1// SPDX-License-Identifier: GPL-2.0 2#include <linux/kernel.h> 3#include <linux/errno.h> 4#include <linux/file.h> 5#include <linux/io_uring/cmd.h> 6#include <linux/security.h> 7#include <linux/nospec.h> 8#include <net/sock.h> 9 10#include <uapi/linux/io_uring.h> 11#include <asm/ioctls.h> 12 13#include "io_uring.h" 14#include "rsrc.h" 15#include "uring_cmd.h" 16 17static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd, 18 unsigned int issue_flags) 19{ 20 struct io_kiocb *req = cmd_to_io_kiocb(cmd); 21 struct io_ring_ctx *ctx = req->ctx; 22 23 if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) 24 return; 25 26 cmd->flags &= ~IORING_URING_CMD_CANCELABLE; 27 io_ring_submit_lock(ctx, issue_flags); 28 hlist_del(&req->hash_node); 29 io_ring_submit_unlock(ctx, issue_flags); 30} 31 32/* 33 * Mark this command as concelable, then io_uring_try_cancel_uring_cmd() 34 * will try to cancel this issued command by sending ->uring_cmd() with 35 * issue_flags of IO_URING_F_CANCEL. 36 * 37 * The command is guaranteed to not be done when calling ->uring_cmd() 38 * with IO_URING_F_CANCEL, but it is driver's responsibility to deal 39 * with race between io_uring canceling and normal completion. 40 */ 41void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd, 42 unsigned int issue_flags) 43{ 44 struct io_kiocb *req = cmd_to_io_kiocb(cmd); 45 struct io_ring_ctx *ctx = req->ctx; 46 47 if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) { 48 cmd->flags |= IORING_URING_CMD_CANCELABLE; 49 io_ring_submit_lock(ctx, issue_flags); 50 hlist_add_head(&req->hash_node, &ctx->cancelable_uring_cmd); 51 io_ring_submit_unlock(ctx, issue_flags); 52 } 53} 54EXPORT_SYMBOL_GPL(io_uring_cmd_mark_cancelable); 55 56static void io_uring_cmd_work(struct io_kiocb *req, struct io_tw_state *ts) 57{ 58 struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); 59 unsigned issue_flags = ts->locked ? 0 : IO_URING_F_UNLOCKED; 60 61 ioucmd->task_work_cb(ioucmd, issue_flags); 62} 63 64void __io_uring_cmd_do_in_task(struct io_uring_cmd *ioucmd, 65 void (*task_work_cb)(struct io_uring_cmd *, unsigned), 66 unsigned flags) 67{ 68 struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); 69 70 ioucmd->task_work_cb = task_work_cb; 71 req->io_task_work.func = io_uring_cmd_work; 72 __io_req_task_work_add(req, flags); 73} 74EXPORT_SYMBOL_GPL(__io_uring_cmd_do_in_task); 75 76static inline void io_req_set_cqe32_extra(struct io_kiocb *req, 77 u64 extra1, u64 extra2) 78{ 79 req->big_cqe.extra1 = extra1; 80 req->big_cqe.extra2 = extra2; 81} 82 83/* 84 * Called by consumers of io_uring_cmd, if they originally returned 85 * -EIOCBQUEUED upon receiving the command. 86 */ 87void io_uring_cmd_done(struct io_uring_cmd *ioucmd, ssize_t ret, ssize_t res2, 88 unsigned issue_flags) 89{ 90 struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); 91 92 io_uring_cmd_del_cancelable(ioucmd, issue_flags); 93 94 if (ret < 0) 95 req_set_fail(req); 96 97 io_req_set_res(req, ret, 0); 98 if (req->ctx->flags & IORING_SETUP_CQE32) 99 io_req_set_cqe32_extra(req, res2, 0); 100 if (req->ctx->flags & IORING_SETUP_IOPOLL) { 101 /* order with io_iopoll_req_issued() checking ->iopoll_complete */ 102 smp_store_release(&req->iopoll_completed, 1); 103 } else { 104 struct io_tw_state ts = { 105 .locked = !(issue_flags & IO_URING_F_UNLOCKED), 106 }; 107 io_req_task_complete(req, &ts); 108 } 109} 110EXPORT_SYMBOL_GPL(io_uring_cmd_done); 111 112int io_uring_cmd_prep_async(struct io_kiocb *req) 113{ 114 struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); 115 116 memcpy(req->async_data, ioucmd->sqe, uring_sqe_size(req->ctx)); 117 ioucmd->sqe = req->async_data; 118 return 0; 119} 120 121int io_uring_cmd_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) 122{ 123 struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); 124 125 if (sqe->__pad1) 126 return -EINVAL; 127 128 ioucmd->flags = READ_ONCE(sqe->uring_cmd_flags); 129 if (ioucmd->flags & ~IORING_URING_CMD_MASK) 130 return -EINVAL; 131 132 if (ioucmd->flags & IORING_URING_CMD_FIXED) { 133 struct io_ring_ctx *ctx = req->ctx; 134 u16 index; 135 136 req->buf_index = READ_ONCE(sqe->buf_index); 137 if (unlikely(req->buf_index >= ctx->nr_user_bufs)) 138 return -EFAULT; 139 index = array_index_nospec(req->buf_index, ctx->nr_user_bufs); 140 req->imu = ctx->user_bufs[index]; 141 io_req_set_rsrc_node(req, ctx, 0); 142 } 143 ioucmd->sqe = sqe; 144 ioucmd->cmd_op = READ_ONCE(sqe->cmd_op); 145 return 0; 146} 147 148int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags) 149{ 150 struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); 151 struct io_ring_ctx *ctx = req->ctx; 152 struct file *file = req->file; 153 int ret; 154 155 if (!file->f_op->uring_cmd) 156 return -EOPNOTSUPP; 157 158 ret = security_uring_cmd(ioucmd); 159 if (ret) 160 return ret; 161 162 if (ctx->flags & IORING_SETUP_SQE128) 163 issue_flags |= IO_URING_F_SQE128; 164 if (ctx->flags & IORING_SETUP_CQE32) 165 issue_flags |= IO_URING_F_CQE32; 166 if (ctx->compat) 167 issue_flags |= IO_URING_F_COMPAT; 168 if (ctx->flags & IORING_SETUP_IOPOLL) { 169 if (!file->f_op->uring_cmd_iopoll) 170 return -EOPNOTSUPP; 171 issue_flags |= IO_URING_F_IOPOLL; 172 req->iopoll_completed = 0; 173 } 174 175 ret = file->f_op->uring_cmd(ioucmd, issue_flags); 176 if (ret == -EAGAIN) { 177 if (!req_has_async_data(req)) { 178 if (io_alloc_async_data(req)) 179 return -ENOMEM; 180 io_uring_cmd_prep_async(req); 181 } 182 return -EAGAIN; 183 } 184 185 if (ret != -EIOCBQUEUED) { 186 if (ret < 0) 187 req_set_fail(req); 188 io_req_set_res(req, ret, 0); 189 return ret; 190 } 191 192 return IOU_ISSUE_SKIP_COMPLETE; 193} 194 195int io_uring_cmd_import_fixed(u64 ubuf, unsigned long len, int rw, 196 struct iov_iter *iter, void *ioucmd) 197{ 198 struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); 199 200 return io_import_fixed(rw, iter, req->imu, ubuf, len); 201} 202EXPORT_SYMBOL_GPL(io_uring_cmd_import_fixed); 203 204static inline int io_uring_cmd_getsockopt(struct socket *sock, 205 struct io_uring_cmd *cmd, 206 unsigned int issue_flags) 207{ 208 bool compat = !!(issue_flags & IO_URING_F_COMPAT); 209 int optlen, optname, level, err; 210 void __user *optval; 211 212 level = READ_ONCE(cmd->sqe->level); 213 if (level != SOL_SOCKET) 214 return -EOPNOTSUPP; 215 216 optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); 217 optname = READ_ONCE(cmd->sqe->optname); 218 optlen = READ_ONCE(cmd->sqe->optlen); 219 220 err = do_sock_getsockopt(sock, compat, level, optname, 221 USER_SOCKPTR(optval), 222 KERNEL_SOCKPTR(&optlen)); 223 if (err) 224 return err; 225 226 /* On success, return optlen */ 227 return optlen; 228} 229 230static inline int io_uring_cmd_setsockopt(struct socket *sock, 231 struct io_uring_cmd *cmd, 232 unsigned int issue_flags) 233{ 234 bool compat = !!(issue_flags & IO_URING_F_COMPAT); 235 int optname, optlen, level; 236 void __user *optval; 237 sockptr_t optval_s; 238 239 optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); 240 optname = READ_ONCE(cmd->sqe->optname); 241 optlen = READ_ONCE(cmd->sqe->optlen); 242 level = READ_ONCE(cmd->sqe->level); 243 optval_s = USER_SOCKPTR(optval); 244 245 return do_sock_setsockopt(sock, compat, level, optname, optval_s, 246 optlen); 247} 248 249#if defined(CONFIG_NET) 250int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags) 251{ 252 struct socket *sock = cmd->file->private_data; 253 struct sock *sk = sock->sk; 254 struct proto *prot = READ_ONCE(sk->sk_prot); 255 int ret, arg = 0; 256 257 if (!prot || !prot->ioctl) 258 return -EOPNOTSUPP; 259 260 switch (cmd->sqe->cmd_op) { 261 case SOCKET_URING_OP_SIOCINQ: 262 ret = prot->ioctl(sk, SIOCINQ, &arg); 263 if (ret) 264 return ret; 265 return arg; 266 case SOCKET_URING_OP_SIOCOUTQ: 267 ret = prot->ioctl(sk, SIOCOUTQ, &arg); 268 if (ret) 269 return ret; 270 return arg; 271 case SOCKET_URING_OP_GETSOCKOPT: 272 return io_uring_cmd_getsockopt(sock, cmd, issue_flags); 273 case SOCKET_URING_OP_SETSOCKOPT: 274 return io_uring_cmd_setsockopt(sock, cmd, issue_flags); 275 default: 276 return -EOPNOTSUPP; 277 } 278} 279EXPORT_SYMBOL_GPL(io_uring_cmd_sock); 280#endif 281