Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / be539c73b54dcc9f54fb2c2b70e204c93b616c9b / . / fs / aio.c
blob: a82214d2e46d81c56a8e3858e9af427758e8cd49 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 * An async IO implementation for Linux
3 * Written by Benjamin LaHaise <bcrl@kvack.org>
4 *
5 * Implements an efficient asynchronous io interface.
6 *
7 * Copyright 2000, 2001, 2002 Red Hat, Inc. All Rights Reserved.
8 *
9 * See ../COPYING for licensing terms.
10 */
11#include <linux/kernel.h>
12#include <linux/init.h>
13#include <linux/errno.h>
14#include <linux/time.h>
15#include <linux/aio_abi.h>
16#include <linux/module.h>
17#include <linux/syscalls.h>
18
19#define DEBUG 0
20
21#include <linux/sched.h>
22#include <linux/fs.h>
23#include <linux/file.h>
24#include <linux/mm.h>
25#include <linux/mman.h>
26#include <linux/slab.h>
27#include <linux/timer.h>
28#include <linux/aio.h>
29#include <linux/highmem.h>
30#include <linux/workqueue.h>
31#include <linux/security.h>
32
33#include <asm/kmap_types.h>
34#include <asm/uaccess.h>
35#include <asm/mmu_context.h>
36
37#if DEBUG > 1
38#define dprintk printk
39#else
40#define dprintk(x...) do { ; } while (0)
41#endif
42
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]43static long aio_run = 0; /* for testing only */
44static long aio_wakeups = 0; /* for testing only */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]45
46/*------ sysctl variables----*/
47atomic_t aio_nr = ATOMIC_INIT(0); /* current system wide number of aio requests */
48unsigned aio_max_nr = 0x10000; /* system wide maximum number of aio requests */
49/*----end sysctl variables---*/
50
51static kmem_cache_t *kiocb_cachep;
52static kmem_cache_t *kioctx_cachep;
53
54static struct workqueue_struct *aio_wq;
55
56/* Used for rare fput completion. */
57static void aio_fput_routine(void *);
58static DECLARE_WORK(fput_work, aio_fput_routine, NULL);
59
60static DEFINE_SPINLOCK(fput_lock);
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]61static LIST_HEAD(fput_head);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]62
63static void aio_kick_handler(void *);
64
65/* aio_setup
66 * Creates the slab caches used by the aio routines, panic on
67 * failure as this is done early during the boot sequence.
68 */
69static int __init aio_setup(void)
70{
71 kiocb_cachep = kmem_cache_create("kiocb", sizeof(struct kiocb),
72 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
73 kioctx_cachep = kmem_cache_create("kioctx", sizeof(struct kioctx),
74 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
75
76 aio_wq = create_workqueue("aio");
77
78 pr_debug("aio_setup: sizeof(struct page) = %d\n", (int)sizeof(struct page));
79
80 return 0;
81}
82
83static void aio_free_ring(struct kioctx *ctx)
84{
85 struct aio_ring_info *info = &ctx->ring_info;
86 long i;
87
88 for (i=0; i<info->nr_pages; i++)
89 put_page(info->ring_pages[i]);
90
91 if (info->mmap_size) {
92 down_write(&ctx->mm->mmap_sem);
93 do_munmap(ctx->mm, info->mmap_base, info->mmap_size);
94 up_write(&ctx->mm->mmap_sem);
95 }
96
97 if (info->ring_pages && info->ring_pages != info->internal_pages)
98 kfree(info->ring_pages);
99 info->ring_pages = NULL;
100 info->nr = 0;
101}
102
103static int aio_setup_ring(struct kioctx *ctx)
104{
105 struct aio_ring *ring;
106 struct aio_ring_info *info = &ctx->ring_info;
107 unsigned nr_events = ctx->max_reqs;
108 unsigned long size;
109 int nr_pages;
110
111 /* Compensate for the ring buffer's head/tail overlap entry */
112 nr_events += 2; /* 1 is required, 2 for good luck */
113
114 size = sizeof(struct aio_ring);
115 size += sizeof(struct io_event) * nr_events;
116 nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
117
118 if (nr_pages < 0)
119 return -EINVAL;
120
121 nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
122
123 info->nr = 0;
124 info->ring_pages = info->internal_pages;
125 if (nr_pages > AIO_RING_PAGES) {
126 info->ring_pages = kmalloc(sizeof(struct page *) * nr_pages, GFP_KERNEL);
127 if (!info->ring_pages)
128 return -ENOMEM;
129 memset(info->ring_pages, 0, sizeof(struct page *) * nr_pages);
130 }
131
132 info->mmap_size = nr_pages * PAGE_SIZE;
133 dprintk("attempting mmap of %lu bytes\n", info->mmap_size);
134 down_write(&ctx->mm->mmap_sem);
135 info->mmap_base = do_mmap(NULL, 0, info->mmap_size,
136 PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE,
137 0);
138 if (IS_ERR((void *)info->mmap_base)) {
139 up_write(&ctx->mm->mmap_sem);
140 printk("mmap err: %ld\n", -info->mmap_base);
141 info->mmap_size = 0;
142 aio_free_ring(ctx);
143 return -EAGAIN;
144 }
145
146 dprintk("mmap address: 0x%08lx\n", info->mmap_base);
147 info->nr_pages = get_user_pages(current, ctx->mm,
148 info->mmap_base, nr_pages,
149 1, 0, info->ring_pages, NULL);
150 up_write(&ctx->mm->mmap_sem);
151
152 if (unlikely(info->nr_pages != nr_pages)) {
153 aio_free_ring(ctx);
154 return -EAGAIN;
155 }
156
157 ctx->user_id = info->mmap_base;
158
159 info->nr = nr_events; /* trusted copy */
160
161 ring = kmap_atomic(info->ring_pages[0], KM_USER0);
162 ring->nr = nr_events; /* user copy */
163 ring->id = ctx->user_id;
164 ring->head = ring->tail = 0;
165 ring->magic = AIO_RING_MAGIC;
166 ring->compat_features = AIO_RING_COMPAT_FEATURES;
167 ring->incompat_features = AIO_RING_INCOMPAT_FEATURES;
168 ring->header_length = sizeof(struct aio_ring);
169 kunmap_atomic(ring, KM_USER0);
170
171 return 0;
172}
173
174
175/* aio_ring_event: returns a pointer to the event at the given index from
176 * kmap_atomic(, km). Release the pointer with put_aio_ring_event();
177 */
178#define AIO_EVENTS_PER_PAGE (PAGE_SIZE / sizeof(struct io_event))
179#define AIO_EVENTS_FIRST_PAGE ((PAGE_SIZE - sizeof(struct aio_ring)) / sizeof(struct io_event))
180#define AIO_EVENTS_OFFSET (AIO_EVENTS_PER_PAGE - AIO_EVENTS_FIRST_PAGE)
181
182#define aio_ring_event(info, nr, km) ({ \
183 unsigned pos = (nr) + AIO_EVENTS_OFFSET; \
184 struct io_event *__event; \
185 __event = kmap_atomic( \
186 (info)->ring_pages[pos / AIO_EVENTS_PER_PAGE], km); \
187 __event += pos % AIO_EVENTS_PER_PAGE; \
188 __event; \
189})
190
191#define put_aio_ring_event(event, km) do { \
192 struct io_event *__event = (event); \
193 (void)__event; \
194 kunmap_atomic((void *)((unsigned long)__event & PAGE_MASK), km); \
195} while(0)
196
197/* ioctx_alloc
198 * Allocates and initializes an ioctx. Returns an ERR_PTR if it failed.
199 */
200static struct kioctx *ioctx_alloc(unsigned nr_events)
201{
202 struct mm_struct *mm;
203 struct kioctx *ctx;
204
205 /* Prevent overflows */
206 if ((nr_events > (0x10000000U / sizeof(struct io_event))) ||
207 (nr_events > (0x10000000U / sizeof(struct kiocb)))) {
208 pr_debug("ENOMEM: nr_events too high\n");
209 return ERR_PTR(-EINVAL);
210 }
211
212 if (nr_events > aio_max_nr)
213 return ERR_PTR(-EAGAIN);
214
215 ctx = kmem_cache_alloc(kioctx_cachep, GFP_KERNEL);
216 if (!ctx)
217 return ERR_PTR(-ENOMEM);
218
219 memset(ctx, 0, sizeof(*ctx));
220 ctx->max_reqs = nr_events;
221 mm = ctx->mm = current->mm;
222 atomic_inc(&mm->mm_count);
223
224 atomic_set(&ctx->users, 1);
225 spin_lock_init(&ctx->ctx_lock);
226 spin_lock_init(&ctx->ring_info.ring_lock);
227 init_waitqueue_head(&ctx->wait);
228
229 INIT_LIST_HEAD(&ctx->active_reqs);
230 INIT_LIST_HEAD(&ctx->run_list);
231 INIT_WORK(&ctx->wq, aio_kick_handler, ctx);
232
233 if (aio_setup_ring(ctx) < 0)
234 goto out_freectx;
235
236 /* limit the number of system wide aios */
237 atomic_add(ctx->max_reqs, &aio_nr); /* undone by __put_ioctx */
238 if (unlikely(atomic_read(&aio_nr) > aio_max_nr))
239 goto out_cleanup;
240
241 /* now link into global list. kludge. FIXME */
242 write_lock(&mm->ioctx_list_lock);
243 ctx->next = mm->ioctx_list;
244 mm->ioctx_list = ctx;
245 write_unlock(&mm->ioctx_list_lock);
246
247 dprintk("aio: allocated ioctx %p[%ld]: mm=%p mask=0x%x\n",
248 ctx, ctx->user_id, current->mm, ctx->ring_info.nr);
249 return ctx;
250
251out_cleanup:
252 atomic_sub(ctx->max_reqs, &aio_nr);
253 ctx->max_reqs = 0; /* prevent __put_ioctx from sub'ing aio_nr */
254 __put_ioctx(ctx);
255 return ERR_PTR(-EAGAIN);
256
257out_freectx:
258 mmdrop(mm);
259 kmem_cache_free(kioctx_cachep, ctx);
260 ctx = ERR_PTR(-ENOMEM);
261
262 dprintk("aio: error allocating ioctx %p\n", ctx);
263 return ctx;
264}
265
266/* aio_cancel_all
267 * Cancels all outstanding aio requests on an aio context. Used
268 * when the processes owning a context have all exited to encourage
269 * the rapid destruction of the kioctx.
270 */
271static void aio_cancel_all(struct kioctx *ctx)
272{
273 int (*cancel)(struct kiocb *, struct io_event *);
274 struct io_event res;
275 spin_lock_irq(&ctx->ctx_lock);
276 ctx->dead = 1;
277 while (!list_empty(&ctx->active_reqs)) {
278 struct list_head *pos = ctx->active_reqs.next;
279 struct kiocb *iocb = list_kiocb(pos);
280 list_del_init(&iocb->ki_list);
281 cancel = iocb->ki_cancel;
282 kiocbSetCancelled(iocb);
283 if (cancel) {
284 iocb->ki_users++;
285 spin_unlock_irq(&ctx->ctx_lock);
286 cancel(iocb, &res);
287 spin_lock_irq(&ctx->ctx_lock);
288 }
289 }
290 spin_unlock_irq(&ctx->ctx_lock);
291}
292
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]293static void wait_for_all_aios(struct kioctx *ctx)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]294{
295 struct task_struct *tsk = current;
296 DECLARE_WAITQUEUE(wait, tsk);
297
298 if (!ctx->reqs_active)
299 return;
300
301 add_wait_queue(&ctx->wait, &wait);
302 set_task_state(tsk, TASK_UNINTERRUPTIBLE);
303 while (ctx->reqs_active) {
304 schedule();
305 set_task_state(tsk, TASK_UNINTERRUPTIBLE);
306 }
307 __set_task_state(tsk, TASK_RUNNING);
308 remove_wait_queue(&ctx->wait, &wait);
309}
310
311/* wait_on_sync_kiocb:
312 * Waits on the given sync kiocb to complete.
313 */
314ssize_t fastcall wait_on_sync_kiocb(struct kiocb *iocb)
315{
316 while (iocb->ki_users) {
317 set_current_state(TASK_UNINTERRUPTIBLE);
318 if (!iocb->ki_users)
319 break;
320 schedule();
321 }
322 __set_current_state(TASK_RUNNING);
323 return iocb->ki_user_data;
324}
325
326/* exit_aio: called when the last user of mm goes away. At this point,
327 * there is no way for any new requests to be submited or any of the
328 * io_* syscalls to be called on the context. However, there may be
329 * outstanding requests which hold references to the context; as they
330 * go away, they will call put_ioctx and release any pinned memory
331 * associated with the request (held via struct page * references).
332 */
333void fastcall exit_aio(struct mm_struct *mm)
334{
335 struct kioctx *ctx = mm->ioctx_list;
336 mm->ioctx_list = NULL;
337 while (ctx) {
338 struct kioctx *next = ctx->next;
339 ctx->next = NULL;
340 aio_cancel_all(ctx);
341
342 wait_for_all_aios(ctx);
343 /*
344 * this is an overkill, but ensures we don't leave
345 * the ctx on the aio_wq
346 */
347 flush_workqueue(aio_wq);
348
349 if (1 != atomic_read(&ctx->users))
350 printk(KERN_DEBUG
351 "exit_aio:ioctx still alive: %d %d %d\n",
352 atomic_read(&ctx->users), ctx->dead,
353 ctx->reqs_active);
354 put_ioctx(ctx);
355 ctx = next;
356 }
357}
358
359/* __put_ioctx
360 * Called when the last user of an aio context has gone away,
361 * and the struct needs to be freed.
362 */
363void fastcall __put_ioctx(struct kioctx *ctx)
364{
365 unsigned nr_events = ctx->max_reqs;
366
367 if (unlikely(ctx->reqs_active))
368 BUG();
369
370 cancel_delayed_work(&ctx->wq);
371 flush_workqueue(aio_wq);
372 aio_free_ring(ctx);
373 mmdrop(ctx->mm);
374 ctx->mm = NULL;
375 pr_debug("__put_ioctx: freeing %p\n", ctx);
376 kmem_cache_free(kioctx_cachep, ctx);
377
378 atomic_sub(nr_events, &aio_nr);
379}
380
381/* aio_get_req
382 * Allocate a slot for an aio request. Increments the users count
383 * of the kioctx so that the kioctx stays around until all requests are
384 * complete. Returns NULL if no requests are free.
385 *
386 * Returns with kiocb->users set to 2. The io submit code path holds
387 * an extra reference while submitting the i/o.
388 * This prevents races between the aio code path referencing the
389 * req (after submitting it) and aio_complete() freeing the req.
390 */
391static struct kiocb *FASTCALL(__aio_get_req(struct kioctx *ctx));
392static struct kiocb fastcall *__aio_get_req(struct kioctx *ctx)
393{
394 struct kiocb *req = NULL;
395 struct aio_ring *ring;
396 int okay = 0;
397
398 req = kmem_cache_alloc(kiocb_cachep, GFP_KERNEL);
399 if (unlikely(!req))
400 return NULL;
401
402 req->ki_flags = 1 << KIF_LOCKED;
403 req->ki_users = 2;
404 req->ki_key = 0;
405 req->ki_ctx = ctx;
406 req->ki_cancel = NULL;
407 req->ki_retry = NULL;
408 req->ki_obj.user = NULL;
409 req->ki_dtor = NULL;
410 req->private = NULL;
411 INIT_LIST_HEAD(&req->ki_run_list);
412
413 /* Check if the completion queue has enough free space to
414 * accept an event from this io.
415 */
416 spin_lock_irq(&ctx->ctx_lock);
417 ring = kmap_atomic(ctx->ring_info.ring_pages[0], KM_USER0);
418 if (ctx->reqs_active < aio_ring_avail(&ctx->ring_info, ring)) {
419 list_add(&req->ki_list, &ctx->active_reqs);
420 get_ioctx(ctx);
421 ctx->reqs_active++;
422 okay = 1;
423 }
424 kunmap_atomic(ring, KM_USER0);
425 spin_unlock_irq(&ctx->ctx_lock);
426
427 if (!okay) {
428 kmem_cache_free(kiocb_cachep, req);
429 req = NULL;
430 }
431
432 return req;
433}
434
435static inline struct kiocb *aio_get_req(struct kioctx *ctx)
436{
437 struct kiocb *req;
438 /* Handle a potential starvation case -- should be exceedingly rare as
439 * requests will be stuck on fput_head only if the aio_fput_routine is
440 * delayed and the requests were the last user of the struct file.
441 */
442 req = __aio_get_req(ctx);
443 if (unlikely(NULL == req)) {
444 aio_fput_routine(NULL);
445 req = __aio_get_req(ctx);
446 }
447 return req;
448}
449
450static inline void really_put_req(struct kioctx *ctx, struct kiocb *req)
451{
452 if (req->ki_dtor)
453 req->ki_dtor(req);
454 req->ki_ctx = NULL;
455 req->ki_filp = NULL;
456 req->ki_obj.user = NULL;
457 req->ki_dtor = NULL;
458 req->private = NULL;
459 kmem_cache_free(kiocb_cachep, req);
460 ctx->reqs_active--;
461
462 if (unlikely(!ctx->reqs_active && ctx->dead))
463 wake_up(&ctx->wait);
464}
465
466static void aio_fput_routine(void *data)
467{
468 spin_lock_irq(&fput_lock);
469 while (likely(!list_empty(&fput_head))) {
470 struct kiocb *req = list_kiocb(fput_head.next);
471 struct kioctx *ctx = req->ki_ctx;
472
473 list_del(&req->ki_list);
474 spin_unlock_irq(&fput_lock);
475
476 /* Complete the fput */
477 __fput(req->ki_filp);
478
479 /* Link the iocb into the context's free list */
480 spin_lock_irq(&ctx->ctx_lock);
481 really_put_req(ctx, req);
482 spin_unlock_irq(&ctx->ctx_lock);
483
484 put_ioctx(ctx);
485 spin_lock_irq(&fput_lock);
486 }
487 spin_unlock_irq(&fput_lock);
488}
489
490/* __aio_put_req
491 * Returns true if this put was the last user of the request.
492 */
493static int __aio_put_req(struct kioctx *ctx, struct kiocb *req)
494{
495 dprintk(KERN_DEBUG "aio_put(%p): f_count=%d\n",
496 req, atomic_read(&req->ki_filp->f_count));
497
498 req->ki_users --;
499 if (unlikely(req->ki_users < 0))
500 BUG();
501 if (likely(req->ki_users))
502 return 0;
503 list_del(&req->ki_list); /* remove from active_reqs */
504 req->ki_cancel = NULL;
505 req->ki_retry = NULL;
506
507 /* Must be done under the lock to serialise against cancellation.
508 * Call this aio_fput as it duplicates fput via the fput_work.
509 */
510 if (unlikely(atomic_dec_and_test(&req->ki_filp->f_count))) {
511 get_ioctx(ctx);
512 spin_lock(&fput_lock);
513 list_add(&req->ki_list, &fput_head);
514 spin_unlock(&fput_lock);
515 queue_work(aio_wq, &fput_work);
516 } else
517 really_put_req(ctx, req);
518 return 1;
519}
520
521/* aio_put_req
522 * Returns true if this put was the last user of the kiocb,
523 * false if the request is still in use.
524 */
525int fastcall aio_put_req(struct kiocb *req)
526{
527 struct kioctx *ctx = req->ki_ctx;
528 int ret;
529 spin_lock_irq(&ctx->ctx_lock);
530 ret = __aio_put_req(ctx, req);
531 spin_unlock_irq(&ctx->ctx_lock);
532 if (ret)
533 put_ioctx(ctx);
534 return ret;
535}
536
537/* Lookup an ioctx id. ioctx_list is lockless for reads.
538 * FIXME: this is O(n) and is only suitable for development.
539 */
540struct kioctx *lookup_ioctx(unsigned long ctx_id)
541{
542 struct kioctx *ioctx;
543 struct mm_struct *mm;
544
545 mm = current->mm;
546 read_lock(&mm->ioctx_list_lock);
547 for (ioctx = mm->ioctx_list; ioctx; ioctx = ioctx->next)
548 if (likely(ioctx->user_id == ctx_id && !ioctx->dead)) {
549 get_ioctx(ioctx);
550 break;
551 }
552 read_unlock(&mm->ioctx_list_lock);
553
554 return ioctx;
555}
556
557/*
558 * use_mm
559 * Makes the calling kernel thread take on the specified
560 * mm context.
561 * Called by the retry thread execute retries within the
562 * iocb issuer's mm context, so that copy_from/to_user
563 * operations work seamlessly for aio.
564 * (Note: this routine is intended to be called only
565 * from a kernel thread context)
566 */
567static void use_mm(struct mm_struct *mm)
568{
569 struct mm_struct *active_mm;
570 struct task_struct *tsk = current;
571
572 task_lock(tsk);
573 tsk->flags |= PF_BORROWED_MM;
574 active_mm = tsk->active_mm;
575 atomic_inc(&mm->mm_count);
576 tsk->mm = mm;
577 tsk->active_mm = mm;
578 activate_mm(active_mm, mm);
579 task_unlock(tsk);
580
581 mmdrop(active_mm);
582}
583
584/*
585 * unuse_mm
586 * Reverses the effect of use_mm, i.e. releases the
587 * specified mm context which was earlier taken on
588 * by the calling kernel thread
589 * (Note: this routine is intended to be called only
590 * from a kernel thread context)
591 *
592 * Comments: Called with ctx->ctx_lock held. This nests
593 * task_lock instead ctx_lock.
594 */
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]595static void unuse_mm(struct mm_struct *mm)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]596{
597 struct task_struct *tsk = current;
598
599 task_lock(tsk);
600 tsk->flags &= ~PF_BORROWED_MM;
601 tsk->mm = NULL;
602 /* active_mm is still 'mm' */
603 enter_lazy_tlb(mm, tsk);
604 task_unlock(tsk);
605}
606
607/*
608 * Queue up a kiocb to be retried. Assumes that the kiocb
609 * has already been marked as kicked, and places it on
610 * the retry run list for the corresponding ioctx, if it
611 * isn't already queued. Returns 1 if it actually queued
612 * the kiocb (to tell the caller to activate the work
613 * queue to process it), or 0, if it found that it was
614 * already queued.
615 *
616 * Should be called with the spin lock iocb->ki_ctx->ctx_lock
617 * held
618 */
619static inline int __queue_kicked_iocb(struct kiocb *iocb)
620{
621 struct kioctx *ctx = iocb->ki_ctx;
622
623 if (list_empty(&iocb->ki_run_list)) {
624 list_add_tail(&iocb->ki_run_list,
625 &ctx->run_list);
626 iocb->ki_queued++;
627 return 1;
628 }
629 return 0;
630}
631
632/* aio_run_iocb
633 * This is the core aio execution routine. It is
634 * invoked both for initial i/o submission and
635 * subsequent retries via the aio_kick_handler.
636 * Expects to be invoked with iocb->ki_ctx->lock
637 * already held. The lock is released and reaquired
638 * as needed during processing.
639 *
640 * Calls the iocb retry method (already setup for the
641 * iocb on initial submission) for operation specific
642 * handling, but takes care of most of common retry
643 * execution details for a given iocb. The retry method
644 * needs to be non-blocking as far as possible, to avoid
645 * holding up other iocbs waiting to be serviced by the
646 * retry kernel thread.
647 *
648 * The trickier parts in this code have to do with
649 * ensuring that only one retry instance is in progress
650 * for a given iocb at any time. Providing that guarantee
651 * simplifies the coding of individual aio operations as
652 * it avoids various potential races.
653 */
654static ssize_t aio_run_iocb(struct kiocb *iocb)
655{
656 struct kioctx *ctx = iocb->ki_ctx;
657 ssize_t (*retry)(struct kiocb *);
658 ssize_t ret;
659
660 if (iocb->ki_retried++ > 1024*1024) {
661 printk("Maximal retry count. Bytes done %Zd\n",
662 iocb->ki_nbytes - iocb->ki_left);
663 return -EAGAIN;
664 }
665
666 if (!(iocb->ki_retried & 0xff)) {
667 pr_debug("%ld retry: %d of %d (kick %ld, Q %ld run %ld, wake %ld)\n",
668 iocb->ki_retried,
669 iocb->ki_nbytes - iocb->ki_left, iocb->ki_nbytes,
670 iocb->ki_kicked, iocb->ki_queued, aio_run, aio_wakeups);
671 }
672
673 if (!(retry = iocb->ki_retry)) {
674 printk("aio_run_iocb: iocb->ki_retry = NULL\n");
675 return 0;
676 }
677
678 /*
679 * We don't want the next retry iteration for this
680 * operation to start until this one has returned and
681 * updated the iocb state. However, wait_queue functions
682 * can trigger a kick_iocb from interrupt context in the
683 * meantime, indicating that data is available for the next
684 * iteration. We want to remember that and enable the
685 * next retry iteration _after_ we are through with
686 * this one.
687 *
688 * So, in order to be able to register a "kick", but
689 * prevent it from being queued now, we clear the kick
690 * flag, but make the kick code *think* that the iocb is
691 * still on the run list until we are actually done.
692 * When we are done with this iteration, we check if
693 * the iocb was kicked in the meantime and if so, queue
694 * it up afresh.
695 */
696
697 kiocbClearKicked(iocb);
698
699 /*
700 * This is so that aio_complete knows it doesn't need to
701 * pull the iocb off the run list (We can't just call
702 * INIT_LIST_HEAD because we don't want a kick_iocb to
703 * queue this on the run list yet)
704 */
705 iocb->ki_run_list.next = iocb->ki_run_list.prev = NULL;
706 spin_unlock_irq(&ctx->ctx_lock);
707
708 /* Quit retrying if the i/o has been cancelled */
709 if (kiocbIsCancelled(iocb)) {
710 ret = -EINTR;
711 aio_complete(iocb, ret, 0);
712 /* must not access the iocb after this */
713 goto out;
714 }
715
716 /*
717 * Now we are all set to call the retry method in async
718 * context. By setting this thread's io_wait context
719 * to point to the wait queue entry inside the currently
720 * running iocb for the duration of the retry, we ensure
721 * that async notification wakeups are queued by the
722 * operation instead of blocking waits, and when notified,
723 * cause the iocb to be kicked for continuation (through
724 * the aio_wake_function callback).
725 */
726 BUG_ON(current->io_wait != NULL);
727 current->io_wait = &iocb->ki_wait;
728 ret = retry(iocb);
729 current->io_wait = NULL;
730
731 if (-EIOCBRETRY != ret) {
732 if (-EIOCBQUEUED != ret) {
733 BUG_ON(!list_empty(&iocb->ki_wait.task_list));
734 aio_complete(iocb, ret, 0);
735 /* must not access the iocb after this */
736 }
737 } else {
738 /*
739 * Issue an additional retry to avoid waiting forever if
740 * no waits were queued (e.g. in case of a short read).
741 */
742 if (list_empty(&iocb->ki_wait.task_list))
743 kiocbSetKicked(iocb);
744 }
745out:
746 spin_lock_irq(&ctx->ctx_lock);
747
748 if (-EIOCBRETRY == ret) {
749 /*
750 * OK, now that we are done with this iteration
751 * and know that there is more left to go,
752 * this is where we let go so that a subsequent
753 * "kick" can start the next iteration
754 */
755
756 /* will make __queue_kicked_iocb succeed from here on */
757 INIT_LIST_HEAD(&iocb->ki_run_list);
758 /* we must queue the next iteration ourselves, if it
759 * has already been kicked */
760 if (kiocbIsKicked(iocb)) {
761 __queue_kicked_iocb(iocb);
762 }
763 }
764 return ret;
765}
766
767/*
768 * __aio_run_iocbs:
769 * Process all pending retries queued on the ioctx
770 * run list.
771 * Assumes it is operating within the aio issuer's mm
772 * context. Expects to be called with ctx->ctx_lock held
773 */
774static int __aio_run_iocbs(struct kioctx *ctx)
775{
776 struct kiocb *iocb;
777 int count = 0;
778 LIST_HEAD(run_list);
779
780 list_splice_init(&ctx->run_list, &run_list);
781 while (!list_empty(&run_list)) {
782 iocb = list_entry(run_list.next, struct kiocb,
783 ki_run_list);
784 list_del(&iocb->ki_run_list);
785 /*
786 * Hold an extra reference while retrying i/o.
787 */
788 iocb->ki_users++; /* grab extra reference */
789 aio_run_iocb(iocb);
790 if (__aio_put_req(ctx, iocb)) /* drop extra ref */
791 put_ioctx(ctx);
792 count++;
793 }
794 aio_run++;
795 if (!list_empty(&ctx->run_list))
796 return 1;
797 return 0;
798}
799
800static void aio_queue_work(struct kioctx * ctx)
801{
802 unsigned long timeout;
803 /*
804 * if someone is waiting, get the work started right
805 * away, otherwise, use a longer delay
806 */
807 smp_mb();
808 if (waitqueue_active(&ctx->wait))
809 timeout = 1;
810 else
811 timeout = HZ/10;
812 queue_delayed_work(aio_wq, &ctx->wq, timeout);
813}
814
815
816/*
817 * aio_run_iocbs:
818 * Process all pending retries queued on the ioctx
819 * run list.
820 * Assumes it is operating within the aio issuer's mm
821 * context.
822 */
823static inline void aio_run_iocbs(struct kioctx *ctx)
824{
825 int requeue;
826
827 spin_lock_irq(&ctx->ctx_lock);
828
829 requeue = __aio_run_iocbs(ctx);
830 spin_unlock_irq(&ctx->ctx_lock);
831 if (requeue)
832 aio_queue_work(ctx);
833}
834
835/*
836 * just like aio_run_iocbs, but keeps running them until
837 * the list stays empty
838 */
839static inline void aio_run_all_iocbs(struct kioctx *ctx)
840{
841 spin_lock_irq(&ctx->ctx_lock);
842 while (__aio_run_iocbs(ctx))
843 ;
844 spin_unlock_irq(&ctx->ctx_lock);
845}
846
847/*
848 * aio_kick_handler:
849 * Work queue handler triggered to process pending
850 * retries on an ioctx. Takes on the aio issuer's
851 * mm context before running the iocbs, so that
852 * copy_xxx_user operates on the issuer's address
853 * space.
854 * Run on aiod's context.
855 */
856static void aio_kick_handler(void *data)
857{
858 struct kioctx *ctx = data;
859 mm_segment_t oldfs = get_fs();
860 int requeue;
861
862 set_fs(USER_DS);
863 use_mm(ctx->mm);
864 spin_lock_irq(&ctx->ctx_lock);
865 requeue =__aio_run_iocbs(ctx);
866 unuse_mm(ctx->mm);
867 spin_unlock_irq(&ctx->ctx_lock);
868 set_fs(oldfs);
869 /*
870 * we're in a worker thread already, don't use queue_delayed_work,
871 */
872 if (requeue)
873 queue_work(aio_wq, &ctx->wq);
874}
875
876
877/*
878 * Called by kick_iocb to queue the kiocb for retry
879 * and if required activate the aio work queue to process
880 * it
881 */
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]882static void queue_kicked_iocb(struct kiocb *iocb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]883{
884 struct kioctx *ctx = iocb->ki_ctx;
885 unsigned long flags;
886 int run = 0;
887
888 WARN_ON((!list_empty(&iocb->ki_wait.task_list)));
889
890 spin_lock_irqsave(&ctx->ctx_lock, flags);
891 run = __queue_kicked_iocb(iocb);
892 spin_unlock_irqrestore(&ctx->ctx_lock, flags);
893 if (run) {
894 aio_queue_work(ctx);
895 aio_wakeups++;
896 }
897}
898
899/*
900 * kick_iocb:
901 * Called typically from a wait queue callback context
902 * (aio_wake_function) to trigger a retry of the iocb.
903 * The retry is usually executed by aio workqueue
904 * threads (See aio_kick_handler).
905 */
906void fastcall kick_iocb(struct kiocb *iocb)
907{
908 /* sync iocbs are easy: they can only ever be executing from a
909 * single context. */
910 if (is_sync_kiocb(iocb)) {
911 kiocbSetKicked(iocb);
912 wake_up_process(iocb->ki_obj.tsk);
913 return;
914 }
915
916 iocb->ki_kicked++;
917 /* If its already kicked we shouldn't queue it again */
918 if (!kiocbTryKick(iocb)) {
919 queue_kicked_iocb(iocb);
920 }
921}
922EXPORT_SYMBOL(kick_iocb);
923
924/* aio_complete
925 * Called when the io request on the given iocb is complete.
926 * Returns true if this is the last user of the request. The
927 * only other user of the request can be the cancellation code.
928 */
929int fastcall aio_complete(struct kiocb *iocb, long res, long res2)
930{
931 struct kioctx *ctx = iocb->ki_ctx;
932 struct aio_ring_info *info;
933 struct aio_ring *ring;
934 struct io_event *event;
935 unsigned long flags;
936 unsigned long tail;
937 int ret;
938
939 /* Special case handling for sync iocbs: events go directly
940 * into the iocb for fast handling. Note that this will not
941 * work if we allow sync kiocbs to be cancelled. in which
942 * case the usage count checks will have to move under ctx_lock
943 * for all cases.
944 */
945 if (is_sync_kiocb(iocb)) {
946 int ret;
947
948 iocb->ki_user_data = res;
949 if (iocb->ki_users == 1) {
950 iocb->ki_users = 0;
951 ret = 1;
952 } else {
953 spin_lock_irq(&ctx->ctx_lock);
954 iocb->ki_users--;
955 ret = (0 == iocb->ki_users);
956 spin_unlock_irq(&ctx->ctx_lock);
957 }
958 /* sync iocbs put the task here for us */
959 wake_up_process(iocb->ki_obj.tsk);
960 return ret;
961 }
962
963 info = &ctx->ring_info;
964
965 /* add a completion event to the ring buffer.
966 * must be done holding ctx->ctx_lock to prevent
967 * other code from messing with the tail
968 * pointer since we might be called from irq
969 * context.
970 */
971 spin_lock_irqsave(&ctx->ctx_lock, flags);
972
973 if (iocb->ki_run_list.prev && !list_empty(&iocb->ki_run_list))
974 list_del_init(&iocb->ki_run_list);
975
976 /*
977 * cancelled requests don't get events, userland was given one
978 * when the event got cancelled.
979 */
980 if (kiocbIsCancelled(iocb))
981 goto put_rq;
982
983 ring = kmap_atomic(info->ring_pages[0], KM_IRQ1);
984
985 tail = info->tail;
986 event = aio_ring_event(info, tail, KM_IRQ0);
987 tail = (tail + 1) % info->nr;
988
989 event->obj = (u64)(unsigned long)iocb->ki_obj.user;
990 event->data = iocb->ki_user_data;
991 event->res = res;
992 event->res2 = res2;
993
994 dprintk("aio_complete: %p[%lu]: %p: %p %Lx %lx %lx\n",
995 ctx, tail, iocb, iocb->ki_obj.user, iocb->ki_user_data,
996 res, res2);
997
998 /* after flagging the request as done, we
999 * must never even look at it again
1000 */
1001 smp_wmb(); /* make event visible before updating tail */
1002
1003 info->tail = tail;
1004 ring->tail = tail;
1005
1006 put_aio_ring_event(event, KM_IRQ0);
1007 kunmap_atomic(ring, KM_IRQ1);
1008
1009 pr_debug("added to ring %p at [%lu]\n", iocb, tail);
1010
1011 pr_debug("%ld retries: %d of %d (kicked %ld, Q %ld run %ld wake %ld)\n",
1012 iocb->ki_retried,
1013 iocb->ki_nbytes - iocb->ki_left, iocb->ki_nbytes,
1014 iocb->ki_kicked, iocb->ki_queued, aio_run, aio_wakeups);
1015put_rq:
1016 /* everything turned out well, dispose of the aiocb. */
1017 ret = __aio_put_req(ctx, iocb);
1018
1019 spin_unlock_irqrestore(&ctx->ctx_lock, flags);
1020
1021 if (waitqueue_active(&ctx->wait))
1022 wake_up(&ctx->wait);
1023
1024 if (ret)
1025 put_ioctx(ctx);
1026
1027 return ret;
1028}
1029
1030/* aio_read_evt
1031 * Pull an event off of the ioctx's event ring. Returns the number of
1032 * events fetched (0 or 1 ;-)
1033 * FIXME: make this use cmpxchg.
1034 * TODO: make the ringbuffer user mmap()able (requires FIXME).
1035 */
1036static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
1037{
1038 struct aio_ring_info *info = &ioctx->ring_info;
1039 struct aio_ring *ring;
1040 unsigned long head;
1041 int ret = 0;
1042
1043 ring = kmap_atomic(info->ring_pages[0], KM_USER0);
1044 dprintk("in aio_read_evt h%lu t%lu m%lu\n",
1045 (unsigned long)ring->head, (unsigned long)ring->tail,
1046 (unsigned long)ring->nr);
1047
1048 if (ring->head == ring->tail)
1049 goto out;
1050
1051 spin_lock(&info->ring_lock);
1052
1053 head = ring->head % info->nr;
1054 if (head != ring->tail) {
1055 struct io_event *evp = aio_ring_event(info, head, KM_USER1);
1056 *ent = *evp;
1057 head = (head + 1) % info->nr;
1058 smp_mb(); /* finish reading the event before updatng the head */
1059 ring->head = head;
1060 ret = 1;
1061 put_aio_ring_event(evp, KM_USER1);
1062 }
1063 spin_unlock(&info->ring_lock);
1064
1065out:
1066 kunmap_atomic(ring, KM_USER0);
1067 dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret,
1068 (unsigned long)ring->head, (unsigned long)ring->tail);
1069 return ret;
1070}
1071
1072struct aio_timeout {
1073 struct timer_list timer;
1074 int timed_out;
1075 struct task_struct *p;
1076};
1077
1078static void timeout_func(unsigned long data)
1079{
1080 struct aio_timeout *to = (struct aio_timeout *)data;
1081
1082 to->timed_out = 1;
1083 wake_up_process(to->p);
1084}
1085
1086static inline void init_timeout(struct aio_timeout *to)
1087{
1088 init_timer(&to->timer);
1089 to->timer.data = (unsigned long)to;
1090 to->timer.function = timeout_func;
1091 to->timed_out = 0;
1092 to->p = current;
1093}
1094
1095static inline void set_timeout(long start_jiffies, struct aio_timeout *to,
1096 const struct timespec *ts)
1097{
1098 to->timer.expires = start_jiffies + timespec_to_jiffies(ts);
1099 if (time_after(to->timer.expires, jiffies))
1100 add_timer(&to->timer);
1101 else
1102 to->timed_out = 1;
1103}
1104
1105static inline void clear_timeout(struct aio_timeout *to)
1106{
1107 del_singleshot_timer_sync(&to->timer);
1108}
1109
1110static int read_events(struct kioctx *ctx,
1111 long min_nr, long nr,
1112 struct io_event __user *event,
1113 struct timespec __user *timeout)
1114{
1115 long start_jiffies = jiffies;
1116 struct task_struct *tsk = current;
1117 DECLARE_WAITQUEUE(wait, tsk);
1118 int ret;
1119 int i = 0;
1120 struct io_event ent;
1121 struct aio_timeout to;
1122 int event_loop = 0; /* testing only */
1123 int retry = 0;
1124
1125 /* needed to zero any padding within an entry (there shouldn't be
1126 * any, but C is fun!
1127 */
1128 memset(&ent, 0, sizeof(ent));
1129retry:
1130 ret = 0;
1131 while (likely(i < nr)) {
1132 ret = aio_read_evt(ctx, &ent);
1133 if (unlikely(ret <= 0))
1134 break;
1135
1136 dprintk("read event: %Lx %Lx %Lx %Lx\n",
1137 ent.data, ent.obj, ent.res, ent.res2);
1138
1139 /* Could we split the check in two? */
1140 ret = -EFAULT;
1141 if (unlikely(copy_to_user(event, &ent, sizeof(ent)))) {
1142 dprintk("aio: lost an event due to EFAULT.\n");
1143 break;
1144 }
1145 ret = 0;
1146
1147 /* Good, event copied to userland, update counts. */
1148 event ++;
1149 i ++;
1150 }
1151
1152 if (min_nr <= i)
1153 return i;
1154 if (ret)
1155 return ret;
1156
1157 /* End fast path */
1158
1159 /* racey check, but it gets redone */
1160 if (!retry && unlikely(!list_empty(&ctx->run_list))) {
1161 retry = 1;
1162 aio_run_all_iocbs(ctx);
1163 goto retry;
1164 }
1165
1166 init_timeout(&to);
1167 if (timeout) {
1168 struct timespec ts;
1169 ret = -EFAULT;
1170 if (unlikely(copy_from_user(&ts, timeout, sizeof(ts))))
1171 goto out;
1172
1173 set_timeout(start_jiffies, &to, &ts);
1174 }
1175
1176 while (likely(i < nr)) {
1177 add_wait_queue_exclusive(&ctx->wait, &wait);
1178 do {
1179 set_task_state(tsk, TASK_INTERRUPTIBLE);
1180 ret = aio_read_evt(ctx, &ent);
1181 if (ret)
1182 break;
1183 if (min_nr <= i)
1184 break;
1185 ret = 0;
1186 if (to.timed_out) /* Only check after read evt */
1187 break;
1188 schedule();
1189 event_loop++;
1190 if (signal_pending(tsk)) {
1191 ret = -EINTR;
1192 break;
1193 }
1194 /*ret = aio_read_evt(ctx, &ent);*/
1195 } while (1) ;
1196
1197 set_task_state(tsk, TASK_RUNNING);
1198 remove_wait_queue(&ctx->wait, &wait);
1199
1200 if (unlikely(ret <= 0))
1201 break;
1202
1203 ret = -EFAULT;
1204 if (unlikely(copy_to_user(event, &ent, sizeof(ent)))) {
1205 dprintk("aio: lost an event due to EFAULT.\n");
1206 break;
1207 }
1208
1209 /* Good, event copied to userland, update counts. */
1210 event ++;
1211 i ++;
1212 }
1213
1214 if (timeout)
1215 clear_timeout(&to);
1216out:
1217 pr_debug("event loop executed %d times\n", event_loop);
1218 pr_debug("aio_run %ld\n", aio_run);
1219 pr_debug("aio_wakeups %ld\n", aio_wakeups);
1220 return i ? i : ret;
1221}
1222
1223/* Take an ioctx and remove it from the list of ioctx's. Protects
1224 * against races with itself via ->dead.
1225 */
1226static void io_destroy(struct kioctx *ioctx)
1227{
1228 struct mm_struct *mm = current->mm;
1229 struct kioctx **tmp;
1230 int was_dead;
1231
1232 /* delete the entry from the list is someone else hasn't already */
1233 write_lock(&mm->ioctx_list_lock);
1234 was_dead = ioctx->dead;
1235 ioctx->dead = 1;
1236 for (tmp = &mm->ioctx_list; *tmp && *tmp != ioctx;
1237 tmp = &(*tmp)->next)
1238 ;
1239 if (*tmp)
1240 *tmp = ioctx->next;
1241 write_unlock(&mm->ioctx_list_lock);
1242
1243 dprintk("aio_release(%p)\n", ioctx);
1244 if (likely(!was_dead))
1245 put_ioctx(ioctx); /* twice for the list */
1246
1247 aio_cancel_all(ioctx);
1248 wait_for_all_aios(ioctx);
1249 put_ioctx(ioctx); /* once for the lookup */
1250}
1251
1252/* sys_io_setup:
1253 * Create an aio_context capable of receiving at least nr_events.
1254 * ctxp must not point to an aio_context that already exists, and
1255 * must be initialized to 0 prior to the call. On successful
1256 * creation of the aio_context, *ctxp is filled in with the resulting
1257 * handle. May fail with -EINVAL if *ctxp is not initialized,
1258 * if the specified nr_events exceeds internal limits. May fail
1259 * with -EAGAIN if the specified nr_events exceeds the user's limit
1260 * of available events. May fail with -ENOMEM if insufficient kernel
1261 * resources are available. May fail with -EFAULT if an invalid
1262 * pointer is passed for ctxp. Will fail with -ENOSYS if not
1263 * implemented.
1264 */
1265asmlinkage long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
1266{
1267 struct kioctx *ioctx = NULL;
1268 unsigned long ctx;
1269 long ret;
1270
1271 ret = get_user(ctx, ctxp);
1272 if (unlikely(ret))
1273 goto out;
1274
1275 ret = -EINVAL;
1276 if (unlikely(ctx || (int)nr_events <= 0)) {
1277 pr_debug("EINVAL: io_setup: ctx or nr_events > max\n");
1278 goto out;
1279 }
1280
1281 ioctx = ioctx_alloc(nr_events);
1282 ret = PTR_ERR(ioctx);
1283 if (!IS_ERR(ioctx)) {
1284 ret = put_user(ioctx->user_id, ctxp);
1285 if (!ret)
1286 return 0;
1287
1288 get_ioctx(ioctx); /* io_destroy() expects us to hold a ref */
1289 io_destroy(ioctx);
1290 }
1291
1292out:
1293 return ret;
1294}
1295
1296/* sys_io_destroy:
1297 * Destroy the aio_context specified. May cancel any outstanding
1298 * AIOs and block on completion. Will fail with -ENOSYS if not
1299 * implemented. May fail with -EFAULT if the context pointed to
1300 * is invalid.
1301 */
1302asmlinkage long sys_io_destroy(aio_context_t ctx)
1303{
1304 struct kioctx *ioctx = lookup_ioctx(ctx);
1305 if (likely(NULL != ioctx)) {
1306 io_destroy(ioctx);
1307 return 0;
1308 }
1309 pr_debug("EINVAL: io_destroy: invalid context id\n");
1310 return -EINVAL;
1311}
1312
1313/*
1314 * Default retry method for aio_read (also used for first time submit)
1315 * Responsible for updating iocb state as retries progress
1316 */
1317static ssize_t aio_pread(struct kiocb *iocb)
1318{
1319 struct file *file = iocb->ki_filp;
1320 struct address_space *mapping = file->f_mapping;
1321 struct inode *inode = mapping->host;
1322 ssize_t ret = 0;
1323
1324 ret = file->f_op->aio_read(iocb, iocb->ki_buf,
1325 iocb->ki_left, iocb->ki_pos);
1326
1327 /*
1328 * Can't just depend on iocb->ki_left to determine
1329 * whether we are done. This may have been a short read.
1330 */
1331 if (ret > 0) {
1332 iocb->ki_buf += ret;
1333 iocb->ki_left -= ret;
1334 /*
1335 * For pipes and sockets we return once we have
1336 * some data; for regular files we retry till we
1337 * complete the entire read or find that we can't
1338 * read any more data (e.g short reads).
1339 */
1340 if (!S_ISFIFO(inode->i_mode) && !S_ISSOCK(inode->i_mode))
1341 ret = -EIOCBRETRY;
1342 }
1343
1344 /* This means we must have transferred all that we could */
1345 /* No need to retry anymore */
1346 if ((ret == 0) || (iocb->ki_left == 0))
1347 ret = iocb->ki_nbytes - iocb->ki_left;
1348
1349 return ret;
1350}
1351
1352/*
1353 * Default retry method for aio_write (also used for first time submit)
1354 * Responsible for updating iocb state as retries progress
1355 */
1356static ssize_t aio_pwrite(struct kiocb *iocb)
1357{
1358 struct file *file = iocb->ki_filp;
1359 ssize_t ret = 0;
1360
1361 ret = file->f_op->aio_write(iocb, iocb->ki_buf,
1362 iocb->ki_left, iocb->ki_pos);
1363
1364 if (ret > 0) {
1365 iocb->ki_buf += ret;
1366 iocb->ki_left -= ret;
1367
1368 ret = -EIOCBRETRY;
1369 }
1370
1371 /* This means we must have transferred all that we could */
1372 /* No need to retry anymore */
1373 if ((ret == 0) || (iocb->ki_left == 0))
1374 ret = iocb->ki_nbytes - iocb->ki_left;
1375
1376 return ret;
1377}
1378
1379static ssize_t aio_fdsync(struct kiocb *iocb)
1380{
1381 struct file *file = iocb->ki_filp;
1382 ssize_t ret = -EINVAL;
1383
1384 if (file->f_op->aio_fsync)
1385 ret = file->f_op->aio_fsync(iocb, 1);
1386 return ret;
1387}
1388
1389static ssize_t aio_fsync(struct kiocb *iocb)
1390{
1391 struct file *file = iocb->ki_filp;
1392 ssize_t ret = -EINVAL;
1393
1394 if (file->f_op->aio_fsync)
1395 ret = file->f_op->aio_fsync(iocb, 0);
1396 return ret;
1397}
1398
1399/*
1400 * aio_setup_iocb:
1401 * Performs the initial checks and aio retry method
1402 * setup for the kiocb at the time of io submission.
1403 */
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]1404static ssize_t aio_setup_iocb(struct kiocb *kiocb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1405{
1406 struct file *file = kiocb->ki_filp;
1407 ssize_t ret = 0;
1408
1409 switch (kiocb->ki_opcode) {
1410 case IOCB_CMD_PREAD:
1411 ret = -EBADF;
1412 if (unlikely(!(file->f_mode & FMODE_READ)))
1413 break;
1414 ret = -EFAULT;
1415 if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
1416 kiocb->ki_left)))
1417 break;
1418 ret = -EINVAL;
1419 if (file->f_op->aio_read)
1420 kiocb->ki_retry = aio_pread;
1421 break;
1422 case IOCB_CMD_PWRITE:
1423 ret = -EBADF;
1424 if (unlikely(!(file->f_mode & FMODE_WRITE)))
1425 break;
1426 ret = -EFAULT;
1427 if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
1428 kiocb->ki_left)))
1429 break;
1430 ret = -EINVAL;
1431 if (file->f_op->aio_write)
1432 kiocb->ki_retry = aio_pwrite;
1433 break;
1434 case IOCB_CMD_FDSYNC:
1435 ret = -EINVAL;
1436 if (file->f_op->aio_fsync)
1437 kiocb->ki_retry = aio_fdsync;
1438 break;
1439 case IOCB_CMD_FSYNC:
1440 ret = -EINVAL;
1441 if (file->f_op->aio_fsync)
1442 kiocb->ki_retry = aio_fsync;
1443 break;
1444 default:
1445 dprintk("EINVAL: io_submit: no operation provided\n");
1446 ret = -EINVAL;
1447 }
1448
1449 if (!kiocb->ki_retry)
1450 return ret;
1451
1452 return 0;
1453}
1454
1455/*
1456 * aio_wake_function:
1457 * wait queue callback function for aio notification,
1458 * Simply triggers a retry of the operation via kick_iocb.
1459 *
1460 * This callback is specified in the wait queue entry in
1461 * a kiocb (current->io_wait points to this wait queue
1462 * entry when an aio operation executes; it is used
1463 * instead of a synchronous wait when an i/o blocking
1464 * condition is encountered during aio).
1465 *
1466 * Note:
1467 * This routine is executed with the wait queue lock held.
1468 * Since kick_iocb acquires iocb->ctx->ctx_lock, it nests
1469 * the ioctx lock inside the wait queue lock. This is safe
1470 * because this callback isn't used for wait queues which
1471 * are nested inside ioctx lock (i.e. ctx->wait)
1472 */
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]1473static int aio_wake_function(wait_queue_t *wait, unsigned mode,
1474 int sync, void *key)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1475{
1476 struct kiocb *iocb = container_of(wait, struct kiocb, ki_wait);
1477
1478 list_del_init(&wait->task_list);
1479 kick_iocb(iocb);
1480 return 1;
1481}
1482
1483int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
1484 struct iocb *iocb)
1485{
1486 struct kiocb *req;
1487 struct file *file;
1488 ssize_t ret;
1489
1490 /* enforce forwards compatibility on users */
1491 if (unlikely(iocb->aio_reserved1 || iocb->aio_reserved2 ||
1492 iocb->aio_reserved3)) {
1493 pr_debug("EINVAL: io_submit: reserve field set\n");
1494 return -EINVAL;
1495 }
1496
1497 /* prevent overflows */
1498 if (unlikely(
1499 (iocb->aio_buf != (unsigned long)iocb->aio_buf) ||
1500 (iocb->aio_nbytes != (size_t)iocb->aio_nbytes) ||
1501 ((ssize_t)iocb->aio_nbytes < 0)
1502 )) {
1503 pr_debug("EINVAL: io_submit: overflow check\n");
1504 return -EINVAL;
1505 }
1506
1507 file = fget(iocb->aio_fildes);
1508 if (unlikely(!file))
1509 return -EBADF;
1510
1511 req = aio_get_req(ctx); /* returns with 2 references to req */
1512 if (unlikely(!req)) {
1513 fput(file);
1514 return -EAGAIN;
1515 }
1516
1517 req->ki_filp = file;
1518 iocb->aio_key = req->ki_key;
1519 ret = put_user(iocb->aio_key, &user_iocb->aio_key);
1520 if (unlikely(ret)) {
1521 dprintk("EFAULT: aio_key\n");
1522 goto out_put_req;
1523 }
1524
1525 req->ki_obj.user = user_iocb;
1526 req->ki_user_data = iocb->aio_data;
1527 req->ki_pos = iocb->aio_offset;
1528
1529 req->ki_buf = (char __user *)(unsigned long)iocb->aio_buf;
1530 req->ki_left = req->ki_nbytes = iocb->aio_nbytes;
1531 req->ki_opcode = iocb->aio_lio_opcode;
1532 init_waitqueue_func_entry(&req->ki_wait, aio_wake_function);
1533 INIT_LIST_HEAD(&req->ki_wait.task_list);
1534 req->ki_run_list.next = req->ki_run_list.prev = NULL;
1535 req->ki_retry = NULL;
1536 req->ki_retried = 0;
1537 req->ki_kicked = 0;
1538 req->ki_queued = 0;
1539 aio_run = 0;
1540 aio_wakeups = 0;
1541
1542 ret = aio_setup_iocb(req);
1543
1544 if (ret)
1545 goto out_put_req;
1546
1547 spin_lock_irq(&ctx->ctx_lock);
1548 list_add_tail(&req->ki_run_list, &ctx->run_list);
1549 /* drain the run list */
1550 while (__aio_run_iocbs(ctx))
1551 ;
1552 spin_unlock_irq(&ctx->ctx_lock);
1553 aio_put_req(req); /* drop extra ref to req */
1554 return 0;
1555
1556out_put_req:
1557 aio_put_req(req); /* drop extra ref to req */
1558 aio_put_req(req); /* drop i/o ref to req */
1559 return ret;
1560}
1561
1562/* sys_io_submit:
1563 * Queue the nr iocbs pointed to by iocbpp for processing. Returns
1564 * the number of iocbs queued. May return -EINVAL if the aio_context
1565 * specified by ctx_id is invalid, if nr is < 0, if the iocb at
1566 * *iocbpp[0] is not properly initialized, if the operation specified
1567 * is invalid for the file descriptor in the iocb. May fail with
1568 * -EFAULT if any of the data structures point to invalid data. May
1569 * fail with -EBADF if the file descriptor specified in the first
1570 * iocb is invalid. May fail with -EAGAIN if insufficient resources
1571 * are available to queue any iocbs. Will return 0 if nr is 0. Will
1572 * fail with -ENOSYS if not implemented.
1573 */
1574asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr,
1575 struct iocb __user * __user *iocbpp)
1576{
1577 struct kioctx *ctx;
1578 long ret = 0;
1579 int i;
1580
1581 if (unlikely(nr < 0))
1582 return -EINVAL;
1583
1584 if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(*iocbpp)))))
1585 return -EFAULT;
1586
1587 ctx = lookup_ioctx(ctx_id);
1588 if (unlikely(!ctx)) {
1589 pr_debug("EINVAL: io_submit: invalid context id\n");
1590 return -EINVAL;
1591 }
1592
1593 /*
1594 * AKPM: should this return a partial result if some of the IOs were
1595 * successfully submitted?
1596 */
1597 for (i=0; i<nr; i++) {
1598 struct iocb __user *user_iocb;
1599 struct iocb tmp;
1600
1601 if (unlikely(__get_user(user_iocb, iocbpp + i))) {
1602 ret = -EFAULT;
1603 break;
1604 }
1605
1606 if (unlikely(copy_from_user(&tmp, user_iocb, sizeof(tmp)))) {
1607 ret = -EFAULT;
1608 break;
1609 }
1610
1611 ret = io_submit_one(ctx, user_iocb, &tmp);
1612 if (ret)
1613 break;
1614 }
1615
1616 put_ioctx(ctx);
1617 return i ? i : ret;
1618}
1619
1620/* lookup_kiocb
1621 * Finds a given iocb for cancellation.
1622 * MUST be called with ctx->ctx_lock held.
1623 */
Adrian Bunk25ee7e32005-04-25 08:18:14 -0700[diff] [blame]1624static struct kiocb *lookup_kiocb(struct kioctx *ctx, struct iocb __user *iocb,
1625 u32 key)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1626{
1627 struct list_head *pos;
1628 /* TODO: use a hash or array, this sucks. */
1629 list_for_each(pos, &ctx->active_reqs) {
1630 struct kiocb *kiocb = list_kiocb(pos);
1631 if (kiocb->ki_obj.user == iocb && kiocb->ki_key == key)
1632 return kiocb;
1633 }
1634 return NULL;
1635}
1636
1637/* sys_io_cancel:
1638 * Attempts to cancel an iocb previously passed to io_submit. If
1639 * the operation is successfully cancelled, the resulting event is
1640 * copied into the memory pointed to by result without being placed
1641 * into the completion queue and 0 is returned. May fail with
1642 * -EFAULT if any of the data structures pointed to are invalid.
1643 * May fail with -EINVAL if aio_context specified by ctx_id is
1644 * invalid. May fail with -EAGAIN if the iocb specified was not
1645 * cancelled. Will fail with -ENOSYS if not implemented.
1646 */
1647asmlinkage long sys_io_cancel(aio_context_t ctx_id, struct iocb __user *iocb,
1648 struct io_event __user *result)
1649{
1650 int (*cancel)(struct kiocb *iocb, struct io_event *res);
1651 struct kioctx *ctx;
1652 struct kiocb *kiocb;
1653 u32 key;
1654 int ret;
1655
1656 ret = get_user(key, &iocb->aio_key);
1657 if (unlikely(ret))
1658 return -EFAULT;
1659
1660 ctx = lookup_ioctx(ctx_id);
1661 if (unlikely(!ctx))
1662 return -EINVAL;
1663
1664 spin_lock_irq(&ctx->ctx_lock);
1665 ret = -EAGAIN;
1666 kiocb = lookup_kiocb(ctx, iocb, key);
1667 if (kiocb && kiocb->ki_cancel) {
1668 cancel = kiocb->ki_cancel;
1669 kiocb->ki_users ++;
1670 kiocbSetCancelled(kiocb);
1671 } else
1672 cancel = NULL;
1673 spin_unlock_irq(&ctx->ctx_lock);
1674
1675 if (NULL != cancel) {
1676 struct io_event tmp;
1677 pr_debug("calling cancel\n");
1678 memset(&tmp, 0, sizeof(tmp));
1679 tmp.obj = (u64)(unsigned long)kiocb->ki_obj.user;
1680 tmp.data = kiocb->ki_user_data;
1681 ret = cancel(kiocb, &tmp);
1682 if (!ret) {
1683 /* Cancellation succeeded -- copy the result
1684 * into the user's buffer.
1685 */
1686 if (copy_to_user(result, &tmp, sizeof(tmp)))
1687 ret = -EFAULT;
1688 }
1689 } else
1690 printk(KERN_DEBUG "iocb has no cancel operation\n");
1691
1692 put_ioctx(ctx);
1693
1694 return ret;
1695}
1696
1697/* io_getevents:
1698 * Attempts to read at least min_nr events and up to nr events from
1699 * the completion queue for the aio_context specified by ctx_id. May
1700 * fail with -EINVAL if ctx_id is invalid, if min_nr is out of range,
1701 * if nr is out of range, if when is out of range. May fail with
1702 * -EFAULT if any of the memory specified to is invalid. May return
1703 * 0 or < min_nr if no events are available and the timeout specified
1704 * by when has elapsed, where when == NULL specifies an infinite
1705 * timeout. Note that the timeout pointed to by when is relative and
1706 * will be updated if not NULL and the operation blocks. Will fail
1707 * with -ENOSYS if not implemented.
1708 */
1709asmlinkage long sys_io_getevents(aio_context_t ctx_id,
1710 long min_nr,
1711 long nr,
1712 struct io_event __user *events,
1713 struct timespec __user *timeout)
1714{
1715 struct kioctx *ioctx = lookup_ioctx(ctx_id);
1716 long ret = -EINVAL;
1717
1718 if (likely(ioctx)) {
1719 if (likely(min_nr <= nr && min_nr >= 0 && nr >= 0))
1720 ret = read_events(ioctx, min_nr, nr, events, timeout);
1721 put_ioctx(ioctx);
1722 }
1723
1724 return ret;
1725}
1726
1727__initcall(aio_setup);
1728
1729EXPORT_SYMBOL(aio_complete);
1730EXPORT_SYMBOL(aio_put_req);
1731EXPORT_SYMBOL(wait_on_sync_kiocb);