[pve-devel] [PATCH kernel] backport fix for io_uring to prevent kernel panic

Fabian Ebner f.ebner at proxmox.com
Wed Jul 28 10:38:54 CEST 2021 

which could be triggered in some corner cases with (but most likely
not limited to) LVM-backed QEMU guests using io_uring.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---
 ...lock-level-reissue-off-completion-pa.patch | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch

diff --git a/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch
new file mode 100644
index 0000000..ec9ce57
--- /dev/null
+++ b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch
@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner at proxmox.com>
+Date: Wed, 28 Jul 2021 08:55:31 +0200
+Subject: [PATCH] io_uring: don't block level reissue off completion path
+
+Some setups, like SCSI, can throw spurious -EAGAIN off the softirq
+completion path. Normally we expect this to happen inline as part
+of submission, but apparently SCSI has a weird corner case where it
+can happen as part of normal completions.
+
+This should be solved by having the -EAGAIN bubble back up the stack
+as part of submission, but previous attempts at this failed and we're
+not just quite there yet. Instead we currently use REQ_F_REISSUE to
+handle this case.
+
+For now, catch it in io_rw_should_reissue() and prevent a reissue
+from a bogus path.
+
+Upstream mail:
+https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
+
+Originally-by: Jens Axboe <axboe at kernel.dk>
+[backport]
+Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
+---
+ fs/io_uring.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/fs/io_uring.c b/fs/io_uring.c
+index 2b86b413641a..11f615033c70 100644
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -2731,6 +2731,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res)
+ 	if (percpu_ref_is_dying(&req->ctx->refs))
+ 		return false;
+ 
++	/*
++	 * Play it safe and assume not safe to re-import and reissue if we're
++	 * not in the original thread group (or in task context).
++	 */
++	if (!same_thread_group(req->task, current) || !in_task())
++		return false;
++
+ 	lockdep_assert_held(&req->ctx->uring_lock);
+ 
+ 	ret = io_sq_thread_acquire_mm_files(req->ctx, req);
+-- 
+2.30.2
+
-- 
2.30.2

More information about the pve-devel mailing list