Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.6 10/47] io_uring: initialize ctx->sqo_wait earlier
[not found] <20200528115600.1405808-1-sashal@kernel.org>
@ 2020-05-28 11:55 ` Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 11/47] io_uring: don't prepare DRAIN reqs twice Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-05-28 11:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Jens Axboe, syzbot+8c91f5d054e998721c57, Sasha Levin, linux-fsdevel
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit 583863ed918136412ddf14de2e12534f17cfdc6f ]
Ensure that ctx->sqo_wait is initialized as soon as the ctx is allocated,
instead of deferring it to the offload setup. This fixes a syzbot
reported lockdep complaint, which is really due to trying to wake_up
on an uninitialized wait queue:
RSP: 002b:00007fffb1fb9aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441319
RDX: 0000000000000001 RSI: 0000000020000140 RDI: 000000000000047b
RBP: 0000000000010475 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402260
R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 1 PID: 7090 Comm: syz-executor222 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
assign_lock_key kernel/locking/lockdep.c:913 [inline]
register_lock_class+0x1664/0x1760 kernel/locking/lockdep.c:1225
__lock_acquire+0x104/0x4c50 kernel/locking/lockdep.c:4234
lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xbf kernel/locking/spinlock.c:159
__wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:122
io_cqring_ev_posted+0xa5/0x1e0 fs/io_uring.c:1160
io_poll_remove_all fs/io_uring.c:4357 [inline]
io_ring_ctx_wait_and_kill+0x2bc/0x5a0 fs/io_uring.c:7305
io_uring_create fs/io_uring.c:7843 [inline]
io_uring_setup+0x115e/0x22b0 fs/io_uring.c:7870
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x441319
Code: e8 5c ae 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fffb1fb9aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
Reported-by: syzbot+8c91f5d054e998721c57@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 832e042531bc..8bdf2629f7fd 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -822,6 +822,7 @@ static struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
goto err;
ctx->flags = p->flags;
+ init_waitqueue_head(&ctx->sqo_wait);
init_waitqueue_head(&ctx->cq_wait);
INIT_LIST_HEAD(&ctx->cq_overflow_list);
init_completion(&ctx->completions[0]);
@@ -6004,7 +6005,6 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
{
int ret;
- init_waitqueue_head(&ctx->sqo_wait);
mmgrab(current->mm);
ctx->sqo_mm = current->mm;
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.6 11/47] io_uring: don't prepare DRAIN reqs twice
[not found] <20200528115600.1405808-1-sashal@kernel.org>
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 10/47] io_uring: initialize ctx->sqo_wait earlier Sasha Levin
@ 2020-05-28 11:55 ` Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 12/47] io_uring: fix FORCE_ASYNC req preparation Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 20/47] io_uring: reset -EBUSY error when io sq thread is waken up Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-05-28 11:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Pavel Begunkov, Jens Axboe, Sasha Levin, linux-fsdevel
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit 650b548129b60b0d23508351800108196f4aa89f ]
If req->io is not NULL, it's already prepared. Don't do it again,
it's dangerous.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8bdf2629f7fd..aa800f70c55e 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -4262,12 +4262,13 @@ static int io_req_defer(struct io_kiocb *req, const struct io_uring_sqe *sqe)
if (!req_need_defer(req) && list_empty_careful(&ctx->defer_list))
return 0;
- if (!req->io && io_alloc_async_ctx(req))
- return -EAGAIN;
-
- ret = io_req_defer_prep(req, sqe);
- if (ret < 0)
- return ret;
+ if (!req->io) {
+ if (io_alloc_async_ctx(req))
+ return -EAGAIN;
+ ret = io_req_defer_prep(req, sqe);
+ if (ret < 0)
+ return ret;
+ }
spin_lock_irq(&ctx->completion_lock);
if (!req_need_defer(req) && list_empty(&ctx->defer_list)) {
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.6 12/47] io_uring: fix FORCE_ASYNC req preparation
[not found] <20200528115600.1405808-1-sashal@kernel.org>
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 10/47] io_uring: initialize ctx->sqo_wait earlier Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 11/47] io_uring: don't prepare DRAIN reqs twice Sasha Levin
@ 2020-05-28 11:55 ` Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 20/47] io_uring: reset -EBUSY error when io sq thread is waken up Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-05-28 11:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Pavel Begunkov, Jens Axboe, Sasha Levin, linux-fsdevel
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit bd2ab18a1d6267446eae1b47dd839050452bdf7f ]
As for other not inlined requests, alloc req->io for FORCE_ASYNC reqs,
so they can be prepared properly.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index aa800f70c55e..504484dc33e4 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -4823,9 +4823,15 @@ fail_req:
io_double_put_req(req);
}
} else if (req->flags & REQ_F_FORCE_ASYNC) {
- ret = io_req_defer_prep(req, sqe);
- if (unlikely(ret < 0))
- goto fail_req;
+ if (!req->io) {
+ ret = -EAGAIN;
+ if (io_alloc_async_ctx(req))
+ goto fail_req;
+ ret = io_req_defer_prep(req, sqe);
+ if (unlikely(ret < 0))
+ goto fail_req;
+ }
+
/*
* Never try inline submit of IOSQE_ASYNC is set, go straight
* to async execution.
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.6 20/47] io_uring: reset -EBUSY error when io sq thread is waken up
[not found] <20200528115600.1405808-1-sashal@kernel.org>
` (2 preceding siblings ...)
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 12/47] io_uring: fix FORCE_ASYNC req preparation Sasha Levin
@ 2020-05-28 11:55 ` Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-05-28 11:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xiaoguang Wang, Jens Axboe, Sasha Levin, linux-fsdevel
From: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
[ Upstream commit d4ae271dfaae2a5f41c015f2f20d62a1deeec734 ]
In io_sq_thread(), currently if we get an -EBUSY error and go to sleep,
we will won't clear it again, which will result in io_sq_thread() will
never have a chance to submit sqes again. Below test program test.c
can reveal this bug:
int main(int argc, char *argv[])
{
struct io_uring ring;
int i, fd, ret;
struct io_uring_sqe *sqe;
struct io_uring_cqe *cqe;
struct iovec *iovecs;
void *buf;
struct io_uring_params p;
if (argc < 2) {
printf("%s: file\n", argv[0]);
return 1;
}
memset(&p, 0, sizeof(p));
p.flags = IORING_SETUP_SQPOLL;
ret = io_uring_queue_init_params(4, &ring, &p);
if (ret < 0) {
fprintf(stderr, "queue_init: %s\n", strerror(-ret));
return 1;
}
fd = open(argv[1], O_RDONLY | O_DIRECT);
if (fd < 0) {
perror("open");
return 1;
}
iovecs = calloc(10, sizeof(struct iovec));
for (i = 0; i < 10; i++) {
if (posix_memalign(&buf, 4096, 4096))
return 1;
iovecs[i].iov_base = buf;
iovecs[i].iov_len = 4096;
}
ret = io_uring_register_files(&ring, &fd, 1);
if (ret < 0) {
fprintf(stderr, "%s: register %d\n", __FUNCTION__, ret);
return ret;
}
for (i = 0; i < 10; i++) {
sqe = io_uring_get_sqe(&ring);
if (!sqe)
break;
io_uring_prep_readv(sqe, 0, &iovecs[i], 1, 0);
sqe->flags |= IOSQE_FIXED_FILE;
ret = io_uring_submit(&ring);
sleep(1);
printf("submit %d\n", i);
}
for (i = 0; i < 10; i++) {
io_uring_wait_cqe(&ring, &cqe);
printf("receive: %d\n", i);
if (cqe->res != 4096) {
fprintf(stderr, "ret=%d, wanted 4096\n", cqe->res);
ret = 1;
}
io_uring_cqe_seen(&ring, cqe);
}
close(fd);
io_uring_queue_exit(&ring);
return 0;
}
sudo ./test testfile
above command will hang on the tenth request, to fix this bug, when io
sq_thread is waken up, we reset the variable 'ret' to be zero.
Suggested-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 504484dc33e4..c6e1f76a6ee0 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -5224,6 +5224,7 @@ static int io_sq_thread(void *data)
finish_wait(&ctx->sqo_wait, &wait);
ctx->rings->sq_flags &= ~IORING_SQ_NEED_WAKEUP;
+ ret = 0;
continue;
}
finish_wait(&ctx->sqo_wait, &wait);
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-28 12:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200528115600.1405808-1-sashal@kernel.org>
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 10/47] io_uring: initialize ctx->sqo_wait earlier Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 11/47] io_uring: don't prepare DRAIN reqs twice Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 12/47] io_uring: fix FORCE_ASYNC req preparation Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 20/47] io_uring: reset -EBUSY error when io sq thread is waken up Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).