From: Sasha Levin Date: Sat, 28 Oct 2023 15:12:27 +0000 (-0400) Subject: Fixes for 6.1 X-Git-Tag: v6.1.61~55 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4819449b4fd6d172dab491d22725269cf54a06a;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.1 Signed-off-by: Sasha Levin --- diff --git a/queue-6.1/io_uring-fdinfo-lock-sq-thread-while-retrieving-thre.patch b/queue-6.1/io_uring-fdinfo-lock-sq-thread-while-retrieving-thre.patch new file mode 100644 index 00000000000..f0cf1f4f0fe --- /dev/null +++ b/queue-6.1/io_uring-fdinfo-lock-sq-thread-while-retrieving-thre.patch @@ -0,0 +1,71 @@ +From 68e3dda52c6ac251a0a5831a90e90ba6403b936e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 28 Oct 2023 07:30:27 -0600 +Subject: io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid + +From: Jens Axboe + +commit 7644b1a1c9a7ae8ab99175989bfc8676055edb46 upstream. + +We could race with SQ thread exit, and if we do, we'll hit a NULL pointer +dereference when the thread is cleared. Grab the SQPOLL data lock before +attempting to get the task cpu and pid for fdinfo, this ensures we have a +stable view of it. + +Cc: stable@vger.kernel.org +Link: https://bugzilla.kernel.org/show_bug.cgi?id=218032 +Reviewed-by: Gabriel Krisman Bertazi +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/fdinfo.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/io_uring/fdinfo.c b/io_uring/fdinfo.c +index 882bd56b01ed0..ea2c2ded4e412 100644 +--- a/io_uring/fdinfo.c ++++ b/io_uring/fdinfo.c +@@ -51,7 +51,6 @@ static __cold int io_uring_show_cred(struct seq_file *m, unsigned int id, + static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, + struct seq_file *m) + { +- struct io_sq_data *sq = NULL; + struct io_overflow_cqe *ocqe; + struct io_rings *r = ctx->rings; + unsigned int sq_mask = ctx->sq_entries - 1, cq_mask = ctx->cq_entries - 1; +@@ -62,6 +61,7 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, + unsigned int cq_shift = 0; + unsigned int sq_shift = 0; + unsigned int sq_entries, cq_entries; ++ int sq_pid = -1, sq_cpu = -1; + bool has_lock; + unsigned int i; + +@@ -139,13 +139,19 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, + has_lock = mutex_trylock(&ctx->uring_lock); + + if (has_lock && (ctx->flags & IORING_SETUP_SQPOLL)) { +- sq = ctx->sq_data; +- if (!sq->thread) +- sq = NULL; ++ struct io_sq_data *sq = ctx->sq_data; ++ ++ if (mutex_trylock(&sq->lock)) { ++ if (sq->thread) { ++ sq_pid = task_pid_nr(sq->thread); ++ sq_cpu = task_cpu(sq->thread); ++ } ++ mutex_unlock(&sq->lock); ++ } + } + +- seq_printf(m, "SqThread:\t%d\n", sq ? task_pid_nr(sq->thread) : -1); +- seq_printf(m, "SqThreadCpu:\t%d\n", sq ? task_cpu(sq->thread) : -1); ++ seq_printf(m, "SqThread:\t%d\n", sq_pid); ++ seq_printf(m, "SqThreadCpu:\t%d\n", sq_cpu); + seq_printf(m, "UserFiles:\t%u\n", ctx->nr_user_files); + for (i = 0; has_lock && i < ctx->nr_user_files; i++) { + struct file *f = io_file_from_index(&ctx->file_table, i); +-- +2.42.0 + diff --git a/queue-6.1/series b/queue-6.1/series index d5139962963..1453f75ce22 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -57,3 +57,4 @@ iavf-in-iavf_down-disable-queues-when-removing-the-d.patch scsi-sd-introduce-manage_shutdown-device-flag.patch blk-throttle-check-for-overflow-in-calculate_bytes_allowed.patch kasan-print-the-original-fault-addr-when-access-invalid-shadow.patch +io_uring-fdinfo-lock-sq-thread-while-retrieving-thre.patch