Merge tag 'io_uring-5.6-2020-02-14' of git://git.kernel.dk/linux-block

#include <linux/slab.h>

#include <linux/kthread.h>

#include <linux/rculist_nulls.h>

#include <linux/fs_struct.h>

#include "io-wq.h"

	const struct cred *cur_creds;

	const struct cred *saved_creds;

	struct files_struct *restore_files;

	struct fs_struct *restore_fs;

};

#if BITS_PER_LONG == 64

		task_unlock(current);

	}

	if (current->fs != worker->restore_fs)

		current->fs = worker->restore_fs;

	/*

	 * If we have an active mm, we need to drop the wq lock before unusing

	 * it. If we do, return true and let the caller retry the idle loop.

	worker->flags |= (IO_WORKER_F_UP | IO_WORKER_F_RUNNING);

	worker->restore_files = current->files;

	worker->restore_fs = current->fs;

	io_wqe_inc_running(wqe, worker);

}

			current->files = work->files;

			task_unlock(current);

		}

		if (work->fs && current->fs != work->fs)

			current->fs = work->fs;

		if (work->mm != worker->mm)

			io_wq_switch_mm(worker, work);

		if (worker->cur_creds != work->creds)

	/* create fixed workers */

	refcount_set(&wq->refs, workers_to_create);

	for_each_node(node) {

		if (!node_online(node))

			continue;

		if (!create_io_worker(wq, wq->wqes[node], IO_WQ_ACCT_BOUND))

			goto err;

		workers_to_create--;

	}

	while (workers_to_create--)

		refcount_dec(&wq->refs);

	complete(&wq->done);

	while (!kthread_should_stop()) {

			struct io_wqe *wqe = wq->wqes[node];

			bool fork_worker[2] = { false, false };

			if (!node_online(node))

				continue;

			spin_lock_irq(&wqe->lock);

			if (io_wqe_need_worker(wqe, IO_WQ_ACCT_BOUND))

				fork_worker[IO_WQ_ACCT_BOUND] = true;

	list_for_each_entry_rcu(worker, &wqe->all_list, all_list) {

		if (io_worker_get(worker)) {

			/* no task if node is/was offline */

			if (worker->task)

				ret = func(worker, data);

			io_worker_release(worker);

			if (ret)

	return ret;

}

struct work_match {

	bool (*fn)(struct io_wq_work *, void *data);

	void *data;

};

static bool io_wq_worker_cancel(struct io_worker *worker, void *data)

{

	struct io_wq_work *work = data;

	struct work_match *match = data;

	unsigned long flags;

	bool ret = false;

	if (worker->cur_work != work)

		return false;

	spin_lock_irqsave(&worker->lock, flags);

	if (worker->cur_work == work &&

	if (match->fn(worker->cur_work, match->data) &&

	    !(worker->cur_work->flags & IO_WQ_WORK_NO_CANCEL)) {

		send_sig(SIGINT, worker->task, 1);

		ret = true;

}

static enum io_wq_cancel io_wqe_cancel_work(struct io_wqe *wqe,

					    struct io_wq_work *cwork)

					    struct work_match *match)

{

	struct io_wq_work_node *node, *prev;

	struct io_wq_work *work;

	unsigned long flags;

	bool found = false;

	cwork->flags |= IO_WQ_WORK_CANCEL;

	/*

	 * First check pending list, if we're lucky we can just remove it

	 * from there. CANCEL_OK means that the work is returned as-new,

	wq_list_for_each(node, prev, &wqe->work_list) {

		work = container_of(node, struct io_wq_work, list);

		if (work == cwork) {

		if (match->fn(work, match->data)) {

			wq_node_del(&wqe->work_list, node, prev);

			found = true;

			break;

	 * completion will run normally in this case.

	 */

	rcu_read_lock();

	found = io_wq_for_each_worker(wqe, io_wq_worker_cancel, cwork);

	found = io_wq_for_each_worker(wqe, io_wq_worker_cancel, match);

	rcu_read_unlock();

	return found ? IO_WQ_CANCEL_RUNNING : IO_WQ_CANCEL_NOTFOUND;

}

static bool io_wq_work_match(struct io_wq_work *work, void *data)

{

	return work == data;

}

enum io_wq_cancel io_wq_cancel_work(struct io_wq *wq, struct io_wq_work *cwork)

{

	struct work_match match = {

		.fn	= io_wq_work_match,

		.data	= cwork

	};

	enum io_wq_cancel ret = IO_WQ_CANCEL_NOTFOUND;

	int node;

	cwork->flags |= IO_WQ_WORK_CANCEL;

	for_each_node(node) {

		struct io_wqe *wqe = wq->wqes[node];

		ret = io_wqe_cancel_work(wqe, cwork);

		ret = io_wqe_cancel_work(wqe, &match);

		if (ret != IO_WQ_CANCEL_NOTFOUND)

			break;

	}

	return ret;

}

static bool io_wq_pid_match(struct io_wq_work *work, void *data)

{

	pid_t pid = (pid_t) (unsigned long) data;

	if (work)

		return work->task_pid == pid;

	return false;

}

enum io_wq_cancel io_wq_cancel_pid(struct io_wq *wq, pid_t pid)

{

	struct work_match match = {

		.fn	= io_wq_pid_match,

		.data	= (void *) (unsigned long) pid

	};

	enum io_wq_cancel ret = IO_WQ_CANCEL_NOTFOUND;

	int node;

	for_each_node(node) {

		struct io_wqe *wqe = wq->wqes[node];

		ret = io_wqe_cancel_work(wqe, &match);

		if (ret != IO_WQ_CANCEL_NOTFOUND)

			break;

	}

	for_each_node(node) {

		struct io_wqe *wqe = wq->wqes[node];

		if (!node_online(node))

			continue;

		init_completion(&data.done);

		INIT_IO_WORK(&data.work, io_wq_flush_func);

		data.work.flags |= IO_WQ_WORK_INTERNAL;

	for_each_node(node) {

		struct io_wqe *wqe;

		int alloc_node = node;

		wqe = kzalloc_node(sizeof(struct io_wqe), GFP_KERNEL, node);

		if (!node_online(alloc_node))

			alloc_node = NUMA_NO_NODE;

		wqe = kzalloc_node(sizeof(struct io_wqe), GFP_KERNEL, alloc_node);

		if (!wqe)

			goto err;

		wq->wqes[node] = wqe;

		wqe->node = node;

		wqe->node = alloc_node;

		wqe->acct[IO_WQ_ACCT_BOUND].max_workers = bounded;

		atomic_set(&wqe->acct[IO_WQ_ACCT_BOUND].nr_running, 0);

		if (wq->user) {

					task_rlimit(current, RLIMIT_NPROC);

		}

		atomic_set(&wqe->acct[IO_WQ_ACCT_UNBOUND].nr_running, 0);

		wqe->node = node;

		wqe->wq = wq;

		spin_lock_init(&wqe->lock);

		INIT_WQ_LIST(&wqe->work_list);

	struct files_struct *files;

	struct mm_struct *mm;

	const struct cred *creds;

	struct fs_struct *fs;

	unsigned flags;

	pid_t task_pid;

};

#define INIT_IO_WORK(work, _func)			\

	do {						\

		(work)->list.next = NULL;		\

		(work)->func = _func;			\

		(work)->flags = 0;			\

		(work)->files = NULL;			\

		(work)->mm = NULL;			\

		(work)->creds = NULL;			\

		(work)->fs = NULL;			\

		(work)->flags = 0;			\

	} while (0)					\

typedef void (get_work_fn)(struct io_wq_work *);

void io_wq_cancel_all(struct io_wq *wq);

enum io_wq_cancel io_wq_cancel_work(struct io_wq *wq, struct io_wq_work *cwork);

enum io_wq_cancel io_wq_cancel_pid(struct io_wq *wq, pid_t pid);

typedef bool (work_cancel_fn)(struct io_wq_work *, void *);

#include <linux/fsnotify.h>

#include <linux/fadvise.h>

#include <linux/eventpoll.h>

#include <linux/fs_struct.h>

#define CREATE_TRACE_POINTS

#include <trace/events/io_uring.h>

	struct {

		unsigned int		flags;

		int			compat: 1;

		int			account_mem: 1;

		int			cq_overflow_flushed: 1;

		int			drain_next: 1;

		int			eventfd_async: 1;

		unsigned int		compat: 1;

		unsigned int		account_mem: 1;

		unsigned int		cq_overflow_flushed: 1;

		unsigned int		drain_next: 1;

		unsigned int		eventfd_async: 1;

		/*

		 * Ring buffer of indices into array of io_uring_sqe, which is

	struct iovec			*iov;

	struct sockaddr __user		*uaddr;

	struct msghdr			msg;

	struct sockaddr_storage		addr;

};

struct io_async_rw {

	ssize_t				size;

};

struct io_async_open {

	struct filename			*filename;

};

struct io_async_ctx {

	union {

		struct io_async_rw	rw;

		struct io_async_msghdr	msg;

		struct io_async_connect	connect;

		struct io_timeout_data	timeout;

		struct io_async_open	open;

	};

};

	REQ_F_MUST_PUNT_BIT,

	REQ_F_TIMEOUT_NOSEQ_BIT,

	REQ_F_COMP_LOCKED_BIT,

	REQ_F_NEED_CLEANUP_BIT,

	REQ_F_OVERFLOW_BIT,

};

enum {

	REQ_F_TIMEOUT_NOSEQ	= BIT(REQ_F_TIMEOUT_NOSEQ_BIT),

	/* completion under lock */

	REQ_F_COMP_LOCKED	= BIT(REQ_F_COMP_LOCKED_BIT),

	/* needs cleanup */

	REQ_F_NEED_CLEANUP	= BIT(REQ_F_NEED_CLEANUP_BIT),

	/* in overflow list */

	REQ_F_OVERFLOW		= BIT(REQ_F_OVERFLOW_BIT),

};

/*

	 * llist_node is only used for poll deferred completions

	 */

	struct llist_node		llist_node;

	bool				has_user;

	bool				in_async;

	bool				needs_fixed_file;

	u8				opcode;

	unsigned		not_supported : 1;

	/* needs file table */

	unsigned		file_table : 1;

	/* needs ->fs */

	unsigned		needs_fs : 1;

};

static const struct io_op_def io_op_defs[] = {

		.needs_mm		= 1,

		.needs_file		= 1,

		.unbound_nonreg_file	= 1,

		.needs_fs		= 1,

	},

	[IORING_OP_RECVMSG] = {

		.async_ctx		= 1,

		.needs_mm		= 1,

		.needs_file		= 1,

		.unbound_nonreg_file	= 1,

		.needs_fs		= 1,

	},

	[IORING_OP_TIMEOUT] = {

		.async_ctx		= 1,

		.needs_file		= 1,

		.fd_non_neg		= 1,

		.file_table		= 1,

		.needs_fs		= 1,

	},

	[IORING_OP_CLOSE] = {

		.needs_file		= 1,

		.needs_mm		= 1,

		.needs_file		= 1,

		.fd_non_neg		= 1,

		.needs_fs		= 1,

	},

	[IORING_OP_READ] = {

		.needs_mm		= 1,

		.needs_file		= 1,

		.fd_non_neg		= 1,

		.file_table		= 1,

		.needs_fs		= 1,

	},

	[IORING_OP_EPOLL_CTL] = {

		.unbound_nonreg_file	= 1,

				 unsigned nr_args);

static int io_grab_files(struct io_kiocb *req);

static void io_ring_file_ref_flush(struct fixed_file_data *data);

static void io_cleanup_req(struct io_kiocb *req);

static struct kmem_cache *req_cachep;

	}

	if (!req->work.creds)

		req->work.creds = get_current_cred();

	if (!req->work.fs && def->needs_fs) {

		spin_lock(&current->fs->lock);

		if (!current->fs->in_exec) {

			req->work.fs = current->fs;

			req->work.fs->users++;

		} else {

			req->work.flags |= IO_WQ_WORK_CANCEL;

		}

		spin_unlock(&current->fs->lock);

	}

	if (!req->work.task_pid)

		req->work.task_pid = task_pid_vnr(current);

}

static inline void io_req_work_drop_env(struct io_kiocb *req)

		put_cred(req->work.creds);

		req->work.creds = NULL;

	}

	if (req->work.fs) {

		struct fs_struct *fs = req->work.fs;

		spin_lock(&req->work.fs->lock);

		if (--fs->users)

			fs = NULL;

		spin_unlock(&req->work.fs->lock);

		if (fs)

			free_fs_struct(fs);

	}

}

static inline bool io_prep_async_work(struct io_kiocb *req,

		req = list_first_entry(&ctx->cq_overflow_list, struct io_kiocb,

						list);

		list_move(&req->list, &list);

		req->flags &= ~REQ_F_OVERFLOW;

		if (cqe) {

			WRITE_ONCE(cqe->user_data, req->user_data);

			WRITE_ONCE(cqe->res, req->result);

			set_bit(0, &ctx->sq_check_overflow);

			set_bit(0, &ctx->cq_check_overflow);

		}

		req->flags |= REQ_F_OVERFLOW;

		refcount_inc(&req->refs);

		req->result = res;

		list_add_tail(&req->list, &ctx->cq_overflow_list);

{

	__io_req_aux_free(req);

	if (req->flags & REQ_F_NEED_CLEANUP)

		io_cleanup_req(req);

	if (req->flags & REQ_F_INFLIGHT) {

		struct io_ring_ctx *ctx = req->ctx;

		unsigned long flags;

		return iorw->size;

	}

	if (!req->has_user)

		return -EFAULT;

#ifdef CONFIG_COMPAT

	if (req->ctx->compat)

		return compat_import_iovec(rw, buf, sqe_len, UIO_FASTIOV,

		req->io->rw.iov = req->io->rw.fast_iov;

		memcpy(req->io->rw.iov, fast_iov,

			sizeof(struct iovec) * iter->nr_segs);

	} else {

		req->flags |= REQ_F_NEED_CLEANUP;

	}

}

	return req->io == NULL;

}

static void io_rw_async(struct io_wq_work **workptr)

{

	struct io_kiocb *req = container_of(*workptr, struct io_kiocb, work);

	struct iovec *iov = NULL;

	if (req->io->rw.iov != req->io->rw.fast_iov)

		iov = req->io->rw.iov;

	io_wq_submit_work(workptr);

	kfree(iov);

}

static int io_setup_async_rw(struct io_kiocb *req, ssize_t io_size,

			     struct iovec *iovec, struct iovec *fast_iov,

			     struct iov_iter *iter)

		io_req_map_rw(req, io_size, iovec, fast_iov, iter);

	}

	req->work.func = io_rw_async;

	return 0;

}

	if (unlikely(!(req->file->f_mode & FMODE_READ)))

		return -EBADF;

	if (!req->io)

	/* either don't need iovec imported or already have it */

	if (!req->io || req->flags & REQ_F_NEED_CLEANUP)

		return 0;

	io = req->io;

		}

	}

out_free:

	if (!io_wq_current_is_worker())

	kfree(iovec);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	return ret;

}

	if (unlikely(!(req->file->f_mode & FMODE_WRITE)))

		return -EBADF;

	if (!req->io)

	/* either don't need iovec imported or already have it */

	if (!req->io || req->flags & REQ_F_NEED_CLEANUP)

		return 0;

	io = req->io;

			ret2 = call_write_iter(req->file, kiocb, &iter);

		else

			ret2 = loop_rw_iter(WRITE, req->file, kiocb, &iter);

		/*

		 * Raw bdev writes will -EOPNOTSUPP for IOCB_NOWAIT. Just

		 * retry them without IOCB_NOWAIT.

		 */

		if (ret2 == -EOPNOTSUPP && (kiocb->ki_flags & IOCB_NOWAIT))

			ret2 = -EAGAIN;

		if (!force_nonblock || ret2 != -EAGAIN) {

			kiocb_done(kiocb, ret2, nxt, req->in_async);

		} else {

		}

	}

out_free:

	if (!io_wq_current_is_worker())

	req->flags &= ~REQ_F_NEED_CLEANUP;

	kfree(iovec);

	return ret;

}

	if (sqe->ioprio || sqe->buf_index)

		return -EINVAL;

	if (sqe->flags & IOSQE_FIXED_FILE)

		return -EBADF;

	if (req->flags & REQ_F_NEED_CLEANUP)

		return 0;

	req->open.dfd = READ_ONCE(sqe->fd);

	req->open.how.mode = READ_ONCE(sqe->len);

		return ret;

	}

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}

	if (sqe->ioprio || sqe->buf_index)

		return -EINVAL;

	if (sqe->flags & IOSQE_FIXED_FILE)

		return -EBADF;

	if (req->flags & REQ_F_NEED_CLEANUP)

		return 0;

	req->open.dfd = READ_ONCE(sqe->fd);

	fname = u64_to_user_ptr(READ_ONCE(sqe->addr));

		return ret;

	}

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}

	}

err:

	putname(req->open.filename);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	if (ret < 0)

		req_set_fail_links(req);

	io_cqring_add_event(req, ret);

	if (sqe->ioprio || sqe->buf_index)

		return -EINVAL;

	if (sqe->flags & IOSQE_FIXED_FILE)

		return -EBADF;

	if (req->flags & REQ_F_NEED_CLEANUP)

		return 0;

	req->open.dfd = READ_ONCE(sqe->fd);

	req->open.mask = READ_ONCE(sqe->len);

		return ret;

	}

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}