From b7f92bf318ff6dfb0ff11a85c8cd1964275c2c92 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 1 Feb 2021 13:55:28 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	io_uring-fix-wqe-lock-completion_lock-deadlock.patch
---
 ...ix-wqe-lock-completion_lock-deadlock.patch | 72 +++++++++++++++++++
 queue-5.10/series                             |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 queue-5.10/io_uring-fix-wqe-lock-completion_lock-deadlock.patch

diff --git a/queue-5.10/io_uring-fix-wqe-lock-completion_lock-deadlock.patch b/queue-5.10/io_uring-fix-wqe-lock-completion_lock-deadlock.patch
new file mode 100644
index 00000000000..fe5fe7e2819
--- /dev/null
+++ b/queue-5.10/io_uring-fix-wqe-lock-completion_lock-deadlock.patch
@@ -0,0 +1,72 @@
+From 907d1df30a51cc1a1d25414a00cde0494b83df7b Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Tue, 26 Jan 2021 23:35:10 +0000
+Subject: io_uring: fix wqe->lock/completion_lock deadlock
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit 907d1df30a51cc1a1d25414a00cde0494b83df7b upstream.
+
+Joseph reports following deadlock:
+
+CPU0:
+...
+io_kill_linked_timeout  // &ctx->completion_lock
+io_commit_cqring
+__io_queue_deferred
+__io_queue_async_work
+io_wq_enqueue
+io_wqe_enqueue  // &wqe->lock
+
+CPU1:
+...
+__io_uring_files_cancel
+io_wq_cancel_cb
+io_wqe_cancel_pending_work  // &wqe->lock
+io_cancel_task_cb  // &ctx->completion_lock
+
+Only __io_queue_deferred() calls queue_async_work() while holding
+ctx->completion_lock, enqueue drained requests via io_req_task_queue()
+instead.
+
+Cc: stable@vger.kernel.org # 5.9+
+Reported-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Tested-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c |   10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -972,6 +972,7 @@ static int io_setup_async_rw(struct io_k
+ 			     const struct iovec *fast_iov,
+ 			     struct iov_iter *iter, bool force);
+ static void io_req_drop_files(struct io_kiocb *req);
++static void io_req_task_queue(struct io_kiocb *req);
+ 
+ static struct kmem_cache *req_cachep;
+ 
+@@ -1502,18 +1503,11 @@ static void __io_queue_deferred(struct i
+ 	do {
+ 		struct io_defer_entry *de = list_first_entry(&ctx->defer_list,
+ 						struct io_defer_entry, list);
+-		struct io_kiocb *link;
+ 
+ 		if (req_need_defer(de->req, de->seq))
+ 			break;
+ 		list_del_init(&de->list);
+-		/* punt-init is done before queueing for defer */
+-		link = __io_queue_async_work(de->req);
+-		if (link) {
+-			__io_queue_linked_timeout(link);
+-			/* drop submission reference */
+-			io_put_req_deferred(link, 1);
+-		}
++		io_req_task_queue(de->req);
+ 		kfree(de);
+ 	} while (!list_empty(&ctx->defer_list));
+ }
diff --git a/queue-5.10/series b/queue-5.10/series
index c9dbe881254..afdc21069f3 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -44,3 +44,4 @@ kvm-x86-allow-kvm_req_get_nested_state_pages-outside-guest-mode-for-vmx.patch
 kvm-nvmx-sync-unsync-d-vmcs02-state-to-vmcs12-on-migration.patch
 kvm-x86-get-smi-pending-status-correctly.patch
 kvm-forbid-the-use-of-tagged-userspace-addresses-for-memslots.patch
+io_uring-fix-wqe-lock-completion_lock-deadlock.patch
-- 
2.47.3