backport fix for io_uring to prevent kernel panic

which could be triggered in some corner cases with (but most likely
not limited to) LVM-backed QEMU guests using io_uring.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
This commit is contained in:
Fabian Ebner 2021-07-28 10:38:54 +02:00 committed by Thomas Lamprecht
parent 2c3b526416
commit 437b51a73b

View File

@ -0,0 +1,49 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Fabian Ebner <f.ebner@proxmox.com>
Date: Wed, 28 Jul 2021 08:55:31 +0200
Subject: [PATCH] io_uring: don't block level reissue off completion path
Some setups, like SCSI, can throw spurious -EAGAIN off the softirq
completion path. Normally we expect this to happen inline as part
of submission, but apparently SCSI has a weird corner case where it
can happen as part of normal completions.
This should be solved by having the -EAGAIN bubble back up the stack
as part of submission, but previous attempts at this failed and we're
not just quite there yet. Instead we currently use REQ_F_REISSUE to
handle this case.
For now, catch it in io_rw_should_reissue() and prevent a reissue
from a bogus path.
Upstream mail:
https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
Originally-by: Jens Axboe <axboe@kernel.dk>
[backport]
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
fs/io_uring.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 2b86b413641a..11f615033c70 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2731,6 +2731,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res)
if (percpu_ref_is_dying(&req->ctx->refs))
return false;
+ /*
+ * Play it safe and assume not safe to re-import and reissue if we're
+ * not in the original thread group (or in task context).
+ */
+ if (!same_thread_group(req->task, current) || !in_task())
+ return false;
+
lockdep_assert_held(&req->ctx->uring_lock);
ret = io_sq_thread_acquire_mm_files(req->ctx, req);
--
2.30.2