1. 24 10月, 2020 3 次提交
  2. 23 10月, 2020 2 次提交
    • J
      splice: change exported internal do_splice() helper to take kernel offset · ee6e00c8
      Jens Axboe 提交于
      With the set_fs change, we can no longer rely on copy_{to,from}_user()
      accepting a kernel pointer, and it was bad form to do so anyway. Clean
      this up and change the internal helper that io_uring uses to deal with
      kernel pointers instead. This puts the offset copy in/out in __do_splice()
      instead, which just calls the same helper.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      ee6e00c8
    • J
      io_uring: make loop_rw_iter() use original user supplied pointers · 4017eb91
      Jens Axboe 提交于
      We jump through a hoop for fixed buffers, where we first map these to
      a bvec(), then kmap() the bvec to obtain the pointer we copy to/from.
      This was always a bit ugly, and with the set_fs changes, it ends up
      being practically problematic as well.
      
      There's no need to jump through these hoops, just use the original user
      pointers and length for the non iter based read/write.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      4017eb91
  3. 22 10月, 2020 3 次提交
  4. 21 10月, 2020 1 次提交
  5. 20 10月, 2020 8 次提交
  6. 19 10月, 2020 1 次提交
  7. 18 10月, 2020 2 次提交
    • J
      mm: use limited read-ahead to satisfy read · 324bcf54
      Jens Axboe 提交于
      For the case where read-ahead is disabled on the file, or if the cgroup
      is congested, ensure that we can at least do 1 page of read-ahead to
      make progress on the read in an async fashion. This could potentially be
      larger, but it's not needed in terms of functionality, so let's error on
      the side of caution as larger counts of pages may run into reclaim
      issues (particularly if we're congested).
      
      This makes sure we're not hitting the potentially sync ->readpage() path
      for IO that is marked IOCB_WAITQ, which could cause us to block. It also
      means we'll use the same path for IO, regardless of whether or not
      read-ahead happens to be disabled on the lower level device.
      Acked-by: NJohannes Weiner <hannes@cmpxchg.org>
      Reported-by: NMatthew Wilcox (Oracle) <willy@infradead.org>
      Reported-by: NHao_Xu <haoxu@linux.alibaba.com>
      [axboe: updated for new ractl API]
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      324bcf54
    • J
      mm: mark async iocb read as NOWAIT once some data has been copied · 13bd6914
      Jens Axboe 提交于
      Once we've copied some data for an iocb that is marked with IOCB_WAITQ,
      we should no longer attempt to async lock a new page. Instead make sure
      we return the copied amount, and let the caller retry, instead of
      returning -EIOCBQUEUED for a new page.
      
      This should only be possible with read-ahead disabled on the below
      device, and multiple threads racing on the same file. Haven't been able
      to reproduce on anything else.
      
      Cc: stable@vger.kernel.org # v5.9
      Fixes: 1a0a7853 ("mm: support async buffered reads in generic_file_buffered_read()")
      Reported-by: NKent Overstreet <kent.overstreet@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      13bd6914
  8. 17 10月, 2020 20 次提交
    • P
      io_uring: fix double poll mask init · 58852d4d
      Pavel Begunkov 提交于
      __io_queue_proc() is used by both, poll reqs and apoll. Don't use
      req->poll.events to copy poll mask because for apoll it aliases with
      private data of the request.
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      58852d4d
    • J
      io-wq: inherit audit loginuid and sessionid · 4ea33a97
      Jens Axboe 提交于
      Make sure the async io-wq workers inherit the loginuid and sessionid from
      the original task, and restore them to unset once we're done with the
      async work item.
      
      While at it, disable the ability for kernel threads to write to their own
      loginuid.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      4ea33a97
    • J
      io_uring: use percpu counters to track inflight requests · d8a6df10
      Jens Axboe 提交于
      Even though we place the req_issued and req_complete in separate
      cachelines, there's considerable overhead in doing the atomics
      particularly on the completion side.
      
      Get rid of having the two counters, and just use a percpu_counter for
      this. That's what it was made for, after all. This considerably
      reduces the overhead in __io_free_req().
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      d8a6df10
    • J
      io_uring: assign new io_identity for task if members have changed · 500a373d
      Jens Axboe 提交于
      This avoids doing a copy for each new async IO, if some parts of the
      io_identity has changed. We avoid reference counting for the normal
      fast path of nothing ever changing.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      500a373d
    • J
      io_uring: store io_identity in io_uring_task · 5c3462cf
      Jens Axboe 提交于
      This is, by definition, a per-task structure. So store it in the
      task context, instead of doing carrying it in each io_kiocb. We're being
      a bit inefficient if members have changed, as that requires an alloc and
      copy of a new io_identity struct. The next patch will fix that up.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      5c3462cf
    • J
      io_uring: COW io_identity on mismatch · 1e6fa521
      Jens Axboe 提交于
      If the io_identity doesn't completely match the task, then create a
      copy of it and use that. The existing copy remains valid until the last
      user of it has gone away.
      
      This also changes the personality lookup to be indexed by io_identity,
      instead of creds directly.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      1e6fa521
    • J
      io_uring: move io identity items into separate struct · 98447d65
      Jens Axboe 提交于
      io-wq contains a pointer to the identity, which we just hold in io_kiocb
      for now. This is in preparation for putting this outside io_kiocb. The
      only exception is struct files_struct, which we'll need different rules
      for to avoid a circular dependency.
      
      No functional changes in this patch.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      98447d65
    • J
      io_uring: rely solely on work flags to determine personality. · dfead8a8
      Jens Axboe 提交于
      We solely rely on work->work_flags now, so use that for proper checking
      and clearing/dropping of various identity items.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      dfead8a8
    • J
      io_uring: pass required context in as flags · 0f203765
      Jens Axboe 提交于
      We have a number of bits that decide what context to inherit. Set up
      io-wq flags for these instead. This is in preparation for always having
      the various members set, but not always needing them for all requests.
      
      No intended functional changes in this patch.
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      0f203765
    • J
      io-wq: assign NUMA node locality if appropriate · a8b595b2
      Jens Axboe 提交于
      There was an assumption that kthread_create_on_node() would properly set
      NUMA affinities in terms of CPUs allowed, but it doesn't. Make sure we
      do this when creating an io-wq context on NUMA.
      
      Cc: stable@vger.kernel.org
      Stefan Metzmacher <metze@samba.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      a8b595b2
    • J
      io_uring: fix error path cleanup in io_sqe_files_register() · 55cbc256
      Jens Axboe 提交于
      syzbot reports the following crash:
      
      general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
      KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
      CPU: 1 PID: 8927 Comm: syz-executor.3 Not tainted 5.9.0-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:io_file_from_index fs/io_uring.c:5963 [inline]
      RIP: 0010:io_sqe_files_register fs/io_uring.c:7369 [inline]
      RIP: 0010:__io_uring_register fs/io_uring.c:9463 [inline]
      RIP: 0010:__do_sys_io_uring_register+0x2fd2/0x3ee0 fs/io_uring.c:9553
      Code: ec 03 49 c1 ee 03 49 01 ec 49 01 ee e8 57 61 9c ff 41 80 3c 24 00 0f 85 9b 09 00 00 4d 8b af b8 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 28 00 0f 85 76 09 00 00 49 8b 55 00 89 d8 c1 f8 09 48 98 4c
      RSP: 0018:ffffc90009137d68 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000ef2a000
      RDX: 0000000000040000 RSI: ffffffff81d81dd9 RDI: 0000000000000005
      RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1012882a37
      R13: 0000000000000000 R14: ffffed1012882a38 R15: ffff888094415000
      FS:  00007f4266f3c700(0000) GS:ffff8880ae500000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000000000118c000 CR3: 000000008e57d000 CR4: 00000000001506e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x45de59
      Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f4266f3bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
      RAX: ffffffffffffffda RBX: 00000000000083c0 RCX: 000000000045de59
      RDX: 0000000020000280 RSI: 0000000000000002 RDI: 0000000000000005
      RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
      R10: 40000000000000a1 R11: 0000000000000246 R12: 000000000118bf2c
      R13: 00007fff2fa4f12f R14: 00007f4266f3c9c0 R15: 000000000118bf2c
      Modules linked in:
      ---[ end trace 2a40a195e2d5e6e6 ]---
      RIP: 0010:io_file_from_index fs/io_uring.c:5963 [inline]
      RIP: 0010:io_sqe_files_register fs/io_uring.c:7369 [inline]
      RIP: 0010:__io_uring_register fs/io_uring.c:9463 [inline]
      RIP: 0010:__do_sys_io_uring_register+0x2fd2/0x3ee0 fs/io_uring.c:9553
      Code: ec 03 49 c1 ee 03 49 01 ec 49 01 ee e8 57 61 9c ff 41 80 3c 24 00 0f 85 9b 09 00 00 4d 8b af b8 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 28 00 0f 85 76 09 00 00 49 8b 55 00 89 d8 c1 f8 09 48 98 4c
      RSP: 0018:ffffc90009137d68 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000ef2a000
      RDX: 0000000000040000 RSI: ffffffff81d81dd9 RDI: 0000000000000005
      RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1012882a37
      R13: 0000000000000000 R14: ffffed1012882a38 R15: ffff888094415000
      FS:  00007f4266f3c700(0000) GS:ffff8880ae400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000000000074a918 CR3: 000000008e57d000 CR4: 00000000001506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      
      which is a copy of fget failure condition jumping to cleanup, but the
      cleanup requires ctx->file_data to be assigned. Assign it when setup,
      and ensure that we clear it again for the error path exit.
      
      Fixes: 5398ae69 ("io_uring: clean file_data access in files_register")
      Reported-by: syzbot+f4ebcc98223dafd8991e@syzkaller.appspotmail.com
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      55cbc256
    • J
      Revert "io_uring: mark io_uring_fops/io_op_defs as __read_mostly" · 0918682b
      Jens Axboe 提交于
      This reverts commit 738277ad.
      
      This change didn't make a lot of sense, and as Linus reports, it actually
      fails on clang:
      
         /tmp/io_uring-dd40c4.s:26476: Warning: ignoring changed section
         attributes for .data..read_mostly
      
      The arrays are already marked const so, by definition, they are not
      just read-mostly, they are read-only.
      Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      0918682b
    • P
      io_uring: fix REQ_F_COMP_LOCKED by killing it · 216578e5
      Pavel Begunkov 提交于
      REQ_F_COMP_LOCKED is used and implemented in a buggy way. The problem is
      that the flag is set before io_put_req() but not cleared after, and if
      that wasn't the final reference, the request will be freed with the flag
      set from some other context, which may not hold a spinlock. That means
      possible races with removing linked timeouts and unsynchronised
      completion (e.g. access to CQ).
      
      Instead of fixing REQ_F_COMP_LOCKED, kill the flag and use
      task_work_add() to move such requests to a fresh context to free from
      it, as was done with __io_free_req_finish().
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      216578e5
    • P
      io_uring: dig out COMP_LOCK from deep call chain · 4edf20f9
      Pavel Begunkov 提交于
      io_req_clean_work() checks REQ_F_COMP_LOCK to pass this two layers up.
      Move the check up into __io_free_req(), so at least it doesn't looks so
      ugly and would facilitate further changes.
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      4edf20f9
    • P
      io_uring: don't put a poll req under spinlock · 6a0af224
      Pavel Begunkov 提交于
      Move io_put_req() in io_poll_task_handler() from under spinlock. This
      eliminates the need to use REQ_F_COMP_LOCKED, at the expense of
      potentially having to grab the lock again. That's still a better trade
      off than relying on the locked flag.
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      6a0af224
    • P
      io_uring: don't unnecessarily clear F_LINK_TIMEOUT · b1b74cfc
      Pavel Begunkov 提交于
      If a request had REQ_F_LINK_TIMEOUT it would've been cleared in
      __io_kill_linked_timeout() by the time of __io_fail_links(), so no need
      to care about it.
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      b1b74cfc
    • P
      io_uring: don't set COMP_LOCKED if won't put · 368c5481
      Pavel Begunkov 提交于
      __io_kill_linked_timeout() sets REQ_F_COMP_LOCKED for a linked timeout
      even if it can't cancel it, e.g. it's already running. It not only races
      with io_link_timeout_fn() for ->flags field, but also leaves the flag
      set and so io_link_timeout_fn() may find it and decide that it holds the
      lock. Hopefully, the second problem is potential.
      Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      368c5481
    • C
      io_uring: Fix sizeof() mismatch · 035fbafc
      Colin Ian King 提交于
      An incorrect sizeof() is being used, sizeof(file_data->table) is not
      correct, it should be sizeof(*file_data->table).
      
      Fixes: 5398ae69 ("io_uring: clean file_data access in files_register")
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Addresses-Coverity: ("Sizeof not portable (SIZEOF_MISMATCH)")
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      035fbafc
    • L
      Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 071a0578
      Linus Torvalds 提交于
      Pull overlayfs updates from Miklos Szeredi:
      
       - Improve performance for certain container setups by introducing a
         "volatile" mode
      
       - ioctl improvements
      
       - continue preparation for unprivileged overlay mounts
      
      * tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: use generic vfs_ioc_setflags_prepare() helper
        ovl: support [S|G]ETFLAGS and FS[S|G]ETXATTR ioctls for directories
        ovl: rearrange ovl_can_list()
        ovl: enumerate private xattrs
        ovl: pass ovl_fs down to functions accessing private xattrs
        ovl: drop flags argument from ovl_do_setxattr()
        ovl: adhere to the vfs_ vs. ovl_do_ conventions for xattrs
        ovl: use ovl_do_getxattr() for private xattr
        ovl: fold ovl_getxattr() into ovl_get_redirect_xattr()
        ovl: clean up ovl_getxattr() in copy_up.c
        duplicate ovl_getxattr()
        ovl: provide a mount option "volatile"
        ovl: check for incompatible features in work dir
      071a0578
    • L
      Merge tag 'afs-fixes-20201016' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · fad70111
      Linus Torvalds 提交于
      Pull afs updates from David Howells:
       "A collection of fixes to fix afs_cell struct refcounting, thereby
        fixing a slew of related syzbot bugs:
      
         - Fix the cell tree in the netns to use an rwsem rather than RCU.
      
           There seem to be some problems deriving from the use of RCU and a
           seqlock to walk the rbtree, but it's not entirely clear what since
           there are several different failures being seen.
      
           Changing things to use an rwsem instead makes it more robust. The
           extra performance derived from using RCU isn't necessary in this
           case since the only time we're looking up a cell is during mount or
           when cells are being manually added.
      
         - Fix the refcounting by splitting the usage counter into a memory
           refcount and an active users counter. The usage counter was doing
           double duty, keeping track of whether a cell is still in use and
           keeping track of when it needs to be destroyed - but this makes the
           clean up tricky. Separating these out simplifies the logic.
      
         - Fix purging a cell that has an alias. A cell alias pins the cell
           it's an alias of, but the alias is always later in the list. Trying
           to purge in a single pass causes rmmod to hang in such a case.
      
         - Fix cell removal. If a cell's manager is requeued whilst it's
           removing itself, the manager will run again and re-remove itself,
           causing problems in various places. Follow Hillf Danton's
           suggestion to insert a more terminal state that causes the manager
           to do nothing post-removal.
      
        In additional to the above, two other changes:
      
         - Add a tracepoint for the cell refcount and active users count. This
           helped with debugging the above and may be useful again in future.
      
         - Downgrade an assertion to a print when a still-active server is
           seen during purging. This was happening as a consequence of
           incomplete cell removal before the servers were cleaned up"
      
      * tag 'afs-fixes-20201016' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
        afs: Don't assert on unpurgeable server records
        afs: Add tracing for cell refcount and active user count
        afs: Fix cell removal
        afs: Fix cell purging with aliases
        afs: Fix cell refcounting by splitting the usage counter
        afs: Fix rapid cell addition/removal by not using RCU on cells tree
      fad70111