From 437b51a73b3fbfe4e5b708316c685060214a21cc Mon Sep 17 00:00:00 2001 From: Fabian Ebner Date: Wed, 28 Jul 2021 10:38:54 +0200 Subject: [PATCH] backport fix for io_uring to prevent kernel panic which could be triggered in some corner cases with (but most likely not limited to) LVM-backed QEMU guests using io_uring. Signed-off-by: Fabian Ebner --- ...lock-level-reissue-off-completion-pa.patch | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch diff --git a/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch new file mode 100644 index 0000000..ec9ce57 --- /dev/null +++ b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fabian Ebner +Date: Wed, 28 Jul 2021 08:55:31 +0200 +Subject: [PATCH] io_uring: don't block level reissue off completion path + +Some setups, like SCSI, can throw spurious -EAGAIN off the softirq +completion path. Normally we expect this to happen inline as part +of submission, but apparently SCSI has a weird corner case where it +can happen as part of normal completions. + +This should be solved by having the -EAGAIN bubble back up the stack +as part of submission, but previous attempts at this failed and we're +not just quite there yet. Instead we currently use REQ_F_REISSUE to +handle this case. + +For now, catch it in io_rw_should_reissue() and prevent a reissue +from a bogus path. + +Upstream mail: +https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u + +Originally-by: Jens Axboe +[backport] +Signed-off-by: Fabian Ebner +--- + fs/io_uring.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index 2b86b413641a..11f615033c70 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -2731,6 +2731,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res) + if (percpu_ref_is_dying(&req->ctx->refs)) + return false; + ++ /* ++ * Play it safe and assume not safe to re-import and reissue if we're ++ * not in the original thread group (or in task context). ++ */ ++ if (!same_thread_group(req->task, current) || !in_task()) ++ return false; ++ + lockdep_assert_held(&req->ctx->uring_lock); + + ret = io_sq_thread_acquire_mm_files(req->ctx, req); +-- +2.30.2 +