6.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov asml.silence@gmail.com
commit bd2703b42decebdcddf76e277ba76b4c4a142d73 upstream.
With IORING_SETUP_SQPOLL all requests are created by the SQPOLL task, which means that req->task should always match sqd->thread. Since accesses to sqd->thread should be separately protected, use req->task in io_req_normal_work_add() instead.
Note, in the eyes of io_req_normal_work_add(), the SQPOLL task struct is always pinned and alive, and sqd->thread can either be the task or NULL. It's only problematic if the compiler decides to reload the value after the null check, which is not so likely.
Cc: stable@vger.kernel.org Cc: Bui Quang Minh minhquangbui99@gmail.com Reported-by: lizetao lizetao1@huawei.com Fixes: 78f9b61bd8e54 ("io_uring: wake SQPOLL task when task_work is added to an empty queue") Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/1cbbe72cf32c45a8fee96026463024cd8564a7d7.173654135... Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- io_uring/io_uring.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-)
--- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1244,10 +1244,7 @@ static void io_req_normal_work_add(struc
/* SQPOLL doesn't need the task_work added, it'll run it itself */ if (ctx->flags & IORING_SETUP_SQPOLL) { - struct io_sq_data *sqd = ctx->sq_data; - - if (sqd->thread) - __set_notify_signal(sqd->thread); + __set_notify_signal(req->task); return; }