[v2,03/14] io_uring/cmd: make io_uring_cmd_done irq safe

Message ID	faeec0d1e7c740a582f51f80626f61c745ed9a52.1710720150.git.asml.silence@gmail.com (mailing list archive)
State	New, archived
Headers	show Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20C061DA58; Mon, 18 Mar 2024 00:43:41 +0000 (UTC) From: Pavel Begunkov <asml.silence@gmail.com> To: io-uring@vger.kernel.org Cc: linux-block@vger.kernel.org, Jens Axboe <axboe@kernel.dk>, asml.silence@gmail.com, Kanchan Joshi <joshi.k@samsung.com>, Ming Lei <ming.lei@redhat.com> Subject: [PATCH v2 03/14] io_uring/cmd: make io_uring_cmd_done irq safe Date: Mon, 18 Mar 2024 00:41:48 +0000 Message-ID: <faeec0d1e7c740a582f51f80626f61c745ed9a52.1710720150.git.asml.silence@gmail.com> In-Reply-To: <cover.1710720150.git.asml.silence@gmail.com> References: <cover.1710720150.git.asml.silence@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	remove aux CQE caches \| expand [v2,00/14] remove aux CQE caches [v2,01/14] io_uring/cmd: kill one issue_flags to tw conversion [v2,02/14] io_uring/cmd: fix tw <-> issue_flags conversion [v2,03/14] io_uring/cmd: make io_uring_cmd_done irq safe [v2,04/14] io_uring/cmd: introduce io_uring_cmd_complete [v2,05/14] ublk: don't hard code IO_URING_F_UNLOCKED [v2,06/14] nvme/io_uring: don't hard code IO_URING_F_UNLOCKED [v2,07/14] io_uring/rw: avoid punting to io-wq directly [v2,08/14] io_uring: force tw ctx locking [v2,09/14] io_uring: remove struct io_tw_state::locked [v2,10/14] io_uring: refactor io_fill_cqe_req_aux [v2,11/14] io_uring: get rid of intermediate aux cqe caches [v2,12/14] io_uring: remove current check from complete_post [v2,13/14] io_uring: refactor io_req_complete_post() [v2,14/14] io_uring: clean up io_lockdep_assert_cq_locked

Pavel Begunkov March 18, 2024, 12:41 a.m. UTC

io_uring_cmd_done() is called from the irq context and is considered to
be irq safe, however that's not the case if the driver requires
cancellations because io_uring_cmd_del_cancelable() could try to take
the uring_lock mutex.

Clean up the confusion, by deferring cancellation handling to
locked task_work if we came into io_uring_cmd_done() from iowq
or other IO_URING_F_UNLOCKED path.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---
 io_uring/uring_cmd.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

Ming Lei March 18, 2024, 8:10 a.m. UTC | #1

On Mon, Mar 18, 2024 at 12:41:48AM +0000, Pavel Begunkov wrote:
> io_uring_cmd_done() is called from the irq context and is considered to
> be irq safe, however that's not the case if the driver requires
> cancellations because io_uring_cmd_del_cancelable() could try to take
> the uring_lock mutex.
> 
> Clean up the confusion, by deferring cancellation handling to
> locked task_work if we came into io_uring_cmd_done() from iowq
> or other IO_URING_F_UNLOCKED path.
> 
> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
> ---
>  io_uring/uring_cmd.c | 24 +++++++++++++++++-------
>  1 file changed, 17 insertions(+), 7 deletions(-)
> 
> diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
> index ec38a8d4836d..9590081feb2d 100644
> --- a/io_uring/uring_cmd.c
> +++ b/io_uring/uring_cmd.c
> @@ -14,19 +14,18 @@
>  #include "rsrc.h"
>  #include "uring_cmd.h"
>  
> -static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd,
> -		unsigned int issue_flags)
> +static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd)
>  {
>  	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>  	struct io_ring_ctx *ctx = req->ctx;
>  
> +	lockdep_assert_held(&ctx->uring_lock);
> +
>  	if (!(cmd->flags & IORING_URING_CMD_CANCELABLE))
>  		return;
>  
>  	cmd->flags &= ~IORING_URING_CMD_CANCELABLE;
> -	io_ring_submit_lock(ctx, issue_flags);
>  	hlist_del(&req->hash_node);
> -	io_ring_submit_unlock(ctx, issue_flags);
>  }
>  
>  /*
> @@ -44,6 +43,9 @@ void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd,
>  	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>  	struct io_ring_ctx *ctx = req->ctx;
>  
> +	if (WARN_ON_ONCE(ctx->flags & IORING_SETUP_IOPOLL))
> +		return;
> +

This way limits cancelable command can't be used in iopoll context, and
it isn't reasonable, and supporting iopoll has been in ublk todo list,
especially single ring context is shared for both command and normal IO.


Thanks,
Ming

Pavel Begunkov March 18, 2024, 11:50 a.m. UTC | #2

On 3/18/24 08:10, Ming Lei wrote:
> On Mon, Mar 18, 2024 at 12:41:48AM +0000, Pavel Begunkov wrote:
>> io_uring_cmd_done() is called from the irq context and is considered to
>> be irq safe, however that's not the case if the driver requires
>> cancellations because io_uring_cmd_del_cancelable() could try to take
>> the uring_lock mutex.
>>
>> Clean up the confusion, by deferring cancellation handling to
>> locked task_work if we came into io_uring_cmd_done() from iowq
>> or other IO_URING_F_UNLOCKED path.
>>
>> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
>> ---
>>   io_uring/uring_cmd.c | 24 +++++++++++++++++-------
>>   1 file changed, 17 insertions(+), 7 deletions(-)
>>
>> diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
>> index ec38a8d4836d..9590081feb2d 100644
>> --- a/io_uring/uring_cmd.c
>> +++ b/io_uring/uring_cmd.c
>> @@ -14,19 +14,18 @@
>>   #include "rsrc.h"on 
>>   #include "uring_cmd.h"
>>   
>> -static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd,
>> -		unsigned int issue_flags)
>> +static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd)
>>   {
>>   	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>>   	struct io_ring_ctx *ctx = req->ctx;
>>   
>> +	lockdep_assert_held(&ctx->uring_lock);
>> +
>>   	if (!(cmd->flags & IORING_URING_CMD_CANCELABLE))
>>   		return;
>>   
>>   	cmd->flags &= ~IORING_URING_CMD_CANCELABLE;
>> -	io_ring_submit_lock(ctx, issue_flags);
>>   	hlist_del(&req->hash_node);
>> -	io_ring_submit_unlock(ctx, issue_flags);
>>   }
>>   
>>   /*
>> @@ -44,6 +43,9 @@ void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd,
>>   	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>>   	struct io_ring_ctx *ctx = req->ctx;
>>   
>> +	if (WARN_ON_ONCE(ctx->flags & IORING_SETUP_IOPOLL))
>> +		return;
>> +
> 
> This way limits cancelable command can't be used in iopoll context, and
> it isn't reasonable, and supporting iopoll has been in ublk todo list,
> especially single ring context is shared for both command and normal IO.

That's something that can be solved when it's needed, and hence the
warning so it's not missed. That would need del_cancelable on the
->iopoll side, but depends on the "leaving in cancel queue"
problem resolution.

Ming Lei March 18, 2024, 11:59 a.m. UTC | #3

On Mon, Mar 18, 2024 at 11:50:32AM +0000, Pavel Begunkov wrote:
> On 3/18/24 08:10, Ming Lei wrote:
> > On Mon, Mar 18, 2024 at 12:41:48AM +0000, Pavel Begunkov wrote:
> > > io_uring_cmd_done() is called from the irq context and is considered to
> > > be irq safe, however that's not the case if the driver requires
> > > cancellations because io_uring_cmd_del_cancelable() could try to take
> > > the uring_lock mutex.
> > > 
> > > Clean up the confusion, by deferring cancellation handling to
> > > locked task_work if we came into io_uring_cmd_done() from iowq
> > > or other IO_URING_F_UNLOCKED path.
> > > 
> > > Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
> > > ---
> > >   io_uring/uring_cmd.c | 24 +++++++++++++++++-------
> > >   1 file changed, 17 insertions(+), 7 deletions(-)
> > > 
> > > diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
> > > index ec38a8d4836d..9590081feb2d 100644
> > > --- a/io_uring/uring_cmd.c
> > > +++ b/io_uring/uring_cmd.c
> > > @@ -14,19 +14,18 @@
> > >   #include "rsrc.h"on   #include "uring_cmd.h"
> > > -static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd,
> > > -		unsigned int issue_flags)
> > > +static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd)
> > >   {
> > >   	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
> > >   	struct io_ring_ctx *ctx = req->ctx;
> > > +	lockdep_assert_held(&ctx->uring_lock);
> > > +
> > >   	if (!(cmd->flags & IORING_URING_CMD_CANCELABLE))
> > >   		return;
> > >   	cmd->flags &= ~IORING_URING_CMD_CANCELABLE;
> > > -	io_ring_submit_lock(ctx, issue_flags);
> > >   	hlist_del(&req->hash_node);
> > > -	io_ring_submit_unlock(ctx, issue_flags);
> > >   }
> > >   /*
> > > @@ -44,6 +43,9 @@ void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd,
> > >   	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
> > >   	struct io_ring_ctx *ctx = req->ctx;
> > > +	if (WARN_ON_ONCE(ctx->flags & IORING_SETUP_IOPOLL))
> > > +		return;
> > > +
> > 
> > This way limits cancelable command can't be used in iopoll context, and
> > it isn't reasonable, and supporting iopoll has been in ublk todo list,
> > especially single ring context is shared for both command and normal IO.
> 
> That's something that can be solved when it's needed, and hence the
> warning so it's not missed. That would need del_cancelable on the
> ->iopoll side, but depends on the "leaving in cancel queue"
> problem resolution.

The current code is actually working with iopoll, so adding the warning
can be one regression. Maybe someone has been using ublk with iopoll.


Thanks,
Ming

Pavel Begunkov March 18, 2024, 12:46 p.m. UTC | #4

On 3/18/24 11:59, Ming Lei wrote:
> On Mon, Mar 18, 2024 at 11:50:32AM +0000, Pavel Begunkov wrote:
>> On 3/18/24 08:10, Ming Lei wrote:
>>> On Mon, Mar 18, 2024 at 12:41:48AM +0000, Pavel Begunkov wrote:
>>>> io_uring_cmd_done() is called from the irq context and is considered to
>>>> be irq safe, however that's not the case if the driver requires
>>>> cancellations because io_uring_cmd_del_cancelable() could try to take
>>>> the uring_lock mutex.
>>>>
>>>> Clean up the confusion, by deferring cancellation handling to
>>>> locked task_work if we came into io_uring_cmd_done() from iowq
>>>> or other IO_URING_F_UNLOCKED path.
>>>>
>>>> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
>>>> ---
>>>>    io_uring/uring_cmd.c | 24 +++++++++++++++++-------
>>>>    1 file changed, 17 insertions(+), 7 deletions(-)
>>>>
>>>> diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
>>>> index ec38a8d4836d..9590081feb2d 100644
>>>> --- a/io_uring/uring_cmd.c
>>>> +++ b/io_uring/uring_cmd.c
>>>> @@ -14,19 +14,18 @@
>>>>    #include "rsrc.h"on   #include "uring_cmd.h"
>>>> -static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd,
>>>> -		unsigned int issue_flags)
>>>> +static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd)
>>>>    {
>>>>    	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>>>>    	struct io_ring_ctx *ctx = req->ctx;
>>>> +	lockdep_assert_held(&ctx->uring_lock);
>>>> +
>>>>    	if (!(cmd->flags & IORING_URING_CMD_CANCELABLE))
>>>>    		return;
>>>>    	cmd->flags &= ~IORING_URING_CMD_CANCELABLE;
>>>> -	io_ring_submit_lock(ctx, issue_flags);
>>>>    	hlist_del(&req->hash_node);
>>>> -	io_ring_submit_unlock(ctx, issue_flags);
>>>>    }
>>>>    /*
>>>> @@ -44,6 +43,9 @@ void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd,
>>>>    	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
>>>>    	struct io_ring_ctx *ctx = req->ctx;
>>>> +	if (WARN_ON_ONCE(ctx->flags & IORING_SETUP_IOPOLL))
>>>> +		return;
>>>> +
>>>
>>> This way limits cancelable command can't be used in iopoll context, and
>>> it isn't reasonable, and supporting iopoll has been in ublk todo list,
>>> especially single ring context is shared for both command and normal IO.
>>
>> That's something that can be solved when it's needed, and hence the
>> warning so it's not missed. That would need del_cancelable on the
>> ->iopoll side, but depends on the "leaving in cancel queue"
>> problem resolution.
> 
> The current code is actually working with iopoll, so adding the warning
> can be one regression. Maybe someone has been using ublk with iopoll.

Hmm, I don't see ->uring_cmd_iopoll implemented anywhere, and w/o
it io_uring should fail the request:

int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags)
{
	...
	if (ctx->flags & IORING_SETUP_IOPOLL) {
		if (!file->f_op->uring_cmd_iopoll)
			return -EOPNOTSUPP;
		issue_flags |= IO_URING_F_IOPOLL;
	}
}

Did I miss it somewhere?

Ming Lei March 18, 2024, 1:09 p.m. UTC | #5

On Mon, Mar 18, 2024 at 12:46:25PM +0000, Pavel Begunkov wrote:
> On 3/18/24 11:59, Ming Lei wrote:
> > On Mon, Mar 18, 2024 at 11:50:32AM +0000, Pavel Begunkov wrote:
> > > On 3/18/24 08:10, Ming Lei wrote:
> > > > On Mon, Mar 18, 2024 at 12:41:48AM +0000, Pavel Begunkov wrote:
> > > > > io_uring_cmd_done() is called from the irq context and is considered to
> > > > > be irq safe, however that's not the case if the driver requires
> > > > > cancellations because io_uring_cmd_del_cancelable() could try to take
> > > > > the uring_lock mutex.
> > > > > 
> > > > > Clean up the confusion, by deferring cancellation handling to
> > > > > locked task_work if we came into io_uring_cmd_done() from iowq
> > > > > or other IO_URING_F_UNLOCKED path.
> > > > > 
> > > > > Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
> > > > > ---
> > > > >    io_uring/uring_cmd.c | 24 +++++++++++++++++-------
> > > > >    1 file changed, 17 insertions(+), 7 deletions(-)
> > > > > 
> > > > > diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
> > > > > index ec38a8d4836d..9590081feb2d 100644
> > > > > --- a/io_uring/uring_cmd.c
> > > > > +++ b/io_uring/uring_cmd.c
> > > > > @@ -14,19 +14,18 @@
> > > > >    #include "rsrc.h"on   #include "uring_cmd.h"
> > > > > -static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd,
> > > > > -		unsigned int issue_flags)
> > > > > +static void io_uring_cmd_del_cancelable(struct io_uring_cmd *cmd)
> > > > >    {
> > > > >    	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
> > > > >    	struct io_ring_ctx *ctx = req->ctx;
> > > > > +	lockdep_assert_held(&ctx->uring_lock);
> > > > > +
> > > > >    	if (!(cmd->flags & IORING_URING_CMD_CANCELABLE))
> > > > >    		return;
> > > > >    	cmd->flags &= ~IORING_URING_CMD_CANCELABLE;
> > > > > -	io_ring_submit_lock(ctx, issue_flags);
> > > > >    	hlist_del(&req->hash_node);
> > > > > -	io_ring_submit_unlock(ctx, issue_flags);
> > > > >    }
> > > > >    /*
> > > > > @@ -44,6 +43,9 @@ void io_uring_cmd_mark_cancelable(struct io_uring_cmd *cmd,
> > > > >    	struct io_kiocb *req = cmd_to_io_kiocb(cmd);
> > > > >    	struct io_ring_ctx *ctx = req->ctx;
> > > > > +	if (WARN_ON_ONCE(ctx->flags & IORING_SETUP_IOPOLL))
> > > > > +		return;
> > > > > +
> > > > 
> > > > This way limits cancelable command can't be used in iopoll context, and
> > > > it isn't reasonable, and supporting iopoll has been in ublk todo list,
> > > > especially single ring context is shared for both command and normal IO.
> > > 
> > > That's something that can be solved when it's needed, and hence the
> > > warning so it's not missed. That would need del_cancelable on the
> > > ->iopoll side, but depends on the "leaving in cancel queue"
> > > problem resolution.
> > 
> > The current code is actually working with iopoll, so adding the warning
> > can be one regression. Maybe someone has been using ublk with iopoll.
> 
> Hmm, I don't see ->uring_cmd_iopoll implemented anywhere, and w/o
> it io_uring should fail the request:
> 
> int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags)
> {
> 	...
> 	if (ctx->flags & IORING_SETUP_IOPOLL) {
> 		if (!file->f_op->uring_cmd_iopoll)
> 			return -EOPNOTSUPP;
> 		issue_flags |= IO_URING_F_IOPOLL;
> 	}
> }
> 
> Did I miss it somewhere?

Looks I missed the point, now the WARN() is fine.


Thanks,
Ming

[v2,03/14] io_uring/cmd: make io_uring_cmd_done irq safe

Commit Message

Comments

Patch