1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Contains the core associated with submission side polling of the SQ
4  * ring, offloading submissions from the application to a kernel thread.
5  */
6 #include <linux/kernel.h>
7 #include <linux/errno.h>
8 #include <linux/file.h>
9 #include <linux/mm.h>
10 #include <linux/slab.h>
11 #include <linux/audit.h>
12 #include <linux/security.h>
13 #include <linux/cpuset.h>
14 #include <linux/io_uring.h>
15 
16 #include <uapi/linux/io_uring.h>
17 
18 #include "io_uring.h"
19 #include "napi.h"
20 #include "sqpoll.h"
21 
22 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8
23 #define IORING_TW_CAP_ENTRIES_VALUE	8
24 
25 enum {
26 	IO_SQ_THREAD_SHOULD_STOP = 0,
27 	IO_SQ_THREAD_SHOULD_PARK,
28 };
29 
io_sq_thread_unpark(struct io_sq_data * sqd)30 void io_sq_thread_unpark(struct io_sq_data *sqd)
31 	__releases(&sqd->lock)
32 {
33 	WARN_ON_ONCE(sqd->thread == current);
34 
35 	/*
36 	 * Do the dance but not conditional clear_bit() because it'd race with
37 	 * other threads incrementing park_pending and setting the bit.
38 	 */
39 	clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
40 	if (atomic_dec_return(&sqd->park_pending))
41 		set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
42 	mutex_unlock(&sqd->lock);
43 }
44 
io_sq_thread_park(struct io_sq_data * sqd)45 void io_sq_thread_park(struct io_sq_data *sqd)
46 	__acquires(&sqd->lock)
47 {
48 	WARN_ON_ONCE(data_race(sqd->thread) == current);
49 
50 	atomic_inc(&sqd->park_pending);
51 	set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
52 	mutex_lock(&sqd->lock);
53 	if (sqd->thread)
54 		wake_up_process(sqd->thread);
55 }
56 
io_sq_thread_stop(struct io_sq_data * sqd)57 void io_sq_thread_stop(struct io_sq_data *sqd)
58 {
59 	WARN_ON_ONCE(sqd->thread == current);
60 	WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state));
61 
62 	set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
63 	mutex_lock(&sqd->lock);
64 	if (sqd->thread)
65 		wake_up_process(sqd->thread);
66 	mutex_unlock(&sqd->lock);
67 	wait_for_completion(&sqd->exited);
68 }
69 
io_put_sq_data(struct io_sq_data * sqd)70 void io_put_sq_data(struct io_sq_data *sqd)
71 {
72 	if (refcount_dec_and_test(&sqd->refs)) {
73 		WARN_ON_ONCE(atomic_read(&sqd->park_pending));
74 
75 		io_sq_thread_stop(sqd);
76 		kfree(sqd);
77 	}
78 }
79 
io_sqd_update_thread_idle(struct io_sq_data * sqd)80 static __cold void io_sqd_update_thread_idle(struct io_sq_data *sqd)
81 {
82 	struct io_ring_ctx *ctx;
83 	unsigned sq_thread_idle = 0;
84 
85 	list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
86 		sq_thread_idle = max(sq_thread_idle, ctx->sq_thread_idle);
87 	sqd->sq_thread_idle = sq_thread_idle;
88 }
89 
io_sq_thread_finish(struct io_ring_ctx * ctx)90 void io_sq_thread_finish(struct io_ring_ctx *ctx)
91 {
92 	struct io_sq_data *sqd = ctx->sq_data;
93 
94 	if (sqd) {
95 		io_sq_thread_park(sqd);
96 		list_del_init(&ctx->sqd_list);
97 		io_sqd_update_thread_idle(sqd);
98 		io_sq_thread_unpark(sqd);
99 
100 		io_put_sq_data(sqd);
101 		ctx->sq_data = NULL;
102 	}
103 }
104 
io_attach_sq_data(struct io_uring_params * p)105 static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p)
106 {
107 	struct io_ring_ctx *ctx_attach;
108 	struct io_sq_data *sqd;
109 	struct fd f;
110 
111 	f = fdget(p->wq_fd);
112 	if (!fd_file(f))
113 		return ERR_PTR(-ENXIO);
114 	if (!io_is_uring_fops(fd_file(f))) {
115 		fdput(f);
116 		return ERR_PTR(-EINVAL);
117 	}
118 
119 	ctx_attach = fd_file(f)->private_data;
120 	sqd = ctx_attach->sq_data;
121 	if (!sqd) {
122 		fdput(f);
123 		return ERR_PTR(-EINVAL);
124 	}
125 	if (sqd->task_tgid != current->tgid) {
126 		fdput(f);
127 		return ERR_PTR(-EPERM);
128 	}
129 
130 	refcount_inc(&sqd->refs);
131 	fdput(f);
132 	return sqd;
133 }
134 
io_get_sq_data(struct io_uring_params * p,bool * attached)135 static struct io_sq_data *io_get_sq_data(struct io_uring_params *p,
136 					 bool *attached)
137 {
138 	struct io_sq_data *sqd;
139 
140 	*attached = false;
141 	if (p->flags & IORING_SETUP_ATTACH_WQ) {
142 		sqd = io_attach_sq_data(p);
143 		if (!IS_ERR(sqd)) {
144 			*attached = true;
145 			return sqd;
146 		}
147 		/* fall through for EPERM case, setup new sqd/task */
148 		if (PTR_ERR(sqd) != -EPERM)
149 			return sqd;
150 	}
151 
152 	sqd = kzalloc(sizeof(*sqd), GFP_KERNEL);
153 	if (!sqd)
154 		return ERR_PTR(-ENOMEM);
155 
156 	atomic_set(&sqd->park_pending, 0);
157 	refcount_set(&sqd->refs, 1);
158 	INIT_LIST_HEAD(&sqd->ctx_list);
159 	mutex_init(&sqd->lock);
160 	init_waitqueue_head(&sqd->wait);
161 	init_completion(&sqd->exited);
162 	return sqd;
163 }
164 
io_sqd_events_pending(struct io_sq_data * sqd)165 static inline bool io_sqd_events_pending(struct io_sq_data *sqd)
166 {
167 	return READ_ONCE(sqd->state);
168 }
169 
__io_sq_thread(struct io_ring_ctx * ctx,bool cap_entries)170 static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
171 {
172 	unsigned int to_submit;
173 	int ret = 0;
174 
175 	to_submit = io_sqring_entries(ctx);
176 	/* if we're handling multiple rings, cap submit size for fairness */
177 	if (cap_entries && to_submit > IORING_SQPOLL_CAP_ENTRIES_VALUE)
178 		to_submit = IORING_SQPOLL_CAP_ENTRIES_VALUE;
179 
180 	if (to_submit || !wq_list_empty(&ctx->iopoll_list)) {
181 		const struct cred *creds = NULL;
182 
183 		if (ctx->sq_creds != current_cred())
184 			creds = override_creds(ctx->sq_creds);
185 
186 		mutex_lock(&ctx->uring_lock);
187 		if (!wq_list_empty(&ctx->iopoll_list))
188 			io_do_iopoll(ctx, true);
189 
190 		/*
191 		 * Don't submit if refs are dying, good for io_uring_register(),
192 		 * but also it is relied upon by io_ring_exit_work()
193 		 */
194 		if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs)) &&
195 		    !(ctx->flags & IORING_SETUP_R_DISABLED))
196 			ret = io_submit_sqes(ctx, to_submit);
197 		mutex_unlock(&ctx->uring_lock);
198 
199 		if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
200 			wake_up(&ctx->sqo_sq_wait);
201 		if (creds)
202 			revert_creds(creds);
203 	}
204 
205 	return ret;
206 }
207 
io_sqd_handle_event(struct io_sq_data * sqd)208 static bool io_sqd_handle_event(struct io_sq_data *sqd)
209 {
210 	bool did_sig = false;
211 	struct ksignal ksig;
212 
213 	if (test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state) ||
214 	    signal_pending(current)) {
215 		mutex_unlock(&sqd->lock);
216 		if (signal_pending(current))
217 			did_sig = get_signal(&ksig);
218 		cond_resched();
219 		mutex_lock(&sqd->lock);
220 		sqd->sq_cpu = raw_smp_processor_id();
221 	}
222 	return did_sig || test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
223 }
224 
225 /*
226  * Run task_work, processing the retry_list first. The retry_list holds
227  * entries that we passed on in the previous run, if we had more task_work
228  * than we were asked to process. Newly queued task_work isn't run until the
229  * retry list has been fully processed.
230  */
io_sq_tw(struct llist_node ** retry_list,int max_entries)231 static unsigned int io_sq_tw(struct llist_node **retry_list, int max_entries)
232 {
233 	struct io_uring_task *tctx = current->io_uring;
234 	unsigned int count = 0;
235 
236 	if (*retry_list) {
237 		*retry_list = io_handle_tw_list(*retry_list, &count, max_entries);
238 		if (count >= max_entries)
239 			goto out;
240 		max_entries -= count;
241 	}
242 	*retry_list = tctx_task_work_run(tctx, max_entries, &count);
243 out:
244 	if (task_work_pending(current))
245 		task_work_run();
246 	return count;
247 }
248 
io_sq_tw_pending(struct llist_node * retry_list)249 static bool io_sq_tw_pending(struct llist_node *retry_list)
250 {
251 	struct io_uring_task *tctx = current->io_uring;
252 
253 	return retry_list || !llist_empty(&tctx->task_list);
254 }
255 
io_sq_update_worktime(struct io_sq_data * sqd,struct rusage * start)256 static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start)
257 {
258 	struct rusage end;
259 
260 	getrusage(current, RUSAGE_SELF, &end);
261 	end.ru_stime.tv_sec -= start->ru_stime.tv_sec;
262 	end.ru_stime.tv_usec -= start->ru_stime.tv_usec;
263 
264 	sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000;
265 }
266 
io_sq_thread(void * data)267 static int io_sq_thread(void *data)
268 {
269 	struct llist_node *retry_list = NULL;
270 	struct io_sq_data *sqd = data;
271 	struct io_ring_ctx *ctx;
272 	struct rusage start;
273 	unsigned long timeout = 0;
274 	char buf[TASK_COMM_LEN];
275 	DEFINE_WAIT(wait);
276 
277 	/* offload context creation failed, just exit */
278 	if (!current->io_uring)
279 		goto err_out;
280 
281 	snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid);
282 	set_task_comm(current, buf);
283 
284 	/* reset to our pid after we've set task_comm, for fdinfo */
285 	sqd->task_pid = current->pid;
286 
287 	if (sqd->sq_cpu != -1) {
288 		set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu));
289 	} else {
290 		set_cpus_allowed_ptr(current, cpu_online_mask);
291 		sqd->sq_cpu = raw_smp_processor_id();
292 	}
293 
294 	/*
295 	 * Force audit context to get setup, in case we do prep side async
296 	 * operations that would trigger an audit call before any issue side
297 	 * audit has been done.
298 	 */
299 	audit_uring_entry(IORING_OP_NOP);
300 	audit_uring_exit(true, 0);
301 
302 	mutex_lock(&sqd->lock);
303 	while (1) {
304 		bool cap_entries, sqt_spin = false;
305 
306 		if (io_sqd_events_pending(sqd) || signal_pending(current)) {
307 			if (io_sqd_handle_event(sqd))
308 				break;
309 			timeout = jiffies + sqd->sq_thread_idle;
310 		}
311 
312 		cap_entries = !list_is_singular(&sqd->ctx_list);
313 		getrusage(current, RUSAGE_SELF, &start);
314 		list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
315 			int ret = __io_sq_thread(ctx, cap_entries);
316 
317 			if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list)))
318 				sqt_spin = true;
319 		}
320 		if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE))
321 			sqt_spin = true;
322 
323 		list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
324 			if (io_napi(ctx))
325 				io_napi_sqpoll_busy_poll(ctx);
326 
327 		if (sqt_spin || !time_after(jiffies, timeout)) {
328 			if (sqt_spin) {
329 				io_sq_update_worktime(sqd, &start);
330 				timeout = jiffies + sqd->sq_thread_idle;
331 			}
332 			if (unlikely(need_resched())) {
333 				mutex_unlock(&sqd->lock);
334 				cond_resched();
335 				mutex_lock(&sqd->lock);
336 				sqd->sq_cpu = raw_smp_processor_id();
337 			}
338 			continue;
339 		}
340 
341 		prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE);
342 		if (!io_sqd_events_pending(sqd) && !io_sq_tw_pending(retry_list)) {
343 			bool needs_sched = true;
344 
345 			list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
346 				atomic_or(IORING_SQ_NEED_WAKEUP,
347 						&ctx->rings->sq_flags);
348 				if ((ctx->flags & IORING_SETUP_IOPOLL) &&
349 				    !wq_list_empty(&ctx->iopoll_list)) {
350 					needs_sched = false;
351 					break;
352 				}
353 
354 				/*
355 				 * Ensure the store of the wakeup flag is not
356 				 * reordered with the load of the SQ tail
357 				 */
358 				smp_mb__after_atomic();
359 
360 				if (io_sqring_entries(ctx)) {
361 					needs_sched = false;
362 					break;
363 				}
364 			}
365 
366 			if (needs_sched) {
367 				mutex_unlock(&sqd->lock);
368 				schedule();
369 				mutex_lock(&sqd->lock);
370 				sqd->sq_cpu = raw_smp_processor_id();
371 			}
372 			list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
373 				atomic_andnot(IORING_SQ_NEED_WAKEUP,
374 						&ctx->rings->sq_flags);
375 		}
376 
377 		finish_wait(&sqd->wait, &wait);
378 		timeout = jiffies + sqd->sq_thread_idle;
379 	}
380 
381 	if (retry_list)
382 		io_sq_tw(&retry_list, UINT_MAX);
383 
384 	io_uring_cancel_generic(true, sqd);
385 	sqd->thread = NULL;
386 	list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
387 		atomic_or(IORING_SQ_NEED_WAKEUP, &ctx->rings->sq_flags);
388 	io_run_task_work();
389 	mutex_unlock(&sqd->lock);
390 err_out:
391 	complete(&sqd->exited);
392 	do_exit(0);
393 }
394 
io_sqpoll_wait_sq(struct io_ring_ctx * ctx)395 void io_sqpoll_wait_sq(struct io_ring_ctx *ctx)
396 {
397 	DEFINE_WAIT(wait);
398 
399 	do {
400 		if (!io_sqring_full(ctx))
401 			break;
402 		prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE);
403 
404 		if (!io_sqring_full(ctx))
405 			break;
406 		schedule();
407 	} while (!signal_pending(current));
408 
409 	finish_wait(&ctx->sqo_sq_wait, &wait);
410 }
411 
io_sq_offload_create(struct io_ring_ctx * ctx,struct io_uring_params * p)412 __cold int io_sq_offload_create(struct io_ring_ctx *ctx,
413 				struct io_uring_params *p)
414 {
415 	int ret;
416 
417 	/* Retain compatibility with failing for an invalid attach attempt */
418 	if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) ==
419 				IORING_SETUP_ATTACH_WQ) {
420 		struct fd f;
421 
422 		f = fdget(p->wq_fd);
423 		if (!fd_file(f))
424 			return -ENXIO;
425 		if (!io_is_uring_fops(fd_file(f))) {
426 			fdput(f);
427 			return -EINVAL;
428 		}
429 		fdput(f);
430 	}
431 	if (ctx->flags & IORING_SETUP_SQPOLL) {
432 		struct task_struct *tsk;
433 		struct io_sq_data *sqd;
434 		bool attached;
435 
436 		ret = security_uring_sqpoll();
437 		if (ret)
438 			return ret;
439 
440 		sqd = io_get_sq_data(p, &attached);
441 		if (IS_ERR(sqd)) {
442 			ret = PTR_ERR(sqd);
443 			goto err;
444 		}
445 
446 		ctx->sq_creds = get_current_cred();
447 		ctx->sq_data = sqd;
448 		ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle);
449 		if (!ctx->sq_thread_idle)
450 			ctx->sq_thread_idle = HZ;
451 
452 		io_sq_thread_park(sqd);
453 		list_add(&ctx->sqd_list, &sqd->ctx_list);
454 		io_sqd_update_thread_idle(sqd);
455 		/* don't attach to a dying SQPOLL thread, would be racy */
456 		ret = (attached && !sqd->thread) ? -ENXIO : 0;
457 		io_sq_thread_unpark(sqd);
458 
459 		if (ret < 0)
460 			goto err;
461 		if (attached)
462 			return 0;
463 
464 		if (p->flags & IORING_SETUP_SQ_AFF) {
465 			cpumask_var_t allowed_mask;
466 			int cpu = p->sq_thread_cpu;
467 
468 			ret = -EINVAL;
469 			if (cpu >= nr_cpu_ids || !cpu_online(cpu))
470 				goto err_sqpoll;
471 			ret = -ENOMEM;
472 			if (!alloc_cpumask_var(&allowed_mask, GFP_KERNEL))
473 				goto err_sqpoll;
474 			ret = -EINVAL;
475 			cpuset_cpus_allowed(current, allowed_mask);
476 			if (!cpumask_test_cpu(cpu, allowed_mask)) {
477 				free_cpumask_var(allowed_mask);
478 				goto err_sqpoll;
479 			}
480 			free_cpumask_var(allowed_mask);
481 			sqd->sq_cpu = cpu;
482 		} else {
483 			sqd->sq_cpu = -1;
484 		}
485 
486 		sqd->task_pid = current->pid;
487 		sqd->task_tgid = current->tgid;
488 		tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE);
489 		if (IS_ERR(tsk)) {
490 			ret = PTR_ERR(tsk);
491 			goto err_sqpoll;
492 		}
493 
494 		sqd->thread = tsk;
495 		ret = io_uring_alloc_task_context(tsk, ctx);
496 		wake_up_new_task(tsk);
497 		if (ret)
498 			goto err;
499 	} else if (p->flags & IORING_SETUP_SQ_AFF) {
500 		/* Can't have SQ_AFF without SQPOLL */
501 		ret = -EINVAL;
502 		goto err;
503 	}
504 
505 	return 0;
506 err_sqpoll:
507 	complete(&ctx->sq_data->exited);
508 err:
509 	io_sq_thread_finish(ctx);
510 	return ret;
511 }
512 
io_sqpoll_wq_cpu_affinity(struct io_ring_ctx * ctx,cpumask_var_t mask)513 __cold int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx,
514 				     cpumask_var_t mask)
515 {
516 	struct io_sq_data *sqd = ctx->sq_data;
517 	int ret = -EINVAL;
518 
519 	if (sqd) {
520 		io_sq_thread_park(sqd);
521 		/* Don't set affinity for a dying thread */
522 		if (sqd->thread)
523 			ret = io_wq_cpu_affinity(sqd->thread->io_uring, mask);
524 		io_sq_thread_unpark(sqd);
525 	}
526 
527 	return ret;
528 }
529