From nobody Fri Dec 19 06:39:17 2025 Received: from mail-pl1-f226.google.com (mail-pl1-f226.google.com [209.85.214.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF27C23D7E0 for ; Thu, 18 Dec 2025 02:45:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.226 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766025907; cv=none; b=Cr1YcHBXTf0dI72AxASSjQ+VmsDOquFftKxWZM7ls3ch6r/PwVOxdPT0RqC+vDRZfAdcpu9IE9pm5juXximXHEU0l8z0ZKcsqlCWuOCesG9W0H1CyWOsNCQUD5yF20tEtx2yShOejwhjL+GNRkuU0aCWfcWzwd6nL93k6+r7Z7M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766025907; c=relaxed/simple; bh=hZIRs+tNNb1mG9XvgPl7q/rGi8qz0UKB7MRvjX+k19Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Yth+oPJlhQFv6JuXai1AFwxVpOxoLPubdWKewJqFYZBRC6oLeEaicCFdEpu9CCdqnIq8kiQvUKpxv7hSlvUDN4Sg0KVJ6H6Ymqoq88LVLYBdSdJauTX7+aUfhXh5JaCYzdfr+l83gIS/0a9KYQb30lxx2lwmpBNZoCwAPCJ+pxM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com; spf=fail smtp.mailfrom=purestorage.com; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b=SpGrw55M; arc=none smtp.client-ip=209.85.214.226 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=purestorage.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b="SpGrw55M" Received: by mail-pl1-f226.google.com with SMTP id d9443c01a7336-2a08cb5e30eso341915ad.1 for ; Wed, 17 Dec 2025 18:45:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purestorage.com; s=google2022; t=1766025904; x=1766630704; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xCOT1eJLhQi6SepBGbijdrE2xjpshazJgxdmtCDHEFc=; b=SpGrw55M9zv1zOs3PguZ/uQ05fJH9mwHNWWuvdBV6sIGZuoNI4CErDsDa3Mw7b0y9B 90awx051BmKasWL4Mbk4AMnEmdLpnOTAp7OnCYwHvVadc2fZIRveMw3sFnXjKvfBxnG1 qbWJfIvmsva2eZF5loetuvUlLSCc8WOKoagiovKfc0nB8gtZUiJA65FyKDtjqKKPXszx sWdFdCMmLkff4vycKzyuTO1j/UnhDTWfQ2LXyumuD/h22yQ3tJesfNsgI9sEPMnb70G/ hsvpBkIMLEj4lTP+KwwC6B7l8CgF7/hevwmZ86QQv9ZtBYHpDG3lgFb3Y/scXSnH2jQG T6dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766025904; x=1766630704; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xCOT1eJLhQi6SepBGbijdrE2xjpshazJgxdmtCDHEFc=; b=asZ6aEOJo30vUxLlwFwHFw4aTm0a5jBd5+XtZFPh9V6hp0QLz+uBO09ZJ9vbf1wgjG l1OAuqBV8m/ClAK5EFb5NfR5QJr+kyaE3XQIU36Wz9kwQEHHJchpL+09/GfnE2k2r7uR xXlc5mCHtcGLX2+Izs0wFXm3LQd2i7hXJHXkWG7txGxBghgq2FrbKdH6P7n/COPK1yPK XulUUayD9gzfXIuXyf01htgUsZ+p7FRwragxr/S5LrcQwBbr6QFKqZ2OY9v1FKiEFXzT ghAc1cSyWEuQWfts9TIXLcV2bHHB9Md5aUkYtJsEfuPleARpP6NuRc8UcIiG8wRDVBTZ jRVg== X-Forwarded-Encrypted: i=1; AJvYcCVQyu0jCns7blYEhVjVikWEtfQDVG078BohWOk1VbngREpmU6nRdRwMqORBCe7uINDn/pVcPCSnwb5Htlk=@vger.kernel.org X-Gm-Message-State: AOJu0YzPJ/5KxWbZcXADj/dQuwDxeEZezF4vb2xmhlUNh0LPMjkczma7 rTseyXIaZF0MW/rUcYOQC/6vx5KEY5qIMTx70/eAreqhs9X9/PS9eozP2nBLtTsY1VzHlf3XEHC 0dLCqMvgksYZJwXoM3VIrEYE36XM+5GO24xk8NuryMW8I38sjQ9hR X-Gm-Gg: AY/fxX6AV57XcAIQ65jDIKbzz7xIhalSMFC+HsO648Fp9iXrZ8PY94gCrSGNka4p/rm ZfQqfYYJhJoW8eu91IcVqlkFagjiY8n8/IZhpfOuixlSU6bdDO7DJ4i9Gdatxn1uN9HSwIHSMBC QGE0xb8o5Y/PsJIwcBJiZeFvbF/I72FPt8S1BP0E9wEBXT2pWRVM2R3ubjeRo6TXPz4PxA5AqYw UGIfqDZ5hgPBGCCC+F6ijLPQbOhr9lO1VvRLAMESM+d3maYJq6LczrtHQorpPYHT8HgxENkdkwJ IZHWCgE8CklTTO+YzxoYEU711TtiDXI769VdroHwDkvCrwVNWovq1owvBcFKW45xcVjSm7SGZcW EUSJmHo5AMFGFn8GjxfJhLraVq7A= X-Google-Smtp-Source: AGHT+IGjOqg3N+0jyfihCulwzlp/UmV9H0wtrz3m1WHnufqQWqck6o1b14hPo+tV+fQgv+Iim0Otdg9FdiQt X-Received: by 2002:a05:7022:1e05:b0:11e:3e9:3e89 with SMTP id a92af1059eb24-1206289ff38mr414137c88.7.1766025903683; Wed, 17 Dec 2025 18:45:03 -0800 (PST) Received: from c7-smtp-2023.dev.purestorage.com ([2620:125:9017:12:36:3:5:0]) by smtp-relay.gmail.com with ESMTPS id a92af1059eb24-12061f9c99dsm154191c88.3.2025.12.17.18.45.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Dec 2025 18:45:03 -0800 (PST) X-Relaying-Domain: purestorage.com Received: from dev-csander.dev.purestorage.com (unknown [IPv6:2620:125:9007:640:ffff::1199]) by c7-smtp-2023.dev.purestorage.com (Postfix) with ESMTP id 361A734023F; Wed, 17 Dec 2025 19:45:03 -0700 (MST) Received: by dev-csander.dev.purestorage.com (Postfix, from userid 1557716354) id 34016E417CF; Wed, 17 Dec 2025 19:45:03 -0700 (MST) From: Caleb Sander Mateos To: Jens Axboe , io-uring@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Joanne Koong , Caleb Sander Mateos , syzbot@syzkaller.appspotmail.com Subject: [PATCH v6 6/6] io_uring: avoid uring_lock for IORING_SETUP_SINGLE_ISSUER Date: Wed, 17 Dec 2025 19:44:59 -0700 Message-ID: <20251218024459.1083572-7-csander@purestorage.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20251218024459.1083572-1-csander@purestorage.com> References: <20251218024459.1083572-1-csander@purestorage.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" io_ring_ctx's mutex uring_lock can be quite expensive in high-IOPS workloads. Even when only one thread pinned to a single CPU is accessing the io_ring_ctx, the atomic CASes required to lock and unlock the mutex are very hot instructions. The mutex's primary purpose is to prevent concurrent io_uring system calls on the same io_ring_ctx. However, there is already a flag IORING_SETUP_SINGLE_ISSUER that promises only one task will make io_uring_enter() and io_uring_register() system calls on the io_ring_ctx once it's enabled. So if the io_ring_ctx is setup with IORING_SETUP_SINGLE_ISSUER, skip the uring_lock mutex_lock() and mutex_unlock() on the submitter_task. On other tasks acquiring the ctx uring lock, use a task work item to suspend the submitter_task for the critical section. If the io_ring_ctx is IORING_SETUP_R_DISABLED (possible during io_uring_setup(), io_uring_register(), or io_uring exit), submitter_task may be set concurrently, so acquire the uring_lock before checking it. If submitter_task isn't set yet, the uring_lock suffices to provide mutual exclusion. If task work can't be queued because submitter_task has exited, also use the uring_lock for mutual exclusion. Signed-off-by: Caleb Sander Mateos Tested-by: syzbot@syzkaller.appspotmail.com --- io_uring/io_uring.c | 12 +++++ io_uring/io_uring.h | 118 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 127 insertions(+), 3 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 237663382a5e..38390c8c54e0 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -363,10 +363,22 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(s= truct io_uring_params *p) xa_destroy(&ctx->io_bl_xa); kfree(ctx); return NULL; } =20 +void io_ring_suspend_work(struct callback_head *cb_head) +{ + struct io_ring_suspend_work *suspend_work =3D + container_of(cb_head, struct io_ring_suspend_work, cb_head); + DECLARE_COMPLETION_ONSTACK(suspend_end); + + *suspend_work->suspend_end =3D &suspend_end; + complete(&suspend_work->suspend_start); + + wait_for_completion(&suspend_end); +} + static void io_clean_op(struct io_kiocb *req) { if (unlikely(req->flags & REQ_F_BUFFER_SELECTED)) io_kbuf_drop_legacy(req); =20 diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h index 57c3eef26a88..c2e39ca55569 100644 --- a/io_uring/io_uring.h +++ b/io_uring/io_uring.h @@ -1,8 +1,9 @@ #ifndef IOU_CORE_H #define IOU_CORE_H =20 +#include #include #include #include #include #include @@ -195,19 +196,93 @@ void io_queue_next(struct io_kiocb *req); void io_task_refs_refill(struct io_uring_task *tctx); bool __io_alloc_req_refill(struct io_ring_ctx *ctx); =20 void io_activate_pollwq(struct io_ring_ctx *ctx); =20 +/* + * The ctx uring lock protects most of the mutable struct io_ring_ctx state + * accessed in the struct io_kiocb issue path. In the I/O path, it is typi= cally + * acquired in the io_uring_enter() syscall and in io_handle_tw_list(). For + * IORING_SETUP_SQPOLL, it's acquired by io_sq_thread() instead. io_kiocb's + * issued with IO_URING_F_UNLOCKED in issue_flags (e.g. by io_wq_submit_wo= rk()) + * acquire and release the ctx uring lock whenever they must touch io_ring= _ctx + * state. io_uring_register() also acquires the ctx uring lock because most + * opcodes mutate io_ring_ctx state accessed in the issue path. + * + * For !IORING_SETUP_SINGLE_ISSUER io_ring_ctx's, acquiring the ctx uring = lock + * is done via mutex_(try)lock(&ctx->uring_lock). + * + * However, for IORING_SETUP_SINGLE_ISSUER, we can avoid the mutex_lock() + + * mutex_unlock() overhead on submitter_task because a single thread can't= race + * with itself. In the uncommon case where the ctx uring lock is needed on + * another thread, it must suspend submitter_task by scheduling a task wor= k item + * on it. io_ring_ctx_lock() returns once the task work item has started. + * io_ring_ctx_unlock() allows the task work item to complete. + * If io_ring_ctx_lock() is called while the ctx is IORING_SETUP_R_DISABLED + * (e.g. during ctx create or exit), io_ring_ctx_lock() must acquire uring= _lock + * because submitter_task isn't set yet. submitter_task can be accessed on= ce + * uring_lock is held. If submitter_task exists, we do the same thing as i= n the + * non-IORING_SETUP_R_DISABLED case. If submitter_task isn't set, all other + * io_ring_ctx_lock() callers will also acquire uring_lock, so it suffices= for + * mutual exclusion. + * Similarly, if io_ring_ctx_lock() is called after submitter_task has exi= ted, + * task work can't be queued on it. Acquire uring_lock to exclude other ca= llers. + */ + +struct io_ring_suspend_work { + struct callback_head cb_head; + struct completion suspend_start; + struct completion **suspend_end; +}; + +void io_ring_suspend_work(struct callback_head *cb_head); + struct io_ring_ctx_lock_state { + bool mutex_held; + struct completion *suspend_end; }; =20 /* Acquire the ctx uring lock with the given nesting level */ static inline void io_ring_ctx_lock_nested(struct io_ring_ctx *ctx, unsigned int subclass, struct io_ring_ctx_lock_state *state) { - mutex_lock_nested(&ctx->uring_lock, subclass); + struct io_ring_suspend_work suspend_work; + + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) { + mutex_lock_nested(&ctx->uring_lock, subclass); + return; + } + + state->mutex_held =3D false; + state->suspend_end =3D NULL; + if (unlikely(smp_load_acquire(&ctx->flags) & IORING_SETUP_R_DISABLED)) { + mutex_lock_nested(&ctx->uring_lock, subclass); + if (likely(!ctx->submitter_task)) { + state->mutex_held =3D true; + return; + } + + /* submitter_task set concurrently, must suspend it */ + mutex_unlock(&ctx->uring_lock); + } else if (likely(current =3D=3D ctx->submitter_task)) { + return; + } + + /* Use task work to suspend submitter_task */ + init_task_work(&suspend_work.cb_head, io_ring_suspend_work); + init_completion(&suspend_work.suspend_start); + suspend_work.suspend_end =3D &state->suspend_end; + if (unlikely(task_work_add(ctx->submitter_task, &suspend_work.cb_head, + TWA_SIGNAL))) { + /* submitter_task is exiting, use mutex instead */ + state->mutex_held =3D true; + mutex_lock_nested(&ctx->uring_lock, subclass); + return; + } + + wait_for_completion(&suspend_work.suspend_start); } =20 /* Acquire the ctx uring lock */ static inline void io_ring_ctx_lock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) @@ -217,29 +292,66 @@ static inline void io_ring_ctx_lock(struct io_ring_ct= x *ctx, =20 /* Attempt to acquire the ctx uring lock without blocking */ static inline bool io_ring_ctx_trylock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) { - return mutex_trylock(&ctx->uring_lock); + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) + return mutex_trylock(&ctx->uring_lock); + + state->suspend_end =3D NULL; + if (unlikely(smp_load_acquire(&ctx->flags) & IORING_SETUP_R_DISABLED)) { + if (!mutex_trylock(&ctx->uring_lock)) + return false; + if (likely(!ctx->submitter_task)) { + state->mutex_held =3D true; + return true; + } + + mutex_unlock(&ctx->uring_lock); + return false; + } + + state->mutex_held =3D false; + return current =3D=3D ctx->submitter_task; } =20 /* Release the ctx uring lock */ static inline void io_ring_ctx_unlock(struct io_ring_ctx *ctx, struct io_ring_ctx_lock_state *state) { - mutex_unlock(&ctx->uring_lock); + if (!(ctx->flags & IORING_SETUP_SINGLE_ISSUER)) { + mutex_unlock(&ctx->uring_lock); + return; + } + + if (unlikely(state->mutex_held)) + mutex_unlock(&ctx->uring_lock); + if (unlikely(state->suspend_end)) + complete(state->suspend_end); } =20 /* Return (if CONFIG_LOCKDEP) whether the ctx uring lock is held */ static inline bool io_ring_ctx_lock_held(const struct io_ring_ctx *ctx) { + /* + * No straightforward way to check that submitter_task is suspended + * without access to struct io_ring_ctx_lock_state + */ + if (ctx->flags & IORING_SETUP_SINGLE_ISSUER && + !(ctx->flags & IORING_SETUP_R_DISABLED)) + return true; + return lockdep_is_held(&ctx->uring_lock); } =20 /* Assert (if CONFIG_LOCKDEP) that the ctx uring lock is held */ static inline void io_ring_ctx_assert_locked(const struct io_ring_ctx *ctx) { + if (ctx->flags & IORING_SETUP_SINGLE_ISSUER && + !(ctx->flags & IORING_SETUP_R_DISABLED)) + return; + lockdep_assert_held(&ctx->uring_lock); } =20 static inline void io_lockdep_assert_cq_locked(struct io_ring_ctx *ctx) { --=20 2.45.2