waitid.c 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Support for async notification of waitid
  4. */
  5. #include <linux/kernel.h>
  6. #include <linux/errno.h>
  7. #include <linux/fs.h>
  8. #include <linux/file.h>
  9. #include <linux/compat.h>
  10. #include <linux/io_uring.h>
  11. #include <uapi/linux/io_uring.h>
  12. #include "io_uring.h"
  13. #include "cancel.h"
  14. #include "waitid.h"
  15. #include "../kernel/exit.h"
  16. static void io_waitid_cb(struct io_tw_req tw_req, io_tw_token_t tw);
  17. #define IO_WAITID_CANCEL_FLAG BIT(31)
  18. #define IO_WAITID_REF_MASK GENMASK(30, 0)
  19. struct io_waitid {
  20. struct file *file;
  21. int which;
  22. pid_t upid;
  23. int options;
  24. atomic_t refs;
  25. struct wait_queue_head *head;
  26. struct siginfo __user *infop;
  27. struct waitid_info info;
  28. };
  29. static void io_waitid_free(struct io_kiocb *req)
  30. {
  31. struct io_waitid_async *iwa = req->async_data;
  32. put_pid(iwa->wo.wo_pid);
  33. io_req_async_data_free(req);
  34. }
  35. static bool io_waitid_compat_copy_si(struct io_waitid *iw, int signo)
  36. {
  37. struct compat_siginfo __user *infop;
  38. bool ret;
  39. infop = (struct compat_siginfo __user *) iw->infop;
  40. if (!user_write_access_begin(infop, sizeof(*infop)))
  41. return false;
  42. unsafe_put_user(signo, &infop->si_signo, Efault);
  43. unsafe_put_user(0, &infop->si_errno, Efault);
  44. unsafe_put_user(iw->info.cause, &infop->si_code, Efault);
  45. unsafe_put_user(iw->info.pid, &infop->si_pid, Efault);
  46. unsafe_put_user(iw->info.uid, &infop->si_uid, Efault);
  47. unsafe_put_user(iw->info.status, &infop->si_status, Efault);
  48. ret = true;
  49. done:
  50. user_write_access_end();
  51. return ret;
  52. Efault:
  53. ret = false;
  54. goto done;
  55. }
  56. static bool io_waitid_copy_si(struct io_kiocb *req, int signo)
  57. {
  58. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  59. bool ret;
  60. if (!iw->infop)
  61. return true;
  62. if (io_is_compat(req->ctx))
  63. return io_waitid_compat_copy_si(iw, signo);
  64. if (!user_write_access_begin(iw->infop, sizeof(*iw->infop)))
  65. return false;
  66. unsafe_put_user(signo, &iw->infop->si_signo, Efault);
  67. unsafe_put_user(0, &iw->infop->si_errno, Efault);
  68. unsafe_put_user(iw->info.cause, &iw->infop->si_code, Efault);
  69. unsafe_put_user(iw->info.pid, &iw->infop->si_pid, Efault);
  70. unsafe_put_user(iw->info.uid, &iw->infop->si_uid, Efault);
  71. unsafe_put_user(iw->info.status, &iw->infop->si_status, Efault);
  72. ret = true;
  73. done:
  74. user_write_access_end();
  75. return ret;
  76. Efault:
  77. ret = false;
  78. goto done;
  79. }
  80. static int io_waitid_finish(struct io_kiocb *req, int ret)
  81. {
  82. int signo = 0;
  83. if (ret > 0) {
  84. signo = SIGCHLD;
  85. ret = 0;
  86. }
  87. if (!io_waitid_copy_si(req, signo))
  88. ret = -EFAULT;
  89. io_waitid_free(req);
  90. return ret;
  91. }
  92. static void io_waitid_remove_wq(struct io_kiocb *req)
  93. {
  94. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  95. struct wait_queue_head *head;
  96. head = smp_load_acquire(&iw->head);
  97. if (head) {
  98. struct io_waitid_async *iwa = req->async_data;
  99. smp_store_release(&iw->head, NULL);
  100. spin_lock_irq(&head->lock);
  101. list_del_init(&iwa->wo.child_wait.entry);
  102. spin_unlock_irq(&head->lock);
  103. }
  104. }
  105. static void io_waitid_complete(struct io_kiocb *req, int ret)
  106. {
  107. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  108. /* anyone completing better be holding a reference */
  109. WARN_ON_ONCE(!(atomic_read(&iw->refs) & IO_WAITID_REF_MASK));
  110. lockdep_assert_held(&req->ctx->uring_lock);
  111. hlist_del_init(&req->hash_node);
  112. io_waitid_remove_wq(req);
  113. ret = io_waitid_finish(req, ret);
  114. if (ret < 0)
  115. req_set_fail(req);
  116. io_req_set_res(req, ret, 0);
  117. }
  118. static bool __io_waitid_cancel(struct io_kiocb *req)
  119. {
  120. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  121. lockdep_assert_held(&req->ctx->uring_lock);
  122. /*
  123. * Mark us canceled regardless of ownership. This will prevent a
  124. * potential retry from a spurious wakeup.
  125. */
  126. atomic_or(IO_WAITID_CANCEL_FLAG, &iw->refs);
  127. /* claim ownership */
  128. if (atomic_fetch_inc(&iw->refs) & IO_WAITID_REF_MASK)
  129. return false;
  130. io_waitid_complete(req, -ECANCELED);
  131. io_req_queue_tw_complete(req, -ECANCELED);
  132. return true;
  133. }
  134. int io_waitid_cancel(struct io_ring_ctx *ctx, struct io_cancel_data *cd,
  135. unsigned int issue_flags)
  136. {
  137. return io_cancel_remove(ctx, cd, issue_flags, &ctx->waitid_list, __io_waitid_cancel);
  138. }
  139. bool io_waitid_remove_all(struct io_ring_ctx *ctx, struct io_uring_task *tctx,
  140. bool cancel_all)
  141. {
  142. return io_cancel_remove_all(ctx, tctx, &ctx->waitid_list, cancel_all, __io_waitid_cancel);
  143. }
  144. static inline bool io_waitid_drop_issue_ref(struct io_kiocb *req)
  145. {
  146. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  147. if (!atomic_sub_return(1, &iw->refs))
  148. return false;
  149. io_waitid_remove_wq(req);
  150. /*
  151. * Wakeup triggered, racing with us. It was prevented from
  152. * completing because of that, queue up the tw to do that.
  153. */
  154. req->io_task_work.func = io_waitid_cb;
  155. io_req_task_work_add(req);
  156. return true;
  157. }
  158. static void io_waitid_cb(struct io_tw_req tw_req, io_tw_token_t tw)
  159. {
  160. struct io_kiocb *req = tw_req.req;
  161. struct io_waitid_async *iwa = req->async_data;
  162. struct io_ring_ctx *ctx = req->ctx;
  163. int ret;
  164. io_tw_lock(ctx, tw);
  165. ret = __do_wait(&iwa->wo);
  166. /*
  167. * If we get -ERESTARTSYS here, we need to re-arm and check again
  168. * to ensure we get another callback. If the retry works, then we can
  169. * just remove ourselves from the waitqueue again and finish the
  170. * request.
  171. */
  172. if (unlikely(ret == -ERESTARTSYS)) {
  173. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  174. /* Don't retry if cancel found it meanwhile */
  175. ret = -ECANCELED;
  176. if (!(atomic_read(&iw->refs) & IO_WAITID_CANCEL_FLAG)) {
  177. iw->head = &current->signal->wait_chldexit;
  178. add_wait_queue(iw->head, &iwa->wo.child_wait);
  179. ret = __do_wait(&iwa->wo);
  180. if (ret == -ERESTARTSYS) {
  181. /* retry armed, drop our ref */
  182. io_waitid_drop_issue_ref(req);
  183. return;
  184. }
  185. /* fall through to complete, will kill waitqueue */
  186. }
  187. }
  188. io_waitid_complete(req, ret);
  189. io_req_task_complete(tw_req, tw);
  190. }
  191. static int io_waitid_wait(struct wait_queue_entry *wait, unsigned mode,
  192. int sync, void *key)
  193. {
  194. struct wait_opts *wo = container_of(wait, struct wait_opts, child_wait);
  195. struct io_waitid_async *iwa = container_of(wo, struct io_waitid_async, wo);
  196. struct io_kiocb *req = iwa->req;
  197. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  198. struct task_struct *p = key;
  199. if (!pid_child_should_wake(wo, p))
  200. return 0;
  201. list_del_init(&wait->entry);
  202. smp_store_release(&iw->head, NULL);
  203. /* cancel is in progress */
  204. if (atomic_fetch_inc(&iw->refs) & IO_WAITID_REF_MASK)
  205. return 1;
  206. req->io_task_work.func = io_waitid_cb;
  207. io_req_task_work_add(req);
  208. return 1;
  209. }
  210. int io_waitid_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
  211. {
  212. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  213. struct io_waitid_async *iwa;
  214. if (sqe->addr || sqe->buf_index || sqe->addr3 || sqe->waitid_flags)
  215. return -EINVAL;
  216. iwa = io_uring_alloc_async_data(NULL, req);
  217. if (unlikely(!iwa))
  218. return -ENOMEM;
  219. iwa->req = req;
  220. iw->which = READ_ONCE(sqe->len);
  221. iw->upid = READ_ONCE(sqe->fd);
  222. iw->options = READ_ONCE(sqe->file_index);
  223. iw->head = NULL;
  224. iw->infop = u64_to_user_ptr(READ_ONCE(sqe->addr2));
  225. return 0;
  226. }
  227. int io_waitid(struct io_kiocb *req, unsigned int issue_flags)
  228. {
  229. struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
  230. struct io_waitid_async *iwa = req->async_data;
  231. struct io_ring_ctx *ctx = req->ctx;
  232. int ret;
  233. ret = kernel_waitid_prepare(&iwa->wo, iw->which, iw->upid, &iw->info,
  234. iw->options, NULL);
  235. if (ret)
  236. goto done;
  237. /*
  238. * Mark the request as busy upfront, in case we're racing with the
  239. * wakeup. If we are, then we'll notice when we drop this initial
  240. * reference again after arming.
  241. */
  242. atomic_set(&iw->refs, 1);
  243. /*
  244. * Cancel must hold the ctx lock, so there's no risk of cancelation
  245. * finding us until a) we remain on the list, and b) the lock is
  246. * dropped. We only need to worry about racing with the wakeup
  247. * callback.
  248. */
  249. io_ring_submit_lock(ctx, issue_flags);
  250. /*
  251. * iw->head is valid under the ring lock, and as long as the request
  252. * is on the waitid_list where cancelations may find it.
  253. */
  254. iw->head = &current->signal->wait_chldexit;
  255. hlist_add_head(&req->hash_node, &ctx->waitid_list);
  256. init_waitqueue_func_entry(&iwa->wo.child_wait, io_waitid_wait);
  257. iwa->wo.child_wait.private = req->tctx->task;
  258. add_wait_queue(iw->head, &iwa->wo.child_wait);
  259. ret = __do_wait(&iwa->wo);
  260. if (ret == -ERESTARTSYS) {
  261. /*
  262. * Nobody else grabbed a reference, it'll complete when we get
  263. * a waitqueue callback, or if someone cancels it.
  264. */
  265. if (!io_waitid_drop_issue_ref(req)) {
  266. io_ring_submit_unlock(ctx, issue_flags);
  267. return IOU_ISSUE_SKIP_COMPLETE;
  268. }
  269. /*
  270. * Wakeup triggered, racing with us. It was prevented from
  271. * completing because of that, queue up the tw to do that.
  272. */
  273. io_ring_submit_unlock(ctx, issue_flags);
  274. return IOU_ISSUE_SKIP_COMPLETE;
  275. }
  276. hlist_del_init(&req->hash_node);
  277. io_waitid_remove_wq(req);
  278. ret = io_waitid_finish(req, ret);
  279. io_ring_submit_unlock(ctx, issue_flags);
  280. done:
  281. if (ret < 0)
  282. req_set_fail(req);
  283. io_req_set_res(req, ret, 0);
  284. return IOU_COMPLETE;
  285. }