Add support for mmapping kernel-managed buffer rings (kmbuf) to userspace, allowing applications to access the kernel-allocated buffers. Similar to application-provided buffer rings (pbuf), kmbuf rings use the buffer group ID encoded in the mmap offset to identify which buffer ring to map. The implementation follows the same pattern as pbuf rings. New mmap offset constants are introduced: - IORING_OFF_KMBUF_RING (0x88000000): Base offset for kmbuf mappings - IORING_OFF_KMBUF_SHIFT (16): Shift value to encode buffer group ID The mmap offset is calculated during registration, encoding the bgid shifted by IORING_OFF_KMBUF_SHIFT. The io_buf_get_region() helper retrieves the appropriate region. This allows userspace to mmap the kernel-allocated buffer region and access the buffers directly. Signed-off-by: Joanne Koong --- include/uapi/linux/io_uring.h | 2 ++ io_uring/kbuf.c | 11 +++++++++-- io_uring/kbuf.h | 5 +++-- io_uring/memmap.c | 5 ++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h index 589755a4e2b4..96e936503ef6 100644 --- a/include/uapi/linux/io_uring.h +++ b/include/uapi/linux/io_uring.h @@ -533,6 +533,8 @@ struct io_uring_cqe { #define IORING_OFF_SQES 0x10000000ULL #define IORING_OFF_PBUF_RING 0x80000000ULL #define IORING_OFF_PBUF_SHIFT 16 +#define IORING_OFF_KMBUF_RING 0x88000000ULL +#define IORING_OFF_KMBUF_SHIFT 16 #define IORING_OFF_MMAP_MASK 0xf8000000ULL /* diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 9dff21783f68..65102aaadd15 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -766,16 +766,23 @@ int io_register_pbuf_status(struct io_ring_ctx *ctx, void __user *arg) return 0; } -struct io_mapped_region *io_pbuf_get_region(struct io_ring_ctx *ctx, - unsigned int bgid) +struct io_mapped_region *io_buf_get_region(struct io_ring_ctx *ctx, + unsigned int bgid, + bool kernel_managed) { struct io_buffer_list *bl; + bool is_kernel_managed; lockdep_assert_held(&ctx->mmap_lock); bl = xa_load(&ctx->io_bl_xa, bgid); if (!bl || !(bl->flags & IOBL_BUF_RING)) return NULL; + + is_kernel_managed = !!(bl->flags & IOBL_KERNEL_MANAGED); + if (is_kernel_managed != kernel_managed) + return NULL; + return &bl->region; } diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index 62c80a1ebf03..11d165888b8e 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -88,8 +88,9 @@ unsigned int __io_put_kbufs(struct io_kiocb *req, struct io_buffer_list *bl, bool io_kbuf_commit(struct io_kiocb *req, struct io_buffer_list *bl, int len, int nr); -struct io_mapped_region *io_pbuf_get_region(struct io_ring_ctx *ctx, - unsigned int bgid); +struct io_mapped_region *io_buf_get_region(struct io_ring_ctx *ctx, + unsigned int bgid, + bool kernel_managed); static inline bool io_kbuf_recycle_ring(struct io_kiocb *req, struct io_buffer_list *bl) diff --git a/io_uring/memmap.c b/io_uring/memmap.c index 4573eed3b072..5b4065a8f183 100644 --- a/io_uring/memmap.c +++ b/io_uring/memmap.c @@ -357,7 +357,10 @@ static struct io_mapped_region *io_mmap_get_region(struct io_ring_ctx *ctx, return &ctx->sq_region; case IORING_OFF_PBUF_RING: id = (offset & ~IORING_OFF_MMAP_MASK) >> IORING_OFF_PBUF_SHIFT; - return io_pbuf_get_region(ctx, id); + return io_buf_get_region(ctx, id, false); + case IORING_OFF_KMBUF_RING: + id = (offset & ~IORING_OFF_MMAP_MASK) >> IORING_OFF_KMBUF_SHIFT; + return io_buf_get_region(ctx, id, true); case IORING_MAP_OFF_PARAM_REGION: return &ctx->param_region; case IORING_MAP_OFF_ZCRX_REGION: -- 2.47.3