The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
Possible dependencies:
42b6419d0aba ("io_uring: correct pinned_vm accounting") ed29b0b4fd83 ("io_uring: move to separate directory") ab4094024784 ("io_uring: optimise rsrc referencing") a46be971edb6 ("io_uring: optimise io_req_set_rsrc_node()") d886e185a128 ("io_uring: control ->async_data with a REQ_F flag") ef05d9ebcc92 ("io_uring: kill off ->inflight_entry field") d4b7a5ef2b9c ("io_uring: inline completion batching helpers") 3aa83bfb6e5c ("io_uring: add a helper for batch free") c2b6c6bc4e0d ("io_uring: replace list with stack for req caches") 3ab665b74e59 ("io_uring: remove allocation cache array") 6f33b0bc4ea4 ("io_uring: use slist for completion batching") c450178d9be9 ("io_uring: dedup CQE flushing non-empty checks") 4b628aeb69cc ("io_uring: kill off ios_left") 4c928904ff77 ("block: move CONFIG_BLOCK guard to top Makefile")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 42b6419d0aba47c5d8644cdc0b68502254671de5 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov asml.silence@gmail.com Date: Tue, 4 Oct 2022 03:19:08 +0100 Subject: [PATCH] io_uring: correct pinned_vm accounting
->mm_account should be released only after we free all registered buffers, otherwise __io_sqe_buffers_unregister() will see a NULL ->mm_account and skip locked_vm accounting.
Cc: Stable@vger.kernel.org Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/6d798f65ed4ab8db3664c4d3397d4af16ca98846.166484993... Signed-off-by: Jens Axboe axboe@kernel.dk
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 63f6ce5e5355..ea5cee593bbd 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2585,12 +2585,6 @@ static void io_req_caches_free(struct io_ring_ctx *ctx) static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) { io_sq_thread_finish(ctx); - - if (ctx->mm_account) { - mmdrop(ctx->mm_account); - ctx->mm_account = NULL; - } - io_rsrc_refs_drop(ctx); /* __io_rsrc_put_work() may need uring_lock to progress, wait w/o it */ io_wait_rsrc_data(ctx->buf_data); @@ -2633,6 +2627,10 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) WARN_ON_ONCE(!list_empty(&ctx->ltimeout_list)); WARN_ON_ONCE(ctx->notif_slots || ctx->nr_notif_slots);
+ if (ctx->mm_account) { + mmdrop(ctx->mm_account); + ctx->mm_account = NULL; + } io_mem_free(ctx->rings); io_mem_free(ctx->sq_sqes);