[PATCH openEuler-1.0-LTS 468/769] io_uring: add IOSQE_BUFFER_SELECT support for IORING_OP_RECVMSG

15 Apr 2021

From: Jens Axboe axboe@kernel.dk
mainline inclusion
from mainline-5.7-rc1
commit 52de1fe122408d7a62b6cff9ed3895ebb882d71f
category: feature
bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27
CVE: NA
---------------------------
Like IORING_OP_READV, this is limited to supporting just a single
segment in the iovec passed in.
Signed-off-by: Jens Axboe axboe@kernel.dk
Modified:
    include/net/compat.h
[move __get_compat_msghdr inside CONFIG_COMPAT]
Signed-off-by: yangerkun yangerkun@huawei.com
Reviewed-by: zhangyi (F) yi.zhang@huawei.com
Signed-off-by: Cheng Jian cj.chengjian@huawei.com
---
 fs/io_uring.c        | 118 ++++++++++++++++++++++++++++++++++++++-----
 include/net/compat.h |   6 +--
 2 files changed, 109 insertions(+), 15 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index a1111cc25bac..97ddc9fbf625 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -44,6 +44,7 @@
 #include <linux/errno.h>
 #include <linux/syscalls.h>
 #include <linux/compat.h>
+#include <net/compat.h>
 #include <linux/refcount.h>
 #include <linux/uio.h>
 #include <linux/bits.h>
@@ -732,6 +733,7 @@ static const struct io_op_def io_op_defs[] = {
    	.unbound_nonreg_file	= 1,
    	.needs_fs		= 1,
    	.pollin			= 1,
+		.buffer_select		= 1,
    },
    [IORING_OP_TIMEOUT] = {
    	.async_ctx		= 1,
@@ -3520,6 +3522,92 @@ static int io_send(struct io_kiocb *req, bool force_nonblock)
 #endif
 }
+static int __io_recvmsg_copy_hdr(struct io_kiocb *req, struct io_async_ctx *io)
+{
+	struct io_sr_msg *sr = &req->sr_msg;
+	struct iovec __user *uiov;
+	size_t iov_len;
+	int ret;
+
+	ret = __copy_msghdr_from_user(&io->msg.msg, sr->msg, &io->msg.uaddr,
+					&uiov, &iov_len);
+	if (ret)
+		return ret;
+
+	if (req->flags & REQ_F_BUFFER_SELECT) {
+		if (iov_len > 1)
+			return -EINVAL;
+		if (copy_from_user(io->msg.iov, uiov, sizeof(*uiov)))
+			return -EFAULT;
+		sr->len = io->msg.iov[0].iov_len;
+		iov_iter_init(&io->msg.msg.msg_iter, READ, io->msg.iov, 1,
+				sr->len);
+		io->msg.iov = NULL;
+	} else {
+		ret = import_iovec(READ, uiov, iov_len, UIO_FASTIOV,
+					&io->msg.iov, &io->msg.msg.msg_iter);
+		if (ret > 0)
+			ret = 0;
+	}
+
+	return ret;
+}
+
+#ifdef CONFIG_COMPAT
+static int __io_compat_recvmsg_copy_hdr(struct io_kiocb *req,
+					struct io_async_ctx *io)
+{
+	struct compat_msghdr __user *msg_compat;
+	struct io_sr_msg *sr = &req->sr_msg;
+	struct compat_iovec __user *uiov;
+	compat_uptr_t ptr;
+	compat_size_t len;
+	int ret;
+
+	msg_compat = (struct compat_msghdr __user *) sr->msg;
+	ret = __get_compat_msghdr(&io->msg.msg, msg_compat, &io->msg.uaddr,
+					&ptr, &len);
+	if (ret)
+		return ret;
+
+	uiov = compat_ptr(ptr);
+	if (req->flags & REQ_F_BUFFER_SELECT) {
+		compat_ssize_t clen;
+
+		if (len > 1)
+			return -EINVAL;
+		if (!access_ok(uiov, sizeof(*uiov)))
+			return -EFAULT;
+		if (__get_user(clen, &uiov->iov_len))
+			return -EFAULT;
+		if (clen < 0)
+			return -EINVAL;
+		sr->len = io->msg.iov[0].iov_len;
+		io->msg.iov = NULL;
+	} else {
+		ret = compat_import_iovec(READ, uiov, len, UIO_FASTIOV,
+						&io->msg.iov,
+						&io->msg.msg.msg_iter);
+		if (ret < 0)
+			return ret;
+	}
+
+	return 0;
+}
+#endif
+
+static int io_recvmsg_copy_hdr(struct io_kiocb *req, struct io_async_ctx *io)
+{
+	io->msg.iov = io->msg.fast_iov;
+
+#ifdef CONFIG_COMPAT
+	if (req->ctx->compat)
+		return __io_compat_recvmsg_copy_hdr(req, io);
+#endif
+
+	return __io_recvmsg_copy_hdr(req, io);
+}
+
 static struct io_buffer *io_recv_buffer_select(struct io_kiocb *req,
    				       int *cflags, bool needs_lock)
 {
@@ -3565,9 +3653,7 @@ static int io_recvmsg_prep(struct io_kiocb *req,
    if (req->flags & REQ_F_NEED_CLEANUP)
    	return 0;
-	io->msg.iov = io->msg.fast_iov;
-	ret = recvmsg_copy_msghdr(&io->msg.msg, sr->msg, sr->msg_flags,
-					&io->msg.uaddr, &io->msg.iov);
+	ret = io_recvmsg_copy_hdr(req, io);
    if (!ret)
    	req->flags |= REQ_F_NEED_CLEANUP;
    return ret;
@@ -3581,13 +3667,14 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock)
 #if defined(CONFIG_NET)
    struct io_async_msghdr *kmsg = NULL;
    struct socket *sock;
-	int ret;
+	int ret, cflags = 0;
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
    	return -EINVAL;
sock = sock_from_file(req->file, &ret);
    if (sock) {
+		struct io_buffer *kbuf;
    	struct io_async_ctx io;
    	unsigned flags;
@@ -3599,19 +3686,23 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock)
    			kmsg->iov = kmsg->fast_iov;
    		kmsg->msg.msg_iter.iov = kmsg->iov;
    	} else {
-			struct io_sr_msg *sr = &req->sr_msg;
-
    		kmsg = &io.msg;
    		kmsg->msg.msg_name = &io.msg.addr;
-			io.msg.iov = io.msg.fast_iov;
-			ret = recvmsg_copy_msghdr(&io.msg.msg, sr->msg,
-					sr->msg_flags, &io.msg.uaddr,
-					&io.msg.iov);
+			ret = io_recvmsg_copy_hdr(req, &io);
    		if (ret)
    			return ret;
    	}
+		kbuf = io_recv_buffer_select(req, &cflags, !force_nonblock);
+		if (IS_ERR(kbuf)) {
+			return PTR_ERR(kbuf);
+		} else if (kbuf) {
+			kmsg->fast_iov[0].iov_base = u64_to_user_ptr(kbuf->addr);
+			iov_iter_init(&kmsg->msg.msg_iter, READ, kmsg->iov,
+					1, req->sr_msg.len);
+		}
+
    	flags = req->sr_msg.msg_flags;
    	if (flags & MSG_DONTWAIT)
    		req->flags |= REQ_F_NOWAIT;
@@ -3629,7 +3720,7 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock)
    if (kmsg && kmsg->iov != kmsg->fast_iov)
    	kfree(kmsg->iov);
    req->flags &= ~REQ_F_NEED_CLEANUP;
-	io_cqring_add_event(req, ret);
+	__io_cqring_add_event(req, ret, cflags);
    if (ret < 0)
    	req_set_fail_links(req);
    io_put_req(req);
@@ -4742,8 +4833,11 @@ static void io_cleanup_req(struct io_kiocb *req)
    	if (io->rw.iov != io->rw.fast_iov)
    		kfree(io->rw.iov);
    	break;
-	case IORING_OP_SENDMSG:
    case IORING_OP_RECVMSG:
+		if (req->flags & REQ_F_BUFFER_SELECTED)
+			kfree(req->sr_msg.kbuf);
+		/* fallthrough */
+	case IORING_OP_SENDMSG:
    	if (io->msg.iov != io->msg.fast_iov)
    		kfree(io->msg.iov);
    	break;
diff --git a/include/net/compat.h b/include/net/compat.h
index 2f861518cc89..5db8429b5947 100644
--- a/include/net/compat.h
+++ b/include/net/compat.h
@@ -32,6 +32,9 @@ struct compat_cmsghdr {
int compat_sock_get_timestamp(struct sock *, struct timeval __user *);
 int compat_sock_get_timestampns(struct sock *, struct timespec __user *);
+int __get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg,
+			struct sockaddr __user **save_addr, compat_uptr_t *ptr,
+			compat_size_t *len);
#else /* defined(CONFIG_COMPAT) */
 /*
@@ -41,9 +44,6 @@ int compat_sock_get_timestampns(struct sock *, struct timespec __user *);
 #define compat_mmsghdr	mmsghdr
 #endif /* defined(CONFIG_COMPAT) */
-int __get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg,
-			struct sockaddr __user **save_addr, compat_uptr_t *ptr,
-			compat_size_t *len);
 int get_compat_msghdr(struct msghdr *, struct compat_msghdr __user *,
    	      struct sockaddr __user **, struct iovec **);
 struct sock_fprog __user *get_compat_bpf_fprog(char __user *optval);
-- 
2.25.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 468/769] io_uring: add IOSQE_BUFFER_SELECT support for IORING_OP_RECVMSG