1 // SPDX-License-Identifier: GPL-2.0
3 * Shared application/kernel submission and completion ring pairs, for
4 * supporting fast/efficient IO.
6 * A note on the read/write ordering memory barriers that are matched between
7 * the application and kernel side.
9 * After the application reads the CQ ring tail, it must use an
10 * appropriate smp_rmb() to pair with the smp_wmb() the kernel uses
11 * before writing the tail (using smp_load_acquire to read the tail will
12 * do). It also needs a smp_mb() before updating CQ head (ordering the
13 * entry load(s) with the head store), pairing with an implicit barrier
14 * through a control-dependency in io_get_cqe (smp_store_release to
15 * store head will do). Failure to do so could lead to reading invalid
18 * Likewise, the application must use an appropriate smp_wmb() before
19 * writing the SQ tail (ordering SQ entry stores with the tail store),
20 * which pairs with smp_load_acquire in io_get_sqring (smp_store_release
21 * to store the tail will do). And it needs a barrier ordering the SQ
22 * head load before writing new SQ entries (smp_load_acquire to read
25 * When using the SQ poll thread (IORING_SETUP_SQPOLL), the application
26 * needs to check the SQ flags for IORING_SQ_NEED_WAKEUP *after*
27 * updating the SQ tail; a full memory barrier smp_mb() is needed
30 * Also see the examples in the liburing library:
32 * git://git.kernel.dk/liburing
34 * io_uring also uses READ/WRITE_ONCE() for _any_ store or load that happens
35 * from data shared between the kernel and application. This is done both
36 * for ordering purposes, but also to ensure that once a value is loaded from
37 * data that the application could potentially modify, it remains stable.
39 * Copyright (C) 2018-2019 Jens Axboe
40 * Copyright (c) 2018-2019 Christoph Hellwig
42 #include <linux/kernel.h>
43 #include <linux/init.h>
44 #include <linux/errno.h>
45 #include <linux/syscalls.h>
46 #include <linux/compat.h>
47 #include <net/compat.h>
48 #include <linux/refcount.h>
49 #include <linux/uio.h>
50 #include <linux/bits.h>
52 #include <linux/sched/signal.h>
54 #include <linux/file.h>
55 #include <linux/fdtable.h>
57 #include <linux/mman.h>
58 #include <linux/percpu.h>
59 #include <linux/slab.h>
60 #include <linux/blkdev.h>
61 #include <linux/bvec.h>
62 #include <linux/net.h>
64 #include <net/af_unix.h>
66 #include <linux/anon_inodes.h>
67 #include <linux/sched/mm.h>
68 #include <linux/uaccess.h>
69 #include <linux/nospec.h>
70 #include <linux/sizes.h>
71 #include <linux/hugetlb.h>
72 #include <linux/highmem.h>
73 #include <linux/namei.h>
74 #include <linux/fsnotify.h>
75 #include <linux/fadvise.h>
76 #include <linux/eventpoll.h>
77 #include <linux/splice.h>
78 #include <linux/task_work.h>
79 #include <linux/pagemap.h>
80 #include <linux/io_uring.h>
81 #include <linux/tracehook.h>
83 #define CREATE_TRACE_POINTS
84 #include <trace/events/io_uring.h>
86 #include <uapi/linux/io_uring.h>
91 #define IORING_MAX_ENTRIES 32768
92 #define IORING_MAX_CQ_ENTRIES (2 * IORING_MAX_ENTRIES)
93 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8
96 #define IORING_MAX_FIXED_FILES (1U << 15)
97 #define IORING_MAX_RESTRICTIONS (IORING_RESTRICTION_LAST + \
98 IORING_REGISTER_LAST + IORING_OP_LAST)
100 #define IO_RSRC_TAG_TABLE_SHIFT (PAGE_SHIFT - 3)
101 #define IO_RSRC_TAG_TABLE_MAX (1U << IO_RSRC_TAG_TABLE_SHIFT)
102 #define IO_RSRC_TAG_TABLE_MASK (IO_RSRC_TAG_TABLE_MAX - 1)
104 #define IORING_MAX_REG_BUFFERS (1U << 14)
106 #define SQE_COMMON_FLAGS (IOSQE_FIXED_FILE | IOSQE_IO_LINK | \
107 IOSQE_IO_HARDLINK | IOSQE_ASYNC)
109 #define SQE_VALID_FLAGS (SQE_COMMON_FLAGS|IOSQE_BUFFER_SELECT|IOSQE_IO_DRAIN)
111 #define IO_REQ_CLEAN_FLAGS (REQ_F_BUFFER_SELECTED | REQ_F_NEED_CLEANUP | \
112 REQ_F_POLLED | REQ_F_INFLIGHT | REQ_F_CREDS | \
115 #define IO_TCTX_REFS_CACHE_NR (1U << 10)
118 u32 head ____cacheline_aligned_in_smp;
119 u32 tail ____cacheline_aligned_in_smp;
123 * This data is shared with the application through the mmap at offsets
124 * IORING_OFF_SQ_RING and IORING_OFF_CQ_RING.
126 * The offsets to the member fields are published through struct
127 * io_sqring_offsets when calling io_uring_setup.
131 * Head and tail offsets into the ring; the offsets need to be
132 * masked to get valid indices.
134 * The kernel controls head of the sq ring and the tail of the cq ring,
135 * and the application controls tail of the sq ring and the head of the
138 struct io_uring sq, cq;
140 * Bitmasks to apply to head and tail offsets (constant, equals
143 u32 sq_ring_mask, cq_ring_mask;
144 /* Ring sizes (constant, power of 2) */
145 u32 sq_ring_entries, cq_ring_entries;
147 * Number of invalid entries dropped by the kernel due to
148 * invalid index stored in array
150 * Written by the kernel, shouldn't be modified by the
151 * application (i.e. get number of "new events" by comparing to
154 * After a new SQ head value was read by the application this
155 * counter includes all submissions that were dropped reaching
156 * the new SQ head (and possibly more).
162 * Written by the kernel, shouldn't be modified by the
165 * The application needs a full memory barrier before checking
166 * for IORING_SQ_NEED_WAKEUP after updating the sq tail.
172 * Written by the application, shouldn't be modified by the
177 * Number of completion events lost because the queue was full;
178 * this should be avoided by the application by making sure
179 * there are not more requests pending than there is space in
180 * the completion queue.
182 * Written by the kernel, shouldn't be modified by the
183 * application (i.e. get number of "new events" by comparing to
186 * As completion events come in out of order this counter is not
187 * ordered with any other data.
191 * Ring buffer of completion events.
193 * The kernel writes completion events fresh every time they are
194 * produced, so the application is allowed to modify pending
197 struct io_uring_cqe cqes[] ____cacheline_aligned_in_smp;
200 enum io_uring_cmd_flags {
201 IO_URING_F_COMPLETE_DEFER = 1,
202 /* int's last bit, sign checks are usually faster than a bit test */
203 IO_URING_F_NONBLOCK = INT_MIN,
206 struct io_mapped_ubuf {
209 unsigned int nr_bvecs;
210 unsigned long acct_pages;
211 struct bio_vec bvec[];
216 struct io_overflow_cqe {
217 struct io_uring_cqe cqe;
218 struct list_head list;
221 struct io_fixed_file {
222 /* file * with additional FFS_* flags */
223 unsigned long file_ptr;
227 struct list_head list;
232 struct io_mapped_ubuf *buf;
236 struct io_file_table {
237 struct io_fixed_file *files;
240 struct io_rsrc_node {
241 struct percpu_ref refs;
242 struct list_head node;
243 struct list_head rsrc_list;
244 struct io_rsrc_data *rsrc_data;
245 struct llist_node llist;
249 typedef void (rsrc_put_fn)(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc);
251 struct io_rsrc_data {
252 struct io_ring_ctx *ctx;
258 struct completion done;
263 struct list_head list;
269 struct io_restriction {
270 DECLARE_BITMAP(register_op, IORING_REGISTER_LAST);
271 DECLARE_BITMAP(sqe_op, IORING_OP_LAST);
272 u8 sqe_flags_allowed;
273 u8 sqe_flags_required;
278 IO_SQ_THREAD_SHOULD_STOP = 0,
279 IO_SQ_THREAD_SHOULD_PARK,
284 atomic_t park_pending;
287 /* ctx's that are using this sqd */
288 struct list_head ctx_list;
290 struct task_struct *thread;
291 struct wait_queue_head wait;
293 unsigned sq_thread_idle;
299 struct completion exited;
302 #define IO_COMPL_BATCH 32
303 #define IO_REQ_CACHE_SIZE 32
304 #define IO_REQ_ALLOC_BATCH 8
306 struct io_submit_link {
307 struct io_kiocb *head;
308 struct io_kiocb *last;
311 struct io_submit_state {
312 /* inline/task_work completion list, under ->uring_lock */
313 struct io_wq_work_node free_list;
314 /* batch completion logic */
315 struct io_wq_work_list compl_reqs;
316 struct io_submit_link link;
320 struct blk_plug plug;
324 /* const or read-mostly hot data */
326 struct percpu_ref refs;
328 struct io_rings *rings;
330 unsigned int compat: 1;
331 unsigned int drain_next: 1;
332 unsigned int eventfd_async: 1;
333 unsigned int restricted: 1;
334 unsigned int off_timeout_used: 1;
335 unsigned int drain_active: 1;
336 } ____cacheline_aligned_in_smp;
338 /* submission data */
340 struct mutex uring_lock;
343 * Ring buffer of indices into array of io_uring_sqe, which is
344 * mmapped by the application using the IORING_OFF_SQES offset.
346 * This indirection could e.g. be used to assign fixed
347 * io_uring_sqe entries to operations and only submit them to
348 * the queue when needed.
350 * The kernel modifies neither the indices array nor the entries
354 struct io_uring_sqe *sq_sqes;
355 unsigned cached_sq_head;
357 struct list_head defer_list;
360 * Fixed resources fast path, should be accessed only under
361 * uring_lock, and updated through io_uring_register(2)
363 struct io_rsrc_node *rsrc_node;
364 int rsrc_cached_refs;
365 struct io_file_table file_table;
366 unsigned nr_user_files;
367 unsigned nr_user_bufs;
368 struct io_mapped_ubuf **user_bufs;
370 struct io_submit_state submit_state;
371 struct list_head timeout_list;
372 struct list_head ltimeout_list;
373 struct list_head cq_overflow_list;
374 struct xarray io_buffers;
375 struct xarray personalities;
377 unsigned sq_thread_idle;
378 } ____cacheline_aligned_in_smp;
380 /* IRQ completion list, under ->completion_lock */
381 struct io_wq_work_list locked_free_list;
382 unsigned int locked_free_nr;
384 const struct cred *sq_creds; /* cred used for __io_sq_thread() */
385 struct io_sq_data *sq_data; /* if using sq thread polling */
387 struct wait_queue_head sqo_sq_wait;
388 struct list_head sqd_list;
390 unsigned long check_cq_overflow;
393 unsigned cached_cq_tail;
395 struct eventfd_ctx *cq_ev_fd;
396 struct wait_queue_head cq_wait;
398 atomic_t cq_timeouts;
399 unsigned cq_last_tm_flush;
400 } ____cacheline_aligned_in_smp;
403 spinlock_t completion_lock;
405 spinlock_t timeout_lock;
408 * ->iopoll_list is protected by the ctx->uring_lock for
409 * io_uring instances that don't use IORING_SETUP_SQPOLL.
410 * For SQPOLL, only the single threaded io_sq_thread() will
411 * manipulate the list, hence no extra locking is needed there.
413 struct io_wq_work_list iopoll_list;
414 struct hlist_head *cancel_hash;
415 unsigned cancel_hash_bits;
416 bool poll_multi_queue;
417 } ____cacheline_aligned_in_smp;
419 struct io_restriction restrictions;
421 /* slow path rsrc auxilary data, used by update/register */
423 struct io_rsrc_node *rsrc_backup_node;
424 struct io_mapped_ubuf *dummy_ubuf;
425 struct io_rsrc_data *file_data;
426 struct io_rsrc_data *buf_data;
428 struct delayed_work rsrc_put_work;
429 struct llist_head rsrc_put_llist;
430 struct list_head rsrc_ref_list;
431 spinlock_t rsrc_ref_lock;
434 /* Keep this last, we don't need it for the fast path */
436 #if defined(CONFIG_UNIX)
437 struct socket *ring_sock;
439 /* hashed buffered write serialization */
440 struct io_wq_hash *hash_map;
442 /* Only used for accounting purposes */
443 struct user_struct *user;
444 struct mm_struct *mm_account;
446 /* ctx exit and cancelation */
447 struct llist_head fallback_llist;
448 struct delayed_work fallback_work;
449 struct work_struct exit_work;
450 struct list_head tctx_list;
451 struct completion ref_comp;
455 struct io_uring_task {
456 /* submission side */
459 struct wait_queue_head wait;
460 const struct io_ring_ctx *last;
462 struct percpu_counter inflight;
463 atomic_t inflight_tracked;
466 spinlock_t task_lock;
467 struct io_wq_work_list task_list;
468 struct callback_head task_work;
473 * First field must be the file pointer in all the
474 * iocb unions! See also 'struct kiocb' in <linux/fs.h>
476 struct io_poll_iocb {
478 struct wait_queue_head *head;
482 struct wait_queue_entry wait;
485 struct io_poll_update {
491 bool update_user_data;
500 struct io_timeout_data {
501 struct io_kiocb *req;
502 struct hrtimer timer;
503 struct timespec64 ts;
504 enum hrtimer_mode mode;
510 struct sockaddr __user *addr;
511 int __user *addr_len;
514 unsigned long nofile;
534 struct list_head list;
535 /* head of the link, used by linked timeouts only */
536 struct io_kiocb *head;
537 /* for linked completions */
538 struct io_kiocb *prev;
541 struct io_timeout_rem {
546 struct timespec64 ts;
552 /* NOTE: kiocb has the file as the first member, so don't do it here */
560 struct sockaddr __user *addr;
567 struct compat_msghdr __user *umsg_compat;
568 struct user_msghdr __user *umsg;
580 struct filename *filename;
582 unsigned long nofile;
585 struct io_rsrc_update {
611 struct epoll_event event;
615 struct file *file_out;
616 struct file *file_in;
623 struct io_provide_buf {
637 const char __user *filename;
638 struct statx __user *buffer;
650 struct filename *oldpath;
651 struct filename *newpath;
659 struct filename *filename;
666 struct filename *filename;
672 struct filename *oldpath;
673 struct filename *newpath;
680 struct filename *oldpath;
681 struct filename *newpath;
685 struct io_async_connect {
686 struct sockaddr_storage address;
689 struct io_async_msghdr {
690 struct iovec fast_iov[UIO_FASTIOV];
691 /* points to an allocated iov, if NULL we use fast_iov instead */
692 struct iovec *free_iov;
693 struct sockaddr __user *uaddr;
695 struct sockaddr_storage addr;
699 struct iov_iter iter;
700 struct iov_iter_state iter_state;
701 struct iovec fast_iov[UIO_FASTIOV];
705 struct io_rw_state s;
706 const struct iovec *free_iovec;
708 struct wait_page_queue wpq;
712 REQ_F_FIXED_FILE_BIT = IOSQE_FIXED_FILE_BIT,
713 REQ_F_IO_DRAIN_BIT = IOSQE_IO_DRAIN_BIT,
714 REQ_F_LINK_BIT = IOSQE_IO_LINK_BIT,
715 REQ_F_HARDLINK_BIT = IOSQE_IO_HARDLINK_BIT,
716 REQ_F_FORCE_ASYNC_BIT = IOSQE_ASYNC_BIT,
717 REQ_F_BUFFER_SELECT_BIT = IOSQE_BUFFER_SELECT_BIT,
719 /* first byte is taken by user flags, shift it to not overlap */
724 REQ_F_LINK_TIMEOUT_BIT,
725 REQ_F_NEED_CLEANUP_BIT,
727 REQ_F_BUFFER_SELECTED_BIT,
728 REQ_F_COMPLETE_INLINE_BIT,
732 REQ_F_ARM_LTIMEOUT_BIT,
733 REQ_F_ASYNC_DATA_BIT,
734 /* keep async read/write and isreg together and in order */
735 REQ_F_NOWAIT_READ_BIT,
736 REQ_F_NOWAIT_WRITE_BIT,
739 /* not a real bit, just to check we're not overflowing the space */
745 REQ_F_FIXED_FILE = BIT(REQ_F_FIXED_FILE_BIT),
746 /* drain existing IO first */
747 REQ_F_IO_DRAIN = BIT(REQ_F_IO_DRAIN_BIT),
749 REQ_F_LINK = BIT(REQ_F_LINK_BIT),
750 /* doesn't sever on completion < 0 */
751 REQ_F_HARDLINK = BIT(REQ_F_HARDLINK_BIT),
753 REQ_F_FORCE_ASYNC = BIT(REQ_F_FORCE_ASYNC_BIT),
754 /* IOSQE_BUFFER_SELECT */
755 REQ_F_BUFFER_SELECT = BIT(REQ_F_BUFFER_SELECT_BIT),
757 /* fail rest of links */
758 REQ_F_FAIL = BIT(REQ_F_FAIL_BIT),
759 /* on inflight list, should be cancelled and waited on exit reliably */
760 REQ_F_INFLIGHT = BIT(REQ_F_INFLIGHT_BIT),
761 /* read/write uses file position */
762 REQ_F_CUR_POS = BIT(REQ_F_CUR_POS_BIT),
763 /* must not punt to workers */
764 REQ_F_NOWAIT = BIT(REQ_F_NOWAIT_BIT),
765 /* has or had linked timeout */
766 REQ_F_LINK_TIMEOUT = BIT(REQ_F_LINK_TIMEOUT_BIT),
768 REQ_F_NEED_CLEANUP = BIT(REQ_F_NEED_CLEANUP_BIT),
769 /* already went through poll handler */
770 REQ_F_POLLED = BIT(REQ_F_POLLED_BIT),
771 /* buffer already selected */
772 REQ_F_BUFFER_SELECTED = BIT(REQ_F_BUFFER_SELECTED_BIT),
773 /* completion is deferred through io_comp_state */
774 REQ_F_COMPLETE_INLINE = BIT(REQ_F_COMPLETE_INLINE_BIT),
775 /* caller should reissue async */
776 REQ_F_REISSUE = BIT(REQ_F_REISSUE_BIT),
777 /* supports async reads */
778 REQ_F_NOWAIT_READ = BIT(REQ_F_NOWAIT_READ_BIT),
779 /* supports async writes */
780 REQ_F_NOWAIT_WRITE = BIT(REQ_F_NOWAIT_WRITE_BIT),
782 REQ_F_ISREG = BIT(REQ_F_ISREG_BIT),
783 /* has creds assigned */
784 REQ_F_CREDS = BIT(REQ_F_CREDS_BIT),
785 /* skip refcounting if not set */
786 REQ_F_REFCOUNT = BIT(REQ_F_REFCOUNT_BIT),
787 /* there is a linked timeout that has to be armed */
788 REQ_F_ARM_LTIMEOUT = BIT(REQ_F_ARM_LTIMEOUT_BIT),
789 /* ->async_data allocated */
790 REQ_F_ASYNC_DATA = BIT(REQ_F_ASYNC_DATA_BIT),
794 struct io_poll_iocb poll;
795 struct io_poll_iocb *double_poll;
798 typedef void (*io_req_tw_func_t)(struct io_kiocb *req, bool *locked);
800 struct io_task_work {
802 struct io_wq_work_node node;
803 struct llist_node fallback_node;
805 io_req_tw_func_t func;
809 IORING_RSRC_FILE = 0,
810 IORING_RSRC_BUFFER = 1,
814 * NOTE! Each of the iocb union members has the file pointer
815 * as the first entry in their struct definition. So you can
816 * access the file pointer through any of the sub-structs,
817 * or directly as just 'ki_filp' in this struct.
823 struct io_poll_iocb poll;
824 struct io_poll_update poll_update;
825 struct io_accept accept;
827 struct io_cancel cancel;
828 struct io_timeout timeout;
829 struct io_timeout_rem timeout_rem;
830 struct io_connect connect;
831 struct io_sr_msg sr_msg;
833 struct io_close close;
834 struct io_rsrc_update rsrc_update;
835 struct io_fadvise fadvise;
836 struct io_madvise madvise;
837 struct io_epoll epoll;
838 struct io_splice splice;
839 struct io_provide_buf pbuf;
840 struct io_statx statx;
841 struct io_shutdown shutdown;
842 struct io_rename rename;
843 struct io_unlink unlink;
844 struct io_mkdir mkdir;
845 struct io_symlink symlink;
846 struct io_hardlink hardlink;
850 /* polled IO has completed */
859 struct io_ring_ctx *ctx;
860 struct task_struct *task;
862 struct percpu_ref *fixed_rsrc_refs;
863 /* store used ubuf, so we can prevent reloading */
864 struct io_mapped_ubuf *imu;
866 /* used by request caches, completion batching and iopoll */
867 struct io_wq_work_node comp_list;
869 struct io_kiocb *link;
870 struct io_task_work io_task_work;
871 /* for polled requests, i.e. IORING_OP_POLL_ADD and async armed poll */
872 struct hlist_node hash_node;
873 /* internal polling, see IORING_FEAT_FAST_POLL */
874 struct async_poll *apoll;
875 /* opcode allocated if it needs to store data for async defer */
877 struct io_wq_work work;
878 /* custom credentials, valid IFF REQ_F_CREDS is set */
879 const struct cred *creds;
880 /* stores selected buf, valid IFF REQ_F_BUFFER_SELECTED is set */
881 struct io_buffer *kbuf;
884 struct io_tctx_node {
885 struct list_head ctx_node;
886 struct task_struct *task;
887 struct io_ring_ctx *ctx;
890 struct io_defer_entry {
891 struct list_head list;
892 struct io_kiocb *req;
897 /* needs req->file assigned */
898 unsigned needs_file : 1;
899 /* should block plug */
901 /* hash wq insertion if file is a regular file */
902 unsigned hash_reg_file : 1;
903 /* unbound wq insertion if file is a non-regular file */
904 unsigned unbound_nonreg_file : 1;
905 /* set if opcode supports polled "wait" */
907 unsigned pollout : 1;
908 /* op supports buffer selection */
909 unsigned buffer_select : 1;
910 /* do prep async if is going to be punted */
911 unsigned needs_async_setup : 1;
912 /* opcode is not supported by this kernel */
913 unsigned not_supported : 1;
914 /* size of async data needed, if any */
915 unsigned short async_size;
918 static const struct io_op_def io_op_defs[] = {
919 [IORING_OP_NOP] = {},
920 [IORING_OP_READV] = {
922 .unbound_nonreg_file = 1,
925 .needs_async_setup = 1,
927 .async_size = sizeof(struct io_async_rw),
929 [IORING_OP_WRITEV] = {
932 .unbound_nonreg_file = 1,
934 .needs_async_setup = 1,
936 .async_size = sizeof(struct io_async_rw),
938 [IORING_OP_FSYNC] = {
941 [IORING_OP_READ_FIXED] = {
943 .unbound_nonreg_file = 1,
946 .async_size = sizeof(struct io_async_rw),
948 [IORING_OP_WRITE_FIXED] = {
951 .unbound_nonreg_file = 1,
954 .async_size = sizeof(struct io_async_rw),
956 [IORING_OP_POLL_ADD] = {
958 .unbound_nonreg_file = 1,
960 [IORING_OP_POLL_REMOVE] = {},
961 [IORING_OP_SYNC_FILE_RANGE] = {
964 [IORING_OP_SENDMSG] = {
966 .unbound_nonreg_file = 1,
968 .needs_async_setup = 1,
969 .async_size = sizeof(struct io_async_msghdr),
971 [IORING_OP_RECVMSG] = {
973 .unbound_nonreg_file = 1,
976 .needs_async_setup = 1,
977 .async_size = sizeof(struct io_async_msghdr),
979 [IORING_OP_TIMEOUT] = {
980 .async_size = sizeof(struct io_timeout_data),
982 [IORING_OP_TIMEOUT_REMOVE] = {
983 /* used by timeout updates' prep() */
985 [IORING_OP_ACCEPT] = {
987 .unbound_nonreg_file = 1,
990 [IORING_OP_ASYNC_CANCEL] = {},
991 [IORING_OP_LINK_TIMEOUT] = {
992 .async_size = sizeof(struct io_timeout_data),
994 [IORING_OP_CONNECT] = {
996 .unbound_nonreg_file = 1,
998 .needs_async_setup = 1,
999 .async_size = sizeof(struct io_async_connect),
1001 [IORING_OP_FALLOCATE] = {
1004 [IORING_OP_OPENAT] = {},
1005 [IORING_OP_CLOSE] = {},
1006 [IORING_OP_FILES_UPDATE] = {},
1007 [IORING_OP_STATX] = {},
1008 [IORING_OP_READ] = {
1010 .unbound_nonreg_file = 1,
1014 .async_size = sizeof(struct io_async_rw),
1016 [IORING_OP_WRITE] = {
1019 .unbound_nonreg_file = 1,
1022 .async_size = sizeof(struct io_async_rw),
1024 [IORING_OP_FADVISE] = {
1027 [IORING_OP_MADVISE] = {},
1028 [IORING_OP_SEND] = {
1030 .unbound_nonreg_file = 1,
1033 [IORING_OP_RECV] = {
1035 .unbound_nonreg_file = 1,
1039 [IORING_OP_OPENAT2] = {
1041 [IORING_OP_EPOLL_CTL] = {
1042 .unbound_nonreg_file = 1,
1044 [IORING_OP_SPLICE] = {
1047 .unbound_nonreg_file = 1,
1049 [IORING_OP_PROVIDE_BUFFERS] = {},
1050 [IORING_OP_REMOVE_BUFFERS] = {},
1054 .unbound_nonreg_file = 1,
1056 [IORING_OP_SHUTDOWN] = {
1059 [IORING_OP_RENAMEAT] = {},
1060 [IORING_OP_UNLINKAT] = {},
1061 [IORING_OP_MKDIRAT] = {},
1062 [IORING_OP_SYMLINKAT] = {},
1063 [IORING_OP_LINKAT] = {},
1066 /* requests with any of those set should undergo io_disarm_next() */
1067 #define IO_DISARM_MASK (REQ_F_ARM_LTIMEOUT | REQ_F_LINK_TIMEOUT | REQ_F_FAIL)
1069 static bool io_disarm_next(struct io_kiocb *req);
1070 static void io_uring_del_tctx_node(unsigned long index);
1071 static void io_uring_try_cancel_requests(struct io_ring_ctx *ctx,
1072 struct task_struct *task,
1074 static void io_uring_cancel_generic(bool cancel_all, struct io_sq_data *sqd);
1076 static bool io_cqring_fill_event(struct io_ring_ctx *ctx, u64 user_data,
1077 s32 res, u32 cflags);
1078 static void io_put_req(struct io_kiocb *req);
1079 static void io_put_req_deferred(struct io_kiocb *req);
1080 static void io_dismantle_req(struct io_kiocb *req);
1081 static void io_queue_linked_timeout(struct io_kiocb *req);
1082 static int __io_register_rsrc_update(struct io_ring_ctx *ctx, unsigned type,
1083 struct io_uring_rsrc_update2 *up,
1085 static void io_clean_op(struct io_kiocb *req);
1086 static struct file *io_file_get(struct io_ring_ctx *ctx,
1087 struct io_kiocb *req, int fd, bool fixed);
1088 static void __io_queue_sqe(struct io_kiocb *req);
1089 static void io_rsrc_put_work(struct work_struct *work);
1091 static void io_req_task_queue(struct io_kiocb *req);
1092 static void __io_submit_flush_completions(struct io_ring_ctx *ctx);
1093 static int io_req_prep_async(struct io_kiocb *req);
1095 static int io_install_fixed_file(struct io_kiocb *req, struct file *file,
1096 unsigned int issue_flags, u32 slot_index);
1097 static int io_close_fixed(struct io_kiocb *req, unsigned int issue_flags);
1099 static enum hrtimer_restart io_link_timeout_fn(struct hrtimer *timer);
1101 static struct kmem_cache *req_cachep;
1103 static const struct file_operations io_uring_fops;
1105 struct sock *io_uring_get_socket(struct file *file)
1107 #if defined(CONFIG_UNIX)
1108 if (file->f_op == &io_uring_fops) {
1109 struct io_ring_ctx *ctx = file->private_data;
1111 return ctx->ring_sock->sk;
1116 EXPORT_SYMBOL(io_uring_get_socket);
1118 static inline void io_tw_lock(struct io_ring_ctx *ctx, bool *locked)
1121 mutex_lock(&ctx->uring_lock);
1126 #define io_for_each_link(pos, head) \
1127 for (pos = (head); pos; pos = pos->link)
1130 * Shamelessly stolen from the mm implementation of page reference checking,
1131 * see commit f958d7b528b1 for details.
1133 #define req_ref_zero_or_close_to_overflow(req) \
1134 ((unsigned int) atomic_read(&(req->refs)) + 127u <= 127u)
1136 static inline bool req_ref_inc_not_zero(struct io_kiocb *req)
1138 WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
1139 return atomic_inc_not_zero(&req->refs);
1142 static inline bool req_ref_put_and_test(struct io_kiocb *req)
1144 if (likely(!(req->flags & REQ_F_REFCOUNT)))
1147 WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
1148 return atomic_dec_and_test(&req->refs);
1151 static inline void req_ref_put(struct io_kiocb *req)
1153 WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
1154 WARN_ON_ONCE(req_ref_put_and_test(req));
1157 static inline void req_ref_get(struct io_kiocb *req)
1159 WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
1160 WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
1161 atomic_inc(&req->refs);
1164 static inline void io_submit_flush_completions(struct io_ring_ctx *ctx)
1166 if (!wq_list_empty(&ctx->submit_state.compl_reqs))
1167 __io_submit_flush_completions(ctx);
1170 static inline void __io_req_set_refcount(struct io_kiocb *req, int nr)
1172 if (!(req->flags & REQ_F_REFCOUNT)) {
1173 req->flags |= REQ_F_REFCOUNT;
1174 atomic_set(&req->refs, nr);
1178 static inline void io_req_set_refcount(struct io_kiocb *req)
1180 __io_req_set_refcount(req, 1);
1183 #define IO_RSRC_REF_BATCH 100
1185 static inline void io_req_put_rsrc_locked(struct io_kiocb *req,
1186 struct io_ring_ctx *ctx)
1187 __must_hold(&ctx->uring_lock)
1189 struct percpu_ref *ref = req->fixed_rsrc_refs;
1192 if (ref == &ctx->rsrc_node->refs)
1193 ctx->rsrc_cached_refs++;
1195 percpu_ref_put(ref);
1199 static inline void io_req_put_rsrc(struct io_kiocb *req, struct io_ring_ctx *ctx)
1201 if (req->fixed_rsrc_refs)
1202 percpu_ref_put(req->fixed_rsrc_refs);
1205 static __cold void io_rsrc_refs_drop(struct io_ring_ctx *ctx)
1206 __must_hold(&ctx->uring_lock)
1208 if (ctx->rsrc_cached_refs) {
1209 percpu_ref_put_many(&ctx->rsrc_node->refs, ctx->rsrc_cached_refs);
1210 ctx->rsrc_cached_refs = 0;
1214 static void io_rsrc_refs_refill(struct io_ring_ctx *ctx)
1215 __must_hold(&ctx->uring_lock)
1217 ctx->rsrc_cached_refs += IO_RSRC_REF_BATCH;
1218 percpu_ref_get_many(&ctx->rsrc_node->refs, IO_RSRC_REF_BATCH);
1221 static inline void io_req_set_rsrc_node(struct io_kiocb *req,
1222 struct io_ring_ctx *ctx)
1224 if (!req->fixed_rsrc_refs) {
1225 req->fixed_rsrc_refs = &ctx->rsrc_node->refs;
1226 ctx->rsrc_cached_refs--;
1227 if (unlikely(ctx->rsrc_cached_refs < 0))
1228 io_rsrc_refs_refill(ctx);
1232 static void io_refs_resurrect(struct percpu_ref *ref, struct completion *compl)
1234 bool got = percpu_ref_tryget(ref);
1236 /* already at zero, wait for ->release() */
1238 wait_for_completion(compl);
1239 percpu_ref_resurrect(ref);
1241 percpu_ref_put(ref);
1244 static bool io_match_task(struct io_kiocb *head, struct task_struct *task,
1247 struct io_kiocb *req;
1249 if (task && head->task != task)
1254 io_for_each_link(req, head) {
1255 if (req->flags & REQ_F_INFLIGHT)
1261 static inline bool req_has_async_data(struct io_kiocb *req)
1263 return req->flags & REQ_F_ASYNC_DATA;
1266 static inline void req_set_fail(struct io_kiocb *req)
1268 req->flags |= REQ_F_FAIL;
1271 static inline void req_fail_link_node(struct io_kiocb *req, int res)
1277 static __cold void io_ring_ctx_ref_free(struct percpu_ref *ref)
1279 struct io_ring_ctx *ctx = container_of(ref, struct io_ring_ctx, refs);
1281 complete(&ctx->ref_comp);
1284 static inline bool io_is_timeout_noseq(struct io_kiocb *req)
1286 return !req->timeout.off;
1289 static __cold void io_fallback_req_func(struct work_struct *work)
1291 struct io_ring_ctx *ctx = container_of(work, struct io_ring_ctx,
1292 fallback_work.work);
1293 struct llist_node *node = llist_del_all(&ctx->fallback_llist);
1294 struct io_kiocb *req, *tmp;
1295 bool locked = false;
1297 percpu_ref_get(&ctx->refs);
1298 llist_for_each_entry_safe(req, tmp, node, io_task_work.fallback_node)
1299 req->io_task_work.func(req, &locked);
1302 io_submit_flush_completions(ctx);
1303 mutex_unlock(&ctx->uring_lock);
1305 percpu_ref_put(&ctx->refs);
1308 static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
1310 struct io_ring_ctx *ctx;
1313 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
1318 * Use 5 bits less than the max cq entries, that should give us around
1319 * 32 entries per hash list if totally full and uniformly spread.
1321 hash_bits = ilog2(p->cq_entries);
1325 ctx->cancel_hash_bits = hash_bits;
1326 ctx->cancel_hash = kmalloc((1U << hash_bits) * sizeof(struct hlist_head),
1328 if (!ctx->cancel_hash)
1330 __hash_init(ctx->cancel_hash, 1U << hash_bits);
1332 ctx->dummy_ubuf = kzalloc(sizeof(*ctx->dummy_ubuf), GFP_KERNEL);
1333 if (!ctx->dummy_ubuf)
1335 /* set invalid range, so io_import_fixed() fails meeting it */
1336 ctx->dummy_ubuf->ubuf = -1UL;
1338 if (percpu_ref_init(&ctx->refs, io_ring_ctx_ref_free,
1339 PERCPU_REF_ALLOW_REINIT, GFP_KERNEL))
1342 ctx->flags = p->flags;
1343 init_waitqueue_head(&ctx->sqo_sq_wait);
1344 INIT_LIST_HEAD(&ctx->sqd_list);
1345 INIT_LIST_HEAD(&ctx->cq_overflow_list);
1346 init_completion(&ctx->ref_comp);
1347 xa_init_flags(&ctx->io_buffers, XA_FLAGS_ALLOC1);
1348 xa_init_flags(&ctx->personalities, XA_FLAGS_ALLOC1);
1349 mutex_init(&ctx->uring_lock);
1350 init_waitqueue_head(&ctx->cq_wait);
1351 spin_lock_init(&ctx->completion_lock);
1352 spin_lock_init(&ctx->timeout_lock);
1353 INIT_WQ_LIST(&ctx->iopoll_list);
1354 INIT_LIST_HEAD(&ctx->defer_list);
1355 INIT_LIST_HEAD(&ctx->timeout_list);
1356 INIT_LIST_HEAD(&ctx->ltimeout_list);
1357 spin_lock_init(&ctx->rsrc_ref_lock);
1358 INIT_LIST_HEAD(&ctx->rsrc_ref_list);
1359 INIT_DELAYED_WORK(&ctx->rsrc_put_work, io_rsrc_put_work);
1360 init_llist_head(&ctx->rsrc_put_llist);
1361 INIT_LIST_HEAD(&ctx->tctx_list);
1362 ctx->submit_state.free_list.next = NULL;
1363 INIT_WQ_LIST(&ctx->locked_free_list);
1364 INIT_DELAYED_WORK(&ctx->fallback_work, io_fallback_req_func);
1365 INIT_WQ_LIST(&ctx->submit_state.compl_reqs);
1368 kfree(ctx->dummy_ubuf);
1369 kfree(ctx->cancel_hash);
1374 static void io_account_cq_overflow(struct io_ring_ctx *ctx)
1376 struct io_rings *r = ctx->rings;
1378 WRITE_ONCE(r->cq_overflow, READ_ONCE(r->cq_overflow) + 1);
1382 static bool req_need_defer(struct io_kiocb *req, u32 seq)
1384 if (unlikely(req->flags & REQ_F_IO_DRAIN)) {
1385 struct io_ring_ctx *ctx = req->ctx;
1387 return seq + READ_ONCE(ctx->cq_extra) != ctx->cached_cq_tail;
1393 #define FFS_ASYNC_READ 0x1UL
1394 #define FFS_ASYNC_WRITE 0x2UL
1396 #define FFS_ISREG 0x4UL
1398 #define FFS_ISREG 0x0UL
1400 #define FFS_MASK ~(FFS_ASYNC_READ|FFS_ASYNC_WRITE|FFS_ISREG)
1402 static inline bool io_req_ffs_set(struct io_kiocb *req)
1404 return IS_ENABLED(CONFIG_64BIT) && (req->flags & REQ_F_FIXED_FILE);
1407 static inline void io_req_track_inflight(struct io_kiocb *req)
1409 if (!(req->flags & REQ_F_INFLIGHT)) {
1410 req->flags |= REQ_F_INFLIGHT;
1411 atomic_inc(¤t->io_uring->inflight_tracked);
1415 static inline void io_unprep_linked_timeout(struct io_kiocb *req)
1417 req->flags &= ~REQ_F_LINK_TIMEOUT;
1420 static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req)
1422 if (WARN_ON_ONCE(!req->link))
1425 req->flags &= ~REQ_F_ARM_LTIMEOUT;
1426 req->flags |= REQ_F_LINK_TIMEOUT;
1428 /* linked timeouts should have two refs once prep'ed */
1429 io_req_set_refcount(req);
1430 __io_req_set_refcount(req->link, 2);
1434 static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req)
1436 if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT)))
1438 return __io_prep_linked_timeout(req);
1441 static void io_prep_async_work(struct io_kiocb *req)
1443 const struct io_op_def *def = &io_op_defs[req->opcode];
1444 struct io_ring_ctx *ctx = req->ctx;
1446 if (!(req->flags & REQ_F_CREDS)) {
1447 req->flags |= REQ_F_CREDS;
1448 req->creds = get_current_cred();
1451 req->work.list.next = NULL;
1452 req->work.flags = 0;
1453 if (req->flags & REQ_F_FORCE_ASYNC)
1454 req->work.flags |= IO_WQ_WORK_CONCURRENT;
1456 if (req->flags & REQ_F_ISREG) {
1457 if (def->hash_reg_file || (ctx->flags & IORING_SETUP_IOPOLL))
1458 io_wq_hash_work(&req->work, file_inode(req->file));
1459 } else if (!req->file || !S_ISBLK(file_inode(req->file)->i_mode)) {
1460 if (def->unbound_nonreg_file)
1461 req->work.flags |= IO_WQ_WORK_UNBOUND;
1464 switch (req->opcode) {
1465 case IORING_OP_SPLICE:
1467 if (!S_ISREG(file_inode(req->splice.file_in)->i_mode))
1468 req->work.flags |= IO_WQ_WORK_UNBOUND;
1473 static void io_prep_async_link(struct io_kiocb *req)
1475 struct io_kiocb *cur;
1477 if (req->flags & REQ_F_LINK_TIMEOUT) {
1478 struct io_ring_ctx *ctx = req->ctx;
1480 spin_lock(&ctx->completion_lock);
1481 io_for_each_link(cur, req)
1482 io_prep_async_work(cur);
1483 spin_unlock(&ctx->completion_lock);
1485 io_for_each_link(cur, req)
1486 io_prep_async_work(cur);
1490 static inline void io_req_add_compl_list(struct io_kiocb *req)
1492 struct io_submit_state *state = &req->ctx->submit_state;
1494 wq_list_add_tail(&req->comp_list, &state->compl_reqs);
1497 static void io_queue_async_work(struct io_kiocb *req, bool *locked)
1499 struct io_ring_ctx *ctx = req->ctx;
1500 struct io_kiocb *link = io_prep_linked_timeout(req);
1501 struct io_uring_task *tctx = req->task->io_uring;
1503 /* must not take the lock, NULL it as a precaution */
1507 BUG_ON(!tctx->io_wq);
1509 /* init ->work of the whole link before punting */
1510 io_prep_async_link(req);
1513 * Not expected to happen, but if we do have a bug where this _can_
1514 * happen, catch it here and ensure the request is marked as
1515 * canceled. That will make io-wq go through the usual work cancel
1516 * procedure rather than attempt to run this request (or create a new
1519 if (WARN_ON_ONCE(!same_thread_group(req->task, current)))
1520 req->work.flags |= IO_WQ_WORK_CANCEL;
1522 trace_io_uring_queue_async_work(ctx, io_wq_is_hashed(&req->work), req,
1523 &req->work, req->flags);
1524 io_wq_enqueue(tctx->io_wq, &req->work);
1526 io_queue_linked_timeout(link);
1529 static void io_kill_timeout(struct io_kiocb *req, int status)
1530 __must_hold(&req->ctx->completion_lock)
1531 __must_hold(&req->ctx->timeout_lock)
1533 struct io_timeout_data *io = req->async_data;
1535 if (hrtimer_try_to_cancel(&io->timer) != -1) {
1538 atomic_set(&req->ctx->cq_timeouts,
1539 atomic_read(&req->ctx->cq_timeouts) + 1);
1540 list_del_init(&req->timeout.list);
1541 io_cqring_fill_event(req->ctx, req->user_data, status, 0);
1542 io_put_req_deferred(req);
1546 static __cold void io_queue_deferred(struct io_ring_ctx *ctx)
1548 while (!list_empty(&ctx->defer_list)) {
1549 struct io_defer_entry *de = list_first_entry(&ctx->defer_list,
1550 struct io_defer_entry, list);
1552 if (req_need_defer(de->req, de->seq))
1554 list_del_init(&de->list);
1555 io_req_task_queue(de->req);
1560 static __cold void io_flush_timeouts(struct io_ring_ctx *ctx)
1561 __must_hold(&ctx->completion_lock)
1563 u32 seq = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts);
1565 spin_lock_irq(&ctx->timeout_lock);
1566 while (!list_empty(&ctx->timeout_list)) {
1567 u32 events_needed, events_got;
1568 struct io_kiocb *req = list_first_entry(&ctx->timeout_list,
1569 struct io_kiocb, timeout.list);
1571 if (io_is_timeout_noseq(req))
1575 * Since seq can easily wrap around over time, subtract
1576 * the last seq at which timeouts were flushed before comparing.
1577 * Assuming not more than 2^31-1 events have happened since,
1578 * these subtractions won't have wrapped, so we can check if
1579 * target is in [last_seq, current_seq] by comparing the two.
1581 events_needed = req->timeout.target_seq - ctx->cq_last_tm_flush;
1582 events_got = seq - ctx->cq_last_tm_flush;
1583 if (events_got < events_needed)
1586 list_del_init(&req->timeout.list);
1587 io_kill_timeout(req, 0);
1589 ctx->cq_last_tm_flush = seq;
1590 spin_unlock_irq(&ctx->timeout_lock);
1593 static __cold void __io_commit_cqring_flush(struct io_ring_ctx *ctx)
1595 if (ctx->off_timeout_used)
1596 io_flush_timeouts(ctx);
1597 if (ctx->drain_active)
1598 io_queue_deferred(ctx);
1601 static inline void io_commit_cqring(struct io_ring_ctx *ctx)
1603 if (unlikely(ctx->off_timeout_used || ctx->drain_active))
1604 __io_commit_cqring_flush(ctx);
1605 /* order cqe stores with ring update */
1606 smp_store_release(&ctx->rings->cq.tail, ctx->cached_cq_tail);
1609 static inline bool io_sqring_full(struct io_ring_ctx *ctx)
1611 struct io_rings *r = ctx->rings;
1613 return READ_ONCE(r->sq.tail) - ctx->cached_sq_head == ctx->sq_entries;
1616 static inline unsigned int __io_cqring_events(struct io_ring_ctx *ctx)
1618 return ctx->cached_cq_tail - READ_ONCE(ctx->rings->cq.head);
1621 static inline struct io_uring_cqe *io_get_cqe(struct io_ring_ctx *ctx)
1623 struct io_rings *rings = ctx->rings;
1624 unsigned tail, mask = ctx->cq_entries - 1;
1627 * writes to the cq entry need to come after reading head; the
1628 * control dependency is enough as we're using WRITE_ONCE to
1631 if (__io_cqring_events(ctx) == ctx->cq_entries)
1634 tail = ctx->cached_cq_tail++;
1635 return &rings->cqes[tail & mask];
1638 static inline bool io_should_trigger_evfd(struct io_ring_ctx *ctx)
1640 if (likely(!ctx->cq_ev_fd))
1642 if (READ_ONCE(ctx->rings->cq_flags) & IORING_CQ_EVENTFD_DISABLED)
1644 return !ctx->eventfd_async || io_wq_current_is_worker();
1648 * This should only get called when at least one event has been posted.
1649 * Some applications rely on the eventfd notification count only changing
1650 * IFF a new CQE has been added to the CQ ring. There's no depedency on
1651 * 1:1 relationship between how many times this function is called (and
1652 * hence the eventfd count) and number of CQEs posted to the CQ ring.
1654 static void io_cqring_ev_posted(struct io_ring_ctx *ctx)
1657 * wake_up_all() may seem excessive, but io_wake_function() and
1658 * io_should_wake() handle the termination of the loop and only
1659 * wake as many waiters as we need to.
1661 if (wq_has_sleeper(&ctx->cq_wait))
1662 wake_up_all(&ctx->cq_wait);
1663 if (io_should_trigger_evfd(ctx))
1664 eventfd_signal(ctx->cq_ev_fd, 1);
1667 static void io_cqring_ev_posted_iopoll(struct io_ring_ctx *ctx)
1669 /* see waitqueue_active() comment */
1672 if (ctx->flags & IORING_SETUP_SQPOLL) {
1673 if (waitqueue_active(&ctx->cq_wait))
1674 wake_up_all(&ctx->cq_wait);
1676 if (io_should_trigger_evfd(ctx))
1677 eventfd_signal(ctx->cq_ev_fd, 1);
1680 /* Returns true if there are no backlogged entries after the flush */
1681 static bool __io_cqring_overflow_flush(struct io_ring_ctx *ctx, bool force)
1683 bool all_flushed, posted;
1685 if (!force && __io_cqring_events(ctx) == ctx->cq_entries)
1689 spin_lock(&ctx->completion_lock);
1690 while (!list_empty(&ctx->cq_overflow_list)) {
1691 struct io_uring_cqe *cqe = io_get_cqe(ctx);
1692 struct io_overflow_cqe *ocqe;
1696 ocqe = list_first_entry(&ctx->cq_overflow_list,
1697 struct io_overflow_cqe, list);
1699 memcpy(cqe, &ocqe->cqe, sizeof(*cqe));
1701 io_account_cq_overflow(ctx);
1704 list_del(&ocqe->list);
1708 all_flushed = list_empty(&ctx->cq_overflow_list);
1710 clear_bit(0, &ctx->check_cq_overflow);
1711 WRITE_ONCE(ctx->rings->sq_flags,
1712 ctx->rings->sq_flags & ~IORING_SQ_CQ_OVERFLOW);
1716 io_commit_cqring(ctx);
1717 spin_unlock(&ctx->completion_lock);
1719 io_cqring_ev_posted(ctx);
1723 static bool io_cqring_overflow_flush(struct io_ring_ctx *ctx)
1727 if (test_bit(0, &ctx->check_cq_overflow)) {
1728 /* iopoll syncs against uring_lock, not completion_lock */
1729 if (ctx->flags & IORING_SETUP_IOPOLL)
1730 mutex_lock(&ctx->uring_lock);
1731 ret = __io_cqring_overflow_flush(ctx, false);
1732 if (ctx->flags & IORING_SETUP_IOPOLL)
1733 mutex_unlock(&ctx->uring_lock);
1739 /* must to be called somewhat shortly after putting a request */
1740 static inline void io_put_task(struct task_struct *task, int nr)
1742 struct io_uring_task *tctx = task->io_uring;
1744 if (likely(task == current)) {
1745 tctx->cached_refs += nr;
1747 percpu_counter_sub(&tctx->inflight, nr);
1748 if (unlikely(atomic_read(&tctx->in_idle)))
1749 wake_up(&tctx->wait);
1750 put_task_struct_many(task, nr);
1754 static void io_task_refs_refill(struct io_uring_task *tctx)
1756 unsigned int refill = -tctx->cached_refs + IO_TCTX_REFS_CACHE_NR;
1758 percpu_counter_add(&tctx->inflight, refill);
1759 refcount_add(refill, ¤t->usage);
1760 tctx->cached_refs += refill;
1763 static inline void io_get_task_refs(int nr)
1765 struct io_uring_task *tctx = current->io_uring;
1767 tctx->cached_refs -= nr;
1768 if (unlikely(tctx->cached_refs < 0))
1769 io_task_refs_refill(tctx);
1772 static bool io_cqring_event_overflow(struct io_ring_ctx *ctx, u64 user_data,
1773 s32 res, u32 cflags)
1775 struct io_overflow_cqe *ocqe;
1777 ocqe = kmalloc(sizeof(*ocqe), GFP_ATOMIC | __GFP_ACCOUNT);
1780 * If we're in ring overflow flush mode, or in task cancel mode,
1781 * or cannot allocate an overflow entry, then we need to drop it
1784 io_account_cq_overflow(ctx);
1787 if (list_empty(&ctx->cq_overflow_list)) {
1788 set_bit(0, &ctx->check_cq_overflow);
1789 WRITE_ONCE(ctx->rings->sq_flags,
1790 ctx->rings->sq_flags | IORING_SQ_CQ_OVERFLOW);
1793 ocqe->cqe.user_data = user_data;
1794 ocqe->cqe.res = res;
1795 ocqe->cqe.flags = cflags;
1796 list_add_tail(&ocqe->list, &ctx->cq_overflow_list);
1800 static inline bool __io_cqring_fill_event(struct io_ring_ctx *ctx, u64 user_data,
1801 s32 res, u32 cflags)
1803 struct io_uring_cqe *cqe;
1805 trace_io_uring_complete(ctx, user_data, res, cflags);
1808 * If we can't get a cq entry, userspace overflowed the
1809 * submission (by quite a lot). Increment the overflow count in
1812 cqe = io_get_cqe(ctx);
1814 WRITE_ONCE(cqe->user_data, user_data);
1815 WRITE_ONCE(cqe->res, res);
1816 WRITE_ONCE(cqe->flags, cflags);
1819 return io_cqring_event_overflow(ctx, user_data, res, cflags);
1822 /* not as hot to bloat with inlining */
1823 static noinline bool io_cqring_fill_event(struct io_ring_ctx *ctx, u64 user_data,
1824 s32 res, u32 cflags)
1826 return __io_cqring_fill_event(ctx, user_data, res, cflags);
1829 static void io_req_complete_post(struct io_kiocb *req, s32 res,
1832 struct io_ring_ctx *ctx = req->ctx;
1834 spin_lock(&ctx->completion_lock);
1835 __io_cqring_fill_event(ctx, req->user_data, res, cflags);
1837 * If we're the last reference to this request, add to our locked
1840 if (req_ref_put_and_test(req)) {
1841 if (req->flags & (REQ_F_LINK | REQ_F_HARDLINK)) {
1842 if (req->flags & IO_DISARM_MASK)
1843 io_disarm_next(req);
1845 io_req_task_queue(req->link);
1849 io_req_put_rsrc(req, ctx);
1850 io_dismantle_req(req);
1851 io_put_task(req->task, 1);
1852 wq_list_add_head(&req->comp_list, &ctx->locked_free_list);
1853 ctx->locked_free_nr++;
1855 io_commit_cqring(ctx);
1856 spin_unlock(&ctx->completion_lock);
1857 io_cqring_ev_posted(ctx);
1860 static inline void io_req_complete_state(struct io_kiocb *req, s32 res,
1864 req->cflags = cflags;
1865 req->flags |= REQ_F_COMPLETE_INLINE;
1868 static inline void __io_req_complete(struct io_kiocb *req, unsigned issue_flags,
1869 s32 res, u32 cflags)
1871 if (issue_flags & IO_URING_F_COMPLETE_DEFER)
1872 io_req_complete_state(req, res, cflags);
1874 io_req_complete_post(req, res, cflags);
1877 static inline void io_req_complete(struct io_kiocb *req, s32 res)
1879 __io_req_complete(req, 0, res, 0);
1882 static void io_req_complete_failed(struct io_kiocb *req, s32 res)
1885 io_req_complete_post(req, res, 0);
1888 static void io_req_complete_fail_submit(struct io_kiocb *req)
1891 * We don't submit, fail them all, for that replace hardlinks with
1892 * normal links. Extra REQ_F_LINK is tolerated.
1894 req->flags &= ~REQ_F_HARDLINK;
1895 req->flags |= REQ_F_LINK;
1896 io_req_complete_failed(req, req->result);
1900 * Don't initialise the fields below on every allocation, but do that in
1901 * advance and keep them valid across allocations.
1903 static void io_preinit_req(struct io_kiocb *req, struct io_ring_ctx *ctx)
1907 req->async_data = NULL;
1908 /* not necessary, but safer to zero */
1912 static void io_flush_cached_locked_reqs(struct io_ring_ctx *ctx,
1913 struct io_submit_state *state)
1915 spin_lock(&ctx->completion_lock);
1916 wq_list_splice(&ctx->locked_free_list, &state->free_list);
1917 ctx->locked_free_nr = 0;
1918 spin_unlock(&ctx->completion_lock);
1921 /* Returns true IFF there are requests in the cache */
1922 static bool io_flush_cached_reqs(struct io_ring_ctx *ctx)
1924 struct io_submit_state *state = &ctx->submit_state;
1927 * If we have more than a batch's worth of requests in our IRQ side
1928 * locked cache, grab the lock and move them over to our submission
1931 if (READ_ONCE(ctx->locked_free_nr) > IO_COMPL_BATCH)
1932 io_flush_cached_locked_reqs(ctx, state);
1933 return !!state->free_list.next;
1937 * A request might get retired back into the request caches even before opcode
1938 * handlers and io_issue_sqe() are done with it, e.g. inline completion path.
1939 * Because of that, io_alloc_req() should be called only under ->uring_lock
1940 * and with extra caution to not get a request that is still worked on.
1942 static __cold bool __io_alloc_req_refill(struct io_ring_ctx *ctx)
1943 __must_hold(&ctx->uring_lock)
1945 struct io_submit_state *state = &ctx->submit_state;
1946 gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;
1947 void *reqs[IO_REQ_ALLOC_BATCH];
1948 struct io_kiocb *req;
1951 if (likely(state->free_list.next || io_flush_cached_reqs(ctx)))
1954 ret = kmem_cache_alloc_bulk(req_cachep, gfp, ARRAY_SIZE(reqs), reqs);
1957 * Bulk alloc is all-or-nothing. If we fail to get a batch,
1958 * retry single alloc to be on the safe side.
1960 if (unlikely(ret <= 0)) {
1961 reqs[0] = kmem_cache_alloc(req_cachep, gfp);
1967 percpu_ref_get_many(&ctx->refs, ret);
1968 for (i = 0; i < ret; i++) {
1971 io_preinit_req(req, ctx);
1972 wq_stack_add_head(&req->comp_list, &state->free_list);
1977 static inline bool io_alloc_req_refill(struct io_ring_ctx *ctx)
1979 if (unlikely(!ctx->submit_state.free_list.next))
1980 return __io_alloc_req_refill(ctx);
1984 static inline struct io_kiocb *io_alloc_req(struct io_ring_ctx *ctx)
1986 struct io_wq_work_node *node;
1988 node = wq_stack_extract(&ctx->submit_state.free_list);
1989 return container_of(node, struct io_kiocb, comp_list);
1992 static inline void io_put_file(struct file *file)
1998 static inline void io_dismantle_req(struct io_kiocb *req)
2000 unsigned int flags = req->flags;
2002 if (unlikely(flags & IO_REQ_CLEAN_FLAGS))
2004 if (!(flags & REQ_F_FIXED_FILE))
2005 io_put_file(req->file);
2008 static __cold void __io_free_req(struct io_kiocb *req)
2010 struct io_ring_ctx *ctx = req->ctx;
2012 io_req_put_rsrc(req, ctx);
2013 io_dismantle_req(req);
2014 io_put_task(req->task, 1);
2016 spin_lock(&ctx->completion_lock);
2017 wq_list_add_head(&req->comp_list, &ctx->locked_free_list);
2018 ctx->locked_free_nr++;
2019 spin_unlock(&ctx->completion_lock);
2022 static inline void io_remove_next_linked(struct io_kiocb *req)
2024 struct io_kiocb *nxt = req->link;
2026 req->link = nxt->link;
2030 static bool io_kill_linked_timeout(struct io_kiocb *req)
2031 __must_hold(&req->ctx->completion_lock)
2032 __must_hold(&req->ctx->timeout_lock)
2034 struct io_kiocb *link = req->link;
2036 if (link && link->opcode == IORING_OP_LINK_TIMEOUT) {
2037 struct io_timeout_data *io = link->async_data;
2039 io_remove_next_linked(req);
2040 link->timeout.head = NULL;
2041 if (hrtimer_try_to_cancel(&io->timer) != -1) {
2042 list_del(&link->timeout.list);
2043 io_cqring_fill_event(link->ctx, link->user_data,
2045 io_put_req_deferred(link);
2052 static void io_fail_links(struct io_kiocb *req)
2053 __must_hold(&req->ctx->completion_lock)
2055 struct io_kiocb *nxt, *link = req->link;
2059 long res = -ECANCELED;
2061 if (link->flags & REQ_F_FAIL)
2067 trace_io_uring_fail_link(req, link);
2068 io_cqring_fill_event(link->ctx, link->user_data, res, 0);
2069 io_put_req_deferred(link);
2074 static bool io_disarm_next(struct io_kiocb *req)
2075 __must_hold(&req->ctx->completion_lock)
2077 bool posted = false;
2079 if (req->flags & REQ_F_ARM_LTIMEOUT) {
2080 struct io_kiocb *link = req->link;
2082 req->flags &= ~REQ_F_ARM_LTIMEOUT;
2083 if (link && link->opcode == IORING_OP_LINK_TIMEOUT) {
2084 io_remove_next_linked(req);
2085 io_cqring_fill_event(link->ctx, link->user_data,
2087 io_put_req_deferred(link);
2090 } else if (req->flags & REQ_F_LINK_TIMEOUT) {
2091 struct io_ring_ctx *ctx = req->ctx;
2093 spin_lock_irq(&ctx->timeout_lock);
2094 posted = io_kill_linked_timeout(req);
2095 spin_unlock_irq(&ctx->timeout_lock);
2097 if (unlikely((req->flags & REQ_F_FAIL) &&
2098 !(req->flags & REQ_F_HARDLINK))) {
2099 posted |= (req->link != NULL);
2105 static void __io_req_find_next_prep(struct io_kiocb *req)
2107 struct io_ring_ctx *ctx = req->ctx;
2110 spin_lock(&ctx->completion_lock);
2111 posted = io_disarm_next(req);
2113 io_commit_cqring(req->ctx);
2114 spin_unlock(&ctx->completion_lock);
2116 io_cqring_ev_posted(ctx);
2119 static inline struct io_kiocb *io_req_find_next(struct io_kiocb *req)
2121 struct io_kiocb *nxt;
2123 if (likely(!(req->flags & (REQ_F_LINK|REQ_F_HARDLINK))))
2126 * If LINK is set, we have dependent requests in this chain. If we
2127 * didn't fail this request, queue the first one up, moving any other
2128 * dependencies to the next request. In case of failure, fail the rest
2131 if (unlikely(req->flags & IO_DISARM_MASK))
2132 __io_req_find_next_prep(req);
2138 static void ctx_flush_and_put(struct io_ring_ctx *ctx, bool *locked)
2143 io_submit_flush_completions(ctx);
2144 mutex_unlock(&ctx->uring_lock);
2147 percpu_ref_put(&ctx->refs);
2150 static void tctx_task_work(struct callback_head *cb)
2152 bool locked = false;
2153 struct io_ring_ctx *ctx = NULL;
2154 struct io_uring_task *tctx = container_of(cb, struct io_uring_task,
2158 struct io_wq_work_node *node;
2160 if (!tctx->task_list.first && locked)
2161 io_submit_flush_completions(ctx);
2163 spin_lock_irq(&tctx->task_lock);
2164 node = tctx->task_list.first;
2165 INIT_WQ_LIST(&tctx->task_list);
2167 tctx->task_running = false;
2168 spin_unlock_irq(&tctx->task_lock);
2173 struct io_wq_work_node *next = node->next;
2174 struct io_kiocb *req = container_of(node, struct io_kiocb,
2177 if (req->ctx != ctx) {
2178 ctx_flush_and_put(ctx, &locked);
2180 /* if not contended, grab and improve batching */
2181 locked = mutex_trylock(&ctx->uring_lock);
2182 percpu_ref_get(&ctx->refs);
2184 req->io_task_work.func(req, &locked);
2191 ctx_flush_and_put(ctx, &locked);
2194 static void io_req_task_work_add(struct io_kiocb *req)
2196 struct task_struct *tsk = req->task;
2197 struct io_uring_task *tctx = tsk->io_uring;
2198 enum task_work_notify_mode notify;
2199 struct io_wq_work_node *node;
2200 unsigned long flags;
2203 WARN_ON_ONCE(!tctx);
2205 spin_lock_irqsave(&tctx->task_lock, flags);
2206 wq_list_add_tail(&req->io_task_work.node, &tctx->task_list);
2207 running = tctx->task_running;
2209 tctx->task_running = true;
2210 spin_unlock_irqrestore(&tctx->task_lock, flags);
2212 /* task_work already pending, we're done */
2217 * SQPOLL kernel thread doesn't need notification, just a wakeup. For
2218 * all other cases, use TWA_SIGNAL unconditionally to ensure we're
2219 * processing task_work. There's no reliable way to tell if TWA_RESUME
2222 notify = (req->ctx->flags & IORING_SETUP_SQPOLL) ? TWA_NONE : TWA_SIGNAL;
2223 if (likely(!task_work_add(tsk, &tctx->task_work, notify))) {
2224 if (notify == TWA_NONE)
2225 wake_up_process(tsk);
2229 spin_lock_irqsave(&tctx->task_lock, flags);
2230 tctx->task_running = false;
2231 node = tctx->task_list.first;
2232 INIT_WQ_LIST(&tctx->task_list);
2233 spin_unlock_irqrestore(&tctx->task_lock, flags);
2236 req = container_of(node, struct io_kiocb, io_task_work.node);
2238 if (llist_add(&req->io_task_work.fallback_node,
2239 &req->ctx->fallback_llist))
2240 schedule_delayed_work(&req->ctx->fallback_work, 1);
2244 static void io_req_task_cancel(struct io_kiocb *req, bool *locked)
2246 struct io_ring_ctx *ctx = req->ctx;
2248 /* not needed for normal modes, but SQPOLL depends on it */
2249 io_tw_lock(ctx, locked);
2250 io_req_complete_failed(req, req->result);
2253 static void io_req_task_submit(struct io_kiocb *req, bool *locked)
2255 struct io_ring_ctx *ctx = req->ctx;
2257 io_tw_lock(ctx, locked);
2258 /* req->task == current here, checking PF_EXITING is safe */
2259 if (likely(!(req->task->flags & PF_EXITING)))
2260 __io_queue_sqe(req);
2262 io_req_complete_failed(req, -EFAULT);
2265 static void io_req_task_queue_fail(struct io_kiocb *req, int ret)
2268 req->io_task_work.func = io_req_task_cancel;
2269 io_req_task_work_add(req);
2272 static void io_req_task_queue(struct io_kiocb *req)
2274 req->io_task_work.func = io_req_task_submit;
2275 io_req_task_work_add(req);
2278 static void io_req_task_queue_reissue(struct io_kiocb *req)
2280 req->io_task_work.func = io_queue_async_work;
2281 io_req_task_work_add(req);
2284 static inline void io_queue_next(struct io_kiocb *req)
2286 struct io_kiocb *nxt = io_req_find_next(req);
2289 io_req_task_queue(nxt);
2292 static void io_free_req(struct io_kiocb *req)
2298 static void io_free_req_work(struct io_kiocb *req, bool *locked)
2303 static void io_free_batch_list(struct io_ring_ctx *ctx,
2304 struct io_wq_work_node *node)
2305 __must_hold(&ctx->uring_lock)
2307 struct task_struct *task = NULL;
2311 struct io_kiocb *req = container_of(node, struct io_kiocb,
2314 if (unlikely(req->flags & REQ_F_REFCOUNT)) {
2315 node = req->comp_list.next;
2316 if (!req_ref_put_and_test(req))
2320 io_req_put_rsrc_locked(req, ctx);
2322 io_dismantle_req(req);
2324 if (req->task != task) {
2326 io_put_task(task, task_refs);
2331 node = req->comp_list.next;
2332 wq_stack_add_head(&req->comp_list, &ctx->submit_state.free_list);
2336 io_put_task(task, task_refs);
2339 static void __io_submit_flush_completions(struct io_ring_ctx *ctx)
2340 __must_hold(&ctx->uring_lock)
2342 struct io_wq_work_node *node, *prev;
2343 struct io_submit_state *state = &ctx->submit_state;
2345 spin_lock(&ctx->completion_lock);
2346 wq_list_for_each(node, prev, &state->compl_reqs) {
2347 struct io_kiocb *req = container_of(node, struct io_kiocb,
2350 __io_cqring_fill_event(ctx, req->user_data, req->result,
2353 io_commit_cqring(ctx);
2354 spin_unlock(&ctx->completion_lock);
2355 io_cqring_ev_posted(ctx);
2357 io_free_batch_list(ctx, state->compl_reqs.first);
2358 INIT_WQ_LIST(&state->compl_reqs);
2362 * Drop reference to request, return next in chain (if there is one) if this
2363 * was the last reference to this request.
2365 static inline struct io_kiocb *io_put_req_find_next(struct io_kiocb *req)
2367 struct io_kiocb *nxt = NULL;
2369 if (req_ref_put_and_test(req)) {
2370 nxt = io_req_find_next(req);
2376 static inline void io_put_req(struct io_kiocb *req)
2378 if (req_ref_put_and_test(req))
2382 static inline void io_put_req_deferred(struct io_kiocb *req)
2384 if (req_ref_put_and_test(req)) {
2385 req->io_task_work.func = io_free_req_work;
2386 io_req_task_work_add(req);
2390 static unsigned io_cqring_events(struct io_ring_ctx *ctx)
2392 /* See comment at the top of this file */
2394 return __io_cqring_events(ctx);
2397 static inline unsigned int io_sqring_entries(struct io_ring_ctx *ctx)
2399 struct io_rings *rings = ctx->rings;
2401 /* make sure SQ entry isn't read before tail */
2402 return smp_load_acquire(&rings->sq.tail) - ctx->cached_sq_head;
2405 static unsigned int io_put_kbuf(struct io_kiocb *req, struct io_buffer *kbuf)
2407 unsigned int cflags;
2409 cflags = kbuf->bid << IORING_CQE_BUFFER_SHIFT;
2410 cflags |= IORING_CQE_F_BUFFER;
2411 req->flags &= ~REQ_F_BUFFER_SELECTED;
2416 static inline unsigned int io_put_rw_kbuf(struct io_kiocb *req)
2418 if (likely(!(req->flags & REQ_F_BUFFER_SELECTED)))
2420 return io_put_kbuf(req, req->kbuf);
2423 static inline bool io_run_task_work(void)
2425 if (test_thread_flag(TIF_NOTIFY_SIGNAL) || current->task_works) {
2426 __set_current_state(TASK_RUNNING);
2427 tracehook_notify_signal();
2434 static int io_do_iopoll(struct io_ring_ctx *ctx, bool force_nonspin)
2436 struct io_wq_work_node *pos, *start, *prev;
2437 unsigned int poll_flags = BLK_POLL_NOSLEEP;
2438 DEFINE_IO_COMP_BATCH(iob);
2442 * Only spin for completions if we don't have multiple devices hanging
2443 * off our complete list.
2445 if (ctx->poll_multi_queue || force_nonspin)
2446 poll_flags |= BLK_POLL_ONESHOT;
2448 wq_list_for_each(pos, start, &ctx->iopoll_list) {
2449 struct io_kiocb *req = container_of(pos, struct io_kiocb, comp_list);
2450 struct kiocb *kiocb = &req->rw.kiocb;
2454 * Move completed and retryable entries to our local lists.
2455 * If we find a request that requires polling, break out
2456 * and complete those lists first, if we have entries there.
2458 if (READ_ONCE(req->iopoll_completed))
2461 ret = kiocb->ki_filp->f_op->iopoll(kiocb, &iob, poll_flags);
2462 if (unlikely(ret < 0))
2465 poll_flags |= BLK_POLL_ONESHOT;
2467 /* iopoll may have completed current req */
2468 if (!rq_list_empty(iob.req_list) ||
2469 READ_ONCE(req->iopoll_completed))
2473 if (!rq_list_empty(iob.req_list))
2479 wq_list_for_each_resume(pos, prev) {
2480 struct io_kiocb *req = container_of(pos, struct io_kiocb, comp_list);
2482 /* order with io_complete_rw_iopoll(), e.g. ->result updates */
2483 if (!smp_load_acquire(&req->iopoll_completed))
2485 __io_cqring_fill_event(ctx, req->user_data, req->result,
2486 io_put_rw_kbuf(req));
2490 if (unlikely(!nr_events))
2493 io_commit_cqring(ctx);
2494 io_cqring_ev_posted_iopoll(ctx);
2495 pos = start ? start->next : ctx->iopoll_list.first;
2496 wq_list_cut(&ctx->iopoll_list, prev, start);
2497 io_free_batch_list(ctx, pos);
2502 * We can't just wait for polled events to come to us, we have to actively
2503 * find and complete them.
2505 static __cold void io_iopoll_try_reap_events(struct io_ring_ctx *ctx)
2507 if (!(ctx->flags & IORING_SETUP_IOPOLL))
2510 mutex_lock(&ctx->uring_lock);
2511 while (!wq_list_empty(&ctx->iopoll_list)) {
2512 /* let it sleep and repeat later if can't complete a request */
2513 if (io_do_iopoll(ctx, true) == 0)
2516 * Ensure we allow local-to-the-cpu processing to take place,
2517 * in this case we need to ensure that we reap all events.
2518 * Also let task_work, etc. to progress by releasing the mutex
2520 if (need_resched()) {
2521 mutex_unlock(&ctx->uring_lock);
2523 mutex_lock(&ctx->uring_lock);
2526 mutex_unlock(&ctx->uring_lock);
2529 static int io_iopoll_check(struct io_ring_ctx *ctx, long min)
2531 unsigned int nr_events = 0;
2535 * We disallow the app entering submit/complete with polling, but we
2536 * still need to lock the ring to prevent racing with polled issue
2537 * that got punted to a workqueue.
2539 mutex_lock(&ctx->uring_lock);
2541 * Don't enter poll loop if we already have events pending.
2542 * If we do, we can potentially be spinning for commands that
2543 * already triggered a CQE (eg in error).
2545 if (test_bit(0, &ctx->check_cq_overflow))
2546 __io_cqring_overflow_flush(ctx, false);
2547 if (io_cqring_events(ctx))
2551 * If a submit got punted to a workqueue, we can have the
2552 * application entering polling for a command before it gets
2553 * issued. That app will hold the uring_lock for the duration
2554 * of the poll right here, so we need to take a breather every
2555 * now and then to ensure that the issue has a chance to add
2556 * the poll to the issued list. Otherwise we can spin here
2557 * forever, while the workqueue is stuck trying to acquire the
2560 if (wq_list_empty(&ctx->iopoll_list)) {
2561 u32 tail = ctx->cached_cq_tail;
2563 mutex_unlock(&ctx->uring_lock);
2565 mutex_lock(&ctx->uring_lock);
2567 /* some requests don't go through iopoll_list */
2568 if (tail != ctx->cached_cq_tail ||
2569 wq_list_empty(&ctx->iopoll_list))
2572 ret = io_do_iopoll(ctx, !min);
2577 } while (nr_events < min && !need_resched());
2579 mutex_unlock(&ctx->uring_lock);
2583 static void kiocb_end_write(struct io_kiocb *req)
2586 * Tell lockdep we inherited freeze protection from submission
2589 if (req->flags & REQ_F_ISREG) {
2590 struct super_block *sb = file_inode(req->file)->i_sb;
2592 __sb_writers_acquired(sb, SB_FREEZE_WRITE);
2598 static bool io_resubmit_prep(struct io_kiocb *req)
2600 struct io_async_rw *rw = req->async_data;
2602 if (!req_has_async_data(req))
2603 return !io_req_prep_async(req);
2604 iov_iter_restore(&rw->s.iter, &rw->s.iter_state);
2608 static bool io_rw_should_reissue(struct io_kiocb *req)
2610 umode_t mode = file_inode(req->file)->i_mode;
2611 struct io_ring_ctx *ctx = req->ctx;
2613 if (!S_ISBLK(mode) && !S_ISREG(mode))
2615 if ((req->flags & REQ_F_NOWAIT) || (io_wq_current_is_worker() &&
2616 !(ctx->flags & IORING_SETUP_IOPOLL)))
2619 * If ref is dying, we might be running poll reap from the exit work.
2620 * Don't attempt to reissue from that path, just let it fail with
2623 if (percpu_ref_is_dying(&ctx->refs))
2626 * Play it safe and assume not safe to re-import and reissue if we're
2627 * not in the original thread group (or in task context).
2629 if (!same_thread_group(req->task, current) || !in_task())
2634 static bool io_resubmit_prep(struct io_kiocb *req)
2638 static bool io_rw_should_reissue(struct io_kiocb *req)
2644 static bool __io_complete_rw_common(struct io_kiocb *req, long res)
2646 if (req->rw.kiocb.ki_flags & IOCB_WRITE)
2647 kiocb_end_write(req);
2648 if (unlikely(res != req->result)) {
2649 if ((res == -EAGAIN || res == -EOPNOTSUPP) &&
2650 io_rw_should_reissue(req)) {
2651 req->flags |= REQ_F_REISSUE;
2660 static void io_req_task_complete(struct io_kiocb *req, bool *locked)
2662 unsigned int cflags = io_put_rw_kbuf(req);
2663 int res = req->result;
2666 io_req_complete_state(req, res, cflags);
2667 io_req_add_compl_list(req);
2669 io_req_complete_post(req, res, cflags);
2673 static void __io_complete_rw(struct io_kiocb *req, long res, long res2,
2674 unsigned int issue_flags)
2676 if (__io_complete_rw_common(req, res))
2678 __io_req_complete(req, issue_flags, req->result, io_put_rw_kbuf(req));
2681 static void io_complete_rw(struct kiocb *kiocb, long res, long res2)
2683 struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb);
2685 if (__io_complete_rw_common(req, res))
2688 req->io_task_work.func = io_req_task_complete;
2689 io_req_task_work_add(req);
2692 static void io_complete_rw_iopoll(struct kiocb *kiocb, long res, long res2)
2694 struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb);
2696 if (kiocb->ki_flags & IOCB_WRITE)
2697 kiocb_end_write(req);
2698 if (unlikely(res != req->result)) {
2699 if (res == -EAGAIN && io_rw_should_reissue(req)) {
2700 req->flags |= REQ_F_REISSUE;
2706 /* order with io_iopoll_complete() checking ->iopoll_completed */
2707 smp_store_release(&req->iopoll_completed, 1);
2711 * After the iocb has been issued, it's safe to be found on the poll list.
2712 * Adding the kiocb to the list AFTER submission ensures that we don't
2713 * find it from a io_do_iopoll() thread before the issuer is done
2714 * accessing the kiocb cookie.
2716 static void io_iopoll_req_issued(struct io_kiocb *req, unsigned int issue_flags)
2718 struct io_ring_ctx *ctx = req->ctx;
2719 const bool need_lock = !(issue_flags & IO_URING_F_NONBLOCK);
2721 /* workqueue context doesn't hold uring_lock, grab it now */
2722 if (unlikely(need_lock))
2723 mutex_lock(&ctx->uring_lock);
2726 * Track whether we have multiple files in our lists. This will impact
2727 * how we do polling eventually, not spinning if we're on potentially
2728 * different devices.
2730 if (wq_list_empty(&ctx->iopoll_list)) {
2731 ctx->poll_multi_queue = false;
2732 } else if (!ctx->poll_multi_queue) {
2733 struct io_kiocb *list_req;
2735 list_req = container_of(ctx->iopoll_list.first, struct io_kiocb,
2737 if (list_req->file != req->file)
2738 ctx->poll_multi_queue = true;
2742 * For fast devices, IO may have already completed. If it has, add
2743 * it to the front so we find it first.
2745 if (READ_ONCE(req->iopoll_completed))
2746 wq_list_add_head(&req->comp_list, &ctx->iopoll_list);
2748 wq_list_add_tail(&req->comp_list, &ctx->iopoll_list);
2750 if (unlikely(need_lock)) {
2752 * If IORING_SETUP_SQPOLL is enabled, sqes are either handle
2753 * in sq thread task context or in io worker task context. If
2754 * current task context is sq thread, we don't need to check
2755 * whether should wake up sq thread.
2757 if ((ctx->flags & IORING_SETUP_SQPOLL) &&
2758 wq_has_sleeper(&ctx->sq_data->wait))
2759 wake_up(&ctx->sq_data->wait);
2761 mutex_unlock(&ctx->uring_lock);
2765 static bool io_bdev_nowait(struct block_device *bdev)
2767 return !bdev || blk_queue_nowait(bdev_get_queue(bdev));
2771 * If we tracked the file through the SCM inflight mechanism, we could support
2772 * any file. For now, just ensure that anything potentially problematic is done
2775 static bool __io_file_supports_nowait(struct file *file, int rw)
2777 umode_t mode = file_inode(file)->i_mode;
2779 if (S_ISBLK(mode)) {
2780 if (IS_ENABLED(CONFIG_BLOCK) &&
2781 io_bdev_nowait(I_BDEV(file->f_mapping->host)))
2787 if (S_ISREG(mode)) {
2788 if (IS_ENABLED(CONFIG_BLOCK) &&
2789 io_bdev_nowait(file->f_inode->i_sb->s_bdev) &&
2790 file->f_op != &io_uring_fops)
2795 /* any ->read/write should understand O_NONBLOCK */
2796 if (file->f_flags & O_NONBLOCK)
2799 if (!(file->f_mode & FMODE_NOWAIT))
2803 return file->f_op->read_iter != NULL;
2805 return file->f_op->write_iter != NULL;
2808 static bool io_file_supports_nowait(struct io_kiocb *req, int rw)
2810 if (rw == READ && (req->flags & REQ_F_NOWAIT_READ))
2812 else if (rw == WRITE && (req->flags & REQ_F_NOWAIT_WRITE))
2815 return __io_file_supports_nowait(req->file, rw);
2818 static int io_prep_rw(struct io_kiocb *req, const struct io_uring_sqe *sqe,
2821 struct io_ring_ctx *ctx = req->ctx;
2822 struct kiocb *kiocb = &req->rw.kiocb;
2823 struct file *file = req->file;
2827 if (!io_req_ffs_set(req) && S_ISREG(file_inode(file)->i_mode))
2828 req->flags |= REQ_F_ISREG;
2830 kiocb->ki_pos = READ_ONCE(sqe->off);
2831 if (kiocb->ki_pos == -1 && !(file->f_mode & FMODE_STREAM)) {
2832 req->flags |= REQ_F_CUR_POS;
2833 kiocb->ki_pos = file->f_pos;
2835 kiocb->ki_hint = ki_hint_validate(file_write_hint(file));
2836 kiocb->ki_flags = iocb_flags(file);
2837 ret = kiocb_set_rw_flags(kiocb, READ_ONCE(sqe->rw_flags));
2842 * If the file is marked O_NONBLOCK, still allow retry for it if it
2843 * supports async. Otherwise it's impossible to use O_NONBLOCK files
2844 * reliably. If not, or it IOCB_NOWAIT is set, don't retry.
2846 if ((kiocb->ki_flags & IOCB_NOWAIT) ||
2847 ((file->f_flags & O_NONBLOCK) && !io_file_supports_nowait(req, rw)))
2848 req->flags |= REQ_F_NOWAIT;
2850 ioprio = READ_ONCE(sqe->ioprio);
2852 ret = ioprio_check_cap(ioprio);
2856 kiocb->ki_ioprio = ioprio;
2858 kiocb->ki_ioprio = get_current_ioprio();
2860 if (ctx->flags & IORING_SETUP_IOPOLL) {
2861 if (!(kiocb->ki_flags & IOCB_DIRECT) || !file->f_op->iopoll)
2864 kiocb->ki_flags |= IOCB_HIPRI | IOCB_ALLOC_CACHE;
2865 kiocb->ki_complete = io_complete_rw_iopoll;
2866 req->iopoll_completed = 0;
2868 if (kiocb->ki_flags & IOCB_HIPRI)
2870 kiocb->ki_complete = io_complete_rw;
2874 req->rw.addr = READ_ONCE(sqe->addr);
2875 req->rw.len = READ_ONCE(sqe->len);
2876 req->buf_index = READ_ONCE(sqe->buf_index);
2880 static inline void io_rw_done(struct kiocb *kiocb, ssize_t ret)
2886 case -ERESTARTNOINTR:
2887 case -ERESTARTNOHAND:
2888 case -ERESTART_RESTARTBLOCK:
2890 * We can't just restart the syscall, since previously
2891 * submitted sqes may already be in progress. Just fail this
2897 kiocb->ki_complete(kiocb, ret, 0);
2901 static void kiocb_done(struct kiocb *kiocb, ssize_t ret,
2902 unsigned int issue_flags)
2904 struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw.kiocb);
2905 struct io_async_rw *io = req->async_data;
2907 /* add previously done IO, if any */
2908 if (req_has_async_data(req) && io->bytes_done > 0) {
2910 ret = io->bytes_done;
2912 ret += io->bytes_done;
2915 if (req->flags & REQ_F_CUR_POS)
2916 req->file->f_pos = kiocb->ki_pos;
2917 if (ret >= 0 && (kiocb->ki_complete == io_complete_rw))
2918 __io_complete_rw(req, ret, 0, issue_flags);
2920 io_rw_done(kiocb, ret);
2922 if (req->flags & REQ_F_REISSUE) {
2923 req->flags &= ~REQ_F_REISSUE;
2924 if (io_resubmit_prep(req)) {
2925 io_req_task_queue_reissue(req);
2927 unsigned int cflags = io_put_rw_kbuf(req);
2928 struct io_ring_ctx *ctx = req->ctx;
2931 if (!(issue_flags & IO_URING_F_NONBLOCK)) {
2932 mutex_lock(&ctx->uring_lock);
2933 __io_req_complete(req, issue_flags, ret, cflags);
2934 mutex_unlock(&ctx->uring_lock);
2936 __io_req_complete(req, issue_flags, ret, cflags);
2942 static int __io_import_fixed(struct io_kiocb *req, int rw, struct iov_iter *iter,
2943 struct io_mapped_ubuf *imu)
2945 size_t len = req->rw.len;
2946 u64 buf_end, buf_addr = req->rw.addr;
2949 if (unlikely(check_add_overflow(buf_addr, (u64)len, &buf_end)))
2951 /* not inside the mapped region */
2952 if (unlikely(buf_addr < imu->ubuf || buf_end > imu->ubuf_end))
2956 * May not be a start of buffer, set size appropriately
2957 * and advance us to the beginning.
2959 offset = buf_addr - imu->ubuf;
2960 iov_iter_bvec(iter, rw, imu->bvec, imu->nr_bvecs, offset + len);
2964 * Don't use iov_iter_advance() here, as it's really slow for
2965 * using the latter parts of a big fixed buffer - it iterates
2966 * over each segment manually. We can cheat a bit here, because
2969 * 1) it's a BVEC iter, we set it up
2970 * 2) all bvecs are PAGE_SIZE in size, except potentially the
2971 * first and last bvec
2973 * So just find our index, and adjust the iterator afterwards.
2974 * If the offset is within the first bvec (or the whole first
2975 * bvec, just use iov_iter_advance(). This makes it easier
2976 * since we can just skip the first segment, which may not
2977 * be PAGE_SIZE aligned.
2979 const struct bio_vec *bvec = imu->bvec;
2981 if (offset <= bvec->bv_len) {
2982 iov_iter_advance(iter, offset);
2984 unsigned long seg_skip;
2986 /* skip first vec */
2987 offset -= bvec->bv_len;
2988 seg_skip = 1 + (offset >> PAGE_SHIFT);
2990 iter->bvec = bvec + seg_skip;
2991 iter->nr_segs -= seg_skip;
2992 iter->count -= bvec->bv_len + offset;
2993 iter->iov_offset = offset & ~PAGE_MASK;
3000 static int io_import_fixed(struct io_kiocb *req, int rw, struct iov_iter *iter)
3002 struct io_mapped_ubuf *imu = req->imu;
3003 u16 index, buf_index = req->buf_index;
3006 struct io_ring_ctx *ctx = req->ctx;
3008 if (unlikely(buf_index >= ctx->nr_user_bufs))
3010 io_req_set_rsrc_node(req, ctx);
3011 index = array_index_nospec(buf_index, ctx->nr_user_bufs);
3012 imu = READ_ONCE(ctx->user_bufs[index]);
3015 return __io_import_fixed(req, rw, iter, imu);
3018 static void io_ring_submit_unlock(struct io_ring_ctx *ctx, bool needs_lock)
3021 mutex_unlock(&ctx->uring_lock);
3024 static void io_ring_submit_lock(struct io_ring_ctx *ctx, bool needs_lock)
3027 * "Normal" inline submissions always hold the uring_lock, since we
3028 * grab it from the system call. Same is true for the SQPOLL offload.
3029 * The only exception is when we've detached the request and issue it
3030 * from an async worker thread, grab the lock for that case.
3033 mutex_lock(&ctx->uring_lock);
3036 static struct io_buffer *io_buffer_select(struct io_kiocb *req, size_t *len,
3037 int bgid, unsigned int issue_flags)
3039 struct io_buffer *kbuf = req->kbuf;
3040 struct io_buffer *head;
3041 bool needs_lock = !(issue_flags & IO_URING_F_NONBLOCK);
3043 if (req->flags & REQ_F_BUFFER_SELECTED)
3046 io_ring_submit_lock(req->ctx, needs_lock);
3048 lockdep_assert_held(&req->ctx->uring_lock);
3050 head = xa_load(&req->ctx->io_buffers, bgid);
3052 if (!list_empty(&head->list)) {
3053 kbuf = list_last_entry(&head->list, struct io_buffer,
3055 list_del(&kbuf->list);
3058 xa_erase(&req->ctx->io_buffers, bgid);
3060 if (*len > kbuf->len)
3062 req->flags |= REQ_F_BUFFER_SELECTED;
3065 kbuf = ERR_PTR(-ENOBUFS);
3068 io_ring_submit_unlock(req->ctx, needs_lock);
3072 static void __user *io_rw_buffer_select(struct io_kiocb *req, size_t *len,
3073 unsigned int issue_flags)
3075 struct io_buffer *kbuf;
3078 bgid = req->buf_index;
3079 kbuf = io_buffer_select(req, len, bgid, issue_flags);
3082 return u64_to_user_ptr(kbuf->addr);
3085 #ifdef CONFIG_COMPAT
3086 static ssize_t io_compat_import(struct io_kiocb *req, struct iovec *iov,
3087 unsigned int issue_flags)
3089 struct compat_iovec __user *uiov;
3090 compat_ssize_t clen;
3094 uiov = u64_to_user_ptr(req->rw.addr);
3095 if (!access_ok(uiov, sizeof(*uiov)))
3097 if (__get_user(clen, &uiov->iov_len))
3103 buf = io_rw_buffer_select(req, &len, issue_flags);
3105 return PTR_ERR(buf);
3106 iov[0].iov_base = buf;
3107 iov[0].iov_len = (compat_size_t) len;
3112 static ssize_t __io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov,
3113 unsigned int issue_flags)
3115 struct iovec __user *uiov = u64_to_user_ptr(req->rw.addr);
3119 if (copy_from_user(iov, uiov, sizeof(*uiov)))
3122 len = iov[0].iov_len;
3125 buf = io_rw_buffer_select(req, &len, issue_flags);
3127 return PTR_ERR(buf);
3128 iov[0].iov_base = buf;
3129 iov[0].iov_len = len;
3133 static ssize_t io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov,
3134 unsigned int issue_flags)
3136 if (req->flags & REQ_F_BUFFER_SELECTED) {
3137 struct io_buffer *kbuf = req->kbuf;
3139 iov[0].iov_base = u64_to_user_ptr(kbuf->addr);
3140 iov[0].iov_len = kbuf->len;
3143 if (req->rw.len != 1)
3146 #ifdef CONFIG_COMPAT
3147 if (req->ctx->compat)
3148 return io_compat_import(req, iov, issue_flags);
3151 return __io_iov_buffer_select(req, iov, issue_flags);
3154 static struct iovec *__io_import_iovec(int rw, struct io_kiocb *req,
3155 struct io_rw_state *s,
3156 unsigned int issue_flags)
3158 struct iov_iter *iter = &s->iter;
3159 u8 opcode = req->opcode;
3160 struct iovec *iovec;
3165 BUILD_BUG_ON(ERR_PTR(0) != NULL);
3167 if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED)
3168 return ERR_PTR(io_import_fixed(req, rw, iter));
3170 /* buffer index only valid with fixed read/write, or buffer select */
3171 if (unlikely(req->buf_index && !(req->flags & REQ_F_BUFFER_SELECT)))
3172 return ERR_PTR(-EINVAL);
3174 buf = u64_to_user_ptr(req->rw.addr);
3175 sqe_len = req->rw.len;
3177 if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) {
3178 if (req->flags & REQ_F_BUFFER_SELECT) {
3179 buf = io_rw_buffer_select(req, &sqe_len, issue_flags);
3181 return ERR_PTR(PTR_ERR(buf));
3182 req->rw.len = sqe_len;
3185 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
3186 return ERR_PTR(ret);
3189 iovec = s->fast_iov;
3190 if (req->flags & REQ_F_BUFFER_SELECT) {
3191 ret = io_iov_buffer_select(req, iovec, issue_flags);
3193 iov_iter_init(iter, rw, iovec, 1, iovec->iov_len);
3194 return ERR_PTR(ret);
3197 ret = __import_iovec(rw, buf, sqe_len, UIO_FASTIOV, &iovec, iter,
3199 if (unlikely(ret < 0))
3200 return ERR_PTR(ret);
3204 static inline int io_import_iovec(int rw, struct io_kiocb *req,
3205 struct iovec **iovec, struct io_rw_state *s,
3206 unsigned int issue_flags)
3208 *iovec = __io_import_iovec(rw, req, s, issue_flags);
3209 if (unlikely(IS_ERR(*iovec)))
3210 return PTR_ERR(*iovec);
3212 iov_iter_save_state(&s->iter, &s->iter_state);
3216 static inline loff_t *io_kiocb_ppos(struct kiocb *kiocb)
3218 return (kiocb->ki_filp->f_mode & FMODE_STREAM) ? NULL : &kiocb->ki_pos;
3222 * For files that don't have ->read_iter() and ->write_iter(), handle them
3223 * by looping over ->read() or ->write() manually.
3225 static ssize_t loop_rw_iter(int rw, struct io_kiocb *req, struct iov_iter *iter)
3227 struct kiocb *kiocb = &req->rw.kiocb;
3228 struct file *file = req->file;
3232 * Don't support polled IO through this interface, and we can't
3233 * support non-blocking either. For the latter, this just causes
3234 * the kiocb to be handled from an async context.
3236 if (kiocb->ki_flags & IOCB_HIPRI)
3238 if (kiocb->ki_flags & IOCB_NOWAIT)
3241 while (iov_iter_count(iter)) {
3245 if (!iov_iter_is_bvec(iter)) {
3246 iovec = iov_iter_iovec(iter);
3248 iovec.iov_base = u64_to_user_ptr(req->rw.addr);
3249 iovec.iov_len = req->rw.len;
3253 nr = file->f_op->read(file, iovec.iov_base,
3254 iovec.iov_len, io_kiocb_ppos(kiocb));
3256 nr = file->f_op->write(file, iovec.iov_base,
3257 iovec.iov_len, io_kiocb_ppos(kiocb));
3265 if (!iov_iter_is_bvec(iter)) {
3266 iov_iter_advance(iter, nr);
3272 if (nr != iovec.iov_len)
3279 static void io_req_map_rw(struct io_kiocb *req, const struct iovec *iovec,
3280 const struct iovec *fast_iov, struct iov_iter *iter)
3282 struct io_async_rw *rw = req->async_data;
3284 memcpy(&rw->s.iter, iter, sizeof(*iter));
3285 rw->free_iovec = iovec;
3287 /* can only be fixed buffers, no need to do anything */
3288 if (iov_iter_is_bvec(iter))
3291 unsigned iov_off = 0;
3293 rw->s.iter.iov = rw->s.fast_iov;
3294 if (iter->iov != fast_iov) {
3295 iov_off = iter->iov - fast_iov;
3296 rw->s.iter.iov += iov_off;
3298 if (rw->s.fast_iov != fast_iov)
3299 memcpy(rw->s.fast_iov + iov_off, fast_iov + iov_off,
3300 sizeof(struct iovec) * iter->nr_segs);
3302 req->flags |= REQ_F_NEED_CLEANUP;
3306 static inline bool io_alloc_async_data(struct io_kiocb *req)
3308 WARN_ON_ONCE(!io_op_defs[req->opcode].async_size);
3309 req->async_data = kmalloc(io_op_defs[req->opcode].async_size, GFP_KERNEL);
3310 if (req->async_data) {
3311 req->flags |= REQ_F_ASYNC_DATA;
3317 static int io_setup_async_rw(struct io_kiocb *req, const struct iovec *iovec,
3318 struct io_rw_state *s, bool force)
3320 if (!force && !io_op_defs[req->opcode].needs_async_setup)
3322 if (!req_has_async_data(req)) {
3323 struct io_async_rw *iorw;
3325 if (io_alloc_async_data(req)) {
3330 io_req_map_rw(req, iovec, s->fast_iov, &s->iter);
3331 iorw = req->async_data;
3332 /* we've copied and mapped the iter, ensure state is saved */
3333 iov_iter_save_state(&iorw->s.iter, &iorw->s.iter_state);
3338 static inline int io_rw_prep_async(struct io_kiocb *req, int rw)
3340 struct io_async_rw *iorw = req->async_data;
3344 /* submission path, ->uring_lock should already be taken */
3345 ret = io_import_iovec(rw, req, &iov, &iorw->s, IO_URING_F_NONBLOCK);
3346 if (unlikely(ret < 0))
3349 iorw->bytes_done = 0;
3350 iorw->free_iovec = iov;
3352 req->flags |= REQ_F_NEED_CLEANUP;
3356 static int io_read_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
3358 if (unlikely(!(req->file->f_mode & FMODE_READ)))
3360 return io_prep_rw(req, sqe, READ);
3364 * This is our waitqueue callback handler, registered through lock_page_async()
3365 * when we initially tried to do the IO with the iocb armed our waitqueue.
3366 * This gets called when the page is unlocked, and we generally expect that to
3367 * happen when the page IO is completed and the page is now uptodate. This will
3368 * queue a task_work based retry of the operation, attempting to copy the data
3369 * again. If the latter fails because the page was NOT uptodate, then we will
3370 * do a thread based blocking retry of the operation. That's the unexpected
3373 static int io_async_buf_func(struct wait_queue_entry *wait, unsigned mode,
3374 int sync, void *arg)
3376 struct wait_page_queue *wpq;
3377 struct io_kiocb *req = wait->private;
3378 struct wait_page_key *key = arg;
3380 wpq = container_of(wait, struct wait_page_queue, wait);
3382 if (!wake_page_match(wpq, key))
3385 req->rw.kiocb.ki_flags &= ~IOCB_WAITQ;
3386 list_del_init(&wait->entry);
3387 io_req_task_queue(req);
3392 * This controls whether a given IO request should be armed for async page
3393 * based retry. If we return false here, the request is handed to the async
3394 * worker threads for retry. If we're doing buffered reads on a regular file,
3395 * we prepare a private wait_page_queue entry and retry the operation. This
3396 * will either succeed because the page is now uptodate and unlocked, or it
3397 * will register a callback when the page is unlocked at IO completion. Through
3398 * that callback, io_uring uses task_work to setup a retry of the operation.
3399 * That retry will attempt the buffered read again. The retry will generally
3400 * succeed, or in rare cases where it fails, we then fall back to using the
3401 * async worker threads for a blocking retry.
3403 static bool io_rw_should_retry(struct io_kiocb *req)
3405 struct io_async_rw *rw = req->async_data;
3406 struct wait_page_queue *wait = &rw->wpq;
3407 struct kiocb *kiocb = &req->rw.kiocb;
3409 /* never retry for NOWAIT, we just complete with -EAGAIN */
3410 if (req->flags & REQ_F_NOWAIT)
3413 /* Only for buffered IO */
3414 if (kiocb->ki_flags & (IOCB_DIRECT | IOCB_HIPRI))
3418 * just use poll if we can, and don't attempt if the fs doesn't
3419 * support callback based unlocks
3421 if (file_can_poll(req->file) || !(req->file->f_mode & FMODE_BUF_RASYNC))
3424 wait->wait.func = io_async_buf_func;
3425 wait->wait.private = req;
3426 wait->wait.flags = 0;
3427 INIT_LIST_HEAD(&wait->wait.entry);
3428 kiocb->ki_flags |= IOCB_WAITQ;
3429 kiocb->ki_flags &= ~IOCB_NOWAIT;
3430 kiocb->ki_waitq = wait;
3434 static inline int io_iter_do_read(struct io_kiocb *req, struct iov_iter *iter)
3436 if (likely(req->file->f_op->read_iter))
3437 return call_read_iter(req->file, &req->rw.kiocb, iter);
3438 else if (req->file->f_op->read)
3439 return loop_rw_iter(READ, req, iter);
3444 static bool need_read_all(struct io_kiocb *req)
3446 return req->flags & REQ_F_ISREG ||
3447 S_ISBLK(file_inode(req->file)->i_mode);
3450 static int io_read(struct io_kiocb *req, unsigned int issue_flags)
3452 struct io_rw_state __s, *s = &__s;
3453 struct iovec *iovec;
3454 struct kiocb *kiocb = &req->rw.kiocb;
3455 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
3456 struct io_async_rw *rw;
3459 if (!req_has_async_data(req)) {
3460 ret = io_import_iovec(READ, req, &iovec, s, issue_flags);
3461 if (unlikely(ret < 0))
3464 rw = req->async_data;
3467 * We come here from an earlier attempt, restore our state to
3468 * match in case it doesn't. It's cheap enough that we don't
3469 * need to make this conditional.
3471 iov_iter_restore(&s->iter, &s->iter_state);
3474 req->result = iov_iter_count(&s->iter);
3476 if (force_nonblock) {
3477 /* If the file doesn't support async, just async punt */
3478 if (unlikely(!io_file_supports_nowait(req, READ))) {
3479 ret = io_setup_async_rw(req, iovec, s, true);
3480 return ret ?: -EAGAIN;
3482 kiocb->ki_flags |= IOCB_NOWAIT;
3484 /* Ensure we clear previously set non-block flag */
3485 kiocb->ki_flags &= ~IOCB_NOWAIT;
3488 ret = rw_verify_area(READ, req->file, io_kiocb_ppos(kiocb), req->result);
3489 if (unlikely(ret)) {
3494 ret = io_iter_do_read(req, &s->iter);
3496 if (ret == -EAGAIN || (req->flags & REQ_F_REISSUE)) {
3497 req->flags &= ~REQ_F_REISSUE;
3498 /* IOPOLL retry should happen for io-wq threads */
3499 if (!force_nonblock && !(req->ctx->flags & IORING_SETUP_IOPOLL))
3501 /* no retry on NONBLOCK nor RWF_NOWAIT */
3502 if (req->flags & REQ_F_NOWAIT)
3505 } else if (ret == -EIOCBQUEUED) {
3507 } else if (ret == req->result || ret <= 0 || !force_nonblock ||
3508 (req->flags & REQ_F_NOWAIT) || !need_read_all(req)) {
3509 /* read all, failed, already did sync or don't want to retry */
3514 * Don't depend on the iter state matching what was consumed, or being
3515 * untouched in case of error. Restore it and we'll advance it
3516 * manually if we need to.
3518 iov_iter_restore(&s->iter, &s->iter_state);
3520 ret2 = io_setup_async_rw(req, iovec, s, true);
3525 rw = req->async_data;
3528 * Now use our persistent iterator and state, if we aren't already.
3529 * We've restored and mapped the iter to match.
3534 * We end up here because of a partial read, either from
3535 * above or inside this loop. Advance the iter by the bytes
3536 * that were consumed.
3538 iov_iter_advance(&s->iter, ret);
3539 if (!iov_iter_count(&s->iter))
3541 rw->bytes_done += ret;
3542 iov_iter_save_state(&s->iter, &s->iter_state);
3544 /* if we can retry, do so with the callbacks armed */
3545 if (!io_rw_should_retry(req)) {
3546 kiocb->ki_flags &= ~IOCB_WAITQ;
3551 * Now retry read with the IOCB_WAITQ parts set in the iocb. If
3552 * we get -EIOCBQUEUED, then we'll get a notification when the
3553 * desired page gets unlocked. We can also get a partial read
3554 * here, and if we do, then just retry at the new offset.
3556 ret = io_iter_do_read(req, &s->iter);
3557 if (ret == -EIOCBQUEUED)
3559 /* we got some bytes, but not all. retry. */
3560 kiocb->ki_flags &= ~IOCB_WAITQ;
3561 iov_iter_restore(&s->iter, &s->iter_state);
3564 kiocb_done(kiocb, ret, issue_flags);
3566 /* it's faster to check here then delegate to kfree */
3572 static int io_write_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
3574 if (unlikely(!(req->file->f_mode & FMODE_WRITE)))
3576 return io_prep_rw(req, sqe, WRITE);
3579 static int io_write(struct io_kiocb *req, unsigned int issue_flags)
3581 struct io_rw_state __s, *s = &__s;
3582 struct iovec *iovec;
3583 struct kiocb *kiocb = &req->rw.kiocb;
3584 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
3587 if (!req_has_async_data(req)) {
3588 ret = io_import_iovec(WRITE, req, &iovec, s, issue_flags);
3589 if (unlikely(ret < 0))
3592 struct io_async_rw *rw = req->async_data;
3595 iov_iter_restore(&s->iter, &s->iter_state);
3598 req->result = iov_iter_count(&s->iter);
3600 if (force_nonblock) {
3601 /* If the file doesn't support async, just async punt */
3602 if (unlikely(!io_file_supports_nowait(req, WRITE)))
3605 /* file path doesn't support NOWAIT for non-direct_IO */
3606 if (force_nonblock && !(kiocb->ki_flags & IOCB_DIRECT) &&
3607 (req->flags & REQ_F_ISREG))
3610 kiocb->ki_flags |= IOCB_NOWAIT;
3612 /* Ensure we clear previously set non-block flag */
3613 kiocb->ki_flags &= ~IOCB_NOWAIT;
3616 ret = rw_verify_area(WRITE, req->file, io_kiocb_ppos(kiocb), req->result);
3621 * Open-code file_start_write here to grab freeze protection,
3622 * which will be released by another thread in
3623 * io_complete_rw(). Fool lockdep by telling it the lock got
3624 * released so that it doesn't complain about the held lock when
3625 * we return to userspace.
3627 if (req->flags & REQ_F_ISREG) {
3628 sb_start_write(file_inode(req->file)->i_sb);
3629 __sb_writers_release(file_inode(req->file)->i_sb,
3632 kiocb->ki_flags |= IOCB_WRITE;
3634 if (req->file->f_op->write_iter)
3635 ret2 = call_write_iter(req->file, kiocb, &s->iter);
3636 else if (req->file->f_op->write)
3637 ret2 = loop_rw_iter(WRITE, req, &s->iter);
3641 if (req->flags & REQ_F_REISSUE) {
3642 req->flags &= ~REQ_F_REISSUE;
3647 * Raw bdev writes will return -EOPNOTSUPP for IOCB_NOWAIT. Just
3648 * retry them without IOCB_NOWAIT.
3650 if (ret2 == -EOPNOTSUPP && (kiocb->ki_flags & IOCB_NOWAIT))
3652 /* no retry on NONBLOCK nor RWF_NOWAIT */
3653 if (ret2 == -EAGAIN && (req->flags & REQ_F_NOWAIT))
3655 if (!force_nonblock || ret2 != -EAGAIN) {
3656 /* IOPOLL retry should happen for io-wq threads */
3657 if (ret2 == -EAGAIN && (req->ctx->flags & IORING_SETUP_IOPOLL))
3660 kiocb_done(kiocb, ret2, issue_flags);
3663 iov_iter_restore(&s->iter, &s->iter_state);
3664 ret = io_setup_async_rw(req, iovec, s, false);
3665 return ret ?: -EAGAIN;
3668 /* it's reportedly faster than delegating the null check to kfree() */
3674 static int io_renameat_prep(struct io_kiocb *req,
3675 const struct io_uring_sqe *sqe)
3677 struct io_rename *ren = &req->rename;
3678 const char __user *oldf, *newf;
3680 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3682 if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
3684 if (unlikely(req->flags & REQ_F_FIXED_FILE))
3687 ren->old_dfd = READ_ONCE(sqe->fd);
3688 oldf = u64_to_user_ptr(READ_ONCE(sqe->addr));
3689 newf = u64_to_user_ptr(READ_ONCE(sqe->addr2));
3690 ren->new_dfd = READ_ONCE(sqe->len);
3691 ren->flags = READ_ONCE(sqe->rename_flags);
3693 ren->oldpath = getname(oldf);
3694 if (IS_ERR(ren->oldpath))
3695 return PTR_ERR(ren->oldpath);
3697 ren->newpath = getname(newf);
3698 if (IS_ERR(ren->newpath)) {
3699 putname(ren->oldpath);
3700 return PTR_ERR(ren->newpath);
3703 req->flags |= REQ_F_NEED_CLEANUP;
3707 static int io_renameat(struct io_kiocb *req, unsigned int issue_flags)
3709 struct io_rename *ren = &req->rename;
3712 if (issue_flags & IO_URING_F_NONBLOCK)
3715 ret = do_renameat2(ren->old_dfd, ren->oldpath, ren->new_dfd,
3716 ren->newpath, ren->flags);
3718 req->flags &= ~REQ_F_NEED_CLEANUP;
3721 io_req_complete(req, ret);
3725 static int io_unlinkat_prep(struct io_kiocb *req,
3726 const struct io_uring_sqe *sqe)
3728 struct io_unlink *un = &req->unlink;
3729 const char __user *fname;
3731 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3733 if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index ||
3736 if (unlikely(req->flags & REQ_F_FIXED_FILE))
3739 un->dfd = READ_ONCE(sqe->fd);
3741 un->flags = READ_ONCE(sqe->unlink_flags);
3742 if (un->flags & ~AT_REMOVEDIR)
3745 fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
3746 un->filename = getname(fname);
3747 if (IS_ERR(un->filename))
3748 return PTR_ERR(un->filename);
3750 req->flags |= REQ_F_NEED_CLEANUP;
3754 static int io_unlinkat(struct io_kiocb *req, unsigned int issue_flags)
3756 struct io_unlink *un = &req->unlink;
3759 if (issue_flags & IO_URING_F_NONBLOCK)
3762 if (un->flags & AT_REMOVEDIR)
3763 ret = do_rmdir(un->dfd, un->filename);
3765 ret = do_unlinkat(un->dfd, un->filename);
3767 req->flags &= ~REQ_F_NEED_CLEANUP;
3770 io_req_complete(req, ret);
3774 static int io_mkdirat_prep(struct io_kiocb *req,
3775 const struct io_uring_sqe *sqe)
3777 struct io_mkdir *mkd = &req->mkdir;
3778 const char __user *fname;
3780 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3782 if (sqe->ioprio || sqe->off || sqe->rw_flags || sqe->buf_index ||
3785 if (unlikely(req->flags & REQ_F_FIXED_FILE))
3788 mkd->dfd = READ_ONCE(sqe->fd);
3789 mkd->mode = READ_ONCE(sqe->len);
3791 fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
3792 mkd->filename = getname(fname);
3793 if (IS_ERR(mkd->filename))
3794 return PTR_ERR(mkd->filename);
3796 req->flags |= REQ_F_NEED_CLEANUP;
3800 static int io_mkdirat(struct io_kiocb *req, unsigned int issue_flags)
3802 struct io_mkdir *mkd = &req->mkdir;
3805 if (issue_flags & IO_URING_F_NONBLOCK)
3808 ret = do_mkdirat(mkd->dfd, mkd->filename, mkd->mode);
3810 req->flags &= ~REQ_F_NEED_CLEANUP;
3813 io_req_complete(req, ret);
3817 static int io_symlinkat_prep(struct io_kiocb *req,
3818 const struct io_uring_sqe *sqe)
3820 struct io_symlink *sl = &req->symlink;
3821 const char __user *oldpath, *newpath;
3823 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3825 if (sqe->ioprio || sqe->len || sqe->rw_flags || sqe->buf_index ||
3828 if (unlikely(req->flags & REQ_F_FIXED_FILE))
3831 sl->new_dfd = READ_ONCE(sqe->fd);
3832 oldpath = u64_to_user_ptr(READ_ONCE(sqe->addr));
3833 newpath = u64_to_user_ptr(READ_ONCE(sqe->addr2));
3835 sl->oldpath = getname(oldpath);
3836 if (IS_ERR(sl->oldpath))
3837 return PTR_ERR(sl->oldpath);
3839 sl->newpath = getname(newpath);
3840 if (IS_ERR(sl->newpath)) {
3841 putname(sl->oldpath);
3842 return PTR_ERR(sl->newpath);
3845 req->flags |= REQ_F_NEED_CLEANUP;
3849 static int io_symlinkat(struct io_kiocb *req, unsigned int issue_flags)
3851 struct io_symlink *sl = &req->symlink;
3854 if (issue_flags & IO_URING_F_NONBLOCK)
3857 ret = do_symlinkat(sl->oldpath, sl->new_dfd, sl->newpath);
3859 req->flags &= ~REQ_F_NEED_CLEANUP;
3862 io_req_complete(req, ret);
3866 static int io_linkat_prep(struct io_kiocb *req,
3867 const struct io_uring_sqe *sqe)
3869 struct io_hardlink *lnk = &req->hardlink;
3870 const char __user *oldf, *newf;
3872 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3874 if (sqe->ioprio || sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in)
3876 if (unlikely(req->flags & REQ_F_FIXED_FILE))
3879 lnk->old_dfd = READ_ONCE(sqe->fd);
3880 lnk->new_dfd = READ_ONCE(sqe->len);
3881 oldf = u64_to_user_ptr(READ_ONCE(sqe->addr));
3882 newf = u64_to_user_ptr(READ_ONCE(sqe->addr2));
3883 lnk->flags = READ_ONCE(sqe->hardlink_flags);
3885 lnk->oldpath = getname(oldf);
3886 if (IS_ERR(lnk->oldpath))
3887 return PTR_ERR(lnk->oldpath);
3889 lnk->newpath = getname(newf);
3890 if (IS_ERR(lnk->newpath)) {
3891 putname(lnk->oldpath);
3892 return PTR_ERR(lnk->newpath);
3895 req->flags |= REQ_F_NEED_CLEANUP;
3899 static int io_linkat(struct io_kiocb *req, unsigned int issue_flags)
3901 struct io_hardlink *lnk = &req->hardlink;
3904 if (issue_flags & IO_URING_F_NONBLOCK)
3907 ret = do_linkat(lnk->old_dfd, lnk->oldpath, lnk->new_dfd,
3908 lnk->newpath, lnk->flags);
3910 req->flags &= ~REQ_F_NEED_CLEANUP;
3913 io_req_complete(req, ret);
3917 static int io_shutdown_prep(struct io_kiocb *req,
3918 const struct io_uring_sqe *sqe)
3920 #if defined(CONFIG_NET)
3921 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3923 if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags ||
3924 sqe->buf_index || sqe->splice_fd_in))
3927 req->shutdown.how = READ_ONCE(sqe->len);
3934 static int io_shutdown(struct io_kiocb *req, unsigned int issue_flags)
3936 #if defined(CONFIG_NET)
3937 struct socket *sock;
3940 if (issue_flags & IO_URING_F_NONBLOCK)
3943 sock = sock_from_file(req->file);
3944 if (unlikely(!sock))
3947 ret = __sys_shutdown_sock(sock, req->shutdown.how);
3950 io_req_complete(req, ret);
3957 static int __io_splice_prep(struct io_kiocb *req,
3958 const struct io_uring_sqe *sqe)
3960 struct io_splice *sp = &req->splice;
3961 unsigned int valid_flags = SPLICE_F_FD_IN_FIXED | SPLICE_F_ALL;
3963 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
3967 sp->len = READ_ONCE(sqe->len);
3968 sp->flags = READ_ONCE(sqe->splice_flags);
3970 if (unlikely(sp->flags & ~valid_flags))
3973 sp->file_in = io_file_get(req->ctx, req, READ_ONCE(sqe->splice_fd_in),
3974 (sp->flags & SPLICE_F_FD_IN_FIXED));
3977 req->flags |= REQ_F_NEED_CLEANUP;
3981 static int io_tee_prep(struct io_kiocb *req,
3982 const struct io_uring_sqe *sqe)
3984 if (READ_ONCE(sqe->splice_off_in) || READ_ONCE(sqe->off))
3986 return __io_splice_prep(req, sqe);
3989 static int io_tee(struct io_kiocb *req, unsigned int issue_flags)
3991 struct io_splice *sp = &req->splice;
3992 struct file *in = sp->file_in;
3993 struct file *out = sp->file_out;
3994 unsigned int flags = sp->flags & ~SPLICE_F_FD_IN_FIXED;
3997 if (issue_flags & IO_URING_F_NONBLOCK)
4000 ret = do_tee(in, out, sp->len, flags);
4002 if (!(sp->flags & SPLICE_F_FD_IN_FIXED))
4004 req->flags &= ~REQ_F_NEED_CLEANUP;
4008 io_req_complete(req, ret);
4012 static int io_splice_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4014 struct io_splice *sp = &req->splice;
4016 sp->off_in = READ_ONCE(sqe->splice_off_in);
4017 sp->off_out = READ_ONCE(sqe->off);
4018 return __io_splice_prep(req, sqe);
4021 static int io_splice(struct io_kiocb *req, unsigned int issue_flags)
4023 struct io_splice *sp = &req->splice;
4024 struct file *in = sp->file_in;
4025 struct file *out = sp->file_out;
4026 unsigned int flags = sp->flags & ~SPLICE_F_FD_IN_FIXED;
4027 loff_t *poff_in, *poff_out;
4030 if (issue_flags & IO_URING_F_NONBLOCK)
4033 poff_in = (sp->off_in == -1) ? NULL : &sp->off_in;
4034 poff_out = (sp->off_out == -1) ? NULL : &sp->off_out;
4037 ret = do_splice(in, poff_in, out, poff_out, sp->len, flags);
4039 if (!(sp->flags & SPLICE_F_FD_IN_FIXED))
4041 req->flags &= ~REQ_F_NEED_CLEANUP;
4045 io_req_complete(req, ret);
4050 * IORING_OP_NOP just posts a completion event, nothing else.
4052 static int io_nop(struct io_kiocb *req, unsigned int issue_flags)
4054 struct io_ring_ctx *ctx = req->ctx;
4056 if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
4059 __io_req_complete(req, issue_flags, 0, 0);
4063 static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4065 struct io_ring_ctx *ctx = req->ctx;
4070 if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
4072 if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index ||
4076 req->sync.flags = READ_ONCE(sqe->fsync_flags);
4077 if (unlikely(req->sync.flags & ~IORING_FSYNC_DATASYNC))
4080 req->sync.off = READ_ONCE(sqe->off);
4081 req->sync.len = READ_ONCE(sqe->len);
4085 static int io_fsync(struct io_kiocb *req, unsigned int issue_flags)
4087 loff_t end = req->sync.off + req->sync.len;
4090 /* fsync always requires a blocking context */
4091 if (issue_flags & IO_URING_F_NONBLOCK)
4094 ret = vfs_fsync_range(req->file, req->sync.off,
4095 end > 0 ? end : LLONG_MAX,
4096 req->sync.flags & IORING_FSYNC_DATASYNC);
4099 io_req_complete(req, ret);
4103 static int io_fallocate_prep(struct io_kiocb *req,
4104 const struct io_uring_sqe *sqe)
4106 if (sqe->ioprio || sqe->buf_index || sqe->rw_flags ||
4109 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4112 req->sync.off = READ_ONCE(sqe->off);
4113 req->sync.len = READ_ONCE(sqe->addr);
4114 req->sync.mode = READ_ONCE(sqe->len);
4118 static int io_fallocate(struct io_kiocb *req, unsigned int issue_flags)
4122 /* fallocate always requiring blocking context */
4123 if (issue_flags & IO_URING_F_NONBLOCK)
4125 ret = vfs_fallocate(req->file, req->sync.mode, req->sync.off,
4129 io_req_complete(req, ret);
4133 static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4135 const char __user *fname;
4138 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4140 if (unlikely(sqe->ioprio || sqe->buf_index))
4142 if (unlikely(req->flags & REQ_F_FIXED_FILE))
4145 /* open.how should be already initialised */
4146 if (!(req->open.how.flags & O_PATH) && force_o_largefile())
4147 req->open.how.flags |= O_LARGEFILE;
4149 req->open.dfd = READ_ONCE(sqe->fd);
4150 fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
4151 req->open.filename = getname(fname);
4152 if (IS_ERR(req->open.filename)) {
4153 ret = PTR_ERR(req->open.filename);
4154 req->open.filename = NULL;
4158 req->open.file_slot = READ_ONCE(sqe->file_index);
4159 if (req->open.file_slot && (req->open.how.flags & O_CLOEXEC))
4162 req->open.nofile = rlimit(RLIMIT_NOFILE);
4163 req->flags |= REQ_F_NEED_CLEANUP;
4167 static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4169 u64 mode = READ_ONCE(sqe->len);
4170 u64 flags = READ_ONCE(sqe->open_flags);
4172 req->open.how = build_open_how(flags, mode);
4173 return __io_openat_prep(req, sqe);
4176 static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4178 struct open_how __user *how;
4182 how = u64_to_user_ptr(READ_ONCE(sqe->addr2));
4183 len = READ_ONCE(sqe->len);
4184 if (len < OPEN_HOW_SIZE_VER0)
4187 ret = copy_struct_from_user(&req->open.how, sizeof(req->open.how), how,
4192 return __io_openat_prep(req, sqe);
4195 static int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
4197 struct open_flags op;
4199 bool resolve_nonblock, nonblock_set;
4200 bool fixed = !!req->open.file_slot;
4203 ret = build_open_flags(&req->open.how, &op);
4206 nonblock_set = op.open_flag & O_NONBLOCK;
4207 resolve_nonblock = req->open.how.resolve & RESOLVE_CACHED;
4208 if (issue_flags & IO_URING_F_NONBLOCK) {
4210 * Don't bother trying for O_TRUNC, O_CREAT, or O_TMPFILE open,
4211 * it'll always -EAGAIN
4213 if (req->open.how.flags & (O_TRUNC | O_CREAT | O_TMPFILE))
4215 op.lookup_flags |= LOOKUP_CACHED;
4216 op.open_flag |= O_NONBLOCK;
4220 ret = __get_unused_fd_flags(req->open.how.flags, req->open.nofile);
4225 file = do_filp_open(req->open.dfd, req->open.filename, &op);
4228 * We could hang on to this 'fd' on retrying, but seems like
4229 * marginal gain for something that is now known to be a slower
4230 * path. So just put it, and we'll get a new one when we retry.
4235 ret = PTR_ERR(file);
4236 /* only retry if RESOLVE_CACHED wasn't already set by application */
4237 if (ret == -EAGAIN &&
4238 (!resolve_nonblock && (issue_flags & IO_URING_F_NONBLOCK)))
4243 if ((issue_flags & IO_URING_F_NONBLOCK) && !nonblock_set)
4244 file->f_flags &= ~O_NONBLOCK;
4245 fsnotify_open(file);
4248 fd_install(ret, file);
4250 ret = io_install_fixed_file(req, file, issue_flags,
4251 req->open.file_slot - 1);
4253 putname(req->open.filename);
4254 req->flags &= ~REQ_F_NEED_CLEANUP;
4257 __io_req_complete(req, issue_flags, ret, 0);
4261 static int io_openat(struct io_kiocb *req, unsigned int issue_flags)
4263 return io_openat2(req, issue_flags);
4266 static int io_remove_buffers_prep(struct io_kiocb *req,
4267 const struct io_uring_sqe *sqe)
4269 struct io_provide_buf *p = &req->pbuf;
4272 if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off ||
4276 tmp = READ_ONCE(sqe->fd);
4277 if (!tmp || tmp > USHRT_MAX)
4280 memset(p, 0, sizeof(*p));
4282 p->bgid = READ_ONCE(sqe->buf_group);
4286 static int __io_remove_buffers(struct io_ring_ctx *ctx, struct io_buffer *buf,
4287 int bgid, unsigned nbufs)
4291 /* shouldn't happen */
4295 /* the head kbuf is the list itself */
4296 while (!list_empty(&buf->list)) {
4297 struct io_buffer *nxt;
4299 nxt = list_first_entry(&buf->list, struct io_buffer, list);
4300 list_del(&nxt->list);
4307 xa_erase(&ctx->io_buffers, bgid);
4312 static int io_remove_buffers(struct io_kiocb *req, unsigned int issue_flags)
4314 struct io_provide_buf *p = &req->pbuf;
4315 struct io_ring_ctx *ctx = req->ctx;
4316 struct io_buffer *head;
4318 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
4320 io_ring_submit_lock(ctx, !force_nonblock);
4322 lockdep_assert_held(&ctx->uring_lock);
4325 head = xa_load(&ctx->io_buffers, p->bgid);
4327 ret = __io_remove_buffers(ctx, head, p->bgid, p->nbufs);
4331 /* complete before unlock, IOPOLL may need the lock */
4332 __io_req_complete(req, issue_flags, ret, 0);
4333 io_ring_submit_unlock(ctx, !force_nonblock);
4337 static int io_provide_buffers_prep(struct io_kiocb *req,
4338 const struct io_uring_sqe *sqe)
4340 unsigned long size, tmp_check;
4341 struct io_provide_buf *p = &req->pbuf;
4344 if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in)
4347 tmp = READ_ONCE(sqe->fd);
4348 if (!tmp || tmp > USHRT_MAX)
4351 p->addr = READ_ONCE(sqe->addr);
4352 p->len = READ_ONCE(sqe->len);
4354 if (check_mul_overflow((unsigned long)p->len, (unsigned long)p->nbufs,
4357 if (check_add_overflow((unsigned long)p->addr, size, &tmp_check))
4360 size = (unsigned long)p->len * p->nbufs;
4361 if (!access_ok(u64_to_user_ptr(p->addr), size))
4364 p->bgid = READ_ONCE(sqe->buf_group);
4365 tmp = READ_ONCE(sqe->off);
4366 if (tmp > USHRT_MAX)
4372 static int io_add_buffers(struct io_provide_buf *pbuf, struct io_buffer **head)
4374 struct io_buffer *buf;
4375 u64 addr = pbuf->addr;
4376 int i, bid = pbuf->bid;
4378 for (i = 0; i < pbuf->nbufs; i++) {
4379 buf = kmalloc(sizeof(*buf), GFP_KERNEL_ACCOUNT);
4384 buf->len = min_t(__u32, pbuf->len, MAX_RW_COUNT);
4389 INIT_LIST_HEAD(&buf->list);
4392 list_add_tail(&buf->list, &(*head)->list);
4396 return i ? i : -ENOMEM;
4399 static int io_provide_buffers(struct io_kiocb *req, unsigned int issue_flags)
4401 struct io_provide_buf *p = &req->pbuf;
4402 struct io_ring_ctx *ctx = req->ctx;
4403 struct io_buffer *head, *list;
4405 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
4407 io_ring_submit_lock(ctx, !force_nonblock);
4409 lockdep_assert_held(&ctx->uring_lock);
4411 list = head = xa_load(&ctx->io_buffers, p->bgid);
4413 ret = io_add_buffers(p, &head);
4414 if (ret >= 0 && !list) {
4415 ret = xa_insert(&ctx->io_buffers, p->bgid, head, GFP_KERNEL);
4417 __io_remove_buffers(ctx, head, p->bgid, -1U);
4421 /* complete before unlock, IOPOLL may need the lock */
4422 __io_req_complete(req, issue_flags, ret, 0);
4423 io_ring_submit_unlock(ctx, !force_nonblock);
4427 static int io_epoll_ctl_prep(struct io_kiocb *req,
4428 const struct io_uring_sqe *sqe)
4430 #if defined(CONFIG_EPOLL)
4431 if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
4433 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4436 req->epoll.epfd = READ_ONCE(sqe->fd);
4437 req->epoll.op = READ_ONCE(sqe->len);
4438 req->epoll.fd = READ_ONCE(sqe->off);
4440 if (ep_op_has_event(req->epoll.op)) {
4441 struct epoll_event __user *ev;
4443 ev = u64_to_user_ptr(READ_ONCE(sqe->addr));
4444 if (copy_from_user(&req->epoll.event, ev, sizeof(*ev)))
4454 static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags)
4456 #if defined(CONFIG_EPOLL)
4457 struct io_epoll *ie = &req->epoll;
4459 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
4461 ret = do_epoll_ctl(ie->epfd, ie->op, ie->fd, &ie->event, force_nonblock);
4462 if (force_nonblock && ret == -EAGAIN)
4467 __io_req_complete(req, issue_flags, ret, 0);
4474 static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4476 #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU)
4477 if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in)
4479 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4482 req->madvise.addr = READ_ONCE(sqe->addr);
4483 req->madvise.len = READ_ONCE(sqe->len);
4484 req->madvise.advice = READ_ONCE(sqe->fadvise_advice);
4491 static int io_madvise(struct io_kiocb *req, unsigned int issue_flags)
4493 #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU)
4494 struct io_madvise *ma = &req->madvise;
4497 if (issue_flags & IO_URING_F_NONBLOCK)
4500 ret = do_madvise(current->mm, ma->addr, ma->len, ma->advice);
4503 io_req_complete(req, ret);
4510 static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4512 if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in)
4514 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4517 req->fadvise.offset = READ_ONCE(sqe->off);
4518 req->fadvise.len = READ_ONCE(sqe->len);
4519 req->fadvise.advice = READ_ONCE(sqe->fadvise_advice);
4523 static int io_fadvise(struct io_kiocb *req, unsigned int issue_flags)
4525 struct io_fadvise *fa = &req->fadvise;
4528 if (issue_flags & IO_URING_F_NONBLOCK) {
4529 switch (fa->advice) {
4530 case POSIX_FADV_NORMAL:
4531 case POSIX_FADV_RANDOM:
4532 case POSIX_FADV_SEQUENTIAL:
4539 ret = vfs_fadvise(req->file, fa->offset, fa->len, fa->advice);
4542 __io_req_complete(req, issue_flags, ret, 0);
4546 static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4548 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4550 if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
4552 if (req->flags & REQ_F_FIXED_FILE)
4555 req->statx.dfd = READ_ONCE(sqe->fd);
4556 req->statx.mask = READ_ONCE(sqe->len);
4557 req->statx.filename = u64_to_user_ptr(READ_ONCE(sqe->addr));
4558 req->statx.buffer = u64_to_user_ptr(READ_ONCE(sqe->addr2));
4559 req->statx.flags = READ_ONCE(sqe->statx_flags);
4564 static int io_statx(struct io_kiocb *req, unsigned int issue_flags)
4566 struct io_statx *ctx = &req->statx;
4569 if (issue_flags & IO_URING_F_NONBLOCK)
4572 ret = do_statx(ctx->dfd, ctx->filename, ctx->flags, ctx->mask,
4577 io_req_complete(req, ret);
4581 static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4583 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4585 if (sqe->ioprio || sqe->off || sqe->addr || sqe->len ||
4586 sqe->rw_flags || sqe->buf_index)
4588 if (req->flags & REQ_F_FIXED_FILE)
4591 req->close.fd = READ_ONCE(sqe->fd);
4592 req->close.file_slot = READ_ONCE(sqe->file_index);
4593 if (req->close.file_slot && req->close.fd)
4599 static int io_close(struct io_kiocb *req, unsigned int issue_flags)
4601 struct files_struct *files = current->files;
4602 struct io_close *close = &req->close;
4603 struct fdtable *fdt;
4604 struct file *file = NULL;
4607 if (req->close.file_slot) {
4608 ret = io_close_fixed(req, issue_flags);
4612 spin_lock(&files->file_lock);
4613 fdt = files_fdtable(files);
4614 if (close->fd >= fdt->max_fds) {
4615 spin_unlock(&files->file_lock);
4618 file = fdt->fd[close->fd];
4619 if (!file || file->f_op == &io_uring_fops) {
4620 spin_unlock(&files->file_lock);
4625 /* if the file has a flush method, be safe and punt to async */
4626 if (file->f_op->flush && (issue_flags & IO_URING_F_NONBLOCK)) {
4627 spin_unlock(&files->file_lock);
4631 ret = __close_fd_get_file(close->fd, &file);
4632 spin_unlock(&files->file_lock);
4639 /* No ->flush() or already async, safely close from here */
4640 ret = filp_close(file, current->files);
4646 __io_req_complete(req, issue_flags, ret, 0);
4650 static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4652 struct io_ring_ctx *ctx = req->ctx;
4654 if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
4656 if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index ||
4660 req->sync.off = READ_ONCE(sqe->off);
4661 req->sync.len = READ_ONCE(sqe->len);
4662 req->sync.flags = READ_ONCE(sqe->sync_range_flags);
4666 static int io_sync_file_range(struct io_kiocb *req, unsigned int issue_flags)
4670 /* sync_file_range always requires a blocking context */
4671 if (issue_flags & IO_URING_F_NONBLOCK)
4674 ret = sync_file_range(req->file, req->sync.off, req->sync.len,
4678 io_req_complete(req, ret);
4682 #if defined(CONFIG_NET)
4683 static int io_setup_async_msg(struct io_kiocb *req,
4684 struct io_async_msghdr *kmsg)
4686 struct io_async_msghdr *async_msg = req->async_data;
4690 if (io_alloc_async_data(req)) {
4691 kfree(kmsg->free_iov);
4694 async_msg = req->async_data;
4695 req->flags |= REQ_F_NEED_CLEANUP;
4696 memcpy(async_msg, kmsg, sizeof(*kmsg));
4697 async_msg->msg.msg_name = &async_msg->addr;
4698 /* if were using fast_iov, set it to the new one */
4699 if (!async_msg->free_iov)
4700 async_msg->msg.msg_iter.iov = async_msg->fast_iov;
4705 static int io_sendmsg_copy_hdr(struct io_kiocb *req,
4706 struct io_async_msghdr *iomsg)
4708 iomsg->msg.msg_name = &iomsg->addr;
4709 iomsg->free_iov = iomsg->fast_iov;
4710 return sendmsg_copy_msghdr(&iomsg->msg, req->sr_msg.umsg,
4711 req->sr_msg.msg_flags, &iomsg->free_iov);
4714 static int io_sendmsg_prep_async(struct io_kiocb *req)
4718 ret = io_sendmsg_copy_hdr(req, req->async_data);
4720 req->flags |= REQ_F_NEED_CLEANUP;
4724 static int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4726 struct io_sr_msg *sr = &req->sr_msg;
4728 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4731 sr->umsg = u64_to_user_ptr(READ_ONCE(sqe->addr));
4732 sr->len = READ_ONCE(sqe->len);
4733 sr->msg_flags = READ_ONCE(sqe->msg_flags) | MSG_NOSIGNAL;
4734 if (sr->msg_flags & MSG_DONTWAIT)
4735 req->flags |= REQ_F_NOWAIT;
4737 #ifdef CONFIG_COMPAT
4738 if (req->ctx->compat)
4739 sr->msg_flags |= MSG_CMSG_COMPAT;
4744 static int io_sendmsg(struct io_kiocb *req, unsigned int issue_flags)
4746 struct io_async_msghdr iomsg, *kmsg;
4747 struct socket *sock;
4752 sock = sock_from_file(req->file);
4753 if (unlikely(!sock))
4756 if (req_has_async_data(req)) {
4757 kmsg = req->async_data;
4759 ret = io_sendmsg_copy_hdr(req, &iomsg);
4765 flags = req->sr_msg.msg_flags;
4766 if (issue_flags & IO_URING_F_NONBLOCK)
4767 flags |= MSG_DONTWAIT;
4768 if (flags & MSG_WAITALL)
4769 min_ret = iov_iter_count(&kmsg->msg.msg_iter);
4771 ret = __sys_sendmsg_sock(sock, &kmsg->msg, flags);
4772 if ((issue_flags & IO_URING_F_NONBLOCK) && ret == -EAGAIN)
4773 return io_setup_async_msg(req, kmsg);
4774 if (ret == -ERESTARTSYS)
4777 /* fast path, check for non-NULL to avoid function call */
4779 kfree(kmsg->free_iov);
4780 req->flags &= ~REQ_F_NEED_CLEANUP;
4783 __io_req_complete(req, issue_flags, ret, 0);
4787 static int io_send(struct io_kiocb *req, unsigned int issue_flags)
4789 struct io_sr_msg *sr = &req->sr_msg;
4792 struct socket *sock;
4797 sock = sock_from_file(req->file);
4798 if (unlikely(!sock))
4801 ret = import_single_range(WRITE, sr->buf, sr->len, &iov, &msg.msg_iter);
4805 msg.msg_name = NULL;
4806 msg.msg_control = NULL;
4807 msg.msg_controllen = 0;
4808 msg.msg_namelen = 0;
4810 flags = req->sr_msg.msg_flags;
4811 if (issue_flags & IO_URING_F_NONBLOCK)
4812 flags |= MSG_DONTWAIT;
4813 if (flags & MSG_WAITALL)
4814 min_ret = iov_iter_count(&msg.msg_iter);
4816 msg.msg_flags = flags;
4817 ret = sock_sendmsg(sock, &msg);
4818 if ((issue_flags & IO_URING_F_NONBLOCK) && ret == -EAGAIN)
4820 if (ret == -ERESTARTSYS)
4825 __io_req_complete(req, issue_flags, ret, 0);
4829 static int __io_recvmsg_copy_hdr(struct io_kiocb *req,
4830 struct io_async_msghdr *iomsg)
4832 struct io_sr_msg *sr = &req->sr_msg;
4833 struct iovec __user *uiov;
4837 ret = __copy_msghdr_from_user(&iomsg->msg, sr->umsg,
4838 &iomsg->uaddr, &uiov, &iov_len);
4842 if (req->flags & REQ_F_BUFFER_SELECT) {
4845 if (copy_from_user(iomsg->fast_iov, uiov, sizeof(*uiov)))
4847 sr->len = iomsg->fast_iov[0].iov_len;
4848 iomsg->free_iov = NULL;
4850 iomsg->free_iov = iomsg->fast_iov;
4851 ret = __import_iovec(READ, uiov, iov_len, UIO_FASTIOV,
4852 &iomsg->free_iov, &iomsg->msg.msg_iter,
4861 #ifdef CONFIG_COMPAT
4862 static int __io_compat_recvmsg_copy_hdr(struct io_kiocb *req,
4863 struct io_async_msghdr *iomsg)
4865 struct io_sr_msg *sr = &req->sr_msg;
4866 struct compat_iovec __user *uiov;
4871 ret = __get_compat_msghdr(&iomsg->msg, sr->umsg_compat, &iomsg->uaddr,
4876 uiov = compat_ptr(ptr);
4877 if (req->flags & REQ_F_BUFFER_SELECT) {
4878 compat_ssize_t clen;
4882 if (!access_ok(uiov, sizeof(*uiov)))
4884 if (__get_user(clen, &uiov->iov_len))
4889 iomsg->free_iov = NULL;
4891 iomsg->free_iov = iomsg->fast_iov;
4892 ret = __import_iovec(READ, (struct iovec __user *)uiov, len,
4893 UIO_FASTIOV, &iomsg->free_iov,
4894 &iomsg->msg.msg_iter, true);
4903 static int io_recvmsg_copy_hdr(struct io_kiocb *req,
4904 struct io_async_msghdr *iomsg)
4906 iomsg->msg.msg_name = &iomsg->addr;
4908 #ifdef CONFIG_COMPAT
4909 if (req->ctx->compat)
4910 return __io_compat_recvmsg_copy_hdr(req, iomsg);
4913 return __io_recvmsg_copy_hdr(req, iomsg);
4916 static struct io_buffer *io_recv_buffer_select(struct io_kiocb *req,
4917 unsigned int issue_flags)
4919 struct io_sr_msg *sr = &req->sr_msg;
4921 return io_buffer_select(req, &sr->len, sr->bgid, issue_flags);
4924 static inline unsigned int io_put_recv_kbuf(struct io_kiocb *req)
4926 return io_put_kbuf(req, req->kbuf);
4929 static int io_recvmsg_prep_async(struct io_kiocb *req)
4933 ret = io_recvmsg_copy_hdr(req, req->async_data);
4935 req->flags |= REQ_F_NEED_CLEANUP;
4939 static int io_recvmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
4941 struct io_sr_msg *sr = &req->sr_msg;
4943 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
4946 sr->umsg = u64_to_user_ptr(READ_ONCE(sqe->addr));
4947 sr->len = READ_ONCE(sqe->len);
4948 sr->bgid = READ_ONCE(sqe->buf_group);
4949 sr->msg_flags = READ_ONCE(sqe->msg_flags) | MSG_NOSIGNAL;
4950 if (sr->msg_flags & MSG_DONTWAIT)
4951 req->flags |= REQ_F_NOWAIT;
4953 #ifdef CONFIG_COMPAT
4954 if (req->ctx->compat)
4955 sr->msg_flags |= MSG_CMSG_COMPAT;
4960 static int io_recvmsg(struct io_kiocb *req, unsigned int issue_flags)
4962 struct io_async_msghdr iomsg, *kmsg;
4963 struct socket *sock;
4964 struct io_buffer *kbuf;
4967 int ret, cflags = 0;
4968 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
4970 sock = sock_from_file(req->file);
4971 if (unlikely(!sock))
4974 if (req_has_async_data(req)) {
4975 kmsg = req->async_data;
4977 ret = io_recvmsg_copy_hdr(req, &iomsg);
4983 if (req->flags & REQ_F_BUFFER_SELECT) {
4984 kbuf = io_recv_buffer_select(req, issue_flags);
4986 return PTR_ERR(kbuf);
4987 kmsg->fast_iov[0].iov_base = u64_to_user_ptr(kbuf->addr);
4988 kmsg->fast_iov[0].iov_len = req->sr_msg.len;
4989 iov_iter_init(&kmsg->msg.msg_iter, READ, kmsg->fast_iov,
4990 1, req->sr_msg.len);
4993 flags = req->sr_msg.msg_flags;
4995 flags |= MSG_DONTWAIT;
4996 if (flags & MSG_WAITALL)
4997 min_ret = iov_iter_count(&kmsg->msg.msg_iter);
4999 ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.umsg,
5000 kmsg->uaddr, flags);
5001 if (force_nonblock && ret == -EAGAIN)
5002 return io_setup_async_msg(req, kmsg);
5003 if (ret == -ERESTARTSYS)
5006 if (req->flags & REQ_F_BUFFER_SELECTED)
5007 cflags = io_put_recv_kbuf(req);
5008 /* fast path, check for non-NULL to avoid function call */
5010 kfree(kmsg->free_iov);
5011 req->flags &= ~REQ_F_NEED_CLEANUP;
5012 if (ret < min_ret || ((flags & MSG_WAITALL) && (kmsg->msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC))))
5014 __io_req_complete(req, issue_flags, ret, cflags);
5018 static int io_recv(struct io_kiocb *req, unsigned int issue_flags)
5020 struct io_buffer *kbuf;
5021 struct io_sr_msg *sr = &req->sr_msg;
5023 void __user *buf = sr->buf;
5024 struct socket *sock;
5028 int ret, cflags = 0;
5029 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
5031 sock = sock_from_file(req->file);
5032 if (unlikely(!sock))
5035 if (req->flags & REQ_F_BUFFER_SELECT) {
5036 kbuf = io_recv_buffer_select(req, issue_flags);
5038 return PTR_ERR(kbuf);
5039 buf = u64_to_user_ptr(kbuf->addr);
5042 ret = import_single_range(READ, buf, sr->len, &iov, &msg.msg_iter);
5046 msg.msg_name = NULL;
5047 msg.msg_control = NULL;
5048 msg.msg_controllen = 0;
5049 msg.msg_namelen = 0;
5050 msg.msg_iocb = NULL;
5053 flags = req->sr_msg.msg_flags;
5055 flags |= MSG_DONTWAIT;
5056 if (flags & MSG_WAITALL)
5057 min_ret = iov_iter_count(&msg.msg_iter);
5059 ret = sock_recvmsg(sock, &msg, flags);
5060 if (force_nonblock && ret == -EAGAIN)
5062 if (ret == -ERESTARTSYS)
5065 if (req->flags & REQ_F_BUFFER_SELECTED)
5066 cflags = io_put_recv_kbuf(req);
5067 if (ret < min_ret || ((flags & MSG_WAITALL) && (msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC))))
5069 __io_req_complete(req, issue_flags, ret, cflags);
5073 static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
5075 struct io_accept *accept = &req->accept;
5077 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
5079 if (sqe->ioprio || sqe->len || sqe->buf_index)
5082 accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr));
5083 accept->addr_len = u64_to_user_ptr(READ_ONCE(sqe->addr2));
5084 accept->flags = READ_ONCE(sqe->accept_flags);
5085 accept->nofile = rlimit(RLIMIT_NOFILE);
5087 accept->file_slot = READ_ONCE(sqe->file_index);
5088 if (accept->file_slot && ((req->open.how.flags & O_CLOEXEC) ||
5089 (accept->flags & SOCK_CLOEXEC)))
5091 if (accept->flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
5093 if (SOCK_NONBLOCK != O_NONBLOCK && (accept->flags & SOCK_NONBLOCK))
5094 accept->flags = (accept->flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
5098 static int io_accept(struct io_kiocb *req, unsigned int issue_flags)
5100 struct io_accept *accept = &req->accept;
5101 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
5102 unsigned int file_flags = force_nonblock ? O_NONBLOCK : 0;
5103 bool fixed = !!accept->file_slot;
5107 if (req->file->f_flags & O_NONBLOCK)
5108 req->flags |= REQ_F_NOWAIT;
5111 fd = __get_unused_fd_flags(accept->flags, accept->nofile);
5112 if (unlikely(fd < 0))
5115 file = do_accept(req->file, file_flags, accept->addr, accept->addr_len,
5120 ret = PTR_ERR(file);
5121 if (ret == -EAGAIN && force_nonblock)
5123 if (ret == -ERESTARTSYS)
5126 } else if (!fixed) {
5127 fd_install(fd, file);
5130 ret = io_install_fixed_file(req, file, issue_flags,
5131 accept->file_slot - 1);
5133 __io_req_complete(req, issue_flags, ret, 0);
5137 static int io_connect_prep_async(struct io_kiocb *req)
5139 struct io_async_connect *io = req->async_data;
5140 struct io_connect *conn = &req->connect;
5142 return move_addr_to_kernel(conn->addr, conn->addr_len, &io->address);
5145 static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
5147 struct io_connect *conn = &req->connect;
5149 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
5151 if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags ||
5155 conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr));
5156 conn->addr_len = READ_ONCE(sqe->addr2);
5160 static int io_connect(struct io_kiocb *req, unsigned int issue_flags)
5162 struct io_async_connect __io, *io;
5163 unsigned file_flags;
5165 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
5167 if (req_has_async_data(req)) {
5168 io = req->async_data;
5170 ret = move_addr_to_kernel(req->connect.addr,
5171 req->connect.addr_len,
5178 file_flags = force_nonblock ? O_NONBLOCK : 0;
5180 ret = __sys_connect_file(req->file, &io->address,
5181 req->connect.addr_len, file_flags);
5182 if ((ret == -EAGAIN || ret == -EINPROGRESS) && force_nonblock) {
5183 if (req_has_async_data(req))
5185 if (io_alloc_async_data(req)) {
5189 memcpy(req->async_data, &__io, sizeof(__io));
5192 if (ret == -ERESTARTSYS)
5197 __io_req_complete(req, issue_flags, ret, 0);
5200 #else /* !CONFIG_NET */
5201 #define IO_NETOP_FN(op) \
5202 static int io_##op(struct io_kiocb *req, unsigned int issue_flags) \
5204 return -EOPNOTSUPP; \
5207 #define IO_NETOP_PREP(op) \
5209 static int io_##op##_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) \
5211 return -EOPNOTSUPP; \
5214 #define IO_NETOP_PREP_ASYNC(op) \
5216 static int io_##op##_prep_async(struct io_kiocb *req) \
5218 return -EOPNOTSUPP; \
5221 IO_NETOP_PREP_ASYNC(sendmsg);
5222 IO_NETOP_PREP_ASYNC(recvmsg);
5223 IO_NETOP_PREP_ASYNC(connect);
5224 IO_NETOP_PREP(accept);
5227 #endif /* CONFIG_NET */
5229 struct io_poll_table {
5230 struct poll_table_struct pt;
5231 struct io_kiocb *req;
5236 static int __io_async_wake(struct io_kiocb *req, struct io_poll_iocb *poll,
5237 __poll_t mask, io_req_tw_func_t func)
5239 /* for instances that support it check for an event match first: */
5240 if (mask && !(mask & poll->events))
5243 trace_io_uring_task_add(req->ctx, req->opcode, req->user_data, mask);
5245 list_del_init(&poll->wait.entry);
5248 req->io_task_work.func = func;
5251 * If this fails, then the task is exiting. When a task exits, the
5252 * work gets canceled, so just cancel this request as well instead
5253 * of executing it. We can't safely execute it anyway, as we may not
5254 * have the needed state needed for it anyway.
5256 io_req_task_work_add(req);
5260 static bool io_poll_rewait(struct io_kiocb *req, struct io_poll_iocb *poll)
5261 __acquires(&req->ctx->completion_lock)
5263 struct io_ring_ctx *ctx = req->ctx;
5265 /* req->task == current here, checking PF_EXITING is safe */
5266 if (unlikely(req->task->flags & PF_EXITING))
5267 WRITE_ONCE(poll->canceled, true);
5269 if (!req->result && !READ_ONCE(poll->canceled)) {
5270 struct poll_table_struct pt = { ._key = poll->events };
5272 req->result = vfs_poll(req->file, &pt) & poll->events;
5275 spin_lock(&ctx->completion_lock);
5276 if (!req->result && !READ_ONCE(poll->canceled)) {
5277 add_wait_queue(poll->head, &poll->wait);
5284 static struct io_poll_iocb *io_poll_get_double(struct io_kiocb *req)
5286 /* pure poll stashes this in ->async_data, poll driven retry elsewhere */
5287 if (req->opcode == IORING_OP_POLL_ADD)
5288 return req->async_data;
5289 return req->apoll->double_poll;
5292 static struct io_poll_iocb *io_poll_get_single(struct io_kiocb *req)
5294 if (req->opcode == IORING_OP_POLL_ADD)
5296 return &req->apoll->poll;
5299 static void io_poll_remove_double(struct io_kiocb *req)
5300 __must_hold(&req->ctx->completion_lock)
5302 struct io_poll_iocb *poll = io_poll_get_double(req);
5304 lockdep_assert_held(&req->ctx->completion_lock);
5306 if (poll && poll->head) {
5307 struct wait_queue_head *head = poll->head;
5309 spin_lock_irq(&head->lock);
5310 list_del_init(&poll->wait.entry);
5311 if (poll->wait.private)
5314 spin_unlock_irq(&head->lock);
5318 static bool __io_poll_complete(struct io_kiocb *req, __poll_t mask)
5319 __must_hold(&req->ctx->completion_lock)
5321 struct io_ring_ctx *ctx = req->ctx;
5322 unsigned flags = IORING_CQE_F_MORE;
5325 if (READ_ONCE(req->poll.canceled)) {
5327 req->poll.events |= EPOLLONESHOT;
5329 error = mangle_poll(mask);
5331 if (req->poll.events & EPOLLONESHOT)
5333 if (!io_cqring_fill_event(ctx, req->user_data, error, flags)) {
5334 req->poll.events |= EPOLLONESHOT;
5337 if (flags & IORING_CQE_F_MORE)
5340 return !(flags & IORING_CQE_F_MORE);
5343 static void io_poll_task_func(struct io_kiocb *req, bool *locked)
5345 struct io_ring_ctx *ctx = req->ctx;
5346 struct io_kiocb *nxt;
5348 if (io_poll_rewait(req, &req->poll)) {
5349 spin_unlock(&ctx->completion_lock);
5353 if (req->poll.done) {
5354 spin_unlock(&ctx->completion_lock);
5357 done = __io_poll_complete(req, req->result);
5359 io_poll_remove_double(req);
5360 hash_del(&req->hash_node);
5361 req->poll.done = true;
5364 add_wait_queue(req->poll.head, &req->poll.wait);
5366 io_commit_cqring(ctx);
5367 spin_unlock(&ctx->completion_lock);
5368 io_cqring_ev_posted(ctx);
5371 nxt = io_put_req_find_next(req);
5373 io_req_task_submit(nxt, locked);
5378 static int io_poll_double_wake(struct wait_queue_entry *wait, unsigned mode,
5379 int sync, void *key)
5381 struct io_kiocb *req = wait->private;
5382 struct io_poll_iocb *poll = io_poll_get_single(req);
5383 __poll_t mask = key_to_poll(key);
5384 unsigned long flags;
5386 /* for instances that support it check for an event match first: */
5387 if (mask && !(mask & poll->events))
5389 if (!(poll->events & EPOLLONESHOT))
5390 return poll->wait.func(&poll->wait, mode, sync, key);
5392 list_del_init(&wait->entry);
5397 spin_lock_irqsave(&poll->head->lock, flags);
5398 done = list_empty(&poll->wait.entry);
5400 list_del_init(&poll->wait.entry);
5401 /* make sure double remove sees this as being gone */
5402 wait->private = NULL;
5403 spin_unlock_irqrestore(&poll->head->lock, flags);
5405 /* use wait func handler, so it matches the rq type */
5406 poll->wait.func(&poll->wait, mode, sync, key);
5413 static void io_init_poll_iocb(struct io_poll_iocb *poll, __poll_t events,
5414 wait_queue_func_t wake_func)
5418 poll->canceled = false;
5419 #define IO_POLL_UNMASK (EPOLLERR|EPOLLHUP|EPOLLNVAL|EPOLLRDHUP)
5420 /* mask in events that we always want/need */
5421 poll->events = events | IO_POLL_UNMASK;
5422 INIT_LIST_HEAD(&poll->wait.entry);
5423 init_waitqueue_func_entry(&poll->wait, wake_func);
5426 static void __io_queue_proc(struct io_poll_iocb *poll, struct io_poll_table *pt,
5427 struct wait_queue_head *head,
5428 struct io_poll_iocb **poll_ptr)
5430 struct io_kiocb *req = pt->req;
5433 * The file being polled uses multiple waitqueues for poll handling
5434 * (e.g. one for read, one for write). Setup a separate io_poll_iocb
5437 if (unlikely(pt->nr_entries)) {
5438 struct io_poll_iocb *poll_one = poll;
5440 /* double add on the same waitqueue head, ignore */
5441 if (poll_one->head == head)
5443 /* already have a 2nd entry, fail a third attempt */
5445 if ((*poll_ptr)->head == head)
5447 pt->error = -EINVAL;
5451 * Can't handle multishot for double wait for now, turn it
5452 * into one-shot mode.
5454 if (!(poll_one->events & EPOLLONESHOT))
5455 poll_one->events |= EPOLLONESHOT;
5456 poll = kmalloc(sizeof(*poll), GFP_ATOMIC);
5458 pt->error = -ENOMEM;
5461 io_init_poll_iocb(poll, poll_one->events, io_poll_double_wake);
5463 poll->wait.private = req;
5466 if (req->opcode == IORING_OP_POLL_ADD)
5467 req->flags |= REQ_F_ASYNC_DATA;
5473 if (poll->events & EPOLLEXCLUSIVE)
5474 add_wait_queue_exclusive(head, &poll->wait);
5476 add_wait_queue(head, &poll->wait);
5479 static void io_async_queue_proc(struct file *file, struct wait_queue_head *head,
5480 struct poll_table_struct *p)
5482 struct io_poll_table *pt = container_of(p, struct io_poll_table, pt);
5483 struct async_poll *apoll = pt->req->apoll;
5485 __io_queue_proc(&apoll->poll, pt, head, &apoll->double_poll);
5488 static void io_async_task_func(struct io_kiocb *req, bool *locked)
5490 struct async_poll *apoll = req->apoll;
5491 struct io_ring_ctx *ctx = req->ctx;
5493 trace_io_uring_task_run(req->ctx, req, req->opcode, req->user_data);
5495 if (io_poll_rewait(req, &apoll->poll)) {
5496 spin_unlock(&ctx->completion_lock);
5500 hash_del(&req->hash_node);
5501 io_poll_remove_double(req);
5502 apoll->poll.done = true;
5503 spin_unlock(&ctx->completion_lock);
5505 if (!READ_ONCE(apoll->poll.canceled))
5506 io_req_task_submit(req, locked);
5508 io_req_complete_failed(req, -ECANCELED);
5511 static int io_async_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
5514 struct io_kiocb *req = wait->private;
5515 struct io_poll_iocb *poll = &req->apoll->poll;
5517 trace_io_uring_poll_wake(req->ctx, req->opcode, req->user_data,
5520 return __io_async_wake(req, poll, key_to_poll(key), io_async_task_func);
5523 static void io_poll_req_insert(struct io_kiocb *req)
5525 struct io_ring_ctx *ctx = req->ctx;
5526 struct hlist_head *list;
5528 list = &ctx->cancel_hash[hash_long(req->user_data, ctx->cancel_hash_bits)];
5529 hlist_add_head(&req->hash_node, list);
5532 static __poll_t __io_arm_poll_handler(struct io_kiocb *req,
5533 struct io_poll_iocb *poll,
5534 struct io_poll_table *ipt, __poll_t mask,
5535 wait_queue_func_t wake_func)
5536 __acquires(&ctx->completion_lock)
5538 struct io_ring_ctx *ctx = req->ctx;
5539 bool cancel = false;
5541 INIT_HLIST_NODE(&req->hash_node);
5542 io_init_poll_iocb(poll, mask, wake_func);
5543 poll->file = req->file;
5544 poll->wait.private = req;
5546 ipt->pt._key = mask;
5549 ipt->nr_entries = 0;
5551 mask = vfs_poll(req->file, &ipt->pt) & poll->events;
5552 if (unlikely(!ipt->nr_entries) && !ipt->error)
5553 ipt->error = -EINVAL;
5555 spin_lock(&ctx->completion_lock);
5556 if (ipt->error || (mask && (poll->events & EPOLLONESHOT)))
5557 io_poll_remove_double(req);
5558 if (likely(poll->head)) {
5559 spin_lock_irq(&poll->head->lock);
5560 if (unlikely(list_empty(&poll->wait.entry))) {
5566 if ((mask && (poll->events & EPOLLONESHOT)) || ipt->error)
5567 list_del_init(&poll->wait.entry);
5569 WRITE_ONCE(poll->canceled, true);
5570 else if (!poll->done) /* actually waiting for an event */
5571 io_poll_req_insert(req);
5572 spin_unlock_irq(&poll->head->lock);
5584 static int io_arm_poll_handler(struct io_kiocb *req)
5586 const struct io_op_def *def = &io_op_defs[req->opcode];
5587 struct io_ring_ctx *ctx = req->ctx;
5588 struct async_poll *apoll;
5589 struct io_poll_table ipt;
5590 __poll_t ret, mask = EPOLLONESHOT | POLLERR | POLLPRI;
5592 if (!req->file || !file_can_poll(req->file))
5593 return IO_APOLL_ABORTED;
5594 if (req->flags & REQ_F_POLLED)
5595 return IO_APOLL_ABORTED;
5596 if (!def->pollin && !def->pollout)
5597 return IO_APOLL_ABORTED;
5600 mask |= POLLIN | POLLRDNORM;
5602 /* If reading from MSG_ERRQUEUE using recvmsg, ignore POLLIN */
5603 if ((req->opcode == IORING_OP_RECVMSG) &&
5604 (req->sr_msg.msg_flags & MSG_ERRQUEUE))
5607 mask |= POLLOUT | POLLWRNORM;
5610 apoll = kmalloc(sizeof(*apoll), GFP_ATOMIC);
5611 if (unlikely(!apoll))
5612 return IO_APOLL_ABORTED;
5613 apoll->double_poll = NULL;
5615 req->flags |= REQ_F_POLLED;
5616 ipt.pt._qproc = io_async_queue_proc;
5617 io_req_set_refcount(req);
5619 ret = __io_arm_poll_handler(req, &apoll->poll, &ipt, mask,
5621 spin_unlock(&ctx->completion_lock);
5622 if (ret || ipt.error)
5623 return ret ? IO_APOLL_READY : IO_APOLL_ABORTED;
5625 trace_io_uring_poll_arm(ctx, req, req->opcode, req->user_data,
5626 mask, apoll->poll.events);
5630 static bool __io_poll_remove_one(struct io_kiocb *req,
5631 struct io_poll_iocb *poll, bool do_cancel)
5632 __must_hold(&req->ctx->completion_lock)
5634 bool do_complete = false;
5638 spin_lock_irq(&poll->head->lock);
5640 WRITE_ONCE(poll->canceled, true);
5641 if (!list_empty(&poll->wait.entry)) {
5642 list_del_init(&poll->wait.entry);
5645 spin_unlock_irq(&poll->head->lock);
5646 hash_del(&req->hash_node);
5650 static bool io_poll_remove_one(struct io_kiocb *req)
5651 __must_hold(&req->ctx->completion_lock)
5655 io_poll_remove_double(req);
5656 do_complete = __io_poll_remove_one(req, io_poll_get_single(req), true);
5659 io_cqring_fill_event(req->ctx, req->user_data, -ECANCELED, 0);
5660 io_commit_cqring(req->ctx);
5662 io_put_req_deferred(req);
5668 * Returns true if we found and killed one or more poll requests
5670 static __cold bool io_poll_remove_all(struct io_ring_ctx *ctx,
5671 struct task_struct *tsk, bool cancel_all)
5673 struct hlist_node *tmp;
5674 struct io_kiocb *req;
5677 spin_lock(&ctx->completion_lock);
5678 for (i = 0; i < (1U << ctx->cancel_hash_bits); i++) {
5679 struct hlist_head *list;
5681 list = &ctx->cancel_hash[i];
5682 hlist_for_each_entry_safe(req, tmp, list, hash_node) {
5683 if (io_match_task(req, tsk, cancel_all))
5684 posted += io_poll_remove_one(req);
5687 spin_unlock(&ctx->completion_lock);
5690 io_cqring_ev_posted(ctx);
5695 static struct io_kiocb *io_poll_find(struct io_ring_ctx *ctx, __u64 sqe_addr,
5697 __must_hold(&ctx->completion_lock)
5699 struct hlist_head *list;
5700 struct io_kiocb *req;
5702 list = &ctx->cancel_hash[hash_long(sqe_addr, ctx->cancel_hash_bits)];
5703 hlist_for_each_entry(req, list, hash_node) {
5704 if (sqe_addr != req->user_data)
5706 if (poll_only && req->opcode != IORING_OP_POLL_ADD)
5713 static int io_poll_cancel(struct io_ring_ctx *ctx, __u64 sqe_addr,
5715 __must_hold(&ctx->completion_lock)
5717 struct io_kiocb *req;
5719 req = io_poll_find(ctx, sqe_addr, poll_only);
5722 if (io_poll_remove_one(req))
5728 static __poll_t io_poll_parse_events(const struct io_uring_sqe *sqe,
5733 events = READ_ONCE(sqe->poll32_events);
5735 events = swahw32(events);
5737 if (!(flags & IORING_POLL_ADD_MULTI))
5738 events |= EPOLLONESHOT;
5739 return demangle_poll(events) | (events & (EPOLLEXCLUSIVE|EPOLLONESHOT));
5742 static int io_poll_update_prep(struct io_kiocb *req,
5743 const struct io_uring_sqe *sqe)
5745 struct io_poll_update *upd = &req->poll_update;
5748 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
5750 if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
5752 flags = READ_ONCE(sqe->len);
5753 if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA |
5754 IORING_POLL_ADD_MULTI))
5756 /* meaningless without update */
5757 if (flags == IORING_POLL_ADD_MULTI)
5760 upd->old_user_data = READ_ONCE(sqe->addr);
5761 upd->update_events = flags & IORING_POLL_UPDATE_EVENTS;
5762 upd->update_user_data = flags & IORING_POLL_UPDATE_USER_DATA;
5764 upd->new_user_data = READ_ONCE(sqe->off);
5765 if (!upd->update_user_data && upd->new_user_data)
5767 if (upd->update_events)
5768 upd->events = io_poll_parse_events(sqe, flags);
5769 else if (sqe->poll32_events)
5775 static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
5778 struct io_kiocb *req = wait->private;
5779 struct io_poll_iocb *poll = &req->poll;
5781 return __io_async_wake(req, poll, key_to_poll(key), io_poll_task_func);
5784 static void io_poll_queue_proc(struct file *file, struct wait_queue_head *head,
5785 struct poll_table_struct *p)
5787 struct io_poll_table *pt = container_of(p, struct io_poll_table, pt);
5789 __io_queue_proc(&pt->req->poll, pt, head, (struct io_poll_iocb **) &pt->req->async_data);
5792 static int io_poll_add_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
5794 struct io_poll_iocb *poll = &req->poll;
5797 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
5799 if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->addr)
5801 flags = READ_ONCE(sqe->len);
5802 if (flags & ~IORING_POLL_ADD_MULTI)
5805 io_req_set_refcount(req);
5806 poll->events = io_poll_parse_events(sqe, flags);
5810 static int io_poll_add(struct io_kiocb *req, unsigned int issue_flags)
5812 struct io_poll_iocb *poll = &req->poll;
5813 struct io_ring_ctx *ctx = req->ctx;
5814 struct io_poll_table ipt;
5818 ipt.pt._qproc = io_poll_queue_proc;
5820 mask = __io_arm_poll_handler(req, &req->poll, &ipt, poll->events,
5823 if (mask) { /* no async, we'd stolen it */
5825 done = __io_poll_complete(req, mask);
5826 io_commit_cqring(req->ctx);
5828 spin_unlock(&ctx->completion_lock);
5831 io_cqring_ev_posted(ctx);
5838 static int io_poll_update(struct io_kiocb *req, unsigned int issue_flags)
5840 struct io_ring_ctx *ctx = req->ctx;
5841 struct io_kiocb *preq;
5845 spin_lock(&ctx->completion_lock);
5846 preq = io_poll_find(ctx, req->poll_update.old_user_data, true);
5852 if (!req->poll_update.update_events && !req->poll_update.update_user_data) {
5854 ret = io_poll_remove_one(preq) ? 0 : -EALREADY;
5859 * Don't allow racy completion with singleshot, as we cannot safely
5860 * update those. For multishot, if we're racing with completion, just
5861 * let completion re-add it.
5863 completing = !__io_poll_remove_one(preq, &preq->poll, false);
5864 if (completing && (preq->poll.events & EPOLLONESHOT)) {
5868 /* we now have a detached poll request. reissue. */
5872 spin_unlock(&ctx->completion_lock);
5874 io_req_complete(req, ret);
5877 /* only mask one event flags, keep behavior flags */
5878 if (req->poll_update.update_events) {
5879 preq->poll.events &= ~0xffff;
5880 preq->poll.events |= req->poll_update.events & 0xffff;
5881 preq->poll.events |= IO_POLL_UNMASK;
5883 if (req->poll_update.update_user_data)
5884 preq->user_data = req->poll_update.new_user_data;
5885 spin_unlock(&ctx->completion_lock);
5887 /* complete update request, we're done with it */
5888 io_req_complete(req, ret);
5891 ret = io_poll_add(preq, issue_flags);
5894 io_req_complete(preq, ret);
5900 static void io_req_task_timeout(struct io_kiocb *req, bool *locked)
5902 struct io_timeout_data *data = req->async_data;
5904 if (!(data->flags & IORING_TIMEOUT_ETIME_SUCCESS))
5906 io_req_complete_post(req, -ETIME, 0);
5909 static enum hrtimer_restart io_timeout_fn(struct hrtimer *timer)
5911 struct io_timeout_data *data = container_of(timer,
5912 struct io_timeout_data, timer);
5913 struct io_kiocb *req = data->req;
5914 struct io_ring_ctx *ctx = req->ctx;
5915 unsigned long flags;
5917 spin_lock_irqsave(&ctx->timeout_lock, flags);
5918 list_del_init(&req->timeout.list);
5919 atomic_set(&req->ctx->cq_timeouts,
5920 atomic_read(&req->ctx->cq_timeouts) + 1);
5921 spin_unlock_irqrestore(&ctx->timeout_lock, flags);
5923 req->io_task_work.func = io_req_task_timeout;
5924 io_req_task_work_add(req);
5925 return HRTIMER_NORESTART;
5928 static struct io_kiocb *io_timeout_extract(struct io_ring_ctx *ctx,
5930 __must_hold(&ctx->timeout_lock)
5932 struct io_timeout_data *io;
5933 struct io_kiocb *req;
5936 list_for_each_entry(req, &ctx->timeout_list, timeout.list) {
5937 found = user_data == req->user_data;
5942 return ERR_PTR(-ENOENT);
5944 io = req->async_data;
5945 if (hrtimer_try_to_cancel(&io->timer) == -1)
5946 return ERR_PTR(-EALREADY);
5947 list_del_init(&req->timeout.list);
5951 static int io_timeout_cancel(struct io_ring_ctx *ctx, __u64 user_data)
5952 __must_hold(&ctx->completion_lock)
5953 __must_hold(&ctx->timeout_lock)
5955 struct io_kiocb *req = io_timeout_extract(ctx, user_data);
5958 return PTR_ERR(req);
5961 io_cqring_fill_event(ctx, req->user_data, -ECANCELED, 0);
5962 io_put_req_deferred(req);
5966 static clockid_t io_timeout_get_clock(struct io_timeout_data *data)
5968 switch (data->flags & IORING_TIMEOUT_CLOCK_MASK) {
5969 case IORING_TIMEOUT_BOOTTIME:
5970 return CLOCK_BOOTTIME;
5971 case IORING_TIMEOUT_REALTIME:
5972 return CLOCK_REALTIME;
5974 /* can't happen, vetted at prep time */
5978 return CLOCK_MONOTONIC;
5982 static int io_linked_timeout_update(struct io_ring_ctx *ctx, __u64 user_data,
5983 struct timespec64 *ts, enum hrtimer_mode mode)
5984 __must_hold(&ctx->timeout_lock)
5986 struct io_timeout_data *io;
5987 struct io_kiocb *req;
5990 list_for_each_entry(req, &ctx->ltimeout_list, timeout.list) {
5991 found = user_data == req->user_data;
5998 io = req->async_data;
5999 if (hrtimer_try_to_cancel(&io->timer) == -1)
6001 hrtimer_init(&io->timer, io_timeout_get_clock(io), mode);
6002 io->timer.function = io_link_timeout_fn;
6003 hrtimer_start(&io->timer, timespec64_to_ktime(*ts), mode);
6007 static int io_timeout_update(struct io_ring_ctx *ctx, __u64 user_data,
6008 struct timespec64 *ts, enum hrtimer_mode mode)
6009 __must_hold(&ctx->timeout_lock)
6011 struct io_kiocb *req = io_timeout_extract(ctx, user_data);
6012 struct io_timeout_data *data;
6015 return PTR_ERR(req);
6017 req->timeout.off = 0; /* noseq */
6018 data = req->async_data;
6019 list_add_tail(&req->timeout.list, &ctx->timeout_list);
6020 hrtimer_init(&data->timer, io_timeout_get_clock(data), mode);
6021 data->timer.function = io_timeout_fn;
6022 hrtimer_start(&data->timer, timespec64_to_ktime(*ts), mode);
6026 static int io_timeout_remove_prep(struct io_kiocb *req,
6027 const struct io_uring_sqe *sqe)
6029 struct io_timeout_rem *tr = &req->timeout_rem;
6031 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
6033 if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
6035 if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in)
6038 tr->ltimeout = false;
6039 tr->addr = READ_ONCE(sqe->addr);
6040 tr->flags = READ_ONCE(sqe->timeout_flags);
6041 if (tr->flags & IORING_TIMEOUT_UPDATE_MASK) {
6042 if (hweight32(tr->flags & IORING_TIMEOUT_CLOCK_MASK) > 1)
6044 if (tr->flags & IORING_LINK_TIMEOUT_UPDATE)
6045 tr->ltimeout = true;
6046 if (tr->flags & ~(IORING_TIMEOUT_UPDATE_MASK|IORING_TIMEOUT_ABS))
6048 if (get_timespec64(&tr->ts, u64_to_user_ptr(sqe->addr2)))
6050 } else if (tr->flags) {
6051 /* timeout removal doesn't support flags */
6058 static inline enum hrtimer_mode io_translate_timeout_mode(unsigned int flags)
6060 return (flags & IORING_TIMEOUT_ABS) ? HRTIMER_MODE_ABS
6065 * Remove or update an existing timeout command
6067 static int io_timeout_remove(struct io_kiocb *req, unsigned int issue_flags)
6069 struct io_timeout_rem *tr = &req->timeout_rem;
6070 struct io_ring_ctx *ctx = req->ctx;
6073 if (!(req->timeout_rem.flags & IORING_TIMEOUT_UPDATE)) {
6074 spin_lock(&ctx->completion_lock);
6075 spin_lock_irq(&ctx->timeout_lock);
6076 ret = io_timeout_cancel(ctx, tr->addr);
6077 spin_unlock_irq(&ctx->timeout_lock);
6078 spin_unlock(&ctx->completion_lock);
6080 enum hrtimer_mode mode = io_translate_timeout_mode(tr->flags);
6082 spin_lock_irq(&ctx->timeout_lock);
6084 ret = io_linked_timeout_update(ctx, tr->addr, &tr->ts, mode);
6086 ret = io_timeout_update(ctx, tr->addr, &tr->ts, mode);
6087 spin_unlock_irq(&ctx->timeout_lock);
6092 io_req_complete_post(req, ret, 0);
6096 static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe,
6097 bool is_timeout_link)
6099 struct io_timeout_data *data;
6101 u32 off = READ_ONCE(sqe->off);
6103 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
6105 if (sqe->ioprio || sqe->buf_index || sqe->len != 1 ||
6108 if (off && is_timeout_link)
6110 flags = READ_ONCE(sqe->timeout_flags);
6111 if (flags & ~(IORING_TIMEOUT_ABS | IORING_TIMEOUT_CLOCK_MASK |
6112 IORING_TIMEOUT_ETIME_SUCCESS))
6114 /* more than one clock specified is invalid, obviously */
6115 if (hweight32(flags & IORING_TIMEOUT_CLOCK_MASK) > 1)
6118 INIT_LIST_HEAD(&req->timeout.list);
6119 req->timeout.off = off;
6120 if (unlikely(off && !req->ctx->off_timeout_used))
6121 req->ctx->off_timeout_used = true;
6123 if (!req_has_async_data(req) && io_alloc_async_data(req))
6126 data = req->async_data;
6128 data->flags = flags;
6130 if (get_timespec64(&data->ts, u64_to_user_ptr(sqe->addr)))
6133 data->mode = io_translate_timeout_mode(flags);
6134 hrtimer_init(&data->timer, io_timeout_get_clock(data), data->mode);
6136 if (is_timeout_link) {
6137 struct io_submit_link *link = &req->ctx->submit_state.link;
6141 if (link->last->opcode == IORING_OP_LINK_TIMEOUT)
6143 req->timeout.head = link->last;
6144 link->last->flags |= REQ_F_ARM_LTIMEOUT;
6149 static int io_timeout(struct io_kiocb *req, unsigned int issue_flags)
6151 struct io_ring_ctx *ctx = req->ctx;
6152 struct io_timeout_data *data = req->async_data;
6153 struct list_head *entry;
6154 u32 tail, off = req->timeout.off;
6156 spin_lock_irq(&ctx->timeout_lock);
6159 * sqe->off holds how many events that need to occur for this
6160 * timeout event to be satisfied. If it isn't set, then this is
6161 * a pure timeout request, sequence isn't used.
6163 if (io_is_timeout_noseq(req)) {
6164 entry = ctx->timeout_list.prev;
6168 tail = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts);
6169 req->timeout.target_seq = tail + off;
6171 /* Update the last seq here in case io_flush_timeouts() hasn't.
6172 * This is safe because ->completion_lock is held, and submissions
6173 * and completions are never mixed in the same ->completion_lock section.
6175 ctx->cq_last_tm_flush = tail;
6178 * Insertion sort, ensuring the first entry in the list is always
6179 * the one we need first.
6181 list_for_each_prev(entry, &ctx->timeout_list) {
6182 struct io_kiocb *nxt = list_entry(entry, struct io_kiocb,
6185 if (io_is_timeout_noseq(nxt))
6187 /* nxt.seq is behind @tail, otherwise would've been completed */
6188 if (off >= nxt->timeout.target_seq - tail)
6192 list_add(&req->timeout.list, entry);
6193 data->timer.function = io_timeout_fn;
6194 hrtimer_start(&data->timer, timespec64_to_ktime(data->ts), data->mode);
6195 spin_unlock_irq(&ctx->timeout_lock);
6199 struct io_cancel_data {
6200 struct io_ring_ctx *ctx;
6204 static bool io_cancel_cb(struct io_wq_work *work, void *data)
6206 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
6207 struct io_cancel_data *cd = data;
6209 return req->ctx == cd->ctx && req->user_data == cd->user_data;
6212 static int io_async_cancel_one(struct io_uring_task *tctx, u64 user_data,
6213 struct io_ring_ctx *ctx)
6215 struct io_cancel_data data = { .ctx = ctx, .user_data = user_data, };
6216 enum io_wq_cancel cancel_ret;
6219 if (!tctx || !tctx->io_wq)
6222 cancel_ret = io_wq_cancel_cb(tctx->io_wq, io_cancel_cb, &data, false);
6223 switch (cancel_ret) {
6224 case IO_WQ_CANCEL_OK:
6227 case IO_WQ_CANCEL_RUNNING:
6230 case IO_WQ_CANCEL_NOTFOUND:
6238 static int io_try_cancel_userdata(struct io_kiocb *req, u64 sqe_addr)
6240 struct io_ring_ctx *ctx = req->ctx;
6243 WARN_ON_ONCE(!io_wq_current_is_worker() && req->task != current);
6245 ret = io_async_cancel_one(req->task->io_uring, sqe_addr, ctx);
6249 spin_lock(&ctx->completion_lock);
6250 spin_lock_irq(&ctx->timeout_lock);
6251 ret = io_timeout_cancel(ctx, sqe_addr);
6252 spin_unlock_irq(&ctx->timeout_lock);
6255 ret = io_poll_cancel(ctx, sqe_addr, false);
6257 spin_unlock(&ctx->completion_lock);
6261 static int io_async_cancel_prep(struct io_kiocb *req,
6262 const struct io_uring_sqe *sqe)
6264 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
6266 if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
6268 if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags ||
6272 req->cancel.addr = READ_ONCE(sqe->addr);
6276 static int io_async_cancel(struct io_kiocb *req, unsigned int issue_flags)
6278 struct io_ring_ctx *ctx = req->ctx;
6279 u64 sqe_addr = req->cancel.addr;
6280 struct io_tctx_node *node;
6283 ret = io_try_cancel_userdata(req, sqe_addr);
6287 /* slow path, try all io-wq's */
6288 io_ring_submit_lock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
6290 list_for_each_entry(node, &ctx->tctx_list, ctx_node) {
6291 struct io_uring_task *tctx = node->task->io_uring;
6293 ret = io_async_cancel_one(tctx, req->cancel.addr, ctx);
6297 io_ring_submit_unlock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
6301 io_req_complete_post(req, ret, 0);
6305 static int io_rsrc_update_prep(struct io_kiocb *req,
6306 const struct io_uring_sqe *sqe)
6308 if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
6310 if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in)
6313 req->rsrc_update.offset = READ_ONCE(sqe->off);
6314 req->rsrc_update.nr_args = READ_ONCE(sqe->len);
6315 if (!req->rsrc_update.nr_args)
6317 req->rsrc_update.arg = READ_ONCE(sqe->addr);
6321 static int io_files_update(struct io_kiocb *req, unsigned int issue_flags)
6323 struct io_ring_ctx *ctx = req->ctx;
6324 struct io_uring_rsrc_update2 up;
6327 up.offset = req->rsrc_update.offset;
6328 up.data = req->rsrc_update.arg;
6333 io_ring_submit_lock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
6334 ret = __io_register_rsrc_update(ctx, IORING_RSRC_FILE,
6335 &up, req->rsrc_update.nr_args);
6336 io_ring_submit_unlock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
6340 __io_req_complete(req, issue_flags, ret, 0);
6344 static int io_req_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
6346 switch (req->opcode) {
6349 case IORING_OP_READV:
6350 case IORING_OP_READ_FIXED:
6351 case IORING_OP_READ:
6352 return io_read_prep(req, sqe);
6353 case IORING_OP_WRITEV:
6354 case IORING_OP_WRITE_FIXED:
6355 case IORING_OP_WRITE:
6356 return io_write_prep(req, sqe);
6357 case IORING_OP_POLL_ADD:
6358 return io_poll_add_prep(req, sqe);
6359 case IORING_OP_POLL_REMOVE:
6360 return io_poll_update_prep(req, sqe);
6361 case IORING_OP_FSYNC:
6362 return io_fsync_prep(req, sqe);
6363 case IORING_OP_SYNC_FILE_RANGE:
6364 return io_sfr_prep(req, sqe);
6365 case IORING_OP_SENDMSG:
6366 case IORING_OP_SEND:
6367 return io_sendmsg_prep(req, sqe);
6368 case IORING_OP_RECVMSG:
6369 case IORING_OP_RECV:
6370 return io_recvmsg_prep(req, sqe);
6371 case IORING_OP_CONNECT:
6372 return io_connect_prep(req, sqe);
6373 case IORING_OP_TIMEOUT:
6374 return io_timeout_prep(req, sqe, false);
6375 case IORING_OP_TIMEOUT_REMOVE:
6376 return io_timeout_remove_prep(req, sqe);
6377 case IORING_OP_ASYNC_CANCEL:
6378 return io_async_cancel_prep(req, sqe);
6379 case IORING_OP_LINK_TIMEOUT:
6380 return io_timeout_prep(req, sqe, true);
6381 case IORING_OP_ACCEPT:
6382 return io_accept_prep(req, sqe);
6383 case IORING_OP_FALLOCATE:
6384 return io_fallocate_prep(req, sqe);
6385 case IORING_OP_OPENAT:
6386 return io_openat_prep(req, sqe);
6387 case IORING_OP_CLOSE:
6388 return io_close_prep(req, sqe);
6389 case IORING_OP_FILES_UPDATE:
6390 return io_rsrc_update_prep(req, sqe);
6391 case IORING_OP_STATX:
6392 return io_statx_prep(req, sqe);
6393 case IORING_OP_FADVISE:
6394 return io_fadvise_prep(req, sqe);
6395 case IORING_OP_MADVISE:
6396 return io_madvise_prep(req, sqe);
6397 case IORING_OP_OPENAT2:
6398 return io_openat2_prep(req, sqe);
6399 case IORING_OP_EPOLL_CTL:
6400 return io_epoll_ctl_prep(req, sqe);
6401 case IORING_OP_SPLICE:
6402 return io_splice_prep(req, sqe);
6403 case IORING_OP_PROVIDE_BUFFERS:
6404 return io_provide_buffers_prep(req, sqe);
6405 case IORING_OP_REMOVE_BUFFERS:
6406 return io_remove_buffers_prep(req, sqe);
6408 return io_tee_prep(req, sqe);
6409 case IORING_OP_SHUTDOWN:
6410 return io_shutdown_prep(req, sqe);
6411 case IORING_OP_RENAMEAT:
6412 return io_renameat_prep(req, sqe);
6413 case IORING_OP_UNLINKAT:
6414 return io_unlinkat_prep(req, sqe);
6415 case IORING_OP_MKDIRAT:
6416 return io_mkdirat_prep(req, sqe);
6417 case IORING_OP_SYMLINKAT:
6418 return io_symlinkat_prep(req, sqe);
6419 case IORING_OP_LINKAT:
6420 return io_linkat_prep(req, sqe);
6423 printk_once(KERN_WARNING "io_uring: unhandled opcode %d\n",
6428 static int io_req_prep_async(struct io_kiocb *req)
6430 if (!io_op_defs[req->opcode].needs_async_setup)
6432 if (WARN_ON_ONCE(req_has_async_data(req)))
6434 if (io_alloc_async_data(req))
6437 switch (req->opcode) {
6438 case IORING_OP_READV:
6439 return io_rw_prep_async(req, READ);
6440 case IORING_OP_WRITEV:
6441 return io_rw_prep_async(req, WRITE);
6442 case IORING_OP_SENDMSG:
6443 return io_sendmsg_prep_async(req);
6444 case IORING_OP_RECVMSG:
6445 return io_recvmsg_prep_async(req);
6446 case IORING_OP_CONNECT:
6447 return io_connect_prep_async(req);
6449 printk_once(KERN_WARNING "io_uring: prep_async() bad opcode %d\n",
6454 static u32 io_get_sequence(struct io_kiocb *req)
6456 u32 seq = req->ctx->cached_sq_head;
6458 /* need original cached_sq_head, but it was increased for each req */
6459 io_for_each_link(req, req)
6464 static __cold void io_drain_req(struct io_kiocb *req)
6466 struct io_ring_ctx *ctx = req->ctx;
6467 struct io_defer_entry *de;
6469 u32 seq = io_get_sequence(req);
6471 /* Still need defer if there is pending req in defer list. */
6472 if (!req_need_defer(req, seq) && list_empty_careful(&ctx->defer_list)) {
6474 ctx->drain_active = false;
6475 io_req_task_queue(req);
6479 ret = io_req_prep_async(req);
6482 io_req_complete_failed(req, ret);
6485 io_prep_async_link(req);
6486 de = kmalloc(sizeof(*de), GFP_KERNEL);
6492 spin_lock(&ctx->completion_lock);
6493 if (!req_need_defer(req, seq) && list_empty(&ctx->defer_list)) {
6494 spin_unlock(&ctx->completion_lock);
6499 trace_io_uring_defer(ctx, req, req->user_data);
6502 list_add_tail(&de->list, &ctx->defer_list);
6503 spin_unlock(&ctx->completion_lock);
6506 static void io_clean_op(struct io_kiocb *req)
6508 if (req->flags & REQ_F_BUFFER_SELECTED) {
6513 if (req->flags & REQ_F_NEED_CLEANUP) {
6514 switch (req->opcode) {
6515 case IORING_OP_READV:
6516 case IORING_OP_READ_FIXED:
6517 case IORING_OP_READ:
6518 case IORING_OP_WRITEV:
6519 case IORING_OP_WRITE_FIXED:
6520 case IORING_OP_WRITE: {
6521 struct io_async_rw *io = req->async_data;
6523 kfree(io->free_iovec);
6526 case IORING_OP_RECVMSG:
6527 case IORING_OP_SENDMSG: {
6528 struct io_async_msghdr *io = req->async_data;
6530 kfree(io->free_iov);
6533 case IORING_OP_SPLICE:
6535 if (!(req->splice.flags & SPLICE_F_FD_IN_FIXED))
6536 io_put_file(req->splice.file_in);
6538 case IORING_OP_OPENAT:
6539 case IORING_OP_OPENAT2:
6540 if (req->open.filename)
6541 putname(req->open.filename);
6543 case IORING_OP_RENAMEAT:
6544 putname(req->rename.oldpath);
6545 putname(req->rename.newpath);
6547 case IORING_OP_UNLINKAT:
6548 putname(req->unlink.filename);
6550 case IORING_OP_MKDIRAT:
6551 putname(req->mkdir.filename);
6553 case IORING_OP_SYMLINKAT:
6554 putname(req->symlink.oldpath);
6555 putname(req->symlink.newpath);
6557 case IORING_OP_LINKAT:
6558 putname(req->hardlink.oldpath);
6559 putname(req->hardlink.newpath);
6563 if ((req->flags & REQ_F_POLLED) && req->apoll) {
6564 kfree(req->apoll->double_poll);
6568 if (req->flags & REQ_F_INFLIGHT) {
6569 struct io_uring_task *tctx = req->task->io_uring;
6571 atomic_dec(&tctx->inflight_tracked);
6573 if (req->flags & REQ_F_CREDS)
6574 put_cred(req->creds);
6575 if (req->flags & REQ_F_ASYNC_DATA) {
6576 kfree(req->async_data);
6577 req->async_data = NULL;
6579 req->flags &= ~IO_REQ_CLEAN_FLAGS;
6582 static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
6584 const struct cred *creds = NULL;
6587 if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
6588 creds = override_creds(req->creds);
6590 switch (req->opcode) {
6592 ret = io_nop(req, issue_flags);
6594 case IORING_OP_READV:
6595 case IORING_OP_READ_FIXED:
6596 case IORING_OP_READ:
6597 ret = io_read(req, issue_flags);
6599 case IORING_OP_WRITEV:
6600 case IORING_OP_WRITE_FIXED:
6601 case IORING_OP_WRITE:
6602 ret = io_write(req, issue_flags);
6604 case IORING_OP_FSYNC:
6605 ret = io_fsync(req, issue_flags);
6607 case IORING_OP_POLL_ADD:
6608 ret = io_poll_add(req, issue_flags);
6610 case IORING_OP_POLL_REMOVE:
6611 ret = io_poll_update(req, issue_flags);
6613 case IORING_OP_SYNC_FILE_RANGE:
6614 ret = io_sync_file_range(req, issue_flags);
6616 case IORING_OP_SENDMSG:
6617 ret = io_sendmsg(req, issue_flags);
6619 case IORING_OP_SEND:
6620 ret = io_send(req, issue_flags);
6622 case IORING_OP_RECVMSG:
6623 ret = io_recvmsg(req, issue_flags);
6625 case IORING_OP_RECV:
6626 ret = io_recv(req, issue_flags);
6628 case IORING_OP_TIMEOUT:
6629 ret = io_timeout(req, issue_flags);
6631 case IORING_OP_TIMEOUT_REMOVE:
6632 ret = io_timeout_remove(req, issue_flags);
6634 case IORING_OP_ACCEPT:
6635 ret = io_accept(req, issue_flags);
6637 case IORING_OP_CONNECT:
6638 ret = io_connect(req, issue_flags);
6640 case IORING_OP_ASYNC_CANCEL:
6641 ret = io_async_cancel(req, issue_flags);
6643 case IORING_OP_FALLOCATE:
6644 ret = io_fallocate(req, issue_flags);
6646 case IORING_OP_OPENAT:
6647 ret = io_openat(req, issue_flags);
6649 case IORING_OP_CLOSE:
6650 ret = io_close(req, issue_flags);
6652 case IORING_OP_FILES_UPDATE:
6653 ret = io_files_update(req, issue_flags);
6655 case IORING_OP_STATX:
6656 ret = io_statx(req, issue_flags);
6658 case IORING_OP_FADVISE:
6659 ret = io_fadvise(req, issue_flags);
6661 case IORING_OP_MADVISE:
6662 ret = io_madvise(req, issue_flags);
6664 case IORING_OP_OPENAT2:
6665 ret = io_openat2(req, issue_flags);
6667 case IORING_OP_EPOLL_CTL:
6668 ret = io_epoll_ctl(req, issue_flags);
6670 case IORING_OP_SPLICE:
6671 ret = io_splice(req, issue_flags);
6673 case IORING_OP_PROVIDE_BUFFERS:
6674 ret = io_provide_buffers(req, issue_flags);
6676 case IORING_OP_REMOVE_BUFFERS:
6677 ret = io_remove_buffers(req, issue_flags);
6680 ret = io_tee(req, issue_flags);
6682 case IORING_OP_SHUTDOWN:
6683 ret = io_shutdown(req, issue_flags);
6685 case IORING_OP_RENAMEAT:
6686 ret = io_renameat(req, issue_flags);
6688 case IORING_OP_UNLINKAT:
6689 ret = io_unlinkat(req, issue_flags);
6691 case IORING_OP_MKDIRAT:
6692 ret = io_mkdirat(req, issue_flags);
6694 case IORING_OP_SYMLINKAT:
6695 ret = io_symlinkat(req, issue_flags);
6697 case IORING_OP_LINKAT:
6698 ret = io_linkat(req, issue_flags);
6706 revert_creds(creds);
6709 /* If the op doesn't have a file, we're not polling for it */
6710 if ((req->ctx->flags & IORING_SETUP_IOPOLL) && req->file)
6711 io_iopoll_req_issued(req, issue_flags);
6716 static struct io_wq_work *io_wq_free_work(struct io_wq_work *work)
6718 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
6720 req = io_put_req_find_next(req);
6721 return req ? &req->work : NULL;
6724 static void io_wq_submit_work(struct io_wq_work *work)
6726 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
6727 struct io_kiocb *timeout;
6730 /* one will be dropped by ->io_free_work() after returning to io-wq */
6731 if (!(req->flags & REQ_F_REFCOUNT))
6732 __io_req_set_refcount(req, 2);
6736 timeout = io_prep_linked_timeout(req);
6738 io_queue_linked_timeout(timeout);
6740 /* either cancelled or io-wq is dying, so don't touch tctx->iowq */
6741 if (work->flags & IO_WQ_WORK_CANCEL)
6746 ret = io_issue_sqe(req, 0);
6748 * We can get EAGAIN for polled IO even though we're
6749 * forcing a sync submission from here, since we can't
6750 * wait for request slots on the block side.
6758 /* avoid locking problems by failing it from a clean context */
6760 io_req_task_queue_fail(req, ret);
6763 static inline struct io_fixed_file *io_fixed_file_slot(struct io_file_table *table,
6766 return &table->files[i];
6769 static inline struct file *io_file_from_index(struct io_ring_ctx *ctx,
6772 struct io_fixed_file *slot = io_fixed_file_slot(&ctx->file_table, index);
6774 return (struct file *) (slot->file_ptr & FFS_MASK);
6777 static void io_fixed_file_set(struct io_fixed_file *file_slot, struct file *file)
6779 unsigned long file_ptr = (unsigned long) file;
6781 if (__io_file_supports_nowait(file, READ))
6782 file_ptr |= FFS_ASYNC_READ;
6783 if (__io_file_supports_nowait(file, WRITE))
6784 file_ptr |= FFS_ASYNC_WRITE;
6785 if (S_ISREG(file_inode(file)->i_mode))
6786 file_ptr |= FFS_ISREG;
6787 file_slot->file_ptr = file_ptr;
6790 static inline struct file *io_file_get_fixed(struct io_ring_ctx *ctx,
6791 struct io_kiocb *req, int fd)
6794 unsigned long file_ptr;
6796 if (unlikely((unsigned int)fd >= ctx->nr_user_files))
6798 fd = array_index_nospec(fd, ctx->nr_user_files);
6799 file_ptr = io_fixed_file_slot(&ctx->file_table, fd)->file_ptr;
6800 file = (struct file *) (file_ptr & FFS_MASK);
6801 file_ptr &= ~FFS_MASK;
6802 /* mask in overlapping REQ_F and FFS bits */
6803 req->flags |= (file_ptr << REQ_F_NOWAIT_READ_BIT);
6804 io_req_set_rsrc_node(req, ctx);
6808 static struct file *io_file_get_normal(struct io_ring_ctx *ctx,
6809 struct io_kiocb *req, int fd)
6811 struct file *file = fget(fd);
6813 trace_io_uring_file_get(ctx, fd);
6815 /* we don't allow fixed io_uring files */
6816 if (file && unlikely(file->f_op == &io_uring_fops))
6817 io_req_track_inflight(req);
6821 static inline struct file *io_file_get(struct io_ring_ctx *ctx,
6822 struct io_kiocb *req, int fd, bool fixed)
6825 return io_file_get_fixed(ctx, req, fd);
6827 return io_file_get_normal(ctx, req, fd);
6830 static void io_req_task_link_timeout(struct io_kiocb *req, bool *locked)
6832 struct io_kiocb *prev = req->timeout.prev;
6836 ret = io_try_cancel_userdata(req, prev->user_data);
6837 io_req_complete_post(req, ret ?: -ETIME, 0);
6840 io_req_complete_post(req, -ETIME, 0);
6844 static enum hrtimer_restart io_link_timeout_fn(struct hrtimer *timer)
6846 struct io_timeout_data *data = container_of(timer,
6847 struct io_timeout_data, timer);
6848 struct io_kiocb *prev, *req = data->req;
6849 struct io_ring_ctx *ctx = req->ctx;
6850 unsigned long flags;
6852 spin_lock_irqsave(&ctx->timeout_lock, flags);
6853 prev = req->timeout.head;
6854 req->timeout.head = NULL;
6857 * We don't expect the list to be empty, that will only happen if we
6858 * race with the completion of the linked work.
6861 io_remove_next_linked(prev);
6862 if (!req_ref_inc_not_zero(prev))
6865 list_del(&req->timeout.list);
6866 req->timeout.prev = prev;
6867 spin_unlock_irqrestore(&ctx->timeout_lock, flags);
6869 req->io_task_work.func = io_req_task_link_timeout;
6870 io_req_task_work_add(req);
6871 return HRTIMER_NORESTART;
6874 static void io_queue_linked_timeout(struct io_kiocb *req)
6876 struct io_ring_ctx *ctx = req->ctx;
6878 spin_lock_irq(&ctx->timeout_lock);
6880 * If the back reference is NULL, then our linked request finished
6881 * before we got a chance to setup the timer
6883 if (req->timeout.head) {
6884 struct io_timeout_data *data = req->async_data;
6886 data->timer.function = io_link_timeout_fn;
6887 hrtimer_start(&data->timer, timespec64_to_ktime(data->ts),
6889 list_add_tail(&req->timeout.list, &ctx->ltimeout_list);
6891 spin_unlock_irq(&ctx->timeout_lock);
6892 /* drop submission reference */
6896 static void io_queue_sqe_arm_apoll(struct io_kiocb *req)
6897 __must_hold(&req->ctx->uring_lock)
6899 struct io_kiocb *linked_timeout = io_prep_linked_timeout(req);
6901 switch (io_arm_poll_handler(req)) {
6902 case IO_APOLL_READY:
6903 if (linked_timeout) {
6904 io_unprep_linked_timeout(req);
6905 linked_timeout = NULL;
6907 io_req_task_queue(req);
6909 case IO_APOLL_ABORTED:
6911 * Queued up for async execution, worker will release
6912 * submit reference when the iocb is actually submitted.
6914 io_queue_async_work(req, NULL);
6919 io_queue_linked_timeout(linked_timeout);
6922 static inline void __io_queue_sqe(struct io_kiocb *req)
6923 __must_hold(&req->ctx->uring_lock)
6925 struct io_kiocb *linked_timeout;
6928 ret = io_issue_sqe(req, IO_URING_F_NONBLOCK|IO_URING_F_COMPLETE_DEFER);
6930 if (req->flags & REQ_F_COMPLETE_INLINE) {
6931 io_req_add_compl_list(req);
6935 * We async punt it if the file wasn't marked NOWAIT, or if the file
6936 * doesn't support non-blocking read/write attempts
6939 linked_timeout = io_prep_linked_timeout(req);
6941 io_queue_linked_timeout(linked_timeout);
6942 } else if (ret == -EAGAIN && !(req->flags & REQ_F_NOWAIT)) {
6943 io_queue_sqe_arm_apoll(req);
6945 io_req_complete_failed(req, ret);
6949 static void io_queue_sqe_fallback(struct io_kiocb *req)
6950 __must_hold(&req->ctx->uring_lock)
6952 if (req->flags & REQ_F_FAIL) {
6953 io_req_complete_fail_submit(req);
6954 } else if (unlikely(req->ctx->drain_active)) {
6957 int ret = io_req_prep_async(req);
6960 io_req_complete_failed(req, ret);
6962 io_queue_async_work(req, NULL);
6966 static inline void io_queue_sqe(struct io_kiocb *req)
6967 __must_hold(&req->ctx->uring_lock)
6969 if (likely(!(req->flags & (REQ_F_FORCE_ASYNC | REQ_F_FAIL))))
6970 __io_queue_sqe(req);
6972 io_queue_sqe_fallback(req);
6976 * Check SQE restrictions (opcode and flags).
6978 * Returns 'true' if SQE is allowed, 'false' otherwise.
6980 static inline bool io_check_restriction(struct io_ring_ctx *ctx,
6981 struct io_kiocb *req,
6982 unsigned int sqe_flags)
6984 if (!test_bit(req->opcode, ctx->restrictions.sqe_op))
6987 if ((sqe_flags & ctx->restrictions.sqe_flags_required) !=
6988 ctx->restrictions.sqe_flags_required)
6991 if (sqe_flags & ~(ctx->restrictions.sqe_flags_allowed |
6992 ctx->restrictions.sqe_flags_required))
6998 static void io_init_req_drain(struct io_kiocb *req)
7000 struct io_ring_ctx *ctx = req->ctx;
7001 struct io_kiocb *head = ctx->submit_state.link.head;
7003 ctx->drain_active = true;
7006 * If we need to drain a request in the middle of a link, drain
7007 * the head request and the next request/link after the current
7008 * link. Considering sequential execution of links,
7009 * IOSQE_IO_DRAIN will be maintained for every request of our
7012 head->flags |= IOSQE_IO_DRAIN | REQ_F_FORCE_ASYNC;
7013 ctx->drain_next = true;
7017 static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
7018 const struct io_uring_sqe *sqe)
7019 __must_hold(&ctx->uring_lock)
7021 unsigned int sqe_flags;
7025 /* req is partially pre-initialised, see io_preinit_req() */
7026 req->opcode = opcode = READ_ONCE(sqe->opcode);
7027 /* same numerical values with corresponding REQ_F_*, safe to copy */
7028 req->flags = sqe_flags = READ_ONCE(sqe->flags);
7029 req->user_data = READ_ONCE(sqe->user_data);
7031 req->fixed_rsrc_refs = NULL;
7032 req->task = current;
7034 if (unlikely(opcode >= IORING_OP_LAST)) {
7038 if (unlikely(sqe_flags & ~SQE_COMMON_FLAGS)) {
7039 /* enforce forwards compatibility on users */
7040 if (sqe_flags & ~SQE_VALID_FLAGS)
7042 if ((sqe_flags & IOSQE_BUFFER_SELECT) &&
7043 !io_op_defs[opcode].buffer_select)
7045 if (sqe_flags & IOSQE_IO_DRAIN)
7046 io_init_req_drain(req);
7048 if (unlikely(ctx->restricted || ctx->drain_active || ctx->drain_next)) {
7049 if (ctx->restricted && !io_check_restriction(ctx, req, sqe_flags))
7051 /* knock it to the slow queue path, will be drained there */
7052 if (ctx->drain_active)
7053 req->flags |= REQ_F_FORCE_ASYNC;
7054 /* if there is no link, we're at "next" request and need to drain */
7055 if (unlikely(ctx->drain_next) && !ctx->submit_state.link.head) {
7056 ctx->drain_next = false;
7057 ctx->drain_active = true;
7058 req->flags |= IOSQE_IO_DRAIN | REQ_F_FORCE_ASYNC;
7062 if (io_op_defs[opcode].needs_file) {
7063 struct io_submit_state *state = &ctx->submit_state;
7066 * Plug now if we have more than 2 IO left after this, and the
7067 * target is potentially a read/write to block based storage.
7069 if (state->need_plug && io_op_defs[opcode].plug) {
7070 state->plug_started = true;
7071 state->need_plug = false;
7072 blk_start_plug(&state->plug);
7075 req->file = io_file_get(ctx, req, READ_ONCE(sqe->fd),
7076 (sqe_flags & IOSQE_FIXED_FILE));
7077 if (unlikely(!req->file))
7081 personality = READ_ONCE(sqe->personality);
7083 req->creds = xa_load(&ctx->personalities, personality);
7086 get_cred(req->creds);
7087 req->flags |= REQ_F_CREDS;
7090 return io_req_prep(req, sqe);
7093 static int io_submit_sqe(struct io_ring_ctx *ctx, struct io_kiocb *req,
7094 const struct io_uring_sqe *sqe)
7095 __must_hold(&ctx->uring_lock)
7097 struct io_submit_link *link = &ctx->submit_state.link;
7100 ret = io_init_req(ctx, req, sqe);
7101 if (unlikely(ret)) {
7102 trace_io_uring_req_failed(sqe, ret);
7104 /* fail even hard links since we don't submit */
7107 * we can judge a link req is failed or cancelled by if
7108 * REQ_F_FAIL is set, but the head is an exception since
7109 * it may be set REQ_F_FAIL because of other req's failure
7110 * so let's leverage req->result to distinguish if a head
7111 * is set REQ_F_FAIL because of its failure or other req's
7112 * failure so that we can set the correct ret code for it.
7113 * init result here to avoid affecting the normal path.
7115 if (!(link->head->flags & REQ_F_FAIL))
7116 req_fail_link_node(link->head, -ECANCELED);
7117 } else if (!(req->flags & (REQ_F_LINK | REQ_F_HARDLINK))) {
7119 * the current req is a normal req, we should return
7120 * error and thus break the submittion loop.
7122 io_req_complete_failed(req, ret);
7125 req_fail_link_node(req, ret);
7128 /* don't need @sqe from now on */
7129 trace_io_uring_submit_sqe(ctx, req, req->opcode, req->user_data,
7131 ctx->flags & IORING_SETUP_SQPOLL);
7134 * If we already have a head request, queue this one for async
7135 * submittal once the head completes. If we don't have a head but
7136 * IOSQE_IO_LINK is set in the sqe, start a new head. This one will be
7137 * submitted sync once the chain is complete. If none of those
7138 * conditions are true (normal request), then just queue it.
7141 struct io_kiocb *head = link->head;
7143 if (!(req->flags & REQ_F_FAIL)) {
7144 ret = io_req_prep_async(req);
7145 if (unlikely(ret)) {
7146 req_fail_link_node(req, ret);
7147 if (!(head->flags & REQ_F_FAIL))
7148 req_fail_link_node(head, -ECANCELED);
7151 trace_io_uring_link(ctx, req, head);
7152 link->last->link = req;
7155 if (req->flags & (REQ_F_LINK | REQ_F_HARDLINK))
7157 /* last request of a link, enqueue the link */
7160 } else if (req->flags & (REQ_F_LINK | REQ_F_HARDLINK)) {
7171 * Batched submission is done, ensure local IO is flushed out.
7173 static void io_submit_state_end(struct io_ring_ctx *ctx)
7175 struct io_submit_state *state = &ctx->submit_state;
7177 if (state->link.head)
7178 io_queue_sqe(state->link.head);
7179 /* flush only after queuing links as they can generate completions */
7180 io_submit_flush_completions(ctx);
7181 if (state->plug_started)
7182 blk_finish_plug(&state->plug);
7186 * Start submission side cache.
7188 static void io_submit_state_start(struct io_submit_state *state,
7189 unsigned int max_ios)
7191 state->plug_started = false;
7192 state->need_plug = max_ios > 2;
7193 /* set only head, no need to init link_last in advance */
7194 state->link.head = NULL;
7197 static void io_commit_sqring(struct io_ring_ctx *ctx)
7199 struct io_rings *rings = ctx->rings;
7202 * Ensure any loads from the SQEs are done at this point,
7203 * since once we write the new head, the application could
7204 * write new data to them.
7206 smp_store_release(&rings->sq.head, ctx->cached_sq_head);
7210 * Fetch an sqe, if one is available. Note this returns a pointer to memory
7211 * that is mapped by userspace. This means that care needs to be taken to
7212 * ensure that reads are stable, as we cannot rely on userspace always
7213 * being a good citizen. If members of the sqe are validated and then later
7214 * used, it's important that those reads are done through READ_ONCE() to
7215 * prevent a re-load down the line.
7217 static const struct io_uring_sqe *io_get_sqe(struct io_ring_ctx *ctx)
7219 unsigned head, mask = ctx->sq_entries - 1;
7220 unsigned sq_idx = ctx->cached_sq_head++ & mask;
7223 * The cached sq head (or cq tail) serves two purposes:
7225 * 1) allows us to batch the cost of updating the user visible
7227 * 2) allows the kernel side to track the head on its own, even
7228 * though the application is the one updating it.
7230 head = READ_ONCE(ctx->sq_array[sq_idx]);
7231 if (likely(head < ctx->sq_entries))
7232 return &ctx->sq_sqes[head];
7234 /* drop invalid entries */
7236 WRITE_ONCE(ctx->rings->sq_dropped,
7237 READ_ONCE(ctx->rings->sq_dropped) + 1);
7241 static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr)
7242 __must_hold(&ctx->uring_lock)
7244 unsigned int entries = io_sqring_entries(ctx);
7247 if (unlikely(!entries))
7249 /* make sure SQ entry isn't read before tail */
7250 nr = min3(nr, ctx->sq_entries, entries);
7251 io_get_task_refs(nr);
7253 io_submit_state_start(&ctx->submit_state, nr);
7255 const struct io_uring_sqe *sqe;
7256 struct io_kiocb *req;
7258 if (unlikely(!io_alloc_req_refill(ctx))) {
7260 submitted = -EAGAIN;
7263 req = io_alloc_req(ctx);
7264 sqe = io_get_sqe(ctx);
7265 if (unlikely(!sqe)) {
7266 wq_stack_add_head(&req->comp_list, &ctx->submit_state.free_list);
7269 /* will complete beyond this point, count as submitted */
7271 if (io_submit_sqe(ctx, req, sqe))
7273 } while (submitted < nr);
7275 if (unlikely(submitted != nr)) {
7276 int ref_used = (submitted == -EAGAIN) ? 0 : submitted;
7277 int unused = nr - ref_used;
7279 current->io_uring->cached_refs += unused;
7282 io_submit_state_end(ctx);
7283 /* Commit SQ ring head once we've consumed and submitted all SQEs */
7284 io_commit_sqring(ctx);
7289 static inline bool io_sqd_events_pending(struct io_sq_data *sqd)
7291 return READ_ONCE(sqd->state);
7294 static inline void io_ring_set_wakeup_flag(struct io_ring_ctx *ctx)
7296 /* Tell userspace we may need a wakeup call */
7297 spin_lock(&ctx->completion_lock);
7298 WRITE_ONCE(ctx->rings->sq_flags,
7299 ctx->rings->sq_flags | IORING_SQ_NEED_WAKEUP);
7300 spin_unlock(&ctx->completion_lock);
7303 static inline void io_ring_clear_wakeup_flag(struct io_ring_ctx *ctx)
7305 spin_lock(&ctx->completion_lock);
7306 WRITE_ONCE(ctx->rings->sq_flags,
7307 ctx->rings->sq_flags & ~IORING_SQ_NEED_WAKEUP);
7308 spin_unlock(&ctx->completion_lock);
7311 static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
7313 unsigned int to_submit;
7316 to_submit = io_sqring_entries(ctx);
7317 /* if we're handling multiple rings, cap submit size for fairness */
7318 if (cap_entries && to_submit > IORING_SQPOLL_CAP_ENTRIES_VALUE)
7319 to_submit = IORING_SQPOLL_CAP_ENTRIES_VALUE;
7321 if (!wq_list_empty(&ctx->iopoll_list) || to_submit) {
7322 const struct cred *creds = NULL;
7324 if (ctx->sq_creds != current_cred())
7325 creds = override_creds(ctx->sq_creds);
7327 mutex_lock(&ctx->uring_lock);
7328 if (!wq_list_empty(&ctx->iopoll_list))
7329 io_do_iopoll(ctx, true);
7332 * Don't submit if refs are dying, good for io_uring_register(),
7333 * but also it is relied upon by io_ring_exit_work()
7335 if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs)) &&
7336 !(ctx->flags & IORING_SETUP_R_DISABLED))
7337 ret = io_submit_sqes(ctx, to_submit);
7338 mutex_unlock(&ctx->uring_lock);
7340 if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
7341 wake_up(&ctx->sqo_sq_wait);
7343 revert_creds(creds);
7349 static __cold void io_sqd_update_thread_idle(struct io_sq_data *sqd)
7351 struct io_ring_ctx *ctx;
7352 unsigned sq_thread_idle = 0;
7354 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
7355 sq_thread_idle = max(sq_thread_idle, ctx->sq_thread_idle);
7356 sqd->sq_thread_idle = sq_thread_idle;
7359 static bool io_sqd_handle_event(struct io_sq_data *sqd)
7361 bool did_sig = false;
7362 struct ksignal ksig;
7364 if (test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state) ||
7365 signal_pending(current)) {
7366 mutex_unlock(&sqd->lock);
7367 if (signal_pending(current))
7368 did_sig = get_signal(&ksig);
7370 mutex_lock(&sqd->lock);
7372 return did_sig || test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
7375 static int io_sq_thread(void *data)
7377 struct io_sq_data *sqd = data;
7378 struct io_ring_ctx *ctx;
7379 unsigned long timeout = 0;
7380 char buf[TASK_COMM_LEN];
7383 snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid);
7384 set_task_comm(current, buf);
7386 if (sqd->sq_cpu != -1)
7387 set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu));
7389 set_cpus_allowed_ptr(current, cpu_online_mask);
7390 current->flags |= PF_NO_SETAFFINITY;
7392 mutex_lock(&sqd->lock);
7394 bool cap_entries, sqt_spin = false;
7396 if (io_sqd_events_pending(sqd) || signal_pending(current)) {
7397 if (io_sqd_handle_event(sqd))
7399 timeout = jiffies + sqd->sq_thread_idle;
7402 cap_entries = !list_is_singular(&sqd->ctx_list);
7403 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
7404 int ret = __io_sq_thread(ctx, cap_entries);
7406 if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list)))
7409 if (io_run_task_work())
7412 if (sqt_spin || !time_after(jiffies, timeout)) {
7415 timeout = jiffies + sqd->sq_thread_idle;
7419 prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE);
7420 if (!io_sqd_events_pending(sqd) && !current->task_works) {
7421 bool needs_sched = true;
7423 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
7424 io_ring_set_wakeup_flag(ctx);
7426 if ((ctx->flags & IORING_SETUP_IOPOLL) &&
7427 !wq_list_empty(&ctx->iopoll_list)) {
7428 needs_sched = false;
7431 if (io_sqring_entries(ctx)) {
7432 needs_sched = false;
7438 mutex_unlock(&sqd->lock);
7440 mutex_lock(&sqd->lock);
7442 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
7443 io_ring_clear_wakeup_flag(ctx);
7446 finish_wait(&sqd->wait, &wait);
7447 timeout = jiffies + sqd->sq_thread_idle;
7450 io_uring_cancel_generic(true, sqd);
7452 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
7453 io_ring_set_wakeup_flag(ctx);
7455 mutex_unlock(&sqd->lock);
7457 complete(&sqd->exited);
7461 struct io_wait_queue {
7462 struct wait_queue_entry wq;
7463 struct io_ring_ctx *ctx;
7465 unsigned nr_timeouts;
7468 static inline bool io_should_wake(struct io_wait_queue *iowq)
7470 struct io_ring_ctx *ctx = iowq->ctx;
7471 int dist = ctx->cached_cq_tail - (int) iowq->cq_tail;
7474 * Wake up if we have enough events, or if a timeout occurred since we
7475 * started waiting. For timeouts, we always want to return to userspace,
7476 * regardless of event count.
7478 return dist >= 0 || atomic_read(&ctx->cq_timeouts) != iowq->nr_timeouts;
7481 static int io_wake_function(struct wait_queue_entry *curr, unsigned int mode,
7482 int wake_flags, void *key)
7484 struct io_wait_queue *iowq = container_of(curr, struct io_wait_queue,
7488 * Cannot safely flush overflowed CQEs from here, ensure we wake up
7489 * the task, and the next invocation will do it.
7491 if (io_should_wake(iowq) || test_bit(0, &iowq->ctx->check_cq_overflow))
7492 return autoremove_wake_function(curr, mode, wake_flags, key);
7496 static int io_run_task_work_sig(void)
7498 if (io_run_task_work())
7500 if (!signal_pending(current))
7502 if (test_thread_flag(TIF_NOTIFY_SIGNAL))
7503 return -ERESTARTSYS;
7507 /* when returns >0, the caller should retry */
7508 static inline int io_cqring_wait_schedule(struct io_ring_ctx *ctx,
7509 struct io_wait_queue *iowq,
7510 signed long *timeout)
7514 /* make sure we run task_work before checking for signals */
7515 ret = io_run_task_work_sig();
7516 if (ret || io_should_wake(iowq))
7518 /* let the caller flush overflows, retry */
7519 if (test_bit(0, &ctx->check_cq_overflow))
7522 *timeout = schedule_timeout(*timeout);
7523 return !*timeout ? -ETIME : 1;
7527 * Wait until events become available, if we don't already have some. The
7528 * application must reap them itself, as they reside on the shared cq ring.
7530 static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events,
7531 const sigset_t __user *sig, size_t sigsz,
7532 struct __kernel_timespec __user *uts)
7534 struct io_wait_queue iowq;
7535 struct io_rings *rings = ctx->rings;
7536 signed long timeout = MAX_SCHEDULE_TIMEOUT;
7540 io_cqring_overflow_flush(ctx);
7541 if (io_cqring_events(ctx) >= min_events)
7543 if (!io_run_task_work())
7548 struct timespec64 ts;
7550 if (get_timespec64(&ts, uts))
7552 timeout = timespec64_to_jiffies(&ts);
7556 #ifdef CONFIG_COMPAT
7557 if (in_compat_syscall())
7558 ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig,
7562 ret = set_user_sigmask(sig, sigsz);
7568 init_waitqueue_func_entry(&iowq.wq, io_wake_function);
7569 iowq.wq.private = current;
7570 INIT_LIST_HEAD(&iowq.wq.entry);
7572 iowq.nr_timeouts = atomic_read(&ctx->cq_timeouts);
7573 iowq.cq_tail = READ_ONCE(ctx->rings->cq.head) + min_events;
7575 trace_io_uring_cqring_wait(ctx, min_events);
7577 /* if we can't even flush overflow, don't wait for more */
7578 if (!io_cqring_overflow_flush(ctx)) {
7582 prepare_to_wait_exclusive(&ctx->cq_wait, &iowq.wq,
7583 TASK_INTERRUPTIBLE);
7584 ret = io_cqring_wait_schedule(ctx, &iowq, &timeout);
7585 finish_wait(&ctx->cq_wait, &iowq.wq);
7589 restore_saved_sigmask_unless(ret == -EINTR);
7591 return READ_ONCE(rings->cq.head) == READ_ONCE(rings->cq.tail) ? ret : 0;
7594 static void io_free_page_table(void **table, size_t size)
7596 unsigned i, nr_tables = DIV_ROUND_UP(size, PAGE_SIZE);
7598 for (i = 0; i < nr_tables; i++)
7603 static __cold void **io_alloc_page_table(size_t size)
7605 unsigned i, nr_tables = DIV_ROUND_UP(size, PAGE_SIZE);
7606 size_t init_size = size;
7609 table = kcalloc(nr_tables, sizeof(*table), GFP_KERNEL_ACCOUNT);
7613 for (i = 0; i < nr_tables; i++) {
7614 unsigned int this_size = min_t(size_t, size, PAGE_SIZE);
7616 table[i] = kzalloc(this_size, GFP_KERNEL_ACCOUNT);
7618 io_free_page_table(table, init_size);
7626 static void io_rsrc_node_destroy(struct io_rsrc_node *ref_node)
7628 percpu_ref_exit(&ref_node->refs);
7632 static __cold void io_rsrc_node_ref_zero(struct percpu_ref *ref)
7634 struct io_rsrc_node *node = container_of(ref, struct io_rsrc_node, refs);
7635 struct io_ring_ctx *ctx = node->rsrc_data->ctx;
7636 unsigned long flags;
7637 bool first_add = false;
7639 spin_lock_irqsave(&ctx->rsrc_ref_lock, flags);
7642 while (!list_empty(&ctx->rsrc_ref_list)) {
7643 node = list_first_entry(&ctx->rsrc_ref_list,
7644 struct io_rsrc_node, node);
7645 /* recycle ref nodes in order */
7648 list_del(&node->node);
7649 first_add |= llist_add(&node->llist, &ctx->rsrc_put_llist);
7651 spin_unlock_irqrestore(&ctx->rsrc_ref_lock, flags);
7654 mod_delayed_work(system_wq, &ctx->rsrc_put_work, HZ);
7657 static struct io_rsrc_node *io_rsrc_node_alloc(struct io_ring_ctx *ctx)
7659 struct io_rsrc_node *ref_node;
7661 ref_node = kzalloc(sizeof(*ref_node), GFP_KERNEL);
7665 if (percpu_ref_init(&ref_node->refs, io_rsrc_node_ref_zero,
7670 INIT_LIST_HEAD(&ref_node->node);
7671 INIT_LIST_HEAD(&ref_node->rsrc_list);
7672 ref_node->done = false;
7676 static void io_rsrc_node_switch(struct io_ring_ctx *ctx,
7677 struct io_rsrc_data *data_to_kill)
7678 __must_hold(&ctx->uring_lock)
7680 WARN_ON_ONCE(!ctx->rsrc_backup_node);
7681 WARN_ON_ONCE(data_to_kill && !ctx->rsrc_node);
7683 io_rsrc_refs_drop(ctx);
7686 struct io_rsrc_node *rsrc_node = ctx->rsrc_node;
7688 rsrc_node->rsrc_data = data_to_kill;
7689 spin_lock_irq(&ctx->rsrc_ref_lock);
7690 list_add_tail(&rsrc_node->node, &ctx->rsrc_ref_list);
7691 spin_unlock_irq(&ctx->rsrc_ref_lock);
7693 atomic_inc(&data_to_kill->refs);
7694 percpu_ref_kill(&rsrc_node->refs);
7695 ctx->rsrc_node = NULL;
7698 if (!ctx->rsrc_node) {
7699 ctx->rsrc_node = ctx->rsrc_backup_node;
7700 ctx->rsrc_backup_node = NULL;
7704 static int io_rsrc_node_switch_start(struct io_ring_ctx *ctx)
7706 if (ctx->rsrc_backup_node)
7708 ctx->rsrc_backup_node = io_rsrc_node_alloc(ctx);
7709 return ctx->rsrc_backup_node ? 0 : -ENOMEM;
7712 static __cold int io_rsrc_ref_quiesce(struct io_rsrc_data *data,
7713 struct io_ring_ctx *ctx)
7717 /* As we may drop ->uring_lock, other task may have started quiesce */
7721 data->quiesce = true;
7723 ret = io_rsrc_node_switch_start(ctx);
7726 io_rsrc_node_switch(ctx, data);
7728 /* kill initial ref, already quiesced if zero */
7729 if (atomic_dec_and_test(&data->refs))
7731 mutex_unlock(&ctx->uring_lock);
7732 flush_delayed_work(&ctx->rsrc_put_work);
7733 ret = wait_for_completion_interruptible(&data->done);
7735 mutex_lock(&ctx->uring_lock);
7739 atomic_inc(&data->refs);
7740 /* wait for all works potentially completing data->done */
7741 flush_delayed_work(&ctx->rsrc_put_work);
7742 reinit_completion(&data->done);
7744 ret = io_run_task_work_sig();
7745 mutex_lock(&ctx->uring_lock);
7747 data->quiesce = false;
7752 static u64 *io_get_tag_slot(struct io_rsrc_data *data, unsigned int idx)
7754 unsigned int off = idx & IO_RSRC_TAG_TABLE_MASK;
7755 unsigned int table_idx = idx >> IO_RSRC_TAG_TABLE_SHIFT;
7757 return &data->tags[table_idx][off];
7760 static void io_rsrc_data_free(struct io_rsrc_data *data)
7762 size_t size = data->nr * sizeof(data->tags[0][0]);
7765 io_free_page_table((void **)data->tags, size);
7769 static __cold int io_rsrc_data_alloc(struct io_ring_ctx *ctx, rsrc_put_fn *do_put,
7770 u64 __user *utags, unsigned nr,
7771 struct io_rsrc_data **pdata)
7773 struct io_rsrc_data *data;
7777 data = kzalloc(sizeof(*data), GFP_KERNEL);
7780 data->tags = (u64 **)io_alloc_page_table(nr * sizeof(data->tags[0][0]));
7788 data->do_put = do_put;
7791 for (i = 0; i < nr; i++) {
7792 u64 *tag_slot = io_get_tag_slot(data, i);
7794 if (copy_from_user(tag_slot, &utags[i],
7800 atomic_set(&data->refs, 1);
7801 init_completion(&data->done);
7805 io_rsrc_data_free(data);
7809 static bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files)
7811 table->files = kvcalloc(nr_files, sizeof(table->files[0]),
7812 GFP_KERNEL_ACCOUNT);
7813 return !!table->files;
7816 static void io_free_file_tables(struct io_file_table *table)
7818 kvfree(table->files);
7819 table->files = NULL;
7822 static void __io_sqe_files_unregister(struct io_ring_ctx *ctx)
7824 #if defined(CONFIG_UNIX)
7825 if (ctx->ring_sock) {
7826 struct sock *sock = ctx->ring_sock->sk;
7827 struct sk_buff *skb;
7829 while ((skb = skb_dequeue(&sock->sk_receive_queue)) != NULL)
7835 for (i = 0; i < ctx->nr_user_files; i++) {
7838 file = io_file_from_index(ctx, i);
7843 io_free_file_tables(&ctx->file_table);
7844 io_rsrc_data_free(ctx->file_data);
7845 ctx->file_data = NULL;
7846 ctx->nr_user_files = 0;
7849 static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
7853 if (!ctx->file_data)
7855 ret = io_rsrc_ref_quiesce(ctx->file_data, ctx);
7857 __io_sqe_files_unregister(ctx);
7861 static void io_sq_thread_unpark(struct io_sq_data *sqd)
7862 __releases(&sqd->lock)
7864 WARN_ON_ONCE(sqd->thread == current);
7867 * Do the dance but not conditional clear_bit() because it'd race with
7868 * other threads incrementing park_pending and setting the bit.
7870 clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
7871 if (atomic_dec_return(&sqd->park_pending))
7872 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
7873 mutex_unlock(&sqd->lock);
7876 static void io_sq_thread_park(struct io_sq_data *sqd)
7877 __acquires(&sqd->lock)
7879 WARN_ON_ONCE(sqd->thread == current);
7881 atomic_inc(&sqd->park_pending);
7882 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
7883 mutex_lock(&sqd->lock);
7885 wake_up_process(sqd->thread);
7888 static void io_sq_thread_stop(struct io_sq_data *sqd)
7890 WARN_ON_ONCE(sqd->thread == current);
7891 WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state));
7893 set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
7894 mutex_lock(&sqd->lock);
7896 wake_up_process(sqd->thread);
7897 mutex_unlock(&sqd->lock);
7898 wait_for_completion(&sqd->exited);
7901 static void io_put_sq_data(struct io_sq_data *sqd)
7903 if (refcount_dec_and_test(&sqd->refs)) {
7904 WARN_ON_ONCE(atomic_read(&sqd->park_pending));
7906 io_sq_thread_stop(sqd);
7911 static void io_sq_thread_finish(struct io_ring_ctx *ctx)
7913 struct io_sq_data *sqd = ctx->sq_data;
7916 io_sq_thread_park(sqd);
7917 list_del_init(&ctx->sqd_list);
7918 io_sqd_update_thread_idle(sqd);
7919 io_sq_thread_unpark(sqd);
7921 io_put_sq_data(sqd);
7922 ctx->sq_data = NULL;
7926 static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p)
7928 struct io_ring_ctx *ctx_attach;
7929 struct io_sq_data *sqd;
7932 f = fdget(p->wq_fd);
7934 return ERR_PTR(-ENXIO);
7935 if (f.file->f_op != &io_uring_fops) {
7937 return ERR_PTR(-EINVAL);
7940 ctx_attach = f.file->private_data;
7941 sqd = ctx_attach->sq_data;
7944 return ERR_PTR(-EINVAL);
7946 if (sqd->task_tgid != current->tgid) {
7948 return ERR_PTR(-EPERM);
7951 refcount_inc(&sqd->refs);
7956 static struct io_sq_data *io_get_sq_data(struct io_uring_params *p,
7959 struct io_sq_data *sqd;
7962 if (p->flags & IORING_SETUP_ATTACH_WQ) {
7963 sqd = io_attach_sq_data(p);
7968 /* fall through for EPERM case, setup new sqd/task */
7969 if (PTR_ERR(sqd) != -EPERM)
7973 sqd = kzalloc(sizeof(*sqd), GFP_KERNEL);
7975 return ERR_PTR(-ENOMEM);
7977 atomic_set(&sqd->park_pending, 0);
7978 refcount_set(&sqd->refs, 1);
7979 INIT_LIST_HEAD(&sqd->ctx_list);
7980 mutex_init(&sqd->lock);
7981 init_waitqueue_head(&sqd->wait);
7982 init_completion(&sqd->exited);
7986 #if defined(CONFIG_UNIX)
7988 * Ensure the UNIX gc is aware of our file set, so we are certain that
7989 * the io_uring can be safely unregistered on process exit, even if we have
7990 * loops in the file referencing.
7992 static int __io_sqe_files_scm(struct io_ring_ctx *ctx, int nr, int offset)
7994 struct sock *sk = ctx->ring_sock->sk;
7995 struct scm_fp_list *fpl;
7996 struct sk_buff *skb;
7999 fpl = kzalloc(sizeof(*fpl), GFP_KERNEL);
8003 skb = alloc_skb(0, GFP_KERNEL);
8012 fpl->user = get_uid(current_user());
8013 for (i = 0; i < nr; i++) {
8014 struct file *file = io_file_from_index(ctx, i + offset);
8018 fpl->fp[nr_files] = get_file(file);
8019 unix_inflight(fpl->user, fpl->fp[nr_files]);
8024 fpl->max = SCM_MAX_FD;
8025 fpl->count = nr_files;
8026 UNIXCB(skb).fp = fpl;
8027 skb->destructor = unix_destruct_scm;
8028 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
8029 skb_queue_head(&sk->sk_receive_queue, skb);
8031 for (i = 0; i < nr_files; i++)
8042 * If UNIX sockets are enabled, fd passing can cause a reference cycle which
8043 * causes regular reference counting to break down. We rely on the UNIX
8044 * garbage collection to take care of this problem for us.
8046 static int io_sqe_files_scm(struct io_ring_ctx *ctx)
8048 unsigned left, total;
8052 left = ctx->nr_user_files;
8054 unsigned this_files = min_t(unsigned, left, SCM_MAX_FD);
8056 ret = __io_sqe_files_scm(ctx, this_files, total);
8060 total += this_files;
8066 while (total < ctx->nr_user_files) {
8067 struct file *file = io_file_from_index(ctx, total);
8077 static int io_sqe_files_scm(struct io_ring_ctx *ctx)
8083 static void io_rsrc_file_put(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc)
8085 struct file *file = prsrc->file;
8086 #if defined(CONFIG_UNIX)
8087 struct sock *sock = ctx->ring_sock->sk;
8088 struct sk_buff_head list, *head = &sock->sk_receive_queue;
8089 struct sk_buff *skb;
8092 __skb_queue_head_init(&list);
8095 * Find the skb that holds this file in its SCM_RIGHTS. When found,
8096 * remove this entry and rearrange the file array.
8098 skb = skb_dequeue(head);
8100 struct scm_fp_list *fp;
8102 fp = UNIXCB(skb).fp;
8103 for (i = 0; i < fp->count; i++) {
8106 if (fp->fp[i] != file)
8109 unix_notinflight(fp->user, fp->fp[i]);
8110 left = fp->count - 1 - i;
8112 memmove(&fp->fp[i], &fp->fp[i + 1],
8113 left * sizeof(struct file *));
8120 __skb_queue_tail(&list, skb);
8130 __skb_queue_tail(&list, skb);
8132 skb = skb_dequeue(head);
8135 if (skb_peek(&list)) {
8136 spin_lock_irq(&head->lock);
8137 while ((skb = __skb_dequeue(&list)) != NULL)
8138 __skb_queue_tail(head, skb);
8139 spin_unlock_irq(&head->lock);
8146 static void __io_rsrc_put_work(struct io_rsrc_node *ref_node)
8148 struct io_rsrc_data *rsrc_data = ref_node->rsrc_data;
8149 struct io_ring_ctx *ctx = rsrc_data->ctx;
8150 struct io_rsrc_put *prsrc, *tmp;
8152 list_for_each_entry_safe(prsrc, tmp, &ref_node->rsrc_list, list) {
8153 list_del(&prsrc->list);
8156 bool lock_ring = ctx->flags & IORING_SETUP_IOPOLL;
8158 io_ring_submit_lock(ctx, lock_ring);
8159 spin_lock(&ctx->completion_lock);
8160 io_cqring_fill_event(ctx, prsrc->tag, 0, 0);
8162 io_commit_cqring(ctx);
8163 spin_unlock(&ctx->completion_lock);
8164 io_cqring_ev_posted(ctx);
8165 io_ring_submit_unlock(ctx, lock_ring);
8168 rsrc_data->do_put(ctx, prsrc);
8172 io_rsrc_node_destroy(ref_node);
8173 if (atomic_dec_and_test(&rsrc_data->refs))
8174 complete(&rsrc_data->done);
8177 static void io_rsrc_put_work(struct work_struct *work)
8179 struct io_ring_ctx *ctx;
8180 struct llist_node *node;
8182 ctx = container_of(work, struct io_ring_ctx, rsrc_put_work.work);
8183 node = llist_del_all(&ctx->rsrc_put_llist);
8186 struct io_rsrc_node *ref_node;
8187 struct llist_node *next = node->next;
8189 ref_node = llist_entry(node, struct io_rsrc_node, llist);
8190 __io_rsrc_put_work(ref_node);
8195 static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg,
8196 unsigned nr_args, u64 __user *tags)
8198 __s32 __user *fds = (__s32 __user *) arg;
8207 if (nr_args > IORING_MAX_FIXED_FILES)
8209 if (nr_args > rlimit(RLIMIT_NOFILE))
8211 ret = io_rsrc_node_switch_start(ctx);
8214 ret = io_rsrc_data_alloc(ctx, io_rsrc_file_put, tags, nr_args,
8220 if (!io_alloc_file_tables(&ctx->file_table, nr_args))
8223 for (i = 0; i < nr_args; i++, ctx->nr_user_files++) {
8224 if (copy_from_user(&fd, &fds[i], sizeof(fd))) {
8228 /* allow sparse sets */
8231 if (unlikely(*io_get_tag_slot(ctx->file_data, i)))
8238 if (unlikely(!file))
8242 * Don't allow io_uring instances to be registered. If UNIX
8243 * isn't enabled, then this causes a reference cycle and this
8244 * instance can never get freed. If UNIX is enabled we'll
8245 * handle it just fine, but there's still no point in allowing
8246 * a ring fd as it doesn't support regular read/write anyway.
8248 if (file->f_op == &io_uring_fops) {
8252 io_fixed_file_set(io_fixed_file_slot(&ctx->file_table, i), file);
8255 ret = io_sqe_files_scm(ctx);
8257 __io_sqe_files_unregister(ctx);
8261 io_rsrc_node_switch(ctx, NULL);
8264 for (i = 0; i < ctx->nr_user_files; i++) {
8265 file = io_file_from_index(ctx, i);
8269 io_free_file_tables(&ctx->file_table);
8270 ctx->nr_user_files = 0;
8272 io_rsrc_data_free(ctx->file_data);
8273 ctx->file_data = NULL;
8277 static int io_sqe_file_register(struct io_ring_ctx *ctx, struct file *file,
8280 #if defined(CONFIG_UNIX)
8281 struct sock *sock = ctx->ring_sock->sk;
8282 struct sk_buff_head *head = &sock->sk_receive_queue;
8283 struct sk_buff *skb;
8286 * See if we can merge this file into an existing skb SCM_RIGHTS
8287 * file set. If there's no room, fall back to allocating a new skb
8288 * and filling it in.
8290 spin_lock_irq(&head->lock);
8291 skb = skb_peek(head);
8293 struct scm_fp_list *fpl = UNIXCB(skb).fp;
8295 if (fpl->count < SCM_MAX_FD) {
8296 __skb_unlink(skb, head);
8297 spin_unlock_irq(&head->lock);
8298 fpl->fp[fpl->count] = get_file(file);
8299 unix_inflight(fpl->user, fpl->fp[fpl->count]);
8301 spin_lock_irq(&head->lock);
8302 __skb_queue_head(head, skb);
8307 spin_unlock_irq(&head->lock);
8314 return __io_sqe_files_scm(ctx, 1, index);
8320 static int io_queue_rsrc_removal(struct io_rsrc_data *data, unsigned idx,
8321 struct io_rsrc_node *node, void *rsrc)
8323 struct io_rsrc_put *prsrc;
8325 prsrc = kzalloc(sizeof(*prsrc), GFP_KERNEL);
8329 prsrc->tag = *io_get_tag_slot(data, idx);
8331 list_add(&prsrc->list, &node->rsrc_list);
8335 static int io_install_fixed_file(struct io_kiocb *req, struct file *file,
8336 unsigned int issue_flags, u32 slot_index)
8338 struct io_ring_ctx *ctx = req->ctx;
8339 bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
8340 bool needs_switch = false;
8341 struct io_fixed_file *file_slot;
8344 io_ring_submit_lock(ctx, !force_nonblock);
8345 if (file->f_op == &io_uring_fops)
8348 if (!ctx->file_data)
8351 if (slot_index >= ctx->nr_user_files)
8354 slot_index = array_index_nospec(slot_index, ctx->nr_user_files);
8355 file_slot = io_fixed_file_slot(&ctx->file_table, slot_index);
8357 if (file_slot->file_ptr) {
8358 struct file *old_file;
8360 ret = io_rsrc_node_switch_start(ctx);
8364 old_file = (struct file *)(file_slot->file_ptr & FFS_MASK);
8365 ret = io_queue_rsrc_removal(ctx->file_data, slot_index,
8366 ctx->rsrc_node, old_file);
8369 file_slot->file_ptr = 0;
8370 needs_switch = true;
8373 *io_get_tag_slot(ctx->file_data, slot_index) = 0;
8374 io_fixed_file_set(file_slot, file);
8375 ret = io_sqe_file_register(ctx, file, slot_index);
8377 file_slot->file_ptr = 0;
8384 io_rsrc_node_switch(ctx, ctx->file_data);
8385 io_ring_submit_unlock(ctx, !force_nonblock);
8391 static int io_close_fixed(struct io_kiocb *req, unsigned int issue_flags)
8393 unsigned int offset = req->close.file_slot - 1;
8394 struct io_ring_ctx *ctx = req->ctx;
8395 struct io_fixed_file *file_slot;
8399 io_ring_submit_lock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
8401 if (unlikely(!ctx->file_data))
8404 if (offset >= ctx->nr_user_files)
8406 ret = io_rsrc_node_switch_start(ctx);
8410 i = array_index_nospec(offset, ctx->nr_user_files);
8411 file_slot = io_fixed_file_slot(&ctx->file_table, i);
8413 if (!file_slot->file_ptr)
8416 file = (struct file *)(file_slot->file_ptr & FFS_MASK);
8417 ret = io_queue_rsrc_removal(ctx->file_data, offset, ctx->rsrc_node, file);
8421 file_slot->file_ptr = 0;
8422 io_rsrc_node_switch(ctx, ctx->file_data);
8425 io_ring_submit_unlock(ctx, !(issue_flags & IO_URING_F_NONBLOCK));
8429 static int __io_sqe_files_update(struct io_ring_ctx *ctx,
8430 struct io_uring_rsrc_update2 *up,
8433 u64 __user *tags = u64_to_user_ptr(up->tags);
8434 __s32 __user *fds = u64_to_user_ptr(up->data);
8435 struct io_rsrc_data *data = ctx->file_data;
8436 struct io_fixed_file *file_slot;
8440 bool needs_switch = false;
8442 if (!ctx->file_data)
8444 if (up->offset + nr_args > ctx->nr_user_files)
8447 for (done = 0; done < nr_args; done++) {
8450 if ((tags && copy_from_user(&tag, &tags[done], sizeof(tag))) ||
8451 copy_from_user(&fd, &fds[done], sizeof(fd))) {
8455 if ((fd == IORING_REGISTER_FILES_SKIP || fd == -1) && tag) {
8459 if (fd == IORING_REGISTER_FILES_SKIP)
8462 i = array_index_nospec(up->offset + done, ctx->nr_user_files);
8463 file_slot = io_fixed_file_slot(&ctx->file_table, i);
8465 if (file_slot->file_ptr) {
8466 file = (struct file *)(file_slot->file_ptr & FFS_MASK);
8467 err = io_queue_rsrc_removal(data, up->offset + done,
8468 ctx->rsrc_node, file);
8471 file_slot->file_ptr = 0;
8472 needs_switch = true;
8481 * Don't allow io_uring instances to be registered. If
8482 * UNIX isn't enabled, then this causes a reference
8483 * cycle and this instance can never get freed. If UNIX
8484 * is enabled we'll handle it just fine, but there's
8485 * still no point in allowing a ring fd as it doesn't
8486 * support regular read/write anyway.
8488 if (file->f_op == &io_uring_fops) {
8493 *io_get_tag_slot(data, up->offset + done) = tag;
8494 io_fixed_file_set(file_slot, file);
8495 err = io_sqe_file_register(ctx, file, i);
8497 file_slot->file_ptr = 0;
8505 io_rsrc_node_switch(ctx, data);
8506 return done ? done : err;
8509 static struct io_wq *io_init_wq_offload(struct io_ring_ctx *ctx,
8510 struct task_struct *task)
8512 struct io_wq_hash *hash;
8513 struct io_wq_data data;
8514 unsigned int concurrency;
8516 mutex_lock(&ctx->uring_lock);
8517 hash = ctx->hash_map;
8519 hash = kzalloc(sizeof(*hash), GFP_KERNEL);
8521 mutex_unlock(&ctx->uring_lock);
8522 return ERR_PTR(-ENOMEM);
8524 refcount_set(&hash->refs, 1);
8525 init_waitqueue_head(&hash->wait);
8526 ctx->hash_map = hash;
8528 mutex_unlock(&ctx->uring_lock);
8532 data.free_work = io_wq_free_work;
8533 data.do_work = io_wq_submit_work;
8535 /* Do QD, or 4 * CPUS, whatever is smallest */
8536 concurrency = min(ctx->sq_entries, 4 * num_online_cpus());
8538 return io_wq_create(concurrency, &data);
8541 static __cold int io_uring_alloc_task_context(struct task_struct *task,
8542 struct io_ring_ctx *ctx)
8544 struct io_uring_task *tctx;
8547 tctx = kzalloc(sizeof(*tctx), GFP_KERNEL);
8548 if (unlikely(!tctx))
8551 ret = percpu_counter_init(&tctx->inflight, 0, GFP_KERNEL);
8552 if (unlikely(ret)) {
8557 tctx->io_wq = io_init_wq_offload(ctx, task);
8558 if (IS_ERR(tctx->io_wq)) {
8559 ret = PTR_ERR(tctx->io_wq);
8560 percpu_counter_destroy(&tctx->inflight);
8566 init_waitqueue_head(&tctx->wait);
8567 atomic_set(&tctx->in_idle, 0);
8568 atomic_set(&tctx->inflight_tracked, 0);
8569 task->io_uring = tctx;
8570 spin_lock_init(&tctx->task_lock);
8571 INIT_WQ_LIST(&tctx->task_list);
8572 init_task_work(&tctx->task_work, tctx_task_work);
8576 void __io_uring_free(struct task_struct *tsk)
8578 struct io_uring_task *tctx = tsk->io_uring;
8580 WARN_ON_ONCE(!xa_empty(&tctx->xa));
8581 WARN_ON_ONCE(tctx->io_wq);
8582 WARN_ON_ONCE(tctx->cached_refs);
8584 percpu_counter_destroy(&tctx->inflight);
8586 tsk->io_uring = NULL;
8589 static __cold int io_sq_offload_create(struct io_ring_ctx *ctx,
8590 struct io_uring_params *p)
8594 /* Retain compatibility with failing for an invalid attach attempt */
8595 if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) ==
8596 IORING_SETUP_ATTACH_WQ) {
8599 f = fdget(p->wq_fd);
8602 if (f.file->f_op != &io_uring_fops) {
8608 if (ctx->flags & IORING_SETUP_SQPOLL) {
8609 struct task_struct *tsk;
8610 struct io_sq_data *sqd;
8613 sqd = io_get_sq_data(p, &attached);
8619 ctx->sq_creds = get_current_cred();
8621 ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle);
8622 if (!ctx->sq_thread_idle)
8623 ctx->sq_thread_idle = HZ;
8625 io_sq_thread_park(sqd);
8626 list_add(&ctx->sqd_list, &sqd->ctx_list);
8627 io_sqd_update_thread_idle(sqd);
8628 /* don't attach to a dying SQPOLL thread, would be racy */
8629 ret = (attached && !sqd->thread) ? -ENXIO : 0;
8630 io_sq_thread_unpark(sqd);
8637 if (p->flags & IORING_SETUP_SQ_AFF) {
8638 int cpu = p->sq_thread_cpu;
8641 if (cpu >= nr_cpu_ids || !cpu_online(cpu))
8648 sqd->task_pid = current->pid;
8649 sqd->task_tgid = current->tgid;
8650 tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE);
8657 ret = io_uring_alloc_task_context(tsk, ctx);
8658 wake_up_new_task(tsk);
8661 } else if (p->flags & IORING_SETUP_SQ_AFF) {
8662 /* Can't have SQ_AFF without SQPOLL */
8669 complete(&ctx->sq_data->exited);
8671 io_sq_thread_finish(ctx);
8675 static inline void __io_unaccount_mem(struct user_struct *user,
8676 unsigned long nr_pages)
8678 atomic_long_sub(nr_pages, &user->locked_vm);
8681 static inline int __io_account_mem(struct user_struct *user,
8682 unsigned long nr_pages)
8684 unsigned long page_limit, cur_pages, new_pages;
8686 /* Don't allow more pages than we can safely lock */
8687 page_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
8690 cur_pages = atomic_long_read(&user->locked_vm);
8691 new_pages = cur_pages + nr_pages;
8692 if (new_pages > page_limit)
8694 } while (atomic_long_cmpxchg(&user->locked_vm, cur_pages,
8695 new_pages) != cur_pages);
8700 static void io_unaccount_mem(struct io_ring_ctx *ctx, unsigned long nr_pages)
8703 __io_unaccount_mem(ctx->user, nr_pages);
8705 if (ctx->mm_account)
8706 atomic64_sub(nr_pages, &ctx->mm_account->pinned_vm);
8709 static int io_account_mem(struct io_ring_ctx *ctx, unsigned long nr_pages)
8714 ret = __io_account_mem(ctx->user, nr_pages);
8719 if (ctx->mm_account)
8720 atomic64_add(nr_pages, &ctx->mm_account->pinned_vm);
8725 static void io_mem_free(void *ptr)
8732 page = virt_to_head_page(ptr);
8733 if (put_page_testzero(page))
8734 free_compound_page(page);
8737 static void *io_mem_alloc(size_t size)
8739 gfp_t gfp_flags = GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_COMP |
8740 __GFP_NORETRY | __GFP_ACCOUNT;
8742 return (void *) __get_free_pages(gfp_flags, get_order(size));
8745 static unsigned long rings_size(unsigned sq_entries, unsigned cq_entries,
8748 struct io_rings *rings;
8749 size_t off, sq_array_size;
8751 off = struct_size(rings, cqes, cq_entries);
8752 if (off == SIZE_MAX)
8756 off = ALIGN(off, SMP_CACHE_BYTES);
8764 sq_array_size = array_size(sizeof(u32), sq_entries);
8765 if (sq_array_size == SIZE_MAX)
8768 if (check_add_overflow(off, sq_array_size, &off))
8774 static void io_buffer_unmap(struct io_ring_ctx *ctx, struct io_mapped_ubuf **slot)
8776 struct io_mapped_ubuf *imu = *slot;
8779 if (imu != ctx->dummy_ubuf) {
8780 for (i = 0; i < imu->nr_bvecs; i++)
8781 unpin_user_page(imu->bvec[i].bv_page);
8782 if (imu->acct_pages)
8783 io_unaccount_mem(ctx, imu->acct_pages);
8789 static void io_rsrc_buf_put(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc)
8791 io_buffer_unmap(ctx, &prsrc->buf);
8795 static void __io_sqe_buffers_unregister(struct io_ring_ctx *ctx)
8799 for (i = 0; i < ctx->nr_user_bufs; i++)
8800 io_buffer_unmap(ctx, &ctx->user_bufs[i]);
8801 kfree(ctx->user_bufs);
8802 io_rsrc_data_free(ctx->buf_data);
8803 ctx->user_bufs = NULL;
8804 ctx->buf_data = NULL;
8805 ctx->nr_user_bufs = 0;
8808 static int io_sqe_buffers_unregister(struct io_ring_ctx *ctx)
8815 ret = io_rsrc_ref_quiesce(ctx->buf_data, ctx);
8817 __io_sqe_buffers_unregister(ctx);
8821 static int io_copy_iov(struct io_ring_ctx *ctx, struct iovec *dst,
8822 void __user *arg, unsigned index)
8824 struct iovec __user *src;
8826 #ifdef CONFIG_COMPAT
8828 struct compat_iovec __user *ciovs;
8829 struct compat_iovec ciov;
8831 ciovs = (struct compat_iovec __user *) arg;
8832 if (copy_from_user(&ciov, &ciovs[index], sizeof(ciov)))
8835 dst->iov_base = u64_to_user_ptr((u64)ciov.iov_base);
8836 dst->iov_len = ciov.iov_len;
8840 src = (struct iovec __user *) arg;
8841 if (copy_from_user(dst, &src[index], sizeof(*dst)))
8847 * Not super efficient, but this is just a registration time. And we do cache
8848 * the last compound head, so generally we'll only do a full search if we don't
8851 * We check if the given compound head page has already been accounted, to
8852 * avoid double accounting it. This allows us to account the full size of the
8853 * page, not just the constituent pages of a huge page.
8855 static bool headpage_already_acct(struct io_ring_ctx *ctx, struct page **pages,
8856 int nr_pages, struct page *hpage)
8860 /* check current page array */
8861 for (i = 0; i < nr_pages; i++) {
8862 if (!PageCompound(pages[i]))
8864 if (compound_head(pages[i]) == hpage)
8868 /* check previously registered pages */
8869 for (i = 0; i < ctx->nr_user_bufs; i++) {
8870 struct io_mapped_ubuf *imu = ctx->user_bufs[i];
8872 for (j = 0; j < imu->nr_bvecs; j++) {
8873 if (!PageCompound(imu->bvec[j].bv_page))
8875 if (compound_head(imu->bvec[j].bv_page) == hpage)
8883 static int io_buffer_account_pin(struct io_ring_ctx *ctx, struct page **pages,
8884 int nr_pages, struct io_mapped_ubuf *imu,
8885 struct page **last_hpage)
8889 imu->acct_pages = 0;
8890 for (i = 0; i < nr_pages; i++) {
8891 if (!PageCompound(pages[i])) {
8896 hpage = compound_head(pages[i]);
8897 if (hpage == *last_hpage)
8899 *last_hpage = hpage;
8900 if (headpage_already_acct(ctx, pages, i, hpage))
8902 imu->acct_pages += page_size(hpage) >> PAGE_SHIFT;
8906 if (!imu->acct_pages)
8909 ret = io_account_mem(ctx, imu->acct_pages);
8911 imu->acct_pages = 0;
8915 static int io_sqe_buffer_register(struct io_ring_ctx *ctx, struct iovec *iov,
8916 struct io_mapped_ubuf **pimu,
8917 struct page **last_hpage)
8919 struct io_mapped_ubuf *imu = NULL;
8920 struct vm_area_struct **vmas = NULL;
8921 struct page **pages = NULL;
8922 unsigned long off, start, end, ubuf;
8924 int ret, pret, nr_pages, i;
8926 if (!iov->iov_base) {
8927 *pimu = ctx->dummy_ubuf;
8931 ubuf = (unsigned long) iov->iov_base;
8932 end = (ubuf + iov->iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT;
8933 start = ubuf >> PAGE_SHIFT;
8934 nr_pages = end - start;
8939 pages = kvmalloc_array(nr_pages, sizeof(struct page *), GFP_KERNEL);
8943 vmas = kvmalloc_array(nr_pages, sizeof(struct vm_area_struct *),
8948 imu = kvmalloc(struct_size(imu, bvec, nr_pages), GFP_KERNEL);
8953 mmap_read_lock(current->mm);
8954 pret = pin_user_pages(ubuf, nr_pages, FOLL_WRITE | FOLL_LONGTERM,
8956 if (pret == nr_pages) {
8957 /* don't support file backed memory */
8958 for (i = 0; i < nr_pages; i++) {
8959 struct vm_area_struct *vma = vmas[i];
8961 if (vma_is_shmem(vma))
8964 !is_file_hugepages(vma->vm_file)) {
8970 ret = pret < 0 ? pret : -EFAULT;
8972 mmap_read_unlock(current->mm);
8975 * if we did partial map, or found file backed vmas,
8976 * release any pages we did get
8979 unpin_user_pages(pages, pret);
8983 ret = io_buffer_account_pin(ctx, pages, pret, imu, last_hpage);
8985 unpin_user_pages(pages, pret);
8989 off = ubuf & ~PAGE_MASK;
8990 size = iov->iov_len;
8991 for (i = 0; i < nr_pages; i++) {
8994 vec_len = min_t(size_t, size, PAGE_SIZE - off);
8995 imu->bvec[i].bv_page = pages[i];
8996 imu->bvec[i].bv_len = vec_len;
8997 imu->bvec[i].bv_offset = off;
9001 /* store original address for later verification */
9003 imu->ubuf_end = ubuf + iov->iov_len;
9004 imu->nr_bvecs = nr_pages;
9015 static int io_buffers_map_alloc(struct io_ring_ctx *ctx, unsigned int nr_args)
9017 ctx->user_bufs = kcalloc(nr_args, sizeof(*ctx->user_bufs), GFP_KERNEL);
9018 return ctx->user_bufs ? 0 : -ENOMEM;
9021 static int io_buffer_validate(struct iovec *iov)
9023 unsigned long tmp, acct_len = iov->iov_len + (PAGE_SIZE - 1);
9026 * Don't impose further limits on the size and buffer
9027 * constraints here, we'll -EINVAL later when IO is
9028 * submitted if they are wrong.
9031 return iov->iov_len ? -EFAULT : 0;
9035 /* arbitrary limit, but we need something */
9036 if (iov->iov_len > SZ_1G)
9039 if (check_add_overflow((unsigned long)iov->iov_base, acct_len, &tmp))
9045 static int io_sqe_buffers_register(struct io_ring_ctx *ctx, void __user *arg,
9046 unsigned int nr_args, u64 __user *tags)
9048 struct page *last_hpage = NULL;
9049 struct io_rsrc_data *data;
9055 if (!nr_args || nr_args > IORING_MAX_REG_BUFFERS)
9057 ret = io_rsrc_node_switch_start(ctx);
9060 ret = io_rsrc_data_alloc(ctx, io_rsrc_buf_put, tags, nr_args, &data);
9063 ret = io_buffers_map_alloc(ctx, nr_args);
9065 io_rsrc_data_free(data);
9069 for (i = 0; i < nr_args; i++, ctx->nr_user_bufs++) {
9070 ret = io_copy_iov(ctx, &iov, arg, i);
9073 ret = io_buffer_validate(&iov);
9076 if (!iov.iov_base && *io_get_tag_slot(data, i)) {
9081 ret = io_sqe_buffer_register(ctx, &iov, &ctx->user_bufs[i],
9087 WARN_ON_ONCE(ctx->buf_data);
9089 ctx->buf_data = data;
9091 __io_sqe_buffers_unregister(ctx);
9093 io_rsrc_node_switch(ctx, NULL);
9097 static int __io_sqe_buffers_update(struct io_ring_ctx *ctx,
9098 struct io_uring_rsrc_update2 *up,
9099 unsigned int nr_args)
9101 u64 __user *tags = u64_to_user_ptr(up->tags);
9102 struct iovec iov, __user *iovs = u64_to_user_ptr(up->data);
9103 struct page *last_hpage = NULL;
9104 bool needs_switch = false;
9110 if (up->offset + nr_args > ctx->nr_user_bufs)
9113 for (done = 0; done < nr_args; done++) {
9114 struct io_mapped_ubuf *imu;
9115 int offset = up->offset + done;
9118 err = io_copy_iov(ctx, &iov, iovs, done);
9121 if (tags && copy_from_user(&tag, &tags[done], sizeof(tag))) {
9125 err = io_buffer_validate(&iov);
9128 if (!iov.iov_base && tag) {
9132 err = io_sqe_buffer_register(ctx, &iov, &imu, &last_hpage);
9136 i = array_index_nospec(offset, ctx->nr_user_bufs);
9137 if (ctx->user_bufs[i] != ctx->dummy_ubuf) {
9138 err = io_queue_rsrc_removal(ctx->buf_data, offset,
9139 ctx->rsrc_node, ctx->user_bufs[i]);
9140 if (unlikely(err)) {
9141 io_buffer_unmap(ctx, &imu);
9144 ctx->user_bufs[i] = NULL;
9145 needs_switch = true;
9148 ctx->user_bufs[i] = imu;
9149 *io_get_tag_slot(ctx->buf_data, offset) = tag;
9153 io_rsrc_node_switch(ctx, ctx->buf_data);
9154 return done ? done : err;
9157 static int io_eventfd_register(struct io_ring_ctx *ctx, void __user *arg)
9159 __s32 __user *fds = arg;
9165 if (copy_from_user(&fd, fds, sizeof(*fds)))
9168 ctx->cq_ev_fd = eventfd_ctx_fdget(fd);
9169 if (IS_ERR(ctx->cq_ev_fd)) {
9170 int ret = PTR_ERR(ctx->cq_ev_fd);
9172 ctx->cq_ev_fd = NULL;
9179 static int io_eventfd_unregister(struct io_ring_ctx *ctx)
9181 if (ctx->cq_ev_fd) {
9182 eventfd_ctx_put(ctx->cq_ev_fd);
9183 ctx->cq_ev_fd = NULL;
9190 static void io_destroy_buffers(struct io_ring_ctx *ctx)
9192 struct io_buffer *buf;
9193 unsigned long index;
9195 xa_for_each(&ctx->io_buffers, index, buf) {
9196 __io_remove_buffers(ctx, buf, index, -1U);
9201 static void io_req_caches_free(struct io_ring_ctx *ctx)
9203 struct io_submit_state *state = &ctx->submit_state;
9206 mutex_lock(&ctx->uring_lock);
9207 io_flush_cached_locked_reqs(ctx, state);
9209 while (state->free_list.next) {
9210 struct io_wq_work_node *node;
9211 struct io_kiocb *req;
9213 node = wq_stack_extract(&state->free_list);
9214 req = container_of(node, struct io_kiocb, comp_list);
9215 kmem_cache_free(req_cachep, req);
9219 percpu_ref_put_many(&ctx->refs, nr);
9220 mutex_unlock(&ctx->uring_lock);
9223 static void io_wait_rsrc_data(struct io_rsrc_data *data)
9225 if (data && !atomic_dec_and_test(&data->refs))
9226 wait_for_completion(&data->done);
9229 static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
9231 io_sq_thread_finish(ctx);
9233 if (ctx->mm_account) {
9234 mmdrop(ctx->mm_account);
9235 ctx->mm_account = NULL;
9238 io_rsrc_refs_drop(ctx);
9239 /* __io_rsrc_put_work() may need uring_lock to progress, wait w/o it */
9240 io_wait_rsrc_data(ctx->buf_data);
9241 io_wait_rsrc_data(ctx->file_data);
9243 mutex_lock(&ctx->uring_lock);
9245 __io_sqe_buffers_unregister(ctx);
9247 __io_sqe_files_unregister(ctx);
9249 __io_cqring_overflow_flush(ctx, true);
9250 mutex_unlock(&ctx->uring_lock);
9251 io_eventfd_unregister(ctx);
9252 io_destroy_buffers(ctx);
9254 put_cred(ctx->sq_creds);
9256 /* there are no registered resources left, nobody uses it */
9258 io_rsrc_node_destroy(ctx->rsrc_node);
9259 if (ctx->rsrc_backup_node)
9260 io_rsrc_node_destroy(ctx->rsrc_backup_node);
9261 flush_delayed_work(&ctx->rsrc_put_work);
9262 flush_delayed_work(&ctx->fallback_work);
9264 WARN_ON_ONCE(!list_empty(&ctx->rsrc_ref_list));
9265 WARN_ON_ONCE(!llist_empty(&ctx->rsrc_put_llist));
9267 #if defined(CONFIG_UNIX)
9268 if (ctx->ring_sock) {
9269 ctx->ring_sock->file = NULL; /* so that iput() is called */
9270 sock_release(ctx->ring_sock);
9273 WARN_ON_ONCE(!list_empty(&ctx->ltimeout_list));
9275 io_mem_free(ctx->rings);
9276 io_mem_free(ctx->sq_sqes);
9278 percpu_ref_exit(&ctx->refs);
9279 free_uid(ctx->user);
9280 io_req_caches_free(ctx);
9282 io_wq_put_hash(ctx->hash_map);
9283 kfree(ctx->cancel_hash);
9284 kfree(ctx->dummy_ubuf);
9288 static __poll_t io_uring_poll(struct file *file, poll_table *wait)
9290 struct io_ring_ctx *ctx = file->private_data;
9293 poll_wait(file, &ctx->cq_wait, wait);
9295 * synchronizes with barrier from wq_has_sleeper call in
9299 if (!io_sqring_full(ctx))
9300 mask |= EPOLLOUT | EPOLLWRNORM;
9303 * Don't flush cqring overflow list here, just do a simple check.
9304 * Otherwise there could possible be ABBA deadlock:
9307 * lock(&ctx->uring_lock);
9309 * lock(&ctx->uring_lock);
9312 * Users may get EPOLLIN meanwhile seeing nothing in cqring, this
9313 * pushs them to do the flush.
9315 if (io_cqring_events(ctx) || test_bit(0, &ctx->check_cq_overflow))
9316 mask |= EPOLLIN | EPOLLRDNORM;
9321 static int io_unregister_personality(struct io_ring_ctx *ctx, unsigned id)
9323 const struct cred *creds;
9325 creds = xa_erase(&ctx->personalities, id);
9334 struct io_tctx_exit {
9335 struct callback_head task_work;
9336 struct completion completion;
9337 struct io_ring_ctx *ctx;
9340 static __cold void io_tctx_exit_cb(struct callback_head *cb)
9342 struct io_uring_task *tctx = current->io_uring;
9343 struct io_tctx_exit *work;
9345 work = container_of(cb, struct io_tctx_exit, task_work);
9347 * When @in_idle, we're in cancellation and it's racy to remove the
9348 * node. It'll be removed by the end of cancellation, just ignore it.
9350 if (!atomic_read(&tctx->in_idle))
9351 io_uring_del_tctx_node((unsigned long)work->ctx);
9352 complete(&work->completion);
9355 static __cold bool io_cancel_ctx_cb(struct io_wq_work *work, void *data)
9357 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
9359 return req->ctx == data;
9362 static __cold void io_ring_exit_work(struct work_struct *work)
9364 struct io_ring_ctx *ctx = container_of(work, struct io_ring_ctx, exit_work);
9365 unsigned long timeout = jiffies + HZ * 60 * 5;
9366 unsigned long interval = HZ / 20;
9367 struct io_tctx_exit exit;
9368 struct io_tctx_node *node;
9372 * If we're doing polled IO and end up having requests being
9373 * submitted async (out-of-line), then completions can come in while
9374 * we're waiting for refs to drop. We need to reap these manually,
9375 * as nobody else will be looking for them.
9378 io_uring_try_cancel_requests(ctx, NULL, true);
9380 struct io_sq_data *sqd = ctx->sq_data;
9381 struct task_struct *tsk;
9383 io_sq_thread_park(sqd);
9385 if (tsk && tsk->io_uring && tsk->io_uring->io_wq)
9386 io_wq_cancel_cb(tsk->io_uring->io_wq,
9387 io_cancel_ctx_cb, ctx, true);
9388 io_sq_thread_unpark(sqd);
9391 io_req_caches_free(ctx);
9393 if (WARN_ON_ONCE(time_after(jiffies, timeout))) {
9394 /* there is little hope left, don't run it too often */
9397 } while (!wait_for_completion_timeout(&ctx->ref_comp, interval));
9399 init_completion(&exit.completion);
9400 init_task_work(&exit.task_work, io_tctx_exit_cb);
9403 * Some may use context even when all refs and requests have been put,
9404 * and they are free to do so while still holding uring_lock or
9405 * completion_lock, see io_req_task_submit(). Apart from other work,
9406 * this lock/unlock section also waits them to finish.
9408 mutex_lock(&ctx->uring_lock);
9409 while (!list_empty(&ctx->tctx_list)) {
9410 WARN_ON_ONCE(time_after(jiffies, timeout));
9412 node = list_first_entry(&ctx->tctx_list, struct io_tctx_node,
9414 /* don't spin on a single task if cancellation failed */
9415 list_rotate_left(&ctx->tctx_list);
9416 ret = task_work_add(node->task, &exit.task_work, TWA_SIGNAL);
9417 if (WARN_ON_ONCE(ret))
9420 mutex_unlock(&ctx->uring_lock);
9421 wait_for_completion(&exit.completion);
9422 mutex_lock(&ctx->uring_lock);
9424 mutex_unlock(&ctx->uring_lock);
9425 spin_lock(&ctx->completion_lock);
9426 spin_unlock(&ctx->completion_lock);
9428 io_ring_ctx_free(ctx);
9431 /* Returns true if we found and killed one or more timeouts */
9432 static __cold bool io_kill_timeouts(struct io_ring_ctx *ctx,
9433 struct task_struct *tsk, bool cancel_all)
9435 struct io_kiocb *req, *tmp;
9438 spin_lock(&ctx->completion_lock);
9439 spin_lock_irq(&ctx->timeout_lock);
9440 list_for_each_entry_safe(req, tmp, &ctx->timeout_list, timeout.list) {
9441 if (io_match_task(req, tsk, cancel_all)) {
9442 io_kill_timeout(req, -ECANCELED);
9446 spin_unlock_irq(&ctx->timeout_lock);
9448 io_commit_cqring(ctx);
9449 spin_unlock(&ctx->completion_lock);
9451 io_cqring_ev_posted(ctx);
9452 return canceled != 0;
9455 static __cold void io_ring_ctx_wait_and_kill(struct io_ring_ctx *ctx)
9457 unsigned long index;
9458 struct creds *creds;
9460 mutex_lock(&ctx->uring_lock);
9461 percpu_ref_kill(&ctx->refs);
9463 __io_cqring_overflow_flush(ctx, true);
9464 xa_for_each(&ctx->personalities, index, creds)
9465 io_unregister_personality(ctx, index);
9466 mutex_unlock(&ctx->uring_lock);
9468 io_kill_timeouts(ctx, NULL, true);
9469 io_poll_remove_all(ctx, NULL, true);
9471 /* if we failed setting up the ctx, we might not have any rings */
9472 io_iopoll_try_reap_events(ctx);
9474 INIT_WORK(&ctx->exit_work, io_ring_exit_work);
9476 * Use system_unbound_wq to avoid spawning tons of event kworkers
9477 * if we're exiting a ton of rings at the same time. It just adds
9478 * noise and overhead, there's no discernable change in runtime
9479 * over using system_wq.
9481 queue_work(system_unbound_wq, &ctx->exit_work);
9484 static int io_uring_release(struct inode *inode, struct file *file)
9486 struct io_ring_ctx *ctx = file->private_data;
9488 file->private_data = NULL;
9489 io_ring_ctx_wait_and_kill(ctx);
9493 struct io_task_cancel {
9494 struct task_struct *task;
9498 static bool io_cancel_task_cb(struct io_wq_work *work, void *data)
9500 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
9501 struct io_task_cancel *cancel = data;
9504 if (!cancel->all && (req->flags & REQ_F_LINK_TIMEOUT)) {
9505 struct io_ring_ctx *ctx = req->ctx;
9507 /* protect against races with linked timeouts */
9508 spin_lock(&ctx->completion_lock);
9509 ret = io_match_task(req, cancel->task, cancel->all);
9510 spin_unlock(&ctx->completion_lock);
9512 ret = io_match_task(req, cancel->task, cancel->all);
9517 static __cold bool io_cancel_defer_files(struct io_ring_ctx *ctx,
9518 struct task_struct *task,
9521 struct io_defer_entry *de;
9524 spin_lock(&ctx->completion_lock);
9525 list_for_each_entry_reverse(de, &ctx->defer_list, list) {
9526 if (io_match_task(de->req, task, cancel_all)) {
9527 list_cut_position(&list, &ctx->defer_list, &de->list);
9531 spin_unlock(&ctx->completion_lock);
9532 if (list_empty(&list))
9535 while (!list_empty(&list)) {
9536 de = list_first_entry(&list, struct io_defer_entry, list);
9537 list_del_init(&de->list);
9538 io_req_complete_failed(de->req, -ECANCELED);
9544 static __cold bool io_uring_try_cancel_iowq(struct io_ring_ctx *ctx)
9546 struct io_tctx_node *node;
9547 enum io_wq_cancel cret;
9550 mutex_lock(&ctx->uring_lock);
9551 list_for_each_entry(node, &ctx->tctx_list, ctx_node) {
9552 struct io_uring_task *tctx = node->task->io_uring;
9555 * io_wq will stay alive while we hold uring_lock, because it's
9556 * killed after ctx nodes, which requires to take the lock.
9558 if (!tctx || !tctx->io_wq)
9560 cret = io_wq_cancel_cb(tctx->io_wq, io_cancel_ctx_cb, ctx, true);
9561 ret |= (cret != IO_WQ_CANCEL_NOTFOUND);
9563 mutex_unlock(&ctx->uring_lock);
9568 static __cold void io_uring_try_cancel_requests(struct io_ring_ctx *ctx,
9569 struct task_struct *task,
9572 struct io_task_cancel cancel = { .task = task, .all = cancel_all, };
9573 struct io_uring_task *tctx = task ? task->io_uring : NULL;
9576 enum io_wq_cancel cret;
9580 ret |= io_uring_try_cancel_iowq(ctx);
9581 } else if (tctx && tctx->io_wq) {
9583 * Cancels requests of all rings, not only @ctx, but
9584 * it's fine as the task is in exit/exec.
9586 cret = io_wq_cancel_cb(tctx->io_wq, io_cancel_task_cb,
9588 ret |= (cret != IO_WQ_CANCEL_NOTFOUND);
9591 /* SQPOLL thread does its own polling */
9592 if ((!(ctx->flags & IORING_SETUP_SQPOLL) && cancel_all) ||
9593 (ctx->sq_data && ctx->sq_data->thread == current)) {
9594 while (!wq_list_empty(&ctx->iopoll_list)) {
9595 io_iopoll_try_reap_events(ctx);
9600 ret |= io_cancel_defer_files(ctx, task, cancel_all);
9601 ret |= io_poll_remove_all(ctx, task, cancel_all);
9602 ret |= io_kill_timeouts(ctx, task, cancel_all);
9604 ret |= io_run_task_work();
9611 static int __io_uring_add_tctx_node(struct io_ring_ctx *ctx)
9613 struct io_uring_task *tctx = current->io_uring;
9614 struct io_tctx_node *node;
9617 if (unlikely(!tctx)) {
9618 ret = io_uring_alloc_task_context(current, ctx);
9621 tctx = current->io_uring;
9623 if (!xa_load(&tctx->xa, (unsigned long)ctx)) {
9624 node = kmalloc(sizeof(*node), GFP_KERNEL);
9628 node->task = current;
9630 ret = xa_err(xa_store(&tctx->xa, (unsigned long)ctx,
9637 mutex_lock(&ctx->uring_lock);
9638 list_add(&node->ctx_node, &ctx->tctx_list);
9639 mutex_unlock(&ctx->uring_lock);
9646 * Note that this task has used io_uring. We use it for cancelation purposes.
9648 static inline int io_uring_add_tctx_node(struct io_ring_ctx *ctx)
9650 struct io_uring_task *tctx = current->io_uring;
9652 if (likely(tctx && tctx->last == ctx))
9654 return __io_uring_add_tctx_node(ctx);
9658 * Remove this io_uring_file -> task mapping.
9660 static __cold void io_uring_del_tctx_node(unsigned long index)
9662 struct io_uring_task *tctx = current->io_uring;
9663 struct io_tctx_node *node;
9667 node = xa_erase(&tctx->xa, index);
9671 WARN_ON_ONCE(current != node->task);
9672 WARN_ON_ONCE(list_empty(&node->ctx_node));
9674 mutex_lock(&node->ctx->uring_lock);
9675 list_del(&node->ctx_node);
9676 mutex_unlock(&node->ctx->uring_lock);
9678 if (tctx->last == node->ctx)
9683 static __cold void io_uring_clean_tctx(struct io_uring_task *tctx)
9685 struct io_wq *wq = tctx->io_wq;
9686 struct io_tctx_node *node;
9687 unsigned long index;
9689 xa_for_each(&tctx->xa, index, node) {
9690 io_uring_del_tctx_node(index);
9695 * Must be after io_uring_del_task_file() (removes nodes under
9696 * uring_lock) to avoid race with io_uring_try_cancel_iowq().
9698 io_wq_put_and_exit(wq);
9703 static s64 tctx_inflight(struct io_uring_task *tctx, bool tracked)
9706 return atomic_read(&tctx->inflight_tracked);
9707 return percpu_counter_sum(&tctx->inflight);
9710 static __cold void io_uring_drop_tctx_refs(struct task_struct *task)
9712 struct io_uring_task *tctx = task->io_uring;
9713 unsigned int refs = tctx->cached_refs;
9716 tctx->cached_refs = 0;
9717 percpu_counter_sub(&tctx->inflight, refs);
9718 put_task_struct_many(task, refs);
9723 * Find any io_uring ctx that this task has registered or done IO on, and cancel
9724 * requests. @sqd should be not-null IIF it's an SQPOLL thread cancellation.
9726 static __cold void io_uring_cancel_generic(bool cancel_all,
9727 struct io_sq_data *sqd)
9729 struct io_uring_task *tctx = current->io_uring;
9730 struct io_ring_ctx *ctx;
9734 WARN_ON_ONCE(sqd && sqd->thread != current);
9736 if (!current->io_uring)
9739 io_wq_exit_start(tctx->io_wq);
9741 atomic_inc(&tctx->in_idle);
9743 io_uring_drop_tctx_refs(current);
9744 /* read completions before cancelations */
9745 inflight = tctx_inflight(tctx, !cancel_all);
9750 struct io_tctx_node *node;
9751 unsigned long index;
9753 xa_for_each(&tctx->xa, index, node) {
9754 /* sqpoll task will cancel all its requests */
9755 if (node->ctx->sq_data)
9757 io_uring_try_cancel_requests(node->ctx, current,
9761 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
9762 io_uring_try_cancel_requests(ctx, current,
9766 prepare_to_wait(&tctx->wait, &wait, TASK_UNINTERRUPTIBLE);
9767 io_uring_drop_tctx_refs(current);
9769 * If we've seen completions, retry without waiting. This
9770 * avoids a race where a completion comes in before we did
9771 * prepare_to_wait().
9773 if (inflight == tctx_inflight(tctx, !cancel_all))
9775 finish_wait(&tctx->wait, &wait);
9777 atomic_dec(&tctx->in_idle);
9779 io_uring_clean_tctx(tctx);
9781 /* for exec all current's requests should be gone, kill tctx */
9782 __io_uring_free(current);
9786 void __io_uring_cancel(bool cancel_all)
9788 io_uring_cancel_generic(cancel_all, NULL);
9791 static void *io_uring_validate_mmap_request(struct file *file,
9792 loff_t pgoff, size_t sz)
9794 struct io_ring_ctx *ctx = file->private_data;
9795 loff_t offset = pgoff << PAGE_SHIFT;
9800 case IORING_OFF_SQ_RING:
9801 case IORING_OFF_CQ_RING:
9804 case IORING_OFF_SQES:
9808 return ERR_PTR(-EINVAL);
9811 page = virt_to_head_page(ptr);
9812 if (sz > page_size(page))
9813 return ERR_PTR(-EINVAL);
9820 static __cold int io_uring_mmap(struct file *file, struct vm_area_struct *vma)
9822 size_t sz = vma->vm_end - vma->vm_start;
9826 ptr = io_uring_validate_mmap_request(file, vma->vm_pgoff, sz);
9828 return PTR_ERR(ptr);
9830 pfn = virt_to_phys(ptr) >> PAGE_SHIFT;
9831 return remap_pfn_range(vma, vma->vm_start, pfn, sz, vma->vm_page_prot);
9834 #else /* !CONFIG_MMU */
9836 static int io_uring_mmap(struct file *file, struct vm_area_struct *vma)
9838 return vma->vm_flags & (VM_SHARED | VM_MAYSHARE) ? 0 : -EINVAL;
9841 static unsigned int io_uring_nommu_mmap_capabilities(struct file *file)
9843 return NOMMU_MAP_DIRECT | NOMMU_MAP_READ | NOMMU_MAP_WRITE;
9846 static unsigned long io_uring_nommu_get_unmapped_area(struct file *file,
9847 unsigned long addr, unsigned long len,
9848 unsigned long pgoff, unsigned long flags)
9852 ptr = io_uring_validate_mmap_request(file, pgoff, len);
9854 return PTR_ERR(ptr);
9856 return (unsigned long) ptr;
9859 #endif /* !CONFIG_MMU */
9861 static int io_sqpoll_wait_sq(struct io_ring_ctx *ctx)
9866 if (!io_sqring_full(ctx))
9868 prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE);
9870 if (!io_sqring_full(ctx))
9873 } while (!signal_pending(current));
9875 finish_wait(&ctx->sqo_sq_wait, &wait);
9879 static int io_get_ext_arg(unsigned flags, const void __user *argp, size_t *argsz,
9880 struct __kernel_timespec __user **ts,
9881 const sigset_t __user **sig)
9883 struct io_uring_getevents_arg arg;
9886 * If EXT_ARG isn't set, then we have no timespec and the argp pointer
9887 * is just a pointer to the sigset_t.
9889 if (!(flags & IORING_ENTER_EXT_ARG)) {
9890 *sig = (const sigset_t __user *) argp;
9896 * EXT_ARG is set - ensure we agree on the size of it and copy in our
9897 * timespec and sigset_t pointers if good.
9899 if (*argsz != sizeof(arg))
9901 if (copy_from_user(&arg, argp, sizeof(arg)))
9903 *sig = u64_to_user_ptr(arg.sigmask);
9904 *argsz = arg.sigmask_sz;
9905 *ts = u64_to_user_ptr(arg.ts);
9909 SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
9910 u32, min_complete, u32, flags, const void __user *, argp,
9913 struct io_ring_ctx *ctx;
9920 if (unlikely(flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP |
9921 IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG)))
9925 if (unlikely(!f.file))
9929 if (unlikely(f.file->f_op != &io_uring_fops))
9933 ctx = f.file->private_data;
9934 if (unlikely(!percpu_ref_tryget(&ctx->refs)))
9938 if (unlikely(ctx->flags & IORING_SETUP_R_DISABLED))
9942 * For SQ polling, the thread will do all submissions and completions.
9943 * Just return the requested submit count, and wake the thread if
9947 if (ctx->flags & IORING_SETUP_SQPOLL) {
9948 io_cqring_overflow_flush(ctx);
9950 if (unlikely(ctx->sq_data->thread == NULL)) {
9954 if (flags & IORING_ENTER_SQ_WAKEUP)
9955 wake_up(&ctx->sq_data->wait);
9956 if (flags & IORING_ENTER_SQ_WAIT) {
9957 ret = io_sqpoll_wait_sq(ctx);
9961 submitted = to_submit;
9962 } else if (to_submit) {
9963 ret = io_uring_add_tctx_node(ctx);
9966 mutex_lock(&ctx->uring_lock);
9967 submitted = io_submit_sqes(ctx, to_submit);
9968 mutex_unlock(&ctx->uring_lock);
9970 if (submitted != to_submit)
9973 if (flags & IORING_ENTER_GETEVENTS) {
9974 const sigset_t __user *sig;
9975 struct __kernel_timespec __user *ts;
9977 ret = io_get_ext_arg(flags, argp, &argsz, &ts, &sig);
9981 min_complete = min(min_complete, ctx->cq_entries);
9984 * When SETUP_IOPOLL and SETUP_SQPOLL are both enabled, user
9985 * space applications don't need to do io completion events
9986 * polling again, they can rely on io_sq_thread to do polling
9987 * work, which can reduce cpu usage and uring_lock contention.
9989 if (ctx->flags & IORING_SETUP_IOPOLL &&
9990 !(ctx->flags & IORING_SETUP_SQPOLL)) {
9991 ret = io_iopoll_check(ctx, min_complete);
9993 ret = io_cqring_wait(ctx, min_complete, sig, argsz, ts);
9998 percpu_ref_put(&ctx->refs);
10001 return submitted ? submitted : ret;
10004 #ifdef CONFIG_PROC_FS
10005 static __cold int io_uring_show_cred(struct seq_file *m, unsigned int id,
10006 const struct cred *cred)
10008 struct user_namespace *uns = seq_user_ns(m);
10009 struct group_info *gi;
10014 seq_printf(m, "%5d\n", id);
10015 seq_put_decimal_ull(m, "\tUid:\t", from_kuid_munged(uns, cred->uid));
10016 seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->euid));
10017 seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->suid));
10018 seq_put_decimal_ull(m, "\t\t", from_kuid_munged(uns, cred->fsuid));
10019 seq_put_decimal_ull(m, "\n\tGid:\t", from_kgid_munged(uns, cred->gid));
10020 seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->egid));
10021 seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->sgid));
10022 seq_put_decimal_ull(m, "\t\t", from_kgid_munged(uns, cred->fsgid));
10023 seq_puts(m, "\n\tGroups:\t");
10024 gi = cred->group_info;
10025 for (g = 0; g < gi->ngroups; g++) {
10026 seq_put_decimal_ull(m, g ? " " : "",
10027 from_kgid_munged(uns, gi->gid[g]));
10029 seq_puts(m, "\n\tCapEff:\t");
10030 cap = cred->cap_effective;
10031 CAP_FOR_EACH_U32(__capi)
10032 seq_put_hex_ll(m, NULL, cap.cap[CAP_LAST_U32 - __capi], 8);
10037 static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx,
10038 struct seq_file *m)
10040 struct io_sq_data *sq = NULL;
10041 struct io_overflow_cqe *ocqe;
10042 struct io_rings *r = ctx->rings;
10043 unsigned int sq_mask = ctx->sq_entries - 1, cq_mask = ctx->cq_entries - 1;
10044 unsigned int cached_sq_head = ctx->cached_sq_head;
10045 unsigned int cached_cq_tail = ctx->cached_cq_tail;
10046 unsigned int sq_head = READ_ONCE(r->sq.head);
10047 unsigned int sq_tail = READ_ONCE(r->sq.tail);
10048 unsigned int cq_head = READ_ONCE(r->cq.head);
10049 unsigned int cq_tail = READ_ONCE(r->cq.tail);
10054 * we may get imprecise sqe and cqe info if uring is actively running
10055 * since we get cached_sq_head and cached_cq_tail without uring_lock
10056 * and sq_tail and cq_head are changed by userspace. But it's ok since
10057 * we usually use these info when it is stuck.
10059 seq_printf(m, "SqHead:\t%u\n", sq_head & sq_mask);
10060 seq_printf(m, "SqTail:\t%u\n", sq_tail & sq_mask);
10061 seq_printf(m, "CachedSqHead:\t%u\n", cached_sq_head & sq_mask);
10062 seq_printf(m, "CqHead:\t%u\n", cq_head & cq_mask);
10063 seq_printf(m, "CqTail:\t%u\n", cq_tail & cq_mask);
10064 seq_printf(m, "CachedCqTail:\t%u\n", cached_cq_tail & cq_mask);
10065 seq_printf(m, "SQEs:\t%u\n", sq_tail - cached_sq_head);
10066 for (i = cached_sq_head; i < sq_tail; i++) {
10067 unsigned int sq_idx = READ_ONCE(ctx->sq_array[i & sq_mask]);
10069 if (likely(sq_idx <= sq_mask)) {
10070 struct io_uring_sqe *sqe = &ctx->sq_sqes[sq_idx];
10072 seq_printf(m, "%5u: opcode:%d, fd:%d, flags:%x, user_data:%llu\n",
10073 sq_idx, sqe->opcode, sqe->fd, sqe->flags, sqe->user_data);
10076 seq_printf(m, "CQEs:\t%u\n", cached_cq_tail - cq_head);
10077 for (i = cq_head; i < cached_cq_tail; i++) {
10078 struct io_uring_cqe *cqe = &r->cqes[i & cq_mask];
10080 seq_printf(m, "%5u: user_data:%llu, res:%d, flag:%x\n",
10081 i & cq_mask, cqe->user_data, cqe->res, cqe->flags);
10085 * Avoid ABBA deadlock between the seq lock and the io_uring mutex,
10086 * since fdinfo case grabs it in the opposite direction of normal use
10087 * cases. If we fail to get the lock, we just don't iterate any
10088 * structures that could be going away outside the io_uring mutex.
10090 has_lock = mutex_trylock(&ctx->uring_lock);
10092 if (has_lock && (ctx->flags & IORING_SETUP_SQPOLL)) {
10098 seq_printf(m, "SqThread:\t%d\n", sq ? task_pid_nr(sq->thread) : -1);
10099 seq_printf(m, "SqThreadCpu:\t%d\n", sq ? task_cpu(sq->thread) : -1);
10100 seq_printf(m, "UserFiles:\t%u\n", ctx->nr_user_files);
10101 for (i = 0; has_lock && i < ctx->nr_user_files; i++) {
10102 struct file *f = io_file_from_index(ctx, i);
10105 seq_printf(m, "%5u: %s\n", i, file_dentry(f)->d_iname);
10107 seq_printf(m, "%5u: <none>\n", i);
10109 seq_printf(m, "UserBufs:\t%u\n", ctx->nr_user_bufs);
10110 for (i = 0; has_lock && i < ctx->nr_user_bufs; i++) {
10111 struct io_mapped_ubuf *buf = ctx->user_bufs[i];
10112 unsigned int len = buf->ubuf_end - buf->ubuf;
10114 seq_printf(m, "%5u: 0x%llx/%u\n", i, buf->ubuf, len);
10116 if (has_lock && !xa_empty(&ctx->personalities)) {
10117 unsigned long index;
10118 const struct cred *cred;
10120 seq_printf(m, "Personalities:\n");
10121 xa_for_each(&ctx->personalities, index, cred)
10122 io_uring_show_cred(m, index, cred);
10125 mutex_unlock(&ctx->uring_lock);
10127 seq_puts(m, "PollList:\n");
10128 spin_lock(&ctx->completion_lock);
10129 for (i = 0; i < (1U << ctx->cancel_hash_bits); i++) {
10130 struct hlist_head *list = &ctx->cancel_hash[i];
10131 struct io_kiocb *req;
10133 hlist_for_each_entry(req, list, hash_node)
10134 seq_printf(m, " op=%d, task_works=%d\n", req->opcode,
10135 req->task->task_works != NULL);
10138 seq_puts(m, "CqOverflowList:\n");
10139 list_for_each_entry(ocqe, &ctx->cq_overflow_list, list) {
10140 struct io_uring_cqe *cqe = &ocqe->cqe;
10142 seq_printf(m, " user_data=%llu, res=%d, flags=%x\n",
10143 cqe->user_data, cqe->res, cqe->flags);
10147 spin_unlock(&ctx->completion_lock);
10150 static __cold void io_uring_show_fdinfo(struct seq_file *m, struct file *f)
10152 struct io_ring_ctx *ctx = f->private_data;
10154 if (percpu_ref_tryget(&ctx->refs)) {
10155 __io_uring_show_fdinfo(ctx, m);
10156 percpu_ref_put(&ctx->refs);
10161 static const struct file_operations io_uring_fops = {
10162 .release = io_uring_release,
10163 .mmap = io_uring_mmap,
10165 .get_unmapped_area = io_uring_nommu_get_unmapped_area,
10166 .mmap_capabilities = io_uring_nommu_mmap_capabilities,
10168 .poll = io_uring_poll,
10169 #ifdef CONFIG_PROC_FS
10170 .show_fdinfo = io_uring_show_fdinfo,
10174 static __cold int io_allocate_scq_urings(struct io_ring_ctx *ctx,
10175 struct io_uring_params *p)
10177 struct io_rings *rings;
10178 size_t size, sq_array_offset;
10180 /* make sure these are sane, as we already accounted them */
10181 ctx->sq_entries = p->sq_entries;
10182 ctx->cq_entries = p->cq_entries;
10184 size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
10185 if (size == SIZE_MAX)
10188 rings = io_mem_alloc(size);
10192 ctx->rings = rings;
10193 ctx->sq_array = (u32 *)((char *)rings + sq_array_offset);
10194 rings->sq_ring_mask = p->sq_entries - 1;
10195 rings->cq_ring_mask = p->cq_entries - 1;
10196 rings->sq_ring_entries = p->sq_entries;
10197 rings->cq_ring_entries = p->cq_entries;
10199 size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
10200 if (size == SIZE_MAX) {
10201 io_mem_free(ctx->rings);
10206 ctx->sq_sqes = io_mem_alloc(size);
10207 if (!ctx->sq_sqes) {
10208 io_mem_free(ctx->rings);
10216 static int io_uring_install_fd(struct io_ring_ctx *ctx, struct file *file)
10220 fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
10224 ret = io_uring_add_tctx_node(ctx);
10229 fd_install(fd, file);
10234 * Allocate an anonymous fd, this is what constitutes the application
10235 * visible backing of an io_uring instance. The application mmaps this
10236 * fd to gain access to the SQ/CQ ring details. If UNIX sockets are enabled,
10237 * we have to tie this fd to a socket for file garbage collection purposes.
10239 static struct file *io_uring_get_file(struct io_ring_ctx *ctx)
10242 #if defined(CONFIG_UNIX)
10245 ret = sock_create_kern(&init_net, PF_UNIX, SOCK_RAW, IPPROTO_IP,
10248 return ERR_PTR(ret);
10251 file = anon_inode_getfile("[io_uring]", &io_uring_fops, ctx,
10252 O_RDWR | O_CLOEXEC);
10253 #if defined(CONFIG_UNIX)
10254 if (IS_ERR(file)) {
10255 sock_release(ctx->ring_sock);
10256 ctx->ring_sock = NULL;
10258 ctx->ring_sock->file = file;
10264 static __cold int io_uring_create(unsigned entries, struct io_uring_params *p,
10265 struct io_uring_params __user *params)
10267 struct io_ring_ctx *ctx;
10273 if (entries > IORING_MAX_ENTRIES) {
10274 if (!(p->flags & IORING_SETUP_CLAMP))
10276 entries = IORING_MAX_ENTRIES;
10280 * Use twice as many entries for the CQ ring. It's possible for the
10281 * application to drive a higher depth than the size of the SQ ring,
10282 * since the sqes are only used at submission time. This allows for
10283 * some flexibility in overcommitting a bit. If the application has
10284 * set IORING_SETUP_CQSIZE, it will have passed in the desired number
10285 * of CQ ring entries manually.
10287 p->sq_entries = roundup_pow_of_two(entries);
10288 if (p->flags & IORING_SETUP_CQSIZE) {
10290 * If IORING_SETUP_CQSIZE is set, we do the same roundup
10291 * to a power-of-two, if it isn't already. We do NOT impose
10292 * any cq vs sq ring sizing.
10294 if (!p->cq_entries)
10296 if (p->cq_entries > IORING_MAX_CQ_ENTRIES) {
10297 if (!(p->flags & IORING_SETUP_CLAMP))
10299 p->cq_entries = IORING_MAX_CQ_ENTRIES;
10301 p->cq_entries = roundup_pow_of_two(p->cq_entries);
10302 if (p->cq_entries < p->sq_entries)
10305 p->cq_entries = 2 * p->sq_entries;
10308 ctx = io_ring_ctx_alloc(p);
10311 ctx->compat = in_compat_syscall();
10312 if (!capable(CAP_IPC_LOCK))
10313 ctx->user = get_uid(current_user());
10316 * This is just grabbed for accounting purposes. When a process exits,
10317 * the mm is exited and dropped before the files, hence we need to hang
10318 * on to this mm purely for the purposes of being able to unaccount
10319 * memory (locked/pinned vm). It's not used for anything else.
10321 mmgrab(current->mm);
10322 ctx->mm_account = current->mm;
10324 ret = io_allocate_scq_urings(ctx, p);
10328 ret = io_sq_offload_create(ctx, p);
10331 /* always set a rsrc node */
10332 ret = io_rsrc_node_switch_start(ctx);
10335 io_rsrc_node_switch(ctx, NULL);
10337 memset(&p->sq_off, 0, sizeof(p->sq_off));
10338 p->sq_off.head = offsetof(struct io_rings, sq.head);
10339 p->sq_off.tail = offsetof(struct io_rings, sq.tail);
10340 p->sq_off.ring_mask = offsetof(struct io_rings, sq_ring_mask);
10341 p->sq_off.ring_entries = offsetof(struct io_rings, sq_ring_entries);
10342 p->sq_off.flags = offsetof(struct io_rings, sq_flags);
10343 p->sq_off.dropped = offsetof(struct io_rings, sq_dropped);
10344 p->sq_off.array = (char *)ctx->sq_array - (char *)ctx->rings;
10346 memset(&p->cq_off, 0, sizeof(p->cq_off));
10347 p->cq_off.head = offsetof(struct io_rings, cq.head);
10348 p->cq_off.tail = offsetof(struct io_rings, cq.tail);
10349 p->cq_off.ring_mask = offsetof(struct io_rings, cq_ring_mask);
10350 p->cq_off.ring_entries = offsetof(struct io_rings, cq_ring_entries);
10351 p->cq_off.overflow = offsetof(struct io_rings, cq_overflow);
10352 p->cq_off.cqes = offsetof(struct io_rings, cqes);
10353 p->cq_off.flags = offsetof(struct io_rings, cq_flags);
10355 p->features = IORING_FEAT_SINGLE_MMAP | IORING_FEAT_NODROP |
10356 IORING_FEAT_SUBMIT_STABLE | IORING_FEAT_RW_CUR_POS |
10357 IORING_FEAT_CUR_PERSONALITY | IORING_FEAT_FAST_POLL |
10358 IORING_FEAT_POLL_32BITS | IORING_FEAT_SQPOLL_NONFIXED |
10359 IORING_FEAT_EXT_ARG | IORING_FEAT_NATIVE_WORKERS |
10360 IORING_FEAT_RSRC_TAGS;
10362 if (copy_to_user(params, p, sizeof(*p))) {
10367 file = io_uring_get_file(ctx);
10368 if (IS_ERR(file)) {
10369 ret = PTR_ERR(file);
10374 * Install ring fd as the very last thing, so we don't risk someone
10375 * having closed it before we finish setup
10377 ret = io_uring_install_fd(ctx, file);
10379 /* fput will clean it up */
10384 trace_io_uring_create(ret, ctx, p->sq_entries, p->cq_entries, p->flags);
10387 io_ring_ctx_wait_and_kill(ctx);
10392 * Sets up an aio uring context, and returns the fd. Applications asks for a
10393 * ring size, we return the actual sq/cq ring sizes (among other things) in the
10394 * params structure passed in.
10396 static long io_uring_setup(u32 entries, struct io_uring_params __user *params)
10398 struct io_uring_params p;
10401 if (copy_from_user(&p, params, sizeof(p)))
10403 for (i = 0; i < ARRAY_SIZE(p.resv); i++) {
10408 if (p.flags & ~(IORING_SETUP_IOPOLL | IORING_SETUP_SQPOLL |
10409 IORING_SETUP_SQ_AFF | IORING_SETUP_CQSIZE |
10410 IORING_SETUP_CLAMP | IORING_SETUP_ATTACH_WQ |
10411 IORING_SETUP_R_DISABLED))
10414 return io_uring_create(entries, &p, params);
10417 SYSCALL_DEFINE2(io_uring_setup, u32, entries,
10418 struct io_uring_params __user *, params)
10420 return io_uring_setup(entries, params);
10423 static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg,
10426 struct io_uring_probe *p;
10430 size = struct_size(p, ops, nr_args);
10431 if (size == SIZE_MAX)
10433 p = kzalloc(size, GFP_KERNEL);
10438 if (copy_from_user(p, arg, size))
10441 if (memchr_inv(p, 0, size))
10444 p->last_op = IORING_OP_LAST - 1;
10445 if (nr_args > IORING_OP_LAST)
10446 nr_args = IORING_OP_LAST;
10448 for (i = 0; i < nr_args; i++) {
10450 if (!io_op_defs[i].not_supported)
10451 p->ops[i].flags = IO_URING_OP_SUPPORTED;
10456 if (copy_to_user(arg, p, size))
10463 static int io_register_personality(struct io_ring_ctx *ctx)
10465 const struct cred *creds;
10469 creds = get_current_cred();
10471 ret = xa_alloc_cyclic(&ctx->personalities, &id, (void *)creds,
10472 XA_LIMIT(0, USHRT_MAX), &ctx->pers_next, GFP_KERNEL);
10480 static __cold int io_register_restrictions(struct io_ring_ctx *ctx,
10481 void __user *arg, unsigned int nr_args)
10483 struct io_uring_restriction *res;
10487 /* Restrictions allowed only if rings started disabled */
10488 if (!(ctx->flags & IORING_SETUP_R_DISABLED))
10491 /* We allow only a single restrictions registration */
10492 if (ctx->restrictions.registered)
10495 if (!arg || nr_args > IORING_MAX_RESTRICTIONS)
10498 size = array_size(nr_args, sizeof(*res));
10499 if (size == SIZE_MAX)
10502 res = memdup_user(arg, size);
10504 return PTR_ERR(res);
10508 for (i = 0; i < nr_args; i++) {
10509 switch (res[i].opcode) {
10510 case IORING_RESTRICTION_REGISTER_OP:
10511 if (res[i].register_op >= IORING_REGISTER_LAST) {
10516 __set_bit(res[i].register_op,
10517 ctx->restrictions.register_op);
10519 case IORING_RESTRICTION_SQE_OP:
10520 if (res[i].sqe_op >= IORING_OP_LAST) {
10525 __set_bit(res[i].sqe_op, ctx->restrictions.sqe_op);
10527 case IORING_RESTRICTION_SQE_FLAGS_ALLOWED:
10528 ctx->restrictions.sqe_flags_allowed = res[i].sqe_flags;
10530 case IORING_RESTRICTION_SQE_FLAGS_REQUIRED:
10531 ctx->restrictions.sqe_flags_required = res[i].sqe_flags;
10540 /* Reset all restrictions if an error happened */
10542 memset(&ctx->restrictions, 0, sizeof(ctx->restrictions));
10544 ctx->restrictions.registered = true;
10550 static int io_register_enable_rings(struct io_ring_ctx *ctx)
10552 if (!(ctx->flags & IORING_SETUP_R_DISABLED))
10555 if (ctx->restrictions.registered)
10556 ctx->restricted = 1;
10558 ctx->flags &= ~IORING_SETUP_R_DISABLED;
10559 if (ctx->sq_data && wq_has_sleeper(&ctx->sq_data->wait))
10560 wake_up(&ctx->sq_data->wait);
10564 static int __io_register_rsrc_update(struct io_ring_ctx *ctx, unsigned type,
10565 struct io_uring_rsrc_update2 *up,
10573 if (check_add_overflow(up->offset, nr_args, &tmp))
10575 err = io_rsrc_node_switch_start(ctx);
10580 case IORING_RSRC_FILE:
10581 return __io_sqe_files_update(ctx, up, nr_args);
10582 case IORING_RSRC_BUFFER:
10583 return __io_sqe_buffers_update(ctx, up, nr_args);
10588 static int io_register_files_update(struct io_ring_ctx *ctx, void __user *arg,
10591 struct io_uring_rsrc_update2 up;
10595 memset(&up, 0, sizeof(up));
10596 if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update)))
10598 return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args);
10601 static int io_register_rsrc_update(struct io_ring_ctx *ctx, void __user *arg,
10602 unsigned size, unsigned type)
10604 struct io_uring_rsrc_update2 up;
10606 if (size != sizeof(up))
10608 if (copy_from_user(&up, arg, sizeof(up)))
10610 if (!up.nr || up.resv)
10612 return __io_register_rsrc_update(ctx, type, &up, up.nr);
10615 static __cold int io_register_rsrc(struct io_ring_ctx *ctx, void __user *arg,
10616 unsigned int size, unsigned int type)
10618 struct io_uring_rsrc_register rr;
10620 /* keep it extendible */
10621 if (size != sizeof(rr))
10624 memset(&rr, 0, sizeof(rr));
10625 if (copy_from_user(&rr, arg, size))
10627 if (!rr.nr || rr.resv || rr.resv2)
10631 case IORING_RSRC_FILE:
10632 return io_sqe_files_register(ctx, u64_to_user_ptr(rr.data),
10633 rr.nr, u64_to_user_ptr(rr.tags));
10634 case IORING_RSRC_BUFFER:
10635 return io_sqe_buffers_register(ctx, u64_to_user_ptr(rr.data),
10636 rr.nr, u64_to_user_ptr(rr.tags));
10641 static __cold int io_register_iowq_aff(struct io_ring_ctx *ctx,
10642 void __user *arg, unsigned len)
10644 struct io_uring_task *tctx = current->io_uring;
10645 cpumask_var_t new_mask;
10648 if (!tctx || !tctx->io_wq)
10651 if (!alloc_cpumask_var(&new_mask, GFP_KERNEL))
10654 cpumask_clear(new_mask);
10655 if (len > cpumask_size())
10656 len = cpumask_size();
10658 if (copy_from_user(new_mask, arg, len)) {
10659 free_cpumask_var(new_mask);
10663 ret = io_wq_cpu_affinity(tctx->io_wq, new_mask);
10664 free_cpumask_var(new_mask);
10668 static __cold int io_unregister_iowq_aff(struct io_ring_ctx *ctx)
10670 struct io_uring_task *tctx = current->io_uring;
10672 if (!tctx || !tctx->io_wq)
10675 return io_wq_cpu_affinity(tctx->io_wq, NULL);
10678 static __cold int io_register_iowq_max_workers(struct io_ring_ctx *ctx,
10681 struct io_uring_task *tctx = NULL;
10682 struct io_sq_data *sqd = NULL;
10683 __u32 new_count[2];
10686 if (copy_from_user(new_count, arg, sizeof(new_count)))
10688 for (i = 0; i < ARRAY_SIZE(new_count); i++)
10689 if (new_count[i] > INT_MAX)
10692 if (ctx->flags & IORING_SETUP_SQPOLL) {
10693 sqd = ctx->sq_data;
10696 * Observe the correct sqd->lock -> ctx->uring_lock
10697 * ordering. Fine to drop uring_lock here, we hold
10698 * a ref to the ctx.
10700 refcount_inc(&sqd->refs);
10701 mutex_unlock(&ctx->uring_lock);
10702 mutex_lock(&sqd->lock);
10703 mutex_lock(&ctx->uring_lock);
10705 tctx = sqd->thread->io_uring;
10708 tctx = current->io_uring;
10712 if (!tctx || !tctx->io_wq)
10715 ret = io_wq_max_workers(tctx->io_wq, new_count);
10720 mutex_unlock(&sqd->lock);
10721 io_put_sq_data(sqd);
10724 if (copy_to_user(arg, new_count, sizeof(new_count)))
10730 mutex_unlock(&sqd->lock);
10731 io_put_sq_data(sqd);
10736 static bool io_register_op_must_quiesce(int op)
10739 case IORING_REGISTER_BUFFERS:
10740 case IORING_UNREGISTER_BUFFERS:
10741 case IORING_REGISTER_FILES:
10742 case IORING_UNREGISTER_FILES:
10743 case IORING_REGISTER_FILES_UPDATE:
10744 case IORING_REGISTER_PROBE:
10745 case IORING_REGISTER_PERSONALITY:
10746 case IORING_UNREGISTER_PERSONALITY:
10747 case IORING_REGISTER_FILES2:
10748 case IORING_REGISTER_FILES_UPDATE2:
10749 case IORING_REGISTER_BUFFERS2:
10750 case IORING_REGISTER_BUFFERS_UPDATE:
10751 case IORING_REGISTER_IOWQ_AFF:
10752 case IORING_UNREGISTER_IOWQ_AFF:
10753 case IORING_REGISTER_IOWQ_MAX_WORKERS:
10760 static __cold int io_ctx_quiesce(struct io_ring_ctx *ctx)
10764 percpu_ref_kill(&ctx->refs);
10767 * Drop uring mutex before waiting for references to exit. If another
10768 * thread is currently inside io_uring_enter() it might need to grab the
10769 * uring_lock to make progress. If we hold it here across the drain
10770 * wait, then we can deadlock. It's safe to drop the mutex here, since
10771 * no new references will come in after we've killed the percpu ref.
10773 mutex_unlock(&ctx->uring_lock);
10775 ret = wait_for_completion_interruptible_timeout(&ctx->ref_comp, HZ);
10777 ret = min(0L, ret);
10781 ret = io_run_task_work_sig();
10782 io_req_caches_free(ctx);
10783 } while (ret >= 0);
10784 mutex_lock(&ctx->uring_lock);
10787 io_refs_resurrect(&ctx->refs, &ctx->ref_comp);
10791 static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
10792 void __user *arg, unsigned nr_args)
10793 __releases(ctx->uring_lock)
10794 __acquires(ctx->uring_lock)
10799 * We're inside the ring mutex, if the ref is already dying, then
10800 * someone else killed the ctx or is already going through
10801 * io_uring_register().
10803 if (percpu_ref_is_dying(&ctx->refs))
10806 if (ctx->restricted) {
10807 if (opcode >= IORING_REGISTER_LAST)
10809 opcode = array_index_nospec(opcode, IORING_REGISTER_LAST);
10810 if (!test_bit(opcode, ctx->restrictions.register_op))
10814 if (io_register_op_must_quiesce(opcode)) {
10815 ret = io_ctx_quiesce(ctx);
10821 case IORING_REGISTER_BUFFERS:
10822 ret = io_sqe_buffers_register(ctx, arg, nr_args, NULL);
10824 case IORING_UNREGISTER_BUFFERS:
10826 if (arg || nr_args)
10828 ret = io_sqe_buffers_unregister(ctx);
10830 case IORING_REGISTER_FILES:
10831 ret = io_sqe_files_register(ctx, arg, nr_args, NULL);
10833 case IORING_UNREGISTER_FILES:
10835 if (arg || nr_args)
10837 ret = io_sqe_files_unregister(ctx);
10839 case IORING_REGISTER_FILES_UPDATE:
10840 ret = io_register_files_update(ctx, arg, nr_args);
10842 case IORING_REGISTER_EVENTFD:
10843 case IORING_REGISTER_EVENTFD_ASYNC:
10847 ret = io_eventfd_register(ctx, arg);
10850 if (opcode == IORING_REGISTER_EVENTFD_ASYNC)
10851 ctx->eventfd_async = 1;
10853 ctx->eventfd_async = 0;
10855 case IORING_UNREGISTER_EVENTFD:
10857 if (arg || nr_args)
10859 ret = io_eventfd_unregister(ctx);
10861 case IORING_REGISTER_PROBE:
10863 if (!arg || nr_args > 256)
10865 ret = io_probe(ctx, arg, nr_args);
10867 case IORING_REGISTER_PERSONALITY:
10869 if (arg || nr_args)
10871 ret = io_register_personality(ctx);
10873 case IORING_UNREGISTER_PERSONALITY:
10877 ret = io_unregister_personality(ctx, nr_args);
10879 case IORING_REGISTER_ENABLE_RINGS:
10881 if (arg || nr_args)
10883 ret = io_register_enable_rings(ctx);
10885 case IORING_REGISTER_RESTRICTIONS:
10886 ret = io_register_restrictions(ctx, arg, nr_args);
10888 case IORING_REGISTER_FILES2:
10889 ret = io_register_rsrc(ctx, arg, nr_args, IORING_RSRC_FILE);
10891 case IORING_REGISTER_FILES_UPDATE2:
10892 ret = io_register_rsrc_update(ctx, arg, nr_args,
10895 case IORING_REGISTER_BUFFERS2:
10896 ret = io_register_rsrc(ctx, arg, nr_args, IORING_RSRC_BUFFER);
10898 case IORING_REGISTER_BUFFERS_UPDATE:
10899 ret = io_register_rsrc_update(ctx, arg, nr_args,
10900 IORING_RSRC_BUFFER);
10902 case IORING_REGISTER_IOWQ_AFF:
10904 if (!arg || !nr_args)
10906 ret = io_register_iowq_aff(ctx, arg, nr_args);
10908 case IORING_UNREGISTER_IOWQ_AFF:
10910 if (arg || nr_args)
10912 ret = io_unregister_iowq_aff(ctx);
10914 case IORING_REGISTER_IOWQ_MAX_WORKERS:
10916 if (!arg || nr_args != 2)
10918 ret = io_register_iowq_max_workers(ctx, arg);
10925 if (io_register_op_must_quiesce(opcode)) {
10926 /* bring the ctx back to life */
10927 percpu_ref_reinit(&ctx->refs);
10928 reinit_completion(&ctx->ref_comp);
10933 SYSCALL_DEFINE4(io_uring_register, unsigned int, fd, unsigned int, opcode,
10934 void __user *, arg, unsigned int, nr_args)
10936 struct io_ring_ctx *ctx;
10945 if (f.file->f_op != &io_uring_fops)
10948 ctx = f.file->private_data;
10950 io_run_task_work();
10952 mutex_lock(&ctx->uring_lock);
10953 ret = __io_uring_register(ctx, opcode, arg, nr_args);
10954 mutex_unlock(&ctx->uring_lock);
10955 trace_io_uring_register(ctx, opcode, ctx->nr_user_files, ctx->nr_user_bufs,
10956 ctx->cq_ev_fd != NULL, ret);
10962 static int __init io_uring_init(void)
10964 #define __BUILD_BUG_VERIFY_ELEMENT(stype, eoffset, etype, ename) do { \
10965 BUILD_BUG_ON(offsetof(stype, ename) != eoffset); \
10966 BUILD_BUG_ON(sizeof(etype) != sizeof_field(stype, ename)); \
10969 #define BUILD_BUG_SQE_ELEM(eoffset, etype, ename) \
10970 __BUILD_BUG_VERIFY_ELEMENT(struct io_uring_sqe, eoffset, etype, ename)
10971 BUILD_BUG_ON(sizeof(struct io_uring_sqe) != 64);
10972 BUILD_BUG_SQE_ELEM(0, __u8, opcode);
10973 BUILD_BUG_SQE_ELEM(1, __u8, flags);
10974 BUILD_BUG_SQE_ELEM(2, __u16, ioprio);
10975 BUILD_BUG_SQE_ELEM(4, __s32, fd);
10976 BUILD_BUG_SQE_ELEM(8, __u64, off);
10977 BUILD_BUG_SQE_ELEM(8, __u64, addr2);
10978 BUILD_BUG_SQE_ELEM(16, __u64, addr);
10979 BUILD_BUG_SQE_ELEM(16, __u64, splice_off_in);
10980 BUILD_BUG_SQE_ELEM(24, __u32, len);
10981 BUILD_BUG_SQE_ELEM(28, __kernel_rwf_t, rw_flags);
10982 BUILD_BUG_SQE_ELEM(28, /* compat */ int, rw_flags);
10983 BUILD_BUG_SQE_ELEM(28, /* compat */ __u32, rw_flags);
10984 BUILD_BUG_SQE_ELEM(28, __u32, fsync_flags);
10985 BUILD_BUG_SQE_ELEM(28, /* compat */ __u16, poll_events);
10986 BUILD_BUG_SQE_ELEM(28, __u32, poll32_events);
10987 BUILD_BUG_SQE_ELEM(28, __u32, sync_range_flags);
10988 BUILD_BUG_SQE_ELEM(28, __u32, msg_flags);
10989 BUILD_BUG_SQE_ELEM(28, __u32, timeout_flags);
10990 BUILD_BUG_SQE_ELEM(28, __u32, accept_flags);
10991 BUILD_BUG_SQE_ELEM(28, __u32, cancel_flags);
10992 BUILD_BUG_SQE_ELEM(28, __u32, open_flags);
10993 BUILD_BUG_SQE_ELEM(28, __u32, statx_flags);
10994 BUILD_BUG_SQE_ELEM(28, __u32, fadvise_advice);
10995 BUILD_BUG_SQE_ELEM(28, __u32, splice_flags);
10996 BUILD_BUG_SQE_ELEM(32, __u64, user_data);
10997 BUILD_BUG_SQE_ELEM(40, __u16, buf_index);
10998 BUILD_BUG_SQE_ELEM(40, __u16, buf_group);
10999 BUILD_BUG_SQE_ELEM(42, __u16, personality);
11000 BUILD_BUG_SQE_ELEM(44, __s32, splice_fd_in);
11001 BUILD_BUG_SQE_ELEM(44, __u32, file_index);
11003 BUILD_BUG_ON(sizeof(struct io_uring_files_update) !=
11004 sizeof(struct io_uring_rsrc_update));
11005 BUILD_BUG_ON(sizeof(struct io_uring_rsrc_update) >
11006 sizeof(struct io_uring_rsrc_update2));
11008 /* ->buf_index is u16 */
11009 BUILD_BUG_ON(IORING_MAX_REG_BUFFERS >= (1u << 16));
11011 /* should fit into one byte */
11012 BUILD_BUG_ON(SQE_VALID_FLAGS >= (1 << 8));
11013 BUILD_BUG_ON(SQE_COMMON_FLAGS >= (1 << 8));
11014 BUILD_BUG_ON((SQE_VALID_FLAGS | SQE_COMMON_FLAGS) != SQE_VALID_FLAGS);
11016 BUILD_BUG_ON(ARRAY_SIZE(io_op_defs) != IORING_OP_LAST);
11017 BUILD_BUG_ON(__REQ_F_LAST_BIT > 8 * sizeof(int));
11019 req_cachep = KMEM_CACHE(io_kiocb, SLAB_HWCACHE_ALIGN | SLAB_PANIC |
11023 __initcall(io_uring_init);
projects / linux-block.git / blob