Merge tag 'io_uring-5.8-2020-06-19' of git://git.kernel.dk/linux-block

struct io_cb_cancel_data {

	work_cancel_fn *fn;

	void *data;

	int nr_running;

	int nr_pending;

	bool cancel_all;

};

static bool io_wq_worker_cancel(struct io_worker *worker, void *data)

{

	struct io_cb_cancel_data *match = data;

	unsigned long flags;

	bool ret = false;

	/*

	 * Hold the lock to avoid ->cur_work going out of scope, caller

	    !(worker->cur_work->flags & IO_WQ_WORK_NO_CANCEL) &&

	    match->fn(worker->cur_work, match->data)) {

		send_sig(SIGINT, worker->task, 1);

		ret = true;

		match->nr_running++;

	}

	spin_unlock_irqrestore(&worker->lock, flags);

	return ret;

	return match->nr_running && !match->cancel_all;

}

static enum io_wq_cancel io_wqe_cancel_work(struct io_wqe *wqe,

static void io_wqe_cancel_pending_work(struct io_wqe *wqe,

				       struct io_cb_cancel_data *match)

{

	struct io_wq_work_node *node, *prev;

	struct io_wq_work *work;

	unsigned long flags;

	bool found = false;

	/*

	 * First check pending list, if we're lucky we can just remove it

	 * from there. CANCEL_OK means that the work is returned as-new,

	 * no completion will be posted for it.

	 */

retry:

	spin_lock_irqsave(&wqe->lock, flags);

	wq_list_for_each(node, prev, &wqe->work_list) {

		work = container_of(node, struct io_wq_work, list);

		if (!match->fn(work, match->data))

			continue;

		if (match->fn(work, match->data)) {

		wq_list_del(&wqe->work_list, node, prev);

			found = true;

			break;

		}

	}

		spin_unlock_irqrestore(&wqe->lock, flags);

	if (found) {

		io_run_cancel(work, wqe);

		return IO_WQ_CANCEL_OK;

		match->nr_pending++;

		if (!match->cancel_all)

			return;

		/* not safe to continue after unlock */

		goto retry;

	}

	spin_unlock_irqrestore(&wqe->lock, flags);

}

	/*

	 * Now check if a free (going busy) or busy worker has the work

	 * currently running. If we find it there, we'll return CANCEL_RUNNING

	 * as an indication that we attempt to signal cancellation. The

	 * completion will run normally in this case.

	 */

static void io_wqe_cancel_running_work(struct io_wqe *wqe,

				       struct io_cb_cancel_data *match)

{

	rcu_read_lock();

	found = io_wq_for_each_worker(wqe, io_wq_worker_cancel, match);

	io_wq_for_each_worker(wqe, io_wq_worker_cancel, match);

	rcu_read_unlock();

	return found ? IO_WQ_CANCEL_RUNNING : IO_WQ_CANCEL_NOTFOUND;

}

enum io_wq_cancel io_wq_cancel_cb(struct io_wq *wq, work_cancel_fn *cancel,

				  void *data)

				  void *data, bool cancel_all)

{

	struct io_cb_cancel_data match = {

		.fn		= cancel,

		.data		= data,

		.cancel_all	= cancel_all,

	};

	enum io_wq_cancel ret = IO_WQ_CANCEL_NOTFOUND;

	int node;

	/*

	 * First check pending list, if we're lucky we can just remove it

	 * from there. CANCEL_OK means that the work is returned as-new,

	 * no completion will be posted for it.

	 */

	for_each_node(node) {

		struct io_wqe *wqe = wq->wqes[node];

		io_wqe_cancel_pending_work(wqe, &match);

		if (match.nr_pending && !match.cancel_all)

			return IO_WQ_CANCEL_OK;

	}

	/*

	 * Now check if a free (going busy) or busy worker has the work

	 * currently running. If we find it there, we'll return CANCEL_RUNNING

	 * as an indication that we attempt to signal cancellation. The

	 * completion will run normally in this case.

	 */

	for_each_node(node) {

		struct io_wqe *wqe = wq->wqes[node];

		ret = io_wqe_cancel_work(wqe, &match);

		if (ret != IO_WQ_CANCEL_NOTFOUND)

			break;

		io_wqe_cancel_running_work(wqe, &match);

		if (match.nr_running && !match.cancel_all)

			return IO_WQ_CANCEL_RUNNING;

	}

	return ret;

	if (match.nr_running)

		return IO_WQ_CANCEL_RUNNING;

	if (match.nr_pending)

		return IO_WQ_CANCEL_OK;

	return IO_WQ_CANCEL_NOTFOUND;

}

static bool io_wq_io_cb_cancel_data(struct io_wq_work *work, void *data)

enum io_wq_cancel io_wq_cancel_work(struct io_wq *wq, struct io_wq_work *cwork)

{

	return io_wq_cancel_cb(wq, io_wq_io_cb_cancel_data, (void *)cwork);

}

static bool io_wq_pid_match(struct io_wq_work *work, void *data)

{

	pid_t pid = (pid_t) (unsigned long) data;

	return work->task_pid == pid;

}

enum io_wq_cancel io_wq_cancel_pid(struct io_wq *wq, pid_t pid)

{

	void *data = (void *) (unsigned long) pid;

	return io_wq_cancel_cb(wq, io_wq_pid_match, data);

	return io_wq_cancel_cb(wq, io_wq_io_cb_cancel_data, (void *)cwork, false);

}

struct io_wq *io_wq_create(unsigned bounded, struct io_wq_data *data)

	const struct cred *creds;

	struct fs_struct *fs;

	unsigned flags;

	pid_t task_pid;

};

static inline struct io_wq_work *wq_next_work(struct io_wq_work *work)

void io_wq_cancel_all(struct io_wq *wq);

enum io_wq_cancel io_wq_cancel_work(struct io_wq *wq, struct io_wq_work *cwork);

enum io_wq_cancel io_wq_cancel_pid(struct io_wq *wq, pid_t pid);

typedef bool (work_cancel_fn)(struct io_wq_work *, void *);

enum io_wq_cancel io_wq_cancel_cb(struct io_wq *wq, work_cancel_fn *cancel,

					void *data);

					void *data, bool cancel_all);

struct task_struct *io_wq_get_task(struct io_wq *wq);

	REQ_F_NO_FILE_TABLE_BIT,

	REQ_F_QUEUE_TIMEOUT_BIT,

	REQ_F_WORK_INITIALIZED_BIT,

	REQ_F_TASK_PINNED_BIT,

	/* not a real bit, just to check we're not overflowing the space */

	__REQ_F_LAST_BIT,

	REQ_F_QUEUE_TIMEOUT	= BIT(REQ_F_QUEUE_TIMEOUT_BIT),

	/* io_wq_work is initialized */

	REQ_F_WORK_INITIALIZED	= BIT(REQ_F_WORK_INITIALIZED_BIT),

	/* req->task is refcounted */

	REQ_F_TASK_PINNED	= BIT(REQ_F_TASK_PINNED_BIT),

};

struct async_poll {

}

EXPORT_SYMBOL(io_uring_get_socket);

static void io_get_req_task(struct io_kiocb *req)

{

	if (req->flags & REQ_F_TASK_PINNED)

		return;

	get_task_struct(req->task);

	req->flags |= REQ_F_TASK_PINNED;

}

/* not idempotent -- it doesn't clear REQ_F_TASK_PINNED */

static void __io_put_req_task(struct io_kiocb *req)

{

	if (req->flags & REQ_F_TASK_PINNED)

		put_task_struct(req->task);

}

static void io_file_put_work(struct work_struct *work);

/*

		}

		spin_unlock(&current->fs->lock);

	}

	if (!req->work.task_pid)

		req->work.task_pid = task_pid_vnr(current);

}

static inline void io_req_work_drop_env(struct io_kiocb *req)

			req->work.flags |= IO_WQ_WORK_UNBOUND;

	}

	io_req_init_async(req);

	io_req_work_grab_env(req, def);

	*link = io_prep_linked_timeout(req);

	kfree(req->io);

	if (req->file)

		io_put_file(req, req->file, (req->flags & REQ_F_FIXED_FILE));

	if (req->task)

		put_task_struct(req->task);

	__io_put_req_task(req);

	io_req_work_drop_env(req);

}

	return cflags;

}

static void io_iopoll_queue(struct list_head *again)

{

	struct io_kiocb *req;

	do {

		req = list_first_entry(again, struct io_kiocb, list);

		list_del(&req->list);

		refcount_inc(&req->refs);

		io_queue_async_work(req);

	} while (!list_empty(again));

}

/*

 * Find and free completed poll iocbs

 */

{

	struct req_batch rb;

	struct io_kiocb *req;

	LIST_HEAD(again);

	/* order with ->result store in io_complete_rw_iopoll() */

	smp_rmb();

	rb.to_free = rb.need_iter = 0;

	while (!list_empty(done)) {

		int cflags = 0;

		req = list_first_entry(done, struct io_kiocb, list);

		if (READ_ONCE(req->result) == -EAGAIN) {

			req->iopoll_completed = 0;

			list_move_tail(&req->list, &again);

			continue;

		}

		list_del(&req->list);

		if (req->flags & REQ_F_BUFFER_SELECTED)

	if (ctx->flags & IORING_SETUP_SQPOLL)

		io_cqring_ev_posted(ctx);

	io_free_req_many(ctx, &rb);

}

static void io_iopoll_queue(struct list_head *again)

{

	struct io_kiocb *req;

	do {

		req = list_first_entry(again, struct io_kiocb, list);

		list_del(&req->list);

		refcount_inc(&req->refs);

		io_queue_async_work(req);

	} while (!list_empty(again));

	if (!list_empty(&again))

		io_iopoll_queue(&again);

}

static int io_do_iopoll(struct io_ring_ctx *ctx, unsigned int *nr_events,

{

	struct io_kiocb *req, *tmp;

	LIST_HEAD(done);

	LIST_HEAD(again);

	bool spin;

	int ret;

		if (!list_empty(&done))

			break;

		if (req->result == -EAGAIN) {

			list_move_tail(&req->list, &again);

			continue;

		}

		if (!list_empty(&again))

			break;

		ret = kiocb->ki_filp->f_op->iopoll(kiocb, spin);

		if (ret < 0)

			break;

	if (!list_empty(&done))

		io_iopoll_complete(ctx, nr_events, &done);

	if (!list_empty(&again))

		io_iopoll_queue(&again);

	return ret;

}

	if (kiocb->ki_flags & IOCB_WRITE)

		kiocb_end_write(req);

	if (res != req->result)

	if (res != -EAGAIN && res != req->result)

		req_set_fail_links(req);

	req->result = res;

	if (res != -EAGAIN)

	WRITE_ONCE(req->result, res);

	/* order with io_poll_complete() checking ->result */

	if (res != -EAGAIN) {

		smp_wmb();

		WRITE_ONCE(req->iopoll_completed, 1);

	}

}

/*

 * After the iocb has been issued, it's safe to be found on the poll list.

		}

	}

out_free:

	if (!(req->flags & REQ_F_NEED_CLEANUP))

		kfree(iovec);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	return ret;

}

		}

	}

out_free:

	req->flags &= ~REQ_F_NEED_CLEANUP;

	if (!(req->flags & REQ_F_NEED_CLEANUP))

		kfree(iovec);

	return ret;

}

	__io_queue_proc(&pt->req->apoll->poll, pt, head);

}

static void io_sq_thread_drop_mm(struct io_ring_ctx *ctx)

{

	struct mm_struct *mm = current->mm;

	if (mm) {

		kthread_unuse_mm(mm);

		mmput(mm);

	}

}

static int io_sq_thread_acquire_mm(struct io_ring_ctx *ctx,

				   struct io_kiocb *req)

{

	if (io_op_defs[req->opcode].needs_mm && !current->mm) {

		if (unlikely(!mmget_not_zero(ctx->sqo_mm)))

			return -EFAULT;

		kthread_use_mm(ctx->sqo_mm);

	}

	return 0;

}

static void io_async_task_func(struct callback_head *cb)

{

	struct io_kiocb *req = container_of(cb, struct io_kiocb, task_work);

	if (!canceled) {

		__set_current_state(TASK_RUNNING);

		if (io_sq_thread_acquire_mm(ctx, req)) {

			io_cqring_add_event(req, -EFAULT);

			goto end_req;

		}

		mutex_lock(&ctx->uring_lock);

		__io_queue_sqe(req, NULL);

		mutex_unlock(&ctx->uring_lock);

	} else {

		io_cqring_ev_posted(ctx);

end_req:

		req_set_fail_links(req);

		io_double_put_req(req);

	}

		memcpy(&apoll->work, &req->work, sizeof(req->work));

	had_io = req->io != NULL;

	get_task_struct(current);

	req->task = current;

	io_get_req_task(req);

	req->apoll = apoll;

	INIT_HLIST_NODE(&req->hash_node);

	events = READ_ONCE(sqe->poll_events);

	poll->events = demangle_poll(events) | EPOLLERR | EPOLLHUP;

	get_task_struct(current);

	req->task = current;

	io_get_req_task(req);

	return 0;

}

	enum io_wq_cancel cancel_ret;

	int ret = 0;

	cancel_ret = io_wq_cancel_cb(ctx->io_wq, io_cancel_cb, sqe_addr);

	cancel_ret = io_wq_cancel_cb(ctx->io_wq, io_cancel_cb, sqe_addr, false);

	switch (cancel_ret) {

	case IO_WQ_CANCEL_OK:

		ret = 0;

	req->flags = 0;

	/* one is dropped after submission, the other at completion */

	refcount_set(&req->refs, 2);

	req->task = NULL;

	req->task = current;

	req->result = 0;

	if (unlikely(req->opcode >= IORING_OP_LAST))

		return -EINVAL;

	if (io_op_defs[req->opcode].needs_mm && !current->mm) {

		if (unlikely(!mmget_not_zero(ctx->sqo_mm)))

	if (unlikely(io_sq_thread_acquire_mm(ctx, req)))

		return -EFAULT;

		kthread_use_mm(ctx->sqo_mm);

	}

	sqe_flags = READ_ONCE(sqe->flags);

	/* enforce forwards compatibility on users */

	return submitted;

}

static inline void io_sq_thread_drop_mm(struct io_ring_ctx *ctx)

{

	struct mm_struct *mm = current->mm;

	if (mm) {

		kthread_unuse_mm(mm);

		mmput(mm);

	}

}

static int io_sq_thread(void *data)

{

	struct io_ring_ctx *ctx = data;

	if (ctx->rings)

		io_cqring_overflow_flush(ctx, true);

	wait_for_completion(&ctx->ref_comp);

	/*

	 * If we're doing polled IO and end up having requests being

	 * submitted async (out-of-line), then completions can come in while

	 * we're waiting for refs to drop. We need to reap these manually,

	 * as nobody else will be looking for them.

	 */

	while (!wait_for_completion_timeout(&ctx->ref_comp, HZ/20)) {

		io_iopoll_reap_events(ctx);

		if (ctx->rings)

			io_cqring_overflow_flush(ctx, true);

	}

	io_ring_ctx_free(ctx);

}

	return 0;

}

static bool io_wq_files_match(struct io_wq_work *work, void *data)

{

	struct files_struct *files = data;

	return work->files == files;

}

static void io_uring_cancel_files(struct io_ring_ctx *ctx,

				  struct files_struct *files)

{

	if (list_empty_careful(&ctx->inflight_list))

		return;

	/* cancel all at once, should be faster than doing it one by one*/

	io_wq_cancel_cb(ctx->io_wq, io_wq_files_match, files, true);

	while (!list_empty_careful(&ctx->inflight_list)) {

		struct io_kiocb *cancel_req = NULL, *req;

		DEFINE_WAIT(wait);

	}

}

static bool io_cancel_task_cb(struct io_wq_work *work, void *data)

{

	struct io_kiocb *req = container_of(work, struct io_kiocb, work);

	struct task_struct *task = data;

	return req->task == task;

}

static int io_uring_flush(struct file *file, void *data)

{

	struct io_ring_ctx *ctx = file->private_data;

	 * If the task is going away, cancel work it may have pending

	 */

	if (fatal_signal_pending(current) || (current->flags & PF_EXITING))

		io_wq_cancel_pid(ctx->io_wq, task_pid_vnr(current));

		io_wq_cancel_cb(ctx->io_wq, io_cancel_task_cb, current, true);

	return 0;

}