232 | size = iov->iov_len; | |
| 8233 | for (i = 0; i < nr_pages; i++) { | |
| 8234 | size_t vec_len; | |
| 8235 | ||
| 8236 | vec_len = min_t(size_t, size, PAGE_SIZE - off); | |
| 8237 | imu->bvec[i].bv_page = pages[i]; | |
| 8238 | imu->bvec[i].bv_len = vec_len; | |
| 8239 | imu->bvec[i].bv_offset = off; | |
| 8240 | off = 0; | |
| 8241 | size -= vec_len; | |
| 8242 | } | |
| 8243 | /* store original address for later verification */ | |
| 8244 | imu->ubuf = ubuf; | |
| 8245 | imu->len = iov->iov_len; | |
| 8246 | imu->nr_bvecs = nr_pages; | |
| 8247 | ret = 0; | |
| 8248 | done: | |
| 8249 | kvfree(pages); | |
| 8250 | kvfree(vmas); | |
| 8251 | return ret; | |
| 8252 | } | |
| 8253 | ||
| 2b358604 | 8254 | static int io_buffers_map_alloc(struct io_ring_ctx *ctx, unsigned int nr_args) |
| 0a96bbe4 | 8255 | { |
| edafccee JA |
8256 | if (ctx->user_bufs) |
| 8257 | return -EBUSY; | |
| 8258 | if (!nr_args || nr_args > UIO_MAXIOV) | |
| 8259 | return -EINVAL; | |
| 8260 | ||
| 8261 | ctx->user_bufs = kcalloc(nr_args, sizeof(struct io_mapped_ubuf), | |
| 8262 | GFP_KERNEL); | |
| 8263 | if (!ctx->user_bufs) | |
| 8264 | return -ENOMEM; | |
| 8265 | ||
| 2b358604 BM |
8266 | return 0; |
| 8267 | } | |
| edafccee | 8268 | |
| 2b358604 BM |
8269 | static int io_buffer_validate(struct iovec *iov) |
| 8270 | { | |
| 8271 | /* | |
| 8272 | * Don't impose further limits on the size and buffer | |
| 8273 | * constraints here, we'll -EINVAL later when IO is | |
| 8274 | * submitted if they are wrong. | |
| 8275 | */ | |
| 8276 | if (!iov->iov_base || !iov->iov_len) | |
| 8277 | return -EFAULT; | |
| edafccee | 8278 | |
| 2b358604 BM |
8279 | /* arbitrary limit, but we need something */ |
| 8280 | if (iov->iov_len > SZ_1G) | |
| 8281 | return -EFAULT; | |
| edafccee | 8282 | |
| 2b358604 BM |
8283 | return 0; |
| 8284 | } | |
| edafccee | 8285 | |
| 2b358604 BM |
8286 | static int io_sqe_buffers_register(struct io_ring_ctx *ctx, void __user *arg, |
| 8287 | unsigned int nr_args) | |
| 8288 | { | |
| 8289 | int i, ret; | |
| 8290 | struct iovec iov; | |
| 8291 | struct page *last_hpage = NULL; | |
| edafccee | 8292 | |
| 2b358604 BM |
8293 | ret = io_buffers_map_alloc(ctx, nr_args); |
| 8294 | if (ret) | |
| 8295 | return ret; | |
| edafccee | 8296 | |
| edafccee JA |
8297 | for (i = 0; i < nr_args; i++) { |
| 8298 | struct io_mapped_ubuf *imu = &ctx->user_bufs[i]; | |
| edafccee | 8299 | |
| edafccee JA |
8300 | ret = io_copy_iov(ctx, &iov, arg, i); |
| 8301 | if (ret) | |
| 0a96bbe4 | 8302 | break; |
| de293938 | 8303 | |
| 2b358604 BM |
8304 | ret = io_buffer_validate(&iov); |
| 8305 | if (ret) | |
| 0a96bbe4 | 8306 | break; |
| edafccee | 8307 | |
| 0a96bbe4 BM |
8308 | ret = io_sqe_buffer_register(ctx, &iov, imu, &last_hpage); |
| 8309 | if (ret) | |
| 8310 | break; | |
| edafccee JA |
8311 | |
| 8312 | ctx->nr_user_bufs++; | |
| 8313 | } | |
| 0a96bbe4 BM |
8314 | |
| 8315 | if (ret) | |
| 8316 | io_sqe_buffers_unregister(ctx); | |
| 8317 | ||
| edafccee JA |
8318 | return ret; |
| 8319 | } | |
| 8320 | ||
| 9b402849 JA |
8321 | static int io_eventfd_register(struct io_ring_ctx *ctx, void __user *arg) |
| 8322 | { | |
| 8323 | __s32 __user *fds = arg; | |
| 8324 | int fd; | |
| 8325 | ||
| 8326 | if (ctx->cq_ev_fd) | |
| 8327 | return -EBUSY; | |
| 8328 | ||
| 8329 | if (copy_from_user(&fd, fds, sizeof(*fds))) | |
| 8330 | return -EFAULT; | |
| 8331 | ||
| 8332 | ctx->cq_ev_fd = eventfd_ctx_fdget(fd); | |
| 8333 | if (IS_ERR(ctx->cq_ev_fd)) { | |
| 8334 | int ret = PTR_ERR(ctx->cq_ev_fd); | |
| 8335 | ctx->cq_ev_fd = NULL; | |
| 8336 | return ret; | |
| 8337 | } | |
| 8338 | ||
| 8339 | return 0; | |
| 8340 | } | |
| 8341 | ||
| 8342 | static int io_eventfd_unregister(struct io_ring_ctx *ctx) | |
| 8343 | { | |
| 8344 | if (ctx->cq_ev_fd) { | |
| 8345 | eventfd_ctx_put(ctx->cq_ev_fd); | |
| 8346 | ctx->cq_ev_fd = NULL; | |
| 8347 | return 0; | |
| 8348 | } | |
| 8349 | ||
| 8350 | return -ENXIO; | |
| 8351 | } | |
| 8352 | ||
| 5a2e745d JA |
8353 | static int __io_destroy_buffers(int id, void *p, void *data) |
| 8354 | { | |
| 8355 | struct io_ring_ctx *ctx = data; | |
| 8356 | struct io_buffer *buf = p; | |
| 8357 | ||
| 067524e9 | 8358 | __io_remove_buffers(ctx, buf, id, -1U); |
| 5a2e745d JA |
8359 | return 0; |
| 8360 | } | |
| 8361 | ||
| 8362 | static void io_destroy_buffers(struct io_ring_ctx *ctx) | |
| 8363 | { | |
| 8364 | idr_for_each(&ctx->io_buffer_idr, __io_destroy_buffers, ctx); | |
| 8365 | idr_destroy(&ctx->io_buffer_idr); | |
| 8366 | } | |
| 8367 | ||
| 68e68ee6 | 8368 | static void io_req_cache_free(struct list_head *list, struct task_struct *tsk) |
| 1b4c351f | 8369 | { |
| 68e68ee6 | 8370 | struct io_kiocb *req, *nxt; |
| 1b4c351f | 8371 | |
| 68e68ee6 JA |
8372 | list_for_each_entry_safe(req, nxt, list, compl.list) { |
| 8373 | if (tsk && req->task != tsk) | |
| 8374 | continue; | |
| 1b4c351f JA |
8375 | list_del(&req->compl.list); |
| 8376 | kmem_cache_free(req_cachep, req); | |
| 8377 | } | |
| 8378 | } | |
| 8379 | ||
| 4010fec4 | 8380 | static void io_req_caches_free(struct io_ring_ctx *ctx) |
| 2b188cc1 | 8381 | { |
| bf019da7 | 8382 | struct io_submit_state *submit_state = &ctx->submit_state; |
| e5547d2c | 8383 | struct io_comp_state *cs = &ctx->submit_state.comp; |
| bf019da7 | 8384 | |
| 9a4fdbd8 JA |
8385 | mutex_lock(&ctx->uring_lock); |
| 8386 | ||
| 8e5c66c4 | 8387 | if (submit_state->free_reqs) { |
| 9a4fdbd8 JA |
8388 | kmem_cache_free_bulk(req_cachep, submit_state->free_reqs, |
| 8389 | submit_state->reqs); | |
| 8e5c66c4 PB |
8390 | submit_state->free_reqs = 0; |
| 8391 | } | |
| 9a4fdbd8 JA |
8392 | |
| 8393 | spin_lock_irq(&ctx->completion_lock); | |
| e5547d2c PB |
8394 | list_splice_init(&cs->locked_free_list, &cs->free_list); |
| 8395 | cs->locked_free_nr = 0; | |
| 9a4fdbd8 JA |
8396 | spin_unlock_irq(&ctx->completion_lock); |
| 8397 | ||
| e5547d2c PB |
8398 | io_req_cache_free(&cs->free_list, NULL); |
| 8399 | ||
| 9a4fdbd8 JA |
8400 | mutex_unlock(&ctx->uring_lock); |
| 8401 | } | |
| 8402 | ||
| 2b188cc1 JA |
8403 | static void io_ring_ctx_free(struct io_ring_ctx *ctx) |
| 8404 | { | |
| 04fc6c80 PB |
8405 | /* |
| 8406 | * Some may use context even when all refs and requests have been put, | |
| 8407 | * and they are free to do so while still holding uring_lock, see | |
| 8408 | * __io_req_task_submit(). Wait for them to finish. | |
| 8409 | */ | |
| 8410 | mutex_lock(&ctx->uring_lock); | |
| 8411 | mutex_unlock(&ctx->uring_lock); | |
| 8412 | ||
| 37d1e2e3 | 8413 | io_sq_thread_finish(ctx); |
| 0a96bbe4 | 8414 | io_sqe_buffers_unregister(ctx); |
| 2aede0e4 | 8415 | |
| 37d1e2e3 | 8416 | if (ctx->mm_account) { |
| 2aede0e4 JA |
8417 | mmdrop(ctx->mm_account); |
| 8418 | ctx->mm_account = NULL; | |
| 30975825 | 8419 | } |
| def596e9 | 8420 | |
| 8bad28d8 | 8421 | mutex_lock(&ctx->uring_lock); |
| 6b06314c | 8422 | io_sqe_files_unregister(ctx); |
| 8bad28d8 | 8423 | mutex_unlock(&ctx->uring_lock); |
| 9b402849 | 8424 | io_eventfd_unregister(ctx); |
| 5a2e745d | 8425 | io_destroy_buffers(ctx); |
| 41726c9a | 8426 | idr_destroy(&ctx->personality_idr); |
| def596e9 | 8427 | |
| 2b188cc1 | 8428 | #if defined(CONFIG_UNIX) |
| 355e8d26 EB |
8429 | if (ctx->ring_sock) { |
| 8430 | ctx->ring_sock->file = NULL; /* so that iput() is called */ | |
| 2b188cc1 | 8431 | sock_release(ctx->ring_sock); |
| 355e8d26 | 8432 | } |
| 2b188cc1 JA |
8433 | #endif |
| 8434 | ||
| 75b28aff | 8435 | io_mem_free(ctx->rings); |
| 2b188cc1 | 8436 | io_mem_free(ctx->sq_sqes); |
| 2b188cc1 JA |
8437 | |
| 8438 | percpu_ref_exit(&ctx->refs); | |
| 2b188cc1 | 8439 | free_uid(ctx->user); |
| 4010fec4 | 8440 | io_req_caches_free(ctx); |
| e941894e JA |
8441 | if (ctx->hash_map) |
| 8442 | io_wq_put_hash(ctx->hash_map); | |
| 78076bb6 | 8443 | kfree(ctx->cancel_hash); |
| 2b188cc1 JA |
8444 | kfree(ctx); |
| 8445 | } | |
| 8446 | ||
| 8447 | static __poll_t io_uring_poll(struct file *file, poll_table *wait) | |
| 8448 | { | |
| 8449 | struct io_ring_ctx *ctx = file->private_data; | |
| 8450 | __poll_t mask = 0; | |
| 8451 | ||
| 8452 | poll_wait(file, &ctx->cq_wait, wait); | |
| 4f7067c3 SB |
8453 | /* |
| 8454 | * synchronizes with barrier from wq_has_sleeper call in | |
| 8455 | * io_commit_cqring | |
| 8456 | */ | |
| 2b188cc1 | 8457 | smp_rmb(); |
| 90554200 | 8458 | if (!io_sqring_full(ctx)) |
| 2b188cc1 | 8459 | mask |= EPOLLOUT | EPOLLWRNORM; |
| ed670c3f HX |
8460 | |
| 8461 | /* | |
| 8462 | * Don't flush cqring overflow list here, just do a simple check. | |
| 8463 | * Otherwise there could possible be ABBA deadlock: | |
| 8464 | * CPU0 CPU1 | |
| 8465 | * ---- ---- | |
| 8466 | * lock(&ctx->uring_lock); | |
| 8467 | * lock(&ep->mtx); | |
| 8468 | * lock(&ctx->uring_lock); | |
| 8469 | * lock(&ep->mtx); | |
| 8470 | * | |
| 8471 | * Users may get EPOLLIN meanwhile seeing nothing in cqring, this | |
| 8472 | * pushs them to do the flush. | |
| 8473 | */ | |
| 8474 | if (io_cqring_events(ctx) || test_bit(0, &ctx->cq_check_overflow)) | |
| 2b188cc1 JA |
8475 | mask |= EPOLLIN | EPOLLRDNORM; |
| 8476 | ||
| 8477 | return mask; | |
| 8478 | } | |
| 8479 | ||
| 8480 | static int io_uring_fasync(int fd, struct file *file, int on) | |
| 8481 | { | |
| 8482 | struct io_ring_ctx *ctx = file->private_data; | |
| 8483 | ||
| 8484 | return fasync_helper(fd, file, on, &ctx->cq_fasync); | |
| 8485 | } | |
| 8486 | ||
| 0bead8cd | 8487 | static int io_unregister_personality(struct io_ring_ctx *ctx, unsigned id) |
| 071698e1 | 8488 | { |
| 4379bf8b | 8489 | const struct cred *creds; |
| 071698e1 | 8490 | |
| 4379bf8b JA |
8491 | creds = idr_remove(&ctx->personality_idr, id); |
| 8492 | if (creds) { | |
| 8493 | put_cred(creds); | |
| 0bead8cd | 8494 | return 0; |
| 1e6fa521 | 8495 | } |
| 0bead8cd YD |
8496 | |
| 8497 | return -EINVAL; | |
| 8498 | } | |
| 8499 | ||
| 8500 | static int io_remove_personalities(int id, void *p, void *data) | |
| 8501 | { | |
| 8502 | struct io_ring_ctx *ctx = data; | |
| 8503 | ||
| 8504 | io_unregister_personality(ctx, id); | |
| 071698e1 JA |
8505 | return 0; |
| 8506 | } | |
| 8507 | ||
| ba50a036 | 8508 | static bool io_run_ctx_fallback(struct io_ring_ctx *ctx) |
| 7c25c0d1 | 8509 | { |
| 28c4721b | 8510 | struct callback_head *work, *next; |
| ba50a036 | 8511 | bool executed = false; |
| 7c25c0d1 JA |
8512 | |
| 8513 | do { | |
| 28c4721b | 8514 | work = xchg(&ctx->exit_task_work, NULL); |
| 7c25c0d1 JA |
8515 | if (!work) |
| 8516 | break; | |
| 8517 | ||
| 8518 | do { | |
| 8519 | next = work->next; | |
| 8520 | work->func(work); | |
| 8521 | work = next; | |
| 8522 | cond_resched(); | |
| 8523 | } while (work); | |
| ba50a036 | 8524 | executed = true; |
| 7c25c0d1 | 8525 | } while (1); |
| ba50a036 PB |
8526 | |
| 8527 | return executed; | |
| 7c25c0d1 JA |
8528 | } |
| 8529 | ||
| 85faa7b8 JA |
8530 | static void io_ring_exit_work(struct work_struct *work) |
| 8531 | { | |
| b2edc0a7 PB |
8532 | struct io_ring_ctx *ctx = container_of(work, struct io_ring_ctx, |
| 8533 | exit_work); | |
| 85faa7b8 | 8534 | |
| 56952e91 JA |
8535 | /* |
| 8536 | * If we're doing polled IO and end up having requests being | |
| 8537 | * submitted async (out-of-line), then completions can come in while | |
| 8538 | * we're waiting for refs to drop. We need to reap these manually, | |
| 8539 | * as nobody else will be looking for them. | |
| 8540 | */ | |
| b2edc0a7 | 8541 | do { |
| 9936c7c2 | 8542 | io_uring_try_cancel_requests(ctx, NULL, NULL); |
| b2edc0a7 | 8543 | } while (!wait_for_completion_timeout(&ctx->ref_comp, HZ/20)); |
| 85faa7b8 JA |
8544 | io_ring_ctx_free(ctx); |
| 8545 | } | |
| 8546 | ||
| 2b188cc1 JA |
8547 | static void io_ring_ctx_wait_and_kill(struct io_ring_ctx *ctx) |
| 8548 | { | |
| 8549 | mutex_lock(&ctx->uring_lock); | |
| 8550 | percpu_ref_kill(&ctx->refs); | |
| cda286f0 PB |
8551 | /* if force is set, the ring is going away. always drop after that */ |
| 8552 | ctx->cq_overflow_flushed = 1; | |
| 634578f8 | 8553 | if (ctx->rings) |
| 6c503150 | 8554 | __io_cqring_overflow_flush(ctx, true, NULL, NULL); |
| 5c766a90 | 8555 | idr_for_each(&ctx->personality_idr, io_remove_personalities, ctx); |
| 2b188cc1 JA |
8556 | mutex_unlock(&ctx->uring_lock); |
| 8557 | ||
| 6b81928d PB |
8558 | io_kill_timeouts(ctx, NULL, NULL); |
| 8559 | io_poll_remove_all(ctx, NULL, NULL); | |
| 561fb04a | 8560 | |
| 15dff286 | 8561 | /* if we failed setting up the ctx, we might not have any rings */ |
| b2edc0a7 | 8562 | io_iopoll_try_reap_events(ctx); |
| 309fc03a | 8563 | |
| 85faa7b8 | 8564 | INIT_WORK(&ctx->exit_work, io_ring_exit_work); |
| fc666777 JA |
8565 | /* |
| 8566 | * Use system_unbound_wq to avoid spawning tons of event kworkers | |
| 8567 | * if we're exiting a ton of rings at the same time. It just adds | |
| 8568 | * noise and overhead, there's no discernable change in runtime | |
| 8569 | * over using system_wq. | |
| 8570 | */ | |
| 8571 | queue_work(system_unbound_wq, &ctx->exit_work); | |
| 2b188cc1 JA |
8572 | } |
| 8573 | ||
| 8574 | static int io_uring_release(struct inode *inode, struct file *file) | |
| 8575 | { | |
| 8576 | struct io_ring_ctx *ctx = file->private_data; | |
| 8577 | ||
| 8578 | file->private_data = NULL; | |
| 8579 | io_ring_ctx_wait_and_kill(ctx); | |
| 8580 | return 0; | |
| 8581 | } | |
| 8582 | ||
| f6edbabb PB |
8583 | struct io_task_cancel { |
| 8584 | struct task_struct *task; | |
| 8585 | struct files_struct *files; | |
| 8586 | }; | |
| f254ac04 | 8587 | |
| f6edbabb | 8588 | static bool io_cancel_task_cb(struct io_wq_work *work, void *data) |
| b711d4ea | 8589 | { |
| 9a472ef7 | 8590 | struct io_kiocb *req = container_of(work, struct io_kiocb, work); |
| f6edbabb | 8591 | struct io_task_cancel *cancel = data; |
| 9a472ef7 PB |
8592 | bool ret; |
| 8593 | ||
| f6edbabb | 8594 | if (cancel->files && (req->flags & REQ_F_LINK_TIMEOUT)) { |
| 9a472ef7 PB |
8595 | unsigned long flags; |
| 8596 | struct io_ring_ctx *ctx = req->ctx; | |
| 8597 | ||
| 8598 | /* protect against races with linked timeouts */ | |
| 8599 | spin_lock_irqsave(&ctx->completion_lock, flags); | |
| f6edbabb | 8600 | ret = io_match_task(req, cancel->task, cancel->files); |
| 9a472ef7 PB |
8601 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| 8602 | } else { | |
| f6edbabb | 8603 | ret = io_match_task(req, cancel->task, cancel->files); |
| 9a472ef7 PB |
8604 | } |
| 8605 | return ret; | |
| b711d4ea JA |
8606 | } |
| 8607 | ||
| b7ddce3c | 8608 | static void io_cancel_defer_files(struct io_ring_ctx *ctx, |
| ef9865a4 | 8609 | struct task_struct *task, |
| b7ddce3c PB |
8610 | struct files_struct *files) |
| 8611 | { | |
| 8612 | struct io_defer_entry *de = NULL; | |
| 8613 | LIST_HEAD(list); | |
| 8614 | ||
| 8615 | spin_lock_irq(&ctx->completion_lock); | |
| 8616 | list_for_each_entry_reverse(de, &ctx->defer_list, list) { | |
| 08d23634 | 8617 | if (io_match_task(de->req, task, files)) { |
| b7ddce3c PB |
8618 | list_cut_position(&list, &ctx->defer_list, &de->list); |
| 8619 | break; | |
| 8620 | } | |
| 8621 | } | |
| 8622 | spin_unlock_irq(&ctx->completion_lock); | |
| 8623 | ||
| 8624 | while (!list_empty(&list)) { | |
| 8625 | de = list_first_entry(&list, struct io_defer_entry, list); | |
| 8626 | list_del_init(&de->list); | |
| 8627 | req_set_fail_links(de->req); | |
| 8628 | io_put_req(de->req); | |
| 8629 | io_req_complete(de->req, -ECANCELED); | |
| 8630 | kfree(de); | |
| 8631 | } | |
| 8632 | } | |
| 8633 | ||
| 9936c7c2 PB |
8634 | static void io_uring_try_cancel_requests(struct io_ring_ctx *ctx, |
| 8635 | struct task_struct *task, | |
| 8636 | struct files_struct *files) | |
| 8637 | { | |
| 8638 | struct io_task_cancel cancel = { .task = task, .files = files, }; | |
| 64c72123 PB |
8639 | struct task_struct *tctx_task = task ?: current; |
| 8640 | struct io_uring_task *tctx = tctx_task->io_uring; | |
| 9936c7c2 PB |
8641 | |
| 8642 | while (1) { | |
| 8643 | enum io_wq_cancel cret; | |
| 8644 | bool ret = false; | |
| 8645 | ||
| 5aa75ed5 JA |
8646 | if (tctx && tctx->io_wq) { |
| 8647 | cret = io_wq_cancel_cb(tctx->io_wq, io_cancel_task_cb, | |
| 9936c7c2 PB |
8648 | &cancel, true); |
| 8649 | ret |= (cret != IO_WQ_CANCEL_NOTFOUND); | |
| 8650 | } | |
| 8651 | ||
| 8652 | /* SQPOLL thread does its own polling */ | |
| 8653 | if (!(ctx->flags & IORING_SETUP_SQPOLL) && !files) { | |
| 8654 | while (!list_empty_careful(&ctx->iopoll_list)) { | |
| 8655 | io_iopoll_try_reap_events(ctx); | |
| 8656 | ret = true; | |
| 8657 | } | |
| 8658 | } | |
| 8659 | ||
| 8660 | ret |= io_poll_remove_all(ctx, task, files); | |
| 8661 | ret |= io_kill_timeouts(ctx, task, files); | |
| 8662 | ret |= io_run_task_work(); | |
| ba50a036 | 8663 | ret |= io_run_ctx_fallback(ctx); |
| 9936c7c2 PB |
8664 | io_cqring_overflow_flush(ctx, true, task, files); |
| 8665 | if (!ret) | |
| 8666 | break; | |
| 8667 | cond_resched(); | |
| 8668 | } | |
| 8669 | } | |
| 8670 | ||
| ca70f00b PB |
8671 | static int io_uring_count_inflight(struct io_ring_ctx *ctx, |
| 8672 | struct task_struct *task, | |
| 8673 | struct files_struct *files) | |
| 8674 | { | |
| 8675 | struct io_kiocb *req; | |
| 8676 | int cnt = 0; | |
| 8677 | ||
| 8678 | spin_lock_irq(&ctx->inflight_lock); | |
| 8679 | list_for_each_entry(req, &ctx->inflight_list, inflight_entry) | |
| 8680 | cnt += io_match_task(req, task, files); | |
| 8681 | spin_unlock_irq(&ctx->inflight_lock); | |
| 8682 | return cnt; | |
| 8683 | } | |
| 8684 | ||
| b52fda00 | 8685 | static void io_uring_cancel_files(struct io_ring_ctx *ctx, |
| df9923f9 | 8686 | struct task_struct *task, |
| fcb323cc JA |
8687 | struct files_struct *files) |
| 8688 | { | |
| fcb323cc | 8689 | while (!list_empty_careful(&ctx->inflight_list)) { |
| d8f1b971 | 8690 | DEFINE_WAIT(wait); |
| ca70f00b | 8691 | int inflight; |
| fcb323cc | 8692 | |
| ca70f00b PB |
8693 | inflight = io_uring_count_inflight(ctx, task, files); |
| 8694 | if (!inflight) | |
| fcb323cc | 8695 | break; |
| f6edbabb | 8696 | |
| 9936c7c2 | 8697 | io_uring_try_cancel_requests(ctx, task, files); |
| ca70f00b | 8698 | |
| 34343786 PB |
8699 | if (ctx->sq_data) |
| 8700 | io_sq_thread_unpark(ctx->sq_data); | |
| ca70f00b PB |
8701 | prepare_to_wait(&task->io_uring->wait, &wait, |
| 8702 | TASK_UNINTERRUPTIBLE); | |
| 8703 | if (inflight == io_uring_count_inflight(ctx, task, files)) | |
| 8704 | schedule(); | |
| c98de08c | 8705 | finish_wait(&task->io_uring->wait, &wait); |
| 34343786 PB |
8706 | if (ctx->sq_data) |
| 8707 | io_sq_thread_park(ctx->sq_data); | |
| 0f212204 | 8708 | } |
| 0f212204 JA |
8709 | } |
| 8710 | ||
| 8711 | /* | |
| 8712 | * We need to iteratively cancel requests, in case a request has dependent | |
| 8713 | * hard links. These persist even for failure of cancelations, hence keep | |
| 8714 | * looping until none are found. | |
| 8715 | */ | |
| 8716 | static void io_uring_cancel_task_requests(struct io_ring_ctx *ctx, | |
| 8717 | struct files_struct *files) | |
| 8718 | { | |
| 8719 | struct task_struct *task = current; | |
| 8720 | ||
| fdaf083c | 8721 | if ((ctx->flags & IORING_SETUP_SQPOLL) && ctx->sq_data) { |
| 70aacfe6 PB |
8722 | /* never started, nothing to cancel */ |
| 8723 | if (ctx->flags & IORING_SETUP_R_DISABLED) { | |
| 8724 | io_sq_offload_start(ctx); | |
| 8725 | return; | |
| 8726 | } | |
| 86e0d676 JA |
8727 | io_sq_thread_park(ctx->sq_data); |
| 8728 | task = ctx->sq_data->thread; | |
| 8729 | if (task) | |
| 37d1e2e3 | 8730 | atomic_inc(&task->io_uring->in_idle); |
| fdaf083c | 8731 | } |
| 0f212204 | 8732 | |
| df9923f9 | 8733 | io_cancel_defer_files(ctx, task, files); |
| 0f212204 | 8734 | |
| 3a7efd1a | 8735 | io_uring_cancel_files(ctx, task, files); |
| b52fda00 | 8736 | if (!files) |
| 9936c7c2 | 8737 | io_uring_try_cancel_requests(ctx, task, NULL); |
| fdaf083c | 8738 | |
| 86e0d676 | 8739 | if (task) |
| fdaf083c | 8740 | atomic_dec(&task->io_uring->in_idle); |
| 86e0d676 | 8741 | if (ctx->sq_data) |
| fdaf083c | 8742 | io_sq_thread_unpark(ctx->sq_data); |
| 0f212204 JA |
8743 | } |
| 8744 | ||
| 8745 | /* | |
| 8746 | * Note that this task has used io_uring. We use it for cancelation purposes. | |
| 8747 | */ | |
| fdaf083c | 8748 | static int io_uring_add_task_file(struct io_ring_ctx *ctx, struct file *file) |
| 0f212204 | 8749 | { |
| 236434c3 | 8750 | struct io_uring_task *tctx = current->io_uring; |
| a528b04e | 8751 | int ret; |
| 236434c3 MWO |
8752 | |
| 8753 | if (unlikely(!tctx)) { | |
| 5aa75ed5 | 8754 | ret = io_uring_alloc_task_context(current, ctx); |
| 0f212204 JA |
8755 | if (unlikely(ret)) |
| 8756 | return ret; | |
| 236434c3 | 8757 | tctx = current->io_uring; |
| 0f212204 | 8758 | } |
| 236434c3 MWO |
8759 | if (tctx->last != file) { |
| 8760 | void *old = xa_load(&tctx->xa, (unsigned long)file); | |
| 0f212204 | 8761 | |
| 236434c3 | 8762 | if (!old) { |
| 0f212204 | 8763 | get_file(file); |
| a528b04e PB |
8764 | ret = xa_err(xa_store(&tctx->xa, (unsigned long)file, |
| 8765 | file, GFP_KERNEL)); | |
| 8766 | if (ret) { | |
| 8767 | fput(file); | |
| 8768 | return ret; | |
| 8769 | } | |
| 0f212204 | 8770 | } |
| 236434c3 | 8771 | tctx->last = file; |
| 0f212204 JA |
8772 | } |
| 8773 | ||
| fdaf083c JA |
8774 | /* |
| 8775 | * This is race safe in that the task itself is doing this, hence it | |
| 8776 | * cannot be going through the exit/cancel paths at the same time. | |
| 8777 | * This cannot be modified while exit/cancel is running. | |
| 8778 | */ | |
| 8779 | if (!tctx->sqpoll && (ctx->flags & IORING_SETUP_SQPOLL)) | |
| 8780 | tctx->sqpoll = true; | |
| 8781 | ||
| 0f212204 JA |
8782 | return 0; |
| 8783 | } | |
| 8784 | ||
| 8785 | /* | |
| 8786 | * Remove this io_uring_file -> task mapping. | |
| 8787 | */ | |
| 2941267b | 8788 | static void io_uring_del_task_file(unsigned long index) |
| 0f212204 JA |
8789 | { |
| 8790 | struct io_uring_task *tctx = current->io_uring; | |
| 2941267b PB |
8791 | struct file *file; |
| 8792 | ||
| 8793 | file = xa_erase(&tctx->xa, index); | |
| 8794 | if (!file) | |
| 8795 | return; | |
| 0f212204 JA |
8796 | |
| 8797 | if (tctx->last == file) | |
| 8798 | tctx->last = NULL; | |
| 2941267b | 8799 | fput(file); |
| 0f212204 JA |
8800 | } |
| 8801 | ||
| 8452d4a6 | 8802 | static void io_uring_clean_tctx(struct io_uring_task *tctx) |
| de7f1d9e PB |
8803 | { |
| 8804 | struct file *file; | |
| 8805 | unsigned long index; | |
| 8806 | ||
| 8807 | xa_for_each(&tctx->xa, index, file) | |
| 2941267b | 8808 | io_uring_del_task_file(index); |
| 8452d4a6 PB |
8809 | if (tctx->io_wq) { |
| 8810 | io_wq_put_and_exit(tctx->io_wq); | |
| 8811 | tctx->io_wq = NULL; | |
| 8812 | } | |
| de7f1d9e PB |
8813 | } |
| 8814 | ||
| 0f212204 JA |
8815 | void __io_uring_files_cancel(struct files_struct *files) |
| 8816 | { | |
| 8817 | struct io_uring_task *tctx = current->io_uring; | |
| ce765372 MWO |
8818 | struct file *file; |
| 8819 | unsigned long index; | |
| 0f212204 JA |
8820 | |
| 8821 | /* make sure overflow events are dropped */ | |
| fdaf083c | 8822 | atomic_inc(&tctx->in_idle); |
| de7f1d9e PB |
8823 | xa_for_each(&tctx->xa, index, file) |
| 8824 | io_uring_cancel_task_requests(file->private_data, files); | |
| fdaf083c | 8825 | atomic_dec(&tctx->in_idle); |
| de7f1d9e | 8826 | |
| 8452d4a6 PB |
8827 | if (files) |
| 8828 | io_uring_clean_tctx(tctx); | |
| fdaf083c JA |
8829 | } |
| 8830 | ||
| 8831 | static s64 tctx_inflight(struct io_uring_task *tctx) | |
| 8832 | { | |
| 0e9ddb39 PB |
8833 | return percpu_counter_sum(&tctx->inflight); |
| 8834 | } | |
| fdaf083c | 8835 | |
| 0e9ddb39 PB |
8836 | static void io_uring_cancel_sqpoll(struct io_ring_ctx *ctx) |
| 8837 | { | |
| 37d1e2e3 | 8838 | struct io_sq_data *sqd = ctx->sq_data; |
| 0e9ddb39 PB |
8839 | struct io_uring_task *tctx; |
| 8840 | s64 inflight; | |
| 8841 | DEFINE_WAIT(wait); | |
| fdaf083c | 8842 | |
| 37d1e2e3 | 8843 | if (!sqd) |
| 0e9ddb39 | 8844 | return; |
| 86e0d676 JA |
8845 | io_sq_thread_park(sqd); |
| 8846 | if (!sqd->thread || !sqd->thread->io_uring) { | |
| e54945ae JA |
8847 | io_sq_thread_unpark(sqd); |
| 8848 | return; | |
| 8849 | } | |
| 86e0d676 | 8850 | tctx = ctx->sq_data->thread->io_uring; |
| 0e9ddb39 PB |
8851 | atomic_inc(&tctx->in_idle); |
| 8852 | do { | |
| 8853 | /* read completions before cancelations */ | |
| 8854 | inflight = tctx_inflight(tctx); | |
| 8855 | if (!inflight) | |
| 8856 | break; | |
| 8857 | io_uring_cancel_task_requests(ctx, NULL); | |
| fdaf083c | 8858 | |
| 0e9ddb39 PB |
8859 | prepare_to_wait(&tctx->wait, &wait, TASK_UNINTERRUPTIBLE); |
| 8860 | /* | |
| 8861 | * If we've seen completions, retry without waiting. This | |
| 8862 | * avoids a race where a completion comes in before we did | |
| 8863 | * prepare_to_wait(). | |
| 8864 | */ | |
| 8865 | if (inflight == tctx_inflight(tctx)) | |
| 8866 | schedule(); | |
| 8867 | finish_wait(&tctx->wait, &wait); | |
| 8868 | } while (1); | |
| 8869 | atomic_dec(&tctx->in_idle); | |
| 37d1e2e3 | 8870 | io_sq_thread_unpark(sqd); |
| 0f212204 JA |
8871 | } |
| 8872 | ||
| 0f212204 JA |
8873 | /* |
| 8874 | * Find any io_uring fd that this task has registered or done IO on, and cancel | |
| 8875 | * requests. | |
| 8876 | */ | |
| 8877 | void __io_uring_task_cancel(void) | |
| 8878 | { | |
| 8879 | struct io_uring_task *tctx = current->io_uring; | |
| 8880 | DEFINE_WAIT(wait); | |
| d8a6df10 | 8881 | s64 inflight; |
| 0f212204 JA |
8882 | |
| 8883 | /* make sure overflow events are dropped */ | |
| fdaf083c | 8884 | atomic_inc(&tctx->in_idle); |
| 0f212204 | 8885 | |
| 0e9ddb39 PB |
8886 | if (tctx->sqpoll) { |
| 8887 | struct file *file; | |
| 8888 | unsigned long index; | |
| 8889 | ||
| 8890 | xa_for_each(&tctx->xa, index, file) | |
| 8891 | io_uring_cancel_sqpoll(file->private_data); | |
| 8892 | } | |
| 0b5cd6c3 | 8893 | |
| d8a6df10 | 8894 | do { |
| 0f212204 | 8895 | /* read completions before cancelations */ |
| fdaf083c | 8896 | inflight = tctx_inflight(tctx); |
| d8a6df10 JA |
8897 | if (!inflight) |
| 8898 | break; | |
| 0f212204 JA |
8899 | __io_uring_files_cancel(NULL); |
| 8900 | ||
| 8901 | prepare_to_wait(&tctx->wait, &wait, TASK_UNINTERRUPTIBLE); | |
| 8902 | ||
| 8903 | /* | |
| a1bb3cd5 PB |
8904 | * If we've seen completions, retry without waiting. This |
| 8905 | * avoids a race where a completion comes in before we did | |
| 8906 | * prepare_to_wait(). | |
| 0f212204 | 8907 | */ |
| a1bb3cd5 PB |
8908 | if (inflight == tctx_inflight(tctx)) |
| 8909 | schedule(); | |
| f57555ed | 8910 | finish_wait(&tctx->wait, &wait); |
| d8a6df10 | 8911 | } while (1); |
| 0f212204 | 8912 | |
| fdaf083c | 8913 | atomic_dec(&tctx->in_idle); |
| de7f1d9e | 8914 | |
| 8452d4a6 PB |
8915 | io_uring_clean_tctx(tctx); |
| 8916 | /* all current's requests should be gone, we can kill tctx */ | |
| 8917 | __io_uring_free(current); | |
| 44e728b8 PB |
8918 | } |
| 8919 | ||
| 6c5c240e RP |
8920 | static void *io_uring_validate_mmap_request(struct file *file, |
| 8921 | loff_t pgoff, size_t sz) | |
| 2b188cc1 | 8922 | { |
| 2b188cc1 | 8923 | struct io_ring_ctx *ctx = file->private_data; |
| 6c5c240e | 8924 | loff_t offset = pgoff << PAGE_SHIFT; |
| 2b188cc1 JA |
8925 | struct page *page; |
| 8926 | void *ptr; | |
| 8927 | ||
| 8928 | switch (offset) { | |
| 8929 | case IORING_OFF_SQ_RING: | |
| 75b28aff HV |
8930 | case IORING_OFF_CQ_RING: |
| 8931 | ptr = ctx->rings; | |
| 2b188cc1 JA |
8932 | break; |
| 8933 | case IORING_OFF_SQES: | |
| 8934 | ptr = ctx->sq_sqes; | |
| 8935 | break; | |
| 2b188cc1 | 8936 | default: |
| 6c5c240e | 8937 | return ERR_PTR(-EINVAL); |
| 2b188cc1 JA |
8938 | } |
| 8939 | ||
| 8940 | page = virt_to_head_page(ptr); | |
| a50b854e | 8941 | if (sz > page_size(page)) |
| 6c5c240e RP |
8942 | return ERR_PTR(-EINVAL); |
| 8943 | ||
| 8944 | return ptr; | |
| 8945 | } | |
| 8946 | ||
| 8947 | #ifdef CONFIG_MMU | |
| 8948 | ||
| 8949 | static int io_uring_mmap(struct file *file, struct vm_area_struct *vma) | |
| 8950 | { | |
| 8951 | size_t sz = vma->vm_end - vma->vm_start; | |
| 8952 | unsigned long pfn; | |
| 8953 | void *ptr; | |
| 8954 | ||
| 8955 | ptr = io_uring_validate_mmap_request(file, vma->vm_pgoff, sz); | |
| 8956 | if (IS_ERR(ptr)) | |
| 8957 | return PTR_ERR(ptr); | |
| 2b188cc1 JA |
8958 | |
| 8959 | pfn = virt_to_phys(ptr) >> PAGE_SHIFT; | |
| 8960 | return remap_pfn_range(vma, vma->vm_start, pfn, sz, vma->vm_page_prot); | |
| 8961 | } | |
| 8962 | ||
| 6c5c240e RP |
8963 | #else /* !CONFIG_MMU */ |
| 8964 | ||
| 8965 | static int io_uring_mmap(struct file *file, struct vm_area_struct *vma) | |
| 8966 | { | |
| 8967 | return vma->vm_flags & (VM_SHARED | VM_MAYSHARE) ? 0 : -EINVAL; | |
| 8968 | } | |
| 8969 | ||
| 8970 | static unsigned int io_uring_nommu_mmap_capabilities(struct file *file) | |
| 8971 | { | |
| 8972 | return NOMMU_MAP_DIRECT | NOMMU_MAP_READ | NOMMU_MAP_WRITE; | |
| 8973 | } | |
| 8974 | ||
| 8975 | static unsigned long io_uring_nommu_get_unmapped_area(struct file *file, | |
| 8976 | unsigned long addr, unsigned long len, | |
| 8977 | unsigned long pgoff, unsigned long flags) | |
| 8978 | { | |
| 8979 | void *ptr; | |
| 8980 | ||
| 8981 | ptr = io_uring_validate_mmap_request(file, pgoff, len); | |
| 8982 | if (IS_ERR(ptr)) | |
| 8983 | return PTR_ERR(ptr); | |
| 8984 | ||
| 8985 | return (unsigned long) ptr; | |
| 8986 | } | |
| 8987 | ||
| 8988 | #endif /* !CONFIG_MMU */ | |
| 8989 | ||
| d9d05217 | 8990 | static int io_sqpoll_wait_sq(struct io_ring_ctx *ctx) |
| 90554200 | 8991 | { |
| d9d05217 | 8992 | int ret = 0; |
| 90554200 JA |
8993 | DEFINE_WAIT(wait); |
| 8994 | ||
| 8995 | do { | |
| 8996 | if (!io_sqring_full(ctx)) | |
| 8997 | break; | |
| 90554200 JA |
8998 | prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE); |
| 8999 | ||
| 9000 | if (!io_sqring_full(ctx)) | |
| 9001 | break; | |
| 90554200 JA |
9002 | schedule(); |
| 9003 | } while (!signal_pending(current)); | |
| 9004 | ||
| 9005 | finish_wait(&ctx->sqo_sq_wait, &wait); | |
| d9d05217 | 9006 | return ret; |
| 90554200 JA |
9007 | } |
| 9008 | ||
| c73ebb68 HX |
9009 | static int io_get_ext_arg(unsigned flags, const void __user *argp, size_t *argsz, |
| 9010 | struct __kernel_timespec __user **ts, | |
| 9011 | const sigset_t __user **sig) | |
| 9012 | { | |
| 9013 | struct io_uring_getevents_arg arg; | |
| 9014 | ||
| 9015 | /* | |
| 9016 | * If EXT_ARG isn't set, then we have no timespec and the argp pointer | |
| 9017 | * is just a pointer to the sigset_t. | |
| 9018 | */ | |
| 9019 | if (!(flags & IORING_ENTER_EXT_ARG)) { | |
| 9020 | *sig = (const sigset_t __user *) argp; | |
| 9021 | *ts = NULL; | |
| 9022 | return 0; | |
| 9023 | } | |
| 9024 | ||
| 9025 | /* | |
| 9026 | * EXT_ARG is set - ensure we agree on the size of it and copy in our | |
| 9027 | * timespec and sigset_t pointers if good. | |
| 9028 | */ | |
| 9029 | if (*argsz != sizeof(arg)) | |
| 9030 | return -EINVAL; | |
| 9031 | if (copy_from_user(&arg, argp, sizeof(arg))) | |
| 9032 | return -EFAULT; | |
| 9033 | *sig = u64_to_user_ptr(arg.sigmask); | |
| 9034 | *argsz = arg.sigmask_sz; | |
| 9035 | *ts = u64_to_user_ptr(arg.ts); | |
| 9036 | return 0; | |
| 9037 | } | |
| 9038 | ||
| 2b188cc1 | 9039 | SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, |
| c73ebb68 HX |
9040 | u32, min_complete, u32, flags, const void __user *, argp, |
| 9041 | size_t, argsz) | |
| 2b188cc1 JA |
9042 | { |
| 9043 | struct io_ring_ctx *ctx; | |
| 9044 | long ret = -EBADF; | |
| 9045 | int submitted = 0; | |
| 9046 | struct fd f; | |
| 9047 | ||
| 4c6e277c | 9048 | io_run_task_work(); |
| b41e9852 | 9049 | |
| 90554200 | 9050 | if (flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP | |
| c73ebb68 | 9051 | IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG)) |
| 2b188cc1 JA |
9052 | return -EINVAL; |
| 9053 | ||
| 9054 | f = fdget(fd); | |
| 9055 | if (!f.file) | |
| 9056 | return -EBADF; | |
| 9057 | ||
| 9058 | ret = -EOPNOTSUPP; | |
| 9059 | if (f.file->f_op != &io_uring_fops) | |
| 9060 | goto out_fput; | |
| 9061 | ||
| 9062 | ret = -ENXIO; | |
| 9063 | ctx = f.file->private_data; | |
| 9064 | if (!percpu_ref_tryget(&ctx->refs)) | |
| 9065 | goto out_fput; | |
| 9066 | ||
| 7e84e1c7 SG |
9067 | ret = -EBADFD; |
| 9068 | if (ctx->flags & IORING_SETUP_R_DISABLED) | |
| 9069 | goto out; | |
| 9070 | ||
| 6c271ce2 JA |
9071 | /* |
| 9072 | * For SQ polling, the thread will do all submissions and completions. | |
| 9073 | * Just return the requested submit count, and wake the thread if | |
| 9074 | * we were asked to. | |
| 9075 | */ | |
| b2a9eada | 9076 | ret = 0; |
| 6c271ce2 | 9077 | if (ctx->flags & IORING_SETUP_SQPOLL) { |
| 6c503150 | 9078 | io_cqring_overflow_flush(ctx, false, NULL, NULL); |
| 89448c47 | 9079 | |
| 5f3f26f9 JA |
9080 | if (unlikely(ctx->sqo_exec)) { |
| 9081 | ret = io_sq_thread_fork(ctx->sq_data, ctx); | |
| 9082 | if (ret) | |
| 9083 | goto out; | |
| 9084 | ctx->sqo_exec = 0; | |
| 9085 | } | |
| d9d05217 | 9086 | ret = -EOWNERDEAD; |
| 6c271ce2 | 9087 | if (flags & IORING_ENTER_SQ_WAKEUP) |
| 534ca6d6 | 9088 | wake_up(&ctx->sq_data->wait); |
| d9d05217 PB |
9089 | if (flags & IORING_ENTER_SQ_WAIT) { |
| 9090 | ret = io_sqpoll_wait_sq(ctx); | |
| 9091 | if (ret) | |
| 9092 | goto out; | |
| 9093 | } | |
| 6c271ce2 | 9094 | submitted = to_submit; |
| b2a9eada | 9095 | } else if (to_submit) { |
| fdaf083c | 9096 | ret = io_uring_add_task_file(ctx, f.file); |
| 0f212204 JA |
9097 | if (unlikely(ret)) |
| 9098 | goto out; | |
| 2b188cc1 | 9099 | mutex_lock(&ctx->uring_lock); |
| 0f212204 | 9100 | submitted = io_submit_sqes(ctx, to_submit); |
| 2b188cc1 | 9101 | mutex_unlock(&ctx->uring_lock); |
| 7c504e65 PB |
9102 | |
| 9103 | if (submitted != to_submit) | |
| 9104 | goto out; | |
| 2b188cc1 JA |
9105 | } |
| 9106 | if (flags & IORING_ENTER_GETEVENTS) { | |
| c73ebb68 HX |
9107 | const sigset_t __user *sig; |
| 9108 | struct __kernel_timespec __user *ts; | |
| 9109 | ||
| 9110 | ret = io_get_ext_arg(flags, argp, &argsz, &ts, &sig); | |
| 9111 | if (unlikely(ret)) | |
| 9112 | goto out; | |
| 9113 | ||
| 2b188cc1 JA |
9114 | min_complete = min(min_complete, ctx->cq_entries); |
| 9115 | ||
| 32b2244a XW |
9116 | /* |
| 9117 | * When SETUP_IOPOLL and SETUP_SQPOLL are both enabled, user | |
| 9118 | * space applications don't need to do io completion events | |
| 9119 | * polling again, they can rely on io_sq_thread to do polling | |
| 9120 | * work, which can reduce cpu usage and uring_lock contention. | |
| 9121 | */ | |
| 9122 | if (ctx->flags & IORING_SETUP_IOPOLL && | |
| 9123 | !(ctx->flags & IORING_SETUP_SQPOLL)) { | |
| 7668b92a | 9124 | ret = io_iopoll_check(ctx, min_complete); |
| def596e9 | 9125 | } else { |
| c73ebb68 | 9126 | ret = io_cqring_wait(ctx, min_complete, sig, argsz, ts); |
| def596e9 | 9127 | } |
| 2b188cc1 JA |
9128 | } |
| 9129 | ||
| 7c504e65 | 9130 | out: |
| 6805b32e | 9131 | percpu_ref_put(&ctx->refs); |
| 2b188cc1 JA |
9132 | out_fput: |
| 9133 | fdput(f); | |
| 9134 | return submitted ? submitted : ret; | |
| 9135 | } | |
| 9136 | ||
| bebdb65e | 9137 | #ifdef CONFIG_PROC_FS |
| 87ce955b JA |
9138 | static int io_uring_show_cred(int id, void *p, void *data) |
| 9139 | { | |
| 4379bf8b | 9140 | const struct cred *cred = p; |
| 87ce955b JA |
9141 | struct seq_file *m = data; |
| 9142 | struct user_namespace *uns = seq_user_ns(m); | |
| 9143 | struct group_info *gi; | |
| 9144 | kernel_cap_t cap; | |
| 9145 | unsigned __capi; | |
| 9146 | int g; | |
| 9147 | ||
| 9148 | seq_printf(m, "%5d\n", id); | |
| 9149 | seq_put_decimal_ull(m, "\tUid:\t", from_kuid_munged(uns, cred->uid)); | |
| 9150 | seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->euid)); | |
| 9151 | seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->suid)); | |
| 9152 | seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->fsuid)); | |
| 9153 | seq_put_decimal_ull(m, "\n\tGid:\t", from_kgid_munged(uns, cred->gid)); | |
| 9154 | seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->egid)); | |
| 9155 | seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->sgid)); | |
| 9156 | seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->fsgid)); | |
| 9157 | seq_puts(m, "\n\tGroups:\t"); | |
| 9158 | gi = cred->group_info; | |
| 9159 | for (g = 0; g < gi->ngroups; g++) { | |
| 9160 | seq_put_decimal_ull(m, g ? " " : "", | |
| 9161 | from_kgid_munged(uns, gi->gid[g])); | |
| 9162 | } | |
| 9163 | seq_puts(m, "\n\tCapEff:\t"); | |
| 9164 | cap = cred->cap_effective; | |
| 9165 | CAP_FOR_EACH_U32(__capi) | |
| 9166 | seq_put_hex_ll(m, NULL, cap.cap[CAP_LAST_U32 - __capi], 8); | |
| 9167 | seq_putc(m, '\n'); | |
| 9168 | return 0; | |
| 9169 | } | |
| 9170 | ||
| 9171 | static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m) | |
| 9172 | { | |
| dbbe9c64 | 9173 | struct io_sq_data *sq = NULL; |
| fad8e0de | 9174 | bool has_lock; |
| 87ce955b JA |
9175 | int i; |
| 9176 | ||
| fad8e0de JA |
9177 | /* |
| 9178 | * Avoid ABBA deadlock between the seq lock and the io_uring mutex, | |
| 9179 | * since fdinfo case grabs it in the opposite direction of normal use | |
| 9180 | * cases. If we fail to get the lock, we just don't iterate any | |
| 9181 | * structures that could be going away outside the io_uring mutex. | |
| 9182 | */ | |
| 9183 | has_lock = mutex_trylock(&ctx->uring_lock); | |
| 9184 | ||
| 5f3f26f9 | 9185 | if (has_lock && (ctx->flags & IORING_SETUP_SQPOLL)) { |
| dbbe9c64 | 9186 | sq = ctx->sq_data; |
| 5f3f26f9 JA |
9187 | if (!sq->thread) |
| 9188 | sq = NULL; | |
| 9189 | } | |
| dbbe9c64 JQ |
9190 | |
| 9191 | seq_printf(m, "SqThread:\t%d\n", sq ? task_pid_nr(sq->thread) : -1); | |
| 9192 | seq_printf(m, "SqThreadCpu:\t%d\n", sq ? task_cpu(sq->thread) : -1); | |
| 87ce955b | 9193 | seq_printf(m, "UserFiles:\t%u\n", ctx->nr_user_files); |
| fad8e0de | 9194 | for (i = 0; has_lock && i < ctx->nr_user_files; i++) { |
| ea64ec02 | 9195 | struct file *f = *io_fixed_file_slot(ctx->file_data, i); |
| 87ce955b | 9196 | |
| 87ce955b JA |
9197 | if (f) |
| 9198 | seq_printf(m, "%5u: %s\n", i, file_dentry(f)->d_iname); | |
| 9199 | else | |
| 9200 | seq_printf(m, "%5u: <none>\n", i); | |
| 9201 | } | |
| 9202 | seq_printf(m, "UserBufs:\t%u\n", ctx->nr_user_bufs); | |
| fad8e0de | 9203 | for (i = 0; has_lock && i < ctx->nr_user_bufs; i++) { |
| 87ce955b JA |
9204 | struct io_mapped_ubuf *buf = &ctx->user_bufs[i]; |
| 9205 | ||
| 9206 | seq_printf(m, "%5u: 0x%llx/%u\n", i, buf->ubuf, | |
| 9207 | (unsigned int) buf->len); | |
| 9208 | } | |
| fad8e0de | 9209 | if (has_lock && !idr_is_empty(&ctx->personality_idr)) { |
| 87ce955b JA |
9210 | seq_printf(m, "Personalities:\n"); |
| 9211 | idr_for_each(&ctx->personality_idr, io_uring_show_cred, m); | |
| 9212 | } | |
| d7718a9d JA |
9213 | seq_printf(m, "PollList:\n"); |
| 9214 | spin_lock_irq(&ctx->completion_lock); | |
| 9215 | for (i = 0; i < (1U << ctx->cancel_hash_bits); i++) { | |
| 9216 | struct hlist_head *list = &ctx->cancel_hash[i]; | |
| 9217 | struct io_kiocb *req; | |
| 9218 | ||
| 9219 | hlist_for_each_entry(req, list, hash_node) | |
| 9220 | seq_printf(m, " op=%d, task_works=%d\n", req->opcode, | |
| 9221 | req->task->task_works != NULL); | |
| 9222 | } | |
| 9223 | spin_unlock_irq(&ctx->completion_lock); | |
| fad8e0de JA |
9224 | if (has_lock) |
| 9225 | mutex_unlock(&ctx->uring_lock); | |
| 87ce955b JA |
9226 | } |
| 9227 | ||
| 9228 | static void io_uring_show_fdinfo(struct seq_file *m, struct file *f) | |
| 9229 | { | |
| 9230 | struct io_ring_ctx *ctx = f->private_data; | |
| 9231 | ||
| 9232 | if (percpu_ref_tryget(&ctx->refs)) { | |
| 9233 | __io_uring_show_fdinfo(ctx, m); | |
| 9234 | percpu_ref_put(&ctx->refs); | |
| 9235 | } | |
| 9236 | } | |
| bebdb65e | 9237 | #endif |
| 87ce955b | 9238 | |
| 2b188cc1 JA |
9239 | static const struct file_operations io_uring_fops = { |
| 9240 | .release = io_uring_release, | |
| 9241 | .mmap = io_uring_mmap, | |
| 6c5c240e RP |
9242 | #ifndef CONFIG_MMU |
| 9243 | .get_unmapped_area = io_uring_nommu_get_unmapped_area, | |
| 9244 | .mmap_capabilities = io_uring_nommu_mmap_capabilities, | |
| 9245 | #endif | |
| 2b188cc1 JA |
9246 | .poll = io_uring_poll, |
| 9247 | .fasync = io_uring_fasync, | |
| bebdb65e | 9248 | #ifdef CONFIG_PROC_FS |
| 87ce955b | 9249 | .show_fdinfo = io_uring_show_fdinfo, |
| bebdb65e | 9250 | #endif |
| 2b188cc1 JA |
9251 | }; |
| 9252 | ||
| 9253 | static int io_allocate_scq_urings(struct io_ring_ctx *ctx, | |
| 9254 | struct io_uring_params *p) | |
| 9255 | { | |
| 75b28aff HV |
9256 | struct io_rings *rings; |
| 9257 | size_t size, sq_array_offset; | |
| 2b188cc1 | 9258 | |
| bd740481 JA |
9259 | /* make sure these are sane, as we already accounted them */ |
| 9260 | ctx->sq_entries = p->sq_entries; | |
| 9261 | ctx->cq_entries = p->cq_entries; | |
| 9262 | ||
| 75b28aff HV |
9263 | size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset); |
| 9264 | if (size == SIZE_MAX) | |
| 9265 | return -EOVERFLOW; | |
| 9266 | ||
| 9267 | rings = io_mem_alloc(size); | |
| 9268 | if (!rings) | |
| 2b188cc1 JA |
9269 | return -ENOMEM; |
| 9270 | ||
| 75b28aff HV |
9271 | ctx->rings = rings; |
| 9272 | ctx->sq_array = (u32 *)((char *)rings + sq_array_offset); | |
| 9273 | rings->sq_ring_mask = p->sq_entries - 1; | |
| 9274 | rings->cq_ring_mask = p->cq_entries - 1; | |
| 9275 | rings->sq_ring_entries = p->sq_entries; | |
| 9276 | rings->cq_ring_entries = p->cq_entries; | |
| 9277 | ctx->sq_mask = rings->sq_ring_mask; | |
| 9278 | ctx->cq_mask = rings->cq_ring_mask; | |
| 2b188cc1 JA |
9279 | |
| 9280 | size = array_size(sizeof(struct io_uring_sqe), p->sq_entries); | |
| eb065d30 JA |
9281 | if (size == SIZE_MAX) { |
| 9282 | io_mem_free(ctx->rings); | |
| 9283 | ctx->rings = NULL; | |
| 2b188cc1 | 9284 | return -EOVERFLOW; |
| eb065d30 | 9285 | } |
| 2b188cc1 JA |
9286 | |
| 9287 | ctx->sq_sqes = io_mem_alloc(size); | |
| eb065d30 JA |
9288 | if (!ctx->sq_sqes) { |
| 9289 | io_mem_free(ctx->rings); | |
| 9290 | ctx->rings = NULL; | |
| 2b188cc1 | 9291 | return -ENOMEM; |
| eb065d30 | 9292 | } |
| 2b188cc1 | 9293 | |
| 2b188cc1 JA |
9294 | return 0; |
| 9295 | } | |
| 9296 | ||
| 9faadcc8 PB |
9297 | static int io_uring_install_fd(struct io_ring_ctx *ctx, struct file *file) |
| 9298 | { | |
| 9299 | int ret, fd; | |
| 9300 | ||
| 9301 | fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC); | |
| 9302 | if (fd < 0) | |
| 9303 | return fd; | |
| 9304 | ||
| 9305 | ret = io_uring_add_task_file(ctx, file); | |
| 9306 | if (ret) { | |
| 9307 | put_unused_fd(fd); | |
| 9308 | return ret; | |
| 9309 | } | |
| 9310 | fd_install(fd, file); | |
| 9311 | return fd; | |
| 9312 | } | |
| 9313 | ||
| 2b188cc1 JA |
9314 | /* |
| 9315 | * Allocate an anonymous fd, this is what constitutes the application | |
| 9316 | * visible backing of an io_uring instance. The application mmaps this | |
| 9317 | * fd to gain access to the SQ/CQ ring details. If UNIX sockets are enabled, | |
| 9318 | * we have to tie this fd to a socket for file garbage collection purposes. | |
| 9319 | */ | |
| 9faadcc8 | 9320 | static struct file *io_uring_get_file(struct io_ring_ctx *ctx) |
| 2b188cc1 JA |
9321 | { |
| 9322 | struct file *file; | |
| 9faadcc8 | 9323 | #if defined(CONFIG_UNIX) |
| 2b188cc1 JA |
9324 | int ret; |
| 9325 | ||
| 2b188cc1 JA |
9326 | ret = sock_create_kern(&init_net, PF_UNIX, SOCK_RAW, IPPROTO_IP, |
| 9327 | &ctx->ring_sock); | |
| 9328 | if (ret) | |
| 9faadcc8 | 9329 | return ERR_PTR(ret); |
| 2b188cc1 JA |
9330 | #endif |
| 9331 | ||
| 2b188cc1 JA |
9332 | file = anon_inode_getfile("[io_uring]", &io_uring_fops, ctx, |
| 9333 | O_RDWR | O_CLOEXEC); | |
| 2b188cc1 | 9334 | #if defined(CONFIG_UNIX) |
| 9faadcc8 PB |
9335 | if (IS_ERR(file)) { |
| 9336 | sock_release(ctx->ring_sock); | |
| 9337 | ctx->ring_sock = NULL; | |
| 9338 | } else { | |
| 9339 | ctx->ring_sock->file = file; | |
| 0f212204 | 9340 | } |
| 2b188cc1 | 9341 | #endif |
| 9faadcc8 | 9342 | return file; |
| 2b188cc1 JA |
9343 | } |
| 9344 | ||
| 7f13657d XW |
9345 | static int io_uring_create(unsigned entries, struct io_uring_params *p, |
| 9346 | struct io_uring_params __user *params) | |
| 2b188cc1 | 9347 | { |
| 2b188cc1 | 9348 | struct io_ring_ctx *ctx; |
| 9faadcc8 | 9349 | struct file *file; |
| 2b188cc1 JA |
9350 | int ret; |
| 9351 | ||
| 8110c1a6 | 9352 | if (!entries) |
| 2b188cc1 | 9353 | return -EINVAL; |
| 8110c1a6 JA |
9354 | if (entries > IORING_MAX_ENTRIES) { |
| 9355 | if (!(p->flags & IORING_SETUP_CLAMP)) | |
| 9356 | return -EINVAL; | |
| 9357 | entries = IORING_MAX_ENTRIES; | |
| 9358 | } | |
| 2b188cc1 JA |
9359 | |
| 9360 | /* | |
| 9361 | * Use twice as many entries for the CQ ring. It's possible for the | |
| 9362 | * application to drive a higher depth than the size of the SQ ring, | |
| 9363 | * since the sqes are only used at submission time. This allows for | |
| 33a107f0 JA |
9364 | * some flexibility in overcommitting a bit. If the application has |
| 9365 | * set IORING_SETUP_CQSIZE, it will have passed in the desired number | |
| 9366 | * of CQ ring entries manually. | |
| 2b188cc1 JA |
9367 | */ |
| 9368 | p->sq_entries = roundup_pow_of_two(entries); | |
| 33a107f0 JA |
9369 | if (p->flags & IORING_SETUP_CQSIZE) { |
| 9370 | /* | |
| 9371 | * If IORING_SETUP_CQSIZE is set, we do the same roundup | |
| 9372 | * to a power-of-two, if it isn't already. We do NOT impose | |
| 9373 | * any cq vs sq ring sizing. | |
| 9374 | */ | |
| eb2667b3 | 9375 | if (!p->cq_entries) |
| 33a107f0 | 9376 | return -EINVAL; |
| 8110c1a6 JA |
9377 | if (p->cq_entries > IORING_MAX_CQ_ENTRIES) { |
| 9378 | if (!(p->flags & IORING_SETUP_CLAMP)) | |
| 9379 | return -EINVAL; | |
| 9380 | p->cq_entries = IORING_MAX_CQ_ENTRIES; | |
| 9381 | } | |
| eb2667b3 JQ |
9382 | p->cq_entries = roundup_pow_of_two(p->cq_entries); |
| 9383 | if (p->cq_entries < p->sq_entries) | |
| 9384 | return -EINVAL; | |
| 33a107f0 JA |
9385 | } else { |
| 9386 | p->cq_entries = 2 * p->sq_entries; | |
| 9387 | } | |
| 2b188cc1 | 9388 | |
| 2b188cc1 | 9389 | ctx = io_ring_ctx_alloc(p); |
| 62e398be | 9390 | if (!ctx) |
| 2b188cc1 | 9391 | return -ENOMEM; |
| 2b188cc1 | 9392 | ctx->compat = in_compat_syscall(); |
| 62e398be JA |
9393 | if (!capable(CAP_IPC_LOCK)) |
| 9394 | ctx->user = get_uid(current_user()); | |
| 2aede0e4 JA |
9395 | |
| 9396 | /* | |
| 9397 | * This is just grabbed for accounting purposes. When a process exits, | |
| 9398 | * the mm is exited and dropped before the files, hence we need to hang | |
| 9399 | * on to this mm purely for the purposes of being able to unaccount | |
| 9400 | * memory (locked/pinned vm). It's not used for anything else. | |
| 9401 | */ | |
| 6b7898eb | 9402 | mmgrab(current->mm); |
| 2aede0e4 | 9403 | ctx->mm_account = current->mm; |
| 6b7898eb | 9404 | |
| 2b188cc1 JA |
9405 | ret = io_allocate_scq_urings(ctx, p); |
| 9406 | if (ret) | |
| 9407 | goto err; | |
| 9408 | ||
| 7e84e1c7 | 9409 | ret = io_sq_offload_create(ctx, p); |
| 2b188cc1 JA |
9410 | if (ret) |
| 9411 | goto err; | |
| 9412 | ||
| 7e84e1c7 SG |
9413 | if (!(p->flags & IORING_SETUP_R_DISABLED)) |
| 9414 | io_sq_offload_start(ctx); | |
| 9415 | ||
| 2b188cc1 | 9416 | memset(&p->sq_off, 0, sizeof(p->sq_off)); |
| 75b28aff HV |
9417 | p->sq_off.head = offsetof(struct io_rings, sq.head); |
| 9418 | p->sq_off.tail = offsetof(struct io_rings, sq.tail); | |
| 9419 | p->sq_off.ring_mask = offsetof(struct io_rings, sq_ring_mask); | |
| 9420 | p->sq_off.ring_entries = offsetof(struct io_rings, sq_ring_entries); | |
| 9421 | p->sq_off.flags = offsetof(struct io_rings, sq_flags); | |
| 9422 | p->sq_off.dropped = offsetof(struct io_rings, sq_dropped); | |
| 9423 | p->sq_off.array = (char *)ctx->sq_array - (char *)ctx->rings; | |
| 2b188cc1 JA |
9424 | |
| 9425 | memset(&p->cq_off, 0, sizeof(p->cq_off)); | |
| 75b28aff HV |
9426 | p->cq_off.head = offsetof(struct io_rings, cq.head); |
| 9427 | p->cq_off.tail = offsetof(struct io_rings, cq.tail); | |
| 9428 | p->cq_off.ring_mask = offsetof(struct io_rings, cq_ring_mask); | |
| 9429 | p->cq_off.ring_entries = offsetof(struct io_rings, cq_ring_entries); | |
| 9430 | p->cq_off.overflow = offsetof(struct io_rings, cq_overflow); | |
| 9431 | p->cq_off.cqes = offsetof(struct io_rings, cqes); | |
| 0d9b5b3a | 9432 | p->cq_off.flags = offsetof(struct io_rings, cq_flags); |
| ac90f249 | 9433 | |
| 7f13657d XW |
9434 | p->features = IORING_FEAT_SINGLE_MMAP | IORING_FEAT_NODROP | |
| 9435 | IORING_FEAT_SUBMIT_STABLE | IORING_FEAT_RW_CUR_POS | | |
| 5769a351 | 9436 | IORING_FEAT_CUR_PERSONALITY | IORING_FEAT_FAST_POLL | |
| c73ebb68 | 9437 | IORING_FEAT_POLL_32BITS | IORING_FEAT_SQPOLL_NONFIXED | |
| 1c0aa1fa | 9438 | IORING_FEAT_EXT_ARG | IORING_FEAT_NATIVE_WORKERS; |
| 7f13657d XW |
9439 | |
| 9440 | if (copy_to_user(params, p, sizeof(*p))) { | |
| 9441 | ret = -EFAULT; | |
| 9442 | goto err; | |
| 9443 | } | |
| d1719f70 | 9444 | |
| 9faadcc8 PB |
9445 | file = io_uring_get_file(ctx); |
| 9446 | if (IS_ERR(file)) { | |
| 9447 | ret = PTR_ERR(file); | |
| 9448 | goto err; | |
| 9449 | } | |
| 9450 | ||
| 044c1ab3 JA |
9451 | /* |
| 9452 | * Install ring fd as the very last thing, so we don't risk someone | |
| 9453 | * having closed it before we finish setup | |
| 9454 | */ | |
| 9faadcc8 PB |
9455 | ret = io_uring_install_fd(ctx, file); |
| 9456 | if (ret < 0) { | |
| 9457 | /* fput will clean it up */ | |
| 9458 | fput(file); | |
| 9459 | return ret; | |
| 9460 | } | |
| 044c1ab3 | 9461 | |
| c826bd7a | 9462 | trace_io_uring_create(ret, ctx, p->sq_entries, p->cq_entries, p->flags); |
| 2b188cc1 JA |
9463 | return ret; |
| 9464 | err: | |
| 9465 | io_ring_ctx_wait_and_kill(ctx); | |
| 9466 | return ret; | |
| 9467 | } | |
| 9468 | ||
| 9469 | /* | |
| 9470 | * Sets up an aio uring context, and returns the fd. Applications asks for a | |
| 9471 | * ring size, we return the actual sq/cq ring sizes (among other things) in the | |
| 9472 | * params structure passed in. | |
| 9473 | */ | |
| 9474 | static long io_uring_setup(u32 entries, struct io_uring_params __user *params) | |
| 9475 | { | |
| 9476 | struct io_uring_params p; | |
| 2b188cc1 JA |
9477 | int i; |
| 9478 | ||
| 9479 | if (copy_from_user(&p, params, sizeof(p))) | |
| 9480 | return -EFAULT; | |
| 9481 | for (i = 0; i < ARRAY_SIZE(p.resv); i++) { | |
| 9482 | if (p.resv[i]) | |
| 9483 | return -EINVAL; | |
| 9484 | } | |
| 9485 | ||
| 6c271ce2 | 9486 | if (p.flags & ~(IORING_SETUP_IOPOLL | IORING_SETUP_SQPOLL | |
| 8110c1a6 | 9487 | IORING_SETUP_SQ_AFF | IORING_SETUP_CQSIZE | |
| 7e84e1c7 SG |
9488 | IORING_SETUP_CLAMP | IORING_SETUP_ATTACH_WQ | |
| 9489 | IORING_SETUP_R_DISABLED)) | |
| 2b188cc1 JA |
9490 | return -EINVAL; |
| 9491 | ||
| 7f13657d | 9492 | return io_uring_create(entries, &p, params); |
| 2b188cc1 JA |
9493 | } |
| 9494 | ||
| 9495 | SYSCALL_DEFINE2(io_uring_setup, u32, entries, | |
| 9496 | struct io_uring_params __user *, params) | |
| 9497 | { | |
| 9498 | return io_uring_setup(entries, params); | |
| 9499 | } | |
| 9500 | ||
| 66f4af93 JA |
9501 | static int io_probe(struct io_ring_ctx *ctx, void __user *arg, unsigned nr_args) |
| 9502 | { | |
| 9503 | struct io_uring_probe *p; | |
| 9504 | size_t size; | |
| 9505 | int i, ret; | |
| 9506 | ||
| 9507 | size = struct_size(p, ops, nr_args); | |
| 9508 | if (size == SIZE_MAX) | |
| 9509 | return -EOVERFLOW; | |
| 9510 | p = kzalloc(size, GFP_KERNEL); | |
| 9511 | if (!p) | |
| 9512 | return -ENOMEM; | |
| 9513 | ||
| 9514 | ret = -EFAULT; | |
| 9515 | if (copy_from_user(p, arg, size)) | |
| 9516 | goto out; | |
| 9517 | ret = -EINVAL; | |
| 9518 | if (memchr_inv(p, 0, size)) | |
| 9519 | goto out; | |
| 9520 | ||
| 9521 | p->last_op = IORING_OP_LAST - 1; | |
| 9522 | if (nr_args > IORING_OP_LAST) | |
| 9523 | nr_args = IORING_OP_LAST; | |
| 9524 | ||
| 9525 | for (i = 0; i < nr_args; i++) { | |
| 9526 | p->ops[i].op = i; | |
| 9527 | if (!io_op_defs[i].not_supported) | |
| 9528 | p->ops[i].flags = IO_URING_OP_SUPPORTED; | |
| 9529 | } | |
| 9530 | p->ops_len = i; | |
| 9531 | ||
| 9532 | ret = 0; | |
| 9533 | if (copy_to_user(arg, p, size)) | |
| 9534 | ret = -EFAULT; | |
| 9535 | out: | |
| 9536 | kfree(p); | |
| 9537 | return ret; | |
| 9538 | } | |
| 9539 | ||
| 071698e1 JA |
9540 | static int io_register_personality(struct io_ring_ctx *ctx) |
| 9541 | { | |
| 4379bf8b | 9542 | const struct cred *creds; |
| 1e6fa521 | 9543 | int ret; |
| 071698e1 | 9544 | |
| 4379bf8b | 9545 | creds = get_current_cred(); |
| 1e6fa521 | 9546 | |
| 4379bf8b JA |
9547 | ret = idr_alloc_cyclic(&ctx->personality_idr, (void *) creds, 1, |
| 9548 | USHRT_MAX, GFP_KERNEL); | |
| 9549 | if (ret < 0) | |
| 9550 | put_cred(creds); | |
| 1e6fa521 | 9551 | return ret; |
| 071698e1 JA |
9552 | } |
| 9553 | ||
| 21b55dbc SG |
9554 | static int io_register_restrictions(struct io_ring_ctx *ctx, void __user *arg, |
| 9555 | unsigned int nr_args) | |
| 9556 | { | |
| 9557 | struct io_uring_restriction *res; | |
| 9558 | size_t size; | |
| 9559 | int i, ret; | |
| 9560 | ||
| 7e84e1c7 SG |
9561 | /* Restrictions allowed only if rings started disabled */ |
| 9562 | if (!(ctx->flags & IORING_SETUP_R_DISABLED)) | |
| 9563 | return -EBADFD; | |
| 9564 | ||
| 21b55dbc | 9565 | /* We allow only a single restrictions registration */ |
| 7e84e1c7 | 9566 | if (ctx->restrictions.registered) |
| 21b55dbc SG |
9567 | return -EBUSY; |
| 9568 | ||
| 9569 | if (!arg || nr_args > IORING_MAX_RESTRICTIONS) | |
| 9570 | return -EINVAL; | |
| 9571 | ||
| 9572 | size = array_size(nr_args, sizeof(*res)); | |
| 9573 | if (size == SIZE_MAX) | |
| 9574 | return -EOVERFLOW; | |
| 9575 | ||
| 9576 | res = memdup_user(arg, size); | |
| 9577 | if (IS_ERR(res)) | |
| 9578 | return PTR_ERR(res); | |
| 9579 | ||
| 9580 | ret = 0; | |
| 9581 | ||
| 9582 | for (i = 0; i < nr_args; i++) { | |
| 9583 | switch (res[i].opcode) { | |
| 9584 | case IORING_RESTRICTION_REGISTER_OP: | |
| 9585 | if (res[i].register_op >= IORING_REGISTER_LAST) { | |
| 9586 | ret = -EINVAL; | |
| 9587 | goto out; | |
| 9588 | } | |
| 9589 | ||
| 9590 | __set_bit(res[i].register_op, | |
| 9591 | ctx->restrictions.register_op); | |
| 9592 | break; | |
| 9593 | case IORING_RESTRICTION_SQE_OP: | |
| 9594 | if (res[i].sqe_op >= IORING_OP_LAST) { | |
| 9595 | ret = -EINVAL; | |
| 9596 | goto out; | |
| 9597 | } | |
| 9598 | ||
| 9599 | __set_bit(res[i].sqe_op, ctx->restrictions.sqe_op); | |
| 9600 | break; | |
| 9601 | case IORING_RESTRICTION_SQE_FLAGS_ALLOWED: | |
| 9602 | ctx->restrictions.sqe_flags_allowed = res[i].sqe_flags; | |
| 9603 | break; | |
| 9604 | case IORING_RESTRICTION_SQE_FLAGS_REQUIRED: | |
| 9605 | ctx->restrictions.sqe_flags_required = res[i].sqe_flags; | |
| 9606 | break; | |
| 9607 | default: | |
| 9608 | ret = -EINVAL; | |
| 9609 | goto out; | |
| 9610 | } | |
| 9611 | } | |
| 9612 | ||
| 9613 | out: | |
| 9614 | /* Reset all restrictions if an error happened */ | |
| 9615 | if (ret != 0) | |
| 9616 | memset(&ctx->restrictions, 0, sizeof(ctx->restrictions)); | |
| 9617 | else | |
| 7e84e1c7 | 9618 | ctx->restrictions.registered = true; |
| 21b55dbc SG |
9619 | |
| 9620 | kfree(res); | |
| 9621 | return ret; | |
| 9622 | } | |
| 9623 | ||
| 7e84e1c7 SG |
9624 | static int io_register_enable_rings(struct io_ring_ctx *ctx) |
| 9625 | { | |
| 9626 | if (!(ctx->flags & IORING_SETUP_R_DISABLED)) | |
| 9627 | return -EBADFD; | |
| 9628 | ||
| 9629 | if (ctx->restrictions.registered) | |
| 9630 | ctx->restricted = 1; | |
| 9631 | ||
| 7e84e1c7 | 9632 | io_sq_offload_start(ctx); |
| 7e84e1c7 SG |
9633 | return 0; |
| 9634 | } | |
| 9635 | ||
| 071698e1 JA |
9636 | static bool io_register_op_must_quiesce(int op) |
| 9637 | { | |
| 9638 | switch (op) { | |
| 9639 | case IORING_UNREGISTER_FILES: | |
| 9640 | case IORING_REGISTER_FILES_UPDATE: | |
| 9641 | case IORING_REGISTER_PROBE: | |
| 9642 | case IORING_REGISTER_PERSONALITY: | |
| 9643 | case IORING_UNREGISTER_PERSONALITY: | |
| 9644 | return false; | |
| 9645 | default: | |
| 9646 | return true; | |
| 9647 | } | |
| 9648 | } | |
| 9649 | ||
| edafccee JA |
9650 | static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode, |
| 9651 | void __user *arg, unsigned nr_args) | |
| b19062a5 JA |
9652 | __releases(ctx->uring_lock) |
| 9653 | __acquires(ctx->uring_lock) | |
| edafccee JA |
9654 | { |
| 9655 | int ret; | |
| 9656 | ||
| 35fa71a0 JA |
9657 | /* |
| 9658 | * We're inside the ring mutex, if the ref is already dying, then | |
| 9659 | * someone else killed the ctx or is already going through | |
| 9660 | * io_uring_register(). | |
| 9661 | */ | |
| 9662 | if (percpu_ref_is_dying(&ctx->refs)) | |
| 9663 | return -ENXIO; | |
| 9664 | ||
| 071698e1 | 9665 | if (io_register_op_must_quiesce(opcode)) { |
| 05f3fb3c | 9666 | percpu_ref_kill(&ctx->refs); |
| b19062a5 | 9667 | |
| 05f3fb3c JA |
9668 | /* |
| 9669 | * Drop uring mutex before waiting for references to exit. If | |
| 9670 | * another thread is currently inside io_uring_enter() it might | |
| 9671 | * need to grab the uring_lock to make progress. If we hold it | |
| 9672 | * here across the drain wait, then we can deadlock. It's safe | |
| 9673 | * to drop the mutex here, since no new references will come in | |
| 9674 | * after we've killed the percpu ref. | |
| 9675 | */ | |
| 9676 | mutex_unlock(&ctx->uring_lock); | |
| af9c1a44 JA |
9677 | do { |
| 9678 | ret = wait_for_completion_interruptible(&ctx->ref_comp); | |
| 9679 | if (!ret) | |
| 9680 | break; | |
| ed6930c9 JA |
9681 | ret = io_run_task_work_sig(); |
| 9682 | if (ret < 0) | |
| 9683 | break; | |
| af9c1a44 JA |
9684 | } while (1); |
| 9685 | ||
| 05f3fb3c | 9686 | mutex_lock(&ctx->uring_lock); |
| af9c1a44 | 9687 | |
| c150368b JA |
9688 | if (ret) { |
| 9689 | percpu_ref_resurrect(&ctx->refs); | |
| 21b55dbc SG |
9690 | goto out_quiesce; |
| 9691 | } | |
| 9692 | } | |
| 9693 | ||
| 9694 | if (ctx->restricted) { | |
| 9695 | if (opcode >= IORING_REGISTER_LAST) { | |
| 9696 | ret = -EINVAL; | |
| 9697 | goto out; | |
| 9698 | } | |
| 9699 | ||
| 9700 | if (!test_bit(opcode, ctx->restrictions.register_op)) { | |
| 9701 | ret = -EACCES; | |
| c150368b JA |
9702 | goto out; |
| 9703 | } | |
| 05f3fb3c | 9704 | } |
| edafccee JA |
9705 | |
| 9706 | switch (opcode) { | |
| 9707 | case IORING_REGISTER_BUFFERS: | |
| 0a96bbe4 | 9708 | ret = io_sqe_buffers_register(ctx, arg, nr_args); |
| edafccee JA |
9709 | break; |
| 9710 | case IORING_UNREGISTER_BUFFERS: | |
| 9711 | ret = -EINVAL; | |
| 9712 | if (arg || nr_args) | |
| 9713 | break; | |
| 0a96bbe4 | 9714 | ret = io_sqe_buffers_unregister(ctx); |
| edafccee | 9715 | break; |
| 6b06314c JA |
9716 | case IORING_REGISTER_FILES: |
| 9717 | ret = io_sqe_files_register(ctx, arg, nr_args); | |
| 9718 | break; | |
| 9719 | case IORING_UNREGISTER_FILES: | |
| 9720 | ret = -EINVAL; | |
| 9721 | if (arg || nr_args) | |
| 9722 | break; | |
| 9723 | ret = io_sqe_files_unregister(ctx); | |
| 9724 | break; | |
| c3a31e60 JA |
9725 | case IORING_REGISTER_FILES_UPDATE: |
| 9726 | ret = io_sqe_files_update(ctx, arg, nr_args); | |
| 9727 | break; | |
| 9b402849 | 9728 | case IORING_REGISTER_EVENTFD: |
| f2842ab5 | 9729 | case IORING_REGISTER_EVENTFD_ASYNC: |
| 9b402849 JA |
9730 | ret = -EINVAL; |
| 9731 | if (nr_args != 1) | |
| 9732 | break; | |
| 9733 | ret = io_eventfd_register(ctx, arg); | |
| f2842ab5 JA |
9734 | if (ret) |
| 9735 | break; | |
| 9736 | if (opcode == IORING_REGISTER_EVENTFD_ASYNC) | |
| 9737 | ctx->eventfd_async = 1; | |
| 9738 | else | |
| 9739 | ctx->eventfd_async = 0; | |
| 9b402849 JA |
9740 | break; |
| 9741 | case IORING_UNREGISTER_EVENTFD: | |
| 9742 | ret = -EINVAL; | |
| 9743 | if (arg || nr_args) | |
| 9744 | break; | |
| 9745 | ret = io_eventfd_unregister(ctx); | |
| 9746 | break; | |
| 66f4af93 JA |
9747 | case IORING_REGISTER_PROBE: |
| 9748 | ret = -EINVAL; | |
| 9749 | if (!arg || nr_args > 256) | |
| 9750 | break; | |
| 9751 | ret = io_probe(ctx, arg, nr_args); | |
| 9752 | break; | |
| 071698e1 JA |
9753 | case IORING_REGISTER_PERSONALITY: |
| 9754 | ret = -EINVAL; | |
| 9755 | if (arg || nr_args) | |
| 9756 | break; | |
| 9757 | ret = io_register_personality(ctx); | |
| 9758 | break; | |
| 9759 | case IORING_UNREGISTER_PERSONALITY: | |
| 9760 | ret = -EINVAL; | |
| 9761 | if (arg) | |
| 9762 | break; | |
| 9763 | ret = io_unregister_personality(ctx, nr_args); | |
| 9764 | break; | |
| 7e84e1c7 SG |
9765 | case IORING_REGISTER_ENABLE_RINGS: |
| 9766 | ret = -EINVAL; | |
| 9767 | if (arg || nr_args) | |
| 9768 | break; | |
| 9769 | ret = io_register_enable_rings(ctx); | |
| 9770 | break; | |
| 21b55dbc SG |
9771 | case IORING_REGISTER_RESTRICTIONS: |
| 9772 | ret = io_register_restrictions(ctx, arg, nr_args); | |
| 9773 | break; | |
| edafccee JA |
9774 | default: |
| 9775 | ret = -EINVAL; | |
| 9776 | break; | |
| 9777 | } | |
| 9778 | ||
| 21b55dbc | 9779 | out: |
| 071698e1 | 9780 | if (io_register_op_must_quiesce(opcode)) { |
| 05f3fb3c | 9781 | /* bring the ctx back to life */ |
| 05f3fb3c | 9782 | percpu_ref_reinit(&ctx->refs); |
| 21b55dbc | 9783 | out_quiesce: |
| 0f158b4c | 9784 | reinit_completion(&ctx->ref_comp); |
| 05f3fb3c | 9785 | } |
| edafccee JA |
9786 | return ret; |
| 9787 | } | |
| 9788 | ||
| 9789 | SYSCALL_DEFINE4(io_uring_register, unsigned int, fd, unsigned int, opcode, | |
| 9790 | void __user *, arg, unsigned int, nr_args) | |
| 9791 | { | |
| 9792 | struct io_ring_ctx *ctx; | |
| 9793 | long ret = -EBADF; | |
| 9794 | struct fd f; | |
| 9795 | ||
| 9796 | f = fdget(fd); | |
| 9797 | if (!f.file) | |
| 9798 | return -EBADF; | |
| 9799 | ||
| 9800 | ret = -EOPNOTSUPP; | |
| 9801 | if (f.file->f_op != &io_uring_fops) | |
| 9802 | goto out_fput; | |
| 9803 | ||
| 9804 | ctx = f.file->private_data; | |
| 9805 | ||
| b6c23dd5 PB |
9806 | io_run_task_work(); |
| 9807 | ||
| edafccee JA |
9808 | mutex_lock(&ctx->uring_lock); |
| 9809 | ret = __io_uring_register(ctx, opcode, arg, nr_args); | |
| 9810 | mutex_unlock(&ctx->uring_lock); | |
| c826bd7a DD |
9811 | trace_io_uring_register(ctx, opcode, ctx->nr_user_files, ctx->nr_user_bufs, |
| 9812 | ctx->cq_ev_fd != NULL, ret); | |
| edafccee JA |
9813 | out_fput: |
| 9814 | fdput(f); | |
| 9815 | return ret; | |
| 9816 | } | |
| 9817 | ||
| 2b188cc1 JA |
9818 | static int __init io_uring_init(void) |
| 9819 | { | |
| d7f62e82 SM |
9820 | #define __BUILD_BUG_VERIFY_ELEMENT(stype, eoffset, etype, ename) do { \ |
| 9821 | BUILD_BUG_ON(offsetof(stype, ename) != eoffset); \ | |
| 9822 | BUILD_BUG_ON(sizeof(etype) != sizeof_field(stype, ename)); \ | |
| 9823 | } while (0) | |
| 9824 | ||
| 9825 | #define BUILD_BUG_SQE_ELEM(eoffset, etype, ename) \ | |
| 9826 | __BUILD_BUG_VERIFY_ELEMENT(struct io_uring_sqe, eoffset, etype, ename) | |
| 9827 | BUILD_BUG_ON(sizeof(struct io_uring_sqe) != 64); | |
| 9828 | BUILD_BUG_SQE_ELEM(0, __u8, opcode); | |
| 9829 | BUILD_BUG_SQE_ELEM(1, __u8, flags); | |
| 9830 | BUILD_BUG_SQE_ELEM(2, __u16, ioprio); | |
| 9831 | BUILD_BUG_SQE_ELEM(4, __s32, fd); | |
| 9832 | BUILD_BUG_SQE_ELEM(8, __u64, off); | |
| 9833 | BUILD_BUG_SQE_ELEM(8, __u64, addr2); | |
| 9834 | BUILD_BUG_SQE_ELEM(16, __u64, addr); | |
| 7d67af2c | 9835 | BUILD_BUG_SQE_ELEM(16, __u64, splice_off_in); |
| d7f62e82 SM |
9836 | BUILD_BUG_SQE_ELEM(24, __u32, len); |
| 9837 | BUILD_BUG_SQE_ELEM(28, __kernel_rwf_t, rw_flags); | |
| 9838 | BUILD_BUG_SQE_ELEM(28, /* compat */ int, rw_flags); | |
| 9839 | BUILD_BUG_SQE_ELEM(28, /* compat */ __u32, rw_flags); | |
| 9840 | BUILD_BUG_SQE_ELEM(28, __u32, fsync_flags); | |
| 5769a351 JX |
9841 | BUILD_BUG_SQE_ELEM(28, /* compat */ __u16, poll_events); |
| 9842 | BUILD_BUG_SQE_ELEM(28, __u32, poll32_events); | |
| d7f62e82 SM |
9843 | BUILD_BUG_SQE_ELEM(28, __u32, sync_range_flags); |
| 9844 | BUILD_BUG_SQE_ELEM(28, __u32, msg_flags); | |
| 9845 | BUILD_BUG_SQE_ELEM(28, __u32, timeout_flags); | |
| 9846 | BUILD_BUG_SQE_ELEM(28, __u32, accept_flags); | |
| 9847 | BUILD_BUG_SQE_ELEM(28, __u32, cancel_flags); | |
| 9848 | BUILD_BUG_SQE_ELEM(28, __u32, open_flags); | |
| 9849 | BUILD_BUG_SQE_ELEM(28, __u32, statx_flags); | |
| 9850 | BUILD_BUG_SQE_ELEM(28, __u32, fadvise_advice); | |
| 7d67af2c | 9851 | BUILD_BUG_SQE_ELEM(28, __u32, splice_flags); |
| d7f62e82 SM |
9852 | BUILD_BUG_SQE_ELEM(32, __u64, user_data); |
| 9853 | BUILD_BUG_SQE_ELEM(40, __u16, buf_index); | |
| 9854 | BUILD_BUG_SQE_ELEM(42, __u16, personality); | |
| 7d67af2c | 9855 | BUILD_BUG_SQE_ELEM(44, __s32, splice_fd_in); |
| d7f62e82 | 9856 | |
| d3656344 | 9857 | BUILD_BUG_ON(ARRAY_SIZE(io_op_defs) != IORING_OP_LAST); |
| 84557871 | 9858 | BUILD_BUG_ON(__REQ_F_LAST_BIT >= 8 * sizeof(int)); |
| 91f245d5 JA |
9859 | req_cachep = KMEM_CACHE(io_kiocb, SLAB_HWCACHE_ALIGN | SLAB_PANIC | |
| 9860 | SLAB_ACCOUNT); | |
| 2b188cc1 JA |
9861 | return 0; |
| 9862 | }; | |
| 9863 | __initcall(io_uring_init); |