|  | // SPDX-License-Identifier: GPL-2.0 | 
|  | #include <linux/kernel.h> | 
|  | #include <linux/errno.h> | 
|  | #include <linux/file.h> | 
|  | #include <linux/io_uring.h> | 
|  | #include <linux/security.h> | 
|  | #include <linux/nospec.h> | 
|  |  | 
|  | #include <uapi/linux/io_uring.h> | 
|  | #include <uapi/asm-generic/ioctls.h> | 
|  |  | 
|  | #include "io_uring.h" | 
|  | #include "rsrc.h" | 
|  | #include "uring_cmd.h" | 
|  |  | 
|  | static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd, | 
|  | unsigned int issue_flags) | 
|  | { | 
|  | struct io_kiocb *req = cmd_to_io_kiocb(cmd); | 
|  | struct io_ring_ctx *ctx = req->ctx; | 
|  |  | 
|  | if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) | 
|  | return; | 
|  |  | 
|  | cmd->flags &= ~IORING_URING_CMD_CANCELABLE; | 
|  | io_ring_submit_lock(ctx, issue_flags); | 
|  | hlist_del(&req->hash_node); | 
|  | io_ring_submit_unlock(ctx, issue_flags); | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Mark this command as concelable, then io_uring_try_cancel_uring_cmd() | 
|  | * will try to cancel this issued command by sending ->uring_cmd() with | 
|  | * issue_flags of IO_URING_F_CANCEL. | 
|  | * | 
|  | * The command is guaranteed to not be done when calling ->uring_cmd() | 
|  | * with IO_URING_F_CANCEL, but it is driver's responsibility to deal | 
|  | * with race between io_uring canceling and normal completion. | 
|  | */ | 
|  | void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd, | 
|  | unsigned int issue_flags) | 
|  | { | 
|  | struct io_kiocb *req = cmd_to_io_kiocb(cmd); | 
|  | struct io_ring_ctx *ctx = req->ctx; | 
|  |  | 
|  | if (!(cmd->flags & IORING_URING_CMD_CANCELABLE)) { | 
|  | cmd->flags |= IORING_URING_CMD_CANCELABLE; | 
|  | io_ring_submit_lock(ctx, issue_flags); | 
|  | hlist_add_head(&req->hash_node, &ctx->cancelable_uring_cmd); | 
|  | io_ring_submit_unlock(ctx, issue_flags); | 
|  | } | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_mark_cancelable); | 
|  |  | 
|  | struct task_struct *io_uring_cmd_get_task(struct io_uring_cmd *cmd) | 
|  | { | 
|  | return cmd_to_io_kiocb(cmd)->task; | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_get_task); | 
|  |  | 
|  | static void io_uring_cmd_work(struct io_kiocb *req, struct io_tw_state *ts) | 
|  | { | 
|  | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); | 
|  | unsigned issue_flags = ts->locked ? 0 : IO_URING_F_UNLOCKED; | 
|  |  | 
|  | ioucmd->task_work_cb(ioucmd, issue_flags); | 
|  | } | 
|  |  | 
|  | void __io_uring_cmd_do_in_task(struct io_uring_cmd *ioucmd, | 
|  | void (*task_work_cb)(struct io_uring_cmd *, unsigned), | 
|  | unsigned flags) | 
|  | { | 
|  | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); | 
|  |  | 
|  | ioucmd->task_work_cb = task_work_cb; | 
|  | req->io_task_work.func = io_uring_cmd_work; | 
|  | __io_req_task_work_add(req, flags); | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(__io_uring_cmd_do_in_task); | 
|  |  | 
|  | void io_uring_cmd_do_in_task_lazy(struct io_uring_cmd *ioucmd, | 
|  | void (*task_work_cb)(struct io_uring_cmd *, unsigned)) | 
|  | { | 
|  | __io_uring_cmd_do_in_task(ioucmd, task_work_cb, IOU_F_TWQ_LAZY_WAKE); | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_do_in_task_lazy); | 
|  |  | 
|  | static inline void io_req_set_cqe32_extra(struct io_kiocb *req, | 
|  | u64 extra1, u64 extra2) | 
|  | { | 
|  | req->big_cqe.extra1 = extra1; | 
|  | req->big_cqe.extra2 = extra2; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Called by consumers of io_uring_cmd, if they originally returned | 
|  | * -EIOCBQUEUED upon receiving the command. | 
|  | */ | 
|  | void io_uring_cmd_done(struct io_uring_cmd *ioucmd, ssize_t ret, ssize_t res2, | 
|  | unsigned issue_flags) | 
|  | { | 
|  | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); | 
|  |  | 
|  | io_uring_cmd_del_cancelable(ioucmd, issue_flags); | 
|  |  | 
|  | if (ret < 0) | 
|  | req_set_fail(req); | 
|  |  | 
|  | io_req_set_res(req, ret, 0); | 
|  | if (req->ctx->flags & IORING_SETUP_CQE32) | 
|  | io_req_set_cqe32_extra(req, res2, 0); | 
|  | if (req->ctx->flags & IORING_SETUP_IOPOLL) { | 
|  | /* order with io_iopoll_req_issued() checking ->iopoll_complete */ | 
|  | smp_store_release(&req->iopoll_completed, 1); | 
|  | } else { | 
|  | struct io_tw_state ts = { | 
|  | .locked = !(issue_flags & IO_URING_F_UNLOCKED), | 
|  | }; | 
|  | io_req_task_complete(req, &ts); | 
|  | } | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_done); | 
|  |  | 
|  | int io_uring_cmd_prep_async(struct io_kiocb *req) | 
|  | { | 
|  | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); | 
|  |  | 
|  | memcpy(req->async_data, ioucmd->sqe, uring_sqe_size(req->ctx)); | 
|  | ioucmd->sqe = req->async_data; | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | int io_uring_cmd_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) | 
|  | { | 
|  | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); | 
|  |  | 
|  | if (sqe->__pad1) | 
|  | return -EINVAL; | 
|  |  | 
|  | ioucmd->flags = READ_ONCE(sqe->uring_cmd_flags); | 
|  | if (ioucmd->flags & ~IORING_URING_CMD_MASK) | 
|  | return -EINVAL; | 
|  |  | 
|  | if (ioucmd->flags & IORING_URING_CMD_FIXED) { | 
|  | struct io_ring_ctx *ctx = req->ctx; | 
|  | u16 index; | 
|  |  | 
|  | req->buf_index = READ_ONCE(sqe->buf_index); | 
|  | if (unlikely(req->buf_index >= ctx->nr_user_bufs)) | 
|  | return -EFAULT; | 
|  | index = array_index_nospec(req->buf_index, ctx->nr_user_bufs); | 
|  | req->imu = ctx->user_bufs[index]; | 
|  | io_req_set_rsrc_node(req, ctx, 0); | 
|  | } | 
|  | ioucmd->sqe = sqe; | 
|  | ioucmd->cmd_op = READ_ONCE(sqe->cmd_op); | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags) | 
|  | { | 
|  | struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd); | 
|  | struct io_ring_ctx *ctx = req->ctx; | 
|  | struct file *file = req->file; | 
|  | int ret; | 
|  |  | 
|  | if (!file->f_op->uring_cmd) | 
|  | return -EOPNOTSUPP; | 
|  |  | 
|  | ret = security_uring_cmd(ioucmd); | 
|  | if (ret) | 
|  | return ret; | 
|  |  | 
|  | if (ctx->flags & IORING_SETUP_SQE128) | 
|  | issue_flags |= IO_URING_F_SQE128; | 
|  | if (ctx->flags & IORING_SETUP_CQE32) | 
|  | issue_flags |= IO_URING_F_CQE32; | 
|  | if (ctx->compat) | 
|  | issue_flags |= IO_URING_F_COMPAT; | 
|  | if (ctx->flags & IORING_SETUP_IOPOLL) { | 
|  | if (!file->f_op->uring_cmd_iopoll) | 
|  | return -EOPNOTSUPP; | 
|  | issue_flags |= IO_URING_F_IOPOLL; | 
|  | req->iopoll_completed = 0; | 
|  | WRITE_ONCE(ioucmd->cookie, NULL); | 
|  | } | 
|  |  | 
|  | ret = file->f_op->uring_cmd(ioucmd, issue_flags); | 
|  | if (ret == -EAGAIN) { | 
|  | if (!req_has_async_data(req)) { | 
|  | if (io_alloc_async_data(req)) | 
|  | return -ENOMEM; | 
|  | io_uring_cmd_prep_async(req); | 
|  | } | 
|  | return -EAGAIN; | 
|  | } | 
|  |  | 
|  | if (ret != -EIOCBQUEUED) { | 
|  | if (ret < 0) | 
|  | req_set_fail(req); | 
|  | io_req_set_res(req, ret, 0); | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | return IOU_ISSUE_SKIP_COMPLETE; | 
|  | } | 
|  |  | 
|  | int io_uring_cmd_import_fixed(u64 ubuf, unsigned long len, int rw, | 
|  | struct iov_iter *iter, void *ioucmd) | 
|  | { | 
|  | struct io_kiocb *req = cmd_to_io_kiocb(ioucmd); | 
|  |  | 
|  | return io_import_fixed(rw, iter, req->imu, ubuf, len); | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_import_fixed); | 
|  |  | 
|  | static inline int io_uring_cmd_getsockopt(struct socket *sock, | 
|  | struct io_uring_cmd *cmd, | 
|  | unsigned int issue_flags) | 
|  | { | 
|  | bool compat = !!(issue_flags & IO_URING_F_COMPAT); | 
|  | int optlen, optname, level, err; | 
|  | void __user *optval; | 
|  |  | 
|  | level = READ_ONCE(cmd->sqe->level); | 
|  | if (level != SOL_SOCKET) | 
|  | return -EOPNOTSUPP; | 
|  |  | 
|  | optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); | 
|  | optname = READ_ONCE(cmd->sqe->optname); | 
|  | optlen = READ_ONCE(cmd->sqe->optlen); | 
|  |  | 
|  | err = do_sock_getsockopt(sock, compat, level, optname, | 
|  | USER_SOCKPTR(optval), | 
|  | KERNEL_SOCKPTR(&optlen)); | 
|  | if (err) | 
|  | return err; | 
|  |  | 
|  | /* On success, return optlen */ | 
|  | return optlen; | 
|  | } | 
|  |  | 
|  | static inline int io_uring_cmd_setsockopt(struct socket *sock, | 
|  | struct io_uring_cmd *cmd, | 
|  | unsigned int issue_flags) | 
|  | { | 
|  | bool compat = !!(issue_flags & IO_URING_F_COMPAT); | 
|  | int optname, optlen, level; | 
|  | void __user *optval; | 
|  | sockptr_t optval_s; | 
|  |  | 
|  | optval = u64_to_user_ptr(READ_ONCE(cmd->sqe->optval)); | 
|  | optname = READ_ONCE(cmd->sqe->optname); | 
|  | optlen = READ_ONCE(cmd->sqe->optlen); | 
|  | level = READ_ONCE(cmd->sqe->level); | 
|  | optval_s = USER_SOCKPTR(optval); | 
|  |  | 
|  | return do_sock_setsockopt(sock, compat, level, optname, optval_s, | 
|  | optlen); | 
|  | } | 
|  |  | 
|  | #if defined(CONFIG_NET) | 
|  | int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags) | 
|  | { | 
|  | struct socket *sock = cmd->file->private_data; | 
|  | struct sock *sk = sock->sk; | 
|  | struct proto *prot = READ_ONCE(sk->sk_prot); | 
|  | int ret, arg = 0; | 
|  |  | 
|  | if (!prot || !prot->ioctl) | 
|  | return -EOPNOTSUPP; | 
|  |  | 
|  | switch (cmd->sqe->cmd_op) { | 
|  | case SOCKET_URING_OP_SIOCINQ: | 
|  | ret = prot->ioctl(sk, SIOCINQ, &arg); | 
|  | if (ret) | 
|  | return ret; | 
|  | return arg; | 
|  | case SOCKET_URING_OP_SIOCOUTQ: | 
|  | ret = prot->ioctl(sk, SIOCOUTQ, &arg); | 
|  | if (ret) | 
|  | return ret; | 
|  | return arg; | 
|  | case SOCKET_URING_OP_GETSOCKOPT: | 
|  | return io_uring_cmd_getsockopt(sock, cmd, issue_flags); | 
|  | case SOCKET_URING_OP_SETSOCKOPT: | 
|  | return io_uring_cmd_setsockopt(sock, cmd, issue_flags); | 
|  | default: | 
|  | return -EOPNOTSUPP; | 
|  | } | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(io_uring_cmd_sock); | 
|  | #endif |