xref: /linux/io_uring/query.c (revision 5832d26433f2bd0d28f8b12526e3c2fdb203507f) 
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include "linux/io_uring/query.h"
4 
5 #include "query.h"
6 #include "io_uring.h"
7 
8 #define IO_MAX_QUERY_SIZE		(sizeof(struct io_uring_query_opcode))
9 #define IO_MAX_QUERY_ENTRIES		1000
10 
11 static ssize_t io_query_ops(void *data)
12 {
13 	struct io_uring_query_opcode *e = data;
14 
15 	BUILD_BUG_ON(sizeof(*e) > IO_MAX_QUERY_SIZE);
16 
17 	e->nr_request_opcodes = IORING_OP_LAST;
18 	e->nr_register_opcodes = IORING_REGISTER_LAST;
19 	e->feature_flags = IORING_FEAT_FLAGS;
20 	e->ring_setup_flags = IORING_SETUP_FLAGS;
21 	e->enter_flags = IORING_ENTER_FLAGS;
22 	e->sqe_flags = SQE_VALID_FLAGS;
23 	return sizeof(*e);
24 }
25 
26 static int io_handle_query_entry(struct io_ring_ctx *ctx,
27 				 void *data, void __user *uhdr,
28 				 u64 *next_entry)
29 {
30 	struct io_uring_query_hdr hdr;
31 	size_t usize, res_size = 0;
32 	ssize_t ret = -EINVAL;
33 	void __user *udata;
34 
35 	if (copy_from_user(&hdr, uhdr, sizeof(hdr)))
36 		return -EFAULT;
37 	usize = hdr.size;
38 	hdr.size = min(hdr.size, IO_MAX_QUERY_SIZE);
39 	udata = u64_to_user_ptr(hdr.query_data);
40 
41 	if (hdr.query_op >= __IO_URING_QUERY_MAX) {
42 		ret = -EOPNOTSUPP;
43 		goto out;
44 	}
45 	if (!mem_is_zero(hdr.__resv, sizeof(hdr.__resv)) || hdr.result || !hdr.size)
46 		goto out;
47 	if (copy_from_user(data, udata, hdr.size))
48 		return -EFAULT;
49 
50 	switch (hdr.query_op) {
51 	case IO_URING_QUERY_OPCODES:
52 		ret = io_query_ops(data);
53 		break;
54 	}
55 
56 	if (ret >= 0) {
57 		if (WARN_ON_ONCE(ret > IO_MAX_QUERY_SIZE))
58 			return -EFAULT;
59 		res_size = ret;
60 		ret = 0;
61 	}
62 out:
63 	hdr.result = ret;
64 	hdr.size = min_t(size_t, usize, res_size);
65 
66 	if (copy_struct_to_user(udata, usize, data, hdr.size, NULL))
67 		return -EFAULT;
68 	if (copy_to_user(uhdr, &hdr, sizeof(hdr)))
69 		return -EFAULT;
70 	*next_entry = hdr.next_entry;
71 	return 0;
72 }
73 
74 int io_query(struct io_ring_ctx *ctx, void __user *arg, unsigned nr_args)
75 {
76 	char entry_buffer[IO_MAX_QUERY_SIZE];
77 	void __user *uhdr = arg;
78 	int ret, nr = 0;
79 
80 	memset(entry_buffer, 0, sizeof(entry_buffer));
81 
82 	if (nr_args)
83 		return -EINVAL;
84 
85 	while (uhdr) {
86 		u64 next_hdr;
87 
88 		ret = io_handle_query_entry(ctx, entry_buffer, uhdr, &next_hdr);
89 		if (ret)
90 			return ret;
91 		uhdr = u64_to_user_ptr(next_hdr);
92 
93 		/* Have some limit to avoid a potential cycle */
94 		if (++nr >= IO_MAX_QUERY_ENTRIES)
95 			return -ERANGE;
96 		if (fatal_signal_pending(current))
97 			return -EINTR;
98 		cond_resched();
99 	}
100 	return 0;
101 }
102