* [PATCH 0/2] io_uring: fix locking in __io_run_local_work
@ 2022-10-27 14:44 Dylan Yudaken
2022-10-27 14:44 ` [PATCH 1/2] io_uring: use io_run_local_work_locked helper Dylan Yudaken
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Dylan Yudaken @ 2022-10-27 14:44 UTC (permalink / raw)
To: Jens Axboe, Pavel Begunkov; +Cc: io-uring, kernel-team, Dylan Yudaken
If locked was not set in __io_run_local_work, but some task work managed
to lock the context, it would leave things locked indefinitely. Fix that
by passing the pointer in.
Patch 1 is a tiny cleanup to simplify things
Patch 2 is the fix
Dylan Yudaken (2):
io_uring: use io_run_local_work_locked helper
io_uring: unlock if __io_run_local_work locked inside
io_uring/io_uring.c | 11 +++++------
io_uring/io_uring.h | 12 ++++++++++--
2 files changed, 15 insertions(+), 8 deletions(-)
base-commit: 247f34f7b80357943234f93f247a1ae6b6c3a740
--
2.30.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] io_uring: use io_run_local_work_locked helper
2022-10-27 14:44 [PATCH 0/2] io_uring: fix locking in __io_run_local_work Dylan Yudaken
@ 2022-10-27 14:44 ` Dylan Yudaken
2022-10-27 14:44 ` [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside Dylan Yudaken
2022-10-27 15:52 ` [PATCH 0/2] io_uring: fix locking in __io_run_local_work Jens Axboe
2 siblings, 0 replies; 7+ messages in thread
From: Dylan Yudaken @ 2022-10-27 14:44 UTC (permalink / raw)
To: Jens Axboe, Pavel Begunkov; +Cc: io-uring, kernel-team, Dylan Yudaken
prefer to use io_run_local_work_locked helper for consistency
Signed-off-by: Dylan Yudaken <[email protected]>
---
io_uring/io_uring.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 6cc16e39b27f..8a0ce7379e89 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1446,8 +1446,7 @@ static int io_iopoll_check(struct io_ring_ctx *ctx, long min)
io_task_work_pending(ctx)) {
u32 tail = ctx->cached_cq_tail;
- if (!llist_empty(&ctx->work_llist))
- __io_run_local_work(ctx, true);
+ (void) io_run_local_work_locked(ctx);
if (task_work_pending(current) ||
wq_list_empty(&ctx->iopoll_list)) {
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside
2022-10-27 14:44 [PATCH 0/2] io_uring: fix locking in __io_run_local_work Dylan Yudaken
2022-10-27 14:44 ` [PATCH 1/2] io_uring: use io_run_local_work_locked helper Dylan Yudaken
@ 2022-10-27 14:44 ` Dylan Yudaken
2022-10-27 15:38 ` Jens Axboe
2022-10-27 15:52 ` [PATCH 0/2] io_uring: fix locking in __io_run_local_work Jens Axboe
2 siblings, 1 reply; 7+ messages in thread
From: Dylan Yudaken @ 2022-10-27 14:44 UTC (permalink / raw)
To: Jens Axboe, Pavel Begunkov; +Cc: io-uring, kernel-team, Dylan Yudaken
It is possible for tw to lock the ring, and this was not propogated out to
io_run_local_work. This can cause an unlock to be missed.
Instead pass a pointer to locked into __io_run_local_work.
Fixes: 8ac5d85a89b4 ("io_uring: add local task_work run helper that is entered locked")
Signed-off-by: Dylan Yudaken <[email protected]>
---
io_uring/io_uring.c | 8 ++++----
io_uring/io_uring.h | 12 ++++++++++--
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 8a0ce7379e89..ac8c488e3077 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1173,7 +1173,7 @@ static void __cold io_move_task_work_from_local(struct io_ring_ctx *ctx)
}
}
-int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
+int __io_run_local_work(struct io_ring_ctx *ctx, bool *locked)
{
struct llist_node *node;
struct llist_node fake;
@@ -1192,7 +1192,7 @@ int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
struct io_kiocb *req = container_of(node, struct io_kiocb,
io_task_work.node);
prefetch(container_of(next, struct io_kiocb, io_task_work.node));
- req->io_task_work.func(req, &locked);
+ req->io_task_work.func(req, locked);
ret++;
node = next;
}
@@ -1208,7 +1208,7 @@ int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
goto again;
}
- if (locked)
+ if (*locked)
io_submit_flush_completions(ctx);
trace_io_uring_local_work_run(ctx, ret, loops);
return ret;
@@ -1225,7 +1225,7 @@ int io_run_local_work(struct io_ring_ctx *ctx)
__set_current_state(TASK_RUNNING);
locked = mutex_trylock(&ctx->uring_lock);
- ret = __io_run_local_work(ctx, locked);
+ ret = __io_run_local_work(ctx, &locked);
if (locked)
mutex_unlock(&ctx->uring_lock);
diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h
index ef77d2aa3172..331ec2869212 100644
--- a/io_uring/io_uring.h
+++ b/io_uring/io_uring.h
@@ -27,7 +27,7 @@ enum {
struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx, bool overflow);
bool io_req_cqe_overflow(struct io_kiocb *req);
int io_run_task_work_sig(struct io_ring_ctx *ctx);
-int __io_run_local_work(struct io_ring_ctx *ctx, bool locked);
+int __io_run_local_work(struct io_ring_ctx *ctx, bool *locked);
int io_run_local_work(struct io_ring_ctx *ctx);
void io_req_complete_failed(struct io_kiocb *req, s32 res);
void __io_req_complete(struct io_kiocb *req, unsigned issue_flags);
@@ -277,9 +277,17 @@ static inline int io_run_task_work_ctx(struct io_ring_ctx *ctx)
static inline int io_run_local_work_locked(struct io_ring_ctx *ctx)
{
+ bool locked;
+ int ret;
+
if (llist_empty(&ctx->work_llist))
return 0;
- return __io_run_local_work(ctx, true);
+
+ locked = true;
+ ret = __io_run_local_work(ctx, &locked);
+ if (WARN_ON(!locked))
+ mutex_lock(&ctx->uring_lock);
+ return ret;
}
static inline void io_tw_lock(struct io_ring_ctx *ctx, bool *locked)
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside
2022-10-27 14:44 ` [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside Dylan Yudaken
@ 2022-10-27 15:38 ` Jens Axboe
2022-10-27 15:50 ` Dylan Yudaken
0 siblings, 1 reply; 7+ messages in thread
From: Jens Axboe @ 2022-10-27 15:38 UTC (permalink / raw)
To: Dylan Yudaken, Pavel Begunkov; +Cc: io-uring, kernel-team
On 10/27/22 8:44 AM, Dylan Yudaken wrote:
> It is possible for tw to lock the ring, and this was not propogated out to
> io_run_local_work. This can cause an unlock to be missed.
>
> Instead pass a pointer to locked into __io_run_local_work.
>
> Fixes: 8ac5d85a89b4 ("io_uring: add local task_work run helper that is entered locked")
> Signed-off-by: Dylan Yudaken <[email protected]>
> ---
> io_uring/io_uring.c | 8 ++++----
> io_uring/io_uring.h | 12 ++++++++++--
> 2 files changed, 14 insertions(+), 6 deletions(-)
>
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 8a0ce7379e89..ac8c488e3077 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -1173,7 +1173,7 @@ static void __cold io_move_task_work_from_local(struct io_ring_ctx *ctx)
> }
> }
>
> -int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
> +int __io_run_local_work(struct io_ring_ctx *ctx, bool *locked)
> {
> struct llist_node *node;
> struct llist_node fake;
> @@ -1192,7 +1192,7 @@ int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
> struct io_kiocb *req = container_of(node, struct io_kiocb,
> io_task_work.node);
> prefetch(container_of(next, struct io_kiocb, io_task_work.node));
> - req->io_task_work.func(req, &locked);
> + req->io_task_work.func(req, locked);
> ret++;
> node = next;
> }
> @@ -1208,7 +1208,7 @@ int __io_run_local_work(struct io_ring_ctx *ctx, bool locked)
> goto again;
> }
>
> - if (locked)
> + if (*locked)
> io_submit_flush_completions(ctx);
> trace_io_uring_local_work_run(ctx, ret, loops);
> return ret;
> @@ -1225,7 +1225,7 @@ int io_run_local_work(struct io_ring_ctx *ctx)
>
> __set_current_state(TASK_RUNNING);
> locked = mutex_trylock(&ctx->uring_lock);
> - ret = __io_run_local_work(ctx, locked);
> + ret = __io_run_local_work(ctx, &locked);
> if (locked)
> mutex_unlock(&ctx->uring_lock);
>
> diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h
> index ef77d2aa3172..331ec2869212 100644
> --- a/io_uring/io_uring.h
> +++ b/io_uring/io_uring.h
> @@ -27,7 +27,7 @@ enum {
> struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx, bool overflow);
> bool io_req_cqe_overflow(struct io_kiocb *req);
> int io_run_task_work_sig(struct io_ring_ctx *ctx);
> -int __io_run_local_work(struct io_ring_ctx *ctx, bool locked);
> +int __io_run_local_work(struct io_ring_ctx *ctx, bool *locked);
> int io_run_local_work(struct io_ring_ctx *ctx);
> void io_req_complete_failed(struct io_kiocb *req, s32 res);
> void __io_req_complete(struct io_kiocb *req, unsigned issue_flags);
> @@ -277,9 +277,17 @@ static inline int io_run_task_work_ctx(struct io_ring_ctx *ctx)
>
> static inline int io_run_local_work_locked(struct io_ring_ctx *ctx)
> {
> + bool locked;
> + int ret;
> +
> if (llist_empty(&ctx->work_llist))
> return 0;
> - return __io_run_local_work(ctx, true);
> +
> + locked = true;
> + ret = __io_run_local_work(ctx, &locked);
> + if (WARN_ON(!locked))
> + mutex_lock(&ctx->uring_lock);
> + return ret;
> }
If you think warning on !locked is a good idea, it should be a
WARN_ON_ONCE(). Or is this leftover debugging?
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside
2022-10-27 15:38 ` Jens Axboe
@ 2022-10-27 15:50 ` Dylan Yudaken
0 siblings, 0 replies; 7+ messages in thread
From: Dylan Yudaken @ 2022-10-27 15:50 UTC (permalink / raw)
To: Dylan Yudaken, [email protected], [email protected]
Cc: Kernel Team, [email protected]
On Thu, 2022-10-27 at 09:38 -0600, Jens Axboe wrote:
> On 10/27/22 8:44 AM, Dylan Yudaken wrote:
> > It is possible for tw to lock the ring, and this was not propogated
> > out to
> > io_run_local_work. This can cause an unlock to be missed.
> >
> > Instead pass a pointer to locked into __io_run_local_work.
> >
> > Fixes: 8ac5d85a89b4 ("io_uring: add local task_work run helper that
> > is entered locked")
> > Signed-off-by: Dylan Yudaken <[email protected]>
> > ---
> >
> > + if (WARN_ON(!locked))
> > + mutex_lock(&ctx->uring_lock);
> > + return ret;
> > }
>
> If you think warning on !locked is a good idea, it should be a
> WARN_ON_ONCE(). Or is this leftover debugging?
>
It's not leftover. Basically it should not be (afaik) that tw will
unlock the mutex, but I didn't want to leave a dangling unlocked mutex.
Maybe that is being too conservative and we can just kill both lines -
we never used to check for this.
Happy for either way
Dylan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] io_uring: fix locking in __io_run_local_work
2022-10-27 14:44 [PATCH 0/2] io_uring: fix locking in __io_run_local_work Dylan Yudaken
2022-10-27 14:44 ` [PATCH 1/2] io_uring: use io_run_local_work_locked helper Dylan Yudaken
2022-10-27 14:44 ` [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside Dylan Yudaken
@ 2022-10-27 15:52 ` Jens Axboe
2022-10-27 15:57 ` Jens Axboe
2 siblings, 1 reply; 7+ messages in thread
From: Jens Axboe @ 2022-10-27 15:52 UTC (permalink / raw)
To: Pavel Begunkov, Dylan Yudaken; +Cc: kernel-team, io-uring
On Thu, 27 Oct 2022 07:44:27 -0700, Dylan Yudaken wrote:
> If locked was not set in __io_run_local_work, but some task work managed
> to lock the context, it would leave things locked indefinitely. Fix that
> by passing the pointer in.
>
> Patch 1 is a tiny cleanup to simplify things
> Patch 2 is the fix
>
> [...]
Applied, thanks!
[1/2] io_uring: use io_run_local_work_locked helper
commit: 8de11cdc96bf58b324c59a28512eb9513fd02553
[2/2] io_uring: unlock if __io_run_local_work locked inside
commit: b3026767e15b488860d4bbf1649d69612bab2c25
Best regards,
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] io_uring: fix locking in __io_run_local_work
2022-10-27 15:52 ` [PATCH 0/2] io_uring: fix locking in __io_run_local_work Jens Axboe
@ 2022-10-27 15:57 ` Jens Axboe
0 siblings, 0 replies; 7+ messages in thread
From: Jens Axboe @ 2022-10-27 15:57 UTC (permalink / raw)
To: Pavel Begunkov, Dylan Yudaken; +Cc: kernel-team, io-uring
On 10/27/22 9:52 AM, Jens Axboe wrote:
> On Thu, 27 Oct 2022 07:44:27 -0700, Dylan Yudaken wrote:
>> If locked was not set in __io_run_local_work, but some task work managed
>> to lock the context, it would leave things locked indefinitely. Fix that
>> by passing the pointer in.
>>
>> Patch 1 is a tiny cleanup to simplify things
>> Patch 2 is the fix
>>
>> [...]
>
> Applied, thanks!
>
> [1/2] io_uring: use io_run_local_work_locked helper
> commit: 8de11cdc96bf58b324c59a28512eb9513fd02553
> [2/2] io_uring: unlock if __io_run_local_work locked inside
> commit: b3026767e15b488860d4bbf1649d69612bab2c25
I made the WARN_ON() -> WARN_ON_ONCE() edit and added a small
comment as well, while applying.
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-27 15:57 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-27 14:44 [PATCH 0/2] io_uring: fix locking in __io_run_local_work Dylan Yudaken
2022-10-27 14:44 ` [PATCH 1/2] io_uring: use io_run_local_work_locked helper Dylan Yudaken
2022-10-27 14:44 ` [PATCH 2/2] io_uring: unlock if __io_run_local_work locked inside Dylan Yudaken
2022-10-27 15:38 ` Jens Axboe
2022-10-27 15:50 ` Dylan Yudaken
2022-10-27 15:52 ` [PATCH 0/2] io_uring: fix locking in __io_run_local_work Jens Axboe
2022-10-27 15:57 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox