1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Contains the core associated with submission side polling of the SQ
4 * ring, offloading submissions from the application to a kernel thread.
5 */
6 #include <linux/kernel.h>
7 #include <linux/errno.h>
8 #include <linux/file.h>
9 #include <linux/mm.h>
10 #include <linux/slab.h>
11 #include <linux/audit.h>
12 #include <linux/security.h>
13 #include <linux/cpuset.h>
14 #include <linux/io_uring.h>
15
16 #include <uapi/linux/io_uring.h>
17
18 #include "io_uring.h"
19 #include "napi.h"
20 #include "sqpoll.h"
21
22 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8
23 #define IORING_TW_CAP_ENTRIES_VALUE 8
24
25 enum {
26 IO_SQ_THREAD_SHOULD_STOP = 0,
27 IO_SQ_THREAD_SHOULD_PARK,
28 };
29
io_sq_thread_unpark(struct io_sq_data * sqd)30 void io_sq_thread_unpark(struct io_sq_data *sqd)
31 __releases(&sqd->lock)
32 {
33 WARN_ON_ONCE(sqd->thread == current);
34
35 /*
36 * Do the dance but not conditional clear_bit() because it'd race with
37 * other threads incrementing park_pending and setting the bit.
38 */
39 clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
40 if (atomic_dec_return(&sqd->park_pending))
41 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
42 mutex_unlock(&sqd->lock);
43 wake_up(&sqd->wait);
44 }
45
io_sq_thread_park(struct io_sq_data * sqd)46 void io_sq_thread_park(struct io_sq_data *sqd)
47 __acquires(&sqd->lock)
48 {
49 WARN_ON_ONCE(data_race(sqd->thread) == current);
50
51 atomic_inc(&sqd->park_pending);
52 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
53 mutex_lock(&sqd->lock);
54 if (sqd->thread)
55 wake_up_process(sqd->thread);
56 }
57
io_sq_thread_stop(struct io_sq_data * sqd)58 void io_sq_thread_stop(struct io_sq_data *sqd)
59 {
60 WARN_ON_ONCE(sqd->thread == current);
61 WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state));
62
63 set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
64 mutex_lock(&sqd->lock);
65 if (sqd->thread)
66 wake_up_process(sqd->thread);
67 mutex_unlock(&sqd->lock);
68 wait_for_completion(&sqd->exited);
69 }
70
io_put_sq_data(struct io_sq_data * sqd)71 void io_put_sq_data(struct io_sq_data *sqd)
72 {
73 if (refcount_dec_and_test(&sqd->refs)) {
74 WARN_ON_ONCE(atomic_read(&sqd->park_pending));
75
76 io_sq_thread_stop(sqd);
77 kfree(sqd);
78 }
79 }
80
io_sqd_update_thread_idle(struct io_sq_data * sqd)81 static __cold void io_sqd_update_thread_idle(struct io_sq_data *sqd)
82 {
83 struct io_ring_ctx *ctx;
84 unsigned sq_thread_idle = 0;
85
86 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
87 sq_thread_idle = max(sq_thread_idle, ctx->sq_thread_idle);
88 sqd->sq_thread_idle = sq_thread_idle;
89 }
90
io_sq_thread_finish(struct io_ring_ctx * ctx)91 void io_sq_thread_finish(struct io_ring_ctx *ctx)
92 {
93 struct io_sq_data *sqd = ctx->sq_data;
94
95 if (sqd) {
96 io_sq_thread_park(sqd);
97 list_del_init(&ctx->sqd_list);
98 io_sqd_update_thread_idle(sqd);
99 io_sq_thread_unpark(sqd);
100
101 io_put_sq_data(sqd);
102 ctx->sq_data = NULL;
103 }
104 }
105
io_attach_sq_data(struct io_uring_params * p)106 static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p)
107 {
108 struct io_ring_ctx *ctx_attach;
109 struct io_sq_data *sqd;
110 CLASS(fd, f)(p->wq_fd);
111
112 if (fd_empty(f))
113 return ERR_PTR(-ENXIO);
114 if (!io_is_uring_fops(fd_file(f)))
115 return ERR_PTR(-EINVAL);
116
117 ctx_attach = fd_file(f)->private_data;
118 sqd = ctx_attach->sq_data;
119 if (!sqd)
120 return ERR_PTR(-EINVAL);
121 if (sqd->task_tgid != current->tgid)
122 return ERR_PTR(-EPERM);
123
124 refcount_inc(&sqd->refs);
125 return sqd;
126 }
127
io_get_sq_data(struct io_uring_params * p,bool * attached)128 static struct io_sq_data *io_get_sq_data(struct io_uring_params *p,
129 bool *attached)
130 {
131 struct io_sq_data *sqd;
132
133 *attached = false;
134 if (p->flags & IORING_SETUP_ATTACH_WQ) {
135 sqd = io_attach_sq_data(p);
136 if (!IS_ERR(sqd)) {
137 *attached = true;
138 return sqd;
139 }
140 /* fall through for EPERM case, setup new sqd/task */
141 if (PTR_ERR(sqd) != -EPERM)
142 return sqd;
143 }
144
145 sqd = kzalloc(sizeof(*sqd), GFP_KERNEL);
146 if (!sqd)
147 return ERR_PTR(-ENOMEM);
148
149 atomic_set(&sqd->park_pending, 0);
150 refcount_set(&sqd->refs, 1);
151 INIT_LIST_HEAD(&sqd->ctx_list);
152 mutex_init(&sqd->lock);
153 init_waitqueue_head(&sqd->wait);
154 init_completion(&sqd->exited);
155 return sqd;
156 }
157
io_sqd_events_pending(struct io_sq_data * sqd)158 static inline bool io_sqd_events_pending(struct io_sq_data *sqd)
159 {
160 return READ_ONCE(sqd->state);
161 }
162
__io_sq_thread(struct io_ring_ctx * ctx,bool cap_entries)163 static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
164 {
165 unsigned int to_submit;
166 int ret = 0;
167
168 to_submit = io_sqring_entries(ctx);
169 /* if we're handling multiple rings, cap submit size for fairness */
170 if (cap_entries && to_submit > IORING_SQPOLL_CAP_ENTRIES_VALUE)
171 to_submit = IORING_SQPOLL_CAP_ENTRIES_VALUE;
172
173 if (to_submit || !wq_list_empty(&ctx->iopoll_list)) {
174 const struct cred *creds = NULL;
175
176 if (ctx->sq_creds != current_cred())
177 creds = override_creds(ctx->sq_creds);
178
179 mutex_lock(&ctx->uring_lock);
180 if (!wq_list_empty(&ctx->iopoll_list))
181 io_do_iopoll(ctx, true);
182
183 /*
184 * Don't submit if refs are dying, good for io_uring_register(),
185 * but also it is relied upon by io_ring_exit_work()
186 */
187 if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs)) &&
188 !(ctx->flags & IORING_SETUP_R_DISABLED))
189 ret = io_submit_sqes(ctx, to_submit);
190 mutex_unlock(&ctx->uring_lock);
191
192 if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
193 wake_up(&ctx->sqo_sq_wait);
194 if (creds)
195 revert_creds(creds);
196 }
197
198 return ret;
199 }
200
io_sqd_handle_event(struct io_sq_data * sqd)201 static bool io_sqd_handle_event(struct io_sq_data *sqd)
202 {
203 bool did_sig = false;
204 struct ksignal ksig;
205
206 if (test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state) ||
207 signal_pending(current)) {
208 mutex_unlock(&sqd->lock);
209 if (signal_pending(current))
210 did_sig = get_signal(&ksig);
211 wait_event(sqd->wait, !atomic_read(&sqd->park_pending));
212 mutex_lock(&sqd->lock);
213 sqd->sq_cpu = raw_smp_processor_id();
214 }
215 return did_sig || test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
216 }
217
218 /*
219 * Run task_work, processing the retry_list first. The retry_list holds
220 * entries that we passed on in the previous run, if we had more task_work
221 * than we were asked to process. Newly queued task_work isn't run until the
222 * retry list has been fully processed.
223 */
io_sq_tw(struct llist_node ** retry_list,int max_entries)224 static unsigned int io_sq_tw(struct llist_node **retry_list, int max_entries)
225 {
226 struct io_uring_task *tctx = current->io_uring;
227 unsigned int count = 0;
228
229 if (*retry_list) {
230 *retry_list = io_handle_tw_list(*retry_list, &count, max_entries);
231 if (count >= max_entries)
232 goto out;
233 max_entries -= count;
234 }
235 *retry_list = tctx_task_work_run(tctx, max_entries, &count);
236 out:
237 if (task_work_pending(current))
238 task_work_run();
239 return count;
240 }
241
io_sq_tw_pending(struct llist_node * retry_list)242 static bool io_sq_tw_pending(struct llist_node *retry_list)
243 {
244 struct io_uring_task *tctx = current->io_uring;
245
246 return retry_list || !llist_empty(&tctx->task_list);
247 }
248
io_sq_update_worktime(struct io_sq_data * sqd,struct rusage * start)249 static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start)
250 {
251 struct rusage end;
252
253 getrusage(current, RUSAGE_SELF, &end);
254 end.ru_stime.tv_sec -= start->ru_stime.tv_sec;
255 end.ru_stime.tv_usec -= start->ru_stime.tv_usec;
256
257 sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000;
258 }
259
io_sq_thread(void * data)260 static int io_sq_thread(void *data)
261 {
262 struct llist_node *retry_list = NULL;
263 struct io_sq_data *sqd = data;
264 struct io_ring_ctx *ctx;
265 struct rusage start;
266 unsigned long timeout = 0;
267 char buf[TASK_COMM_LEN];
268 DEFINE_WAIT(wait);
269
270 /* offload context creation failed, just exit */
271 if (!current->io_uring) {
272 mutex_lock(&sqd->lock);
273 sqd->thread = NULL;
274 mutex_unlock(&sqd->lock);
275 goto err_out;
276 }
277
278 snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid);
279 set_task_comm(current, buf);
280
281 /* reset to our pid after we've set task_comm, for fdinfo */
282 sqd->task_pid = current->pid;
283
284 if (sqd->sq_cpu != -1) {
285 set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu));
286 } else {
287 set_cpus_allowed_ptr(current, cpu_online_mask);
288 sqd->sq_cpu = raw_smp_processor_id();
289 }
290
291 /*
292 * Force audit context to get setup, in case we do prep side async
293 * operations that would trigger an audit call before any issue side
294 * audit has been done.
295 */
296 audit_uring_entry(IORING_OP_NOP);
297 audit_uring_exit(true, 0);
298
299 mutex_lock(&sqd->lock);
300 while (1) {
301 bool cap_entries, sqt_spin = false;
302
303 if (io_sqd_events_pending(sqd) || signal_pending(current)) {
304 if (io_sqd_handle_event(sqd))
305 break;
306 timeout = jiffies + sqd->sq_thread_idle;
307 }
308
309 cap_entries = !list_is_singular(&sqd->ctx_list);
310 getrusage(current, RUSAGE_SELF, &start);
311 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
312 int ret = __io_sq_thread(ctx, cap_entries);
313
314 if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list)))
315 sqt_spin = true;
316 }
317 if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE))
318 sqt_spin = true;
319
320 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
321 if (io_napi(ctx))
322 io_napi_sqpoll_busy_poll(ctx);
323
324 if (sqt_spin || !time_after(jiffies, timeout)) {
325 if (sqt_spin) {
326 io_sq_update_worktime(sqd, &start);
327 timeout = jiffies + sqd->sq_thread_idle;
328 }
329 if (unlikely(need_resched())) {
330 mutex_unlock(&sqd->lock);
331 cond_resched();
332 mutex_lock(&sqd->lock);
333 sqd->sq_cpu = raw_smp_processor_id();
334 }
335 continue;
336 }
337
338 prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE);
339 if (!io_sqd_events_pending(sqd) && !io_sq_tw_pending(retry_list)) {
340 bool needs_sched = true;
341
342 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
343 atomic_or(IORING_SQ_NEED_WAKEUP,
344 &ctx->rings->sq_flags);
345 if ((ctx->flags & IORING_SETUP_IOPOLL) &&
346 !wq_list_empty(&ctx->iopoll_list)) {
347 needs_sched = false;
348 break;
349 }
350
351 /*
352 * Ensure the store of the wakeup flag is not
353 * reordered with the load of the SQ tail
354 */
355 smp_mb__after_atomic();
356
357 if (io_sqring_entries(ctx)) {
358 needs_sched = false;
359 break;
360 }
361 }
362
363 if (needs_sched) {
364 mutex_unlock(&sqd->lock);
365 schedule();
366 mutex_lock(&sqd->lock);
367 sqd->sq_cpu = raw_smp_processor_id();
368 }
369 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
370 atomic_andnot(IORING_SQ_NEED_WAKEUP,
371 &ctx->rings->sq_flags);
372 }
373
374 finish_wait(&sqd->wait, &wait);
375 timeout = jiffies + sqd->sq_thread_idle;
376 }
377
378 if (retry_list)
379 io_sq_tw(&retry_list, UINT_MAX);
380
381 io_uring_cancel_generic(true, sqd);
382 sqd->thread = NULL;
383 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
384 atomic_or(IORING_SQ_NEED_WAKEUP, &ctx->rings->sq_flags);
385 io_run_task_work();
386 mutex_unlock(&sqd->lock);
387 err_out:
388 complete(&sqd->exited);
389 do_exit(0);
390 }
391
io_sqpoll_wait_sq(struct io_ring_ctx * ctx)392 void io_sqpoll_wait_sq(struct io_ring_ctx *ctx)
393 {
394 DEFINE_WAIT(wait);
395
396 do {
397 if (!io_sqring_full(ctx))
398 break;
399 prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE);
400
401 if (!io_sqring_full(ctx))
402 break;
403 schedule();
404 } while (!signal_pending(current));
405
406 finish_wait(&ctx->sqo_sq_wait, &wait);
407 }
408
io_sq_offload_create(struct io_ring_ctx * ctx,struct io_uring_params * p)409 __cold int io_sq_offload_create(struct io_ring_ctx *ctx,
410 struct io_uring_params *p)
411 {
412 struct task_struct *task_to_put = NULL;
413 int ret;
414
415 /* Retain compatibility with failing for an invalid attach attempt */
416 if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) ==
417 IORING_SETUP_ATTACH_WQ) {
418 CLASS(fd, f)(p->wq_fd);
419 if (fd_empty(f))
420 return -ENXIO;
421 if (!io_is_uring_fops(fd_file(f)))
422 return -EINVAL;
423 }
424 if (ctx->flags & IORING_SETUP_SQPOLL) {
425 struct task_struct *tsk;
426 struct io_sq_data *sqd;
427 bool attached;
428
429 ret = security_uring_sqpoll();
430 if (ret)
431 return ret;
432
433 sqd = io_get_sq_data(p, &attached);
434 if (IS_ERR(sqd)) {
435 ret = PTR_ERR(sqd);
436 goto err;
437 }
438
439 ctx->sq_creds = get_current_cred();
440 ctx->sq_data = sqd;
441 ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle);
442 if (!ctx->sq_thread_idle)
443 ctx->sq_thread_idle = HZ;
444
445 io_sq_thread_park(sqd);
446 list_add(&ctx->sqd_list, &sqd->ctx_list);
447 io_sqd_update_thread_idle(sqd);
448 /* don't attach to a dying SQPOLL thread, would be racy */
449 ret = (attached && !sqd->thread) ? -ENXIO : 0;
450 io_sq_thread_unpark(sqd);
451
452 if (ret < 0)
453 goto err;
454 if (attached)
455 return 0;
456
457 if (p->flags & IORING_SETUP_SQ_AFF) {
458 cpumask_var_t allowed_mask;
459 int cpu = p->sq_thread_cpu;
460
461 ret = -EINVAL;
462 if (cpu >= nr_cpu_ids || !cpu_online(cpu))
463 goto err_sqpoll;
464 ret = -ENOMEM;
465 if (!alloc_cpumask_var(&allowed_mask, GFP_KERNEL))
466 goto err_sqpoll;
467 ret = -EINVAL;
468 cpuset_cpus_allowed(current, allowed_mask);
469 if (!cpumask_test_cpu(cpu, allowed_mask)) {
470 free_cpumask_var(allowed_mask);
471 goto err_sqpoll;
472 }
473 free_cpumask_var(allowed_mask);
474 sqd->sq_cpu = cpu;
475 } else {
476 sqd->sq_cpu = -1;
477 }
478
479 sqd->task_pid = current->pid;
480 sqd->task_tgid = current->tgid;
481 tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE);
482 if (IS_ERR(tsk)) {
483 ret = PTR_ERR(tsk);
484 goto err_sqpoll;
485 }
486
487 sqd->thread = tsk;
488 task_to_put = get_task_struct(tsk);
489 ret = io_uring_alloc_task_context(tsk, ctx);
490 wake_up_new_task(tsk);
491 if (ret)
492 goto err;
493 } else if (p->flags & IORING_SETUP_SQ_AFF) {
494 /* Can't have SQ_AFF without SQPOLL */
495 ret = -EINVAL;
496 goto err;
497 }
498
499 if (task_to_put)
500 put_task_struct(task_to_put);
501 return 0;
502 err_sqpoll:
503 complete(&ctx->sq_data->exited);
504 err:
505 io_sq_thread_finish(ctx);
506 if (task_to_put)
507 put_task_struct(task_to_put);
508 return ret;
509 }
510
io_sqpoll_wq_cpu_affinity(struct io_ring_ctx * ctx,cpumask_var_t mask)511 __cold int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx,
512 cpumask_var_t mask)
513 {
514 struct io_sq_data *sqd = ctx->sq_data;
515 int ret = -EINVAL;
516
517 if (sqd) {
518 io_sq_thread_park(sqd);
519 /* Don't set affinity for a dying thread */
520 if (sqd->thread)
521 ret = io_wq_cpu_affinity(sqd->thread->io_uring, mask);
522 io_sq_thread_unpark(sqd);
523 }
524
525 return ret;
526 }
527