1 // SPDX-License-Identifier: GPL-2.0
3 * Shared application/kernel submission and completion ring pairs, for
4 * supporting fast/efficient IO.
6 * A note on the read/write ordering memory barriers that are matched between
7 * the application and kernel side. When the application reads the CQ ring
8 * tail, it must use an appropriate smp_rmb() to order with the smp_wmb()
9 * the kernel uses after writing the tail. Failure to do so could cause a
10 * delay in when the application notices that completion events available.
11 * This isn't a fatal condition. Likewise, the application must use an
12 * appropriate smp_wmb() both before writing the SQ tail, and after writing
13 * the SQ tail. The first one orders the sqe writes with the tail write, and
14 * the latter is paired with the smp_rmb() the kernel will issue before
15 * reading the SQ tail on submission.
17 * Also see the examples in the liburing library:
19 * git://git.kernel.dk/liburing
21 * io_uring also uses READ/WRITE_ONCE() for _any_ store or load that happens
22 * from data shared between the kernel and application. This is done both
23 * for ordering purposes, but also to ensure that once a value is loaded from
24 * data that the application could potentially modify, it remains stable.
26 * Copyright (C) 2018-2019 Jens Axboe
27 * Copyright (c) 2018-2019 Christoph Hellwig
29 #include <linux/kernel.h>
30 #include <linux/init.h>
31 #include <linux/errno.h>
32 #include <linux/syscalls.h>
33 #include <linux/compat.h>
34 #include <linux/refcount.h>
35 #include <linux/uio.h>
37 #include <linux/sched/signal.h>
39 #include <linux/file.h>
40 #include <linux/fdtable.h>
42 #include <linux/mman.h>
43 #include <linux/mmu_context.h>
44 #include <linux/percpu.h>
45 #include <linux/slab.h>
46 #include <linux/workqueue.h>
47 #include <linux/kthread.h>
48 #include <linux/blkdev.h>
49 #include <linux/bvec.h>
50 #include <linux/net.h>
52 #include <net/af_unix.h>
54 #include <linux/anon_inodes.h>
55 #include <linux/sched/mm.h>
56 #include <linux/uaccess.h>
57 #include <linux/nospec.h>
58 #include <linux/sizes.h>
59 #include <linux/hugetlb.h>
61 #include <uapi/linux/io_uring.h>
65 #define IORING_MAX_ENTRIES 4096
66 #define IORING_MAX_FIXED_FILES 1024
69 u32 head ____cacheline_aligned_in_smp;
70 u32 tail ____cacheline_aligned_in_smp;
87 struct io_uring_cqe cqes[];
90 struct io_mapped_ubuf {
94 unsigned int nr_bvecs;
100 struct list_head list;
109 struct percpu_ref refs;
110 } ____cacheline_aligned_in_smp;
118 struct io_sq_ring *sq_ring;
119 unsigned cached_sq_head;
122 unsigned sq_thread_idle;
123 struct io_uring_sqe *sq_sqes;
124 } ____cacheline_aligned_in_smp;
127 struct workqueue_struct *sqo_wq;
128 struct task_struct *sqo_thread; /* if using sq thread polling */
129 struct mm_struct *sqo_mm;
130 wait_queue_head_t sqo_wait;
135 struct io_cq_ring *cq_ring;
136 unsigned cached_cq_tail;
139 struct wait_queue_head cq_wait;
140 struct fasync_struct *cq_fasync;
141 } ____cacheline_aligned_in_smp;
144 * If used, fixed file set. Writers must ensure that ->refs is dead,
145 * readers must ensure that ->refs is alive as long as the file* is
146 * used. Only updated through io_uring_register(2).
148 struct file **user_files;
149 unsigned nr_user_files;
151 /* if used, fixed mapped user buffers */
152 unsigned nr_user_bufs;
153 struct io_mapped_ubuf *user_bufs;
155 struct user_struct *user;
157 struct completion ctx_done;
160 struct mutex uring_lock;
161 wait_queue_head_t wait;
162 } ____cacheline_aligned_in_smp;
165 spinlock_t completion_lock;
166 bool poll_multi_file;
168 * ->poll_list is protected by the ctx->uring_lock for
169 * io_uring instances that don't use IORING_SETUP_SQPOLL.
170 * For SQPOLL, only the single threaded io_sq_thread() will
171 * manipulate the list, hence no extra locking is needed there.
173 struct list_head poll_list;
174 struct list_head cancel_list;
175 } ____cacheline_aligned_in_smp;
177 struct async_list pending_async[2];
179 #if defined(CONFIG_UNIX)
180 struct socket *ring_sock;
185 const struct io_uring_sqe *sqe;
186 unsigned short index;
189 bool needs_fixed_file;
193 * First field must be the file pointer in all the
194 * iocb unions! See also 'struct kiocb' in <linux/fs.h>
196 struct io_poll_iocb {
198 struct wait_queue_head *head;
202 struct wait_queue_entry wait;
206 * NOTE! Each of the iocb union members has the file pointer
207 * as the first entry in their struct definition. So you can
208 * access the file pointer through any of the sub-structs,
209 * or directly as just 'ki_filp' in this struct.
215 struct io_poll_iocb poll;
218 struct sqe_submit submit;
220 struct io_ring_ctx *ctx;
221 struct list_head list;
224 #define REQ_F_FORCE_NONBLOCK 1 /* inline submission attempt */
225 #define REQ_F_IOPOLL_COMPLETED 2 /* polled IO has completed */
226 #define REQ_F_FIXED_FILE 4 /* ctx owns file */
227 #define REQ_F_SEQ_PREV 8 /* sequential with previous */
228 #define REQ_F_PREPPED 16 /* prep already done */
232 struct work_struct work;
235 #define IO_PLUG_THRESHOLD 2
236 #define IO_IOPOLL_BATCH 8
238 struct io_submit_state {
239 struct blk_plug plug;
242 * io_kiocb alloc cache
244 void *reqs[IO_IOPOLL_BATCH];
245 unsigned int free_reqs;
246 unsigned int cur_req;
249 * File reference cache
253 unsigned int has_refs;
254 unsigned int used_refs;
255 unsigned int ios_left;
258 static struct kmem_cache *req_cachep;
260 static const struct file_operations io_uring_fops;
262 struct sock *io_uring_get_socket(struct file *file)
264 #if defined(CONFIG_UNIX)
265 if (file->f_op == &io_uring_fops) {
266 struct io_ring_ctx *ctx = file->private_data;
268 return ctx->ring_sock->sk;
273 EXPORT_SYMBOL(io_uring_get_socket);
275 static void io_ring_ctx_ref_free(struct percpu_ref *ref)
277 struct io_ring_ctx *ctx = container_of(ref, struct io_ring_ctx, refs);
279 complete(&ctx->ctx_done);
282 static struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
284 struct io_ring_ctx *ctx;
287 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
291 if (percpu_ref_init(&ctx->refs, io_ring_ctx_ref_free, 0, GFP_KERNEL)) {
296 ctx->flags = p->flags;
297 init_waitqueue_head(&ctx->cq_wait);
298 init_completion(&ctx->ctx_done);
299 mutex_init(&ctx->uring_lock);
300 init_waitqueue_head(&ctx->wait);
301 for (i = 0; i < ARRAY_SIZE(ctx->pending_async); i++) {
302 spin_lock_init(&ctx->pending_async[i].lock);
303 INIT_LIST_HEAD(&ctx->pending_async[i].list);
304 atomic_set(&ctx->pending_async[i].cnt, 0);
306 spin_lock_init(&ctx->completion_lock);
307 INIT_LIST_HEAD(&ctx->poll_list);
308 INIT_LIST_HEAD(&ctx->cancel_list);
312 static void io_commit_cqring(struct io_ring_ctx *ctx)
314 struct io_cq_ring *ring = ctx->cq_ring;
316 if (ctx->cached_cq_tail != READ_ONCE(ring->r.tail)) {
317 /* order cqe stores with ring update */
318 smp_store_release(&ring->r.tail, ctx->cached_cq_tail);
321 * Write sider barrier of tail update, app has read side. See
322 * comment at the top of this file.
326 if (wq_has_sleeper(&ctx->cq_wait)) {
327 wake_up_interruptible(&ctx->cq_wait);
328 kill_fasync(&ctx->cq_fasync, SIGIO, POLL_IN);
333 static struct io_uring_cqe *io_get_cqring(struct io_ring_ctx *ctx)
335 struct io_cq_ring *ring = ctx->cq_ring;
338 tail = ctx->cached_cq_tail;
339 /* See comment at the top of the file */
341 if (tail - READ_ONCE(ring->r.head) == ring->ring_entries)
344 ctx->cached_cq_tail++;
345 return &ring->cqes[tail & ctx->cq_mask];
348 static void io_cqring_fill_event(struct io_ring_ctx *ctx, u64 ki_user_data,
349 long res, unsigned ev_flags)
351 struct io_uring_cqe *cqe;
354 * If we can't get a cq entry, userspace overflowed the
355 * submission (by quite a lot). Increment the overflow count in
358 cqe = io_get_cqring(ctx);
360 WRITE_ONCE(cqe->user_data, ki_user_data);
361 WRITE_ONCE(cqe->res, res);
362 WRITE_ONCE(cqe->flags, ev_flags);
364 unsigned overflow = READ_ONCE(ctx->cq_ring->overflow);
366 WRITE_ONCE(ctx->cq_ring->overflow, overflow + 1);
370 static void io_cqring_ev_posted(struct io_ring_ctx *ctx)
372 if (waitqueue_active(&ctx->wait))
374 if (waitqueue_active(&ctx->sqo_wait))
375 wake_up(&ctx->sqo_wait);
378 static void io_cqring_add_event(struct io_ring_ctx *ctx, u64 user_data,
379 long res, unsigned ev_flags)
383 spin_lock_irqsave(&ctx->completion_lock, flags);
384 io_cqring_fill_event(ctx, user_data, res, ev_flags);
385 io_commit_cqring(ctx);
386 spin_unlock_irqrestore(&ctx->completion_lock, flags);
388 io_cqring_ev_posted(ctx);
391 static void io_ring_drop_ctx_refs(struct io_ring_ctx *ctx, unsigned refs)
393 percpu_ref_put_many(&ctx->refs, refs);
395 if (waitqueue_active(&ctx->wait))
399 static struct io_kiocb *io_get_req(struct io_ring_ctx *ctx,
400 struct io_submit_state *state)
402 gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;
403 struct io_kiocb *req;
405 if (!percpu_ref_tryget(&ctx->refs))
409 req = kmem_cache_alloc(req_cachep, gfp);
412 } else if (!state->free_reqs) {
416 sz = min_t(size_t, state->ios_left, ARRAY_SIZE(state->reqs));
417 ret = kmem_cache_alloc_bulk(req_cachep, gfp, sz, state->reqs);
420 * Bulk alloc is all-or-nothing. If we fail to get a batch,
421 * retry single alloc to be on the safe side.
423 if (unlikely(ret <= 0)) {
424 state->reqs[0] = kmem_cache_alloc(req_cachep, gfp);
429 state->free_reqs = ret - 1;
431 req = state->reqs[0];
433 req = state->reqs[state->cur_req];
440 /* one is dropped after submission, the other at completion */
441 refcount_set(&req->refs, 2);
444 io_ring_drop_ctx_refs(ctx, 1);
448 static void io_free_req_many(struct io_ring_ctx *ctx, void **reqs, int *nr)
451 kmem_cache_free_bulk(req_cachep, *nr, reqs);
452 io_ring_drop_ctx_refs(ctx, *nr);
457 static void io_free_req(struct io_kiocb *req)
459 if (req->file && !(req->flags & REQ_F_FIXED_FILE))
461 io_ring_drop_ctx_refs(req->ctx, 1);
462 kmem_cache_free(req_cachep, req);
465 static void io_put_req(struct io_kiocb *req)
467 if (refcount_dec_and_test(&req->refs))
472 * Find and free completed poll iocbs
474 static void io_iopoll_complete(struct io_ring_ctx *ctx, unsigned int *nr_events,
475 struct list_head *done)
477 void *reqs[IO_IOPOLL_BATCH];
478 struct io_kiocb *req;
482 while (!list_empty(done)) {
483 req = list_first_entry(done, struct io_kiocb, list);
484 list_del(&req->list);
486 io_cqring_fill_event(ctx, req->user_data, req->error, 0);
489 if (refcount_dec_and_test(&req->refs)) {
490 /* If we're not using fixed files, we have to pair the
491 * completion part with the file put. Use regular
492 * completions for those, only batch free for fixed
495 if (req->flags & REQ_F_FIXED_FILE) {
496 reqs[to_free++] = req;
497 if (to_free == ARRAY_SIZE(reqs))
498 io_free_req_many(ctx, reqs, &to_free);
505 io_commit_cqring(ctx);
506 io_free_req_many(ctx, reqs, &to_free);
509 static int io_do_iopoll(struct io_ring_ctx *ctx, unsigned int *nr_events,
512 struct io_kiocb *req, *tmp;
518 * Only spin for completions if we don't have multiple devices hanging
519 * off our complete list, and we're under the requested amount.
521 spin = !ctx->poll_multi_file && *nr_events < min;
524 list_for_each_entry_safe(req, tmp, &ctx->poll_list, list) {
525 struct kiocb *kiocb = &req->rw;
528 * Move completed entries to our local list. If we find a
529 * request that requires polling, break out and complete
530 * the done list first, if we have entries there.
532 if (req->flags & REQ_F_IOPOLL_COMPLETED) {
533 list_move_tail(&req->list, &done);
536 if (!list_empty(&done))
539 ret = kiocb->ki_filp->f_op->iopoll(kiocb, spin);
548 if (!list_empty(&done))
549 io_iopoll_complete(ctx, nr_events, &done);
555 * Poll for a mininum of 'min' events. Note that if min == 0 we consider that a
556 * non-spinning poll check - we'll still enter the driver poll loop, but only
557 * as a non-spinning completion check.
559 static int io_iopoll_getevents(struct io_ring_ctx *ctx, unsigned int *nr_events,
562 while (!list_empty(&ctx->poll_list)) {
565 ret = io_do_iopoll(ctx, nr_events, min);
568 if (!min || *nr_events >= min)
576 * We can't just wait for polled events to come to us, we have to actively
577 * find and complete them.
579 static void io_iopoll_reap_events(struct io_ring_ctx *ctx)
581 if (!(ctx->flags & IORING_SETUP_IOPOLL))
584 mutex_lock(&ctx->uring_lock);
585 while (!list_empty(&ctx->poll_list)) {
586 unsigned int nr_events = 0;
588 io_iopoll_getevents(ctx, &nr_events, 1);
590 mutex_unlock(&ctx->uring_lock);
593 static int io_iopoll_check(struct io_ring_ctx *ctx, unsigned *nr_events,
601 if (*nr_events < min)
602 tmin = min - *nr_events;
604 ret = io_iopoll_getevents(ctx, nr_events, tmin);
608 } while (min && !*nr_events && !need_resched());
613 static void kiocb_end_write(struct kiocb *kiocb)
615 if (kiocb->ki_flags & IOCB_WRITE) {
616 struct inode *inode = file_inode(kiocb->ki_filp);
619 * Tell lockdep we inherited freeze protection from submission
622 if (S_ISREG(inode->i_mode))
623 __sb_writers_acquired(inode->i_sb, SB_FREEZE_WRITE);
624 file_end_write(kiocb->ki_filp);
628 static void io_complete_rw(struct kiocb *kiocb, long res, long res2)
630 struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw);
632 kiocb_end_write(kiocb);
634 io_cqring_add_event(req->ctx, req->user_data, res, 0);
638 static void io_complete_rw_iopoll(struct kiocb *kiocb, long res, long res2)
640 struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw);
642 kiocb_end_write(kiocb);
646 req->flags |= REQ_F_IOPOLL_COMPLETED;
650 * After the iocb has been issued, it's safe to be found on the poll list.
651 * Adding the kiocb to the list AFTER submission ensures that we don't
652 * find it from a io_iopoll_getevents() thread before the issuer is done
653 * accessing the kiocb cookie.
655 static void io_iopoll_req_issued(struct io_kiocb *req)
657 struct io_ring_ctx *ctx = req->ctx;
660 * Track whether we have multiple files in our lists. This will impact
661 * how we do polling eventually, not spinning if we're on potentially
664 if (list_empty(&ctx->poll_list)) {
665 ctx->poll_multi_file = false;
666 } else if (!ctx->poll_multi_file) {
667 struct io_kiocb *list_req;
669 list_req = list_first_entry(&ctx->poll_list, struct io_kiocb,
671 if (list_req->rw.ki_filp != req->rw.ki_filp)
672 ctx->poll_multi_file = true;
676 * For fast devices, IO may have already completed. If it has, add
677 * it to the front so we find it first.
679 if (req->flags & REQ_F_IOPOLL_COMPLETED)
680 list_add(&req->list, &ctx->poll_list);
682 list_add_tail(&req->list, &ctx->poll_list);
685 static void io_file_put(struct io_submit_state *state)
688 int diff = state->has_refs - state->used_refs;
691 fput_many(state->file, diff);
697 * Get as many references to a file as we have IOs left in this submission,
698 * assuming most submissions are for one file, or at least that each file
699 * has more than one submission.
701 static struct file *io_file_get(struct io_submit_state *state, int fd)
707 if (state->fd == fd) {
714 state->file = fget_many(fd, state->ios_left);
719 state->has_refs = state->ios_left;
720 state->used_refs = 1;
726 * If we tracked the file through the SCM inflight mechanism, we could support
727 * any file. For now, just ensure that anything potentially problematic is done
730 static bool io_file_supports_async(struct file *file)
732 umode_t mode = file_inode(file)->i_mode;
734 if (S_ISBLK(mode) || S_ISCHR(mode))
736 if (S_ISREG(mode) && file->f_op != &io_uring_fops)
742 static int io_prep_rw(struct io_kiocb *req, const struct sqe_submit *s,
745 const struct io_uring_sqe *sqe = s->sqe;
746 struct io_ring_ctx *ctx = req->ctx;
747 struct kiocb *kiocb = &req->rw;
753 /* For -EAGAIN retry, everything is already prepped */
754 if (req->flags & REQ_F_PREPPED)
757 if (force_nonblock && !io_file_supports_async(req->file))
758 force_nonblock = false;
760 kiocb->ki_pos = READ_ONCE(sqe->off);
761 kiocb->ki_flags = iocb_flags(kiocb->ki_filp);
762 kiocb->ki_hint = ki_hint_validate(file_write_hint(kiocb->ki_filp));
764 ioprio = READ_ONCE(sqe->ioprio);
766 ret = ioprio_check_cap(ioprio);
770 kiocb->ki_ioprio = ioprio;
772 kiocb->ki_ioprio = get_current_ioprio();
774 ret = kiocb_set_rw_flags(kiocb, READ_ONCE(sqe->rw_flags));
777 if (force_nonblock) {
778 kiocb->ki_flags |= IOCB_NOWAIT;
779 req->flags |= REQ_F_FORCE_NONBLOCK;
781 if (ctx->flags & IORING_SETUP_IOPOLL) {
782 if (!(kiocb->ki_flags & IOCB_DIRECT) ||
783 !kiocb->ki_filp->f_op->iopoll)
787 kiocb->ki_flags |= IOCB_HIPRI;
788 kiocb->ki_complete = io_complete_rw_iopoll;
790 if (kiocb->ki_flags & IOCB_HIPRI)
792 kiocb->ki_complete = io_complete_rw;
794 req->flags |= REQ_F_PREPPED;
798 static inline void io_rw_done(struct kiocb *kiocb, ssize_t ret)
804 case -ERESTARTNOINTR:
805 case -ERESTARTNOHAND:
806 case -ERESTART_RESTARTBLOCK:
808 * We can't just restart the syscall, since previously
809 * submitted sqes may already be in progress. Just fail this
815 kiocb->ki_complete(kiocb, ret, 0);
819 static int io_import_fixed(struct io_ring_ctx *ctx, int rw,
820 const struct io_uring_sqe *sqe,
821 struct iov_iter *iter)
823 size_t len = READ_ONCE(sqe->len);
824 struct io_mapped_ubuf *imu;
825 unsigned index, buf_index;
829 /* attempt to use fixed buffers without having provided iovecs */
830 if (unlikely(!ctx->user_bufs))
833 buf_index = READ_ONCE(sqe->buf_index);
834 if (unlikely(buf_index >= ctx->nr_user_bufs))
837 index = array_index_nospec(buf_index, ctx->nr_user_bufs);
838 imu = &ctx->user_bufs[index];
839 buf_addr = READ_ONCE(sqe->addr);
842 if (buf_addr + len < buf_addr)
844 /* not inside the mapped region */
845 if (buf_addr < imu->ubuf || buf_addr + len > imu->ubuf + imu->len)
849 * May not be a start of buffer, set size appropriately
850 * and advance us to the beginning.
852 offset = buf_addr - imu->ubuf;
853 iov_iter_bvec(iter, rw, imu->bvec, imu->nr_bvecs, offset + len);
855 iov_iter_advance(iter, offset);
857 /* don't drop a reference to these pages */
858 iter->type |= ITER_BVEC_FLAG_NO_REF;
862 static int io_import_iovec(struct io_ring_ctx *ctx, int rw,
863 const struct sqe_submit *s, struct iovec **iovec,
864 struct iov_iter *iter)
866 const struct io_uring_sqe *sqe = s->sqe;
867 void __user *buf = u64_to_user_ptr(READ_ONCE(sqe->addr));
868 size_t sqe_len = READ_ONCE(sqe->len);
872 * We're reading ->opcode for the second time, but the first read
873 * doesn't care whether it's _FIXED or not, so it doesn't matter
874 * whether ->opcode changes concurrently. The first read does care
875 * about whether it is a READ or a WRITE, so we don't trust this read
876 * for that purpose and instead let the caller pass in the read/write
879 opcode = READ_ONCE(sqe->opcode);
880 if (opcode == IORING_OP_READ_FIXED ||
881 opcode == IORING_OP_WRITE_FIXED) {
882 int ret = io_import_fixed(ctx, rw, sqe, iter);
892 return compat_import_iovec(rw, buf, sqe_len, UIO_FASTIOV,
896 return import_iovec(rw, buf, sqe_len, UIO_FASTIOV, iovec, iter);
900 * Make a note of the last file/offset/direction we punted to async
901 * context. We'll use this information to see if we can piggy back a
902 * sequential request onto the previous one, if it's still hasn't been
903 * completed by the async worker.
905 static void io_async_list_note(int rw, struct io_kiocb *req, size_t len)
907 struct async_list *async_list = &req->ctx->pending_async[rw];
908 struct kiocb *kiocb = &req->rw;
909 struct file *filp = kiocb->ki_filp;
910 off_t io_end = kiocb->ki_pos + len;
912 if (filp == async_list->file && kiocb->ki_pos == async_list->io_end) {
913 unsigned long max_pages;
915 /* Use 8x RA size as a decent limiter for both reads/writes */
916 max_pages = filp->f_ra.ra_pages;
918 max_pages = VM_READAHEAD_PAGES;
921 /* If max pages are exceeded, reset the state */
923 if (async_list->io_pages + len <= max_pages) {
924 req->flags |= REQ_F_SEQ_PREV;
925 async_list->io_pages += len;
928 async_list->io_pages = 0;
932 /* New file? Reset state. */
933 if (async_list->file != filp) {
934 async_list->io_pages = 0;
935 async_list->file = filp;
937 async_list->io_end = io_end;
940 static int io_read(struct io_kiocb *req, const struct sqe_submit *s,
943 struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs;
944 struct kiocb *kiocb = &req->rw;
945 struct iov_iter iter;
950 ret = io_prep_rw(req, s, force_nonblock);
953 file = kiocb->ki_filp;
955 if (unlikely(!(file->f_mode & FMODE_READ)))
957 if (unlikely(!file->f_op->read_iter))
960 ret = io_import_iovec(req->ctx, READ, s, &iovec, &iter);
964 iov_count = iov_iter_count(&iter);
965 ret = rw_verify_area(READ, file, &kiocb->ki_pos, iov_count);
969 /* Catch -EAGAIN return for forced non-blocking submission */
970 ret2 = call_read_iter(file, kiocb, &iter);
971 if (!force_nonblock || ret2 != -EAGAIN) {
972 io_rw_done(kiocb, ret2);
975 * If ->needs_lock is true, we're already in async
979 io_async_list_note(READ, req, iov_count);
987 static int io_write(struct io_kiocb *req, const struct sqe_submit *s,
990 struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs;
991 struct kiocb *kiocb = &req->rw;
992 struct iov_iter iter;
997 ret = io_prep_rw(req, s, force_nonblock);
1001 file = kiocb->ki_filp;
1002 if (unlikely(!(file->f_mode & FMODE_WRITE)))
1004 if (unlikely(!file->f_op->write_iter))
1007 ret = io_import_iovec(req->ctx, WRITE, s, &iovec, &iter);
1011 iov_count = iov_iter_count(&iter);
1014 if (force_nonblock && !(kiocb->ki_flags & IOCB_DIRECT)) {
1015 /* If ->needs_lock is true, we're already in async context. */
1017 io_async_list_note(WRITE, req, iov_count);
1021 ret = rw_verify_area(WRITE, file, &kiocb->ki_pos, iov_count);
1026 * Open-code file_start_write here to grab freeze protection,
1027 * which will be released by another thread in
1028 * io_complete_rw(). Fool lockdep by telling it the lock got
1029 * released so that it doesn't complain about the held lock when
1030 * we return to userspace.
1032 if (S_ISREG(file_inode(file)->i_mode)) {
1033 __sb_start_write(file_inode(file)->i_sb,
1034 SB_FREEZE_WRITE, true);
1035 __sb_writers_release(file_inode(file)->i_sb,
1038 kiocb->ki_flags |= IOCB_WRITE;
1040 ret2 = call_write_iter(file, kiocb, &iter);
1041 if (!force_nonblock || ret2 != -EAGAIN) {
1042 io_rw_done(kiocb, ret2);
1045 * If ->needs_lock is true, we're already in async
1049 io_async_list_note(WRITE, req, iov_count);
1059 * IORING_OP_NOP just posts a completion event, nothing else.
1061 static int io_nop(struct io_kiocb *req, u64 user_data)
1063 struct io_ring_ctx *ctx = req->ctx;
1066 if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
1069 io_cqring_add_event(ctx, user_data, err, 0);
1074 static int io_prep_fsync(struct io_kiocb *req, const struct io_uring_sqe *sqe)
1076 struct io_ring_ctx *ctx = req->ctx;
1080 /* Prep already done (EAGAIN retry) */
1081 if (req->flags & REQ_F_PREPPED)
1084 if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
1086 if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index))
1089 req->flags |= REQ_F_PREPPED;
1093 static int io_fsync(struct io_kiocb *req, const struct io_uring_sqe *sqe,
1094 bool force_nonblock)
1096 loff_t sqe_off = READ_ONCE(sqe->off);
1097 loff_t sqe_len = READ_ONCE(sqe->len);
1098 loff_t end = sqe_off + sqe_len;
1099 unsigned fsync_flags;
1102 fsync_flags = READ_ONCE(sqe->fsync_flags);
1103 if (unlikely(fsync_flags & ~IORING_FSYNC_DATASYNC))
1106 ret = io_prep_fsync(req, sqe);
1110 /* fsync always requires a blocking context */
1114 ret = vfs_fsync_range(req->rw.ki_filp, sqe_off,
1115 end > 0 ? end : LLONG_MAX,
1116 fsync_flags & IORING_FSYNC_DATASYNC);
1118 io_cqring_add_event(req->ctx, sqe->user_data, ret, 0);
1123 static void io_poll_remove_one(struct io_kiocb *req)
1125 struct io_poll_iocb *poll = &req->poll;
1127 spin_lock(&poll->head->lock);
1128 WRITE_ONCE(poll->canceled, true);
1129 if (!list_empty(&poll->wait.entry)) {
1130 list_del_init(&poll->wait.entry);
1131 queue_work(req->ctx->sqo_wq, &req->work);
1133 spin_unlock(&poll->head->lock);
1135 list_del_init(&req->list);
1138 static void io_poll_remove_all(struct io_ring_ctx *ctx)
1140 struct io_kiocb *req;
1142 spin_lock_irq(&ctx->completion_lock);
1143 while (!list_empty(&ctx->cancel_list)) {
1144 req = list_first_entry(&ctx->cancel_list, struct io_kiocb,list);
1145 io_poll_remove_one(req);
1147 spin_unlock_irq(&ctx->completion_lock);
1151 * Find a running poll command that matches one specified in sqe->addr,
1152 * and remove it if found.
1154 static int io_poll_remove(struct io_kiocb *req, const struct io_uring_sqe *sqe)
1156 struct io_ring_ctx *ctx = req->ctx;
1157 struct io_kiocb *poll_req, *next;
1160 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
1162 if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index ||
1166 spin_lock_irq(&ctx->completion_lock);
1167 list_for_each_entry_safe(poll_req, next, &ctx->cancel_list, list) {
1168 if (READ_ONCE(sqe->addr) == poll_req->user_data) {
1169 io_poll_remove_one(poll_req);
1174 spin_unlock_irq(&ctx->completion_lock);
1176 io_cqring_add_event(req->ctx, sqe->user_data, ret, 0);
1181 static void io_poll_complete(struct io_ring_ctx *ctx, struct io_kiocb *req,
1184 req->poll.done = true;
1185 io_cqring_fill_event(ctx, req->user_data, mangle_poll(mask), 0);
1186 io_commit_cqring(ctx);
1189 static void io_poll_complete_work(struct work_struct *work)
1191 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
1192 struct io_poll_iocb *poll = &req->poll;
1193 struct poll_table_struct pt = { ._key = poll->events };
1194 struct io_ring_ctx *ctx = req->ctx;
1197 if (!READ_ONCE(poll->canceled))
1198 mask = vfs_poll(poll->file, &pt) & poll->events;
1201 * Note that ->ki_cancel callers also delete iocb from active_reqs after
1202 * calling ->ki_cancel. We need the ctx_lock roundtrip here to
1203 * synchronize with them. In the cancellation case the list_del_init
1204 * itself is not actually needed, but harmless so we keep it in to
1205 * avoid further branches in the fast path.
1207 spin_lock_irq(&ctx->completion_lock);
1208 if (!mask && !READ_ONCE(poll->canceled)) {
1209 add_wait_queue(poll->head, &poll->wait);
1210 spin_unlock_irq(&ctx->completion_lock);
1213 list_del_init(&req->list);
1214 io_poll_complete(ctx, req, mask);
1215 spin_unlock_irq(&ctx->completion_lock);
1217 io_cqring_ev_posted(ctx);
1221 static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
1224 struct io_poll_iocb *poll = container_of(wait, struct io_poll_iocb,
1226 struct io_kiocb *req = container_of(poll, struct io_kiocb, poll);
1227 struct io_ring_ctx *ctx = req->ctx;
1228 __poll_t mask = key_to_poll(key);
1229 unsigned long flags;
1231 /* for instances that support it check for an event match first: */
1232 if (mask && !(mask & poll->events))
1235 list_del_init(&poll->wait.entry);
1237 if (mask && spin_trylock_irqsave(&ctx->completion_lock, flags)) {
1238 list_del(&req->list);
1239 io_poll_complete(ctx, req, mask);
1240 spin_unlock_irqrestore(&ctx->completion_lock, flags);
1242 io_cqring_ev_posted(ctx);
1245 queue_work(ctx->sqo_wq, &req->work);
1251 struct io_poll_table {
1252 struct poll_table_struct pt;
1253 struct io_kiocb *req;
1257 static void io_poll_queue_proc(struct file *file, struct wait_queue_head *head,
1258 struct poll_table_struct *p)
1260 struct io_poll_table *pt = container_of(p, struct io_poll_table, pt);
1262 if (unlikely(pt->req->poll.head)) {
1263 pt->error = -EINVAL;
1268 pt->req->poll.head = head;
1269 add_wait_queue(head, &pt->req->poll.wait);
1272 static int io_poll_add(struct io_kiocb *req, const struct io_uring_sqe *sqe)
1274 struct io_poll_iocb *poll = &req->poll;
1275 struct io_ring_ctx *ctx = req->ctx;
1276 struct io_poll_table ipt;
1277 bool cancel = false;
1281 if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
1283 if (sqe->addr || sqe->ioprio || sqe->off || sqe->len || sqe->buf_index)
1288 INIT_WORK(&req->work, io_poll_complete_work);
1289 events = READ_ONCE(sqe->poll_events);
1290 poll->events = demangle_poll(events) | EPOLLERR | EPOLLHUP;
1294 poll->canceled = false;
1296 ipt.pt._qproc = io_poll_queue_proc;
1297 ipt.pt._key = poll->events;
1299 ipt.error = -EINVAL; /* same as no support for IOCB_CMD_POLL */
1301 /* initialized the list so that we can do list_empty checks */
1302 INIT_LIST_HEAD(&poll->wait.entry);
1303 init_waitqueue_func_entry(&poll->wait, io_poll_wake);
1305 mask = vfs_poll(poll->file, &ipt.pt) & poll->events;
1307 spin_lock_irq(&ctx->completion_lock);
1308 if (likely(poll->head)) {
1309 spin_lock(&poll->head->lock);
1310 if (unlikely(list_empty(&poll->wait.entry))) {
1316 if (mask || ipt.error)
1317 list_del_init(&poll->wait.entry);
1319 WRITE_ONCE(poll->canceled, true);
1320 else if (!poll->done) /* actually waiting for an event */
1321 list_add_tail(&req->list, &ctx->cancel_list);
1322 spin_unlock(&poll->head->lock);
1324 if (mask) { /* no async, we'd stolen it */
1325 req->error = mangle_poll(mask);
1327 io_poll_complete(ctx, req, mask);
1329 spin_unlock_irq(&ctx->completion_lock);
1332 io_cqring_ev_posted(ctx);
1338 static int __io_submit_sqe(struct io_ring_ctx *ctx, struct io_kiocb *req,
1339 const struct sqe_submit *s, bool force_nonblock)
1343 if (unlikely(s->index >= ctx->sq_entries))
1345 req->user_data = READ_ONCE(s->sqe->user_data);
1347 opcode = READ_ONCE(s->sqe->opcode);
1350 ret = io_nop(req, req->user_data);
1352 case IORING_OP_READV:
1353 if (unlikely(s->sqe->buf_index))
1355 ret = io_read(req, s, force_nonblock);
1357 case IORING_OP_WRITEV:
1358 if (unlikely(s->sqe->buf_index))
1360 ret = io_write(req, s, force_nonblock);
1362 case IORING_OP_READ_FIXED:
1363 ret = io_read(req, s, force_nonblock);
1365 case IORING_OP_WRITE_FIXED:
1366 ret = io_write(req, s, force_nonblock);
1368 case IORING_OP_FSYNC:
1369 ret = io_fsync(req, s->sqe, force_nonblock);
1371 case IORING_OP_POLL_ADD:
1372 ret = io_poll_add(req, s->sqe);
1374 case IORING_OP_POLL_REMOVE:
1375 ret = io_poll_remove(req, s->sqe);
1385 if (ctx->flags & IORING_SETUP_IOPOLL) {
1386 if (req->error == -EAGAIN)
1389 /* workqueue context doesn't hold uring_lock, grab it now */
1391 mutex_lock(&ctx->uring_lock);
1392 io_iopoll_req_issued(req);
1394 mutex_unlock(&ctx->uring_lock);
1400 static struct async_list *io_async_list_from_sqe(struct io_ring_ctx *ctx,
1401 const struct io_uring_sqe *sqe)
1403 switch (sqe->opcode) {
1404 case IORING_OP_READV:
1405 case IORING_OP_READ_FIXED:
1406 return &ctx->pending_async[READ];
1407 case IORING_OP_WRITEV:
1408 case IORING_OP_WRITE_FIXED:
1409 return &ctx->pending_async[WRITE];
1415 static inline bool io_sqe_needs_user(const struct io_uring_sqe *sqe)
1417 u8 opcode = READ_ONCE(sqe->opcode);
1419 return !(opcode == IORING_OP_READ_FIXED ||
1420 opcode == IORING_OP_WRITE_FIXED);
1423 static void io_sq_wq_submit_work(struct work_struct *work)
1425 struct io_kiocb *req = container_of(work, struct io_kiocb, work);
1426 struct io_ring_ctx *ctx = req->ctx;
1427 struct mm_struct *cur_mm = NULL;
1428 struct async_list *async_list;
1429 LIST_HEAD(req_list);
1430 mm_segment_t old_fs;
1433 async_list = io_async_list_from_sqe(ctx, req->submit.sqe);
1436 struct sqe_submit *s = &req->submit;
1437 const struct io_uring_sqe *sqe = s->sqe;
1439 /* Ensure we clear previously set forced non-block flag */
1440 req->flags &= ~REQ_F_FORCE_NONBLOCK;
1441 req->rw.ki_flags &= ~IOCB_NOWAIT;
1444 if (io_sqe_needs_user(sqe) && !cur_mm) {
1445 if (!mmget_not_zero(ctx->sqo_mm)) {
1448 cur_mm = ctx->sqo_mm;
1456 s->has_user = cur_mm != NULL;
1457 s->needs_lock = true;
1459 ret = __io_submit_sqe(ctx, req, s, false);
1461 * We can get EAGAIN for polled IO even though
1462 * we're forcing a sync submission from here,
1463 * since we can't wait for request slots on the
1471 /* drop submission reference */
1475 io_cqring_add_event(ctx, sqe->user_data, ret, 0);
1479 /* async context always use a copy of the sqe */
1484 if (!list_empty(&req_list)) {
1485 req = list_first_entry(&req_list, struct io_kiocb,
1487 list_del(&req->list);
1490 if (list_empty(&async_list->list))
1494 spin_lock(&async_list->lock);
1495 if (list_empty(&async_list->list)) {
1496 spin_unlock(&async_list->lock);
1499 list_splice_init(&async_list->list, &req_list);
1500 spin_unlock(&async_list->lock);
1502 req = list_first_entry(&req_list, struct io_kiocb, list);
1503 list_del(&req->list);
1507 * Rare case of racing with a submitter. If we find the count has
1508 * dropped to zero AND we have pending work items, then restart
1509 * the processing. This is a tiny race window.
1512 ret = atomic_dec_return(&async_list->cnt);
1513 while (!ret && !list_empty(&async_list->list)) {
1514 spin_lock(&async_list->lock);
1515 atomic_inc(&async_list->cnt);
1516 list_splice_init(&async_list->list, &req_list);
1517 spin_unlock(&async_list->lock);
1519 if (!list_empty(&req_list)) {
1520 req = list_first_entry(&req_list,
1521 struct io_kiocb, list);
1522 list_del(&req->list);
1525 ret = atomic_dec_return(&async_list->cnt);
1537 * See if we can piggy back onto previously submitted work, that is still
1538 * running. We currently only allow this if the new request is sequential
1539 * to the previous one we punted.
1541 static bool io_add_to_prev_work(struct async_list *list, struct io_kiocb *req)
1547 if (!(req->flags & REQ_F_SEQ_PREV))
1549 if (!atomic_read(&list->cnt))
1553 spin_lock(&list->lock);
1554 list_add_tail(&req->list, &list->list);
1555 if (!atomic_read(&list->cnt)) {
1556 list_del_init(&req->list);
1559 spin_unlock(&list->lock);
1563 static bool io_op_needs_file(const struct io_uring_sqe *sqe)
1565 int op = READ_ONCE(sqe->opcode);
1569 case IORING_OP_POLL_REMOVE:
1576 static int io_req_set_file(struct io_ring_ctx *ctx, const struct sqe_submit *s,
1577 struct io_submit_state *state, struct io_kiocb *req)
1582 flags = READ_ONCE(s->sqe->flags);
1583 fd = READ_ONCE(s->sqe->fd);
1585 if (!io_op_needs_file(s->sqe)) {
1590 if (flags & IOSQE_FIXED_FILE) {
1591 if (unlikely(!ctx->user_files ||
1592 (unsigned) fd >= ctx->nr_user_files))
1594 req->file = ctx->user_files[fd];
1595 req->flags |= REQ_F_FIXED_FILE;
1597 if (s->needs_fixed_file)
1599 req->file = io_file_get(state, fd);
1600 if (unlikely(!req->file))
1607 static int io_submit_sqe(struct io_ring_ctx *ctx, struct sqe_submit *s,
1608 struct io_submit_state *state)
1610 struct io_kiocb *req;
1613 /* enforce forwards compatibility on users */
1614 if (unlikely(s->sqe->flags & ~IOSQE_FIXED_FILE))
1617 req = io_get_req(ctx, state);
1621 ret = io_req_set_file(ctx, s, state, req);
1625 ret = __io_submit_sqe(ctx, req, s, true);
1626 if (ret == -EAGAIN) {
1627 struct io_uring_sqe *sqe_copy;
1629 sqe_copy = kmalloc(sizeof(*sqe_copy), GFP_KERNEL);
1631 struct async_list *list;
1633 memcpy(sqe_copy, s->sqe, sizeof(*sqe_copy));
1636 memcpy(&req->submit, s, sizeof(*s));
1637 list = io_async_list_from_sqe(ctx, s->sqe);
1638 if (!io_add_to_prev_work(list, req)) {
1640 atomic_inc(&list->cnt);
1641 INIT_WORK(&req->work, io_sq_wq_submit_work);
1642 queue_work(ctx->sqo_wq, &req->work);
1646 * Queued up for async execution, worker will release
1647 * submit reference when the iocb is actually
1655 /* drop submission reference */
1658 /* and drop final reference, if we failed */
1666 * Batched submission is done, ensure local IO is flushed out.
1668 static void io_submit_state_end(struct io_submit_state *state)
1670 blk_finish_plug(&state->plug);
1672 if (state->free_reqs)
1673 kmem_cache_free_bulk(req_cachep, state->free_reqs,
1674 &state->reqs[state->cur_req]);
1678 * Start submission side cache.
1680 static void io_submit_state_start(struct io_submit_state *state,
1681 struct io_ring_ctx *ctx, unsigned max_ios)
1683 blk_start_plug(&state->plug);
1684 state->free_reqs = 0;
1686 state->ios_left = max_ios;
1689 static void io_commit_sqring(struct io_ring_ctx *ctx)
1691 struct io_sq_ring *ring = ctx->sq_ring;
1693 if (ctx->cached_sq_head != READ_ONCE(ring->r.head)) {
1695 * Ensure any loads from the SQEs are done at this point,
1696 * since once we write the new head, the application could
1697 * write new data to them.
1699 smp_store_release(&ring->r.head, ctx->cached_sq_head);
1702 * write side barrier of head update, app has read side. See
1703 * comment at the top of this file
1710 * Undo last io_get_sqring()
1712 static void io_drop_sqring(struct io_ring_ctx *ctx)
1714 ctx->cached_sq_head--;
1718 * Fetch an sqe, if one is available. Note that s->sqe will point to memory
1719 * that is mapped by userspace. This means that care needs to be taken to
1720 * ensure that reads are stable, as we cannot rely on userspace always
1721 * being a good citizen. If members of the sqe are validated and then later
1722 * used, it's important that those reads are done through READ_ONCE() to
1723 * prevent a re-load down the line.
1725 static bool io_get_sqring(struct io_ring_ctx *ctx, struct sqe_submit *s)
1727 struct io_sq_ring *ring = ctx->sq_ring;
1731 * The cached sq head (or cq tail) serves two purposes:
1733 * 1) allows us to batch the cost of updating the user visible
1735 * 2) allows the kernel side to track the head on its own, even
1736 * though the application is the one updating it.
1738 head = ctx->cached_sq_head;
1739 /* See comment at the top of this file */
1741 /* make sure SQ entry isn't read before tail */
1742 if (head == smp_load_acquire(&ring->r.tail))
1745 head = READ_ONCE(ring->array[head & ctx->sq_mask]);
1746 if (head < ctx->sq_entries) {
1748 s->sqe = &ctx->sq_sqes[head];
1749 ctx->cached_sq_head++;
1753 /* drop invalid entries */
1754 ctx->cached_sq_head++;
1756 /* See comment at the top of this file */
1761 static int io_submit_sqes(struct io_ring_ctx *ctx, struct sqe_submit *sqes,
1762 unsigned int nr, bool has_user, bool mm_fault)
1764 struct io_submit_state state, *statep = NULL;
1765 int ret, i, submitted = 0;
1767 if (nr > IO_PLUG_THRESHOLD) {
1768 io_submit_state_start(&state, ctx, nr);
1772 for (i = 0; i < nr; i++) {
1773 if (unlikely(mm_fault)) {
1776 sqes[i].has_user = has_user;
1777 sqes[i].needs_lock = true;
1778 sqes[i].needs_fixed_file = true;
1779 ret = io_submit_sqe(ctx, &sqes[i], statep);
1786 io_cqring_add_event(ctx, sqes[i].sqe->user_data, ret, 0);
1790 io_submit_state_end(&state);
1795 static int io_sq_thread(void *data)
1797 struct sqe_submit sqes[IO_IOPOLL_BATCH];
1798 struct io_ring_ctx *ctx = data;
1799 struct mm_struct *cur_mm = NULL;
1800 mm_segment_t old_fs;
1803 unsigned long timeout;
1808 timeout = inflight = 0;
1809 while (!kthread_should_stop() && !ctx->sqo_stop) {
1810 bool all_fixed, mm_fault = false;
1814 unsigned nr_events = 0;
1816 if (ctx->flags & IORING_SETUP_IOPOLL) {
1818 * We disallow the app entering submit/complete
1819 * with polling, but we still need to lock the
1820 * ring to prevent racing with polled issue
1821 * that got punted to a workqueue.
1823 mutex_lock(&ctx->uring_lock);
1824 io_iopoll_check(ctx, &nr_events, 0);
1825 mutex_unlock(&ctx->uring_lock);
1828 * Normal IO, just pretend everything completed.
1829 * We don't have to poll completions for that.
1831 nr_events = inflight;
1834 inflight -= nr_events;
1836 timeout = jiffies + ctx->sq_thread_idle;
1839 if (!io_get_sqring(ctx, &sqes[0])) {
1841 * We're polling. If we're within the defined idle
1842 * period, then let us spin without work before going
1845 if (inflight || !time_after(jiffies, timeout)) {
1851 * Drop cur_mm before scheduling, we can't hold it for
1852 * long periods (or over schedule()). Do this before
1853 * adding ourselves to the waitqueue, as the unuse/drop
1862 prepare_to_wait(&ctx->sqo_wait, &wait,
1863 TASK_INTERRUPTIBLE);
1865 /* Tell userspace we may need a wakeup call */
1866 ctx->sq_ring->flags |= IORING_SQ_NEED_WAKEUP;
1867 /* make sure to read SQ tail after writing flags */
1870 if (!io_get_sqring(ctx, &sqes[0])) {
1871 if (kthread_should_stop()) {
1872 finish_wait(&ctx->sqo_wait, &wait);
1875 if (signal_pending(current))
1876 flush_signals(current);
1878 finish_wait(&ctx->sqo_wait, &wait);
1880 ctx->sq_ring->flags &= ~IORING_SQ_NEED_WAKEUP;
1884 finish_wait(&ctx->sqo_wait, &wait);
1886 ctx->sq_ring->flags &= ~IORING_SQ_NEED_WAKEUP;
1893 if (all_fixed && io_sqe_needs_user(sqes[i].sqe))
1897 if (i == ARRAY_SIZE(sqes))
1899 } while (io_get_sqring(ctx, &sqes[i]));
1901 /* Unless all new commands are FIXED regions, grab mm */
1902 if (!all_fixed && !cur_mm) {
1903 mm_fault = !mmget_not_zero(ctx->sqo_mm);
1905 use_mm(ctx->sqo_mm);
1906 cur_mm = ctx->sqo_mm;
1910 inflight += io_submit_sqes(ctx, sqes, i, cur_mm != NULL,
1913 /* Commit SQ ring head once we've consumed all SQEs */
1914 io_commit_sqring(ctx);
1923 if (kthread_should_park())
1929 static int io_ring_submit(struct io_ring_ctx *ctx, unsigned int to_submit)
1931 struct io_submit_state state, *statep = NULL;
1932 int i, ret = 0, submit = 0;
1934 if (to_submit > IO_PLUG_THRESHOLD) {
1935 io_submit_state_start(&state, ctx, to_submit);
1939 for (i = 0; i < to_submit; i++) {
1940 struct sqe_submit s;
1942 if (!io_get_sqring(ctx, &s))
1946 s.needs_lock = false;
1947 s.needs_fixed_file = false;
1949 ret = io_submit_sqe(ctx, &s, statep);
1951 io_drop_sqring(ctx);
1957 io_commit_sqring(ctx);
1960 io_submit_state_end(statep);
1962 return submit ? submit : ret;
1965 static unsigned io_cqring_events(struct io_cq_ring *ring)
1967 return READ_ONCE(ring->r.tail) - READ_ONCE(ring->r.head);
1971 * Wait until events become available, if we don't already have some. The
1972 * application must reap them itself, as they reside on the shared cq ring.
1974 static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events,
1975 const sigset_t __user *sig, size_t sigsz)
1977 struct io_cq_ring *ring = ctx->cq_ring;
1978 sigset_t ksigmask, sigsaved;
1982 /* See comment at the top of this file */
1984 if (io_cqring_events(ring) >= min_events)
1988 #ifdef CONFIG_COMPAT
1989 if (in_compat_syscall())
1990 ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig,
1991 &ksigmask, &sigsaved, sigsz);
1994 ret = set_user_sigmask(sig, &ksigmask,
2002 prepare_to_wait(&ctx->wait, &wait, TASK_INTERRUPTIBLE);
2005 /* See comment at the top of this file */
2007 if (io_cqring_events(ring) >= min_events)
2013 if (signal_pending(current))
2017 finish_wait(&ctx->wait, &wait);
2020 restore_user_sigmask(sig, &sigsaved);
2022 return READ_ONCE(ring->r.head) == READ_ONCE(ring->r.tail) ? ret : 0;
2025 static void __io_sqe_files_unregister(struct io_ring_ctx *ctx)
2027 #if defined(CONFIG_UNIX)
2028 if (ctx->ring_sock) {
2029 struct sock *sock = ctx->ring_sock->sk;
2030 struct sk_buff *skb;
2032 while ((skb = skb_dequeue(&sock->sk_receive_queue)) != NULL)
2038 for (i = 0; i < ctx->nr_user_files; i++)
2039 fput(ctx->user_files[i]);
2043 static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
2045 if (!ctx->user_files)
2048 __io_sqe_files_unregister(ctx);
2049 kfree(ctx->user_files);
2050 ctx->user_files = NULL;
2051 ctx->nr_user_files = 0;
2055 static void io_sq_thread_stop(struct io_ring_ctx *ctx)
2057 if (ctx->sqo_thread) {
2060 kthread_park(ctx->sqo_thread);
2061 kthread_stop(ctx->sqo_thread);
2062 ctx->sqo_thread = NULL;
2066 static void io_finish_async(struct io_ring_ctx *ctx)
2068 io_sq_thread_stop(ctx);
2071 destroy_workqueue(ctx->sqo_wq);
2076 #if defined(CONFIG_UNIX)
2077 static void io_destruct_skb(struct sk_buff *skb)
2079 struct io_ring_ctx *ctx = skb->sk->sk_user_data;
2081 io_finish_async(ctx);
2082 unix_destruct_scm(skb);
2086 * Ensure the UNIX gc is aware of our file set, so we are certain that
2087 * the io_uring can be safely unregistered on process exit, even if we have
2088 * loops in the file referencing.
2090 static int __io_sqe_files_scm(struct io_ring_ctx *ctx, int nr, int offset)
2092 struct sock *sk = ctx->ring_sock->sk;
2093 struct scm_fp_list *fpl;
2094 struct sk_buff *skb;
2097 if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
2098 unsigned long inflight = ctx->user->unix_inflight + nr;
2100 if (inflight > task_rlimit(current, RLIMIT_NOFILE))
2104 fpl = kzalloc(sizeof(*fpl), GFP_KERNEL);
2108 skb = alloc_skb(0, GFP_KERNEL);
2115 skb->destructor = io_destruct_skb;
2117 fpl->user = get_uid(ctx->user);
2118 for (i = 0; i < nr; i++) {
2119 fpl->fp[i] = get_file(ctx->user_files[i + offset]);
2120 unix_inflight(fpl->user, fpl->fp[i]);
2123 fpl->max = fpl->count = nr;
2124 UNIXCB(skb).fp = fpl;
2125 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
2126 skb_queue_head(&sk->sk_receive_queue, skb);
2128 for (i = 0; i < nr; i++)
2135 * If UNIX sockets are enabled, fd passing can cause a reference cycle which
2136 * causes regular reference counting to break down. We rely on the UNIX
2137 * garbage collection to take care of this problem for us.
2139 static int io_sqe_files_scm(struct io_ring_ctx *ctx)
2141 unsigned left, total;
2145 left = ctx->nr_user_files;
2147 unsigned this_files = min_t(unsigned, left, SCM_MAX_FD);
2150 ret = __io_sqe_files_scm(ctx, this_files, total);
2154 total += this_files;
2160 while (total < ctx->nr_user_files) {
2161 fput(ctx->user_files[total]);
2168 static int io_sqe_files_scm(struct io_ring_ctx *ctx)
2174 static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg,
2177 __s32 __user *fds = (__s32 __user *) arg;
2181 if (ctx->user_files)
2185 if (nr_args > IORING_MAX_FIXED_FILES)
2188 ctx->user_files = kcalloc(nr_args, sizeof(struct file *), GFP_KERNEL);
2189 if (!ctx->user_files)
2192 for (i = 0; i < nr_args; i++) {
2194 if (copy_from_user(&fd, &fds[i], sizeof(fd)))
2197 ctx->user_files[i] = fget(fd);
2200 if (!ctx->user_files[i])
2203 * Don't allow io_uring instances to be registered. If UNIX
2204 * isn't enabled, then this causes a reference cycle and this
2205 * instance can never get freed. If UNIX is enabled we'll
2206 * handle it just fine, but there's still no point in allowing
2207 * a ring fd as it doesn't support regular read/write anyway.
2209 if (ctx->user_files[i]->f_op == &io_uring_fops) {
2210 fput(ctx->user_files[i]);
2213 ctx->nr_user_files++;
2218 for (i = 0; i < ctx->nr_user_files; i++)
2219 fput(ctx->user_files[i]);
2221 kfree(ctx->user_files);
2222 ctx->user_files = NULL;
2223 ctx->nr_user_files = 0;
2227 ret = io_sqe_files_scm(ctx);
2229 io_sqe_files_unregister(ctx);
2234 static int io_sq_offload_start(struct io_ring_ctx *ctx,
2235 struct io_uring_params *p)
2239 init_waitqueue_head(&ctx->sqo_wait);
2240 mmgrab(current->mm);
2241 ctx->sqo_mm = current->mm;
2244 if (!cpu_possible(p->sq_thread_cpu))
2247 if (ctx->flags & IORING_SETUP_SQPOLL) {
2249 if (!capable(CAP_SYS_ADMIN))
2252 ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle);
2253 if (!ctx->sq_thread_idle)
2254 ctx->sq_thread_idle = HZ;
2256 if (p->flags & IORING_SETUP_SQ_AFF) {
2259 cpu = array_index_nospec(p->sq_thread_cpu, NR_CPUS);
2261 if (!cpu_possible(p->sq_thread_cpu))
2264 ctx->sqo_thread = kthread_create_on_cpu(io_sq_thread,
2268 ctx->sqo_thread = kthread_create(io_sq_thread, ctx,
2271 if (IS_ERR(ctx->sqo_thread)) {
2272 ret = PTR_ERR(ctx->sqo_thread);
2273 ctx->sqo_thread = NULL;
2276 wake_up_process(ctx->sqo_thread);
2277 } else if (p->flags & IORING_SETUP_SQ_AFF) {
2278 /* Can't have SQ_AFF without SQPOLL */
2283 /* Do QD, or 2 * CPUS, whatever is smallest */
2284 ctx->sqo_wq = alloc_workqueue("io_ring-wq", WQ_UNBOUND | WQ_FREEZABLE,
2285 min(ctx->sq_entries - 1, 2 * num_online_cpus()));
2293 io_sq_thread_stop(ctx);
2294 mmdrop(ctx->sqo_mm);
2299 static void io_unaccount_mem(struct user_struct *user, unsigned long nr_pages)
2301 atomic_long_sub(nr_pages, &user->locked_vm);
2304 static int io_account_mem(struct user_struct *user, unsigned long nr_pages)
2306 unsigned long page_limit, cur_pages, new_pages;
2308 /* Don't allow more pages than we can safely lock */
2309 page_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
2312 cur_pages = atomic_long_read(&user->locked_vm);
2313 new_pages = cur_pages + nr_pages;
2314 if (new_pages > page_limit)
2316 } while (atomic_long_cmpxchg(&user->locked_vm, cur_pages,
2317 new_pages) != cur_pages);
2322 static void io_mem_free(void *ptr)
2324 struct page *page = virt_to_head_page(ptr);
2326 if (put_page_testzero(page))
2327 free_compound_page(page);
2330 static void *io_mem_alloc(size_t size)
2332 gfp_t gfp_flags = GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_COMP |
2335 return (void *) __get_free_pages(gfp_flags, get_order(size));
2338 static unsigned long ring_pages(unsigned sq_entries, unsigned cq_entries)
2340 struct io_sq_ring *sq_ring;
2341 struct io_cq_ring *cq_ring;
2344 bytes = struct_size(sq_ring, array, sq_entries);
2345 bytes += array_size(sizeof(struct io_uring_sqe), sq_entries);
2346 bytes += struct_size(cq_ring, cqes, cq_entries);
2348 return (bytes + PAGE_SIZE - 1) / PAGE_SIZE;
2351 static int io_sqe_buffer_unregister(struct io_ring_ctx *ctx)
2355 if (!ctx->user_bufs)
2358 for (i = 0; i < ctx->nr_user_bufs; i++) {
2359 struct io_mapped_ubuf *imu = &ctx->user_bufs[i];
2361 for (j = 0; j < imu->nr_bvecs; j++)
2362 put_page(imu->bvec[j].bv_page);
2364 if (ctx->account_mem)
2365 io_unaccount_mem(ctx->user, imu->nr_bvecs);
2370 kfree(ctx->user_bufs);
2371 ctx->user_bufs = NULL;
2372 ctx->nr_user_bufs = 0;
2376 static int io_copy_iov(struct io_ring_ctx *ctx, struct iovec *dst,
2377 void __user *arg, unsigned index)
2379 struct iovec __user *src;
2381 #ifdef CONFIG_COMPAT
2383 struct compat_iovec __user *ciovs;
2384 struct compat_iovec ciov;
2386 ciovs = (struct compat_iovec __user *) arg;
2387 if (copy_from_user(&ciov, &ciovs[index], sizeof(ciov)))
2390 dst->iov_base = (void __user *) (unsigned long) ciov.iov_base;
2391 dst->iov_len = ciov.iov_len;
2395 src = (struct iovec __user *) arg;
2396 if (copy_from_user(dst, &src[index], sizeof(*dst)))
2401 static int io_sqe_buffer_register(struct io_ring_ctx *ctx, void __user *arg,
2404 struct vm_area_struct **vmas = NULL;
2405 struct page **pages = NULL;
2406 int i, j, got_pages = 0;
2411 if (!nr_args || nr_args > UIO_MAXIOV)
2414 ctx->user_bufs = kcalloc(nr_args, sizeof(struct io_mapped_ubuf),
2416 if (!ctx->user_bufs)
2419 for (i = 0; i < nr_args; i++) {
2420 struct io_mapped_ubuf *imu = &ctx->user_bufs[i];
2421 unsigned long off, start, end, ubuf;
2426 ret = io_copy_iov(ctx, &iov, arg, i);
2431 * Don't impose further limits on the size and buffer
2432 * constraints here, we'll -EINVAL later when IO is
2433 * submitted if they are wrong.
2436 if (!iov.iov_base || !iov.iov_len)
2439 /* arbitrary limit, but we need something */
2440 if (iov.iov_len > SZ_1G)
2443 ubuf = (unsigned long) iov.iov_base;
2444 end = (ubuf + iov.iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT;
2445 start = ubuf >> PAGE_SHIFT;
2446 nr_pages = end - start;
2448 if (ctx->account_mem) {
2449 ret = io_account_mem(ctx->user, nr_pages);
2455 if (!pages || nr_pages > got_pages) {
2458 pages = kmalloc_array(nr_pages, sizeof(struct page *),
2460 vmas = kmalloc_array(nr_pages,
2461 sizeof(struct vm_area_struct *),
2463 if (!pages || !vmas) {
2465 if (ctx->account_mem)
2466 io_unaccount_mem(ctx->user, nr_pages);
2469 got_pages = nr_pages;
2472 imu->bvec = kmalloc_array(nr_pages, sizeof(struct bio_vec),
2476 if (ctx->account_mem)
2477 io_unaccount_mem(ctx->user, nr_pages);
2482 down_read(¤t->mm->mmap_sem);
2483 pret = get_user_pages_longterm(ubuf, nr_pages, FOLL_WRITE,
2485 if (pret == nr_pages) {
2486 /* don't support file backed memory */
2487 for (j = 0; j < nr_pages; j++) {
2488 struct vm_area_struct *vma = vmas[j];
2491 !is_file_hugepages(vma->vm_file)) {
2497 ret = pret < 0 ? pret : -EFAULT;
2499 up_read(¤t->mm->mmap_sem);
2502 * if we did partial map, or found file backed vmas,
2503 * release any pages we did get
2506 for (j = 0; j < pret; j++)
2509 if (ctx->account_mem)
2510 io_unaccount_mem(ctx->user, nr_pages);
2514 off = ubuf & ~PAGE_MASK;
2516 for (j = 0; j < nr_pages; j++) {
2519 vec_len = min_t(size_t, size, PAGE_SIZE - off);
2520 imu->bvec[j].bv_page = pages[j];
2521 imu->bvec[j].bv_len = vec_len;
2522 imu->bvec[j].bv_offset = off;
2526 /* store original address for later verification */
2528 imu->len = iov.iov_len;
2529 imu->nr_bvecs = nr_pages;
2531 ctx->nr_user_bufs++;
2539 io_sqe_buffer_unregister(ctx);
2543 static void io_ring_ctx_free(struct io_ring_ctx *ctx)
2545 io_finish_async(ctx);
2547 mmdrop(ctx->sqo_mm);
2549 io_iopoll_reap_events(ctx);
2550 io_sqe_buffer_unregister(ctx);
2551 io_sqe_files_unregister(ctx);
2553 #if defined(CONFIG_UNIX)
2555 sock_release(ctx->ring_sock);
2558 io_mem_free(ctx->sq_ring);
2559 io_mem_free(ctx->sq_sqes);
2560 io_mem_free(ctx->cq_ring);
2562 percpu_ref_exit(&ctx->refs);
2563 if (ctx->account_mem)
2564 io_unaccount_mem(ctx->user,
2565 ring_pages(ctx->sq_entries, ctx->cq_entries));
2566 free_uid(ctx->user);
2570 static __poll_t io_uring_poll(struct file *file, poll_table *wait)
2572 struct io_ring_ctx *ctx = file->private_data;
2575 poll_wait(file, &ctx->cq_wait, wait);
2576 /* See comment at the top of this file */
2578 if (READ_ONCE(ctx->sq_ring->r.tail) - ctx->cached_sq_head !=
2579 ctx->sq_ring->ring_entries)
2580 mask |= EPOLLOUT | EPOLLWRNORM;
2581 if (READ_ONCE(ctx->cq_ring->r.head) != ctx->cached_cq_tail)
2582 mask |= EPOLLIN | EPOLLRDNORM;
2587 static int io_uring_fasync(int fd, struct file *file, int on)
2589 struct io_ring_ctx *ctx = file->private_data;
2591 return fasync_helper(fd, file, on, &ctx->cq_fasync);
2594 static void io_ring_ctx_wait_and_kill(struct io_ring_ctx *ctx)
2596 mutex_lock(&ctx->uring_lock);
2597 percpu_ref_kill(&ctx->refs);
2598 mutex_unlock(&ctx->uring_lock);
2600 io_poll_remove_all(ctx);
2601 io_iopoll_reap_events(ctx);
2602 wait_for_completion(&ctx->ctx_done);
2603 io_ring_ctx_free(ctx);
2606 static int io_uring_release(struct inode *inode, struct file *file)
2608 struct io_ring_ctx *ctx = file->private_data;
2610 file->private_data = NULL;
2611 io_ring_ctx_wait_and_kill(ctx);
2615 static int io_uring_mmap(struct file *file, struct vm_area_struct *vma)
2617 loff_t offset = (loff_t) vma->vm_pgoff << PAGE_SHIFT;
2618 unsigned long sz = vma->vm_end - vma->vm_start;
2619 struct io_ring_ctx *ctx = file->private_data;
2625 case IORING_OFF_SQ_RING:
2628 case IORING_OFF_SQES:
2631 case IORING_OFF_CQ_RING:
2638 page = virt_to_head_page(ptr);
2639 if (sz > (PAGE_SIZE << compound_order(page)))
2642 pfn = virt_to_phys(ptr) >> PAGE_SHIFT;
2643 return remap_pfn_range(vma, vma->vm_start, pfn, sz, vma->vm_page_prot);
2646 SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
2647 u32, min_complete, u32, flags, const sigset_t __user *, sig,
2650 struct io_ring_ctx *ctx;
2655 if (flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP))
2663 if (f.file->f_op != &io_uring_fops)
2667 ctx = f.file->private_data;
2668 if (!percpu_ref_tryget(&ctx->refs))
2672 * For SQ polling, the thread will do all submissions and completions.
2673 * Just return the requested submit count, and wake the thread if
2676 if (ctx->flags & IORING_SETUP_SQPOLL) {
2677 if (flags & IORING_ENTER_SQ_WAKEUP)
2678 wake_up(&ctx->sqo_wait);
2679 submitted = to_submit;
2685 to_submit = min(to_submit, ctx->sq_entries);
2687 mutex_lock(&ctx->uring_lock);
2688 submitted = io_ring_submit(ctx, to_submit);
2689 mutex_unlock(&ctx->uring_lock);
2694 if (flags & IORING_ENTER_GETEVENTS) {
2695 unsigned nr_events = 0;
2697 min_complete = min(min_complete, ctx->cq_entries);
2700 * The application could have included the 'to_submit' count
2701 * in how many events it wanted to wait for. If we failed to
2702 * submit the desired count, we may need to adjust the number
2703 * of events to poll/wait for.
2705 if (submitted < to_submit)
2706 min_complete = min_t(unsigned, submitted, min_complete);
2708 if (ctx->flags & IORING_SETUP_IOPOLL) {
2709 mutex_lock(&ctx->uring_lock);
2710 ret = io_iopoll_check(ctx, &nr_events, min_complete);
2711 mutex_unlock(&ctx->uring_lock);
2713 ret = io_cqring_wait(ctx, min_complete, sig, sigsz);
2718 io_ring_drop_ctx_refs(ctx, 1);
2721 return submitted ? submitted : ret;
2724 static const struct file_operations io_uring_fops = {
2725 .release = io_uring_release,
2726 .mmap = io_uring_mmap,
2727 .poll = io_uring_poll,
2728 .fasync = io_uring_fasync,
2731 static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
2732 struct io_uring_params *p)
2734 struct io_sq_ring *sq_ring;
2735 struct io_cq_ring *cq_ring;
2738 sq_ring = io_mem_alloc(struct_size(sq_ring, array, p->sq_entries));
2742 ctx->sq_ring = sq_ring;
2743 sq_ring->ring_mask = p->sq_entries - 1;
2744 sq_ring->ring_entries = p->sq_entries;
2745 ctx->sq_mask = sq_ring->ring_mask;
2746 ctx->sq_entries = sq_ring->ring_entries;
2748 size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
2749 if (size == SIZE_MAX)
2752 ctx->sq_sqes = io_mem_alloc(size);
2753 if (!ctx->sq_sqes) {
2754 io_mem_free(ctx->sq_ring);
2758 cq_ring = io_mem_alloc(struct_size(cq_ring, cqes, p->cq_entries));
2760 io_mem_free(ctx->sq_ring);
2761 io_mem_free(ctx->sq_sqes);
2765 ctx->cq_ring = cq_ring;
2766 cq_ring->ring_mask = p->cq_entries - 1;
2767 cq_ring->ring_entries = p->cq_entries;
2768 ctx->cq_mask = cq_ring->ring_mask;
2769 ctx->cq_entries = cq_ring->ring_entries;
2774 * Allocate an anonymous fd, this is what constitutes the application
2775 * visible backing of an io_uring instance. The application mmaps this
2776 * fd to gain access to the SQ/CQ ring details. If UNIX sockets are enabled,
2777 * we have to tie this fd to a socket for file garbage collection purposes.
2779 static int io_uring_get_fd(struct io_ring_ctx *ctx)
2784 #if defined(CONFIG_UNIX)
2785 ret = sock_create_kern(&init_net, PF_UNIX, SOCK_RAW, IPPROTO_IP,
2791 ret = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
2795 file = anon_inode_getfile("[io_uring]", &io_uring_fops, ctx,
2796 O_RDWR | O_CLOEXEC);
2799 ret = PTR_ERR(file);
2803 #if defined(CONFIG_UNIX)
2804 ctx->ring_sock->file = file;
2805 ctx->ring_sock->sk->sk_user_data = ctx;
2807 fd_install(ret, file);
2810 #if defined(CONFIG_UNIX)
2811 sock_release(ctx->ring_sock);
2812 ctx->ring_sock = NULL;
2817 static int io_uring_create(unsigned entries, struct io_uring_params *p)
2819 struct user_struct *user = NULL;
2820 struct io_ring_ctx *ctx;
2824 if (!entries || entries > IORING_MAX_ENTRIES)
2828 * Use twice as many entries for the CQ ring. It's possible for the
2829 * application to drive a higher depth than the size of the SQ ring,
2830 * since the sqes are only used at submission time. This allows for
2831 * some flexibility in overcommitting a bit.
2833 p->sq_entries = roundup_pow_of_two(entries);
2834 p->cq_entries = 2 * p->sq_entries;
2836 user = get_uid(current_user());
2837 account_mem = !capable(CAP_IPC_LOCK);
2840 ret = io_account_mem(user,
2841 ring_pages(p->sq_entries, p->cq_entries));
2848 ctx = io_ring_ctx_alloc(p);
2851 io_unaccount_mem(user, ring_pages(p->sq_entries,
2856 ctx->compat = in_compat_syscall();
2857 ctx->account_mem = account_mem;
2860 ret = io_allocate_scq_urings(ctx, p);
2864 ret = io_sq_offload_start(ctx, p);
2868 ret = io_uring_get_fd(ctx);
2872 memset(&p->sq_off, 0, sizeof(p->sq_off));
2873 p->sq_off.head = offsetof(struct io_sq_ring, r.head);
2874 p->sq_off.tail = offsetof(struct io_sq_ring, r.tail);
2875 p->sq_off.ring_mask = offsetof(struct io_sq_ring, ring_mask);
2876 p->sq_off.ring_entries = offsetof(struct io_sq_ring, ring_entries);
2877 p->sq_off.flags = offsetof(struct io_sq_ring, flags);
2878 p->sq_off.dropped = offsetof(struct io_sq_ring, dropped);
2879 p->sq_off.array = offsetof(struct io_sq_ring, array);
2881 memset(&p->cq_off, 0, sizeof(p->cq_off));
2882 p->cq_off.head = offsetof(struct io_cq_ring, r.head);
2883 p->cq_off.tail = offsetof(struct io_cq_ring, r.tail);
2884 p->cq_off.ring_mask = offsetof(struct io_cq_ring, ring_mask);
2885 p->cq_off.ring_entries = offsetof(struct io_cq_ring, ring_entries);
2886 p->cq_off.overflow = offsetof(struct io_cq_ring, overflow);
2887 p->cq_off.cqes = offsetof(struct io_cq_ring, cqes);
2890 io_ring_ctx_wait_and_kill(ctx);
2895 * Sets up an aio uring context, and returns the fd. Applications asks for a
2896 * ring size, we return the actual sq/cq ring sizes (among other things) in the
2897 * params structure passed in.
2899 static long io_uring_setup(u32 entries, struct io_uring_params __user *params)
2901 struct io_uring_params p;
2905 if (copy_from_user(&p, params, sizeof(p)))
2907 for (i = 0; i < ARRAY_SIZE(p.resv); i++) {
2912 if (p.flags & ~(IORING_SETUP_IOPOLL | IORING_SETUP_SQPOLL |
2913 IORING_SETUP_SQ_AFF))
2916 ret = io_uring_create(entries, &p);
2920 if (copy_to_user(params, &p, sizeof(p)))
2926 SYSCALL_DEFINE2(io_uring_setup, u32, entries,
2927 struct io_uring_params __user *, params)
2929 return io_uring_setup(entries, params);
2932 static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
2933 void __user *arg, unsigned nr_args)
2934 __releases(ctx->uring_lock)
2935 __acquires(ctx->uring_lock)
2940 * We're inside the ring mutex, if the ref is already dying, then
2941 * someone else killed the ctx or is already going through
2942 * io_uring_register().
2944 if (percpu_ref_is_dying(&ctx->refs))
2947 percpu_ref_kill(&ctx->refs);
2950 * Drop uring mutex before waiting for references to exit. If another
2951 * thread is currently inside io_uring_enter() it might need to grab
2952 * the uring_lock to make progress. If we hold it here across the drain
2953 * wait, then we can deadlock. It's safe to drop the mutex here, since
2954 * no new references will come in after we've killed the percpu ref.
2956 mutex_unlock(&ctx->uring_lock);
2957 wait_for_completion(&ctx->ctx_done);
2958 mutex_lock(&ctx->uring_lock);
2961 case IORING_REGISTER_BUFFERS:
2962 ret = io_sqe_buffer_register(ctx, arg, nr_args);
2964 case IORING_UNREGISTER_BUFFERS:
2968 ret = io_sqe_buffer_unregister(ctx);
2970 case IORING_REGISTER_FILES:
2971 ret = io_sqe_files_register(ctx, arg, nr_args);
2973 case IORING_UNREGISTER_FILES:
2977 ret = io_sqe_files_unregister(ctx);
2984 /* bring the ctx back to life */
2985 reinit_completion(&ctx->ctx_done);
2986 percpu_ref_reinit(&ctx->refs);
2990 SYSCALL_DEFINE4(io_uring_register, unsigned int, fd, unsigned int, opcode,
2991 void __user *, arg, unsigned int, nr_args)
2993 struct io_ring_ctx *ctx;
3002 if (f.file->f_op != &io_uring_fops)
3005 ctx = f.file->private_data;
3007 mutex_lock(&ctx->uring_lock);
3008 ret = __io_uring_register(ctx, opcode, arg, nr_args);
3009 mutex_unlock(&ctx->uring_lock);
3015 static int __init io_uring_init(void)
3017 req_cachep = KMEM_CACHE(io_kiocb, SLAB_HWCACHE_ALIGN | SLAB_PANIC);
3020 __initcall(io_uring_init);
git.samba.org / sfrench / cifs-2.6.git / blob