From: Greg Kroah-Hartman Date: Mon, 3 Apr 2023 08:22:38 +0000 (+0200) Subject: 6.2-stable patches X-Git-Tag: v4.14.312~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6ba9569ae31623f46391c7dec57a58a828c6737;p=thirdparty%2Fkernel%2Fstable-queue.git 6.2-stable patches added patches: io_uring-fix-poll-netmsg-alloc-caches.patch io_uring-poll-clear-single-double-poll-flags-on-poll-arming.patch io_uring-rsrc-fix-rogue-rsrc-node-grabbing.patch zonefs-do-not-propagate-iomap_dio_rw-enotblk-error-to-user-space.patch --- diff --git a/queue-6.2/io_uring-fix-poll-netmsg-alloc-caches.patch b/queue-6.2/io_uring-fix-poll-netmsg-alloc-caches.patch new file mode 100644 index 00000000000..4c56cf54e32 --- /dev/null +++ b/queue-6.2/io_uring-fix-poll-netmsg-alloc-caches.patch @@ -0,0 +1,33 @@ +From fd30d1cdcc4ff405fc54765edf2e11b03f2ed4f3 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Thu, 30 Mar 2023 06:52:38 -0600 +Subject: io_uring: fix poll/netmsg alloc caches + +From: Pavel Begunkov + +commit fd30d1cdcc4ff405fc54765edf2e11b03f2ed4f3 upstream. + +We increase cache->nr_cached when we free into the cache but don't +decrease when we take from it, so in some time we'll get an empty +cache with cache->nr_cached larger than IO_ALLOC_CACHE_MAX, that fails +io_alloc_cache_put() and effectively disables caching. + +Fixes: 9b797a37c4bd8 ("io_uring: add abstraction around apoll cache") +Cc: stable@vger.kernel.org +Signed-off-by: Pavel Begunkov +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/alloc_cache.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/io_uring/alloc_cache.h ++++ b/io_uring/alloc_cache.h +@@ -27,6 +27,7 @@ static inline struct io_cache_entry *io_ + struct hlist_node *node = cache->list.first; + + hlist_del(node); ++ cache->nr_cached--; + return container_of(node, struct io_cache_entry, node); + } + diff --git a/queue-6.2/io_uring-poll-clear-single-double-poll-flags-on-poll-arming.patch b/queue-6.2/io_uring-poll-clear-single-double-poll-flags-on-poll-arming.patch new file mode 100644 index 00000000000..ae7ccaed87e --- /dev/null +++ b/queue-6.2/io_uring-poll-clear-single-double-poll-flags-on-poll-arming.patch @@ -0,0 +1,38 @@ +From 005308f7bdacf5685ed1a431244a183dbbb9e0e8 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Mon, 27 Mar 2023 19:56:18 -0600 +Subject: io_uring/poll: clear single/double poll flags on poll arming + +From: Jens Axboe + +commit 005308f7bdacf5685ed1a431244a183dbbb9e0e8 upstream. + +Unless we have at least one entry queued, then don't call into +io_poll_remove_entries(). Normally this isn't possible, but if we +retry poll then we can have ->nr_entries cleared again as we're +setting it up. If this happens for a poll retry, then we'll still have +at least REQ_F_SINGLE_POLL set. io_poll_remove_entries() then thinks +it has entries to remove. + +Clear REQ_F_SINGLE_POLL and REQ_F_DOUBLE_POLL unconditionally when +arming a poll request. + +Fixes: c16bda37594f ("io_uring/poll: allow some retries for poll triggering spuriously") +Cc: stable@vger.kernel.org +Reported-by: Pengfei Xu +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/poll.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/io_uring/poll.c ++++ b/io_uring/poll.c +@@ -724,6 +724,7 @@ int io_arm_poll_handler(struct io_kiocb + apoll = io_req_alloc_apoll(req, issue_flags); + if (!apoll) + return IO_APOLL_ABORTED; ++ req->flags &= ~(REQ_F_SINGLE_POLL | REQ_F_DOUBLE_POLL); + req->flags |= REQ_F_POLLED; + ipt.pt._qproc = io_async_queue_proc; + diff --git a/queue-6.2/io_uring-rsrc-fix-rogue-rsrc-node-grabbing.patch b/queue-6.2/io_uring-rsrc-fix-rogue-rsrc-node-grabbing.patch new file mode 100644 index 00000000000..875f786ab96 --- /dev/null +++ b/queue-6.2/io_uring-rsrc-fix-rogue-rsrc-node-grabbing.patch @@ -0,0 +1,46 @@ +From 4ff0b50de8cabba055efe50bbcb7506c41a69835 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 29 Mar 2023 15:03:43 +0100 +Subject: io_uring/rsrc: fix rogue rsrc node grabbing + +From: Pavel Begunkov + +commit 4ff0b50de8cabba055efe50bbcb7506c41a69835 upstream. + +We should not be looking at ctx->rsrc_node and anyhow modifying the node +without holding uring_lock, grabbing references in such a way is not +safe either. + +Cc: stable@vger.kernel.org +Fixes: 5106dd6e74ab6 ("io_uring: propagate issue_flags state down to file assignment") +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/1202ede2d7bb90136e3482b2b84aad9ed483e5d6.1680098433.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/rsrc.h | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +--- a/io_uring/rsrc.h ++++ b/io_uring/rsrc.h +@@ -144,15 +144,13 @@ static inline void io_req_set_rsrc_node( + unsigned int issue_flags) + { + if (!req->rsrc_node) { +- req->rsrc_node = ctx->rsrc_node; ++ io_ring_submit_lock(ctx, issue_flags); + +- if (!(issue_flags & IO_URING_F_UNLOCKED)) { +- lockdep_assert_held(&ctx->uring_lock); ++ lockdep_assert_held(&ctx->uring_lock); + +- io_charge_rsrc_node(ctx); +- } else { +- percpu_ref_get(&req->rsrc_node->refs); +- } ++ req->rsrc_node = ctx->rsrc_node; ++ io_charge_rsrc_node(ctx); ++ io_ring_submit_unlock(ctx, issue_flags); + } + } + diff --git a/queue-6.2/series b/queue-6.2/series index c0624d9b464..a256c45f83a 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -136,3 +136,7 @@ btrfs-fix-deadlock-when-aborting-transaction-during-relocation-with-scrub.patch btrfs-fix-race-between-quota-disable-and-quota-assign-ioctls.patch btrfs-scan-device-in-non-exclusive-mode.patch btrfs-ignore-fiemap-path-cache-when-there-are-multiple-paths-for-a-node.patch +zonefs-do-not-propagate-iomap_dio_rw-enotblk-error-to-user-space.patch +io_uring-poll-clear-single-double-poll-flags-on-poll-arming.patch +io_uring-rsrc-fix-rogue-rsrc-node-grabbing.patch +io_uring-fix-poll-netmsg-alloc-caches.patch diff --git a/queue-6.2/zonefs-do-not-propagate-iomap_dio_rw-enotblk-error-to-user-space.patch b/queue-6.2/zonefs-do-not-propagate-iomap_dio_rw-enotblk-error-to-user-space.patch new file mode 100644 index 00000000000..3b19b9354aa --- /dev/null +++ b/queue-6.2/zonefs-do-not-propagate-iomap_dio_rw-enotblk-error-to-user-space.patch @@ -0,0 +1,56 @@ +From 77af13ba3c7f91d91c377c7e2d122849bbc17128 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Thu, 30 Mar 2023 09:47:58 +0900 +Subject: zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space + +From: Damien Le Moal + +commit 77af13ba3c7f91d91c377c7e2d122849bbc17128 upstream. + +The call to invalidate_inode_pages2_range() in __iomap_dio_rw() may +fail, in which case -ENOTBLK is returned and this error code is +propagated back to user space trhough iomap_dio_rw() -> +zonefs_file_dio_write() return chain. This error code is fairly obscure +and may confuse the user. Avoid this and be consistent with the behavior +of zonefs_file_dio_append() for similar invalidate_inode_pages2_range() +errors by returning -EBUSY to user space when iomap_dio_rw() returns +-ENOTBLK. + +Suggested-by: Christoph Hellwig +Fixes: 8dcc1a9d90c1 ("fs: New zonefs file system") +Cc: stable@vger.kernel.org +Signed-off-by: Damien Le Moal +Reviewed-by: Christoph Hellwig +Reviewed-by: Johannes Thumshirn +Tested-by: Hans Holmberg +Signed-off-by: Greg Kroah-Hartman +--- + fs/zonefs/file.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/fs/zonefs/file.c ++++ b/fs/zonefs/file.c +@@ -567,11 +567,21 @@ static ssize_t zonefs_file_dio_write(str + append = sync; + } + +- if (append) ++ if (append) { + ret = zonefs_file_dio_append(iocb, from); +- else ++ } else { ++ /* ++ * iomap_dio_rw() may return ENOTBLK if there was an issue with ++ * page invalidation. Overwrite that error code with EBUSY to ++ * be consistent with zonefs_file_dio_append() return value for ++ * similar issues. ++ */ + ret = iomap_dio_rw(iocb, from, &zonefs_write_iomap_ops, + &zonefs_write_dio_ops, 0, NULL, 0); ++ if (ret == -ENOTBLK) ++ ret = -EBUSY; ++ } ++ + if (zonefs_zone_is_seq(z) && + (ret > 0 || ret == -EIOCBQUEUED)) { + if (ret > 0)