Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp647408pxb; Tue, 2 Feb 2021 14:16:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwmfzCYLJ6tC30YBC09lJWv73ImGxeB5pNISOURWVmyE2pEJxkEUuYNqkpagHDLdozAY0po X-Received: by 2002:a05:6402:1655:: with SMTP id s21mr200694edx.171.1612304204164; Tue, 02 Feb 2021 14:16:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612304204; cv=none; d=google.com; s=arc-20160816; b=IwXgrU5t8V158oJNyG0Gmw+mqrS6pnvuv2UTq+fzMyUyyE0N1g0BIMxgfiJr1u2BZH Cp/gFXQocBvAnfOCmQuLRERMTmlF3MmNIXqlSbQSmqy55xD5ONnP3Q3y2Mcs6zuClIbn 3lw6DVCKjfM35PsK4YDTekRiHG0o4H/dL0l194qASLw5Q+v+qM5YD4ZGyO426Ky36W8H LEMd4ZWYwu0Tr87YvTTI5zCCCb9Bw+vOecaTGEMI8wVo8DiiEcIT0rYoXYgG6YoVcKSZ P8p2sUHU4Nn4knK1pkGU+pUJhgw3Jd8D0fulden8Pltrfp/jX/ar3xPZnRl8Vs+FKkQF OTFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bkhsWJh35HKm1WHQ6kzAfZxG6ktlSvaz/isIEQDDF9k=; b=pKAzysgGybdQrBez+AEfVzXlPeiCzg1vAI2hd2comQOsAmsvFVO41jZLzadkNsrbtN Cy+RmNsE03+oAhFvw3e2paoRoI5hxdR6e3ibJQ2kSX+ux32+A0rbbl8M+PVn3cYuv/gq aiQqgTjykoZ9oEtvZwBTByaXrHkhzJGKC6N2WhgZEI4xPWl3KKaoUDXt2ZlT1fPT6BeR 1PAy6M1XWWRfszQt+q/E6Ox5/QfElhj7QuaTlA3tnlJNQ8JuAVLPm2ZHb7KlxCQu6JMy erkE6j3PWwGBIxF77mWLUp5xzOm+aoIHVLcmez/ULiC2uMwWYIb79aSTzDm21wdB+you 7r3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AAOu8uW8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s12si44324edw.252.2021.02.02.14.16.16; Tue, 02 Feb 2021 14:16:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AAOu8uW8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233425AbhBBN5I (ORCPT + 99 others); Tue, 2 Feb 2021 08:57:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:41122 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232948AbhBBNuD (ORCPT ); Tue, 2 Feb 2021 08:50:03 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7368264FA8; Tue, 2 Feb 2021 13:42:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1612273361; bh=/yZ5ukdPQ4qFx3f9JFWACvXo73LQzZAXJ7pGgjDewPg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AAOu8uW8aGBMNw7PaI2/0hkpNCo5kCexCX7eNWPCjbm4W74dOlbAmy5O6JJanDNk9 DeUziR3oHJCqISm5D9uabUgLgOfmbhdiYkiAZdnc8iVrDWCVQ1NZrI4HK6wnC/2ka4 wWNOCX9XOdWjbF9DqlM+5TqW3ecWHTMUY5lM3s8k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joseph Qi , Pavel Begunkov , Jens Axboe Subject: [PATCH 5.10 047/142] io_uring: fix wqe->lock/completion_lock deadlock Date: Tue, 2 Feb 2021 14:36:50 +0100 Message-Id: <20210202132959.668196463@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210202132957.692094111@linuxfoundation.org> References: <20210202132957.692094111@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pavel Begunkov commit 907d1df30a51cc1a1d25414a00cde0494b83df7b upstream. Joseph reports following deadlock: CPU0: ... io_kill_linked_timeout // &ctx->completion_lock io_commit_cqring __io_queue_deferred __io_queue_async_work io_wq_enqueue io_wqe_enqueue // &wqe->lock CPU1: ... __io_uring_files_cancel io_wq_cancel_cb io_wqe_cancel_pending_work // &wqe->lock io_cancel_task_cb // &ctx->completion_lock Only __io_queue_deferred() calls queue_async_work() while holding ctx->completion_lock, enqueue drained requests via io_req_task_queue() instead. Cc: stable@vger.kernel.org # 5.9+ Reported-by: Joseph Qi Tested-by: Joseph Qi Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -972,6 +972,7 @@ static int io_setup_async_rw(struct io_k const struct iovec *fast_iov, struct iov_iter *iter, bool force); static void io_req_drop_files(struct io_kiocb *req); +static void io_req_task_queue(struct io_kiocb *req); static struct kmem_cache *req_cachep; @@ -1502,18 +1503,11 @@ static void __io_queue_deferred(struct i do { struct io_defer_entry *de = list_first_entry(&ctx->defer_list, struct io_defer_entry, list); - struct io_kiocb *link; if (req_need_defer(de->req, de->seq)) break; list_del_init(&de->list); - /* punt-init is done before queueing for defer */ - link = __io_queue_async_work(de->req); - if (link) { - __io_queue_linked_timeout(link); - /* drop submission reference */ - io_put_req_deferred(link, 1); - } + io_req_task_queue(de->req); kfree(de); } while (!list_empty(&ctx->defer_list)); }