Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3396417pxf; Mon, 22 Mar 2021 05:36:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxU5ZCjc123iaMuBTsQBnBlO7DcMqnkoC6ANmZULK5J8HSIkqU5g1lk0co9+kYat60S3n+q X-Received: by 2002:a17:906:a1c8:: with SMTP id bx8mr18641685ejb.381.1616416583412; Mon, 22 Mar 2021 05:36:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616416583; cv=none; d=google.com; s=arc-20160816; b=FsowIx5g6jTvFS0J202guF7YwGUM6Yzdf4HmEhnjBl4wV5Muf/W6dx/zZH0nlAynX5 LaX2rj3c6o6+8E6QTVc8W9m/xXQZee0D04mQYff4nu/RI4c4eXoExFNPUH60ueXMCHT1 X4DbBHWzvtfCQqlagXQQ7lfG7pU1faz34f7KAJdn7OnLcJXz1G0Pxl2HQQvnI4KXV4Pu f94Hy1OaRRseuTWH03kZhMutHWTR5y9LmTV/UJcQag9seXu9qWH7mKEeuPTbqrJ9vEEn GoXCEzJrI60FI6HmBFIXP+0gZjmoVWENGIog4b5tLhtx3TQU2h6JveQGdFYxs3ZT0bw3 TsYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=0pQyThClwdekEwQVpzao3hxNCs/AM9EWFM/Z6Ek8yQs=; b=xBewmR4eQBZs3sGZ+Xb54ajltUszde2ukITg5f730Yr40B6dNQgBEu5HzE6Qs8KM3F GhkuDh6Lq/ZjzYtspn7gs/Wx9CFea+Ns90Cjl3zhnpIrAQ0PLUvTvamvdYnFk6Ul6x7t cSvlKpT7AqUhB6TylmD9XS2pkMz4v0igwZFJ3TyclX5aY81EkJzFgPAxh7wrh1Fckh3z bf7c1A20ifHcgUTiIgOesc5COfsYXPQF42+BO/es2T6MUzeInmu2oRB1p0SUoL8jlCd0 MQpCT51sWER4TfPsKyeS4IY7hq5bwvze4JiHzxhTnhcVlVTwn1cfKx75NznIgBZeVSkp zdGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nBGjtyYi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bu13si10315411edb.498.2021.03.22.05.36.00; Mon, 22 Mar 2021 05:36:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nBGjtyYi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231596AbhCVMdr (ORCPT + 99 others); Mon, 22 Mar 2021 08:33:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:54698 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231405AbhCVMb6 (ORCPT ); Mon, 22 Mar 2021 08:31:58 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 79203619A0; Mon, 22 Mar 2021 12:31:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1616416309; bh=M+QC5G0V9HXNj4mcKbiKhkpNuj8vw++9JcRtLGNS1D0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nBGjtyYiWdHC4hsDiac/EOGgaaFiPyQyV0RFnGZTTH7lqKRsIleL7TB5vLknH90+W 50sPGvJ0G8u9XRm5MYVdVkkyL2x55lRiGJcS80CqVCqKvPDRM8mkrcZsI10XIuL0FV X4Qw9dwZO75olsCMfbbtN4Jht0J7p7+bGwUx7aXc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+fb5458330b4442f2090d@syzkaller.appspotmail.com, Jens Axboe Subject: [PATCH 5.11 057/120] io_uring: ensure that SQPOLL thread is started for exit Date: Mon, 22 Mar 2021 13:27:20 +0100 Message-Id: <20210322121931.586233426@linuxfoundation.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210322121929.669628946@linuxfoundation.org> References: <20210322121929.669628946@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe commit 3ebba796fa251d042be42b929a2d916ee5c34a49 upstream. If we create it in a disabled state because IORING_SETUP_R_DISABLED is set on ring creation, we need to ensure that we've kicked the thread if we're exiting before it's been explicitly disabled. Otherwise we can run into a deadlock where exit is waiting go park the SQPOLL thread, but the SQPOLL thread itself is waiting to get a signal to start. That results in the below trace of both tasks hung, waiting on each other: INFO: task syz-executor458:8401 blocked for more than 143 seconds. Not tainted 5.11.0-next-20210226-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor458 state:D stack:27536 pid: 8401 ppid: 8400 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4324 [inline] __schedule+0x90c/0x21a0 kernel/sched/core.c:5075 schedule+0xcf/0x270 kernel/sched/core.c:5154 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 io_sq_thread_park fs/io_uring.c:7115 [inline] io_sq_thread_park+0xd5/0x130 fs/io_uring.c:7103 io_uring_cancel_task_requests+0x24c/0xd90 fs/io_uring.c:8745 __io_uring_files_cancel+0x110/0x230 fs/io_uring.c:8840 io_uring_files_cancel include/linux/io_uring.h:47 [inline] do_exit+0x299/0x2a60 kernel/exit.c:780 do_group_exit+0x125/0x310 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x43e899 RSP: 002b:00007ffe89376d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00000000004af2f0 RCX: 000000000043e899 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000010000000 R10: 0000000000008011 R11: 0000000000000246 R12: 00000000004af2f0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 INFO: task iou-sqp-8401:8402 can't die for more than 143 seconds. task:iou-sqp-8401 state:D stack:30272 pid: 8402 ppid: 8400 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4324 [inline] __schedule+0x90c/0x21a0 kernel/sched/core.c:5075 schedule+0xcf/0x270 kernel/sched/core.c:5154 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 io_sq_thread+0x27d/0x1ae0 fs/io_uring.c:6717 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task iou-sqp-8401:8402 blocked for more than 143 seconds. Reported-by: syzbot+fb5458330b4442f2090d@syzkaller.appspotmail.com Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2221,6 +2221,7 @@ static void __io_req_task_submit(struct __io_req_task_cancel(req, -EFAULT); mutex_unlock(&ctx->uring_lock); + ctx->flags &= ~IORING_SETUP_R_DISABLED; if (ctx->flags & IORING_SETUP_SQPOLL) io_sq_thread_drop_mm_files(); } @@ -8965,6 +8966,8 @@ static void io_disable_sqo_submit(struct { mutex_lock(&ctx->uring_lock); ctx->sqo_dead = 1; + if (ctx->flags & IORING_SETUP_R_DISABLED) + io_sq_offload_start(ctx); mutex_unlock(&ctx->uring_lock); /* make sure callers enter the ring to get error */ @@ -9980,10 +9983,7 @@ static int io_register_enable_rings(stru if (ctx->restrictions.registered) ctx->restricted = 1; - ctx->flags &= ~IORING_SETUP_R_DISABLED; - io_sq_offload_start(ctx); - return 0; }