• Pavel Begunkov's avatar
    io_uring: fix sleeping under spin in __io_clean_op · 9d5c8190
    Pavel Begunkov authored
    [   27.629441] BUG: sleeping function called from invalid context
    	at fs/file.c:402
    [   27.631317] in_atomic(): 1, irqs_disabled(): 1, non_block: 0,
    	pid: 1012, name: io_wqe_worker-0
    [   27.633220] 1 lock held by io_wqe_worker-0/1012:
    [   27.634286]  #0: ffff888105e26c98 (&ctx->completion_lock)
    	{....}-{2:2}, at: __io_req_complete.part.102+0x30/0x70
    [   27.649249] Call Trace:
    [   27.649874]  dump_stack+0xac/0xe3
    [   27.650666]  ___might_sleep+0x284/0x2c0
    [   27.651566]  put_files_struct+0xb8/0x120
    [   27.652481]  __io_clean_op+0x10c/0x2a0
    [   27.653362]  __io_cqring_fill_event+0x2c1/0x350
    [   27.654399]  __io_req_complete.part.102+0x41/0x70
    [   27.655464]  io_openat2+0x151/0x300
    [   27.656297]  io_issue_sqe+0x6c/0x14e0
    [   27.660991]  io_wq_submit_work+0x7f/0x240
    [   27.662890]  io_worker_handle_work+0x501/0x8a0
    [   27.664836]  io_wqe_worker+0x158/0x520
    [   27.667726]  kthread+0x134/0x180
    [   27.669641]  ret_from_fork+0x1f/0x30
    
    Instead of cleaning files on overflow, return back overflow cancellation
    into io_uring_cancel_files(). Previously it was racy to clean
    REQ_F_OVERFLOW flag, but we got rid of it, and can do it through
    repetitive attempts targeting all matching requests.
    Reported-by: default avatarAbaci <abaci@linux.alibaba.com>
    Reported-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
    Cc: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
    Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
    Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
    9d5c8190
io_uring.c 245 KB