1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Contains the core associated with submission side polling of the SQ
4 * ring, offloading submissions from the application to a kernel thread.
5 */
6 #include <linux/kernel.h>
7 #include <linux/errno.h>
8 #include <linux/file.h>
9 #include <linux/mm.h>
10 #include <linux/slab.h>
11 #include <linux/audit.h>
12 #include <linux/security.h>
13 #include <linux/cpuset.h>
14 #include <linux/io_uring.h>
15
16 #include <uapi/linux/io_uring.h>
17
18 #include "io_uring.h"
19 #include "napi.h"
20 #include "sqpoll.h"
21
22 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8
23 #define IORING_TW_CAP_ENTRIES_VALUE 32
24
25 enum {
26 IO_SQ_THREAD_SHOULD_STOP = 0,
27 IO_SQ_THREAD_SHOULD_PARK,
28 };
29
io_sq_thread_unpark(struct io_sq_data * sqd)30 void io_sq_thread_unpark(struct io_sq_data *sqd)
31 __releases(&sqd->lock)
32 {
33 WARN_ON_ONCE(sqpoll_task_locked(sqd) == current);
34
35 /*
36 * Do the dance but not conditional clear_bit() because it'd race with
37 * other threads incrementing park_pending and setting the bit.
38 */
39 clear_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
40 if (atomic_dec_return(&sqd->park_pending))
41 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
42 mutex_unlock(&sqd->lock);
43 }
44
io_sq_thread_park(struct io_sq_data * sqd)45 void io_sq_thread_park(struct io_sq_data *sqd)
46 __acquires(&sqd->lock)
47 {
48 struct task_struct *tsk;
49
50 atomic_inc(&sqd->park_pending);
51 set_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state);
52 mutex_lock(&sqd->lock);
53
54 tsk = sqpoll_task_locked(sqd);
55 if (tsk) {
56 WARN_ON_ONCE(tsk == current);
57 wake_up_process(tsk);
58 }
59 }
60
io_sq_thread_stop(struct io_sq_data * sqd)61 void io_sq_thread_stop(struct io_sq_data *sqd)
62 {
63 struct task_struct *tsk;
64
65 WARN_ON_ONCE(test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state));
66
67 set_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
68 mutex_lock(&sqd->lock);
69 tsk = sqpoll_task_locked(sqd);
70 if (tsk) {
71 WARN_ON_ONCE(tsk == current);
72 wake_up_process(tsk);
73 }
74 mutex_unlock(&sqd->lock);
75 wait_for_completion(&sqd->exited);
76 }
77
io_put_sq_data(struct io_sq_data * sqd)78 void io_put_sq_data(struct io_sq_data *sqd)
79 {
80 if (refcount_dec_and_test(&sqd->refs)) {
81 WARN_ON_ONCE(atomic_read(&sqd->park_pending));
82
83 io_sq_thread_stop(sqd);
84 kfree(sqd);
85 }
86 }
87
io_sqd_update_thread_idle(struct io_sq_data * sqd)88 static __cold void io_sqd_update_thread_idle(struct io_sq_data *sqd)
89 {
90 struct io_ring_ctx *ctx;
91 unsigned sq_thread_idle = 0;
92
93 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
94 sq_thread_idle = max(sq_thread_idle, ctx->sq_thread_idle);
95 sqd->sq_thread_idle = sq_thread_idle;
96 }
97
io_sq_thread_finish(struct io_ring_ctx * ctx)98 void io_sq_thread_finish(struct io_ring_ctx *ctx)
99 {
100 struct io_sq_data *sqd = ctx->sq_data;
101
102 if (sqd) {
103 io_sq_thread_park(sqd);
104 list_del_init(&ctx->sqd_list);
105 io_sqd_update_thread_idle(sqd);
106 io_sq_thread_unpark(sqd);
107
108 io_put_sq_data(sqd);
109 ctx->sq_data = NULL;
110 }
111 }
112
io_attach_sq_data(struct io_uring_params * p)113 static struct io_sq_data *io_attach_sq_data(struct io_uring_params *p)
114 {
115 struct io_ring_ctx *ctx_attach;
116 struct io_sq_data *sqd;
117 struct fd f;
118
119 f = fdget(p->wq_fd);
120 if (!fd_file(f))
121 return ERR_PTR(-ENXIO);
122 if (!io_is_uring_fops(fd_file(f))) {
123 fdput(f);
124 return ERR_PTR(-EINVAL);
125 }
126
127 ctx_attach = fd_file(f)->private_data;
128 sqd = ctx_attach->sq_data;
129 if (!sqd) {
130 fdput(f);
131 return ERR_PTR(-EINVAL);
132 }
133 if (sqd->task_tgid != current->tgid) {
134 fdput(f);
135 return ERR_PTR(-EPERM);
136 }
137
138 refcount_inc(&sqd->refs);
139 fdput(f);
140 return sqd;
141 }
142
io_get_sq_data(struct io_uring_params * p,bool * attached)143 static struct io_sq_data *io_get_sq_data(struct io_uring_params *p,
144 bool *attached)
145 {
146 struct io_sq_data *sqd;
147
148 *attached = false;
149 if (p->flags & IORING_SETUP_ATTACH_WQ) {
150 sqd = io_attach_sq_data(p);
151 if (!IS_ERR(sqd)) {
152 *attached = true;
153 return sqd;
154 }
155 /* fall through for EPERM case, setup new sqd/task */
156 if (PTR_ERR(sqd) != -EPERM)
157 return sqd;
158 }
159
160 sqd = kzalloc(sizeof(*sqd), GFP_KERNEL);
161 if (!sqd)
162 return ERR_PTR(-ENOMEM);
163
164 atomic_set(&sqd->park_pending, 0);
165 refcount_set(&sqd->refs, 1);
166 INIT_LIST_HEAD(&sqd->ctx_list);
167 mutex_init(&sqd->lock);
168 init_waitqueue_head(&sqd->wait);
169 init_completion(&sqd->exited);
170 return sqd;
171 }
172
io_sqd_events_pending(struct io_sq_data * sqd)173 static inline bool io_sqd_events_pending(struct io_sq_data *sqd)
174 {
175 return READ_ONCE(sqd->state);
176 }
177
__io_sq_thread(struct io_ring_ctx * ctx,bool cap_entries)178 static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
179 {
180 unsigned int to_submit;
181 int ret = 0;
182
183 to_submit = io_sqring_entries(ctx);
184 /* if we're handling multiple rings, cap submit size for fairness */
185 if (cap_entries && to_submit > IORING_SQPOLL_CAP_ENTRIES_VALUE)
186 to_submit = IORING_SQPOLL_CAP_ENTRIES_VALUE;
187
188 if (to_submit || !wq_list_empty(&ctx->iopoll_list)) {
189 const struct cred *creds = NULL;
190
191 if (ctx->sq_creds != current_cred())
192 creds = override_creds(ctx->sq_creds);
193
194 mutex_lock(&ctx->uring_lock);
195 if (!wq_list_empty(&ctx->iopoll_list))
196 io_do_iopoll(ctx, true);
197
198 /*
199 * Don't submit if refs are dying, good for io_uring_register(),
200 * but also it is relied upon by io_ring_exit_work()
201 */
202 if (to_submit && likely(!percpu_ref_is_dying(&ctx->refs)) &&
203 !(ctx->flags & IORING_SETUP_R_DISABLED))
204 ret = io_submit_sqes(ctx, to_submit);
205 mutex_unlock(&ctx->uring_lock);
206
207 if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
208 wake_up(&ctx->sqo_sq_wait);
209 if (creds)
210 revert_creds(creds);
211 }
212
213 return ret;
214 }
215
io_sqd_handle_event(struct io_sq_data * sqd)216 static bool io_sqd_handle_event(struct io_sq_data *sqd)
217 {
218 bool did_sig = false;
219 struct ksignal ksig;
220
221 if (test_bit(IO_SQ_THREAD_SHOULD_PARK, &sqd->state) ||
222 signal_pending(current)) {
223 mutex_unlock(&sqd->lock);
224 if (signal_pending(current))
225 did_sig = get_signal(&ksig);
226 cond_resched();
227 mutex_lock(&sqd->lock);
228 sqd->sq_cpu = raw_smp_processor_id();
229 }
230 return did_sig || test_bit(IO_SQ_THREAD_SHOULD_STOP, &sqd->state);
231 }
232
233 /*
234 * Run task_work, processing the retry_list first. The retry_list holds
235 * entries that we passed on in the previous run, if we had more task_work
236 * than we were asked to process. Newly queued task_work isn't run until the
237 * retry list has been fully processed.
238 */
io_sq_tw(struct llist_node ** retry_list,int max_entries)239 static unsigned int io_sq_tw(struct llist_node **retry_list, int max_entries)
240 {
241 struct io_uring_task *tctx = current->io_uring;
242 unsigned int count = 0;
243
244 if (*retry_list) {
245 *retry_list = io_handle_tw_list(*retry_list, &count, max_entries);
246 if (count >= max_entries)
247 goto out;
248 max_entries -= count;
249 }
250 *retry_list = tctx_task_work_run(tctx, max_entries, &count);
251 out:
252 if (task_work_pending(current))
253 task_work_run();
254 return count;
255 }
256
io_sq_tw_pending(struct llist_node * retry_list)257 static bool io_sq_tw_pending(struct llist_node *retry_list)
258 {
259 struct io_uring_task *tctx = current->io_uring;
260
261 return retry_list || !llist_empty(&tctx->task_list);
262 }
263
io_sq_update_worktime(struct io_sq_data * sqd,struct rusage * start)264 static void io_sq_update_worktime(struct io_sq_data *sqd, struct rusage *start)
265 {
266 struct rusage end;
267
268 getrusage(current, RUSAGE_SELF, &end);
269 end.ru_stime.tv_sec -= start->ru_stime.tv_sec;
270 end.ru_stime.tv_usec -= start->ru_stime.tv_usec;
271
272 sqd->work_time += end.ru_stime.tv_usec + end.ru_stime.tv_sec * 1000000;
273 }
274
io_sq_thread(void * data)275 static int io_sq_thread(void *data)
276 {
277 struct llist_node *retry_list = NULL;
278 struct io_sq_data *sqd = data;
279 struct io_ring_ctx *ctx;
280 struct rusage start;
281 unsigned long timeout = 0;
282 char buf[TASK_COMM_LEN];
283 DEFINE_WAIT(wait);
284
285 /* offload context creation failed, just exit */
286 if (!current->io_uring) {
287 mutex_lock(&sqd->lock);
288 rcu_assign_pointer(sqd->thread, NULL);
289 put_task_struct(current);
290 mutex_unlock(&sqd->lock);
291 goto err_out;
292 }
293
294 snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid);
295 set_task_comm(current, buf);
296
297 /* reset to our pid after we've set task_comm, for fdinfo */
298 sqd->task_pid = current->pid;
299
300 if (sqd->sq_cpu != -1) {
301 set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu));
302 } else {
303 set_cpus_allowed_ptr(current, cpu_online_mask);
304 sqd->sq_cpu = raw_smp_processor_id();
305 }
306
307 /*
308 * Force audit context to get setup, in case we do prep side async
309 * operations that would trigger an audit call before any issue side
310 * audit has been done.
311 */
312 audit_uring_entry(IORING_OP_NOP);
313 audit_uring_exit(true, 0);
314
315 mutex_lock(&sqd->lock);
316 while (1) {
317 bool cap_entries, sqt_spin = false;
318
319 if (io_sqd_events_pending(sqd) || signal_pending(current)) {
320 if (io_sqd_handle_event(sqd))
321 break;
322 timeout = jiffies + sqd->sq_thread_idle;
323 }
324
325 cap_entries = !list_is_singular(&sqd->ctx_list);
326 getrusage(current, RUSAGE_SELF, &start);
327 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
328 int ret = __io_sq_thread(ctx, cap_entries);
329
330 if (!sqt_spin && (ret > 0 || !wq_list_empty(&ctx->iopoll_list)))
331 sqt_spin = true;
332 }
333 if (io_sq_tw(&retry_list, IORING_TW_CAP_ENTRIES_VALUE))
334 sqt_spin = true;
335
336 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
337 if (io_napi(ctx))
338 io_napi_sqpoll_busy_poll(ctx);
339
340 if (sqt_spin || !time_after(jiffies, timeout)) {
341 if (sqt_spin) {
342 io_sq_update_worktime(sqd, &start);
343 timeout = jiffies + sqd->sq_thread_idle;
344 }
345 if (unlikely(need_resched())) {
346 mutex_unlock(&sqd->lock);
347 cond_resched();
348 mutex_lock(&sqd->lock);
349 sqd->sq_cpu = raw_smp_processor_id();
350 }
351 continue;
352 }
353
354 prepare_to_wait(&sqd->wait, &wait, TASK_INTERRUPTIBLE);
355 if (!io_sqd_events_pending(sqd) && !io_sq_tw_pending(retry_list)) {
356 bool needs_sched = true;
357
358 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list) {
359 atomic_or(IORING_SQ_NEED_WAKEUP,
360 &ctx->rings->sq_flags);
361 if ((ctx->flags & IORING_SETUP_IOPOLL) &&
362 !wq_list_empty(&ctx->iopoll_list)) {
363 needs_sched = false;
364 break;
365 }
366
367 /*
368 * Ensure the store of the wakeup flag is not
369 * reordered with the load of the SQ tail
370 */
371 smp_mb__after_atomic();
372
373 if (io_sqring_entries(ctx)) {
374 needs_sched = false;
375 break;
376 }
377 }
378
379 if (needs_sched) {
380 mutex_unlock(&sqd->lock);
381 schedule();
382 mutex_lock(&sqd->lock);
383 sqd->sq_cpu = raw_smp_processor_id();
384 }
385 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
386 atomic_andnot(IORING_SQ_NEED_WAKEUP,
387 &ctx->rings->sq_flags);
388 }
389
390 finish_wait(&sqd->wait, &wait);
391 timeout = jiffies + sqd->sq_thread_idle;
392 }
393
394 if (retry_list)
395 io_sq_tw(&retry_list, UINT_MAX);
396
397 io_uring_cancel_generic(true, sqd);
398 rcu_assign_pointer(sqd->thread, NULL);
399 put_task_struct(current);
400 list_for_each_entry(ctx, &sqd->ctx_list, sqd_list)
401 atomic_or(IORING_SQ_NEED_WAKEUP, &ctx->rings->sq_flags);
402 io_run_task_work();
403 mutex_unlock(&sqd->lock);
404 err_out:
405 complete(&sqd->exited);
406 do_exit(0);
407 }
408
io_sqpoll_wait_sq(struct io_ring_ctx * ctx)409 void io_sqpoll_wait_sq(struct io_ring_ctx *ctx)
410 {
411 DEFINE_WAIT(wait);
412
413 do {
414 if (!io_sqring_full(ctx))
415 break;
416 prepare_to_wait(&ctx->sqo_sq_wait, &wait, TASK_INTERRUPTIBLE);
417
418 if (!io_sqring_full(ctx))
419 break;
420 schedule();
421 } while (!signal_pending(current));
422
423 finish_wait(&ctx->sqo_sq_wait, &wait);
424 }
425
io_sq_offload_create(struct io_ring_ctx * ctx,struct io_uring_params * p)426 __cold int io_sq_offload_create(struct io_ring_ctx *ctx,
427 struct io_uring_params *p)
428 {
429 int ret;
430
431 /* Retain compatibility with failing for an invalid attach attempt */
432 if ((ctx->flags & (IORING_SETUP_ATTACH_WQ | IORING_SETUP_SQPOLL)) ==
433 IORING_SETUP_ATTACH_WQ) {
434 struct fd f;
435
436 f = fdget(p->wq_fd);
437 if (!fd_file(f))
438 return -ENXIO;
439 if (!io_is_uring_fops(fd_file(f))) {
440 fdput(f);
441 return -EINVAL;
442 }
443 fdput(f);
444 }
445 if (ctx->flags & IORING_SETUP_SQPOLL) {
446 struct task_struct *tsk;
447 struct io_sq_data *sqd;
448 bool attached;
449
450 ret = security_uring_sqpoll();
451 if (ret)
452 return ret;
453
454 sqd = io_get_sq_data(p, &attached);
455 if (IS_ERR(sqd)) {
456 ret = PTR_ERR(sqd);
457 goto err;
458 }
459
460 ctx->sq_creds = get_current_cred();
461 ctx->sq_data = sqd;
462 ctx->sq_thread_idle = msecs_to_jiffies(p->sq_thread_idle);
463 if (!ctx->sq_thread_idle)
464 ctx->sq_thread_idle = HZ;
465
466 io_sq_thread_park(sqd);
467 list_add(&ctx->sqd_list, &sqd->ctx_list);
468 io_sqd_update_thread_idle(sqd);
469 /* don't attach to a dying SQPOLL thread, would be racy */
470 ret = (attached && !sqd->thread) ? -ENXIO : 0;
471 io_sq_thread_unpark(sqd);
472
473 if (ret < 0)
474 goto err;
475 if (attached)
476 return 0;
477
478 if (p->flags & IORING_SETUP_SQ_AFF) {
479 cpumask_var_t allowed_mask;
480 int cpu = p->sq_thread_cpu;
481
482 ret = -EINVAL;
483 if (cpu >= nr_cpu_ids || !cpu_online(cpu))
484 goto err_sqpoll;
485 ret = -ENOMEM;
486 if (!alloc_cpumask_var(&allowed_mask, GFP_KERNEL))
487 goto err_sqpoll;
488 ret = -EINVAL;
489 cpuset_cpus_allowed(current, allowed_mask);
490 if (!cpumask_test_cpu(cpu, allowed_mask)) {
491 free_cpumask_var(allowed_mask);
492 goto err_sqpoll;
493 }
494 free_cpumask_var(allowed_mask);
495 sqd->sq_cpu = cpu;
496 } else {
497 sqd->sq_cpu = -1;
498 }
499
500 sqd->task_pid = current->pid;
501 sqd->task_tgid = current->tgid;
502 tsk = create_io_thread(io_sq_thread, sqd, NUMA_NO_NODE);
503 if (IS_ERR(tsk)) {
504 ret = PTR_ERR(tsk);
505 goto err_sqpoll;
506 }
507
508 mutex_lock(&sqd->lock);
509 rcu_assign_pointer(sqd->thread, tsk);
510 mutex_unlock(&sqd->lock);
511
512 get_task_struct(tsk);
513 ret = io_uring_alloc_task_context(tsk, ctx);
514 wake_up_new_task(tsk);
515 if (ret)
516 goto err;
517 } else if (p->flags & IORING_SETUP_SQ_AFF) {
518 /* Can't have SQ_AFF without SQPOLL */
519 ret = -EINVAL;
520 goto err;
521 }
522 return 0;
523 err_sqpoll:
524 complete(&ctx->sq_data->exited);
525 err:
526 io_sq_thread_finish(ctx);
527 return ret;
528 }
529
io_sqpoll_wq_cpu_affinity(struct io_ring_ctx * ctx,cpumask_var_t mask)530 __cold int io_sqpoll_wq_cpu_affinity(struct io_ring_ctx *ctx,
531 cpumask_var_t mask)
532 {
533 struct io_sq_data *sqd = ctx->sq_data;
534 int ret = -EINVAL;
535
536 if (sqd) {
537 struct task_struct *tsk;
538
539 io_sq_thread_park(sqd);
540 /* Don't set affinity for a dying thread */
541 tsk = sqpoll_task_locked(sqd);
542 if (tsk)
543 ret = io_wq_cpu_affinity(tsk->io_uring, mask);
544 io_sq_thread_unpark(sqd);
545 }
546
547 return ret;
548 }
549