github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
daf23014e5
linux/io_uring
History
Jakub Kicinski 735a309b4b net: add net_iov_init() and use it to initialize ->page_type 
Commit db359fccf2 ("mm: introduce a new page type for page pool in
page type") added a page_type field to struct net_iov at the same
offset as struct page::page_type, so that page_pool_set_pp_info() can
call __SetPageNetpp() uniformly on both pages and net_iovs.

The page-type API requires the field to hold the UINT_MAX "no type"
sentinel before a type can be set; for real struct page that invariant
is established by the page allocator on free. struct net_iov is not
allocated through the page allocator, so the field is left as zero
(io_uring zcrx, which uses __GFP_ZERO) or as slab garbage (devmem,
which uses kvmalloc_objs() without zeroing). When the page pool then
calls page_pool_set_pp_info() on a freshly-bound niov,
__SetPageNetpp()'s VM_BUG_ON_PAGE(page->page_type != UINT_MAX) fires
and the kernel BUGs. Triggered in selftests by io_uring zcrx setup
through the fbnic queue restart path:

 kernel BUG at ./include/linux/page-flags.h:1062!
 RIP: 0010:page_pool_set_pp_info (./include/linux/page-flags.h:1062
                                  net/core/page_pool.c:716)
 Call Trace:
  <TASK>
  net_mp_niov_set_page_pool (net/core/page_pool.c:1360)
  io_pp_zc_alloc_netmems (io_uring/zcrx.c:1089 io_uring/zcrx.c:1110)
  fbnic_fill_bdq (./include/net/page_pool/helpers.h:160
                  drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:906)
  __fbnic_nv_restart (drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2470
                      drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2874)
  fbnic_queue_start (drivers/net/ethernet/meta/fbnic/fbnic_txrx.c:2903)
  netdev_rx_queue_reconfig (net/core/netdev_rx_queue.c:137)
  __netif_mp_open_rxq (net/core/netdev_rx_queue.c:234)
  io_register_zcrx (io_uring/zcrx.c:818 io_uring/zcrx.c:903)
  __io_uring_register (io_uring/register.c:931)
  __do_sys_io_uring_register (io_uring/register.c:1029)
  do_syscall_64 (arch/x86/entry/syscall_64.c:63
                 arch/x86/entry/syscall_64.c:94)
  </TASK>

The same path is reachable through devmem dmabuf binding via
netdev_nl_bind_rx_doit() -> net_devmem_bind_dmabuf_to_queue().

Add a net_iov_init() helper that stamps ->owner, ->type and the
->page_type sentinel, and use it from both the devmem and io_uring
zcrx niov init loops.

Fixes: db359fccf2 ("mm: introduce a new page type for page pool in page type")
Acked-by: Vlastimil Babka (SUSE) <vbabka@kernel.org>
Acked-by: Byungchul Park <byungchul@sk.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://patch.msgid.link/20260428025320.853452-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-29 16:40:08 -07:00
..
advise.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
advise.h
alloc_cache.c io_uring: add alloc_cache.c 2025-01-28 15:10:40 -07:00
alloc_cache.h io_uring/rsrc: use kvfree() for the imu cache 2026-04-21 12:19:01 -06:00
bpf_filter.c Merge branch 'io_uring-7.0' into for-7.1/io_uring 2026-03-14 08:57:15 -06:00
bpf_filter.h io_uring: allow registration of per-task restrictions 2026-02-06 07:29:19 -07:00
bpf-ops.c io_uring: unify getting ctx from passed in file descriptor 2026-04-08 13:21:35 -06:00
bpf-ops.h io_uring/bpf-ops: implement bpf ops registration 2026-03-16 16:15:00 -06:00
cancel.c io_uring/cancel: validate opcode for IORING_ASYNC_CANCEL_OP 2026-04-01 10:21:13 -06:00
cancel.h io_uring/cancel: de-unionize file and user_data in struct io_cancel_data 2026-02-16 14:16:27 -07:00
cmd_net.c io_uring/cmd_net: split ioctl code out of io_uring_cmd_sock() 2026-03-09 07:21:53 -06:00
epoll.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
epoll.h io_uring/epoll: add support for IORING_OP_EPOLL_WAIT 2025-02-20 07:59:56 -07:00
eventfd.c io_uring: switch struct io_ring_ctx internal bitfields to flags 2026-03-16 15:32:59 -06:00
eventfd.h io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
fdinfo.c io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check 2026-03-26 20:28:28 -06:00
fdinfo.h
filetable.c io_uring/filetable: clamp alloc_hint to the configured alloc range 2026-02-11 15:20:44 -07:00
filetable.h io_uring: Trim out unused includes 2026-01-05 17:08:20 -07:00
fs.c non-consuming variants of do_{unlinkat,rmdir}() 2026-01-16 12:51:50 -05:00
fs.h
futex.c io_uring/futex: ensure partial wakes are appropriately dequeued 2026-04-21 12:19:06 -06:00
futex.h io_uring: move cancelations to be io_uring_task based 2024-11-06 13:55:38 -07:00
io_uring.c io_uring: fix spurious fput in registered ring path 2026-04-21 12:18:44 -06:00
io_uring.h for-7.1/io_uring-20260411 2026-04-13 16:22:30 -07:00
io-wq.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
io-wq.h io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
kbuf.c for-7.1/io_uring-20260411 2026-04-13 16:22:30 -07:00
kbuf.h io_uring/kbuf: remove obsolete buf_nr_pages and update comments 2025-11-20 13:23:05 -07:00
Kconfig io_uring/bpf-ops: implement loop_step with BPF struct_ops 2026-03-16 16:15:00 -06:00
loop.c io_uring: introduce callback driven main loop 2026-03-16 16:15:00 -06:00
loop.h io_uring: introduce callback driven main loop 2026-03-16 16:15:00 -06:00
Makefile io_uring/bpf-ops: implement loop_step with BPF struct_ops 2026-03-16 16:15:00 -06:00
memmap.c io_uring: take page references for NOMMU pbuf_ring mmaps 2026-04-21 20:14:39 -06:00
memmap.h io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
mock_file.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
msg_ring.c io_uring: switch struct io_ring_ctx internal bitfields to flags 2026-03-16 15:32:59 -06:00
msg_ring.h io_uring/msg_ring: Drop custom destructor 2024-12-27 10:08:21 -07:00
napi.c net: use napi_id_valid helper 2025-02-17 16:43:04 -08:00
napi.h io_uring/napi: add static napi tracking strategy 2024-11-06 13:55:38 -07:00
net.c for-7.1/io_uring-20260411 2026-04-13 16:22:30 -07:00
net.h io_uring/zctx: unify zerocopy issue variants 2026-03-09 07:21:54 -06:00
nop.c io_uring/nop: add support for IORING_SETUP_CQE_MIXED 2025-08-27 11:24:15 -06:00
nop.h
notif.c io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
notif.h io_uring/notif: implement notification stacking 2024-04-22 19:31:18 -06:00
opdef.c io_uring: remove iopoll_queue from struct io_issue_def 2026-03-16 16:14:14 -06:00
opdef.h io_uring: remove iopoll_queue from struct io_issue_def 2026-03-16 16:14:14 -06:00
openclose.c io_uring/openclose: fix io_pipe_fixed() slot tracking for specific slots 2026-02-11 20:31:21 -07:00
openclose.h io_uring/bpf_filter: allow filtering on contents of struct open_how 2026-01-27 11:10:46 -07:00
poll.c io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE 2026-04-21 19:18:34 -06:00
poll.h io_uring: add wrapper type for io_req_tw_func_t arg 2025-11-03 08:31:26 -07:00
query.c io_uring/zcrx: declare some constants for query 2026-03-09 07:21:54 -06:00
query.h io_uring/query: drop unused io_handle_query_entry() ctx arg 2025-11-26 09:37:10 -07:00
refs.h io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
register.c io_uring/register: fix ring resizing with mixed/large SQEs/CQEs 2026-04-21 12:19:08 -06:00
register.h io_uring: unify getting ctx from passed in file descriptor 2026-04-08 13:21:35 -06:00
rsrc.c io_uring/rsrc: use kvfree() for the imu cache 2026-04-21 12:19:01 -06:00
rsrc.h io_uring/rsrc: unify nospec indexing for direct descriptors 2026-04-21 12:18:54 -06:00
rw.c io_uring/rw: add defensive hardening for negative kbuf lengths 2026-04-21 12:19:03 -06:00
rw.h io_uring: add wrapper type for io_req_tw_func_t arg 2025-11-03 08:31:26 -07:00
slist.h io_uring: Add SPDX id lines to remaining source files 2026-02-04 07:23:45 -07:00
splice.c io_uring: don't include filetable.h in io_uring.h 2025-09-08 13:20:46 -06:00
splice.h io_uring/splice: open code 2nd direct file assignment 2024-10-29 13:43:28 -06:00
sqpoll.c io_uring/tctx: have io_uring_alloc_task_context() return tctx 2026-04-08 13:21:30 -06:00
sqpoll.h io_uring/sqpoll: switch away from getrusage() for CPU accounting 2025-10-22 10:51:20 -06:00
statx.c allow incomplete imports of filenames 2026-01-13 15:18:07 -05:00
statx.h
sync.c io_uring/sync: validate passed in offset 2026-01-21 11:50:59 -07:00
sync.h
tctx.c io_uring: fix iowq_limits data race in tctx node addition 2026-04-20 14:57:21 -06:00
tctx.h io_uring/tctx: have io_uring_alloc_task_context() return tctx 2026-04-08 13:21:30 -06:00
timeout.c io_uring/timeout: use 'ctx' consistently 2026-04-02 07:08:40 -06:00
timeout.h io_uring/timeout: migrate reqs from ts64 to ktime 2026-03-09 07:21:54 -06:00
truncate.c fs: pass on FTRUNCATE_* flags to do_truncate 2026-03-23 12:41:57 +01:00
truncate.h io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
tw.c io_uring: mark known and harmless racy ctx->int_flags uses 2026-03-16 15:33:10 -06:00
tw.h io_uring: split out CQ waiting code into wait.c 2026-01-22 09:21:16 -07:00
uring_cmd.c io_uring/uring_cmd: allow non-iopoll cmds with IORING_SETUP_IOPOLL 2026-03-16 16:14:14 -06:00
uring_cmd.h io_uring/cmd: remove struct io_uring_cmd_data 2025-07-18 12:34:56 -06:00
wait.c io_uring: protect remaining lockless ctx->rings accesses with RCU 2026-04-01 08:34:11 -06:00
wait.h for-7.1/io_uring-20260411 2026-04-13 16:22:30 -07:00
waitid.c io_uring/waitid: fix KCSAN warning on io_waitid->head 2026-01-19 19:55:30 -07:00
waitid.h io_uring: move cancelations to be io_uring_task based 2024-11-06 13:55:38 -07:00
xattr.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xattr.h
zcrx.c net: add net_iov_init() and use it to initialize ->page_type 2026-04-29 16:40:08 -07:00
zcrx.h io_uring/zcrx: rename zcrx [un]register functions 2026-04-01 10:21:13 -06:00