1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #include <linux/kernel.h> |
3 | #include <linux/errno.h> |
4 | #include <linux/file.h> |
5 | #include <linux/mm.h> |
6 | #include <linux/slab.h> |
7 | #include <linux/nospec.h> |
8 | #include <linux/io_uring.h> |
9 | |
10 | #include <uapi/linux/io_uring.h> |
11 | |
12 | #include "io_uring.h" |
13 | #include "rsrc.h" |
14 | #include "filetable.h" |
15 | |
16 | static int io_file_bitmap_get(struct io_ring_ctx *ctx) |
17 | { |
18 | struct io_file_table *table = &ctx->file_table; |
19 | unsigned long nr = ctx->file_alloc_end; |
20 | int ret; |
21 | |
22 | if (!table->bitmap) |
23 | return -ENFILE; |
24 | |
25 | do { |
26 | ret = find_next_zero_bit(addr: table->bitmap, size: nr, offset: table->alloc_hint); |
27 | if (ret != nr) |
28 | return ret; |
29 | |
30 | if (table->alloc_hint == ctx->file_alloc_start) |
31 | break; |
32 | nr = table->alloc_hint; |
33 | table->alloc_hint = ctx->file_alloc_start; |
34 | } while (1); |
35 | |
36 | return -ENFILE; |
37 | } |
38 | |
39 | bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files) |
40 | { |
41 | table->files = kvcalloc(n: nr_files, size: sizeof(table->files[0]), |
42 | GFP_KERNEL_ACCOUNT); |
43 | if (unlikely(!table->files)) |
44 | return false; |
45 | |
46 | table->bitmap = bitmap_zalloc(nbits: nr_files, GFP_KERNEL_ACCOUNT); |
47 | if (unlikely(!table->bitmap)) { |
48 | kvfree(addr: table->files); |
49 | return false; |
50 | } |
51 | |
52 | return true; |
53 | } |
54 | |
55 | void io_free_file_tables(struct io_file_table *table) |
56 | { |
57 | kvfree(addr: table->files); |
58 | bitmap_free(bitmap: table->bitmap); |
59 | table->files = NULL; |
60 | table->bitmap = NULL; |
61 | } |
62 | |
63 | static int io_install_fixed_file(struct io_ring_ctx *ctx, struct file *file, |
64 | u32 slot_index) |
65 | __must_hold(&req->ctx->uring_lock) |
66 | { |
67 | struct io_fixed_file *file_slot; |
68 | int ret; |
69 | |
70 | if (io_is_uring_fops(file)) |
71 | return -EBADF; |
72 | if (!ctx->file_data) |
73 | return -ENXIO; |
74 | if (slot_index >= ctx->nr_user_files) |
75 | return -EINVAL; |
76 | |
77 | slot_index = array_index_nospec(slot_index, ctx->nr_user_files); |
78 | file_slot = io_fixed_file_slot(table: &ctx->file_table, i: slot_index); |
79 | |
80 | if (file_slot->file_ptr) { |
81 | ret = io_queue_rsrc_removal(data: ctx->file_data, idx: slot_index, |
82 | rsrc: io_slot_file(slot: file_slot)); |
83 | if (ret) |
84 | return ret; |
85 | |
86 | file_slot->file_ptr = 0; |
87 | io_file_bitmap_clear(table: &ctx->file_table, bit: slot_index); |
88 | } |
89 | |
90 | ret = io_scm_file_account(ctx, file); |
91 | if (!ret) { |
92 | *io_get_tag_slot(data: ctx->file_data, idx: slot_index) = 0; |
93 | io_fixed_file_set(file_slot, file); |
94 | io_file_bitmap_set(table: &ctx->file_table, bit: slot_index); |
95 | } |
96 | return ret; |
97 | } |
98 | |
99 | int __io_fixed_fd_install(struct io_ring_ctx *ctx, struct file *file, |
100 | unsigned int file_slot) |
101 | { |
102 | bool alloc_slot = file_slot == IORING_FILE_INDEX_ALLOC; |
103 | int ret; |
104 | |
105 | if (alloc_slot) { |
106 | ret = io_file_bitmap_get(ctx); |
107 | if (unlikely(ret < 0)) |
108 | return ret; |
109 | file_slot = ret; |
110 | } else { |
111 | file_slot--; |
112 | } |
113 | |
114 | ret = io_install_fixed_file(ctx, file, slot_index: file_slot); |
115 | if (!ret && alloc_slot) |
116 | ret = file_slot; |
117 | return ret; |
118 | } |
119 | /* |
120 | * Note when io_fixed_fd_install() returns error value, it will ensure |
121 | * fput() is called correspondingly. |
122 | */ |
123 | int io_fixed_fd_install(struct io_kiocb *req, unsigned int issue_flags, |
124 | struct file *file, unsigned int file_slot) |
125 | { |
126 | struct io_ring_ctx *ctx = req->ctx; |
127 | int ret; |
128 | |
129 | io_ring_submit_lock(ctx, issue_flags); |
130 | ret = __io_fixed_fd_install(ctx, file, file_slot); |
131 | io_ring_submit_unlock(ctx, issue_flags); |
132 | |
133 | if (unlikely(ret < 0)) |
134 | fput(file); |
135 | return ret; |
136 | } |
137 | |
138 | int io_fixed_fd_remove(struct io_ring_ctx *ctx, unsigned int offset) |
139 | { |
140 | struct io_fixed_file *file_slot; |
141 | int ret; |
142 | |
143 | if (unlikely(!ctx->file_data)) |
144 | return -ENXIO; |
145 | if (offset >= ctx->nr_user_files) |
146 | return -EINVAL; |
147 | |
148 | offset = array_index_nospec(offset, ctx->nr_user_files); |
149 | file_slot = io_fixed_file_slot(table: &ctx->file_table, i: offset); |
150 | if (!file_slot->file_ptr) |
151 | return -EBADF; |
152 | |
153 | ret = io_queue_rsrc_removal(data: ctx->file_data, idx: offset, |
154 | rsrc: io_slot_file(slot: file_slot)); |
155 | if (ret) |
156 | return ret; |
157 | |
158 | file_slot->file_ptr = 0; |
159 | io_file_bitmap_clear(table: &ctx->file_table, bit: offset); |
160 | return 0; |
161 | } |
162 | |
163 | int io_register_file_alloc_range(struct io_ring_ctx *ctx, |
164 | struct io_uring_file_index_range __user *arg) |
165 | { |
166 | struct io_uring_file_index_range range; |
167 | u32 end; |
168 | |
169 | if (copy_from_user(to: &range, from: arg, n: sizeof(range))) |
170 | return -EFAULT; |
171 | if (check_add_overflow(range.off, range.len, &end)) |
172 | return -EOVERFLOW; |
173 | if (range.resv || end > ctx->nr_user_files) |
174 | return -EINVAL; |
175 | |
176 | io_file_table_set_alloc_range(ctx, off: range.off, len: range.len); |
177 | return 0; |
178 | } |
179 | |