1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/kernel.h>
3 #include <linux/errno.h>
4 #include <linux/file.h>
5 #include <linux/io_uring.h>
6 #include <linux/security.h>
7 #include <linux/nospec.h>
8 
9 #include <uapi/linux/io_uring.h>
10 
11 #include "io_uring.h"
12 #include "rsrc.h"
13 #include "uring_cmd.h"
14 
io_uring_cmd_work(struct io_kiocb * req,bool * locked)15 static void io_uring_cmd_work(struct io_kiocb *req, bool *locked)
16 {
17 	struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd);
18 
19 	ioucmd->task_work_cb(ioucmd);
20 }
21 
io_uring_cmd_complete_in_task(struct io_uring_cmd * ioucmd,void (* task_work_cb)(struct io_uring_cmd *))22 void io_uring_cmd_complete_in_task(struct io_uring_cmd *ioucmd,
23 			void (*task_work_cb)(struct io_uring_cmd *))
24 {
25 	struct io_kiocb *req = cmd_to_io_kiocb(ioucmd);
26 
27 	ioucmd->task_work_cb = task_work_cb;
28 	req->io_task_work.func = io_uring_cmd_work;
29 	io_req_task_work_add(req);
30 }
31 EXPORT_SYMBOL_GPL(io_uring_cmd_complete_in_task);
32 
io_req_set_cqe32_extra(struct io_kiocb * req,u64 extra1,u64 extra2)33 static inline void io_req_set_cqe32_extra(struct io_kiocb *req,
34 					  u64 extra1, u64 extra2)
35 {
36 	req->extra1 = extra1;
37 	req->extra2 = extra2;
38 	req->flags |= REQ_F_CQE32_INIT;
39 }
40 
41 /*
42  * Called by consumers of io_uring_cmd, if they originally returned
43  * -EIOCBQUEUED upon receiving the command.
44  */
io_uring_cmd_done(struct io_uring_cmd * ioucmd,ssize_t ret,ssize_t res2)45 void io_uring_cmd_done(struct io_uring_cmd *ioucmd, ssize_t ret, ssize_t res2)
46 {
47 	struct io_kiocb *req = cmd_to_io_kiocb(ioucmd);
48 
49 	if (ret < 0)
50 		req_set_fail(req);
51 
52 	io_req_set_res(req, ret, 0);
53 	if (req->ctx->flags & IORING_SETUP_CQE32)
54 		io_req_set_cqe32_extra(req, res2, 0);
55 	if (req->ctx->flags & IORING_SETUP_IOPOLL)
56 		/* order with io_iopoll_req_issued() checking ->iopoll_complete */
57 		smp_store_release(&req->iopoll_completed, 1);
58 	else
59 		__io_req_complete(req, 0);
60 }
61 EXPORT_SYMBOL_GPL(io_uring_cmd_done);
62 
io_uring_cmd_prep_async(struct io_kiocb * req)63 int io_uring_cmd_prep_async(struct io_kiocb *req)
64 {
65 	struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd);
66 	size_t cmd_size;
67 
68 	BUILD_BUG_ON(uring_cmd_pdu_size(0) != 16);
69 	BUILD_BUG_ON(uring_cmd_pdu_size(1) != 80);
70 
71 	cmd_size = uring_cmd_pdu_size(req->ctx->flags & IORING_SETUP_SQE128);
72 
73 	memcpy(req->async_data, ioucmd->cmd, cmd_size);
74 	return 0;
75 }
76 
io_uring_cmd_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)77 int io_uring_cmd_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
78 {
79 	struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd);
80 
81 	if (sqe->__pad1)
82 		return -EINVAL;
83 
84 	ioucmd->flags = READ_ONCE(sqe->uring_cmd_flags);
85 	if (ioucmd->flags & ~IORING_URING_CMD_FIXED)
86 		return -EINVAL;
87 
88 	if (ioucmd->flags & IORING_URING_CMD_FIXED) {
89 		struct io_ring_ctx *ctx = req->ctx;
90 		u16 index;
91 
92 		req->buf_index = READ_ONCE(sqe->buf_index);
93 		if (unlikely(req->buf_index >= ctx->nr_user_bufs))
94 			return -EFAULT;
95 		index = array_index_nospec(req->buf_index, ctx->nr_user_bufs);
96 		req->imu = ctx->user_bufs[index];
97 		io_req_set_rsrc_node(req, ctx, 0);
98 	}
99 	ioucmd->cmd = sqe->cmd;
100 	ioucmd->cmd_op = READ_ONCE(sqe->cmd_op);
101 	return 0;
102 }
103 
io_uring_cmd(struct io_kiocb * req,unsigned int issue_flags)104 int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags)
105 {
106 	struct io_uring_cmd *ioucmd = io_kiocb_to_cmd(req, struct io_uring_cmd);
107 	struct io_ring_ctx *ctx = req->ctx;
108 	struct file *file = req->file;
109 	int ret;
110 
111 	if (!req->file->f_op->uring_cmd)
112 		return -EOPNOTSUPP;
113 
114 	ret = security_uring_cmd(ioucmd);
115 	if (ret)
116 		return ret;
117 
118 	if (ctx->flags & IORING_SETUP_SQE128)
119 		issue_flags |= IO_URING_F_SQE128;
120 	if (ctx->flags & IORING_SETUP_CQE32)
121 		issue_flags |= IO_URING_F_CQE32;
122 	if (ctx->flags & IORING_SETUP_IOPOLL) {
123 		issue_flags |= IO_URING_F_IOPOLL;
124 		req->iopoll_completed = 0;
125 		WRITE_ONCE(ioucmd->cookie, NULL);
126 	}
127 
128 	if (req_has_async_data(req))
129 		ioucmd->cmd = req->async_data;
130 
131 	ret = file->f_op->uring_cmd(ioucmd, issue_flags);
132 	if (ret == -EAGAIN) {
133 		if (!req_has_async_data(req)) {
134 			if (io_alloc_async_data(req))
135 				return -ENOMEM;
136 			io_uring_cmd_prep_async(req);
137 		}
138 		return -EAGAIN;
139 	}
140 
141 	if (ret != -EIOCBQUEUED) {
142 		if (ret < 0)
143 			req_set_fail(req);
144 		io_req_set_res(req, ret, 0);
145 		return ret;
146 	}
147 
148 	return IOU_ISSUE_SKIP_COMPLETE;
149 }
150 
io_uring_cmd_import_fixed(u64 ubuf,unsigned long len,int rw,struct iov_iter * iter,void * ioucmd)151 int io_uring_cmd_import_fixed(u64 ubuf, unsigned long len, int rw,
152 			      struct iov_iter *iter, void *ioucmd)
153 {
154 	struct io_kiocb *req = cmd_to_io_kiocb(ioucmd);
155 
156 	return io_import_fixed(rw, iter, req->imu, ubuf, len);
157 }
158 EXPORT_SYMBOL_GPL(io_uring_cmd_import_fixed);
159