averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-05-14 21:38:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa69918bd418e700309fdd08509dba324fb24296
linux-stable-mirror/io_uring
T
History
Jakub Kicinski 735a309b4b net: add net_iov_init() and use it to initialize ->page_type 
Commit db359fccf2 ("mm: introduce a new page type for page pool in
page type") added a page_type field to struct net_iov at the same
offset as struct page::page_type, so that page_pool_set_pp_info() can
call __SetPageNetpp() uniformly on both pages and net_iovs.

The page-type API requires the field to hold the UINT_MAX "no type"
sentinel before a type can be set; for real struct page that invariant
is established by the page allocator on free. struct net_iov is not
allocated through the page allocator, so the field is left as zero
(io_uring zcrx, which uses __GFP_ZERO) or as slab garbage (devmem,
which uses kvmalloc_objs() without zeroing). When the page pool then
calls page_pool_set_pp_info() on a freshly-bound niov,
__SetPageNetpp()'s VM_BUG_ON_PAGE(page->page_type != UINT_MAX) fires
and the kernel BUGs. Triggered in selftests by io_uring zcrx setup
through the fbnic queue restart path:

 kernel BUG at ./include/linux/page-flags.h:1062!
 RIP: 0010:page_pool_set_pp_info (./include/linux/page-flags.h:1062
                                  net/core/page_pool.c:716)
 Call Trace:
  <TASK>
  net_mp_niov_set_page_pool (net/core/page_pool.c:1360)
  io_pp_zc_alloc_netmems (io_uring/zcrx.c:1089 io_uring/zcrx.c:1110)
  fbnic_fill_bdq (./include/net/page_pool/helpers.h:160
                  drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:906)
  __fbnic_nv_restart (drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2470
                      drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2874)
  fbnic_queue_start (drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2903)
  netdev_rx_queue_reconfig (net/core/netdev_rx_queue.c:137)
  __netif_mp_open_rxq (net/core/netdev_rx_queue.c:234)
  io_register_zcrx (io_uring/zcrx.c:818 io_uring/zcrx.c:903)
  __io_uring_register (io_uring/register.c:931)
  __do_sys_io_uring_register (io_uring/register.c:1029)
  do_syscall_64 (arch/x86/entry/syscall_64.c:63
                 arch/x86/entry/syscall_64.c:94)
  </TASK>

The same path is reachable through devmem dmabuf binding via
netdev_nl_bind_rx_doit() -> net_devmem_bind_dmabuf_to_queue().

Add a net_iov_init() helper that stamps ->owner, ->type and the
->page_type sentinel, and use it from both the devmem and io_uring
zcrx niov init loops.

Fixes: db359fccf2 ("mm: introduce a new page type for page pool in page type")
Acked-by: Vlastimil Babka (SUSE) <vbabka@kernel.org>
Acked-by: Byungchul Park <byungchul@sk.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://patch.msgid.link/20260428025320.853452-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-29 16:40:08 -07:00
..
advise.c
advise.h
alloc_cache.c
alloc_cache.h
io_uring/rsrc: use kvfree() for the imu cache
2026-04-21 12:19:01 -06:00
bpf_filter.c
Merge branch 'io_uring-7.0' into for-7.1/io_uring
2026-03-14 08:57:15 -06:00
bpf_filter.h
io_uring: allow registration of per-task restrictions
2026-02-06 07:29:19 -07:00
bpf-ops.c
io_uring: unify getting ctx from passed in file descriptor
2026-04-08 13:21:35 -06:00
bpf-ops.h
io_uring/bpf-ops: implement bpf ops registration
2026-03-16 16:15:00 -06:00
cancel.c
io_uring/cancel: validate opcode for IORING_ASYNC_CANCEL_OP
2026-04-01 10:21:13 -06:00
cancel.h
io_uring/cancel: de-unionize file and user_data in struct io_cancel_data
2026-02-16 14:16:27 -07:00
cmd_net.c
io_uring/cmd_net: split ioctl code out of io_uring_cmd_sock()
2026-03-09 07:21:53 -06:00
epoll.c
epoll.h
eventfd.c
io_uring: switch struct io_ring_ctx internal bitfields to flags
2026-03-16 15:32:59 -06:00
eventfd.h
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
fdinfo.c
io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check
2026-03-26 20:28:28 -06:00
fdinfo.h
filetable.c
io_uring/filetable: clamp alloc_hint to the configured alloc range
2026-02-11 15:20:44 -07:00
filetable.h
io_uring: Trim out unused includes
2026-01-05 17:08:20 -07:00
fs.c
non-consuming variants of do_{unlinkat,rmdir}()
2026-01-16 12:51:50 -05:00
fs.h
futex.c
io_uring/futex: ensure partial wakes are appropriately dequeued
2026-04-21 12:19:06 -06:00
futex.h
io_uring.c
io_uring: fix spurious fput in registered ring path
2026-04-21 12:18:44 -06:00
io_uring.h
Merge tag 'for-7.1/io_uring-20260411' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2026-04-13 16:22:30 -07:00
io-wq.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
io-wq.h
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
kbuf.c
Merge tag 'for-7.1/io_uring-20260411' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2026-04-13 16:22:30 -07:00
kbuf.h
io_uring/kbuf: remove obsolete buf_nr_pages and update comments
2025-11-20 13:23:05 -07:00
Kconfig
io_uring/bpf-ops: implement loop_step with BPF struct_ops
2026-03-16 16:15:00 -06:00
loop.c
io_uring: introduce callback driven main loop
2026-03-16 16:15:00 -06:00
loop.h
io_uring: introduce callback driven main loop
2026-03-16 16:15:00 -06:00
Makefile
io_uring/bpf-ops: implement loop_step with BPF struct_ops
2026-03-16 16:15:00 -06:00
memmap.c
io_uring: take page references for NOMMU pbuf_ring mmaps
2026-04-21 20:14:39 -06:00
memmap.h
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
mock_file.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
msg_ring.c
io_uring: switch struct io_ring_ctx internal bitfields to flags
2026-03-16 15:32:59 -06:00
msg_ring.h
napi.c
napi.h
net.c
Merge tag 'for-7.1/io_uring-20260411' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2026-04-13 16:22:30 -07:00
net.h
io_uring/zctx: unify zerocopy issue variants
2026-03-09 07:21:54 -06:00
nop.c
io_uring/nop: add support for IORING_SETUP_CQE_MIXED
2025-08-27 11:24:15 -06:00
nop.h
notif.c
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
notif.h
opdef.c
io_uring: remove iopoll_queue from struct io_issue_def
2026-03-16 16:14:14 -06:00
opdef.h
io_uring: remove iopoll_queue from struct io_issue_def
2026-03-16 16:14:14 -06:00
openclose.c
io_uring/openclose: fix io_pipe_fixed() slot tracking for specific slots
2026-02-11 20:31:21 -07:00
openclose.h
io_uring/bpf_filter: allow filtering on contents of struct open_how
2026-01-27 11:10:46 -07:00
poll.c
io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE
2026-04-21 19:18:34 -06:00
poll.h
io_uring: add wrapper type for io_req_tw_func_t arg
2025-11-03 08:31:26 -07:00
query.c
io_uring/zcrx: declare some constants for query
2026-03-09 07:21:54 -06:00
query.h
io_uring/query: drop unused io_handle_query_entry() ctx arg
2025-11-26 09:37:10 -07:00
refs.h
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
register.c
io_uring/register: fix ring resizing with mixed/large SQEs/CQEs
2026-04-21 12:19:08 -06:00
register.h
io_uring: unify getting ctx from passed in file descriptor
2026-04-08 13:21:35 -06:00
rsrc.c
io_uring/rsrc: use kvfree() for the imu cache
2026-04-21 12:19:01 -06:00
rsrc.h
io_uring/rsrc: unify nospec indexing for direct descriptors
2026-04-21 12:18:54 -06:00
rw.c
io_uring/rw: add defensive hardening for negative kbuf lengths
2026-04-21 12:19:03 -06:00
rw.h
io_uring: add wrapper type for io_req_tw_func_t arg
2025-11-03 08:31:26 -07:00
slist.h
io_uring: Add SPDX id lines to remaining source files
2026-02-04 07:23:45 -07:00
splice.c
io_uring: don't include filetable.h in io_uring.h
2025-09-08 13:20:46 -06:00
splice.h
sqpoll.c
io_uring/tctx: have io_uring_alloc_task_context() return tctx
2026-04-08 13:21:30 -06:00
sqpoll.h
io_uring/sqpoll: switch away from getrusage() for CPU accounting
2025-10-22 10:51:20 -06:00
statx.c
allow incomplete imports of filenames
2026-01-13 15:18:07 -05:00
statx.h
sync.c
io_uring/sync: validate passed in offset
2026-01-21 11:50:59 -07:00
sync.h
tctx.c
io_uring: fix iowq_limits data race in tctx node addition
2026-04-20 14:57:21 -06:00
tctx.h
io_uring/tctx: have io_uring_alloc_task_context() return tctx
2026-04-08 13:21:30 -06:00
timeout.c
io_uring/timeout: use 'ctx' consistently
2026-04-02 07:08:40 -06:00
timeout.h
io_uring/timeout: migrate reqs from ts64 to ktime
2026-03-09 07:21:54 -06:00
truncate.c
fs: pass on FTRUNCATE_* flags to do_truncate
2026-03-23 12:41:57 +01:00
truncate.h
tw.c
io_uring: mark known and harmless racy ctx->int_flags uses
2026-03-16 15:33:10 -06:00
tw.h
io_uring: split out CQ waiting code into wait.c
2026-01-22 09:21:16 -07:00
uring_cmd.c
io_uring/uring_cmd: allow non-iopoll cmds with IORING_SETUP_IOPOLL
2026-03-16 16:14:14 -06:00
uring_cmd.h
wait.c
io_uring: protect remaining lockless ctx->rings accesses with RCU
2026-04-01 08:34:11 -06:00
wait.h
Merge tag 'for-7.1/io_uring-20260411' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2026-04-13 16:22:30 -07:00
waitid.c
io_uring/waitid: fix KCSAN warning on io_waitid->head
2026-01-19 19:55:30 -07:00
waitid.h
xattr.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
xattr.h
zcrx.c
net: add net_iov_init() and use it to initialize ->page_type
2026-04-29 16:40:08 -07:00
zcrx.h
io_uring/zcrx: rename zcrx [un]register functions
2026-04-01 10:21:13 -06:00