From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 15 Jan 2025 09:42:22 +0000 (+0100)
Subject: 6.12-stable patches
X-Git-Tag: v6.1.125~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea96ce2f3f4eebf46638f4e58ba09bfb9e486cfd;p=thirdparty%2Fkernel%2Fstable-queue.git

6.12-stable patches

added patches:
	io_uring-don-t-touch-sqd-thread-off-tw-add.patch
---

diff --git a/queue-6.12/io_uring-don-t-touch-sqd-thread-off-tw-add.patch b/queue-6.12/io_uring-don-t-touch-sqd-thread-off-tw-add.patch
new file mode 100644
index 00000000000..4dd2f1d205b
--- /dev/null
+++ b/queue-6.12/io_uring-don-t-touch-sqd-thread-off-tw-add.patch
@@ -0,0 +1,45 @@
+From bd2703b42decebdcddf76e277ba76b4c4a142d73 Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Fri, 10 Jan 2025 20:36:45 +0000
+Subject: io_uring: don't touch sqd->thread off tw add
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit bd2703b42decebdcddf76e277ba76b4c4a142d73 upstream.
+
+With IORING_SETUP_SQPOLL all requests are created by the SQPOLL task,
+which means that req->task should always match sqd->thread. Since
+accesses to sqd->thread should be separately protected, use req->task
+in io_req_normal_work_add() instead.
+
+Note, in the eyes of io_req_normal_work_add(), the SQPOLL task struct
+is always pinned and alive, and sqd->thread can either be the task or
+NULL. It's only problematic if the compiler decides to reload the value
+after the null check, which is not so likely.
+
+Cc: stable@vger.kernel.org
+Cc: Bui Quang Minh <minhquangbui99@gmail.com>
+Reported-by: lizetao <lizetao1@huawei.com>
+Fixes: 78f9b61bd8e54 ("io_uring: wake SQPOLL task when task_work is added to an empty queue")
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Link: https://lore.kernel.org/r/1cbbe72cf32c45a8fee96026463024cd8564a7d7.1736541357.git.asml.silence@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ io_uring/io_uring.c |    5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/io_uring/io_uring.c
++++ b/io_uring/io_uring.c
+@@ -1244,10 +1244,7 @@ static void io_req_normal_work_add(struc
+ 
+ 	/* SQPOLL doesn't need the task_work added, it'll run it itself */
+ 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+-		struct io_sq_data *sqd = ctx->sq_data;
+-
+-		if (sqd->thread)
+-			__set_notify_signal(sqd->thread);
++		__set_notify_signal(req->task);
+ 		return;
+ 	}
+ 
diff --git a/queue-6.12/series b/queue-6.12/series
index b8ba0a2b936..5dcdfbbeb8e 100644
--- a/queue-6.12/series
+++ b/queue-6.12/series
@@ -184,3 +184,4 @@ drm-xe-oa-uapi-define-and-parse-oa-sync-properties.patch
 drm-xe-oa-add-input-fence-dependencies.patch
 xe-oa-fix-query-mode-of-operation-for-oar-oac.patch
 drm-mediatek-only-touch-disp_reg_ovl_pitch_msb-if-af.patch
+io_uring-don-t-touch-sqd-thread-off-tw-add.patch