Commit 687b2bae authored May 07, 2025 by Jens Axboe

io_uring: ensure deferred completions are flushed for multishot



Multishot normally uses io_req_post_cqe() to post completions, but when
stopping it, it may finish up with a deferred completion. This is fine,
except if another multishot event triggers before the deferred completions
get flushed. If this occurs, then CQEs may get reordered in the CQ ring,
as new multishot completions get posted before the deferred ones are
flushed. This can cause confusion on the application side, if strict
ordering is required for the use case.

When multishot posting via io_req_post_cqe(), flush any pending deferred
completions first, if any.

Cc: stable@vger.kernel.org # 6.1+
Reported-by: Norman Maurer <norman_maurer@apple.com>
Reported-by: Christian Mazakas <christian.mazakas@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent b53e5232

io_uring/io_uring.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -848,6 +848,14 @@ bool io_req_post_cqe(struct io_kiocb *req, s32 res, u32 cflags)
		struct io_ring_ctx *ctx = req->ctx;
		bool posted;

		/*
		* If multishot has already posted deferred completions, ensure that
		* those are flushed first before posting this one. If not, CQEs
		* could get reordered.
		*/
		if (!wq_list_empty(&ctx->submit_state.compl_reqs))
		__io_submit_flush_completions(ctx);

		lockdep_assert(!io_wq_current_is_worker());
		lockdep_assert_held(&ctx->uring_lock);