Re: [PATCH] io_uring: make overflowing cqe subject to OOM

public inbox for io-uring@vger.kernel.org
 help / color / mirror / Atom feed

From: Jens Axboe <axboe@kernel.dk>
To: Alexandre Negrel <alexandre@negrel.dev>,
	io-uring@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] io_uring: make overflowing cqe subject to OOM
Date: Mon, 29 Dec 2025 17:23:49 -0700	[thread overview]
Message-ID: <a8a832b9-bfa6-4c1e-bdcc-a89467add5d1@kernel.dk> (raw)
In-Reply-To: <20251229201933.515797-1-alexandre@negrel.dev>

On 12/29/25 1:19 PM, Alexandre Negrel wrote:
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 6cb24cdf8e68..5ff1a13fed1c 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -545,31 +545,12 @@ void __io_commit_cqring_flush(struct io_ring_ctx *ctx)
>  		io_eventfd_signal(ctx, true);
>  }
>  
> -static inline void __io_cq_lock(struct io_ring_ctx *ctx)
> -{
> -	if (!ctx->lockless_cq)
> -		spin_lock(&ctx->completion_lock);
> -}
> -
>  static inline void io_cq_lock(struct io_ring_ctx *ctx)
>  	__acquires(ctx->completion_lock)
>  {
>  	spin_lock(&ctx->completion_lock);
>  }
>  
> -static inline void __io_cq_unlock_post(struct io_ring_ctx *ctx)
> -{
> -	io_commit_cqring(ctx);
> -	if (!ctx->task_complete) {
> -		if (!ctx->lockless_cq)
> -			spin_unlock(&ctx->completion_lock);
> -		/* IOPOLL rings only need to wake up if it's also SQPOLL */
> -		if (!ctx->syscall_iopoll)
> -			io_cqring_wake(ctx);
> -	}
> -	io_commit_cqring_flush(ctx);
> -}
> -
>  static void io_cq_unlock_post(struct io_ring_ctx *ctx)
>  	__releases(ctx->completion_lock)
>  {
> @@ -1513,7 +1494,6 @@ void __io_submit_flush_completions(struct io_ring_ctx *ctx)
>  	struct io_submit_state *state = &ctx->submit_state;
>  	struct io_wq_work_node *node;
>  
> -	__io_cq_lock(ctx);
>  	__wq_list_for_each(node, &state->compl_reqs) {
>  		struct io_kiocb *req = container_of(node, struct io_kiocb,
>  					    comp_list);
> @@ -1525,13 +1505,17 @@ void __io_submit_flush_completions(struct io_ring_ctx *ctx)
>  		 */
>  		if (!(req->flags & (REQ_F_CQE_SKIP | REQ_F_REISSUE)) &&
>  		    unlikely(!io_fill_cqe_req(ctx, req))) {
> -			if (ctx->lockless_cq)
> -				io_cqe_overflow(ctx, &req->cqe, &req->big_cqe);
> -			else
> -				io_cqe_overflow_locked(ctx, &req->cqe, &req->big_cqe);
> +			io_cqe_overflow(ctx, &req->cqe, &req->big_cqe);
>  		}
>  	}
> -	__io_cq_unlock_post(ctx);
> +
> +	io_commit_cqring(ctx);
> +	if (!ctx->task_complete) {
> +		/* IOPOLL rings only need to wake up if it's also SQPOLL */
> +		if (!ctx->syscall_iopoll)
> +			io_cqring_wake(ctx);
> +	}
> +	io_commit_cqring_flush(ctx);
>  
>  	if (!wq_list_empty(&state->compl_reqs)) {
>  		io_free_batch_list(ctx, state->compl_reqs.first);

You seem to just remove the lock around posting CQEs, and hence then it
can use GFP_KERNEL? That's very broken... I'm assuming the issue here is
that memcg will look at __GFP_HIGH somehow and allow it to proceed?
Surely that should not stop OOM, just defer it?

In any case, then below should then do the same. Can you test?

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 6cb24cdf8e68..709943fedaf4 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -864,7 +864,7 @@ static __cold bool io_cqe_overflow_locked(struct io_ring_ctx *ctx,
 {
 	struct io_overflow_cqe *ocqe;
 
-	ocqe = io_alloc_ocqe(ctx, cqe, big_cqe, GFP_ATOMIC);
+	ocqe = io_alloc_ocqe(ctx, cqe, big_cqe, GFP_NOWAIT);
 	return io_cqring_add_overflow(ctx, ocqe);
 }
 

-- 
Jens Axboe

next prev parent reply	other threads:[~2025-12-30  0:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-29 20:19 [PATCH] io_uring: make overflowing cqe subject to OOM Alexandre Negrel
2025-12-30  0:23 ` Jens Axboe [this message]
2025-12-30 14:50   ` Alexandre Negrel
2025-12-30 16:01     ` Jens Axboe
2025-12-30  7:15 ` [syzbot ci] " syzbot ci

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6cb24cdf8e6 dfblob:709943fedaf )
 OR (
bs:"Re: [PATCH] io_uring: make overflowing cqe subject to OOM" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a8a832b9-bfa6-4c1e-bdcc-a89467add5d1@kernel.dk \
    --to=axboe@kernel.dk \
    --cc=alexandre@negrel.dev \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox