The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
Possible dependencies:
12521a5d5cb7 ("io_uring: fix CQ waiting timeout handling") 35d90f95cfa7 ("io_uring: include task_work run after scheduling in wait for events") 3a08576b96e3 ("io_uring: remove check_cq checking from hot paths") ed29b0b4fd83 ("io_uring: move to separate directory") 155bc9505dbd ("io_uring: return an error when cqe is dropped") 10988a0a67ba ("io_uring: use constants for cq_overflow bitfield") 3e813c902672 ("io_uring: rework io_uring_enter to simplify return value") cef216fc32d7 ("io_uring: explicitly keep a CQE in io_kiocb") b4f20bb4e6d5 ("io_uring: move finish_wait() outside of loop in cqring_wait()") d487b43cd327 ("io_uring: optimise mutex locking for submit+iopoll") 773697b610bf ("io_uring: pre-calculate syscall iopolling decision") f81440d33cc6 ("io_uring: split off IOPOLL argument verifiction") b605a7fabb60 ("io_uring: move poll recycling later in compl flushing") a538be5be328 ("io_uring: optimise io_free_batch_list") c0713540f6d5 ("io_uring: fix leaks on IOPOLL and CQE_SKIP") 323b190ba2de ("io_uring: free iovec if file assignment fails") 7179c3ce3dbf ("io_uring: fix poll error reporting") cce64ef01308 ("io_uring: fix poll file assign deadlock") 82733d168cbd ("io_uring: stop using io_wq_work as an fd placeholder") 2804ecd8d3e3 ("io_uring: move apoll->events cache")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov asml.silence@gmail.com Date: Thu, 5 Jan 2023 10:49:15 +0000 Subject: [PATCH] io_uring: fix CQ waiting timeout handling
Jiffy to ktime CQ waiting conversion broke how we treat timeouts, in particular we rearm it anew every time we get into io_cqring_wait_schedule() without adjusting the timeout. Waiting for 2 CQEs and getting a task_work in the middle may double the timeout value, or even worse in some cases task may wait indefinitely.
Cc: stable@vger.kernel.org Fixes: 228339662b398 ("io_uring: don't convert to jiffies for waiting on timeouts") Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/f7bffddd71b08f28a877d44d37ac953ddb01590d.167291566... Signed-off-by: Jens Axboe axboe@kernel.dk
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 472574192dd6..2ac1cd8d23ea 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2470,7 +2470,7 @@ int io_run_task_work_sig(struct io_ring_ctx *ctx) /* when returns >0, the caller should retry */ static inline int io_cqring_wait_schedule(struct io_ring_ctx *ctx, struct io_wait_queue *iowq, - ktime_t timeout) + ktime_t *timeout) { int ret; unsigned long check_cq; @@ -2488,7 +2488,7 @@ static inline int io_cqring_wait_schedule(struct io_ring_ctx *ctx, if (check_cq & BIT(IO_CHECK_CQ_DROPPED_BIT)) return -EBADR; } - if (!schedule_hrtimeout(&timeout, HRTIMER_MODE_ABS)) + if (!schedule_hrtimeout(timeout, HRTIMER_MODE_ABS)) return -ETIME;
/* @@ -2564,7 +2564,7 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, } prepare_to_wait_exclusive(&ctx->cq_wait, &iowq.wq, TASK_INTERRUPTIBLE); - ret = io_cqring_wait_schedule(ctx, &iowq, timeout); + ret = io_cqring_wait_schedule(ctx, &iowq, &timeout); if (__io_cqring_events_user(ctx) >= min_events) break; cond_resched();