[linux-2.6-block.git] / io_uring / cancel.c

// SPDX-License-Identifier: GPL-2.0
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/fs.h>
#include <linux/file.h>
#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/namei.h>
#include <linux/nospec.h>
#include <linux/io_uring.h>

#include <uapi/linux/io_uring.h>

#include "io_uring.h"
#include "tctx.h"
#include "poll.h"
#include "timeout.h"
#include "waitid.h"
#include "futex.h"
#include "cancel.h"

struct io_cancel {
	struct file			*file;
	u64				addr;
	u32				flags;
	s32				fd;
	u8				opcode;
};

#define CANCEL_FLAGS	(IORING_ASYNC_CANCEL_ALL | IORING_ASYNC_CANCEL_FD | \
			 IORING_ASYNC_CANCEL_ANY | IORING_ASYNC_CANCEL_FD_FIXED | \
			 IORING_ASYNC_CANCEL_USERDATA | IORING_ASYNC_CANCEL_OP)

/*
 * Returns true if the request matches the criteria outlined by 'cd'.
 */
bool io_cancel_req_match(struct io_kiocb *req, struct io_cancel_data *cd)
{
	bool match_user_data = cd->flags & IORING_ASYNC_CANCEL_USERDATA;

	if (req->ctx != cd->ctx)
		return false;

	if (!(cd->flags & (IORING_ASYNC_CANCEL_FD | IORING_ASYNC_CANCEL_OP)))
		match_user_data = true;

	if (cd->flags & IORING_ASYNC_CANCEL_ANY)
		goto check_seq;
	if (cd->flags & IORING_ASYNC_CANCEL_FD) {
		if (req->file != cd->file)
			return false;
	}
	if (cd->flags & IORING_ASYNC_CANCEL_OP) {
		if (req->opcode != cd->opcode)
			return false;
	}
	if (match_user_data && req->cqe.user_data != cd->data)
		return false;
	if (cd->flags & IORING_ASYNC_CANCEL_ALL) {
check_seq:
		if (io_cancel_match_sequence(req, cd->seq))
			return false;
	}

	return true;
}

static bool io_cancel_cb(struct io_wq_work *work, void *data)
{
	struct io_kiocb *req = container_of(work, struct io_kiocb, work);
	struct io_cancel_data *cd = data;

	return io_cancel_req_match(req, cd);
}

static int io_async_cancel_one(struct io_uring_task *tctx,
			       struct io_cancel_data *cd)
{
	enum io_wq_cancel cancel_ret;
	int ret = 0;
	bool all;

	if (!tctx || !tctx->io_wq)
		return -ENOENT;

	all = cd->flags & (IORING_ASYNC_CANCEL_ALL|IORING_ASYNC_CANCEL_ANY);
	cancel_ret = io_wq_cancel_cb(tctx->io_wq, io_cancel_cb, cd, all);
	switch (cancel_ret) {
	case IO_WQ_CANCEL_OK:
		ret = 0;
		break;
	case IO_WQ_CANCEL_RUNNING:
		ret = -EALREADY;
		break;
	case IO_WQ_CANCEL_NOTFOUND:
		ret = -ENOENT;
		break;
	}

	return ret;
}

int io_try_cancel(struct io_uring_task *tctx, struct io_cancel_data *cd,
		  unsigned issue_flags)
{
	struct io_ring_ctx *ctx = cd->ctx;
	int ret;

	WARN_ON_ONCE(!io_wq_current_is_worker() && tctx != current->io_uring);

	ret = io_async_cancel_one(tctx, cd);
	/*
	 * Fall-through even for -EALREADY, as we may have poll armed
	 * that need unarming.
	 */
	if (!ret)
		return 0;

	ret = io_poll_cancel(ctx, cd, issue_flags);
	if (ret != -ENOENT)
		return ret;

	ret = io_waitid_cancel(ctx, cd, issue_flags);
	if (ret != -ENOENT)
		return ret;

	ret = io_futex_cancel(ctx, cd, issue_flags);
	if (ret != -ENOENT)
		return ret;

	spin_lock(&ctx->completion_lock);
	if (!(cd->flags & IORING_ASYNC_CANCEL_FD))
		ret = io_timeout_cancel(ctx, cd);
	spin_unlock(&ctx->completion_lock);
	return ret;
}

int io_async_cancel_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
	struct io_cancel *cancel = io_kiocb_to_cmd(req, struct io_cancel);

	if (unlikely(req->flags & REQ_F_BUFFER_SELECT))
		return -EINVAL;
	if (sqe->off || sqe->splice_fd_in)
		return -EINVAL;

	cancel->addr = READ_ONCE(sqe->addr);
	cancel->flags = READ_ONCE(sqe->cancel_flags);
	if (cancel->flags & ~CANCEL_FLAGS)
		return -EINVAL;
	if (cancel->flags & IORING_ASYNC_CANCEL_FD) {
		if (cancel->flags & IORING_ASYNC_CANCEL_ANY)
			return -EINVAL;
		cancel->fd = READ_ONCE(sqe->fd);
	}
	if (cancel->flags & IORING_ASYNC_CANCEL_OP) {
		if (cancel->flags & IORING_ASYNC_CANCEL_ANY)
			return -EINVAL;
		cancel->opcode = READ_ONCE(sqe->len);
	}

	return 0;
}

static int __io_async_cancel(struct io_cancel_data *cd,
			     struct io_uring_task *tctx,
			     unsigned int issue_flags)
{
	bool all = cd->flags & (IORING_ASYNC_CANCEL_ALL|IORING_ASYNC_CANCEL_ANY);
	struct io_ring_ctx *ctx = cd->ctx;
	struct io_tctx_node *node;
	int ret, nr = 0;

	do {
		ret = io_try_cancel(tctx, cd, issue_flags);
		if (ret == -ENOENT)
			break;
		if (!all)
			return ret;
		nr++;
	} while (1);

	/* slow path, try all io-wq's */
	io_ring_submit_lock(ctx, issue_flags);
	ret = -ENOENT;
	list_for_each_entry(node, &ctx->tctx_list, ctx_node) {
		struct io_uring_task *tctx = node->task->io_uring;

		ret = io_async_cancel_one(tctx, cd);
		if (ret != -ENOENT) {
			if (!all)
				break;
			nr++;
		}
	}
	io_ring_submit_unlock(ctx, issue_flags);
	return all ? nr : ret;
}

int io_async_cancel(struct io_kiocb *req, unsigned int issue_flags)
{
	struct io_cancel *cancel = io_kiocb_to_cmd(req, struct io_cancel);
	struct io_cancel_data cd = {
		.ctx	= req->ctx,
		.data	= cancel->addr,
		.flags	= cancel->flags,
		.opcode	= cancel->opcode,
		.seq	= atomic_inc_return(&req->ctx->cancel_seq),
	};
	struct io_uring_task *tctx = req->task->io_uring;
	int ret;

	if (cd.flags & IORING_ASYNC_CANCEL_FD) {
		if (req->flags & REQ_F_FIXED_FILE ||
		    cd.flags & IORING_ASYNC_CANCEL_FD_FIXED) {
			req->flags |= REQ_F_FIXED_FILE;
			req->file = io_file_get_fixed(req, cancel->fd,
							issue_flags);
		} else {
			req->file = io_file_get_normal(req, cancel->fd);
		}
		if (!req->file) {
			ret = -EBADF;
			goto done;
		}
		cd.file = req->file;
	}

	ret = __io_async_cancel(&cd, tctx, issue_flags);
done:
	if (ret < 0)
		req_set_fail(req);
	io_req_set_res(req, ret, 0);
	return IOU_OK;
}

void init_hash_table(struct io_hash_table *table, unsigned size)
{
	unsigned int i;

	for (i = 0; i < size; i++) {
		spin_lock_init(&table->hbs[i].lock);
		INIT_HLIST_HEAD(&table->hbs[i].list);
	}
}

static int __io_sync_cancel(struct io_uring_task *tctx,
			    struct io_cancel_data *cd, int fd)
{
	struct io_ring_ctx *ctx = cd->ctx;

	/* fixed must be grabbed every time since we drop the uring_lock */
	if ((cd->flags & IORING_ASYNC_CANCEL_FD) &&
	    (cd->flags & IORING_ASYNC_CANCEL_FD_FIXED)) {
		if (unlikely(fd >= ctx->nr_user_files))
			return -EBADF;
		fd = array_index_nospec(fd, ctx->nr_user_files);
		cd->file = io_file_from_index(&ctx->file_table, fd);
		if (!cd->file)
			return -EBADF;
	}

	return __io_async_cancel(cd, tctx, 0);
}

int io_sync_cancel(struct io_ring_ctx *ctx, void __user *arg)
	__must_hold(&ctx->uring_lock)
{
	struct io_cancel_data cd = {
		.ctx	= ctx,
		.seq	= atomic_inc_return(&ctx->cancel_seq),
	};
	ktime_t timeout = KTIME_MAX;
	struct io_uring_sync_cancel_reg sc;
	struct file *file = NULL;
	DEFINE_WAIT(wait);
	int ret, i;

	if (copy_from_user(&sc, arg, sizeof(sc)))
		return -EFAULT;
	if (sc.flags & ~CANCEL_FLAGS)
		return -EINVAL;
	for (i = 0; i < ARRAY_SIZE(sc.pad); i++)
		if (sc.pad[i])
			return -EINVAL;
	for (i = 0; i < ARRAY_SIZE(sc.pad2); i++)
		if (sc.pad2[i])
			return -EINVAL;

	cd.data = sc.addr;
	cd.flags = sc.flags;
	cd.opcode = sc.opcode;

	/* we can grab a normal file descriptor upfront */
	if ((cd.flags & IORING_ASYNC_CANCEL_FD) &&
	   !(cd.flags & IORING_ASYNC_CANCEL_FD_FIXED)) {
		file = fget(sc.fd);
		if (!file)
			return -EBADF;
		cd.file = file;
	}

	ret = __io_sync_cancel(current->io_uring, &cd, sc.fd);

	/* found something, done! */
	if (ret != -EALREADY)
		goto out;

	if (sc.timeout.tv_sec != -1UL || sc.timeout.tv_nsec != -1UL) {
		struct timespec64 ts = {
			.tv_sec		= sc.timeout.tv_sec,
			.tv_nsec	= sc.timeout.tv_nsec
		};

		timeout = ktime_add_ns(timespec64_to_ktime(ts), ktime_get_ns());
	}

	/*
	 * Keep looking until we get -ENOENT. we'll get woken everytime
	 * every time a request completes and will retry the cancelation.
	 */
	do {
		cd.seq = atomic_inc_return(&ctx->cancel_seq);

		prepare_to_wait(&ctx->cq_wait, &wait, TASK_INTERRUPTIBLE);

		ret = __io_sync_cancel(current->io_uring, &cd, sc.fd);

		mutex_unlock(&ctx->uring_lock);
		if (ret != -EALREADY)
			break;

		ret = io_run_task_work_sig(ctx);
		if (ret < 0)
			break;
		ret = schedule_hrtimeout(&timeout, HRTIMER_MODE_ABS);
		if (!ret) {
			ret = -ETIME;
			break;
		}
		mutex_lock(&ctx->uring_lock);
	} while (1);

	finish_wait(&ctx->cq_wait, &wait);
	mutex_lock(&ctx->uring_lock);

	if (ret == -ENOENT || ret > 0)
		ret = 0;
out:
	if (file)
		fput(file);
	return ret;
}
Commit	Line	Data
7aaff708 JA	1	// SPDX-License-Identifier: GPL-2.0
	2	#include <linux/kernel.h>
	3	#include <linux/errno.h>
	4	#include <linux/fs.h>
	5	#include <linux/file.h>
	6	#include <linux/mm.h>
	7	#include <linux/slab.h>
	8	#include <linux/namei.h>
78a861b9	9	#include <linux/nospec.h>
7aaff708 JA	10	#include <linux/io_uring.h>
	11
	12	#include <uapi/linux/io_uring.h>
	13
7aaff708 JA	14	#include "io_uring.h"
	15	#include "tctx.h"
	16	#include "poll.h"
	17	#include "timeout.h"
f31ecf67	18	#include "waitid.h"
194bb58c	19	#include "futex.h"
7aaff708 JA	20	#include "cancel.h"
	21
	22	struct io_cancel {
	23	struct file *file;
	24	u64 addr;
	25	u32 flags;
	26	s32 fd;
d7b8b079	27	u8 opcode;
7aaff708 JA	28	};
	29
	30	#define CANCEL_FLAGS (IORING_ASYNC_CANCEL_ALL \| IORING_ASYNC_CANCEL_FD \| \
8165b566	31	IORING_ASYNC_CANCEL_ANY \| IORING_ASYNC_CANCEL_FD_FIXED \| \
d7b8b079	32	IORING_ASYNC_CANCEL_USERDATA \| IORING_ASYNC_CANCEL_OP)
7aaff708	33
aa5cd116 JA	34	/*
	35	* Returns true if the request matches the criteria outlined by 'cd'.
	36	*/
	37	bool io_cancel_req_match(struct io_kiocb req, struct io_cancel_data cd)
7aaff708	38	{
8165b566 JA	39	bool match_user_data = cd->flags & IORING_ASYNC_CANCEL_USERDATA;
8165b566 JA	40
7aaff708 JA	41	if (req->ctx != cd->ctx)
7aaff708 JA	42	return false;
8165b566	43
d7b8b079	44	if (!(cd->flags & (IORING_ASYNC_CANCEL_FD \| IORING_ASYNC_CANCEL_OP)))
8165b566 JA	45	match_user_data = true;
	46
	47	if (cd->flags & IORING_ASYNC_CANCEL_ANY)
3a372b66	48	goto check_seq;
8165b566	49	if (cd->flags & IORING_ASYNC_CANCEL_FD) {
7aaff708 JA	50	if (req->file != cd->file)
7aaff708 JA	51	return false;
7aaff708	52	}
d7b8b079 JA	53	if (cd->flags & IORING_ASYNC_CANCEL_OP) {
	54	if (req->opcode != cd->opcode)
	55	return false;
	56	}
8165b566 JA	57	if (match_user_data && req->cqe.user_data != cd->data)
8165b566 JA	58	return false;
3a372b66 JA	59	if (cd->flags & IORING_ASYNC_CANCEL_ALL) {
3a372b66 JA	60	check_seq:
521223d7	61	if (io_cancel_match_sequence(req, cd->seq))
7aaff708	62	return false;
7aaff708	63	}
aa5cd116	64
7aaff708 JA	65	return true;
	66	}
	67
aa5cd116 JA	68	static bool io_cancel_cb(struct io_wq_work work, void data)
	69	{
	70	struct io_kiocb *req = container_of(work, struct io_kiocb, work);
	71	struct io_cancel_data *cd = data;
	72
	73	return io_cancel_req_match(req, cd);
	74	}
	75
7aaff708 JA	76	static int io_async_cancel_one(struct io_uring_task *tctx,
	77	struct io_cancel_data *cd)
	78	{
	79	enum io_wq_cancel cancel_ret;
	80	int ret = 0;
	81	bool all;
	82
	83	if (!tctx \|\| !tctx->io_wq)
	84	return -ENOENT;
	85
	86	all = cd->flags & (IORING_ASYNC_CANCEL_ALL\|IORING_ASYNC_CANCEL_ANY);
	87	cancel_ret = io_wq_cancel_cb(tctx->io_wq, io_cancel_cb, cd, all);
	88	switch (cancel_ret) {
	89	case IO_WQ_CANCEL_OK:
	90	ret = 0;
	91	break;
	92	case IO_WQ_CANCEL_RUNNING:
	93	ret = -EALREADY;
	94	break;
	95	case IO_WQ_CANCEL_NOTFOUND:
	96	ret = -ENOENT;
	97	break;
	98	}
	99
	100	return ret;
	101	}
	102
88f52eaa	103	int io_try_cancel(struct io_uring_task tctx, struct io_cancel_data cd,
5d7943d9	104	unsigned issue_flags)
7aaff708	105	{
88f52eaa	106	struct io_ring_ctx *ctx = cd->ctx;
7aaff708 JA	107	int ret;
7aaff708 JA	108
88f52eaa	109	WARN_ON_ONCE(!io_wq_current_is_worker() && tctx != current->io_uring);
7aaff708	110
88f52eaa	111	ret = io_async_cancel_one(tctx, cd);
7aaff708 JA	112	/*
	113	* Fall-through even for -EALREADY, as we may have poll armed
	114	* that need unarming.
	115	*/
	116	if (!ret)
	117	return 0;
	118
5d7943d9	119	ret = io_poll_cancel(ctx, cd, issue_flags);
7aaff708	120	if (ret != -ENOENT)
4dfab8ab PB	121	return ret;
4dfab8ab PB	122
f31ecf67 JA	123	ret = io_waitid_cancel(ctx, cd, issue_flags);
	124	if (ret != -ENOENT)
	125	return ret;
	126
194bb58c JA	127	ret = io_futex_cancel(ctx, cd, issue_flags);
	128	if (ret != -ENOENT)
	129	return ret;
	130
38513c46	131	spin_lock(&ctx->completion_lock);
7aaff708 JA	132	if (!(cd->flags & IORING_ASYNC_CANCEL_FD))
7aaff708 JA	133	ret = io_timeout_cancel(ctx, cd);
7aaff708 JA	134	spin_unlock(&ctx->completion_lock);
	135	return ret;
	136	}
	137
7aaff708 JA	138	int io_async_cancel_prep(struct io_kiocb req, const struct io_uring_sqe sqe)
7aaff708 JA	139	{
f2ccb5ae	140	struct io_cancel *cancel = io_kiocb_to_cmd(req, struct io_cancel);
7aaff708 JA	141
	142	if (unlikely(req->flags & REQ_F_BUFFER_SELECT))
	143	return -EINVAL;
d7b8b079	144	if (sqe->off \|\| sqe->splice_fd_in)
7aaff708 JA	145	return -EINVAL;
	146
	147	cancel->addr = READ_ONCE(sqe->addr);
	148	cancel->flags = READ_ONCE(sqe->cancel_flags);
	149	if (cancel->flags & ~CANCEL_FLAGS)
	150	return -EINVAL;
	151	if (cancel->flags & IORING_ASYNC_CANCEL_FD) {
	152	if (cancel->flags & IORING_ASYNC_CANCEL_ANY)
	153	return -EINVAL;
	154	cancel->fd = READ_ONCE(sqe->fd);
	155	}
d7b8b079 JA	156	if (cancel->flags & IORING_ASYNC_CANCEL_OP) {
	157	if (cancel->flags & IORING_ASYNC_CANCEL_ANY)
	158	return -EINVAL;
	159	cancel->opcode = READ_ONCE(sqe->len);
	160	}
7aaff708 JA	161
	162	return 0;
	163	}
	164
88f52eaa JA	165	static int __io_async_cancel(struct io_cancel_data *cd,
88f52eaa JA	166	struct io_uring_task *tctx,
7aaff708 JA	167	unsigned int issue_flags)
	168	{
	169	bool all = cd->flags & (IORING_ASYNC_CANCEL_ALL\|IORING_ASYNC_CANCEL_ANY);
	170	struct io_ring_ctx *ctx = cd->ctx;
	171	struct io_tctx_node *node;
	172	int ret, nr = 0;
	173
	174	do {
88f52eaa	175	ret = io_try_cancel(tctx, cd, issue_flags);
7aaff708 JA	176	if (ret == -ENOENT)
	177	break;
	178	if (!all)
	179	return ret;
	180	nr++;
	181	} while (1);
	182
	183	/* slow path, try all io-wq's */
	184	io_ring_submit_lock(ctx, issue_flags);
	185	ret = -ENOENT;
	186	list_for_each_entry(node, &ctx->tctx_list, ctx_node) {
	187	struct io_uring_task *tctx = node->task->io_uring;
	188
	189	ret = io_async_cancel_one(tctx, cd);
	190	if (ret != -ENOENT) {
	191	if (!all)
	192	break;
	193	nr++;
	194	}
	195	}
	196	io_ring_submit_unlock(ctx, issue_flags);
	197	return all ? nr : ret;
	198	}
	199
	200	int io_async_cancel(struct io_kiocb *req, unsigned int issue_flags)
	201	{
f2ccb5ae	202	struct io_cancel *cancel = io_kiocb_to_cmd(req, struct io_cancel);
7aaff708 JA	203	struct io_cancel_data cd = {
	204	.ctx = req->ctx,
	205	.data = cancel->addr,
	206	.flags = cancel->flags,
d7b8b079	207	.opcode = cancel->opcode,
7aaff708 JA	208	.seq = atomic_inc_return(&req->ctx->cancel_seq),
7aaff708 JA	209	};
88f52eaa	210	struct io_uring_task *tctx = req->task->io_uring;
7aaff708 JA	211	int ret;
	212
	213	if (cd.flags & IORING_ASYNC_CANCEL_FD) {
7d8ca725 JA	214	if (req->flags & REQ_F_FIXED_FILE \|\|
	215	cd.flags & IORING_ASYNC_CANCEL_FD_FIXED) {
	216	req->flags \|= REQ_F_FIXED_FILE;
7aaff708 JA	217	req->file = io_file_get_fixed(req, cancel->fd,
7aaff708 JA	218	issue_flags);
7d8ca725	219	} else {
7aaff708	220	req->file = io_file_get_normal(req, cancel->fd);
7d8ca725	221	}
7aaff708 JA	222	if (!req->file) {
	223	ret = -EBADF;
	224	goto done;
	225	}
	226	cd.file = req->file;
	227	}
	228
88f52eaa	229	ret = __io_async_cancel(&cd, tctx, issue_flags);
7aaff708 JA	230	done:
	231	if (ret < 0)
	232	req_set_fail(req);
	233	io_req_set_res(req, ret, 0);
	234	return IOU_OK;
	235	}
38513c46	236
e6f89be6	237	void init_hash_table(struct io_hash_table *table, unsigned size)
38513c46 HX	238	{
	239	unsigned int i;
	240
	241	for (i = 0; i < size; i++) {
e6f89be6 PB	242	spin_lock_init(&table->hbs[i].lock);
e6f89be6 PB	243	INIT_HLIST_HEAD(&table->hbs[i].list);
38513c46 HX	244	}
38513c46 HX	245	}
78a861b9 JA	246
	247	static int __io_sync_cancel(struct io_uring_task *tctx,
	248	struct io_cancel_data *cd, int fd)
	249	{
	250	struct io_ring_ctx *ctx = cd->ctx;
	251
	252	/* fixed must be grabbed every time since we drop the uring_lock */
	253	if ((cd->flags & IORING_ASYNC_CANCEL_FD) &&
	254	(cd->flags & IORING_ASYNC_CANCEL_FD_FIXED)) {
47abea04	255	if (unlikely(fd >= ctx->nr_user_files))
78a861b9 JA	256	return -EBADF;
78a861b9 JA	257	fd = array_index_nospec(fd, ctx->nr_user_files);
60a666f0	258	cd->file = io_file_from_index(&ctx->file_table, fd);
78a861b9 JA	259	if (!cd->file)
	260	return -EBADF;
	261	}
	262
	263	return __io_async_cancel(cd, tctx, 0);
	264	}
	265
	266	int io_sync_cancel(struct io_ring_ctx ctx, void __user arg)
	267	__must_hold(&ctx->uring_lock)
	268	{
	269	struct io_cancel_data cd = {
	270	.ctx = ctx,
	271	.seq = atomic_inc_return(&ctx->cancel_seq),
	272	};
	273	ktime_t timeout = KTIME_MAX;
	274	struct io_uring_sync_cancel_reg sc;
73363c26	275	struct file *file = NULL;
78a861b9	276	DEFINE_WAIT(wait);
f77569d2	277	int ret, i;
78a861b9 JA	278
	279	if (copy_from_user(&sc, arg, sizeof(sc)))
	280	return -EFAULT;
	281	if (sc.flags & ~CANCEL_FLAGS)
	282	return -EINVAL;
f77569d2 JA	283	for (i = 0; i < ARRAY_SIZE(sc.pad); i++)
	284	if (sc.pad[i])
	285	return -EINVAL;
	286	for (i = 0; i < ARRAY_SIZE(sc.pad2); i++)
	287	if (sc.pad2[i])
	288	return -EINVAL;
78a861b9 JA	289
	290	cd.data = sc.addr;
	291	cd.flags = sc.flags;
f77569d2	292	cd.opcode = sc.opcode;
78a861b9 JA	293
	294	/* we can grab a normal file descriptor upfront */
	295	if ((cd.flags & IORING_ASYNC_CANCEL_FD) &&
	296	!(cd.flags & IORING_ASYNC_CANCEL_FD_FIXED)) {
73363c26 JA	297	file = fget(sc.fd);
73363c26 JA	298	if (!file)
78a861b9	299	return -EBADF;
73363c26	300	cd.file = file;
78a861b9 JA	301	}
	302
	303	ret = __io_sync_cancel(current->io_uring, &cd, sc.fd);
	304
	305	/* found something, done! */
	306	if (ret != -EALREADY)
	307	goto out;
	308
	309	if (sc.timeout.tv_sec != -1UL \|\| sc.timeout.tv_nsec != -1UL) {
	310	struct timespec64 ts = {
	311	.tv_sec = sc.timeout.tv_sec,
	312	.tv_nsec = sc.timeout.tv_nsec
	313	};
	314
	315	timeout = ktime_add_ns(timespec64_to_ktime(ts), ktime_get_ns());
	316	}
	317
	318	/*
	319	* Keep looking until we get -ENOENT. we'll get woken everytime
	320	* every time a request completes and will retry the cancelation.
	321	*/
	322	do {
	323	cd.seq = atomic_inc_return(&ctx->cancel_seq);
	324
	325	prepare_to_wait(&ctx->cq_wait, &wait, TASK_INTERRUPTIBLE);
	326
	327	ret = __io_sync_cancel(current->io_uring, &cd, sc.fd);
	328
23fffb2f	329	mutex_unlock(&ctx->uring_lock);
78a861b9 JA	330	if (ret != -EALREADY)
	331	break;
	332
c0e0d6ba	333	ret = io_run_task_work_sig(ctx);
23fffb2f	334	if (ret < 0)
78a861b9	335	break;
78a861b9	336	ret = schedule_hrtimeout(&timeout, HRTIMER_MODE_ABS);
78a861b9 JA	337	if (!ret) {
	338	ret = -ETIME;
	339	break;
	340	}
23fffb2f	341	mutex_lock(&ctx->uring_lock);
78a861b9 JA	342	} while (1);
	343
	344	finish_wait(&ctx->cq_wait, &wait);
23fffb2f	345	mutex_lock(&ctx->uring_lock);
78a861b9 JA	346
	347	if (ret == -ENOENT \|\| ret > 0)
	348	ret = 0;
	349	out:
73363c26 JA	350	if (file)
73363c26 JA	351	fput(file);
78a861b9 JA	352	return ret;
78a861b9 JA	353	}