Commit 78a78060 authored by Jens Axboe's avatar Jens Axboe
Browse files

io_uring: ensure task_work gets run as part of cancelations 



If we successfully cancel a work item but that work item needs to be
processed through task_work, then we can be sleeping uninterruptibly
in io_uring_cancel_generic() and never process it. Hence we don't
make forward progress and we end up with an uninterruptible sleep
warning.

While in there, correct a comment that should be IFF, not IIF.

Reported-and-tested-by: default avatar <syzbot+21e6887c0be14181206d@syzkaller.appspotmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent e47498af

fs/io_uring.c

+4 −2
Original line number Diff line number Diff line
@@ -9824,7 +9824,7 @@ static __cold void io_uring_drop_tctx_refs(struct task_struct *task) 


/*

 * Find any io_uring ctx that this task has registered or done IO on, and cancel

 * requests. @sqd should be not-null IIF it's an SQPOLL thread cancellation.

 * requests. @sqd should be not-null IFF it's an SQPOLL thread cancellation.

 */

static __cold void io_uring_cancel_generic(bool cancel_all,

					   struct io_sq_data *sqd)
@@ -9866,8 +9866,10 @@ static __cold void io_uring_cancel_generic(bool cancel_all, 
							     cancel_all);

		}



		prepare_to_wait(&tctx->wait, &wait, TASK_UNINTERRUPTIBLE);

		prepare_to_wait(&tctx->wait, &wait, TASK_INTERRUPTIBLE);

		io_run_task_work();

		io_uring_drop_tctx_refs(current);



		/*

		 * If we've seen completions, retry without waiting. This

		 * avoids a race where a completion comes in before we did