1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Contains the core associated with submission side polling of the SQ 4 * ring, offloading submissions from the application to a kernel thread. 5 */ 6 #include <linux/kernel.h> 7 #include <linux/errno.h> 8 #include <linux/file.h> 9 #include <linux/mm.h> 10 #include <linux/slab.h> 11 #include <linux/audit.h> 12 #include <linux/security.h> 13 #include <linux/cpuset.h> 14 #include <linux/io_uring.h> 15 16 #include <uapi/linux/io_uring.h> 17 18 #include "io_uring.h" 19 #include "napi.h" 20 #include "sqpoll.h" 21 22 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8 23 #define IORING_TW_CAP_ENTRIES_VALUE 8 24 25 enum { 26 IO_SQ_THREAD_SHOULD_STOP = 0, 27 IO_SQ_THREAD_SHOULD_PARK, 28 }; 29 30 void io_sq_thread_unpark(struct io_sq_data *sqd) 31 __releases(&sqd->lock) 32 { 33 WARN_ON_ONCE(sqd->thread == current); 34 35 /* 36 * Do the dance but not conditional clear_bit() because it'd race with 37 * other threads incrementing park_pending and setting the bit. 38 */ 39 clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); 40 if (atomic_dec_return(&sqd->park_pending)) 41 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); 42 mutex_unlock(&sqd->lock); 43 wake_up(&sqd->wait); 44 } 45 46 void io_sq_thread_park(struct io_sq_data *sqd) 47 __acquires(&sqd->lock) 48 { 49 WARN_ON_ONCE(data_race(sqd->thread) == current); 50 51 atomic_inc(&sqd->park_pending); 52 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state); 53 mutex_lock(&sqd->lock); 54 if (sqd->thread) 55 wake_up_process(sqd->thread); 56 } 57 58 void io_sq_thread_stop(struct io_sq_data *sqd) 59 { 60 WARN_ON_ONCE(sqd->thread == current); 61 WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state)); 62 63 set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); 64 mutex_lock(&sqd->lock); 65 if (sqd->thread) 66 wake_up_process(sqd->thread); 67 mutex_unlock(&sqd->lock); 68 wait_for_completion(&sqd->exited); 69 } 70 71 void io_put_sq_data(struct io_sq_data *sqd) 72 { 73 if (refcount_dec_and_test(&sqd->refs)) { 74 WARN_ON_ONCE(atomic_read(&sqd->park_pending)); 75 76 io_sq_thread_stop(sqd); 77 kfree(sqd); 78 } 79 } 80 81 static __cold void io_sqd_update_thread_idle(struct io_sq_data *sqd) 82 { 83 struct io_ring_ctx *ctx; 84 unsigned sq_thread_idle = 0; 85 86 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) 87 sq_thread_idle = max(sq_thread_idle, ctx->sq_thread_idle); 88 sqd->sq_thread_idle = sq_thread_idle; 89 } 90 91 void io_sq_thread_finish(struct io_ring_ctx *ctx) 92 { 93 struct io_sq_data *sqd = ctx->sq_data; 94 95 if (sqd) { 96 io_sq_thread_park(sqd); 97 list_del_init(&ctx->sqd_list); 98 io_sqd_update_thread_idle(sqd); 99 io_sq_thread_unpark(sqd); 100 101 io_put_sq_data(sqd); 102 ctx->sq_data = NULL; 103 } 104 } 105 106 static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p) 107 { 108 struct io_ring_ctx *ctx_attach; 109 struct io_sq_data *sqd; 110 CLASS(fd, f)(p->wq_fd); 111 112 if (fd_empty(f)) 113 return ERR_PTR(-ENXIO); 114 if (!io_is_uring_fops(fd_file(f))) 115 return ERR_PTR(-EINVAL); 116 117 ctx_attach = fd_file(f)->private_data; 118 sqd = ctx_attach->sq_data; 119 if (!sqd) 120 return ERR_PTR(-EINVAL); 121 if (sqd->task_tgid != current->tgid) 122 return ERR_PTR(-EPERM); 123 124 refcount_inc(&sqd->refs); 125 return sqd; 126 } 127 128 static struct io_sq_data *io_get_sq_data(struct io_uring_params *p, 129 bool *attached) 130 { 131 struct io_sq_data *sqd; 132 133 *attached = false; 134 if (p->flags & IORING_SETUP_ATTACH_WQ) { 135 sqd = io_attach_sq_data(p); 136 if (!IS_ERR(sqd)) { 137 *attached = true; 138 return sqd; 139 } 140 /* fall through for EPERM case, setup new sqd/task */ 141 if (PTR_ERR(sqd) != -EPERM) 142 return sqd; 143 } 144 145 sqd = kzalloc(sizeof(*sqd), GFP_KERNEL); 146 if (!sqd) 147 return ERR_PTR(-ENOMEM); 148 149 atomic_set(&sqd->park_pending, 0); 150 refcount_set(&sqd->refs, 1); 151 INIT_LIST_HEAD(&sqd->ctx_list); 152 mutex_init(&sqd->lock); 153 init_waitqueue_head(&sqd->wait); 154 init_completion(&sqd->exited); 155 return sqd; 156 } 157 158 static inline bool io_sqd_events_pending(struct io_sq_data *sqd) 159 { 160 return READ_ONCE(sqd->state); 161 } 162 163 static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) 164 { 165 unsigned int to_submit; 166 int ret = 0; 167 168 to_submit = io_sqring_entries(ctx); 169 /* if we're handling multiple rings, cap submit size for fairness */ 170 if (cap_entries && to_submit > IORING_SQPOLL_CAP_ENTRIES_VALUE) 171 to_submit = IORING_SQPOLL_CAP_ENTRIES_VALUE; 172 173 if (to_submit || !wq_list_empty(&ctx->iopoll_list)) { 174 const struct cred *creds = NULL; 175 176 if (ctx->sq_creds != current_cred()) 177 creds = override_creds(ctx->sq_creds); 178 179 mutex_lock(&ctx->uring_lock); 180 if (!wq_list_empty(&ctx->iopoll_list)) 181 io_do_iopoll(ctx, true); 182 183 /* 184 * Don't submit if refs are dying, good for io_uring_register(), 185 * but also it is relied upon by io_ring_exit_work() 186 */ 187 if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs)) && 188 !(ctx->flags & IORING_SETUP_R_DISABLED)) 189 ret = io_submit_sqes(ctx, to_submit); 190 mutex_unlock(&ctx->uring_lock); 191 192 if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) 193 wake_up(&ctx->sqo_sq_wait); 194 if (creds) 195 revert_creds(creds); 196 } 197 198 return ret; 199 } 200 201 static bool io_sqd_handle_event(struct io_sq_data *sqd) 202 { 203 bool did_sig = false; 204 struct ksignal ksig; 205 206 if (test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state) || 207 signal_pending(current)) { 208 mutex_unlock(&sqd->lock); 209 if (signal_pending(current)) 210 did_sig = get_signal(&ksig); 211 wait_event(sqd->wait, !atomic_read(&sqd->park_pending)); 212 mutex_lock(&sqd->lock); 213 sqd->sq_cpu = raw_smp_processor_id(); 214 } 215 return did_sig || test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state); 216 } 217 218 /* 219 * Run task_work, processing the retry_list first. The retry_list holds 220 * entries that we passed on in the previous run, if we had more task_work 221 * than we were asked to process. Newly queued task_work isn't run until the 222 * retry list has been fully processed. 223 */ 224 static unsigned int io_sq_tw(struct llist_node **retry_list, int max_entries) 225 { 226 struct io_uring_task *tctx = current->io_uring; 227 unsigned int count = 0; 228 229 if (*retry_list) { 230 *retry_list = io_handle_tw_list(*retry_list, &count, max_entries); 231 if (count >= max_entries) 232 goto out; 233 max_entries -= count; 234 } 235 *retry_list = tctx_task_work_run(tctx, max_entries, &count); 236 out: 237 if (task_work_pending(current)) 238 task_work_run(); 239 return count; 240 } 241 242 static bool io_sq_tw_pending(struct llist_node *retry_list) 243 { 244 struct io_uring_task *tctx = current->io_uring; 245 246 return retry_list || !llist_empty(&tctx->task_list); 247 } 248 249 static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start) 250 { 251 struct rusage end; 252 253 getrusage(current, RUSAGE_SELF, &end); 254 end.ru_stime.tv_sec -= start->ru_stime.tv_sec; 255 end.ru_stime.tv_usec -= start->ru_stime.tv_usec; 256 257 sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000; 258 } 259 260 static int io_sq_thread(void *data) 261 { 262 struct llist_node *retry_list = NULL; 263 struct io_sq_data *sqd = data; 264 struct io_ring_ctx *ctx; 265 struct rusage start; 266 unsigned long timeout = 0; 267 char buf[TASK_COMM_LEN]; 268 DEFINE_WAIT(wait); 269 270 /* offload context creation failed, just exit */ 271 if (!current->io_uring) { 272 mutex_lock(&sqd->lock); 273 sqd->thread = NULL; 274 mutex_unlock(&sqd->lock); 275 goto err_out; 276 } 277 278 snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid); 279 set_task_comm(current, buf); 280 281 /* reset to our pid after we've set task_comm, for fdinfo */ 282 sqd->task_pid = current->pid; 283 284 if (sqd->sq_cpu != -1) { 285 set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu)); 286 } else { 287 set_cpus_allowed_ptr(current, cpu_online_mask); 288 sqd->sq_cpu = raw_smp_processor_id(); 289 } 290 291 /* 292 * Force audit context to get setup, in case we do prep side async 293 * operations that would trigger an audit call before any issue side 294 * audit has been done. 295 */ 296 audit_uring_entry(IORING_OP_NOP); 297 audit_uring_exit(true, 0); 298 299 mutex_lock(&sqd->lock); 300 while (1) { 301 bool cap_entries, sqt_spin = false; 302 303 if (io_sqd_events_pending(sqd) || signal_pending(current)) { 304 if (io_sqd_handle_event(sqd)) 305 break; 306 timeout = jiffies + sqd->sq_thread_idle; 307 } 308 309 cap_entries = !list_is_singular(&sqd->ctx_list); 310 getrusage(current, RUSAGE_SELF, &start); 311 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { 312 int ret = __io_sq_thread(ctx, cap_entries); 313 314 if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list))) 315 sqt_spin = true; 316 } 317 if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE)) 318 sqt_spin = true; 319 320 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) 321 if (io_napi(ctx)) 322 io_napi_sqpoll_busy_poll(ctx); 323 324 if (sqt_spin || !time_after(jiffies, timeout)) { 325 if (sqt_spin) { 326 io_sq_update_worktime(sqd, &start); 327 timeout = jiffies + sqd->sq_thread_idle; 328 } 329 if (unlikely(need_resched())) { 330 mutex_unlock(&sqd->lock); 331 cond_resched(); 332 mutex_lock(&sqd->lock); 333 sqd->sq_cpu = raw_smp_processor_id(); 334 } 335 continue; 336 } 337 338 prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE); 339 if (!io_sqd_events_pending(sqd) && !io_sq_tw_pending(retry_list)) { 340 bool needs_sched = true; 341 342 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) { 343 atomic_or(IORING_SQ_NEED_WAKEUP, 344 &ctx->rings->sq_flags); 345 if ((ctx->flags & IORING_SETUP_IOPOLL) && 346 !wq_list_empty(&ctx->iopoll_list)) { 347 needs_sched = false; 348 break; 349 } 350 351 /* 352 * Ensure the store of the wakeup flag is not 353 * reordered with the load of the SQ tail 354 */ 355 smp_mb__after_atomic(); 356 357 if (io_sqring_entries(ctx)) { 358 needs_sched = false; 359 break; 360 } 361 } 362 363 if (needs_sched) { 364 mutex_unlock(&sqd->lock); 365 schedule(); 366 mutex_lock(&sqd->lock); 367 sqd->sq_cpu = raw_smp_processor_id(); 368 } 369 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) 370 atomic_andnot(IORING_SQ_NEED_WAKEUP, 371 &ctx->rings->sq_flags); 372 } 373 374 finish_wait(&sqd->wait, &wait); 375 timeout = jiffies + sqd->sq_thread_idle; 376 } 377 378 if (retry_list) 379 io_sq_tw(&retry_list, UINT_MAX); 380 381 io_uring_cancel_generic(true, sqd); 382 sqd->thread = NULL; 383 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) 384 atomic_or(IORING_SQ_NEED_WAKEUP, &ctx->rings->sq_flags); 385 io_run_task_work(); 386 mutex_unlock(&sqd->lock); 387 err_out: 388 complete(&sqd->exited); 389 do_exit(0); 390 } 391 392 void io_sqpoll_wait_sq(struct io_ring_ctx *ctx) 393 { 394 DEFINE_WAIT(wait); 395 396 do { 397 if (!io_sqring_full(ctx)) 398 break; 399 prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE); 400 401 if (!io_sqring_full(ctx)) 402 break; 403 schedule(); 404 } while (!signal_pending(current)); 405 406 finish_wait(&ctx->sqo_sq_wait, &wait); 407 } 408 409 __cold int io_sq_offload_create(struct io_ring_ctx *ctx, 410 struct io_uring_params *p) 411 { 412 struct task_struct *task_to_put = NULL; 413 int ret; 414 415 /* Retain compatibility with failing for an invalid attach attempt */ 416 if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) == 417 IORING_SETUP_ATTACH_WQ) { 418 CLASS(fd, f)(p->wq_fd); 419 if (fd_empty(f)) 420 return -ENXIO; 421 if (!io_is_uring_fops(fd_file(f))) 422 return -EINVAL; 423 } 424 if (ctx->flags & IORING_SETUP_SQPOLL) { 425 struct task_struct *tsk; 426 struct io_sq_data *sqd; 427 bool attached; 428 429 ret = security_uring_sqpoll(); 430 if (ret) 431 return ret; 432 433 sqd = io_get_sq_data(p, &attached); 434 if (IS_ERR(sqd)) { 435 ret = PTR_ERR(sqd); 436 goto err; 437 } 438 439 ctx->sq_creds = get_current_cred(); 440 ctx->sq_data = sqd; 441 ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle); 442 if (!ctx->sq_thread_idle) 443 ctx->sq_thread_idle = HZ; 444 445 io_sq_thread_park(sqd); 446 list_add(&ctx->sqd_list, &sqd->ctx_list); 447 io_sqd_update_thread_idle(sqd); 448 /* don't attach to a dying SQPOLL thread, would be racy */ 449 ret = (attached && !sqd->thread) ? -ENXIO : 0; 450 io_sq_thread_unpark(sqd); 451 452 if (ret < 0) 453 goto err; 454 if (attached) 455 return 0; 456 457 if (p->flags & IORING_SETUP_SQ_AFF) { 458 cpumask_var_t allowed_mask; 459 int cpu = p->sq_thread_cpu; 460 461 ret = -EINVAL; 462 if (cpu >= nr_cpu_ids || !cpu_online(cpu)) 463 goto err_sqpoll; 464 ret = -ENOMEM; 465 if (!alloc_cpumask_var(&allowed_mask, GFP_KERNEL)) 466 goto err_sqpoll; 467 ret = -EINVAL; 468 cpuset_cpus_allowed(current, allowed_mask); 469 if (!cpumask_test_cpu(cpu, allowed_mask)) { 470 free_cpumask_var(allowed_mask); 471 goto err_sqpoll; 472 } 473 free_cpumask_var(allowed_mask); 474 sqd->sq_cpu = cpu; 475 } else { 476 sqd->sq_cpu = -1; 477 } 478 479 sqd->task_pid = current->pid; 480 sqd->task_tgid = current->tgid; 481 tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE); 482 if (IS_ERR(tsk)) { 483 ret = PTR_ERR(tsk); 484 goto err_sqpoll; 485 } 486 487 sqd->thread = tsk; 488 task_to_put = get_task_struct(tsk); 489 ret = io_uring_alloc_task_context(tsk, ctx); 490 wake_up_new_task(tsk); 491 if (ret) 492 goto err; 493 } else if (p->flags & IORING_SETUP_SQ_AFF) { 494 /* Can't have SQ_AFF without SQPOLL */ 495 ret = -EINVAL; 496 goto err; 497 } 498 499 if (task_to_put) 500 put_task_struct(task_to_put); 501 return 0; 502 err_sqpoll: 503 complete(&ctx->sq_data->exited); 504 err: 505 io_sq_thread_finish(ctx); 506 if (task_to_put) 507 put_task_struct(task_to_put); 508 return ret; 509 } 510 511 __cold int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx, 512 cpumask_var_t mask) 513 { 514 struct io_sq_data *sqd = ctx->sq_data; 515 int ret = -EINVAL; 516 517 if (sqd) { 518 io_sq_thread_park(sqd); 519 /* Don't set affinity for a dying thread */ 520 if (sqd->thread) 521 ret = io_wq_cpu_affinity(sqd->thread->io_uring, mask); 522 io_sq_thread_unpark(sqd); 523 } 524 525 return ret; 526 } 527