Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'io_uring-6.1-2022-10-20' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
- Fix a potential memory leak in the error handling path of io-wq setup
(Rafael)
- Kill an errant debug statement that got added in this release (me)
- Fix an oops with an invalid direct descriptor with IORING_OP_MSG_RING
(Harshit)
- Remove unneeded FFS_SCM flagging (Pavel)
- Remove polling off the exit path (Pavel)
- Move out direct descriptor debug check to the cleanup path (Pavel)
- Use the proper helper rather than open-coding cached request get
(Pavel)
* tag 'io_uring-6.1-2022-10-20' of git://git.kernel.dk/linux:
io-wq: Fix memory leak in worker creation
io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
io_uring/rw: remove leftover debug statement
io_uring: don't iopoll from io_ring_ctx_wait_and_kill()
io_uring: reuse io_alloc_req()
io_uring: kill hot path fixed file bitmap debug checks
io_uring: remove FFS_SCM
+15
-43
+2
-14
io_uring/filetable.h
+2
-14
io_uring/filetable.h
···
5
5
#include <linux/file.h>
6
6
#include <linux/io_uring_types.h>
7
7
8
-
/*
9
-
* FFS_SCM is only available on 64-bit archs, for 32-bit we just define it as 0
10
-
* and define IO_URING_SCM_ALL. For this case, we use SCM for all files as we
11
-
* can't safely always dereference the file when the task has exited and ring
12
-
* cleanup is done. If a file is tracked and part of SCM, then unix gc on
13
-
* process exit may reap it before __io_sqe_files_unregister() is run.
14
-
*/
15
8
#define FFS_NOWAIT 0x1UL
16
9
#define FFS_ISREG 0x2UL
17
-
#if defined(CONFIG_64BIT)
18
-
#define FFS_SCM 0x4UL
19
-
#else
20
-
#define IO_URING_SCM_ALL
21
-
#define FFS_SCM 0x0UL
22
-
#endif
23
-
#define FFS_MASK ~(FFS_NOWAIT|FFS_ISREG|FFS_SCM)
10
+
#define FFS_MASK ~(FFS_NOWAIT|FFS_ISREG)
24
11
25
12
bool io_alloc_file_tables(struct io_file_table *table, unsigned nr_files);
26
13
void io_free_file_tables(struct io_file_table *table);
···
25
38
26
39
static inline void io_file_bitmap_clear(struct io_file_table *table, int bit)
27
40
{
41
+
WARN_ON_ONCE(!test_bit(bit, table->bitmap));
28
42
__clear_bit(bit, table->bitmap);
29
43
table->alloc_hint = bit;
30
44
}
+1
-1
io_uring/io-wq.c
+1
-1
io_uring/io-wq.c
···
1164
1164
wqe = kzalloc_node(sizeof(struct io_wqe), GFP_KERNEL, alloc_node);
1165
1165
if (!wqe)
1166
1166
goto err;
1167
+
wq->wqes[node] = wqe;
1167
1168
if (!alloc_cpumask_var(&wqe->cpu_mask, GFP_KERNEL))
1168
1169
goto err;
1169
1170
cpumask_copy(wqe->cpu_mask, cpumask_of_node(node));
1170
-
wq->wqes[node] = wqe;
1171
1171
wqe->node = alloc_node;
1172
1172
wqe->acct[IO_WQ_ACCT_BOUND].max_workers = bounded;
1173
1173
wqe->acct[IO_WQ_ACCT_UNBOUND].max_workers =
+7
-17
io_uring/io_uring.c
+7
-17
io_uring/io_uring.c
···
1587
1587
res |= FFS_ISREG;
1588
1588
if (__io_file_supports_nowait(file, mode))
1589
1589
res |= FFS_NOWAIT;
1590
-
if (io_file_need_scm(file))
1591
-
res |= FFS_SCM;
1592
1590
return res;
1593
1591
}
1594
1592
···
1858
1860
/* mask in overlapping REQ_F and FFS bits */
1859
1861
req->flags |= (file_ptr << REQ_F_SUPPORT_NOWAIT_BIT);
1860
1862
io_req_set_rsrc_node(req, ctx, 0);
1861
-
WARN_ON_ONCE(file && !test_bit(fd, ctx->file_table.bitmap));
1862
1863
out:
1863
1864
io_ring_submit_unlock(ctx, issue_flags);
1864
1865
return file;
···
2560
2563
2561
2564
static void io_req_caches_free(struct io_ring_ctx *ctx)
2562
2565
{
2563
-
struct io_submit_state *state = &ctx->submit_state;
2564
2566
int nr = 0;
2565
2567
2566
2568
mutex_lock(&ctx->uring_lock);
2567
-
io_flush_cached_locked_reqs(ctx, state);
2569
+
io_flush_cached_locked_reqs(ctx, &ctx->submit_state);
2568
2570
2569
2571
while (!io_req_cache_empty(ctx)) {
2570
-
struct io_wq_work_node *node;
2571
-
struct io_kiocb *req;
2572
+
struct io_kiocb *req = io_alloc_req(ctx);
2572
2573
2573
-
node = wq_stack_extract(&state->free_list);
2574
-
req = container_of(node, struct io_kiocb, comp_list);
2575
2574
kmem_cache_free(req_cachep, req);
2576
2575
nr++;
2577
2576
}
···
2804
2811
io_poll_remove_all(ctx, NULL, true);
2805
2812
mutex_unlock(&ctx->uring_lock);
2806
2813
2807
-
/* failed during ring init, it couldn't have issued any requests */
2808
-
if (ctx->rings) {
2814
+
/*
2815
+
* If we failed setting up the ctx, we might not have any rings
2816
+
* and therefore did not submit any requests
2817
+
*/
2818
+
if (ctx->rings)
2809
2819
io_kill_timeouts(ctx, NULL, true);
2810
-
/* if we failed setting up the ctx, we might not have any rings */
2811
-
io_iopoll_try_reap_events(ctx);
2812
-
/* drop cached put refs after potentially doing completions */
2813
-
if (current->io_uring)
2814
-
io_uring_drop_tctx_refs(current);
2815
-
}
2816
2820
2817
2821
INIT_WORK(&ctx->exit_work, io_ring_exit_work);
2818
2822
/*
+3
io_uring/msg_ring.c
+3
io_uring/msg_ring.c
···
95
95
96
96
msg->src_fd = array_index_nospec(msg->src_fd, ctx->nr_user_files);
97
97
file_ptr = io_fixed_file_slot(&ctx->file_table, msg->src_fd)->file_ptr;
98
+
if (!file_ptr)
99
+
goto out_unlock;
100
+
98
101
src_file = (struct file *) (file_ptr & FFS_MASK);
99
102
get_file(src_file);
100
103
+2
-5
io_uring/rsrc.c
+2
-5
io_uring/rsrc.c
···
757
757
758
758
void __io_sqe_files_unregister(struct io_ring_ctx *ctx)
759
759
{
760
-
#if !defined(IO_URING_SCM_ALL)
761
760
int i;
762
761
763
762
for (i = 0; i < ctx->nr_user_files; i++) {
764
763
struct file *file = io_file_from_index(&ctx->file_table, i);
765
764
766
-
if (!file)
767
-
continue;
768
-
if (io_fixed_file_slot(&ctx->file_table, i)->file_ptr & FFS_SCM)
765
+
/* skip scm accounted files, they'll be freed by ->ring_sock */
766
+
if (!file || io_file_need_scm(file))
769
767
continue;
770
768
io_file_bitmap_clear(&ctx->file_table, i);
771
769
fput(file);
772
770
}
773
-
#endif
774
771
775
772
#if defined(CONFIG_UNIX)
776
773
if (ctx->ring_sock) {
-4
io_uring/rsrc.h
-4
io_uring/rsrc.h