Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2512281ybd;
        Mon, 24 Jun 2019 07:42:34 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz3osecAcU9p0rEG/kDdqLt79cVQuu3DgqVprp5OV3B3GVQw4TkzDlUthBW5h+KPzJ1rRQa
X-Received: by 2002:a17:90a:be0d:: with SMTP id a13mr24127269pjs.84.1561387354821;
        Mon, 24 Jun 2019 07:42:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561387354; cv=none;
        d=google.com; s=arc-20160816;
        b=TDUv2s1VzeOYBpk54gmE6mDgjPbRQXgzozw2LGwGEjQxNu+5uicRL5MLFMyqrcOoVA
         o1dkXtgBwesoMO/M2YmCT/vm4wGHCYodt4pAlK7rIVqBIKalVa9fjbLb7elNPtrxFwL/
         sO27ZZFXkWTe/GuiaLrw9lnK3avAA9nheEYQwu8MltMECh6ZltIJOGQ1ef8Ao2pmk4mX
         GASezs93SIvQoiN+9C6eV2c6uNtLaXxvhv2rfd0YSUgo8iK9gYQjhF0jVK+6Q2Dn70bp
         5Z0TvFuPU8Fuo0MpVP4An24EkTpu0HF1WruWsFdl7V6ZCdWD7HoXh8csJQ/LGcSGW+yn
         QZwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:from;
        bh=pCSkWNX4EvX6EnQRaXWT29/k4ae0H98ibP3HDNVVdJc=;
        b=JyByXR2VNICDLqkhvs0hZdK7sFRyEawgiWa0Q4S51ktq4TsH/oE79xi1Z+afpv4lmR
         4OU4m72C74OVPbvKh5HSO2rY5Pc8wc2MZzSQ8f94anCEWg3ij5+PmvgM8LdiZiZhWtLH
         RF80Z7GCgzMIm31u23meBqmVKQU9a8Z2vp+KOPXFYq1h76Gawxim6emx2CE060MbBcTR
         Q9VBfcQXqq38vXAUvSiMX9KHA7gCbvnPfJ1Z03p4cumL8wF78nA6m20Lm4454PEeEBOA
         tcKYiOhKSqZqb3XjuBH6DnC+Efn/7UZzlEfk8wlE8XUZMG3fY8xe/LHS/6nIvelcaSBq
         hLFg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q125si10189126pgq.483.2019.06.24.07.42.19;
        Mon, 24 Jun 2019 07:42:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729192AbfFXOmI (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 24 Jun 2019 10:42:08 -0400
Received: from mx2.suse.de ([195.135.220.15]:50338 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727661AbfFXOmE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jun 2019 10:42:04 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 2F40DAE5C;
        Mon, 24 Jun 2019 14:42:01 +0000 (UTC)
From:   Roman Penyaev <rpenyaev@suse.de>
Cc:     Roman Penyaev <rpenyaev@suse.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v5 03/14] epoll: allocate user header and user events ring for polling from userspace
Date:   Mon, 24 Jun 2019 16:41:40 +0200
Message-Id: <20190624144151.22688-4-rpenyaev@suse.de>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190624144151.22688-1-rpenyaev@suse.de>
References: <20190624144151.22688-1-rpenyaev@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
To:     unlisted-recipients:; (no To-header on input)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This one allocates user header and user events ring according to max items
number, passed as a parameter.  User events (index) ring is in a pow2.
Pages, which will be shared between kernel and userspace, are accounted
through user->locked_vm counter.

No support on architectures with reduced set of atomic ops, namely
arc-plat-eznps, sparc32, parisc.  These architectures have a single
atomic op (something like xchg) and others ops are fudged in kernel
with a support of a spinlock, thus it is impossible to safely share
a variable with a userspace and expect that this variable will not
to be corrupted or observed correctly.  For these archs -EOPNOTSUP
is returned.

Signed-off-by: Roman Penyaev <rpenyaev@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
 fs/eventpoll.c                 | 160 +++++++++++++++++++++++++++++++--
 include/uapi/linux/eventpoll.h |   3 +-
 2 files changed, 155 insertions(+), 8 deletions(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 6d7a5fe4a831..b6682365d970 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -228,6 +228,33 @@ struct eventpoll {
 
 	struct file *file;
 
+	/* User header with array of items */
+	struct epoll_uheader *user_header;
+
+	/* User index, which acts as a ring of coming events */
+	unsigned int *user_index;
+
+	/* Actual length of user header, always aligned on page */
+	unsigned int header_length;
+
+	/* Actual length of user index, always pow2 */
+	unsigned int index_length;
+
+	/* Maximum possible event items */
+	unsigned int max_items_nr;
+
+	/* Items bitmap, is used to get a free bit for new registered epi */
+	unsigned long *items_bm;
+
+	/* Length of both items bitmaps, always aligned on page */
+	unsigned int items_bm_length;
+
+	/*
+	 * Counter to support atomic and lockless ->tail updates.
+	 * See add_event_to_uring() for details of counter layout.
+	 */
+	atomic64_t shadow_cnt;
+
 	/* used to optimize loop detection check */
 	int visited;
 	struct list_head visited_list_link;
@@ -377,6 +404,44 @@ static void ep_nested_calls_init(struct nested_calls *ncalls)
 	spin_lock_init(&ncalls->lock);
 }
 
+static inline unsigned int ep_to_items_length(unsigned int nr)
+{
+	struct epoll_uheader *user_header;
+
+	return PAGE_ALIGN(struct_size(user_header, items, nr));
+}
+
+static inline unsigned int ep_to_index_length(unsigned int nr)
+{
+	struct eventpoll *ep;
+	unsigned int size;
+
+	size = roundup_pow_of_two(nr << ilog2(sizeof(*ep->user_index)));
+	return max_t(typeof(size), size, PAGE_SIZE);
+}
+
+static inline unsigned int ep_to_items_bm_length(unsigned int nr)
+{
+	return PAGE_ALIGN(ALIGN(nr, 8) >> 3);
+}
+
+static inline bool ep_userpoll_supported(void)
+{
+	/*
+	 * These architectures have a single atomic op (something like
+	 * xchg) and others ops are fudged in kernel with a support of
+	 * a spinlock, thus it is impossible to safely share a variable
+	 * with a userspace and expect that this variable will not to
+	 * be corrupted or observed correctly.  The problematic variable
+	 * is ->ready_events, which has to be atomically cleared on
+	 * userspace, but on the kernel side cmpxchg() is called, which
+	 * uses a spinlock as a method of synchronization.
+	 */
+	return !(IS_ENABLED(CONFIG_ARC_PLAT_EZNPS) ||
+		 IS_ENABLED(CONFIG_SPARC32) ||
+		 IS_ENABLED(CONFIG_PARISC));
+}
+
 /**
  * ep_events_available - Checks if ready events might be available.
  *
@@ -832,6 +897,38 @@ static int ep_remove(struct eventpoll *ep, struct epitem *epi)
 	return 0;
 }
 
+static int ep_account_mem(struct eventpoll *ep, struct user_struct *user)
+{
+	unsigned long nr_pages, page_limit, cur_pages, new_pages;
+
+	nr_pages  = ep->header_length >> PAGE_SHIFT;
+	nr_pages += ep->index_length >> PAGE_SHIFT;
+
+	/* Don't allow more pages than we can safely lock */
+	page_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
+
+	do {
+		cur_pages = atomic_long_read(&user->locked_vm);
+		new_pages = cur_pages + nr_pages;
+		if (new_pages > page_limit && !capable(CAP_IPC_LOCK))
+			return -ENOMEM;
+	} while (atomic_long_cmpxchg(&user->locked_vm, cur_pages,
+				     new_pages) != cur_pages);
+
+	return 0;
+}
+
+static void ep_unaccount_mem(struct eventpoll *ep, struct user_struct *user)
+{
+	unsigned long nr_pages;
+
+	nr_pages  = ep->header_length >> PAGE_SHIFT;
+	nr_pages += ep->index_length >> PAGE_SHIFT;
+	if (nr_pages)
+		/* When polled by user */
+		atomic_long_sub(nr_pages, &user->locked_vm);
+}
+
 static void ep_free(struct eventpoll *ep)
 {
 	struct rb_node *rbp;
@@ -879,8 +976,12 @@ static void ep_free(struct eventpoll *ep)
 
 	mutex_unlock(&epmutex);
 	mutex_destroy(&ep->mtx);
-	free_uid(ep->user);
 	wakeup_source_unregister(ep->ws);
+	vfree(ep->user_header);
+	vfree(ep->user_index);
+	vfree(ep->items_bm);
+	ep_unaccount_mem(ep, ep->user);
+	free_uid(ep->user);
 	kfree(ep);
 }
 
@@ -1033,7 +1134,7 @@ void eventpoll_release_file(struct file *file)
 	mutex_unlock(&epmutex);
 }
 
-static int ep_alloc(struct eventpoll **pep)
+static int ep_alloc(struct eventpoll **pep, int flags, size_t max_items)
 {
 	int error;
 	struct user_struct *user;
@@ -1045,6 +1146,44 @@ static int ep_alloc(struct eventpoll **pep)
 	if (unlikely(!ep))
 		goto free_uid;
 
+	if (flags & EPOLL_USERPOLL) {
+		BUILD_BUG_ON(sizeof(*ep->user_header) !=
+			     EPOLL_USERPOLL_HEADER_SIZE);
+		BUILD_BUG_ON(sizeof(ep->user_header->items[0]) != 16);
+
+		error = -EOPNOTSUPP;
+		if (!ep_userpoll_supported())
+			goto free_ep;
+
+		error = -EINVAL;
+		if (!max_items || max_items > EP_USERPOLL_MAX_ITEMS_NR)
+			goto free_ep;
+
+		ep->max_items_nr = max_items;
+		ep->header_length = ep_to_items_length(max_items);
+		ep->index_length = ep_to_index_length(max_items);
+		ep->items_bm_length = ep_to_items_bm_length(max_items);
+
+		error = ep_account_mem(ep, user);
+		if (error)
+			goto free_ep;
+
+		error = -ENOMEM;
+		ep->user_header = vmalloc_user(ep->header_length);
+		ep->user_index = vmalloc_user(ep->index_length);
+		ep->items_bm = vzalloc(ep->items_bm_length);
+		if (!ep->user_header || !ep->user_index || !ep->items_bm)
+			goto unaccount_mem;
+
+		*ep->user_header = (typeof(*ep->user_header)) {
+			.magic         = EPOLL_USERPOLL_HEADER_MAGIC,
+			.header_length = ep->header_length,
+			.index_length  = ep->index_length,
+			.max_items_nr  = ep->max_items_nr,
+		};
+	}
+
+	atomic64_set(&ep->shadow_cnt, 0);
 	mutex_init(&ep->mtx);
 	rwlock_init(&ep->lock);
 	init_waitqueue_head(&ep->wq);
@@ -1058,6 +1197,13 @@ static int ep_alloc(struct eventpoll **pep)
 
 	return 0;
 
+unaccount_mem:
+	ep_unaccount_mem(ep, user);
+	vfree(ep->user_header);
+	vfree(ep->user_index);
+	vfree(ep->items_bm);
+free_ep:
+	kfree(ep);
 free_uid:
 	free_uid(user);
 	return error;
@@ -2062,7 +2208,7 @@ static void clear_tfile_check_list(void)
 /*
  * Open an eventpoll file descriptor.
  */
-static int do_epoll_create(int flags)
+static int do_epoll_create(int flags, size_t size)
 {
 	int error, fd;
 	struct eventpoll *ep = NULL;
@@ -2071,12 +2217,12 @@ static int do_epoll_create(int flags)
 	/* Check the EPOLL_* constant for consistency.  */
 	BUILD_BUG_ON(EPOLL_CLOEXEC != O_CLOEXEC);
 
-	if (flags & ~EPOLL_CLOEXEC)
+	if (flags & ~(EPOLL_CLOEXEC | EPOLL_USERPOLL))
 		return -EINVAL;
 	/*
 	 * Create the internal data structure ("struct eventpoll").
 	 */
-	error = ep_alloc(&ep);
+	error = ep_alloc(&ep, flags, size);
 	if (error < 0)
 		return error;
 	/*
@@ -2107,7 +2253,7 @@ static int do_epoll_create(int flags)
 
 SYSCALL_DEFINE1(epoll_create1, int, flags)
 {
-	return do_epoll_create(flags);
+	return do_epoll_create(flags, 0);
 }
 
 SYSCALL_DEFINE1(epoll_create, int, size)
@@ -2115,7 +2261,7 @@ SYSCALL_DEFINE1(epoll_create, int, size)
 	if (size <= 0)
 		return -EINVAL;
 
-	return do_epoll_create(0);
+	return do_epoll_create(0, 0);
 }
 
 /*
diff --git a/include/uapi/linux/eventpoll.h b/include/uapi/linux/eventpoll.h
index 3317901b19c4..efd58e9177c2 100644
--- a/include/uapi/linux/eventpoll.h
+++ b/include/uapi/linux/eventpoll.h
@@ -20,7 +20,8 @@
 #include <linux/types.h>
 
 /* Flags for epoll_create1.  */
-#define EPOLL_CLOEXEC O_CLOEXEC
+#define EPOLL_CLOEXEC  O_CLOEXEC
+#define EPOLL_USERPOLL 1
 
 /* Valid opcodes to issue to sys_epoll_ctl() */
 #define EPOLL_CTL_ADD 1
-- 
2.21.0