LXR linux-bk/fs/aio.c

   1/*
   2 *      An async IO implementation for Linux
   3 *      Written by Benjamin LaHaise <bcrl@redhat.com>
   4 *
   5 *      Implements an efficient asynchronous io interface.
   6 *
   7 *      Copyright 2000, 2001, 2002 Red Hat, Inc.  All Rights Reserved.
   8 *
   9 *      See ../COPYING for licensing terms.
  10 */
  11#include <linux/kernel.h>
  12#include <linux/errno.h>
  13#include <linux/time.h>
  14#include <linux/aio_abi.h>
  15
  16//#define DEBUG 1
  17
  18#include <linux/sched.h>
  19#include <linux/fs.h>
  20#include <linux/file.h>
  21#include <linux/mm.h>
  22#include <linux/mman.h>
  23#include <linux/vmalloc.h>
  24#include <linux/iobuf.h>
  25#include <linux/slab.h>
  26#include <linux/timer.h>
  27#include <linux/brlock.h>
  28#include <linux/aio.h>
  29#include <linux/smp_lock.h>
  30#include <linux/compiler.h>
  31#include <linux/brlock.h>
  32#include <linux/module.h>
  33#include <linux/tqueue.h>
  34#include <linux/highmem.h>
  35
  36#include <asm/kmap_types.h>
  37#include <asm/uaccess.h>
  38
  39#if DEBUG > 1
  40#define dprintk         printk
  41#else
  42#define dprintk(x...)   do { ; } while (0)
  43#endif
  44
  45/*------ sysctl variables----*/
  46atomic_t aio_nr = ATOMIC_INIT(0);       /* current system wide number of aio requests */
  47unsigned aio_max_nr = 0x10000;  /* system wide maximum number of aio requests */
  48/*----end sysctl variables---*/
  49
  50static kmem_cache_t     *kiocb_cachep;
  51static kmem_cache_t     *kioctx_cachep;
  52
  53/* Used for rare fput completion. */
  54static void aio_fput_routine(void *);
  55static struct tq_struct fput_tqueue = {
  56        .routine        = aio_fput_routine,
  57};
  58
  59static spinlock_t       fput_lock = SPIN_LOCK_UNLOCKED;
  60LIST_HEAD(fput_head);
  61
  62/* aio_setup
  63 *      Creates the slab caches used by the aio routines, panic on
  64 *      failure as this is done early during the boot sequence.
  65 */
  66static int __init aio_setup(void)
  67{
  68        kiocb_cachep = kmem_cache_create("kiocb", sizeof(struct kiocb),
  69                                0, SLAB_HWCACHE_ALIGN, NULL, NULL);
  70        if (!kiocb_cachep)
  71                panic("unable to create kiocb cache\n");
  72
  73        kioctx_cachep = kmem_cache_create("kioctx", sizeof(struct kioctx),
  74                                0, SLAB_HWCACHE_ALIGN, NULL, NULL);
  75        if (!kioctx_cachep)
  76                panic("unable to create kioctx cache");
  77
  78        printk(KERN_NOTICE "aio_setup: sizeof(struct page) = %d\n", (int)sizeof(struct page));
  79
  80        return 0;
  81}
  82
  83static void aio_free_ring(struct kioctx *ctx)
  84{
  85        struct aio_ring_info *info = &ctx->ring_info;
  86        long i;
  87
  88        for (i=0; i<info->nr_pages; i++)
  89                put_page(info->ring_pages[i]);
  90
  91        if (info->mmap_size) {
  92                down_write(&ctx->mm->mmap_sem);
  93                do_munmap(ctx->mm, info->mmap_base, info->mmap_size);
  94                up_write(&ctx->mm->mmap_sem);
  95        }
  96
  97        if (info->ring_pages && info->ring_pages != info->internal_pages)
  98                kfree(info->ring_pages);
  99        info->ring_pages = NULL;
 100        info->nr = 0;
 101}
 102
 103static int aio_setup_ring(struct kioctx *ctx)
 104{
 105        struct aio_ring *ring;
 106        struct aio_ring_info *info = &ctx->ring_info;
 107        unsigned nr_events = ctx->max_reqs;
 108        unsigned long size;
 109        int nr_pages;
 110
 111        /* Compensate for the ring buffer's head/tail overlap entry */
 112        nr_events += 2; /* 1 is required, 2 for good luck */
 113
 114        size = sizeof(struct aio_ring);
 115        size += sizeof(struct io_event) * nr_events;
 116        nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
 117
 118        if (nr_pages < 0)
 119                return -EINVAL;
 120
 121        info->nr_pages = nr_pages;
 122
 123        nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
 124
 125        info->nr = 0;
 126        info->ring_pages = info->internal_pages;
 127        if (nr_pages > AIO_RING_PAGES) {
 128                info->ring_pages = kmalloc(sizeof(struct page *) * nr_pages, GFP_KERNEL);
 129                if (!info->ring_pages)
 130                        return -ENOMEM;
 131                memset(info->ring_pages, 0, sizeof(struct page *) * nr_pages);
 132        }
 133
 134        info->mmap_size = nr_pages * PAGE_SIZE;
 135        dprintk("attempting mmap of %lu bytes\n", info->mmap_size);
 136        down_write(&ctx->mm->mmap_sem);
 137        info->mmap_base = do_mmap(NULL, 0, info->mmap_size, 
 138                                  PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE,
 139                                  0);
 140        if (IS_ERR((void *)info->mmap_base)) {
 141                up_write(&ctx->mm->mmap_sem);
 142                printk("mmap err: %ld\n", -info->mmap_base);
 143                info->mmap_size = 0;
 144                aio_free_ring(ctx);
 145                return -EAGAIN;
 146        }
 147
 148        dprintk("mmap address: 0x%08lx\n", info->mmap_base);
 149        info->nr_pages = get_user_pages(current, ctx->mm,
 150                                        info->mmap_base, info->mmap_size, 
 151                                        1, 0, info->ring_pages, NULL);
 152        up_write(&ctx->mm->mmap_sem);
 153
 154        if (unlikely(info->nr_pages != nr_pages)) {
 155                aio_free_ring(ctx);
 156                return -EAGAIN;
 157        }
 158
 159        ctx->user_id = info->mmap_base;
 160
 161        info->nr = nr_events;           /* trusted copy */
 162
 163        ring = kmap_atomic(info->ring_pages[0], KM_USER0);
 164        ring->nr = nr_events;   /* user copy */
 165        ring->id = ctx->user_id;
 166        ring->head = ring->tail = 0;
 167        ring->magic = AIO_RING_MAGIC;
 168        ring->compat_features = AIO_RING_COMPAT_FEATURES;
 169        ring->incompat_features = AIO_RING_INCOMPAT_FEATURES;
 170        ring->header_length = sizeof(struct aio_ring);
 171        kunmap_atomic(ring, KM_USER0);
 172
 173        return 0;
 174}
 175
 176/* aio_ring_event: returns a pointer to the event at the given index from
 177 * kmap_atomic(, km).  Release the pointer with put_aio_ring_event();
 178 */
 179static inline struct io_event *aio_ring_event(struct aio_ring_info *info, int nr, enum km_type km)
 180{
 181        struct io_event *events;
 182#define AIO_EVENTS_PER_PAGE     (PAGE_SIZE / sizeof(struct io_event))
 183#define AIO_EVENTS_FIRST_PAGE   ((PAGE_SIZE - sizeof(struct aio_ring)) / sizeof(struct io_event))
 184
 185        if (nr < AIO_EVENTS_FIRST_PAGE) {
 186                struct aio_ring *ring;
 187                ring = kmap_atomic(info->ring_pages[0], km);
 188                return &ring->io_events[nr];
 189        }
 190        nr -= AIO_EVENTS_FIRST_PAGE;
 191
 192        events = kmap_atomic(info->ring_pages[1 + nr / AIO_EVENTS_PER_PAGE], km);
 193
 194        return events + (nr % AIO_EVENTS_PER_PAGE);
 195}
 196
 197static inline void put_aio_ring_event(struct io_event *event, enum km_type km)
 198{
 199        void *p = (void *)((unsigned long)event & PAGE_MASK);
 200        kunmap_atomic(p, km);
 201}
 202
 203/* ioctx_alloc
 204 *      Allocates and initializes an ioctx.  Returns an ERR_PTR if it failed.
 205 */
 206static struct kioctx *ioctx_alloc(unsigned nr_events)
 207{
 208        struct mm_struct *mm;
 209        struct kioctx *ctx;
 210
 211        /* Prevent overflows */
 212        if ((nr_events > (0x10000000U / sizeof(struct io_event))) ||
 213            (nr_events > (0x10000000U / sizeof(struct kiocb)))) {
 214                pr_debug("ENOMEM: nr_events too high\n");
 215                return ERR_PTR(-EINVAL);
 216        }
 217
 218        if (nr_events > aio_max_nr)
 219                return ERR_PTR(-EAGAIN);
 220
 221        ctx = kmem_cache_alloc(kioctx_cachep, GFP_KERNEL);
 222        if (!ctx)
 223                return ERR_PTR(-ENOMEM);
 224
 225        memset(ctx, 0, sizeof(*ctx));
 226        ctx->max_reqs = nr_events;
 227        mm = ctx->mm = current->mm;
 228        atomic_inc(&mm->mm_count);
 229
 230        atomic_set(&ctx->users, 1);
 231        spin_lock_init(&ctx->ctx_lock);
 232        spin_lock_init(&ctx->ring_info.ring_lock);
 233        init_waitqueue_head(&ctx->wait);
 234
 235        INIT_LIST_HEAD(&ctx->active_reqs);
 236
 237        if (aio_setup_ring(ctx) < 0)
 238                goto out_freectx;
 239
 240        /* now link into global list.  kludge.  FIXME */
 241        atomic_add(ctx->max_reqs, &aio_nr);     /* undone by __put_ioctx */
 242        if (unlikely(atomic_read(&aio_nr) > aio_max_nr))
 243                goto out_cleanup;
 244        write_lock(&mm->ioctx_list_lock);
 245        ctx->next = mm->ioctx_list;
 246        mm->ioctx_list = ctx;
 247        write_unlock(&mm->ioctx_list_lock);
 248
 249        dprintk("aio: allocated ioctx %p[%ld]: mm=%p mask=0x%x\n",
 250                ctx, ctx->user_id, current->mm, ctx->ring_info.ring->nr);
 251        return ctx;
 252
 253out_cleanup:
 254        atomic_sub(ctx->max_reqs, &aio_nr);     /* undone by __put_ioctx */
 255        ctx->max_reqs = 0;      /* prevent __put_ioctx from sub'ing aio_nr */
 256        __put_ioctx(ctx);
 257        return ERR_PTR(-EAGAIN);
 258
 259out_freectx:
 260        kmem_cache_free(kioctx_cachep, ctx);
 261        ctx = ERR_PTR(-ENOMEM);
 262
 263        dprintk("aio: error allocating ioctx %p\n", ctx);
 264        return ctx;
 265}
 266
 267/* aio_cancel_all
 268 *      Cancels all outstanding aio requests on an aio context.  Used 
 269 *      when the processes owning a context have all exited to encourage 
 270 *      the rapid destruction of the kioctx.
 271 */
 272static void aio_cancel_all(struct kioctx *ctx)
 273{
 274        int (*cancel)(struct kiocb *, struct io_event *);
 275        struct io_event res;
 276        spin_lock_irq(&ctx->ctx_lock);
 277        ctx->dead = 1;
 278        while (!list_empty(&ctx->active_reqs)) {
 279                struct list_head *pos = ctx->active_reqs.next;
 280                struct kiocb *iocb = list_kiocb(pos);
 281                list_del_init(&iocb->ki_list);
 282                cancel = iocb->ki_cancel;
 283                if (cancel)
 284                        iocb->ki_users++;
 285                spin_unlock_irq(&ctx->ctx_lock);
 286                if (cancel)
 287                        cancel(iocb, &res);
 288                spin_lock_irq(&ctx->ctx_lock);
 289        }
 290        spin_unlock_irq(&ctx->ctx_lock);
 291}
 292
 293void wait_for_all_aios(struct kioctx *ctx)
 294{
 295        struct task_struct *tsk = current;
 296        DECLARE_WAITQUEUE(wait, tsk);
 297
 298        if (!ctx->reqs_active)
 299                return;
 300
 301        add_wait_queue(&ctx->wait, &wait);
 302        set_task_state(tsk, TASK_UNINTERRUPTIBLE);
 303        while (ctx->reqs_active) {
 304                printk("ctx->reqs_active = %d\n", ctx->reqs_active);
 305                schedule();
 306                set_task_state(tsk, TASK_UNINTERRUPTIBLE);
 307        }
 308        __set_task_state(tsk, TASK_RUNNING);
 309        remove_wait_queue(&ctx->wait, &wait);
 310}
 311
 312/* wait_on_sync_kiocb:
 313 *      Waits on the given sync kiocb to complete.
 314 */
 315ssize_t wait_on_sync_kiocb(struct kiocb *iocb)
 316{
 317        while (iocb->ki_users) {
 318                set_current_state(TASK_UNINTERRUPTIBLE);
 319                if (!iocb->ki_users)
 320                        break;
 321                schedule();
 322        }
 323        __set_current_state(TASK_RUNNING);
 324        return iocb->ki_user_data;
 325}
 326
 327/* exit_aio: called when the last user of mm goes away.  At this point, 
 328 * there is no way for any new requests to be submited or any of the 
 329 * io_* syscalls to be called on the context.  However, there may be 
 330 * outstanding requests which hold references to the context; as they 
 331 * go away, they will call put_ioctx and release any pinned memory
 332 * associated with the request (held via struct page * references).
 333 */
 334void exit_aio(struct mm_struct *mm)
 335{
 336        struct kioctx *ctx = mm->ioctx_list;
 337        mm->ioctx_list = NULL;
 338        while (ctx) {
 339                struct kioctx *next = ctx->next;
 340                ctx->next = NULL;
 341                aio_cancel_all(ctx);
 342
 343                wait_for_all_aios(ctx);
 344
 345                if (1 != atomic_read(&ctx->users))
 346                        printk(KERN_DEBUG
 347                                "exit_aio:ioctx still alive: %d %d %d\n",
 348                                atomic_read(&ctx->users), ctx->dead,
 349                                ctx->reqs_active);
 350                put_ioctx(ctx);
 351                ctx = next;
 352        }
 353}
 354
 355/* __put_ioctx
 356 *      Called when the last user of an aio context has gone away,
 357 *      and the struct needs to be freed.
 358 */
 359void __put_ioctx(struct kioctx *ctx)
 360{
 361        unsigned nr_events = ctx->max_reqs;
 362
 363        if (unlikely(ctx->reqs_active))
 364                BUG();
 365
 366        aio_free_ring(ctx);
 367        mmdrop(ctx->mm);
 368        ctx->mm = NULL;
 369        pr_debug("__put_ioctx: freeing %p\n", ctx);
 370        kmem_cache_free(kioctx_cachep, ctx);
 371
 372        atomic_sub(nr_events, &aio_nr);
 373}
 374
 375/* aio_get_req
 376 *      Allocate a slot for an aio request.  Increments the users count
 377 * of the kioctx so that the kioctx stays around until all requests are
 378 * complete.  Returns -EAGAIN if no requests are free.
 379 */
 380static struct kiocb *FASTCALL(__aio_get_req(struct kioctx *ctx));
 381static struct kiocb *__aio_get_req(struct kioctx *ctx)
 382{
 383        struct kiocb *req = NULL;
 384        struct aio_ring *ring;
 385
 386        req = kmem_cache_alloc(kiocb_cachep, GFP_KERNEL);
 387        if (unlikely(!req))
 388                return NULL;
 389
 390        /* Check if the completion queue has enough free space to
 391         * accept an event from this io.
 392         */
 393        spin_lock_irq(&ctx->ctx_lock);
 394        ring = kmap_atomic(ctx->ring_info.ring_pages[0], KM_USER0);
 395        if (likely(ctx->reqs_active < aio_ring_avail(&ctx->ring_info, ring))) {
 396                list_add(&req->ki_list, &ctx->active_reqs);
 397                get_ioctx(ctx);
 398                ctx->reqs_active++;
 399                req->ki_user_obj = NULL;
 400                req->ki_ctx = ctx;
 401                req->ki_users = 1;
 402        } else
 403                kmem_cache_free(kiocb_cachep, req);
 404        kunmap_atomic(ring, KM_USER0);
 405        spin_unlock_irq(&ctx->ctx_lock);
 406
 407        return req;
 408}
 409
 410static inline struct kiocb *aio_get_req(struct kioctx *ctx)
 411{
 412        struct kiocb *req;
 413        /* Handle a potential starvation case -- should be exceedingly rare as 
 414         * requests will be stuck on fput_head only if the aio_fput_routine is 
 415         * delayed and the requests were the last user of the struct file.
 416         */
 417        req = __aio_get_req(ctx);
 418        if (unlikely(NULL == req)) {
 419                aio_fput_routine(NULL);
 420                req = __aio_get_req(ctx);
 421        }
 422        return req;
 423}
 424
 425static inline void really_put_req(struct kioctx *ctx, struct kiocb *req)
 426{
 427        req->ki_ctx = NULL;
 428        req->ki_filp = NULL;
 429        req->ki_user_obj = NULL;
 430        kmem_cache_free(kiocb_cachep, req);
 431        ctx->reqs_active--;
 432
 433        if (unlikely(!ctx->reqs_active && ctx->dead))
 434                wake_up(&ctx->wait);
 435}
 436
 437static void aio_fput_routine(void *data)
 438{
 439        spin_lock_irq(&fput_lock);
 440        while (likely(!list_empty(&fput_head))) {
 441                struct kiocb *req = list_kiocb(fput_head.next);
 442                struct kioctx *ctx = req->ki_ctx;
 443
 444                list_del(&req->ki_list);
 445                spin_unlock_irq(&fput_lock);
 446
 447                /* Complete the fput */
 448                __fput(req->ki_filp);
 449
 450                /* Link the iocb into the context's free list */
 451                spin_lock_irq(&ctx->ctx_lock);
 452                really_put_req(ctx, req);
 453                spin_unlock_irq(&ctx->ctx_lock);
 454
 455                put_ioctx(ctx);
 456                spin_lock_irq(&fput_lock);
 457        }
 458        spin_unlock_irq(&fput_lock);
 459}
 460
 461/* __aio_put_req
 462 *      Returns true if this put was the last user of the request.
 463 */
 464static inline int __aio_put_req(struct kioctx *ctx, struct kiocb *req)
 465{
 466        dprintk(KERN_DEBUG "aio_put(%p): f_count=%d\n",
 467                req, atomic_read(&req->ki_filp->f_count));
 468
 469        req->ki_users --;
 470        if (unlikely(req->ki_users < 0))
 471                BUG();
 472        if (likely(req->ki_users))
 473                return 0;
 474        list_del(&req->ki_list);                /* remove from active_reqs */
 475        req->ki_cancel = NULL;
 476
 477        /* Must be done under the lock to serialise against cancellation.
 478         * Call this aio_fput as it duplicates fput via the fput_tqueue.
 479         */
 480        if (unlikely(atomic_dec_and_test(&req->ki_filp->f_count))) {
 481                get_ioctx(ctx);
 482                spin_lock(&fput_lock);
 483                list_add(&req->ki_list, &fput_head);
 484                spin_unlock(&fput_lock);
 485                schedule_task(&fput_tqueue);
 486        } else
 487                really_put_req(ctx, req);
 488        return 1;
 489}
 490
 491/* aio_put_req
 492 *      Returns true if this put was the last user of the kiocb,
 493 *      false if the request is still in use.
 494 */
 495int aio_put_req(struct kiocb *req)
 496{
 497        struct kioctx *ctx = req->ki_ctx;
 498        int ret;
 499        spin_lock_irq(&ctx->ctx_lock);
 500        ret = __aio_put_req(ctx, req);
 501        spin_unlock_irq(&ctx->ctx_lock);
 502        if (ret)
 503                put_ioctx(ctx);
 504        return ret;
 505}
 506
 507/*      Lookup an ioctx id.  ioctx_list is lockless for reads.
 508 *      FIXME: this is O(n) and is only suitable for development.
 509 */
 510static inline struct kioctx *lookup_ioctx(unsigned long ctx_id)
 511{
 512        struct kioctx *ioctx;
 513        struct mm_struct *mm;
 514
 515        mm = current->mm;
 516        read_lock(&mm->ioctx_list_lock);
 517        for (ioctx = mm->ioctx_list; ioctx; ioctx = ioctx->next)
 518                if (likely(ioctx->user_id == ctx_id && !ioctx->dead)) {
 519                        get_ioctx(ioctx);
 520                        break;
 521                }
 522        read_unlock(&mm->ioctx_list_lock);
 523
 524        return ioctx;
 525}
 526
 527/* aio_complete
 528 *      Called when the io request on the given iocb is complete.
 529 *      Returns true if this is the last user of the request.  The 
 530 *      only other user of the request can be the cancellation code.
 531 */
 532int aio_complete(struct kiocb *iocb, long res, long res2)
 533{
 534        struct kioctx   *ctx = iocb->ki_ctx;
 535        struct aio_ring_info    *info;
 536        struct aio_ring *ring;
 537        struct io_event *event;
 538        unsigned long   flags;
 539        unsigned long   tail;
 540        int             ret;
 541
 542        /* Special case handling for sync iocbs: events go directly
 543         * into the iocb for fast handling.  Note that this will not 
 544         * work if we allow sync kiocbs to be cancelled. in which
 545         * case the usage count checks will have to move under ctx_lock
 546         * for all cases.
 547         */
 548        if (ctx == &ctx->mm->default_kioctx) {
 549                int ret;
 550
 551                iocb->ki_user_data = res;
 552                if (iocb->ki_users == 1) {
 553                        iocb->ki_users = 0;
 554                        return 1;
 555                }
 556                spin_lock_irq(&ctx->ctx_lock);
 557                iocb->ki_users--;
 558                ret = (0 == iocb->ki_users);
 559                spin_unlock_irq(&ctx->ctx_lock);
 560                return 0;
 561        }
 562
 563        info = &ctx->ring_info;
 564
 565        /* add a completion event to the ring buffer.
 566         * must be done holding ctx->ctx_lock to prevent
 567         * other code from messing with the tail
 568         * pointer since we might be called from irq
 569         * context.
 570         */
 571        spin_lock_irqsave(&ctx->ctx_lock, flags);
 572
 573        ring = kmap_atomic(info->ring_pages[0], KM_IRQ1);
 574
 575        tail = info->tail;
 576        event = aio_ring_event(info, tail, KM_IRQ0);
 577        tail = (tail + 1) % info->nr;
 578
 579        event->obj = (u64)(unsigned long)iocb->ki_user_obj;
 580        event->data = iocb->ki_user_data;
 581        event->res = res;
 582        event->res2 = res2;
 583
 584        dprintk("aio_complete: %p[%lu]: %p: %p %Lx %lx %lx\n",
 585                ctx, tail, iocb, iocb->ki_user_obj, iocb->ki_user_data,
 586                res, res2);
 587
 588        /* after flagging the request as done, we
 589         * must never even look at it again
 590         */
 591        barrier();
 592
 593        info->tail = tail;
 594        ring->tail = tail;
 595
 596        wmb();
 597        put_aio_ring_event(event, KM_IRQ0);
 598        kunmap_atomic(ring, KM_IRQ1);
 599
 600        pr_debug("added to ring %p at [%lu]\n", iocb, tail);
 601
 602        /* everything turned out well, dispose of the aiocb. */
 603        ret = __aio_put_req(ctx, iocb);
 604
 605        spin_unlock_irqrestore(&ctx->ctx_lock, flags);
 606
 607        if (waitqueue_active(&ctx->wait))
 608                wake_up(&ctx->wait);
 609
 610        if (ret)
 611                put_ioctx(ctx);
 612
 613        return ret;
 614}
 615
 616/* aio_read_evt
 617 *      Pull an event off of the ioctx's event ring.  Returns the number of 
 618 *      events fetched (0 or 1 ;-)
 619 *      FIXME: make this use cmpxchg.
 620 *      TODO: make the ringbuffer user mmap()able (requires FIXME).
 621 */
 622static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
 623{
 624        struct aio_ring_info *info = &ioctx->ring_info;
 625        struct aio_ring *ring;
 626        unsigned long head;
 627        int ret = 0;
 628
 629        ring = kmap_atomic(info->ring_pages[0], KM_USER0);
 630        dprintk("in aio_read_evt h%lu t%lu m%lu\n",
 631                 (unsigned long)ring->head, (unsigned long)ring->tail,
 632                 (unsigned long)ring->nr);
 633        barrier();
 634        if (ring->head == ring->tail)
 635                goto out;
 636
 637        spin_lock(&info->ring_lock);
 638
 639        head = ring->head % info->nr;
 640        if (head != ring->tail) {
 641                struct io_event *evp = aio_ring_event(info, head, KM_USER1);
 642                *ent = *evp;
 643                head = (head + 1) % info->nr;
 644                barrier();
 645                ring->head = head;
 646                ret = 1;
 647                put_aio_ring_event(evp, KM_USER1);
 648        }
 649        spin_unlock(&info->ring_lock);
 650
 651out:
 652        kunmap_atomic(ring, KM_USER0);
 653        dprintk("leaving aio_read_evt: %d  h%lu t%lu\n", ret,
 654                 (unsigned long)ring->head, (unsigned long)ring->tail);
 655        return ret;
 656}
 657
 658struct timeout {
 659        struct timer_list       timer;
 660        int                     timed_out;
 661        struct task_struct      *p;
 662};
 663
 664static void timeout_func(unsigned long data)
 665{
 666        struct timeout *to = (struct timeout *)data;
 667
 668        to->timed_out = 1;
 669        wake_up_process(to->p);
 670}
 671
 672static inline void init_timeout(struct timeout *to)
 673{
 674        init_timer(&to->timer);
 675        to->timer.data = (unsigned long)to;
 676        to->timer.function = timeout_func;
 677        to->timed_out = 0;
 678        to->p = current;
 679}
 680
 681static inline void set_timeout(long start_jiffies, struct timeout *to,
 682                               const struct timespec *ts)
 683{
 684        unsigned long how_long;
 685
 686        if (ts->tv_sec < 0 || (!ts->tv_sec && !ts->tv_nsec)) {
 687                to->timed_out = 1;
 688                return;
 689        }
 690
 691        how_long = ts->tv_sec * HZ;
 692#define HZ_NS (1000000000 / HZ)
 693        how_long += (ts->tv_nsec + HZ_NS - 1) / HZ_NS;
 694        
 695        to->timer.expires = jiffies + how_long;
 696        add_timer(&to->timer);
 697}
 698
 699static inline void clear_timeout(struct timeout *to)
 700{
 701        del_timer_sync(&to->timer);
 702}
 703
 704static int read_events(struct kioctx *ctx,
 705                        long min_nr, long nr,
 706                        struct io_event *event,
 707                        struct timespec *timeout)
 708{
 709        long                    start_jiffies = jiffies;
 710        struct task_struct      *tsk = current;
 711        DECLARE_WAITQUEUE(wait, tsk);
 712        int                     ret;
 713        int                     i = 0;
 714        struct io_event         ent;
 715        struct timeout          to;
 716
 717        /* needed to zero any padding within an entry (there shouldn't be 
 718         * any, but C is fun!
 719         */
 720        memset(&ent, 0, sizeof(ent));
 721        ret = 0;
 722
 723        while (likely(i < nr)) {
 724                ret = aio_read_evt(ctx, &ent);
 725                if (unlikely(ret <= 0))
 726                        break;
 727
 728                dprintk("read event: %Lx %Lx %Lx %Lx\n",
 729                        ent.data, ent.obj, ent.res, ent.res2);
 730
 731                /* Could we split the check in two? */
 732                ret = -EFAULT;
 733                if (unlikely(copy_to_user(event, &ent, sizeof(ent)))) {
 734                        dprintk("aio: lost an event due to EFAULT.\n");
 735                        break;
 736                }
 737                ret = 0;
 738
 739                /* Good, event copied to userland, update counts. */
 740                event ++;
 741                i ++;
 742        }
 743
 744        if (min_nr <= i)
 745                return i;
 746        if (ret)
 747                return ret;
 748
 749        /* End fast path */
 750
 751        if (timeout) {
 752                struct timespec ts;
 753                ret = -EFAULT;
 754                if (unlikely(copy_from_user(&ts, timeout, sizeof(ts))))
 755                        goto out;
 756
 757                init_timeout(&to);
 758                set_timeout(start_jiffies, &to, &ts);
 759        }
 760
 761        while (likely(i < nr)) {
 762                add_wait_queue_exclusive(&ctx->wait, &wait);
 763                do {
 764                        set_task_state(tsk, TASK_INTERRUPTIBLE);
 765
 766                        ret = aio_read_evt(ctx, &ent);
 767                        if (ret)
 768                                break;
 769                        if (min_nr <= i)
 770                                break;
 771                        ret = 0;
 772                        if (to.timed_out)       /* Only check after read evt */
 773                                break;
 774                        schedule();
 775                        if (signal_pending(tsk)) {
 776                                ret = -EINTR;
 777                                break;
 778                        }
 779                        /*ret = aio_read_evt(ctx, &ent);*/
 780                } while (1) ;
 781
 782                set_task_state(tsk, TASK_RUNNING);
 783                remove_wait_queue(&ctx->wait, &wait);
 784
 785                if (unlikely(ret <= 0))
 786                        break;
 787
 788                ret = -EFAULT;
 789                if (unlikely(copy_to_user(event, &ent, sizeof(ent)))) {
 790                        dprintk("aio: lost an event due to EFAULT.\n");
 791                        break;
 792                }
 793
 794                /* Good, event copied to userland, update counts. */
 795                event ++;
 796                i ++;
 797        }
 798
 799        if (timeout)
 800                clear_timeout(&to);
 801out:
 802        return i ? i : ret;
 803}
 804
 805/* Take an ioctx and remove it from the list of ioctx's.  Protects 
 806 * against races with itself via ->dead.
 807 */
 808static void io_destroy(struct kioctx *ioctx)
 809{
 810        struct mm_struct *mm = current->mm;
 811        struct kioctx **tmp;
 812        int was_dead;
 813
 814        /* delete the entry from the list is someone else hasn't already */
 815        write_lock(&mm->ioctx_list_lock);
 816        was_dead = ioctx->dead;
 817        ioctx->dead = 1;
 818        for (tmp = &mm->ioctx_list; *tmp && *tmp != ioctx;
 819             tmp = &(*tmp)->next)
 820                ;
 821        if (*tmp)
 822                *tmp = ioctx->next;
 823        write_unlock(&mm->ioctx_list_lock);
 824
 825        dprintk("aio_release(%p)\n", ioctx);
 826        if (likely(!was_dead))
 827                put_ioctx(ioctx);       /* twice for the list */
 828
 829        aio_cancel_all(ioctx);
 830        wait_for_all_aios(ioctx);
 831        put_ioctx(ioctx);       /* once for the lookup */
 832}
 833
 834/* sys_io_setup:
 835 *      Create an aio_context capable of receiving at least nr_events.
 836 *      ctxp must not point to an aio_context that already exists, and
 837 *      must be initialized to 0 prior to the call.  On successful
 838 *      creation of the aio_context, *ctxp is filled in with the resulting 
 839 *      handle.  May fail with -EINVAL if *ctxp is not initialized,
 840 *      if the specified nr_events exceeds internal limits.  May fail 
 841 *      with -EAGAIN if the specified nr_events exceeds the user's limit 
 842 *      of available events.  May fail with -ENOMEM if insufficient kernel
 843 *      resources are available.  May fail with -EFAULT if an invalid
 844 *      pointer is passed for ctxp.  Will fail with -ENOSYS if not
 845 *      implemented.
 846 */
 847asmlinkage long sys_io_setup(unsigned nr_events, aio_context_t *ctxp)
 848{
 849        struct kioctx *ioctx = NULL;
 850        unsigned long ctx;
 851        long ret;
 852
 853        ret = get_user(ctx, ctxp);
 854        if (unlikely(ret))
 855                goto out;
 856
 857        ret = -EINVAL;
 858        if (unlikely(ctx || !nr_events || (int)nr_events < 0)) {
 859                pr_debug("EINVAL: io_setup: ctx or nr_events > max\n");
 860                goto out;
 861        }
 862
 863        ioctx = ioctx_alloc(nr_events);
 864        ret = PTR_ERR(ioctx);
 865        if (!IS_ERR(ioctx)) {
 866                ret = put_user(ioctx->user_id, ctxp);
 867                if (!ret)
 868                        return 0;
 869                io_destroy(ioctx);
 870        }
 871
 872out:
 873        return ret;
 874}
 875
 876/* sys_io_destroy:
 877 *      Destroy the aio_context specified.  May cancel any outstanding 
 878 *      AIOs and block on completion.  Will fail with -ENOSYS if not
 879 *      implemented.  May fail with -EFAULT if the context pointed to
 880 *      is invalid.
 881 */
 882asmlinkage long sys_io_destroy(aio_context_t ctx)
 883{
 884        struct kioctx *ioctx = lookup_ioctx(ctx);
 885        if (likely(NULL != ioctx)) {
 886                io_destroy(ioctx);
 887                return 0;
 888        }
 889        pr_debug("EINVAL: io_destroy: invalid context id\n");
 890        return -EINVAL;
 891}
 892
 893static int FASTCALL(io_submit_one(struct kioctx *ctx, struct iocb *user_iocb,
 894                                  struct iocb *iocb));
 895static int io_submit_one(struct kioctx *ctx, struct iocb *user_iocb,
 896                         struct iocb *iocb)
 897{
 898        struct kiocb *req;
 899        struct file *file;
 900        ssize_t ret;
 901        char *buf;
 902
 903        /* enforce forwards compatibility on users */
 904        if (unlikely(iocb->aio_reserved1 || iocb->aio_reserved2 ||
 905                     iocb->aio_reserved3)) {
 906                pr_debug("EINVAL: io_submit: reserve field set\n");
 907                return -EINVAL;
 908        }
 909
 910        /* prevent overflows */
 911        if (unlikely(
 912            (iocb->aio_buf != (unsigned long)iocb->aio_buf) ||
 913            (iocb->aio_nbytes != (size_t)iocb->aio_nbytes) ||
 914            ((ssize_t)iocb->aio_nbytes < 0)
 915           )) {
 916                pr_debug("EINVAL: io_submit: overflow check\n");
 917                return -EINVAL;
 918        }
 919
 920        file = fget(iocb->aio_fildes);
 921        if (unlikely(!file))
 922                return -EBADF;
 923
 924        req = aio_get_req(ctx);
 925        if (unlikely(!req)) {
 926                fput(file);
 927                return -EAGAIN;
 928        }
 929
 930        req->ki_filp = file;
 931        iocb->aio_key = req->ki_key;
 932        ret = put_user(iocb->aio_key, &user_iocb->aio_key);
 933        if (unlikely(ret)) {
 934                dprintk("EFAULT: aio_key\n");
 935                goto out_put_req;
 936        }
 937
 938        req->ki_user_obj = user_iocb;
 939        req->ki_user_data = iocb->aio_data;
 940
 941        buf = (char *)(unsigned long)iocb->aio_buf;
 942
 943        switch (iocb->aio_lio_opcode) {
 944        case IOCB_CMD_PREAD:
 945                ret = -EBADF;
 946                if (unlikely(!(file->f_mode & FMODE_READ)))
 947                        goto out_put_req;
 948                ret = -EFAULT;
 949                if (unlikely(!access_ok(VERIFY_WRITE, buf, iocb->aio_nbytes)))
 950                        goto out_put_req;
 951                ret = -EINVAL;
 952                if (file->f_op->aio_read)
 953                        ret = file->f_op->aio_read(req, buf,
 954                                        iocb->aio_nbytes, iocb->aio_offset);
 955                break;
 956        case IOCB_CMD_PWRITE:
 957                ret = -EBADF;
 958                if (unlikely(!(file->f_mode & FMODE_WRITE)))
 959                        goto out_put_req;
 960                ret = -EFAULT;
 961                if (unlikely(!access_ok(VERIFY_READ, buf, iocb->aio_nbytes)))
 962                        goto out_put_req;
 963                ret = -EINVAL;
 964                if (file->f_op->aio_write)
 965                        ret = file->f_op->aio_write(req, buf,
 966                                        iocb->aio_nbytes, iocb->aio_offset);
 967                break;
 968        case IOCB_CMD_FDSYNC:
 969                ret = -EINVAL;
 970                if (file->f_op->aio_fsync)
 971                        ret = file->f_op->aio_fsync(req, 1);
 972                break;
 973        case IOCB_CMD_FSYNC:
 974                ret = -EINVAL;
 975                if (file->f_op->aio_fsync)
 976                        ret = file->f_op->aio_fsync(req, 0);
 977                break;
 978        default:
 979                dprintk("EINVAL: io_submit: no operation provided\n");
 980                ret = -EINVAL;
 981        }
 982
 983        if (likely(EIOCBQUEUED == ret))
 984                return 0;
 985        if (ret >= 0) {
 986                aio_complete(req, ret, 0);
 987                return 0;
 988        }
 989
 990out_put_req:
 991        aio_put_req(req);
 992        return ret;
 993}
 994
 995/* sys_io_submit:
 996 *      Queue the nr iocbs pointed to by iocbpp for processing.  Returns
 997 *      the number of iocbs queued.  May return -EINVAL if the aio_context
 998 *      specified by ctx_id is invalid, if nr is < 0, if the iocb at
 999 *      *iocbpp[0] is not properly initialized, if the operation specified
1000 *      is invalid for the file descriptor in the iocb.  May fail with

1001 *      -EFAULT if any of the data structures point to invalid data.  May
1002 *      fail with -EBADF if the file descriptor specified in the first
1003 *      iocb is invalid.  May fail with -EAGAIN if insufficient resources
1004 *      are available to queue any iocbs.  Will return 0 if nr is 0.  Will
1005 *      fail with -ENOSYS if not implemented.
1006 */
1007asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr,
1008                              struct iocb **iocbpp)
1009{
1010        struct kioctx *ctx;
1011        long ret = 0;
1012        int i;
1013
1014        if (unlikely(nr < 0))
1015                return -EINVAL;
1016
1017        if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(*iocbpp)))))
1018                return -EFAULT;
1019
1020        ctx = lookup_ioctx(ctx_id);
1021        if (unlikely(!ctx)) {
1022                pr_debug("EINVAL: io_submit: invalid context id\n");
1023                return -EINVAL;
1024        }
1025
1026        for (i=0; i<nr; i++) {
1027                struct iocb *user_iocb, tmp;
1028
1029                if (unlikely(__get_user(user_iocb, iocbpp + i))) {
1030                        ret = -EFAULT;
1031                        break;
1032                }
1033
1034                if (unlikely(copy_from_user(&tmp, user_iocb, sizeof(tmp)))) {
1035                        ret = -EFAULT;
1036                        break;
1037                }
1038
1039                ret = io_submit_one(ctx, user_iocb, &tmp);
1040                if (ret)
1041                        break;
1042        }
1043
1044        put_ioctx(ctx);
1045        return i ? i : ret;
1046}
1047
1048/* lookup_kiocb
1049 *      Finds a given iocb for cancellation.
1050 *      MUST be called with ctx->ctx_lock held.
1051 */
1052struct kiocb *lookup_kiocb(struct kioctx *ctx, struct iocb *iocb, u32 key)
1053{
1054        struct list_head *pos;
1055        /* TODO: use a hash or array, this sucks. */
1056        list_for_each(pos, &ctx->active_reqs) {
1057                struct kiocb *kiocb = list_kiocb(pos);
1058                if (kiocb->ki_user_obj == iocb && kiocb->ki_key == key)
1059                        return kiocb;
1060        }
1061        return NULL;
1062}
1063
1064/* sys_io_cancel:
1065 *      Attempts to cancel an iocb previously passed to io_submit.  If
1066 *      the operation is successfully cancelled, the resulting event is
1067 *      copied into the memory pointed to by result without being placed
1068 *      into the completion queue and 0 is returned.  May fail with
1069 *      -EFAULT if any of the data structures pointed to are invalid.
1070 *      May fail with -EINVAL if aio_context specified by ctx_id is
1071 *      invalid.  May fail with -EAGAIN if the iocb specified was not
1072 *      cancelled.  Will fail with -ENOSYS if not implemented.
1073 */
1074asmlinkage long sys_io_cancel(aio_context_t ctx_id, struct iocb *iocb,
1075                              struct io_event *result)
1076{
1077        int (*cancel)(struct kiocb *iocb, struct io_event *res);
1078        struct kioctx *ctx;
1079        struct kiocb *kiocb;
1080        u32 key;
1081        int ret;
1082
1083        ret = get_user(key, &iocb->aio_key);
1084        if (unlikely(ret))
1085                return -EFAULT;
1086
1087        ctx = lookup_ioctx(ctx_id);
1088        if (unlikely(!ctx))
1089                return -EINVAL;
1090
1091        spin_lock_irq(&ctx->ctx_lock);
1092        ret = -EAGAIN;
1093        kiocb = lookup_kiocb(ctx, iocb, key);
1094        if (kiocb && kiocb->ki_cancel) {
1095                cancel = kiocb->ki_cancel;
1096                kiocb->ki_users ++;
1097        } else
1098                cancel = NULL;
1099        spin_unlock_irq(&ctx->ctx_lock);
1100
1101        if (NULL != cancel) {
1102                struct io_event tmp;
1103                printk("calling cancel\n");
1104                ret = cancel(kiocb, &tmp);
1105                if (!ret) {
1106                        /* Cancellation succeeded -- copy the result
1107                         * into the user's buffer.
1108                         */
1109                        if (copy_to_user(result, &tmp, sizeof(tmp)))
1110                                ret = -EFAULT;
1111                }
1112        } else
1113                printk(KERN_DEBUG "iocb has no cancel operation\n");
1114
1115        put_ioctx(ctx);
1116
1117        return ret;
1118}
1119
1120/* io_getevents:
1121 *      Attempts to read at least min_nr events and up to nr events from
1122 *      the completion queue for the aio_context specified by ctx_id.  May
1123 *      fail with -EINVAL if ctx_id is invalid, if min_nr is out of range,
1124 *      if nr is out of range, if when is out of range.  May fail with
1125 *      -EFAULT if any of the memory specified to is invalid.  May return
1126 *      0 or < min_nr if no events are available and the timeout specified
1127 *      by when has elapsed, where when == NULL specifies an infinite
1128 *      timeout.  Note that the timeout pointed to by when is relative and
1129 *      will be updated if not NULL and the operation blocks.  Will fail
1130 *      with -ENOSYS if not implemented.
1131 */
1132asmlinkage long sys_io_getevents(aio_context_t ctx_id,
1133                                 long min_nr,
1134                                 long nr,
1135                                 struct io_event *events,
1136                                 struct timespec *timeout)
1137{
1138        struct kioctx *ioctx = lookup_ioctx(ctx_id);
1139        long ret = -EINVAL;
1140
1141        if (unlikely(min_nr > nr || min_nr < 0 || nr < 0))
1142                return ret;
1143
1144        if (likely(NULL != ioctx)) {
1145                ret = read_events(ioctx, min_nr, nr, events, timeout);
1146                put_ioctx(ioctx);
1147        }
1148
1149        return ret;
1150}
1151
1152__initcall(aio_setup);
1153
1154EXPORT_SYMBOL(aio_complete);
1155EXPORT_SYMBOL(aio_put_req);
1156