From: Greg Kroah-Hartman Date: Mon, 17 Jun 2024 09:03:47 +0000 (+0200) Subject: 6.9-stable patches X-Git-Tag: v6.1.95~135 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=54fbeb33063399d675da5e5fcbee265d915fb7ef;p=thirdparty%2Fkernel%2Fstable-queue.git 6.9-stable patches added patches: io_uring-fix-cancellation-overwriting-req-flags.patch io_uring-rsrc-don-t-lock-while-task_running.patch --- diff --git a/queue-6.9/.editorconfig-remove-trim_trailing_whitespace-option.patch b/queue-6.9/.editorconfig-remove-trim_trailing_whitespace-option.patch new file mode 100644 index 00000000000..fb3a2bb2a47 --- /dev/null +++ b/queue-6.9/.editorconfig-remove-trim_trailing_whitespace-option.patch @@ -0,0 +1,61 @@ +From 7da9dfdd5a3dbfd3d2450d9c6a3d1d699d625c43 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 11 Jun 2024 09:27:38 +0200 +Subject: .editorconfig: remove trim_trailing_whitespace option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Greg Kroah-Hartman + +commit 7da9dfdd5a3dbfd3d2450d9c6a3d1d699d625c43 upstream. + +Some editors (like the vim variants), when seeing "trim_whitespace" +decide to do just that for all of the whitespace in the file you are +saving, even if it is not on a line that you have modified. This plays +havoc with diffs and is NOT something that should be intended. + +As the "only trim whitespace on modified lines" is not part of the +editorconfig standard yet, just delete these lines from the +.editorconfig file so that we don't end up with diffs that are +automatically rejected by maintainers for containing things they +shouldn't. + +Cc: Danny Lin +Cc: Íñigo Huguet +Cc: Mickaël Salaün +Cc: Masahiro Yamada +Fixes: 5a602de99797 ("Add .editorconfig file for basic formatting") +Acked-by: Vincent Mailhol +Link: https://lore.kernel.org/r/2024061137-jawless-dipped-e789@gregkh +Signed-off-by: Greg Kroah-Hartman +--- + .editorconfig | 3 --- + 1 file changed, 3 deletions(-) + +--- a/.editorconfig ++++ b/.editorconfig +@@ -5,7 +5,6 @@ root = true + [{*.{awk,c,dts,dtsi,dtso,h,mk,s,S},Kconfig,Makefile,Makefile.*}] + charset = utf-8 + end_of_line = lf +-trim_trailing_whitespace = true + insert_final_newline = true + indent_style = tab + indent_size = 8 +@@ -13,7 +12,6 @@ indent_size = 8 + [*.{json,py,rs}] + charset = utf-8 + end_of_line = lf +-trim_trailing_whitespace = true + insert_final_newline = true + indent_style = space + indent_size = 4 +@@ -26,7 +24,6 @@ indent_size = 8 + [*.yaml] + charset = utf-8 + end_of_line = lf +-trim_trailing_whitespace = unset + insert_final_newline = true + indent_style = space + indent_size = 2 diff --git a/queue-6.9/io_uring-fix-cancellation-overwriting-req-flags.patch b/queue-6.9/io_uring-fix-cancellation-overwriting-req-flags.patch new file mode 100644 index 00000000000..e5600a532de --- /dev/null +++ b/queue-6.9/io_uring-fix-cancellation-overwriting-req-flags.patch @@ -0,0 +1,75 @@ +From f4a1254f2a076afb0edd473589bf40f9b4d36b41 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Fri, 14 Jun 2024 01:04:29 +0100 +Subject: io_uring: fix cancellation overwriting req->flags + +From: Pavel Begunkov + +commit f4a1254f2a076afb0edd473589bf40f9b4d36b41 upstream. + +Only the current owner of a request is allowed to write into req->flags. +Hence, the cancellation path should never touch it. Add a new field +instead of the flag, move it into the 3rd cache line because it should +always be initialised. poll_refs can move further as polling is an +involved process anyway. + +It's a minimal patch, in the future we can and should find a better +place for it and remove now unused REQ_F_CANCEL_SEQ. + +Fixes: 521223d7c229f ("io_uring/cancel: don't default to setting req->work.cancel_seq") +Cc: stable@vger.kernel.org +Reported-by: Li Shi +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/6827b129f8f0ad76fa9d1f0a773de938b240ffab.1718323430.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/io_uring_types.h | 3 ++- + io_uring/cancel.h | 4 ++-- + io_uring/io_uring.c | 1 + + 3 files changed, 5 insertions(+), 3 deletions(-) + +--- a/include/linux/io_uring_types.h ++++ b/include/linux/io_uring_types.h +@@ -653,7 +653,7 @@ struct io_kiocb { + struct io_rsrc_node *rsrc_node; + + atomic_t refs; +- atomic_t poll_refs; ++ bool cancel_seq_set; + struct io_task_work io_task_work; + /* for polled requests, i.e. IORING_OP_POLL_ADD and async armed poll */ + struct hlist_node hash_node; +@@ -662,6 +662,7 @@ struct io_kiocb { + /* opcode allocated if it needs to store data for async defer */ + void *async_data; + /* linked requests, IFF REQ_F_HARDLINK or REQ_F_LINK are set */ ++ atomic_t poll_refs; + struct io_kiocb *link; + /* custom credentials, valid IFF REQ_F_CREDS is set */ + const struct cred *creds; +--- a/io_uring/cancel.h ++++ b/io_uring/cancel.h +@@ -27,10 +27,10 @@ bool io_cancel_req_match(struct io_kiocb + + static inline bool io_cancel_match_sequence(struct io_kiocb *req, int sequence) + { +- if ((req->flags & REQ_F_CANCEL_SEQ) && sequence == req->work.cancel_seq) ++ if (req->cancel_seq_set && sequence == req->work.cancel_seq) + return true; + +- req->flags |= REQ_F_CANCEL_SEQ; ++ req->cancel_seq_set = true; + req->work.cancel_seq = sequence; + return false; + } +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -2211,6 +2211,7 @@ static int io_init_req(struct io_ring_ct + req->file = NULL; + req->rsrc_node = NULL; + req->task = current; ++ req->cancel_seq_set = false; + + if (unlikely(opcode >= IORING_OP_LAST)) { + req->opcode = 0; diff --git a/queue-6.9/io_uring-rsrc-don-t-lock-while-task_running.patch b/queue-6.9/io_uring-rsrc-don-t-lock-while-task_running.patch new file mode 100644 index 00000000000..6412ad8dec4 --- /dev/null +++ b/queue-6.9/io_uring-rsrc-don-t-lock-while-task_running.patch @@ -0,0 +1,52 @@ +From 54559642b96116b45e4b5ca7fd9f7835b8561272 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 12 Jun 2024 13:56:38 +0100 +Subject: io_uring/rsrc: don't lock while !TASK_RUNNING + +From: Pavel Begunkov + +commit 54559642b96116b45e4b5ca7fd9f7835b8561272 upstream. + +There is a report of io_rsrc_ref_quiesce() locking a mutex while not +TASK_RUNNING, which is due to forgetting restoring the state back after +io_run_task_work_sig() and attempts to break out of the waiting loop. + +do not call blocking ops when !TASK_RUNNING; state=1 set at +[] prepare_to_wait+0xa4/0x380 +kernel/sched/wait.c:237 +WARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099 +__might_sleep+0x114/0x160 kernel/sched/core.c:10099 +RIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099 +Call Trace: + + __mutex_lock_common kernel/locking/mutex.c:585 [inline] + __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752 + io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253 + io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799 + __io_uring_register io_uring/register.c:424 [inline] + __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613 + do_syscall_x64 arch/x86/entry/common.c:52 [inline] + do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83 + entry_SYSCALL_64_after_hwframe+0x6f/0x77 + +Reported-by: Li Shi +Fixes: 4ea15b56f0810 ("io_uring/rsrc: use wq for quiescing") +Cc: stable@vger.kernel.org +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/77966bc104e25b0534995d5dbb152332bc8f31c0.1718196953.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/rsrc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/io_uring/rsrc.c ++++ b/io_uring/rsrc.c +@@ -250,6 +250,7 @@ __cold static int io_rsrc_ref_quiesce(st + + ret = io_run_task_work_sig(ctx); + if (ret < 0) { ++ __set_current_state(TASK_RUNNING); + mutex_lock(&ctx->uring_lock); + if (list_empty(&ctx->rsrc_ref_list)) + ret = 0; diff --git a/queue-6.9/series b/queue-6.9/series index aba453d3a74..8127b249872 100644 --- a/queue-6.9/series +++ b/queue-6.9/series @@ -79,3 +79,6 @@ ext4-avoid-overflow-when-setting-values-via-sysfs.patch ext4-refactor-out-ext4_generic_attr_show.patch ext4-fix-slab-out-of-bounds-in-ext4_mb_find_good_gro.patch eventfs-update-all-the-eventfs_inodes-from-the-event.patch +.editorconfig-remove-trim_trailing_whitespace-option.patch +io_uring-rsrc-don-t-lock-while-task_running.patch +io_uring-fix-cancellation-overwriting-req-flags.patch