From nobody Thu Dec 18 12:31:02 2025 Received: from mail-lj1-f228.google.com (mail-lj1-f228.google.com [209.85.208.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6813299AA9 for ; Tue, 2 Dec 2025 16:41:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.228 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764693696; cv=none; b=oaRIh6dV4Dn6f5ej/q8qc9pv2pSw88uRQdYxnbdl/d5m/YQjA4H1wQ/0i4rd95N75VzuO5ZWNbAryf3kpHX0OWtyoaZzqFSJdv9DQlpRRXaW1UraW4hcbuc27AHKPiHo/+UX6qNnN8uidfDFy2JCcZh8CW7bPIpML3DikieKYLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764693696; c=relaxed/simple; bh=9Fm5NsfYDxA3lreZFmJwaLfK89c/fBrzncHhFNttQvs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OwWzB2T29VrOQy51OHRVZbHKmEwyEiSUEDSsxD8Tf1jnu8K/Xo2pzR0D57FhyMNT/msSjIyiSaiULdGZAgYqWQYpu6Rhrwjd8KnvMI5dC3hKphzmCdwN1c6R5/NzUQpbIuIgH1AqX9poOabqSvEDq1I+OQN2qpIE5EGalU97K+M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com; spf=fail smtp.mailfrom=purestorage.com; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b=DbP9lKov; arc=none smtp.client-ip=209.85.208.228 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=purestorage.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b="DbP9lKov" Received: by mail-lj1-f228.google.com with SMTP id 38308e7fff4ca-37bba981c5cso4007101fa.1 for ; Tue, 02 Dec 2025 08:41:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purestorage.com; s=google2022; t=1764693692; x=1765298492; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uvojjFMmlIndUia6wsMC5BB99ZqFFlNbgz5VSkdPW3s=; b=DbP9lKovSlwGiRbBhmsFwk6PuuVDOGNl77b3l96ntwUGkekS/RyoFmxou2xl9eMYEW mCiFomG5Yc1m+GV2X9ar+qHX4UNKWDN8nnjsVFfEZHJgPa6ce6Hhf6/1oqWh0ZAs23A0 U9Omn1vRsEpUywoGSt8wV03h+/PhH+jsOSCwyLau54U2av3I/gUrJPat1dFLJeRdj5in 6z2yvQ76yiaPNrhaeFgkTYLUyjGOoTL21ZN6zX4yzPAIgkR8fAXjU3+RbwAm+9GxGOC7 vmKfECmvErtPFchKo6bjj6Yr7hXncuJz4rXipGxGxhBUXKRJpoIm+apaO7zceu7RcJqp i3MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764693692; x=1765298492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=uvojjFMmlIndUia6wsMC5BB99ZqFFlNbgz5VSkdPW3s=; b=sKm59BBnypr8EBddBToYptuY+f1TXpj1unzNK9VKwyiJKg2520pMRRhnvDvkxY8ylL eXk/cWjv6Lt2nnJBAude18KCguy0wcjo7PKBmTXhnHe4IaJ3zZoO+JDa+0rRj5c0dAyS Sb32Xx+V0NsSYnljB+kuLfi40KG6UaBkKBqCs4WHtszxYW2d8NHqHnUzt63ajkdbysHo qizPepqtM/wp81QBuAbox3usIZ/izBQzS/4Q4CJq6A38iFUSIWaLDWWJN+NN88logVuc 8rkk/KINFiVox4FzqRDFjTQMNu2+fH9rh/fKx3mOk9JQ9vRx4VwLvuHft/ukECYarY35 YpVQ== X-Forwarded-Encrypted: i=1; AJvYcCWRdJ8HOGJvmIYp9tzUGjwb+wxu4QyXmE48ZqM1oyujM222JhaMWOzG2w7DvGvcggCzQcKVRGf5JLVEFXE=@vger.kernel.org X-Gm-Message-State: AOJu0YxxLBAJ4SZ5raarWXxYN+sEWtMoyewnJbDP0HME7yjE6i2EU4jK epcuFeR+/Fk3PQHRdGF1DsdSJ7mmY0jIo6cJ6/s62fNqvLT4yVGGv7CZqd5Wyuv9YyoaD/1JmH1 V/At2CZryBLsBXY9toR19RXw6oP5MOrgUIDCh X-Gm-Gg: ASbGncucsRfFgM80oiTTCdbluC78w6B0NMS94K5SggvPlk0iDVBrTwrbtTuncwp+9an gs8bbJIktscKvBdRlfGX/L6EoDn/zVDx6dNVDd2Em/TbCM2/eATOkQXhVnTuZoHZsj7cOIhYdBh MPn4tvCAEgOjeGLpqDU8yz0LRDWo+sVsPu8kYaOGLdiW4BJtPs22uldnAn6jDqI5ncpoIs9/C6u Epx+K4MsW75j040uVAdB1rfeNMSIlhJ7ZKd95/V+1V0dl2buFsWYl3KyJAS9G8iS6gKIx+oeT01 JUgeVbs3yZBG3qVGVx/EtGeiDZ4C7RvaGngi6gZnTl2pHVdM8Gk7r0MTHM/oYiHr/L6l1eWvGQV I6G+EvipShoUV54P1QtaJGzUWpB3KUUq5AkR5/NH/Yg== X-Google-Smtp-Source: AGHT+IGw9CjVQwCwfIjDJz4zHbAbl5N9Z2X6YLFQv7TGuFHE4fQG9+WAspOvQAN+0ZlBy/xwbGmf2FA0cf+Q X-Received: by 2002:a05:6512:a84:b0:594:493b:4249 with SMTP id 2adb3069b0e04-596a511bdccmr7663249e87.0.1764693691493; Tue, 02 Dec 2025 08:41:31 -0800 (PST) Received: from c7-smtp-2023.dev.purestorage.com ([208.88.159.129]) by smtp-relay.gmail.com with ESMTPS id 2adb3069b0e04-596bf860f68sm2484832e87.0.2025.12.02.08.41.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Dec 2025 08:41:31 -0800 (PST) X-Relaying-Domain: purestorage.com Received: from dev-csander.dev.purestorage.com (dev-csander.dev.purestorage.com [10.7.70.37]) by c7-smtp-2023.dev.purestorage.com (Postfix) with ESMTP id B99A43402AD; Tue, 2 Dec 2025 09:41:29 -0700 (MST) Received: by dev-csander.dev.purestorage.com (Postfix, from userid 1557716354) id B91A0E41DB4; Tue, 2 Dec 2025 09:41:29 -0700 (MST) From: Caleb Sander Mateos To: Jens Axboe Cc: io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, Caleb Sander Mateos , syzbot@syzkaller.appspotmail.com Subject: [PATCH v4 5/5] io_uring: avoid uring_lock for IORING_SETUP_SINGLE_ISSUER Date: Tue, 2 Dec 2025 09:41:21 -0700 Message-ID: <20251202164121.3612929-6-csander@purestorage.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20251202164121.3612929-1-csander@purestorage.com> References: <20251202164121.3612929-1-csander@purestorage.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" io_ring_ctx's mutex uring_lock can be quite expensive in high-IOPS workloads. Even when only one thread pinned to a single CPU is accessing the io_ring_ctx, the atomic CASes required to lock and unlock the mutex are very hot instructions. The mutex's primary purpose is to prevent concurrent io_uring system calls on the same io_ring_ctx. However, there is already a flag IORING_SETUP_SINGLE_ISSUER that promises only one task will make io_uring_enter() and io_uring_register() system calls on the io_ring_ctx once it's enabled. So if the io_ring_ctx is setup with IORING_SETUP_SINGLE_ISSUER, skip the uring_lock mutex_lock() and mutex_unlock() on the submitter_task. On other tasks acquiring the ctx uring lock, use a task work item to suspend the submitter_task for the critical section. If the io_ring_ctx is IORING_SETUP_R_DISABLED (possible during io_uring_setup(), io_uring_register(), or io_uring exit), submitter_task may be set concurrently, so acquire the uring_lock before checking it. If submitter_task isn't set yet, the uring_lock suffices to provide mutual exclusion. Signed-off-by: Caleb Sander Mateos Tested-by: syzbot@syzkaller.appspotmail.com --- io_uring/io_uring.c | 12 +++++ io_uring/io_uring.h | 114 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 123 insertions(+), 3 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 8d934bba21fa..054667880bfb 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -363,10 +363,22 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(s= truct io_uring_params *p) xa_destroy(&ctx->io_bl_xa); kfree(ctx); return NULL; } =20 +void io_ring_suspend_work(struct callback_head *cb_head) +{ + struct io_ring_suspend_work *suspend_work =3D + container_of(cb_head, struct io_ring_suspend_work, cb_head); + DECLARE_COMPLETION_ONSTACK(suspend_end); + + *suspend_work->suspend_end =3D &suspend_end; + complete(&suspend_work->suspend_start); + + wait_for_completion(&suspend_end); +} + static void io_clean_op(struct io_kiocb *req) { if (unlikely(req->flags & REQ_F_BUFFER_SELECTED)) io_kbuf_drop_legacy(req); =20 diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h index 57c3eef26a88..2b08d0ddab30 100644 --- a/io_uring/io_uring.h +++ b/io_uring/io_uring.h @@ -1,8 +1,9 @@ #ifndef IOU_CORE_H #define IOU_CORE_H =20 +#include #include #include #include #include #include @@ -195,19 +196,85 @@ void io_queue_next(struct io_kiocb *req); void io_task_refs_refill(struct io_uring_task *tctx); bool __io_alloc_req_refill(struct io_ring_ctx *ctx); =20 void io_activate_pollwq(struct io_ring_ctx *ctx); =20 +/* + * The ctx uring lock protects most of the mutable struct io_ring_ctx state + * accessed in the struct io_kiocb issue path. In the I/O path, it is typi= cally + * acquired in the io_uring_enter() syscall and in io_handle_tw_list(). For + * IORING_SETUP_SQPOLL, it's acquired by io_sq_thread() instead. io_kiocb's + * issued with IO_URING_F_UNLOCKED in issue_flags (e.g. by io_wq_submit_wo= rk()) + * acquire and release the ctx uring lock whenever they must touch io_ring= _ctx + * state. io_uring_register() also acquires the ctx uring lock because most + * opcodes mutate io_ring_ctx state accessed in the issue path. + * + * For !IORING_SETUP_SINGLE_ISSUER io_ring_ctx's, acquiring the ctx uring = lock + * is done via mutex_(try)lock(&ctx->uring_lock). + * + * However, for IORING_SETUP_SINGLE_ISSUER, we can avoid the mutex_lock() + + * mutex_unlock() overhead on submitter_task because a single thread can't= race + * with itself. In the uncommon case where the ctx uring lock is needed on + * another thread, it must suspend submitter_task by scheduling a task wor= k item + * on it. io_ring_ctx_lock() returns once the task work item has started. + * io_ring_ctx_unlock() allows the task work item to complete. + * If io_ring_ctx_lock() is called while the ctx is IORING_SETUP_R_DISABLED + * (e.g. during ctx create or exit), io_ring_ctx_lock() must acquire uring= _lock + * because submitter_task isn't set yet. submitter_task can be accessed on= ce + * uring_lock is held. If submitter_task exists, we do the same thing as i= n the + * non-IORING_SETUP_R_DISABLED case (except with uring_lock also held). If + * submitter_task isn't set, all other io_ring_ctx_lock() callers will also + * acquire uring_lock, so it suffices for mutual exclusion. + */ + +struct io_ring_suspend_work { + struct callback_head cb_head; + struct completion suspend_start; + struct completion **suspend_end; +}; + +void io_ring_suspend_work(struct callback_head *cb_head); + struct io_ring_ctx_lock_state { + bool need_mutex; + struct completion *suspend_end; }; =20 /* Acquire the ctx uring lock with the given nesting level */ static inline void io_ring_ctx_lock_nested(struct io_ring_ctx *ctx, unsigned int subclass, struct io_ring_ctx_lock_state *state) { - mutex_lock_nested(&ctx->uring_lock, subclass); + struct io_ring_suspend_work suspend_work; + + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) { + mutex_lock_nested(&ctx->uring_lock, subclass); + return; + } + + state->suspend_end =3D NULL; + state->need_mutex =3D + !!(smp_load_acquire(&ctx->flags) & IORING_SETUP_R_DISABLED); + if (unlikely(state->need_mutex)) { + mutex_lock_nested(&ctx->uring_lock, subclass); + if (likely(!ctx->submitter_task)) + return; + } + + if (likely(current =3D=3D ctx->submitter_task)) + return; + + /* Use task work to suspend submitter_task */ + init_task_work(&suspend_work.cb_head, io_ring_suspend_work); + init_completion(&suspend_work.suspend_start); + suspend_work.suspend_end =3D &state->suspend_end; + /* If task_work_add() fails, task is exiting, so no need to suspend */ + if (unlikely(task_work_add(ctx->submitter_task, &suspend_work.cb_head, + TWA_SIGNAL))) + return; + + wait_for_completion(&suspend_work.suspend_start); } =20 /* Acquire the ctx uring lock */ static inline void io_ring_ctx_lock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) @@ -217,29 +284,70 @@ static inline void io_ring_ctx_lock(struct io_ring_ct= x *ctx, =20 /* Attempt to acquire the ctx uring lock without blocking */ static inline bool io_ring_ctx_trylock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) { - return mutex_trylock(&ctx->uring_lock); + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) + return mutex_trylock(&ctx->uring_lock); + + state->suspend_end =3D NULL; + state->need_mutex =3D + !!(smp_load_acquire(&ctx->flags) & IORING_SETUP_R_DISABLED); + if (unlikely(state->need_mutex)) { + if (!mutex_trylock(&ctx->uring_lock)) + return false; + if (likely(!ctx->submitter_task)) + return true; + } + + if (unlikely(current !=3D ctx->submitter_task)) + goto unlock; + + return true; + +unlock: + if (unlikely(state->need_mutex)) + mutex_unlock(&ctx->uring_lock); + return false; } =20 /* Release the ctx uring lock */ static inline void io_ring_ctx_unlock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) { - mutex_unlock(&ctx->uring_lock); + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) { + mutex_unlock(&ctx->uring_lock); + return; + } + + if (unlikely(state->need_mutex)) + mutex_unlock(&ctx->uring_lock); + if (unlikely(state->suspend_end)) + complete(state->suspend_end); } =20 /* Return (if CONFIG_LOCKDEP) whether the ctx uring lock is held */ static inline bool io_ring_ctx_lock_held(const struct io_ring_ctx *ctx) { + /* + * No straightforward way to check that submitter_task is suspended + * without access to struct io_ring_ctx_lock_state + */ + if (ctx->flags & IORING_SETUP_SINGLE_ISSUER && + !(ctx->flags & IORING_SETUP_R_DISABLED)) + return true; + return lockdep_is_held(&ctx->uring_lock); } =20 /* Assert (if CONFIG_LOCKDEP) that the ctx uring lock is held */ static inline void io_ring_ctx_assert_locked(const struct io_ring_ctx *ctx) { + if (ctx->flags & IORING_SETUP_SINGLE_ISSUER && + !(ctx->flags & IORING_SETUP_R_DISABLED)) + return; + lockdep_assert_held(&ctx->uring_lock); } =20 static inline void io_lockdep_assert_cq_locked(struct io_ring_ctx *ctx) { --=20 2.45.2