1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #include <linux/kernel.h> |
3 | #include <linux/errno.h> |
4 | #include <linux/file.h> |
5 | #include <linux/io_uring.h> |
6 | #include <linux/security.h> |
7 | #include <linux/nospec.h> |
8 | |
9 | #include <uapi/linux/io_uring.h> |
10 | #include <uapi/asm-generic/ioctls.h> |
11 | |
12 | #include "io_uring.h" |
13 | #include "rsrc.h" |
14 | #include "uring_cmd.h" |
15 | |
16 | static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd, |
17 | unsigned int issue_flags) |
18 | { |
19 | struct io_kiocb *req = cmd_to_io_kiocb(cmd); |
20 | struct io_ring_ctx *ctx = req->ctx; |
21 | |
22 | if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) |
23 | return; |
24 | |
25 | cmd->flags &= ~IORING_URING_CMD_CANCELABLE; |
26 | io_ring_submit_lock(ctx, issue_flags); |
27 | hlist_del(n: &req->hash_node); |
28 | io_ring_submit_unlock(ctx, issue_flags); |
29 | } |
30 | |
31 | /* |
32 | * Mark this command as concelable, then io_uring_try_cancel_uring_cmd() |
33 | * will try to cancel this issued command by sending ->uring_cmd() with |
34 | * issue_flags of IO_URING_F_CANCEL. |
35 | * |
36 | * The command is guaranteed to not be done when calling ->uring_cmd() |
37 | * with IO_URING_F_CANCEL, but it is driver's responsibility to deal |
38 | * with race between io_uring canceling and normal completion. |
39 | */ |
40 | void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd, |
41 | unsigned int issue_flags) |
42 | { |
43 | struct io_kiocb *req = cmd_to_io_kiocb(cmd); |
44 | struct io_ring_ctx *ctx = req->ctx; |
45 | |
46 | if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) { |
47 | cmd->flags |= IORING_URING_CMD_CANCELABLE; |
48 | io_ring_submit_lock(ctx, issue_flags); |
49 | hlist_add_head(n: &req->hash_node, h: &ctx->cancelable_uring_cmd); |
50 | io_ring_submit_unlock(ctx, issue_flags); |
51 | } |
52 | } |
53 | EXPORT_SYMBOL_GPL(io_uring_cmd_mark_cancelable); |
54 | |
55 | struct task_struct *io_uring_cmd_get_task(struct io_uring_cmd *cmd) |
56 | { |
57 | return cmd_to_io_kiocb(cmd)->task; |
58 | } |
59 | EXPORT_SYMBOL_GPL(io_uring_cmd_get_task); |
60 | |
61 | static void io_uring_cmd_work(struct io_kiocb *req, struct io_tw_state *ts) |
62 | { |
63 | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); |
64 | unsigned issue_flags = ts->locked ? 0 : IO_URING_F_UNLOCKED; |
65 | |
66 | ioucmd->task_work_cb(ioucmd, issue_flags); |
67 | } |
68 | |
69 | void __io_uring_cmd_do_in_task(struct io_uring_cmd *ioucmd, |
70 | void (*task_work_cb)(struct io_uring_cmd *, unsigned), |
71 | unsigned flags) |
72 | { |
73 | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); |
74 | |
75 | ioucmd->task_work_cb = task_work_cb; |
76 | req->io_task_work.func = io_uring_cmd_work; |
77 | __io_req_task_work_add(req, flags); |
78 | } |
79 | EXPORT_SYMBOL_GPL(__io_uring_cmd_do_in_task); |
80 | |
81 | void io_uring_cmd_do_in_task_lazy(struct io_uring_cmd *ioucmd, |
82 | void (*task_work_cb)(struct io_uring_cmd *, unsigned)) |
83 | { |
84 | __io_uring_cmd_do_in_task(ioucmd, task_work_cb, IOU_F_TWQ_LAZY_WAKE); |
85 | } |
86 | EXPORT_SYMBOL_GPL(io_uring_cmd_do_in_task_lazy); |
87 | |
88 | static inline void (struct io_kiocb *req, |
89 | u64 , u64 ) |
90 | { |
91 | req->big_cqe.extra1 = extra1; |
92 | req->big_cqe.extra2 = extra2; |
93 | } |
94 | |
95 | /* |
96 | * Called by consumers of io_uring_cmd, if they originally returned |
97 | * -EIOCBQUEUED upon receiving the command. |
98 | */ |
99 | void io_uring_cmd_done(struct io_uring_cmd *ioucmd, ssize_t ret, ssize_t res2, |
100 | unsigned issue_flags) |
101 | { |
102 | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); |
103 | |
104 | io_uring_cmd_del_cancelable(cmd: ioucmd, issue_flags); |
105 | |
106 | if (ret < 0) |
107 | req_set_fail(req); |
108 | |
109 | io_req_set_res(req, res: ret, cflags: 0); |
110 | if (req->ctx->flags & IORING_SETUP_CQE32) |
111 | io_req_set_cqe32_extra(req, extra1: res2, extra2: 0); |
112 | if (req->ctx->flags & IORING_SETUP_IOPOLL) { |
113 | /* order with io_iopoll_req_issued() checking ->iopoll_complete */ |
114 | smp_store_release(&req->iopoll_completed, 1); |
115 | } else { |
116 | struct io_tw_state ts = { |
117 | .locked = !(issue_flags & IO_URING_F_UNLOCKED), |
118 | }; |
119 | io_req_task_complete(req, ts: &ts); |
120 | } |
121 | } |
122 | EXPORT_SYMBOL_GPL(io_uring_cmd_done); |
123 | |
124 | int io_uring_cmd_prep_async(struct io_kiocb *req) |
125 | { |
126 | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); |
127 | |
128 | memcpy(req->async_data, ioucmd->sqe, uring_sqe_size(req->ctx)); |
129 | ioucmd->sqe = req->async_data; |
130 | return 0; |
131 | } |
132 | |
133 | int io_uring_cmd_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) |
134 | { |
135 | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); |
136 | |
137 | if (sqe->__pad1) |
138 | return -EINVAL; |
139 | |
140 | ioucmd->flags = READ_ONCE(sqe->uring_cmd_flags); |
141 | if (ioucmd->flags & ~IORING_URING_CMD_MASK) |
142 | return -EINVAL; |
143 | |
144 | if (ioucmd->flags & IORING_URING_CMD_FIXED) { |
145 | struct io_ring_ctx *ctx = req->ctx; |
146 | u16 index; |
147 | |
148 | req->buf_index = READ_ONCE(sqe->buf_index); |
149 | if (unlikely(req->buf_index >= ctx->nr_user_bufs)) |
150 | return -EFAULT; |
151 | index = array_index_nospec(req->buf_index, ctx->nr_user_bufs); |
152 | req->imu = ctx->user_bufs[index]; |
153 | io_req_set_rsrc_node(req, ctx, issue_flags: 0); |
154 | } |
155 | ioucmd->sqe = sqe; |
156 | ioucmd->cmd_op = READ_ONCE(sqe->cmd_op); |
157 | return 0; |
158 | } |
159 | |
160 | int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags) |
161 | { |
162 | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); |
163 | struct io_ring_ctx *ctx = req->ctx; |
164 | struct file *file = req->file; |
165 | int ret; |
166 | |
167 | if (!file->f_op->uring_cmd) |
168 | return -EOPNOTSUPP; |
169 | |
170 | ret = security_uring_cmd(ioucmd); |
171 | if (ret) |
172 | return ret; |
173 | |
174 | if (ctx->flags & IORING_SETUP_SQE128) |
175 | issue_flags |= IO_URING_F_SQE128; |
176 | if (ctx->flags & IORING_SETUP_CQE32) |
177 | issue_flags |= IO_URING_F_CQE32; |
178 | if (ctx->compat) |
179 | issue_flags |= IO_URING_F_COMPAT; |
180 | if (ctx->flags & IORING_SETUP_IOPOLL) { |
181 | if (!file->f_op->uring_cmd_iopoll) |
182 | return -EOPNOTSUPP; |
183 | issue_flags |= IO_URING_F_IOPOLL; |
184 | req->iopoll_completed = 0; |
185 | WRITE_ONCE(ioucmd->cookie, NULL); |
186 | } |
187 | |
188 | ret = file->f_op->uring_cmd(ioucmd, issue_flags); |
189 | if (ret == -EAGAIN) { |
190 | if (!req_has_async_data(req)) { |
191 | if (io_alloc_async_data(req)) |
192 | return -ENOMEM; |
193 | io_uring_cmd_prep_async(req); |
194 | } |
195 | return -EAGAIN; |
196 | } |
197 | |
198 | if (ret != -EIOCBQUEUED) { |
199 | if (ret < 0) |
200 | req_set_fail(req); |
201 | io_req_set_res(req, res: ret, cflags: 0); |
202 | return ret; |
203 | } |
204 | |
205 | return IOU_ISSUE_SKIP_COMPLETE; |
206 | } |
207 | |
208 | int io_uring_cmd_import_fixed(u64 ubuf, unsigned long len, int rw, |
209 | struct iov_iter *iter, void *ioucmd) |
210 | { |
211 | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); |
212 | |
213 | return io_import_fixed(ddir: rw, iter, imu: req->imu, buf_addr: ubuf, len); |
214 | } |
215 | EXPORT_SYMBOL_GPL(io_uring_cmd_import_fixed); |
216 | |
217 | static inline int io_uring_cmd_getsockopt(struct socket *sock, |
218 | struct io_uring_cmd *cmd, |
219 | unsigned int issue_flags) |
220 | { |
221 | bool compat = !!(issue_flags & IO_URING_F_COMPAT); |
222 | int optlen, optname, level, err; |
223 | void __user *optval; |
224 | |
225 | level = READ_ONCE(cmd->sqe->level); |
226 | if (level != SOL_SOCKET) |
227 | return -EOPNOTSUPP; |
228 | |
229 | optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); |
230 | optname = READ_ONCE(cmd->sqe->optname); |
231 | optlen = READ_ONCE(cmd->sqe->optlen); |
232 | |
233 | err = do_sock_getsockopt(sock, compat, level, optname, |
234 | optval: USER_SOCKPTR(p: optval), |
235 | optlen: KERNEL_SOCKPTR(p: &optlen)); |
236 | if (err) |
237 | return err; |
238 | |
239 | /* On success, return optlen */ |
240 | return optlen; |
241 | } |
242 | |
243 | static inline int io_uring_cmd_setsockopt(struct socket *sock, |
244 | struct io_uring_cmd *cmd, |
245 | unsigned int issue_flags) |
246 | { |
247 | bool compat = !!(issue_flags & IO_URING_F_COMPAT); |
248 | int optname, optlen, level; |
249 | void __user *optval; |
250 | sockptr_t optval_s; |
251 | |
252 | optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); |
253 | optname = READ_ONCE(cmd->sqe->optname); |
254 | optlen = READ_ONCE(cmd->sqe->optlen); |
255 | level = READ_ONCE(cmd->sqe->level); |
256 | optval_s = USER_SOCKPTR(p: optval); |
257 | |
258 | return do_sock_setsockopt(sock, compat, level, optname, optval: optval_s, |
259 | optlen); |
260 | } |
261 | |
262 | #if defined(CONFIG_NET) |
263 | int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags) |
264 | { |
265 | struct socket *sock = cmd->file->private_data; |
266 | struct sock *sk = sock->sk; |
267 | struct proto *prot = READ_ONCE(sk->sk_prot); |
268 | int ret, arg = 0; |
269 | |
270 | if (!prot || !prot->ioctl) |
271 | return -EOPNOTSUPP; |
272 | |
273 | switch (cmd->sqe->cmd_op) { |
274 | case SOCKET_URING_OP_SIOCINQ: |
275 | ret = prot->ioctl(sk, SIOCINQ, &arg); |
276 | if (ret) |
277 | return ret; |
278 | return arg; |
279 | case SOCKET_URING_OP_SIOCOUTQ: |
280 | ret = prot->ioctl(sk, SIOCOUTQ, &arg); |
281 | if (ret) |
282 | return ret; |
283 | return arg; |
284 | case SOCKET_URING_OP_GETSOCKOPT: |
285 | return io_uring_cmd_getsockopt(sock, cmd, issue_flags); |
286 | case SOCKET_URING_OP_SETSOCKOPT: |
287 | return io_uring_cmd_setsockopt(sock, cmd, issue_flags); |
288 | default: |
289 | return -EOPNOTSUPP; |
290 | } |
291 | } |
292 | EXPORT_SYMBOL_GPL(io_uring_cmd_sock); |
293 | #endif |
294 | |