[PATCH 5.12 361/384] io_uring: fix work_exit sqpoll cancellations

From: Greg Kroah-Hartman
Date: Mon May 10 2021 - 08:41:24 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.12 362/384] io_uring: Check current->io_uring in io_uring_cancel_sqpoll"
Previous message: Greg Kroah-Hartman: "[PATCH 5.12 340/384] ext4: always panic when errors=panic is specified"
In reply to: Greg Kroah-Hartman: "[PATCH 5.12 340/384] ext4: always panic when errors=panic is specified"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.12 362/384] io_uring: Check current->io_uring in io_uring_cancel_sqpoll"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pavel Begunkov <asml.silence@xxxxxxxxx>

commit 28090c133869b461c5366195a856d73469ab87d9 upstream.

After closing an SQPOLL ring, io_ring_exit_work() kicks in and starts
doing cancellations via io_uring_try_cancel_requests(). It will go
through io_uring_try_cancel_iowq(), which uses ctx->tctx_list, but as
SQPOLL task don't have a ctx note, its io-wq won't be reachable and so
is left not cancelled.

It will eventually cancelled when one of the tasks dies, but if a thread
group survives for long and changes rings, it will spawn lots of
unreclaimed resources and live locked works.

Cancel SQPOLL task's io-wq separately in io_ring_exit_work().

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Link: https://lore.kernel.org/r/a71a7fe345135d684025bb529d5cb1d8d6b46e10.1619389911.git.asml.silence@xxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/io_uring.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)

--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8571,6 +8571,13 @@ static void io_tctx_exit_cb(struct callb
complete(&work->completion);
}

+static bool io_cancel_ctx_cb(struct io_wq_work *work, void *data)
+{
+ struct io_kiocb *req = container_of(work, struct io_kiocb, work);
+
+ return req->ctx == data;
+}
+
static void io_ring_exit_work(struct work_struct *work)
{
struct io_ring_ctx *ctx = container_of(work, struct io_ring_ctx, exit_work);
@@ -8587,6 +8594,17 @@ static void io_ring_exit_work(struct wor
*/
do {
io_uring_try_cancel_requests(ctx, NULL, NULL);
+ if (ctx->sq_data) {
+ struct io_sq_data *sqd = ctx->sq_data;
+ struct task_struct *tsk;
+
+ io_sq_thread_park(sqd);
+ tsk = sqd->thread;
+ if (tsk && tsk->io_uring && tsk->io_uring->io_wq)
+ io_wq_cancel_cb(tsk->io_uring->io_wq,
+ io_cancel_ctx_cb, ctx, true);
+ io_sq_thread_unpark(sqd);
+ }

WARN_ON_ONCE(time_after(jiffies, timeout));
} while (!wait_for_completion_timeout(&ctx->ref_comp, HZ/20));
@@ -8731,13 +8749,6 @@ static bool io_cancel_defer_files(struct
return true;
}

-static bool io_cancel_ctx_cb(struct io_wq_work *work, void *data)
-{
- struct io_kiocb *req = container_of(work, struct io_kiocb, work);
-
- return req->ctx == data;
-}
-
static bool io_uring_try_cancel_iowq(struct io_ring_ctx *ctx)
{
struct io_tctx_node *node;

Next message: Greg Kroah-Hartman: "[PATCH 5.12 362/384] io_uring: Check current->io_uring in io_uring_cancel_sqpoll"
Previous message: Greg Kroah-Hartman: "[PATCH 5.12 340/384] ext4: always panic when errors=panic is specified"
In reply to: Greg Kroah-Hartman: "[PATCH 5.12 340/384] ext4: always panic when errors=panic is specified"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.12 362/384] io_uring: Check current->io_uring in io_uring_cancel_sqpoll"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]