[PATCH 5.4 121/135] io_uring: fix __io_iopoll_check deadlock in io_sq_thread

From: Greg Kroah-Hartman
Date: Thu Feb 27 2020 - 09:11:57 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 120/135] arm64: lse: Fix LSE atomics with LLVM"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 119/135] bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 119/135] bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 120/135] arm64: lse: Fix LSE atomics with LLVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiaoguang Wang <xiaoguang.wang@xxxxxxxxxxxxxxxxx>

commit c7849be9cc2dd2754c48ddbaca27c2de6d80a95d upstream.

Since commit a3a0e43fd770 ("io_uring: don't enter poll loop if we have
CQEs pending"), if we already events pending, we won't enter poll loop.
In case SETUP_IOPOLL and SETUP_SQPOLL are both enabled, if app has
been terminated and don't reap pending events which are already in cq
ring, and there are some reqs in poll_list, io_sq_thread will enter
__io_iopoll_check(), and find pending events, then return, this loop
will never have a chance to exit.

I have seen this issue in fio stress tests, to fix this issue, let
io_sq_thread call io_iopoll_getevents() with argument 'min' being zero,
and remove __io_iopoll_check().

Fixes: a3a0e43fd770 ("io_uring: don't enter poll loop if we have CQEs pending")
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@xxxxxxxxxxxxxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/io_uring.c | 27 +++++++++------------------
1 file changed, 9 insertions(+), 18 deletions(-)

--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -882,11 +882,17 @@ static void io_iopoll_reap_events(struct
mutex_unlock(&ctx->uring_lock);
}

-static int __io_iopoll_check(struct io_ring_ctx *ctx, unsigned *nr_events,
- long min)
+static int io_iopoll_check(struct io_ring_ctx *ctx, unsigned *nr_events,
+ long min)
{
int iters = 0, ret = 0;

+ /*
+ * We disallow the app entering submit/complete with polling, but we
+ * still need to lock the ring to prevent racing with polled issue
+ * that got punted to a workqueue.
+ */
+ mutex_lock(&ctx->uring_lock);
do {
int tmin = 0;

@@ -922,21 +928,6 @@ static int __io_iopoll_check(struct io_r
ret = 0;
} while (min && !*nr_events && !need_resched());

- return ret;
-}
-
-static int io_iopoll_check(struct io_ring_ctx *ctx, unsigned *nr_events,
- long min)
-{
- int ret;
-
- /*
- * We disallow the app entering submit/complete with polling, but we
- * still need to lock the ring to prevent racing with polled issue
- * that got punted to a workqueue.
- */
- mutex_lock(&ctx->uring_lock);
- ret = __io_iopoll_check(ctx, nr_events, min);
mutex_unlock(&ctx->uring_lock);
return ret;
}
@@ -2721,7 +2712,7 @@ static int io_sq_thread(void *data)
*/
mutex_lock(&ctx->uring_lock);
if (!list_empty(&ctx->poll_list))
- __io_iopoll_check(ctx, &nr_events, 0);
+ io_iopoll_getevents(ctx, &nr_events, 0);
else
inflight = 0;
mutex_unlock(&ctx->uring_lock);

Next message: Greg Kroah-Hartman: "[PATCH 5.4 120/135] arm64: lse: Fix LSE atomics with LLVM"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 119/135] bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 119/135] bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 120/135] arm64: lse: Fix LSE atomics with LLVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]